I build some 90-rules firewall (ip firewall filter) based on wiki examples.
To debug my firewall issues (no pptp, etc) I would like to disable as much rules as I can, and once inbound connectivity is back, re-enable them one by one. The process can take few days.
The questions is - what are the minimal set of rules I MUST leave in place at any time to prevent bad guys from doing what they are usually do?