Wildcard Masks
Wildcard masks are the evil twins of regular subnet masks. To convert a subnet mask into a wildcard mask, subtract each octet of the subnet mask from 255.
- Example 1: 255.255.255.0 becomes 0.0.0.255
- Example 2: 255.255.252.0 becomes 0.0.3.255
- Example 3: 255.192.0.0 becomes 0.63.255.255
To be honest, the only time I use wildcard masks is when I’m cooking up Cisco IOS access lists. Here’s an example:
ip access-list extended acl_example
permit tcp any any established
permit tcp 10.40.0.0 0.0.255.255 host 192.168.99.60 eq www
permit tcp 10.40.0.0 0.0.255.255 host 192.168.99.60 eq 443
deny ip any any log
For more information on wildcard masks, and some interesting ways to get creative with them (and bamboozle any future admins who read your ACLs), check out http://packetlife.net/blog/2008/sep/11/mask-comparison-subnet-versus-wildcard/