I see a few possible answers (none of which are really all that great):
You could have the cron job run hourly or daily. Does it really matter if those IP addresses are blocked immediately? (I can't answer that.)
You could have your program run as a user with proper privileges to control the firewall and nothing else. That might require a lot of tinkering and your firewall might not even allow it.
If you have your program run as root (or it's a suid program -- which is disallowed almost universally), you'll want to vigorously follow a couple simple rules: do only what is necessary and make sure nothing can go wrong. This program would do only one or two things (to reduce the likelihood of vulnerabilities), run other programs (as other users) to do real work, test the results of those programs to adhere to strict requirements (instead of testing for possible exploit attempts, test to make sure you are expecting that result -- i.e., if you are expecting an IP address, make sure it really is an IP address), you want to use as few external deps as possible, and you want it to enforce certain requirements.
You'd want it to be owned by root, only readable, writable, and executable by root, etc. Also, the other programs should be owned by their respecive owners and only readable, writable, and executable by them. (And remember to chroot where advantageous.)
Of course, if this program is being invoked by another, you might not be able to get it to run as root in the first place.
If I were to do the last, I'd make it a shell script no greater than 30 or so lines (20 of which would be checking input, verifying ownership and permissions, and the like). But even that really opens up your system to potentially nasty exploits if there are any. So really the second option is the best.
If you decide to make a setuid or setgid script, read
perlsec first.
