HP procurve 8100fl series Management And Configuration Manual page 228

Access Control Lists (ACLs)
Layer 3 Access Control List (ACLs)
ProCurve(config)#access-list 101 deny ip 10.1.20.0/24 any
ProCurve(config)#access-list 101 permit ip any any
ProCurve(config)#access-list 101 deny any
15-8
To allow packets from a subnet other than 172.124.200.0 to pass through, a rule
must be explicitly defined to permit other packets to go through. To change
the previous example so that it accepts packets from other subnets, a new rule
must be added ahead of the implicit deny rule that permits packets to pass.
For example:
Notice that the second rule in this example forwards all IP packets that are
not denied by the first rule, and this occurs before the implicit deny rule can
be applied.
Because of the implicit deny rule, an ACL works similarly to a firewall that
denies all traffic. ACL rules are then created that essentially open "doors"
within the firewall that permit specific types of packets to pass.