NAME

rwsetbuild - Create a binary IPset file from list of IPs

SYNOPSIS

  rwsetbuild [{--ip-ranges | --ip-ranges=DELIM}]
        [--note-add=TEXT] [--note-file-add=FILENAME]
        [--compression-method=COMP_METHOD]
        {<input-text-file> | stdin} {<output-set-file> | stdout}

DESCRIPTION

Creates a binary IPset file at the specified output location from a textual list of IP addresses read from the specified input location. Use the string stdin to read IP addresses from the standard input, and use the string stdout to write the binary IPset file to the standard output.

Comments are ignored in the input file; they begin with the '#' symbol and continue to the end of the line. Whitespace and blank lines are also ignored. Otherwise, a line should contain a single IP addresses unless the --ip-ranges switch is specified, in which case a line may contain two IP addresses separated by the user-specified delimiter, which defaults to hyphen (-). Each IP address should be expresed in one of these formats:

Dotted decimal---all 4 octets are required:

  10.1.2.4

An unsigned 32-bit integer:

  167838212

Either of the above with a CIDR designation---for dotted decimal all four octets are still required:

  10.1.2.4/31
  167838212/31
  192.168.0.0/16

SiLK wildcard notation: Four octets separated by periods where each octet may be a single number, a range of numbers, e.g., 1-10, a comma separated list of numbers and ranges, or the character 'x' used to represent all values in an octet, that is 0-255. Note that this format is not supported when --ip-ranges is specified.

  10.x.1-2.4,5

If an IP address cannot be parsed, rwsetbuild will exit with an error.

rwsetbuild requires two arguments; it will exit with an error if it does not receive two arguments.

If the first argument is the string stdin, rwsetbuild will read the list of IP addresses from the standard input; otherwise, rwsetbuild treats the first argument as the path to the input text file from which it should read IP addresses. rwsetbuild will exit with an error if the input path does not exist or cannot be opened.

When the second argument is the string stdout and the standard output is not connected to a terminal, rwsetbuild will write the binary IPset to the standard output. Otherwise, the second argument should be the path where rwsetbuild will write the binary IPset file. rwsetbuild will exit with an error if the output file already exists or cannot be created.

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--ip-ranges

--ip-ranges=DELIM

Allow the input file to contain ranges of IP addresses; that is, a line may contain a minimum and maximum IP address, separated by the character DELIM. If DELIM is not provided, hyphen (-) is used as the delimiter. An integer value will be treated as an IP address. Whitespace around the IPs is ignored. DELIM may be the space character. This method also supports lines that contain a single IP address (or integer); these lines may have a CIDR designation. CIDR designations are not supported on lines that contain DELIM. When --ip-ranges is active, SiLK wildcard IP syntax is not supported.

--note-add=TEXT

Add the specified TEXT to the header of the output file as an annotation. This switch may be repeated to add multiple annotations to a file. To view the annotations, use the rwfileinfo(1) tool.

--note-file-add=FILENAME

Open FILENAME and add the contents of that file to the header of the output file as an annotation. This switch may be repeated to add multiple annotations. Currently the application makes no effort to ensure that FILENAME contains text; be careful that you do not attempt to add a SiLK data file as an annotation.

--compression-method=COMP_METHOD

Set the compression method of the output to COMP_METHOD. Some SiLK tools can use an external library to compress their binary output. The list of available compression methods and the default method are set when SiLK is compiled (the --help and --version switches print the available and default compression methods) and depend on which supported libraries are found. SiLK can support:

none

Do not compress the output using an external library

zlib

Use the zlib(3) library for compressing the output

lzo1x

Use the lzo1x algorithm from the LZO real time compression library for compression

best

Use whichever available method gives the best compression in general, though not necessarily the best for this particular output.

EXAMPLE

Reading from a file:

  $ echo 10.x.x.x > ten.txt
  $ rwsetbuild ten.txt ten.set

  $ echo 10.0.0.0/8 > ten.txt
  $ rwsetbuild ten.txt ten.set

  $ echo 10.0.0.0-10.255.255.255 > ten.txt
  $ rwsetbuild --ip-ranges ten.txt ten.set

  $ echo '167772160,184549375' > ten.txt
  $ rwsetbuild --ip-ranges=, ten.txt ten.set

Reading from the standard input:

  echo 192.168.x.x | rwsetbuild stdin private.set

Example input to rwsetbuild:

  # A single address
  10.1.2.4
  # Two addresses in the same subnet
  10.1.2.4,5
  # The same two addresses
  10.1.2.4/31
  # The same two addresses
  167838212/31
  # A whole subnet
  10.1.2.0-255
  # The same whole subnet
  10.1.2.x
  # The same whole subnet yet again
  10.1.2.0/24
  # All RFC1918 space
  10.0.0.0/8
  172.16.0.0/12
  192.168.0.0/16
  # All RFC1918 space
  10.x.x.x
  172.16-20,21,22-31.x.x
  192.168.x.x
  # All RFC1918 space
  167772160/8
  2886729728/12
  3232235520/16
  # Everything ending in 255
  x.x.x.255
  # All addresses that end in 1-10
  x.x.x.1-10

SEE ALSO

rwset(1), rwsetcat(1), rwsetmember(1), rwsettool(1), rwfileinfo(1), rwfilter(1)