I'm not 100% sure if this can be done, but I imagine it has to be possible. I'm just not sure why I've never encountered it being set up like this. Maybe I'm just inexperienced. Please enlighten me. I'm having trouble searching about this.
If you are talking about your own local home lan, you should be fine because for an external internet source to get to your ssh port on a machine on your home lan you would need to setup port forwarding in your ISP router. Getting to your question, if you only want certain ip addresses on your local home lan to be able access the ssh port of a certain system you can setup firewall rules that only allow those specific ip address to access the ssh port. And another way of doing it would be to do what @dos2unix mentioned, there are usually several ways of doing something.
Don't know much about ssh since I don't use it, but just bumped into this article while checking my feed, and just below(in my feed)was this thread, so I thought it might be helpful, if not with this in particular, for something else
If you are talking about your own local home lan, you should be fine because for an external internet source to get to your ssh port on a machine on your home lan you would need to setup port forwarding in your ISP router.
Port forwarding ssh is incredibly dangerous. Install a vpn. (SoftEther, OpenVPN, or Pritunl or something)
Besides, if you port forward ssh, the subnet blocking won't matter because the router likely has NAT enabled. It will just appear as though they are coming from the router which is on the subnet you likely do not want to block.