Hey all.
I'm moving from an ACL to Zone-based firewall and I'm reassessing my firewall rules. My rules are pretty basic, similar to the SOHO example config, but I'd like to understand why the firewall rules don't explicitly accept NEW states.
An example is the typical "accept est/rel & drop invalid" firewall rule. How come this doesn't need to accept NEW as well? If a user opens their browser and goes to http://ubnt.com, isn't that considered new HTTP/port 80 traffic because it's not already established or related to existing traffic?
When is it necessary to explicitly accept NEW?
I appreciate your explanations, cheers!