I'm wanting to block single ip addresses from accessing the WAN. The ip's will be identified as possible virus carriers (from remote sniffing of the network). This will give me some time to clean up the offending boxes. I plan on using an access list such as "access-list 101 deny ip 192.168.x.x"
Does this seem correct?