Let say we have a router , it’s connected to internet via interface Fa0/1. For security reason, we don’t want internet use to ping our router. We need to disable icmp , this could be done through access list.
Router#conf t Router(config)#ip access-list extended acl-internet-in Router(config)#deny icmp any any echo Router(config)#permit ip any any Router(config)#end
Then we need to apply this access list to our internet interface : Fa/01
Router#conf t Router(config)#int fa0/1 Router(config)#ip access-list acl-internet-in in Router(config)#end