1.\" $NetBSD: rc.conf.5,v 1.194 2024/10/02 15:56:37 roy Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd October 2, 2024 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Ql YES , 127.Ql TRUE , 128.Ql ON 129or 130.Ql 1 131for true, and 132.Ql NO , 133.Ql FALSE , 134.Ql OFF 135or 136.Ql 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with 141.Dq _flags 142appended, and determine what 143arguments are passed to the program if it is enabled. 144.Pp 145If a variable that 146.Xr rc 8 147expects to be set is not set, or the value is not one of the allowed 148values, a warning will be printed. 149.Ss Overall control 150.Bl -tag -width net_interfaces 151.It Sy do_rcshutdown 152Boolean value. 153If false, 154.Xr shutdown 8 155will not run 156.Pa /etc/rc.shutdown . 157.It Sy rcshutdown_rcorder_flags 158A string. 159Extra arguments to the 160.Xr rcorder 8 161run by 162.Pa /etc/rc.shutdown . 163.It Sy rcshutdown_timeout 164A number. 165If non-blank, use this as the number of seconds to run a watchdog timer for 166which will terminate 167.Pa /etc/rc.shutdown 168if the timer expires before the shutdown script completes. 169.It Sy rc_configured 170Boolean value. 171If false then the system will drop into single-user mode during boot. 172.It Sy rc_fast_and_loose 173If set to a non-empty string, 174each script in 175.Pa /etc/rc.d 176will be executed in the current shell rather than a sub shell. 177This may be faster on slow machines that have an expensive 178.Xr fork 2 179operation. 180.Bl -hang 181.It Em Note : 182Use this at your own risk! 183A rogue command or script may inadvertently prevent boot to multiuser. 184.El 185.It Sy rc_rcorder_flags 186A string. 187Extra arguments to the 188.Xr rcorder 8 189run by 190.Pa /etc/rc . 191.It Sy rc_directories 192A string. 193Space separated list of directories searched for rc scripts. 194The default is 195.Pa /etc/rc.d . 196All directories in 197.Ev rc_directories 198must be located in the root file system, otherwise they will be silently 199skipped. 200.It Sy rc_silent 201Boolean value. 202If true then the usual output is suppressed, and 203.Xr rc 8 204invokes the command specified in the 205.Va rc_silent_cmd 206variable once for each line of suppressed output. 207The default value of 208.Va rc_silent 209is set from the 210.Dv AB_SILENT 211flag in the kernel's 212.Va boothowto 213variable (see 214.Xr boot 8 , 215.Xr reboot 2 ) . 216.It Sy rc_silent_cmd 217A command to be executed once per line of suppressed output, when 218.Va rc_silent 219is true. 220The default value of 221.Va rc_silent_cmd 222is 223.Ql twiddle , 224which will display a spinning symbol instead of each line of output. 225Another useful value is 226.Ql \&: , 227which will display nothing at all. 228.El 229.Ss Basic network configuration 230.Bl -tag -width net_interfaces 231.It Sy defaultroute 232A string. 233Default IPv4 network route. 234If empty or not set, then the contents of 235.Pa /etc/mygate 236(if it exists) are used. 237.It Sy defaultroute6 238A string. 239Default IPv6 network route. 240If empty or not set, then the contents of 241.Pa /etc/mygate6 242(if it exists) are used. 243.It Sy domainname 244A string. 245NIS (YP) domain of host. 246If empty or not set, then the contents of 247.Pa /etc/defaultdomain 248(if it exists) are used. 249.It Sy force_down_interfaces 250A space separated list of interface names. 251These interfaces will be configured down when going from multiuser to single-user 252mode or on system shutdown. 253.It Sy dns_domain 254A string. 255Sets domain in 256.Pa /etc/resolv.conf . 257.It Sy dns_search 258A string. 259Sets search in 260.Pa /etc/resolv.conf . 261.It Sy dns_nameservers 262A string of space separated domain name servers. 263Sets nameserver for each value in 264.Pa /etc/resolv.conf . 265.It Sy dns_sortlist 266A string. 267Sets sortlist in 268.Pa /etc/resolv.conf . 269.It Sy dns_options 270A string. 271Sets options in 272.Pa /etc/resolv.conf . 273.It Sy dns_metric 274An unsigned integer. 275Sets the priority of the above DNS to other sources, lowest wins. 276Defaults to 0. 277.Pp 278This is important for some stateful interfaces, for example PPPoE interfaces 279which have no direct means of noticing 280.Dq disconnect 281events. 282.Pp 283All active 284.Xr pppoe 4 285interfaces will be automatically added to this list. 286.It Sy hostname 287A string. 288Name of host. 289If empty or not set, then the contents of 290.Pa /etc/myname 291(if it exists) are used. 292.El 293.Ss Boottime file-system and swap configuration 294.Bl -tag -width net_interfaces 295.It Sy critical_filesystems_local 296A string. 297File systems mounted very early in the system boot before networking 298services are available. 299Usually 300.Pa /var 301is part of this, because it is needed by services such as 302.Xr dhcpcd 8 303which may be required to get the network operational. 304The default is 305.Ql "OPTIONAL:" Ns Pa /var , 306where the 307.Ql "OPTIONAL:" 308prefix means that it's not an error if the file system is not 309present in 310.Xr fstab 5 . 311.It Sy critical_filesystems_remote 312A string. 313File systems such as 314.Pa /usr 315that may require network services to be available to mount, 316that must be available early in the system boot for general services to use. 317The default is 318.Ql "OPTIONAL:" Ns Pa /usr , 319where the 320.Ql "OPTIONAL:" 321prefix means that it is not an error if the file system is not 322present in 323.Xr fstab 5 . 324.It Sy critical_filesystems_zfs 325A string. 326Mount non-legacy ZFS file systems right after mounting local 327file systems listed in 328.Sy critical_filesystems_local 329variable. 330An entry can be prefixed with 331.Ql "OPTIONAL:" 332which means that it is not an error if the file system is not present 333among available ZFS datasets. 334The default is ''. 335.It Sy fsck_flags 336A string. 337A file system is checked with 338.Xr fsck 8 339during boot before mounting it. 340This option may be used to override the default command-line options 341passed to the 342.Xr fsck 8 343program. 344.Pp 345When set to 346.Fl y , 347.Xr fsck 8 348assumes yes as the answer to all operator questions during file system checks. 349This might be important with hosts where the administrator does not have 350access to the console and an unsuccessful shutdown must not make the host 351unbootable even if the file system checks would fail in preen mode. 352.It Sy modules 353Boolean value. 354If true, loads the modules specified in 355.Xr modules.conf 5 . 356.It Sy no_swap 357Boolean value. 358Should be true if you have deliberately configured your system with no swap. 359If false and no swap devices are configured, the system will warn you. 360.It Sy resize_root 361Boolean value. 362Set to true to have the system resize the root file system to fill its 363partition. 364Will only attempt to resize the root file system if it is of type ffs and does 365not have logging enabled. 366Defaults to false. 367.It Sy swapoff 368Boolean value. 369Remove block-type swap devices at shutdown time. 370Useful if swapping onto RAIDframe devices. 371.It Sy swapoff_umount 372.Dq "auto" 373or 374.Dq "manual" . 375Before removing block-type swap devices, it is wise to unmount tmpfs filesystems to avoid having to swap their contents back into RAM. 376By default 377.Dq ( "auto" ) 378all tmpfs filesystems that contain no device nodes are unmounted. 379Set to 380.Dq "manual" 381to explicitly specify which filesystems to unmount before removing swap. 382.It Sy swapoff_umount_fs 383A space-separated list of absolute paths to tmpfs mount points. 384If 385.Sy swapoff_umount 386is set to 387.Dq "manual" , 388these tmpfs filesystems will be forcibly unmounted before removing block-type 389swap devices. 390.It Sy var_shm_symlink 391A path. 392If set, names a path that 393.Pa /var/shm 394will be symlinked to. 395.Pp 396The path needs to live on a tmpfs file system. 397A typical value (assuming 398.Pa /tmp 399is mounted on tmpfs) would be 400.Pa /tmp/.shm . 401.El 402.Ss Block device subsystems 403.Bl -tag -width net_interfaces 404.It Sy ccd 405Boolean value. 406Configures concatenated disk devices according to 407.Xr ccd.conf 5 . 408.It Sy cgd 409Boolean value. 410Configures cryptographic disk devices. 411Requires 412.Pa /etc/cgd/cgd.conf . 413See 414.Xr cgdconfig 8 415for additional details. 416.It Sy lvm 417Boolean value. 418Configures the logical volume manager. 419See 420.Xr lvm 8 421for additional details. 422.It Sy raidframe 423Boolean value. 424Configures 425.Xr raid 4 , 426RAIDframe disk devices. 427See 428.Xr raidctl 8 429for additional details. 430.It Sy zfs 431Boolean value. 432Configures ZFS storage pools and ZFS file systems. 433.El 434.Ss One-time actions to perform or programs to run on boot-up 435.Bl -tag -width net_interfaces 436.It Sy accounting 437Boolean value. 438Enables process accounting with 439.Xr accton 8 . 440Requires 441.Pa /var/account/acct 442to exist. 443.It Sy clear_tmp 444Boolean value. 445Clear 446.Pa /tmp 447after reboot. 448.It Sy dmesg 449Boolean value. 450Create 451.Pa /var/run/dmesg.boot 452from the output of 453.Xr dmesg 8 . 454Passes 455.Sy dmesg_flags . 456.It Sy entropy 457A string, either 458.Sq Li check , 459.Sq Li wait , 460or 461.Sq Li "" 462(empty). 463If set and nonempty, then during boot-up, after 464.Sy random_seed 465and 466.Sy rndctl , 467check for or wait until enough entropy before any networking is 468enabled. 469.Pp 470If not enough entropy is available, then: 471.Bl -bullet -compact 472.It 473With 474.Sq Li entropy=check , 475stop multiuser boot and enter single-user mode instead. 476.It 477With 478.Sq Li entropy=wait , 479wait until enough entropy is available. 480.El 481.Pp 482Note that 483.Sq Li entropy=wait 484may cause the system to hang indefinitely at boot if it has neither a 485random seed nor any hardware random number generators \(em use with 486care. 487.Pp 488If empty or not set, the system may come to multiuser without entropy, 489which is unsafe to use on the internet; it is the operator's 490responsibility to heed warnings from the kernel and the daily 491.Xr security.conf 5 492report to remedy the problem \(em see 493.Xr entropy 7 . 494.It Sy envsys 495Boolean value. 496Sets preferences for the environmental systems framework, 497.Xr envsys 4 . 498Requires 499.Pa /etc/envsys.conf , 500which is described in 501.Xr envsys.conf 5 . 502.It Sy gpio 503Boolean value. 504Configure 505.Xr gpio 4 506devices. 507See 508.Xr gpio.conf 5 . 509.It Sy ldconfig 510Boolean value. 511Configures 512.Xr a.out 5 513runtime link editor directory cache. 514.It Sy mixerctl 515Boolean value. 516Read 517.Xr mixerctl.conf 5 518for how to set mixer values. 519List in 520.Sy mixerctl_mixers 521the devices whose settings are to be saved at shutdown and 522restored at start-up. 523.It Sy newsyslog 524Boolean value. 525Run 526.Nm newsyslog 527to trim log files before syslogd starts. 528Intended for laptop users. 529Passes 530.Sy newsyslog_flags . 531.It Sy per_user_tmp 532Boolean value. 533Enables a per-user 534.Pa /tmp 535directory. 536.Sy per_user_tmp_dir 537can be used to override the default location of the 538.Dq real 539temporary directories, 540.Pa /private/tmp . 541See 542.Xr security 7 543for additional details. 544.It Sy quota 545Boolean value. 546Checks and enables quotas by running 547.Xr quotacheck 8 548and 549.Xr quotaon 8 . 550.It Sy random_seed 551Boolean value. 552During boot-up, runs the 553.Xr rndctl 8 554utility with the 555.Fl L 556flag to seed the random number subsystem from an entropy file. 557During shutdown, runs the 558.Xr rndctl 8 559utility with the 560.Fl S 561flag to save some random information to the entropy file. 562The entropy file name is specified by the 563.Sy random_file 564variable, and defaults to 565.Pa /var/db/entropy-file . 566The entropy file must be on a local file system that is writable early during 567boot-up (just after the file systems specified in 568.Sy critical_filesystems_local 569have been mounted), and correspondingly late during shutdown. 570.It Sy rndctl 571Boolean value. 572Runs the 573.Xr rndctl 8 574utility one or more times according to the specification in 575.Sy rndctl_flags . 576.Pp 577If 578.Sy rndctl_flags 579does not contain a semicolon 580.Pq Ql \&; 581then it is expected to contain zero or more flags, 582followed by one or more device or type names. 583The 584.Xr rndctl 8 585command will be executed once for each device or type name. 586If the specified flags do not include any of 587.Fl c , C , e , 588or 589.Fl E , 590then the flags 591.Fl c 592and 593.Fl e 594are added, to specify that entropy from the relevant device or type 595should be both collected and estimated. 596If the specified flags do not include either of 597.Fl d 598or 599.Fl t , 600then the flag 601.Fl d 602is added, to specify that the non-flag arguments are device names, 603not type names. 604.Pp 605.Sy rndctl_flags 606may contain multiple semicolon-separated segments, in which each 607segment contains flags and device or type names as described above. 608This allows different flags to be associated with different 609device or type names. 610For example, given 611.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 612the following commands will be executed: 613.Li "rndctl -c -e -d wd0" ; 614.Li "rndctl -c -e -d wd1" ; 615.Li "rndctl -c -e -t tty" ; 616.Li "rndctl -c -t net" . 617.It Sy rtclocaltime 618Boolean value. 619Sets the real time clock to local time by adjusting the 620.Xr sysctl 7 621value of 622.Pa kern.rtc_offset . 623The offset from UTC is calculated automatically according 624to the time zone information in the file 625.Pa /etc/localtime . 626.It Sy savecore 627Boolean value. 628Runs the 629.Xr savecore 8 630utility. 631Passes 632.Sy savecore_flags . 633The directory where crash dumps are stored is specified by 634.Sy savecore_dir . 635The default setting is 636.Pa /var/crash . 637.It Sy sysdb 638Boolean value. 639Builds various system databases, including 640.Pa /var/run/dev.cdb , 641.Pa /etc/spwd.db , 642.Pa /var/db/netgroup.db , 643.Pa /var/db/services.cdb , 644and entries for 645.Xr utmp 5 . 646.It Sy tpctl 647Boolean value. 648Run 649.Xr tpctl 8 650to calibrate touch panel device. 651Passes 652.Sy tpctl_flags . 653.It Sy update_motd 654Boolean value. 655Updates the 656.Nx 657version string in the 658.Pa /etc/motd 659file to reflect the version of the running kernel. 660See 661.Xr motd 5 . 662.It Sy update_motd_release 663Boolean value. 664If enabled in addition to 665.Sy update_motd , 666updates a second 667.Nx 668version string in the 669.Pa /etc/motd 670file to reflect the version, architecture, and Build ID of 671the installed userland. 672An optional prefix can be provided for this version string in 673.Sy motd_release_tag . 674.It Sy virecover 675Boolean value. 676Send notification mail to users if any recoverable files exist in 677.Pa /var/tmp/vi.recover . 678Read 679.Xr virecover 8 680for more information. 681.It Sy wdogctl 682Boolean value. 683Configures watchdog timers. 684Passes 685.Sy wdogctl_flags . 686Refer to 687.Xr wdogctl 8 688for information on how to configure a timer. 689.El 690.Ss System security settings 691.Bl -tag -width net_interfaces 692.It Sy securelevel 693A number. 694The system securelevel is set to the specified value early 695in the boot process, before any external logins, or other programs 696that run users job, are started. 697If set to nothing, the default action is taken, as described in 698.Xr init 8 699and 700.Xr secmodel_securelevel 9 , 701which contains definitive information about the system securelevel. 702Note that setting 703.Sy securelevel 704to 0 in 705.Nm 706will actually result in the system booting with securelevel set to 1, as 707.Xr init 8 708will raise the level when 709.Xr rc 8 710completes. 711.It Sy permit_nonalpha 712Boolean value. 713Allow passwords to include non-alpha characters, usually to allow 714NIS/YP netgroups. 715.It Sy veriexec 716Boolean value. 717Load Veriexec fingerprints during startup. 718Read 719.Xr veriexecctl 8 720for more information. 721.It Sy veriexec_strict 722A number. 723Controls the strict level of Veriexec. 724Level 0 is learning mode, used when building the signatures file. 725It will only output messages but will not enforce anything. 726Level 1 will only prevent access to files with a fingerprint 727mismatch. 728Level 2 will also deny writing to and removing of 729monitored files, as well as enforce access type (as specified in 730the signatures file). 731Level 3 will take a step further and prevent 732access to files that are not monitored. 733.It Sy veriexec_verbose 734A number. 735Controls the verbosity of Veriexec. 736Recommended operation is at level 0, verbose output (mostly used when 737building the signatures file) is at level 1. 738Level 2 is for debugging only and should not be used. 739.It Sy veriexec_flags 740A string. 741Flags to pass to the 742.Nm veriexecctl 743command. 744.It Sy smtoff 745Boolean value. 746Disables SMT (Simultaneous Multi-Threading). 747.El 748.Ss Networking startup 749.Bl -tag -width net_interfaces 750.It Sy altqd 751Boolean value. 752ALTQ configuration/monitoring daemon. 753Passes 754.Sy altqd_flags . 755.It Sy auto_ifconfig 756Boolean value. 757Sets the 758.Sy net_interfaces 759variable (see below) to the output of 760.Xr ifconfig 8 761with the 762.Fl l 763flag and suppresses warnings about interfaces in this list that 764do not have an ifconfig file or variable. 765.It Sy blocklistd 766Boolean value. 767Runs 768.Xr blocklistd 8 769to dynamically block hosts on a DoS according to configuration set in 770.Xr blocklistd.conf 5 771Passes 772.Sy blocklistd_flags . 773.It Sy dhcpcd 774Boolean value. 775Set true to configure some or all network interfaces using dhcpcd. 776If you set 777.Sy dhcpcd 778true, then 779.Pa /var 780must be in 781.Sy critical_filesystems_local , 782or 783.Pa /var 784must be on the root file system. 785If you need to restrict dhcpcd to one or a number of interfaces, 786or need a separate configuration per interface, 787then this should be done in the configuration file - see 788.Xr dhcpcd.conf 5 789for details. 790.It Sy dhcpcd_flags 791Passes 792.Sy dhcpcd_flags 793to dhcpcd. 794See 795.Xr dhcpcd 8 796for complete documentation. 797.It Sy flushroutes 798Boolean value. 799Flushes the route table on networking startup. 800Useful when coming up to multiuser mode after going down to 801single-user mode. 802.It Sy ftp_proxy 803Boolean value. 804Runs 805.Xr ftp-proxy 8 , 806the proxy daemon for the Internet File Transfer Protocol. 807.It Sy hostapd 808Boolean value. 809Runs 810.Xr hostapd 8 , 811the authenticator for IEEE 802.11 networks. 812.It Sy ifaliases_* 813A string. 814List of 815.Sq Em "address netmask" 816pairs to configure additional network addresses for the given 817configured interface 818(e.g. 819.Sy ifaliases_le0 ) . 820If 821.Em netmask 822is 823.Ql - , 824then use the default netmask for the interface. 825.Pp 826.Sy ifaliases_* 827covers limited cases only and is considered unrecommended. 828We recommend using 829.Sy ifconfig_xxN 830variables or 831.Pa /etc/ifconfig. Ns Ar xxN 832files with multiple lines instead. 833.It Sy ifwatchd 834Boolean value. 835Monitor dynamic interfaces and perform actions upon address changes. 836Passes 837.Sy ifwatchd_flags . 838.It Sy ip6addrctl 839Boolean value. 840Fine grain control of address and routing priorities. 841.It Sy ip6addrctl_policy 842A string. 843Can be: 844.Bl -tag -width "Ql auto" -compact 845.It Ql auto 846automatically determine from system settings; will read priorities from 847.Pa /etc/ip6addrctl.conf 848or if that file does not exist it will default to IPv6 first, then IPv4. 849.It Ql ipv4_prefer 850try IPv4 before IPv6. 851.It Ql ipv6_prefer 852try IPv6 before IPv4. 853.El 854.It Sy ip6addrctl_verbose 855Boolean value. 856If set, print the resulting prefixes and priorities map. 857.It Sy ip6mode 858A string. 859An IPv6 node can be a router 860.Pq nodes that forward packet for others 861or a host 862.Pq nodes that do not forward . 863A host can be autoconfigured 864based on the information advertised by adjacent IPv6 routers. 865By setting 866.Sy ip6mode 867to 868.Ql router , 869.Ql host , 870or 871.Ql autohost , 872you can configure your node as a router, 873a non-autoconfigured host, or an autoconfigured host. 874Invalid values will be ignored, and the node will be configured as 875a non-autoconfigured host. 876.It Sy ip6uniquelocal 877Boolean value. 878If 879.Sy ip6mode 880is equal to 881.Ql router , 882and 883.Sy ip6uniquelocal 884is false, 885a reject route will be installed on boot to avoid misconfiguration relating 886to unique-local addresses. 887If 888.Sy ip6uniquelocal 889is true, the reject route won't be installed. 890.It Sy ipfilter 891Boolean value. 892Runs 893.Xr ipf 8 894to load in packet filter specifications from 895.Pa /etc/ipf.conf 896at network boot time, before any interfaces are configured. 897Passes 898.Sy ipfilter_flags . 899See 900.Xr ipf.conf 5 . 901.It Sy ipfs 902Boolean value. 903Runs 904.Xr ipfs 8 905to save and restore information for ipnat and ipfilter state tables. 906The information is stored in 907.Pa /var/db/ipf/ipstate.ipf 908and 909.Pa /var/db/ipf/ipnat.ipf . 910Passes 911.Sy ipfs_flags . 912.It Sy ipmon 913Boolean value. 914Runs 915.Xr ipmon 8 916to read 917.Xr ipf 8 918packet log information and log it to a file or the system log. 919Passes 920.Sy ipmon_flags . 921.It Sy ipmon_flags 922A string. 923Specifies arguments to supply to 924.Xr ipmon 8 . 925Defaults to 926.Ql -ns . 927A typical example would be 928.Ql "-nD /var/log/ipflog" 929to have 930.Xr ipmon 8 931log directly to a file bypassing 932.Xr syslogd 8 . 933If the 934.Fl D 935argument is used, remember to modify 936.Pa /etc/newsyslog.conf 937accordingly; for example: 938.Pp 939.Dl /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 940.It Sy ipnat 941Boolean value. 942Runs 943.Xr ipnat 8 944to load in the IP network address translation (NAT) rules from 945.Pa /etc/ipnat.conf 946at network boot time, before any interfaces are configured. 947See 948.Xr ipnat.conf 5 . 949.It Sy ipsec 950Boolean value. 951Runs 952.Xr setkey 8 953to load in IPsec manual keys and policies from 954.Pa /etc/ipsec.conf 955at network boot time, before any interfaces are configured. 956.It Sy npf 957Boolean value. 958Loads 959.Xr npf.conf 5 960at network boot time, and starts 961.Xr npf 7 . 962.It Sy npfd 963Boolean value. 964Runs 965.Xr npfd 8 , 966the NPF packet filter logging and state synchronization daemon. 967Passes 968.Sy npfd_flags . 969.It Sy net_interfaces 970A string. 971The list of network interfaces to be configured at boot time. 972For each interface "xxN", the system first looks for ifconfig 973parameters in the variable 974.Sy ifconfig_xxN , 975and then in the file 976.Pa /etc/ifconfig.xxN . 977If 978.Sy auto_ifconfig 979is false, and neither the variable nor the file is found, 980a warning is printed. 981Information in either the variable or the file is parsed identically, 982except that, if an 983.Sy ifconfig_xxN 984variable contains a single line with embedded semicolons, 985then the value is split into multiple lines prior to further parsing, 986treating the semicolon as a line separator. 987.Pp 988One common case it to set the 989.Sy ifconfig_xxN 990variable to a set of arguments to be passed to an 991.Xr ifconfig 8 992command after the interface name. 993Refer to 994.Xr ifconfig.if 5 995for more details on 996.Pa /etc/ifconfig.xxN 997files, and note that the information there also applies to 998.Sy ifconfig_xxN 999variables (after the variables are split into lines). 1000.It Sy ntpdate 1001Boolean value. 1002Runs 1003.Xr ntpdate 8 1004to set the system time from one of the hosts in 1005.Sy ntpdate_hosts . 1006If 1007.Sy ntpdate_hosts 1008is empty, it will attempt to find a list of hosts in 1009.Pa /etc/ntp.conf . 1010Passes 1011.Sy ntpdate_flags . 1012.It Sy pf 1013Boolean value. 1014Enable 1015.Xr pf 4 1016at network boot time: 1017Load the initial configuration 1018.Xr pf.boot.conf 5 1019before the network is up. 1020After the network has been configured, then load the final rule set 1021.Xr pf.conf 5 . 1022.It Sy pf_rules 1023A string. 1024The path of the 1025.Xr pf.conf 5 1026rule set that will be used when loading the final rule set. 1027.It Sy pflogd 1028Boolean value. 1029Run 1030.Xr pflogd 8 1031for dumping packet filter logging information to a file. 1032.It Sy ppp 1033A boolean. 1034Toggles starting 1035.Xr pppd 8 1036on startup. 1037See 1038.Sy ppp_peers 1039below. 1040.It Sy ppp_peers 1041A string. 1042If 1043.Sy ppp 1044is true and 1045.Sy ppp_peers 1046is not empty, then 1047.Pa /etc/rc.d/ppp 1048will check each word in 1049.Sy ppp_peers 1050for a corresponding ppp configuration file in 1051.Pa /etc/ppp/peers 1052and will call 1053.Xr pppd 8 1054with the 1055.Dq Ic call Va peer 1056option. 1057.It Sy racoon 1058Boolean value. 1059Runs 1060.Xr racoon 8 , 1061the IKE (ISAKMP/Oakley) key management daemon. 1062.It Sy wpa_supplicant 1063Boolean value. 1064Run 1065.Xr wpa_supplicant 8 , 1066WPA/802.11i Supplicant for wireless network devices. 1067If you set 1068.Sy wpa_supplicant 1069true, then 1070.Pa /usr 1071must be in 1072.Sy critical_filesystems_local , 1073or 1074.Pa /usr 1075must be on the root file system. 1076dhcpcd ignores this variable, see the 1077.Sy dhcpcd 1078variable for details. 1079.El 1080.Ss Daemons required by other daemons 1081.Bl -tag -width net_interfaces 1082.It Sy inetd 1083Boolean value. 1084Runs the 1085.Xr inetd 8 1086daemon to start network server processes (as listed in 1087.Pa /etc/inetd.conf ) 1088as necessary. 1089Passes 1090.Sy inetd_flags . 1091The 1092.Fl l 1093flag turns on libwrap connection logging. 1094.It Sy rpcbind 1095Boolean value. 1096The 1097.Xr rpcbind 8 1098daemon is required for any 1099.Xr rpc 3 1100services. 1101These include NFS, NIS, 1102.Xr rpc.bootparamd 8 , 1103.Xr rpc.rstatd 8 , 1104.Xr rpc.rusersd 8 , 1105and 1106.Xr rpc.rwalld 8 . 1107Passes 1108.Sy rpcbind_flags . 1109.El 1110.Ss Commonly used daemons 1111.Bl -tag -width net_interfaces 1112.It Sy cron 1113Boolean value. 1114Run 1115.Xr cron 8 . 1116.It Sy ftpd 1117Boolean value. 1118Runs the 1119.Xr ftpd 8 1120daemon and passes 1121.Sy ftpd_flags . 1122.It Sy httpd 1123Boolean value. 1124Runs the 1125.Xr httpd 8 1126daemon and passes 1127.Sy httpd_flags . 1128.It Sy httpd_wwwdir 1129A string. 1130The 1131.Xr httpd 8 1132WWW root directory. 1133Used only if 1134.Sy httpd 1135is true. 1136The default setting is 1137.Pa /var/www . 1138.It Sy httpd_wwwuser 1139A string. 1140If non-blank and 1141.Sy httpd 1142is true, run 1143.Xr httpd 8 1144and cause it to switch to the specified user after initialization. 1145It is preferred to 1146.Sy httpd_user 1147because 1148.Xr httpd 8 1149is requiring extra privileges to start listening on default port 80. 1150The default setting is 1151.Ql _httpd . 1152.It Sy lpd 1153Boolean value. 1154Runs 1155.Xr lpd 8 1156and passes 1157.Sy lpd_flags . 1158The 1159.Fl l 1160flag will turn on extra logging. 1161.It Sy mdnsd 1162Boolean value. 1163Runs 1164.Xr mdnsd 8 . 1165.It Sy named 1166Boolean value. 1167Runs 1168.Xr named 8 1169and passes 1170.Sy named_flags . 1171.It Sy named_chrootdir 1172A string. 1173If non-blank and 1174.Sy named 1175is true, run 1176.Xr named 8 1177as the unprivileged user and group 1178.Sq named , 1179.Xr chroot 2 Ns ed 1180to 1181.Sy named_chrootdir . 1182.Li \&${named_chrootdir} Ns Pa /var/run/log 1183will be added to the list of log sockets that 1184.Xr syslogd 8 1185listens to. 1186.It Sy ntpd 1187Boolean value. 1188Runs 1189.Xr ntpd 8 1190and passes 1191.Sy ntpd_flags . 1192.It Sy ntpd_chrootdir 1193A string. 1194If non-blank and 1195.Sy ntpd 1196is true, run 1197.Xr ntpd 8 1198as the unprivileged user and group 1199.Sq ntpd , 1200.Xr chroot 2 Ns ed 1201to 1202.Sy ntpd_chrootdir . 1203.Li \&${ntpd_chrootdir} Ns Pa /var/run/log 1204will be added to the list of log sockets that 1205.Xr syslogd 8 1206listens to. 1207This option requires that the kernel has 1208.D1 Cd pseudo-device clockctl 1209compiled in, and that 1210.Pa /dev/clockctl 1211is present. 1212.It Sy postfix 1213Boolean value. 1214Starts 1215.Xr postfix 1 1216mail system. 1217.It Sy sshd 1218Boolean value. 1219Runs 1220.Xr sshd 8 1221and passes 1222.Sy sshd_flags . 1223.It Sy syslogd 1224Boolean value. 1225Runs 1226.Xr syslogd 8 1227and passes 1228.Sy syslogd_flags . 1229.It Sy timed 1230Boolean value. 1231Runs 1232.Xr timed 8 1233and passes 1234.Sy timed_flags . 1235The 1236.Fl M 1237option allows 1238.Xr timed 8 1239to be a master time source as well as a slave. 1240If you are also running 1241.Xr ntpd 8 , 1242only one machine running both should have the 1243.Fl M 1244flag given to 1245.Xr timed 8 . 1246.It Sy unbound 1247Boolean value. 1248Runs 1249.Xr unbound 8 . 1250.It Sy unbound_chrootdir 1251A string. 1252If non-blank and 1253.Sy unbound 1254is true, run 1255.Xr unbound 8 1256.Xr chroot 2 Ns ed 1257to 1258.Sy unbound_chrootdir . 1259.El 1260.Ss Routing daemons 1261.Bl -tag -width net_interfaces 1262.It Sy mrouted 1263Boolean value. 1264Runs 1265.Xr mrouted 8 , 1266the DVMRP multicast routing protocol daemon. 1267Passes 1268.Sy mrouted_flags . 1269.It Sy route6d 1270Boolean value. 1271Runs 1272.Xr route6d 8 , 1273the RIPng routing protocol daemon for IPv6. 1274Passes 1275.Sy route6d_flags . 1276.It Sy routed 1277Boolean value. 1278Runs 1279.Xr routed 8 , 1280the RIP routing protocol daemon. 1281Passes 1282.Sy routed_flags . 1283.\" This should be false 1284.\" if 1285.\" .Sy gated 1286.\" is true. 1287.El 1288.Ss Daemons used to boot other hosts over a network 1289.Bl -tag -width net_interfaces 1290.It Sy bootparamd 1291Boolean value. 1292Runs 1293.Xr bootparamd 8 , 1294the boot parameter server, with 1295.Sy bootparamd_flags 1296as options. 1297Used to boot 1298.Nx 1299and SunOS 4.x systems. 1300.It Sy dhcpd 1301Boolean value. 1302Runs 1303.Xr dhcpd 8 , 1304the Dynamic Host Configuration Protocol (DHCP) daemon, 1305for assigning IP addresses to hosts and passing boot information. 1306Passes 1307.Sy dhcpd_flags . 1308.It Sy dhcrelay 1309Boolean value. 1310Runs 1311.Xr dhcrelay 8 . 1312Passes 1313.Sy dhcrelay_flags . 1314.It Sy mopd 1315Boolean value. 1316Runs 1317.Xr mopd 8 , 1318the DEC MOP protocol daemon; used for booting VAX and other DEC 1319machines. 1320Passes 1321.Sy mopd_flags . 1322.It Sy ndbootd 1323Boolean value. 1324Runs 1325.Xr ndbootd 8 , 1326the Sun Network Disk (ND) Protocol server. 1327Passes 1328.Sy ndbootd_flags . 1329.It Sy rarpd 1330Boolean value. 1331Runs 1332.Xr rarpd 8 , 1333the reverse ARP daemon, often used to boot 1334.Nx 1335and Sun workstations. 1336Passes 1337.Sy rarpd_flags . 1338.It Sy rbootd 1339Boolean value. 1340Runs 1341.Xr rbootd 8 , 1342the HP boot protocol daemon; used for booting HP workstations. 1343Passes 1344.Sy rbootd_flags . 1345.It Sy rtadvd 1346Boolean value. 1347Runs 1348.Xr rtadvd 8 , 1349the IPv6 router advertisement daemon, which is used to advertise 1350information about the subnet to IPv6 end hosts. 1351Passes 1352.Sy rtadvd_flags . 1353This is only for IPv6 routers, so set 1354.Sy ip6mode 1355to 1356.Ql router 1357if you use it. 1358.El 1359.Ss X Window System daemons 1360.Bl -tag -width net_interfaces 1361.It Sy xdm 1362Boolean value. 1363Runs the 1364.Xr xdm 1 1365X display manager. 1366These X daemons are available only with the optional X distribution of 1367.Nx . 1368.It Sy xfs 1369Boolean value. 1370Runs the 1371.Xr xfs 1 1372X11 font server, which supplies local X font files to X terminals. 1373.El 1374.Ss NIS (YP) daemons 1375.Bl -tag -width net_interfaces 1376.It Sy ypbind 1377Boolean value. 1378Runs 1379.Xr ypbind 8 , 1380which lets NIS (YP) clients use information from a NIS server. 1381Passes 1382.Sy ypbind_flags . 1383.It Sy yppasswdd 1384Boolean value. 1385Runs 1386.Xr yppasswdd 8 , 1387which allows remote NIS users to update password on master server. 1388Passes 1389.Sy yppasswdd_flags . 1390.It Sy ypserv 1391Boolean value. 1392Runs 1393.Xr ypserv 8 , 1394the NIS (YP) server for distributing information from certain files 1395in 1396.Pa /etc . 1397Passes 1398.Sy ypserv_flags . 1399The 1400.Fl d 1401flag causes it to use DNS for lookups in 1402.Pa /etc/hosts 1403that fail. 1404.El 1405.Ss NFS daemons and parameters 1406.Bl -tag -width net_interfaces 1407.It Sy amd 1408Boolean value. 1409Runs 1410.Xr amd 8 , 1411the automounter daemon, which automatically mounts NFS file systems 1412whenever a file or directory within that file system is accessed. 1413Passes 1414.Sy amd_flags . 1415.It Sy amd_dir 1416A string. 1417The 1418.Xr amd 8 1419mount directory. 1420Used only if 1421.Sy amd 1422is true. 1423.It Sy lockd 1424Boolean value. 1425Runs 1426.Xr rpc.lockd 8 1427if 1428.Sy nfs_server 1429and/or 1430.Sy nfs_client 1431are true. 1432Passes 1433.Sy lockd_flags . 1434.It Sy mountd 1435Boolean value. 1436Runs 1437.Xr mountd 8 1438and passes 1439.Sy mountd_flags . 1440.It Sy nfs_client 1441Boolean value. 1442The number of local NFS asynchronous I/O server is now controlled via 1443.Xr sysctl 8 . 1444.It Sy nfs_server 1445Boolean value. 1446Sets up a host to be a NFS server by running 1447.Xr nfsd 8 1448and passing 1449.Sy nfsd_flags . 1450.It Sy statd 1451Boolean value. 1452Runs 1453.Xr rpc.statd 8 , 1454a status monitoring daemon used when 1455.Xr rpc.lockd 8 1456is running, if 1457.Sy nfs_server 1458and/or 1459.Sy nfs_client 1460are true. 1461Passes 1462.Sy statd_flags . 1463.El 1464.Ss Bluetooth support 1465.Bl -tag -width net_interfaces 1466.It Sy bluetooth 1467Boolean value. 1468Configure Bluetooth support, comprising the following tasks: 1469.Bl -dash -compact 1470.It 1471attach serial Bluetooth controllers as listed in the 1472.Pa /etc/bluetooth/btattach.conf 1473configuration file. 1474.It 1475enable Bluetooth controllers with useful defaults, plus 1476additional options as detailed below. 1477.It 1478optionally, start 1479.Xr bthcid 8 , 1480the Bluetooth Link Key/PIN Code manager, passing 1481.Sy bthcid_flags . 1482.It 1483configure local Bluetooth drivers as listed in the 1484.Pa /etc/bluetooth/btdevctl.conf 1485configuration file. 1486.It 1487optionally, start 1488.Xr sdpd 8 , 1489the Service Discovery server, passing 1490.Sy sdpd_flags . 1491.El 1492.It Sy btconfig_devices 1493A string. 1494An optional list of Bluetooth controllers to configure. 1495.It Sy btconfig_{dev} 1496A string. 1497Additional configuration options for specific Bluetooth controllers. 1498.It Sy btconfig_args 1499A string. 1500Additional configuration options for Bluetooth controllers without 1501specific options as above. 1502.It Sy bthcid 1503Boolean value. 1504If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1505.It Sy sdpd 1506Boolean value. 1507If set to false, disable starting the Bluetooth Service Discovery server. 1508.El 1509.Ss Other daemons 1510.Bl -tag -width net_interfaces 1511.It Sy identd 1512Boolean value. 1513Runs 1514.Xr identd 8 , 1515the daemon for the user identification protocol. 1516Passes 1517.Sy identd_flags . 1518.It Sy iscsi_target 1519Boolean value. 1520Runs the server for iSCSI requests, 1521.Xr iscsi-target 8 . 1522Passes 1523.Sy iscsi_target_flags . 1524.It Sy kdc 1525Boolean value. 1526Runs the 1527.Xr kdc 8 1528Kerberos v4 and v5 server. 1529This should be run on Kerberos master and slave servers. 1530.It Sy rwhod 1531Boolean value. 1532Runs 1533.Xr rwhod 8 1534to support the 1535.Xr rwho 1 1536and 1537.Xr ruptime 1 1538commands. 1539.It Sy autofs 1540Boolean value. 1541If set to 1542.Ql YES , 1543start the 1544.Xr automount 8 1545utility and the 1546.Xr automountd 8 1547and 1548.Xr autounmountd 8 1549daemons at boot time. 1550.It Sy automount_flags 1551A string. 1552If 1553.Sy autofs 1554is set to 1555.Ql YES , 1556these are the flags to pass to the 1557.Xr automount 8 1558program. 1559By default no flags are passed. 1560.It Sy automountd_flags 1561A string. 1562If 1563.Sy autofs 1564is set to 1565.Ql YES , 1566these are the flags to pass to the 1567.Xr automountd 8 1568daemon. 1569By default no flags are passed. 1570.It Sy autounmountd_flags 1571A string. 1572If 1573.Sy autofs 1574is set to 1575.Ql YES , 1576these are the flags to pass to the 1577.Xr autounmountd 8 1578daemon. 1579By default no flags are passed. 1580.El 1581.Ss Hardware daemons 1582.Bl -tag -width net_interfaces 1583.It Sy apmd 1584Boolean value. 1585Runs 1586.Xr apmd 8 1587and passes 1588.Sy apmd_flags . 1589.It Sy irdaattach 1590Boolean value. 1591Runs 1592.Xr irdaattach 8 1593and passes 1594.Sy irdaattach_flags . 1595.It Sy moused 1596Boolean value. 1597Runs 1598.Xr moused 8 , 1599to pass serial mouse data to the wscons mouse mux. 1600Passes 1601.Sy moused_flags . 1602.It Sy screenblank 1603Boolean value. 1604Runs 1605.Xr screenblank 1 1606and passes 1607.Sy screenblank_flags . 1608.It Sy wscons 1609Boolean value. 1610Configures the 1611.Xr wscons 4 1612console driver, from the configuration file 1613.Pa /etc/wscons.conf . 1614.It Sy wsmoused 1615Boolean value. 1616Runs 1617.Xr wsmoused 8 , 1618to provide copy and paste text support in wscons displays. 1619Passes 1620.Sy wsmoused_flags . 1621.El 1622.Sh FILES 1623.Bl -tag -width /etc/defaults/rc.conf -compact 1624.It Pa /etc/rc.conf 1625The file 1626.Nm 1627resides in 1628.Pa /etc . 1629.It Pa /etc/defaults/rc.conf 1630Default settings for 1631.Nm , 1632sourced by 1633.Nm 1634before the end-user configuration section. 1635.It Pa /etc/rc.conf.d/ Ns Ar foo 1636.Ar foo Ns No -specific 1637.Nm 1638overrides. 1639.El 1640.Sh SEE ALSO 1641.Xr boot 8 , 1642.Xr rc 8 , 1643.Xr rc.d 8 , 1644.Xr rc.subr 8 , 1645.Xr rcorder 8 1646.Sh HISTORY 1647The 1648.Nm 1649file appeared in 1650.Nx 1.3 . 1651