On a Linux machine, there is hosts.allow and hosts.deny to either allow or deny certain hosts to access services running on the machine.
The question is, what exactly is taking care of allowing or refusing those connections? Is there a daemon doing this, or is it the kernel, something else?
it's called TCP Wrappers - a program is compiled to make use of the features (such as 'portmap', part of the NFS world) which then hooks into hosts.allow/deny and such.
http://en.wikipedia.org/wiki/TCP_Wrapper
https://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Deployment_Guide/s1-services-tcp-wrappers.html
This is handled by a Library called TCP Wrappers.
This library is a wrapper to standard Unix/Linux networking function adding ACL capabilities based on hosts.allow and hosts.denied.
It's a pretty old system.