Actually, ipset supports <start>-<stop> syntax:
CREATE-OPTIONS := range fromip-toip|ip/cidr [ netmask cidr ] [
timeout value ] [ counters ] [ comment ] [ skbinfo ]
On 11/11/2022 18:10, Bill Cole wrote:
On 2022-11-11 at 11:26:13 UTC-0500 (Fri, 11 Nov 2022 09:26:13 -0700)
Grant Taylor via users <gtay...@tnetconsulting.net>
is rumored to have said:
On 11/11/22 9:09 AM, Bert Van de Poel wrote:
- IP/CIDR lists like the one you mention, but also lists like Stop Forum Spam
(https://www.stopforumspam.com/) I cron fetch then add to an ipset with a DROP
(which is quite similar to what others are suggesting).
Stop Forum Spam seems interesting.
I'd be curious to see how you're converting SFS list(s) to ipset entries. Mostly I've not yet had
enough coffee to convert from a range of IPs; <start>-<stop>, to CIDR;
<network>/<netmask>.
From my bashrc...
# type cidrcon
cidrcon is a function
cidrcon ()
{
for a in $*;
do
echo $a;
done | perl -e "use Net::CIDR::Lite; \$cidr = Net::CIDR::Lite->new(<>) ; \$_ = join
(\"\n\",\$cidr->list) ; print \"\$_\n\";"
}
Obviously requires Perl and the Net::CIDR::Lite module. I do not recall why the
implementation is so weird, but I've been using it for decades(!?)
I didn't pay close attention to the list, but I did see that it was range based
and would need some conversion. -- I have added it to my pile of things to
look at more closely later.
--
Grant. . . .
unix || die
