If the default INPUT chain policy is set to drop is there any reason to explicitly add rules to drop packets within the firewall script? I am reading various firewall books and it is recommended that you set the default INPUT chain to drop. After this is done, they go on to construct a firewall to drop all sorts on packets on the INPUT chain. I am somewhat confused why these rules are needed when your default is to drop. Can you simply just add accept rules? Is the default drop policy a safety net and it is good practice to explicitly drop packets within your script? Thanks
