yes, this is correct.
Also, I think it is important to understand that the “drop hostile” feature is about a network’s reputation, not the country it is allocated to. For example, many networks falling under this definition are located in the US, the Netherlands, and other countries one cannot block completely (at least not for outgoing traffic), because that would generate way too many false positives.
In my opinion, blocking traffic because of the believed (this is not an accurate science) location of an IP address lures people into thinking countries have a sort of reputation score assigned to. Today, depending on your believes, the “baddest” country might be Russia, China, or the US.
None of that is true - in all countries are networks with an excellent reputation as well as networks with a very poor reputation. Therefore, the “drop hostile” feature is more accurate in filtering out the latter than any location-based firewalling is.
No offense intended, but I believe this is categorically wrong.
You do care about outgoing traffic, because it is much more security-sensitive than incoming one. Every software is nowadays prepared to handle bad incoming packets, but little effort is made to spot malicious outgoing connections - for example, to C&C servers, or malware distribution sites, or phishing servers.
Having a good IPS policy can help you to detect known patterns of badness in outgoing connections, but there are some networks being so dangerous that you do not want to process any connection from or to them, no matter what. These are covered by “drop hostile”.
Therefore, I believe enabling that feature makes sense for virtually all IPFire users - which is why that is default on new installations.
Hope to have helped.
Thanks, and best regards,