that's ok peter, what i actually wanted to know is ,the fourth octet represents an address or a network and why we are not using 0 or 255 in the netmask part...

thanks in advance

Are you trying to block one host?

i.e. 172.16.43.128

or Are you trying to block an entire network?

i.e. 172.16.43.128 to 172.16.43.255

thanks

peter

am trying to block the network

i.e.172.16.43.128 to 172.16.43.255

thanks for your support

Ok - back to your original question.

172.16.43.128 255.255.255.128

You need to understand binary to find the true reason why the mask needs to be 255.255.255.128 to block the range of addresses from 172.16.43.128 to 172.16.43.255.

172 = 10101100

16 = 00010000

43 = 00101011

128 = 10000000

129 = 10000001

130 = 10000010

...

255 = 11111111

notice the only thing that doesn't change is the leading digit in the fourth octet.

The mask indicates what digits you care to match at all times (1s) and the ones you don't care about matching (0s) --> thus you cover a range.

255.255.255.128 has a 1 as the leading digit in the fourth octect - the rest of the digits are 0s, which you don't care about.

If you were to apply a 255.255.255.255 mask to 172.16.43.128, you would care about all digits, and only match on the exact address.

If you were to apply the mask 255.255.255.192 to 172.16.43.128, you would care about the first 2 digits of the 4th octet, which would cover the range 172.16.43.128 to 172.16.43.191.

Hopefully this is the information you sought. Please let us know if you have any follow up questions.

thanks

peter

thanks for your contiuous support.

so there is no need to use wildcard mask as used in routers for firewalls...

Yes, since both devices support IPv4 and to do so requires the proper use of binary math to determine subnet masks and wildcards.

peter