Hi Bro
In R1, just do this if you're plannin to block the source from the LAN in R1 to 10.10.10.2, and all should be good.
!
access-list 100 deny tcp any host 10.10.10.2 eq 80
access-list 100 permit ip any any
!
interface FastEthernet 0/0
description ### WAN Link ###
ip address 10.10.10.1 255.255.255.252
!
interface FastEthernet 0/1
description ### LAN Link ###
ip access-group 100 in
!
However, if you're trying to block R1 (from R1 itself) in reaching R2 10.10.10.2 via TCP/80, then you'll need to use the MPF method shown below;
!
class-map CM_HTTP
match access-group 100
!
policy-map PM_HTTP
class CM_HTTP
drop
!
control-plane
service-policy output PM_HTTP
!
P/S: If you think this comment is useful, please do rate them nicely :-)
Warm regards,
Ramraj Sivagnanam Sivajanam