Are you aware of the Spamhaus DROP list? According to the ladies and gentlemen of Spamhaus:
DROP (Don’t Route Or Peer) is an advisory “drop all traffic” list, consisting of stolen ‘zombie’ netblocks and netblocks controlled entirely by professional spammers. DROP is a tiny sub-set of the SBL designed for use by firewalls and routing equipment.
So DROP is simply a short-ish list of CIDR numbers and Spamhaus SBL references, and that we can definitely use in our FreeBSD ipfw rules. There’s a couple of perl scripts in the DROP FAQ, but none of them is suitable for generating ipfw rules, so I went ahead and made my own script. Yup, a good old-fashioned shell script. I don’t speak perl (not very well, anyway), and a shell script can be made equally no-nonsense and portable in my opinion. I operate several internet-facing FreeBSD servers, and they all use this script to generate ipfw rules.