Direct answer: The policy that ensures messages are discarded when they don’t match a specific firewall rule is the implicit deny policy. When no explicit rule matches a given packet or message, the firewall defaults to deny (discard) it.

Details

• What implicit deny means: It is the default-deny behavior that applies when there is no matching allow rule for a particular traffic flow. In practice, this results in the traffic being dropped or discarded by the firewall.

• How it interacts with typical firewall rule sets: Most firewalls are configured with a default implicit deny and a set of explicit allow/deny rules. If a packet matches an allow rule, it is permitted; if it matches a deny rule, it is dropped; if it matches none, it is dropped by the implicit deny.

• Related terminology: Some sources describe a “drop” action or a “discard” action as the outcome when a rule is not satisfied or when the default policy is to deny. The end result in both cases is that non-matching traffic is not allowed through.

If you’d like, I can tailor this to a specific firewall product (e.g., Cisco ASA, Palo Alto, Fortinet, Azure Firewall) and show the exact rule order and default behaviors for that platform.