My first thought would be whether or not you want to do anything with that traffic. ie: log that it's being denied, etc. Implicit deny rules are usually silent, for example, and counters may or may not be available.
On Thu, Mar 22, 2012 at 4:25 PM, Paul Graydon <[email protected]>wrote: > I was tasked with clearing up some ambiguities in our firewalls. Nothing > too major, just some irritating stuff for the most part (commenting all the > rules etc), but I got to wondering: > > Which is better practice, to have an explicit Deny / Deny at the end of an > access list, or leave it to the implicit one? >
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
