What is the difference between a Router ACL and a PIX Firewall, I have searched through google, all links that I found were not rich of informations.
Ok, well.. lets talk firewalls v. routers. and then we can talk about the differences between their access lists.

A router is designed to do two things in a network, path determination and switching of packets. The router will do this within its network anywhere it knows to send the information and is trusting in nature, that is to say that unless you implicitly deny the flow of packets based on something like port number or source ip address then the router will always forward the data.

A PIX firewall, which is Cisco proprietary, stands for packet internetwork exchange and is indeed designed to be an edge device between autonomous networks. The PIX firewall acts using a trusted inside interface and an external untrusted interface (now this is simplified I know. but using just simply a two interfact pix as an example) The internal traffic will always be allowed out and traffic generated by the remote host that coincides with the leaving traffic will be allowed in by a technology known as dynamic access lists.

The access lists on a Firewall then perform a completely different function. They are designed to stop traffic on the inside from being trusted or to implicitly allow traffic on the outside that would normally be untrusted.

Think of a router like a traffic light it's going to let everything go through it if it knows how to unless you say otherwise. You can think of a firewall as a bouncer, you can not come in the club unless you have proper authorization or if you were already in the club they'll just let you in because of the stamp on your hand. If that analogy makes any sense.


So, to make sense of it all a Firewall is going to allow traffic to flow from trusted to untrusted interfaces only unless you use an access list as a rule to allow or deny information, but a router is going to trust all information unless you use the access list to filter information.

Something universally true about designing access lists though is that you really need to think about their implementation. They are applied rule by rule from the top down and if you don't really really really check your logic you're asking for a lot of networking problems on implementation. Always backup your config before making the change and if this didn't make any coherent sense I'll try to explain it more clearly.