Usually there is no need to add a Blacklist, as the firewall works in a Deny-by-Default mode. However, because of the intelligence and automatic unlocking of Responsive Firewall, you may find it convenient to enable access to that to the global Internet.
To ensure the safety of your machine, you may add to the global override blacklist, to ensure that known bad hosts can not attempt to register with the Responsive Firewall Service. This is found on the Service page on the Blacklist tab.
You may add a host or network definition. If you add an invalid host, the server will warn you that it can not block it. However, if that entry does become resolveable in the future, it will be automatically added to the firewall blacklist without any further action.
This blacklist check is secondary to networks. This means that you can add a blacklist for 10.0.0.0/8, but add a 'Trusted' network for 10.20.30.0/24, and traffic from 10.20.30.0/24 will be assigned to the Trusted zone.