Since version 5.3 of the PIX Firewall OS, ACLs similar to the extended ACLs used on all Cisco IOS-based devices are used to control connections between inside and outside networks. Firewall access lists are created using the access-list command and applied to an interface with the access-group command.

These ACL commands replace the conduit and outbound commands used in earlier PIX Firewall versions. Remember, any access-list and access-group command statements take precedence over any conduit/outbound commands in the configuration.

Conduits are still supported in current OS versions for backward compatibility, but they’re discouraged because they offer less-specific control. A brief introduction to conduits is at the end of this section. More detailed information is available online.