On 2020-08-12, Tomasz Rola <rto...@ceti.pl> wrote: > Is there a way to have listing of offending IPs and perhaps grouping > them into /nn subnets - other than writing oneself the script?
aggregate6, in packages. It will be slow on a large list, of course. > Something as easy as awk might suffice, I guess - and then instead of > five rules, just one rule for a subnet. If IPs are close enough to > form a subnet (now, what is "close enough", there might be interesting > problem). Of course, this way, some IPs will be excluded even if > they did nothing wrong (yet). it doesn't do this "fuzzy matching" though, it purely converts a fully filled subnet to the relevant prefix. e.g. $ printf '1.0.0.0\n1.0.0.1\n1.0.0.2\n' | aggregate6 1.0.0.0/31 1.0.0.2/32
