You want to block packets to or from certain IP addresses.

You can use standard access-lists to block packets from specified IP source addresses:

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#access-list 50 deny host 10.2.2.2
Router1(config)#access-list 50 permit any
Router1(config)#interface Serial0/1
Router1(config-if)#ip access-group 50 in 
Router1(config-if)#exit
Router1(config)#end
Router1#

You can filter packets based on both the source and destination addresses with an extended access-list:

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#access-list 150 deny ip host 10.2.2.2host 172.25.25.1
Router1(config)#access-list 150 permit ip any any
Router1(config)#interface Serial0/1
Router1(config-if)#ip access-group 150 in 
Router1(config-if)#exit
Router1(config)#end
Router1#

The most obvious use for access-lists is traffic filtering. The two examples in this recipe both show how to use access control lists for filtering inbound packets. The first example uses the following access-list:

Router1(config)#access-list 50 deny host 10.2.2.2
Router1(config)#access-list 50 permit any

This is a numbered ACL with a value between 1 and 99, making it a standard access-list. Using a standard access like this allows you to filter only based on the source IP address. In the example, we have chosen to deny a single host ...