I have always found this an interesting concept; whitelisting and blacklisting. From what i can gather;
whitelisting means one is given access to a specific entity and there is an implicit deny to all others trying to access it.
blacklisting means one is given explicit allow to the entity and a list of deny is given to those who are not given access to.
“Access control is whitelisting: if you know the password, or have the token or biometric, you get access. Antivirus is blacklisting: everything coming into your computer from the Internet is assumed to be safe unless it appears on a list of bad stuff.”
For a firewall, i would perceive that doing an access control list which implements whitelisting would be the way to secure your parameters as there is too many vectors to deny in a common web space.
Thanks to Schneier, i finally got the right idea. The best article for this: