Re: Firewall rulesets and defaults
More normally, the last rule is: any/any/any drop. If you need any any/any/any permit rule for testing, it has to be next-to-last in the list above the any/any/any drop. This is so that when you complete testing and have all of your required rules in place, you need only delete the any/any/any permit rule.
That being said, the best way to do this is to NOT use an any/any/any permit rule, but to open ports as the application requires them, but this is much more labour intensive.
Biting the hand that feeds IT
