So specifically they look like this (china example):
58.14.0.0/15
58.16.0.0/16
58.17.0.0/17
58.17.128.0/17
58.18.0.0/16
58.19.0.0/16
<...snipping about 1200 entries...>
222.249.160.0/20
222.249.176.0/20
222.249.192.0/18
Now image that I have a couple dozen lists of addresses like above for various other countries. But say out of that first block of 58.14.0.0/15 I need to specifically allow 1 or 2 addresses in. I don't need to send back RST or anything, just black-holing the connection if fine. BUT I can't configure a route that will affect everything. Since we host like 20 games, those same address blocks shouldn't be blocked for access to other ports.