That will block it for clients within the LAN wanting to get to the WAN (Internet), what about from the WAN (Internet) into your LAN ? Ie: a floating rule to block a wildcard for anything ending in *.abc.com
hopefully that makes sense.
hopefully that makes sense.