1.\" $NetBSD: rc.conf.5,v 1.156 2013/01/13 19:56:13 wiz Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd October 2, 2012 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Sq Ic YES , 127.Sq Ic TRUE , 128.Sq Ic ON 129or 130.Sq Ic 1 131for true, and 132.Sq Ic NO , 133.Sq Ic FALSE , 134.Sq Ic OFF 135or 136.Sq Ic 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with "_flags" appended, and determine what 141arguments are passed to the program if it is enabled. 142.Pp 143If a variable that 144.Xr rc 8 145expects to be set is not set, or the value is not one of the allowed 146values, a warning will be printed. 147.Ss Overall control 148.Bl -tag -width net_interfaces 149.It Sy do_rcshutdown 150Boolean value. 151If false, 152.Xr shutdown 8 153will not run 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_rcorder_flags 156A string. 157Extra arguments to the 158.Xr rcorder 8 159run by 160.Pa /etc/rc.shutdown . 161.It Sy rcshutdown_timeout 162A number. 163If non-blank, use this as the number of seconds to run a watchdog timer for 164which will terminate 165.Pa /etc/rc.shutdown 166if the timer expires before the shutdown script completes. 167.It Sy rc_configured 168Boolean value. 169If false then the system will drop into single-user mode during boot. 170.It Sy rc_fast_and_loose 171If set to a non-empty string, 172each script in 173.Pa /etc/rc.d 174will be executed in the current shell rather than a sub shell. 175This may be faster on slow machines that have an expensive 176.Xr fork 2 177operation. 178.Bl -hang 179.It Em Note : 180Use this at your own risk! 181A rogue command or script may inadvertently prevent boot to multiuser. 182.El 183.It Sy rc_rcorder_flags 184A string. 185Extra arguments to the 186.Xr rcorder 8 187run by 188.Pa /etc/rc . 189.It Sy rc_directories 190A string. 191Space separated list of directories searched for rc scripts. 192The default is 193.Pa /etc/rc.d . 194All directories in 195.Ev rc_directories 196must be located in the root filesystem, otherwise they will be silently 197skipped. 198.It Sy rc_silent 199Boolean value. 200If true then the usual output is suppressed, and 201.Xr rc 8 202invokes the command specified in the 203.Va rc_silent_cmd 204variable once for each line of suppressed output. 205The default value of 206.Va rc_silent 207is set from the 208.Dv AB_SILENT 209flag in the kernel's 210.Va boothowto 211variable (see 212.Xr boot 8 , 213.Xr reboot 2 ) . 214.It Sy rc_silent_cmd 215A command to be executed once per line of suppressed output, when 216.Va rc_silent 217is true. 218The default value of 219.Va rc_silent_cmd 220is 221.Dq twiddle , 222which will display a spinning symbol instead of each line of output. 223Another useful value is 224.Dq \&: , 225which will display nothing at all. 226.El 227.Ss Basic network configuration 228.Bl -tag -width net_interfaces 229.It Sy defaultroute 230A string. 231Default IPv4 network route. 232If empty or not set, then the contents of 233.Pa /etc/mygate 234(if it exists) are used. 235.It Sy defaultroute6 236A string. 237Default IPv6 network route. 238If empty or not set, then the contents of 239.Pa /etc/mygate6 240(if it exists) are used. 241.It Sy domainname 242A string. 243.Tn NIS 244(YP) domain of host. 245If empty or not set, then the contents of 246.Pa /etc/defaultdomain 247(if it exists) are used. 248.It Sy force_down_interfaces 249A space separated list of interface names. 250These interfaces will be configured down when going from multiuser to singleuser 251mode or on system shutdown. 252.Pp 253This is important for some stateful interfaces, for example PPP over ISDN 254connections that cost money by connection time or PPPoE interfaces which 255have no direct means of noticing 256.Dq disconnect 257events. 258.Pp 259All active 260.Xr pppoe 4 261and 262.Xr ippp 4 263interfaces will be automatically added to this list. 264.It Sy hostname 265A string. 266Name of host. 267If empty or not set, then the contents of 268.Pa /etc/myname 269(if it exists) are used. 270.El 271.Ss Boottime file-system and swap configuration 272.Bl -tag -width net_interfaces 273.It Sy critical_filesystems_local 274A string. 275File systems mounted very early in the system boot before networking 276services are available. 277Usually 278.Pa /var 279is part of this, because it is needed by services such as 280.Xr dhclient 8 281which may be required to get the network operational. 282The default is 283.Dq "OPTIONAL:/var" , 284where the 285.Dq "OPTIONAL:" 286prefix means that it's not an error if the file system is not 287present in 288.Xr fstab 5 . 289.It Sy critical_filesystems_remote 290A string. 291File systems such as 292.Pa /usr 293that may require network services to be available to mount, 294that must be available early in the system boot for general services to use. 295The default is 296.Dq "OPTIONAL:/usr" , 297where the 298.Dq "OPTIONAL:" 299prefix means that it is not an error if the file system is not 300present in 301.Xr fstab 5 . 302.It Sy fsck_flags 303A string. 304A file system is checked with 305.Xr fsck 8 306during boot before mounting it. 307This option may be used to override the default command-line options 308passed to the 309.Xr fsck 8 310program. 311.Pp 312When set to 313.Fl y , 314.Xr fsck 8 315assumes yes as the answer to all operator questions during file system checks. 316This might be important with hosts where the administrator does not have 317access to the console and an unsuccessful shutdown must not make the host 318unbootable even if the file system checks would fail in preen mode. 319.It Sy no_swap 320Boolean value. 321Should be true if you have deliberately configured your system with no swap. 322If false and no swap devices are configured, the system will warn you. 323.It Sy swapoff 324Boolean value. 325Remove block-type swap devices at shutdown time. 326Useful if swapping onto RAIDframe devices. 327.El 328.Ss Block device subsystems 329.Bl -tag -width net_interfaces 330.It Sy ccd 331Boolean value. 332Configures concatenated disk devices according to 333.Xr ccd.conf 5 . 334.It Sy cgd 335Boolean value. 336Configures cryptographic disk devices. 337Requires 338.Pa /etc/cgd/cgd.conf . 339See 340.Xr cgdconfig 8 341for additional details. 342.It Sy lvm 343Boolean value. 344Configures the logical volume manager. 345See 346.Xr lvm 8 347for additional details. 348.It Sy raidframe 349Boolean value. 350Configures 351.Xr raid 4 , 352RAIDframe disk devices. 353See 354.Xr raidctl 8 355for additional details. 356.El 357.Ss One-time actions to perform or programs to run on boot-up 358.Bl -tag -width net_interfaces 359.It Sy accounting 360Boolean value. 361Enables process accounting with 362.Xr accton 8 . 363Requires 364.Pa /var/account/acct 365to exist. 366.It Sy clear_tmp 367Boolean value. 368Clear 369.Pa /tmp 370after reboot. 371.It Sy dmesg 372Boolean value. 373Create 374.Pa /var/run/dmesg.boot 375from the output of 376.Xr dmesg 8 . 377Passes 378.Sy dmesg_flags . 379.It Sy envsys 380Boolean value. 381Sets preferences for the environmental systems framework, 382.Xr envsys 4 . 383Requires 384.Pa /etc/envsys.conf , 385which is described in 386.Xr envsys.conf 5 . 387.It Sy gpio 388Boolean value. 389Configure 390.Xr gpio 4 391devices. 392See 393.Xr gpio.conf 5 . 394.It Sy ldconfig 395Boolean value. 396Configures 397.Xr a.out 5 398runtime link editor directory cache. 399.It Sy mixerctl 400Boolean value. 401Read 402.Xr mixerctl.conf 5 403for how to set mixer values. 404List in 405.Sy mixerctl_mixers 406the devices whose settings are to be saved at shutdown and 407restored at start-up. 408.It Sy newsyslog 409Boolean value. 410Run 411.Nm newsyslog 412to trim logfiles before syslogd starts. 413Intended for laptop users. 414Passes 415.Sy newsyslog_flags . 416.It Sy per_user_tmp 417Boolean value. 418Enables a per-user 419.Pa /tmp 420directory. 421.Sy per_user_tmp_dir 422can be used to override the default location of the 423.Dq real 424temporary directories, 425.Dq Pa /private/tmp . 426See 427.Xr security 7 428for additional details. 429.It Sy quota 430Boolean value. 431Checks and enables quotas by running 432.Xr quotacheck 8 433and 434.Xr quotaon 8 . 435.It Sy rndctl 436Boolean value. 437Runs the 438.Xr rndctl 8 439utility one or more times according to the specification in 440.Sy rndctl_flags . 441.Pp 442If 443.Sy rndctl_flags 444does not contain a semicolon 445.Pq Ql \&; 446then it is expected to contain zero or more flags, 447followed by one or more device or type names. 448The 449.Xr rndctl 8 450command will be executed once for each device or type name. 451If the specified flags do not include any of 452.Fl c , C , e , 453or 454.Fl E , 455then the flags 456.Fl c 457and 458.Fl e 459are added, to specify that entropy from the relevant device or type 460should be both collected and estimated. 461If the specified flags do not include either of 462.Fl d 463or 464.Fl t , 465then the flag 466.Fl d 467is added, to specify that the non-flag arguments are device names, 468not type names. 469.Pp 470.Sy rndctl_flags 471may contain multiple semicolon-separated segments, in which each 472segment contains flags and device or type names as described above. 473This allows different flags to be associated with different 474device or type names. 475For example, given 476.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 477the following commands will be executed: 478.Li "rndctl -c -e -d wd0" ; 479.Li "rndctl -c -e -d wd1" ; 480.Li "rndctl -c -e -t tty" ; 481.Li "rndctl -c -t net" . 482.It Sy rtclocaltime 483Boolean value. 484Sets the real time clock to local time by adjusting the 485.Xr sysctl 7 486value of 487.Pa kern.rtc_offset . 488The offset from UTC is calculated automatically according 489to the time zone information in the file 490.Pa /etc/localtime . 491.It Sy savecore 492Boolean value. 493Runs the 494.Xr savecore 8 495utility. 496Passes 497.Sy savecore_flags . 498The directory where crash dumps are stored is specified by 499.Sy savecore_dir . 500The default setting is 501.Dq Pa /var/crash . 502.It Sy sysdb 503Boolean value. 504Builds various system databases, including 505.Pa /var/run/dev.cdb , 506.Pa /etc/spwd.db , 507.Pa /var/db/netgroup.db , 508.Pa /var/db/services.cdb , 509and entries for 510.Xr utmp 5 . 511.It Sy tpctl 512Boolean value. 513Run 514.Xr tpctl 8 515to calibrate touch panel device. 516Passes 517.Sy tpctl_flags . 518.It Sy update_motd 519Boolean value. 520Updates the 521.Nx 522version string in the 523.Pa /etc/motd 524file to reflect the version of the running kernel. 525See 526.Xr motd 5 . 527.It Sy virecover 528Boolean value. 529Send notification mail to users if any recoverable files exist in 530.Pa /var/tmp/vi.recover . 531Read 532.Xr virecover 8 533for more information. 534.It Sy wdogctl 535Boolean value. 536Configures watchdog timers. 537Passes 538.Sy wdogctl_flags . 539Refer to 540.Xr wdogctl 8 541for information on how to configure a timer. 542.El 543.Ss System security settings 544.Bl -tag -width net_interfaces 545.It Sy securelevel 546A number. 547The system securelevel is set to the specified value early 548in the boot process, before any external logins, or other programs 549that run users job, are started. 550If set to nothing, the default action is taken, as described in 551.Xr init 8 552and 553.Xr secmodel_securelevel 9 , 554which contains definitive information about the system securelevel. 555Note that setting 556.Sy securelevel 557to 0 in 558.Nm 559will actually result in the system booting with securelevel set to 1, as 560.Xr init 8 561will raise the level when 562.Xr rc 8 563completes. 564.It Sy permit_nonalpha 565Boolean value. 566Allow passwords to include non-alpha characters, usually to allow 567NIS/YP netgroups. 568.It Sy veriexec 569Boolean value. 570Load Veriexec fingerprints during startup. 571Read 572.Xr veriexecctl 8 573for more information. 574.It Sy veriexec_strict 575A number. 576Controls the strict level of Veriexec. 577Level 0 is learning mode, used when building the signatures file. 578It will only output messages but will not enforce anything. 579Level 1 will only prevent access to files with a fingerprint 580mismatch. 581Level 2 will also deny writing to and removing of 582monitored files, as well as enforce access type (as specified in 583the signatures file). 584Level 3 will take a step further and prevent 585access to files that are not monitored. 586.It Sy veriexec_verbose 587A number. 588Controls the verbosity of Veriexec. 589Recommended operation is at level 0, verbose output (mostly used when 590building the signatures file) is at level 1. 591Level 2 is for debugging only and should not be used. 592.It Sy veriexec_flags 593A string. 594Flags to pass to the 595.Nm veriexecctl 596command. 597.El 598.Ss Networking startup 599.Bl -tag -width net_interfaces 600.It Sy altqd 601Boolean value. 602ALTQ configuration/monitoring daemon. 603Passes 604.Sy altqd_flags . 605.It Sy auto_ifconfig 606Boolean value. 607Sets the 608.Sy net_interfaces 609variable (see below) to the output of 610.Xr ifconfig 8 611with the 612.Dq Li -l 613flag and suppresses warnings about interfaces in this list that 614do not have an ifconfig file or variable. 615.It Sy dhclient 616Boolean value. 617Set true to configure some or all network interfaces using 618the ISC DHCP client. 619If you set 620.Sy dhclient 621true, then 622.Pa /var 623must be in 624.Sy critical_filesystems_local , 625or 626.Pa /var 627must be on the root file system, 628or you must modify the 629.Sy dhclient_flags 630variable to direct the DHCP client to store the leases file 631in some other directory on the root file system. 632You must not provide ifconfig information or ifaliases 633information for any interface that is to be configured using the DHCP client. 634Interface aliases can be set up in the DHCP client configuration 635file if needed - see 636.Xr dhclient.conf 5 637for details. 638.Pp 639Passes 640.Sy dhclient_flags 641to the DHCP client. 642See 643.Xr dhclient 8 644for complete documentation. 645If you wish to configure all broadcast 646network interfaces using the DHCP client, you can leave this blank. 647To configure only specific interfaces, name the interfaces to be configured 648on the command line. 649.Pp 650If you must run the DHCP client before mounting critical file systems, 651then you should specify an alternate location for the DHCP client's lease 652file in the 653.Sy dhclient_flags 654variable - for example, "-lf /tmp/dhclient.leases". 655.It Sy dhcpcd 656Boolean value. 657Set true to configure some or all network interfaces using dhcpcd. 658If you set 659.Sy dhcpcd 660true, then 661.Pa /var 662must be in 663.Sy critical_filesystems_local , 664or 665.Pa /var 666must be on the root file system. 667If you need to restrict dhcpcd to one or a number of interfaces, 668or need a separate configuration per interface, 669then this should be done in the configuration file - see 670.Xr dhcpcd.conf 5 671for details. 672.It Sy dhcpcd_flags 673Passes 674.Sy dhcpcd_flags 675to dhcpcd. 676See 677.Xr dhcpcd 8 678for complete documentation. 679.It Sy flushroutes 680Boolean value. 681Flushes the route table on networking startup. 682Useful when coming up to multiuser mode after going down to 683single-user mode. 684.It Sy ftp_proxy 685Boolean value. 686Runs 687.Xr ftp-proxy 8 , 688the proxy daemon for the Internet File Transfer Protocol. 689.It Sy hostapd 690Boolean value. 691Runs 692.Xr hostapd 8 , 693the authenticator for IEEE 802.11 networks. 694.It Sy ifaliases_* 695A string. 696List of 697.Sq Em "address netmask" 698pairs to configure additional network addresses for the given 699configured interface 700.Dq * 701(e.g. 702.Sy ifaliases_le0 ) . 703If 704.Em netmask 705is 706.Dq - , 707then use the default netmask for the interface. 708.Pp 709.Sy ifaliases_* 710covers limited cases only and is considered unrecommended. 711We recommend using 712.Sy ifconfig_nnX 713variables or 714.Pa /etc/ifconfig.xxN 715files with multiple lines instead. 716.It Sy ifwatchd 717Boolean value. 718Monitor dynamic interfaces and perform actions upon address changes. 719Passes 720.Sy ifwatchd_flags . 721.It Sy ip6mode 722A string. 723An IPv6 node can be a router 724.Pq nodes that forward packet for others 725or a host 726.Pq nodes that do not forward . 727A host can be autoconfigured 728based on the information advertised by adjacent IPv6 routers. 729By setting 730.Sy ip6mode 731to 732.Dq Li router , 733.Dq Li host , 734or 735.Dq Li autohost , 736you can configure your node as a router, 737a non-autoconfigured host, or an autoconfigured host. 738Invalid values will be ignored, and the node will be configured as 739a non-autoconfigured host. 740You may want to check 741.Sy rtsol 742and 743.Sy rtsold 744as well, if you set the variable to 745.Dq Li autohost . 746.It Sy ip6uniquelocal 747Boolean value. 748If 749.Sy ip6mode 750is equal to 751.Dq Li router , 752and 753.Sy ip6uniquelocal 754is false, 755a reject route will be installed on boot to avoid misconfiguration relating 756to unique-local addresses. 757If 758.Sy ip6uniquelocal 759is true, the reject route won't be installed. 760.It Sy ipfilter 761Boolean value. 762Runs 763.Xr ipf 8 764to load in packet filter specifications from 765.Pa /etc/ipf.conf 766at network boot time, before any interfaces are configured. 767Passes 768.Sy ipfilter_flags . 769See 770.Xr ipf.conf 5 . 771.It Sy ipfs 772Boolean value. 773Runs 774.Xr ipfs 8 775to save and restore information for ipnat and ipfilter state tables. 776The information is stored in 777.Pa /var/db/ipf/ipstate.ipf 778and 779.Pa /var/db/ipf/ipnat.ipf . 780Passes 781.Sy ipfs_flags . 782.It Sy ipmon 783Boolean value. 784Runs 785.Xr ipmon 8 786to read 787.Xr ipf 8 788packet log information and log it to a file or the system log. 789Passes 790.Sy ipmon_flags . 791.It Sy ipmon_flags 792A string. 793Specifies arguments to supply to 794.Xr ipmon 8 . 795Defaults to 796.Dq Li -ns . 797A typical example would be 798.Dq Fl nD Pa /var/log/ipflog 799to have 800.Xr ipmon 8 801log directly to a file bypassing 802.Xr syslogd 8 . 803If the 804.Dq -D 805argument is used, remember to modify 806.Pa /etc/newsyslog.conf 807accordingly; for example: 808.Bd -literal 809/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 810.Ed 811.It Sy ipnat 812Boolean value. 813Runs 814.Xr ipnat 8 815to load in the IP network address translation (NAT) rules from 816.Pa /etc/ipnat.conf 817at network boot time, before any interfaces are configured. 818See 819.Xr ipnat.conf 5 . 820.It Sy ipsec 821Boolean value. 822Runs 823.Xr setkey 8 824to load in IPsec manual keys and policies from 825.Pa /etc/ipsec.conf 826at network boot time, before any interfaces are configured. 827.It Sy net_interfaces 828A string. 829The list of network interfaces to be configured at boot time. 830For each interface "xxN", the system first looks for ifconfig 831parameters in the variable 832.Sy ifconfig_xxN , 833and then in the file 834.Pa /etc/ifconfig.xxN . 835If 836.Sy auto_ifconfig 837is false, and neither the variable nor the file is found, 838a warning is printed. 839Information in either the variable or the file is parsed identically, 840except that, if an 841.Sy ifconfig_xxN 842variable contains a single line with embedded semicolons, 843then the value is split into multiple lines prior to further parsing, 844treating the semicolon as a line separator. 845.Pp 846One common case it to set the 847.Sy ifconfig_xxN 848variable to a set of arguments to be passed to an 849.Xr ifconfig 8 850command after the interface name. 851Refer to 852.Xr ifconfig.if 5 853for more details on 854.Pa /etc/ifconfig.xxN 855files, and note that the information there also applies to 856.Sy ifconfig_xxN 857variables (after the variables are split into lines). 858.It Sy ntpdate 859Boolean value. 860Runs 861.Xr ntpdate 8 862to set the system time from one of the hosts in 863.Sy ntpdate_hosts . 864If 865.Sy ntpdate_hosts 866is empty, it will attempt to find a list of hosts in 867.Pa /etc/ntp.conf . 868Passes 869.Sy ntpdate_flags . 870.It Sy pf 871Boolean value. 872Enable 873.Xr pf 4 874at network boot time: 875Load the initial configuration 876.Xr pf.boot.conf 5 877before the network is up. 878After the network has been configured, then load the final ruleset 879.Xr pf.conf 5 . 880.It Sy pf_rules 881A string. 882The path of the 883.Xr pf.conf 5 884ruleset that will be used when loading the final ruleset. 885.It Sy pflogd 886Boolean value. 887Run 888.Xr pflogd 8 889for dumping packet filter logging information to a file. 890.It Sy ppp 891A boolean. 892Toggles starting 893.Xr pppd 8 894on startup. 895See 896.Sy ppp_peers 897below. 898.It Sy ppp_peers 899A string. 900If 901.Sy ppp 902is true and 903.Sy ppp_peers 904is not empty, then 905.Pa /etc/rc.d/ppp 906will check each word in 907.Sy ppp_peers 908for a corresponding ppp configuration file in 909.Pa /etc/ppp/peers 910and will call 911.Xr pppd 8 912with the 913.Dq call Sy peer 914option. 915.It Sy racoon 916Boolean value. 917Runs 918.Xr racoon 8 , 919the IKE (ISAKMP/Oakley) key management daemon. 920.It Sy rtsol 921Boolean value. 922Run 923.Xr rtsol 8 , 924router solicitation command for IPv6 hosts. 925On nomadic hosts like notebook computers, you may want to enable 926.Sy rtsold 927as well. 928Passes 929.Sy rtsol_flags . 930This is only for autoconfigured IPv6 hosts, so set 931.Sy ip6mode 932to 933.Dq Li autohost 934if you use it. 935.It Sy wpa_supplicant 936Boolean value. 937Run 938.Xr wpa_supplicant 8 , 939WPA/802.11i Supplicant for wireless network devices. 940If you set 941.Sy wpa_supplicant 942true, then 943.Pa /usr 944must be in 945.Sy critical_filesystems_local , 946or 947.Pa /usr 948must be on the root file system. 949.El 950.Ss Daemons required by other daemons 951.Bl -tag -width net_interfaces 952.It Sy inetd 953Boolean value. 954Runs the 955.Xr inetd 8 956daemon to start network server processes (as listed in 957.Pa /etc/inetd.conf ) 958as necessary. 959Passes 960.Sy inetd_flags . 961The 962.Dq Li -l 963flag turns on libwrap connection logging. 964.It Sy rpcbind 965Boolean value. 966The 967.Xr rpcbind 8 968daemon is required for any 969.Xr rpc 3 970services. 971These include NFS, 972.Tn NIS , 973.Xr rpc.bootparamd 8 , 974.Xr rpc.rstatd 8 , 975.Xr rpc.rusersd 8 , 976and 977.Xr rpc.rwalld 8 . 978Passes 979.Sy rpcbind_flags . 980.El 981.Ss Commonly used daemons 982.Bl -tag -width net_interfaces 983.It Sy cron 984Boolean value. 985Run 986.Xr cron 8 . 987.It Sy ftpd 988Boolean value. 989Runs the 990.Xr ftpd 8 991daemon and passes 992.Sy ftpd_flags . 993.It Sy httpd 994Boolean value. 995Runs the 996.Xr httpd 8 997daemon and passes 998.Sy httpd_flags . 999.It Sy httpd_wwwdir 1000A string. 1001The 1002.Xr httpd 8 1003WWW root directory. 1004Used only if 1005.Sy httpd 1006is true. 1007The default setting is 1008.Dq Pa /var/www . 1009.It Sy httpd_wwwuser 1010A string. 1011If non-blank and 1012.Sy httpd 1013is true, run 1014.Xr httpd 8 1015and cause it to switch to the specified user after initialization. 1016It is preferred to 1017.Sy httpd_user 1018because 1019.Xr httpd 8 1020is requiring extra privileges to start listening on default port 80. 1021The default setting is 1022.Dq Dv _httpd . 1023.It Sy lpd 1024Boolean value. 1025Runs 1026.Xr lpd 8 1027and passes 1028.Sy lpd_flags . 1029The 1030.Dq Li -l 1031flag will turn on extra logging. 1032.It Sy mdnsd 1033Boolean value. 1034Runs 1035.Xr mdnsd 8 . 1036.It Sy named 1037Boolean value. 1038Runs 1039.Xr named 8 1040and passes 1041.Sy named_flags . 1042.It Sy named_chrootdir 1043A string. 1044If non-blank and 1045.Sy named 1046is true, run 1047.Xr named 8 1048as the unprivileged user and group 1049.Sq named , 1050.Xr chroot 2 Ns ed 1051to 1052.Sy named_chrootdir . 1053.Sy named_chrootdir Ns Pa /var/run/log 1054will be added to the list of log sockets that 1055.Xr syslogd 8 1056listens to. 1057.It Sy ntpd 1058Boolean value. 1059Runs 1060.Xr ntpd 8 1061and passes 1062.Sy ntpd_flags . 1063.It Sy ntpd_chrootdir 1064A string. 1065If non-blank and 1066.Sy ntpd 1067is true, run 1068.Xr ntpd 8 1069as the unprivileged user and group 1070.Sq ntpd , 1071.Xr chroot 2 Ns ed 1072to 1073.Sy ntpd_chrootdir . 1074.Sy ntpd_chrootdir Ns Pa /var/run/log 1075will be added to the list of log sockets that 1076.Xr syslogd 8 1077listens to. 1078This option requires that the kernel has 1079.Dl pseudo-device clockctl 1080compiled in, and that 1081.Pa /dev/clockctl 1082is present. 1083.It Sy postfix 1084Boolean value. 1085Starts 1086.Xr postfix 1 1087mail system. 1088.It Sy sshd 1089Boolean value. 1090Runs 1091.Xr sshd 8 1092and passes 1093.Sy sshd_flags . 1094.It Sy syslogd 1095Boolean value. 1096Runs 1097.Xr syslogd 8 1098and passes 1099.Sy syslogd_flags . 1100.It Sy timed 1101Boolean value. 1102Runs 1103.Xr timed 8 1104and passes 1105.Sy timed_flags . 1106The 1107.Dq Li -M 1108option allows 1109.Xr timed 8 1110to be a master time source as well as a slave. 1111If you are also running 1112.Xr ntpd 8 , 1113only one machine running both should have the 1114.Dq Li -M 1115flag given to 1116.Xr timed 8 . 1117.El 1118.Ss Routing daemons 1119.Bl -tag -width net_interfaces 1120.It Sy mrouted 1121Boolean value. 1122Runs 1123.Xr mrouted 8 , 1124the DVMRP multicast routing protocol daemon. 1125Passes 1126.Sy mrouted_flags . 1127.It Sy route6d 1128Boolean value. 1129Runs 1130.Xr route6d 8 , 1131the RIPng routing protocol daemon for IPv6. 1132Passes 1133.Sy route6d_flags . 1134.It Sy routed 1135Boolean value. 1136Runs 1137.Xr routed 8 , 1138the RIP routing protocol daemon. 1139Passes 1140.Sy routed_flags . 1141.\" This should be false 1142.\" if 1143.\" .Sy gated 1144.\" is true. 1145.It Sy rtsold 1146Boolean value. 1147Runs 1148.Xr rtsold 8 , 1149the IPv6 router solicitation daemon. 1150.Xr rtsold 8 1151periodically transmits router solicitation packets 1152to find IPv6 routers on the network. 1153This configuration is mainly for nomadic hosts like notebook computers. 1154Stationary hosts should work fine with just 1155.Sy rtsol . 1156Passes 1157.Sy rtsold_flags . 1158This is only for autoconfigured IPv6 hosts, so set 1159.Sy ip6mode 1160to 1161.Dq Li autohost 1162if you use it. 1163.El 1164.Ss Daemons used to boot other hosts over a network 1165.Bl -tag -width net_interfaces 1166.It Sy bootparamd 1167Boolean value. 1168Runs 1169.Xr bootparamd 8 , 1170the boot parameter server, with 1171.Sy bootparamd_flags 1172as options. 1173Used to boot 1174.Nx 1175and 1176.Tn "SunOS 4.x" 1177systems. 1178.It Sy dhcpd 1179Boolean value. 1180Runs 1181.Xr dhcpd 8 , 1182the Dynamic Host Configuration Protocol (DHCP) daemon, 1183for assigning IP addresses to hosts and passing boot information. 1184Passes 1185.Sy dhcpd_flags . 1186.It Sy dhcrelay 1187Boolean value. 1188Runs 1189.Xr dhcrelay 8 . 1190Passes 1191.Sy dhcrelay_flags . 1192.It Sy mopd 1193Boolean value. 1194Runs 1195.Xr mopd 8 , 1196the 1197.Tn DEC 1198.Tn MOP 1199protocol daemon; used for booting 1200.Tn VAX 1201and other 1202.Tn DEC 1203machines. 1204Passes 1205.Sy mopd_flags . 1206.It Sy ndbootd 1207Boolean value. 1208Runs 1209.Xr ndbootd 8 , 1210the Sun Network Disk (ND) Protocol server. 1211Passes 1212.Sy ndbootd_flags . 1213.It Sy rarpd 1214Boolean value. 1215Runs 1216.Xr rarpd 8 , 1217the reverse ARP daemon, often used to boot 1218.Nx 1219and Sun workstations. 1220Passes 1221.Sy rarpd_flags . 1222.It Sy rbootd 1223Boolean value. 1224Runs 1225.Xr rbootd 8 , 1226the 1227.Tn HP 1228boot protocol daemon; used for booting 1229.Tn HP 1230workstations. 1231Passes 1232.Sy rbootd_flags . 1233.It Sy rtadvd 1234Boolean value. 1235Runs 1236.Xr rtadvd 8 , 1237the IPv6 router advertisement daemon, which is used to advertise 1238information about the subnet to IPv6 end hosts. 1239Passes 1240.Sy rtadvd_flags . 1241This is only for IPv6 routers, so set 1242.Sy ip6mode 1243to 1244.Dq Li router 1245if you use it. 1246.El 1247.Ss X Window System daemons 1248.Bl -tag -width net_interfaces 1249.It Sy xdm 1250Boolean value. 1251Runs the 1252.Xr xdm 1 1253X display manager. 1254These X daemons are available only with the optional X distribution of 1255.Nx . 1256.It Sy xfs 1257Boolean value. 1258Runs the 1259.Xr xfs 1 1260X11 font server, which supplies local X font files to X terminals. 1261.El 1262.Ss NIS (YP) daemons 1263.Bl -tag -width net_interfaces 1264.It Sy ypbind 1265Boolean value. 1266Runs 1267.Xr ypbind 8 , 1268which lets 1269.Tn NIS 1270(YP) clients use information from a 1271.Tn NIS 1272server. 1273Passes 1274.Sy ypbind_flags . 1275.It Sy yppasswdd 1276Boolean value. 1277Runs 1278.Xr yppasswdd 8 , 1279which allows remote 1280.Tn NIS 1281users to update password on master server. 1282Passes 1283.Sy yppasswdd_flags . 1284.It Sy ypserv 1285Boolean value. 1286Runs 1287.Xr ypserv 8 , 1288the 1289.Tn NIS 1290(YP) server for distributing information from certain files in 1291.Pa /etc . 1292Passes 1293.Sy ypserv_flags . 1294The 1295.Dq Li -d 1296flag causes it to use DNS for lookups in 1297.Pa /etc/hosts 1298that fail. 1299.El 1300.Ss NFS daemons and parameters 1301.Bl -tag -width net_interfaces 1302.It Sy amd 1303Boolean value. 1304Runs 1305.Xr amd 8 , 1306the automounter daemon, which automatically mounts NFS file systems 1307whenever a file or directory within that file system is accessed. 1308Passes 1309.Sy amd_flags . 1310.It Sy amd_dir 1311A string. 1312The 1313.Xr amd 8 1314mount directory. 1315Used only if 1316.Sy amd 1317is true. 1318.It Sy lockd 1319Boolean value. 1320Runs 1321.Xr rpc.lockd 8 1322if 1323.Sy nfs_server 1324and/or 1325.Sy nfs_client 1326are true. 1327Passes 1328.Sy lockd_flags . 1329.It Sy mountd 1330Boolean value. 1331Runs 1332.Xr mountd 8 1333and passes 1334.Sy mountd_flags . 1335.It Sy nfs_client 1336Boolean value. 1337The number of local NFS asynchronous I/O server is now controlled via 1338.Xr sysctl 8 . 1339.It Sy nfs_server 1340Boolean value. 1341Sets up a host to be a NFS server by running 1342.Xr nfsd 8 1343and passing 1344.Sy nfsd_flags . 1345.It Sy statd 1346Boolean value. 1347Runs 1348.Xr rpc.statd 8 , 1349a status monitoring daemon used when 1350.Xr rpc.lockd 8 1351is running, if 1352.Sy nfs_server 1353and/or 1354.Sy nfs_client 1355are true. 1356Passes 1357.Sy statd_flags . 1358.El 1359.Ss Bluetooth support 1360.Bl -tag -width net_interfaces 1361.It Sy bluetooth 1362Boolean value. 1363Configure Bluetooth support, comprising the following tasks: 1364.Bl -dash -compact 1365.It 1366attach serial Bluetooth controllers as listed in the 1367.Pa /etc/bluetooth/btdevctl.conf 1368configuration file. 1369.It 1370enable Bluetooth controllers with useful defaults, plus 1371additional options as detailed below. 1372.It 1373optionally, start 1374.Xr bthcid 8 , 1375the Bluetooth Link Key/PIN Code manager, passing 1376.Sy bthcid_flags . 1377.It 1378configure local Bluetooth drivers as listed in the 1379.Pa /etc/bluetooth/btdevctl.conf 1380configuration file. 1381.It 1382optionally, start 1383.Xr sdpd 8 , 1384the Service Discovery server, passing 1385.Sy sdpd_flags . 1386.El 1387.It Sy btconfig_devices 1388A string. 1389An optional list of Bluetooth controllers to configure. 1390.It Sy btconfig_{dev} 1391A string. 1392Additional configuration options for specific Bluetooth controllers. 1393.It Sy btconfig_args 1394A string. 1395Additional configuration options for Bluetooth controllers without 1396specific options as above. 1397.It Sy bthcid 1398Boolean value. 1399If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1400.It Sy sdpd 1401Boolean value. 1402If set to false, disable starting the Bluetooth Service Discovery server. 1403.El 1404.Ss Other daemons 1405.Bl -tag -width net_interfaces 1406.It Sy identd 1407Boolean value. 1408Runs 1409.Xr identd 8 , 1410the daemon for the user identification protocol. 1411Passes 1412.Sy identd_flags . 1413.It Sy iscsi_target 1414Boolean value. 1415Runs the server for iSCSI requests, 1416.Xr iscsi-target 8 . 1417Passes 1418.Sy iscsi_target_flags . 1419.It Sy isdnd 1420Boolean value. 1421Runs 1422.Xr isdnd 8 , 1423the isdn4bsd ISDN connection management daemon. 1424Passes 1425.Sy isdnd_flags . 1426.It Sy isdn_autoupdown 1427Boolean value. 1428Set all configured ISDN interfaces to 1429.Dq up . 1430If 1431.Sy isdn_interfaces 1432is not blank, only the listed interfaces will be modified. 1433Used only if 1434.Sy isdnd 1435is true. 1436.It Sy kdc 1437Boolean value. 1438Runs the 1439.Xr kdc 8 1440Kerberos v4 and v5 server. 1441This should be run on Kerberos master and slave servers. 1442.It Sy rwhod 1443Boolean value. 1444Runs 1445.Xr rwhod 8 1446to support the 1447.Xr rwho 1 1448and 1449.Xr ruptime 1 1450commands. 1451.El 1452.Ss Hardware daemons 1453.Bl -tag -width net_interfaces 1454.It Sy apmd 1455Boolean value. 1456Runs 1457.Xr apmd 8 1458and passes 1459.Sy apmd_flags . 1460.It Sy irdaattach 1461Boolean value. 1462Runs 1463.Xr irdaattach 8 1464and passes 1465.Sy irdaattach_flags . 1466.It Sy moused 1467Boolean value. 1468Runs 1469.Xr moused 8 , 1470to pass serial mouse data to the wscons mouse mux. 1471Passes 1472.Sy moused_flags . 1473.It Sy screenblank 1474Boolean value. 1475Runs 1476.Xr screenblank 1 1477and passes 1478.Sy screenblank_flags . 1479.It Sy wscons 1480Boolean value. 1481Configures the 1482.Xr wscons 4 1483console driver, from the configuration file 1484.Pa /etc/wscons.conf . 1485.It Sy wsmoused 1486Boolean value. 1487Runs 1488.Xr wsmoused 8 , 1489to provide copy and paste text support in wscons displays. 1490Passes 1491.Sy wsmoused_flags . 1492.El 1493.Sh FILES 1494.Bl -tag -width /etc/defaults/rc.conf -compact 1495.It Pa /etc/rc.conf 1496The file 1497.Nm 1498resides in 1499.Pa /etc . 1500.It Pa /etc/defaults/rc.conf 1501Default settings for 1502.Nm , 1503sourced by 1504.Nm 1505before the end-user configuration section. 1506.It Pa /etc/rc.conf.d/ Ns Ar foo 1507.Ar foo Ns No -specific 1508.Nm 1509overrides. 1510.El 1511.Sh SEE ALSO 1512.Xr boot 8 , 1513.Xr rc 8 , 1514.Xr rc.d 8 , 1515.Xr rc.subr 8 , 1516.Xr rcorder 8 1517.Sh HISTORY 1518The 1519.Nm 1520file appeared in 1521.Nx 1.3 . 1522