Understanding CIDR Subnet Mask Notation

pfSense® firewalls use CIDR (Classless Inter-Domain Routing) notation rather than the common subnet mask 255.x.x.x when configuring addresses and networks. Refer to the CIDR Subnet Table to find the CIDR equivalent of a decimal subnet mask.

CIDR Subnet Table

Subnet Mask

CIDR Prefix

Total IP Addresses

Usable IP Addresses

Number of /24 networks

255.255.255.255

/32

1

1

1/256th

255.255.255.254

/31

2

2*

1/128th

255.255.255.252

/30

4

2

1/64th

255.255.255.248

/29

8

6

1/32nd

255.255.255.240

/28

16

14

1/16th

255.255.255.224

/27

32

30

1/8th

255.255.255.192

/26

64

62

1/4th

255.255.255.128

/25

128

126

1 half

255.255.255.0

/24

256

254

1

255.255.254.0

/23

512

510

2

255.255.252.0

/22

1024

1022

4

255.255.248.0

/21

2048

2046

8

255.255.240.0

/20

4096

4094

16

255.255.224.0

/19

8192

8190

32

255.255.192.0

/18

16,384

16,382

64

255.255.128.0

/17

32,768

32,766

128

255.255.0.0

/16

65,536

65,534

256

255.254.0.0

/15

131,072

131,070

512

255.252.0.0

/14

262,144

262,142

1024

255.248.0.0

/13

524,288

524,286

2048

255.240.0.0

/12

1,048,576

1,048,574

4096

255.224.0 0

/11

2,097,152

2,097,150

8192

255.192.0.0

/10

4,194,304

4,194,302

16,384

255.128.0.0

/9

8,388,608

8,388,606

32,768

255.0.0.0

/8

16,777,216

16,777,214

65,536

254.0.0.0

/7

33,554,432

33,554,430

131,072

252.0.0.0

/6

67,108,864

67,108,862

262,144

248.0.0.0

/5

134,217,728

134,217,726

1,048,576

240.0.0.0

/4

268,435,456

268,435,454

2,097,152

224.0.0.0

/3

536,870,912

536,870,910

4,194,304

192.0.0.0

/2

1,073,741,824

1,073,741,822

8,388,608

128.0.0.0

/1

2,147,483,648

2,147,483,646

16,777,216

0.0.0.0

/0

4,294,967,296

4,294,967,294

33,554,432

Note

The use of /31 networks is a special case defined by RFC 3021 where the two IP addresses in the subnet are usable for point-to-point links to conserve IPv4 address space. Not all operating systems support RFC 3021, so use it with caution. On systems that do not support RFC 3021, the subnet is unusable because the only two addresses defined by the subnet mask are the null route and broadcast and no usable host addresses.

pfSense 2.4.4-RELEASE-p3 supports the use of /31 networks for interfaces and Virtual IP addresses.

Where do CIDR numbers come from?

The CIDR number comes from the number of ones in the subnet mask when converted to binary.

The common subnet mask 255.255.255.0 is 11111111.11111111.11111111.00000000 in binary. This adds up to 24 ones, or /24 (pronounced ‘slash twenty four’).

A subnet mask of 255.255.255.192 is 11111111.11111111.11111111.11000000 in binary, or 26 ones, hence /26.