68

In Amazon EC2, where I set "security groups", It says: Source:

0.0.0.0/0 And then it gives an example of: 192.168.2.0/24

What is "/24"?

I know what port and IP is.

Alex
  • 8,111
  • 24
  • 71
  • 99

4 Answers4

72

It represents the CIDR netmask - after the slash you see the number of bits the netmask has set to 1. So the /24 on your example is equivalent to 255.255.255.0.

This defines the subnet the IP is in - IPs in the same subnet will be identical after applying the netmask. Take AND to mean bitwise &. Then:

192.168.2.5 AND 255.255.255.0 = 192.168.2.0
192.168.2.100 AND 255.255.255.0 = 192.168.2.0

but, for example:

192.168.3.100 AND 255.255.255.0 = 192.168.3.0 != 192.168.2.0

The most common CIDR netmasks are probably /32 (255.255.255.255 - a single host); /24 (255.255.255.0); /16 (255.255.0.0); and /8 (255.0.0.0).

I think it's easier to make sense of the numbers if you remember that 255.255.255.255 can be written as FF.FF.FF.FF - and F is of course the same as binary 1111. So you substract as many 1's as the difference between 32 and the CIDR netmask to know how much of the IP address "belongs" to its subnet. If this is confusing you can probably skip it and keep to the previously mentioned common ones for the time being, it's just the way I prefer to think about this.

Very simply, it is the number of most significant bits that would remain same in the network. Alternately it is (32 less the specified number) of least significant bits that would change in the network. https://www.rfc-editor.org/rfc/rfc1878

Eduardo Ivanec
  • 14,531
  • 1
  • 35
  • 42
  • 1
    So what number should I put if I'm using EC2? I just want to put the IPs in the security group. that's it. I don't want to do anything fancy. I just want to allow the 3 IPs... – Alex May 16 '11 at 01:19
  • What are the three IPs? If you want to add individual IPs you should just add i.p.addr.ess/32 for each of the three. – Eduardo Ivanec May 16 '11 at 02:20
  • Where the security group is the property that allows outside communications, based on your public IP, unless you have a consecutive range of IPs in use, it's best to delimit to that exact address. You can do so by setting the netmasks to /32, and creating a rule for each IP and port. – DivinusVox May 16 '11 at 06:18
  • On EC2 Security Groups there is option to add `My IP` and it will set IP and mask for you – Justinas Apr 26 '18 at 08:31
  • Great answer, thank you @EduardoIvanec – simhumileco Aug 02 '19 at 11:18
6

It's CIDR notation.

Ignacio Vazquez-Abrams
  • 45,019
  • 5
  • 78
  • 84
5

The number after the / is the number of bits in the network mask. /24 is the same as 255.255.255.0, just as /16 would be the same as 255.255.0.0

blankabout
  • 1,004
  • 1
  • 9
  • 16
1

The number after the / represents the subnet.

Keith Stokes
  • 927
  • 6
  • 7