We have been working on a variety of network aggregation tools to help produce smaller Access Control Lists for our members and non-members. Members select a country or group of countries and a tool consolidates the data. Our initial scripts focused on simply aggregating contiguous networks into larger network ranges with starting and ending IPs to represent the network blocks. This resulted in much smaller ACLs, but not all firewalls or security systems could handle data in this format. WE responded to this by creating code that would allow us to output our data into legal CIDR networks (we can of course convert the data into Netmask, Cisco or other formats). Basically we are joining contiguous networks as we did in our original scripts and then converting the blocks into CIDR. Testing this with a variety of country combinations we are seeing ACL size reductions of 17-80%. Is this significant enough to make a positive impact on .htaccess, web.config or hardware firewalls like Cisco? Any feedback you can provide would be greatly appreciated. As it appears I cannot post a link to the beta script I am open to ideas you may have without actually seeing what we are doing.
I think this would be a helpful tool. Most country IP block tools have such small CIDRs even listing all of the /24 blocks which makes for a really large .htaccess file. It would be nice to know which of those ranges are problematic and block them instead of everything.