Blocking ports related to CVE-2017-5689 Intel Management Engine

Using a Pepwave Surf SOHO with firmware 7.0.0, and I am trying to block the ports related to the Intel Management Engine vulnerability (CVE-2017-5689). While trying to block both external and internal network access to ports: 16992, 16993, 16994, 16995, 623, and 664, the firewall rules I created errored with an invalid IP range. So I must be doing it wrong. What would be the correct way to block all access to these ports? Both external from WAN and between computers internal to the LAN.