Basic variables for use in JavaScript expressions when calculating list names and comment values:
| FILENAME |
File name with loaded subnet. |
| FILEROW |
Row number in file with loaded subnet. |
| COLUMN[X] |
Value from column X in loaded data, X value from 1 to columns count. |
| JOINED[X] |
Value from column X of join table, if join files are specified. X value from 1 to columns count in all join files. |
| HEADER[X] |
Column X header value, if loaded files have a header. X value from 1 to columns count. |
| JOINHEAD[X] |
Column X header value of join table, if join files are specified and files have a header. X value from 1 to columns count in all join files. |
| LISTNAME |
Calculated list name value. Available when calculating comment value. |
Basic variables for use in JavaScript expressions when calculating output file template:
| LISTNAME |
Calculated list name value. |
| COMMENT |
Calculated comment value. |
| HEADROW |
Calculated header row value. |
| ROWNUM |
Row sequence number of processed subnet (from 1 to loaded subnets count). |
| LISTNUM |
Sequence number of list name of processed subnet (from 1 to unique list names count). |
| FILENUM |
Sequence number of output file of processed subnet (from 1 to total output files count). |
| SUBNET |
Loaded subnet value.
192.168.77.0/24 |
| NETRANGE |
Addresses range of loaded subnet.
192.168.77.0-192.168.77.255 |
| NETWORK |
Integer value of network address (first address of subnet).
3232255232 |
NETWORK.DEC()
NETWORK.DEC(0) |
Decimal value of network address.
192.168.77.0
192168077000 |
NETWORK.HEX()
NETWORK.HEX(0) |
Hexadecimal value of network address.
C0.A8.4D.0
C0A84D00 |
NETWORK.BIN()
NETWORK.BIN(0) |
Binary value of network address.
11000000.10101000.1001101.0
11000000101010000100110100000000 |
| BROADCAST |
Integer value of broadcast address (last address of subnet). With subnet mask value of 32 is equal to value network address.
3232255487 |
BROADCAST.DEC()
BROADCAST.DEC(0) |
Decimal value of broadcast address.
192.168.77.255
192168077255 |
BROADCAST.HEX()
BROADCAST.HEX(0) |
Hexadecimal value of broadcast address.
C0.A8.4D.FF
C0A84DFF |
BROADCAST.BIN()
BROADCAST.BIN(0) |
Binary value of broadcast address.
11000000.10101000.1001101.11111111
11000000101010000100110111111111 |
| NETMASK |
Network number, bit-length of network mask.
24 |
| BITMASK |
Integer value of network bit mask.
4294967040 |
BITMASK.DEC()
BITMASK.HEX(0)
BITMASK.BIN(0) |
Decimal, hexadecimal, binary values of network mask.
255.255.255.0
FFFFFF00
11111111111111111111111100000000 |
| BITMASK.INV() |
Integer value of inverted value of network mask.
255 |
BITMASK.INV().DEC()
BITMASK.INV().HEX(0)
BITMASK.INV().BIN(0) |
Decimal, hexadecimal, binary values of inverted value of network mask.
0.0.0.255
000000FF
00000000000000000000000011111111 |
HOSTFIRST
HOSTFIRST.DEC()
HOSTFIRST.HEX()
HOSTFIRST.BIN() |
Integer, decimal, hexadecimal, binary values of first usable address of subnet. With subnet mask values of 31 and 32 is equal to value network address.
3232255233
192.168.77.1
C0.A8.4D.1
11000000.10101000.1001101.1 |
HOSTLAST
HOSTLAST.DEC()
HOSTLAST.HEX()
HOSTLAST.BIN() |
Integer, decimal, hexadecimal, binary values of last usable address of subnet. With subnet mask values of 31 and 32 is equal to value broadcast address.
3232255486
192.168.77.254
C0.A8.4D.FE
11000000.10101000.1001101.11111110 |
REDUCEMASK(X).SUBNET
REDUCEMASK(X).NETRANGE
REDUCEMASK(X).NETWORK
REDUCEMASK(X).BROADCAST
REDUCEMASK(X).NETMASK
REDUCEMASK(X).BITMASK
REDUCEMASK(X).HOSTFIRST
REDUCEMASK(X).HOSTLAST |
Function REDUCE(X) returns the subnet structure formed from the original one by mask X, if X is a positive number between 0 and 32 and less than or equal to the source subnet mask value. If value X is negative number from -1 to -32 and the difference between mask value of source subnet and X is greater than or equal to 0, the function will return structure of subnet formed by the mask value equal to this difference. The function will return an empty value if X is greater than the source subnet mask value, or if the difference between the mask value and X is less than 0. The structure returned by function is completely similar to structure of the source subnet, same formatting functions applies to values of addresses and mask. |
| HEADER[X] |
Column X header value, if loaded files have a header. X value from 1 to columns count. |
| JOINHEAD[X] |
Column X header value of join table, if join files are specified and files have a header. X value from 1 to columns count in all join files. |
Application usage examples:
In all database file types, the first and second columns are the integer representation of the first and last addresses of the network range, the third column is the two-character country code, and the fourth column is the country name. Open downloaded file in application, specify csv-delimiter as a comma, file does not contain a header, specify first column of the file as first address of the network range and second file column as second address of the range, specify addresses format as integer, there is no addresses mask, there are no joined tables. Loaded network ranges do not always form a single subnet, many consist of several adjacent subnets. Such rows will be split into separate subnet rows. Filling in the calculated fields - list names and comments depends on the result you want to get using the output file template, or get data to analyze loaded network ranges.
For example, to get a simple list of countries, specify the expression to get list name: COLUMN[3] == '-' ? '' : COLUMN[3] - network ranges with a country code value of '-' will not be loaded (these are service network ranges and can be ignored), the expression to get comment: COLUMN[4], the expression to get header: subnet,code,country. Check options "Merge ranges with same list name" and "Also group by comments". You can use the address search tool to search for any address, for example, 8.8.8.8, to see the result of constructing subnets using an example of one row. In the output file template specify file begin expression: HEADROW + '\n', main block: SUBNET + ',' + LISTNAME + ',' + COMMENT, between blocks specify: '\n'. Leave all other expressions empty. Attention, it is recommended to limit the output file size to no more than 600MB. Specify the desired file name and click "Get file by template". It is also recommended to try the available templates of JSON and HTML files to understand how the builder works.
To see what changes have occurred in address ownership compared to the previous download, or to see the difference in address ownership in different databases, for example, DB3 and DB11, open both files at same time and specify all settings as in the previous section. Click button "Get subnets intersections" and get a file containing only the changed subnets.
To create firewall rules based on nationality, specify an expression to get the list name: COLUMN[3] == '-' ? '' : ('C1,C2,C3,C4,C5'.indexOf(COLUMN[3]) >= 0 ? 'first-list' : ('C6,C7,C8,C9'.indexOf(COLUMN[3]) >= 0 ? 'second-list' : 'third-list')) - where C1, C2, C3 etc., are two-character country codes in capital letters. To get a list of addresses by geography from DB11 file, specify the list name expression: parseFloat(COLUMN[7]) >= -180.0 && parseFloat(COLUMN[7]) <= 180.0 && parseFloat(COLUMN[8]) >= -180.0 && parseFloat(COLUMN[8]) <= 180.0 ? 'geoip-list' : '' or COLUMN[10] == '+00:00' ? 'geoip-list' : ''.
To perform operations similar to the previous section, open {GeoIP2,GeoLite2}-{City,Country}-Blocks-IPv4.csv file in application, specify csv-delimiter as a comma, check the file contains a header, specify first column of the file as first and only address of the network range, range second address missing, mask missing, specify addresses format as decimal. Check the files have joined data tables and open {GeoIP2,GeoLite2}-{City,Country}-Locations-en.csv file, specify csv-delimiter as a comma, check the file contains a header. Select join type "by equality of column values", set into "join main files by column" and "join data files by column" numbers of columns naimed as "geoname_id". In the loaded data, array element JOINED[5] will contain a two-character country code and JOINED[6] will contain country name.
To compare the MaxMind and IP2Location databases, first save the MaxMind database in the same form as the IP2Location database. Specify the expression to get list name value: JOINED[5], comment value make empty. In the output file template specify expression of main block: NETWORK + ',' + BROADCAST + ',' + LISTNAME + '\n', leave all other expressions empty. Save the file by template, then open this file along with the IP2Location database file as written in the description of loading IP2Location files. Don't specify comment value, only specify list name value: COLUMN[3] == '-' ? '' : COLUMN[3], check options "Merge ranges with same list name" and click button "Get subnets intersections".
To create firewall rules based on nationality, specify an expression to get the list name: JOINED[5] == '' ? 'null-list' : ('C1,C2,C3,C4,C5'.indexOf(JOINED[5]) >= 0 ? 'first-list' : ('C6,C7,C8,C9'.indexOf(JOINED[5]) >= 0 ? 'second-list' : 'third-list')) - where C1, C2, C3 etc., are two-character country codes in capital letters. To get a list of addresses by geography from City file, specify the list name expression: parseFloat(COLUMN[8]) >= -180.0 && parseFloat(COLUMN[8]) <= 180.0 && parseFloat(COLUMN[9]) >= -180.0 && parseFloat(COLUMN[9]) <= 180.0 ? 'geoip-list' : '' or JOINED[3] == 'AF' ? 'geoip-list' : '' or JOINED[13].startsWith('Asia') ? 'geoip-list' : ''.
Joining files by entering into network range
The loaded network ranges file can be joined with another network ranges file, which will allow to use columns of attached file in expressions to obtain list names and comments. To satisfy condition for joining files rows, network range in loaded file must be completely included in network range of joined file, be less than or equal to it, and be on the same network. For example, you can join IP2Location file DB11 with file DB1 or MaxMind file City with file Country, but not vice versa. It would be relevant to combine IP2Location file DB11 with file ASN, or file ASN with file DB1. You can also join address files from your firewalls with any address database, IP2Location, MaxMind or any other, to obtain detailed information, for example, on attacking hosts, or collect statistics on visits to your resources.
In application settings you can enable test mode, this will activate the load test data button. Click this button, specify csv-delimiter as a comma, check the file contains a header, specify first column of the file as first and only address of the network range, range second address missing, mask missing, specify addresses format as decimal. This small set of data will help you better understand the principles of grouping addresses and will save time when writing new output file templates.