I have always found this an interesting concept; whitelisting and blacklisting. From what i can gather;

whitelisting means one is given access to a specific entity and there is an implicit deny to all others trying to access it.
blacklisting means one is given explicit allow to the entity and a list of deny is given to those who are not given access to.

Per Schneier,
“Access control is whitelisting: if you know the password, or have the token or biometric, you get access. Antivirus is blacklisting: everything coming into your computer from the Internet is assumed to be safe unless it appears on a list of bad stuff.”

For a firewall, i would perceive that doing an access control list which implements whitelisting would be the way to secure your parameters as there is too many vectors to deny in a common web space.

Thanks to Schneier, i finally got the right idea. The best article for this:
https://www.schneier.com/blog/archives/2011/01/whitelisting_vs.html