A different strategy could be to leave PermitRootLogin set to no for all addresses, but allow a different user to log in and use sudo. One benefit of doing this is that you can limit what that user with sudo configuration. This is an added layer of protection, in addition to limiting what IP addresses the admin user can log in from.
In /etc/ssh/sshd_config, disable root logins:
PermitRootLogin noCreate a different user called, say, admin. Configure the allowed IP addresses in this user's authorized keys file, /home/admin/.ssh/authorized_keys:
from="192.168.0.0/24,fe80::%eth0/64" <your public key here>In this example, I also allowed traffic from IPv6 link-local addresses. This is helpful if you use mDNS that may resolve to an IPv6 address or if you need to access the server even when routing is broken. Note that the eth0 part of the address will change based on the interface name on your server. Use ifconfig or ip link to list valid network devices for your server.