Just checked and the IP right now is: 198.143.164.250
Do you want an programmable-in-php way to do it? You could run this on a WP-Cron schedule (adding some code) to check if the IP has changed at all and change it in your firewall if so while deleting the old IP (or use a hook to update the whitelist right before the major update calls all to download the zip). The code will only be as hard as how to whitelist things in your firewall. Hopefully it’s something like:
$whitelist_ip = gethostbyname('downloads.wordpress.org');
add_to_whitelist($whitelist_ip);
Obviously the add_to_whitelist function is hypothetical (a function that either already exists, or you’d need to write) because adding an IP to a firewall depends entirely on what kind of firewall you’re using which you may want to edit your original question to explain your firewall and how you add IPs to it.