1# $FreeBSD$ 2# 3# Internet server configuration database 4# 5# Define *both* IPv4 and IPv6 entries for dual-stack support. 6# To disable a service, comment it out by prefixing the line with '#'. 7# To enable a service, remove the '#' at the beginning of the line. 8# 9#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l 10#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l 11#ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4 12#ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6 13#telnet stream tcp nowait root /usr/libexec/telnetd telnetd 14#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd 15#shell stream tcp nowait root /usr/local/sbin/rshd rshd 16#shell stream tcp6 nowait root /usr/local/sbin/rshd rshd 17#login stream tcp nowait root /usr/local/sbin/rlogind rlogind 18#login stream tcp6 nowait root /usr/local/sbin/rlogind rlogind 19#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s 20#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s 21# 22# run comsat as root to be able to print partial mailbox contents w/ biff, 23# or use the safer tty:tty to just print that new mail has been received. 24#comsat dgram udp wait tty:tty /usr/libexec/comsat comsat 25# 26# ntalk is required for the 'talk' utility to work correctly 27#ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd 28#tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot 29#tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -l -s /tftpboot 30#bootps dgram udp wait root /usr/libexec/bootpd bootpd 31# 32# "Small servers" -- used to be standard on, but we're more conservative 33# about things due to Internet security concerns. Only turn on what you 34# need. 35# 36#daytime stream tcp nowait root internal 37#daytime stream tcp6 nowait root internal 38#daytime dgram udp wait root internal 39#daytime dgram udp6 wait root internal 40#time stream tcp nowait root internal 41#time stream tcp6 nowait root internal 42#time dgram udp wait root internal 43#time dgram udp6 wait root internal 44#echo stream tcp nowait root internal 45#echo stream tcp6 nowait root internal 46#echo dgram udp wait root internal 47#echo dgram udp6 wait root internal 48#discard stream tcp nowait root internal 49#discard stream tcp6 nowait root internal 50#discard dgram udp wait root internal 51#discard dgram udp6 wait root internal 52#chargen stream tcp nowait root internal 53#chargen stream tcp6 nowait root internal 54#chargen dgram udp wait root internal 55#chargen dgram udp6 wait root internal 56# 57# CVS servers - for master CVS repositories only! You must set the 58# --allow-root path correctly or you open a trivial to exploit but 59# deadly security hole. 60# 61#cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/your/cvsroot/here pserver 62#cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/your/cvsroot/here kserver 63# 64# RPC based services (you MUST have rpcbind running to use these) 65# 66#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd 67#rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd 68#walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld 69#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad 70#rquotad/1 dgram rpc/udp6 wait root /usr/libexec/rpc.rquotad rpc.rquotad 71#sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd 72# 73# example entry for the optional imap4 server 74# 75#imap4 stream tcp nowait root /usr/local/libexec/imapd imapd 76# 77# example entry for the optional nntp server 78# 79#nntp stream tcp nowait news /usr/local/libexec/nntpd nntpd 80# 81# example entry for the optional uucpd server 82# 83#uucpd stream tcp nowait root /usr/local/libexec/uucpd uucpd 84# 85# Return error for all "ident" requests 86# 87#auth stream tcp nowait root internal 88#auth stream tcp6 nowait root internal 89# 90# Provide internally a real "ident" service which provides ~/.fakeid support, 91# provides ~/.noident support, reports UNKNOWN as the operating system type 92# and times out after 30 seconds. 93# 94#auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30 95#auth stream tcp6 nowait root internal auth -r -f -n -o UNKNOWN -t 30 96# 97# Example entry for an external ident server 98# 99#auth stream tcp wait root /usr/local/sbin/identd identd -w -t120 100# 101# Example entry for the optional qmail MTA 102# NOTE: This is no longer the correct way to handle incoming SMTP 103# connections for qmail. Use tcpserver (http://cr.yp.to/ucspi-tcp.html) 104# instead. 105# 106#smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd 107# 108# Example entry for Samba sharing for the SMB protocol 109# 110# Enable the first two entries to enable Samba startup from inetd (according to 111# the Samba documentation). Enable the third entry only if you have other 112# NetBIOS daemons listening on your network. Enable the fourth entry to use 113# the swat Samba configuration tool. 114#netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd 115#microsoft-ds stream tcp nowait root /usr/local/sbin/smbd smbd 116#netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd 117#swat stream tcp nowait/400 root /usr/local/sbin/swat swat 118# 119# Example entry for the Prometheus sysctl metrics exporter 120# 121#prom-sysctl stream tcp nowait nobody /usr/sbin/prometheus_sysctl_exporter prometheus_sysctl_exporter -dgh 122# 123# Example entry for insecure rsync server 124# This is best combined with encrypted virtual tunnel interfaces, which can be 125# found with: apropos if_ | grep tunnel 126#rsync stream tcp nowait root /usr/local/bin/rsyncd rsyncd --daemon 127# 128# Let the system respond to date requests via tcpmux 129#tcpmux/+date stream tcp nowait guest /bin/date date 130# 131# Let people access the system phonebook via tcpmux 132#tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook 133# 134# Make kernel statistics accessible 135#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd 136# 137# Use netcat as a one-shot HTTP proxy with nc (from freebsd-tips fortune) 138#http stream tcp nowait nobody /usr/bin/nc nc -N dest-ip 80 139# 140# Set up a unix socket at /var/run/echo that echo's back whatever is written to it. 141#/var/run/echo stream unix nowait root internal 142# 143# Run chargen for IPsec Authentication Headers 144#@ ipsec ah/require 145#chargen stream tcp nowait root internal 146#@ 147