We use TCP Wrappers to restrict access to programs that are supported by the TCP wrapper package. We first check if the program we want to restrict is supported by TCP Wrapper or not by using the ldd tool. We then add a rule in the /etc/hosts.allow or /etc/hosts.deny file as per our requirements.
Afterwards, we add rules to restrict the program from a particular client or the complete network, as per our choice. Using the spawn option in the TCP Wrapper, we even maintain a log for the connection attempts made by the client or program that we have restricted.