While I believe that does work, I know this to work:
Code:
portmap:192.168.0.0/255.255.255.0
(giving an ip & mask).
you can also give an ip/mask & it will mask just like the above, i.e. 192.168.0.0/32
there are other options as well.
there are man pages on hosts.allow & hosts.deny (man hosts.allow) - give 'em a look.