The TCP wrappers package (tcp_wrappers) is installed by default under Red Hat Linux and provides host-based access control to network services. The most important component within the package is the /usr/lib/libwrap.a library. In general terms, a TCP wrapped service is one that has been compiled against the libwrap.a library
TCP Wrappers can be used to GRANT or DENY access to various services on your machine to the outside network or other machines on the same network. It does this by using simple Access List Rules which are included in the two files /etc/hosts.allow and /etc/hosts.deny .
Let us consider this scenario: A remote machine remote_mc trying to connect to your local machine local_mc using ssh.
When the request from the remote_mc is received by the tcp wrapped service (SSH in this case), it takes the following basic steps:
It checks the /etc/hosts.allow file and applies the first rule specified for that service. If it finds a matching rule , it allows the connection. If no rule is found, it moves on to step 2.
It checks the /etc/hosts.deny file and if a matching rule is found, it deny’s the connection.