As I discuss the Access Control List (ACLs) in my previous articles that it is a technique used for monitoring outgoing traffic as well as incoming traffic and allowing them to pass or deny based on the source IP address, destination IP addresses, service protocols and ports. The rules give control for packets that enter the router, packets that relay through the router and packet that exit from the router interface. ACLs do not act on the packets originating from the router itself. We can configure and apply ACL operation to inbound and or outbound direction:-
In this type of Access Control Lists (ACLs) analyze incoming packets before routing to the outbound interface. An inbound Access Control Lists (ACL) is efficient because it reduce the load of routing lookups. If packet not matched to the criteria; It is discarded before routing table lookup. If ACL permit the packet for outbound then router processed it for routing. Inbound ACLs are specially perfect to filter packets when only single inbound interface is the source of the packets.
In this type of ACLs the router receives incoming packets and route the packets to outbound interface. After route lookup, they are processed through the outbound ACL to exit interface. It is best when packets coming; from multiple inbound interfaces and the same filter required all incoming traffic before exiting the same outbound interface.
The end statement for both inbound and outbound ACLs; are always an implicit deny which automatically inserted at the end of each ACL. The implicit deny blocks all type of traffic because of implicit deny. The figure below illustrates inbound and outbound access control list (ACLs).