English Chinese (Simplified) (zh_CN)
This section covers the basics of configuring inetd.
Configuration of inetd is done by editing [.filename]#/etc/inetd.conf#. Each line of this configuration file represents an application which can be started by inetd. By default, every line starts with a comment (`#`), meaning that inetd is not listening for any applications. To configure inetd to listen for an application's connections, remove the `#` at the beginning of the line for that application.
After saving your edits, configure inetd to start at system boot by editing [.filename]#/etc/rc.conf#:
inetd_enable="YES"
inetd_enable="YES"
To start inetd now, so that it listens for the service you configured, type:
# service inetd start
Once inetd is started, it needs to be notified whenever a modification is made to [.filename]#/etc/inetd.conf#:
Reloading the inetd Configuration File
# service inetd reload
Typically, the default entry for an application does not need to be edited beyond removing the `#`. In some situations, it may be appropriate to edit the default entry.
As an example, this is the default entry for man:ftpd[8] over IPv4:
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
service-name
socket-type
protocol
{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
user[:group][/login-class]
server-program
server-program-arguments
service-name
socket-type
protocol
{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
user[:group][/login-class]
server-program
server-program-arguments
The service name of the daemon to start. It must correspond to a service listed in [.filename]#/etc/services#. This determines which port inetd listens on for incoming connections to that service. When using a custom service, it must first be added to [.filename]#/etc/services#.
Either `stream`, `dgram`, `raw`, or `seqpacket`. Use `stream` for TCP connections and `dgram` for UDP services.
| Protocol Name
| Explanation


|tcp or tcp4
|TCP IPv4

|udp or udp4
|UDP IPv4

|tcp6
|TCP IPv6

|udp6
|UDP IPv6

|tcp46
|Both TCP IPv4 and IPv6

|udp46
|Both UDP IPv4 and IPv6
{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]:: In this field, `wait` or `nowait` must be specified. `max-child`, `max-connections-per-ip-per-minute` and `max-child-per-ip` are optional.
`wait|nowait` indicates whether or not the service is able to handle its own socket. `dgram` socket types must use `wait` while `stream` daemons, which are usually multi-threaded, should use `nowait`. `wait` usually hands off multiple sockets to a single daemon, while `nowait` spawns a child daemon for each new socket.
The maximum number of child daemons inetd may spawn is set by `max-child`. For example, to limit ten instances of the daemon, place a `/10` after `nowait`. Specifying `/0` allows an unlimited number of children.
`max-connections-per-ip-per-minute` limits the number of connections from any particular IP address per minute. Once the limit is reached, further connections from this IP address will be dropped until the end of the minute. For example, a value of `/10` would limit any particular IP address to ten connection attempts per minute. `max-child-per-ip` limits the number of child processes that can be started on behalf on any single IP address at any moment. These options can limit excessive resource consumption and help to prevent Denial of Service attacks. <option>max-connections-per-ip-minute</option>限制来自特定的<acronym>IP</acronym>地址每分钟的连接数。一旦达到限制值,来自该IP地址的后续连接将被中断,一分钟后恢复正常。例如,<literal>/10</literal>的值将限制特定的<acronym>IP</acronym>地址每分钟的连接尝试次数为10次。<option>max-child-per-ip</option>限制了在任何时刻代表任何单个<acronym>IP</acronym>地址启动的子进程数量。这些选项可以限制过多的资源消耗,并有助于防止拒绝服务攻击。