xref: /freebsd/usr.sbin/inetd/inetd.conf (revision 10ff414c) 
1# $FreeBSD$
2#
3# Internet server configuration database
4#
5# Define *both* IPv4 and IPv6 entries for dual-stack support.
6# To disable a service, comment it out by prefixing the line with '#'.
7# To enable a service, remove the '#' at the beginning of the line.
8#
9#ftp	stream	tcp	nowait	root	/usr/libexec/ftpd	ftpd -l
10#ftp	stream	tcp6	nowait	root	/usr/libexec/ftpd	ftpd -l
11#ssh	stream	tcp	nowait	root	/usr/sbin/sshd		sshd -i -4
12#ssh	stream	tcp6	nowait	root	/usr/sbin/sshd		sshd -i -6
13#telnet	stream	tcp	nowait	root	/usr/libexec/telnetd	telnetd
14#telnet	stream	tcp6	nowait	root	/usr/libexec/telnetd	telnetd
15#shell	stream	tcp	nowait	root	/usr/local/sbin/rshd	rshd
16#shell	stream	tcp6	nowait	root	/usr/local/sbin/rshd	rshd
17#login	stream	tcp	nowait	root	/usr/local/sbin/rlogind	rlogind
18#login	stream	tcp6	nowait	root	/usr/local/sbin/rlogind	rlogind
19#finger	stream	tcp	nowait/3/10 nobody /usr/libexec/fingerd	fingerd -k -s
20#finger	stream	tcp6	nowait/3/10 nobody /usr/libexec/fingerd	fingerd -k -s
21#
22# run comsat as root to be able to print partial mailbox contents w/ biff,
23# or use the safer tty:tty to just print that new mail has been received.
24#comsat	dgram	udp	wait	tty:tty	/usr/libexec/comsat	comsat
25#
26# ntalk is required for the 'talk' utility to work correctly
27#ntalk	dgram	udp	wait	tty:tty	/usr/libexec/ntalkd	ntalkd
28#tftp	dgram	udp	wait	root	/usr/libexec/tftpd	tftpd -l -s /tftpboot
29#tftp	dgram	udp6	wait	root	/usr/libexec/tftpd	tftpd -l -s /tftpboot
30#bootps	dgram	udp	wait	root	/usr/libexec/bootpd	bootpd
31#
32# "Small servers" -- used to be standard on, but we're more conservative
33# about things due to Internet security concerns.  Only turn on what you
34# need.
35#
36#daytime stream	tcp	nowait	root	internal
37#daytime stream	tcp6	nowait	root	internal
38#daytime dgram	udp	wait	root	internal
39#daytime dgram	udp6	wait	root	internal
40#time	stream	tcp	nowait	root	internal
41#time	stream	tcp6	nowait	root	internal
42#time	 dgram	udp	wait	root	internal
43#time	 dgram	udp6	wait	root	internal
44#echo	stream	tcp	nowait	root	internal
45#echo	stream	tcp6	nowait	root	internal
46#echo	dgram	udp	wait	root	internal
47#echo	dgram	udp6	wait	root	internal
48#discard stream	tcp	nowait	root	internal
49#discard stream	tcp6	nowait	root	internal
50#discard dgram	udp	wait	root	internal
51#discard dgram	udp6	wait	root	internal
52#chargen stream	tcp	nowait	root	internal
53#chargen stream	tcp6	nowait	root	internal
54#chargen dgram	udp	wait	root	internal
55#chargen dgram	udp6	wait	root	internal
56#
57# CVS servers - for master CVS repositories only!  You must set the
58# --allow-root path correctly or you open a trivial to exploit but
59# deadly security hole.
60#
61#cvspserver	stream	tcp	nowait	root	/usr/local/bin/cvs	cvs --allow-root=/your/cvsroot/here pserver
62#cvspserver	stream	tcp	nowait	root	/usr/local/bin/cvs	cvs --allow-root=/your/cvsroot/here kserver
63#
64# RPC based services (you MUST have rpcbind running to use these)
65#
66#rstatd/1-3	dgram rpc/udp wait root	/usr/libexec/rpc.rstatd	 rpc.rstatd
67#rusersd/1-2	dgram rpc/udp wait root	/usr/libexec/rpc.rusersd rpc.rusersd
68#walld/1	dgram rpc/udp wait root	/usr/libexec/rpc.rwalld	 rpc.rwalld
69#rquotad/1	dgram rpc/udp wait root	/usr/libexec/rpc.rquotad rpc.rquotad
70#rquotad/1	dgram rpc/udp6 wait root	/usr/libexec/rpc.rquotad rpc.rquotad
71#sprayd/1	dgram rpc/udp wait root	/usr/libexec/rpc.sprayd	 rpc.sprayd
72#
73# example entry for the optional imap4 server
74#
75#imap4	stream	tcp	nowait	root	/usr/local/libexec/imapd	imapd
76#
77# example entry for the optional nntp server
78#
79#nntp	stream	tcp	nowait	news	/usr/local/libexec/nntpd	nntpd
80#
81# example entry for the optional uucpd server
82#
83#uucpd	stream	tcp	nowait	root	/usr/local/libexec/uucpd	uucpd
84#
85# Return error for all "ident" requests
86#
87#auth	stream	tcp	nowait	root	internal
88#auth	stream	tcp6	nowait	root	internal
89#
90# Provide internally a real "ident" service which provides ~/.fakeid support,
91# provides ~/.noident support, reports UNKNOWN as the operating system type
92# and times out after 30 seconds.
93#
94#auth	stream	tcp	nowait	root	internal	auth -r -f -n -o UNKNOWN -t 30
95#auth	stream	tcp6	nowait	root	internal	auth -r -f -n -o UNKNOWN -t 30
96#
97# Example entry for an external ident server
98#
99#auth	stream	tcp	wait	root	/usr/local/sbin/identd	identd -w -t120
100#
101# Example entry for the optional qmail MTA
102#  NOTE: This is no longer the correct way to handle incoming SMTP
103#        connections for qmail.  Use tcpserver (http://cr.yp.to/ucspi-tcp.html)
104#        instead.
105#
106#smtp	stream	tcp	nowait	qmaild	/var/qmail/bin/tcp-env	tcp-env /var/qmail/bin/qmail-smtpd
107#
108# Example entry for Samba sharing for the SMB protocol
109#
110# Enable the first two entries to enable Samba startup from inetd (according to
111# the Samba documentation). Enable the third entry only if you have other
112# NetBIOS daemons listening on your network. Enable the fourth entry to use
113# the swat Samba configuration tool.
114#netbios-ssn	stream	tcp	nowait	root	/usr/local/sbin/smbd	smbd
115#microsoft-ds	stream	tcp	nowait	root	/usr/local/sbin/smbd	smbd
116#netbios-ns	dgram	udp	wait	root	/usr/local/sbin/nmbd	nmbd
117#swat	stream	tcp	nowait/400	root	/usr/local/sbin/swat	swat
118#
119# Example entry for the Prometheus sysctl metrics exporter
120#
121#prom-sysctl	stream	tcp	nowait	nobody	/usr/sbin/prometheus_sysctl_exporter	prometheus_sysctl_exporter -dgh
122#
123# Example entry for insecure rsync server
124# This is best combined with encrypted virtual tunnel interfaces, which can be
125# found with: apropos if_ | grep tunnel
126#rsync	stream	tcp	nowait	root	/usr/local/bin/rsyncd	rsyncd --daemon
127#
128# Let the system respond to date requests via tcpmux
129#tcpmux/+date	stream	tcp	nowait	guest	/bin/date	date
130#
131# Let people access the system phonebook via tcpmux
132#tcpmux/phonebook	stream	tcp	nowait	guest	/usr/local/bin/phonebook	phonebook
133#
134# Make kernel statistics accessible
135#rstatd/1-3	dgram	rpc/udp	wait	root	/usr/libexec/rpc.rstatd	rpc.rstatd
136#
137# Use netcat as a one-shot HTTP proxy with nc (from freebsd-tips fortune)
138#http	stream	tcp	nowait	nobody	/usr/bin/nc	nc -N dest-ip 80
139#
140# Set up a unix socket at /var/run/echo that echo's back whatever is written to it.
141#/var/run/echo	stream	unix	nowait	root	internal
142#
143# Run chargen for IPsec Authentication Headers
144#@ ipsec ah/require
145#chargen	stream	tcp	nowait	root	internal
146#@
147