allow hosts A synonym for this parameter is allow hosts. This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service. If specified in the [global] section then it will apply to all services, regardless of whether the individual service has a different setting. You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like allow hosts = 150.203.5. . The full syntax of the list is described in the man page hosts_access(5). Note that this man page may not be present on your system, so a brief description will be given here also. Note that the localhost address 127.0.0.1 will always be allowed access unless specifically denied by a hosts deny option. You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may provide some help: Example 1: allow all IPs in 150.203.*.*; except one hosts allow = 150.203. EXCEPT 150.203.6.66 Example 2: allow hosts that match the given network/netmask hosts allow = 150.203.15.0/255.255.255.0 Example 3: allow a couple of hosts hosts allow = lapland, arvidsjaur Example 4: allow only hosts in NIS netgroup "foonet", but deny access from one particular host hosts allow = @foonet hosts deny = pirate Note that access still requires suitable user-level passwords. See testparm 1 for a way of testing your host access to see if it does what you expect. 150.203.5. myhost.mynet.edu.au none (i.e., all hosts permitted access)