Hi, i had created acl list ( switch sg500):

Extended IP access list l1
permit ip any host 192.168.1.253 ace-priority 1
permit ip any host 192.168.1.11 ace-priority 5
deny ip any 192.168.1.0 0.0.0.255 ace-priority 6
permit ip any any ace-priority 7

I have enviromental like this:

H1(192.168.1.11/24) -->SW no name-->(gi1/1/20) SW SG500 <---- H2(192.168.1.253/24)
                                                                                                   <---- H3(192.168.1.10)

Problem:
I would like to block connection from H1 to network 192.168.1.0/24 without host H2 (it works) and allow connection H2-->H1 and H3-->H1

Question:
Why connection H2-->H1 works but H3-->H1 does not work?