I also support having Checkpoint or BSD style IP-groups and subnet groups. Much easier to create firewall rules that way.
For example I want to allow some services only from my country IP subnets. But there is ton of then, Have to create and manage tens of firewall rules. Much easier to create one rule and then manage the group of subnets.