Whether IP is blocked by RKN

<#
.SYNOPSIS
    Check whether ip address is blocked
.DESCRIPTION
    Check whether ip address is within one of specifised subnet cidrs
.PARAMETER addresses
    List of ips or dns names or http addresses to check
.PARAMETER strict
    Whether to throw an exception when [resolved] ip address is in blocked cidr
.EXAMPLE
    blocked site.com
    # check whether site.com is blocked
.EXAMPLE
    blocked http://site2.com/qwerty?asd=wer
    # check whether site2.com is blocked
.EXAMPLE
    blocked 1.2.3.4
    # check whether 1.2.3.4 is blocked
.EXAMPLE
    blocked 5.6.7.8 -strict
    # check whether 5.6.7.8 is within one of blocked networks and throw an exception if it is
.EXAMPLE
    blocked 11.12.13.14 15.16.17.18 google.com
    # check whether either of [11.12.13.14, 15.16.17.18, google.com] is within one of blocked networks.
#>

Param (
    [Parameter(ValueFromRemainingArguments = $true)][string[]]$addresses,
    [switch]$strict
)

$blocked_networks = @(
    "103.246.200.0/22",
    "109.239.140.0/24",
    "128.199.0.0/16",
    "13.125.0.0/16",
    "13.230.0.0/15",
    "13.56.0.0/14",
    "149.154.160.0/20",
    "149.154.164.0/22",
    "149.154.168.0/22",
    "149.154.172.0/22",
    "159.122.128.0/18",
    "159.203.0.0/16",
    "159.65.0.0/16",
    "159.89.0.0/16",
    "165.227.0.0/16",
    "167.99.0.0/16",
    "174.138.0.0/17",
    "176.67.169.0/24",
    "178.239.88.0/21",
    "178.63.0.0/16",
    "18.130.0.0/16",
    "18.144.0.0/16",
    "18.204.0.0/14",
    "18.218.0.0/16",
    "18.236.0.0/15",
    "185.166.212.0/23",
    "185.229.227.0/24",
    "188.166.0.0/17",
    "195.154.0.0/17",
    "203.104.128.0/20",
    "203.104.144.0/21",
    "203.104.152.0/22",
    "206.189.0.0/16",
    "34.240.0.0/13",
    "34.248.0.0/13",
    "35.176.0.0/15",
    "35.178.0.0/15",
    "35.180.0.0/16",
    "45.76.82.0/23",
    "46.101.128.0/17",
    "51.136.0.0/15",
    "52.32.0.0/16",
    "52.56.0.0/16",
    "52.57.0.0/16",
    "54.212.0.0/15",
    "54.228.0.0/15",
    "64.137.0.0/17",
    "68.171.224.0/19",
    "74.82.64.0/19",
    "91.108.12.0/22",
    "91.108.16.0/22",
    "91.108.20.0/22",
    "91.108.24.0/23",
    "91.108.33.0/24",
    "91.108.36.0/23",
    "91.108.38.0/23",
    "91.108.4.0/22",
    "91.108.56.0/22",
    "91.108.8.0/22",
    "94.177.224.0/21",
    "98.158.176.0/20"
)

Function CheckAddress($address) {
    $ips = @()

    if ($address -match "^([\d\.]+)$") {
        $ips += $address
    } else {
        $address = $address -replace "^(\w+://)?([^/]+).*?$", '$2'

        [System.Net.Dns]::GetHostAddresses($address) | % {
            $ips += $_.IPAddressToString
        }
    }

    $ips | % {
        if ($blocked = IsIpBlocked -ip $_) {
            $message = "IP $_ is within blocked network $blocked"

            if ($strict) {
                throw $message
            } else {
                Write-Host $message -ForegroundColor Red
            }
        } else {
            Write-Host "IP $_ is not within blocked networks" -ForegroundColor Green
        }
    }
}

Function IsIpBlocked($ip) {
    $blocked = $null

    if (!$ip) { return $blocked }

    $blocked_networks | % {
        if (IsIpWithinCidr -ip $ip -cidr $_) {
            $blocked = $_
        }
    }

    return $blocked
}

Function IsIpWithinCidr($ip, $cidr) {
    if (!($ip -is [System.Net.IPAddress])) {
        $ip = [System.Net.IPAddress]::Parse($ip)
    }

    $parts = $cidr.Split('/');
    $subnet_ip = [System.Net.IPAddress]::Parse($parts[0])
    $subnet_bits = [int]$parts[1]
    $ip_int = [BitConverter]::ToInt32($ip.GetAddressBytes(), 0)
    $subnet_ip_int = [BitConverter]::ToInt32($subnet_ip.GetAddressBytes(), 0)
    $subnet_mask_int = [System.Net.IPAddress]::HostToNetworkOrder(-1 -shl (32 - $subnet_bits))
    return (($ip_int -band $subnet_mask_int) -eq ($subnet_ip_int -band $subnet_mask_int))
}

if ($addresses.Count -gt 0) {
    $addresses | % { CheckAddress -address $_ }
}