1#
2# Internet server configuration database
3#
4# Define *both* IPv4 and IPv6 entries for dual-stack support.
5# To disable a service, comment it out by prefixing the line with '#'.
6# To enable a service, remove the '#' at the beginning of the line.
7#
8#ftp	stream	tcp	nowait	root	/usr/libexec/ftpd	ftpd -l
9#ftp	stream	tcp6	nowait	root	/usr/libexec/ftpd	ftpd -l
10#ssh	stream	tcp	nowait	root	/usr/sbin/sshd		sshd -i -4
11#ssh	stream	tcp6	nowait	root	/usr/sbin/sshd		sshd -i -6
12#telnet	stream	tcp	nowait	root	/usr/local/libexec/telnetd	telnetd
13#telnet	stream	tcp6	nowait	root	/usr/local/libexec/telnetd	telnetd
14#shell	stream	tcp	nowait	root	/usr/local/sbin/rshd	rshd
15#shell	stream	tcp6	nowait	root	/usr/local/sbin/rshd	rshd
16#login	stream	tcp	nowait	root	/usr/local/sbin/rlogind	rlogind
17#login	stream	tcp6	nowait	root	/usr/local/sbin/rlogind	rlogind
18#finger	stream	tcp	nowait/3/10 nobody /usr/libexec/fingerd	fingerd -k -s
19#finger	stream	tcp6	nowait/3/10 nobody /usr/libexec/fingerd	fingerd -k -s
20#
21# run comsat as root to be able to print partial mailbox contents w/ biff,
22# or use the safer tty:tty to just print that new mail has been received.
23#comsat	dgram	udp	wait	tty:tty	/usr/libexec/comsat	comsat
24#
25# ntalk is required for the 'talk' utility to work correctly
26#ntalk	dgram	udp	wait	tty:tty	/usr/libexec/ntalkd	ntalkd
27#tftp	dgram	udp	wait	root	/usr/libexec/tftpd	tftpd -l -s /tftpboot
28#tftp	dgram	udp6	wait	root	/usr/libexec/tftpd	tftpd -l -s /tftpboot
29#bootps	dgram	udp	wait	root	/usr/libexec/bootpd	bootpd
30#
31# "Small servers" -- used to be standard on, but we're more conservative
32# about things due to Internet security concerns.  Only turn on what you
33# need.
34#
35#daytime stream	tcp	nowait	root	internal
36#daytime stream	tcp6	nowait	root	internal
37#daytime dgram	udp	wait	root	internal
38#daytime dgram	udp6	wait	root	internal
39#time	stream	tcp	nowait	root	internal
40#time	stream	tcp6	nowait	root	internal
41#time	 dgram	udp	wait	root	internal
42#time	 dgram	udp6	wait	root	internal
43#echo	stream	tcp	nowait	root	internal
44#echo	stream	tcp6	nowait	root	internal
45#echo	dgram	udp	wait	root	internal
46#echo	dgram	udp6	wait	root	internal
47#discard stream	tcp	nowait	root	internal
48#discard stream	tcp6	nowait	root	internal
49#discard dgram	udp	wait	root	internal
50#discard dgram	udp6	wait	root	internal
51#chargen stream	tcp	nowait	root	internal
52#chargen stream	tcp6	nowait	root	internal
53#chargen dgram	udp	wait	root	internal
54#chargen dgram	udp6	wait	root	internal
55#
56# CVS servers - for master CVS repositories only!  You must set the
57# --allow-root path correctly or you open a trivial to exploit but
58# deadly security hole.
59#
60#cvspserver	stream	tcp	nowait	root	/usr/local/bin/cvs	cvs --allow-root=/your/cvsroot/here pserver
61#cvspserver	stream	tcp	nowait	root	/usr/local/bin/cvs	cvs --allow-root=/your/cvsroot/here kserver
62#
63# RPC based services (you MUST have rpcbind running to use these)
64#
65#rstatd/1-3	dgram rpc/udp wait root	/usr/libexec/rpc.rstatd	 rpc.rstatd
66#rusersd/1-2	dgram rpc/udp wait root	/usr/libexec/rpc.rusersd rpc.rusersd
67#walld/1	dgram rpc/udp wait root	/usr/libexec/rpc.rwalld	 rpc.rwalld
68#rquotad/1	dgram rpc/udp wait root	/usr/libexec/rpc.rquotad rpc.rquotad
69#rquotad/1	dgram rpc/udp6 wait root	/usr/libexec/rpc.rquotad rpc.rquotad
70#sprayd/1	dgram rpc/udp wait root	/usr/libexec/rpc.sprayd	 rpc.sprayd
71#
72# example entry for the optional imap4 server
73#
74#imap4	stream	tcp	nowait	root	/usr/local/libexec/imapd	imapd
75#
76# example entry for the optional nntp server
77#
78#nntp	stream	tcp	nowait	news	/usr/local/libexec/nntpd	nntpd
79#
80# example entry for the optional uucpd server
81#
82#uucpd	stream	tcp	nowait	root	/usr/local/libexec/uucpd	uucpd
83#
84# Return error for all "ident" requests
85#
86#auth	stream	tcp	nowait	root	internal
87#auth	stream	tcp6	nowait	root	internal
88#
89# Provide internally a real "ident" service which provides ~/.fakeid support,
90# provides ~/.noident support, reports UNKNOWN as the operating system type
91# and times out after 30 seconds.
92#
93#auth	stream	tcp	nowait	root	internal	auth -r -f -n -o UNKNOWN -t 30
94#auth	stream	tcp6	nowait	root	internal	auth -r -f -n -o UNKNOWN -t 30
95#
96# Example entry for an external ident server
97#
98#auth	stream	tcp	wait	root	/usr/local/sbin/identd	identd -w -t120
99#
100# Example entry for the optional qmail MTA
101#  NOTE: This is no longer the correct way to handle incoming SMTP
102#        connections for qmail.  Use tcpserver (http://cr.yp.to/ucspi-tcp.html)
103#        instead.
104#
105#smtp	stream	tcp	nowait	qmaild	/var/qmail/bin/tcp-env	tcp-env /var/qmail/bin/qmail-smtpd
106#
107# Example entry for Samba sharing for the SMB protocol
108#
109# Enable the first two entries to enable Samba startup from inetd (according to
110# the Samba documentation). Enable the third entry only if you have other
111# NetBIOS daemons listening on your network. Enable the fourth entry to use
112# the swat Samba configuration tool.
113#netbios-ssn	stream	tcp	nowait	root	/usr/local/sbin/smbd	smbd
114#microsoft-ds	stream	tcp	nowait	root	/usr/local/sbin/smbd	smbd
115#netbios-ns	dgram	udp	wait	root	/usr/local/sbin/nmbd	nmbd
116#swat	stream	tcp	nowait/400	root	/usr/local/sbin/swat	swat
117#
118# Example entry for the Prometheus sysctl metrics exporter
119#
120#prom-sysctl	stream	tcp	nowait	nobody	/usr/sbin/prometheus_sysctl_exporter	prometheus_sysctl_exporter -dgh
121#
122# Example entry for the CTL exporter
123#prom-ctl       stream  tcp     nowait  root /usr/bin/ctlstat ctlstat -P
124#
125# Example entry for insecure rsync server
126# This is best combined with encrypted virtual tunnel interfaces, which can be
127# found with: apropos if_ | grep tunnel
128#rsync	stream	tcp	nowait	root	/usr/local/bin/rsyncd	rsyncd --daemon
129#
130# Let the system respond to date requests via tcpmux
131#tcpmux/+date	stream	tcp	nowait	guest	/bin/date	date
132#
133# Let people access the system phonebook via tcpmux
134#tcpmux/phonebook	stream	tcp	nowait	guest	/usr/local/bin/phonebook	phonebook
135#
136# Make kernel statistics accessible
137#rstatd/1-3	dgram	rpc/udp	wait	root	/usr/libexec/rpc.rstatd	rpc.rstatd
138#
139# Use netcat as a one-shot HTTP proxy with nc (from freebsd-tips fortune)
140#http	stream	tcp	nowait	nobody	/usr/bin/nc	nc -N dest-ip 80
141#
142# Set up a unix socket at /var/run/echo that echo's back whatever is written to it.
143#/var/run/echo	stream	unix	nowait	root	internal
144#
145# Run chargen for IPsec Authentication Headers
146#@ ipsec ah/require
147#chargen	stream	tcp	nowait	root	internal
148#@
149