@P3R Yes, and for that little security increase I bet your firewall takes a big performance hit. I noticed that the USA list is massive and to have to check everything against that would take some processing power. Not to mention having to unblock things all the time. I actually tried it then reverted back to my current settings just based on how long the update took, haha.
I was a little confused as it says right on the configuration pages "It's also not recommended to block the 'world', instead consider rules to 'Permit' traffic from selected Countries only". I read that as "deny all/all by default then allow what you need".
Right now I have it set to reject outbound to a few of the top spammer countries and I am looking into the reputation settings. I also DNS blacklist using Pi-hole as I like DNS/DHCP on a seperate box, but I do see that you could just add those lists to DNSBL if you didnt want to do it that way.