Usually I do not worry about subnet of an IP address on the public Internet, but after I began using Amazon EC2 firewall, it got me thinking.

EC2 firewall configuration requires an IP to be written in CIDR form, if I want to whitelist my home IP (say it is reachable as from public Internet), EC2 firewall config page correctly guesses my home IP, and suggestes that CIDR subnet is /24.

Is /24 the magic number of CIDR subnet of any public Internet IP address?

  • 1
    Of course not. It's guess might be absolutely wrong. It depends what settings your ISP gave you. For example, I belong to my ISP's /27 subnet. Maybe your address starts at 193.X.X.X or greater then it might have suggested you a class C mask
    – Ashtray
    Commented Aug 13, 2013 at 5:08
  • Thanks @Alex, I appreciate the info. Do you have any suggestion on how to figure out subnet from a public IP address?
    – Howard
    Commented Aug 13, 2013 at 5:11
  • 1
    Are you configuring NAT? Or port forwarding? Or how it's called there.
    – Ashtray
    Commented Aug 13, 2013 at 5:15
  • No, I just want to figure out CIDR subnet out of my public IP address.
    – Howard
    Commented Aug 13, 2013 at 5:15
  • 1
    Then just ask your ISP for settings or do DHCP for your WAN interface addressing and you'll get em
    – Ashtray
    Commented Aug 13, 2013 at 5:16

1 Answer 1


If you want to whitelist one specific IP address, then express it as

However, you're not clear as to whether your home IP address is static or dynamic. If the latter, you'll have to ask your ISP for the ranges of addresses it could allocate from. There may be several discontiguous ranges of different sizes that have been acquired as the ISP has grown.

To answer your specific question: no, you cannot assume that every block out there is a /24. You may be able to guess from a whois lookup of an address in the block, but that will just give you the size of the block allocated to that organisation, and tells you nothing about how it's segmented internally. Only your ISP will know that.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .