Regarding subnet mask specification for hosts.allow
table of contents
Hello.
This is Okazaki from the System Solutions Department.
The other day, I stumbled over how to specify the subnet mask for hosts.allow, so I'll summarize it here.
What is hosts.allow?
First of all, hosts.allow is a file that specifies IP and domain and
describes permission settings for connecting to the server.
Connections to the server can be restricted
in conjunction with hosts.deny, which specifies connection denial settings The basic entry method is as follows.
"Process name": "IP address you want to allow"
About subnet specification
When describing a specific address range,
for example 192.168.0.0 to 192.168.0.255,
use 192.168.0.0/24
or
192.168.0.0/255.255.255.0
Regarding the main topic, for example,
if you want to allow SSH connections from 192.168.0.0 to 192.168.0.255
sshd: 192.168.0.0/24
If you write something like this, it will not respond.
At this time, if you try to connect via SSH from 192.168.0.23, you will not be able to connect.If
you want to react with similar permission settings, you must write the following.
sshd: 192.168.0.0/255.255.255.0
or
sshd: 192.168.0.
By filling in the information like this, you can connect.
You can also specify a domain and add connection permission settings.
sshd: .example.com
summary
I think there are many opportunities to add it to hosts.allow, and
there is no need to worry about it if you are allowing connections from one address, but
when adding a specific range of addresses, specify the subnet mask. Please be careful when adding.