What is the proper syntax for an address match list when using a.b.c.d/xx?

In other words, what is the significance of the prefix (a.b.c.d) vs. the number after the "/"?

Thanks,

Wow you really made that hard to understand what your quesion was, but I think I got it.

What your referring to is the subnet mask after the IP address. The subnet mask is used to identify a network of computers.

In the most basic form there are 4 possiblele values that can be placed after the "/"

/255.0.0.0 or /8
/255.255.0.0 or /16
/255.255.255.0 or /24
/255.255.255.255 or /32

Each has its on significance in setting up IP rules. (Say in BIND configs) The first of the options means to match only the first octet of an IP address.

e.x Say IP address 145.78.45.67 attempts to query your DNS server. If you told BIND to only to allow "145.78.45.67/255.0.0.0". That machine with that IP address would certainly make it through. But if your intention as to ONLY allow that machine, you would be thoroughly disappointed. Like I said before, using the subnet mask 255.0.0.0 designates IPs that match the first octet (ie 145) So an the IP address 145.5.6.3 or 145.6.42.9 or 145.7.3.9 would all be able to query your DNS server.

Now the next subnet mask 255.255.0.0 or /16 means to allow the first two octets. (ex 145.78) Then any IP address thats starts with 145.78 would get through.

If your still following me then you should be able to figure out that the next subnet mask 255.255.255.0 or /24 designates the match of the first three octets (145.78.45).

And finally 255.255.255.255 or /32 means to EXACTLY match an IP address. That is the best subnet mask to use if you intend to restrict to one IP address.


--tarballedtux

That's exactly what I was looking for--thanks!!!