It would be nice if the match host rule could be expanded to match patterns as follows:

• Allow * to match everything (this is already supported)
• Allow strings of the form *.myhost.com
• Allow IP address matching (this is already supported)
• Allow CIDR block matching e.g. 10.54.0.0/16

This would allow authentication rules to be much simpler in some cases.