What happened?

cscli allowlists add test 10.0.0.1 and cscli allowlists add test 10.0.0.1/32 create two separate entries even though they are equivalent. cscli allowlist remove test 10.0.0.1 or cscli allowlist remove test 10.0.0.1/32 also remove only the exact match, which could be unexpected by a user if there are two equivalent records present in the allowlist.

What did you expect to happen?

The IP addresses with the /32 suffix and without any suffix should be treated as equivalent.

How can we reproduce it (as minimally and precisely as possible)?

cscli allowlists create test
cscli allowlists add test 10.0.0.1
cscli allowlists add test 10.0.0.1/32
cscli allowlists inspect test
cscli allowlists remove test 10.0.0.1
cscli allowlists inspect test
cscli allowlists remove test 10.0.0.1/32

Anything else we need to know?

No response

Crowdsec version

version: v1.6.9-40b8cfe6
Codename: alphaga
BuildDate: 2025-06-18_14:04:23
GoVersion: 1.24.4
Platform: docker
libre2: C++
User-Agent: crowdsec/v1.6.9-40b8cfe6-docker
Constraint_parser: >= 1.0, <= 3.0
Constraint_scenario: >= 1.0, <= 3.0
Constraint_api: v1
Constraint_acquis: >= 1.0, < 2.0
Built-in optional components: cscli_setup, datasource_appsec, datasource_cloudwatch, datasource_docker, datasource_file, datasource_http, datasource_journalctl, datasource_k8s-audit, datasource_kafka, datasource_kinesis, datasource_loki, datasource_s3, datasource_syslog, datasource_victorialogs, datasource_wineventlog

OS version

Enabled collections and parsers

No response

Acquisition config

No response

Config show

Prometheus metrics

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.