OH! Duh! *NOW* I see how it works! The IP filter list is User- and Group-specific. Thus, when I enter an IP address into the list, that address is tied to the currently selected user or group, and I have verified that it is indeed working "as expected". Thank you so much for the clarification. I knew there was something wrong with how I was interpreting the interface.
Okay, now this brings up another issue, because what threw me off was, from a user's perspective, hierarchical items are usually arranged so that the higher-order elements are displayed on the left-hand side of the window (at least in western languages where text is read from left-to-right). But in FileZilla, this is backwards -- the user list controls what you see, but the user list is on the right-hand side of the window (which is somewhat counter-intuitive).
I would suggest that this be changed. Since everything is subordinate to the selected user/group, the "Users" and "Groups" lists should be at the far left, with the "Page" list in the middle, and finally the selected page on the right. IMO, this would be more intuitive for users.
100% agree with that cosmetic which would prevent that kind of questions. I think it would be more intuitive if the "User"/"Group" lists were left most placed with their Add/remove/rename/copy buttons, then at right the "Page:" options selector, then right most the settings themselves. This would be more similar as the "General Setteings" left to right hierarchical presentation.
Although, this doesn't help to find an answer to your question "Why should I prefer using IP rules from User/Group or General settings", because there is no explanation on which one have precedance over the other(s), which overrides which.
Did you found?
I'd like to forbid all connections once for all (the better place would be in "General settings") with 0.0.0.0/0.0.0.0 (is it the good syntax?) then allow access on a per User or Group basis. Should I leave the user/group forbid field blank and only enter the exceptions?
What means "Exclude the following IPs from the list of disallowed IPs, thus enbling access again" when the disallowed IPs list is empty?
THank for help or any "what to read" about that