Restrict daemon access using TCP Wrapper
TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.
By using the hosts.allow and hosts.deny (TCP Wrappers) files in /etc you can enable this by putting
An easy way to check if the command can use TCP Wrappers
ldd $(which vsftpd)|grep wrap
If you get a result like
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x001d6000)
the command supports TCP wrapping.