What's is the best-practice configuration for the router access-list/firewall "relationship"? Do you simply have the ACL pass everything and have the firewall handle it all? Or do you put some things ...