App StoreApp Store
Google PlayGoogle Play
Temp Mail Logo

Temp Mail safeguards your privacy while keeping your inbox free from spam.

🌐 Start IP + End IP -> Minimal CIDR Blocks

IP Range to CIDR Converter

Free IP range to CIDR converter -- enter any start and end IPv4 address and instantly get the minimal set of CIDR blocks that exactly covers that range. Essential for firewall rules, AWS security groups, BGP route advertisements, and IP allowlist configuration. 100% client-side, no signup required.

✓ Minimal CIDR coverage✓ RFC 4632 algorithm✓ Network + broadcast shown✓ Copy all as list✓ 100% client-side
Enter a start and end IP above, or click a sample range
What this tool does

Free IP range to CIDR converter -- calculate minimal CIDR notation from any IPv4 address range

This free IP range to CIDR converter takes any start IP address and end IP address and calculates the minimal set of CIDR (Classless Inter-Domain Routing) blocks that exactly covers that address range. CIDR notation is the universal standard format for specifying IP address ranges in network devices -- firewalls, routers, cloud security groups, BGP routing tables, and IP allowlists all use CIDR notation rather than start/end IP pairs. Results update live as you type, with each block showing its network address, broadcast address, and exact IP count.

The converter uses a greedy RFC 4632 alignment algorithm. Starting at the first IP in the range, it finds the largest CIDR block that both starts at the exact current IP and does not extend past the end IP. A CIDR block is valid at a given prefix length only if the start IP is aligned to a power-of-2 boundary for that prefix -- for example, a /24 block must start at a multiple of 256, a /25 at a multiple of 128. The algorithm decrements the prefix length (increasing block size) as long as alignment and range constraints are satisfied, then records that block, advances the cursor past it, and repeats. This guarantees the minimum possible number of CIDR blocks for any given range.

IP range to CIDR conversion is a daily task for network engineers, security engineers, and cloud architects. When configuring AWS Security Groups, Google Cloud Firewall rules, Azure NSGs, or on-premise firewall ACLs, only CIDR notation is accepted -- you cannot paste a start/end range directly. Threat intelligence feeds, geo-IP block lists, CDN IP publications, and ISP route advertisements all use CIDR notation. This tool is also essential when configuring BGP route aggregation, writing iptables or nftables rules, creating Cloudflare IP Access Rules, or building VPN split-tunnel configurations that need specific subnets in CIDR format.

Features and concepts
Minimal block count
The greedy RFC 4632 algorithm guarantees the smallest possible number of CIDR blocks for any given IP range.
Power-of-2 alignment
CIDR blocks must start at addresses divisible by their block size -- a /25 must start at a multiple of 128, a /24 at a multiple of 256.
Network address
The first IP in a CIDR block, with all host bits set to zero. Used as the identifier for the subnet.
Broadcast address
The last IP in a CIDR block, with all host bits set to one. Packets sent to this address reach all hosts in the subnet.
Prefix length
The number after the slash in CIDR notation, indicating how many leading bits are fixed as the network portion of the address.
Host count
Each CIDR block contains 2^(32-prefix) addresses. A /32 = 1 IP, /31 = 2, /30 = 4, /24 = 256, /16 = 65,536, /8 = 16,777,216.
Copy all CIDRs
One click copies all CIDR blocks as a newline-separated list, ready to paste into firewall rule editors or configuration files.
Live calculation
Results update instantly as you type -- no submit button needed. Invalid input shows a clear error message.
Sample ranges
Four built-in sample ranges cover common cases: clean /24, unaligned range, exact /25, and a typical LAN allocation.
100% client-side
All calculations run in your browser using pure JavaScript arithmetic. No data is sent to any server.
Examples

IP range to CIDR conversion examples -- from clean subnets to unaligned ranges

These examples show how different IP ranges convert to CIDR notation, from perfectly aligned single-block ranges to complex unaligned ranges requiring multiple blocks.

ExcellentClean /24 subnet -- perfect alignment, single block
Input: 192.168.1.0 -> 192.168.1.255 Output: 192.168.1.0/24 Network: 192.168.1.0 Bcast: 192.168.1.255 IPs: 256 Blocks: 1
The range 192.168.1.0 to 192.168.1.255 is a perfectly aligned /24 block -- 256 addresses starting at a multiple of 256. This is the most common subnet size for home and small office LANs, and the most firewall-friendly because it converts to exactly one CIDR block. Any range that starts at a power-of-2 boundary and covers exactly that many IPs will always produce a single block.
GoodAligned /25 -- half a Class C, clean boundary
Input: 172.16.0.0 -> 172.16.0.127 Output: 172.16.0.0/25 Network: 172.16.0.0 Bcast: 172.16.0.127 IPs: 128 Blocks: 1
172.16.0.0 to 172.16.0.127 is exactly 128 addresses starting at a multiple of 128, so it converts to a clean /25. A /25 is commonly used to split a /24 into two equally-sized halves -- the first half (.0 to .127) and the second half (.128 to .255). This is a frequent pattern when subnetting a corporate network or cloud VPC into separate segments for different environments or departments.
FairUnaligned range -- requires 4 CIDR blocks to cover exactly
Input: 10.0.0.1 -> 10.0.0.14 Output: 10.0.0.1/32 (1 IP) 10.0.0.2/31 (2 IPs) 10.0.0.4/30 (4 IPs) 10.0.0.8/30 (4 IPs) Total: 4 blocks, 11 IPs
10.0.0.1 is not aligned to any CIDR boundary larger than /32, so the algorithm starts with a /32, then the next aligned block is /31 at 10.0.0.2, then /30 at 10.0.0.4, then /30 at 10.0.0.8 -- stopping before 10.0.0.15 is included. This is typical for ranges sourced from threat intelligence feeds or IP allocation tables that do not align to standard subnet boundaries. Each block must be added as a separate firewall rule.
FairMid-subnet range -- offset start and end, 6 blocks needed
Input: 192.168.1.100 -> 192.168.1.200 Output: 192.168.1.100/30 (4 IPs) 192.168.1.104/29 (8 IPs) 192.168.1.112/28 (16 IPs) 192.168.1.128/26 (64 IPs) 192.168.1.192/27 (32 IPs) 192.168.1.200/32 (1 IP) Total: 6 blocks, 101 IPs
A range that starts and ends in the middle of a /24 requires multiple blocks of increasing then decreasing size. The algorithm starts with small aligned blocks at .100, grows to the largest possible aligned block (.128/26 = 64 IPs), then shrinks back down to cover the tail of the range. This shape -- small, large, small -- is characteristic of mid-subnet ranges and is why ranges like DHCP pools often produce many CIDR blocks.
ExcellentSingle host /32 -- one IP address as a CIDR block
Input: 203.0.113.45 -> 203.0.113.45 Output: 203.0.113.45/32 Network: 203.0.113.45 Bcast: 203.0.113.45 IPs: 1 Blocks: 1
When start IP equals end IP, the result is always a /32 -- the smallest possible CIDR block, representing exactly one IP address. /32 rules are used in firewalls to allow or block a specific individual IP address rather than a range. This is the correct CIDR notation for single-host rules in AWS Security Groups, iptables, and all cloud and on-premise firewall platforms.
FAQ

Frequently asked questions about IP range to CIDR conversion

What is an IP range to CIDR converter and what does it do?
An IP range to CIDR converter takes a start IP address and an end IP address and calculates the minimal set of CIDR (Classless Inter-Domain Routing) blocks that exactly cover that address range without including any extra IP addresses outside it. CIDR notation (e.g. 192.168.1.0/24) is the standard format used by firewalls, routers, cloud security groups, and routing tables. Most network tools only accept CIDR notation, so converting a human-readable range like '10.0.0.1 to 10.0.0.50' into CIDR blocks is a necessary step for many network configuration tasks.
Why does converting an IP range sometimes produce multiple CIDR blocks?
CIDR blocks must be aligned to power-of-2 boundaries. A /24 block must start at a multiple of 256, a /25 must start at a multiple of 128, a /26 at a multiple of 64, and so on. If your IP range does not start and end at aligned boundaries, no single CIDR block can cover it exactly without also including IP addresses outside the requested range. In that case, the converter produces multiple smaller blocks that together cover the range precisely. For example, 10.0.0.1 to 10.0.0.14 requires four CIDR blocks: 10.0.0.1/32, 10.0.0.2/31, 10.0.0.4/30, and 10.0.0.8/30.
What algorithm does this IP range to CIDR tool use?
The tool uses a greedy algorithm based on the standard RFC 4632 method for CIDR aggregation. Starting at the first IP in the range, it finds the largest CIDR block that both starts at the exact current IP address and does not extend past the end IP. The prefix length starts at /32 and is decremented as long as the block stays aligned and within bounds. Once the largest valid block is found, its IP count is added to the cursor and the process repeats from the next IP until the entire range is covered. This guarantees the minimal number of CIDR blocks.
How do I use IP range to CIDR conversion for AWS security groups?
AWS security group inbound and outbound rules only accept CIDR notation -- you cannot enter a start/end IP range directly. If you need to allow or block a specific IP range, paste your start IP and end IP into this converter, copy the resulting CIDR blocks, and add each one as a separate security group rule. For large or irregular ranges that produce many CIDR blocks, consider whether a broader CIDR (accepting slightly more IPs) would be more manageable. The same applies to AWS VPC route tables, NACLs, and WAF IP sets.
What is the difference between a /24 and a /32 CIDR block?
The number after the slash in CIDR notation is the prefix length -- it indicates how many leading bits of the 32-bit IP address are fixed as the network address. A /32 has all 32 bits fixed, meaning it represents exactly one IP address (2^0 = 1 host). A /24 has 24 bits fixed and 8 bits variable, giving 2^8 = 256 addresses. A /16 gives 65,536 addresses, and a /8 gives 16,777,216 addresses. Each decrease in prefix length doubles the number of addresses in the block. Common subnet sizes are /24 (256 IPs, typical LAN), /22 (1024 IPs), and /16 (65k IPs).
Can I use this tool to convert IP ranges for firewall rules?
Yes -- this is one of the most common use cases. Hardware firewalls (Cisco, Palo Alto, Fortinet, pfSense), cloud firewalls (AWS Security Groups, Google Cloud Firewall, Azure NSGs), and software firewalls (iptables, nftables, Windows Firewall) all use CIDR notation for IP-based rules. If you have a list of IP ranges from a threat intelligence feed, a CDN's published IP list, or a partner network's allocation, this tool converts them to the CIDR format your firewall expects. Paste each resulting CIDR as a separate deny or allow rule.
What is the maximum number of CIDR blocks a single IP range can produce?
In the worst case, an IP range that starts and ends at maximally unaligned boundaries can produce up to 62 CIDR blocks (31 blocks for the start address working up from /32, and 31 blocks for the end address working down from /32, minus any overlap). This happens for ranges like 0.0.0.1 to 255.255.255.254. In practice, most real-world ranges produce far fewer blocks -- a range covering a clean subnet boundary like 10.0.0.0 to 10.0.255.255 produces exactly one block (10.0.0.0/16). Well-aligned ranges from ISPs and cloud providers typically convert to just one or two CIDR blocks.
How do I convert an IP range to CIDR in Python?
Python's built-in ipaddress module has a summarize_address_range() function that does exactly this. Import it with: from ipaddress import summarize_address_range, IPv4Address. Then call: list(summarize_address_range(IPv4Address('10.0.0.1'), IPv4Address('10.0.0.14'))). This returns a list of IPv4Network objects representing the minimal CIDR coverage. Each object's str() representation gives the CIDR notation. This is the recommended approach for scripting because the ipaddress module handles all edge cases including IPv6 and validates input automatically.
What is the difference between IP range to CIDR and CIDR to IP range?
These are inverse operations. IP range to CIDR starts with two IP addresses (start and end) and produces one or more CIDR blocks that cover that range -- this tool performs that direction. CIDR to IP range starts with a CIDR block like 192.168.1.0/24 and expands it to show the network address, broadcast address, and all host addresses within it. Both conversions are needed in networking: CIDR to IP range is used when you need to enumerate all IPs in a subnet, while IP range to CIDR is used when you need to express a specific address range in the format that network devices and cloud platforms accept.
Does this tool support IPv6 IP range to CIDR conversion?
This tool currently supports IPv4 addresses only (four dot-separated octets in the 0.0.0.0 to 255.255.255.255 range). IPv6 range to CIDR conversion follows the same algorithmic principle -- find the largest aligned prefix that fits within the range -- but operates on 128-bit addresses instead of 32-bit. For IPv6 CIDR conversion, the Python ipaddress.summarize_address_range() function supports both IPv4 and IPv6 natively. IPv6 CIDR support is planned for a future version of this tool.
Related Tools

Need a disposable email address?Generate a free, instant throwaway -- zero signup, zero trace.

Get Free Temp Mail ->