Does “all packets that fall through to the default rule should be dropped” mean that my iptables rule should drop everything at the start, like this?
# Set the default policy to drop
$IPT --policy INPUT DROP
$IPT --policy OUTPUT DROP
$IPT --policy FORWARD DROP
Or does it mean something else?
It means that if you don't have a rule in your configuration that specifically allows a packet through then it should be dropped. Basically "Deny everything unless I specifically allow it".
I'm not an IPTables wiz, though, but basically you configure IP Tables to allow only what you want through and drop the rest.
Yes, that's exactly what it means (and doesn't mean anything else).
Obviously it's a policy, and you can set your own depending on your needs and who your expected targets are. A DROP policy will show up as "filtered" when you scan the port with nmap, whereas a REJECT policy will show "closed"---this is because REJECT sends an ICMP unreachable message back, letting the person connecting know that there is no service listening on that port ("Connection Refused" is the typical user message).
