1.\" $NetBSD: rc.conf.5,v 1.181 2019/06/03 06:04:20 msaitoh Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd June 3, 2019 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Ql YES , 127.Ql TRUE , 128.Ql ON 129or 130.Ql 1 131for true, and 132.Ql NO , 133.Ql FALSE , 134.Ql OFF 135or 136.Ql 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with 141.Dq _flags 142appended, and determine what 143arguments are passed to the program if it is enabled. 144.Pp 145If a variable that 146.Xr rc 8 147expects to be set is not set, or the value is not one of the allowed 148values, a warning will be printed. 149.Ss Overall control 150.Bl -tag -width net_interfaces 151.It Sy do_rcshutdown 152Boolean value. 153If false, 154.Xr shutdown 8 155will not run 156.Pa /etc/rc.shutdown . 157.It Sy rcshutdown_rcorder_flags 158A string. 159Extra arguments to the 160.Xr rcorder 8 161run by 162.Pa /etc/rc.shutdown . 163.It Sy rcshutdown_timeout 164A number. 165If non-blank, use this as the number of seconds to run a watchdog timer for 166which will terminate 167.Pa /etc/rc.shutdown 168if the timer expires before the shutdown script completes. 169.It Sy rc_configured 170Boolean value. 171If false then the system will drop into single-user mode during boot. 172.It Sy rc_fast_and_loose 173If set to a non-empty string, 174each script in 175.Pa /etc/rc.d 176will be executed in the current shell rather than a sub shell. 177This may be faster on slow machines that have an expensive 178.Xr fork 2 179operation. 180.Bl -hang 181.It Em Note : 182Use this at your own risk! 183A rogue command or script may inadvertently prevent boot to multiuser. 184.El 185.It Sy rc_rcorder_flags 186A string. 187Extra arguments to the 188.Xr rcorder 8 189run by 190.Pa /etc/rc . 191.It Sy rc_directories 192A string. 193Space separated list of directories searched for rc scripts. 194The default is 195.Pa /etc/rc.d . 196All directories in 197.Ev rc_directories 198must be located in the root file system, otherwise they will be silently 199skipped. 200.It Sy rc_silent 201Boolean value. 202If true then the usual output is suppressed, and 203.Xr rc 8 204invokes the command specified in the 205.Va rc_silent_cmd 206variable once for each line of suppressed output. 207The default value of 208.Va rc_silent 209is set from the 210.Dv AB_SILENT 211flag in the kernel's 212.Va boothowto 213variable (see 214.Xr boot 8 , 215.Xr reboot 2 ) . 216.It Sy rc_silent_cmd 217A command to be executed once per line of suppressed output, when 218.Va rc_silent 219is true. 220The default value of 221.Va rc_silent_cmd 222is 223.Ql twiddle , 224which will display a spinning symbol instead of each line of output. 225Another useful value is 226.Ql \&: , 227which will display nothing at all. 228.El 229.Ss Basic network configuration 230.Bl -tag -width net_interfaces 231.It Sy defaultroute 232A string. 233Default IPv4 network route. 234If empty or not set, then the contents of 235.Pa /etc/mygate 236(if it exists) are used. 237.It Sy defaultroute6 238A string. 239Default IPv6 network route. 240If empty or not set, then the contents of 241.Pa /etc/mygate6 242(if it exists) are used. 243.It Sy domainname 244A string. 245NIS (YP) domain of host. 246If empty or not set, then the contents of 247.Pa /etc/defaultdomain 248(if it exists) are used. 249.It Sy force_down_interfaces 250A space separated list of interface names. 251These interfaces will be configured down when going from multiuser to single-user 252mode or on system shutdown. 253.It Sy dns_domain 254A string. 255Sets domain in 256.Pa /etc/resolv.conf . 257.It Sy dns_search 258A string. 259Sets search in 260.Pa /etc/resolv.conf . 261.It Sy dns_nameservers 262A string of space separated domain name servers. 263Sets nameserver for each value in 264.Pa /etc/resolv.conf . 265.It Sy dns_sortlist 266A string. 267Sets sortlist in 268.Pa /etc/resolv.conf . 269.It Sy dns_options 270A string. 271Sets options in 272.Pa /etc/resolv.conf . 273.It Sy dns_metric 274An unsigned integer. 275Sets the priority of the above DNS to other sources, lowest wins. 276Defaults to 0. 277.Pp 278This is important for some stateful interfaces, for example PPPoE interfaces 279which have no direct means of noticing 280.Dq disconnect 281events. 282.Pp 283All active 284.Xr pppoe 4 285interfaces will be automatically added to this list. 286.It Sy hostname 287A string. 288Name of host. 289If empty or not set, then the contents of 290.Pa /etc/myname 291(if it exists) are used. 292.El 293.Ss Boottime file-system and swap configuration 294.Bl -tag -width net_interfaces 295.It Sy critical_filesystems_local 296A string. 297File systems mounted very early in the system boot before networking 298services are available. 299Usually 300.Pa /var 301is part of this, because it is needed by services such as 302.Xr dhcpcd 8 303which may be required to get the network operational. 304The default is 305.Ql "OPTIONAL:" Ns Pa /var , 306where the 307.Ql "OPTIONAL:" 308prefix means that it's not an error if the file system is not 309present in 310.Xr fstab 5 . 311.It Sy critical_filesystems_remote 312A string. 313File systems such as 314.Pa /usr 315that may require network services to be available to mount, 316that must be available early in the system boot for general services to use. 317The default is 318.Ql "OPTIONAL:" Ns Pa /usr , 319where the 320.Ql "OPTIONAL:" 321prefix means that it is not an error if the file system is not 322present in 323.Xr fstab 5 . 324.It Sy fsck_flags 325A string. 326A file system is checked with 327.Xr fsck 8 328during boot before mounting it. 329This option may be used to override the default command-line options 330passed to the 331.Xr fsck 8 332program. 333.Pp 334When set to 335.Fl y , 336.Xr fsck 8 337assumes yes as the answer to all operator questions during file system checks. 338This might be important with hosts where the administrator does not have 339access to the console and an unsuccessful shutdown must not make the host 340unbootable even if the file system checks would fail in preen mode. 341.It Sy no_swap 342Boolean value. 343Should be true if you have deliberately configured your system with no swap. 344If false and no swap devices are configured, the system will warn you. 345.It Sy resize_root 346Boolean value. 347Set to true to have the system resize the root file system to fill its 348partition. 349Will only attempt to resize the root file system if it is of type ffs and does 350not have logging enabled. 351Defaults to false. 352.It Sy swapoff 353Boolean value. 354Remove block-type swap devices at shutdown time. 355Useful if swapping onto RAIDframe devices. 356.It Sy swapoff_umount 357.Dq "auto" 358or 359.Dq "manual" . 360Before removing block-type swap devices, it is wise to unmount tmpfs filesystems to avoid having to swap their contents back into RAM. 361By default 362.Dq ( "auto" ) 363all tmpfs filesystems that contain no device nodes are unmounted. 364Set to 365.Dq "manual" 366to explicitly specify which filesystems to unmount before removing swap. 367.It Sy swapoff_umount_fs 368A space-separated list of absolute paths to tmpfs mount points. 369If 370.Sy swapoff_umount 371is set to 372.Dq "manual" , 373these tmpfs filesystems will be forcibly unmounted before removing block-type 374swap devices. 375.It Sy var_shm_symlink 376A path. 377If set, names a path that 378.Pa /var/shm 379will be symlinked to. 380.Pp 381The path needs to live on a tmpfs file system. 382A typical value (assuming 383.Pa /tmp 384is mounted on tmpfs) would be 385.Pa /tmp/.shm . 386.El 387.Ss Block device subsystems 388.Bl -tag -width net_interfaces 389.It Sy ccd 390Boolean value. 391Configures concatenated disk devices according to 392.Xr ccd.conf 5 . 393.It Sy cgd 394Boolean value. 395Configures cryptographic disk devices. 396Requires 397.Pa /etc/cgd/cgd.conf . 398See 399.Xr cgdconfig 8 400for additional details. 401.It Sy lvm 402Boolean value. 403Configures the logical volume manager. 404See 405.Xr lvm 8 406for additional details. 407.It Sy raidframe 408Boolean value. 409Configures 410.Xr raid 4 , 411RAIDframe disk devices. 412See 413.Xr raidctl 8 414for additional details. 415.El 416.Ss One-time actions to perform or programs to run on boot-up 417.Bl -tag -width net_interfaces 418.It Sy accounting 419Boolean value. 420Enables process accounting with 421.Xr accton 8 . 422Requires 423.Pa /var/account/acct 424to exist. 425.It Sy clear_tmp 426Boolean value. 427Clear 428.Pa /tmp 429after reboot. 430.It Sy dmesg 431Boolean value. 432Create 433.Pa /var/run/dmesg.boot 434from the output of 435.Xr dmesg 8 . 436Passes 437.Sy dmesg_flags . 438.It Sy envsys 439Boolean value. 440Sets preferences for the environmental systems framework, 441.Xr envsys 4 . 442Requires 443.Pa /etc/envsys.conf , 444which is described in 445.Xr envsys.conf 5 . 446.It Sy gpio 447Boolean value. 448Configure 449.Xr gpio 4 450devices. 451See 452.Xr gpio.conf 5 . 453.It Sy ldconfig 454Boolean value. 455Configures 456.Xr a.out 5 457runtime link editor directory cache. 458.It Sy mixerctl 459Boolean value. 460Read 461.Xr mixerctl.conf 5 462for how to set mixer values. 463List in 464.Sy mixerctl_mixers 465the devices whose settings are to be saved at shutdown and 466restored at start-up. 467.It Sy newsyslog 468Boolean value. 469Run 470.Nm newsyslog 471to trim log files before syslogd starts. 472Intended for laptop users. 473Passes 474.Sy newsyslog_flags . 475.It Sy per_user_tmp 476Boolean value. 477Enables a per-user 478.Pa /tmp 479directory. 480.Sy per_user_tmp_dir 481can be used to override the default location of the 482.Dq real 483temporary directories, 484.Pa /private/tmp . 485See 486.Xr security 7 487for additional details. 488.It Sy quota 489Boolean value. 490Checks and enables quotas by running 491.Xr quotacheck 8 492and 493.Xr quotaon 8 . 494.It Sy random_seed 495Boolean value. 496During boot-up, runs the 497.Xr rndctl 8 498utility with the 499.Fl L 500flag to seed the random number subsystem from an entropy file. 501During shutdown, runs the 502.Xr rndctl 8 503utility with the 504.Fl S 505flag to save some random information to the entropy file. 506The entropy file name is specified by the 507.Sy random_file 508variable, and defaults to 509.Pa /var/db/entropy-file . 510The entropy file must be on a local file system that is writable early during 511boot-up (just after the file systems specified in 512.Sy critical_filesystems_local 513have been mounted), and correspondingly late during shutdown. 514.It Sy rndctl 515Boolean value. 516Runs the 517.Xr rndctl 8 518utility one or more times according to the specification in 519.Sy rndctl_flags . 520.Pp 521If 522.Sy rndctl_flags 523does not contain a semicolon 524.Pq Ql \&; 525then it is expected to contain zero or more flags, 526followed by one or more device or type names. 527The 528.Xr rndctl 8 529command will be executed once for each device or type name. 530If the specified flags do not include any of 531.Fl c , C , e , 532or 533.Fl E , 534then the flags 535.Fl c 536and 537.Fl e 538are added, to specify that entropy from the relevant device or type 539should be both collected and estimated. 540If the specified flags do not include either of 541.Fl d 542or 543.Fl t , 544then the flag 545.Fl d 546is added, to specify that the non-flag arguments are device names, 547not type names. 548.Pp 549.Sy rndctl_flags 550may contain multiple semicolon-separated segments, in which each 551segment contains flags and device or type names as described above. 552This allows different flags to be associated with different 553device or type names. 554For example, given 555.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 556the following commands will be executed: 557.Li "rndctl -c -e -d wd0" ; 558.Li "rndctl -c -e -d wd1" ; 559.Li "rndctl -c -e -t tty" ; 560.Li "rndctl -c -t net" . 561.It Sy rtclocaltime 562Boolean value. 563Sets the real time clock to local time by adjusting the 564.Xr sysctl 7 565value of 566.Pa kern.rtc_offset . 567The offset from UTC is calculated automatically according 568to the time zone information in the file 569.Pa /etc/localtime . 570.It Sy savecore 571Boolean value. 572Runs the 573.Xr savecore 8 574utility. 575Passes 576.Sy savecore_flags . 577The directory where crash dumps are stored is specified by 578.Sy savecore_dir . 579The default setting is 580.Pa /var/crash . 581.It Sy sysdb 582Boolean value. 583Builds various system databases, including 584.Pa /var/run/dev.cdb , 585.Pa /etc/spwd.db , 586.Pa /var/db/netgroup.db , 587.Pa /var/db/services.cdb , 588and entries for 589.Xr utmp 5 . 590.It Sy tpctl 591Boolean value. 592Run 593.Xr tpctl 8 594to calibrate touch panel device. 595Passes 596.Sy tpctl_flags . 597.It Sy update_motd 598Boolean value. 599Updates the 600.Nx 601version string in the 602.Pa /etc/motd 603file to reflect the version of the running kernel. 604See 605.Xr motd 5 . 606.It Sy virecover 607Boolean value. 608Send notification mail to users if any recoverable files exist in 609.Pa /var/tmp/vi.recover . 610Read 611.Xr virecover 8 612for more information. 613.It Sy wdogctl 614Boolean value. 615Configures watchdog timers. 616Passes 617.Sy wdogctl_flags . 618Refer to 619.Xr wdogctl 8 620for information on how to configure a timer. 621.El 622.Ss System security settings 623.Bl -tag -width net_interfaces 624.It Sy securelevel 625A number. 626The system securelevel is set to the specified value early 627in the boot process, before any external logins, or other programs 628that run users job, are started. 629If set to nothing, the default action is taken, as described in 630.Xr init 8 631and 632.Xr secmodel_securelevel 9 , 633which contains definitive information about the system securelevel. 634Note that setting 635.Sy securelevel 636to 0 in 637.Nm 638will actually result in the system booting with securelevel set to 1, as 639.Xr init 8 640will raise the level when 641.Xr rc 8 642completes. 643.It Sy permit_nonalpha 644Boolean value. 645Allow passwords to include non-alpha characters, usually to allow 646NIS/YP netgroups. 647.It Sy veriexec 648Boolean value. 649Load Veriexec fingerprints during startup. 650Read 651.Xr veriexecctl 8 652for more information. 653.It Sy veriexec_strict 654A number. 655Controls the strict level of Veriexec. 656Level 0 is learning mode, used when building the signatures file. 657It will only output messages but will not enforce anything. 658Level 1 will only prevent access to files with a fingerprint 659mismatch. 660Level 2 will also deny writing to and removing of 661monitored files, as well as enforce access type (as specified in 662the signatures file). 663Level 3 will take a step further and prevent 664access to files that are not monitored. 665.It Sy veriexec_verbose 666A number. 667Controls the verbosity of Veriexec. 668Recommended operation is at level 0, verbose output (mostly used when 669building the signatures file) is at level 1. 670Level 2 is for debugging only and should not be used. 671.It Sy veriexec_flags 672A string. 673Flags to pass to the 674.Nm veriexecctl 675command. 676.It Sy smtoff 677Boolean value. 678Disables SMT (Simultaneous Multi-Threading). 679.El 680.Ss Networking startup 681.Bl -tag -width net_interfaces 682.It Sy altqd 683Boolean value. 684ALTQ configuration/monitoring daemon. 685Passes 686.Sy altqd_flags . 687.It Sy auto_ifconfig 688Boolean value. 689Sets the 690.Sy net_interfaces 691variable (see below) to the output of 692.Xr ifconfig 8 693with the 694.Fl l 695flag and suppresses warnings about interfaces in this list that 696do not have an ifconfig file or variable. 697.It Sy blacklistd 698Boolean value. 699Runs 700.Xr blacklistd 8 701to dynamically block hosts on a DoS according to configuration set in 702.Xr blacklistd.conf 5 703.It Sy dhcpcd 704Boolean value. 705Set true to configure some or all network interfaces using dhcpcd. 706If you set 707.Sy dhcpcd 708true, then 709.Pa /var 710must be in 711.Sy critical_filesystems_local , 712or 713.Pa /var 714must be on the root file system. 715If you need to restrict dhcpcd to one or a number of interfaces, 716or need a separate configuration per interface, 717then this should be done in the configuration file - see 718.Xr dhcpcd.conf 5 719for details. 720dhcpcd presently ignores the 721.Sy wpa_supplicant 722variable in rc.conf and will start wpa_supplicant if a suitable 723wpa_supplicant.conf is found unless otherwise instructed in 724.Xr dhcpcd.conf 5 . 725.It Sy dhcpcd_flags 726Passes 727.Sy dhcpcd_flags 728to dhcpcd. 729See 730.Xr dhcpcd 8 731for complete documentation. 732.It Sy flushroutes 733Boolean value. 734Flushes the route table on networking startup. 735Useful when coming up to multiuser mode after going down to 736single-user mode. 737.It Sy ftp_proxy 738Boolean value. 739Runs 740.Xr ftp-proxy 8 , 741the proxy daemon for the Internet File Transfer Protocol. 742.It Sy hostapd 743Boolean value. 744Runs 745.Xr hostapd 8 , 746the authenticator for IEEE 802.11 networks. 747.It Sy ifaliases_* 748A string. 749List of 750.Sq Em "address netmask" 751pairs to configure additional network addresses for the given 752configured interface 753(e.g. 754.Sy ifaliases_le0 ) . 755If 756.Em netmask 757is 758.Ql - , 759then use the default netmask for the interface. 760.Pp 761.Sy ifaliases_* 762covers limited cases only and is considered unrecommended. 763We recommend using 764.Sy ifconfig_xxN 765variables or 766.Pa /etc/ifconfig. Ns Ar xxN 767files with multiple lines instead. 768.It Sy ifwatchd 769Boolean value. 770Monitor dynamic interfaces and perform actions upon address changes. 771Passes 772.Sy ifwatchd_flags . 773.It Sy ip6addrctl 774Boolean value. 775Fine grain control of address and routing priorities. 776.It Sy ip6addrctl_policy 777A string. 778Can be: 779.Bl -tag -width "Ql auto" -compact 780.It Ql auto 781automatically determine from system settings; will read priorities from 782.Pa /etc/ip6addrctl.conf 783or if that file does not exist it will default to IPv6 first, then IPv4. 784.It Ql ipv4_prefer 785try IPv4 before IPv6. 786.It Ql ipv6_prefer 787try IPv6 before IPv4. 788.El 789.It Sy ip6addrctl_verbose 790Boolean value. 791If set, print the resulting prefixes and priorities map. 792.It Sy ip6mode 793A string. 794An IPv6 node can be a router 795.Pq nodes that forward packet for others 796or a host 797.Pq nodes that do not forward . 798A host can be autoconfigured 799based on the information advertised by adjacent IPv6 routers. 800By setting 801.Sy ip6mode 802to 803.Ql router , 804.Ql host , 805or 806.Ql autohost , 807you can configure your node as a router, 808a non-autoconfigured host, or an autoconfigured host. 809Invalid values will be ignored, and the node will be configured as 810a non-autoconfigured host. 811.It Sy ip6uniquelocal 812Boolean value. 813If 814.Sy ip6mode 815is equal to 816.Ql router , 817and 818.Sy ip6uniquelocal 819is false, 820a reject route will be installed on boot to avoid misconfiguration relating 821to unique-local addresses. 822If 823.Sy ip6uniquelocal 824is true, the reject route won't be installed. 825.It Sy ipfilter 826Boolean value. 827Runs 828.Xr ipf 8 829to load in packet filter specifications from 830.Pa /etc/ipf.conf 831at network boot time, before any interfaces are configured. 832Passes 833.Sy ipfilter_flags . 834See 835.Xr ipf.conf 5 . 836.It Sy ipfs 837Boolean value. 838Runs 839.Xr ipfs 8 840to save and restore information for ipnat and ipfilter state tables. 841The information is stored in 842.Pa /var/db/ipf/ipstate.ipf 843and 844.Pa /var/db/ipf/ipnat.ipf . 845Passes 846.Sy ipfs_flags . 847.It Sy ipmon 848Boolean value. 849Runs 850.Xr ipmon 8 851to read 852.Xr ipf 8 853packet log information and log it to a file or the system log. 854Passes 855.Sy ipmon_flags . 856.It Sy ipmon_flags 857A string. 858Specifies arguments to supply to 859.Xr ipmon 8 . 860Defaults to 861.Ql -ns . 862A typical example would be 863.Ql "-nD /var/log/ipflog" 864to have 865.Xr ipmon 8 866log directly to a file bypassing 867.Xr syslogd 8 . 868If the 869.Fl D 870argument is used, remember to modify 871.Pa /etc/newsyslog.conf 872accordingly; for example: 873.Pp 874.Dl /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 875.It Sy ipnat 876Boolean value. 877Runs 878.Xr ipnat 8 879to load in the IP network address translation (NAT) rules from 880.Pa /etc/ipnat.conf 881at network boot time, before any interfaces are configured. 882See 883.Xr ipnat.conf 5 . 884.It Sy ipsec 885Boolean value. 886Runs 887.Xr setkey 8 888to load in IPsec manual keys and policies from 889.Pa /etc/ipsec.conf 890at network boot time, before any interfaces are configured. 891.It Sy npf 892Boolean value. 893Loads 894.Xr npf.conf 5 895at network boot time, and starts 896.Xr npf 7 . 897.It Sy npfd 898Boolean value. 899Runs 900.Xr npfd 8 , 901the NPF packet filter logging and state synchronization daemon. 902.It Sy net_interfaces 903A string. 904The list of network interfaces to be configured at boot time. 905For each interface "xxN", the system first looks for ifconfig 906parameters in the variable 907.Sy ifconfig_xxN , 908and then in the file 909.Pa /etc/ifconfig.xxN . 910If 911.Sy auto_ifconfig 912is false, and neither the variable nor the file is found, 913a warning is printed. 914Information in either the variable or the file is parsed identically, 915except that, if an 916.Sy ifconfig_xxN 917variable contains a single line with embedded semicolons, 918then the value is split into multiple lines prior to further parsing, 919treating the semicolon as a line separator. 920.Pp 921One common case it to set the 922.Sy ifconfig_xxN 923variable to a set of arguments to be passed to an 924.Xr ifconfig 8 925command after the interface name. 926Refer to 927.Xr ifconfig.if 5 928for more details on 929.Pa /etc/ifconfig.xxN 930files, and note that the information there also applies to 931.Sy ifconfig_xxN 932variables (after the variables are split into lines). 933.It Sy ntpdate 934Boolean value. 935Runs 936.Xr ntpdate 8 937to set the system time from one of the hosts in 938.Sy ntpdate_hosts . 939If 940.Sy ntpdate_hosts 941is empty, it will attempt to find a list of hosts in 942.Pa /etc/ntp.conf . 943Passes 944.Sy ntpdate_flags . 945.It Sy pf 946Boolean value. 947Enable 948.Xr pf 4 949at network boot time: 950Load the initial configuration 951.Xr pf.boot.conf 5 952before the network is up. 953After the network has been configured, then load the final rule set 954.Xr pf.conf 5 . 955.It Sy pf_rules 956A string. 957The path of the 958.Xr pf.conf 5 959rule set that will be used when loading the final rule set. 960.It Sy pflogd 961Boolean value. 962Run 963.Xr pflogd 8 964for dumping packet filter logging information to a file. 965.It Sy ppp 966A boolean. 967Toggles starting 968.Xr pppd 8 969on startup. 970See 971.Sy ppp_peers 972below. 973.It Sy ppp_peers 974A string. 975If 976.Sy ppp 977is true and 978.Sy ppp_peers 979is not empty, then 980.Pa /etc/rc.d/ppp 981will check each word in 982.Sy ppp_peers 983for a corresponding ppp configuration file in 984.Pa /etc/ppp/peers 985and will call 986.Xr pppd 8 987with the 988.Dq Ic call Va peer 989option. 990.It Sy racoon 991Boolean value. 992Runs 993.Xr racoon 8 , 994the IKE (ISAKMP/Oakley) key management daemon. 995.It Sy wpa_supplicant 996Boolean value. 997Run 998.Xr wpa_supplicant 8 , 999WPA/802.11i Supplicant for wireless network devices. 1000If you set 1001.Sy wpa_supplicant 1002true, then 1003.Pa /usr 1004must be in 1005.Sy critical_filesystems_local , 1006or 1007.Pa /usr 1008must be on the root file system. 1009dhcpcd ignores this variable, see the 1010.Sy dhcpcd 1011variable for details. 1012.El 1013.Ss Daemons required by other daemons 1014.Bl -tag -width net_interfaces 1015.It Sy inetd 1016Boolean value. 1017Runs the 1018.Xr inetd 8 1019daemon to start network server processes (as listed in 1020.Pa /etc/inetd.conf ) 1021as necessary. 1022Passes 1023.Sy inetd_flags . 1024The 1025.Fl l 1026flag turns on libwrap connection logging. 1027.It Sy rpcbind 1028Boolean value. 1029The 1030.Xr rpcbind 8 1031daemon is required for any 1032.Xr rpc 3 1033services. 1034These include NFS, NIS, 1035.Xr rpc.bootparamd 8 , 1036.Xr rpc.rstatd 8 , 1037.Xr rpc.rusersd 8 , 1038and 1039.Xr rpc.rwalld 8 . 1040Passes 1041.Sy rpcbind_flags . 1042.El 1043.Ss Commonly used daemons 1044.Bl -tag -width net_interfaces 1045.It Sy cron 1046Boolean value. 1047Run 1048.Xr cron 8 . 1049.It Sy ftpd 1050Boolean value. 1051Runs the 1052.Xr ftpd 8 1053daemon and passes 1054.Sy ftpd_flags . 1055.It Sy httpd 1056Boolean value. 1057Runs the 1058.Xr httpd 8 1059daemon and passes 1060.Sy httpd_flags . 1061.It Sy httpd_wwwdir 1062A string. 1063The 1064.Xr httpd 8 1065WWW root directory. 1066Used only if 1067.Sy httpd 1068is true. 1069The default setting is 1070.Pa /var/www . 1071.It Sy httpd_wwwuser 1072A string. 1073If non-blank and 1074.Sy httpd 1075is true, run 1076.Xr httpd 8 1077and cause it to switch to the specified user after initialization. 1078It is preferred to 1079.Sy httpd_user 1080because 1081.Xr httpd 8 1082is requiring extra privileges to start listening on default port 80. 1083The default setting is 1084.Ql _httpd . 1085.It Sy lpd 1086Boolean value. 1087Runs 1088.Xr lpd 8 1089and passes 1090.Sy lpd_flags . 1091The 1092.Fl l 1093flag will turn on extra logging. 1094.It Sy mdnsd 1095Boolean value. 1096Runs 1097.Xr mdnsd 8 . 1098.It Sy named 1099Boolean value. 1100Runs 1101.Xr named 8 1102and passes 1103.Sy named_flags . 1104.It Sy named_chrootdir 1105A string. 1106If non-blank and 1107.Sy named 1108is true, run 1109.Xr named 8 1110as the unprivileged user and group 1111.Sq named , 1112.Xr chroot 2 Ns ed 1113to 1114.Sy named_chrootdir . 1115.Li \&${named_chrootdir} Ns Pa /var/run/log 1116will be added to the list of log sockets that 1117.Xr syslogd 8 1118listens to. 1119.It Sy ntpd 1120Boolean value. 1121Runs 1122.Xr ntpd 8 1123and passes 1124.Sy ntpd_flags . 1125.It Sy ntpd_chrootdir 1126A string. 1127If non-blank and 1128.Sy ntpd 1129is true, run 1130.Xr ntpd 8 1131as the unprivileged user and group 1132.Sq ntpd , 1133.Xr chroot 2 Ns ed 1134to 1135.Sy ntpd_chrootdir . 1136.Li \&${ntpd_chrootdir} Ns Pa /var/run/log 1137will be added to the list of log sockets that 1138.Xr syslogd 8 1139listens to. 1140This option requires that the kernel has 1141.D1 Cd pseudo-device clockctl 1142compiled in, and that 1143.Pa /dev/clockctl 1144is present. 1145.It Sy postfix 1146Boolean value. 1147Starts 1148.Xr postfix 1 1149mail system. 1150.It Sy sshd 1151Boolean value. 1152Runs 1153.Xr sshd 8 1154and passes 1155.Sy sshd_flags . 1156.It Sy syslogd 1157Boolean value. 1158Runs 1159.Xr syslogd 8 1160and passes 1161.Sy syslogd_flags . 1162.It Sy timed 1163Boolean value. 1164Runs 1165.Xr timed 8 1166and passes 1167.Sy timed_flags . 1168The 1169.Fl M 1170option allows 1171.Xr timed 8 1172to be a master time source as well as a slave. 1173If you are also running 1174.Xr ntpd 8 , 1175only one machine running both should have the 1176.Fl M 1177flag given to 1178.Xr timed 8 . 1179.El 1180.Ss Routing daemons 1181.Bl -tag -width net_interfaces 1182.It Sy mrouted 1183Boolean value. 1184Runs 1185.Xr mrouted 8 , 1186the DVMRP multicast routing protocol daemon. 1187Passes 1188.Sy mrouted_flags . 1189.It Sy route6d 1190Boolean value. 1191Runs 1192.Xr route6d 8 , 1193the RIPng routing protocol daemon for IPv6. 1194Passes 1195.Sy route6d_flags . 1196.It Sy routed 1197Boolean value. 1198Runs 1199.Xr routed 8 , 1200the RIP routing protocol daemon. 1201Passes 1202.Sy routed_flags . 1203.\" This should be false 1204.\" if 1205.\" .Sy gated 1206.\" is true. 1207.El 1208.Ss Daemons used to boot other hosts over a network 1209.Bl -tag -width net_interfaces 1210.It Sy bootparamd 1211Boolean value. 1212Runs 1213.Xr bootparamd 8 , 1214the boot parameter server, with 1215.Sy bootparamd_flags 1216as options. 1217Used to boot 1218.Nx 1219and SunOS 4.x systems. 1220.It Sy dhcpd 1221Boolean value. 1222Runs 1223.Xr dhcpd 8 , 1224the Dynamic Host Configuration Protocol (DHCP) daemon, 1225for assigning IP addresses to hosts and passing boot information. 1226Passes 1227.Sy dhcpd_flags . 1228.It Sy dhcrelay 1229Boolean value. 1230Runs 1231.Xr dhcrelay 8 . 1232Passes 1233.Sy dhcrelay_flags . 1234.It Sy mopd 1235Boolean value. 1236Runs 1237.Xr mopd 8 , 1238the DEC MOP protocol daemon; used for booting VAX and other DEC 1239machines. 1240Passes 1241.Sy mopd_flags . 1242.It Sy ndbootd 1243Boolean value. 1244Runs 1245.Xr ndbootd 8 , 1246the Sun Network Disk (ND) Protocol server. 1247Passes 1248.Sy ndbootd_flags . 1249.It Sy rarpd 1250Boolean value. 1251Runs 1252.Xr rarpd 8 , 1253the reverse ARP daemon, often used to boot 1254.Nx 1255and Sun workstations. 1256Passes 1257.Sy rarpd_flags . 1258.It Sy rbootd 1259Boolean value. 1260Runs 1261.Xr rbootd 8 , 1262the HP boot protocol daemon; used for booting HP workstations. 1263Passes 1264.Sy rbootd_flags . 1265.It Sy rtadvd 1266Boolean value. 1267Runs 1268.Xr rtadvd 8 , 1269the IPv6 router advertisement daemon, which is used to advertise 1270information about the subnet to IPv6 end hosts. 1271Passes 1272.Sy rtadvd_flags . 1273This is only for IPv6 routers, so set 1274.Sy ip6mode 1275to 1276.Ql router 1277if you use it. 1278.El 1279.Ss X Window System daemons 1280.Bl -tag -width net_interfaces 1281.It Sy xdm 1282Boolean value. 1283Runs the 1284.Xr xdm 1 1285X display manager. 1286These X daemons are available only with the optional X distribution of 1287.Nx . 1288.It Sy xfs 1289Boolean value. 1290Runs the 1291.Xr xfs 1 1292X11 font server, which supplies local X font files to X terminals. 1293.El 1294.Ss NIS (YP) daemons 1295.Bl -tag -width net_interfaces 1296.It Sy ypbind 1297Boolean value. 1298Runs 1299.Xr ypbind 8 , 1300which lets NIS (YP) clients use information from a NIS server. 1301Passes 1302.Sy ypbind_flags . 1303.It Sy yppasswdd 1304Boolean value. 1305Runs 1306.Xr yppasswdd 8 , 1307which allows remote NIS users to update password on master server. 1308Passes 1309.Sy yppasswdd_flags . 1310.It Sy ypserv 1311Boolean value. 1312Runs 1313.Xr ypserv 8 , 1314the NIS (YP) server for distributing information from certain files 1315in 1316.Pa /etc . 1317Passes 1318.Sy ypserv_flags . 1319The 1320.Fl d 1321flag causes it to use DNS for lookups in 1322.Pa /etc/hosts 1323that fail. 1324.El 1325.Ss NFS daemons and parameters 1326.Bl -tag -width net_interfaces 1327.It Sy amd 1328Boolean value. 1329Runs 1330.Xr amd 8 , 1331the automounter daemon, which automatically mounts NFS file systems 1332whenever a file or directory within that file system is accessed. 1333Passes 1334.Sy amd_flags . 1335.It Sy amd_dir 1336A string. 1337The 1338.Xr amd 8 1339mount directory. 1340Used only if 1341.Sy amd 1342is true. 1343.It Sy lockd 1344Boolean value. 1345Runs 1346.Xr rpc.lockd 8 1347if 1348.Sy nfs_server 1349and/or 1350.Sy nfs_client 1351are true. 1352Passes 1353.Sy lockd_flags . 1354.It Sy mountd 1355Boolean value. 1356Runs 1357.Xr mountd 8 1358and passes 1359.Sy mountd_flags . 1360.It Sy nfs_client 1361Boolean value. 1362The number of local NFS asynchronous I/O server is now controlled via 1363.Xr sysctl 8 . 1364.It Sy nfs_server 1365Boolean value. 1366Sets up a host to be a NFS server by running 1367.Xr nfsd 8 1368and passing 1369.Sy nfsd_flags . 1370.It Sy statd 1371Boolean value. 1372Runs 1373.Xr rpc.statd 8 , 1374a status monitoring daemon used when 1375.Xr rpc.lockd 8 1376is running, if 1377.Sy nfs_server 1378and/or 1379.Sy nfs_client 1380are true. 1381Passes 1382.Sy statd_flags . 1383.El 1384.Ss Bluetooth support 1385.Bl -tag -width net_interfaces 1386.It Sy bluetooth 1387Boolean value. 1388Configure Bluetooth support, comprising the following tasks: 1389.Bl -dash -compact 1390.It 1391attach serial Bluetooth controllers as listed in the 1392.Pa /etc/bluetooth/btattach.conf 1393configuration file. 1394.It 1395enable Bluetooth controllers with useful defaults, plus 1396additional options as detailed below. 1397.It 1398optionally, start 1399.Xr bthcid 8 , 1400the Bluetooth Link Key/PIN Code manager, passing 1401.Sy bthcid_flags . 1402.It 1403configure local Bluetooth drivers as listed in the 1404.Pa /etc/bluetooth/btdevctl.conf 1405configuration file. 1406.It 1407optionally, start 1408.Xr sdpd 8 , 1409the Service Discovery server, passing 1410.Sy sdpd_flags . 1411.El 1412.It Sy btconfig_devices 1413A string. 1414An optional list of Bluetooth controllers to configure. 1415.It Sy btconfig_{dev} 1416A string. 1417Additional configuration options for specific Bluetooth controllers. 1418.It Sy btconfig_args 1419A string. 1420Additional configuration options for Bluetooth controllers without 1421specific options as above. 1422.It Sy bthcid 1423Boolean value. 1424If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1425.It Sy sdpd 1426Boolean value. 1427If set to false, disable starting the Bluetooth Service Discovery server. 1428.El 1429.Ss Other daemons 1430.Bl -tag -width net_interfaces 1431.It Sy identd 1432Boolean value. 1433Runs 1434.Xr identd 8 , 1435the daemon for the user identification protocol. 1436Passes 1437.Sy identd_flags . 1438.It Sy iscsi_target 1439Boolean value. 1440Runs the server for iSCSI requests, 1441.Xr iscsi-target 8 . 1442Passes 1443.Sy iscsi_target_flags . 1444.It Sy kdc 1445Boolean value. 1446Runs the 1447.Xr kdc 8 1448Kerberos v4 and v5 server. 1449This should be run on Kerberos master and slave servers. 1450.It Sy rwhod 1451Boolean value. 1452Runs 1453.Xr rwhod 8 1454to support the 1455.Xr rwho 1 1456and 1457.Xr ruptime 1 1458commands. 1459.It Sy autofs 1460Boolean value. 1461If set to 1462.Ql YES , 1463start the 1464.Xr automount 8 1465utility and the 1466.Xr automountd 8 1467and 1468.Xr autounmountd 8 1469daemons at boot time. 1470.It Sy automount_flags 1471A string. 1472If 1473.Sy autofs 1474is set to 1475.Ql YES , 1476these are the flags to pass to the 1477.Xr automount 8 1478program. 1479By default no flags are passed. 1480.It Sy automountd_flags 1481A string. 1482If 1483.Sy autofs 1484is set to 1485.Ql YES , 1486these are the flags to pass to the 1487.Xr automountd 8 1488daemon. 1489By default no flags are passed. 1490.It Sy autounmountd_flags 1491A string. 1492If 1493.Sy autofs 1494is set to 1495.Ql YES , 1496these are the flags to pass to the 1497.Xr autounmountd 8 1498daemon. 1499By default no flags are passed. 1500.El 1501.Ss Hardware daemons 1502.Bl -tag -width net_interfaces 1503.It Sy apmd 1504Boolean value. 1505Runs 1506.Xr apmd 8 1507and passes 1508.Sy apmd_flags . 1509.It Sy irdaattach 1510Boolean value. 1511Runs 1512.Xr irdaattach 8 1513and passes 1514.Sy irdaattach_flags . 1515.It Sy moused 1516Boolean value. 1517Runs 1518.Xr moused 8 , 1519to pass serial mouse data to the wscons mouse mux. 1520Passes 1521.Sy moused_flags . 1522.It Sy screenblank 1523Boolean value. 1524Runs 1525.Xr screenblank 1 1526and passes 1527.Sy screenblank_flags . 1528.It Sy wscons 1529Boolean value. 1530Configures the 1531.Xr wscons 4 1532console driver, from the configuration file 1533.Pa /etc/wscons.conf . 1534.It Sy wsmoused 1535Boolean value. 1536Runs 1537.Xr wsmoused 8 , 1538to provide copy and paste text support in wscons displays. 1539Passes 1540.Sy wsmoused_flags . 1541.El 1542.Sh FILES 1543.Bl -tag -width /etc/defaults/rc.conf -compact 1544.It Pa /etc/rc.conf 1545The file 1546.Nm 1547resides in 1548.Pa /etc . 1549.It Pa /etc/defaults/rc.conf 1550Default settings for 1551.Nm , 1552sourced by 1553.Nm 1554before the end-user configuration section. 1555.It Pa /etc/rc.conf.d/ Ns Ar foo 1556.Ar foo Ns No -specific 1557.Nm 1558overrides. 1559.El 1560.Sh SEE ALSO 1561.Xr boot 8 , 1562.Xr rc 8 , 1563.Xr rc.d 8 , 1564.Xr rc.subr 8 , 1565.Xr rcorder 8 1566.Sh HISTORY 1567The 1568.Nm 1569file appeared in 1570.Nx 1.3 . 1571