how to deny access to all pages and allow only for certain on wiki

Question 1

See Manual:Preventing access on mediawiki.org, section "Restrict viewing of all pages".

Specifically, to allow everyone to read (but not edit) the Main Page and a page named Public stuff, and to allow only sysops to read and edit all pages, you'd add the following lines to your LocalSettings.php:

# prevent editing and reading by anons (except for exception listed below):
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;

# same for normal registered users:
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['user']['read'] = false;

# allow everyone read access to these pages:
$wgWhitelistRead = array( "Main Page", "Public stuff" );

# allow sysops to read and edit normally:
$wgGroupPermissions['sysop']['edit'] = true;
$wgGroupPermissions['sysop']['read'] = true;

Of course, you can replace sysop above with your own custom user group; I just used it in the example because it exists in a stock MediaWiki install.

(Some older example code suggests also including "Special:UserLogin" and possibly "Special:ChangePassword" and "Special:PasswordReset" in $wgWhitelistRead. In modern MediaWiki versions this should be unnecessary, although still harmless.)

Question 2

A quite close solution I've found is using simple security extension: So I'm creating a user group with no access:

$wgGroupPermissions['user']['read'] = false;

add this group to $wgRestrictionLevels = array();

and then restricting read access for some pages to this group.

Fairly enough but not exactly the solution I want to achieve.