ipsetbuild - utility of libcorkipset library
ipsetbuild [options] <input
file>...
Constructs a binary IP set file from a list of IP addresses and
networks.
- <input file>...
- A list of text files that contain the IP addresses and networks to add to
the set. To read from stdin, use "-" as the filename.
--output=<filename>, -o
<filename>
- Writes the binary IP set
file to <filename>.
- If this option isn't
- given, then the binary set will be written to standard output.
--loose-cidr, -l
- Be more lenient about the address portion of any CIDR network blocks found
in the input file.
--verbose, -v
- Show summary information about the IP set that's built, as well as
progress information about the files being read and written. If this
option is not given, the only output will be any error, alert, or warning
messages that occur.
--quiet, -q
- Show only error message for malformed input. All warnings, alerts, and
summary information about the IP set is suppressed.
--help
- Display this help and exit.
- Each input file must contain
one IP address or network per line.
- Lines
- beginning with a
"#" are considered comments and are ignored.
- Each
- IP address must have one of the following formats:
- x.x.x.x x.x.x.x/cidr xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/cidr
- The first two are for IPv4 addresses and networks; the second two for IPv6
addresses and networks. For IPv6 addresses, you can use the "::"
shorthand notation to collapse consecutive "0" portions.
- If an address contains a "/cidr" suffix, then the entire CIDR
network of addresses will be added to the set. You must ensure that the
loworder bits of the address are set to 0; if not, we'll raise an error.
(If you pass in the "--loose-cidr" option, we won't perform this
sanity check.)
- You can also prefix any input line with an exclamation point
("!"). This causes the given address or network to be REMOVED
from the output set. This notation can be useful to define a set that
contains most of the addresses in a large CIDR block, except for addresses
at certain "holes".
- The order of the addresses and networks given to ipsetbuild does not
matter. If a particular address is added to the set more than once, or
removed from the set more than once, whether on its own or via a CIDR
network, then you will get a warning message. (You can silence these
warnings with the --quiet option.) If an address is both added to
and removed from the set, then the removal takes precedence, regardless of
where the relevant lines appear in the input file.