The invention relates to a firewall technique, and particularly discloses a method for service matching of messages by means of an
access control list (ACL). The method includes that a firewall classifies all IP addresses of the messages, the IP addresses of N types are obtained, the ACL is respectively distributed for the IP addresses of N types, N ACLs are obtained, and the N ACLs respectively
record service types which need to be executed by the messages corresponding to the
IP address of each type. When receiving the messages, the firewall finds the corresponding ACL in the N ACLs for matching according to the IP addresses of the messages, and therefore the service types which need to be executed by the messages are obtained. The firewall sends the messages to a corresponding service
processing module for
processing according to the service types which need to be executed by the messages. By means of the technical scheme, when the firewall processes the messages, the ACL needs to be matched only once, and therefore people can know what services the messages need to carry out. By means of the method, the
speed of processing the messages is greatly increased.