21864048f3
Rather than recommend specific VTIs, it's better to give a general recommendation for where current and future suitable VTIs can be found.
147 lines
6.1 KiB
Plaintext
147 lines
6.1 KiB
Plaintext
# $FreeBSD$
|
|
#
|
|
# Internet server configuration database
|
|
#
|
|
# Define *both* IPv4 and IPv6 entries for dual-stack support.
|
|
# To disable a service, comment it out by prefixing the line with '#'.
|
|
# To enable a service, remove the '#' at the beginning of the line.
|
|
#
|
|
#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
|
|
#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
|
|
#ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
|
|
#ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6
|
|
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
|
|
#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
|
|
#shell stream tcp nowait root /usr/local/sbin/rshd rshd
|
|
#shell stream tcp6 nowait root /usr/local/sbin/rshd rshd
|
|
#login stream tcp nowait root /usr/local/sbin/rlogind rlogind
|
|
#login stream tcp6 nowait root /usr/local/sbin/rlogind rlogind
|
|
#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
|
|
#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
|
|
#
|
|
# run comsat as root to be able to print partial mailbox contents w/ biff,
|
|
# or use the safer tty:tty to just print that new mail has been received.
|
|
#comsat dgram udp wait tty:tty /usr/libexec/comsat comsat
|
|
#
|
|
# ntalk is required for the 'talk' utility to work correctly
|
|
#ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd
|
|
#tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
|
|
#tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
|
|
#bootps dgram udp wait root /usr/libexec/bootpd bootpd
|
|
#
|
|
# "Small servers" -- used to be standard on, but we're more conservative
|
|
# about things due to Internet security concerns. Only turn on what you
|
|
# need.
|
|
#
|
|
#daytime stream tcp nowait root internal
|
|
#daytime stream tcp6 nowait root internal
|
|
#daytime dgram udp wait root internal
|
|
#daytime dgram udp6 wait root internal
|
|
#time stream tcp nowait root internal
|
|
#time stream tcp6 nowait root internal
|
|
#time dgram udp wait root internal
|
|
#time dgram udp6 wait root internal
|
|
#echo stream tcp nowait root internal
|
|
#echo stream tcp6 nowait root internal
|
|
#echo dgram udp wait root internal
|
|
#echo dgram udp6 wait root internal
|
|
#discard stream tcp nowait root internal
|
|
#discard stream tcp6 nowait root internal
|
|
#discard dgram udp wait root internal
|
|
#discard dgram udp6 wait root internal
|
|
#chargen stream tcp nowait root internal
|
|
#chargen stream tcp6 nowait root internal
|
|
#chargen dgram udp wait root internal
|
|
#chargen dgram udp6 wait root internal
|
|
#
|
|
# CVS servers - for master CVS repositories only! You must set the
|
|
# --allow-root path correctly or you open a trivial to exploit but
|
|
# deadly security hole.
|
|
#
|
|
#cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/your/cvsroot/here pserver
|
|
#cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/your/cvsroot/here kserver
|
|
#
|
|
# RPC based services (you MUST have rpcbind running to use these)
|
|
#
|
|
#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd
|
|
#rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd
|
|
#walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld
|
|
#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad
|
|
#rquotad/1 dgram rpc/udp6 wait root /usr/libexec/rpc.rquotad rpc.rquotad
|
|
#sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd
|
|
#
|
|
# example entry for the optional imap4 server
|
|
#
|
|
#imap4 stream tcp nowait root /usr/local/libexec/imapd imapd
|
|
#
|
|
# example entry for the optional nntp server
|
|
#
|
|
#nntp stream tcp nowait news /usr/local/libexec/nntpd nntpd
|
|
#
|
|
# example entry for the optional uucpd server
|
|
#
|
|
#uucpd stream tcp nowait root /usr/local/libexec/uucpd uucpd
|
|
#
|
|
# Return error for all "ident" requests
|
|
#
|
|
#auth stream tcp nowait root internal
|
|
#auth stream tcp6 nowait root internal
|
|
#
|
|
# Provide internally a real "ident" service which provides ~/.fakeid support,
|
|
# provides ~/.noident support, reports UNKNOWN as the operating system type
|
|
# and times out after 30 seconds.
|
|
#
|
|
#auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30
|
|
#auth stream tcp6 nowait root internal auth -r -f -n -o UNKNOWN -t 30
|
|
#
|
|
# Example entry for an external ident server
|
|
#
|
|
#auth stream tcp wait root /usr/local/sbin/identd identd -w -t120
|
|
#
|
|
# Example entry for the optional qmail MTA
|
|
# NOTE: This is no longer the correct way to handle incoming SMTP
|
|
# connections for qmail. Use tcpserver (http://cr.yp.to/ucspi-tcp.html)
|
|
# instead.
|
|
#
|
|
#smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd
|
|
#
|
|
# Example entry for Samba sharing for the SMB protocol
|
|
#
|
|
# Enable the first two entries to enable Samba startup from inetd (according to
|
|
# the Samba documentation). Enable the third entry only if you have other
|
|
# NetBIOS daemons listening on your network. Enable the fourth entry to use
|
|
# the swat Samba configuration tool.
|
|
#netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd
|
|
#microsoft-ds stream tcp nowait root /usr/local/sbin/smbd smbd
|
|
#netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd
|
|
#swat stream tcp nowait/400 root /usr/local/sbin/swat swat
|
|
#
|
|
# Example entry for the Prometheus sysctl metrics exporter
|
|
#
|
|
#prom-sysctl stream tcp nowait nobody /usr/sbin/prometheus_sysctl_exporter prometheus_sysctl_exporter -dgh
|
|
#
|
|
# Example entry for insecure rsync server
|
|
# This is best combined with encrypted virtual tunnel interfaces, which can be
|
|
# found with: apropos if_ | grep tunnel
|
|
#rsync stream tcp nowait root /usr/local/bin/rsyncd rsyncd --daemon
|
|
#
|
|
# Let the system respond to date requests via tcpmux
|
|
#tcpmux/+date stream tcp nowait guest /bin/date date
|
|
#
|
|
# Let people access the system phonebook via tcpmux
|
|
#tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook
|
|
#
|
|
# Make kernel statistics accessible
|
|
#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd
|
|
#
|
|
# Use netcat as a one-shot HTTP proxy with nc (from freebsd-tips fortune)
|
|
#http stream tcp nowait nobody /usr/bin/nc nc -N dest-ip 80
|
|
#
|
|
# Set up a unix socket at /var/run/echo that echo's back whatever is written to it.
|
|
#/var/run/echo stream unix nowait root internal
|
|
#
|
|
# Run chargen for IPsec Authentication Headers
|
|
#@ ipsec ah/require
|
|
#chargen stream tcp nowait root internal
|
|
#@
|