1.\" $NetBSD: rc.conf.5,v 1.165 2015/12/27 08:43:51 wiz Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd December 26, 2015 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Sq Ic YES , 127.Sq Ic TRUE , 128.Sq Ic ON 129or 130.Sq Ic 1 131for true, and 132.Sq Ic NO , 133.Sq Ic FALSE , 134.Sq Ic OFF 135or 136.Sq Ic 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with "_flags" appended, and determine what 141arguments are passed to the program if it is enabled. 142.Pp 143If a variable that 144.Xr rc 8 145expects to be set is not set, or the value is not one of the allowed 146values, a warning will be printed. 147.Ss Overall control 148.Bl -tag -width net_interfaces 149.It Sy do_rcshutdown 150Boolean value. 151If false, 152.Xr shutdown 8 153will not run 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_rcorder_flags 156A string. 157Extra arguments to the 158.Xr rcorder 8 159run by 160.Pa /etc/rc.shutdown . 161.It Sy rcshutdown_timeout 162A number. 163If non-blank, use this as the number of seconds to run a watchdog timer for 164which will terminate 165.Pa /etc/rc.shutdown 166if the timer expires before the shutdown script completes. 167.It Sy rc_configured 168Boolean value. 169If false then the system will drop into single-user mode during boot. 170.It Sy rc_fast_and_loose 171If set to a non-empty string, 172each script in 173.Pa /etc/rc.d 174will be executed in the current shell rather than a sub shell. 175This may be faster on slow machines that have an expensive 176.Xr fork 2 177operation. 178.Bl -hang 179.It Em Note : 180Use this at your own risk! 181A rogue command or script may inadvertently prevent boot to multiuser. 182.El 183.It Sy rc_rcorder_flags 184A string. 185Extra arguments to the 186.Xr rcorder 8 187run by 188.Pa /etc/rc . 189.It Sy rc_directories 190A string. 191Space separated list of directories searched for rc scripts. 192The default is 193.Pa /etc/rc.d . 194All directories in 195.Ev rc_directories 196must be located in the root file system, otherwise they will be silently 197skipped. 198.It Sy rc_silent 199Boolean value. 200If true then the usual output is suppressed, and 201.Xr rc 8 202invokes the command specified in the 203.Va rc_silent_cmd 204variable once for each line of suppressed output. 205The default value of 206.Va rc_silent 207is set from the 208.Dv AB_SILENT 209flag in the kernel's 210.Va boothowto 211variable (see 212.Xr boot 8 , 213.Xr reboot 2 ) . 214.It Sy rc_silent_cmd 215A command to be executed once per line of suppressed output, when 216.Va rc_silent 217is true. 218The default value of 219.Va rc_silent_cmd 220is 221.Dq twiddle , 222which will display a spinning symbol instead of each line of output. 223Another useful value is 224.Dq \&: , 225which will display nothing at all. 226.El 227.Ss Basic network configuration 228.Bl -tag -width net_interfaces 229.It Sy defaultroute 230A string. 231Default IPv4 network route. 232If empty or not set, then the contents of 233.Pa /etc/mygate 234(if it exists) are used. 235.It Sy defaultroute6 236A string. 237Default IPv6 network route. 238If empty or not set, then the contents of 239.Pa /etc/mygate6 240(if it exists) are used. 241.It Sy domainname 242A string. 243.Tn NIS 244(YP) domain of host. 245If empty or not set, then the contents of 246.Pa /etc/defaultdomain 247(if it exists) are used. 248.It Sy force_down_interfaces 249A space separated list of interface names. 250These interfaces will be configured down when going from multiuser to single-user 251mode or on system shutdown. 252.Pp 253This is important for some stateful interfaces, for example PPP over ISDN 254connections that cost money by connection time or PPPoE interfaces which 255have no direct means of noticing 256.Dq disconnect 257events. 258.Pp 259All active 260.Xr pppoe 4 261and 262.Xr ippp 4 263interfaces will be automatically added to this list. 264.It Sy hostname 265A string. 266Name of host. 267If empty or not set, then the contents of 268.Pa /etc/myname 269(if it exists) are used. 270.El 271.Ss Boottime file-system and swap configuration 272.Bl -tag -width net_interfaces 273.It Sy critical_filesystems_local 274A string. 275File systems mounted very early in the system boot before networking 276services are available. 277Usually 278.Pa /var 279is part of this, because it is needed by services such as 280.Xr dhclient 8 281which may be required to get the network operational. 282The default is 283.Dq "OPTIONAL:/var" , 284where the 285.Dq "OPTIONAL:" 286prefix means that it's not an error if the file system is not 287present in 288.Xr fstab 5 . 289.It Sy critical_filesystems_remote 290A string. 291File systems such as 292.Pa /usr 293that may require network services to be available to mount, 294that must be available early in the system boot for general services to use. 295The default is 296.Dq "OPTIONAL:/usr" , 297where the 298.Dq "OPTIONAL:" 299prefix means that it is not an error if the file system is not 300present in 301.Xr fstab 5 . 302.It Sy fsck_flags 303A string. 304A file system is checked with 305.Xr fsck 8 306during boot before mounting it. 307This option may be used to override the default command-line options 308passed to the 309.Xr fsck 8 310program. 311.Pp 312When set to 313.Fl y , 314.Xr fsck 8 315assumes yes as the answer to all operator questions during file system checks. 316This might be important with hosts where the administrator does not have 317access to the console and an unsuccessful shutdown must not make the host 318unbootable even if the file system checks would fail in preen mode. 319.It Sy no_swap 320Boolean value. 321Should be true if you have deliberately configured your system with no swap. 322If false and no swap devices are configured, the system will warn you. 323.It Sy resize_root 324Boolean value. 325Set to true to have the system resize the root file system to fill its 326partition. 327Will only attempt to resize the root file system if it is of type ffs and does 328not have logging enabled. 329Defaults to false. 330.It Sy swapoff 331Boolean value. 332Remove block-type swap devices at shutdown time. 333Useful if swapping onto RAIDframe devices. 334.El 335.Ss Block device subsystems 336.Bl -tag -width net_interfaces 337.It Sy ccd 338Boolean value. 339Configures concatenated disk devices according to 340.Xr ccd.conf 5 . 341.It Sy cgd 342Boolean value. 343Configures cryptographic disk devices. 344Requires 345.Pa /etc/cgd/cgd.conf . 346See 347.Xr cgdconfig 8 348for additional details. 349.It Sy lvm 350Boolean value. 351Configures the logical volume manager. 352See 353.Xr lvm 8 354for additional details. 355.It Sy raidframe 356Boolean value. 357Configures 358.Xr raid 4 , 359RAIDframe disk devices. 360See 361.Xr raidctl 8 362for additional details. 363.El 364.Ss One-time actions to perform or programs to run on boot-up 365.Bl -tag -width net_interfaces 366.It Sy accounting 367Boolean value. 368Enables process accounting with 369.Xr accton 8 . 370Requires 371.Pa /var/account/acct 372to exist. 373.It Sy clear_tmp 374Boolean value. 375Clear 376.Pa /tmp 377after reboot. 378.It Sy dmesg 379Boolean value. 380Create 381.Pa /var/run/dmesg.boot 382from the output of 383.Xr dmesg 8 . 384Passes 385.Sy dmesg_flags . 386.It Sy envsys 387Boolean value. 388Sets preferences for the environmental systems framework, 389.Xr envsys 4 . 390Requires 391.Pa /etc/envsys.conf , 392which is described in 393.Xr envsys.conf 5 . 394.It Sy gpio 395Boolean value. 396Configure 397.Xr gpio 4 398devices. 399See 400.Xr gpio.conf 5 . 401.It Sy ldconfig 402Boolean value. 403Configures 404.Xr a.out 5 405runtime link editor directory cache. 406.It Sy mixerctl 407Boolean value. 408Read 409.Xr mixerctl.conf 5 410for how to set mixer values. 411List in 412.Sy mixerctl_mixers 413the devices whose settings are to be saved at shutdown and 414restored at start-up. 415.It Sy newsyslog 416Boolean value. 417Run 418.Nm newsyslog 419to trim log files before syslogd starts. 420Intended for laptop users. 421Passes 422.Sy newsyslog_flags . 423.It Sy per_user_tmp 424Boolean value. 425Enables a per-user 426.Pa /tmp 427directory. 428.Sy per_user_tmp_dir 429can be used to override the default location of the 430.Dq real 431temporary directories, 432.Dq Pa /private/tmp . 433See 434.Xr security 7 435for additional details. 436.It Sy quota 437Boolean value. 438Checks and enables quotas by running 439.Xr quotacheck 8 440and 441.Xr quotaon 8 . 442.It Sy random_seed 443Boolean value. 444During boot-up, runs the 445.Xr rndctl 8 446utility with the 447.Fl L 448flag to seed the random number subsystem from an entropy file. 449During shutdown, runs the 450.Xr rndctl 8 451utility with the 452.Fl S 453flag to save some random information to the entropy file. 454The entropy file name is specified by the 455.Sy random_file 456variable, and defaults to 457.Pa /var/db/entropy-file . 458The entropy file must be on a local file system that is writable early during 459boot-up (just after the file systems specified in 460.Sy critical_filesystems_local 461have been mounted), and correspondingly late during shutdown. 462.It Sy rndctl 463Boolean value. 464Runs the 465.Xr rndctl 8 466utility one or more times according to the specification in 467.Sy rndctl_flags . 468.Pp 469If 470.Sy rndctl_flags 471does not contain a semicolon 472.Pq Ql \&; 473then it is expected to contain zero or more flags, 474followed by one or more device or type names. 475The 476.Xr rndctl 8 477command will be executed once for each device or type name. 478If the specified flags do not include any of 479.Fl c , C , e , 480or 481.Fl E , 482then the flags 483.Fl c 484and 485.Fl e 486are added, to specify that entropy from the relevant device or type 487should be both collected and estimated. 488If the specified flags do not include either of 489.Fl d 490or 491.Fl t , 492then the flag 493.Fl d 494is added, to specify that the non-flag arguments are device names, 495not type names. 496.Pp 497.Sy rndctl_flags 498may contain multiple semicolon-separated segments, in which each 499segment contains flags and device or type names as described above. 500This allows different flags to be associated with different 501device or type names. 502For example, given 503.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 504the following commands will be executed: 505.Li "rndctl -c -e -d wd0" ; 506.Li "rndctl -c -e -d wd1" ; 507.Li "rndctl -c -e -t tty" ; 508.Li "rndctl -c -t net" . 509.It Sy rtclocaltime 510Boolean value. 511Sets the real time clock to local time by adjusting the 512.Xr sysctl 7 513value of 514.Pa kern.rtc_offset . 515The offset from UTC is calculated automatically according 516to the time zone information in the file 517.Pa /etc/localtime . 518.It Sy savecore 519Boolean value. 520Runs the 521.Xr savecore 8 522utility. 523Passes 524.Sy savecore_flags . 525The directory where crash dumps are stored is specified by 526.Sy savecore_dir . 527The default setting is 528.Dq Pa /var/crash . 529.It Sy sysdb 530Boolean value. 531Builds various system databases, including 532.Pa /var/run/dev.cdb , 533.Pa /etc/spwd.db , 534.Pa /var/db/netgroup.db , 535.Pa /var/db/services.cdb , 536and entries for 537.Xr utmp 5 . 538.It Sy tpctl 539Boolean value. 540Run 541.Xr tpctl 8 542to calibrate touch panel device. 543Passes 544.Sy tpctl_flags . 545.It Sy update_motd 546Boolean value. 547Updates the 548.Nx 549version string in the 550.Pa /etc/motd 551file to reflect the version of the running kernel. 552See 553.Xr motd 5 . 554.It Sy virecover 555Boolean value. 556Send notification mail to users if any recoverable files exist in 557.Pa /var/tmp/vi.recover . 558Read 559.Xr virecover 8 560for more information. 561.It Sy wdogctl 562Boolean value. 563Configures watchdog timers. 564Passes 565.Sy wdogctl_flags . 566Refer to 567.Xr wdogctl 8 568for information on how to configure a timer. 569.El 570.Ss System security settings 571.Bl -tag -width net_interfaces 572.It Sy securelevel 573A number. 574The system securelevel is set to the specified value early 575in the boot process, before any external logins, or other programs 576that run users job, are started. 577If set to nothing, the default action is taken, as described in 578.Xr init 8 579and 580.Xr secmodel_securelevel 9 , 581which contains definitive information about the system securelevel. 582Note that setting 583.Sy securelevel 584to 0 in 585.Nm 586will actually result in the system booting with securelevel set to 1, as 587.Xr init 8 588will raise the level when 589.Xr rc 8 590completes. 591.It Sy permit_nonalpha 592Boolean value. 593Allow passwords to include non-alpha characters, usually to allow 594NIS/YP netgroups. 595.It Sy veriexec 596Boolean value. 597Load Veriexec fingerprints during startup. 598Read 599.Xr veriexecctl 8 600for more information. 601.It Sy veriexec_strict 602A number. 603Controls the strict level of Veriexec. 604Level 0 is learning mode, used when building the signatures file. 605It will only output messages but will not enforce anything. 606Level 1 will only prevent access to files with a fingerprint 607mismatch. 608Level 2 will also deny writing to and removing of 609monitored files, as well as enforce access type (as specified in 610the signatures file). 611Level 3 will take a step further and prevent 612access to files that are not monitored. 613.It Sy veriexec_verbose 614A number. 615Controls the verbosity of Veriexec. 616Recommended operation is at level 0, verbose output (mostly used when 617building the signatures file) is at level 1. 618Level 2 is for debugging only and should not be used. 619.It Sy veriexec_flags 620A string. 621Flags to pass to the 622.Nm veriexecctl 623command. 624.El 625.Ss Networking startup 626.Bl -tag -width net_interfaces 627.It Sy altqd 628Boolean value. 629ALTQ configuration/monitoring daemon. 630Passes 631.Sy altqd_flags . 632.It Sy auto_ifconfig 633Boolean value. 634Sets the 635.Sy net_interfaces 636variable (see below) to the output of 637.Xr ifconfig 8 638with the 639.Dq Li -l 640flag and suppresses warnings about interfaces in this list that 641do not have an ifconfig file or variable. 642.It Sy dhclient 643Boolean value. 644Set true to configure some or all network interfaces using 645the ISC DHCP client. 646If you set 647.Sy dhclient 648true, then 649.Pa /var 650must be in 651.Sy critical_filesystems_local , 652or 653.Pa /var 654must be on the root file system, 655or you must modify the 656.Sy dhclient_flags 657variable to direct the DHCP client to store the leases file 658in some other directory on the root file system. 659You must not provide ifconfig information or ifaliases 660information for any interface that is to be configured using the DHCP client. 661Interface aliases can be set up in the DHCP client configuration 662file if needed - see 663.Xr dhclient.conf 5 664for details. 665.Pp 666Passes 667.Sy dhclient_flags 668to the DHCP client. 669See 670.Xr dhclient 8 671for complete documentation. 672If you wish to configure all broadcast 673network interfaces using the DHCP client, you can leave this blank. 674To configure only specific interfaces, name the interfaces to be configured 675on the command line. 676.Pp 677If you must run the DHCP client before mounting critical file systems, 678then you should specify an alternate location for the DHCP client's lease 679file in the 680.Sy dhclient_flags 681variable - for example, "-lf /tmp/dhclient.leases". 682.It Sy dhcpcd 683Boolean value. 684Set true to configure some or all network interfaces using dhcpcd. 685If you set 686.Sy dhcpcd 687true, then 688.Pa /var 689must be in 690.Sy critical_filesystems_local , 691or 692.Pa /var 693must be on the root file system. 694If you need to restrict dhcpcd to one or a number of interfaces, 695or need a separate configuration per interface, 696then this should be done in the configuration file - see 697.Xr dhcpcd.conf 5 698for details. 699dhcpcd presently ignores the 700.Sy wpa_supplicant 701variable in rc.conf and will start wpa_supplicant if a suitable 702wpa_supplicant.conf is found unless otherwise instructed in 703.Xr dhcpcd.conf 5 . 704.It Sy dhcpcd_flags 705Passes 706.Sy dhcpcd_flags 707to dhcpcd. 708See 709.Xr dhcpcd 8 710for complete documentation. 711.It Sy flushroutes 712Boolean value. 713Flushes the route table on networking startup. 714Useful when coming up to multiuser mode after going down to 715single-user mode. 716.It Sy ftp_proxy 717Boolean value. 718Runs 719.Xr ftp-proxy 8 , 720the proxy daemon for the Internet File Transfer Protocol. 721.It Sy hostapd 722Boolean value. 723Runs 724.Xr hostapd 8 , 725the authenticator for IEEE 802.11 networks. 726.It Sy ifaliases_* 727A string. 728List of 729.Sq Em "address netmask" 730pairs to configure additional network addresses for the given 731configured interface 732.Dq * 733(e.g. 734.Sy ifaliases_le0 ) . 735If 736.Em netmask 737is 738.Dq - , 739then use the default netmask for the interface. 740.Pp 741.Sy ifaliases_* 742covers limited cases only and is considered unrecommended. 743We recommend using 744.Sy ifconfig_nnX 745variables or 746.Pa /etc/ifconfig.xxN 747files with multiple lines instead. 748.It Sy ifwatchd 749Boolean value. 750Monitor dynamic interfaces and perform actions upon address changes. 751Passes 752.Sy ifwatchd_flags . 753.It Sy ip6addrctl 754Boolean value. 755Fine grain control of address and routing priorities. 756.It Sy ip6addrctl_policy 757A string. 758Can be: 759.Bl -tag -width auto -compact 760.It Li auto 761automatically determine from system settings; will read priorities from 762.Pa /etc/ip6addrctl.conf 763or if that file does not exist it will default to IPv6 first, then IPv4. 764.It Li ipv4_prefer 765try IPv4 before IPv6. 766.It Li ipv6_prefer 767try IPv6 before IPv4. 768.El 769.It Sy ip6addrctl_verbose 770Boolean value. 771If set, print the resulting prefixes and priorities map. 772.It Sy ip6mode 773A string. 774An IPv6 node can be a router 775.Pq nodes that forward packet for others 776or a host 777.Pq nodes that do not forward . 778A host can be autoconfigured 779based on the information advertised by adjacent IPv6 routers. 780By setting 781.Sy ip6mode 782to 783.Dq Li router , 784.Dq Li host , 785or 786.Dq Li autohost , 787you can configure your node as a router, 788a non-autoconfigured host, or an autoconfigured host. 789Invalid values will be ignored, and the node will be configured as 790a non-autoconfigured host. 791You may want to check 792.Sy rtsol 793and 794.Sy rtsold 795as well, if you set the variable to 796.Dq Li autohost . 797.It Sy ip6uniquelocal 798Boolean value. 799If 800.Sy ip6mode 801is equal to 802.Dq Li router , 803and 804.Sy ip6uniquelocal 805is false, 806a reject route will be installed on boot to avoid misconfiguration relating 807to unique-local addresses. 808If 809.Sy ip6uniquelocal 810is true, the reject route won't be installed. 811.It Sy ipfilter 812Boolean value. 813Runs 814.Xr ipf 8 815to load in packet filter specifications from 816.Pa /etc/ipf.conf 817at network boot time, before any interfaces are configured. 818Passes 819.Sy ipfilter_flags . 820See 821.Xr ipf.conf 5 . 822.It Sy ipfs 823Boolean value. 824Runs 825.Xr ipfs 8 826to save and restore information for ipnat and ipfilter state tables. 827The information is stored in 828.Pa /var/db/ipf/ipstate.ipf 829and 830.Pa /var/db/ipf/ipnat.ipf . 831Passes 832.Sy ipfs_flags . 833.It Sy ipmon 834Boolean value. 835Runs 836.Xr ipmon 8 837to read 838.Xr ipf 8 839packet log information and log it to a file or the system log. 840Passes 841.Sy ipmon_flags . 842.It Sy ipmon_flags 843A string. 844Specifies arguments to supply to 845.Xr ipmon 8 . 846Defaults to 847.Dq Li -ns . 848A typical example would be 849.Dq Fl nD Pa /var/log/ipflog 850to have 851.Xr ipmon 8 852log directly to a file bypassing 853.Xr syslogd 8 . 854If the 855.Dq -D 856argument is used, remember to modify 857.Pa /etc/newsyslog.conf 858accordingly; for example: 859.Bd -literal 860/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 861.Ed 862.It Sy ipnat 863Boolean value. 864Runs 865.Xr ipnat 8 866to load in the IP network address translation (NAT) rules from 867.Pa /etc/ipnat.conf 868at network boot time, before any interfaces are configured. 869See 870.Xr ipnat.conf 5 . 871.It Sy ipsec 872Boolean value. 873Runs 874.Xr setkey 8 875to load in IPsec manual keys and policies from 876.Pa /etc/ipsec.conf 877at network boot time, before any interfaces are configured. 878.It Sy net_interfaces 879A string. 880The list of network interfaces to be configured at boot time. 881For each interface "xxN", the system first looks for ifconfig 882parameters in the variable 883.Sy ifconfig_xxN , 884and then in the file 885.Pa /etc/ifconfig.xxN . 886If 887.Sy auto_ifconfig 888is false, and neither the variable nor the file is found, 889a warning is printed. 890Information in either the variable or the file is parsed identically, 891except that, if an 892.Sy ifconfig_xxN 893variable contains a single line with embedded semicolons, 894then the value is split into multiple lines prior to further parsing, 895treating the semicolon as a line separator. 896.Pp 897One common case it to set the 898.Sy ifconfig_xxN 899variable to a set of arguments to be passed to an 900.Xr ifconfig 8 901command after the interface name. 902Refer to 903.Xr ifconfig.if 5 904for more details on 905.Pa /etc/ifconfig.xxN 906files, and note that the information there also applies to 907.Sy ifconfig_xxN 908variables (after the variables are split into lines). 909.It Sy ntpdate 910Boolean value. 911Runs 912.Xr ntpdate 8 913to set the system time from one of the hosts in 914.Sy ntpdate_hosts . 915If 916.Sy ntpdate_hosts 917is empty, it will attempt to find a list of hosts in 918.Pa /etc/ntp.conf . 919Passes 920.Sy ntpdate_flags . 921.It Sy pf 922Boolean value. 923Enable 924.Xr pf 4 925at network boot time: 926Load the initial configuration 927.Xr pf.boot.conf 5 928before the network is up. 929After the network has been configured, then load the final rule set 930.Xr pf.conf 5 . 931.It Sy pf_rules 932A string. 933The path of the 934.Xr pf.conf 5 935rule set that will be used when loading the final rule set. 936.It Sy pflogd 937Boolean value. 938Run 939.Xr pflogd 8 940for dumping packet filter logging information to a file. 941.It Sy ppp 942A boolean. 943Toggles starting 944.Xr pppd 8 945on startup. 946See 947.Sy ppp_peers 948below. 949.It Sy ppp_peers 950A string. 951If 952.Sy ppp 953is true and 954.Sy ppp_peers 955is not empty, then 956.Pa /etc/rc.d/ppp 957will check each word in 958.Sy ppp_peers 959for a corresponding ppp configuration file in 960.Pa /etc/ppp/peers 961and will call 962.Xr pppd 8 963with the 964.Dq call Sy peer 965option. 966.It Sy racoon 967Boolean value. 968Runs 969.Xr racoon 8 , 970the IKE (ISAKMP/Oakley) key management daemon. 971.It Sy rtsol 972Boolean value. 973Run 974.Xr rtsol 8 , 975router solicitation command for IPv6 hosts. 976On nomadic hosts like notebook computers, you may want to enable 977.Sy rtsold 978as well. 979Passes 980.Sy rtsol_flags . 981This is only for autoconfigured IPv6 hosts, so set 982.Sy ip6mode 983to 984.Dq Li autohost 985if you use it. 986.It Sy wpa_supplicant 987Boolean value. 988Run 989.Xr wpa_supplicant 8 , 990WPA/802.11i Supplicant for wireless network devices. 991If you set 992.Sy wpa_supplicant 993true, then 994.Pa /usr 995must be in 996.Sy critical_filesystems_local , 997or 998.Pa /usr 999must be on the root file system. 1000dhcpcd ignores this variable, see the 1001.Sy dhcpcd 1002variable for details. 1003.El 1004.Ss Daemons required by other daemons 1005.Bl -tag -width net_interfaces 1006.It Sy inetd 1007Boolean value. 1008Runs the 1009.Xr inetd 8 1010daemon to start network server processes (as listed in 1011.Pa /etc/inetd.conf ) 1012as necessary. 1013Passes 1014.Sy inetd_flags . 1015The 1016.Dq Li -l 1017flag turns on libwrap connection logging. 1018.It Sy rpcbind 1019Boolean value. 1020The 1021.Xr rpcbind 8 1022daemon is required for any 1023.Xr rpc 3 1024services. 1025These include NFS, 1026.Tn NIS , 1027.Xr rpc.bootparamd 8 , 1028.Xr rpc.rstatd 8 , 1029.Xr rpc.rusersd 8 , 1030and 1031.Xr rpc.rwalld 8 . 1032Passes 1033.Sy rpcbind_flags . 1034.El 1035.Ss Commonly used daemons 1036.Bl -tag -width net_interfaces 1037.It Sy cron 1038Boolean value. 1039Run 1040.Xr cron 8 . 1041.It Sy ftpd 1042Boolean value. 1043Runs the 1044.Xr ftpd 8 1045daemon and passes 1046.Sy ftpd_flags . 1047.It Sy httpd 1048Boolean value. 1049Runs the 1050.Xr httpd 8 1051daemon and passes 1052.Sy httpd_flags . 1053.It Sy httpd_wwwdir 1054A string. 1055The 1056.Xr httpd 8 1057WWW root directory. 1058Used only if 1059.Sy httpd 1060is true. 1061The default setting is 1062.Dq Pa /var/www . 1063.It Sy httpd_wwwuser 1064A string. 1065If non-blank and 1066.Sy httpd 1067is true, run 1068.Xr httpd 8 1069and cause it to switch to the specified user after initialization. 1070It is preferred to 1071.Sy httpd_user 1072because 1073.Xr httpd 8 1074is requiring extra privileges to start listening on default port 80. 1075The default setting is 1076.Dq Dv _httpd . 1077.It Sy lpd 1078Boolean value. 1079Runs 1080.Xr lpd 8 1081and passes 1082.Sy lpd_flags . 1083The 1084.Dq Li -l 1085flag will turn on extra logging. 1086.It Sy mdnsd 1087Boolean value. 1088Runs 1089.Xr mdnsd 8 . 1090.It Sy named 1091Boolean value. 1092Runs 1093.Xr named 8 1094and passes 1095.Sy named_flags . 1096.It Sy named_chrootdir 1097A string. 1098If non-blank and 1099.Sy named 1100is true, run 1101.Xr named 8 1102as the unprivileged user and group 1103.Sq named , 1104.Xr chroot 2 Ns ed 1105to 1106.Sy named_chrootdir . 1107.Sy named_chrootdir Ns Pa /var/run/log 1108will be added to the list of log sockets that 1109.Xr syslogd 8 1110listens to. 1111.It Sy ntpd 1112Boolean value. 1113Runs 1114.Xr ntpd 8 1115and passes 1116.Sy ntpd_flags . 1117.It Sy ntpd_chrootdir 1118A string. 1119If non-blank and 1120.Sy ntpd 1121is true, run 1122.Xr ntpd 8 1123as the unprivileged user and group 1124.Sq ntpd , 1125.Xr chroot 2 Ns ed 1126to 1127.Sy ntpd_chrootdir . 1128.Sy ntpd_chrootdir Ns Pa /var/run/log 1129will be added to the list of log sockets that 1130.Xr syslogd 8 1131listens to. 1132This option requires that the kernel has 1133.Dl pseudo-device clockctl 1134compiled in, and that 1135.Pa /dev/clockctl 1136is present. 1137.It Sy postfix 1138Boolean value. 1139Starts 1140.Xr postfix 1 1141mail system. 1142.It Sy sshd 1143Boolean value. 1144Runs 1145.Xr sshd 8 1146and passes 1147.Sy sshd_flags . 1148.It Sy syslogd 1149Boolean value. 1150Runs 1151.Xr syslogd 8 1152and passes 1153.Sy syslogd_flags . 1154.It Sy timed 1155Boolean value. 1156Runs 1157.Xr timed 8 1158and passes 1159.Sy timed_flags . 1160The 1161.Dq Li -M 1162option allows 1163.Xr timed 8 1164to be a master time source as well as a slave. 1165If you are also running 1166.Xr ntpd 8 , 1167only one machine running both should have the 1168.Dq Li -M 1169flag given to 1170.Xr timed 8 . 1171.El 1172.Ss Routing daemons 1173.Bl -tag -width net_interfaces 1174.It Sy mrouted 1175Boolean value. 1176Runs 1177.Xr mrouted 8 , 1178the DVMRP multicast routing protocol daemon. 1179Passes 1180.Sy mrouted_flags . 1181.It Sy route6d 1182Boolean value. 1183Runs 1184.Xr route6d 8 , 1185the RIPng routing protocol daemon for IPv6. 1186Passes 1187.Sy route6d_flags . 1188.It Sy routed 1189Boolean value. 1190Runs 1191.Xr routed 8 , 1192the RIP routing protocol daemon. 1193Passes 1194.Sy routed_flags . 1195.\" This should be false 1196.\" if 1197.\" .Sy gated 1198.\" is true. 1199.It Sy rtsold 1200Boolean value. 1201Runs 1202.Xr rtsold 8 , 1203the IPv6 router solicitation daemon. 1204.Xr rtsold 8 1205periodically transmits router solicitation packets 1206to find IPv6 routers on the network. 1207This configuration is mainly for nomadic hosts like notebook computers. 1208Stationary hosts should work fine with just 1209.Sy rtsol . 1210Passes 1211.Sy rtsold_flags . 1212This is only for autoconfigured IPv6 hosts, so set 1213.Sy ip6mode 1214to 1215.Dq Li autohost 1216if you use it. 1217.El 1218.Ss Daemons used to boot other hosts over a network 1219.Bl -tag -width net_interfaces 1220.It Sy bootparamd 1221Boolean value. 1222Runs 1223.Xr bootparamd 8 , 1224the boot parameter server, with 1225.Sy bootparamd_flags 1226as options. 1227Used to boot 1228.Nx 1229and 1230.Tn "SunOS 4.x" 1231systems. 1232.It Sy dhcpd 1233Boolean value. 1234Runs 1235.Xr dhcpd 8 , 1236the Dynamic Host Configuration Protocol (DHCP) daemon, 1237for assigning IP addresses to hosts and passing boot information. 1238Passes 1239.Sy dhcpd_flags . 1240.It Sy dhcrelay 1241Boolean value. 1242Runs 1243.Xr dhcrelay 8 . 1244Passes 1245.Sy dhcrelay_flags . 1246.It Sy mopd 1247Boolean value. 1248Runs 1249.Xr mopd 8 , 1250the 1251.Tn DEC 1252.Tn MOP 1253protocol daemon; used for booting 1254.Tn VAX 1255and other 1256.Tn DEC 1257machines. 1258Passes 1259.Sy mopd_flags . 1260.It Sy ndbootd 1261Boolean value. 1262Runs 1263.Xr ndbootd 8 , 1264the Sun Network Disk (ND) Protocol server. 1265Passes 1266.Sy ndbootd_flags . 1267.It Sy rarpd 1268Boolean value. 1269Runs 1270.Xr rarpd 8 , 1271the reverse ARP daemon, often used to boot 1272.Nx 1273and Sun workstations. 1274Passes 1275.Sy rarpd_flags . 1276.It Sy rbootd 1277Boolean value. 1278Runs 1279.Xr rbootd 8 , 1280the 1281.Tn HP 1282boot protocol daemon; used for booting 1283.Tn HP 1284workstations. 1285Passes 1286.Sy rbootd_flags . 1287.It Sy rtadvd 1288Boolean value. 1289Runs 1290.Xr rtadvd 8 , 1291the IPv6 router advertisement daemon, which is used to advertise 1292information about the subnet to IPv6 end hosts. 1293Passes 1294.Sy rtadvd_flags . 1295This is only for IPv6 routers, so set 1296.Sy ip6mode 1297to 1298.Dq Li router 1299if you use it. 1300.El 1301.Ss X Window System daemons 1302.Bl -tag -width net_interfaces 1303.It Sy xdm 1304Boolean value. 1305Runs the 1306.Xr xdm 1 1307X display manager. 1308These X daemons are available only with the optional X distribution of 1309.Nx . 1310.It Sy xfs 1311Boolean value. 1312Runs the 1313.Xr xfs 1 1314X11 font server, which supplies local X font files to X terminals. 1315.El 1316.Ss NIS (YP) daemons 1317.Bl -tag -width net_interfaces 1318.It Sy ypbind 1319Boolean value. 1320Runs 1321.Xr ypbind 8 , 1322which lets 1323.Tn NIS 1324(YP) clients use information from a 1325.Tn NIS 1326server. 1327Passes 1328.Sy ypbind_flags . 1329.It Sy yppasswdd 1330Boolean value. 1331Runs 1332.Xr yppasswdd 8 , 1333which allows remote 1334.Tn NIS 1335users to update password on master server. 1336Passes 1337.Sy yppasswdd_flags . 1338.It Sy ypserv 1339Boolean value. 1340Runs 1341.Xr ypserv 8 , 1342the 1343.Tn NIS 1344(YP) server for distributing information from certain files in 1345.Pa /etc . 1346Passes 1347.Sy ypserv_flags . 1348The 1349.Dq Li -d 1350flag causes it to use DNS for lookups in 1351.Pa /etc/hosts 1352that fail. 1353.El 1354.Ss NFS daemons and parameters 1355.Bl -tag -width net_interfaces 1356.It Sy amd 1357Boolean value. 1358Runs 1359.Xr amd 8 , 1360the automounter daemon, which automatically mounts NFS file systems 1361whenever a file or directory within that file system is accessed. 1362Passes 1363.Sy amd_flags . 1364.It Sy amd_dir 1365A string. 1366The 1367.Xr amd 8 1368mount directory. 1369Used only if 1370.Sy amd 1371is true. 1372.It Sy lockd 1373Boolean value. 1374Runs 1375.Xr rpc.lockd 8 1376if 1377.Sy nfs_server 1378and/or 1379.Sy nfs_client 1380are true. 1381Passes 1382.Sy lockd_flags . 1383.It Sy mountd 1384Boolean value. 1385Runs 1386.Xr mountd 8 1387and passes 1388.Sy mountd_flags . 1389.It Sy nfs_client 1390Boolean value. 1391The number of local NFS asynchronous I/O server is now controlled via 1392.Xr sysctl 8 . 1393.It Sy nfs_server 1394Boolean value. 1395Sets up a host to be a NFS server by running 1396.Xr nfsd 8 1397and passing 1398.Sy nfsd_flags . 1399.It Sy statd 1400Boolean value. 1401Runs 1402.Xr rpc.statd 8 , 1403a status monitoring daemon used when 1404.Xr rpc.lockd 8 1405is running, if 1406.Sy nfs_server 1407and/or 1408.Sy nfs_client 1409are true. 1410Passes 1411.Sy statd_flags . 1412.El 1413.Ss Bluetooth support 1414.Bl -tag -width net_interfaces 1415.It Sy bluetooth 1416Boolean value. 1417Configure Bluetooth support, comprising the following tasks: 1418.Bl -dash -compact 1419.It 1420attach serial Bluetooth controllers as listed in the 1421.Pa /etc/bluetooth/btattach.conf 1422configuration file. 1423.It 1424enable Bluetooth controllers with useful defaults, plus 1425additional options as detailed below. 1426.It 1427optionally, start 1428.Xr bthcid 8 , 1429the Bluetooth Link Key/PIN Code manager, passing 1430.Sy bthcid_flags . 1431.It 1432configure local Bluetooth drivers as listed in the 1433.Pa /etc/bluetooth/btdevctl.conf 1434configuration file. 1435.It 1436optionally, start 1437.Xr sdpd 8 , 1438the Service Discovery server, passing 1439.Sy sdpd_flags . 1440.El 1441.It Sy btconfig_devices 1442A string. 1443An optional list of Bluetooth controllers to configure. 1444.It Sy btconfig_{dev} 1445A string. 1446Additional configuration options for specific Bluetooth controllers. 1447.It Sy btconfig_args 1448A string. 1449Additional configuration options for Bluetooth controllers without 1450specific options as above. 1451.It Sy bthcid 1452Boolean value. 1453If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1454.It Sy sdpd 1455Boolean value. 1456If set to false, disable starting the Bluetooth Service Discovery server. 1457.El 1458.Ss Other daemons 1459.Bl -tag -width net_interfaces 1460.It Sy identd 1461Boolean value. 1462Runs 1463.Xr identd 8 , 1464the daemon for the user identification protocol. 1465Passes 1466.Sy identd_flags . 1467.It Sy iscsi_target 1468Boolean value. 1469Runs the server for iSCSI requests, 1470.Xr iscsi-target 8 . 1471Passes 1472.Sy iscsi_target_flags . 1473.It Sy isdnd 1474Boolean value. 1475Runs 1476.Xr isdnd 8 , 1477the isdn4bsd ISDN connection management daemon. 1478Passes 1479.Sy isdnd_flags . 1480.It Sy isdn_autoupdown 1481Boolean value. 1482Set all configured ISDN interfaces to 1483.Dq up . 1484If 1485.Sy isdn_interfaces 1486is not blank, only the listed interfaces will be modified. 1487Used only if 1488.Sy isdnd 1489is true. 1490.It Sy kdc 1491Boolean value. 1492Runs the 1493.Xr kdc 8 1494Kerberos v4 and v5 server. 1495This should be run on Kerberos master and slave servers. 1496.It Sy rwhod 1497Boolean value. 1498Runs 1499.Xr rwhod 8 1500to support the 1501.Xr rwho 1 1502and 1503.Xr ruptime 1 1504commands. 1505.El 1506.Ss Hardware daemons 1507.Bl -tag -width net_interfaces 1508.It Sy apmd 1509Boolean value. 1510Runs 1511.Xr apmd 8 1512and passes 1513.Sy apmd_flags . 1514.It Sy irdaattach 1515Boolean value. 1516Runs 1517.Xr irdaattach 8 1518and passes 1519.Sy irdaattach_flags . 1520.It Sy moused 1521Boolean value. 1522Runs 1523.Xr moused 8 , 1524to pass serial mouse data to the wscons mouse mux. 1525Passes 1526.Sy moused_flags . 1527.It Sy screenblank 1528Boolean value. 1529Runs 1530.Xr screenblank 1 1531and passes 1532.Sy screenblank_flags . 1533.It Sy wscons 1534Boolean value. 1535Configures the 1536.Xr wscons 4 1537console driver, from the configuration file 1538.Pa /etc/wscons.conf . 1539.It Sy wsmoused 1540Boolean value. 1541Runs 1542.Xr wsmoused 8 , 1543to provide copy and paste text support in wscons displays. 1544Passes 1545.Sy wsmoused_flags . 1546.El 1547.Sh FILES 1548.Bl -tag -width /etc/defaults/rc.conf -compact 1549.It Pa /etc/rc.conf 1550The file 1551.Nm 1552resides in 1553.Pa /etc . 1554.It Pa /etc/defaults/rc.conf 1555Default settings for 1556.Nm , 1557sourced by 1558.Nm 1559before the end-user configuration section. 1560.It Pa /etc/rc.conf.d/ Ns Ar foo 1561.Ar foo Ns No -specific 1562.Nm 1563overrides. 1564.El 1565.Sh SEE ALSO 1566.Xr boot 8 , 1567.Xr rc 8 , 1568.Xr rc.d 8 , 1569.Xr rc.subr 8 , 1570.Xr rcorder 8 1571.Sh HISTORY 1572The 1573.Nm 1574file appeared in 1575.Nx 1.3 . 1576