[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

Regarding subnet mask specification for hosts.allow

Hello.
This is Okazaki from the System Solutions Department.

The other day, I stumbled over how to specify the subnet mask for hosts.allow, so I'll summarize it here.

What is hosts.allow?

First of all, hosts.allow is a file that specifies IP and domain and
describes permission settings for connecting to the server.

Connections to the server can be restricted
in conjunction with hosts.deny, which specifies connection denial settings The basic entry method is as follows.
"Process name": "IP address you want to allow"

About subnet specification

When describing a specific address range,
for example 192.168.0.0 to 192.168.0.255,

use 192.168.0.0/24
or
192.168.0.0/255.255.255.0

Regarding the main topic, for example,
if you want to allow SSH connections from 192.168.0.0 to 192.168.0.255

sshd: 192.168.0.0/24

If you write something like this, it will not respond.
At this time, if you try to connect via SSH from 192.168.0.23, you will not be able to connect.If
you want to react with similar permission settings, you must write the following.

sshd: 192.168.0.0/255.255.255.0
or
sshd: 192.168.0.

By filling in the information like this, you can connect.
You can also specify a domain and add connection permission settings.
sshd: .example.com

summary

I think there are many opportunities to add it to hosts.allow, and
there is no need to worry about it if you are allowing connections from one address, but
when adding a specific range of addresses, specify the subnet mask. Please be careful when adding.

If you found this article helpful , please give it a like!
3
Loading...
3 votes, average: 1.00 / 13
10,200
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author

Junichiro Okazaki

Extensive experience in relocating and operating smartphone games.

He handles multi-cloud operations, server construction and relocation on a daily basis. As the number of cases has increased, I am considering how to improve the efficiency of my work. We often consider methods for relocating servers based on the merits of each cloud.

While we were relocating between clouds and from physical to cloud, we achieved two consecutive victories in a competition held by the Japan MSP Association.