I need to block an IP address. So far I've read that I can't enter it into my dstdomain acl because it's not a FQDN. Fine, but the "dst" ACL type expects an IP address AND subnet mask, which isn't used for web addresses. Anyone who can clarify this for me would be a hero, now that we seem to be getting more of those false URLs in carefully constructed emails lately.
Can you not specify a /32 subnetmask, such as:
1.2.3.4/255.255.255.255
DS