This is a way of controlling access to services normally run by inetd (which
Gentoo does not have), but it can also be used by xinetd and other services.
The service should be executing tcpd in its server argument (in xinetd). See the
chapter on xinetd for more information.
Code Listing 1.1: /etc/hosts.deny
Code Listing 1.1: /etc/hosts.allow
ALL: LOCAL @wheel
time: LOCAL, .gentoo.org
As you can see the format is very similar to the one in
/etc/security/access.conf. Tcpd supports a specific service; it
does not overlap with /etc/security/access.conf. These settings
only apply to services using tcp wrappers.
It is also possible to execute commands when a service is accessed (this can be
used when activating relaying for dial-in users) but it is not recommended,
since people tend to create more problems than they are trying to solve. An
example could be that you configure a script to send an e-mail every time
someone hits the deny rule, but then an attacker could launch a DoS attack by
keep hitting the deny rule. This will create a lot of I/O and e-mails so
don't do it!. Read the man 5 hosts_access for more information.