I have the following ACL
access-list 100 permit tcp host 192.168.0.252 any eq www
access-list 100 permit tcp host 192.168.0.252 any eq 443
access-list 100 permit udp host 192.168.0.252 any eq 443
access-list 100 permit udp host 172.16.16.5 host 67.69.184.163 eq domain
access-list 100 permit tcp host 172.16.16.5 any eq www
access-list 100 permit tcp host 172.16.16.5 host 209.226.175.83 eq pop3
access-list 100 permit tcp host 172.16.16.5 host 209.226.175.63 eq smtp
access-list 100 permit tcp host 172.16.16.5 any eq 443
access-list 100 permit udp host 172.16.16.5 any eq 443
access-list 100 permit tcp host 172.16.16.2 host 172.16.16.1 eq telnet
access-list 100 permit tcp host 172.16.16.2 host 1.1.1.1 eq telnet
access-list 100 permit tcp host 172.16.16.5 eq 3389 host 10.10.10.2
access-list 100 permit tcp host 172.16.16.2 host 10.10.10.2 eq 65534
access-list 100 deny tcp any any log
access-list 100 deny udp any any log
access-list 100 deny ip any any log
I apply it to the inbound direction of an interface. Only broadcast traffic dropped by the ACL appears on the syslog server - no unicast.
for example,
telnet 1.2.3.4 1232
Does not show that the connection is being dropped, although it is, and is not forwarded out any interfaces.