Hi Marco,
first, welcome to the IPFire community. 
This topic has been discussed - sometimes heatedly - several times in the past (for example, here). To put it short, we disagree for security reasons (source):
[…] Another question frequently asked is why IPFire does not support filtering DNS replies for certain FQDNs, commonly referred to as a Response Policy Zone (RPZ). This is because an RPZ does what DNSSEC attempts to secure users against: Tamper with DNS responses. From the perspective of a DNSSEC-validating system, a RPZ will just look like an attacker (if the queried FQDN is DNSSEC-signed, which is what we strive for as much of them as possible), thus creating a considerable amount of background noise. Obviously, this makes detecting ongoing attacks very hard, most times even impossible - the haystack to search just becomes too big.
Further, it does not cover direct connections to hardcoded IP addresses, which is what some devices and attackers usually do, as it does not rely on DNS to be operational and does not leave any traces. Using an RPZ will not make your network more secure, it just attempts to cover up the fact that certain devices within it cannot be trusted. […]
Good grief. You certainly do not want to have this package manager running on a firewall…
Sorry to disappoint you: No.
Please consider using IPFire’s web proxy instead, and enforce a strict firewall policy (more on that can be read here) to drop any traffic from your devices you do not like.
Thanks, and best regards,
Peter Müller