Router(config)#access-list 110 permit tcp 172.16.0.0 0.0.0.255 192.168.100.0 0.0.0.255 eq 80
Read this line to say: HTTP packets with a source IP address of 172.16.0.x will be permitted to travel to destination address of 192.168.100.x
access-list
ACL command
110
Number is between 100 and 199, designating this as an extended IP ACL
permit
Packets that match this statement will be allowed to continue
tcp
Protocol must be TCP
172.16.0.0
Source IP address to be compared to
0.0.0.255
Wildcard mask
192.168.100.0
Destination IP address to be compared to
eq
Operand, means "equal to"
80
Port 80, indicating HTTP traffic
Router(config)#access-list 110 deny tcp any 192.168.100.7 0.0.0.0 eq 23
Read this line to say: Telnet packets with any source IP address will be dropped if they are addressed to specific host 192.168.100.7
deny
Packets that match this statement will be dropped and discarded
Protocol must be TCP protocol
any
Any source IP address
192.168.100.7
0.0.0.0
Wildcard mask; address must match exactly
23
Port 23, indicating Telnet traffic