Access lists for modems

Hmm, there is at least three ways to complete your task
1. Using Access-Lists on your CMTS. (see CMTS Docs)
2. Using Filter Groups on your CMTS. It something like ACL but more flexible and less popular. (see CMTS Docs)
3. (Those what you ask). You can use IP&LLC filters. For example I`ve created simple IP filter for blocking any traffic from client ports 135-139 (netbios traffic)

11 (SNMP IP FILTER) = 1.3.6.1.2.1.69.1.6.4.1.2.1 %integer = 4 //Status;4=Create and Go
11 (SNMP IP FILTER) = 1.3.6.1.2.1.69.1.6.4.1.3.1 %integer = 1 //Filter Index=1
11 (SNMP IP FILTER) = 1.3.6.1.2.1.69.1.6.4.1.5.1 %integer = 3 //Direction;3=both
11 (SNMP IP FILTER) = 1.3.6.1.2.1.69.1.6.4.1.6.1 %integer = 2 //is broadcast;2=false
11 (SNMP IP FILTER) = 1.3.6.1.2.1.69.1.6.4.1.7.1 %ipaddr = 192.168.50.0 //source address
11 (SNMP IP FILTER) = 1.3.6.1.2.1.69.1.6.4.1.8.1 %ipaddr = 255.255.255.0 //source mask
11 (SNMP IP FILTER) = 1.3.6.1.2.1.69.1.6.4.1.11.1 %integer = 256 //protocol type; 256=any
11 (SNMP IP FILTER) = 1.3.6.1.2.1.69.1.6.4.1.12.1 %integer = 135 //source port low
11 (SNMP IP FILTER) = 1.3.6.1.2.1.69.1.6.4.1.13.1 %integer = 139 // source port high

Quote:
I created filter groups but I can't find option to add in modem configuration to tell modem wich filter group to use.

37 (Sub Mgmt Filter Groups) = 00 00 00 00 00 00 00 00

quotation from docsis specefication:
bytes 1,2: docsSubMgtSubFilterDownstream group
bytes 3,4: docsSubMgtSubFilterUpstream group
bytes 5,6: docsSubMgtCmFilterDownstream group
bytes 7,8: docsSubMgtCmFilterUpstream group

The Subscriber Management MIB allows filter groups to be assigned to a CM and CPE attached to that CM. These include two CM filter groups, upstream and downstream, and two CPE filter groups, upstream and downstream. These four filter groups are encoded in the configuration file in a single TLV as follows: