I use pfblocker for alias management.. While I do have some other just native aliases. I use pfblocker functionality to manage more complex lists.
Example - here is my scan deny alias, which contains some asn's and lists from different locations that scan for open ports like shodan, etc..
[image: 1759247068669-scandeny.jpg]
And use another list for stuff that need to allow, that might be blocked by list like scan deny - this list contains country based IP lists, and other lists provided by services like plex and monitoring to know if service is up, etc. Which I use to alert me if something goes down.
[image: 1759246930777-allow.jpg]
I don't really use any of the other features of pfblocker - but I do love its easy management of just native aliases.
You can also easy add just 1 off networks/ips etc.. to your alias you create in the bottom custom section
[image: 1759247195644-custom.jpg]
When bored or whatever I take a look at my firewall log - and notice something scanning but not in my scan deny list, I will look up the details and normally block the whole netblock, etc.