-
Notifications
You must be signed in to change notification settings - Fork 0
iprange command
You will learn how to use the standalone iprange-compatible mode to compare, merge, and manipulate IP sets from the command line.
update-ipsets iprange [options] [file ...]This mode is a standalone IP set tool. It reads IP lists, performs set operations, and writes results. It does not require the daemon or a configuration file.
The tool accepts these input forms:
-
CIDR notation:
192.0.2.0/24 -
Range notation:
192.0.2.0-192.0.2.255 -
Single IPs:
192.0.2.1 - Binary files: FileSet format produced by the daemon
- @filelist: Read file paths from a text file, one per line
- @directory: Read all regular files in a directory, sorted by name
Use - to read from stdin.
Control output format with flags:
- default — output as CIDR (e.g.,
192.0.2.0/24) -
--print-ranges— output as ranges (e.g.,192.0.2.0-192.0.2.255) -
--print-single-ips— output one IP per line, expanding all ranges -
--print-binary— output in FileSet binary format
Default is CIDR.
Use -6 or --ipv6 for IPv6 input. IPv4 is the default.
Show differences between two IP lists:
update-ipsets iprange --compare set1.ipset set2.ipsetOutput is CSV summary data for each compared pair: names, entry counts, unique IP counts, combined IPs, and common IPs.
Show only the changes (added IPs on the left, removed on the right):
update-ipsets iprange set1.ipset --diff set2.ipsetKeep only IPs present in both sets:
update-ipsets iprange --intersect set1.ipset set2.ipsetRemove IPs in the second set from the first:
update-ipsets iprange set1.ipset --exclude-next set2.ipsetMerge all IPs from all input files:
update-ipsets iprange --combine set1.ipset set2.ipset set3.ipsetCombine with automatic deduplication and range optimization:
update-ipsets iprange --merge set1.ipset set2.ipsetCount the number of unique IP addresses across all inputs:
update-ipsets iprange --count-unique set1.ipset set2.ipsetCount across a directory that contains only IP range input files:
update-ipsets iprange --count-unique @/opt/update-ipsets/data/Use these flags when you need a representative sample instead of the full set:
-
--ipset-reduce <factor>— reduce the set to approximately 1/N of its size -
--reduce-factor <pct>— keep approximately N% of the original ranges
Example — keep about 10% of ranges:
update-ipsets iprange --reduce-factor 10 --combine large1.ipset large2.ipsetPipe data in:
curl -s https://example.com/blocklist.txt | update-ipsets iprange --combine -Use iprange for local files. Use query --set for feed names from the configured catalog:
update-ipsets iprange --combine set1.ipset set2.ipset > merged.ipset
update-ipsets query --set "firehol_level1 + firehol_level2" 192.0.2.1- Daemon Command Reference
- Environment Variables
- Configuration Reload
- Listener Topologies
- Admin Authentication
- Feed Families
- Source Feeds
- Processor Reference
- Static Feeds
- Merge Feeds
- Artifact Parents
- History Derivatives
- Provider Databases
- Use Roles
- Critical Infrastructure Reference Feeds
- Legal Fields
- Feed Visibility & Lifecycle
- YAML Field Reference
- Pipeline Overview
- Download Lifecycle
- Processing Lifecycle
- Feed Status Reference
- Health Classes
- What Triggers Reprocessing
- Accessing the Admin
- Runtime Status
- Feed Inventory
- Artifact Inventory
- Live Queues
- Background Work
- Schedule State
- Operator Actions
- Enable & Disable