OK, Let's me clarify that I use the uhttp as a web server and deployed a website on my 3rd level router through port forwarding. I want to use the rules on my 2nd level router to filter Censys scan.
I have try the configuration as your suggestion:
config rule
option src 'wan'
option name 'CenSysBlock1'
option proto 'all'
option target 'REJECT'
option extra '-m iprange --src-range 74.120.14.0/24'
config rule
option src 'wan'
option name 'CenSysBlock2'
option proto 'all'
option target 'REJECT'
option extra '-m iprange --src-range 162.142.125.0/24'
config rule
option src 'wan'
option name 'CenSysBlock3'
option proto 'all'
option target 'REJECT'
option extra '-m iprange --src-range 167.248.133.0/24'
config rule
option src 'wan'
option name 'CenSysBlock4'
option proto 'all'
option target 'REJECT'
option extra '-m iprange --src-range 192.35.168.0/23'
Hope it works. will let you know.