Hi! To clarify, the IP addresses assigned to your app are actually for ingress only. When you connect to one of them, you’re actually connecting to fly-proxy in the nearest Fly.io region, which then talks to your app. The choice of a shared or dedicated IPv4 address for ingress won’t affect the IP addresses that your app VMs use to connect out to other services.
When an app VM itself connects out over the Internet, the source IP address is one that’s assigned to the VM itself (and for IPv4, it’s behind NAT). Unfortunately, we currently don’t support setting a stable IP for this, which is what you’d need for your ACL. There are some suggestions for workarounds here.
Hope this helps!