The list of ip adresses is no longer available. Instead, you can ensure that webhooks comes from SonarCloud by using a secret.
See the “Securing you webhooks” section from the webhooks documentation page for more info.
By design, the IP addresses SonarCloud is invoking webhooks from will change with time (e.g. with the service auto-scaling). We can’t commit to a specific IP range, so therefore indeed, it is not realistic to use firewalls to protect webhooks targets.
Instead, to protect your endpoint, the correct solution is to use a secret, as explained in the webhooks documentation page.