The example rule in the manual states this:
The following ACL permits ICMP echo-reply messages into the inside interface. You must allow all other traffic with the last rule. This ACL permits hots on the inside to ping hosts on other remote networks. The following example is the summary view of this rule.
Diagram
1 x any any inside echo-reply alters 300
2 x any any inside ip alerts 300
2 questions...
1 Does it matter if the first rule lets the rest of the traffice in and the second rule only lets in icmp ?
2 does the "rest of the traffic" ahve to ebe everything else ?
It seems this restricts traffic to the dmz coming in. What I am getting at is is it just a good to allow all in and then restrict on the outgoing side?