Then for each client a separate black list that they choose.
Set the inbound route for each did to a dynamic route. Use the dynamic route to evaluate if the call id is on the customer list or not. If yes, end the call, otherwise route it on.
Blacklists for udp/5060 are currently north of 200000, but a complete waste of resources because the clever blacklisted host will be someone else in three minutes. Seriously, BTDT more than once !
You can use FUNC_ODBC() to query [even a remote] database. Then, you can use a custom Trunk context to intercept all incoming calls.
[from-trunk-toolfolks]
exten => _.,1,Noop(Checking if caller is blacklisted in global blacklist)
exten => _.,n,GotoIf($["foo${ODBC_REMOTEMSSQL(${CALLERID(num)})}" != "foo"]?lenny,s,1:from-pstn,${EXTEN},1)