Regarding the subnet mask specification in hosts.allow

Hello,
this is Okazaki from the System Solutions Department.

The other day, I had some trouble with how to specify the subnet mask in hosts.allow, so I'll summarize it here

What is hosts.allow?

First of all, hosts.allow is a file that specifies IPs and domains and
describes the connection permission settings for the server.
In conjunction with hosts.deny, which describes the connection denial settings,
you can restrict connections to the server.
The basic entry method is as follows:
"Process name": "IP address you want to allow"

Subnet specification

When describing a specific address range,
for example 192.168.0.0 to 192.168.0.255,
192.168.0.0/24
or
192.168.0.0/255.255.255.0
.

Regarding the main topic, for example,
if you want to allow SSH connections from 192.168.0.0 to 192.168.0.255

sshd: 192.168.0.0/24

If you write it like this, it will not respond.
In this case, even if you try to connect to SSH from 192.168.0.23, you will not be able to connect
. If you want to respond to the same permission settings, you must write it as follows.

sshd: 192.168.0.0/255.255.255.0
or
sshd: 192.168.0.

You can connect by entering this.
You can also specify a domain and add connection permission settings.
sshd: .example.com

summary

There will be many occasions when you will add addresses to hosts.allow, and
if you are only allowing connections from a single address, you do not need to worry about it. However,
if you are adding a specific range of addresses, please be careful about how you specify the subnet mask.

If you found this article useful, please click [Like]!
4
Loading...
4 votes, average: 1.00 / 14
11,338
X Facebook Hatena Bookmark pocket

The person who wrote this article

About the author

Junichiro Okazaki

Extensive experience in relocating and operating smartphone games

I am currently working on multi-cloud operations, server construction, and relocation. As the number of projects increases, I am considering ways to improve the efficiency of my work. I often consider methods for relocating servers, taking into account the advantages of each cloud

While carrying out migrations between clouds and from physical to cloud, the company won two consecutive championships in competitions held by the Japan MSP Association