The tcpd program is configured using two files: /etc/hosts.allow and
/etc/hosts.deny. These files have lines of the form:
daemon_list : client_list [ : shell_command ]
Access is granted or denied in the following order. The search stops
at the first match:
- Access is granted when a match is found in /etc/hosts.allow
- Access is denied when a match is found in /etc/hosts.deny
- Access is granted if nothing matches
For example, to allow telnet access only to our internal network, we
start by setting policy (reject all connections with a source other than
localhost) in /etc/hosts.deny:
in.telnetd: ALL EXCEPT LOCAL