When using cs-firewall-bouncer with nftables, it does not appear to be possible to ban ranges of ip addresses. For example, after adding a range using
sudo cscli decisions add --range 184.108.40.206/24, inspecting the content of the crowdsec table using
sudo nft list table ip crowdsec shows that only ip 220.127.116.11 is banned.
The reason seems to be that the blocklist set definition is missing the “interval” flag (see Sets - nftables wiki). I’m not a go coder but I think changes would be needed in file
nftables.go around lines 60 and 128.