Packet filtering enables an ASA to either permit or deny traffic based on a packet's source, and/or destination IP address, and/or source, and destination Port number. The ASA can achieve this by using an Access Control List (ACL).

For example, let say you want to restrict users from the 192.168.1.0/24 network from visiting the Cisco website. We know a web server typically uses port 80 (this would be our destination port) and the IP address for https://www.cisco.com/ is 23.37.75.188 (our destination IP address). Therefore, we would create an ACL to achieve this function on the ASA. Assuming our internal network is 192.168.1.0/24, our ACL would typically be access-list 100 deny tcp 192.168.1.0 0.0.0.255 23.37.75.188 255.255.255.255 eq 80. Don't worry, we'll discuss ACLs in the later chapters.