.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
.TH IPRANGE "1" "June 2025" "iprange 1.0.4" "User Commands"
.SH NAME
iprange \- manage IP ranges
.SH SYNOPSIS
.B iprange
[\fI\,options\/\fR] \fI\,file1 file2 file3 \/\fR...
.SH DESCRIPTION
iprange manages IP ranges
.SH OPTIONS
multiple options are aliases
.SS "CIDR output modes:"
.HP
\fB\-\-optimize\fR
.HP
\fB\-\-combine\fR
.HP
\fB\-\-merge\fR
.HP
\fB\-\-union\fR
.HP
\fB\-J\fR
.IP
\f(CW> MERGE mode (the default)\fR
.IP
Returns all IPs found on all files.
The resulting set is sorted.
.HP
\fB\-\-common\fR
.HP
\fB\-\-intersect\fR
.IP
\f(CW> COMMON mode\fR
.IP
Intersect all files to find their common IPs.
The resulting set is sorted.
.HP
\fB\-\-except\fR
.HP
\fB\-\-exclude\-next\fR
.IP
\f(CW> EXCEPT mode\fR
.IP
Here is how it works:
(1) merge all files before this parameter (ipset A);
(2) remove all IPs found in the files after this
parameter, from ipset A and print what remains.
The resulting set is sorted.
.HP
\fB\-\-diff\fR
.HP
\fB\-\-diff\-next\fR
.IP
\f(CW> DIFF mode\fR
.IP
Here is how it works:
(1) merge all files before this parameter (ipset A);
(2) merge all files after this parameter (ipset B);
(3) print all differences between A and B, i.e IPs
found is either A or B, but not both.
The resulting set is sorted.
When there are differences between A and B, iprange
exits with 1, with 0 otherwise.
.HP
\fB\-\-ipset\-reduce\fR PERCENT
.HP
\fB\-\-reduce\-factor\fR PERCENT
.IP
\f(CW> IPSET REDUCE mode\fR
.IP
Merge all files and print the merged set,
but try to reduce the number of prefixes (subnets)
found, while allowing some increase in entries.
The PERCENT is how much percent to allow increase
on the number of entries in order to reduce
the prefixes (subnets)
(the internal default PERCENT is 20).
Use \fB\-v\fR to see exactly what it does.
The resulting set is sorted.
.HP
\fB\-\-ipset\-reduce\-entries\fR ENTRIES
.HP
\fB\-\-reduce\-entries\fR ENTRIES
.IP
\f(CW> IPSET REDUCE mode\fR
.IP
Allow increasing the entries above PERCENT,
if they are below ENTRIES
(the internal default ENTRIES is 16384).
.SS "CSV output modes:"
.HP
\fB\-\-compare\fR
.IP
\f(CW> COMPARE ALL mode\fR
.IP
Compare all files with all other files.
Add \fB\-\-header\fR to get the CSV header too.
.HP
\fB\-\-compare\-first\fR
.IP
\f(CW> COMPARE FIRST mode\fR
.IP
Compare the first file with all other files.
Add \fB\-\-header\fR to get the CSV header too.
.HP
\fB\-\-compare\-next\fR
.IP
\f(CW> COMPARE NEXT mode\fR
.IP
Compare all the files that appear before this
parameter, to all files that appear after this
parameter.
Add \fB\-\-header\fR to get the CSV header too.
.HP
\fB\-\-count\-unique\fR
.HP
\fB\-C\fR
.IP
\f(CW> COUNT UNIQUE mode\fR
.IP
Merge all files and print its counts.
Add \fB\-\-header\fR to get the CSV header too.
.HP
\fB\-\-count\-unique\-all\fR
.IP
\f(CW> COUNT UNIQUE ALL mode\fR
.IP
Print counts for each file.
Add \fB\-\-header\fR to get the CSV header too.
.SS "Controlling input:"
.HP
\fB\-\-dont\-fix\-network\fR
.IP
By default, the network address of all CIDRs
is used (i.e., 1.1.1.17/24 is read as 1.1.1.0/24):
this option disables this feature
(i.e., 1.1.1.17/24 is read as 1.1.1.17\-1.1.1.255).
.HP
\fB\-\-default\-prefix\fR PREFIX
.HP
\fB\-p\fR PREFIX
.IP
Set the default prefix for all IPs without mask
(the default is 32).
.SS "Controlling CIDR output:"
.HP
\fB\-\-min\-prefix\fR N
.IP
Do not generate prefixes larger than N,
i.e., if N is 24 then \fI\,/24\/\fP to \fI\,/32\/\fP entries will be
generated (a \fI\,/16\/\fP network will be generated
using multiple \fI\,/24\/\fP networks).
This is useful to optimize netfilter/iptables
ipsets where each different prefix increases the
lookup time for each packet whereas the number of
entries in the ipset do not affect its performance.
With this setting more entries will be produced
to accomplish the same match.
WARNING: misuse of this parameter can create a large
number of entries in the generated set.
.HP
\fB\-\-prefixes\fR N,N,N, ...
.IP
Enable only the given prefixes to express all CIDRs;
prefix 32 is always enabled.
WARNING: misuse of this parameter can create a large
number of entries in the generated set.
.HP
\fB\-\-print\-ranges\fR
.HP
\fB\-j\fR
.IP
Print IP ranges (A.A.A.A\-B.B.B.B)
(the default is to print CIDRs (A.A.A.A/B)).
It only applies when the output is not CSV.
.HP
\fB\-\-print\-single\-ips\fR
.HP
\fB\-1\fR
.IP
Print single IPs;
this can produce large output
(the default is to print CIDRs (A.A.A.A/B)).
It only applies when the output is not CSV.
.HP
\fB\-\-print\-binary\fR
.IP
Print binary data:
this is the fastest way to print a large ipset.
The result can be read by iprange on the same
architecture (no conversion of endianness).
.HP
\fB\-\-print\-prefix\fR STRING
.IP
Print STRING before each IP, range or CIDR.
This sets both \fB\-\-print\-prefix\-ips\fR and
\fB\-\-print\-prefix\-nets\fR .
.HP
\fB\-\-print\-prefix\-ips\fR STRING
.IP
Print STRING before each single IP:
useful for entering single IPs to a different
ipset than the networks.
.HP
\fB\-\-print\-prefix\-nets\fR STRING
.IP
Print STRING before each range or CIDR:
useful for entering sunbets to a different
ipset than single IPs.
.HP
\fB\-\-print\-suffix\fR STRING
.IP
Print STRING after each IP, range or CIDR.
This sets both \fB\-\-print\-suffix\-ips\fR and
\fB\-\-print\-suffix\-nets\fR .
.HP
\fB\-\-print\-suffix\-ips\fR STRING
.IP
Print STRING after each single IP:
useful for giving single IPs different
ipset options.
.HP
\fB\-\-print\-suffix\-nets\fR STRING
.IP
Print STRING after each range or CIDR:
useful for giving subnets different
ipset options.
.HP
\fB\-\-quiet\fR
.IP
Do not print the actual ipset.
Can only be used in DIFF mode.
.SS "Controlling CSV output:"
.HP
\fB\-\-header\fR
.IP
When the output is CSV, print the header line
(the default is to not print the header line).
.SS "Controlling DNS resolution:"
.HP
\fB\-\-dns\-threads\fR NUMBER
.IP
The number of parallel DNS queries to execute
when the input files contain hostnames
(the default is 5).
.HP
\fB\-\-dns\-silent\fR
.IP
Do not print DNS resolution errors
(the default is to print all DNS related errors).
.HP
\fB\-\-dns\-progress\fR
.IP
Print DNS resolution progress bar.
.SS "Other options:"
.HP
\fB\-\-has\-compare\fR
.HP
\fB\-\-has\-reduce\fR
.IP
Exits with 0,
other versions of iprange will exit with 1.
Use this option in scripts to find if this
version of iprange is present in a system.
.HP
\fB\-v\fR
.IP
Be verbose on stderr.
.SS "Getting help:"
.HP
\fB\-\-version\fR
.IP
Print version and exit.
.HP
\fB\-\-help\fR
.HP
\fB\-h\fR
.IP
Print this message and exit.
.SH FILES
.SS "Input files:"
.IP
> fileN
.IP
A filename or \- for stdin.
Each filename can be followed by [as NAME]
to change its name in the CSV output.
If no filename is given, stdin is assumed.
.IP
Files may contain any or all of the following:
(1) comments starting with hashes (#) or semicolons (;);
(2) one IP per line (without mask);
(3) a CIDR per line (A.A.A.A/B);
(4) an IP range per line (A.A.A.A \- B.B.B.B);
(5) a CIDR range per line (A.A.A.A/B \- C.C.C.C/D);
the range is calculated as the network address of
A.A.A.A/B to the broadcast address of C.C.C.C/D
(this is affected by \fB\-\-dont\-fix\-network\fR);
(6) CIDRs can be given in either prefix or netmask
format in all cases (including ranges);
(7) one hostname per line, to be resolved with DNS
(if the IP resolves to multiple IPs, all of them
will be added to the ipset)
hostnames cannot be given as ranges;
(8) spaces and empty lines are ignored.
.IP
Any number of files can be given.
.SH COPYRIGHT
Copyright \(co 2015\-2017 Costa Tsaousis for FireHOL (Refactored and extended)
.br
Copyright \(co 2004 Paul Townsend (Adapted)
.br
Copyright \(co 2003 Gabriel L. Somlo (Original)
.PP
License: GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl2.html>.
This program comes with ABSOLUTELY NO WARRANTY; This is free software, and
you are welcome to redistribute it under certain conditions;
See COPYING distributed in the source for details.