HP 7102dl - ProCurve Secure Router Configuration Manual page 246

Applying Access Control to Router Interfaces
Using ACLs Alone to Configure Access Control
5-14
Replace the second <A.B.C.D> with the IP address for the destination device.
For example, if you want to block all traffic from the 192.168.1.0 /24 network
to the server with the IP address 10.15.1.1, you would replace <A.B.C.D> with
10.15.1.1.
Specifying a Source or Destination Port for TCP and UDP. If you are
configuring ACL entries to select TCP or UDP traffic, you can also specify
source and destination ports—although this is optional. For example, you
could specify the well-known port 80 for HTTP traffic if you wanted to permit
only this type of traffic on this port.
There is a drawback to using a port number, however. The Secure Router OS
will match the type of traffic only on that port. If a device transmits the traffic
you are targeting on another port, the Secure Router OS will not match that
traffic to your ACL.
To view the options available for specifying ports, enter one of the following:
ProCurve(config-ext-nacl)# permit tcp any ?
ProCurve(config-ext-nacl)# deny tcp any ?
ProCurve(config-ext-nacl)# permit udp any ?
ProCurve(config-ext-nacl)# deny udp any ?
In practice, you would use the any keyword only if you want to match all
traffic from a particular port. You can also view options for selecting the port
by entering the ? help command after specifying a particular source or
destination. For example:
ProCurve(config-ext-nacl)# permit tcp 192.168.1.0 0.0.0.255 ?
ProCurve(config-ext-nacl)# deny udp any host 192.168.10.1 ?
Table 5-5 shows the options you have for specifying ports.