Our provider deliver inbound numbers to the pbx directly by sip url
up until recently it was simple of adding to sip.conf
[incoming-77-240-54.10]
context=fromoutside
type=friend
host=77.240.54.10
disallow=all
allow=ulaw
allow=alaw
dtmfmode=rfc2833
insecure=port,invite
however the provider has now said we need to allow from 5 different /24 IP Ranges
how am i supposed to do this. create a duplicate of the above 1280 times 
Combine a good firewall with allowguest=yes.
I notice you are using type=friend, Does that mean your provider can authenticate with you with a username and password combo?
If so then you can set host=dynamic and add a permit and deny block to your peer in sip.conf and let they auth.
If they cant you could define a template and use it to create your peers and save some typing.
incomingprovider
context=fromoutside
type=peer
disallow=all
allow=ulaw,alaw
dtmfmode=rfc2833
insecure=port
deny=0.0.0.0/0.0.0.0
permit=77.240.54.0/255.255.254.0
provider-54.10
host=77.240.54.10
provider-54.20
host=77.240.54.20
provider-54.30
host=77.240.54.30
Heās got insecure=invite, which means he thinks that they are not authenticating (although more likely he copies it without understanding, as with the friend). Iām not sure why he has insecure=port.
People are so confused with the options insecure=port,invite and with the difference between peer and friend . Most of them use it without really understand what this really meansā¦ I admit I was one themā¦
[quote]
insecure=port Allow matching of peer by IP address without
matching port number
insecure=invite Do not require authentication of incoming INVITEs
insecure=port,invite (both)
;------- Naming devices ------------------------------------------------------
;
; When naming devices, make sure you understand how Asterisk matches calls
; that come in.
; 1. Asterisk checks the SIP From: address username and matches against
; names of devices with type=user
; The name is the text between square brackets [name]
; 2. Asterisk checks the From: addres and matches the list of devices
; with a type=peer
; 3. Asterisk checks the IP address (and port number) that the INVITE
; was sent from and matches against any devices with type=peer
;
; Donāt mix extensions with the names of the devices. Devices need a unique
; name. The device name is not used as phone numbers. Phone numbers are
; anything you declare as an extension in the dialplan (extensions.conf).
;
; When setting up trunks, make sure thereās no risk that any From: username
; (caller ID) will match any of your device names, because then Asterisk
; might match the wrong device.
;
; Note: The parameter āusernameā is not the username and in most cases is
; not needed at all. Check below. In later releases, itās renamed
; to ādefaultuserā which is a better name, since it is used in
; combination with the ādefaultipā setting.[/quote]