Regarding the subnet mask specification in hosts.allow

Hello everyone.
This is Okazaki from the Systems Solutions Department.

The other day, I had some trouble with how to specify the subnet mask in hosts.allow, so I'll summarize it here

What is hosts.allow?

The hosts.allow
file is used to specify IP addresses and domains that are allowed to connect to a server.
Together with hosts.deny, which is used to deny connections,
it can restrict access to the server.
The basic format is as follows:
"Process Name": "IP Address to Allow"

Subnet specification

When describing a specific range of addresses,
for example, 192.168.0.0 to 192.168.0.255 would
192.168.0.0/24
or
192.168.0.0/255.255.255.0
.

Regarding the main topic, for example,
if you want to allow SSH connections from 192.168.0.0 to 192.168.0.255

sshd: 192.168.0.0/24

Writing it like this won't work.
At this time, you also can't connect via SSH from 192.168.0.23.
To make similar permission settings work, you need to write it like this:

sshd: 192.168.0.0/255.255.255.0
or
sshd: 192.168.0.

Entering it this way will allow you to connect.
You can also add connection permission settings by specifying a domain:
sshd: .example.com

summary

You'll often need to add addresses to your hosts.allow file, and
while you don't need to worry about it if you're only allowing connections from a single address,
when adding addresses within a specific range, be sure to pay attention to how you specify the subnet mask.