docs: Added All NetBSD Manuals

1 files changed, 898 insertions, 0 deletions

diff --git a/static/netbsd/man8/inetd.8 b/static/netbsd/man8/inetd.8
new file mode 100644
index 00000000..e54ff342
--- /dev/null
+++ b/static/netbsd/man8/inetd.8
@@ -0,0 +1,898 @@
+.\"	$NetBSD: inetd.8,v 1.69 2025/12/27 08:06:38 mlelstv Exp $
+.\"
+.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
+.\" NASA Ames Research Center.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" Copyright (c) 1985, 1991 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     from: @(#)inetd.8       8.4 (Berkeley) 6/1/94
+.\"
+.Dd October 12, 2021
+.Dt INETD 8
+.Os
+.Sh NAME
+.Nm inetd ,
+.Nm inetd.conf
+.Nd internet
+.Dq super-server
+.Sh SYNOPSIS
+.Nm
+.Op Fl d
+.Op Fl l
+.Op Ar configuration file
+.Sh DESCRIPTION
+.Nm
+should be run at boot time by
+.Pa /etc/rc
+(see
+.Xr rc 8 ) .
+It then opens sockets according to its configuration and listens
+for connections.
+When a connection is found on one of its sockets, it decides what
+service the socket corresponds to, and invokes a program to service
+the request.
+After the program is finished, it continues to listen on the socket
+(except in some cases which will be described below).
+Essentially,
+.Nm
+allows running one daemon to invoke several others,
+reducing load on the system.
+.Pp
+The options available for
+.Nm :
+.Bl -tag -width Ds
+.It Fl d
+Turns on debugging and runs
+.Nm
+in the foreground.
+.It Fl f
+Runs
+.Nm
+in the foreground.
+.It Fl l
+Turns on libwrap connection logging.
+.El
+.Pp
+Upon execution,
+.Nm
+reads its configuration information from a configuration
+file which, by default, is
+.Pa /etc/inetd.conf .
+The path given for this configuration file must be absolute, unless
+the
+.Fl d
+option is also given on the command line.
+.Pp
+Services can be specified using the legacy `positional' notation or the
+`key-values' notation described in the sections
+.Sx Positional Notation
+and
+.Sx Key-Values Notation
+below.
+.Ss Positional Notation
+There must be an entry for each field of the configuration
+file, with entries for each field separated by a tab or
+a space.
+Comments are denoted by a ``#'' at the beginning of a line (see subsection
+.Sx Key-Values Notation
+for defining comments in key-values definitions).
+There must be an entry for each field (except for one
+special case, described below).
+A positional definition is terminated by a newline.
+The fields of the configuration file are as follows:
+.Pp
+.Bd -unfilled -offset indent -compact
+[listen-addr:]service-spec
+socket-type[,accept-max][:accept-filter]
+protocol[,sndbuf=size][,rcvbuf=size]
+wait/nowait[:max]
+user[:group]
+server-program
+server program arguments
+.Ed
+.Pp
+The
+.Em listen-addr
+parameter specifies the local address
+.Nm
+should use when listening.
+The single character
+.Dq \&*
+means
+.Dv INADDR_ANY :
+all local addresses.
+The
+.Em listen-addr
+parameter may be a host name, which will be resolved once, when the service
+definition is read from the config file.
+.Pp
+Note that restricted listen addresses are meaningless and ignored for
+UNIX-domain services, and are not supported for
+.Em Sun-RPC
+services.
+All
+.Em Sun-RPC
+services always listen on all interfaces.
+.Pp
+The form of the
+.Em service-spec
+parameter varies with the service type.
+For Internet services, the
+.Em service-spec
+parameter can be either the name of a service from
+.Pa /etc/services
+or a decimal port number.
+For
+.Dq internal
+services (discussed below), the service name
+.Em must
+be the official name of the service (that is, the first entry in
+.Pa /etc/services )
+and not an alias for it.
+.Pp
+For
+.Em Sun-RPC
+based services, the
+.Em service-spec
+parameter has the form
+.Em service-name Ns Li / Ns Em version .
+The service name must be a valid RPC service name from
+the file
+.Pa /etc/rpc .
+The
+.Em version
+on the right of the
+.Dq /
+is the RPC version number.
+This can simply be a single numeric argument or a range of versions.
+A range is bounded by the low version to the high version, e.g.
+.Dq rusers/1-3 .
+.Pp
+For UNIX-domain (local) services, the
+.Em service-spec
+parameter is the path name to listen on.
+.Pp
+The
+.Em service-spec
+parameter must not begin with a dot.
+See
+.Sx Directives .
+.Pp
+The
+.Em socket-type
+parameter should be one of
+.Dq stream ,
+.Dq dgram ,
+.Dq raw ,
+.Dq rdm ,
+or
+.Dq seqpacket ,
+depending on whether the socket is a stream, datagram, raw,
+reliably delivered message, or sequenced packet socket.
+.Pp
+Optionally, for Internet services, an accept limit
+and an accept filter
+(see
+.Xr accept_filter 9 )
+can be specified.
+The accept limit is appended with a comma followed by a decimal number,
+the accept filter is appended with a colon to
+.Em socket-type ,
+followed by the name of the desired accept filter.
+In this case
+.Nm
+will not see new connections for the specified service until the
+number of running instances is below the accept limit and the
+accept filter decides they are ready to be handled.
+The accept limit is ignored for services marked as
+.Dq wait,
+because the socket is handed over to the server program.
+.\" XXX: do accept filters work for AF_UNIX sockets? nobody probably
+.\" cares, but...
+.Pp
+The
+.Em protocol
+parameter must be a valid protocol as given in
+.Pa /etc/protocols
+or (for UNIX-domain services) the string
+.Dq unix .
+The most common are
+.Dq tcp
+and
+.Dq udp .
+For TCP and UDP, the IP version (4 or 6) may be specified explicitly
+by appending 4 or 6 to the protocol name.
+Otherwise the default version (IPv4) is used.
+For
+.Em Sun-RPC
+the string
+.Dq rpc
+and a slash should be prepended:
+.Dq rpc/tcp
+or
+.Dq rpc/udp .
+If you would like to enable special support for
+.Xr faithd 8 ,
+prepend the string
+.Dq faith
+and a slash:
+.Dq faith/tcp6 .
+.Pp
+In addition to the protocol, the configuration file may specify the
+send and receive socket buffer sizes for the listening socket.
+This is especially useful for
+.Tn TCP :
+the window scale factor, which is based on the receive socket
+buffer size, is advertised when the connection handshake occurs
+and thus the socket buffer size must be set on the listen socket.
+By increasing the socket buffer sizes, better
+.Tn TCP
+performance may be realized in some situations.
+The socket buffer sizes are specified by appending their values to
+the protocol specification as follows:
+.Bd -literal -offset indent
+tcp,rcvbuf=16384
+tcp,sndbuf=64k
+tcp,rcvbuf=64k,sndbuf=1m
+.Ed
+.Pp
+A literal value may be specified, or modified using
+.Sq k
+to indicate kibibytes or
+.Sq m
+to indicate mebibytes.
+Socket buffer sizes may be specified for all
+services and protocols except for tcpmux services.
+.Pp
+The
+.Em wait/nowait
+entry is used to tell
+.Nm
+if it should wait for the server program to return,
+or continue processing connections on the socket.
+If a datagram server reads a single datagram and connects
+to its peer through a different socket, freeing the service's socket so
+.Nm
+can receive further messages on the socket, it is said to be
+a
+.Dq multi-threaded
+server, and should use the
+.Dq nowait
+entry.
+For datagram servers which process all incoming datagrams
+on a socket and eventually time out, the server is said to be
+.Dq single-threaded
+and should use a
+.Dq wait
+entry.
+.Xr comsat 8
+.Pq Xr biff 1
+and
+.Xr ntalkd 8
+are both examples of the latter type of
+datagram server.
+.Xr tftpd 8
+is an exception; it is a datagram server that establishes pseudo-connections.
+It must be listed as
+.Dq wait
+in order to avoid a race;
+the server reads the first packet, creates a new socket,
+and then forks and exits to allow
+.Nm
+to check for new service requests to spawn new servers.
+The optional
+.Dq max
+suffix (separated from
+.Dq wait
+or
+.Dq nowait
+by a dot or a colon) specifies the maximum number of server instances that may
+be spawned from
+.Nm
+within an interval of 60 seconds.
+When omitted,
+.Dq max
+defaults to 40.
+If it reaches this maximum spawn rate,
+.Nm
+will log the problem (via the syslogger using the
+.Dv LOG_DAEMON
+facility and
+.Dv LOG_ERR
+level)
+and stop handling the specific service for ten minutes.
+.Pp
+Stream servers are usually marked as
+.Dq nowait
+but if a single server process is to handle multiple connections, it may be
+marked as
+.Dq wait .
+The master socket will then be passed as fd 0 to the server, which will then
+need to accept the incoming connection.
+The server should eventually time
+out and exit when no more connections are active.
+.Nm
+will continue to
+listen on the master socket for connections, so the server should not close
+it when it exits.
+.Xr identd 8
+is usually the only stream server marked as wait.
+.Pp
+The
+.Em user
+entry should contain the user name of the user as whom the server should run.
+This allows for servers to be given less permission than root.
+Optionally, a group can be specified by appending a colon to the user name,
+followed by the group name (it is possible to use a dot (``.'') in lieu of a
+colon, however this feature is provided only for backward compatibility).
+This allows for servers to run with a different (primary) group id than
+specified in the password file.
+If a group is specified and
+.Em user
+is not root, the supplementary groups associated with that user will still be
+set.
+.Pp
+The
+.Em server-program
+entry should contain the pathname of the program which is to be
+executed by
+.Nm
+when a request is found on its socket.
+If
+.Nm
+provides this service internally, this entry should
+be
+.Dq internal .
+.Pp
+The
+.Em server program arguments
+should be just as arguments
+normally are, starting with argv[0], which is the name of
+the program.
+If the service is provided internally, the
+word
+.Dq internal
+should take the place of this entry.
+It is possible to quote an argument using either single or double quotes.
+This allows you to have, e.g., spaces in paths and parameters.
+.Ss Key-Values Notation
+In key-values notation, keys are separated from their associated values by `=',
+values are separated by whitespace, and key-values options are separated by
+commas.
+A service definition is terminated by a semicolon.
+Multiple definitions may exist on a single line (and a line may
+end with a positional definition.
+A key-values definition has the following form:
+.Bd -filled -offset indent
+[listen-addr:]service-spec {on|off} <option> = [value1],
+<option> = [value1] [value2] ..., <option> =, ...;
+.Ed
+.Pp
+Values may be in quotes, and support the following escape sequences.
+.Bl -hang -width "\xXX" -offset indent
+.It Sy \e\e
+Backslash.
+.It Sy \en
+Line feed.
+.It Sy \et
+Tab.
+.It Sy \er
+Carriage return.
+.It Sy \e'
+Single quote.
+.It Sy \e"
+Double quote.
+.It Sy \exXX
+Hexadecimal byte value, replace XX.
+.El
+.Pp
+.Em [listen-addr:]service-spec
+has the same form as in positional notation. If
+.Em service-spec
+is followed by
+.Em on
+then the service definition is active by default.
+If
+.Em service-spec
+is followed by
+.Em off
+then the service definition is parsed and errors are output to
+the system log, but the service is not active and no sockets are created.
+.Pp
+Comments that exist between the initial on/off directive
+and the closing semicolon may begin in any column and may exist on the same line
+as non-comment text.
+Note: editor syntax highlighting may be misleading!
+.Pp
+Syntax and semantic error detection is performed on a best-effort basis.
+If an error with a service definition is easily detectable, it will
+log the error using
+.Xr syslog 3
+and continue reading the configuration file if possible, skipping the erroneous
+definition or file.
+Otherwise, it is up to the user to write definitions that conform to the
+documentation.
+Errors may be worded differently depending on the ordering of
+options in the service definition.
+.Pp
+The following are the available values for
+.Em <option>:
+.Bl -hang -width "acceptfilter"
+.It Sy bind
+Set the listen address for this service.
+This can be an IPv4 or IPv6 address or a hostname.
+.It Sy socktype
+Equivalent to
+.Em socket-type
+in positional notation.
+.Em socktype
+is optional if
+.Em protocol
+is specified and is
+.Li udp{4,6}
+or
+.Li tcp{4,6} .
+.It Sy accept_max
+Equivalent to
+.Em accept-max
+in positional notation.
+.It Sy acceptfilter
+An accept filter, equivalent to
+.Em accept
+in positional notation (see
+.Xr accept_filter 9
+and
+.Dv SO_ACCEPTFILTER
+in
+.Xr setsockopt 2 ) .
+.It Sy protocol
+Equivalent to
+.Em protocol
+in positional notation.
+If specified as
+.Li tcp
+or
+.Li udp
+with no version specifier, the associated hostname or
+.Em bind
+value is used to determine the IP version.
+If the version is not specified and the hostname string or
+.Em bind
+value is not an IPv4 or IPv6 address, the service definition is
+invalid.
+.It Sy sndbuf
+Equivalent to
+.Em sndbuf
+in positional notation.
+.It Sy recvbuf
+Equivalent to
+.Em recvbuf
+in positional notation.
+.It Sy wait
+The value
+.Li yes
+or
+.Li no .
+Equivalent to
+.Em wait/nowait
+in positional notation.
+This option is automatically determined for internal
+services, and is mandatory for all others.
+.It Sy service_max
+Equivalent to
+.Em max
+in positional notation.
+Defaults to 40 if not specified.
+.It Sy ip_max
+Specifies the maximum number of server instances that may be spawned from
+.Nm
+within an interval of 60 seconds for a given IP address.
+Other address types may also work if supported by
+.Xr getnameinfo 3 ,
+test thoroughly using
+.Fl d .
+For example, connections from unnamed Unix sockets
+do not work, but connections from named Unix sockets may work.
+However, there is no way to only accept named Unix sockets.
+.It Sy user
+The user to run the program as.
+Equivalent to
+.Em user
+in positional notation.
+.It Sy group
+The primary group to run the program as.
+Equivalent to
+.Em group
+in positional notation.
+.It Sy exec
+The path to the program's executable or
+.Dq internal
+for a built-in service.
+If not specified, this will be assumed to be
+.Dq internal
+(and will fail if
+.Em socktype
+is not specified).
+.It Sy args
+The program arguments.
+By convention, the first argument should be the name of the program.
+.It Sy ipsec
+An IPsec policy string.
+Defaults to the global default setting.
+If specified without a value (i.e.,
+.Dq ipsec=, ) ,
+IPsec will be disabled for this service.
+See the
+.Sx Directives
+section for details.
+Currently only one value is allowed, so all IPsec policies
+should be in a quoted string, separated by semicolons.
+.El
+.Ss Directives
+<listen-addr>:
+.Pp
+To avoid the need to repeat listen addresses over and over again,
+listen addresses are inherited from line to line, and the listen
+address can be changed without defining a service by including a line
+containing just a
+.Em listen-addr
+followed by a colon.
+The default (compatible with historical configuration files) is \&*.
+To return to this behavior after configuring some services with
+specific listen addresses, give \&* explicitly.
+.Pp
+.Li "#@"
+[<IPsec policy>] [; [<IPsec policy>]] ...
+.Pp
+The implementation includes a tiny hack to support IPsec policy settings for
+each socket.
+A special form of the comment line, starting with
+.Dq Li "#@" ,
+is used as a policy specifier.
+The content of the above comment line will be treated as a IPsec policy string,
+as described in
+.Xr ipsec_set_policy 3 .
+Multiple IPsec policy strings may be specified by using a semicolon
+as a separator.
+If conflicting policy strings are found in a single line,
+the last string will take effect.
+IPsec policy strings are not parsed in
+comments within a key-values service definition.
+A
+.Li "#@"
+line affects all of the subsequent lines in the same config file,
+so you may want to reset the IPsec policy by using a comment line containing
+only
+.Li "#@"
+.Pq with no policy string .
+.Pp
+If an invalid IPsec policy string appears in a config file,
+.Nm
+logs an error message using
+.Xr syslog 3
+and stops reading the current config file, but may continue reading
+from other files not affected by the IPsec directive.
+.Pp
+\&.include <glob-path>
+.Pp
+Other files can be read by inetd by specifying an include directive in an inetd
+config file.
+.Em glob-path
+is an
+absolute path or a path relative (including parent directories) to the directory
+containing the current config
+file, and may contain glob patterns as specified by
+.Xr glob 7 .
+.Pp
+To include a specific file, include the relative or absolute path of the file.
+To include all files in a directory,
+.Em glob-path
+should be the directory of the files to include followed by "/*".
+.Pp
+The listening address and IPsec configuration strings of the current config file
+are inherited by files included by this directive.
+.Pp
+Files included by this directive using a glob path match are not read in a
+specific order.
+If a specific order is desired, files or directories should be
+included individually without the use of glob patterns.
+Behavior is undefined if
+multiple include directives include the same file and
+this should be avoided.
+Circular references are caught by
+.Nm .
+Anything after
+.Em glob-path
+on the same line is ignored.
+.Em glob-path
+may be in quotes.
+.Ss Internal Services
+.Nm
+provides several
+.Qq trivial
+services internally by use of routines within itself.
+These services are
+.Qq echo ,
+.Qq discard ,
+.Qq chargen
+(character generator),
+.Qq daytime
+(human readable time), and
+.Qq time
+(machine readable time,
+in the form of the number of seconds since midnight, January 1, 1900 GMT).
+For details of these services, consult the appropriate
+.Tn RFC .
+.Pp
+TCP services without official port numbers can be handled with the
+RFC1078-based tcpmux internal service.
+TCPmux listens on port 1 for requests.
+When a connection is made from a foreign host, the service name
+requested is passed to TCPmux, which performs a lookup in the
+service name table provided by
+.Pa /etc/inetd.conf
+and returns the proper entry for the service.
+TCPmux returns a negative reply if the service doesn't exist,
+otherwise the invoked server is expected to return the positive
+reply if the service type in
+.Pa /etc/inetd.conf
+file has the prefix
+.Qq tcpmux/ .
+If the service type has the
+prefix
+.Qq tcpmux/+ ,
+TCPmux will return the positive reply for the
+process; this is for compatibility with older server code, and also
+allows you to invoke programs that use stdin/stdout without putting any
+special server code in them.
+Services that use TCPmux are
+.Qq nowait
+because they do not have a well-known port number and hence cannot listen
+for new requests.
+.Pp
+.Nm
+rereads its configuration file when it receives a hangup signal,
+.Dv SIGHUP .
+Services may be added, deleted or modified when the configuration file
+is reread.
+.Nm
+creates a file
+.Em /var/run/inetd.pid
+that contains its process identifier.
+.Ss libwrap
+Support for
+.Tn TCP
+wrappers is included with
+.Nm
+to provide internal tcpd-like access control functionality.
+An external tcpd program is not needed.
+You do not need to change the
+.Pa /etc/inetd.conf
+server-program entry to enable this capability.
+.Nm
+uses
+.Pa /etc/hosts.allow
+and
+.Pa /etc/hosts.deny
+for access control facility configurations, as described in
+.Xr hosts_access 5 .
+.Pp
+.Em Nota Bene :
+.Tn TCP
+wrappers do not affect/restrict
+.Tn UDP
+or internal services.
+.Ss IPv6 TCP/UDP behavior
+If you wish to run a server for both IPv4 and IPv6 traffic,
+you will need to run two separate processes for the same server program,
+specified as two separate lines in
+.Pa /etc/inetd.conf
+using
+.Dq tcp4
+and
+.Dq tcp6
+respectively.
+In positional syntax, plain
+.Dq tcp
+means TCP on top of the current default IP version,
+which is, at this moment, IPv4.
+.Pp
+Under various combination of IPv4/v6 daemon settings,
+.Nm
+will behave as follows:
+.Bl -bullet -compact
+.It
+If you have only one server on
+.Dq tcp4 ,
+IPv4 traffic will be routed to the server.
+IPv6 traffic will not be accepted.
+.It
+If you have two servers on
+.Dq tcp4
+and
+.Dq tcp6 ,
+IPv4 traffic will be routed to the server on
+.Dq tcp4 ,
+and IPv6 traffic will go to server on
+.Dq tcp6 .
+.It
+If you have only one server on
+.Dq tcp6 ,
+only IPv6 traffic will be routed to the server.
+The kernel may route to the server IPv4 traffic as well,
+under certain configuration.
+See
+.Xr ip6 4
+for details.
+.El
+.Sh FILES
+.Bl -tag -width /etc/hosts.allow -compact
+.It Pa /etc/inetd.conf
+configuration file for all
+.Nm
+provided services
+.It Pa /etc/services
+service name to protocol and port number mappings.
+.It Pa /etc/protocols
+protocol name to protocol number mappings
+.It Pa /etc/rpc
+.Tn Sun-RPC
+service name to service number mappings.
+.It Pa /etc/hosts.allow
+explicit remote host access list.
+.It Pa /etc/hosts.deny
+explicit remote host denial of service list.
+.El
+.Sh SEE ALSO
+.Xr hosts_access 5 ,
+.Xr hosts_options 5 ,
+.Xr protocols 5 ,
+.Xr rpc 5 ,
+.Xr services 5 ,
+.Xr comsat 8 ,
+.Xr fingerd 8 ,
+.Xr ftpd 8 ,
+.Xr rexecd 8 ,
+.Xr rlogind 8 ,
+.Xr rshd 8 ,
+.Xr telnetd 8 ,
+.Xr tftpd 8
+.Rs
+.%A J. Postel
+.%R RFC
+.%N 862
+.%D May 1983
+.%T "Echo Protocol"
+.Re
+.Rs
+.%A J. Postel
+.%R RFC
+.%N 863
+.%D May 1983
+.%T "Discard Protocol"
+.Re
+.Rs
+.%A J. Postel
+.%R RFC
+.%N 864
+.%D May 1983
+.%T "Character Generator Protocol"
+.Re
+.Rs
+.%A J. Postel
+.%R RFC
+.%N 867
+.%D May 1983
+.%T "Daytime Protocol"
+.Re
+.Rs
+.%A J. Postel
+.%A K. Harrenstien
+.%R RFC
+.%N 868
+.%D May 1983
+.%T "Time Protocol"
+.Re
+.Rs
+.%A M. Lottor
+.%R RFC
+.%N 1078
+.%D November 1988
+.%T "TCP port service Multiplexer (TCPMUX)"
+.Re
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.3 .
+Support for
+.Em Sun-RPC
+based services is modeled after that
+provided by SunOS 4.1.
+Support for specifying the socket buffer sizes was added in
+.Nx 1.4 .
+In November 1996, libwrap support was added to provide
+internal tcpd-like access control functionality;
+libwrap is based on Wietse Venema's tcp_wrappers.
+IPv6 support and IPsec hack was made by KAME project, in 1999.
+.Sh BUGS
+Host address specifiers, while they make conceptual sense for RPC
+services, do not work entirely correctly.
+This is largely because the portmapper interface does not provide
+a way to register different ports for the same service on different
+local addresses.
+Provided you never have more than one entry for a given RPC service,
+everything should work correctly (Note that default host address
+specifiers do apply to RPC lines with no explicit specifier.)
+.Pp
+.Em tcpmux
+on IPv6 is not tested enough.
+.Pp
+For automatic IP version detection in key-values syntax (see the
+.Em protocol
+key), addresses with an interface specifier in the form <address>%<iface>
+are not currently supported, as addresses of that form are not parsed by
+.Xr inet_pton 3 .
+.Pp
+If a positional service definition has an invalid parameter and extends
+across multiple lines using tab characters, the subsequent lines after the
+error are treated as new service definitions.
+.Sh SECURITY CONSIDERATIONS
+Enabling the
+.Dq echo ,
+.Dq discard ,
+and
+.Dq chargen
+built-in trivial services is not recommended because remote
+users may abuse these to cause a denial of network service to
+or from the local host.