Actually, with the default action at DROP, you don’t need (unless specific configs) the last rule, the DROP, which is useful only for logging, and yes , the rules, as the ACLs, are processed as ‘top-down’, you have to explicitly allow what you need, and the default action (an implicit deny any) will deny all other packets.
If you simply move the 7 to 1, the 6 will become the 7, and the 8 will be still the 8.