diff --git a/dashboard/server.js b/dashboard/server.js
index 7e460a4..717a6fa 100644
--- a/dashboard/server.js
+++ b/dashboard/server.js
@@ -19,7 +19,6 @@ const JAIL_LOCAL    = process.env.JAIL_LOCAL    || '/etc/fail2ban/jail.local';
 const CF_SYNC       = process.env.CF_SYNC       || '/usr/local/bin/cloudflare-whitelist-sync.sh';
 const MANUAL_JAIL   = process.env.MANUAL_JAIL   || 'manual-bans';
 const BAN_HIST_FILE = process.env.BAN_HIST_FILE || '/data/ban-history.json';
-const SUBNETS       = (process.env.SUBNETS_TO_IGNORE || '10.0.0.0/8,172.16.0.0/12').split(',').map(s => s.trim());
 const DEFAULT_DAYS  = 3;
 const ABUSE_KEY     = process.env.ABUSEIPDB_API_KEY;
 const AUTOBAN_THR   = 75;
@@ -220,11 +219,13 @@ async function refreshBanHistory() {
 // ── Nginx log scanner ─────────────────────────────────────────────────────────
 function isWhitelisted(ip) {
   const wl = readIgnoreIP();
-  if (wl.includes(ip)) return true;
   try {
-    return SUBNETS.some(s => {
-      const [range, bits] = ipaddr.parseCIDR(s);
-      return ipaddr.parse(ip).match(range, bits);
+    return wl.some(entry => {
+      if (entry.includes('/')) {
+        const [range, bits] = ipaddr.parseCIDR(entry);
+        return ipaddr.parse(ip).match(range, bits);
+      }
+      return entry === ip;
     });
   } catch { return false; }
 }