For better security: always "block all" or "block in all" is enough?

[Greg Hennessy]

> What disadvantages does it have in term of security in comparison with
> "block all"? In other words, how bad it is to have all outgoing ports always
> opened and whether someone can use this to hack the sysem?
> 

It's the principle of 'least privilege'.  Explicitly allow what is permitted, deny everything else. 

It should also be 

	block log all

A default block policy without logging has a certain ass biting inevitability to it. 



Greg