Rule Set 8: The cleanup rule. As a general practice in firewall rule construction, if a request
for a service is not explicitly allowed by policy, that request should be denied by a rule. The
rule shown in Table 6-15 implements this practice and blocks any requests that aren’t
explicitly allowed by other rules.
Additional rules restricting access to specific servers or devices can be added, but they must
be sequenced before the cleanup rule. Order is extremely important, as misplacement of a