pjsip Trunk Permit (Match) Issue with CIDR ranges (Flowroute et. al.)

It is documented that trunks (and endpoints) which register in FreePBX are automatically whitelisted.  This does not appear to be true on pjsip trunks when a CIDR is used in the Permit (Match) line of the trunk setup.  Only the first registration whitelists.  Subsequent invites on other IPs in the range are rejected.  This specific example is Flowroute.  If you want to Permit all of their new POPs, you enter the following on the Permit (Match) line in pjsip trunk setup (pjsip Trunk >  pjsip Settings tab > Advanced tab):

34.210.91.112/28, 147.75.60.160/28, 34.226.36.32/28, 147.75.65.192/28, 3.8.37.20/30, 147.75.81.150/31, 18.228.70.48/30, 3.0.5.12/30, 147.75.42.200/31

However, as only the first registration whitelists all subsequent invites will reject making their global failover useless.  To workaround, you need to explicitly whitelist the CIDRs in the firewall either by manually entering each of the above as Trusted under the Connectivity > Firewall > Networks tab in the GUI, or by cutting and pasting the following as root from the command line (I do individually to make errors easier to see):

fwconsole firewall add trusted 34.210.91.112/28
fwconsole firewall add trusted 147.75.60.160/28
fwconsole firewall add trusted 34.226.36.32/28
fwconsole firewall add trusted 147.75.65.192/28
fwconsole firewall add trusted 3.8.37.20/30
fwconsole firewall add trusted 147.75.81.150/31
fwconsole firewall add trusted 18.228.70.48/30
fwconsole firewall add trusted 3.0.5.12/30
fwconsole firewall add trusted 147.75.42.200/31

This solves the problem for Flowroute trunks.  Other providers who use CIDR ranges for failover will require a similar solution.

It appears a fix is needed to get the firewall to pick up the explicit CIDRs listed in Permit (Match) instead of just grabbing the first IP to register on the trunk.