3 # Internet server configuration database
5 # Define *both* IPv4 and IPv6 entries for dual-stack support.
6 # To disable a service, comment it out by prefixing the line with '#'.
7 # To enable a service, remove the '#' at the beginning of the line.
9 #ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
10 #ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
11 #ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
12 #ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6
13 #telnet stream tcp nowait root /usr/libexec/telnetd telnetd
14 #telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
15 #shell stream tcp nowait root /usr/local/sbin/rshd rshd
16 #shell stream tcp6 nowait root /usr/local/sbin/rshd rshd
17 #login stream tcp nowait root /usr/local/sbin/rlogind rlogind
18 #login stream tcp6 nowait root /usr/local/sbin/rlogind rlogind
19 #finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
20 #finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
22 # run comsat as root to be able to print partial mailbox contents w/ biff,
23 # or use the safer tty:tty to just print that new mail has been received.
24 #comsat dgram udp wait tty:tty /usr/libexec/comsat comsat
26 # ntalk is required for the 'talk' utility to work correctly
27 #ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd
28 #tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
29 #tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
30 #bootps dgram udp wait root /usr/libexec/bootpd bootpd
32 # "Small servers" -- used to be standard on, but we're more conservative
33 # about things due to Internet security concerns. Only turn on what you
36 #daytime stream tcp nowait root internal
37 #daytime stream tcp6 nowait root internal
38 #daytime dgram udp wait root internal
39 #daytime dgram udp6 wait root internal
40 #time stream tcp nowait root internal
41 #time stream tcp6 nowait root internal
42 #time dgram udp wait root internal
43 #time dgram udp6 wait root internal
44 #echo stream tcp nowait root internal
45 #echo stream tcp6 nowait root internal
46 #echo dgram udp wait root internal
47 #echo dgram udp6 wait root internal
48 #discard stream tcp nowait root internal
49 #discard stream tcp6 nowait root internal
50 #discard dgram udp wait root internal
51 #discard dgram udp6 wait root internal
52 #chargen stream tcp nowait root internal
53 #chargen stream tcp6 nowait root internal
54 #chargen dgram udp wait root internal
55 #chargen dgram udp6 wait root internal
57 # CVS servers - for master CVS repositories only! You must set the
58 # --allow-root path correctly or you open a trivial to exploit but
59 # deadly security hole.
61 #cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/your/cvsroot/here pserver
62 #cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/your/cvsroot/here kserver
64 # RPC based services (you MUST have rpcbind running to use these)
66 #rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd
67 #rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd
68 #walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld
69 #rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad
70 #rquotad/1 dgram rpc/udp6 wait root /usr/libexec/rpc.rquotad rpc.rquotad
71 #sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd
73 # example entry for the optional imap4 server
75 #imap4 stream tcp nowait root /usr/local/libexec/imapd imapd
77 # example entry for the optional nntp server
79 #nntp stream tcp nowait news /usr/local/libexec/nntpd nntpd
81 # example entry for the optional uucpd server
83 #uucpd stream tcp nowait root /usr/local/libexec/uucpd uucpd
85 # Return error for all "ident" requests
87 #auth stream tcp nowait root internal
88 #auth stream tcp6 nowait root internal
90 # Provide internally a real "ident" service which provides ~/.fakeid support,
91 # provides ~/.noident support, reports UNKNOWN as the operating system type
92 # and times out after 30 seconds.
94 #auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30
95 #auth stream tcp6 nowait root internal auth -r -f -n -o UNKNOWN -t 30
97 # Example entry for an external ident server
99 #auth stream tcp wait root /usr/local/sbin/identd identd -w -t120
101 # Example entry for the optional qmail MTA
102 # NOTE: This is no longer the correct way to handle incoming SMTP
103 # connections for qmail. Use tcpserver (http://cr.yp.to/ucspi-tcp.html)
106 #smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd
108 # Example entry for Samba sharing for the SMB protocol
110 # Enable the first two entries to enable Samba startup from inetd (according to
111 # the Samba documentation). Enable the third entry only if you have other
112 # NetBIOS daemons listening on your network. Enable the fourth entry to use
113 # the swat Samba configuration tool.
114 #netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd
115 #microsoft-ds stream tcp nowait root /usr/local/sbin/smbd smbd
116 #netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd
117 #swat stream tcp nowait/400 root /usr/local/sbin/swat swat
119 # Example entry for the Prometheus sysctl metrics exporter
121 #prom-sysctl stream tcp nowait nobody /usr/sbin/prometheus_sysctl_exporter prometheus_sysctl_exporter -dgh
123 # Example entry for insecure rsync server
124 # This is best combined with encrypted virtual tunnel interfaces, which can be
125 # found with: apropos if_ | grep tunnel
126 #rsync stream tcp nowait root /usr/local/bin/rsyncd rsyncd --daemon
128 # Let the system respond to date requests via tcpmux
129 #tcpmux/+date stream tcp nowait guest /bin/date date
131 # Let people access the system phonebook via tcpmux
132 #tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook
134 # Make kernel statistics accessible
135 #rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd
137 # Use netcat as a one-shot HTTP proxy with nc (from freebsd-tips fortune)
138 #http stream tcp nowait nobody /usr/bin/nc nc -N dest-ip 80
140 # Set up a unix socket at /var/run/echo that echo's back whatever is written to it.
141 #/var/run/echo stream unix nowait root internal
143 # Run chargen for IPsec Authentication Headers
145 #chargen stream tcp nowait root internal