The shun command was designed to allow external IDS to stop attacks at the fw, so they never end in the configuration. You need to use access-list.
BTW, it would be much easier to maintain a list of forbidden addresses if you had a 6.2 or later version, as they allow you to create an object group with all the undesired IP addresses and block them all with only an entry on the ACL.
Regards.