block rip updates using access list

[blackbird]

Dear all


i want to block RIP updates from propagating using access-list

i know that RIP updates sent on UDP port 520 and sent either broadcast (RiIP v1) or multicast (RIP v2)


i know that we can make it easily by using passive-interface, but the main question if i make access-list to allow only TCP connections, is this mean that the RIP updates will not passed as it uses UDP port 520?

i tried it in example but rip updates is propagated .


i don't know why

R0 Cionfiguration


interface Ethernet0/0
ip address 11.0.0.1 255.0.0.0
ip access-group 100 out
half-duplex
!
interface Ethernet0/3
ip address 10.0.0.1 255.0.0.0
half-duplex
!
router rip
network 10.0.0.0
network 11.0.0.0
!
access-list 100 permit tcp any any
access-list 100 deny udp any any
!

R1 Cionfiguration

interface Ethernet0/0
ip address 11.0.0.2 255.0.0.0
half-duplex
!
interface Ethernet0/1
ip address 12.0.0.1 255.0.0.0
half-duplex
!
router rip
network 11.0.0.0
network 12.0.0.0

R2 Cionfiguration


interface Ethernet0/1
ip address 12.0.0.2 255.0.0.0
half-duplex
!
interface Ethernet0/3
ip address 13.0.0.1 255.0.0.0
half-duplex
!
router rip
network 12.0.0.0
network 13.0.0.0
!


although i make Access-list in R0 to block all UDP , the rip updates propagated from R0 to R1 and R2.
R1 and R2 have Network 10.0.0.0 in their Routing table from RIP

plz need help

Thanks
BR