Provided by: grepcidr_2.0-1_amd64
grepcidr — Filter IPv4 and IPv6 addresses matching CIDR patterns
grepcidr [OPTIONS] PATTERN [FILE...] grepcidr [OPTIONS] [-e PATTERN | -f PATFILE] [FILE...]
grepcidr can be used to filter a list of IP addresses against one or more Classless Inter- Domain Routing (CIDR) specifications. As with grep, there are options to invert matching and load patterns from a file. grepcidr is capable of efficiently processing large numbers of IPs and networks.
-V Show software version -c Display count of the matching lines, instead of showing the lines -i Inverse match, include lines without an IP, implies -v -s Enforce strict alignment of CIDR mask; host portion must be all zero -v Invert the sense of matching, output lines with IPs that don't match -x Strict matching, only look at start of line -e Specify individual IP or CIDR pattern(s) on command-line -f Load individual IP or CIDR pattern(s) from file
PATTERN specified on the command line may contain multiple patterns separated by whitespace or commas. For long lists of network patterns, use -f to load a file where each line contains one pattern (can be IPv4 or IPv6). Blank lines and comments starting with # are ignored. Each IPv4 pattern, whether on command line or loaded from a file, may be: a.b.c.d/xy (CIDR format) a.b.c.d-e.f.g.h (IP range) a.b.c.d (Single IP) And similarly for IPv6: a:b:c::/xyz (CIDR format) a:b:c:: (Single IP) Dotted-decimal IPv4 format, or any legal IPv6 format is supported (see: man inet_pton). IP addresses that appear anywhere on the input line will be compared and matched against the patterns. To be recognized, an IP (field) must end with terminating text. An IPv4 field terminates upon anything other than alphanumeric or dot. An IPv6 field terminates upon anything other than alphanumeric, dot, or colon. This is to prevent accidental matching of ambiguous text such as host names containing reverse DNS. Use the -x option to do a strict parse without searching the whole line, and grepcidr will only look for the single IP at the start of the line.
grepcidr -f ournetworks blacklist > abuse.log Find customers (CIDR ranges in file) that appear in blacklist grepcidr 2001:db8::/32 log.1 log.2 Search for this IPv6 network inside two files grepcidr 127.0.0.0/8 iplog Searches for any localnet IP addresses inside the iplog file grepcidr "192.168.0.1-192.168.10.13" iplog Searches for IPs matching indicated range in the iplog file script | grepcidr -vf whitelist > blacklist Create a blacklist, with whitelisted networks removed (inverse) grepcidr -f list1 list2 Cross-reference two lists, outputs IPs common to both lists
As with grep: the exit status is 0 if matching IPs are found, and 1 if not found. If an error occurred the exit status is 2.
This software and manual page was written by Jem Berkes <firstname.lastname@example.org> based on the first man page and DocBook format contributed by Ryan Finnie. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation.
Sponsored in part by the Spamhaus Project, http://www.spamhaus.org/ Thanks to John Levine <email@example.com> for sharing his alternative implementation. I used a couple ideas from his code, such as portable 128-bit numbers and support for multiple input files. However, John's version is quite different and represents a significant fork in the project. Thanks to Ryan Finnie <firstname.lastname@example.org> for his work on the Debian package. I've adopted several of his changes including the Makefile, and the DocBook format which now is the source of the man page. Thanks to Ryan for writing the first manual in DocBook format. Many thanks to Dick Wesseling <email@example.com> who suggested an improved data structure format as well as binary search, to improve grepcidr performance. GREPCIDR(1)