Thanks Bob!
So then following that logic, I should only need to add rules ALLOWING users to specific address ranges and whatnot, otherwise they are denied. Correct?
Also, what about services like telnet (like anyone uses it anymore anyway) or SSH, are they denied as well or will I need specific statements to do so?