i would like to block outbound interfaces, nope they are on the same vlan.

to give you some background i have a client who is using an old Netgear router and wants to change over to an 1801 adsl router, they have a rule to block SMTP on the outbound services from 10.1.1.20 - 10.1.1.252

so you want clients from 10.1.1.20 - 10.1.1.252 should not access the smtp server right?
If the above is correct then you can define the acl like below and apply to the specific vlan interface.
below are the examples only.

ip access exte smtp-block
deny tcp 10.1.1.0 0.0.0.255 host smtp-server-ip eq smtp

int vlan10
ip address 10.1.1.1
ip access-group smtp-block in

Please rate all the helpfull posts.
Regards,
Naidu.

Please rate all the helpfull posts.
Regards,
Naidu.

thanks for that but i need to allow clients from 10.1.1.1 - 10.1.1.19 to access smtp

Then you need some more rules

ip access exte smtp-block

permit tcp 10.1.1.0 0.0.0.15 host smtp-server-ip eq smtp

permit tcp host 10.1.1.16 host smtp-server-ip eq smtp

permit tcp host 10.1.1.17 host smtp-server-ip eq smtp

permit tcp host 10.1.1.18 host smtp-server-ip eq smtp

permit tcp host 10.1.1.19 host smtp-server-ip eq smtp

deny tcp 10.1.1.0 0.0.0.255 host smtp-server-ip eq smtp

permit ip any any

The above suggestion is ok but you need to allow 10.1.1.15 also because the 10.1.1.15 will not covered under /28 subnet, so below is the one you can follow.

ip access exte smtp-block
permit tcp 10.1.1.0 0.0.0.15 host smtp-server-ip eq smtp
permit tcp host 10.1.1.15 host smtp-server-ip eq smtp
permit tcp host 10.1.1.16 host smtp-server-ip eq smtp
permit tcp host 10.1.1.17 host smtp-server-ip eq smtp
permit tcp host 10.1.1.18 host smtp-server-ip eq smtp
permit tcp host 10.1.1.19 host smtp-server-ip eq smtp
deny tcp 10.1.1.0 0.0.0.255 host smtp-server-ip eq smtp
permit ip any any

Please rate all the helpfull posts.
Regards,
Naidu.