Support allowlisting entire IP ranges / subnets without regex

[girlbossceo]

I'd like to allowlist my ISP's entire IP range (to account for IP changes) for things like admin panels, and block + report anyone else who accesses these admin panels (likely bots scraping for endpoints like /admin).

Attempting to use a subnet does not work with the existing allowlist IP feature as it seems to use regex instead. If the user has a simple /24 or /16, they COULD probably just do 123\.456\..*\..* (/16, looks cursed yeah), but my ISP has a /12 in which case allowlisting the entire three octets will not work and will allow unrelated IP addresses, as xx.yxz and xx.xyz would be in the same /12 subnet but not xx.abc.