grepcidr 1.3 - Filter IP addresses matching IPv4 CIDR/network specification
A couple people have contributed patches allowing grepcidr to locate an IP address anywhere on the current line (for easier parsing of input data). While this improvement has not yet been included in the release, you can find the patches provided below in "Resources". Thanks to the contributors!
grepcidr can be used to filter a list of IP addresses against one or more Classless Inter-Domain Routing (CIDR) specifications, or arbitrary networks specified by an address range. As with grep, there are options to invert matching and load patterns from a file. grepcidr is capable of comparing thousands or even millions of IPs to networks with little memory usage and in reasonable computation time.
grepcidr has endless uses in network software, including: mail filtering and processing, network security, log analysis, and many custom applications.
Changes in version 1.3
- Much faster than past versions due to binary search of patterns
- Decreased memory usage
- Applied search improvements suggested by Dick Wesseling
- Now supports IP ranges as well as CIDR format
- Improved usage to be more grep-like (e.g. filename on command line)
- Now uses grep-like exit code (0=ok, 1=no match, 2=error)
grepcidr [-V] [-c] [-v] PATTERN [FILE] grepcidr [-V] [-c] [-v] [-e PATTERN | -f FILE] [FILE] -V Show software version -c Display count of the matching lines, instead of showing the lines -v Invert the sense of matching, to select non-matching IP addresses -e Specify pattern(s) on command-line -f Obtain CIDR and range pattern(s) from file PATTERN specified on the command line may contain multiple patterns separated by whitespace or commas. For long lists of network patterns, specify a -f FILE to load where each line contains one pattern. Comment lines starting with # are ignored, as are any lines that don't parse. Each pattern, whether on the command line or inside a file, may be: CIDR format a.b.c.d/xx IP range a.b.c.d-e.f.g.h Single IP a.b.c.d
grepcidr -f ournetworks blocklist > abuse.log
Find our customers that show up in blocklists
grepcidr 127.0.0.0/8 iplog
Searches for any localnet IP addresses inside the iplog file
grepcidr "192.168.0.1-192.168.10.13" iplog
Searches for IPs matching indicated range in the iplog file
script | grepcidr -vf whitelist > blacklist
Create a blacklist, with whitelisted networks removed (inverse)
grepcidr -f list1 list2
Cross-reference two lists, outputs IPs common to both lists