I use my router to control access to the internet for a dozen users and about 18 machines. With older routers such as the DI-624 one could created policies to block or allow access for ranges of IP addresses and I believe the limit to the rules was in the order of 32 or 64. Now, using Access Control on a DIR-655, each address must be listed, one can only Block access, AND there is a limit of 15 policies. Not much to work with.
I wish to advocate for the return of Allow type rules, for a larger number of policies, and since IP ranges arent supported, for the implementation of groups or classes so that policies might be set for a group or class of IP address. One would have to be able to assign IP addresses or address ranges to one or more class or group.