As @cfusco suggested,
https://community.ipfire.org/t/network-range-within-firewall-groups/9508/15
you should use firewall.local and put your rules in the CUSTOMINPUT chain rather than directly in the INPUT chain, where if you make a mistake it could impact your firewall performance or security bu affecting the rules implemented in the code.
The wiki is your friend.
https://wiki.ipfire.org/pkgs/fcron