Currently, I can apply block/allow filters only if the masks are aligned on an 8-bit boundary. For example: 10.11.12.13, 10.11.12.*, 10.11.*.*, 10.*.*.*, etc.

There is a problem with this, however. Some networks that I want to block don't have an entire 8-, 16-, or 24-bit address space assigned to them. They have some other amount.

For instance, suppose someone has a 4-bit network numbered 10.11.12.16 through 10.11.12.31. Right now, I have to manually add all 16 host addresses. I would prefer to be able to specify the mask (10.11.12.16/255.255.255.240) or even better, the prefix-length (10.11.12.16/28). The problem is annoying with small networks (like the 4-bit network in my example) but it is a showstopper if it involves bigger networks (like a 7-bit network - there's no way I'm going to hand-enter 128 host addresses.)

I browsed through this forum and the documentation, but I didn't find any indication that the current release supports this feature, nor have I seen any prior requests for it. Hopefully, this won't be difficult to implement.

The algorithm for doing this is really simple. Assuming that you've got your IP address stored in a 32-bit integer in host order, the algorithm is:

1) generate a mask from the prefix length:
2) Match target address against prefix/mask pair: