Subnet masks
Subnet masks are used to group a set of IDs that are associated with a filter rule. The mask value is ANDed with the ID in the filter rules and compared to the ID specified in the packet.
For example, a filter rule with a source IP address of 10.10.10.4 and a subnet mask of 255.255.255.255 specified that an exact match must occur of the decimal IP address, as shown in the following:
| Binary | Decimal | |
|---|---|---|
| Source IP address | 1010.1010.1010.0100 | 10.10.10.4 |
| Subnet mask | 11111111.11111111.11111111.11111111 | 255.255.255.255 |
A 10.10.10.x subnet is specified as 11111111.11111111.11111111.0 or 255.255.255.0. An incoming address would have the subnet mask applied to it, then the combination would be compared to the ID in the filter rule. For example, an address of 10.10.10.100 becomes 10.10.10.0 after the subnet mask is applied, which matches the filter rule.
A subnet mask of 255.255.255.240 allows any value for the last four bits in the address.