When one or more named firewall rules (including the hidden rule used for default-action or default-log) are applied to an interface and a packet does not match any of the rules in a given direction, then the implicit actions occur. The implicit actions are a property of firewall rules having been applied to an interface, not a property of the rules as such. Similar implicit behavior occurs for interfaces mentioned in zone policies.

When rules are present in one direction, there is an implicit action of drop for that direction. If any of the rules are stateful, there is an implicit drop action in the opposite direction even if no rules are present in the opposite direction. Despite this condition, stateful rules always allow for reverse direction stateful traffic to flow.

The security firewall name <name> default-action <action> and security firewall name <name> default-log commands use an explicit rule and as such will prevent implicit actions from occurring in the direction that they are applied to.