1.\" $NetBSD: rc.conf.5,v 1.190 2021/01/15 15:18:32 riastradh Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd September 11, 2020 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Ql YES , 127.Ql TRUE , 128.Ql ON 129or 130.Ql 1 131for true, and 132.Ql NO , 133.Ql FALSE , 134.Ql OFF 135or 136.Ql 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with 141.Dq _flags 142appended, and determine what 143arguments are passed to the program if it is enabled. 144.Pp 145If a variable that 146.Xr rc 8 147expects to be set is not set, or the value is not one of the allowed 148values, a warning will be printed. 149.Ss Overall control 150.Bl -tag -width net_interfaces 151.It Sy do_rcshutdown 152Boolean value. 153If false, 154.Xr shutdown 8 155will not run 156.Pa /etc/rc.shutdown . 157.It Sy rcshutdown_rcorder_flags 158A string. 159Extra arguments to the 160.Xr rcorder 8 161run by 162.Pa /etc/rc.shutdown . 163.It Sy rcshutdown_timeout 164A number. 165If non-blank, use this as the number of seconds to run a watchdog timer for 166which will terminate 167.Pa /etc/rc.shutdown 168if the timer expires before the shutdown script completes. 169.It Sy rc_configured 170Boolean value. 171If false then the system will drop into single-user mode during boot. 172.It Sy rc_fast_and_loose 173If set to a non-empty string, 174each script in 175.Pa /etc/rc.d 176will be executed in the current shell rather than a sub shell. 177This may be faster on slow machines that have an expensive 178.Xr fork 2 179operation. 180.Bl -hang 181.It Em Note : 182Use this at your own risk! 183A rogue command or script may inadvertently prevent boot to multiuser. 184.El 185.It Sy rc_rcorder_flags 186A string. 187Extra arguments to the 188.Xr rcorder 8 189run by 190.Pa /etc/rc . 191.It Sy rc_directories 192A string. 193Space separated list of directories searched for rc scripts. 194The default is 195.Pa /etc/rc.d . 196All directories in 197.Ev rc_directories 198must be located in the root file system, otherwise they will be silently 199skipped. 200.It Sy rc_silent 201Boolean value. 202If true then the usual output is suppressed, and 203.Xr rc 8 204invokes the command specified in the 205.Va rc_silent_cmd 206variable once for each line of suppressed output. 207The default value of 208.Va rc_silent 209is set from the 210.Dv AB_SILENT 211flag in the kernel's 212.Va boothowto 213variable (see 214.Xr boot 8 , 215.Xr reboot 2 ) . 216.It Sy rc_silent_cmd 217A command to be executed once per line of suppressed output, when 218.Va rc_silent 219is true. 220The default value of 221.Va rc_silent_cmd 222is 223.Ql twiddle , 224which will display a spinning symbol instead of each line of output. 225Another useful value is 226.Ql \&: , 227which will display nothing at all. 228.El 229.Ss Basic network configuration 230.Bl -tag -width net_interfaces 231.It Sy defaultroute 232A string. 233Default IPv4 network route. 234If empty or not set, then the contents of 235.Pa /etc/mygate 236(if it exists) are used. 237.It Sy defaultroute6 238A string. 239Default IPv6 network route. 240If empty or not set, then the contents of 241.Pa /etc/mygate6 242(if it exists) are used. 243.It Sy domainname 244A string. 245NIS (YP) domain of host. 246If empty or not set, then the contents of 247.Pa /etc/defaultdomain 248(if it exists) are used. 249.It Sy force_down_interfaces 250A space separated list of interface names. 251These interfaces will be configured down when going from multiuser to single-user 252mode or on system shutdown. 253.It Sy dns_domain 254A string. 255Sets domain in 256.Pa /etc/resolv.conf . 257.It Sy dns_search 258A string. 259Sets search in 260.Pa /etc/resolv.conf . 261.It Sy dns_nameservers 262A string of space separated domain name servers. 263Sets nameserver for each value in 264.Pa /etc/resolv.conf . 265.It Sy dns_sortlist 266A string. 267Sets sortlist in 268.Pa /etc/resolv.conf . 269.It Sy dns_options 270A string. 271Sets options in 272.Pa /etc/resolv.conf . 273.It Sy dns_metric 274An unsigned integer. 275Sets the priority of the above DNS to other sources, lowest wins. 276Defaults to 0. 277.Pp 278This is important for some stateful interfaces, for example PPPoE interfaces 279which have no direct means of noticing 280.Dq disconnect 281events. 282.Pp 283All active 284.Xr pppoe 4 285interfaces will be automatically added to this list. 286.It Sy hostname 287A string. 288Name of host. 289If empty or not set, then the contents of 290.Pa /etc/myname 291(if it exists) are used. 292.El 293.Ss Boottime file-system and swap configuration 294.Bl -tag -width net_interfaces 295.It Sy critical_filesystems_local 296A string. 297File systems mounted very early in the system boot before networking 298services are available. 299Usually 300.Pa /var 301is part of this, because it is needed by services such as 302.Xr dhcpcd 8 303which may be required to get the network operational. 304The default is 305.Ql "OPTIONAL:" Ns Pa /var , 306where the 307.Ql "OPTIONAL:" 308prefix means that it's not an error if the file system is not 309present in 310.Xr fstab 5 . 311.It Sy critical_filesystems_remote 312A string. 313File systems such as 314.Pa /usr 315that may require network services to be available to mount, 316that must be available early in the system boot for general services to use. 317The default is 318.Ql "OPTIONAL:" Ns Pa /usr , 319where the 320.Ql "OPTIONAL:" 321prefix means that it is not an error if the file system is not 322present in 323.Xr fstab 5 . 324.It Sy fsck_flags 325A string. 326A file system is checked with 327.Xr fsck 8 328during boot before mounting it. 329This option may be used to override the default command-line options 330passed to the 331.Xr fsck 8 332program. 333.Pp 334When set to 335.Fl y , 336.Xr fsck 8 337assumes yes as the answer to all operator questions during file system checks. 338This might be important with hosts where the administrator does not have 339access to the console and an unsuccessful shutdown must not make the host 340unbootable even if the file system checks would fail in preen mode. 341.It Sy modules 342Boolean value. 343If true, loads the modules specified in 344.Xr modules.conf 5 . 345.It Sy no_swap 346Boolean value. 347Should be true if you have deliberately configured your system with no swap. 348If false and no swap devices are configured, the system will warn you. 349.It Sy resize_root 350Boolean value. 351Set to true to have the system resize the root file system to fill its 352partition. 353Will only attempt to resize the root file system if it is of type ffs and does 354not have logging enabled. 355Defaults to false. 356.It Sy swapoff 357Boolean value. 358Remove block-type swap devices at shutdown time. 359Useful if swapping onto RAIDframe devices. 360.It Sy swapoff_umount 361.Dq "auto" 362or 363.Dq "manual" . 364Before removing block-type swap devices, it is wise to unmount tmpfs filesystems to avoid having to swap their contents back into RAM. 365By default 366.Dq ( "auto" ) 367all tmpfs filesystems that contain no device nodes are unmounted. 368Set to 369.Dq "manual" 370to explicitly specify which filesystems to unmount before removing swap. 371.It Sy swapoff_umount_fs 372A space-separated list of absolute paths to tmpfs mount points. 373If 374.Sy swapoff_umount 375is set to 376.Dq "manual" , 377these tmpfs filesystems will be forcibly unmounted before removing block-type 378swap devices. 379.It Sy var_shm_symlink 380A path. 381If set, names a path that 382.Pa /var/shm 383will be symlinked to. 384.Pp 385The path needs to live on a tmpfs file system. 386A typical value (assuming 387.Pa /tmp 388is mounted on tmpfs) would be 389.Pa /tmp/.shm . 390.El 391.Ss Block device subsystems 392.Bl -tag -width net_interfaces 393.It Sy ccd 394Boolean value. 395Configures concatenated disk devices according to 396.Xr ccd.conf 5 . 397.It Sy cgd 398Boolean value. 399Configures cryptographic disk devices. 400Requires 401.Pa /etc/cgd/cgd.conf . 402See 403.Xr cgdconfig 8 404for additional details. 405.It Sy lvm 406Boolean value. 407Configures the logical volume manager. 408See 409.Xr lvm 8 410for additional details. 411.It Sy raidframe 412Boolean value. 413Configures 414.Xr raid 4 , 415RAIDframe disk devices. 416See 417.Xr raidctl 8 418for additional details. 419.El 420.Ss One-time actions to perform or programs to run on boot-up 421.Bl -tag -width net_interfaces 422.It Sy accounting 423Boolean value. 424Enables process accounting with 425.Xr accton 8 . 426Requires 427.Pa /var/account/acct 428to exist. 429.It Sy clear_tmp 430Boolean value. 431Clear 432.Pa /tmp 433after reboot. 434.It Sy dmesg 435Boolean value. 436Create 437.Pa /var/run/dmesg.boot 438from the output of 439.Xr dmesg 8 . 440Passes 441.Sy dmesg_flags . 442.It Sy entropy 443A string, 444.Sq Li check 445or 446.Sq Li wait . 447If set, then during boot-up, after 448.Sy random_seed 449and 450.Sy rndctl , 451check for or wait until enough entropy before any networking is 452enabled. 453.Pp 454If not enough entropy is available, then: 455.Bl -bullet -compact 456.It 457With 458.Sq Li entropy=check , 459stop multiuser boot and enter single-user mode instead. 460.It 461With 462.Sq Li entropy=wait , 463wait until enough entropy is available. 464.El 465.Pp 466Note that 467.Sq Li entropy=wait 468may cause the system to hang indefinitely at boot if it has neither a 469random seed nor any hardware random number generators \(em use with 470care. 471.Pp 472If empty or not set, the system may come to multiuser without entropy, 473which is unsafe to use on the internet; it is the operator's 474responsibility to heed warnings from the kernel and the daily 475.Xr security.conf 5 476report to remedy the problem \(em see 477.Xr entropy 7 . 478.It Sy envsys 479Boolean value. 480Sets preferences for the environmental systems framework, 481.Xr envsys 4 . 482Requires 483.Pa /etc/envsys.conf , 484which is described in 485.Xr envsys.conf 5 . 486.It Sy gpio 487Boolean value. 488Configure 489.Xr gpio 4 490devices. 491See 492.Xr gpio.conf 5 . 493.It Sy ldconfig 494Boolean value. 495Configures 496.Xr a.out 5 497runtime link editor directory cache. 498.It Sy mixerctl 499Boolean value. 500Read 501.Xr mixerctl.conf 5 502for how to set mixer values. 503List in 504.Sy mixerctl_mixers 505the devices whose settings are to be saved at shutdown and 506restored at start-up. 507.It Sy newsyslog 508Boolean value. 509Run 510.Nm newsyslog 511to trim log files before syslogd starts. 512Intended for laptop users. 513Passes 514.Sy newsyslog_flags . 515.It Sy per_user_tmp 516Boolean value. 517Enables a per-user 518.Pa /tmp 519directory. 520.Sy per_user_tmp_dir 521can be used to override the default location of the 522.Dq real 523temporary directories, 524.Pa /private/tmp . 525See 526.Xr security 7 527for additional details. 528.It Sy quota 529Boolean value. 530Checks and enables quotas by running 531.Xr quotacheck 8 532and 533.Xr quotaon 8 . 534.It Sy random_seed 535Boolean value. 536During boot-up, runs the 537.Xr rndctl 8 538utility with the 539.Fl L 540flag to seed the random number subsystem from an entropy file. 541During shutdown, runs the 542.Xr rndctl 8 543utility with the 544.Fl S 545flag to save some random information to the entropy file. 546The entropy file name is specified by the 547.Sy random_file 548variable, and defaults to 549.Pa /var/db/entropy-file . 550The entropy file must be on a local file system that is writable early during 551boot-up (just after the file systems specified in 552.Sy critical_filesystems_local 553have been mounted), and correspondingly late during shutdown. 554.It Sy rndctl 555Boolean value. 556Runs the 557.Xr rndctl 8 558utility one or more times according to the specification in 559.Sy rndctl_flags . 560.Pp 561If 562.Sy rndctl_flags 563does not contain a semicolon 564.Pq Ql \&; 565then it is expected to contain zero or more flags, 566followed by one or more device or type names. 567The 568.Xr rndctl 8 569command will be executed once for each device or type name. 570If the specified flags do not include any of 571.Fl c , C , e , 572or 573.Fl E , 574then the flags 575.Fl c 576and 577.Fl e 578are added, to specify that entropy from the relevant device or type 579should be both collected and estimated. 580If the specified flags do not include either of 581.Fl d 582or 583.Fl t , 584then the flag 585.Fl d 586is added, to specify that the non-flag arguments are device names, 587not type names. 588.Pp 589.Sy rndctl_flags 590may contain multiple semicolon-separated segments, in which each 591segment contains flags and device or type names as described above. 592This allows different flags to be associated with different 593device or type names. 594For example, given 595.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 596the following commands will be executed: 597.Li "rndctl -c -e -d wd0" ; 598.Li "rndctl -c -e -d wd1" ; 599.Li "rndctl -c -e -t tty" ; 600.Li "rndctl -c -t net" . 601.It Sy rtclocaltime 602Boolean value. 603Sets the real time clock to local time by adjusting the 604.Xr sysctl 7 605value of 606.Pa kern.rtc_offset . 607The offset from UTC is calculated automatically according 608to the time zone information in the file 609.Pa /etc/localtime . 610.It Sy savecore 611Boolean value. 612Runs the 613.Xr savecore 8 614utility. 615Passes 616.Sy savecore_flags . 617The directory where crash dumps are stored is specified by 618.Sy savecore_dir . 619The default setting is 620.Pa /var/crash . 621.It Sy sysdb 622Boolean value. 623Builds various system databases, including 624.Pa /var/run/dev.cdb , 625.Pa /etc/spwd.db , 626.Pa /var/db/netgroup.db , 627.Pa /var/db/services.cdb , 628and entries for 629.Xr utmp 5 . 630.It Sy tpctl 631Boolean value. 632Run 633.Xr tpctl 8 634to calibrate touch panel device. 635Passes 636.Sy tpctl_flags . 637.It Sy update_motd 638Boolean value. 639Updates the 640.Nx 641version string in the 642.Pa /etc/motd 643file to reflect the version of the running kernel. 644See 645.Xr motd 5 . 646.It Sy update_motd_release 647Boolean value. 648If enabled in addition to 649.Sy update_motd , 650updates a second 651.Nx 652version string in the 653.Pa /etc/motd 654file to reflect the version, architecture, and Build ID of 655the installed userland. 656An optional prefix can be provided for this version string in 657.Sy motd_release_tag . 658.It Sy virecover 659Boolean value. 660Send notification mail to users if any recoverable files exist in 661.Pa /var/tmp/vi.recover . 662Read 663.Xr virecover 8 664for more information. 665.It Sy wdogctl 666Boolean value. 667Configures watchdog timers. 668Passes 669.Sy wdogctl_flags . 670Refer to 671.Xr wdogctl 8 672for information on how to configure a timer. 673.El 674.Ss System security settings 675.Bl -tag -width net_interfaces 676.It Sy securelevel 677A number. 678The system securelevel is set to the specified value early 679in the boot process, before any external logins, or other programs 680that run users job, are started. 681If set to nothing, the default action is taken, as described in 682.Xr init 8 683and 684.Xr secmodel_securelevel 9 , 685which contains definitive information about the system securelevel. 686Note that setting 687.Sy securelevel 688to 0 in 689.Nm 690will actually result in the system booting with securelevel set to 1, as 691.Xr init 8 692will raise the level when 693.Xr rc 8 694completes. 695.It Sy permit_nonalpha 696Boolean value. 697Allow passwords to include non-alpha characters, usually to allow 698NIS/YP netgroups. 699.It Sy veriexec 700Boolean value. 701Load Veriexec fingerprints during startup. 702Read 703.Xr veriexecctl 8 704for more information. 705.It Sy veriexec_strict 706A number. 707Controls the strict level of Veriexec. 708Level 0 is learning mode, used when building the signatures file. 709It will only output messages but will not enforce anything. 710Level 1 will only prevent access to files with a fingerprint 711mismatch. 712Level 2 will also deny writing to and removing of 713monitored files, as well as enforce access type (as specified in 714the signatures file). 715Level 3 will take a step further and prevent 716access to files that are not monitored. 717.It Sy veriexec_verbose 718A number. 719Controls the verbosity of Veriexec. 720Recommended operation is at level 0, verbose output (mostly used when 721building the signatures file) is at level 1. 722Level 2 is for debugging only and should not be used. 723.It Sy veriexec_flags 724A string. 725Flags to pass to the 726.Nm veriexecctl 727command. 728.It Sy smtoff 729Boolean value. 730Disables SMT (Simultaneous Multi-Threading). 731.El 732.Ss Networking startup 733.Bl -tag -width net_interfaces 734.It Sy altqd 735Boolean value. 736ALTQ configuration/monitoring daemon. 737Passes 738.Sy altqd_flags . 739.It Sy auto_ifconfig 740Boolean value. 741Sets the 742.Sy net_interfaces 743variable (see below) to the output of 744.Xr ifconfig 8 745with the 746.Fl l 747flag and suppresses warnings about interfaces in this list that 748do not have an ifconfig file or variable. 749.It Sy blocklistd 750Boolean value. 751Runs 752.Xr blocklistd 8 753to dynamically block hosts on a DoS according to configuration set in 754.Xr blocklistd.conf 5 755Passes 756.Sy blocklistd_flags . 757.It Sy dhcpcd 758Boolean value. 759Set true to configure some or all network interfaces using dhcpcd. 760If you set 761.Sy dhcpcd 762true, then 763.Pa /var 764must be in 765.Sy critical_filesystems_local , 766or 767.Pa /var 768must be on the root file system. 769If you need to restrict dhcpcd to one or a number of interfaces, 770or need a separate configuration per interface, 771then this should be done in the configuration file - see 772.Xr dhcpcd.conf 5 773for details. 774dhcpcd presently ignores the 775.Sy wpa_supplicant 776variable in rc.conf and will start wpa_supplicant if a suitable 777wpa_supplicant.conf is found unless otherwise instructed in 778.Xr dhcpcd.conf 5 . 779.It Sy dhcpcd_flags 780Passes 781.Sy dhcpcd_flags 782to dhcpcd. 783See 784.Xr dhcpcd 8 785for complete documentation. 786.It Sy flushroutes 787Boolean value. 788Flushes the route table on networking startup. 789Useful when coming up to multiuser mode after going down to 790single-user mode. 791.It Sy ftp_proxy 792Boolean value. 793Runs 794.Xr ftp-proxy 8 , 795the proxy daemon for the Internet File Transfer Protocol. 796.It Sy hostapd 797Boolean value. 798Runs 799.Xr hostapd 8 , 800the authenticator for IEEE 802.11 networks. 801.It Sy ifaliases_* 802A string. 803List of 804.Sq Em "address netmask" 805pairs to configure additional network addresses for the given 806configured interface 807(e.g. 808.Sy ifaliases_le0 ) . 809If 810.Em netmask 811is 812.Ql - , 813then use the default netmask for the interface. 814.Pp 815.Sy ifaliases_* 816covers limited cases only and is considered unrecommended. 817We recommend using 818.Sy ifconfig_xxN 819variables or 820.Pa /etc/ifconfig. Ns Ar xxN 821files with multiple lines instead. 822.It Sy ifwatchd 823Boolean value. 824Monitor dynamic interfaces and perform actions upon address changes. 825Passes 826.Sy ifwatchd_flags . 827.It Sy ip6addrctl 828Boolean value. 829Fine grain control of address and routing priorities. 830.It Sy ip6addrctl_policy 831A string. 832Can be: 833.Bl -tag -width "Ql auto" -compact 834.It Ql auto 835automatically determine from system settings; will read priorities from 836.Pa /etc/ip6addrctl.conf 837or if that file does not exist it will default to IPv6 first, then IPv4. 838.It Ql ipv4_prefer 839try IPv4 before IPv6. 840.It Ql ipv6_prefer 841try IPv6 before IPv4. 842.El 843.It Sy ip6addrctl_verbose 844Boolean value. 845If set, print the resulting prefixes and priorities map. 846.It Sy ip6mode 847A string. 848An IPv6 node can be a router 849.Pq nodes that forward packet for others 850or a host 851.Pq nodes that do not forward . 852A host can be autoconfigured 853based on the information advertised by adjacent IPv6 routers. 854By setting 855.Sy ip6mode 856to 857.Ql router , 858.Ql host , 859or 860.Ql autohost , 861you can configure your node as a router, 862a non-autoconfigured host, or an autoconfigured host. 863Invalid values will be ignored, and the node will be configured as 864a non-autoconfigured host. 865.It Sy ip6uniquelocal 866Boolean value. 867If 868.Sy ip6mode 869is equal to 870.Ql router , 871and 872.Sy ip6uniquelocal 873is false, 874a reject route will be installed on boot to avoid misconfiguration relating 875to unique-local addresses. 876If 877.Sy ip6uniquelocal 878is true, the reject route won't be installed. 879.It Sy ipfilter 880Boolean value. 881Runs 882.Xr ipf 8 883to load in packet filter specifications from 884.Pa /etc/ipf.conf 885at network boot time, before any interfaces are configured. 886Passes 887.Sy ipfilter_flags . 888See 889.Xr ipf.conf 5 . 890.It Sy ipfs 891Boolean value. 892Runs 893.Xr ipfs 8 894to save and restore information for ipnat and ipfilter state tables. 895The information is stored in 896.Pa /var/db/ipf/ipstate.ipf 897and 898.Pa /var/db/ipf/ipnat.ipf . 899Passes 900.Sy ipfs_flags . 901.It Sy ipmon 902Boolean value. 903Runs 904.Xr ipmon 8 905to read 906.Xr ipf 8 907packet log information and log it to a file or the system log. 908Passes 909.Sy ipmon_flags . 910.It Sy ipmon_flags 911A string. 912Specifies arguments to supply to 913.Xr ipmon 8 . 914Defaults to 915.Ql -ns . 916A typical example would be 917.Ql "-nD /var/log/ipflog" 918to have 919.Xr ipmon 8 920log directly to a file bypassing 921.Xr syslogd 8 . 922If the 923.Fl D 924argument is used, remember to modify 925.Pa /etc/newsyslog.conf 926accordingly; for example: 927.Pp 928.Dl /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 929.It Sy ipnat 930Boolean value. 931Runs 932.Xr ipnat 8 933to load in the IP network address translation (NAT) rules from 934.Pa /etc/ipnat.conf 935at network boot time, before any interfaces are configured. 936See 937.Xr ipnat.conf 5 . 938.It Sy ipsec 939Boolean value. 940Runs 941.Xr setkey 8 942to load in IPsec manual keys and policies from 943.Pa /etc/ipsec.conf 944at network boot time, before any interfaces are configured. 945.It Sy npf 946Boolean value. 947Loads 948.Xr npf.conf 5 949at network boot time, and starts 950.Xr npf 7 . 951.It Sy npfd 952Boolean value. 953Runs 954.Xr npfd 8 , 955the NPF packet filter logging and state synchronization daemon. 956Passes 957.Sy npfd_flags . 958.It Sy net_interfaces 959A string. 960The list of network interfaces to be configured at boot time. 961For each interface "xxN", the system first looks for ifconfig 962parameters in the variable 963.Sy ifconfig_xxN , 964and then in the file 965.Pa /etc/ifconfig.xxN . 966If 967.Sy auto_ifconfig 968is false, and neither the variable nor the file is found, 969a warning is printed. 970Information in either the variable or the file is parsed identically, 971except that, if an 972.Sy ifconfig_xxN 973variable contains a single line with embedded semicolons, 974then the value is split into multiple lines prior to further parsing, 975treating the semicolon as a line separator. 976.Pp 977One common case it to set the 978.Sy ifconfig_xxN 979variable to a set of arguments to be passed to an 980.Xr ifconfig 8 981command after the interface name. 982Refer to 983.Xr ifconfig.if 5 984for more details on 985.Pa /etc/ifconfig.xxN 986files, and note that the information there also applies to 987.Sy ifconfig_xxN 988variables (after the variables are split into lines). 989.It Sy ntpdate 990Boolean value. 991Runs 992.Xr ntpdate 8 993to set the system time from one of the hosts in 994.Sy ntpdate_hosts . 995If 996.Sy ntpdate_hosts 997is empty, it will attempt to find a list of hosts in 998.Pa /etc/ntp.conf . 999Passes 1000.Sy ntpdate_flags . 1001.It Sy pf 1002Boolean value. 1003Enable 1004.Xr pf 4 1005at network boot time: 1006Load the initial configuration 1007.Xr pf.boot.conf 5 1008before the network is up. 1009After the network has been configured, then load the final rule set 1010.Xr pf.conf 5 . 1011.It Sy pf_rules 1012A string. 1013The path of the 1014.Xr pf.conf 5 1015rule set that will be used when loading the final rule set. 1016.It Sy pflogd 1017Boolean value. 1018Run 1019.Xr pflogd 8 1020for dumping packet filter logging information to a file. 1021.It Sy ppp 1022A boolean. 1023Toggles starting 1024.Xr pppd 8 1025on startup. 1026See 1027.Sy ppp_peers 1028below. 1029.It Sy ppp_peers 1030A string. 1031If 1032.Sy ppp 1033is true and 1034.Sy ppp_peers 1035is not empty, then 1036.Pa /etc/rc.d/ppp 1037will check each word in 1038.Sy ppp_peers 1039for a corresponding ppp configuration file in 1040.Pa /etc/ppp/peers 1041and will call 1042.Xr pppd 8 1043with the 1044.Dq Ic call Va peer 1045option. 1046.It Sy racoon 1047Boolean value. 1048Runs 1049.Xr racoon 8 , 1050the IKE (ISAKMP/Oakley) key management daemon. 1051.It Sy wpa_supplicant 1052Boolean value. 1053Run 1054.Xr wpa_supplicant 8 , 1055WPA/802.11i Supplicant for wireless network devices. 1056If you set 1057.Sy wpa_supplicant 1058true, then 1059.Pa /usr 1060must be in 1061.Sy critical_filesystems_local , 1062or 1063.Pa /usr 1064must be on the root file system. 1065dhcpcd ignores this variable, see the 1066.Sy dhcpcd 1067variable for details. 1068.El 1069.Ss Daemons required by other daemons 1070.Bl -tag -width net_interfaces 1071.It Sy inetd 1072Boolean value. 1073Runs the 1074.Xr inetd 8 1075daemon to start network server processes (as listed in 1076.Pa /etc/inetd.conf ) 1077as necessary. 1078Passes 1079.Sy inetd_flags . 1080The 1081.Fl l 1082flag turns on libwrap connection logging. 1083.It Sy rpcbind 1084Boolean value. 1085The 1086.Xr rpcbind 8 1087daemon is required for any 1088.Xr rpc 3 1089services. 1090These include NFS, NIS, 1091.Xr rpc.bootparamd 8 , 1092.Xr rpc.rstatd 8 , 1093.Xr rpc.rusersd 8 , 1094and 1095.Xr rpc.rwalld 8 . 1096Passes 1097.Sy rpcbind_flags . 1098.El 1099.Ss Commonly used daemons 1100.Bl -tag -width net_interfaces 1101.It Sy cron 1102Boolean value. 1103Run 1104.Xr cron 8 . 1105.It Sy ftpd 1106Boolean value. 1107Runs the 1108.Xr ftpd 8 1109daemon and passes 1110.Sy ftpd_flags . 1111.It Sy httpd 1112Boolean value. 1113Runs the 1114.Xr httpd 8 1115daemon and passes 1116.Sy httpd_flags . 1117.It Sy httpd_wwwdir 1118A string. 1119The 1120.Xr httpd 8 1121WWW root directory. 1122Used only if 1123.Sy httpd 1124is true. 1125The default setting is 1126.Pa /var/www . 1127.It Sy httpd_wwwuser 1128A string. 1129If non-blank and 1130.Sy httpd 1131is true, run 1132.Xr httpd 8 1133and cause it to switch to the specified user after initialization. 1134It is preferred to 1135.Sy httpd_user 1136because 1137.Xr httpd 8 1138is requiring extra privileges to start listening on default port 80. 1139The default setting is 1140.Ql _httpd . 1141.It Sy lpd 1142Boolean value. 1143Runs 1144.Xr lpd 8 1145and passes 1146.Sy lpd_flags . 1147The 1148.Fl l 1149flag will turn on extra logging. 1150.It Sy mdnsd 1151Boolean value. 1152Runs 1153.Xr mdnsd 8 . 1154.It Sy named 1155Boolean value. 1156Runs 1157.Xr named 8 1158and passes 1159.Sy named_flags . 1160.It Sy named_chrootdir 1161A string. 1162If non-blank and 1163.Sy named 1164is true, run 1165.Xr named 8 1166as the unprivileged user and group 1167.Sq named , 1168.Xr chroot 2 Ns ed 1169to 1170.Sy named_chrootdir . 1171.Li \&${named_chrootdir} Ns Pa /var/run/log 1172will be added to the list of log sockets that 1173.Xr syslogd 8 1174listens to. 1175.It Sy ntpd 1176Boolean value. 1177Runs 1178.Xr ntpd 8 1179and passes 1180.Sy ntpd_flags . 1181.It Sy ntpd_chrootdir 1182A string. 1183If non-blank and 1184.Sy ntpd 1185is true, run 1186.Xr ntpd 8 1187as the unprivileged user and group 1188.Sq ntpd , 1189.Xr chroot 2 Ns ed 1190to 1191.Sy ntpd_chrootdir . 1192.Li \&${ntpd_chrootdir} Ns Pa /var/run/log 1193will be added to the list of log sockets that 1194.Xr syslogd 8 1195listens to. 1196This option requires that the kernel has 1197.D1 Cd pseudo-device clockctl 1198compiled in, and that 1199.Pa /dev/clockctl 1200is present. 1201.It Sy postfix 1202Boolean value. 1203Starts 1204.Xr postfix 1 1205mail system. 1206.It Sy sshd 1207Boolean value. 1208Runs 1209.Xr sshd 8 1210and passes 1211.Sy sshd_flags . 1212.It Sy syslogd 1213Boolean value. 1214Runs 1215.Xr syslogd 8 1216and passes 1217.Sy syslogd_flags . 1218.It Sy timed 1219Boolean value. 1220Runs 1221.Xr timed 8 1222and passes 1223.Sy timed_flags . 1224The 1225.Fl M 1226option allows 1227.Xr timed 8 1228to be a master time source as well as a slave. 1229If you are also running 1230.Xr ntpd 8 , 1231only one machine running both should have the 1232.Fl M 1233flag given to 1234.Xr timed 8 . 1235.It Sy unbound 1236Boolean value. 1237Runs 1238.Xr unbound 8 . 1239.It Sy unbound_chrootdir 1240A string. 1241If non-blank and 1242.Sy unbound 1243is true, run 1244.Xr unbound 8 1245.Xr chroot 2 Ns ed 1246to 1247.Sy unbound_chrootdir . 1248.El 1249.Ss Routing daemons 1250.Bl -tag -width net_interfaces 1251.It Sy mrouted 1252Boolean value. 1253Runs 1254.Xr mrouted 8 , 1255the DVMRP multicast routing protocol daemon. 1256Passes 1257.Sy mrouted_flags . 1258.It Sy route6d 1259Boolean value. 1260Runs 1261.Xr route6d 8 , 1262the RIPng routing protocol daemon for IPv6. 1263Passes 1264.Sy route6d_flags . 1265.It Sy routed 1266Boolean value. 1267Runs 1268.Xr routed 8 , 1269the RIP routing protocol daemon. 1270Passes 1271.Sy routed_flags . 1272.\" This should be false 1273.\" if 1274.\" .Sy gated 1275.\" is true. 1276.El 1277.Ss Daemons used to boot other hosts over a network 1278.Bl -tag -width net_interfaces 1279.It Sy bootparamd 1280Boolean value. 1281Runs 1282.Xr bootparamd 8 , 1283the boot parameter server, with 1284.Sy bootparamd_flags 1285as options. 1286Used to boot 1287.Nx 1288and SunOS 4.x systems. 1289.It Sy dhcpd 1290Boolean value. 1291Runs 1292.Xr dhcpd 8 , 1293the Dynamic Host Configuration Protocol (DHCP) daemon, 1294for assigning IP addresses to hosts and passing boot information. 1295Passes 1296.Sy dhcpd_flags . 1297.It Sy dhcrelay 1298Boolean value. 1299Runs 1300.Xr dhcrelay 8 . 1301Passes 1302.Sy dhcrelay_flags . 1303.It Sy mopd 1304Boolean value. 1305Runs 1306.Xr mopd 8 , 1307the DEC MOP protocol daemon; used for booting VAX and other DEC 1308machines. 1309Passes 1310.Sy mopd_flags . 1311.It Sy ndbootd 1312Boolean value. 1313Runs 1314.Xr ndbootd 8 , 1315the Sun Network Disk (ND) Protocol server. 1316Passes 1317.Sy ndbootd_flags . 1318.It Sy rarpd 1319Boolean value. 1320Runs 1321.Xr rarpd 8 , 1322the reverse ARP daemon, often used to boot 1323.Nx 1324and Sun workstations. 1325Passes 1326.Sy rarpd_flags . 1327.It Sy rbootd 1328Boolean value. 1329Runs 1330.Xr rbootd 8 , 1331the HP boot protocol daemon; used for booting HP workstations. 1332Passes 1333.Sy rbootd_flags . 1334.It Sy rtadvd 1335Boolean value. 1336Runs 1337.Xr rtadvd 8 , 1338the IPv6 router advertisement daemon, which is used to advertise 1339information about the subnet to IPv6 end hosts. 1340Passes 1341.Sy rtadvd_flags . 1342This is only for IPv6 routers, so set 1343.Sy ip6mode 1344to 1345.Ql router 1346if you use it. 1347.El 1348.Ss X Window System daemons 1349.Bl -tag -width net_interfaces 1350.It Sy xdm 1351Boolean value. 1352Runs the 1353.Xr xdm 1 1354X display manager. 1355These X daemons are available only with the optional X distribution of 1356.Nx . 1357.It Sy xfs 1358Boolean value. 1359Runs the 1360.Xr xfs 1 1361X11 font server, which supplies local X font files to X terminals. 1362.El 1363.Ss NIS (YP) daemons 1364.Bl -tag -width net_interfaces 1365.It Sy ypbind 1366Boolean value. 1367Runs 1368.Xr ypbind 8 , 1369which lets NIS (YP) clients use information from a NIS server. 1370Passes 1371.Sy ypbind_flags . 1372.It Sy yppasswdd 1373Boolean value. 1374Runs 1375.Xr yppasswdd 8 , 1376which allows remote NIS users to update password on master server. 1377Passes 1378.Sy yppasswdd_flags . 1379.It Sy ypserv 1380Boolean value. 1381Runs 1382.Xr ypserv 8 , 1383the NIS (YP) server for distributing information from certain files 1384in 1385.Pa /etc . 1386Passes 1387.Sy ypserv_flags . 1388The 1389.Fl d 1390flag causes it to use DNS for lookups in 1391.Pa /etc/hosts 1392that fail. 1393.El 1394.Ss NFS daemons and parameters 1395.Bl -tag -width net_interfaces 1396.It Sy amd 1397Boolean value. 1398Runs 1399.Xr amd 8 , 1400the automounter daemon, which automatically mounts NFS file systems 1401whenever a file or directory within that file system is accessed. 1402Passes 1403.Sy amd_flags . 1404.It Sy amd_dir 1405A string. 1406The 1407.Xr amd 8 1408mount directory. 1409Used only if 1410.Sy amd 1411is true. 1412.It Sy lockd 1413Boolean value. 1414Runs 1415.Xr rpc.lockd 8 1416if 1417.Sy nfs_server 1418and/or 1419.Sy nfs_client 1420are true. 1421Passes 1422.Sy lockd_flags . 1423.It Sy mountd 1424Boolean value. 1425Runs 1426.Xr mountd 8 1427and passes 1428.Sy mountd_flags . 1429.It Sy nfs_client 1430Boolean value. 1431The number of local NFS asynchronous I/O server is now controlled via 1432.Xr sysctl 8 . 1433.It Sy nfs_server 1434Boolean value. 1435Sets up a host to be a NFS server by running 1436.Xr nfsd 8 1437and passing 1438.Sy nfsd_flags . 1439.It Sy statd 1440Boolean value. 1441Runs 1442.Xr rpc.statd 8 , 1443a status monitoring daemon used when 1444.Xr rpc.lockd 8 1445is running, if 1446.Sy nfs_server 1447and/or 1448.Sy nfs_client 1449are true. 1450Passes 1451.Sy statd_flags . 1452.El 1453.Ss Bluetooth support 1454.Bl -tag -width net_interfaces 1455.It Sy bluetooth 1456Boolean value. 1457Configure Bluetooth support, comprising the following tasks: 1458.Bl -dash -compact 1459.It 1460attach serial Bluetooth controllers as listed in the 1461.Pa /etc/bluetooth/btattach.conf 1462configuration file. 1463.It 1464enable Bluetooth controllers with useful defaults, plus 1465additional options as detailed below. 1466.It 1467optionally, start 1468.Xr bthcid 8 , 1469the Bluetooth Link Key/PIN Code manager, passing 1470.Sy bthcid_flags . 1471.It 1472configure local Bluetooth drivers as listed in the 1473.Pa /etc/bluetooth/btdevctl.conf 1474configuration file. 1475.It 1476optionally, start 1477.Xr sdpd 8 , 1478the Service Discovery server, passing 1479.Sy sdpd_flags . 1480.El 1481.It Sy btconfig_devices 1482A string. 1483An optional list of Bluetooth controllers to configure. 1484.It Sy btconfig_{dev} 1485A string. 1486Additional configuration options for specific Bluetooth controllers. 1487.It Sy btconfig_args 1488A string. 1489Additional configuration options for Bluetooth controllers without 1490specific options as above. 1491.It Sy bthcid 1492Boolean value. 1493If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1494.It Sy sdpd 1495Boolean value. 1496If set to false, disable starting the Bluetooth Service Discovery server. 1497.El 1498.Ss Other daemons 1499.Bl -tag -width net_interfaces 1500.It Sy identd 1501Boolean value. 1502Runs 1503.Xr identd 8 , 1504the daemon for the user identification protocol. 1505Passes 1506.Sy identd_flags . 1507.It Sy iscsi_target 1508Boolean value. 1509Runs the server for iSCSI requests, 1510.Xr iscsi-target 8 . 1511Passes 1512.Sy iscsi_target_flags . 1513.It Sy kdc 1514Boolean value. 1515Runs the 1516.Xr kdc 8 1517Kerberos v4 and v5 server. 1518This should be run on Kerberos master and slave servers. 1519.It Sy rwhod 1520Boolean value. 1521Runs 1522.Xr rwhod 8 1523to support the 1524.Xr rwho 1 1525and 1526.Xr ruptime 1 1527commands. 1528.It Sy autofs 1529Boolean value. 1530If set to 1531.Ql YES , 1532start the 1533.Xr automount 8 1534utility and the 1535.Xr automountd 8 1536and 1537.Xr autounmountd 8 1538daemons at boot time. 1539.It Sy automount_flags 1540A string. 1541If 1542.Sy autofs 1543is set to 1544.Ql YES , 1545these are the flags to pass to the 1546.Xr automount 8 1547program. 1548By default no flags are passed. 1549.It Sy automountd_flags 1550A string. 1551If 1552.Sy autofs 1553is set to 1554.Ql YES , 1555these are the flags to pass to the 1556.Xr automountd 8 1557daemon. 1558By default no flags are passed. 1559.It Sy autounmountd_flags 1560A string. 1561If 1562.Sy autofs 1563is set to 1564.Ql YES , 1565these are the flags to pass to the 1566.Xr autounmountd 8 1567daemon. 1568By default no flags are passed. 1569.El 1570.Ss Hardware daemons 1571.Bl -tag -width net_interfaces 1572.It Sy apmd 1573Boolean value. 1574Runs 1575.Xr apmd 8 1576and passes 1577.Sy apmd_flags . 1578.It Sy irdaattach 1579Boolean value. 1580Runs 1581.Xr irdaattach 8 1582and passes 1583.Sy irdaattach_flags . 1584.It Sy moused 1585Boolean value. 1586Runs 1587.Xr moused 8 , 1588to pass serial mouse data to the wscons mouse mux. 1589Passes 1590.Sy moused_flags . 1591.It Sy screenblank 1592Boolean value. 1593Runs 1594.Xr screenblank 1 1595and passes 1596.Sy screenblank_flags . 1597.It Sy wscons 1598Boolean value. 1599Configures the 1600.Xr wscons 4 1601console driver, from the configuration file 1602.Pa /etc/wscons.conf . 1603.It Sy wsmoused 1604Boolean value. 1605Runs 1606.Xr wsmoused 8 , 1607to provide copy and paste text support in wscons displays. 1608Passes 1609.Sy wsmoused_flags . 1610.El 1611.Sh FILES 1612.Bl -tag -width /etc/defaults/rc.conf -compact 1613.It Pa /etc/rc.conf 1614The file 1615.Nm 1616resides in 1617.Pa /etc . 1618.It Pa /etc/defaults/rc.conf 1619Default settings for 1620.Nm , 1621sourced by 1622.Nm 1623before the end-user configuration section. 1624.It Pa /etc/rc.conf.d/ Ns Ar foo 1625.Ar foo Ns No -specific 1626.Nm 1627overrides. 1628.El 1629.Sh SEE ALSO 1630.Xr boot 8 , 1631.Xr rc 8 , 1632.Xr rc.d 8 , 1633.Xr rc.subr 8 , 1634.Xr rcorder 8 1635.Sh HISTORY 1636The 1637.Nm 1638file appeared in 1639.Nx 1.3 . 1640