Standard and extended ACLs can be used to permit or deny traffic based on source addresses, protocols, TCP/UDP ports and flags. Standard ACLs filter based on source IP addresses while extended ACLs can also filter based on destination addresses, protocols, TCP/UDP ports and flags. ACLs are identified by numbers and are applied to interfaces to restrict ingress or egress traffic.