Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Mask (computing)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Inverse masks=== Masks are used with IP addresses in IP ACLs (Access Control Lists) to specify what should be permitted and denied. To configure IP addresses on interfaces, masks start with 255 and have the large values on the left side: for example, IP address {{IPaddr|203.0.113.129}} with a {{IPaddr|255.255.255.224}} mask. Masks for IP ACLs are the reverse: for example, mask {{IPaddr|0.0.0.255}}. This is sometimes called an inverse mask or a [[wildcard mask]]. When the value of the mask is broken down into binary (0s and 1s), the results determine which address bits are to be considered in processing the traffic. A ''0''-bit indicates that the address bit must be considered (exact match); a ''1''-bit in the mask is a "don't care". This table further explains the concept. Mask example: network address (traffic that is to be processed): {{IPaddr|192.0.2.0}} mask: {{IPaddr|0.0.0.255}} network address (binary): 11000000.00000000.00000010.00000000 mask (binary): 00000000.00000000.00000000.11111111 Based on the binary mask, it can be seen that the first three sets ([[Octet (computing)|octets]]) must match the given binary network address exactly (11000000.00000000.00000010). The last set of numbers is made of "don't cares" (.11111111). Therefore, all traffic that begins with "{{IPaddr|192.0.2.}}" matches, since the last octet is "don't care". Therefore, with this mask, network addresses {{IPaddr|192.0.2.1}} through {{IPaddr|192.0.2.255}} ({{IPaddr|192.0.2.x}}) are processed. Subtract the normal mask from {{IPaddr|255.255.255.255}} in order to determine the ACL inverse mask. In this example, the inverse mask is determined for network address {{IPaddr|198.51.100.0}} with a normal mask of {{IPaddr|255.255.255.0}}. {{IPaddr|255.255.255.255}} β {{IPaddr|255.255.255.0}} (normal mask) = {{IPaddr|0.0.0.255}} (inverse mask) ACL equivalents The source/source-wildcard of {{IPaddr|0.0.0.0|255.255.255.255}} means "any". The source/wildcard of {{IPaddr|198.51.100.2|0.0.0.0}} is the same as "host {{IPaddr|198.51.100.2}}"
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)