Firewall Default Rules and Considerations

Most firewalls have some default rules setup that determine how internet traffic can flow through them. These rules are designed to be basic and quick to setup without causing any issues for your network but there can be issues using these default rules long term.

With the default rule blocking all inbound traffic from the internet this ensures that all of the devices, servers, or services running on your network cannot be accessed by anyone on the internet. For most people this is the configuration that they should be running to keep everything on their network safe. For example in a home network, your router’s duty on top of all of the other things it does is to be the firewall for your network. It will not allow any inbound connections from the internet by default and for 95% of people this is just fine.

This configuration is considered somewhat safe by default because when a computer on your network wants to talk to the internet, it initiates that conversation first and because by default anything from inside your network is allowed out to the internet, that open connection created by your computer allows information from the internet to come back to that computer through the firewall.


For enterprise networks however, you may have services or servers that need to be exposed to the internet to run your business or for people or vendors to connect to. On your home network maybe you want to host your own web server or a game server for your friends so this configuration won’t work. You will need to poke a hole in your network and create a firewall rule that allows inbound connections to that server. Whenever you make a firewall rule to allow inbound connections you have to be careful to ensure that the device you are opening up to the internet has all of the security recommendations configured and software updates installed. This device can now be connected to by anyone out on the internet and people will try and hack into it if they can. Make sure to take some more time to learn about the risks of opening up rules on your firewall to allow inbound connections.

Another consideration is the default rule that allows any outbound connections from inside your network to pass through the firewall and out to the internet without any considerations. This rule, while the most universal, can have security concerns depending on the type of network you are hosting or the devices that are on that network. A very common way that attackers get around firewalls is by using what is called a reverse proxy. This is a technique where the attacker will trick a user into installing the reverse proxy on their computer that is in the network and behind the firewall. Since the default rule for most firewalls is to allow any connections out to the internet from devices within the network, that reverse proxy does just that. It will initiate a connection out to the internet to a server the attacker controls. This isn’t caught by the firewall because it is a connection that was initiated by something on the inside network. This is a very common tactic for attackers to get access to a network and get around a traditional firewall setup.

A way to get around this is to configure firewall rules for the traffic that is allowed out of your network. This can be very tricky though as you will have to consider all traffic that needs to come out of your network and ensure that there is a firewall rule to allow it. For web browsing that is easy as you can allow port 80/443, but for other applications it may not be obvious what ports they are using to connect to the network. This is also not a fool proof way to ensure that attackers don’t get access into your network as they can utilize any of the allowed ports you have configured for outbound traffic to still utilize a reverse proxy.