Any CIDR-merge tool that can help to get small number of IP ranges for countries of interest?

[onetimecontributor]

Hi. I would like to deny access to certain countries IP addresses for either all applications or just certain apps.
After a brief check, I wasn't able to spot any meaningful tool or service. GPT is also not useful so far.

I thought I could find balance between grouping and false negatives. If by upscaling from 16x Class B masks (/16 - 255.255.0.0) to a single Class A /12 subnet (255.240.0.0) I get only 10-15% false negatives, that would be worth a try.

Also, how many "deny" IP masks records will be OK if to set them on a whole rdns app level? 10, 50, 100? mid-level brand A phone, 8GB RAM.

[onetimecontributor]

one of use cases - some of video-streaming services don't like when they're reached through Tor, and simply ban particular countries. Thus, if someone is not specifically bothered by reducing anonymity, one could ban particular range for Tor app to reduce amount of weir cases where it's needed to refresh Tor.

[ignoramous]

You can rely on services like IPInfo / MaxMind etc but their premium services which are more accurate aren't free to use.

Also see:

• Block connections by ASN or GeoIP #590

Also, how many "deny" IP masks records will be OK if to set them on a whole rdns app level? 10, 50, 100? mid-level brand A phone, 8GB RAM.

Think the app will 100 subnets just fine (our internal representation for IP addresses is optimized for storing subnets). Though IP address are different to domain name, but as a point of reference, the on-device blocklists do more than 13M domain name entries (with 120M+ RAM) just fine.

[ignoramous]

After a brief check, I wasn't able to spot any meaningful tool or service

Cloudflare Radar has APIs to explore ASN (ex), IP (ex), and URL (ex), for seemingly free (api, docs), but you'll have to sign up with a developer account.

We intend to show Cloudflare Radar information in Rethink, but it isn't priority.

[onetimecontributor]

As I've found https://www.ipdeny.com/ipblocks/ that may be useful for my purpose, is there a way to import plain text file into IP rules of rdns?

[onetimecontributor]

RDNS backup is a zip file from what I see, and there are databases in it.
But I don't know if I can simply update the db (hopefully I can find the section by inspecting the code) that represents "Universal FW rules -> IP & Port rules", and if it will be the only place needed to be updated not to break backup integrity.

From what you recall, can I theoretically make the change like that?
I'm on v055t and v055n on few devices.