DEPRECATED. check out Exclusion Enforcer instead. expandCIDR will use an nmap compliant scope list file and expand it, generating a file with the IP list. Optionally it can also select an arbitrary number of random IPs from the expanded IP list, instead.
Breaks down a deny list into individual IPs, makes sure that none of those IPs are part of the scope file. Additionally it can add all the deny IPs to iptables to deny outbound traffic, you specify a rule-set name (it's really a comment on iptables) and you can also later remove those rules when you're done. 🧹