A coding system used with access control lists to identify IP addresses. A line entry in the list contains a command, an IP address and a mask that references the IP address. Although access list commands are cryptic, an English translation of a line entry might be "deny entry to packets with these addresses."
The mask is a binary pattern that contains the same number of bits as the IP address. Each 0 bit in the mask means that the corresponding bit in the IP address must match exactly. A 1 indicates that the bit does not have to match and can be ignored. For example, in order to stipulate a specific IP address, that address would be accompanied by a wildcard mask of 0.0.0.0. To refer to all packets with Class A addresses in the 10.10.x.x range, the wildcard mask would be 0.0.255.255.
The Opposite of the Subnet Mask
Whereas a 0 bit in a wildcard mask means "match the bits," a 0 in a subnet mask means "do not match." Thus, a wildcard mask of 0.0.0.255 is the equivalent of a subnet mask of 255.255.255.0. See
access control list,
subnet mask and
IP address. See also
wild cards.