If layer 2 on inside of firewall, then just need acl's for IGMP and UDP. If layer 3 on inside of firewall, you will most likely want to do PIM to adjacent router, so would need PIM, IGMP, UDP (if only have receivers on inside layer 3, can do igmp-helper on inside router then wouldn't require pim). for PIM, if allowed, easiest to do host rule between inside router and outside router. IGMP, will be local lan and dst, of multicast groups, same for UDP.