Depends on your personal concept for firewalls.
Some prefer (like me) that one for the most part only require to add rules when adding traffic flow using drop all else as last rule.
In other words, everything is explicitly denied, unless specifically allowed.
Some prefer (had lobotomies) to assume everything is permitted and thus need to drop all traffic not required. In other words, everything is
explicitly allowed, unless specifically denied.
I believe the first method is more efficient, cleaner and easier to read. In practical terms, I have no idea what I am doing and thus it is easier and safer for me to
not to automatically allow all sorts of traffic I have no clue about and/or rely on me to know which things I should be dropping.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)