Hi Stanton,
First you'll need to decide who should have access to your SQL listener.
MySql uses port 3306 as default unless you change the configure files master-port=3306 setting to a different number.
Now when Xinetd is complied you have the option to use --with-libwrap, this will tell it to check the /etc/host.allow and deny files, if not then it ignores them for xinetd files and uses the xinetd.conf wrappers.
I suggest you don't use the libwrap option and edit the xinetd conf file to get it to do what you want.
Check out
http://www.macsecurity.org/resources...tutorial.shtml
/Raz