IP Address List Filter
This command line utility take a list of ip addresses and/or networks / subnets from stdin
and filters for IPv4 and/or IPv6 addresses, single ips or networks.
Please use a combination of the following flags to allow these entries:
--ipv4--ipv6--network--singleip
IP networks / subnets need to be in CIDR notation (please see RFC2317).
Let's jump into an example:
A file example.txt contains the following lines:
10.1.0.1
10.1.0.0/16
If you cat example.txt | ipalf --networks --ipv4 you get the following list:
10.1.0.0/16
The single ip addresses 10.1.0.1 is gone.
ipalf is written in Go (Golang), Go SDK v1.20+ is required.
You can either run go build or go for a platform build:
make amd64for x86_64make arm64for arm64
- Do we really need a new tool? Isn't it easier and more flexible to use regex and a small script to achieve the same results?
Yes and no. Regex (regular expressions) may work in most cases, but things get a bit messy when
it comes to debugging or when you have to deal with ip addresses in CIDR notation (
/32for IPv4,/128for IPv6), - Where is this tool used? We use this tool in our pipelines to optimise e.g. our Threat Data Feeds for SOHO. These feeds contain known spambots, forum spammers, ip scanners, etc. that should be blocked at the WAN side of a network. The problem with SOHO (small office home office) network equipment is that it is notoriously low on CPU power and RAM, so smaller more optimised lists are key for a successful deployment on these kind of devices.
We would love to hear from you! Please contact us at help@threatint.com for feedback and general requests. Kindly raise an issue in GitHub if you find a problem in the code.
Release under the MIT License. (see LICENSE)