From MEPIS Documentation Wiki
A subnet mask or CIDR prefix address is used in conjunction with the network address to determine which part of the address is the network address and which part is the host address. In general network masks are used to specify address ranges.
If you want to set up your firewall to allow access from all addresses starting from 192.168.1.0 to 192.168.1.255 you can use this notation: 192.168.1.0/255.255.255.0 (where 255.255.255.0 is the subnet mask in dot-decimal notation) or 192.168.1.0/24 (where /24 is the CIDR notation)
While subnet masks are often represented in dot-decimal form (example 255.255.255.0), their use becomes clearer in binary. Looking at a network address and a subnet mask in binary, a device can determine which part of the address is the network address and which part is the host address. To do this, it performs a bitwise operation.
|Full Network Address||192.168.5.10||11000000.10101000.00000101.00001010|
Subnet masks consist of a series of 1s and 0s in binary. The 1s designate that part of the address as being part of the network portion and the 0s designate that part as being part of the host address. Subnet masks do not have to fill a given octet. This allows a classful network to be broken down into subnets. A classful network is a network that has a subnet mask of 255.0.0.0, 255.255.0.0 or 255.255.255.0. Subnet masks can also be expressed in a shorter form, known as "Classless Inter-Domain Routing" or CIDR notation, which gives the network number followed by a slash ("/") and the number of 'one' bits in the binary notation of the netmask (i.e. the number of relevant bits in the network number). For example, 192.0.2.96/24 indicates an IP address where the first 24 bits are used as network address (same as 255.255.255.0).