Yes, change hosts.deny to this:
Anything that you put in hosts.allow will will override the ALL setting in hosts.deny. The syntax for hosts.allow is the same and uses the format:
where arguments can be a complete or partial domain name like node1.yahoo.com or just .yahoo.com . Or you can use complete or partial IP addresses like 123.456.789.1 or 123.456. So to use an example, say we wanted to allow anyone from yahoo.com to access our FTP server and we also want to allow the hosts 123.456.789.1, the 192.168. private IP block and all of yahoo.com to access our sshd server. The hosts.allow file would look like this:
#### BUNCH OF HEADER COMMENTS HERE
SSHD: 123.456.789.1 192.168. .yahoo.com
The key to writitng a "good" hosts.allow file is just try to limit the number of people that have access to the fewest possible. Sometimes that can be hard if you have clients with dynamic IP addresses or if you need to run a public service. Also an important thing to keep in mind is that not all services use the hosts.allow/deny files. For example the Apache web server won't use them, so don't try to put an entry in hosts.allow for www or httpd.