Wildcard Masks

Wildcard masks are the evil twins of regular subnet masks. To convert a subnet mask into a wildcard mask, subtract each octet of the subnet mask from 255.

• Example 1: 255.255.255.0 becomes 0.0.0.255
• Example 2: 255.255.252.0 becomes 0.0.3.255
• Example 3: 255.192.0.0 becomes 0.63.255.255

To be honest, the only time I use wildcard masks is when I’m cooking up Cisco IOS access lists. Here’s an example:

ip access-list extended acl_example
 permit tcp any any established
 permit tcp 10.40.0.0 0.0.255.255 host 192.168.99.60 eq www
 permit tcp 10.40.0.0 0.0.255.255 host 192.168.99.60 eq 443
 deny   ip any any log

For more information on wildcard masks, and some interesting ways to get creative with them (and bamboozle any future admins who read your ACLs), check out http://packetlife.net/blog/2008/sep/11/mask-comparison-subnet-versus-wildcard/