xinetd can use /etc/hosts.deny. The following syntax has been acceptable
to the wrappers for years.
in.ftpd:ALL:twist /bin/echo "421 host (%h) does not have access to %s";
/usr/local/etc/tcpd_report %d %u %h
where tcpd_report is just a mail announcement script.
Dec 4 13:19:38 bryce xinetd: error: /etc/hosts.deny, line 21: twist
option in resident process
Dec 4 13:19:38 bryce xinetd: refused connect from 220.127.116.11
replacing twist with spawn works.
using ftp for test.
Confirmed... it works once, then xinetd exits. Looking into it.
This is fixed in xinetd-18.104.22.168pre14-1, coming soon to a Rawhide near you.