Re: Bugs love "features"
"drop all" looks to be and indeed is a default rule in most cases, when you understand what and how a firewall works you'll see that actually a firewall needs a rule to allow traffic as without a rule it has no clue what to do with incoming (from in or outside) traffic and send to null is the most obvious thing to do when you don't know what to do, maybe log and alert too but those are secondary actions.
incoming traffic --> what to do --> don't have an instruction --> drop #--> have an instruction --> follow that.
the most basic *firewall is a nat device, incoming traffic to the address that has nat on it must match an existing session (if its not a well known port already configured to forward inbound to something) no session match (source IP & Source Port & destination IP & Destination port) no match & it can't forward traffic as it doesn't have any detail of what to forward to.
Someone has to write "functionality" to overcome the intrinsic security of a basic DB/table/array not having detail of what to do with something it doesn't know about.
* Basic firewall as the nat table is/can be a subset of a firewall session table.