Hi all
Tell me what this is connected with. Previously, it was possible to enter addresses like 1.0.0.0-10.0.0.0 into the rules, but now there is only one address and a mask, the required range cannot be entered
Why was this removed? This is very inconvenient and you won’t be able to enter the required range of IP addresses even if you wanted to.
version openwrt-23.05.2 I enter via Luci
You can use ranges by the use of subnets. For example, to use a rule that affects 192.168.7.1-254, I can use 192.168.7.0/24.
Alternatively, look at the ipsets functionality.
So what I’m talking about is that only this option 192.168.7.0/24 works, and before there was also this option 192.168.7.4-192.168.97.7 which is more preferable and which does not work now. But I need to specifically block certain addresses and subnets, option 192.168.7.0/24 is not suitable
Looks like an oversight in porting fw3 to nftables. Nftables itself has builtin range support (in contrast to iptables where the iprange extensions was required).
Will take a look.
Turned out that firewall4 supports ranges just fine, the LuCI input validation was overly strict.
Fixed in
and
Backport to the stable 22.03 branch will happen soon.
I re-upload the firmware, nothing changed
addresses still via Luci like 10.0.0.0-10.1.22.12 cannot be entered in the firewall
It only works if you use Main/Snapshot builds and it can take a few days until those are compiled for you.
It is possible to backport/cherry pick those commits and jow reported that it will happen but that can take some time, so patience is your friend 
understood thanks