TCP Wrappers
  TCP Wrappers (/usr/sbin/tcpd) can be used to deny connection based on IP address.
  $ cat /etc/hosts.deny
  ALL: ALL
  $ cat /etc/hosts.allow
  ALL: 127.0.0.1/8
  ssh: *.example.com EXCEPT doug.example.com
  ssh: @local_netgroup
  # Allow secure pop anywhere, cleartext locally only
  pop3s: ALL
  pop3:  172.16.0.0/24

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at ISSA Puget Sound, 2003.

Presentation created using vim and MagicPoint.