AZ Tools

CIDR Aggregator (Merge & Summarize IP Ranges)

Network

Firewall rule sets, ACLs, geofeeds, threat-intel block lists, and Cloudflare/AWS WAF rules all tend to accumulate redundant entries: overlapping CIDRs, adjacent blocks that could be summarized one bit shorter, single addresses next to ranges that already cover them. This tool fixes that. Paste a list — one entry per line, or comma-separated — mixing any of: single IPv4 (10.0.0.5), single IPv6 (2001:db8::1), CIDR notation (10.0.0.0/24, 2001:db8::/32), or IPv4 ranges (10.0.0.5-10.0.0.20). Every entry is normalized to its start/end integer pair, the list is sorted, overlapping and adjacent intervals are merged, and each merged range is decomposed into the minimum number of properly-aligned CIDR blocks. IPv4 and IPv6 are aggregated independently so the output is always valid. Everything runs in your browser — no IPs leave the page.
Input entries
6
Output CIDRs
6
Reduction
0%
Total addresses
1286
IPv4 · 6 · 1286
10.0.0.0/22
192.168.1.5/32
192.168.1.6/31
192.168.1.8/31
192.168.1.10/32
192.168.2.0/24
How aggregation works

Each merged range is split into the minimum number of CIDR blocks — at each step we pick the largest /n block aligned at the current cursor that still fits inside the remaining range. Adjacent and overlapping inputs collapse automatically. Computation is purely local: no DNS, no WHOIS, no network calls.

How to use

  1. Paste your IPs / CIDRs / ranges (one per line or comma-separated).
  2. Mix IPv4 and IPv6 freely — they're aggregated independently.
  3. The result panel shows the minimum CIDR set; the stats row reports the reduction ratio.
  4. Click 'Load Sample' to see how overlapping and adjacent /24s collapse to a single /22.
  5. Lines starting with # are treated as comments and ignored.

Frequently asked questions

How does CIDR aggregation work?
Two adjacent CIDR blocks of the same prefix length can be merged into one block whose prefix is one bit shorter — but only if the lower block starts on the natural boundary for the new shorter prefix. 10.0.0.0/24 + 10.0.1.0/24 → 10.0.0.0/23 works because 10.0.0.0 is aligned to a /23. 10.0.1.0/24 + 10.0.2.0/24 does NOT merge because 10.0.1.0 is not on a /23 boundary. The tool merges intervals first, then greedily decomposes each merged range into the fewest properly-aligned CIDRs.
What input formats are accepted?
Single IPv4 (10.0.0.5 → /32), single IPv6 (2001:db8::1 → /128), IPv4 CIDR (10.0.0.0/24), IPv6 CIDR (2001:db8::/48), and IPv4 range with dash (10.0.0.5-10.0.0.20). Each entry on its own line, or separated by commas. Lines starting with # are ignored, so you can annotate your input. Whitespace is trimmed.
Why are IPv4 and IPv6 reported separately?
They live in disjoint address spaces — there is no CIDR that contains both an IPv4 and an IPv6 address. Most firewall/ACL formats also require separate rules for v4 and v6. The tool aggregates each family independently and shows separate counts and address totals so you can paste the v4 block into your IPv4 rule list and v6 into your IPv6 rule list.
What does 'reduction %' mean?
It's 1 - (output CIDR count / input entry count), as a percentage. So 12 input lines collapsing to 3 output CIDRs is a 75% reduction. This is a quick proxy for 'how much smaller is my rule list now', though the real win is operational clarity, not just line count — fewer rules means faster lookup tables on hardware ACLs.

Related tools

IP Address Inspector

Type an IPv4 or IPv6 address and see its class, scope (private / public / loopback / link-local), decimal value, binary, reverse-DNS notation, and /32 CIDR.

Network00

Port Number Reference

Searchable cheat sheet for ~60 standard TCP / UDP port numbers — from 22 (SSH) and 80 (HTTP) to 6379 (Redis) and 27017 (MongoDB).

Network00

DNS Record Reference

Searchable cheat sheet for DNS record types — A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV, CAA, DNSSEC, SVCB / HTTPS — with examples.

Network00

Subnet Calculator (IPv4 / CIDR)

Parse an IPv4 CIDR into network address, broadcast, netmask, wildcard, host range, and class. Shows binary breakdown and private/public status.

Network00

User Agent Parser

Parse a User-Agent string into browser, engine, OS, device, and CPU. Detects 20+ bots including GPTBot, ClaudeBot, PerplexityBot.

Network00

HTTP Status Code Reference

Searchable list of every HTTP status code (1xx-5xx) with summary, RFC, when to use, and common pitfalls.

Network00