hey,
I'm really new into cisco and I've got a little question.

I'm trying to deny all inbounds and permit only few specific IPs.
for ex. 212.13.19.21 , 212.13.22.97 , 78.88.14.69
and also range of IPs 192.168.1.10-55.
what's a good way for doing it?
do I have to access-list these IPs and then have a deny command?

can you please write me the commands, I must have done something wrong.

thanks alot,

strife

Generally the rule of thumb is to deny what you want to deny first then place your permit statements afterward. I like named access-lists myself because if you want to make a change to it you don't have to remove the whole access-list to remove one line.

for example:

ip access-list extended "NAME" (you can make any name you want...without the quotation marks).

Say I want to deny a specific address to your WAN IP. The following statement would deny only 10.10.10.10 to 2.2.2.2.

deny ip 10.10.10.10 0.0.0.0 2.2.2.2 0.0.0.0

permit ip/tcp/udp (whatever protocol you specify, ip allows anything udp or tcp) source address or subnet destination address or subnet "eq port number" (eq specifies a port which is in the udp or tcp range)