Why should you use an access list to deny traffic from reaching your TCP services for example when you could just not install that particular Server to begin with?
It's a legit question.
I guess I'm just missing something.
When you deny ALL traffic...you input the 'any' statement into your ACL...implying to me that you're denying it from even your inside hosts as well.