Hi,
see this example configuration:
access-list 101 permit ip 10.1.7.0 255.255.255.0 any
access-list 101 permit ip 10.1.8.16 255.255.255.240 any
access-group 101 in interface inside
All the traffic from the 10.1.7.0/24 network is allowed to enter the inside interface.
But, only the ip addresses of 10.1.8.16-10.1.8.32 are allowed to enter the inside interface as there is an implicit deny all at the end of access-lists.No other user will be allowed out.
You can also do outbound/inbound logging on the Pix
check this:
http://www.cisco.com/warp/public/110/pixsyslog.html