user3850712 user3850712 - 1 year ago 148
Python Question

Bind acl file generate from CSV ip list using bash

I would like to generate geoiplist.acl file from a csv file. acl file format:

acl "A1" {;;
acl "A2" {;;

the csv file:

Here are sample lines from CSV file with IP_Start, IP_End and Country columns.


I got some references from here: but their acl don't have complete list.

Anyone can help me to do this in bash code please. Thanks in advance.

Answer Source

The issue here is that DB-IP provide the begin and end value of each range in human readable IP address format. Why they have done this, I'm not sure, because the more universal (easier to process) format is to simply present these values in integer form.

In any case, I have modified the Python script on to handle this and included the DB-IP database URL within the script; the ACL file generated from their CSV file is now also available to download from

Note I have already identified some issues with this database:

  • The entry "::","2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff","US" exists in it. This is obviously complete rubbish and also broke the Python script (I've improved the error detection code to handle this).
  • "","","CH" is an interesting entry. I'm not entirely sure how they have deemed the entire multicast block of the IPv4 address space to be delegated to Switzerland.
  • The statistical analysis (available on suggests that their DB/CSV file spans 100% of the IPv4 address space outside (multicast). That's 3,758,096,384 addresses. But we already know that several address blocks should not exist in here, the obvious ones being, and (and indeed others; further investigation reveals the entry "","","US" exists, which covers and beyond). So this result looks questionable.
  • The statistical analysis also reports that their DB/CSV spans nearly 100% of the IPv6 address space. This is primarily because they have mapped 3000::/4 (and various other smaller address blocks) to the US, which is wrong (see where 3000::/4 is listed as RESERVED). This mapping originates from the entry "2c10::","ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff","US". The other 2 databases on are nowhere close to this magnitude of coverage across the IPv6 address space (both are currently less than 0.1%), so this result also looks questionable.

Given all of the above, I would question the accuracy of their database and contact them about it. But feel free to download the file if you wish to use it.

Finally, I would not have even attempted this in BASH - the conversions required to produce this file from their CSV file are only available in more advanced languages like Python; BASH just wouldn't cut this (well, not my BASH).

I hope this has helped resolved your query/problem.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download