So, here's the idea. I want to be able to block at the firewall level a bunch of subnets. Initially, it's facebook's, but I was planning to increase it to ones know to belong to countries from whom there's no reasonable justification for contact.
But, Facebook alone has a *Lot* of IP blocks, and many of them are /20s or similar.
This means pfsense just explodes if you try to add them to an alias, and even if I had the patience to add each subnet to its own alias, many of those networks are loo large for the 5000 IP per alias limitation and the grand total will result in a massive table, too massive.
Is there a way to overcome this, either with a means to block by AS or CIDR notation rather than huge lists or IPs? Or, can anyone recommend an alternative firewall I could put in front of pfsense to deal with just this requirement?