ePMP1000 Layer3 Firewall Config

I am looking to setup the layer 3 firewall on a ePMP 1000 AP. This device has two subscriber radios registered to it, there are several cameras and two other network devices on the other side of the subscribers. I am looking for sample layer 3 firewall config’s that I can use to get a better idea of how this device functions. IE. Do I need a Deny any/any as the last line? If I do have a deny any/any do I need to be super granular as to how the communication talks back from the subscribers if the traffic is originated from the lan side?

Here is a same sample config Ip’s are fake BTW):
[l3FirewallTable ]
[1]

    l3FirewallEntryAction                     1
    l3FirewallEntryDSCP
    l3FirewallEntryDstIP                      172.1.1.0
    l3FirewallEntryDstMask                    255.255.255.0
    l3FirewallEntryInterface                  1
    l3FirewallEntryLog                        1
    l3FirewallEntryName                       Allow Comm to Network
    l3FirewallEntryPort
    l3FirewallEntryProtocol                   3
    l3FirewallEntrySrcIP                      192.168.0.0
    l3FirewallEntrySrcMask                    255.255.0.0
    l3FirewallEntrySrcPort
    l3FirewallEntryToS

[2]

    l3FirewallEntryAction                     1
    l3FirewallEntryDSCP
    l3FirewallEntryDstIP                      192.168.1.90
    l3FirewallEntryDstMask                    255.255.255.255
    l3FirewallEntryInterface                  1
    l3FirewallEntryLog                        1
    l3FirewallEntryName                       wlan Back
    l3FirewallEntryPort                       80
    l3FirewallEntryProtocol                   3
    l3FirewallEntrySrcIP                      172.1.1.62
    l3FirewallEntrySrcMask                    255.255.255.255
    l3FirewallEntrySrcPort
    l3FirewallEntryToS

[3]

    l3FirewallEntryAction                     1
    l3FirewallEntryDSCP
    l3FirewallEntryDstIP                      172.190.0.5
    l3FirewallEntryDstMask                    255.255.255.255
    l3FirewallEntryInterface                  1
    l3FirewallEntryLog                        1
    l3FirewallEntryName                       CP to VPN
    l3FirewallEntryPort
    l3FirewallEntryProtocol                   5
    l3FirewallEntrySrcIP                      172.1.1.5
    l3FirewallEntrySrcMask                    255.255.255.255
    l3FirewallEntrySrcPort
    l3FirewallEntryToS

[4]

    l3FirewallEntryAction                     0
    l3FirewallEntryDSCP
    l3FirewallEntryDstIP
    l3FirewallEntryDstMask
    l3FirewallEntryInterface                  1
    l3FirewallEntryLog                        1
    l3FirewallEntryName                       Deny Any Any
    l3FirewallEntryPort
    l3FirewallEntryProtocol                   5
    l3FirewallEntrySrcIP
    l3FirewallEntrySrcMask
    l3FirewallEntrySrcPort
    l3FirewallEntryToS