CIDR (Classless Inter-Domain Routing) notation is the standard way to represent IP address ranges. Understanding CIDR is essential for working with blocklists and firewall rules.
What is CIDR Notation?
CIDR notation combines an IP address with a suffix indicating how many bits define the network portion. For example, 192.168.1.0/24 represents all addresses from 192.168.1.0 to 192.168.1.255.
Example CIDR notation:
192.168.1.0/24
This represents a /24 network containing 256 IP addresses (192.168.1.0 through 192.168.1.255).
Common CIDR Block Sizes
Understanding common block sizes helps you work with firewall rules and blocklists:
- /32 - Single IP address (most specific)
- /24 - 256 addresses (common for small networks)
- /16 - 65,536 addresses (typical ISP allocation)
- /8 - 16.7 million addresses (large organization/ISP)
CIDR in Security Context
Blocklists often use CIDR notation to efficiently block ranges of addresses controlled by a single malicious actor. Instead of listing thousands of individual IPs, a single /24 entry can block an entire malicious network.
When configuring firewall rules, understanding CIDR helps you create efficient allow/deny rules without excessive entries.
Check IP Reputation
Look up any IP address or network range to check its reputation status.