Need to setup control plane blocks for two OUTSIDE interfaces.

Only have production ASA's running 9.1.x so can't "try it out".

Will the below work, or is there an easier method?

BLCKCOUNTRY is an object group (not shown) with 200 subnets to block.

10.11.11.0&11.11.11.0 are my fake outside IPs (to be changed to real ips)

!outside01 ctrl plane block access-list

access-list ctrl-plane-block01 line 1 remark control-plane bad actor block for outside01

access-list ctrl-plane-block01 line 2 extended deny ip object-group BLCKCOUNTRY 11.11.11.0 255.255.255.0

!outside01 access-group applied to outside01 interface

access-group ctrl-plane-block01 in interface outside01 control-plane

! outside01=11.11.11.0/24

! outside02 ctrl plane block access-list

access-list ctrl-plane-block02 line 1 remark control-plane bad actor block for outside02

access-list ctrl-plane-block02 line 2 extended deny ip object-group BLCKCOUNTRY 10.11.11.0 255.255.255.0

!outside02=10.11.11.0/24

! access-group applied to outside02 control-plane

access-group ctrl-plane-block02 in interface outside02 control-plane

Thanks