Context

Tomcat's RemoteIpFilter currently allows configuring trusted/internal proxies using regexp.

When integrating with reverse proxies with a large number of IP addresses, regexp configuration gets cumbersome.

Suggestion

I suggest adding support for IP ranges in CIDR notation to make it easier to setup the filter in these cases.

For backward compatibility, matching with masks is only performed when the trusted/internal proxies patterns are null.

Depending on the feedback I receive on this PR, I may add the same changes to Tomcat's RemoteIpValve.

I have not looked at your implementation suggestion, but did you notice there is:

https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Remote_CIDR_Filter

Ah, sorry I just realized what you plan. Please ignore my reference to RemoteCIDRFilter.

This PR should use NetMaskSet as well.

Hi, If you want this PR to merge smoothly, please modify this change according to markt‘s comment.