1.\" $NetBSD: rc.conf.5,v 1.185 2020/07/15 17:55:34 leot Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd July 15, 2020 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Ql YES , 127.Ql TRUE , 128.Ql ON 129or 130.Ql 1 131for true, and 132.Ql NO , 133.Ql FALSE , 134.Ql OFF 135or 136.Ql 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with 141.Dq _flags 142appended, and determine what 143arguments are passed to the program if it is enabled. 144.Pp 145If a variable that 146.Xr rc 8 147expects to be set is not set, or the value is not one of the allowed 148values, a warning will be printed. 149.Ss Overall control 150.Bl -tag -width net_interfaces 151.It Sy do_rcshutdown 152Boolean value. 153If false, 154.Xr shutdown 8 155will not run 156.Pa /etc/rc.shutdown . 157.It Sy rcshutdown_rcorder_flags 158A string. 159Extra arguments to the 160.Xr rcorder 8 161run by 162.Pa /etc/rc.shutdown . 163.It Sy rcshutdown_timeout 164A number. 165If non-blank, use this as the number of seconds to run a watchdog timer for 166which will terminate 167.Pa /etc/rc.shutdown 168if the timer expires before the shutdown script completes. 169.It Sy rc_configured 170Boolean value. 171If false then the system will drop into single-user mode during boot. 172.It Sy rc_fast_and_loose 173If set to a non-empty string, 174each script in 175.Pa /etc/rc.d 176will be executed in the current shell rather than a sub shell. 177This may be faster on slow machines that have an expensive 178.Xr fork 2 179operation. 180.Bl -hang 181.It Em Note : 182Use this at your own risk! 183A rogue command or script may inadvertently prevent boot to multiuser. 184.El 185.It Sy rc_rcorder_flags 186A string. 187Extra arguments to the 188.Xr rcorder 8 189run by 190.Pa /etc/rc . 191.It Sy rc_directories 192A string. 193Space separated list of directories searched for rc scripts. 194The default is 195.Pa /etc/rc.d . 196All directories in 197.Ev rc_directories 198must be located in the root file system, otherwise they will be silently 199skipped. 200.It Sy rc_silent 201Boolean value. 202If true then the usual output is suppressed, and 203.Xr rc 8 204invokes the command specified in the 205.Va rc_silent_cmd 206variable once for each line of suppressed output. 207The default value of 208.Va rc_silent 209is set from the 210.Dv AB_SILENT 211flag in the kernel's 212.Va boothowto 213variable (see 214.Xr boot 8 , 215.Xr reboot 2 ) . 216.It Sy rc_silent_cmd 217A command to be executed once per line of suppressed output, when 218.Va rc_silent 219is true. 220The default value of 221.Va rc_silent_cmd 222is 223.Ql twiddle , 224which will display a spinning symbol instead of each line of output. 225Another useful value is 226.Ql \&: , 227which will display nothing at all. 228.El 229.Ss Basic network configuration 230.Bl -tag -width net_interfaces 231.It Sy defaultroute 232A string. 233Default IPv4 network route. 234If empty or not set, then the contents of 235.Pa /etc/mygate 236(if it exists) are used. 237.It Sy defaultroute6 238A string. 239Default IPv6 network route. 240If empty or not set, then the contents of 241.Pa /etc/mygate6 242(if it exists) are used. 243.It Sy domainname 244A string. 245NIS (YP) domain of host. 246If empty or not set, then the contents of 247.Pa /etc/defaultdomain 248(if it exists) are used. 249.It Sy force_down_interfaces 250A space separated list of interface names. 251These interfaces will be configured down when going from multiuser to single-user 252mode or on system shutdown. 253.It Sy dns_domain 254A string. 255Sets domain in 256.Pa /etc/resolv.conf . 257.It Sy dns_search 258A string. 259Sets search in 260.Pa /etc/resolv.conf . 261.It Sy dns_nameservers 262A string of space separated domain name servers. 263Sets nameserver for each value in 264.Pa /etc/resolv.conf . 265.It Sy dns_sortlist 266A string. 267Sets sortlist in 268.Pa /etc/resolv.conf . 269.It Sy dns_options 270A string. 271Sets options in 272.Pa /etc/resolv.conf . 273.It Sy dns_metric 274An unsigned integer. 275Sets the priority of the above DNS to other sources, lowest wins. 276Defaults to 0. 277.Pp 278This is important for some stateful interfaces, for example PPPoE interfaces 279which have no direct means of noticing 280.Dq disconnect 281events. 282.Pp 283All active 284.Xr pppoe 4 285interfaces will be automatically added to this list. 286.It Sy hostname 287A string. 288Name of host. 289If empty or not set, then the contents of 290.Pa /etc/myname 291(if it exists) are used. 292.El 293.Ss Boottime file-system and swap configuration 294.Bl -tag -width net_interfaces 295.It Sy critical_filesystems_local 296A string. 297File systems mounted very early in the system boot before networking 298services are available. 299Usually 300.Pa /var 301is part of this, because it is needed by services such as 302.Xr dhcpcd 8 303which may be required to get the network operational. 304The default is 305.Ql "OPTIONAL:" Ns Pa /var , 306where the 307.Ql "OPTIONAL:" 308prefix means that it's not an error if the file system is not 309present in 310.Xr fstab 5 . 311.It Sy critical_filesystems_remote 312A string. 313File systems such as 314.Pa /usr 315that may require network services to be available to mount, 316that must be available early in the system boot for general services to use. 317The default is 318.Ql "OPTIONAL:" Ns Pa /usr , 319where the 320.Ql "OPTIONAL:" 321prefix means that it is not an error if the file system is not 322present in 323.Xr fstab 5 . 324.It Sy fsck_flags 325A string. 326A file system is checked with 327.Xr fsck 8 328during boot before mounting it. 329This option may be used to override the default command-line options 330passed to the 331.Xr fsck 8 332program. 333.Pp 334When set to 335.Fl y , 336.Xr fsck 8 337assumes yes as the answer to all operator questions during file system checks. 338This might be important with hosts where the administrator does not have 339access to the console and an unsuccessful shutdown must not make the host 340unbootable even if the file system checks would fail in preen mode. 341.It Sy modules 342Boolean value. 343If true, loads the modules specified in 344.Xr modules.conf 5 . 345.It Sy no_swap 346Boolean value. 347Should be true if you have deliberately configured your system with no swap. 348If false and no swap devices are configured, the system will warn you. 349.It Sy resize_root 350Boolean value. 351Set to true to have the system resize the root file system to fill its 352partition. 353Will only attempt to resize the root file system if it is of type ffs and does 354not have logging enabled. 355Defaults to false. 356.It Sy swapoff 357Boolean value. 358Remove block-type swap devices at shutdown time. 359Useful if swapping onto RAIDframe devices. 360.It Sy swapoff_umount 361.Dq "auto" 362or 363.Dq "manual" . 364Before removing block-type swap devices, it is wise to unmount tmpfs filesystems to avoid having to swap their contents back into RAM. 365By default 366.Dq ( "auto" ) 367all tmpfs filesystems that contain no device nodes are unmounted. 368Set to 369.Dq "manual" 370to explicitly specify which filesystems to unmount before removing swap. 371.It Sy swapoff_umount_fs 372A space-separated list of absolute paths to tmpfs mount points. 373If 374.Sy swapoff_umount 375is set to 376.Dq "manual" , 377these tmpfs filesystems will be forcibly unmounted before removing block-type 378swap devices. 379.It Sy var_shm_symlink 380A path. 381If set, names a path that 382.Pa /var/shm 383will be symlinked to. 384.Pp 385The path needs to live on a tmpfs file system. 386A typical value (assuming 387.Pa /tmp 388is mounted on tmpfs) would be 389.Pa /tmp/.shm . 390.El 391.Ss Block device subsystems 392.Bl -tag -width net_interfaces 393.It Sy ccd 394Boolean value. 395Configures concatenated disk devices according to 396.Xr ccd.conf 5 . 397.It Sy cgd 398Boolean value. 399Configures cryptographic disk devices. 400Requires 401.Pa /etc/cgd/cgd.conf . 402See 403.Xr cgdconfig 8 404for additional details. 405.It Sy lvm 406Boolean value. 407Configures the logical volume manager. 408See 409.Xr lvm 8 410for additional details. 411.It Sy raidframe 412Boolean value. 413Configures 414.Xr raid 4 , 415RAIDframe disk devices. 416See 417.Xr raidctl 8 418for additional details. 419.El 420.Ss One-time actions to perform or programs to run on boot-up 421.Bl -tag -width net_interfaces 422.It Sy accounting 423Boolean value. 424Enables process accounting with 425.Xr accton 8 . 426Requires 427.Pa /var/account/acct 428to exist. 429.It Sy clear_tmp 430Boolean value. 431Clear 432.Pa /tmp 433after reboot. 434.It Sy dmesg 435Boolean value. 436Create 437.Pa /var/run/dmesg.boot 438from the output of 439.Xr dmesg 8 . 440Passes 441.Sy dmesg_flags . 442.It Sy envsys 443Boolean value. 444Sets preferences for the environmental systems framework, 445.Xr envsys 4 . 446Requires 447.Pa /etc/envsys.conf , 448which is described in 449.Xr envsys.conf 5 . 450.It Sy gpio 451Boolean value. 452Configure 453.Xr gpio 4 454devices. 455See 456.Xr gpio.conf 5 . 457.It Sy ldconfig 458Boolean value. 459Configures 460.Xr a.out 5 461runtime link editor directory cache. 462.It Sy mixerctl 463Boolean value. 464Read 465.Xr mixerctl.conf 5 466for how to set mixer values. 467List in 468.Sy mixerctl_mixers 469the devices whose settings are to be saved at shutdown and 470restored at start-up. 471.It Sy newsyslog 472Boolean value. 473Run 474.Nm newsyslog 475to trim log files before syslogd starts. 476Intended for laptop users. 477Passes 478.Sy newsyslog_flags . 479.It Sy per_user_tmp 480Boolean value. 481Enables a per-user 482.Pa /tmp 483directory. 484.Sy per_user_tmp_dir 485can be used to override the default location of the 486.Dq real 487temporary directories, 488.Pa /private/tmp . 489See 490.Xr security 7 491for additional details. 492.It Sy quota 493Boolean value. 494Checks and enables quotas by running 495.Xr quotacheck 8 496and 497.Xr quotaon 8 . 498.It Sy random_seed 499Boolean value. 500During boot-up, runs the 501.Xr rndctl 8 502utility with the 503.Fl L 504flag to seed the random number subsystem from an entropy file. 505During shutdown, runs the 506.Xr rndctl 8 507utility with the 508.Fl S 509flag to save some random information to the entropy file. 510The entropy file name is specified by the 511.Sy random_file 512variable, and defaults to 513.Pa /var/db/entropy-file . 514The entropy file must be on a local file system that is writable early during 515boot-up (just after the file systems specified in 516.Sy critical_filesystems_local 517have been mounted), and correspondingly late during shutdown. 518.It Sy rndctl 519Boolean value. 520Runs the 521.Xr rndctl 8 522utility one or more times according to the specification in 523.Sy rndctl_flags . 524.Pp 525If 526.Sy rndctl_flags 527does not contain a semicolon 528.Pq Ql \&; 529then it is expected to contain zero or more flags, 530followed by one or more device or type names. 531The 532.Xr rndctl 8 533command will be executed once for each device or type name. 534If the specified flags do not include any of 535.Fl c , C , e , 536or 537.Fl E , 538then the flags 539.Fl c 540and 541.Fl e 542are added, to specify that entropy from the relevant device or type 543should be both collected and estimated. 544If the specified flags do not include either of 545.Fl d 546or 547.Fl t , 548then the flag 549.Fl d 550is added, to specify that the non-flag arguments are device names, 551not type names. 552.Pp 553.Sy rndctl_flags 554may contain multiple semicolon-separated segments, in which each 555segment contains flags and device or type names as described above. 556This allows different flags to be associated with different 557device or type names. 558For example, given 559.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 560the following commands will be executed: 561.Li "rndctl -c -e -d wd0" ; 562.Li "rndctl -c -e -d wd1" ; 563.Li "rndctl -c -e -t tty" ; 564.Li "rndctl -c -t net" . 565.It Sy rtclocaltime 566Boolean value. 567Sets the real time clock to local time by adjusting the 568.Xr sysctl 7 569value of 570.Pa kern.rtc_offset . 571The offset from UTC is calculated automatically according 572to the time zone information in the file 573.Pa /etc/localtime . 574.It Sy savecore 575Boolean value. 576Runs the 577.Xr savecore 8 578utility. 579Passes 580.Sy savecore_flags . 581The directory where crash dumps are stored is specified by 582.Sy savecore_dir . 583The default setting is 584.Pa /var/crash . 585.It Sy sysdb 586Boolean value. 587Builds various system databases, including 588.Pa /var/run/dev.cdb , 589.Pa /etc/spwd.db , 590.Pa /var/db/netgroup.db , 591.Pa /var/db/services.cdb , 592and entries for 593.Xr utmp 5 . 594.It Sy tpctl 595Boolean value. 596Run 597.Xr tpctl 8 598to calibrate touch panel device. 599Passes 600.Sy tpctl_flags . 601.It Sy update_motd 602Boolean value. 603Updates the 604.Nx 605version string in the 606.Pa /etc/motd 607file to reflect the version of the running kernel. 608See 609.Xr motd 5 . 610.It Sy virecover 611Boolean value. 612Send notification mail to users if any recoverable files exist in 613.Pa /var/tmp/vi.recover . 614Read 615.Xr virecover 8 616for more information. 617.It Sy wdogctl 618Boolean value. 619Configures watchdog timers. 620Passes 621.Sy wdogctl_flags . 622Refer to 623.Xr wdogctl 8 624for information on how to configure a timer. 625.El 626.Ss System security settings 627.Bl -tag -width net_interfaces 628.It Sy securelevel 629A number. 630The system securelevel is set to the specified value early 631in the boot process, before any external logins, or other programs 632that run users job, are started. 633If set to nothing, the default action is taken, as described in 634.Xr init 8 635and 636.Xr secmodel_securelevel 9 , 637which contains definitive information about the system securelevel. 638Note that setting 639.Sy securelevel 640to 0 in 641.Nm 642will actually result in the system booting with securelevel set to 1, as 643.Xr init 8 644will raise the level when 645.Xr rc 8 646completes. 647.It Sy permit_nonalpha 648Boolean value. 649Allow passwords to include non-alpha characters, usually to allow 650NIS/YP netgroups. 651.It Sy veriexec 652Boolean value. 653Load Veriexec fingerprints during startup. 654Read 655.Xr veriexecctl 8 656for more information. 657.It Sy veriexec_strict 658A number. 659Controls the strict level of Veriexec. 660Level 0 is learning mode, used when building the signatures file. 661It will only output messages but will not enforce anything. 662Level 1 will only prevent access to files with a fingerprint 663mismatch. 664Level 2 will also deny writing to and removing of 665monitored files, as well as enforce access type (as specified in 666the signatures file). 667Level 3 will take a step further and prevent 668access to files that are not monitored. 669.It Sy veriexec_verbose 670A number. 671Controls the verbosity of Veriexec. 672Recommended operation is at level 0, verbose output (mostly used when 673building the signatures file) is at level 1. 674Level 2 is for debugging only and should not be used. 675.It Sy veriexec_flags 676A string. 677Flags to pass to the 678.Nm veriexecctl 679command. 680.It Sy smtoff 681Boolean value. 682Disables SMT (Simultaneous Multi-Threading). 683.El 684.Ss Networking startup 685.Bl -tag -width net_interfaces 686.It Sy altqd 687Boolean value. 688ALTQ configuration/monitoring daemon. 689Passes 690.Sy altqd_flags . 691.It Sy auto_ifconfig 692Boolean value. 693Sets the 694.Sy net_interfaces 695variable (see below) to the output of 696.Xr ifconfig 8 697with the 698.Fl l 699flag and suppresses warnings about interfaces in this list that 700do not have an ifconfig file or variable. 701.It Sy blocklistd 702Boolean value. 703Runs 704.Xr blocklistd 8 705to dynamically block hosts on a DoS according to configuration set in 706.Xr blocklistd.conf 5 707Passes 708.Sy blocklistd_flags . 709.It Sy dhcpcd 710Boolean value. 711Set true to configure some or all network interfaces using dhcpcd. 712If you set 713.Sy dhcpcd 714true, then 715.Pa /var 716must be in 717.Sy critical_filesystems_local , 718or 719.Pa /var 720must be on the root file system. 721If you need to restrict dhcpcd to one or a number of interfaces, 722or need a separate configuration per interface, 723then this should be done in the configuration file - see 724.Xr dhcpcd.conf 5 725for details. 726dhcpcd presently ignores the 727.Sy wpa_supplicant 728variable in rc.conf and will start wpa_supplicant if a suitable 729wpa_supplicant.conf is found unless otherwise instructed in 730.Xr dhcpcd.conf 5 . 731.It Sy dhcpcd_flags 732Passes 733.Sy dhcpcd_flags 734to dhcpcd. 735See 736.Xr dhcpcd 8 737for complete documentation. 738.It Sy flushroutes 739Boolean value. 740Flushes the route table on networking startup. 741Useful when coming up to multiuser mode after going down to 742single-user mode. 743.It Sy ftp_proxy 744Boolean value. 745Runs 746.Xr ftp-proxy 8 , 747the proxy daemon for the Internet File Transfer Protocol. 748.It Sy hostapd 749Boolean value. 750Runs 751.Xr hostapd 8 , 752the authenticator for IEEE 802.11 networks. 753.It Sy ifaliases_* 754A string. 755List of 756.Sq Em "address netmask" 757pairs to configure additional network addresses for the given 758configured interface 759(e.g. 760.Sy ifaliases_le0 ) . 761If 762.Em netmask 763is 764.Ql - , 765then use the default netmask for the interface. 766.Pp 767.Sy ifaliases_* 768covers limited cases only and is considered unrecommended. 769We recommend using 770.Sy ifconfig_xxN 771variables or 772.Pa /etc/ifconfig. Ns Ar xxN 773files with multiple lines instead. 774.It Sy ifwatchd 775Boolean value. 776Monitor dynamic interfaces and perform actions upon address changes. 777Passes 778.Sy ifwatchd_flags . 779.It Sy ip6addrctl 780Boolean value. 781Fine grain control of address and routing priorities. 782.It Sy ip6addrctl_policy 783A string. 784Can be: 785.Bl -tag -width "Ql auto" -compact 786.It Ql auto 787automatically determine from system settings; will read priorities from 788.Pa /etc/ip6addrctl.conf 789or if that file does not exist it will default to IPv6 first, then IPv4. 790.It Ql ipv4_prefer 791try IPv4 before IPv6. 792.It Ql ipv6_prefer 793try IPv6 before IPv4. 794.El 795.It Sy ip6addrctl_verbose 796Boolean value. 797If set, print the resulting prefixes and priorities map. 798.It Sy ip6mode 799A string. 800An IPv6 node can be a router 801.Pq nodes that forward packet for others 802or a host 803.Pq nodes that do not forward . 804A host can be autoconfigured 805based on the information advertised by adjacent IPv6 routers. 806By setting 807.Sy ip6mode 808to 809.Ql router , 810.Ql host , 811or 812.Ql autohost , 813you can configure your node as a router, 814a non-autoconfigured host, or an autoconfigured host. 815Invalid values will be ignored, and the node will be configured as 816a non-autoconfigured host. 817.It Sy ip6uniquelocal 818Boolean value. 819If 820.Sy ip6mode 821is equal to 822.Ql router , 823and 824.Sy ip6uniquelocal 825is false, 826a reject route will be installed on boot to avoid misconfiguration relating 827to unique-local addresses. 828If 829.Sy ip6uniquelocal 830is true, the reject route won't be installed. 831.It Sy ipfilter 832Boolean value. 833Runs 834.Xr ipf 8 835to load in packet filter specifications from 836.Pa /etc/ipf.conf 837at network boot time, before any interfaces are configured. 838Passes 839.Sy ipfilter_flags . 840See 841.Xr ipf.conf 5 . 842.It Sy ipfs 843Boolean value. 844Runs 845.Xr ipfs 8 846to save and restore information for ipnat and ipfilter state tables. 847The information is stored in 848.Pa /var/db/ipf/ipstate.ipf 849and 850.Pa /var/db/ipf/ipnat.ipf . 851Passes 852.Sy ipfs_flags . 853.It Sy ipmon 854Boolean value. 855Runs 856.Xr ipmon 8 857to read 858.Xr ipf 8 859packet log information and log it to a file or the system log. 860Passes 861.Sy ipmon_flags . 862.It Sy ipmon_flags 863A string. 864Specifies arguments to supply to 865.Xr ipmon 8 . 866Defaults to 867.Ql -ns . 868A typical example would be 869.Ql "-nD /var/log/ipflog" 870to have 871.Xr ipmon 8 872log directly to a file bypassing 873.Xr syslogd 8 . 874If the 875.Fl D 876argument is used, remember to modify 877.Pa /etc/newsyslog.conf 878accordingly; for example: 879.Pp 880.Dl /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 881.It Sy ipnat 882Boolean value. 883Runs 884.Xr ipnat 8 885to load in the IP network address translation (NAT) rules from 886.Pa /etc/ipnat.conf 887at network boot time, before any interfaces are configured. 888See 889.Xr ipnat.conf 5 . 890.It Sy ipsec 891Boolean value. 892Runs 893.Xr setkey 8 894to load in IPsec manual keys and policies from 895.Pa /etc/ipsec.conf 896at network boot time, before any interfaces are configured. 897.It Sy npf 898Boolean value. 899Loads 900.Xr npf.conf 5 901at network boot time, and starts 902.Xr npf 7 . 903.It Sy npfd 904Boolean value. 905Runs 906.Xr npfd 8 , 907the NPF packet filter logging and state synchronization daemon. 908Passes 909.Sy npfd_flags . 910.It Sy net_interfaces 911A string. 912The list of network interfaces to be configured at boot time. 913For each interface "xxN", the system first looks for ifconfig 914parameters in the variable 915.Sy ifconfig_xxN , 916and then in the file 917.Pa /etc/ifconfig.xxN . 918If 919.Sy auto_ifconfig 920is false, and neither the variable nor the file is found, 921a warning is printed. 922Information in either the variable or the file is parsed identically, 923except that, if an 924.Sy ifconfig_xxN 925variable contains a single line with embedded semicolons, 926then the value is split into multiple lines prior to further parsing, 927treating the semicolon as a line separator. 928.Pp 929One common case it to set the 930.Sy ifconfig_xxN 931variable to a set of arguments to be passed to an 932.Xr ifconfig 8 933command after the interface name. 934Refer to 935.Xr ifconfig.if 5 936for more details on 937.Pa /etc/ifconfig.xxN 938files, and note that the information there also applies to 939.Sy ifconfig_xxN 940variables (after the variables are split into lines). 941.It Sy ntpdate 942Boolean value. 943Runs 944.Xr ntpdate 8 945to set the system time from one of the hosts in 946.Sy ntpdate_hosts . 947If 948.Sy ntpdate_hosts 949is empty, it will attempt to find a list of hosts in 950.Pa /etc/ntp.conf . 951Passes 952.Sy ntpdate_flags . 953.It Sy pf 954Boolean value. 955Enable 956.Xr pf 4 957at network boot time: 958Load the initial configuration 959.Xr pf.boot.conf 5 960before the network is up. 961After the network has been configured, then load the final rule set 962.Xr pf.conf 5 . 963.It Sy pf_rules 964A string. 965The path of the 966.Xr pf.conf 5 967rule set that will be used when loading the final rule set. 968.It Sy pflogd 969Boolean value. 970Run 971.Xr pflogd 8 972for dumping packet filter logging information to a file. 973.It Sy ppp 974A boolean. 975Toggles starting 976.Xr pppd 8 977on startup. 978See 979.Sy ppp_peers 980below. 981.It Sy ppp_peers 982A string. 983If 984.Sy ppp 985is true and 986.Sy ppp_peers 987is not empty, then 988.Pa /etc/rc.d/ppp 989will check each word in 990.Sy ppp_peers 991for a corresponding ppp configuration file in 992.Pa /etc/ppp/peers 993and will call 994.Xr pppd 8 995with the 996.Dq Ic call Va peer 997option. 998.It Sy racoon 999Boolean value. 1000Runs 1001.Xr racoon 8 , 1002the IKE (ISAKMP/Oakley) key management daemon. 1003.It Sy wpa_supplicant 1004Boolean value. 1005Run 1006.Xr wpa_supplicant 8 , 1007WPA/802.11i Supplicant for wireless network devices. 1008If you set 1009.Sy wpa_supplicant 1010true, then 1011.Pa /usr 1012must be in 1013.Sy critical_filesystems_local , 1014or 1015.Pa /usr 1016must be on the root file system. 1017dhcpcd ignores this variable, see the 1018.Sy dhcpcd 1019variable for details. 1020.El 1021.Ss Daemons required by other daemons 1022.Bl -tag -width net_interfaces 1023.It Sy inetd 1024Boolean value. 1025Runs the 1026.Xr inetd 8 1027daemon to start network server processes (as listed in 1028.Pa /etc/inetd.conf ) 1029as necessary. 1030Passes 1031.Sy inetd_flags . 1032The 1033.Fl l 1034flag turns on libwrap connection logging. 1035.It Sy rpcbind 1036Boolean value. 1037The 1038.Xr rpcbind 8 1039daemon is required for any 1040.Xr rpc 3 1041services. 1042These include NFS, NIS, 1043.Xr rpc.bootparamd 8 , 1044.Xr rpc.rstatd 8 , 1045.Xr rpc.rusersd 8 , 1046and 1047.Xr rpc.rwalld 8 . 1048Passes 1049.Sy rpcbind_flags . 1050.El 1051.Ss Commonly used daemons 1052.Bl -tag -width net_interfaces 1053.It Sy cron 1054Boolean value. 1055Run 1056.Xr cron 8 . 1057.It Sy ftpd 1058Boolean value. 1059Runs the 1060.Xr ftpd 8 1061daemon and passes 1062.Sy ftpd_flags . 1063.It Sy httpd 1064Boolean value. 1065Runs the 1066.Xr httpd 8 1067daemon and passes 1068.Sy httpd_flags . 1069.It Sy httpd_wwwdir 1070A string. 1071The 1072.Xr httpd 8 1073WWW root directory. 1074Used only if 1075.Sy httpd 1076is true. 1077The default setting is 1078.Pa /var/www . 1079.It Sy httpd_wwwuser 1080A string. 1081If non-blank and 1082.Sy httpd 1083is true, run 1084.Xr httpd 8 1085and cause it to switch to the specified user after initialization. 1086It is preferred to 1087.Sy httpd_user 1088because 1089.Xr httpd 8 1090is requiring extra privileges to start listening on default port 80. 1091The default setting is 1092.Ql _httpd . 1093.It Sy lpd 1094Boolean value. 1095Runs 1096.Xr lpd 8 1097and passes 1098.Sy lpd_flags . 1099The 1100.Fl l 1101flag will turn on extra logging. 1102.It Sy mdnsd 1103Boolean value. 1104Runs 1105.Xr mdnsd 8 . 1106.It Sy named 1107Boolean value. 1108Runs 1109.Xr named 8 1110and passes 1111.Sy named_flags . 1112.It Sy named_chrootdir 1113A string. 1114If non-blank and 1115.Sy named 1116is true, run 1117.Xr named 8 1118as the unprivileged user and group 1119.Sq named , 1120.Xr chroot 2 Ns ed 1121to 1122.Sy named_chrootdir . 1123.Li \&${named_chrootdir} Ns Pa /var/run/log 1124will be added to the list of log sockets that 1125.Xr syslogd 8 1126listens to. 1127.It Sy ntpd 1128Boolean value. 1129Runs 1130.Xr ntpd 8 1131and passes 1132.Sy ntpd_flags . 1133.It Sy ntpd_chrootdir 1134A string. 1135If non-blank and 1136.Sy ntpd 1137is true, run 1138.Xr ntpd 8 1139as the unprivileged user and group 1140.Sq ntpd , 1141.Xr chroot 2 Ns ed 1142to 1143.Sy ntpd_chrootdir . 1144.Li \&${ntpd_chrootdir} Ns Pa /var/run/log 1145will be added to the list of log sockets that 1146.Xr syslogd 8 1147listens to. 1148This option requires that the kernel has 1149.D1 Cd pseudo-device clockctl 1150compiled in, and that 1151.Pa /dev/clockctl 1152is present. 1153.It Sy postfix 1154Boolean value. 1155Starts 1156.Xr postfix 1 1157mail system. 1158.It Sy sshd 1159Boolean value. 1160Runs 1161.Xr sshd 8 1162and passes 1163.Sy sshd_flags . 1164.It Sy syslogd 1165Boolean value. 1166Runs 1167.Xr syslogd 8 1168and passes 1169.Sy syslogd_flags . 1170.It Sy timed 1171Boolean value. 1172Runs 1173.Xr timed 8 1174and passes 1175.Sy timed_flags . 1176The 1177.Fl M 1178option allows 1179.Xr timed 8 1180to be a master time source as well as a slave. 1181If you are also running 1182.Xr ntpd 8 , 1183only one machine running both should have the 1184.Fl M 1185flag given to 1186.Xr timed 8 . 1187.It Sy unbound 1188Boolean value. 1189Runs 1190.Xr unbound 8 . 1191.It Sy unbound_chrootdir 1192A string. 1193If non-blank and 1194.Sy unbound 1195is true, run 1196.Xr unbound 8 1197.Xr chroot 2 Ns ed 1198to 1199.Sy unbound_chrootdir . 1200.El 1201.Ss Routing daemons 1202.Bl -tag -width net_interfaces 1203.It Sy mrouted 1204Boolean value. 1205Runs 1206.Xr mrouted 8 , 1207the DVMRP multicast routing protocol daemon. 1208Passes 1209.Sy mrouted_flags . 1210.It Sy route6d 1211Boolean value. 1212Runs 1213.Xr route6d 8 , 1214the RIPng routing protocol daemon for IPv6. 1215Passes 1216.Sy route6d_flags . 1217.It Sy routed 1218Boolean value. 1219Runs 1220.Xr routed 8 , 1221the RIP routing protocol daemon. 1222Passes 1223.Sy routed_flags . 1224.\" This should be false 1225.\" if 1226.\" .Sy gated 1227.\" is true. 1228.El 1229.Ss Daemons used to boot other hosts over a network 1230.Bl -tag -width net_interfaces 1231.It Sy bootparamd 1232Boolean value. 1233Runs 1234.Xr bootparamd 8 , 1235the boot parameter server, with 1236.Sy bootparamd_flags 1237as options. 1238Used to boot 1239.Nx 1240and SunOS 4.x systems. 1241.It Sy dhcpd 1242Boolean value. 1243Runs 1244.Xr dhcpd 8 , 1245the Dynamic Host Configuration Protocol (DHCP) daemon, 1246for assigning IP addresses to hosts and passing boot information. 1247Passes 1248.Sy dhcpd_flags . 1249.It Sy dhcrelay 1250Boolean value. 1251Runs 1252.Xr dhcrelay 8 . 1253Passes 1254.Sy dhcrelay_flags . 1255.It Sy mopd 1256Boolean value. 1257Runs 1258.Xr mopd 8 , 1259the DEC MOP protocol daemon; used for booting VAX and other DEC 1260machines. 1261Passes 1262.Sy mopd_flags . 1263.It Sy ndbootd 1264Boolean value. 1265Runs 1266.Xr ndbootd 8 , 1267the Sun Network Disk (ND) Protocol server. 1268Passes 1269.Sy ndbootd_flags . 1270.It Sy rarpd 1271Boolean value. 1272Runs 1273.Xr rarpd 8 , 1274the reverse ARP daemon, often used to boot 1275.Nx 1276and Sun workstations. 1277Passes 1278.Sy rarpd_flags . 1279.It Sy rbootd 1280Boolean value. 1281Runs 1282.Xr rbootd 8 , 1283the HP boot protocol daemon; used for booting HP workstations. 1284Passes 1285.Sy rbootd_flags . 1286.It Sy rtadvd 1287Boolean value. 1288Runs 1289.Xr rtadvd 8 , 1290the IPv6 router advertisement daemon, which is used to advertise 1291information about the subnet to IPv6 end hosts. 1292Passes 1293.Sy rtadvd_flags . 1294This is only for IPv6 routers, so set 1295.Sy ip6mode 1296to 1297.Ql router 1298if you use it. 1299.El 1300.Ss X Window System daemons 1301.Bl -tag -width net_interfaces 1302.It Sy xdm 1303Boolean value. 1304Runs the 1305.Xr xdm 1 1306X display manager. 1307These X daemons are available only with the optional X distribution of 1308.Nx . 1309.It Sy xfs 1310Boolean value. 1311Runs the 1312.Xr xfs 1 1313X11 font server, which supplies local X font files to X terminals. 1314.El 1315.Ss NIS (YP) daemons 1316.Bl -tag -width net_interfaces 1317.It Sy ypbind 1318Boolean value. 1319Runs 1320.Xr ypbind 8 , 1321which lets NIS (YP) clients use information from a NIS server. 1322Passes 1323.Sy ypbind_flags . 1324.It Sy yppasswdd 1325Boolean value. 1326Runs 1327.Xr yppasswdd 8 , 1328which allows remote NIS users to update password on master server. 1329Passes 1330.Sy yppasswdd_flags . 1331.It Sy ypserv 1332Boolean value. 1333Runs 1334.Xr ypserv 8 , 1335the NIS (YP) server for distributing information from certain files 1336in 1337.Pa /etc . 1338Passes 1339.Sy ypserv_flags . 1340The 1341.Fl d 1342flag causes it to use DNS for lookups in 1343.Pa /etc/hosts 1344that fail. 1345.El 1346.Ss NFS daemons and parameters 1347.Bl -tag -width net_interfaces 1348.It Sy amd 1349Boolean value. 1350Runs 1351.Xr amd 8 , 1352the automounter daemon, which automatically mounts NFS file systems 1353whenever a file or directory within that file system is accessed. 1354Passes 1355.Sy amd_flags . 1356.It Sy amd_dir 1357A string. 1358The 1359.Xr amd 8 1360mount directory. 1361Used only if 1362.Sy amd 1363is true. 1364.It Sy lockd 1365Boolean value. 1366Runs 1367.Xr rpc.lockd 8 1368if 1369.Sy nfs_server 1370and/or 1371.Sy nfs_client 1372are true. 1373Passes 1374.Sy lockd_flags . 1375.It Sy mountd 1376Boolean value. 1377Runs 1378.Xr mountd 8 1379and passes 1380.Sy mountd_flags . 1381.It Sy nfs_client 1382Boolean value. 1383The number of local NFS asynchronous I/O server is now controlled via 1384.Xr sysctl 8 . 1385.It Sy nfs_server 1386Boolean value. 1387Sets up a host to be a NFS server by running 1388.Xr nfsd 8 1389and passing 1390.Sy nfsd_flags . 1391.It Sy statd 1392Boolean value. 1393Runs 1394.Xr rpc.statd 8 , 1395a status monitoring daemon used when 1396.Xr rpc.lockd 8 1397is running, if 1398.Sy nfs_server 1399and/or 1400.Sy nfs_client 1401are true. 1402Passes 1403.Sy statd_flags . 1404.El 1405.Ss Bluetooth support 1406.Bl -tag -width net_interfaces 1407.It Sy bluetooth 1408Boolean value. 1409Configure Bluetooth support, comprising the following tasks: 1410.Bl -dash -compact 1411.It 1412attach serial Bluetooth controllers as listed in the 1413.Pa /etc/bluetooth/btattach.conf 1414configuration file. 1415.It 1416enable Bluetooth controllers with useful defaults, plus 1417additional options as detailed below. 1418.It 1419optionally, start 1420.Xr bthcid 8 , 1421the Bluetooth Link Key/PIN Code manager, passing 1422.Sy bthcid_flags . 1423.It 1424configure local Bluetooth drivers as listed in the 1425.Pa /etc/bluetooth/btdevctl.conf 1426configuration file. 1427.It 1428optionally, start 1429.Xr sdpd 8 , 1430the Service Discovery server, passing 1431.Sy sdpd_flags . 1432.El 1433.It Sy btconfig_devices 1434A string. 1435An optional list of Bluetooth controllers to configure. 1436.It Sy btconfig_{dev} 1437A string. 1438Additional configuration options for specific Bluetooth controllers. 1439.It Sy btconfig_args 1440A string. 1441Additional configuration options for Bluetooth controllers without 1442specific options as above. 1443.It Sy bthcid 1444Boolean value. 1445If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1446.It Sy sdpd 1447Boolean value. 1448If set to false, disable starting the Bluetooth Service Discovery server. 1449.El 1450.Ss Other daemons 1451.Bl -tag -width net_interfaces 1452.It Sy identd 1453Boolean value. 1454Runs 1455.Xr identd 8 , 1456the daemon for the user identification protocol. 1457Passes 1458.Sy identd_flags . 1459.It Sy iscsi_target 1460Boolean value. 1461Runs the server for iSCSI requests, 1462.Xr iscsi-target 8 . 1463Passes 1464.Sy iscsi_target_flags . 1465.It Sy kdc 1466Boolean value. 1467Runs the 1468.Xr kdc 8 1469Kerberos v4 and v5 server. 1470This should be run on Kerberos master and slave servers. 1471.It Sy rwhod 1472Boolean value. 1473Runs 1474.Xr rwhod 8 1475to support the 1476.Xr rwho 1 1477and 1478.Xr ruptime 1 1479commands. 1480.It Sy autofs 1481Boolean value. 1482If set to 1483.Ql YES , 1484start the 1485.Xr automount 8 1486utility and the 1487.Xr automountd 8 1488and 1489.Xr autounmountd 8 1490daemons at boot time. 1491.It Sy automount_flags 1492A string. 1493If 1494.Sy autofs 1495is set to 1496.Ql YES , 1497these are the flags to pass to the 1498.Xr automount 8 1499program. 1500By default no flags are passed. 1501.It Sy automountd_flags 1502A string. 1503If 1504.Sy autofs 1505is set to 1506.Ql YES , 1507these are the flags to pass to the 1508.Xr automountd 8 1509daemon. 1510By default no flags are passed. 1511.It Sy autounmountd_flags 1512A string. 1513If 1514.Sy autofs 1515is set to 1516.Ql YES , 1517these are the flags to pass to the 1518.Xr autounmountd 8 1519daemon. 1520By default no flags are passed. 1521.El 1522.Ss Hardware daemons 1523.Bl -tag -width net_interfaces 1524.It Sy apmd 1525Boolean value. 1526Runs 1527.Xr apmd 8 1528and passes 1529.Sy apmd_flags . 1530.It Sy irdaattach 1531Boolean value. 1532Runs 1533.Xr irdaattach 8 1534and passes 1535.Sy irdaattach_flags . 1536.It Sy moused 1537Boolean value. 1538Runs 1539.Xr moused 8 , 1540to pass serial mouse data to the wscons mouse mux. 1541Passes 1542.Sy moused_flags . 1543.It Sy screenblank 1544Boolean value. 1545Runs 1546.Xr screenblank 1 1547and passes 1548.Sy screenblank_flags . 1549.It Sy wscons 1550Boolean value. 1551Configures the 1552.Xr wscons 4 1553console driver, from the configuration file 1554.Pa /etc/wscons.conf . 1555.It Sy wsmoused 1556Boolean value. 1557Runs 1558.Xr wsmoused 8 , 1559to provide copy and paste text support in wscons displays. 1560Passes 1561.Sy wsmoused_flags . 1562.El 1563.Sh FILES 1564.Bl -tag -width /etc/defaults/rc.conf -compact 1565.It Pa /etc/rc.conf 1566The file 1567.Nm 1568resides in 1569.Pa /etc . 1570.It Pa /etc/defaults/rc.conf 1571Default settings for 1572.Nm , 1573sourced by 1574.Nm 1575before the end-user configuration section. 1576.It Pa /etc/rc.conf.d/ Ns Ar foo 1577.Ar foo Ns No -specific 1578.Nm 1579overrides. 1580.El 1581.Sh SEE ALSO 1582.Xr boot 8 , 1583.Xr rc 8 , 1584.Xr rc.d 8 , 1585.Xr rc.subr 8 , 1586.Xr rcorder 8 1587.Sh HISTORY 1588The 1589.Nm 1590file appeared in 1591.Nx 1.3 . 1592