XDMCP access control is done using TCP wrappers.  It is possible to
compile GDM without TCP wrappers however, so you should test your
configuration to see if they work.
You should use the daemon name gdm in the
<etc>/hosts.allow and
<etc>hosts.deny files.  For example to
deny computers from .evil.domain from logging in,
then add
gdm: .evil.domain
to <etc>/hosts.deny.  You may also need
to add
gdm: .your.domain
to your <etc>/hosts.allow if you normally disallow
all services from all hosts.  See the
hosts.allow(5) man
page for details.
Even though GDM now tries very hard to ignore things coming from
banned hosts you should not rely on the TCP Wrappers for complete
protection.  It is really best to block UDP port 177 (and all the X
ports which are TCP ports 6000 + the display number of course) on your
firewall.
