We got this feedback on our FAQ: How do I disable brute force authentication security checks for specific IP addresses?
The page (and documentation) are unclear that (it seems) "Always block" takes priority over "Never block" rules.
I specified 0.0.0.0/0 in "Always block" and then entered a list of trusted IPs in "Never block"; now the UI is blocking me and I came here trying to find out how/where to reset that erroneous setting (e.g. in what database table or config file).
I haven't checked, but can we verify if there is maybe a bug or something that could be improved in the inline help or so?
We're definitely first blocking, then allowing as the user describes. I suppose sometimes you want it maybe this way, sometimes another way?
What the user wants to achieve seems actually more like the
login_whitelist_ip feature where you can configure to only allow the log in for certain IPs see https://matomo.org/faq/how-to/faq_25543/