Need help with 6224 switch and ip-based ACLs

This is all on an isolated LAN - I want a scenario where I allow all protocols - ip, tcp, udp, icmp, igmp to pass between one external host and a handful of hosts on the switch, blocking any other hosts on the switch from talking to the handeful of hosts and from the external host, and blocking the external host from talking to the "other hosts" on the switch.

I set up some rules as follows:

access-list test10 permit ip 192.168.1.5 0.0.0.0 172.16.1.10 0.0.0.0

access-list test10 permit udp 192.168.1.5 0.0.0.0 172.16.1.10 0.0.0.0

[snip - repeated for rest of protocols]

access-list test10 permit ip 172.16.1.10 0.0.0.0 192.168.1.5 0.0.0.0

access-list test10 permit udp 172.16.1.10 0.0.0.0 192.168.1.5 0.0.0.0

[snip - repeated for rest of protocols]

access-list test20 permit ip 192.168.1.6 0.0.0.0 172.16.1.10 0.0.0.0

access-list test20 permit udp 192.168.1.6 0.0.0.0 172.16.1.10 0.0.0.0

[snip - repeated for rest of protocols]

access-list test20 permit ip 172.16.1.10 0.0.0.0 192.168.1.6 0.0.0.0

access-list test20 permit udp 172.16.1.10 0.0.0.0 192.168.1.6 0.0.0.0

[snip - repeated for rest of protocols]

No other hosts (192.168.x.y), whether on the LAN or another switch feeding this one, should be able to reach 172.16.1.10 after the rules are in place, nor should 172.16.1.10 be able to reach any other hosts on the 192.168.x.y network other than those in the access-list.

Is that all that is needed, or do I need some kind of deny line, or  anything else?

Also, what flexibility do I have if I want to disable the rules for some reason, then re-enable them, without having to re-enter them?

Thanks much in advance.