- You can also combine "hosts allow" with a separate "hosts deny" parameter.
- If both parameters are specified then the "hosts allow" parameter is
- checked first and a match results in the client being able to connect. The
- "hosts deny" parameter is then checked and a match means that the host is
- rejected. If the host does not match either the "hosts allow" or the
- "hosts deny" patterns then it is allowed to connect.
+ You can also combine "hosts allow" with "hosts deny" as a way to add
+ exceptions to your deny list. When both parameters are specified, the
+ "hosts allow" parameter is checked first and a match results in the client
+ being able to connect. A non-allowed host is then matched against the
+ "hosts deny" list to see if it should be rejected. A host that does not
+ match either list is allowed to connect.