Log Denied  

---

 
By default, if any packet does not match any rule, then that packet is dropped.  If the firewall does not explicitly allow the service, then it is not allowed.  However, these packets are not logged by default.  You definitely want to log this traffic, much of your unauthorized traffic happens here.  To do that, we create a drop all and log rule, which gets placed at the end of the rulebase.  This is another of those rules that all firewalls should have, if not already by default.