IMHO: It is better to have a firewall and block (policy -- drop) INPUT and FORWARD by default.And open only ports that must be opened.This will help if you install some software that listens for 0.0.0.0 by accident