The /etc/hosts.allow file controls TCP Wrapper-based host access in Linux systems. When you modify it with entries like:

ALL:ALL
This grants access to all services for all hosts - a configuration that should only be used temporarily for testing due to security implications.
Instead of rebooting, you can reload affected services depending on your Linux distribution and the services using TCP Wrappers:
# For systems using inetd/xinetd:
sudo systemctl restart xinetd

# For sshd (if compiled with libwrap support):
sudo systemctl restart sshd

# For vsftpd:
sudo systemctl restart vsftpd
After making changes, verify they're active:
# Check if a service uses TCP Wrappers:
ldd $(which sshd) | grep libwrap

# Test access (from another terminal):
telnet localhost 22

1. Not all services honor hosts.allow - they must be compiled with libwrap support

2. Modern systems often use firewalls (iptables/nftables) instead

3. Always test changes in a staging environment first


The /etc/hosts.allow file is part of TCP Wrappers in Linux for access control. When you modify it (like adding ALL:ALL), changes don't take effect immediately because the tcpd daemon caches the configuration.


For most modern Linux distributions using systemd:

sudo systemctl restart xinetd  
Or if using inetd:  
sudo systemctl restart inetd

For older SysVinit systems:  
sudo service xinetd restart


After restarting the service:  
1. Check status:  
sudo systemctl status xinetd  
2. Test connectivity:  
telnet localhost [port]  
3. Verify logs:  
tail -f /var/log/secure


For systems without xinetd running:  
sudo pkill -HUP -x tcpd  
Or force all services to re-read configs:  
sudo killall -HUP inetd


Using ALL:ALL opens all services to all hosts - only use for testing. A production-ready example:  

sshd: 192.168.1.
httpd: .example.com



If changes don't take effect:  
1. Check syntax with:  
tcpdchk  
2. Verify which services use TCP Wrappers:  
ldd /usr/sbin/sshd | grep libwrap  
3. Ensure no typos in:  
/etc/hosts.deny (which takes precedence)