.TCP Wrappers protected a mechanism for a variety of network services programs, access control for access to service clients address. Policy files corresponding to two /etc/hosts.allow and /etc/hosts.deny, respectively, to set the allow and deny policy.
1. The format of the policy configuration
action of the two opposite policy files, the configuration same recording format as shown below
<Service program list>: <Client Address List>
between the service program list, client list of addresses separated by a colon, comma-separated plurality of entries in each list.
(1) a list of service program
Service program list can be divided into the following categories.
● ALL: representatives of all services.
● individual service procedures: If "the vsftpd"
● list of programs consisting of a plurality of services: such as "the vsftpd, SHD
(2) address of the client list of
client address lists can be categorized.
Network segment addresses: as"
192.168.4.0 /255.255.255.0
● domain names beginning. "": If "kgc.cn" matches all hosts kgc cn domain.
● network address to end. "": The "192.168.4" matches the entire 192168.4.0 / 24 segments. Embed wildcard "*", "?": The former represents the character of any length, which represents only one character, "10.0.8.2 *" matches all addresses that begin with 10.0.8.2 of P. Do not mix with a "" or following mode.
The client list of multiple address components: such as ". 192.68.1 172.17.17, kgc.cn.. "
The basic principle 2. Access control
regarding the mechanism of TCP Wrappers access policy, first check the /etc/hosts.allow file, If the policy match is found, access is granted. Otherwise, continue to check /etc/hosts.deny file. If the policy match is found, access is denied; if two files are checking policy did not match, access is granted.
3.TCP Wrappers configuration examples
For example: If only hope ip address 192.168.10.10 host or network segment located 192.168.20.0/24 host access sshd service, declined to address the other. /etc/hosts.allow vim 
vim /etc/hosts.deny