Cisco IOS ACL calculator

Recent changes, 12-21-05

Known limitations and bugs: Please report bugs or erroneous output to
My desired rule is to:

Permit traffic
Deny traffic

Source and destination addresses may be specified in any combination of three syntaxes: a single IP address, a range of addresses in the format a.a.a.a-b.b.b.b or a.a.a.a-b, or a CIDR block in the format x.x.x.x/nn. You may supply a comma-separated list of any or all of these formats. Use the word "any" to specify all addresses. For example, all of the following are legal:,,, 

Ports refer to TCP or UDP port. The valid range is 0-65535; see below for a list of which port is used by various known services.

Ports may be specified as a singe port, a range of ports in the form xxxx-yyyy, or a comma separated list of any combination of those.

Any fields left blank are presumed to be "any".

Source address, address range, list, and/or "any":
Source port, range, list, and/or "any":

Destination address, address range, list, and/or "any":
Destination port, range, list, and/or "any":

All IP protocols

But I don't know what port number is used by the service I need!

That's okay - here's the list! (Note: this is an excerpt from the larger RFC1700.)