We implement all projects via Linux opensource distribution mainly based on Fedora, CentOS, Unbuntu, Debian, most of default firewall policy are turned "ON" which are forces into 2 layers, WAN and LAN respectively.
Any access from WAN side is prohibited except SSH, default user "root" is allow. You are high encouraged to enhance this firewall security base on your environment and needs. Good luck!!!