TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.

By using the hosts.allow and hosts.deny (TCP Wrappers) files in /etc you can enable this by putting

An easy way to check if the command can use TCP Wrappers

ldd $(which vsftpd)|grep wrap

If you get a result like

libwrap.so.0 => /usr/lib/libwrap.so.0 (0x001d6000)

the command supports TCP wrapping.