You want only particular remote hosts to access a TCP service via xinetd , when xinetd was compiled with libwrap support.

Control access via /etc/hosts.allow and /etc/hosts.deny. For example, to permit Telnet connections only from 192.168.1.100 and hosts in the example.com domain, add this to /etc/hosts.allow:

in.telnetd : 192.168.1.100
in.telnetd : *.example.com
in.telnetd : ALL : DENY

Then reset xinetd so your changes take effect. [Recipe 3.3]

If you want to consolidate your access control in /etc/hosts.allow and /etc/hosts.deny, rather than use xinetd-specific methods [Recipe 3.8], or if you prefer the hosts.allow syntax and capabilities, this technique might be for you. These files support a rich syntax for specifying hosts and networks that may, or may not, connect to your system via specific services.

This works only if xinetd was compiled with libwrap support enabled. To detect this, look at the output of:

$ strings /usr/sbin/xinetd | grep libwrap
libwrap refused connection to %s from %s
%s started with libwrap options compiled in.

If you see printf-style format strings like the above, your xinetd has libwrap support.

xinetd(8), hosts.allow(5).