Access control list (ACL) is proposed to solve or improve the network security problem. It is widely deployed in network devices such as routers, switches and firewall appliances, to filter the packets. However, the performance of the network device will be degraded when access control lists are applied in data forwarding interfaces of the device. The optimization of the ACL can greatly improve the performance of the devices in packets forwarding. The paper studies the optimization problem of ACL, outlines the overlapping or containing relationships between single clause and multiple clauses or among multiple clauses, proposes a formula representation of the problem based on the studies, and draws three important conclusions. Based on these conclusions, an approximate optimization algorithm is designed and implemented. Simulation experiments show better performance than the similar commercial products, implying that the research not only provides theoretical references, but also has important practical application.