High-paranoia: Limit access only to specifically-listed services; deny access by default.
/etc/hosts.allow:
comsat sshdfwd-X11: localhost 127.0.0.1 hexadecimal.uoregon.edu fingerd sshd: ALL: rfc931
/etc/hosts.deny:
ALL: ALL: rfc931
These rules permit access to the "comsat" service and SSH X connection forwarding from the local host, allows finger and SSH connections from all hosts, and otherwise denies access to other TCP-wrapped services.
Low-paranoia: Limit access to certain services, but otherwise permit access by default.
/etc/hosts.allow:
imapd ipop3d: localhost 127.0.0.1 imapd: webmail.uoregon.edu oregon.uoregon.edu in.lpd: localhost 127.0.0.1 .uoregon.edu 128.223.
/etc/hosts.deny:
imapd ipop3d in.lpd: ALL@ALL
This combination limits access to unencrypted POP and IMAP to the local host and a couple of remote hosts, limits access to printer service to the local domain/network, and otherwise denies all access to unencrypted POP and IMAP and to printer services.