This command is used to create a list that matches packets on a given criteria. While access-lists are most commonly associated with security, there are numerous uses.
Router(config)#access-list <100-199 or 2000-2699> <permit or deny> <tcp or udp or ip> <source host address or network or any> <operator> <port> <destination host address or network or any> <operator><port>
Wildcard masks are how access-lists know what networks apply to the list. They are the inverse of the subnet mask.
For example, network 184.108.40.206 0.0.0.255 would match any ip address in the 220.127.116.11/24 network.
R1(config)#access-list 101 deny tcp host 10.1.1.254 host 10.2.2.254 eq www
R1(config)#access-list 102 deny tcp any any gt 1024