sourCEntral - mobile manpages

pdf

IPSETBUILD

NAME

ipsetbuild − utility of libcorkipset library

SYNOPSIS

ipsetbuild [options] <input file>...

DESCRIPTION

Constructs a binary IP set file from a list of IP addresses and networks.

OPTIONS

<input file>...

A list of text files that contain the IP addresses and networks to add to the set. To read from stdin, use "−" as the filename.

−−output=<filename>, −o <filename>

Writes the binary IP set file to <filename>.

If this option isn’t

given, then the binary set will be written to standard output.

−−loose−cidr, −l

Be more lenient about the address portion of any CIDR network blocks found in the input file.

−−verbose, −v

Show summary information about the IP set that’s built, as well as progress information about the files being read and written. If this option is not given, the only output will be any error, alert, or warning messages that occur.

−−quiet, −q

Show only error message for malformed input. All warnings, alerts, and summary information about the IP set is suppressed.

−−help

Display this help and exit.

Input format:

Each input file must contain one IP address or network per line.

Lines

beginning with a "#" are considered comments and are ignored.

Each

IP address must have one of the following formats:

x.x.x.x x.x.x.x/cidr xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/cidr

The first two are for IPv4 addresses and networks; the second two for IPv6 addresses and networks. For IPv6 addresses, you can use the "::" shorthand notation to collapse consecutive "0" portions.

If an address contains a "/cidr" suffix, then the entire CIDR network of addresses will be added to the set. You must ensure that the loworder bits of the address are set to 0; if not, we’ll raise an error. (If you pass in the "−−loose−cidr" option, we won’t perform this sanity check.)

You can also prefix any input line with an exclamation point ("!"). This causes the given address or network to be REMOVED from the output set. This notation can be useful to define a set that contains most of the addresses in a large CIDR block, except for addresses at certain "holes".

The order of the addresses and networks given to ipsetbuild does not matter. If a particular address is added to the set more than once, or removed from the set more than once, whether on its own or via a CIDR network, then you will get a warning message. (You can silence these warnings with the −−quiet option.) If an address is both added to and removed from the set, then the removal takes precedence, regardless of where the relevant lines appear in the input file.

pdf