If this parameter is On for a service, then no password is required to connect to the service. Privileges will be those of the guest account.
If this parameter is Off, then users of a service may not create or modify files in the service's directory.
This parameter is a comma-delimited set of hosts which are permitted to access a service.
If specified in the [global] section then it will apply to all services, regardless of whether the individual service has a different setting.
You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like "allow hosts = 150.203.5.". The full syntax of the list is described in the man page hosts_access(5).
You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may provide some help:
allow all IPs in 150.203.*.* except one
Allow Hosts: 150.203. EXCEPT 188.8.131.52
allow hosts that match the given network/netmask
Allow Hosts: 184.108.40.206/255.255.255.0
allow a couple of hosts
Allow Hosts: lapland, arvidsjaur
allow only hosts in netgroup "foonet" or localhost, but deny access from one particular host
Allow Hosts: @foonet, localhost
Note that access still requires suitable user-level passwords.
See testparm(1) for a way of testing your host access to see if it does what you expect.
Default: None (i.e., all hosts permitted access)
Example: 150.203.5. myhost.mynet.edu.au
The opposite of Allow Hosts - hosts listed here are not permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the Allow osts list takes precedence.
Default: None (i.e., no hosts specifically excluded)
Example: 150.203.4. badhost.mynet.edu.au