Your organization runs Compute Engine instances that are publicly accessible via the internet. Each instance has one network interface and a single public IP address . As part of a security policy update, you need to block incoming connection attempts from internet clients whose IP addresses belong to a specific BGP ASN , identified as BGP_ASN_TOBLOCK . How should you configure this policy?