Introduction

0.0.0.0/0 means "all IPv4 addresses." The ::/0 equivalent means "all IPv6 addresses." The /0 suffix is CIDR notation indicating that zero bits are used for the network prefix, so the entire address space is covered. These notations are most commonly used as the default route in routing tables and as wildcard matches in firewall rules and security group configurations.

Breaking Down the Notation

The IP Address Part

0.0.0.0 is the "unspecified" IPv4 address. In routing context, it acts as a wildcard that matches any IP address. Similarly, :: is the unspecified IPv6 address (shorthand for 128 zero bits).

The /0 CIDR Suffix

CIDR (Classless Inter-Domain Routing) notation uses a suffix like /24, /16, or /0 to indicate how many leading bits define the network portion of an address.

With /0, zero bits are allocated to the network, so all 32 bits are "don't care" bits. The result: it matches every possible IPv4 address from 0.0.0.0 to 255.255.255.255.

The subnet mask equivalent of /0 is 0.0.0.0. Performing a bitwise AND of any IP address with 0.0.0.0 yields 0.0.0.0, confirming that every address matches.

Use Case 1: Default Route in Routing Tables

The most common use of 0.0.0.0/0 is as the default route. When a router receives a packet and no more specific route matches the destination, it falls back to the default route.

1# View the routing table on Linux
2ip route show
3
4# Typical output:
5default via 192.168.1.1 dev eth0
6192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100

The default entry is equivalent to 0.0.0.0/0. It tells the system: "For any destination not explicitly listed, send the packet to 192.168.1.1."

You can add or modify the default route explicitly:

1# Linux: Add a default route
2sudo ip route add 0.0.0.0/0 via 192.168.1.1 dev eth0
3
4# macOS: Add a default route
5sudo route add -net 0.0.0.0/0 192.168.1.1
6
7# Windows: Add a default route
8route add 0.0.0.0 mask 0.0.0.0 192.168.1.1

Without a default route, your machine cannot reach any address outside its directly connected networks. This is why losing the default route makes internet access fail.

Use Case 2: Firewall and Security Group Rules

In firewall configurations, 0.0.0.0/0 means "any source" or "any destination."

AWS Security Groups

Type        Protocol  Port   Source
SSH         TCP       22     0.0.0.0/0    (allows SSH from ANY IPv4 address)
SSH         TCP       22     10.0.0.0/8   (allows SSH only from 10.x.x.x)

iptables (Linux)

1# Allow HTTP from any source
2sudo iptables -A INPUT -p tcp --dport 80 -s 0.0.0.0/0 -j ACCEPT
3
4# Block all incoming traffic from any source (then whitelist)
5sudo iptables -P INPUT DROP
6sudo iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT

Cloud Platform Examples

Use Case 3: Server Binding Address

When a server binds to 0.0.0.0 (without the CIDR suffix), it listens on all available network interfaces:

1# Python: Listen on all interfaces, port 8080
2import socket
3
4server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
5server.bind(("0.0.0.0", 8080))  # accepts connections from any interface
6server.listen(5)

1# Node.js: Express listening on all interfaces
2app.listen(3000, "0.0.0.0", () => {
3  console.log("Listening on all interfaces");
4});

Binding to 0.0.0.0 vs 127.0.0.1:

IPv6 Equivalents

Every IPv4 concept above has an IPv6 counterpart:

In dual-stack networks (supporting both IPv4 and IPv6), you need both 0.0.0.0/0 and ::/0 in your firewall rules to cover all traffic:

# AWS Security Group: Allow HTTPS from anywhere
Inbound Rule 1: HTTPS, TCP, 443, 0.0.0.0/0   (IPv4)
Inbound Rule 2: HTTPS, TCP, 443, ::/0          (IPv6)

Routing Table Deep Dive

When a router has multiple routes, it uses longest prefix match to determine which route to use. The default route (/0) has the shortest prefix, so it is always the last resort:

1# Example routing table
210.0.1.0/24     via 10.0.0.1    # Matches 10.0.1.* (most specific)
310.0.0.0/16     via 10.0.0.2    # Matches 10.0.* (less specific)
40.0.0.0/0       via 192.168.1.1 # Matches everything (least specific, default)

For a packet destined to 10.0.1.5:

• Matches 10.0.1.0/24 (24-bit prefix) - wins, most specific
• Matches 10.0.0.0/16 (16-bit prefix)
• Matches 0.0.0.0/0 (0-bit prefix)

For a packet destined to 8.8.8.8:

• Does not match 10.0.1.0/24
• Does not match 10.0.0.0/16
• Matches 0.0.0.0/0 - only match, used as default gateway

Common Pitfalls

• Opening port 22 (SSH) to 0.0.0.0/0 in production: This allows SSH access from any IP on the internet. Restrict SSH to your office IP range or use a bastion host. Cloud providers like AWS show a warning when you do this.
• Confusing 0.0.0.0/0 with 0.0.0.0: 0.0.0.0/0 is a CIDR range meaning "all addresses." 0.0.0.0 alone (without the /0) is the unspecified address, used for server binding or as a source in DHCP requests. Context matters.
• Forgetting ::/0 in dual-stack environments: If you only add 0.0.0.0/0 to your firewall rules, IPv6 traffic is not covered. Attackers can bypass your rules via IPv6 if your server has an IPv6 address.
• Deleting the default route: Removing the 0.0.0.0/0 route makes your machine unable to reach anything outside its local subnet. On a remote server, this locks you out. Always have console access before modifying routes.
• Assuming /0 means "none" or "no network": The /0 means zero network bits, not zero addresses. It is the opposite of /32 (single host). /0 covers the maximum range, /32 covers the minimum.

Summary

• 0.0.0.0/0 means all IPv4 addresses. ::/0 means all IPv6 addresses.
• The /0 CIDR suffix means zero bits are used for the network prefix, matching the entire address space.
• In routing tables, 0.0.0.0/0 is the default route: the gateway of last resort when no more specific route matches.
• In firewall and security group rules, 0.0.0.0/0 means "any source" or "any destination." Use it cautiously in inbound rules.
• When binding a server to 0.0.0.0, it listens on all network interfaces. Use 127.0.0.1 for local-only access.
• In dual-stack networks, always configure both 0.0.0.0/0 (IPv4) and ::/0 (IPv6) rules.