Provided by: iprange_1.0.3+ds-1_amd64 bug

NAME

       iprange - manage IP ranges

SYNOPSIS

       iprange [options] file1 file2 file3 ...

DESCRIPTION

       iprange manages IP ranges

OPTIONS

       multiple options are aliases

   CIDR output modes:
       --optimize

       --combine

       --merge

       --union

       -J

              > MERGE mode (the default)

              Returns all IPs found on all files.  The resulting set is sorted.

       --common

       --intersect

              > COMMON mode

              Intersect all files to find their common IPs.  The resulting set is sorted.

       --except

       --exclude-next

              > EXCEPT mode

              Here  is  how  it  works:  (1) merge all files before this parameter (ipset A); (2)
              remove all IPs found in the files after this parameter, from ipset A and print what
              remains.  The resulting set is sorted.

       --diff

       --diff-next

              > DIFF mode

              Here  is  how  it  works:  (1) merge all files before this parameter (ipset A); (2)
              merge all files after this parameter (ipset B); (3) print all differences between A
              and  B, i.e IPs found is either A or B, but not both.  The resulting set is sorted.
              When there are differences between A and B, iprange exits with 1, with 0 otherwise.

       --ipset-reduce PERCENT

       --reduce-factor PERCENT

              > IPSET REDUCE mode

              Merge all files and print the merged set, but try to reduce the number of  prefixes
              (subnets)  found, while allowing some increase in entries.  The PERCENT is how much
              percent to allow increase on the number of entries in order to reduce the  prefixes
              (subnets)  (the  internal  default  PERCENT  is 20).  Use -v to see exactly what it
              does.  The resulting set is sorted.

       --ipset-reduce-entries ENTRIES

       --reduce-entries ENTRIES

              > IPSET REDUCE mode

              Allow increasing the entries above PERCENT, if they are below ENTRIES (the internal
              default ENTRIES is 16384).

   CSV output modes:
       --compare

              > COMPARE ALL mode

              Compare all files with all other files.  Add --header to get the CSV header too.

       --compare-first

              > COMPARE FIRST mode

              Compare  the  first  file with all other files.  Add --header to get the CSV header
              too.

       --compare-next

              > COMPARE NEXT mode

              Compare all the files that appear before this parameter, to all files  that  appear
              after this parameter.  Add --header to get the CSV header too.

       --count-unique

       -C

              > COUNT UNIQUE mode

              Merge all files and print its counts.  Add --header to get the CSV header too.

       --count-unique-all

              > COUNT UNIQUE ALL mode

              Print counts for each file.  Add --header to get the CSV header too.

   Controlling input:
       --dont-fix-network

              By  default, the network address of all CIDRs is used (i.e., 1.1.1.17/24 is read as
              1.1.1.0/24): this option disables  this  feature  (i.e.,  1.1.1.17/24  is  read  as
              1.1.1.17-1.1.1.255).

       --default-prefix PREFIX

       -p PREFIX

              Set the default prefix for all IPs without mask (the default is 32).

   Controlling CIDR output:
       --min-prefix N

              Do  not  generate  prefixes larger than N, i.e., if N is 24 then /24 to /32 entries
              will be generated (a /16 network will be generated using  multiple  /24  networks).
              This  is  useful  to optimize netfilter/iptables ipsets where each different prefix
              increases the lookup time for each packet whereas the  number  of  entries  in  the
              ipset  do  not  affect  its  performance.   With  this setting more entries will be
              produced to accomplish the same match.   WARNING:  misuse  of  this  parameter  can
              create a large number of entries in the generated set.

       --prefixes N,N,N, ...

              Enable  only  the given prefixes to express all CIDRs; prefix 32 is always enabled.
              WARNING: misuse of this parameter can create a  large  number  of  entries  in  the
              generated set.

       --print-ranges

       -j

              Print  IP ranges (A.A.A.A-B.B.B.B) (the default is to print CIDRs (A.A.A.A/B)).  It
              only applies when the output is not CSV.

       --print-single-ips

       -1

              Print single IPs; this can produce large output (the  default  is  to  print  CIDRs
              (A.A.A.A/B)).  It only applies when the output is not CSV.

       --print-binary

              Print  binary data: this is the fastest way to print a large ipset.  The result can
              be read by iprange on the same architecture (no conversion of endianness).

       --print-prefix STRING

              Print STRING before each IP, range or CIDR.  This sets both --print-prefix-ips  and
              --print-prefix-nets .

       --print-prefix-ips STRING

              Print  STRING  before each single IP: useful for entering single IPs to a different
              ipset than the networks.

       --print-prefix-nets STRING

              Print STRING before each range or CIDR: useful for entering sunbets to a  different
              ipset than single IPs.

       --print-suffix STRING

              Print  STRING  after each IP, range or CIDR.  This sets both --print-suffix-ips and
              --print-suffix-nets .

       --print-suffix-ips STRING

              Print STRING after each single IP: useful for giving  single  IPs  different  ipset
              options.

       --print-suffix-nets STRING

              Print  STRING  after  each range or CIDR: useful for giving subnets different ipset
              options.

       --quiet

              Do not print the actual ipset.  Can only be used in DIFF mode.

   Controlling CSV output:
       --header

              When the output is CSV, print the header line (the default  is  to  not  print  the
              header line).

   Controlling DNS resolution:
       --dns-threads NUMBER

              The  number  of  parallel  DNS  queries  to  execute  when  the input files contain
              hostnames (the default is 5).

       --dns-silent

              Do not print DNS resolution errors  (the  default  is  to  print  all  DNS  related
              errors).

       --dns-progress

              Print DNS resolution progress bar.

   Other options:
       --has-compare

       --has-reduce

              Exits  with  0,  other  versions  of  iprange will exit with 1.  Use this option in
              scripts to find if this version of iprange is present in a system.

       -v

              Be verbose on stderr.

   Getting help:
       --version

              Print version and exit.

       --help

       -h

              Print this message and exit.

FILES

   Input files:
              > fileN

              A filename or - for stdin.  Each filename can be followed by [as  NAME]  to  change
              its name in the CSV output.  If no filename is given, stdin is assumed.

              Files  may  contain  any or all of the following: (1) comments starting with hashes
              (#) or semicolons (;); (2) one IP per line (without mask);  (3)  a  CIDR  per  line
              (A.A.A.A/B);  (4)  an  IP  range per line (A.A.A.A - B.B.B.B); (5) a CIDR range per
              line (A.A.A.A/B - C.C.C.C/D); the range is calculated as  the  network  address  of
              A.A.A.A/B   to   the   broadcast   address   of  C.C.C.C/D  (this  is  affected  by
              --dont-fix-network); (6) CIDRs can be given in either prefix or netmask  format  in
              all  cases  (including  ranges); (7) one hostname per line, to be resolved with DNS
              (if the IP resolves to multiple IPs, all of  them  will  be  added  to  the  ipset)
              hostnames cannot be given as ranges; (8) spaces and empty lines are ignored.

              Any number of files can be given.

COPYRIGHT

       Copyright © 2015 Costa Tsaousis for FireHOL (Refactored)
       Copyright © 2004 Paul Townsend (Adapted)
       Copyright © 2003 Gabriel L. Somlo (Original)

       License:  GPLv2+:  GNU  GPL  version 2 or later <http://gnu.org/licenses/gpl2.html>.  This
       program comes with ABSOLUTELY NO WARRANTY; This is free software, and you are  welcome  to
       redistribute  it  under  certain  conditions;  See  COPYING  distributed in the source for
       details.