rwsetbuild - Create a binary IPset file from list of IPs
rwsetbuild [{--ip-ranges | --ip-ranges=DELIM}]
[--note-add=TEXT] [--note-file-add=FILENAME]
[--compression-method=COMP_METHOD]
[{INPUT_TEXT_FILE | -} [{OUTPUT_SET_FILE | -}]]
rwsetbuild --help
rwsetbuild --version
rwsetbuild creates a binary IPset file from textual input. The
IPset will be written to the second command line argument if it has
been specified; otherwise the IPset is written to the standard output
if the standard output is not a terminal. rwsetbuild will not
overwrite an existing file. The textual input is read from the first
command line argument if it has been specified; otherwise the text is
read from the stardard input if the standard input is not a terminal.
A input file name of stdin or - means the standard input; an
output file name of stdout or - means the standard output.
rwsetbuild will read textual IPs from the terminal if the standard
input is explicitly given as the input. rwsetbuild exits with an
error if the input file cannot be read or the output file cannot be
written.
Comments are ignored in the input file; they begin with the '#'
symbol and continue to the end of the line. Whitespace and blank
lines are also ignored. Otherwise, a line should contain a single IP
addresses unless the --ip-ranges switch is specified, in which case
a line may contain two IP addresses separated by the user-specified
delimiter, which defaults to hyphen (-). Each IP address should be
expresed in one of these formats:
-
Dotted decimal---all 4 octets are required:
10.1.2.4
-
An unsigned 32-bit integer:
167838212
-
Either of the above with a CIDR designation---for dotted decimal all four octets are still required:
10.1.2.4/31 167838212/31 192.168.0.0/16
-
SiLK wildcard notation: Four octets separated by periods where each octet may be a single number, a range of numbers, e.g., 1-10, a comma separated list of numbers and ranges, or the character 'x' used to represent all values in an octet, that is 0-255. Note that this format is not supported when --ip-ranges is specified.
10.x.1-2.4,5
-
IP Range: A dotted-decimal IP address or an unsigned 32-bit integer to use as the start of the range, a delimiter, and a dotted-decimal IP address or an unsigned 32-bit integer to use as the end of the range. The default delimiter is the hyphen (
-), but may be specified as a parameter to the --ip-ranges switch. Whitespace around the IP addresses is ignored. Only valid when --ip-ranges is specified.10.1.2.4-10.1.2.5 167838212-167838213 192.168.0.0-192.168.255.255
If an IP address cannot be parsed, rwsetbuild will exit with an error.
Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.
- --ip-ranges
- --ip-ranges=DELIM
-
Allow the input file to contain ranges of IP addresses. If DELIM is not specified, hyphen (
-) is used as the delimiter. DELIM may be the space character. This method also supports lines that contain a single IP address (or integer); these lines may have a CIDR designation. CIDR designations are not supported on lines that contain DELIM. When --ip-ranges is active, SiLK wildcard IP syntax is not supported. - --note-add=TEXT
-
Add the specified TEXT to the header of the output file as an annotation. This switch may be repeated to add multiple annotations to a file. To view the annotations, use the rwfileinfo(1) tool.
- --note-file-add=FILENAME
-
Open FILENAME and add the contents of that file to the header of the output file as an annotation. This switch may be repeated to add multiple annotations. Currently the application makes no effort to ensure that FILENAME contains text; be careful that you do not attempt to add a SiLK data file as an annotation.
- --compression-method=COMP_METHOD
-
Set the compression method of the output to COMP_METHOD. Some SiLK tools can use an external library to compress their binary output. The list of available compression methods and the default method are set when SiLK is compiled (the --help and --version switches print the available and default compression methods) and depend on which supported libraries are found. SiLK can support:
- none
-
Do not compress the output using an external library
- zlib
-
Use the zlib(3) library for compressing the output
- lzo1x
-
Use the lzo1x algorithm from the LZO real time compression library for compression
- best
-
Use whichever available method gives the
bestcompression in general, though not necessarily thebestfor this particular output.
- --help
-
Print the available options and exit.
- --version
-
Print the version number and information about how SiLK was configured, then exit the application.
Reading from a file:
$ echo 10.x.x.x > ten.txt $ rwsetbuild ten.txt ten.set
$ echo 10.0.0.0/8 > ten.txt $ rwsetbuild ten.txt ten.set
$ echo 10.0.0.0-10.255.255.255 > ten.txt $ rwsetbuild --ip-ranges ten.txt ten.set
$ echo '167772160,184549375' > ten.txt $ rwsetbuild --ip-ranges=, ten.txt ten.set
Reading from the standard input:
echo 192.168.x.x | rwsetbuild stdin private.set
Example input to rwsetbuild:
# A single address 10.1.2.4 # Two addresses in the same subnet 10.1.2.4,5 # The same two addresses 10.1.2.4/31 # The same two addresses 167838212/31 # A whole subnet 10.1.2.0-255 # The same whole subnet 10.1.2.x # The same whole subnet yet again 10.1.2.0/24 # All RFC1918 space 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 # All RFC1918 space 10.x.x.x 172.16-20,21,22-31.x.x 192.168.x.x # All RFC1918 space 167772160/8 2886729728/12 3232235520/16 # Everything ending in 255 x.x.x.255 # All addresses that end in 1-10 x.x.x.1-10
rwset(1), rwsetcat(1), rwsetmember(1), rwsettool(1), rwfileinfo(1), rwfilter(1)
