systemd equivalent of xinetd 'only_from' and 'banner_fail' attributes

I'm attempting to port an existing xinetd service from CentOS 6 to
something equivalent with systemd for CentOS 7

The existing xinetd config uses the attributes 'only_from' to limit
connections from a limited set of remote hosts and 'banner_fail' to
print a suitable error message when access is denied

However, I can't find suitable 'equivalents' with systemd socket/service
files on CentOS 7

It appears later versions of systemd supports the option IPAddressAllow=
(which is what I think I need ?)

Does anyone know how to limit the remote hosts that can connect to a
port with CentOS 7's systemd ?

Also, how to implement the equivalent of 'banner_fail' ? (not absolutely
required, but nice to have)


James Pearson