Single Host IP to CIDR (/32)
Convert a single IP address to CIDR notation using /32 prefix. Understand why single-host CIDR blocks are used in firewall rules and security groups.
Detailed Explanation
Single Host CIDR: The /32 Block
When you need to reference exactly one IP address in CIDR notation, you use a /32 prefix. This means all 32 bits of the IPv4 address are the network portion, leaving zero bits for the host — so the block contains exactly one address.
Example
Range: 203.0.113.42 - 203.0.113.42
CIDR: 203.0.113.42/32
Why /32 Matters
In network access control lists (ACLs), cloud security groups (like AWS Security Groups), and firewall rules, you often need to whitelist a specific server or workstation. Using the /32 CIDR notation is the standard way to express "this exact IP address and nothing else."
Bit-Level Breakdown
| Component | Value |
|---|---|
| IP Address | 203.0.113.42 |
| Subnet Mask | 255.255.255.255 |
| Network Bits | 32 |
| Host Bits | 0 |
| Total Addresses | 1 |
Common Uses of /32
- Bastion host access: Allow SSH only from your specific IP
- API allowlisting: Grant access to a single client server
- BGP route injection: Announce a single host route
- Load balancer targets: Register individual backend instances
The /32 prefix is the most restrictive CIDR block possible, making it the safest choice when you only need to reference a single machine.
Use Case
A DevOps engineer needs to add their office IP (203.0.113.42) to an AWS security group inbound rule. The security group UI requires CIDR notation, so they enter 203.0.113.42/32 to allow access from exactly that one IP address.