Any comment is welcome since I am not sure it's the best way to achieve it or if it has some drawbacks
tl;dr
[root@myfw ~]# cat google-nets
#!/bin/sh
dig @8.8.8.8 +noall +answer +short +dnssec +tcp _spf.google.com txt | tr ' ' '\n' | awk -F: '$1=="include" {print $2}' | while read blocks
do
dig @8.8.8.8 +noall +answer +short +dnssec +tcp "$blocks" txt | tr ' ' '\n' | awk -F: '$1=="ip4" {print $2}'
done | xargs pfctl -t google_networks -T replace
[root@myfw ~]# cat /usr/local/etc/cron.d/custom-pf-tables.cron
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
#minute hour mday month wday who command
40 4 * * * root /root/google-nets
some more details:
https://www.signorini.ch/content/opnsense-create-pftable-for-google-networks