You want only particular remote hosts to access a TCP service via xinetd , when xinetd was not compiled with libwrap support.
Set up access control rules in /etc/hosts.allow and/or /etc/hosts.deny. For example, to permit telnet connections only from 192.168.1.100 and hosts in the example.com domain, add to /etc/hosts.allow:
in.telnetd : 192.168.1.100 in.telnetd : *.example.com in.telnetd : ALL : DENY
Then modify /etc/xinetd.conf or /etc/xinetd.d/servicename to invoke tcpd in place of your service:
Old /etc/xinetd.conf or /etc/xinetd.d/telnet: service telnet { ... flags = ... server = /usr/sbin/in.telnetd ... } New /etc/xinetd.conf or /etc/xinetd.d/telnet: service telnet { ... flags = ... NAMEINARGS server = /usr/sbin/tcpd server_args = /usr/sbin/in.telnetd ... }
Then reset xinetd so your changes take effect. [Recipe 3.3]
This technique is only for the rare case when, for some reason, you don't want to use xinetd's built-in access control [Recipe 3.8] and your xinetd does not have libwrap support compiled in. It mirrors the original inetd method of access control using TCP-wrappers. [Recipe 3.11]
You must include the flag NAMEINARGS, which tells xinetd to look in the server_args line to find the service executable name (in this case, /usr/sbin/in.telnetd).
xinetd(8), hosts.allow(5), tcpd(8).