Hello Siu Kai L,
Both inbound and outbound get the job done, they filter packets. It depends on the scenario which one you might want to use. For example, let’s say you have a router with 4 interfaces:
* 1x WAN interface that connects to the Internet
* 3x LAN interface
Let’s say you want to restrict internet traffic from your LAN to the Internet. You could attach the same access-list INBOUND on all three LAN interfaces, or you can attach the access-list OUTBOUND on your WAN interface. Both get the job done, the only difference is you have to apply it once instead of on three interfaces.
You can also look at this from the other way around. Let’s say you want to restrict traffic from the Internet to your LAN. You could create an access-list and attach it INBOUND on your WAN interface, or you attach it OUTBOUND on all three LAN interfaces.
Both will get the job done, but adding it to the WAN interface INBOUND is probably easier since you only have to attach it once. Also, it prevents the traffic from going anywhere else since you filter it right away on where it enters the router.
Hope this helps!