HP 7102dl - ProCurve Secure Router Configuration Manual page 245

To specify a source or destination address, you use the following syntax:
[any | host <A.B.C.D> | hostname <hostname> | <A.B.C.D> <wildcard bits>]
Table 5-4 lists the options you have for specifying both the source address and
the destination address.
Table 5-4. Options for Specifying Source and Destination Addresses
Option
any
host <A.B.C.D>
hostname <hostname>
<A.B.C.D> <wildcard bits>
For example, if you want to permit all TCP traffic from any source to any
destination, you enter:
ProCurve(config-ext-nacl)# permit tcp any any
To deny all ICMP traffic from a specific host, such as host 192.168.1.1, to any
destination, you enter:
ProCurve(config-ext-nacl)# deny icmp host 192.168.1.1 any
To deny ICMP traffic from a range of IP addresses to a specific destination,
enter:
Syntax: deny icmp <A.B.C.D> <wildcard bits> host <A.B.C.D>
Replace the first <A.B.C.D> with the IP address that represents the range of
IP address that, in this case, you want to block. For example, you may want
to block IP addresses from 192.168.1.0 /24. Then replace <wildcard bits>
with a reverse logic mask so that the router will check the appropriate part of
the IP address.
For example, if you want to block the entire 192.168.1.0 /24 network, you might
enter the wildcard bit 0.0.0.255. (For more information about wildcard bits,
see Figure 5-3 on page 5-11.)
Applying Access Control to Router Interfaces
Using ACLs Alone to Configure Access Control
Meaning
matches all hosts
specifies a single IP address or a single host
specifies a single host, using its hostname rather than its
IP address
specifies a range of IP addresses
5-13