Masks for non-continuous addresses?


I like to have a specific list of allowed IP addresses for every piece of software I allow to connect to the Internet.

However, this makes a long list for CIS to handle and it usually takes 5 to 10 minutes for CIS to update my list every time I open it!

So, I decided that I need to simplify my list of allowed IP addresses. Defining ranges of addresses definitely helps, but in some cases I encounter some software that uses to connect to addresses like this:

So, my idea is to transform these 8 rules into the least number (4, 2 or maybe 1) using masks.

The problem is that the online help doesn’t explain how (Comodo Help), the forum doesn’t have any similar question and Wikipedia only speaks about masks in the context of a local network.

So, how could it be possible to simplify these 8 rules into less while still having the same protection level?

What I would do is to create a Network Zone containing all the IPs (however they are made up; single IPs, ranges, masks) and simply use that. I’d also look into the possibility of using hostnames rather than IPs.

Well, this introduces an extra step: manually copying the addresses I once allowed from the CIS alerts into an artificial network zone. I can’t see the benefit of doing that.

My CIS is set that it creates rules for individual IP addresses from the alerts CIS gives me.
And remember, this is about Internet rules, so every piece of software connects to their own update servers and they might add more servers from time to time, so my lists for every program need to be flexible.

If I could find some information about how masks should be used into the program rules or how CIS is supposed to handle them, maybe that could be a good start.

Suggestion: define a rule for
Would this work?

I don’t believe so. As far as I know, CIS uses subnet masks in the same way and format as they are defined in IPv4 and IPv6 (depending on which you’re using). I suggest you look at the following URL’s and check that this fits with your current understanding of masking in CIS.

The address space used by the owner of the address block you’ve provided is -

That means the numbers in the last two octets (0.0) can be anywhere between 255.254.

Essentially a mask (or subnet mask) controls which portion(s) of the IP address are designated as the Network ID and which are Host ID. In the case above, the Network ID is 123.230 and the Host ID is 0.0. The Network ID cannot be changed, the Host ID can and to do this we use a mask. If we were to apply a default, classful mask, it would be or in CIDR notation /16.

If you want to gain a better understanding of both classful and CIDR based subnetting, take a look at Understanding IP Addressing (PDF) It’s a document written by 3COM. I used it years ago when I had a need to better understand IP Addressing. It’s a little old, but still worthwhile and quite easy to understand.