I used for this task a different approach than the SG. I filtered the traffic with an extended ACL:
ip access-list extended DROP_TTL_LESS_13
deny ip any 224.0.0.0 15.255.255.255 ttl lt 13
permit ip any any
and then applied it outbound on the interface:
interface FastEthernet0/0
ip access-group DROP_TTL_LESS_13 out
Do you guys think this could be a valid solution?
Thanks.