So I've been using Debian up until now, when I decided to try out Arch Linux. Loving it so far, but there's something I'm wondering about. When I installed lighttpd via pacman, I couldn't connect to my webpage from the outside, but it worked from localhost. When I added "lighttpd: ALL" to the hosts.allow file, I could connect to it from the outside. I've never had to do this with Debian. Why? Also, sshd isn't in the hosts.allow but I can still connect through ssh. Is there a way to disable this?

You might want to take a look at /etc/hosts.deny. By default, it is set
up to deny all incoming connections which is why you have to add
exceptions to /etc/hosts.allow. Also check out man 5 hosts_access.

I see, thanks for the response. When I took a look in hosts.deny, it was empty. Is it supposed to be this way? Can I disable this "feature"?

You could put ALL: ALL: ALLOW in your /etc/hosts.allow to allow all incoming connections.

I read the man and it just said that the hosts.deny could be empty and if it is, the connections will be allowed. This goes against what really happened, so now I'm kind of confused. So by default all connections are rejected even though hosts.deny is empty?

If the manpage says that if /etc/hosts.deny is empty all connections will be allowed, then it is probably so. Maybe something else was blocking your connections?

Hm that what I'd like to think but when I added lighttpd to my hosts.allow it worked.

I recall recently reading an article* discussing this issue and noting differences in behavior between distributions. In some cases this was correctly documented in the relevant man page, but in some it wasn't. There were also mysterious references to a system-wide setting that the author couldn't validate.

In short, your man page might be wrong on this point.

*Sadly, my Google-fu is failing, as I can't locate it again. Perhaps it was all a dream...

Thanks, that makes things clearer. Is there a way I can just disable this entire hosts.allow/hosts.deny thing?