nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

WILDCARD MASKS

Mr.Ping

Hi people.

Am trying to understand some IOS firewall configs.

Can someone help me interpret these two lines?

access-list 102 deny host 255.255.255.255 any
access-list 102 deny host 0.0.0.0 any

Given that 'host' means a mask of 0.0.0.0

is it correct to rewrite them as

access-list 102 deny 255.255.255.255 0.0.0.0 any
access-list 102 deny 0.0.0.0 0.0.0.0 any ?

Does it then mean that the ACL is denying traffic from the hosts with ip addresses 255.255.255.255 and 0.0.0.0? If so,How are such IP's assigned to a host?

Any help is appreciated.

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

dtlokee

The case here is there should never be an address of 255.255.255.255 or 0.0.0.0 as the source IP address of a packet. The ACL you have shown is intended to drop traffic that has a spoofed (fake) source IP address of 255.255.255.255 or 0.0.0.0

Mr.Ping

Thanks DTLOKEE. Any ideas on which applications can assign such ip's?

rjbarlow

dtlokee wrote:

The case here is there should never be an address of 255.255.255.255 or 0.0.0.0 as the source IP address of a packet. The ACL you have shown is intended to drop traffic that has a spoofed (fake) source IP address of 255.255.255.255 or 0.0.0.0

Woohooo!!! Hi dt, some time I jump into this section of the forum and this question got me (very) perplexed..... :P