I am new to firewall and have some questions on access list.
1) i want to block icmp but allow www, dns pass through the pix, can i implement the access list in the order as following?
access-list in_acl deny icmp any any
access-list in_acl permit tcp any host 220.127.116.11 eq www
access-list in_acl permit tcp any host 18.104.22.168 eq dns
access-list in_acl permit ip any host 22.214.171.124
2) line 3 of above example indicates the protocol is tcp for dns service, should i change it to udp? when shall i use tcp and udp?
3) if the host 126.96.36.199 is a proxy server, should i use protocol tcp instead of ip? and why?
thanks in advance