Reputation:
Why specify cidr range in Inbound IP address for aws security groups
For example, in AWS security groups, we speicfy a IP address that can login, but then we put /24 or /32 for IPv6
Is that the only reason for specifying the cidr range, or can we do more configuration?
e.g. From source: 32.232.232.11/24. why have the 24 in there?
Upvotes: 2
Views: 9096
Answers (3)
Reputation: 4052
You can think of IP address as 4 8bit numbers, divided by dots.
32.232.232.11/24
The number after the slash (/ sign) represents # of "significant" bits, that are included in the network. In your case - 24 essentially means that for this CIDR block first 3 numbers (8*3=24) are "significant" and the rest can be anything.
32.232.232.11/24 includes all addresses between 32.232.232.0 and 32.232.232.255
32.232.232.11/24 and 32.232.232.222/24 essentially interpreted the same. The last number is not significant.
32.232.232.11/16 would include everything between 32.232.0.0 and 32.232.255.255
In 32.232.232.11/32 all 32 bits counts, which leaves only one address 32.232.232.11 in this mask.
0.0.0.0/0 has zero significant bits and basically includes the entire IPv4 address space.
There are few IP ranges that are reserved for private networks 10.x.x.x, 172.x.x.x and 198.162.x.x that might look familiar from VPCs or your home network.
In AWS VPC you'll frequently see CIDR ranges like 10.0.0.0/16 for VPC and 10.0.1.0/24 for subnets.
The rest of IPv4 address space is usually assumed to be the public internet and besides 32.232.232.11/32 (single, specific IP address) and 0.0.0.0/0 - "open to the world" you rarely see other types of ranges.
Upvotes: 13
Reputation: 89
If you want to allow the whole IP range in the security groups, then it's better to specify the CIDR (/24 in your case), because:
By specifying the CIDR of 24 you are whitelisting 256 IP addresses (starting from 32.232.232.0 to 32.232.232.255), so assume if you are adding these individually which will be a time taking task and it will also exhaust the AWS security groups rules limits because by default AWS security groups have the limit of 60 rules for inbound rules and 60 for outbound. So, it's better to specify the CIDR when allowing IP addresses.
If you only want to whitelist single IP address '32.232.232.11', then you should use the CIDR (/32) e.g 32.232.232.11/32 which will only whitelist 32.232.232.11.
Upvotes: 1
Reputation: 13632
CIDR is the short for Classless Inter-Domain Routing, an IP addressing scheme that replaces the older system based on classes A, B, and C. A single IP address can be used to designate many unique IP addresses with CIDR. A CIDR IP address looks like a normal IP address except that it ends with a slash followed by a number, called the IP network prefix. CIDR addresses reduce the size of routing tables and make more IP addresses available within organizations.
For your example, you get the range described below.
CIDR Range 32.232.232.11/24
Netmask 255.255.255.0
Wildcard Bits 0.0.0.255
First IP 32.232.232.0
Last IP 32.232.232.255
Total Host 256
See https://www.ipaddressguide.com/cidr
Upvotes: 0
Related Questions
- AWS security group: Port range?
- What do the IP addresses(under source column) represent/or mean in Inbound and Outbound rules in AWS security groups?
- AWS security group rules based on origin IP
- How to whitelist AWS IP-Range in an EC2 security group?
- Purpose of AWS Client VPN Client CIDR Range?
- What is the CidrIp in Security groups
- AWS Security Group - Set of port for set of IPs
- Are AWS Security Group Port Ranges Inclusive or Exclusive
- How do I define a recurring IP range for AWS security groups?
- Why might the CIDR/IP in DB security group be different from instance elastic IP?