[JeremyWJ]

Although I'm not fully sure what firewall that actually controls...

default drop means if its not specifically allowed by any rules, it is dropped.

Default allow means if its not specifically denied by any rules, it is allowed.

Most of them work this way:

Your firewall will have a list of rules, it keeps going down the list until it finds one that applies to the current situation then applies it and stops.

So like...

Deny Port 80 FROM 34.12.74.23
Allow Port 80 from any address
Allow port 22 from 123.123.123.123
Drop All

In the above example if you were trying to use FTP (port 21) it would not match the first three so it would hit "drop all" and be thrown away. However if you were trying to access port 80 from any address besides 34.12.74.23 then it would be allowed by the second rule and it would never hit the "drop all" at the bottom. If the last one was changed to Allow All, then the only thing that would ever be denied is 34.12.74.23 trying to access port 80.

Basically Deny All is better in most cases. With it you only have to define what is really allowed. However, if you only want to block off a few things, then Allow All would save you some time.