Support

This implies that you have more than two dozen IP blacklist rules which is the wrong thing to do. Permanent blacklist rules should be used sparingly and cleaned up periodically. Otherwise you end up blocking legitimate users.

Also, there's a simple way to overview your block rules: sort the list by IP and/or search by IP.

Moreover, why would you end up trying to block an already blocked IP? It can't come from the Security Exceptions Log because the IP is already blocked and we don't log who was blocked because of a blacklisted IP. So I guess you are adding rules from an external source without pruning the old entries. This is doubly wrong because a. you have no guarantees that the external source actually gives you hackers' IPs (99.99% sure they don't because real hackers don't cling to an IP for longer than the duration of a short attack and that's only when they are not using a botnet but rather an otherwise innocent, "zombie" cimputer) and b. you don't clean up the expired and false positive entries. In the end of the day you seem to be doing your site a disservice.

But the broader block would still have the same prefix. For example:
Already blocked 192.168.1.
You are trying to block 192.168.1.106

If you search for 192.168. and sort by IP you should see the address block you have already blocked.

We are not going to do that automatically because, beyond everything else I already told you, there is a huge performance impact. You can add any kind of IP expression. If you add the IP expression 192.168. you need to know that it is also encompasses, let's say, the already active IP expression 192.168.1. which means that for every single entry in the black list you need to perform a VERY expensive bitmask expansion and comparison against the IP expression submitted and determine if there is no overlap, the new expression supersedes the old one or the old one includes the new one. In case you lost count that's 3N VERY expensive comparisons. Beyond 50 to 100 entries you will get a major performance impact, to the point of a blank page / error 500.

Also, it's extremely unwise having more than two dozen IP blacklist expressions for pretty much the same reason. For each and every request made to Joomla!, Admin Tools will have to go through N records and perform bitmask expansion and comparison. While it's a bit better ("only" N operations) this quickly adds up to a measurable performance impact.

Again, I have to tell you that the blacklist should be your last resort, not your regular course of business. Otherwise you are doing your site a disservice. Also note that the same applies for blacklisted IPs in .htaccess / virtual host configuration for exactly the same reason. Even if Apache is slightly faster in doing bitmask expansion (the benfit of being written in C instead of PHP!) it still has to go through N entries and do a very expensive operation for each.