An ACL (access control list) is a network-layer defensive control that permits or denies packets by matching fields such as source and destination IP, port, and protocol, enforced at a router, firewall, or cloud security group. ACLs are stateless and evaluated in order, making them a cheap first line of filtering: a rule that drops a spoofed source range or an unused UDP port discards that traffic before stateful inspection or application logic ever sees it.
Why it matters in DDoS testing
ACLs are the blunt instrument that absorbs the easy fraction of an attack, blocking amplification source ports, unused protocols, and known-bad ranges at line rate. Their limits are reach (a volumetric flood can saturate the link before the ACL runs) and precision (broad rules risk dropping legitimate traffic). A test confirms which vectors the ACLs actually stop, drawing on the attack mechanics in Understanding DDoS Attack Vectors.