diff --git a/hosts.allow b/hosts.allow
deleted file mode 100644
index df4e910..0000000
--- a/hosts.allow
+++ /dev/null
@@ -1,64 +0,0 @@
-# /etc/hosts.allow
-# Make sure package tcpd is installed on your system for this to work.
-# See 'man tcpd' and 'man 5 hosts_access' for a detailed description
-# of /etc/hosts.allow and /etc/hosts.deny.
-#
-# short overview about daemons and servers that are built with
-# tcp_wrappers support:
-# 
-# package name  |       daemon path     |       token
-# ----------------------------------------------------------------------------
-# ssh, openssh  |  /usr/sbin/sshd       |  sshd, sshd-fwd-x11, sshd-fwd-<port>
-# quota         | /usr/sbin/rpc.rquotad |  rquotad
-# tftpd         | /usr/sbin/in.tftpd    |  in.tftpd
-# portmap       |  /sbin/portmap        |  portmap
-#                       The portmapper does not verify against hostnames
-#                       to prevent hangs. It only checks non-local addresses.
-# 
-# (kernel nfs server)
-# nfs-utils     |  /usr/sbin/rpc.mountd |  mountd
-# nfs-utils     |  /sbin/rpc.statd      |  statd
-#
-# (unfsd, userspace nfs server)
-# nfs-server    |  /usr/sbin/rpc.mountd |  rpc.mountd
-# nfs-server    |  /usr/sbin/rpc.ugidd  |  rpc.ugidd
-#
-# (printing services)
-# lprng         |  /usr/sbin/lpd        |  lpd
-# cups          |  /usr/sbin/cupsd      |  cupsd
-#                       The cupsd server daemon reports to the cups
-#                       error logs, not to the syslog(3) facility.
-#
-# (Uniterrupted Power Supply Software)
-# apcupsd       |  /sbin/apcupsd        |  apcupsd
-# apcupsd       |  /sbin/apcnisd        |  apcnisd
-# 
-# All of the other network servers such as samba, apache or X, have their own
-# access control scheme that should be used instead.
-#
-# In addition to the services above, the services that are started on request 
-# by inetd or xinetd use tcpd to "wrap" the network connection. tcpd uses
-# the last component of the server pathname as a token to match a service in
-# /etc/hosts.{allow,deny}. See the file /etc/inetd.conf for the token names.
-# The following examples work when uncommented:
-#
-#
-# Example 1: Fire up a mail to the admin if a connection to the printer daemon
-# has been made from host foo.bar.com, but simply deny all others:
-# lpd : foo.bar.com : spawn /bin/echo "%h printer access" | \
-#                               mail -s "tcp_wrappers on %H" root
-# 
-#
-# Example 2: grant access from local net, reject with message from elsewhere.
-# in.telnetd : ALL EXCEPT LOCAL : ALLOW
-# in.telnetd : ALL : \
-#    twist /bin/echo -e "\n\raccess from %h declined.\n\rGo away.";sleep 2
-#
-#
-# Example 3: run a different instance of rsyncd if the connection comes 
-#            from network 172.20.0.0/24, but regular for others:
-# rsyncd : 172.20.0.0/255.255.255.0 : twist /usr/local/sbin/my_rsyncd-script
-# rsyncd : ALL : ALLOW
-#
-
-
diff --git a/hosts.deny b/hosts.deny
deleted file mode 100644
index f8e28d7..0000000
--- a/hosts.deny
+++ /dev/null
@@ -1,7 +0,0 @@
-# /etc/hosts.deny
-# Make sure package tcpd is installed on your system for this to work.
-# See 'man tcpd' and 'man 5 hosts_access' as well as /etc/hosts.allow
-# for a detailed description.
-
-http-rman : ALL EXCEPT LOCAL
-
diff --git a/netcfg.changes b/netcfg.changes
index 46764e3..466986b 100644
--- a/netcfg.changes
+++ b/netcfg.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Oct 11 09:33:40 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Remove hosts.allow and hosts.deny config files as they are only
+  used by tcpd, which is not installed by default, bsc#1099755
+
 -------------------------------------------------------------------
 Mon Jul 19 13:59:22 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
 
diff --git a/netcfg.spec b/netcfg.spec
index cc98188..91dfbad 100644
--- a/netcfg.spec
+++ b/netcfg.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package netcfg
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,8 +27,6 @@ Source1:        exports
 Source2:        ftpusers
 Source3:        host.conf
 Source4:        hosts
-Source5:        hosts.allow
-Source6:        hosts.deny
 Source7:        hosts.equiv
 Source8:        hosts.lpd
 Source9:        networks
@@ -64,7 +62,7 @@ cp %{SOURCE16} .
 
 %install
 mkdir -p %{buildroot}%{_sysconfdir}
-for i in hostname aliases defaultdomain exports ftpusers host.conf hosts hosts.allow hosts.deny hosts.equiv hosts.lpd netgroup ethertypes; do
+for i in hostname aliases defaultdomain exports ftpusers host.conf hosts hosts.equiv hosts.lpd netgroup ethertypes; do
   install $RPM_SOURCE_DIR/$i %{buildroot}/%{_sysconfdir}
 done
 mkdir -p %{buildroot}%{_prefix}%{_sysconfdir}
@@ -87,8 +85,6 @@ install -d -m 0755 %{buildroot}/%{_sysconfdir}/exports.d
 %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/ftpusers
 %config(noreplace) %{_sysconfdir}/host.conf
 %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/hosts
-%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/hosts.allow
-%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/hosts.deny
 %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/hosts.equiv
 %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/hosts.lpd
 %config(noreplace) %{_sysconfdir}/netgroup