BornToBeRoot
diff --git a/‎Source/NETworkManager.Localization/Resources/Strings.Designer.cs‎
Lines changed: 453 additions & 181 deletions b/‎Source/NETworkManager.Localization/Resources/Strings.Designer.cs‎
Lines changed: 453 additions & 181 deletions
diff --git a/‎Source/NETworkManager.Localization/Resources/Strings.resx‎
Lines changed: 22 additions & 1 deletion b/‎Source/NETworkManager.Localization/Resources/Strings.resx‎
Lines changed: 22 additions & 1 deletion
diff --git a/‎Source/NETworkManager.Models/Firewall/Firewall.cs‎
Lines changed: 14 additions & 4 deletions b/‎Source/NETworkManager.Models/Firewall/Firewall.cs‎
Lines changed: 14 additions & 4 deletions
diff --git a/‎Source/NETworkManager.Validators/EmptyOrFirewallAddressValidator.cs‎
Lines changed: 42 additions & 5 deletions b/‎Source/NETworkManager.Validators/EmptyOrFirewallAddressValidator.cs‎
Lines changed: 42 additions & 5 deletions
diff --git a/‎Source/NETworkManager/ViewModels/FirewallViewModel.cs‎
Lines changed: 12 additions & 12 deletions b/‎Source/NETworkManager/ViewModels/FirewallViewModel.cs‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎Source/NETworkManager/Views/FirewallView.xaml‎
Lines changed: 12 additions & 12 deletions b/‎Source/NETworkManager/Views/FirewallView.xaml‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎Website/docs/application/arp-table.md‎
Lines changed: 47 additions & 0 deletions b/‎Website/docs/application/arp-table.md‎
Lines changed: 47 additions & 0 deletions
@@ -4148,6 +4148,27 @@ You can copy your profile files from “{0}” to “{1}” to migrate your exis
     <value>Remote addresses</value>
   </data>
   <data name="EnterValidFirewallAddress" xml:space="preserve">
-    <value>Enter a valid IP address, subnet (e.g. 10.0.0.0/8) or keyword (e.g. LocalSubnet, Internet)</value>
+    <value>Enter a valid IP address, subnet (e.g. 10.0.0.0/8), range (e.g. 10.0.0.1-10.0.0.10), or keyword (Any, LocalSubnet, DNS, DHCP, WINS, DefaultGateway, Internet, Intranet, IntranetRemoteAccess, PlayToDevice, CaptivePortal)</value>
+  </data>
+  <data name="AddRule" xml:space="preserve">
+    <value>Add rule</value>
+  </data>
+  <data name="AddRuleDots" xml:space="preserve">
+    <value>Add rule...</value>
+  </data>
+  <data name="EditRule" xml:space="preserve">
+    <value>Edit rule</value>
+  </data>
+  <data name="EditRuleDots" xml:space="preserve">
+    <value>Edit rule...</value>
+  </data>
+  <data name="DeleteRule" xml:space="preserve">
+    <value>Delete rule</value>
+  </data>
+  <data name="EnableRule" xml:space="preserve">
+    <value>Enable rule</value>
+  </data>
+  <data name="DisableRule" xml:space="preserve">
+    <value>Disable rule</value>
   </data>
 </root>
@@ -296,17 +296,17 @@ private static string BuildAddScript(FirewallRule rule)
         if (rule.Protocol is FirewallProtocol.TCP or FirewallProtocol.UDP)
         {
             if (rule.LocalPorts.Count > 0)
-                sb.AppendLine($"$params['LocalPort']  = '{FirewallRule.PortsToString(rule.LocalPorts, ',', false)}'");
+                sb.AppendLine($"$params['LocalPort']  = {ToPsArray(rule.LocalPorts.Select(p => p.ToString()))}");
 
             if (rule.RemotePorts.Count > 0)
-                sb.AppendLine($"$params['RemotePort'] = '{FirewallRule.PortsToString(rule.RemotePorts, ',', false)}'");
+                sb.AppendLine($"$params['RemotePort'] = {ToPsArray(rule.RemotePorts.Select(p => p.ToString()))}");
         }
 
         if (rule.LocalAddresses.Count > 0)
-            sb.AppendLine($"$params['LocalAddress']  = '{string.Join(',', rule.LocalAddresses.Select(EscapePs))}'");
+            sb.AppendLine($"$params['LocalAddress']  = {ToPsArray(rule.LocalAddresses)}");
 
         if (rule.RemoteAddresses.Count > 0)
-            sb.AppendLine($"$params['RemoteAddress'] = '{string.Join(',', rule.RemoteAddresses.Select(EscapePs))}'");
+            sb.AppendLine($"$params['RemoteAddress'] = {ToPsArray(rule.RemoteAddresses)}");
 
         if (rule.Program != null && !string.IsNullOrWhiteSpace(rule.Program.Name))
             sb.AppendLine($"$params['Program'] = '{EscapePs(rule.Program.Name)}'");
@@ -323,6 +323,16 @@ private static string BuildAddScript(FirewallRule rule)
     /// <param name="value">The raw string value to escape.</param>
     private static string EscapePs(string value) => value.Replace("'", "''");
 
+    /// <summary>
+    /// Builds a PowerShell array literal (e.g. <c>@('80','443','8080-8090')</c>) from the given values.
+    /// New-NetFirewallRule parameters such as -LocalPort and -LocalAddress are typed as
+    /// <c>String[]</c>; passing a single comma-joined string would be interpreted as one
+    /// element and rejected, so we emit a real array.
+    /// </summary>
+    /// <param name="values">The values to embed into the array literal.</param>
+    private static string ToPsArray(IEnumerable<string> values) =>
+        $"@({string.Join(",", values.Select(v => $"'{EscapePs(v)}'"))})";
+
     /// <summary>
     /// Maps a <see cref="FirewallProtocol"/> value to the string accepted by
     /// <c>New-NetFirewallRule -Protocol</c>.
 
@@ -11,14 +11,17 @@ namespace NETworkManager.Validators;
 /// <summary>
 /// Validates that the input is empty (meaning "Any") or contains semicolon-separated
 /// valid IPv4/IPv6 addresses, IPv4/IPv6 CIDR subnets, IPv4 subnets in subnet-mask
-/// notation (e.g. <c>10.0.0.0/255.0.0.0</c>), or recognized Windows Firewall keywords
-/// (e.g. LocalSubnet, Internet, Intranet, DNS, DHCP, WINS, DefaultGateway).
+/// notation (e.g. <c>10.0.0.0/255.0.0.0</c>), IPv4/IPv6 ranges (e.g. <c>1.2.3.4-1.2.3.7</c>),
+/// or recognized Windows Firewall keywords (Any, LocalSubnet, DNS, DHCP, WINS, DefaultGateway,
+/// Internet, Intranet, IntranetRemoteAccess, PlayToDevice, CaptivePortal). Keywords may be
+/// suffixed with <c>4</c> or <c>6</c> to restrict matching to IPv4 or IPv6 (e.g. <c>LocalSubnet4</c>).
 /// </summary>
 public class EmptyOrFirewallAddressValidator : ValidationRule
 {
     private static readonly string[] Keywords =
     [
-        "Any", "LocalSubnet", "Internet", "Intranet", "DNS", "DHCP", "WINS", "DefaultGateway"
+        "Any", "LocalSubnet", "DNS", "DHCP", "WINS", "DefaultGateway",
+        "Internet", "Intranet", "IntranetRemoteAccess", "PlayToDevice", "CaptivePortal"
     ];
 
     /// <inheritdoc />
@@ -34,9 +37,17 @@ public override ValidationResult Validate(object value, CultureInfo cultureInfo)
             if (string.IsNullOrEmpty(token))
                 continue;
 
-            if (Array.Exists(Keywords, k => k.Equals(token, StringComparison.OrdinalIgnoreCase)))
+            if (IsKeyword(token))
                 continue;
 
+            if (!token.Contains('/') && token.Contains('-'))
+            {
+                if (IsValidRange(token))
+                    continue;
+
+                return new ValidationResult(false, Strings.EnterValidFirewallAddress);
+            }
+
             var slashIndex = token.IndexOf('/');
             var addressPart = slashIndex > 0 ? token[..slashIndex] : token;
 
@@ -45,7 +56,7 @@ public override ValidationResult Validate(object value, CultureInfo cultureInfo)
 
             if (slashIndex <= 0)
                 continue;
-            
+
             var suffix = token[(slashIndex + 1)..];
 
             if (ip.AddressFamily == AddressFamily.InterNetwork && RegexHelper.SubnetmaskRegex().IsMatch(suffix))
@@ -59,4 +70,30 @@ public override ValidationResult Validate(object value, CultureInfo cultureInfo)
 
         return ValidationResult.ValidResult;
     }
+
+    private static bool IsKeyword(string token)
+    {
+        if (Array.Exists(Keywords, k => k.Equals(token, StringComparison.OrdinalIgnoreCase)))
+            return true;
+
+        if (token.Length < 2 || (token[^1] != '4' && token[^1] != '6'))
+            return false;
+
+        var bare = token[..^1];
+        return Array.Exists(Keywords, k => k.Equals(bare, StringComparison.OrdinalIgnoreCase));
+    }
+
+    private static bool IsValidRange(string token)
+    {
+        var dashIndex = token.IndexOf('-');
+
+        if (dashIndex <= 0 || dashIndex >= token.Length - 1)
+            return false;
+
+        if (!IPAddress.TryParse(token[..dashIndex], out var start) ||
+            !IPAddress.TryParse(token[(dashIndex + 1)..], out var end))
+            return false;
+
+        return start.AddressFamily == end.AddressFamily;
+    }
 }
@@ -439,13 +439,13 @@ private void LoadSettings()
     /// Gets the command to open the dialog for adding a new firewall rule.
     /// Only enabled when the application is running as administrator.
     /// </summary>
-    public ICommand AddEntryCommand => new RelayCommand(_ => AddEntry().ConfigureAwait(false), _ => ModifyEntry_CanExecute());
+    public ICommand AddRuleCommand => new RelayCommand(_ => AddRule().ConfigureAwait(false), _ => ModifyRule_CanExecute());
 
     /// <summary>
     /// Opens the add-firewall-rule dialog. On confirmation, creates the rule via PowerShell
     /// and refreshes the rule list.
     /// </summary>
-    private async Task AddEntry()
+    private async Task AddRule()
     {
         var childWindow = new FirewallRuleChildWindow();
 
@@ -472,7 +472,7 @@ private async Task AddEntry()
             ConfigurationManager.Current.IsChildWindowOpen = false;
         });
 
-        childWindow.Title = Strings.AddEntry;
+        childWindow.Title = Strings.AddRule;
         childWindow.DataContext = childWindowViewModel;
 
         ConfigurationManager.Current.IsChildWindowOpen = true;
@@ -484,13 +484,13 @@ private async Task AddEntry()
     /// Gets the command to enable the selected firewall rule.
     /// Only executable when the rule is currently disabled and modification is allowed.
     /// </summary>
-    public ICommand EnableEntryCommand => new RelayCommand(_ => SetRuleEnabled(SelectedResult, true).ConfigureAwait(false), _ => ModifyEntry_CanExecute() && SelectedResult is { IsEnabled: false });
+    public ICommand EnableRuleCommand => new RelayCommand(_ => SetRuleEnabled(SelectedResult, true).ConfigureAwait(false), _ => ModifyRule_CanExecute() && SelectedResult is { IsEnabled: false });
 
     /// <summary>
     /// Gets the command to disable the selected firewall rule.
     /// Only executable when the rule is currently enabled and modification is allowed.
     /// </summary>
-    public ICommand DisableEntryCommand => new RelayCommand(_ => SetRuleEnabled(SelectedResult, false).ConfigureAwait(false), _ => ModifyEntry_CanExecute() && SelectedResult is { IsEnabled: true });
+    public ICommand DisableRuleCommand => new RelayCommand(_ => SetRuleEnabled(SelectedResult, false).ConfigureAwait(false), _ => ModifyRule_CanExecute() && SelectedResult is { IsEnabled: true });
 
     /// <summary>
     /// Enables or disables the given <paramref name="rule"/> via PowerShell,
@@ -523,14 +523,14 @@ private async Task SetRuleEnabled(FirewallRule rule, bool enabled)
     /// Gets the command to open the dialog for editing the selected firewall rule.
     /// Only executable when a rule is selected and modification is allowed.
     /// </summary>
-    public ICommand EditEntryCommand => new RelayCommand(_ => EditEntry().ConfigureAwait(false), _ => ModifyEntry_CanExecute() && SelectedResult != null);
+    public ICommand EditRuleCommand => new RelayCommand(_ => EditRule().ConfigureAwait(false), _ => ModifyRule_CanExecute() && SelectedResult != null);
 
     /// <summary>
     /// Opens the edit-firewall-rule dialog pre-filled with the selected rule's properties.
     /// On confirmation, deletes the old rule, creates the updated rule via PowerShell,
     /// and refreshes the rule list.
     /// </summary>
-    private async Task EditEntry()
+    private async Task EditRule()
     {
         var childWindow = new FirewallRuleChildWindow();
 
@@ -558,7 +558,7 @@ private async Task EditEntry()
             ConfigurationManager.Current.IsChildWindowOpen = false;
         }, SelectedResult);
 
-        childWindow.Title = Strings.EditEntry;
+        childWindow.Title = Strings.EditRule;
         childWindow.DataContext = childWindowViewModel;
 
         ConfigurationManager.Current.IsChildWindowOpen = true;
@@ -570,18 +570,18 @@ private async Task EditEntry()
     /// Gets the command to permanently delete the selected firewall rule.
     /// Only executable when a rule is selected and modification is allowed.
     /// </summary>
-    public ICommand DeleteEntryCommand => new RelayCommand(_ => DeleteEntry().ConfigureAwait(false), _ => ModifyEntry_CanExecute() && SelectedResult != null);
+    public ICommand DeleteRuleCommand => new RelayCommand(_ => DeleteRule().ConfigureAwait(false), _ => ModifyRule_CanExecute() && SelectedResult != null);
 
     /// <summary>
     /// Shows a confirmation dialog and, if confirmed, deletes the selected firewall rule
     /// via PowerShell and reloads the rule list.
     /// Any PowerShell error is written to the log and shown in the status bar.
     /// </summary>
-    private async Task DeleteEntry()
+    private async Task DeleteRule()
     {
         var result = await DialogHelper.ShowConfirmationMessageAsync(
             Application.Current.MainWindow,
-            Strings.DeleteEntry,
+            Strings.DeleteRule,
             string.Format(Strings.DeleteFirewallRuleMessage, SelectedResult.Name),
             ChildWindowIcon.Info,
             Strings.Delete);
@@ -607,7 +607,7 @@ private async Task DeleteEntry()
     /// Returns <see langword="true"/> when the application is running as administrator,
     /// no dialog is open, and no child window is open — i.e. it is safe to modify a rule.
     /// </summary>
-    private static bool ModifyEntry_CanExecute()
+    private static bool ModifyRule_CanExecute()
     {
         return ConfigurationManager.Current.IsAdmin &&
                Application.Current.MainWindow != null &&
 
@@ -102,13 +102,13 @@
                         SelectedItemsList="{Binding SelectedResults, Mode=TwoWay, UpdateSourceTrigger=PropertyChanged}"
                         RowDetailsVisibilityMode="Collapsed">
                         <controls:MultiSelectDataGrid.InputBindings>
-                            <KeyBinding Command="{Binding EditEntryCommand}" Key="F2" />
-                            <KeyBinding Command="{Binding DeleteEntryCommand}" Key="Delete" />
+                            <KeyBinding Command="{Binding EditRuleCommand}" Key="F2" />
+                            <KeyBinding Command="{Binding DeleteRuleCommand}" Key="Delete" />
                         </controls:MultiSelectDataGrid.InputBindings>
                         <controls:MultiSelectDataGrid.Resources>
                             <ContextMenu x:Key="RowContextMenu" Opened="ContextMenu_Opened" MinWidth="150">
-                                <MenuItem Header="{x:Static localization:Strings.EnableEntry}"
-                                          Command="{Binding Path=EnableEntryCommand}"
+                                <MenuItem Header="{x:Static localization:Strings.EnableRule}"
+                                          Command="{Binding Path=EnableRuleCommand}"
                                           Visibility="{Binding Path=SelectedResult.IsEnabled, Converter={StaticResource BooleanReverseToVisibilityCollapsedConverter}}">
                                     <MenuItem.Icon>
                                         <Rectangle Width="16" Height="16" Fill="{DynamicResource MahApps.Brushes.Gray3}">
@@ -118,8 +118,8 @@
                                         </Rectangle>
                                     </MenuItem.Icon>
                                 </MenuItem>
-                                <MenuItem Header="{x:Static localization:Strings.DisableEntry}"
-                                          Command="{Binding Path=DisableEntryCommand}"
+                                <MenuItem Header="{x:Static localization:Strings.DisableRule}"
+                                          Command="{Binding Path=DisableRuleCommand}"
                                           Visibility="{Binding Path=SelectedResult.IsEnabled, Converter={StaticResource BooleanToVisibilityCollapsedConverter}}">
                                     <MenuItem.Icon>
                                         <Rectangle Width="16" Height="16" Fill="{DynamicResource MahApps.Brushes.Gray3}">
@@ -129,8 +129,8 @@
                                         </Rectangle>
                                     </MenuItem.Icon>
                                 </MenuItem>
-                                <MenuItem Header="{x:Static localization:Strings.EditEntryDots}"
-                                          Command="{Binding Path=EditEntryCommand}">
+                                <MenuItem Header="{x:Static localization:Strings.EditRuleDots}"
+                                          Command="{Binding Path=EditRuleCommand}">
                                     <MenuItem.Icon>
                                         <Rectangle Width="16" Height="16" Fill="{DynamicResource MahApps.Brushes.Gray3}">
                                             <Rectangle.OpacityMask>
@@ -139,8 +139,8 @@
                                         </Rectangle>
                                     </MenuItem.Icon>
                                 </MenuItem>
-                                <MenuItem Header="{x:Static localization:Strings.DeleteEntry}"
-                                          Command="{Binding Path=DeleteEntryCommand}">
+                                <MenuItem Header="{x:Static localization:Strings.DeleteRule}"
+                                          Command="{Binding Path=DeleteRuleCommand}">
                                     <MenuItem.Icon>
                                         <Rectangle Width="16" Height="16" Fill="{DynamicResource MahApps.Brushes.Gray3}">
                                             <Rectangle.OpacityMask>
@@ -538,7 +538,7 @@
                                    Orientation="Horizontal"
                                    VerticalAlignment="Center"
                                    HorizontalAlignment="Right">
-                            <Button Command="{Binding Path=AddEntryCommand}" Style="{StaticResource ImageWithTextButton}">
+                            <Button Command="{Binding Path=AddRuleCommand}" Style="{StaticResource ImageWithTextButton}">
                                 <Grid>
                                     <Grid.ColumnDefinitions>
                                         <ColumnDefinition Width="Auto" />
@@ -550,7 +550,7 @@
                                         </Rectangle.OpacityMask>
                                     </Rectangle>
                                     <TextBlock Grid.Column="1"
-                                               Text="{x:Static localization:Strings.AddEntryDots}"
+                                               Text="{x:Static localization:Strings.AddRuleDots}"
                                                Style="{StaticResource ButtonWithImageTextBlock}" />
                                 </Grid>
                             </Button>
 
@@ -32,3 +32,50 @@ With `F5` you can refresh the ARP table.
 Right-click on the result to delete an entry, or to copy or export the information.
 
 :::
+
+## Add entry
+
+The **Add entry** dialog is opened by clicking the **Add entry...** button below the table. It creates a new static ARP entry that maps an IP address to a MAC address.
+
+![Add entry](../img/arp-table-entry.png)
+
+### IP address
+
+IPv4 address of the device.
+
+**Type:** `String`
+
+**Default:** `Empty`
+
+**Example:** `10.0.0.10`
+
+:::note
+
+Only IPv4 addresses are accepted. The field is required and validated for a correct address format.
+
+:::
+
+### MAC address
+
+MAC address of the device the [IP address](#ip-address) should be mapped to.
+
+**Type:** `String`
+
+**Default:** `Empty`
+
+**Example:**
+
+- `00:1A:2B:3C:4D:5E`
+- `00-1A-2B-3C-4D-5E`
+
+:::note
+
+The field is required and validated for a correct MAC address format.
+
+:::
+
+:::note
+
+Adding a static ARP entry requires administrator privileges and runs `arp -s` under the hood.
+
+:::