Regarding the subnet mask specification in hosts.allow

Hello,
this is Okazaki from the System Solutions Department.

The other day, I had some trouble with how to specify the subnet mask in hosts.allow, so I'll summarize it here

What is hosts.allow?

First of all, hosts.allow is a file that specifies IPs and domains and
describes the connection permission settings for the server.
In conjunction with hosts.deny, which describes the connection denial settings,
you can restrict connections to the server.
The basic entry method is as follows:
"Process name": "IP address you want to allow"

Subnet specification

When describing a specific address range,
for example 192.168.0.0 to 192.168.0.255,
192.168.0.0/24
or
192.168.0.0/255.255.255.0
.

Regarding the main topic, for example,
if you want to allow SSH connections from 192.168.0.0 to 192.168.0.255

sshd: 192.168.0.0/24

If you write it like this, it will not respond.
In this case, even if you try to connect to SSH from 192.168.0.23, you will not be able to connect
. If you want to respond to the same permission settings, you must write it as follows.

sshd: 192.168.0.0/255.255.255.0
or
sshd: 192.168.0.

You can connect by entering this.
You can also specify a domain and add connection permission settings.
sshd: .example.com

summary

There will be many occasions when you will add addresses to hosts.allow, and
if you are only allowing connections from a single address, you do not need to worry about it. However,
if you are adding a specific range of addresses, please be careful about how you specify the subnet mask.