I'm not digging up a comfortable explanation to this. It looks like TCP_wrappers just restricts usage of TCP access to daemons and doesn't affect packet filtering at all in the kernel, so if I am configuring a firewall with only local access, for instance, I could just leave the hosts.allow file empty and have the single hosts.deny entry of:
ALL: ALL and that would do it, right? Then if I want to allow maintenance from some machine I'd presumably add an ssh entry on the hosts.allow file...? -- http://www.eskimo.com/~xeno [EMAIL PROTECTED] Physically I'm at: 5101 N. 45th St., Tacoma, WA, 98407-3717, U.S.A.