from the README:
With this package you can monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services.
It supports both 4.3BSD-style sockets and System V.4-style TLI. Praise yourself lucky if you don't know what that means.
The package provides tiny daemon wrapper programs that can be installed without any changes to existing software or to existing configuration files. The wrappers report the name of the client host and of the requested service; the wrappers do not exchange information with the client or server applications, and impose no overhead on the actual conversation between the client and server applications.
Optional features are: access control to restrict what systems canconnect to what network daemons; client user name lookups with the RFC 931 etc. protocol; additional protection against hosts that pretend to have someone elses host name; additional protection against hosts that pretend to have someone elses host address.
The programs are very portable. Build procedures are provided for many common (and not so common) environments, and guidelines are provided in case your environment is not among them.
Requirements are that network daemons are spawned by a super serversuch as the inetd; a 4.3BSD-style socket programming interface and/or System V.4-style TLI programming interface; and the availability of a syslog(3) library and of a syslogd(8) daemon. The wrappers should run without modification on any system that satisfies these requirements. Workarounds have been implemented for several common bugs in system software.
What to do if this is your first encounter with the wrapper programs:
1) read the tutorial sections for an introduction to the relevant concepts and terminology; 2) glance over the security feature sections in this document; 3) follow the installation instructions (easy or advanced). I recommend that you first use the default security feature settings. Run the wrappers for a few days to become familiar with their logs, before doing anything drastic such as cutting off access or installing booby traps.
Note that by default, host access is compiled in, but is not enforced until you make it so, i.e. by installing /etc/hosts.allow and /etc/hosts.deny files appropriately. please see the manual pages for this information. Also, please read the README file (located in /usr/freeware/info/README).
tcp wrappers 7.3 includes these subsystems:
All of the subsystems for this product can be installed using IRIX. You do not need to use the miniroot. Refer to the Software Installation Administrator's Guide for complete installation instructions.
You must be the superuser to use this software.
This software is compatible with IRIX 5.3 and IRIX 6.2, but will only install using 6.2.
if you would like to use host access restriction, please see the manual page for hosts_access(5f)and hosts_options(5f), and if you would like to use informational banners, please install the source code, and see the file Banners.Makefile.