It's the simplest idea and surely is going to fit for known, small and limited ranges.
But unfortunately that's not my case.
I should have to filter out a whole bunch of ipranges coming out from an external file, which would have to be costantly updated (not by me, perhaps) and which has a format i can't change.
At this moment the external file counts over 2K (2000) ranges to be filtered out.
Each one of them may count a big round ass of single host's ip.
Just the first one counts 65K hosts to be filtered.
And as i said we are talking of thousands. Only occasionaly, for single ipranges by time to time, netmasks or your method could be a real choiche.
In fact choosing such a way would bring me to flood iptables with i-don't-even-wanna-know rules to take care of.
So i damn need somthing different.
However thanks for the advise.
Always welcome