pfSense

I'm not using either of these, so I pretty much don't care either way, but... fixing the description and nuking this from bogons leaves people with usable bogon rules that are blocking loads of other stuff. When you leave CGN in bogons, people on CGN just cannot use those at all since you cannot override it in any reasonable way (still no way to move those rules). Hmmm.

Bogons and block private only applies to traffic sourced on the WAN in question. Where you're on CGN, you pretty much never want to allow traffic sourced from CGN subnets in. There is never any need to disable that for outbound traffic regardless of whether your WAN is CGN or private or bogon.

there is a feature request open to allow moving the rules, which could be handy in some limited circumstances (mostly to block matching traffic with no logging without completely disabling the rule).

Yes, of course. I think we don't understand each other. I can trivially create a RFC1918 alias and place that rule whereever I want (it's 3 CIDRs, or 4 including the CGN address space). Not exactly the case with bogons{,v6}. So, this CGN address space is effectively burried among loads of completely unrelated IP ranges. As long as you leave it there, you render the entire bogons list unusable for anyone behind CGN. Not talking about outbound traffic at all.

it's only unusable where you need to allow traffic into WAN that's sourced from CGN space. Which in nearly all cases is nothing. I think you're misunderstanding what block bogons does, it most certainly doesn't "render the entire bogons list unusable for anyone behind CGN."