I fixed it and figured it out. I got all my ports filtered or stealthed against port scans and I'm able to get DHCP from the ISP on the WAN port. The trick was to allow upd from the outside or Internet to the WAN port, then to block TCP and ICMP. DHCP used udp and so this way i can get an address from the ISP. When someone port scans my firewall it Blocks ICMP and TCP incoming thus stealthing or filtering all my ports. Also since the firewall is state-full I don't have to worry about TCP connections not coming through the firewall when they are iniated from within the inside of the firewall or inside network.
So the Chicom's (Chineese Communist) bastards that keep scanning me all the time can eat my Cisco Pix wall of death.