Imagine you need to write an ACl, using minimal commands, wtihout any leakage, to permit this (without using a calculator):

106.157.10.0/24

106.181.22.0/24

107.189.11.0/24

107.245.23.0/24

The way I approach this is that I would try to write one entry for:

106.157.10.0/24

106.181.22.0/24

and another entry for

107.189.11.0/24

107.245.23.0/24

Doing And and XOR operation on the 106.157.10.0/24 and 106.181.22.0/24 I come up with:

access-list 1 permit 106.149.2.0 0.40.28.0

and  doing And and XOR operation for the second group 107.189.11.0/24 and 107.245.23.0/24 it is:

access-list 1 permit 107.181.3.0 0.72.28.0

However, if I validate this using the subnet calculator, I see lot of other IP addresses got included (see bottom below).

So my conclusion is, the only way to avoid leakage is really writing four entries in the access lists like below. Am I wrong or someone here is capable to consolidate this in less than 4 statements?

access-list 1 permit 106.157.10.0 0.0.0.255

access-list 1 permit 106.181.22.0 0.0.0.255

access-list 1 permit 107.189.11.0 0.0.0.255

access-list 1 permit 107.245.23.0 0.0.0.255

w.Boson.com Wildcard mask checker

IP Address:    106.149.2.0
Wildcard mask: 0.40.28.0

First Octet Match(es)
106

Second Octet Match(es)
149
157
181
189

Third Octet Match(es)
2
6
10
14
18
22
26
30

Fourth Octet Match(es)
0

IP Address:    107.181.3.0
Wildcard mask: 0.72.28.0

First Octet Match(es)
107

Second Octet Match(es)
181
189
245
253

Third Octet Match(es)
3
7
11
15
19
23
27
31

Fourth Octet Match(es)
0