For the network 20.21.22.22/32, the ip address 20.21.22.22 is not allowed but it should be allowed
the problem is in M6Web\Component\Firewall\Entry\Traits\IPMask in the function getRange
public function getRange()
{
...
if ($parts['mask'] == 32)
...
}

I have debuged this and $parts['mask'] contains "255.255.255.255" and not 32

the solution is to change the check to:
if ($parts['mask'] == 32 || $parts['mask'] == "255.255.255.255")

Another problem is that for network 20.21.22.0/24 , i think it shouldn't accept the ip 20.21.22.255 because it's broadcast ip address but it accept it.
Finally i think the solution is to change the getRange() function to:

public function getRange()
{
...
if ($parts['mask'] != 32 && $parts['mask'] != "255.255.255.255") {
$ret['begin'] = $this->IPLongAdd($ret['begin'], 1);
$ret['end'] = $this->IPLongAdd($ret['end'], -1);
}
...
}

because if the mask is not 255.255.255.255 or 32 we should prevent access for the network ip adress and broadcast ip address.

hello

we have encountered an issue with your library.
On a 32bit installation when we try to run the following code. The Ip is always allowed.

use M6Web\Component\Firewall\Firewall;

$whiteList = array( 
    '10.68.112.0/24'
);

$firewall = new Firewall();

$connAllowed = $firewall
    ->setDefaultState(false)
    ->addList($whiteList, 'local', true)
    ->setIpAddress('10.68.20.205')
    ->handle()
;

if (!$connAllowed) {
    echo "Not allowed";
} else {
    echo "Allowed";
}

This is caused by Ip2Long that doesnt work properly on 32bit

Because PHP's integer type is signed, and many IP addresses will result in negative 
integers on 32-bit architectures, you need to use the "%u" formatter of sprintf() or printf() 
to get the string representation of the unsigned IP address.

To solve this issue we need to change in https://github.com/M6Web/Firewall/blob/master/Entry/AbstractIP.php#L68

    return strval(ip2long($long));

//By

    return  sprintf('%u', ip2long($long));

How much trouble would it be to add an isValidIP function to the firewall to do return a boolean true or false before adding an IP to the white or black listings? I feel this could be pretty useful.

I would not mind adding it myself if yall can point me in the right direction?

long2ip() expects parameter 1 to be integer, string given

protected function long2ip($long, $abbr = true) { switch(static::NB_BITS) { case 128: return $this->long2ip6($long, $abbr); default: return strval(long2ip($long)); } }

So, I decided to test the example yall provided by

$whiteList = array(
        '127.0.0.1',
        '198.168.0.*',
    );

    $blackList = array(
        '192.168.0.50',
    );

    $firewall = new Firewall();

    $connAllowed = $firewall
        ->setDefaultState(false)
        ->addList($whiteList, 'local', true)
        ->addList($blackList, 'localBad', false)
        ->setIpAddress('192.168.0.25')
        ->handle();

This does not work. Although, it clearly should allow 192.168.0.25 through.

I would expect that a white list entry of 10.* would be equal to CIDR Mask 10.0.0.0/8 but the IPV4Wildcard currently doesn't match.
Is this by design?

I have added this library into Laravel 5.3 with composer, and giving this error on AbstractIP.php

Hello There,
Is setIpAddress() method support forwarded ip address like '155.240.132.251, 196.250.25.120'.