srcmask

Source IP mask.

Syntax

(32-bit dotted-decimal IP mask)

Description

This is a 'mask' applied to the source IP address. It is used to indicate how much of the source IP address should be looked at when comparing a packet against the current rule. (The remaining portion of the IP address is treated as an automatic match.)

Masking is done by representing both IP address and mask in binary format and comparing each corresponding digit (bit). Any bit in the IP address which corresponds to a one in the mask is checked for comparison; any bit which corresponds to a zero is treated as a wildcard and ignored.

For instance, a mask of 255.192.0.0 is 11111111.11000000.00000000.00000000 in binary, which would indicate that only the first ten bits of the source IP address are required to match in order for the rule to apply.

A value of 0.0.0.0 means that the entire IP address is considered a wildcard; this means that the rule applies to all possible source IP addresses.

Note: This parameter has no relation to the 'subnet mask' of the source IP address, which is not used by the firewall. Do not confuse the two.