You want to filter noncontiguous ports efficiently.

To filter noncontiguous ports, use the following commands:

Router2#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#ip access-list extended OREILLY
Router2(config-ext-nacl)#permit tcp any host 172.25.100.100 eq 80 23 25 110 514 21
Router2(config-ext-nacl)#end
Router2#

Historically, Cisco’s IOS has only supported the filtering of contiguous port numbers that use the range keyword:

Router2#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#ip access-list extended PORTRANGE 
Router2(config-ext-nacl)#permit tcp any any range 20 25   
Router2(config-ext-nacl)#end
Router2#

In this example, we permit traffic by using TCP ports 20-25 to pass the ACL, which reduces the number of ACL entries and processing required. However, the ability to filter on contiguous port numbers was generally of little use because the required ports were rarely contiguous.

If you needed to filter based on noncontiguous ports, then you had no choice but to add an ACL line for each port. The following example demonstrates how you would normally filter six noncontiguous ports:

Router2#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#ip access-list extended OREILLY Router2(config-ext-nacl)# ...