8
wireguard disallow a lot of geo subnets
(piefed.blahaj.zone)
Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.
I'm not sure how a firewall would help, you'd definately want to do this from the routing table.
IPv4 addresses are basically just 32bit numbers, any somewhat modern CPU can check through 1000 routes in nanoseconds.
Also 1000+ seems a bit excessive, you should be able to aggregate some of those subnets into a few bigger ones. There are calculators online for this, or you can script it.