For Host Access Control (AKA TCPWrappers) to work for a specific service, that service needs to be linked to the libwrap.so.0 shared object/library file. To put it another way, if a given network service has been compiled against the libwrap library file then we will say that service is a TCP-wrapped service and consequently we would be able to manage access to that service via these two files:
/etc/hosts.allow
/etc/hosts.deny
We can use the ldd command to determine whether a network service is linked to libwrap. So let's check Pure-FTPD and see if it does support TCP Wrappers:
ldd /usr/sbin/pure-ftpd | grep -i libwrap
~
As you can see above, Pure-FTPD has not been compiled against the libwrap library so TCP-Wrappers (/etc/hosts.{allow,deny}) would not work for this service. Pro-FTPD on the other hand does support TCP-Wrappers:
ldd /usr/sbin/proftpd | grep -i libwrap
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007fa208034000)
So to control access to the ftpd daemon through the WHM >> Security Center >>Host Access Control interface, you must use the ProFTPD FTP server. Pure-FTP does not support TCP wrappers.
You can refer to this link from our official documentation for more information on how to configure ProFTPd to utilize the Host Access Control feature:
https://docs.cpanel.net/knowledge-base/ftp/proftpd-configuration-for-host-access-control/