xref: /netbsd-src/share/man/man5/rc.conf.5 (revision 1a2912f58bbce6dde1b0e6e8f8e60aebf1cec669)

.\"	$NetBSD: rc.conf.5,v 1.194 2024/10/02 15:56:37 roy Exp $
.\"
.\" Copyright (c) 1996 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" Copyright (c) 1997 Curt J. Sampson
.\" Copyright (c) 1997 Michael W. Long
.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This document is derived from works contributed to The NetBSD Foundation
.\" by Luke Mewburn.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\"    derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd October 2, 2024
.Dt RC.CONF 5
.Os
.Sh NAME
.Nm rc.conf
.Nd system startup configuration file
.Sh DESCRIPTION
The
.Nm
file specifies which services are enabled during system startup by
the startup scripts invoked by
.Pa /etc/rc
(see
.Xr rc 8 ) ,
and the shutdown scripts invoked by
.Pa /etc/rc.shutdown .
The
.Nm
file is a shell script that is sourced by
.Xr rc 8 ,
meaning that
.Nm
must contain valid shell commands.
.Pp
Listed below are the standard
.Nm
variables that may be set, the values to which each may be set,
a brief description of what each variable does, and a reference to
relevant manual pages.
Third party packages may test for additional variables.
.Pp
By default,
.Nm
reads
.Pa /etc/defaults/rc.conf
(if it is readable)
to obtain default values for various variables, and the end-user
may override these by appending appropriate entries to the end of
.Nm .
.Pp
.Xr rc.d 8
scripts that use
.Ic load_rc_config
from
.Xr rc.subr 8
also support sourcing an optional end-user provided per-script override
file
.Pa /etc/rc.conf.d/ Ns Ar service ,
(where
.Ar service
is the contents of the
.Sy name
variable in the
.Xr rc.d 8
script).
This may contain variable overrides, including allowing the end-user
to override various
.Ic run_rc_command
.Xr rc.d 8
control variables, and thus changing the operation of the script
without requiring editing of the script.
.Ss Variable naming conventions and data types
Most variables are one of two types: enabling variables or flags
variables.
Enabling variables, such as
.Sy inetd ,
are generally named after the program or the system they enable,
and have boolean values (specified using
.Ql YES ,
.Ql TRUE ,
.Ql ON
or
.Ql 1
for true, and
.Ql NO ,
.Ql FALSE ,
.Ql OFF
or
.Ql 0
for false, with the values being case insensitive).
Flags variables, such as
.Sy inetd_flags
have the same name with
.Dq _flags
appended, and determine what
arguments are passed to the program if it is enabled.
.Pp
If a variable that
.Xr rc 8
expects to be set is not set, or the value is not one of the allowed
values, a warning will be printed.
.Ss Overall control
.Bl -tag -width net_interfaces
.It Sy do_rcshutdown
Boolean value.
If false,
.Xr shutdown 8
will not run
.Pa /etc/rc.shutdown .
.It Sy rcshutdown_rcorder_flags
A string.
Extra arguments to the
.Xr rcorder 8
run by
.Pa /etc/rc.shutdown .
.It Sy rcshutdown_timeout
A number.
If non-blank, use this as the number of seconds to run a watchdog timer for
which will terminate
.Pa /etc/rc.shutdown
if the timer expires before the shutdown script completes.
.It Sy rc_configured
Boolean value.
If false then the system will drop into single-user mode during boot.
.It Sy rc_fast_and_loose
If set to a non-empty string,
each script in
.Pa /etc/rc.d
will be executed in the current shell rather than a sub shell.
This may be faster on slow machines that have an expensive
.Xr fork 2
operation.
.Bl -hang
.It Em Note :
Use this at your own risk!
A rogue command or script may inadvertently prevent boot to multiuser.
.El
.It Sy rc_rcorder_flags
A string.
Extra arguments to the
.Xr rcorder 8
run by
.Pa /etc/rc .
.It Sy rc_directories
A string.
Space separated list of directories searched for rc scripts.
The default is
.Pa /etc/rc.d .
All directories in
.Ev rc_directories
must be located in the root file system, otherwise they will be silently
skipped.
.It Sy rc_silent
Boolean value.
If true then the usual output is suppressed, and
.Xr rc 8
invokes the command specified in the
.Va rc_silent_cmd
variable once for each line of suppressed output.
The default value of
.Va rc_silent
is set from the
.Dv AB_SILENT
flag in the kernel's
.Va boothowto
variable (see
.Xr boot 8 ,
.Xr reboot 2 ) .
.It Sy rc_silent_cmd
A command to be executed once per line of suppressed output, when
.Va rc_silent
is true.
The default value of
.Va rc_silent_cmd
is
.Ql twiddle ,
which will display a spinning symbol instead of each line of output.
Another useful value is
.Ql \&: ,
which will display nothing at all.
.El
.Ss Basic network configuration
.Bl -tag -width net_interfaces
.It Sy defaultroute
A string.
Default IPv4 network route.
If empty or not set, then the contents of
.Pa /etc/mygate
(if it exists) are used.
.It Sy defaultroute6
A string.
Default IPv6 network route.
If empty or not set, then the contents of
.Pa /etc/mygate6
(if it exists) are used.
.It Sy domainname
A string.
NIS (YP) domain of host.
If empty or not set, then the contents of
.Pa /etc/defaultdomain
(if it exists) are used.
.It Sy force_down_interfaces
A space separated list of interface names.
These interfaces will be configured down when going from multiuser to single-user
mode or on system shutdown.
.It Sy dns_domain
A string.
Sets domain in
.Pa /etc/resolv.conf .
.It Sy dns_search
A string.
Sets search in
.Pa /etc/resolv.conf .
.It Sy dns_nameservers
A string of space separated domain name servers.
Sets nameserver for each value in
.Pa /etc/resolv.conf .
.It Sy dns_sortlist
A string.
Sets sortlist in
.Pa /etc/resolv.conf .
.It Sy dns_options
A string.
Sets options in
.Pa /etc/resolv.conf .
.It Sy dns_metric
An unsigned integer.
Sets the priority of the above DNS to other sources, lowest wins.
Defaults to 0.
.Pp
This is important for some stateful interfaces, for example PPPoE interfaces
which have no direct means of noticing
.Dq disconnect
events.
.Pp
All active
.Xr pppoe 4
interfaces will be automatically added to this list.
.It Sy hostname
A string.
Name of host.
If empty or not set, then the contents of
.Pa /etc/myname
(if it exists) are used.
.El
.Ss Boottime file-system and swap configuration
.Bl -tag -width net_interfaces
.It Sy critical_filesystems_local
A string.
File systems mounted very early in the system boot before networking
services are available.
Usually
.Pa /var
is part of this, because it is needed by services such as
.Xr dhcpcd 8
which may be required to get the network operational.
The default is
.Ql "OPTIONAL:" Ns Pa /var ,
where the
.Ql "OPTIONAL:"
prefix means that it's not an error if the file system is not
present in
.Xr fstab 5 .
.It Sy critical_filesystems_remote
A string.
File systems such as
.Pa /usr
that may require network services to be available to mount,
that must be available early in the system boot for general services to use.
The default is
.Ql "OPTIONAL:" Ns Pa /usr ,
where the
.Ql "OPTIONAL:"
prefix means that it is not an error if the file system is not
present in
.Xr fstab 5 .
.It Sy critical_filesystems_zfs
A string.
Mount non-legacy ZFS file systems right after mounting local
file systems listed in
.Sy critical_filesystems_local
variable.
An entry can be prefixed with
.Ql "OPTIONAL:"
which means that it is not an error if the file system is not present
among available ZFS datasets.
The default is ''.
.It Sy fsck_flags
A string.
A file system is checked with
.Xr fsck 8
during boot before mounting it.
This option may be used to override the default command-line options
passed to the
.Xr fsck 8
program.
.Pp
When set to
.Fl y ,
.Xr fsck 8
assumes yes as the answer to all operator questions during file system checks.
This might be important with hosts where the administrator does not have
access to the console and an unsuccessful shutdown must not make the host
unbootable even if the file system checks would fail in preen mode.
.It Sy modules
Boolean value.
If true, loads the modules specified in
.Xr modules.conf 5 .
.It Sy no_swap
Boolean value.
Should be true if you have deliberately configured your system with no swap.
If false and no swap devices are configured, the system will warn you.
.It Sy resize_root
Boolean value.
Set to true to have the system resize the root file system to fill its
partition.
Will only attempt to resize the root file system if it is of type ffs and does
not have logging enabled.
Defaults to false.
.It Sy swapoff
Boolean value.
Remove block-type swap devices at shutdown time.
Useful if swapping onto RAIDframe devices.
.It Sy swapoff_umount
.Dq "auto"
or
.Dq "manual" .
Before removing block-type swap devices, it is wise to unmount tmpfs filesystems to avoid having to swap their contents back into RAM.
By default
.Dq ( "auto" )
all tmpfs filesystems that contain no device nodes are unmounted.
Set to
.Dq "manual"
to explicitly specify which filesystems to unmount before removing swap.
.It Sy swapoff_umount_fs
A space-separated list of absolute paths to tmpfs mount points.
If
.Sy swapoff_umount
is set to
.Dq "manual" ,
these tmpfs filesystems will be forcibly unmounted before removing block-type
swap devices.
.It Sy var_shm_symlink
A path.
If set, names a path that
.Pa /var/shm
will be symlinked to.
.Pp
The path needs to live on a tmpfs file system.
A typical value (assuming
.Pa /tmp
is mounted on tmpfs) would be
.Pa /tmp/.shm .
.El
.Ss Block device subsystems
.Bl -tag -width net_interfaces
.It Sy ccd
Boolean value.
Configures concatenated disk devices according to
.Xr ccd.conf 5 .
.It Sy cgd
Boolean value.
Configures cryptographic disk devices.
Requires
.Pa /etc/cgd/cgd.conf .
See
.Xr cgdconfig 8
for additional details.
.It Sy lvm
Boolean value.
Configures the logical volume manager.
See
.Xr lvm 8
for additional details.
.It Sy raidframe
Boolean value.
Configures
.Xr raid 4 ,
RAIDframe disk devices.
See
.Xr raidctl 8
for additional details.
.It Sy zfs
Boolean value.
Configures ZFS storage pools and ZFS file systems.
.El
.Ss One-time actions to perform or programs to run on boot-up
.Bl -tag -width net_interfaces
.It Sy accounting
Boolean value.
Enables process accounting with
.Xr accton 8 .
Requires
.Pa /var/account/acct
to exist.
.It Sy clear_tmp
Boolean value.
Clear
.Pa /tmp
after reboot.
.It Sy dmesg
Boolean value.
Create
.Pa /var/run/dmesg.boot
from the output of
.Xr dmesg 8 .
Passes
.Sy dmesg_flags .
.It Sy entropy
A string, either
.Sq Li check ,
.Sq Li wait ,
or
.Sq Li ""
(empty).
If set and nonempty, then during boot-up, after
.Sy random_seed
and
.Sy rndctl ,
check for or wait until enough entropy before any networking is
enabled.
.Pp
If not enough entropy is available, then:
.Bl -bullet -compact
.It
With
.Sq Li entropy=check ,
stop multiuser boot and enter single-user mode instead.
.It
With
.Sq Li entropy=wait ,
wait until enough entropy is available.
.El
.Pp
Note that
.Sq Li entropy=wait
may cause the system to hang indefinitely at boot if it has neither a
random seed nor any hardware random number generators \(em use with
care.
.Pp
If empty or not set, the system may come to multiuser without entropy,
which is unsafe to use on the internet; it is the operator's
responsibility to heed warnings from the kernel and the daily
.Xr security.conf 5
report to remedy the problem \(em see
.Xr entropy 7 .
.It Sy envsys
Boolean value.
Sets preferences for the environmental systems framework,
.Xr envsys 4 .
Requires
.Pa /etc/envsys.conf ,
which is described in
.Xr envsys.conf 5 .
.It Sy gpio
Boolean value.
Configure
.Xr gpio 4
devices.
See
.Xr gpio.conf 5 .
.It Sy ldconfig
Boolean value.
Configures
.Xr a.out 5
runtime link editor directory cache.
.It Sy mixerctl
Boolean value.
Read
.Xr mixerctl.conf 5
for how to set mixer values.
List in
.Sy mixerctl_mixers
the devices whose settings are to be saved at shutdown and
restored at start-up.
.It Sy newsyslog
Boolean value.
Run
.Nm newsyslog
to trim log files before syslogd starts.
Intended for laptop users.
Passes
.Sy newsyslog_flags .
.It Sy per_user_tmp
Boolean value.
Enables a per-user
.Pa /tmp
directory.
.Sy per_user_tmp_dir
can be used to override the default location of the
.Dq real
temporary directories,
.Pa /private/tmp .
See
.Xr security 7
for additional details.
.It Sy quota
Boolean value.
Checks and enables quotas by running
.Xr quotacheck 8
and
.Xr quotaon 8 .
.It Sy random_seed
Boolean value.
During boot-up, runs the
.Xr rndctl 8
utility with the
.Fl L
flag to seed the random number subsystem from an entropy file.
During shutdown, runs the
.Xr rndctl 8
utility with the
.Fl S
flag to save some random information to the entropy file.
The entropy file name is specified by the
.Sy random_file
variable, and defaults to
.Pa /var/db/entropy-file .
The entropy file must be on a local file system that is writable early during
boot-up (just after the file systems specified in
.Sy critical_filesystems_local
have been mounted), and correspondingly late during shutdown.
.It Sy rndctl
Boolean value.
Runs the
.Xr rndctl 8
utility one or more times according to the specification in
.Sy rndctl_flags .
.Pp
If
.Sy rndctl_flags
does not contain a semicolon
.Pq Ql \&;
then it is expected to contain zero or more flags,
followed by one or more device or type names.
The
.Xr rndctl 8
command will be executed once for each device or type name.
If the specified flags do not include any of
.Fl c , C , e ,
or
.Fl E ,
then the flags
.Fl c
and
.Fl e
are added, to specify that entropy from the relevant device or type
should be both collected and estimated.
If the specified flags do not include either of
.Fl d
or
.Fl t ,
then the flag
.Fl d
is added, to specify that the non-flag arguments are device names,
not type names.
.Pp
.Sy rndctl_flags
may contain multiple semicolon-separated segments, in which each
segment contains flags and device or type names as described above.
This allows different flags to be associated with different
device or type names.
For example, given
.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" ,
the following commands will be executed:
.Li "rndctl -c -e -d wd0" ;
.Li "rndctl -c -e -d wd1" ;
.Li "rndctl -c -e -t tty" ;
.Li "rndctl -c -t net" .
.It Sy rtclocaltime
Boolean value.
Sets the real time clock to local time by adjusting the
.Xr sysctl 7
value of
.Pa kern.rtc_offset .
The offset from UTC is calculated automatically according
to the time zone information in the file
.Pa /etc/localtime .
.It Sy savecore
Boolean value.
Runs the
.Xr savecore 8
utility.
Passes
.Sy savecore_flags .
The directory where crash dumps are stored is specified by
.Sy savecore_dir .
The default setting is
.Pa /var/crash .
.It Sy sysdb
Boolean value.
Builds various system databases, including
.Pa /var/run/dev.cdb ,
.Pa /etc/spwd.db ,
.Pa /var/db/netgroup.db ,
.Pa /var/db/services.cdb ,
and entries for
.Xr utmp 5 .
.It Sy tpctl
Boolean value.
Run
.Xr tpctl 8
to calibrate touch panel device.
Passes
.Sy tpctl_flags .
.It Sy update_motd
Boolean value.
Updates the
.Nx
version string in the
.Pa /etc/motd
file to reflect the version of the running kernel.
See
.Xr motd 5 .
.It Sy update_motd_release
Boolean value.
If enabled in addition to
.Sy update_motd ,
updates a second
.Nx
version string in the
.Pa /etc/motd
file to reflect the version, architecture, and Build ID of
the installed userland.
An optional prefix can be provided for this version string in
.Sy motd_release_tag .
.It Sy virecover
Boolean value.
Send notification mail to users if any recoverable files exist in
.Pa /var/tmp/vi.recover .
Read
.Xr virecover 8
for more information.
.It Sy wdogctl
Boolean value.
Configures watchdog timers.
Passes
.Sy wdogctl_flags .
Refer to
.Xr wdogctl 8
for information on how to configure a timer.
.El
.Ss System security settings
.Bl -tag -width net_interfaces
.It Sy securelevel
A number.
The system securelevel is set to the specified value early
in the boot process, before any external logins, or other programs
that run users job, are started.
If set to nothing, the default action is taken, as described in
.Xr init 8
and
.Xr secmodel_securelevel 9 ,
which contains definitive information about the system securelevel.
Note that setting
.Sy securelevel
to 0 in
.Nm
will actually result in the system booting with securelevel set to 1, as
.Xr init 8
will raise the level when
.Xr rc 8
completes.
.It Sy permit_nonalpha
Boolean value.
Allow passwords to include non-alpha characters, usually to allow
NIS/YP netgroups.
.It Sy veriexec
Boolean value.
Load Veriexec fingerprints during startup.
Read
.Xr veriexecctl 8
for more information.
.It Sy veriexec_strict
A number.
Controls the strict level of Veriexec.
Level 0 is learning mode, used when building the signatures file.
It will only output messages but will not enforce anything.
Level 1 will only prevent access to files with a fingerprint
mismatch.
Level 2 will also deny writing to and removing of
monitored files, as well as enforce access type (as specified in
the signatures file).
Level 3 will take a step further and prevent
access to files that are not monitored.
.It Sy veriexec_verbose
A number.
Controls the verbosity of Veriexec.
Recommended operation is at level 0, verbose output (mostly used when
building the signatures file) is at level 1.
Level 2 is for debugging only and should not be used.
.It Sy veriexec_flags
A string.
Flags to pass to the
.Nm veriexecctl
command.
.It Sy smtoff
Boolean value.
Disables SMT (Simultaneous Multi-Threading).
.El
.Ss Networking startup
.Bl -tag -width net_interfaces
.It Sy altqd
Boolean value.
ALTQ configuration/monitoring daemon.
Passes
.Sy altqd_flags .
.It Sy auto_ifconfig
Boolean value.
Sets the
.Sy net_interfaces
variable (see below) to the output of
.Xr ifconfig 8
with the
.Fl l
flag and suppresses warnings about interfaces in this list that
do not have an ifconfig file or variable.
.It Sy blocklistd
Boolean value.
Runs
.Xr blocklistd 8
to dynamically block hosts on a DoS according to configuration set in
.Xr blocklistd.conf 5
Passes
.Sy blocklistd_flags .
.It Sy dhcpcd
Boolean value.
Set true to configure some or all network interfaces using dhcpcd.
If you set
.Sy dhcpcd
true, then
.Pa /var
must be in
.Sy critical_filesystems_local ,
or
.Pa /var
must be on the root file system.
If you need to restrict dhcpcd to one or a number of interfaces,
or need a separate configuration per interface,
then this should be done in the configuration file - see
.Xr dhcpcd.conf 5
for details.
.It Sy dhcpcd_flags
Passes
.Sy dhcpcd_flags
to dhcpcd.
See
.Xr dhcpcd 8
for complete documentation.
.It Sy flushroutes
Boolean value.
Flushes the route table on networking startup.
Useful when coming up to multiuser mode after going down to
single-user mode.
.It Sy ftp_proxy
Boolean value.
Runs
.Xr ftp-proxy 8 ,
the proxy daemon for the Internet File Transfer Protocol.
.It Sy hostapd
Boolean value.
Runs
.Xr hostapd 8 ,
the authenticator for IEEE 802.11 networks.
.It Sy ifaliases_*
A string.
List of
.Sq Em "address netmask"
pairs to configure additional network addresses for the given
configured interface
(e.g.
.Sy ifaliases_le0 ) .
If
.Em netmask
is
.Ql - ,
then use the default netmask for the interface.
.Pp
.Sy ifaliases_*
covers limited cases only and is considered unrecommended.
We recommend using
.Sy ifconfig_xxN
variables or
.Pa /etc/ifconfig. Ns Ar xxN
files with multiple lines instead.
.It Sy ifwatchd
Boolean value.
Monitor dynamic interfaces and perform actions upon address changes.
Passes
.Sy ifwatchd_flags .
.It Sy ip6addrctl
Boolean value.
Fine grain control of address and routing priorities.
.It Sy ip6addrctl_policy
A string.
Can be:
.Bl -tag -width "Ql auto" -compact
.It Ql auto
automatically determine from system settings; will read priorities from
.Pa /etc/ip6addrctl.conf
or if that file does not exist it will default to IPv6 first, then IPv4.
.It Ql ipv4_prefer
try IPv4 before IPv6.
.It Ql ipv6_prefer
try IPv6 before IPv4.
.El
.It Sy ip6addrctl_verbose
Boolean value.
If set, print the resulting prefixes and priorities map.
.It Sy ip6mode
A string.
An IPv6 node can be a router
.Pq nodes that forward packet for others
or a host
.Pq nodes that do not forward .
A host can be autoconfigured
based on the information advertised by adjacent IPv6 routers.
By setting
.Sy ip6mode
to
.Ql router ,
.Ql host ,
or
.Ql autohost ,
you can configure your node as a router,
a non-autoconfigured host, or an autoconfigured host.
Invalid values will be ignored, and the node will be configured as
a non-autoconfigured host.
.It Sy ip6uniquelocal
Boolean value.
If
.Sy ip6mode
is equal to
.Ql router ,
and
.Sy ip6uniquelocal
is false,
a reject route will be installed on boot to avoid misconfiguration relating
to unique-local addresses.
If
.Sy ip6uniquelocal
is true, the reject route won't be installed.
.It Sy ipfilter
Boolean value.
Runs
.Xr ipf 8
to load in packet filter specifications from
.Pa /etc/ipf.conf
at network boot time, before any interfaces are configured.
Passes
.Sy ipfilter_flags .
See
.Xr ipf.conf 5 .
.It Sy ipfs
Boolean value.
Runs
.Xr ipfs 8
to save and restore information for ipnat and ipfilter state tables.
The information is stored in
.Pa /var/db/ipf/ipstate.ipf
and
.Pa /var/db/ipf/ipnat.ipf .
Passes
.Sy ipfs_flags .
.It Sy ipmon
Boolean value.
Runs
.Xr ipmon 8
to read
.Xr ipf 8
packet log information and log it to a file or the system log.
Passes
.Sy ipmon_flags .
.It Sy ipmon_flags
A string.
Specifies arguments to supply to
.Xr ipmon 8 .
Defaults to
.Ql -ns .
A typical example would be
.Ql "-nD /var/log/ipflog"
to have
.Xr ipmon 8
log directly to a file bypassing
.Xr syslogd 8 .
If the
.Fl D
argument is used, remember to modify
.Pa /etc/newsyslog.conf
accordingly; for example:
.Pp
.Dl /var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
.It Sy ipnat
Boolean value.
Runs
.Xr ipnat 8
to load in the IP network address translation (NAT) rules from
.Pa /etc/ipnat.conf
at network boot time, before any interfaces are configured.
See
.Xr ipnat.conf 5 .
.It Sy ipsec
Boolean value.
Runs
.Xr setkey 8
to load in IPsec manual keys and policies from
.Pa /etc/ipsec.conf
at network boot time, before any interfaces are configured.
.It Sy npf
Boolean value.
Loads
.Xr npf.conf 5
at network boot time, and starts
.Xr npf 7 .
.It Sy npfd
Boolean value.
Runs
.Xr npfd 8 ,
the NPF packet filter logging and state synchronization daemon.
Passes
.Sy npfd_flags .
.It Sy net_interfaces
A string.
The list of network interfaces to be configured at boot time.
For each interface "xxN", the system first looks for ifconfig
parameters in the variable
.Sy ifconfig_xxN ,
and then in the file
.Pa /etc/ifconfig.xxN .
If
.Sy auto_ifconfig
is false, and neither the variable nor the file is found,
a warning is printed.
Information in either the variable or the file is parsed identically,
except that, if an
.Sy ifconfig_xxN
variable contains a single line with embedded semicolons,
then the value is split into multiple lines prior to further parsing,
treating the semicolon as a line separator.
.Pp
One common case it to set the
.Sy ifconfig_xxN
variable to a set of arguments to be passed to an
.Xr ifconfig 8
command after the interface name.
Refer to
.Xr ifconfig.if 5
for more details on
.Pa /etc/ifconfig.xxN
files, and note that the information there also applies to
.Sy ifconfig_xxN
variables (after the variables are split into lines).
.It Sy ntpdate
Boolean value.
Runs
.Xr ntpdate 8
to set the system time from one of the hosts in
.Sy ntpdate_hosts .
If
.Sy ntpdate_hosts
is empty, it will attempt to find a list of hosts in
.Pa /etc/ntp.conf .
Passes
.Sy ntpdate_flags .
.It Sy pf
Boolean value.
Enable
.Xr pf 4
at network boot time:
Load the initial configuration
.Xr pf.boot.conf 5
before the network is up.
After the network has been configured, then load the final rule set
.Xr pf.conf 5 .
.It Sy pf_rules
A string.
The path of the
.Xr pf.conf 5
rule set that will be used when loading the final rule set.
.It Sy pflogd
Boolean value.
Run
.Xr pflogd 8
for dumping packet filter logging information to a file.
.It Sy ppp
A boolean.
Toggles starting
.Xr pppd 8
on startup.
See
.Sy ppp_peers
below.
.It Sy ppp_peers
A string.
If
.Sy ppp
is true and
.Sy ppp_peers
is not empty, then
.Pa /etc/rc.d/ppp
will check each word in
.Sy ppp_peers
for a corresponding ppp configuration file in
.Pa /etc/ppp/peers
and will call
.Xr pppd 8
with the
.Dq Ic call Va peer
option.
.It Sy racoon
Boolean value.
Runs
.Xr racoon 8 ,
the IKE (ISAKMP/Oakley) key management daemon.
.It Sy wpa_supplicant
Boolean value.
Run
.Xr wpa_supplicant 8 ,
WPA/802.11i Supplicant for wireless network devices.
If you set
.Sy wpa_supplicant
true, then
.Pa /usr
must be in
.Sy critical_filesystems_local ,
or
.Pa /usr
must be on the root file system.
dhcpcd ignores this variable, see the
.Sy dhcpcd
variable for details.
.El
.Ss Daemons required by other daemons
.Bl -tag -width net_interfaces
.It Sy inetd
Boolean value.
Runs the
.Xr inetd 8
daemon to start network server processes (as listed in
.Pa /etc/inetd.conf )
as necessary.
Passes
.Sy inetd_flags .
The
.Fl l
flag turns on libwrap connection logging.
.It Sy rpcbind
Boolean value.
The
.Xr rpcbind 8
daemon is required for any
.Xr rpc 3
services.
These include NFS, NIS,
.Xr rpc.bootparamd 8 ,
.Xr rpc.rstatd 8 ,
.Xr rpc.rusersd 8 ,
and
.Xr rpc.rwalld 8 .
Passes
.Sy rpcbind_flags .
.El
.Ss Commonly used daemons
.Bl -tag -width net_interfaces
.It Sy cron
Boolean value.
Run
.Xr cron 8 .
.It Sy ftpd
Boolean value.
Runs the
.Xr ftpd 8
daemon and passes
.Sy ftpd_flags .
.It Sy httpd
Boolean value.
Runs the
.Xr httpd 8
daemon and passes
.Sy httpd_flags .
.It Sy httpd_wwwdir
A string.
The
.Xr httpd 8
WWW root directory.
Used only if
.Sy httpd
is true.
The default setting is
.Pa /var/www .
.It Sy httpd_wwwuser
A string.
If non-blank and
.Sy httpd
is true, run
.Xr httpd 8
and cause it to switch to the specified user after initialization.
It is preferred to
.Sy httpd_user
because
.Xr httpd 8
is requiring extra privileges to start listening on default port 80.
The default setting is
.Ql _httpd .
.It Sy lpd
Boolean value.
Runs
.Xr lpd 8
and passes
.Sy lpd_flags .
The
.Fl l
flag will turn on extra logging.
.It Sy mdnsd
Boolean value.
Runs
.Xr mdnsd 8 .
.It Sy named
Boolean value.
Runs
.Xr named 8
and passes
.Sy named_flags .
.It Sy named_chrootdir
A string.
If non-blank and
.Sy named
is true, run
.Xr named 8
as the unprivileged user and group
.Sq named ,
.Xr chroot 2 Ns ed
to
.Sy named_chrootdir .
.Li \&${named_chrootdir} Ns Pa /var/run/log
will be added to the list of log sockets that
.Xr syslogd 8
listens to.
.It Sy ntpd
Boolean value.
Runs
.Xr ntpd 8
and passes
.Sy ntpd_flags .
.It Sy ntpd_chrootdir
A string.
If non-blank and
.Sy ntpd
is true, run
.Xr ntpd 8
as the unprivileged user and group
.Sq ntpd ,
.Xr chroot 2 Ns ed
to
.Sy ntpd_chrootdir .
.Li \&${ntpd_chrootdir} Ns Pa /var/run/log
will be added to the list of log sockets that
.Xr syslogd 8
listens to.
This option requires that the kernel has
.D1 Cd pseudo-device clockctl
compiled in, and that
.Pa /dev/clockctl
is present.
.It Sy postfix
Boolean value.
Starts
.Xr postfix 1
mail system.
.It Sy sshd
Boolean value.
Runs
.Xr sshd 8
and passes
.Sy sshd_flags .
.It Sy syslogd
Boolean value.
Runs
.Xr syslogd 8
and passes
.Sy syslogd_flags .
.It Sy timed
Boolean value.
Runs
.Xr timed 8
and passes
.Sy timed_flags .
The
.Fl M
option allows
.Xr timed 8
to be a master time source as well as a slave.
If you are also running
.Xr ntpd 8 ,
only one machine running both should have the
.Fl M
flag given to
.Xr timed 8 .
.It Sy unbound
Boolean value.
Runs
.Xr unbound 8 .
.It Sy unbound_chrootdir
A string.
If non-blank and
.Sy unbound
is true, run
.Xr unbound 8
.Xr chroot 2 Ns ed
to
.Sy unbound_chrootdir .
.El
.Ss Routing daemons
.Bl -tag -width net_interfaces
.It Sy mrouted
Boolean value.
Runs
.Xr mrouted 8 ,
the DVMRP multicast routing protocol daemon.
Passes
.Sy mrouted_flags .
.It Sy route6d
Boolean value.
Runs
.Xr route6d 8 ,
the RIPng routing protocol daemon for IPv6.
Passes
.Sy route6d_flags .
.It Sy routed
Boolean value.
Runs
.Xr routed 8 ,
the RIP routing protocol daemon.
Passes
.Sy routed_flags .
.\" This should be false
.\" if
.\" .Sy gated
.\" is true.
.El
.Ss Daemons used to boot other hosts over a network
.Bl -tag -width net_interfaces
.It Sy bootparamd
Boolean value.
Runs
.Xr bootparamd 8 ,
the boot parameter server, with
.Sy bootparamd_flags
as options.
Used to boot
.Nx
and SunOS 4.x systems.
.It Sy dhcpd
Boolean value.
Runs
.Xr dhcpd 8 ,
the Dynamic Host Configuration Protocol (DHCP) daemon,
for assigning IP addresses to hosts and passing boot information.
Passes
.Sy dhcpd_flags .
.It Sy dhcrelay
Boolean value.
Runs
.Xr dhcrelay 8 .
Passes
.Sy dhcrelay_flags .
.It Sy mopd
Boolean value.
Runs
.Xr mopd 8 ,
the DEC MOP protocol daemon; used for booting VAX and other DEC
machines.
Passes
.Sy mopd_flags .
.It Sy ndbootd
Boolean value.
Runs
.Xr ndbootd 8 ,
the Sun Network Disk (ND) Protocol server.
Passes
.Sy ndbootd_flags .
.It Sy rarpd
Boolean value.
Runs
.Xr rarpd 8 ,
the reverse ARP daemon, often used to boot
.Nx
and Sun workstations.
Passes
.Sy rarpd_flags .
.It Sy rbootd
Boolean value.
Runs
.Xr rbootd 8 ,
the HP boot protocol daemon; used for booting HP workstations.
Passes
.Sy rbootd_flags .
.It Sy rtadvd
Boolean value.
Runs
.Xr rtadvd 8 ,
the IPv6 router advertisement daemon, which is used to advertise
information about the subnet to IPv6 end hosts.
Passes
.Sy rtadvd_flags .
This is only for IPv6 routers, so set
.Sy ip6mode
to
.Ql router
if you use it.
.El
.Ss X Window System daemons
.Bl -tag -width net_interfaces
.It Sy xdm
Boolean value.
Runs the
.Xr xdm 1
X display manager.
These X daemons are available only with the optional X distribution of
.Nx .
.It Sy xfs
Boolean value.
Runs the
.Xr xfs 1
X11 font server, which supplies local X font files to X terminals.
.El
.Ss NIS (YP) daemons
.Bl -tag -width net_interfaces
.It Sy ypbind
Boolean value.
Runs
.Xr ypbind 8 ,
which lets NIS (YP) clients use information from a NIS server.
Passes
.Sy ypbind_flags .
.It Sy yppasswdd
Boolean value.
Runs
.Xr yppasswdd 8 ,
which allows remote NIS users to update password on master server.
Passes
.Sy yppasswdd_flags .
.It Sy ypserv
Boolean value.
Runs
.Xr ypserv 8 ,
the NIS (YP) server for distributing information from certain files
in
.Pa /etc .
Passes
.Sy ypserv_flags .
The
.Fl d
flag causes it to use DNS for lookups in
.Pa /etc/hosts
that fail.
.El
.Ss NFS daemons and parameters
.Bl -tag -width net_interfaces
.It Sy amd
Boolean value.
Runs
.Xr amd 8 ,
the automounter daemon, which automatically mounts NFS file systems
whenever a file or directory within that file system is accessed.
Passes
.Sy amd_flags .
.It Sy amd_dir
A string.
The
.Xr amd 8
mount directory.
Used only if
.Sy amd
is true.
.It Sy lockd
Boolean value.
Runs
.Xr rpc.lockd 8
if
.Sy nfs_server
and/or
.Sy nfs_client
are true.
Passes
.Sy lockd_flags .
.It Sy mountd
Boolean value.
Runs
.Xr mountd 8
and passes
.Sy mountd_flags .
.It Sy nfs_client
Boolean value.
The number of local NFS asynchronous I/O server is now controlled via
.Xr sysctl 8 .
.It Sy nfs_server
Boolean value.
Sets up a host to be a NFS server by running
.Xr nfsd 8
and passing
.Sy nfsd_flags .
.It Sy statd
Boolean value.
Runs
.Xr rpc.statd 8 ,
a status monitoring daemon used when
.Xr rpc.lockd 8
is running, if
.Sy nfs_server
and/or
.Sy nfs_client
are true.
Passes
.Sy statd_flags .
.El
.Ss Bluetooth support
.Bl -tag -width net_interfaces
.It Sy bluetooth
Boolean value.
Configure Bluetooth support, comprising the following tasks:
.Bl -dash -compact
.It
attach serial Bluetooth controllers as listed in the
.Pa /etc/bluetooth/btattach.conf
configuration file.
.It
enable Bluetooth controllers with useful defaults, plus
additional options as detailed below.
.It
optionally, start
.Xr bthcid 8 ,
the Bluetooth Link Key/PIN Code manager, passing
.Sy bthcid_flags .
.It
configure local Bluetooth drivers as listed in the
.Pa /etc/bluetooth/btdevctl.conf
configuration file.
.It
optionally, start
.Xr sdpd 8 ,
the Service Discovery server, passing
.Sy sdpd_flags .
.El
.It Sy btconfig_devices
A string.
An optional list of Bluetooth controllers to configure.
.It Sy btconfig_{dev}
A string.
Additional configuration options for specific Bluetooth controllers.
.It Sy btconfig_args
A string.
Additional configuration options for Bluetooth controllers without
specific options as above.
.It Sy bthcid
Boolean value.
If set to false, disable starting the Bluetooth Link Key/PIN Code manager.
.It Sy sdpd
Boolean value.
If set to false, disable starting the Bluetooth Service Discovery server.
.El
.Ss Other daemons
.Bl -tag -width net_interfaces
.It Sy identd
Boolean value.
Runs
.Xr identd 8 ,
the daemon for the user identification protocol.
Passes
.Sy identd_flags .
.It Sy iscsi_target
Boolean value.
Runs the server for iSCSI requests,
.Xr iscsi-target 8 .
Passes
.Sy iscsi_target_flags .
.It Sy kdc
Boolean value.
Runs the
.Xr kdc 8
Kerberos v4 and v5 server.
This should be run on Kerberos master and slave servers.
.It Sy rwhod
Boolean value.
Runs
.Xr rwhod 8
to support the
.Xr rwho 1
and
.Xr ruptime 1
commands.
.It Sy autofs
Boolean value.
If set to
.Ql YES ,
start the
.Xr automount 8
utility and the
.Xr automountd 8
and
.Xr autounmountd 8
daemons at boot time.
.It Sy automount_flags
A string.
If
.Sy autofs
is set to
.Ql YES ,
these are the flags to pass to the
.Xr automount 8
program.
By default no flags are passed.
.It Sy automountd_flags
A string.
If
.Sy autofs
is set to
.Ql YES ,
these are the flags to pass to the
.Xr automountd 8
daemon.
By default no flags are passed.
.It Sy autounmountd_flags
A string.
If
.Sy autofs
is set to
.Ql YES ,
these are the flags to pass to the
.Xr autounmountd 8
daemon.
By default no flags are passed.
.El
.Ss Hardware daemons
.Bl -tag -width net_interfaces
.It Sy apmd
Boolean value.
Runs
.Xr apmd 8
and passes
.Sy apmd_flags .
.It Sy irdaattach
Boolean value.
Runs
.Xr irdaattach 8
and passes
.Sy irdaattach_flags .
.It Sy moused
Boolean value.
Runs
.Xr moused 8 ,
to pass serial mouse data to the wscons mouse mux.
Passes
.Sy moused_flags .
.It Sy screenblank
Boolean value.
Runs
.Xr screenblank 1
and passes
.Sy screenblank_flags .
.It Sy wscons
Boolean value.
Configures the
.Xr wscons 4
console driver, from the configuration file
.Pa /etc/wscons.conf .
.It Sy wsmoused
Boolean value.
Runs
.Xr wsmoused 8 ,
to provide copy and paste text support in wscons displays.
Passes
.Sy wsmoused_flags .
.El
.Sh FILES
.Bl -tag -width /etc/defaults/rc.conf -compact
.It Pa /etc/rc.conf
The file
.Nm
resides in
.Pa /etc .
.It Pa /etc/defaults/rc.conf
Default settings for
.Nm ,
sourced by
.Nm
before the end-user configuration section.
.It Pa /etc/rc.conf.d/ Ns Ar foo
.Ar foo Ns No -specific
.Nm
overrides.
.El
.Sh SEE ALSO
.Xr boot 8 ,
.Xr rc 8 ,
.Xr rc.d 8 ,
.Xr rc.subr 8 ,
.Xr rcorder 8
.Sh HISTORY
The
.Nm
file appeared in
.Nx 1.3 .