Oops.  Talk about not answering the question...

To translate to a dotted decimal subnet mask:

Form a 32 bit string of n binary ones, zero padded, separated into groups of
8, (dotted binary?) where n is the number after the slash.

e.g. /25 would be 11111111.11111111.11111111.10000000

Convert each group of 8 bits into a decimal number.



What does the /8, /12, etc. below mean?  I assume subnet, but having
only used 4 octet notation for subnets, I don't know how to translate

The reserved-for-private-use netblocks should be blocked in *both
directions* (in and out, source and destination) at your boundary:

