Firewall bouncer: blocking outgoing traffic?

As far as I see, the firewall bouncer block incomming traffic. I wonder if it is a good idea to check outgoing traffic as well?

Scenario: devices in the network my be compromised and use outgoing connections to a command and control server (as many trojan do).
Blocking those requests may be a use case. As CrowdSec is providing the local installation with community locklist this would be the way to get the IPs to block. It would require CrowdSec to include such IP addresses into the blocklists.

Do we have something like that?

It has been asked before and some users are doing this on opnsense. I haven’t tried to see if it can be done via the firewall bouncer.

The only prefix I would say is our IP’s are doing attacks and not really being used for C&C servers, however, it doesn’t take a second for an IP to switch but if they use already tainted servers it easier to detect via reputation.