My usual plug here for using NetAddr::IP for parsing IP addresses and generating Cisco's wildcard notation rules is in order :)

Additionally, I've been doing this kind of analysis recently. Beware how you create and apply those rules, as the number of them could be overwhelming. I would suggest using some kind of automatic expiration time on the rules, so that they clean themselves automatically.

Best regards

-lem, but some call me fokat