iprange

iprange is a fast command-line tool for reading, normalizing, comparing, and exporting IPv4 address sets.

It understands single IPs, CIDRs, netmasks, numeric IPs, ranges, and hostnames. You can use it to merge blocklists, compute intersections or exclusions, generate data for ipset restore, or compare multiple IP sets as CSV.

What it can read

iprange accepts one entry per line and can mix formats in the same input:

• single IPs
  • 1.2.3.4
• CIDRs
  • 1.2.3.0/24
• dotted netmasks
  • 1.2.3.0/255.255.255.0
• abbreviated IPs
  • 10.1
  • 10.1.1
• IP ranges
  • 1.2.3.0 - 1.2.3.255
• ranges where both sides use CIDR or netmask notation
• numeric IPs
• hostnames

Important input behavior:

• Hostnames are resolved in parallel.
• Comments after # or ; are ignored.
• Parsing uses inet_aton(), so octal and hex forms are accepted too.
• Inputs can come from stdin, files, file lists, or directory expansion.

Main modes

• union / merge / optimize
  • merge all inputs and print the normalized result
• common
  • print the intersection of all inputs
• exclude-next
  • merge the inputs before the option, then remove anything matched by the inputs after it
• ipset-reduce
  • trade a controlled increase in entries for fewer prefixes
• compare
  • compare all inputs against all other inputs and print CSV
• compare-first
  • compare the first input against every other input
• compare-next
  • compare one group of inputs against the next group
• count-unique
  • merge all inputs and print CSV counts
• count-unique-all
  • print one CSV count line per input

Quick examples

Merge and normalize:

iprange blocklist-a.txt blocklist-b.txt

Find common IPs:

iprange --common blocklist-a.txt blocklist-b.txt

Exclude one set from another:

iprange allow.txt --exclude-next deny.txt

Count unique entries:

iprange -C blocklist-a.txt blocklist-b.txt
iprange --count-unique-all --header blocklist-a.txt blocklist-b.txt

Generate single-IP output:

iprange -1 hosts.txt

Generate binary output for fast round-trips on the same architecture:

iprange --print-binary blocklist.txt > blocklist.bin
iprange blocklist.bin

Generate ipset restore-style lines:

iprange --print-prefix 'add myset ' --print-suffix '' blocklist.txt

Build and install

From a release tarball:

./configure
make
make install

From git:

./autogen.sh
./configure
make
make install

If you do not want to build the man page:

./configure --disable-man

Testing

Project test entry points:

• ./run-tests.sh
  • CLI regression suite
• ./run-build-tests.sh
  • build and layout regressions
• ./run-sanitizer-tests.sh
  • ASAN/UBSAN/TSAN coverage
• make check
  • normal build-integrated test path
• make check-sanitizers
  • sanitizer-integrated test path

Repository layout

• src/
  • C sources and headers
• packaging/
  • packaging helpers, spec template, ebuild, and release tooling
• tests.d/
  • CLI regression tests
• tests.build.d/
  • build and layout regressions
• tests.sanitizers.d/
  • sanitizer CLI regressions
• tests.tsan.d/
  • TSAN regressions
• tests.unit/
  • unit-style harnesses for internal edge cases

Getting help

For the full option list:

iprange --help

The project wiki content that originally documented the feature set is now folded into this README so the repository landing page explains the tool directly.