Use an access control entry (ACE) to define a pattern (found in a packet) and the desired behavior for packets that carry the pattern. You can configure up to 1000 ACEs in a single ACL.
As a best practice, create access control lists (ACL) with a default action of permit, and with an ACE mode of deny. For deny or permit ACLs or ACEs, the default action and the mode must be opposite for the ACE (filter) to have meaning.