A bug is a feature of an application that doesn't match the original requirements. Requirements in Q2A are implicit and I think the feature is not a bug as the code works as how it seems it is intended to work: IPs are stored in that table and are ruled by the character limit of the field.
Having said that, I don't like how it is implemented now. There are very simple improvents that could be made to the code including not imploding with ' , ' (with 2 unnecessary spaces), removing the ASCII representation of the IPs and use integers (4 bytes per IP) and store them as BLOBs and, probably the best approach in my opinion, deprecate that field and start using a separate table that would only store those IP addresses.
Here are some approaches I'm thinking right now:
Efficient alternatives that are complex or might not provide full feature support: The latter solution does have a downside which is it will not support ranges or asterisks. Ranges can be supported by adding a second IP address column to represent a FROM and a TO. In order to support asterisks and using only integers I think the only way would be to split the integers into 4 bytes and process them separately in the query WHERE clause (kind of awful code)
Least efficent alternatives that would provide full feature support: Just deprecate the field and add al the IP addresses to a separate table as a character field the same way as it is now. The whole table would have to be read always to check for an IP address in there
Mix of both approaches: Use the least efficient one but also add a FROM and TO IP addresses. The idea would be to treat them all as ranges so you search for the IP range using an integer index and when you find a match then you use the character field to discard non-matches generated by asterisks like 123.*.123.123. I believe this should be pretty efficient as the asterisk will usually be on the right side of the string which would allow the index to filter out more data
I would go for the first one (using FROM and TO IP addresses as 2 columns) and remove the asterisk support from the core but leave the ranges so that you could block 22.214.171.124 - 126.96.36.199 but you won't be able to block 123.*.123.123