Spamhaus‘ DROP (Don’t Route Or Peer) and EDROP lists are sets of IPs controlled by bad people. Basically IPs that are very likely going to cause trouble so might as well block them completely. Details.
The following script will load a pf table with these networks. It will get drop.txt and, if uncommented, edrop.txt, cut the comments, compare to the existing list, if different flush the table and add the new blocks, then kill all existing connections to bad IPs.