The recommended default rule for IACS (Industrial Automation and Control Systems) firewalls is to block all traffic by default. This is a fundamental security practice because it minimizes the potential attack surface and ensures that only explicitly allowed traffic can pass through the firewall. Hence, all traffic should be blocked by default and specific exceptions should be created for necessary communications.