This is a way of controlling access to services normally run by inetd (which Gentoo does not have), but it can also be used by xinetd and other services.

ALL:PARANOID

ALL: LOCAL @wheel
time: LOCAL, .gentoo.org

As you can see the format is very similar to the one in /etc/security/access.conf. Tcpd supports a specific service; it does not overlap with /etc/security/access.conf. These settings only apply to services using tcp wrappers.

It is also possible to execute commands when a service is accessed (this can be used when activating relaying for dial-in users) but it is not recommended, since people tend to create more problems than they are trying to solve. An example could be that you configure a script to send an e-mail every time someone hits the deny rule, but then an attacker could launch a DoS attack by keep hitting the deny rule. This will create a lot of I/O and e-mails so don't do it!. Read the man 5 hosts_access for more information.