Bug 12809

Summary: inetd: refuses connections after SIGHUP (TCP Wrappers related)
Product: Base System Reporter: gerti-FreeBSD <gerti-FreeBSD>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description gerti-FreeBSD 1999-07-25 22:20:00 UTC 
After sending a SIGHUP to inetd (via killall -HUP inetd) inetd is refusing connections it previously accepted. Apparently the build in TCP wrappers get something crossed.

Error messages look like:

Jul 25 16:00:04 central inetd[17407]: refused connection from 194.126.15.215, service smtp (tcp)

Fix: 

Workaround: Don't use SIGHUP with inetd...
How-To-Repeat: Below my inetd.conf, hosts.allow and hosts.deny (I know that deny should not be needed anymore, but due to historical reasons those are the files on the problem machine). After a reboot inetd accepts smtp connections, but stops doing so after it received a SIGHUP.

-------/etc/inetd.conf-------
#	$Id: inetd.conf,v 1.33 1998/12/01 22:01:59 dillon Exp $
#
# Internet server configuration database
#
#	@(#)inetd.conf	5.4 (Berkeley) 6/30/90
#
ftp	stream	tcp	nowait	root	/usr/libexec/ftpd	ftpd -l
telnet	stream	tcp	nowait	root	/usr/libexec/telnetd	telnetd
shell	stream	tcp	nowait	root	/usr/libexec/rshd	rshd
login	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind
#finger	stream	tcp	nowait/3/10 nobody /usr/libexec/fingerd	fingerd -s
#exec	stream	tcp	nowait	root	/usr/libexec/rexecd	rexecd
#uucpd	stream	tcp	nowait	root	/usr/libexec/uucpd	uucpd
#nntp	stream	tcp	nowait	usenet	/usr/libexec/nntpd	nntpd
# run comsat as root to be able to print partial mailbox contents w/ biff,
# or use the safer tty:tty to just print that new mail has been received.
#comsat	dgram	udp	wait	tty:tty	/usr/libexec/comsat	comsat
#ntalk	dgram	udp	wait	tty:tty	/usr/libexec/ntalkd	ntalkd
#tftp	dgram	udp	wait	nobody	/usr/libexec/tftpd	tftpd /tftpboot
#bootps	dgram	udp	wait	root	/usr/libexec/bootpd	bootpd
#
# "Small servers" -- used to be standard on, but we're more conservative
# about things due to Internet security concerns.  Only turn on what you
# need.
#
#daytime stream	tcp	nowait	root	internal
#daytime dgram	udp	wait	root	internal
#time	stream	tcp	nowait	root	internal
#time	 dgram	udp	wait	root	internal
#echo	stream	tcp	nowait	root	internal
#echo	dgram	udp	wait	root	internal
#discard stream	tcp	nowait	root	internal
#discard dgram	udp	wait	root	internal
#chargen stream	tcp	nowait	root	internal
#chargen dgram	udp	wait	root	internal
#
# Kerberos authenticated services
#
#klogin	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k
#eklogin stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k -x
#kshell	stream	tcp	nowait	root	/usr/libexec/rshd	rshd -k
#kip	stream	tcp	nowait	root	/usr/libexec/kipd	kipd
#
# CVS servers - for master CVS repositories only!
#
#cvspserver	stream	tcp	nowait	root	/usr/bin/cvs	cvs pserver
#cvs		stream	tcp	nowait	root	/usr/bin/cvs	cvs kserver
#
# RPC based services (you MUST have portmapper running to use these)
#
#rstatd/1-3	dgram rpc/udp wait root	/usr/libexec/rpc.rstatd	 rpc.rstatd
#rusersd/1-2	dgram rpc/udp wait root	/usr/libexec/rpc.rusersd rpc.rusersd
#walld/1	dgram rpc/udp wait root	/usr/libexec/rpc.rwalld	 rpc.rwalld
#pcnfsd/1-2	dgram rpc/udp wait root	/usr/libexec/rpc.pcnfsd	 rpc.pcnfsd	
#rquotad/1	dgram rpc/udp wait root	/usr/libexec/rpc.rquotad rpc.rquotad
#sprayd/1	dgram rpc/udp wait root	/usr/libexec/rpc.sprayd	 rpc.sprayd
#
# example entry for the optional pop3 server
#
#pop3	stream	tcp	nowait	root	/usr/local/libexec/popper	popper
#
# example entry for the optional imap4 server
#
#imap4	stream	tcp	nowait	root	/usr/local/libexec/imapd	imapd
#
# Return error for all "ident" requests
#
#ident	stream	tcp	nowait	root	internal
#
# example entry for the optional ident server
#
#ident	stream	tcp	wait	kmem:kmem	/usr/local/sbin/identd	identd -w -t120
#
# example entry for the optional qmail MTA
#
#smtp	stream	tcp	nowait	qmaild	/var/qmail/bin/tcp-env	tcp-env /var/qmail/bin/qmail-smtpd
#
# Enable the following two entries to enable samba startup from inetd
# (from the Samba documentation).
#
#netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd 
#netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd 
#
smtp	stream	tcp	nowait	qmaild	/usr/local/qmail/bin/tcp-env	tcp-env /usr/local/qmail/bin/qmail-smtpd
#
# pop3
#
pop3 stream tcp nowait root /usr/local/qmail/bin/qmail-popup qmail-popup central.interfaxx.com /usr/local/bin/checkpassword /usr/local/qmail/bin/qmail-pop3d Maildir
-------/etc/hosts.allow-------
ALL: 206.103.221.32/255.255.255.240
ALL: 208.134.252.0/255.255.255.0
in.smtp: ALL
qmail-popup: ALL
tcp-env: ALL
-------/etc/hosts.deny-------
ALL: ALL
Comment 1 Sheldon Hearn freebsd_committer freebsd_triage 1999-07-26 07:55:35 UTC 
State Changed
From-To: open->closed

Fixed in 3.2-STABLE, in rev 1.46.2.5 of inetd.c, but rather use the 
latest RELENG_3 sources, since that commit introduced another bug. :-)