How to configure MacOS firewall to block outgoing IP ranges?

Recently I was watching a Gizmodo journalist's videos about her experiment with blocking outgoing connections to Google, FB, Microsoft and Apple. I wonder if it is possible to modify MacOS's built in firewall to block IP ranges that I specify, like all known FB ranges, coinhive etc.?

I used to configure ipfw but this seems to have gone away. I'm running Mojave.

I do not want to run any closed-source program like Little Snitch to accomplish this. I just want to configure Apple's firewall if possible.

It's not that complex with use of Pf firewall that's been ported from OpenBSD to MacOS quite a while ago. The whole ruleset could be as simple as:

#
# Block outgoing connections to IP ranges given in a table
#

# A persistent table to keep a list of IP networks for blocking
table <toBlockOut> persist { 0.1.2.3/32 }

# local TCP/IP is always allowed
pass quick on lo0

# Attempts to send packets to IP networks kept in the table
# should never work
block out quick to <toBlockOut> no state

After you've saved that minimal ruleset into say pf-block-out.conf file, you can apply it with sudo pfctl -ef pf-block-out.conf — from Terminal. Similarly you can add or remove entries to the table w/o need to re-load the ruleset:

$ sudo pfctl -t toBlockOut -T show 0.1.2.3 $ sudo pfctl -t toBlockOut -T del 0.1.2.3 1/1 addresses deleted.