head	1.14;
access;
symbols;
locks;


1.14
date	2001.07.14.15.39.40;	author pkern;	state Exp;
branches;
next	1.13;

1.13
date	2001.04.18.17.55.51;	author pkern;	state Exp;
branches;
next	1.12;

1.12
date	2001.04.18.17.50.31;	author pkern;	state Exp;
branches;
next	1.11;

1.11
date	2001.04.04.15.24.33;	author pkern;	state Exp;
branches;
next	1.10;

1.10
date	2001.03.29.20.13.59;	author pkern;	state Exp;
branches;
next	1.9;

1.9
date	2001.03.29.19.02.49;	author pkern;	state Exp;
branches;
next	1.8;

1.8
date	2001.03.29.18.59.28;	author pkern;	state Exp;
branches;
next	1.7;

1.7
date	2001.01.12.17.55.37;	author pkern;	state Exp;
branches;
next	1.6;

1.6
date	99.08.13.17.53.51;	author pkern;	state Exp;
branches;
next	1.5;

1.5
date	99.08.11.22.27.07;	author pkern;	state Exp;
branches;
next	1.4;

1.4
date	99.08.09.22.36.44;	author pkern;	state Exp;
branches;
next	1.3;

1.3
date	98.12.18.15.56.53;	author pkern;	state Exp;
branches;
next	1.2;

1.2
date	95.01.22.13.02.16;	author pkern;	state Exp;
branches;
next	1.1;

1.1
date	94.12.06.15.38.55;	author pkern;	state Exp;
branches;
next	;


desc
@config file hints
@


1.14
log
@more info
@
text
@######
#
# usage: ninetd [-d] [-b backlog] [-f config]
#
#   -d		- enable debugging. prevent backgrounding.
#   -b <backlog> - set the overall TCP listen(2) queue max (default: 10)
#   -f <config>	 - set the config file (default: /local/etc/ninetd.conf)
#
######
#
# config entry format:
#		service { options } spec
#  <service> should look like "telnet/tcp" or "comsat/udp" or "123/tcp"
#  <options> can be any of ...
#	"log"			- log connections (syslog)
#	"user"  userid		- run server as userid
#	"connect"		- this udp server uses connect(2)
#	"restrict"  filename	- set access restriction file
#	"stats"	minutes		- log connect stats at intervals
#	"interface"  [!]interface{,[!]interface}
#				- set interface(s) to [not] use
#	"libwrap"   wrapname	- set identity name for tcpwrappers
#	"max" limit		- set ceiling for num of active servers
#	"filter"    filtername	- set access restriction filter
#	"backlog"   limit	- set max listen(2) queue size
#				  (applies only to tcp services).
#
#  <spec> should be one of ...
#	"program"  filename  [ argv ]
#    or
#	"internal"  handler	
#
# available internal handlers:
#   tcp_echo	udp_echo	- echo received data[gram]
#   tcp_discard	udp_discard	- read and discard incoming data[gram]
#   tcp_time	udp_time	- return 32-bit time since 1970
#   tcp_daytime	udp_daytime	- return human-readable time
#   tcp_chargen	udp_chargen	- familiar character generator
#   tcp_dropconn		- simply drop connection (for logging)
#
# restrict list entry format:
#	"allow"	    ip-num  [ "mask" netmask ]
#	"disallow"  ip-num  [ "mask" netmask ]
#	"include"   filename
#   <ip-num> can be an IP network address or an IP host address.
#
##
#
# eg. reject and log all connections to the exec/tcp service ...
#
#	exec/tcp log max 0 internal tcp_dropconn
#
##
#
# filter definition format:
#	"{ filter" filtername
#		filter-list
#	"}"
#   (the '{' and '}' characters must be the first tokens on the line)
#
# filter-list entry format:
#	"allow"	    ip-num  [ "mask" netmask ]
#	"disallow"  ip-num  [ "mask" netmask ]
#	"insert"    filtername
#   <ip-num> can be an IP network address or an IP host address.
#
# a filter is just a restrict list. the main difference is it's defined
# in the config file instead of in a separate restrict file.  the other
# difference is that the "insert" keyword is used instead of "include"
# to distinguish building up filters versus building up restrict lists.
# eg.
#	{ filter loopback
#		allow 127.0.0.0		mask 255.0.0.0
#	}
#	{ filter utcs-ether
#		allow 128.100.102.0	mask 255.255.255.0
#		insert loopback	
#	}
#
#	10101/tcp   log   filter utcs-ether   internal tcp_daytime
#
##
#
# libwrap - set the tcpwrapper lookups to use alternate file paths.
#   usage:
#	"{ libwrap"
#		"allow"	allow-path
#		"deny"	deny-path
#	"}"
#
#   (the '{' and '}' characters must be the first tokens on the line)
#
#   default <allow-path>: [/local]/etc/hosts.allow
#   default <deny-path>:  [/local]/etc/hosts.deny
#
######

#  maybe later
#bootps/udp	log program /etc/bootpd bootpd
#tftp/udp	log program /etc/tftpd tftpd -n
#biff/udp	log program /etc/comsat comsat
#finger/tcp	log user nobody program /etc/fingerd fingerd
#ftp/tcp	log program /etc/ftpd ftpd

#  for now, just log and drop
bootps/udp	log internal udp_discard 
tftp/udp	log internal udp_discard
biff/udp	log internal udp_discard
finger/tcp	log internal tcp_dropconn
ftp/tcp		log internal tcp_dropconn
instsrv/tcp	log internal tcp_dropconn

login/tcp	log libwrap rshell program /etc/rlogind rlogind
shell/tcp	log libwrap rshell program /etc/rshd rshd
# so hosts.allow should have an entry which looks like ...
#	rshell: host1 host2 ... hostN
# and hosts.deny could have an entry which looks like ...
#	rshell: ALL

telnet/tcp	log max 50 program /etc/telnetd telnetd
# allows only 50 telnet connections at a time.

#talk/udp	log program /etc/talkd talkd
ntalk/udp	log program /etc/talkd talkd

#
# internal services
#
time/udp	stats 60	internal udp_time
time/tcp	stats 60	internal tcp_time
daytime/udp	stats 60	internal udp_daytime
daytime/tcp	stats 60	internal tcp_daytime
discard/udp	stats 60	internal udp_discard
discard/tcp	stats 60	internal tcp_discard
chargen/udp	stats 60	internal udp_chargen
chargen/tcp	stats 60	internal tcp_chargen
echo/udp	log		internal udp_echo
echo/tcp	log		internal tcp_echo

#
# local additions
#
track/tcp	log restrict /local/etc/restrict/track program /local/sbin/track/trackd trackd -inetd

# amanda.
amanda/udp	log user panda program /local/sbin/amandad
#amandaidx/tcp	log user panda program /local/sbin/amindexd
@


1.13
log
@+ backlog
@
text
@d49 6
d67 4
a70 2
# a filter is just a restrict list. the difference is it's defined
# in the config file instead of being in a separate restrict file.
@


1.12
log
@+ backlog
@
text
@d3 1
a3 1
# usage: ninetd [-d] [-f config]
d6 2
a7 1
#   -f <config>	- set the config file (default: /local/etc/ninetd.conf)
d26 1
a26 1
				  (only useful with tcp services).
@


1.11
log
@sync.
@
text
@d24 2
@


1.10
log
@added "{ libwrap ... }" section.
@
text
@d73 1
a73 1
# libwrap - set the tcpwrapper lookups to use non-default files.
d85 1
a85 1
#####
@


1.9
log
@sync.
@
text
@d3 1
a3 1
# usage: ninetd [-d] [-f config] [-A allow] [-D deny]
a6 3
# [tcpwrapper options]
#   -A <allow>	- set the access table (default: /local/etc/hosts.allow)
#   -D <deny>	- set the denial table (default: /local/etc/hosts.deny)
d44 2
d48 1
a48 3
#		"allow"	    ip-num  [ "mask" netmask ]
#		"disallow"  ip-num  [ "mask" netmask ]
#		"insert"    filtername
d52 6
d70 14
@


1.8
log
@added comments about filters.
@
text
@d55 1
a55 1
# filters are just restrict lists. the difference is they're defined
@


1.7
log
@added amanda entries
@
text
@d26 1
d47 22
@


1.6
log
@added "include" feature for restrict lists.
@
text
@d93 4
@


1.5
log
@added usage comments.
@
text
@d43 1
@


1.4
log
@added "max" keyword and example.
@
text
@d1 11
@


1.3
log
@added libwrap examples.
@
text
@d14 1
a49 1
telnet/tcp	log program /etc/telnetd telnetd
d56 3
@


1.2
log
@forgot "stats"
@
text
@d13 2
d50 7
a56 2
login/tcp	log program /etc/rlogind rlogind
shell/tcp	log program /etc/rshd rshd
@


1.1
log
@Initial revision
@
text
@d10 1
a33 1
## The following line is the new style tftp daemon - allows write create.
a37 2
## The following line is for installing over the network.
#instsrv/tcp	log user netinst program /u/netinst/bin/instsrv instsrv -r /tmp/netinstalllog /u/netinst/scripts
@