From 3c68a89c755c31d6d3feb671550c6c84c2cecd21 Mon Sep 17 00:00:00 2001 From: sheldonh Date: Tue, 29 Feb 2000 17:36:44 +0000 Subject: Remove broken hard sentence breaks, which mess up the typeset output. --- usr.sbin/inetd/inetd.8 | 48 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 16 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8 index 1d91cd9..a644905 100644 --- a/usr.sbin/inetd/inetd.8 +++ b/usr.sbin/inetd/inetd.8 @@ -81,7 +81,8 @@ Turn on debugging. .It Fl l Turn on logging. .It Fl w -Turn on TCP Wrapping for external services. See the +Turn on TCP Wrapping for external services. +See the .Sx "IMPLEMENTATION NOTES" section for more information on TCP Wrappers support. .It Fl W @@ -211,7 +212,8 @@ the file .Pa /etc/rpc . The part on the right of the .Dq / -is the RPC version number. This +is the RPC version number. +This can simply be a single numeric argument or a range of versions. A range is bounded by the low version to the high version - .Dq rusers/1-3 . @@ -365,10 +367,13 @@ service may be explicitly specified by appending a .Dq / followed by the number to the .Dq nowait -keyword. Normally -(or if a value of zero is specified) there is no maximum. Otherwise, +keyword. +Normally +(or if a value of zero is specified) there is no maximum. +Otherwise, once the maximum is reached, further connection attempts will be -queued up until an existing child process exits. This also works +queued up until an existing child process exits. +This also works in the case of .Dq wait mode, although a value other than one (the @@ -378,7 +383,8 @@ for a given IP address by appending a .Dq / followed by the number to the maximum number of -outstanding child processes. Once the maximum is reached, further +outstanding child processes. +Once the maximum is reached, further connections from this IP address will be dropped until the end of the minute. .Pp @@ -436,11 +442,13 @@ looking up the user name fails, return a default user name to the requesting ident client. This is primarily useful when running this service on a NAT machine. .It Fl t Ar sec[.usec] -Specify a timeout for the service. The default timeout is 10.0 seconds. +Specify a timeout for the service. +The default timeout is 10.0 seconds. .It Fl r Offer a real .Dq auth -service, as per RFC 1413. All the remaining flags apply only in this case. +service, as per RFC 1413. +All the remaining flags apply only in this case. .It Fl f If the file .Pa .fakeid @@ -533,24 +541,28 @@ or .Dq dgram except for .Dq internal -services. If the +services. +If the .Fl W option is given, such .Dq internal -services will be wrapped. If both options are given, wrapping for both +services will be wrapped. +If both options are given, wrapping for both internal and external services will be enabled. .Pp If the .Fl l option is specified, all connection attempts are logged, whether they are -allowed, denied or not wrapped at all. Otherwise, only denied requests will +allowed, denied or not wrapped at all. +Otherwise, only denied requests will be logged. .Pp Note that .Nm only wraps requests for a .Dq wait -service while no servers are available to service requests. Once a +service while no servers are available to service requests. +Once a connection to such a service has been allowed, inetd has no control over subsequent connections to the service until no more servers are left listening for connection requests. @@ -563,7 +575,8 @@ For more information on TCP Wrappers; see the relevant documentation ( ). When reading that document, keep in mind that .Dq internal -services have no associated daemon name. Therefore, the service name +services have no associated daemon name. +Therefore, the service name as specified in .Pa inetd.conf should be used as the daemon name for @@ -658,7 +671,8 @@ Important error messages and their explanations are: .No " server failing (looping), service terminated." .Xc The number of requests for the specified service in the past minute -exceeded the limit. The limit exists to prevent a broken program +exceeded the limit. +The limit exists to prevent a broken program or a malicious user from swamping the system. This message may occur for several reasons: .Bl -enum -offset indent @@ -697,10 +711,12 @@ No entry for .Ar user exists in the .Xr passwd 5 -database. The first message +database. +The first message occurs when .Nm -(re)reads the configuration file. The second message occurs when the +(re)reads the configuration file. +The second message occurs when the service is invoked. .Pp .It Xo -- cgit v1.1