On 26/02/2019 20:11, Genes Lists via arch-general wrote: > Just an FYI if you pull cidr blocks by country, either doing it > yourself directly from arin et al or by using someone elses list like > ipdeny.com the CIDR blocks are not necessarily compacted. > > i.e. it is often not the most minimal CIDR representation. I use is > this little python script, which works on list of CIDR blocks of IPV4 or > IPV6, to compact the list of cidr blocks. I feed the output compacted > CIDR blocks to the firewall ipset script. > > > In case anyone finds this useful here is my CidrMerge.py : > > UseageL > > ----- cut here ----- > #!/usr/bin/python > # > # Read from stdin a list of cidr blocks and compacts them if possible > # Resulting compacted CIDR blocks are written to stdout. > # Works on any file with IPV4 or IPV6 cidr blocks. > # > # Usage : CidrMerge.py < file > # > # Gene C. > # > # 20180503 > # > > import sys > import netaddr > > > def main(): > num_args = len(sys.argv) > > # > # Open file - read one line at a time and output > # > > lines=sys.stdin.readlines() > if len(lines) == 1: > lines = lines[0].split() > > # > # create merged set of entire input lines > # > set1 = netaddr.IPSet(lines) > > # > # Write them out > # > for cidr in set1.iter_cidrs() : > print (cidr) > > return > > # ----------------------------------------------------- > if __name__ == '__main__': > main() > > # > # -------------------- All Done ------------------------ My current script is just pulling cn.zone from ipdeny.com. This looks super useful, I'm saving it. Thank you dude! -- Regards, Juha Kankare
