[FEATURE] Advanced rules to allow/block

[Beanux]

Hello,

First thanks for your work

I'll explain my need, that would be simpler.
I've allowed a local network: 10.42.0.0/16
And i need only one IP in this range to be blocked from login: 10.42.13.208
This IP is a reverse proxy that handle external network and redirect it to nextcloud (or other webapp)

Currently i've worked this way (and it cover all of the IP, because there is no missing range between 17 to 32):

10.42.0.0/21
10.42.8.0/22
10.42.12.0/24
10.42.13.0/25
10.42.13.128/26
10.42.13.192/28
10.42.13.209/32
10.42.13.210/31
10.42.13.212/30
10.42.13.216/29
10.42.13.224/27
10.42.14.0/23
10.42.16.0/20
10.42.32.0/19
10.42.64.0/18
10.42.128.0/17

All of this rather than doing something like

Block 10.42.13.208/32
Allow 10.42.0.0/16

There could be several way to do it:

• defining the order (block then allow, or allow then block), and then apply the blocking/allowing rules.
• applying the first match, an allow or a deny. Then the rules order would be the important part.

Thus would allow a better but complex filtering.
If that would be thought too complex to manage, something to test ip or range after applying rules could be helpfull.

Best regards