A good document to read before you start is the sample '/etc/hosts.allow' file. Before you
start changing that file make sure you have a way to get into the system when you lock
yourself out (e.g. ordinary keyboard/monitor access).

The '/etc/hosts.deny' file is depreciated bij FreeBSD and it is better (IMHO) to have all
these rules in one file: '/etc/hosts.allow'.

Because of the size of the default '/etc/hosts.allow' file I always completely empty it.
Then put in the line "ALL : ALL : DENY" . This wil block out everything. Now start 
allowing services, make sure the above line is the last one in the file, here are some
examples:

  sshd : ALL : ALLOW                    allow ssh from everywhere
  sshd : 192.168.1. 127.0.0.1 : ALLOW   allow ssh from localhost and the subnet 192.168.1
  sshd : evil.crackers.org : DENY       deny ssh from evil.crackers.org


So an example file would be something like this:

  sshd : ALL        : ALLOW
  ftpd : 192.168.1. : ALLOW
  ALL  : ALL        : DENY

There are alot more options to use, read the manpages to find out.


MY HOSTS.ALLOW 

sshd: 68.48. 68.49.  207.86.20.34       : ALLOW
sshd: ALL       : DENY