This parameter is a comma-delimited set of hosts which are permitted to access a service.
If specified in the Default section, it will apply to all services, regardless of whether the individual service has a different setting.
You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like "allow hosts = 150.203.5.". The full syntax of the list is described in the man page hosts_access(5).
You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may be useful:
allow all IPs in 150.203.*.* except one
hosts allow = 150.203. EXCEPT 220.127.116.11
allow hosts that match the given network/netmask
hosts allow = 18.104.22.168/255.255.255.0
allow a couple of hosts
hosts allow = lapland, arvidsjaur
allow only hosts in netgroup "foonet" or localhost, but deny access from one particular host
hosts allow = @foonet, localhost hosts deny = pirate
Note that access still requires suitable user-level passwords.
See testparm(1) for a way of testing your host access to see if it does what you expect.
Default: None (i.e., all hosts are permitted access)
Example: 150.203.5. myhost.mynet.edu.au
The opposite of 'allow hosts' -- hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the 'allow' list takes precedence.
Default: none (i.e., no hosts are specifically excluded)
Example: 150.203.4. badhost.mynet.edu.au