diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index c0b028130..44ca007ff 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -507,6 +507,18 @@ valid_hostname() {
 	[[ $hostname =~ ^[a-zA-Z0-9\-]+$ ]] && [[ $hostname != 'localhost' ]] && return 0 || return 1
 }
 
+verify_ip4() {
+        local ip=$1
+        # Is this an IP or CIDR?
+        if grep -qP "^[^/]+/[^/]+$" <<< $ip; then
+                # Looks like a CIDR
+                valid_ip4_cidr_mask "$ip"
+        else
+                # We know this is not a CIDR - Is it an IP?
+                valid_ip4 "$ip"
+        fi
+}
+
 valid_ip4() {
 	local ip=$1
 
diff --git a/salt/common/tools/sbin/so-firewall b/salt/common/tools/sbin/so-firewall
index e16cc1e2c..9da3bd32b 100755
--- a/salt/common/tools/sbin/so-firewall
+++ b/salt/common/tools/sbin/so-firewall
@@ -71,11 +71,11 @@ else
 	exit 1
 fi
 
-# Are we dealing with an IP?
-if valid_ip4 "$IP"; then
-	echo "$IP is valid"
+ # Are we dealing with an IP?
+if verify_ip4 "$IP"; then
+	echo "$IP is a valid IP or CIDR"
 else
-	echo "$IP is not a valid IP Address"
+	echo "$IP is not a valid IP or CIDR"
 	exit 1
 fi
 
@@ -90,14 +90,7 @@ if [ -f "$local_salt_dir/hostgroups/$ROLE" ]; then
 fi
 
 # If you have reached this part of your quest then let's add the IP
-if [ -f "$local_salt_dir/hostgroups/$ROLE" ]; then
-	touch $local_salt_dir/hostgroups/$ROLE
-	echo "Adding $IP to the $ROLE role"
-	echo "$IP" > $local_salt_dir/hostgroups/$ROLE
-else
-	echo "Adding $IP to the $ROLE role"
-	echo "$IP" >> $local_salt_dir/hostgroups/$ROLE
-fi
+echo "Adding $IP to the $ROLE role"
 
 # Check to see if we are applying this right away.
 if [ "$APPLY" = "true" ]; then