inetd.conf revision 161773
1198160Srrs# $FreeBSD: head/etc/inetd.conf 161773 2006-08-31 17:15:10Z obrien $ 2198160Srrs# 3198160Srrs# Internet server configuration database 4198160Srrs# 5198160Srrs# Define *both* IPv4 and IPv6 entries for dual-stack support. 6198160Srrs# To disable a service, comment it out by prefixing the line with '#'. 7198160Srrs# To enable a service, remove the '#' at the beginning of the line. 8198160Srrs# 9198160Srrs#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l 10198160Srrs#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l 11198160Srrs#ftp stream tcp nowait root /usr/libexec/lukemftpd ftpd -l -r 12198160Srrs#ftp stream tcp6 nowait root /usr/libexec/lukemftpd ftpd -l -r 13198160Srrs#ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4 14198160Srrs#ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6 15198160Srrs#telnet stream tcp nowait root /usr/libexec/telnetd telnetd 16198160Srrs#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd 17198160Srrs#shell stream tcp nowait root /usr/libexec/rshd rshd 18198160Srrs#shell stream tcp6 nowait root /usr/libexec/rshd rshd 19198160Srrs#login stream tcp nowait root /usr/libexec/rlogind rlogind 20198160Srrs#login stream tcp6 nowait root /usr/libexec/rlogind rlogind 21198160Srrs#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s 22198160Srrs#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s 23198160Srrs# 24198160Srrs# run comsat as root to be able to print partial mailbox contents w/ biff, 25198160Srrs# or use the safer tty:tty to just print that new mail has been received. 26198160Srrs#comsat dgram udp wait tty:tty /usr/libexec/comsat comsat 27198160Srrs# 28198160Srrs# ntalk is required for the 'talk' utility to work correctly 29198160Srrs#ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd 30198160Srrs#tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot 31198160Srrs#tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -l -s /tftpboot 32202173Simp#bootps dgram udp wait root /usr/libexec/bootpd bootpd 33198160Srrs# 34198160Srrs# "Small servers" -- used to be standard on, but we're more conservative 35198160Srrs# about things due to Internet security concerns. Only turn on what you 36198160Srrs# need. 37198160Srrs# 38198160Srrs#daytime stream tcp nowait root internal 39198160Srrs#daytime stream tcp6 nowait root internal 40198160Srrs#daytime dgram udp wait root internal 41216390Sjchandra#daytime dgram udp6 wait root internal 42198160Srrs#time stream tcp nowait root internal 43216390Sjchandra#time stream tcp6 nowait root internal 44198625Srrs#time dgram udp wait root internal 45198160Srrs#time dgram udp6 wait root internal 46198160Srrs#echo stream tcp nowait root internal 47198160Srrs#echo stream tcp6 nowait root internal 48198160Srrs#echo dgram udp wait root internal 49198160Srrs#echo dgram udp6 wait root internal 50198160Srrs#discard stream tcp nowait root internal 51216390Sjchandra#discard stream tcp6 nowait root internal 52198607Srrs#discard dgram udp wait root internal 53198160Srrs#discard dgram udp6 wait root internal 54198160Srrs#chargen stream tcp nowait root internal 55198160Srrs#chargen stream tcp6 nowait root internal 56198160Srrs#chargen dgram udp wait root internal 57216390Sjchandra#chargen dgram udp6 wait root internal 58216390Sjchandra# 59216390Sjchandra# CVS servers - for master CVS repositories only! You must set the 60216390Sjchandra# --allow-root path correctly or you open a trivial to exploit but 61216390Sjchandra# deadly security hole. 62216390Sjchandra# 63216390Sjchandra#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here pserver 64216390Sjchandra#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here kserver 65216390Sjchandra# 66216390Sjchandra# RPC based services (you MUST have rpcbind running to use these) 67216390Sjchandra# 68198160Srrs#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd 69216390Sjchandra#rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd 70216390Sjchandra#walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld 71216390Sjchandra#pcnfsd/1-2 dgram rpc/udp wait root /usr/local/libexec/rpc.pcnfsd rpc.pcnfsd 72216390Sjchandra#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad 73216390Sjchandra#sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd 74216390Sjchandra# 75198160Srrs# example entry for the optional pop3 server 76216390Sjchandra# 77216390Sjchandra#pop3 stream tcp nowait root /usr/local/libexec/popper popper 78216390Sjchandra# 79216390Sjchandra# example entry for the optional imap4 server 80216390Sjchandra# 81216390Sjchandra#imap4 stream tcp nowait root /usr/local/libexec/imapd imapd 82216390Sjchandra# 83216390Sjchandra# example entry for the optional nntp server 84198160Srrs# 85216390Sjchandra#nntp stream tcp nowait news /usr/local/libexec/nntpd nntpd 86216390Sjchandra# 87198160Srrs# example entry for the optional uucpd server 88198160Srrs# 89198160Srrs#uucpd stream tcp nowait root /usr/local/libexec/uucpd uucpd 90198160Srrs# 91198160Srrs# Return error for all "ident" requests 92198160Srrs# 93198160Srrs#auth stream tcp nowait root internal 94198160Srrs#auth stream tcp6 nowait root internal 95198160Srrs# 96198160Srrs# Provide internally a real "ident" service which provides ~/.fakeid support, 97198160Srrs# provides ~/.noident support, reports UNKNOWN as the operating system type 98198160Srrs# and times out after 30 seconds. 99198625Srrs# 100216390Sjchandra#auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30 101216390Sjchandra#auth stream tcp6 nowait root internal auth -r -f -n -o UNKNOWN -t 30 102216390Sjchandra# 103216390Sjchandra# Example entry for an external ident server 104198160Srrs# 105198625Srrs#auth stream tcp wait root /usr/local/sbin/identd identd -w -t120 106216390Sjchandra# 107198625Srrs# Example entry for the optional qmail MTA 108198625Srrs# NOTE: This is no longer the correct way to handle incoming SMTP 109198625Srrs# connections for qmail. Use tcpserver (http://cr.yp.to/ucspi-tcp.html) 110216390Sjchandra# instead. 111216390Sjchandra# 112198625Srrs#smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd 113216390Sjchandra# 114198160Srrs# Enable the following two entries to enable samba startup from inetd 115198160Srrs# (from the Samba documentation). Enable the third entry to enable the swat 116216390Sjchandra# samba configuration tool. 117216390Sjchandra# 118216390Sjchandra#netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd 119216390Sjchandra#netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd 120198160Srrs#swat stream tcp nowait/400 root /usr/local/sbin/swat swat 121216390Sjchandra# 122216390Sjchandra# Enable the following entry to enable ftp-proxy to NAT ftp sessions with pf 123216390Sjchandra# N.B.: inetd binds to * in the default installation so you should add 124198625Srrs# an appropriate block rule to your pf.conf 125216390Sjchandra# 126198160Srrs#ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy 127198160Srrs