How can I make sure tcpwrapper is in use?
Check whether or not libwrap is in use. ldd /sbin/portmap
Can I edit host.allow so only localhost can access? Will it give any trouble?
You have to look on all services that uses tcpwrapper (e.g. sshd)
I don't use nfs, I've disabled it, so don't know why does portmap gets on...
It's a good idea to deny access to any tcpwrapper enabled service via /etc/hosts.deny # deny all ALL : ALL and then allow access to services for dedicated hosts via (example) /etc/hosts.allow # allow access to/for portmap : 127.0.0.1/255.0.0.0 mountd : 127.0.0.1/255.0.0.0 lockd : 127.0.0.1/255.0.0.0 statd : 127.0.0.1/255.0.0.0 rquotad : 127.0.0.1/255.0.0.0 If you dont use nfs/rpc disable it via yast's runlevel editor. The polarizer http://www.codixx.de/polarizer.html