This is very similar to https://sourceforge.net/tracker/?func=detail&aid=1232929&group_id=87163&atid=582181 but supports both class B and class C entries, as well as allows for you to exclude specific IP's from these more general subnet entries.
So, for example, let's say I have a class C subnet, 192.168.241.0/24, that I generally trust. But there is one host, 192.168.241.4, that is accepting messages from the Internet at large and relaying to us without first scanning them. I can then whitelist 192.168.241 to whitelist the entire class C. But then I can also whitelist !192.168.241.4 to exclude that one particular host from the more general whitelist entry.
I have been using this in our 1.0.5 production installation for over a year with great success. Attached is a patch against 22.214.171.124 for your consideration.