1.\" $NetBSD: rc.conf.5,v 1.187 2020/09/11 12:20:01 wiz Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd September 11, 2020 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Ql YES , 127.Ql TRUE , 128.Ql ON 129or 130.Ql 1 131for true, and 132.Ql NO , 133.Ql FALSE , 134.Ql OFF 135or 136.Ql 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with 141.Dq _flags 142appended, and determine what 143arguments are passed to the program if it is enabled. 144.Pp 145If a variable that 146.Xr rc 8 147expects to be set is not set, or the value is not one of the allowed 148values, a warning will be printed. 149.Ss Overall control 150.Bl -tag -width net_interfaces 151.It Sy do_rcshutdown 152Boolean value. 153If false, 154.Xr shutdown 8 155will not run 156.Pa /etc/rc.shutdown . 157.It Sy rcshutdown_rcorder_flags 158A string. 159Extra arguments to the 160.Xr rcorder 8 161run by 162.Pa /etc/rc.shutdown . 163.It Sy rcshutdown_timeout 164A number. 165If non-blank, use this as the number of seconds to run a watchdog timer for 166which will terminate 167.Pa /etc/rc.shutdown 168if the timer expires before the shutdown script completes. 169.It Sy rc_configured 170Boolean value. 171If false then the system will drop into single-user mode during boot. 172.It Sy rc_fast_and_loose 173If set to a non-empty string, 174each script in 175.Pa /etc/rc.d 176will be executed in the current shell rather than a sub shell. 177This may be faster on slow machines that have an expensive 178.Xr fork 2 179operation. 180.Bl -hang 181.It Em Note : 182Use this at your own risk! 183A rogue command or script may inadvertently prevent boot to multiuser. 184.El 185.It Sy rc_rcorder_flags 186A string. 187Extra arguments to the 188.Xr rcorder 8 189run by 190.Pa /etc/rc . 191.It Sy rc_directories 192A string. 193Space separated list of directories searched for rc scripts. 194The default is 195.Pa /etc/rc.d . 196All directories in 197.Ev rc_directories 198must be located in the root file system, otherwise they will be silently 199skipped. 200.It Sy rc_silent 201Boolean value. 202If true then the usual output is suppressed, and 203.Xr rc 8 204invokes the command specified in the 205.Va rc_silent_cmd 206variable once for each line of suppressed output. 207The default value of 208.Va rc_silent 209is set from the 210.Dv AB_SILENT 211flag in the kernel's 212.Va boothowto 213variable (see 214.Xr boot 8 , 215.Xr reboot 2 ) . 216.It Sy rc_silent_cmd 217A command to be executed once per line of suppressed output, when 218.Va rc_silent 219is true. 220The default value of 221.Va rc_silent_cmd 222is 223.Ql twiddle , 224which will display a spinning symbol instead of each line of output. 225Another useful value is 226.Ql \&: , 227which will display nothing at all. 228.El 229.Ss Basic network configuration 230.Bl -tag -width net_interfaces 231.It Sy defaultroute 232A string. 233Default IPv4 network route. 234If empty or not set, then the contents of 235.Pa /etc/mygate 236(if it exists) are used. 237.It Sy defaultroute6 238A string. 239Default IPv6 network route. 240If empty or not set, then the contents of 241.Pa /etc/mygate6 242(if it exists) are used. 243.It Sy domainname 244A string. 245NIS (YP) domain of host. 246If empty or not set, then the contents of 247.Pa /etc/defaultdomain 248(if it exists) are used. 249.It Sy force_down_interfaces 250A space separated list of interface names. 251These interfaces will be configured down when going from multiuser to single-user 252mode or on system shutdown. 253.It Sy dns_domain 254A string. 255Sets domain in 256.Pa /etc/resolv.conf . 257.It Sy dns_search 258A string. 259Sets search in 260.Pa /etc/resolv.conf . 261.It Sy dns_nameservers 262A string of space separated domain name servers. 263Sets nameserver for each value in 264.Pa /etc/resolv.conf . 265.It Sy dns_sortlist 266A string. 267Sets sortlist in 268.Pa /etc/resolv.conf . 269.It Sy dns_options 270A string. 271Sets options in 272.Pa /etc/resolv.conf . 273.It Sy dns_metric 274An unsigned integer. 275Sets the priority of the above DNS to other sources, lowest wins. 276Defaults to 0. 277.Pp 278This is important for some stateful interfaces, for example PPPoE interfaces 279which have no direct means of noticing 280.Dq disconnect 281events. 282.Pp 283All active 284.Xr pppoe 4 285interfaces will be automatically added to this list. 286.It Sy hostname 287A string. 288Name of host. 289If empty or not set, then the contents of 290.Pa /etc/myname 291(if it exists) are used. 292.El 293.Ss Boottime file-system and swap configuration 294.Bl -tag -width net_interfaces 295.It Sy critical_filesystems_local 296A string. 297File systems mounted very early in the system boot before networking 298services are available. 299Usually 300.Pa /var 301is part of this, because it is needed by services such as 302.Xr dhcpcd 8 303which may be required to get the network operational. 304The default is 305.Ql "OPTIONAL:" Ns Pa /var , 306where the 307.Ql "OPTIONAL:" 308prefix means that it's not an error if the file system is not 309present in 310.Xr fstab 5 . 311.It Sy critical_filesystems_remote 312A string. 313File systems such as 314.Pa /usr 315that may require network services to be available to mount, 316that must be available early in the system boot for general services to use. 317The default is 318.Ql "OPTIONAL:" Ns Pa /usr , 319where the 320.Ql "OPTIONAL:" 321prefix means that it is not an error if the file system is not 322present in 323.Xr fstab 5 . 324.It Sy fsck_flags 325A string. 326A file system is checked with 327.Xr fsck 8 328during boot before mounting it. 329This option may be used to override the default command-line options 330passed to the 331.Xr fsck 8 332program. 333.Pp 334When set to 335.Fl y , 336.Xr fsck 8 337assumes yes as the answer to all operator questions during file system checks. 338This might be important with hosts where the administrator does not have 339access to the console and an unsuccessful shutdown must not make the host 340unbootable even if the file system checks would fail in preen mode. 341.It Sy modules 342Boolean value. 343If true, loads the modules specified in 344.Xr modules.conf 5 . 345.It Sy no_swap 346Boolean value. 347Should be true if you have deliberately configured your system with no swap. 348If false and no swap devices are configured, the system will warn you. 349.It Sy resize_root 350Boolean value. 351Set to true to have the system resize the root file system to fill its 352partition. 353Will only attempt to resize the root file system if it is of type ffs and does 354not have logging enabled. 355Defaults to false. 356.It Sy swapoff 357Boolean value. 358Remove block-type swap devices at shutdown time. 359Useful if swapping onto RAIDframe devices. 360.It Sy swapoff_umount 361.Dq "auto" 362or 363.Dq "manual" . 364Before removing block-type swap devices, it is wise to unmount tmpfs filesystems to avoid having to swap their contents back into RAM. 365By default 366.Dq ( "auto" ) 367all tmpfs filesystems that contain no device nodes are unmounted. 368Set to 369.Dq "manual" 370to explicitly specify which filesystems to unmount before removing swap. 371.It Sy swapoff_umount_fs 372A space-separated list of absolute paths to tmpfs mount points. 373If 374.Sy swapoff_umount 375is set to 376.Dq "manual" , 377these tmpfs filesystems will be forcibly unmounted before removing block-type 378swap devices. 379.It Sy var_shm_symlink 380A path. 381If set, names a path that 382.Pa /var/shm 383will be symlinked to. 384.Pp 385The path needs to live on a tmpfs file system. 386A typical value (assuming 387.Pa /tmp 388is mounted on tmpfs) would be 389.Pa /tmp/.shm . 390.El 391.Ss Block device subsystems 392.Bl -tag -width net_interfaces 393.It Sy ccd 394Boolean value. 395Configures concatenated disk devices according to 396.Xr ccd.conf 5 . 397.It Sy cgd 398Boolean value. 399Configures cryptographic disk devices. 400Requires 401.Pa /etc/cgd/cgd.conf . 402See 403.Xr cgdconfig 8 404for additional details. 405.It Sy lvm 406Boolean value. 407Configures the logical volume manager. 408See 409.Xr lvm 8 410for additional details. 411.It Sy raidframe 412Boolean value. 413Configures 414.Xr raid 4 , 415RAIDframe disk devices. 416See 417.Xr raidctl 8 418for additional details. 419.El 420.Ss One-time actions to perform or programs to run on boot-up 421.Bl -tag -width net_interfaces 422.It Sy accounting 423Boolean value. 424Enables process accounting with 425.Xr accton 8 . 426Requires 427.Pa /var/account/acct 428to exist. 429.It Sy clear_tmp 430Boolean value. 431Clear 432.Pa /tmp 433after reboot. 434.It Sy dmesg 435Boolean value. 436Create 437.Pa /var/run/dmesg.boot 438from the output of 439.Xr dmesg 8 . 440Passes 441.Sy dmesg_flags . 442.It Sy envsys 443Boolean value. 444Sets preferences for the environmental systems framework, 445.Xr envsys 4 . 446Requires 447.Pa /etc/envsys.conf , 448which is described in 449.Xr envsys.conf 5 . 450.It Sy gpio 451Boolean value. 452Configure 453.Xr gpio 4 454devices. 455See 456.Xr gpio.conf 5 . 457.It Sy ldconfig 458Boolean value. 459Configures 460.Xr a.out 5 461runtime link editor directory cache. 462.It Sy mixerctl 463Boolean value. 464Read 465.Xr mixerctl.conf 5 466for how to set mixer values. 467List in 468.Sy mixerctl_mixers 469the devices whose settings are to be saved at shutdown and 470restored at start-up. 471.It Sy newsyslog 472Boolean value. 473Run 474.Nm newsyslog 475to trim log files before syslogd starts. 476Intended for laptop users. 477Passes 478.Sy newsyslog_flags . 479.It Sy per_user_tmp 480Boolean value. 481Enables a per-user 482.Pa /tmp 483directory. 484.Sy per_user_tmp_dir 485can be used to override the default location of the 486.Dq real 487temporary directories, 488.Pa /private/tmp . 489See 490.Xr security 7 491for additional details. 492.It Sy quota 493Boolean value. 494Checks and enables quotas by running 495.Xr quotacheck 8 496and 497.Xr quotaon 8 . 498.It Sy random_seed 499Boolean value. 500During boot-up, runs the 501.Xr rndctl 8 502utility with the 503.Fl L 504flag to seed the random number subsystem from an entropy file. 505During shutdown, runs the 506.Xr rndctl 8 507utility with the 508.Fl S 509flag to save some random information to the entropy file. 510The entropy file name is specified by the 511.Sy random_file 512variable, and defaults to 513.Pa /var/db/entropy-file . 514The entropy file must be on a local file system that is writable early during 515boot-up (just after the file systems specified in 516.Sy critical_filesystems_local 517have been mounted), and correspondingly late during shutdown. 518.It Sy rndctl 519Boolean value. 520Runs the 521.Xr rndctl 8 522utility one or more times according to the specification in 523.Sy rndctl_flags . 524.Pp 525If 526.Sy rndctl_flags 527does not contain a semicolon 528.Pq Ql \&; 529then it is expected to contain zero or more flags, 530followed by one or more device or type names. 531The 532.Xr rndctl 8 533command will be executed once for each device or type name. 534If the specified flags do not include any of 535.Fl c , C , e , 536or 537.Fl E , 538then the flags 539.Fl c 540and 541.Fl e 542are added, to specify that entropy from the relevant device or type 543should be both collected and estimated. 544If the specified flags do not include either of 545.Fl d 546or 547.Fl t , 548then the flag 549.Fl d 550is added, to specify that the non-flag arguments are device names, 551not type names. 552.Pp 553.Sy rndctl_flags 554may contain multiple semicolon-separated segments, in which each 555segment contains flags and device or type names as described above. 556This allows different flags to be associated with different 557device or type names. 558For example, given 559.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 560the following commands will be executed: 561.Li "rndctl -c -e -d wd0" ; 562.Li "rndctl -c -e -d wd1" ; 563.Li "rndctl -c -e -t tty" ; 564.Li "rndctl -c -t net" . 565.It Sy rtclocaltime 566Boolean value. 567Sets the real time clock to local time by adjusting the 568.Xr sysctl 7 569value of 570.Pa kern.rtc_offset . 571The offset from UTC is calculated automatically according 572to the time zone information in the file 573.Pa /etc/localtime . 574.It Sy savecore 575Boolean value. 576Runs the 577.Xr savecore 8 578utility. 579Passes 580.Sy savecore_flags . 581The directory where crash dumps are stored is specified by 582.Sy savecore_dir . 583The default setting is 584.Pa /var/crash . 585.It Sy sysdb 586Boolean value. 587Builds various system databases, including 588.Pa /var/run/dev.cdb , 589.Pa /etc/spwd.db , 590.Pa /var/db/netgroup.db , 591.Pa /var/db/services.cdb , 592and entries for 593.Xr utmp 5 . 594.It Sy tpctl 595Boolean value. 596Run 597.Xr tpctl 8 598to calibrate touch panel device. 599Passes 600.Sy tpctl_flags . 601.It Sy update_motd 602Boolean value. 603Updates the 604.Nx 605version string in the 606.Pa /etc/motd 607file to reflect the version of the running kernel. 608See 609.Xr motd 5 . 610.It Sy update_motd_release 611Boolean value. 612If enabled in addition to 613.Sy update_motd , 614updates a second 615.Nx 616version string in the 617.Pa /etc/motd 618file to reflect the version, architecture, and Build ID of 619the installed userland. 620An optional prefix can be provided for this version string in 621.Sy motd_release_tag . 622.It Sy virecover 623Boolean value. 624Send notification mail to users if any recoverable files exist in 625.Pa /var/tmp/vi.recover . 626Read 627.Xr virecover 8 628for more information. 629.It Sy wdogctl 630Boolean value. 631Configures watchdog timers. 632Passes 633.Sy wdogctl_flags . 634Refer to 635.Xr wdogctl 8 636for information on how to configure a timer. 637.El 638.Ss System security settings 639.Bl -tag -width net_interfaces 640.It Sy securelevel 641A number. 642The system securelevel is set to the specified value early 643in the boot process, before any external logins, or other programs 644that run users job, are started. 645If set to nothing, the default action is taken, as described in 646.Xr init 8 647and 648.Xr secmodel_securelevel 9 , 649which contains definitive information about the system securelevel. 650Note that setting 651.Sy securelevel 652to 0 in 653.Nm 654will actually result in the system booting with securelevel set to 1, as 655.Xr init 8 656will raise the level when 657.Xr rc 8 658completes. 659.It Sy permit_nonalpha 660Boolean value. 661Allow passwords to include non-alpha characters, usually to allow 662NIS/YP netgroups. 663.It Sy veriexec 664Boolean value. 665Load Veriexec fingerprints during startup. 666Read 667.Xr veriexecctl 8 668for more information. 669.It Sy veriexec_strict 670A number. 671Controls the strict level of Veriexec. 672Level 0 is learning mode, used when building the signatures file. 673It will only output messages but will not enforce anything. 674Level 1 will only prevent access to files with a fingerprint 675mismatch. 676Level 2 will also deny writing to and removing of 677monitored files, as well as enforce access type (as specified in 678the signatures file). 679Level 3 will take a step further and prevent 680access to files that are not monitored. 681.It Sy veriexec_verbose 682A number. 683Controls the verbosity of Veriexec. 684Recommended operation is at level 0, verbose output (mostly used when 685building the signatures file) is at level 1. 686Level 2 is for debugging only and should not be used. 687.It Sy veriexec_flags 688A string. 689Flags to pass to the 690.Nm veriexecctl 691command. 692.It Sy smtoff 693Boolean value. 694Disables SMT (Simultaneous Multi-Threading). 695.El 696.Ss Networking startup 697.Bl -tag -width net_interfaces 698.It Sy altqd 699Boolean value. 700ALTQ configuration/monitoring daemon. 701Passes 702.Sy altqd_flags . 703.It Sy auto_ifconfig 704Boolean value. 705Sets the 706.Sy net_interfaces 707variable (see below) to the output of 708.Xr ifconfig 8 709with the 710.Fl l 711flag and suppresses warnings about interfaces in this list that 712do not have an ifconfig file or variable. 713.It Sy blocklistd 714Boolean value. 715Runs 716.Xr blocklistd 8 717to dynamically block hosts on a DoS according to configuration set in 718.Xr blocklistd.conf 5 719Passes 720.Sy blocklistd_flags . 721.It Sy dhcpcd 722Boolean value. 723Set true to configure some or all network interfaces using dhcpcd. 724If you set 725.Sy dhcpcd 726true, then 727.Pa /var 728must be in 729.Sy critical_filesystems_local , 730or 731.Pa /var 732must be on the root file system. 733If you need to restrict dhcpcd to one or a number of interfaces, 734or need a separate configuration per interface, 735then this should be done in the configuration file - see 736.Xr dhcpcd.conf 5 737for details. 738dhcpcd presently ignores the 739.Sy wpa_supplicant 740variable in rc.conf and will start wpa_supplicant if a suitable 741wpa_supplicant.conf is found unless otherwise instructed in 742.Xr dhcpcd.conf 5 . 743.It Sy dhcpcd_flags 744Passes 745.Sy dhcpcd_flags 746to dhcpcd. 747See 748.Xr dhcpcd 8 749for complete documentation. 750.It Sy flushroutes 751Boolean value. 752Flushes the route table on networking startup. 753Useful when coming up to multiuser mode after going down to 754single-user mode. 755.It Sy ftp_proxy 756Boolean value. 757Runs 758.Xr ftp-proxy 8 , 759the proxy daemon for the Internet File Transfer Protocol. 760.It Sy hostapd 761Boolean value. 762Runs 763.Xr hostapd 8 , 764the authenticator for IEEE 802.11 networks. 765.It Sy ifaliases_* 766A string. 767List of 768.Sq Em "address netmask" 769pairs to configure additional network addresses for the given 770configured interface 771(e.g. 772.Sy ifaliases_le0 ) . 773If 774.Em netmask 775is 776.Ql - , 777then use the default netmask for the interface. 778.Pp 779.Sy ifaliases_* 780covers limited cases only and is considered unrecommended. 781We recommend using 782.Sy ifconfig_xxN 783variables or 784.Pa /etc/ifconfig. Ns Ar xxN 785files with multiple lines instead. 786.It Sy ifwatchd 787Boolean value. 788Monitor dynamic interfaces and perform actions upon address changes. 789Passes 790.Sy ifwatchd_flags . 791.It Sy ip6addrctl 792Boolean value. 793Fine grain control of address and routing priorities. 794.It Sy ip6addrctl_policy 795A string. 796Can be: 797.Bl -tag -width "Ql auto" -compact 798.It Ql auto 799automatically determine from system settings; will read priorities from 800.Pa /etc/ip6addrctl.conf 801or if that file does not exist it will default to IPv6 first, then IPv4. 802.It Ql ipv4_prefer 803try IPv4 before IPv6. 804.It Ql ipv6_prefer 805try IPv6 before IPv4. 806.El 807.It Sy ip6addrctl_verbose 808Boolean value. 809If set, print the resulting prefixes and priorities map. 810.It Sy ip6mode 811A string. 812An IPv6 node can be a router 813.Pq nodes that forward packet for others 814or a host 815.Pq nodes that do not forward . 816A host can be autoconfigured 817based on the information advertised by adjacent IPv6 routers. 818By setting 819.Sy ip6mode 820to 821.Ql router , 822.Ql host , 823or 824.Ql autohost , 825you can configure your node as a router, 826a non-autoconfigured host, or an autoconfigured host. 827Invalid values will be ignored, and the node will be configured as 828a non-autoconfigured host. 829.It Sy ip6uniquelocal 830Boolean value. 831If 832.Sy ip6mode 833is equal to 834.Ql router , 835and 836.Sy ip6uniquelocal 837is false, 838a reject route will be installed on boot to avoid misconfiguration relating 839to unique-local addresses. 840If 841.Sy ip6uniquelocal 842is true, the reject route won't be installed. 843.It Sy ipfilter 844Boolean value. 845Runs 846.Xr ipf 8 847to load in packet filter specifications from 848.Pa /etc/ipf.conf 849at network boot time, before any interfaces are configured. 850Passes 851.Sy ipfilter_flags . 852See 853.Xr ipf.conf 5 . 854.It Sy ipfs 855Boolean value. 856Runs 857.Xr ipfs 8 858to save and restore information for ipnat and ipfilter state tables. 859The information is stored in 860.Pa /var/db/ipf/ipstate.ipf 861and 862.Pa /var/db/ipf/ipnat.ipf . 863Passes 864.Sy ipfs_flags . 865.It Sy ipmon 866Boolean value. 867Runs 868.Xr ipmon 8 869to read 870.Xr ipf 8 871packet log information and log it to a file or the system log. 872Passes 873.Sy ipmon_flags . 874.It Sy ipmon_flags 875A string. 876Specifies arguments to supply to 877.Xr ipmon 8 . 878Defaults to 879.Ql -ns . 880A typical example would be 881.Ql "-nD /var/log/ipflog" 882to have 883.Xr ipmon 8 884log directly to a file bypassing 885.Xr syslogd 8 . 886If the 887.Fl D 888argument is used, remember to modify 889.Pa /etc/newsyslog.conf 890accordingly; for example: 891.Pp 892.Dl /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 893.It Sy ipnat 894Boolean value. 895Runs 896.Xr ipnat 8 897to load in the IP network address translation (NAT) rules from 898.Pa /etc/ipnat.conf 899at network boot time, before any interfaces are configured. 900See 901.Xr ipnat.conf 5 . 902.It Sy ipsec 903Boolean value. 904Runs 905.Xr setkey 8 906to load in IPsec manual keys and policies from 907.Pa /etc/ipsec.conf 908at network boot time, before any interfaces are configured. 909.It Sy npf 910Boolean value. 911Loads 912.Xr npf.conf 5 913at network boot time, and starts 914.Xr npf 7 . 915.It Sy npfd 916Boolean value. 917Runs 918.Xr npfd 8 , 919the NPF packet filter logging and state synchronization daemon. 920Passes 921.Sy npfd_flags . 922.It Sy net_interfaces 923A string. 924The list of network interfaces to be configured at boot time. 925For each interface "xxN", the system first looks for ifconfig 926parameters in the variable 927.Sy ifconfig_xxN , 928and then in the file 929.Pa /etc/ifconfig.xxN . 930If 931.Sy auto_ifconfig 932is false, and neither the variable nor the file is found, 933a warning is printed. 934Information in either the variable or the file is parsed identically, 935except that, if an 936.Sy ifconfig_xxN 937variable contains a single line with embedded semicolons, 938then the value is split into multiple lines prior to further parsing, 939treating the semicolon as a line separator. 940.Pp 941One common case it to set the 942.Sy ifconfig_xxN 943variable to a set of arguments to be passed to an 944.Xr ifconfig 8 945command after the interface name. 946Refer to 947.Xr ifconfig.if 5 948for more details on 949.Pa /etc/ifconfig.xxN 950files, and note that the information there also applies to 951.Sy ifconfig_xxN 952variables (after the variables are split into lines). 953.It Sy ntpdate 954Boolean value. 955Runs 956.Xr ntpdate 8 957to set the system time from one of the hosts in 958.Sy ntpdate_hosts . 959If 960.Sy ntpdate_hosts 961is empty, it will attempt to find a list of hosts in 962.Pa /etc/ntp.conf . 963Passes 964.Sy ntpdate_flags . 965.It Sy pf 966Boolean value. 967Enable 968.Xr pf 4 969at network boot time: 970Load the initial configuration 971.Xr pf.boot.conf 5 972before the network is up. 973After the network has been configured, then load the final rule set 974.Xr pf.conf 5 . 975.It Sy pf_rules 976A string. 977The path of the 978.Xr pf.conf 5 979rule set that will be used when loading the final rule set. 980.It Sy pflogd 981Boolean value. 982Run 983.Xr pflogd 8 984for dumping packet filter logging information to a file. 985.It Sy ppp 986A boolean. 987Toggles starting 988.Xr pppd 8 989on startup. 990See 991.Sy ppp_peers 992below. 993.It Sy ppp_peers 994A string. 995If 996.Sy ppp 997is true and 998.Sy ppp_peers 999is not empty, then 1000.Pa /etc/rc.d/ppp 1001will check each word in 1002.Sy ppp_peers 1003for a corresponding ppp configuration file in 1004.Pa /etc/ppp/peers 1005and will call 1006.Xr pppd 8 1007with the 1008.Dq Ic call Va peer 1009option. 1010.It Sy racoon 1011Boolean value. 1012Runs 1013.Xr racoon 8 , 1014the IKE (ISAKMP/Oakley) key management daemon. 1015.It Sy wpa_supplicant 1016Boolean value. 1017Run 1018.Xr wpa_supplicant 8 , 1019WPA/802.11i Supplicant for wireless network devices. 1020If you set 1021.Sy wpa_supplicant 1022true, then 1023.Pa /usr 1024must be in 1025.Sy critical_filesystems_local , 1026or 1027.Pa /usr 1028must be on the root file system. 1029dhcpcd ignores this variable, see the 1030.Sy dhcpcd 1031variable for details. 1032.El 1033.Ss Daemons required by other daemons 1034.Bl -tag -width net_interfaces 1035.It Sy inetd 1036Boolean value. 1037Runs the 1038.Xr inetd 8 1039daemon to start network server processes (as listed in 1040.Pa /etc/inetd.conf ) 1041as necessary. 1042Passes 1043.Sy inetd_flags . 1044The 1045.Fl l 1046flag turns on libwrap connection logging. 1047.It Sy rpcbind 1048Boolean value. 1049The 1050.Xr rpcbind 8 1051daemon is required for any 1052.Xr rpc 3 1053services. 1054These include NFS, NIS, 1055.Xr rpc.bootparamd 8 , 1056.Xr rpc.rstatd 8 , 1057.Xr rpc.rusersd 8 , 1058and 1059.Xr rpc.rwalld 8 . 1060Passes 1061.Sy rpcbind_flags . 1062.El 1063.Ss Commonly used daemons 1064.Bl -tag -width net_interfaces 1065.It Sy cron 1066Boolean value. 1067Run 1068.Xr cron 8 . 1069.It Sy ftpd 1070Boolean value. 1071Runs the 1072.Xr ftpd 8 1073daemon and passes 1074.Sy ftpd_flags . 1075.It Sy httpd 1076Boolean value. 1077Runs the 1078.Xr httpd 8 1079daemon and passes 1080.Sy httpd_flags . 1081.It Sy httpd_wwwdir 1082A string. 1083The 1084.Xr httpd 8 1085WWW root directory. 1086Used only if 1087.Sy httpd 1088is true. 1089The default setting is 1090.Pa /var/www . 1091.It Sy httpd_wwwuser 1092A string. 1093If non-blank and 1094.Sy httpd 1095is true, run 1096.Xr httpd 8 1097and cause it to switch to the specified user after initialization. 1098It is preferred to 1099.Sy httpd_user 1100because 1101.Xr httpd 8 1102is requiring extra privileges to start listening on default port 80. 1103The default setting is 1104.Ql _httpd . 1105.It Sy lpd 1106Boolean value. 1107Runs 1108.Xr lpd 8 1109and passes 1110.Sy lpd_flags . 1111The 1112.Fl l 1113flag will turn on extra logging. 1114.It Sy mdnsd 1115Boolean value. 1116Runs 1117.Xr mdnsd 8 . 1118.It Sy named 1119Boolean value. 1120Runs 1121.Xr named 8 1122and passes 1123.Sy named_flags . 1124.It Sy named_chrootdir 1125A string. 1126If non-blank and 1127.Sy named 1128is true, run 1129.Xr named 8 1130as the unprivileged user and group 1131.Sq named , 1132.Xr chroot 2 Ns ed 1133to 1134.Sy named_chrootdir . 1135.Li \&${named_chrootdir} Ns Pa /var/run/log 1136will be added to the list of log sockets that 1137.Xr syslogd 8 1138listens to. 1139.It Sy ntpd 1140Boolean value. 1141Runs 1142.Xr ntpd 8 1143and passes 1144.Sy ntpd_flags . 1145.It Sy ntpd_chrootdir 1146A string. 1147If non-blank and 1148.Sy ntpd 1149is true, run 1150.Xr ntpd 8 1151as the unprivileged user and group 1152.Sq ntpd , 1153.Xr chroot 2 Ns ed 1154to 1155.Sy ntpd_chrootdir . 1156.Li \&${ntpd_chrootdir} Ns Pa /var/run/log 1157will be added to the list of log sockets that 1158.Xr syslogd 8 1159listens to. 1160This option requires that the kernel has 1161.D1 Cd pseudo-device clockctl 1162compiled in, and that 1163.Pa /dev/clockctl 1164is present. 1165.It Sy postfix 1166Boolean value. 1167Starts 1168.Xr postfix 1 1169mail system. 1170.It Sy sshd 1171Boolean value. 1172Runs 1173.Xr sshd 8 1174and passes 1175.Sy sshd_flags . 1176.It Sy syslogd 1177Boolean value. 1178Runs 1179.Xr syslogd 8 1180and passes 1181.Sy syslogd_flags . 1182.It Sy timed 1183Boolean value. 1184Runs 1185.Xr timed 8 1186and passes 1187.Sy timed_flags . 1188The 1189.Fl M 1190option allows 1191.Xr timed 8 1192to be a master time source as well as a slave. 1193If you are also running 1194.Xr ntpd 8 , 1195only one machine running both should have the 1196.Fl M 1197flag given to 1198.Xr timed 8 . 1199.It Sy unbound 1200Boolean value. 1201Runs 1202.Xr unbound 8 . 1203.It Sy unbound_chrootdir 1204A string. 1205If non-blank and 1206.Sy unbound 1207is true, run 1208.Xr unbound 8 1209.Xr chroot 2 Ns ed 1210to 1211.Sy unbound_chrootdir . 1212.El 1213.Ss Routing daemons 1214.Bl -tag -width net_interfaces 1215.It Sy mrouted 1216Boolean value. 1217Runs 1218.Xr mrouted 8 , 1219the DVMRP multicast routing protocol daemon. 1220Passes 1221.Sy mrouted_flags . 1222.It Sy route6d 1223Boolean value. 1224Runs 1225.Xr route6d 8 , 1226the RIPng routing protocol daemon for IPv6. 1227Passes 1228.Sy route6d_flags . 1229.It Sy routed 1230Boolean value. 1231Runs 1232.Xr routed 8 , 1233the RIP routing protocol daemon. 1234Passes 1235.Sy routed_flags . 1236.\" This should be false 1237.\" if 1238.\" .Sy gated 1239.\" is true. 1240.El 1241.Ss Daemons used to boot other hosts over a network 1242.Bl -tag -width net_interfaces 1243.It Sy bootparamd 1244Boolean value. 1245Runs 1246.Xr bootparamd 8 , 1247the boot parameter server, with 1248.Sy bootparamd_flags 1249as options. 1250Used to boot 1251.Nx 1252and SunOS 4.x systems. 1253.It Sy dhcpd 1254Boolean value. 1255Runs 1256.Xr dhcpd 8 , 1257the Dynamic Host Configuration Protocol (DHCP) daemon, 1258for assigning IP addresses to hosts and passing boot information. 1259Passes 1260.Sy dhcpd_flags . 1261.It Sy dhcrelay 1262Boolean value. 1263Runs 1264.Xr dhcrelay 8 . 1265Passes 1266.Sy dhcrelay_flags . 1267.It Sy mopd 1268Boolean value. 1269Runs 1270.Xr mopd 8 , 1271the DEC MOP protocol daemon; used for booting VAX and other DEC 1272machines. 1273Passes 1274.Sy mopd_flags . 1275.It Sy ndbootd 1276Boolean value. 1277Runs 1278.Xr ndbootd 8 , 1279the Sun Network Disk (ND) Protocol server. 1280Passes 1281.Sy ndbootd_flags . 1282.It Sy rarpd 1283Boolean value. 1284Runs 1285.Xr rarpd 8 , 1286the reverse ARP daemon, often used to boot 1287.Nx 1288and Sun workstations. 1289Passes 1290.Sy rarpd_flags . 1291.It Sy rbootd 1292Boolean value. 1293Runs 1294.Xr rbootd 8 , 1295the HP boot protocol daemon; used for booting HP workstations. 1296Passes 1297.Sy rbootd_flags . 1298.It Sy rtadvd 1299Boolean value. 1300Runs 1301.Xr rtadvd 8 , 1302the IPv6 router advertisement daemon, which is used to advertise 1303information about the subnet to IPv6 end hosts. 1304Passes 1305.Sy rtadvd_flags . 1306This is only for IPv6 routers, so set 1307.Sy ip6mode 1308to 1309.Ql router 1310if you use it. 1311.El 1312.Ss X Window System daemons 1313.Bl -tag -width net_interfaces 1314.It Sy xdm 1315Boolean value. 1316Runs the 1317.Xr xdm 1 1318X display manager. 1319These X daemons are available only with the optional X distribution of 1320.Nx . 1321.It Sy xfs 1322Boolean value. 1323Runs the 1324.Xr xfs 1 1325X11 font server, which supplies local X font files to X terminals. 1326.El 1327.Ss NIS (YP) daemons 1328.Bl -tag -width net_interfaces 1329.It Sy ypbind 1330Boolean value. 1331Runs 1332.Xr ypbind 8 , 1333which lets NIS (YP) clients use information from a NIS server. 1334Passes 1335.Sy ypbind_flags . 1336.It Sy yppasswdd 1337Boolean value. 1338Runs 1339.Xr yppasswdd 8 , 1340which allows remote NIS users to update password on master server. 1341Passes 1342.Sy yppasswdd_flags . 1343.It Sy ypserv 1344Boolean value. 1345Runs 1346.Xr ypserv 8 , 1347the NIS (YP) server for distributing information from certain files 1348in 1349.Pa /etc . 1350Passes 1351.Sy ypserv_flags . 1352The 1353.Fl d 1354flag causes it to use DNS for lookups in 1355.Pa /etc/hosts 1356that fail. 1357.El 1358.Ss NFS daemons and parameters 1359.Bl -tag -width net_interfaces 1360.It Sy amd 1361Boolean value. 1362Runs 1363.Xr amd 8 , 1364the automounter daemon, which automatically mounts NFS file systems 1365whenever a file or directory within that file system is accessed. 1366Passes 1367.Sy amd_flags . 1368.It Sy amd_dir 1369A string. 1370The 1371.Xr amd 8 1372mount directory. 1373Used only if 1374.Sy amd 1375is true. 1376.It Sy lockd 1377Boolean value. 1378Runs 1379.Xr rpc.lockd 8 1380if 1381.Sy nfs_server 1382and/or 1383.Sy nfs_client 1384are true. 1385Passes 1386.Sy lockd_flags . 1387.It Sy mountd 1388Boolean value. 1389Runs 1390.Xr mountd 8 1391and passes 1392.Sy mountd_flags . 1393.It Sy nfs_client 1394Boolean value. 1395The number of local NFS asynchronous I/O server is now controlled via 1396.Xr sysctl 8 . 1397.It Sy nfs_server 1398Boolean value. 1399Sets up a host to be a NFS server by running 1400.Xr nfsd 8 1401and passing 1402.Sy nfsd_flags . 1403.It Sy statd 1404Boolean value. 1405Runs 1406.Xr rpc.statd 8 , 1407a status monitoring daemon used when 1408.Xr rpc.lockd 8 1409is running, if 1410.Sy nfs_server 1411and/or 1412.Sy nfs_client 1413are true. 1414Passes 1415.Sy statd_flags . 1416.El 1417.Ss Bluetooth support 1418.Bl -tag -width net_interfaces 1419.It Sy bluetooth 1420Boolean value. 1421Configure Bluetooth support, comprising the following tasks: 1422.Bl -dash -compact 1423.It 1424attach serial Bluetooth controllers as listed in the 1425.Pa /etc/bluetooth/btattach.conf 1426configuration file. 1427.It 1428enable Bluetooth controllers with useful defaults, plus 1429additional options as detailed below. 1430.It 1431optionally, start 1432.Xr bthcid 8 , 1433the Bluetooth Link Key/PIN Code manager, passing 1434.Sy bthcid_flags . 1435.It 1436configure local Bluetooth drivers as listed in the 1437.Pa /etc/bluetooth/btdevctl.conf 1438configuration file. 1439.It 1440optionally, start 1441.Xr sdpd 8 , 1442the Service Discovery server, passing 1443.Sy sdpd_flags . 1444.El 1445.It Sy btconfig_devices 1446A string. 1447An optional list of Bluetooth controllers to configure. 1448.It Sy btconfig_{dev} 1449A string. 1450Additional configuration options for specific Bluetooth controllers. 1451.It Sy btconfig_args 1452A string. 1453Additional configuration options for Bluetooth controllers without 1454specific options as above. 1455.It Sy bthcid 1456Boolean value. 1457If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1458.It Sy sdpd 1459Boolean value. 1460If set to false, disable starting the Bluetooth Service Discovery server. 1461.El 1462.Ss Other daemons 1463.Bl -tag -width net_interfaces 1464.It Sy identd 1465Boolean value. 1466Runs 1467.Xr identd 8 , 1468the daemon for the user identification protocol. 1469Passes 1470.Sy identd_flags . 1471.It Sy iscsi_target 1472Boolean value. 1473Runs the server for iSCSI requests, 1474.Xr iscsi-target 8 . 1475Passes 1476.Sy iscsi_target_flags . 1477.It Sy kdc 1478Boolean value. 1479Runs the 1480.Xr kdc 8 1481Kerberos v4 and v5 server. 1482This should be run on Kerberos master and slave servers. 1483.It Sy rwhod 1484Boolean value. 1485Runs 1486.Xr rwhod 8 1487to support the 1488.Xr rwho 1 1489and 1490.Xr ruptime 1 1491commands. 1492.It Sy autofs 1493Boolean value. 1494If set to 1495.Ql YES , 1496start the 1497.Xr automount 8 1498utility and the 1499.Xr automountd 8 1500and 1501.Xr autounmountd 8 1502daemons at boot time. 1503.It Sy automount_flags 1504A string. 1505If 1506.Sy autofs 1507is set to 1508.Ql YES , 1509these are the flags to pass to the 1510.Xr automount 8 1511program. 1512By default no flags are passed. 1513.It Sy automountd_flags 1514A string. 1515If 1516.Sy autofs 1517is set to 1518.Ql YES , 1519these are the flags to pass to the 1520.Xr automountd 8 1521daemon. 1522By default no flags are passed. 1523.It Sy autounmountd_flags 1524A string. 1525If 1526.Sy autofs 1527is set to 1528.Ql YES , 1529these are the flags to pass to the 1530.Xr autounmountd 8 1531daemon. 1532By default no flags are passed. 1533.El 1534.Ss Hardware daemons 1535.Bl -tag -width net_interfaces 1536.It Sy apmd 1537Boolean value. 1538Runs 1539.Xr apmd 8 1540and passes 1541.Sy apmd_flags . 1542.It Sy irdaattach 1543Boolean value. 1544Runs 1545.Xr irdaattach 8 1546and passes 1547.Sy irdaattach_flags . 1548.It Sy moused 1549Boolean value. 1550Runs 1551.Xr moused 8 , 1552to pass serial mouse data to the wscons mouse mux. 1553Passes 1554.Sy moused_flags . 1555.It Sy screenblank 1556Boolean value. 1557Runs 1558.Xr screenblank 1 1559and passes 1560.Sy screenblank_flags . 1561.It Sy wscons 1562Boolean value. 1563Configures the 1564.Xr wscons 4 1565console driver, from the configuration file 1566.Pa /etc/wscons.conf . 1567.It Sy wsmoused 1568Boolean value. 1569Runs 1570.Xr wsmoused 8 , 1571to provide copy and paste text support in wscons displays. 1572Passes 1573.Sy wsmoused_flags . 1574.El 1575.Sh FILES 1576.Bl -tag -width /etc/defaults/rc.conf -compact 1577.It Pa /etc/rc.conf 1578The file 1579.Nm 1580resides in 1581.Pa /etc . 1582.It Pa /etc/defaults/rc.conf 1583Default settings for 1584.Nm , 1585sourced by 1586.Nm 1587before the end-user configuration section. 1588.It Pa /etc/rc.conf.d/ Ns Ar foo 1589.Ar foo Ns No -specific 1590.Nm 1591overrides. 1592.El 1593.Sh SEE ALSO 1594.Xr boot 8 , 1595.Xr rc 8 , 1596.Xr rc.d 8 , 1597.Xr rc.subr 8 , 1598.Xr rcorder 8 1599.Sh HISTORY 1600The 1601.Nm 1602file appeared in 1603.Nx 1.3 . 1604