How to set ACL to protect a router? Cisco packet tracer

Question

I have a very little knowledge about ACL. How can i set an ACL to the "UTAR-ROUTER"?

I know these are the steps but i do not know what ip should i put.

Create ACL100
--------------

a) Deny all PING requests from external network

access-list 100 deny ____?____ ____?_____ _____?_____


b) Allow any host on the Internet to access WBLE-SgLong

access-list 100 permit ___?___ any any eq 80


c) Allow host with the IP 192.168.55.1 and 192.168.55.3 to access FTP service on WBLE-SgLong using the smallest wildcard mask

access-list 100 permit tcp ___?____ ____?_____ host 192.168.19.89 eq ftp


d) Deny all other services not stated in the policy

Answer 1

please check the answers below.

a) Deny all PING requests from external network

access-list 100 deny icmp any any

b) Allow any host on the Internet to access WBLE-SgLong

access-list 100 permit tcp any any eq 80

c) Allow host with the IP 192.168.55.1 and 192.168.55.3 to access FTP service on WBLE-SgLong using the smallest wildcard mask

access-list 100 permit tcp 192.168.55.0 0.0.0.7 host 192.168.19.89 eq ftp

d) Deny all other services not stated in the policy

access-list 100 deny ip any any

You should note that every access-list has implicit deny ip any any at the end, so the last one is kind of redundant. You can however use it, if it's not at the end of the ACL or if you want for example to use logging and see how many packets are denied.

As for the ACLs, Cisco has very good documentation on that subject. You can checkout the most commonly used ACLs on https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html