HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 279

Before you begin configuring an ACL, you must determine if you want to
configure a standard ACL or an extended ACL.
To configure an ACL and apply it to an interface, complete the following steps:
1. Create the ACL. From the global configuration mode context, enter:
Syntax: ip access-list [standard |extended] <listname>
For example, to create an extended ACL, enter:
ProCurve(config)# ip access-list extended Inside
2. From the ACL configuration mode context, configure permit or deny
entries.
a. If you are configuring a standard ACL, enter:
Syntax: [permit | deny] [any | host {<A.B.C.D> | <hostname>} | <A.B.C.D>
<wildcard bits>]
For example, to permit any packet, enter:
ProCurve(config-std-nacl)# permit any
To permit or deny a specific host, use the host keyword. For example,
enter:
ProCurve(config-std-nacl)# deny host 192.168.115.90
b. If you are configuring an extended ACL, enter:
Syntax: permit | deny <protocol> <source address> <source port> <desti-
nation address> <destination port>
Replace <protocol> with one of the following:
– ahp
– esp
–
gre
– icmp
– ip
– tcp
– udp
To specify a source or destination address, use the following syntax:
Syntax: any | host <A.B.C.D> | hostname <hostname> | <A.B.C.D> <wildcard bits>
For example, if you want to permit all TCP traffic from any source to
any destination, enter:
ProCurve(config-ext-nacl)# permit tcp any any
Applying Access Control to Router Interfaces
Quick Start
5-59