1.\" $NetBSD: rc.conf.5,v 1.157 2014/01/15 11:42:43 apb Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd January 15, 2014 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Sq Ic YES , 127.Sq Ic TRUE , 128.Sq Ic ON 129or 130.Sq Ic 1 131for true, and 132.Sq Ic NO , 133.Sq Ic FALSE , 134.Sq Ic OFF 135or 136.Sq Ic 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with "_flags" appended, and determine what 141arguments are passed to the program if it is enabled. 142.Pp 143If a variable that 144.Xr rc 8 145expects to be set is not set, or the value is not one of the allowed 146values, a warning will be printed. 147.Ss Overall control 148.Bl -tag -width net_interfaces 149.It Sy do_rcshutdown 150Boolean value. 151If false, 152.Xr shutdown 8 153will not run 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_rcorder_flags 156A string. 157Extra arguments to the 158.Xr rcorder 8 159run by 160.Pa /etc/rc.shutdown . 161.It Sy rcshutdown_timeout 162A number. 163If non-blank, use this as the number of seconds to run a watchdog timer for 164which will terminate 165.Pa /etc/rc.shutdown 166if the timer expires before the shutdown script completes. 167.It Sy rc_configured 168Boolean value. 169If false then the system will drop into single-user mode during boot. 170.It Sy rc_fast_and_loose 171If set to a non-empty string, 172each script in 173.Pa /etc/rc.d 174will be executed in the current shell rather than a sub shell. 175This may be faster on slow machines that have an expensive 176.Xr fork 2 177operation. 178.Bl -hang 179.It Em Note : 180Use this at your own risk! 181A rogue command or script may inadvertently prevent boot to multiuser. 182.El 183.It Sy rc_rcorder_flags 184A string. 185Extra arguments to the 186.Xr rcorder 8 187run by 188.Pa /etc/rc . 189.It Sy rc_directories 190A string. 191Space separated list of directories searched for rc scripts. 192The default is 193.Pa /etc/rc.d . 194All directories in 195.Ev rc_directories 196must be located in the root filesystem, otherwise they will be silently 197skipped. 198.It Sy rc_silent 199Boolean value. 200If true then the usual output is suppressed, and 201.Xr rc 8 202invokes the command specified in the 203.Va rc_silent_cmd 204variable once for each line of suppressed output. 205The default value of 206.Va rc_silent 207is set from the 208.Dv AB_SILENT 209flag in the kernel's 210.Va boothowto 211variable (see 212.Xr boot 8 , 213.Xr reboot 2 ) . 214.It Sy rc_silent_cmd 215A command to be executed once per line of suppressed output, when 216.Va rc_silent 217is true. 218The default value of 219.Va rc_silent_cmd 220is 221.Dq twiddle , 222which will display a spinning symbol instead of each line of output. 223Another useful value is 224.Dq \&: , 225which will display nothing at all. 226.El 227.Ss Basic network configuration 228.Bl -tag -width net_interfaces 229.It Sy defaultroute 230A string. 231Default IPv4 network route. 232If empty or not set, then the contents of 233.Pa /etc/mygate 234(if it exists) are used. 235.It Sy defaultroute6 236A string. 237Default IPv6 network route. 238If empty or not set, then the contents of 239.Pa /etc/mygate6 240(if it exists) are used. 241.It Sy domainname 242A string. 243.Tn NIS 244(YP) domain of host. 245If empty or not set, then the contents of 246.Pa /etc/defaultdomain 247(if it exists) are used. 248.It Sy force_down_interfaces 249A space separated list of interface names. 250These interfaces will be configured down when going from multiuser to singleuser 251mode or on system shutdown. 252.Pp 253This is important for some stateful interfaces, for example PPP over ISDN 254connections that cost money by connection time or PPPoE interfaces which 255have no direct means of noticing 256.Dq disconnect 257events. 258.Pp 259All active 260.Xr pppoe 4 261and 262.Xr ippp 4 263interfaces will be automatically added to this list. 264.It Sy hostname 265A string. 266Name of host. 267If empty or not set, then the contents of 268.Pa /etc/myname 269(if it exists) are used. 270.El 271.Ss Boottime file-system and swap configuration 272.Bl -tag -width net_interfaces 273.It Sy critical_filesystems_local 274A string. 275File systems mounted very early in the system boot before networking 276services are available. 277Usually 278.Pa /var 279is part of this, because it is needed by services such as 280.Xr dhclient 8 281which may be required to get the network operational. 282The default is 283.Dq "OPTIONAL:/var" , 284where the 285.Dq "OPTIONAL:" 286prefix means that it's not an error if the file system is not 287present in 288.Xr fstab 5 . 289.It Sy critical_filesystems_remote 290A string. 291File systems such as 292.Pa /usr 293that may require network services to be available to mount, 294that must be available early in the system boot for general services to use. 295The default is 296.Dq "OPTIONAL:/usr" , 297where the 298.Dq "OPTIONAL:" 299prefix means that it is not an error if the file system is not 300present in 301.Xr fstab 5 . 302.It Sy fsck_flags 303A string. 304A file system is checked with 305.Xr fsck 8 306during boot before mounting it. 307This option may be used to override the default command-line options 308passed to the 309.Xr fsck 8 310program. 311.Pp 312When set to 313.Fl y , 314.Xr fsck 8 315assumes yes as the answer to all operator questions during file system checks. 316This might be important with hosts where the administrator does not have 317access to the console and an unsuccessful shutdown must not make the host 318unbootable even if the file system checks would fail in preen mode. 319.It Sy no_swap 320Boolean value. 321Should be true if you have deliberately configured your system with no swap. 322If false and no swap devices are configured, the system will warn you. 323.It Sy swapoff 324Boolean value. 325Remove block-type swap devices at shutdown time. 326Useful if swapping onto RAIDframe devices. 327.El 328.Ss Block device subsystems 329.Bl -tag -width net_interfaces 330.It Sy ccd 331Boolean value. 332Configures concatenated disk devices according to 333.Xr ccd.conf 5 . 334.It Sy cgd 335Boolean value. 336Configures cryptographic disk devices. 337Requires 338.Pa /etc/cgd/cgd.conf . 339See 340.Xr cgdconfig 8 341for additional details. 342.It Sy lvm 343Boolean value. 344Configures the logical volume manager. 345See 346.Xr lvm 8 347for additional details. 348.It Sy raidframe 349Boolean value. 350Configures 351.Xr raid 4 , 352RAIDframe disk devices. 353See 354.Xr raidctl 8 355for additional details. 356.El 357.Ss One-time actions to perform or programs to run on boot-up 358.Bl -tag -width net_interfaces 359.It Sy accounting 360Boolean value. 361Enables process accounting with 362.Xr accton 8 . 363Requires 364.Pa /var/account/acct 365to exist. 366.It Sy clear_tmp 367Boolean value. 368Clear 369.Pa /tmp 370after reboot. 371.It Sy dmesg 372Boolean value. 373Create 374.Pa /var/run/dmesg.boot 375from the output of 376.Xr dmesg 8 . 377Passes 378.Sy dmesg_flags . 379.It Sy envsys 380Boolean value. 381Sets preferences for the environmental systems framework, 382.Xr envsys 4 . 383Requires 384.Pa /etc/envsys.conf , 385which is described in 386.Xr envsys.conf 5 . 387.It Sy gpio 388Boolean value. 389Configure 390.Xr gpio 4 391devices. 392See 393.Xr gpio.conf 5 . 394.It Sy ldconfig 395Boolean value. 396Configures 397.Xr a.out 5 398runtime link editor directory cache. 399.It Sy mixerctl 400Boolean value. 401Read 402.Xr mixerctl.conf 5 403for how to set mixer values. 404List in 405.Sy mixerctl_mixers 406the devices whose settings are to be saved at shutdown and 407restored at start-up. 408.It Sy newsyslog 409Boolean value. 410Run 411.Nm newsyslog 412to trim logfiles before syslogd starts. 413Intended for laptop users. 414Passes 415.Sy newsyslog_flags . 416.It Sy per_user_tmp 417Boolean value. 418Enables a per-user 419.Pa /tmp 420directory. 421.Sy per_user_tmp_dir 422can be used to override the default location of the 423.Dq real 424temporary directories, 425.Dq Pa /private/tmp . 426See 427.Xr security 7 428for additional details. 429.It Sy quota 430Boolean value. 431Checks and enables quotas by running 432.Xr quotacheck 8 433and 434.Xr quotaon 8 . 435.It Sy random_seed 436Boolean value. 437During boot-up, runs the 438.Xr rndctl 8 439utility with the 440.Fl L 441flag to seed the random number subsystem from an entropy file. 442During shutdown, runs the 443.Xr rndctl 8 444utility with the 445.Fl S 446flag to save some random information to the entropy file. 447The entropy file name is specified by the 448.Sy random_file 449variable, and defaults to 450.Pa /var/db/entropy-file . 451The entropy file must be on a local file system that is writable early during 452boot-up (just after the file systems specified in 453.Sy critical_filesystems_local 454have been mounted), and correspondingly late during shutdown. 455.It Sy rndctl 456Boolean value. 457Runs the 458.Xr rndctl 8 459utility one or more times according to the specification in 460.Sy rndctl_flags . 461.Pp 462If 463.Sy rndctl_flags 464does not contain a semicolon 465.Pq Ql \&; 466then it is expected to contain zero or more flags, 467followed by one or more device or type names. 468The 469.Xr rndctl 8 470command will be executed once for each device or type name. 471If the specified flags do not include any of 472.Fl c , C , e , 473or 474.Fl E , 475then the flags 476.Fl c 477and 478.Fl e 479are added, to specify that entropy from the relevant device or type 480should be both collected and estimated. 481If the specified flags do not include either of 482.Fl d 483or 484.Fl t , 485then the flag 486.Fl d 487is added, to specify that the non-flag arguments are device names, 488not type names. 489.Pp 490.Sy rndctl_flags 491may contain multiple semicolon-separated segments, in which each 492segment contains flags and device or type names as described above. 493This allows different flags to be associated with different 494device or type names. 495For example, given 496.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 497the following commands will be executed: 498.Li "rndctl -c -e -d wd0" ; 499.Li "rndctl -c -e -d wd1" ; 500.Li "rndctl -c -e -t tty" ; 501.Li "rndctl -c -t net" . 502.It Sy rtclocaltime 503Boolean value. 504Sets the real time clock to local time by adjusting the 505.Xr sysctl 7 506value of 507.Pa kern.rtc_offset . 508The offset from UTC is calculated automatically according 509to the time zone information in the file 510.Pa /etc/localtime . 511.It Sy savecore 512Boolean value. 513Runs the 514.Xr savecore 8 515utility. 516Passes 517.Sy savecore_flags . 518The directory where crash dumps are stored is specified by 519.Sy savecore_dir . 520The default setting is 521.Dq Pa /var/crash . 522.It Sy sysdb 523Boolean value. 524Builds various system databases, including 525.Pa /var/run/dev.cdb , 526.Pa /etc/spwd.db , 527.Pa /var/db/netgroup.db , 528.Pa /var/db/services.cdb , 529and entries for 530.Xr utmp 5 . 531.It Sy tpctl 532Boolean value. 533Run 534.Xr tpctl 8 535to calibrate touch panel device. 536Passes 537.Sy tpctl_flags . 538.It Sy update_motd 539Boolean value. 540Updates the 541.Nx 542version string in the 543.Pa /etc/motd 544file to reflect the version of the running kernel. 545See 546.Xr motd 5 . 547.It Sy virecover 548Boolean value. 549Send notification mail to users if any recoverable files exist in 550.Pa /var/tmp/vi.recover . 551Read 552.Xr virecover 8 553for more information. 554.It Sy wdogctl 555Boolean value. 556Configures watchdog timers. 557Passes 558.Sy wdogctl_flags . 559Refer to 560.Xr wdogctl 8 561for information on how to configure a timer. 562.El 563.Ss System security settings 564.Bl -tag -width net_interfaces 565.It Sy securelevel 566A number. 567The system securelevel is set to the specified value early 568in the boot process, before any external logins, or other programs 569that run users job, are started. 570If set to nothing, the default action is taken, as described in 571.Xr init 8 572and 573.Xr secmodel_securelevel 9 , 574which contains definitive information about the system securelevel. 575Note that setting 576.Sy securelevel 577to 0 in 578.Nm 579will actually result in the system booting with securelevel set to 1, as 580.Xr init 8 581will raise the level when 582.Xr rc 8 583completes. 584.It Sy permit_nonalpha 585Boolean value. 586Allow passwords to include non-alpha characters, usually to allow 587NIS/YP netgroups. 588.It Sy veriexec 589Boolean value. 590Load Veriexec fingerprints during startup. 591Read 592.Xr veriexecctl 8 593for more information. 594.It Sy veriexec_strict 595A number. 596Controls the strict level of Veriexec. 597Level 0 is learning mode, used when building the signatures file. 598It will only output messages but will not enforce anything. 599Level 1 will only prevent access to files with a fingerprint 600mismatch. 601Level 2 will also deny writing to and removing of 602monitored files, as well as enforce access type (as specified in 603the signatures file). 604Level 3 will take a step further and prevent 605access to files that are not monitored. 606.It Sy veriexec_verbose 607A number. 608Controls the verbosity of Veriexec. 609Recommended operation is at level 0, verbose output (mostly used when 610building the signatures file) is at level 1. 611Level 2 is for debugging only and should not be used. 612.It Sy veriexec_flags 613A string. 614Flags to pass to the 615.Nm veriexecctl 616command. 617.El 618.Ss Networking startup 619.Bl -tag -width net_interfaces 620.It Sy altqd 621Boolean value. 622ALTQ configuration/monitoring daemon. 623Passes 624.Sy altqd_flags . 625.It Sy auto_ifconfig 626Boolean value. 627Sets the 628.Sy net_interfaces 629variable (see below) to the output of 630.Xr ifconfig 8 631with the 632.Dq Li -l 633flag and suppresses warnings about interfaces in this list that 634do not have an ifconfig file or variable. 635.It Sy dhclient 636Boolean value. 637Set true to configure some or all network interfaces using 638the ISC DHCP client. 639If you set 640.Sy dhclient 641true, then 642.Pa /var 643must be in 644.Sy critical_filesystems_local , 645or 646.Pa /var 647must be on the root file system, 648or you must modify the 649.Sy dhclient_flags 650variable to direct the DHCP client to store the leases file 651in some other directory on the root file system. 652You must not provide ifconfig information or ifaliases 653information for any interface that is to be configured using the DHCP client. 654Interface aliases can be set up in the DHCP client configuration 655file if needed - see 656.Xr dhclient.conf 5 657for details. 658.Pp 659Passes 660.Sy dhclient_flags 661to the DHCP client. 662See 663.Xr dhclient 8 664for complete documentation. 665If you wish to configure all broadcast 666network interfaces using the DHCP client, you can leave this blank. 667To configure only specific interfaces, name the interfaces to be configured 668on the command line. 669.Pp 670If you must run the DHCP client before mounting critical file systems, 671then you should specify an alternate location for the DHCP client's lease 672file in the 673.Sy dhclient_flags 674variable - for example, "-lf /tmp/dhclient.leases". 675.It Sy dhcpcd 676Boolean value. 677Set true to configure some or all network interfaces using dhcpcd. 678If you set 679.Sy dhcpcd 680true, then 681.Pa /var 682must be in 683.Sy critical_filesystems_local , 684or 685.Pa /var 686must be on the root file system. 687If you need to restrict dhcpcd to one or a number of interfaces, 688or need a separate configuration per interface, 689then this should be done in the configuration file - see 690.Xr dhcpcd.conf 5 691for details. 692.It Sy dhcpcd_flags 693Passes 694.Sy dhcpcd_flags 695to dhcpcd. 696See 697.Xr dhcpcd 8 698for complete documentation. 699.It Sy flushroutes 700Boolean value. 701Flushes the route table on networking startup. 702Useful when coming up to multiuser mode after going down to 703single-user mode. 704.It Sy ftp_proxy 705Boolean value. 706Runs 707.Xr ftp-proxy 8 , 708the proxy daemon for the Internet File Transfer Protocol. 709.It Sy hostapd 710Boolean value. 711Runs 712.Xr hostapd 8 , 713the authenticator for IEEE 802.11 networks. 714.It Sy ifaliases_* 715A string. 716List of 717.Sq Em "address netmask" 718pairs to configure additional network addresses for the given 719configured interface 720.Dq * 721(e.g. 722.Sy ifaliases_le0 ) . 723If 724.Em netmask 725is 726.Dq - , 727then use the default netmask for the interface. 728.Pp 729.Sy ifaliases_* 730covers limited cases only and is considered unrecommended. 731We recommend using 732.Sy ifconfig_nnX 733variables or 734.Pa /etc/ifconfig.xxN 735files with multiple lines instead. 736.It Sy ifwatchd 737Boolean value. 738Monitor dynamic interfaces and perform actions upon address changes. 739Passes 740.Sy ifwatchd_flags . 741.It Sy ip6mode 742A string. 743An IPv6 node can be a router 744.Pq nodes that forward packet for others 745or a host 746.Pq nodes that do not forward . 747A host can be autoconfigured 748based on the information advertised by adjacent IPv6 routers. 749By setting 750.Sy ip6mode 751to 752.Dq Li router , 753.Dq Li host , 754or 755.Dq Li autohost , 756you can configure your node as a router, 757a non-autoconfigured host, or an autoconfigured host. 758Invalid values will be ignored, and the node will be configured as 759a non-autoconfigured host. 760You may want to check 761.Sy rtsol 762and 763.Sy rtsold 764as well, if you set the variable to 765.Dq Li autohost . 766.It Sy ip6uniquelocal 767Boolean value. 768If 769.Sy ip6mode 770is equal to 771.Dq Li router , 772and 773.Sy ip6uniquelocal 774is false, 775a reject route will be installed on boot to avoid misconfiguration relating 776to unique-local addresses. 777If 778.Sy ip6uniquelocal 779is true, the reject route won't be installed. 780.It Sy ipfilter 781Boolean value. 782Runs 783.Xr ipf 8 784to load in packet filter specifications from 785.Pa /etc/ipf.conf 786at network boot time, before any interfaces are configured. 787Passes 788.Sy ipfilter_flags . 789See 790.Xr ipf.conf 5 . 791.It Sy ipfs 792Boolean value. 793Runs 794.Xr ipfs 8 795to save and restore information for ipnat and ipfilter state tables. 796The information is stored in 797.Pa /var/db/ipf/ipstate.ipf 798and 799.Pa /var/db/ipf/ipnat.ipf . 800Passes 801.Sy ipfs_flags . 802.It Sy ipmon 803Boolean value. 804Runs 805.Xr ipmon 8 806to read 807.Xr ipf 8 808packet log information and log it to a file or the system log. 809Passes 810.Sy ipmon_flags . 811.It Sy ipmon_flags 812A string. 813Specifies arguments to supply to 814.Xr ipmon 8 . 815Defaults to 816.Dq Li -ns . 817A typical example would be 818.Dq Fl nD Pa /var/log/ipflog 819to have 820.Xr ipmon 8 821log directly to a file bypassing 822.Xr syslogd 8 . 823If the 824.Dq -D 825argument is used, remember to modify 826.Pa /etc/newsyslog.conf 827accordingly; for example: 828.Bd -literal 829/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 830.Ed 831.It Sy ipnat 832Boolean value. 833Runs 834.Xr ipnat 8 835to load in the IP network address translation (NAT) rules from 836.Pa /etc/ipnat.conf 837at network boot time, before any interfaces are configured. 838See 839.Xr ipnat.conf 5 . 840.It Sy ipsec 841Boolean value. 842Runs 843.Xr setkey 8 844to load in IPsec manual keys and policies from 845.Pa /etc/ipsec.conf 846at network boot time, before any interfaces are configured. 847.It Sy net_interfaces 848A string. 849The list of network interfaces to be configured at boot time. 850For each interface "xxN", the system first looks for ifconfig 851parameters in the variable 852.Sy ifconfig_xxN , 853and then in the file 854.Pa /etc/ifconfig.xxN . 855If 856.Sy auto_ifconfig 857is false, and neither the variable nor the file is found, 858a warning is printed. 859Information in either the variable or the file is parsed identically, 860except that, if an 861.Sy ifconfig_xxN 862variable contains a single line with embedded semicolons, 863then the value is split into multiple lines prior to further parsing, 864treating the semicolon as a line separator. 865.Pp 866One common case it to set the 867.Sy ifconfig_xxN 868variable to a set of arguments to be passed to an 869.Xr ifconfig 8 870command after the interface name. 871Refer to 872.Xr ifconfig.if 5 873for more details on 874.Pa /etc/ifconfig.xxN 875files, and note that the information there also applies to 876.Sy ifconfig_xxN 877variables (after the variables are split into lines). 878.It Sy ntpdate 879Boolean value. 880Runs 881.Xr ntpdate 8 882to set the system time from one of the hosts in 883.Sy ntpdate_hosts . 884If 885.Sy ntpdate_hosts 886is empty, it will attempt to find a list of hosts in 887.Pa /etc/ntp.conf . 888Passes 889.Sy ntpdate_flags . 890.It Sy pf 891Boolean value. 892Enable 893.Xr pf 4 894at network boot time: 895Load the initial configuration 896.Xr pf.boot.conf 5 897before the network is up. 898After the network has been configured, then load the final ruleset 899.Xr pf.conf 5 . 900.It Sy pf_rules 901A string. 902The path of the 903.Xr pf.conf 5 904ruleset that will be used when loading the final ruleset. 905.It Sy pflogd 906Boolean value. 907Run 908.Xr pflogd 8 909for dumping packet filter logging information to a file. 910.It Sy ppp 911A boolean. 912Toggles starting 913.Xr pppd 8 914on startup. 915See 916.Sy ppp_peers 917below. 918.It Sy ppp_peers 919A string. 920If 921.Sy ppp 922is true and 923.Sy ppp_peers 924is not empty, then 925.Pa /etc/rc.d/ppp 926will check each word in 927.Sy ppp_peers 928for a corresponding ppp configuration file in 929.Pa /etc/ppp/peers 930and will call 931.Xr pppd 8 932with the 933.Dq call Sy peer 934option. 935.It Sy racoon 936Boolean value. 937Runs 938.Xr racoon 8 , 939the IKE (ISAKMP/Oakley) key management daemon. 940.It Sy rtsol 941Boolean value. 942Run 943.Xr rtsol 8 , 944router solicitation command for IPv6 hosts. 945On nomadic hosts like notebook computers, you may want to enable 946.Sy rtsold 947as well. 948Passes 949.Sy rtsol_flags . 950This is only for autoconfigured IPv6 hosts, so set 951.Sy ip6mode 952to 953.Dq Li autohost 954if you use it. 955.It Sy wpa_supplicant 956Boolean value. 957Run 958.Xr wpa_supplicant 8 , 959WPA/802.11i Supplicant for wireless network devices. 960If you set 961.Sy wpa_supplicant 962true, then 963.Pa /usr 964must be in 965.Sy critical_filesystems_local , 966or 967.Pa /usr 968must be on the root file system. 969.El 970.Ss Daemons required by other daemons 971.Bl -tag -width net_interfaces 972.It Sy inetd 973Boolean value. 974Runs the 975.Xr inetd 8 976daemon to start network server processes (as listed in 977.Pa /etc/inetd.conf ) 978as necessary. 979Passes 980.Sy inetd_flags . 981The 982.Dq Li -l 983flag turns on libwrap connection logging. 984.It Sy rpcbind 985Boolean value. 986The 987.Xr rpcbind 8 988daemon is required for any 989.Xr rpc 3 990services. 991These include NFS, 992.Tn NIS , 993.Xr rpc.bootparamd 8 , 994.Xr rpc.rstatd 8 , 995.Xr rpc.rusersd 8 , 996and 997.Xr rpc.rwalld 8 . 998Passes 999.Sy rpcbind_flags . 1000.El 1001.Ss Commonly used daemons 1002.Bl -tag -width net_interfaces 1003.It Sy cron 1004Boolean value. 1005Run 1006.Xr cron 8 . 1007.It Sy ftpd 1008Boolean value. 1009Runs the 1010.Xr ftpd 8 1011daemon and passes 1012.Sy ftpd_flags . 1013.It Sy httpd 1014Boolean value. 1015Runs the 1016.Xr httpd 8 1017daemon and passes 1018.Sy httpd_flags . 1019.It Sy httpd_wwwdir 1020A string. 1021The 1022.Xr httpd 8 1023WWW root directory. 1024Used only if 1025.Sy httpd 1026is true. 1027The default setting is 1028.Dq Pa /var/www . 1029.It Sy httpd_wwwuser 1030A string. 1031If non-blank and 1032.Sy httpd 1033is true, run 1034.Xr httpd 8 1035and cause it to switch to the specified user after initialization. 1036It is preferred to 1037.Sy httpd_user 1038because 1039.Xr httpd 8 1040is requiring extra privileges to start listening on default port 80. 1041The default setting is 1042.Dq Dv _httpd . 1043.It Sy lpd 1044Boolean value. 1045Runs 1046.Xr lpd 8 1047and passes 1048.Sy lpd_flags . 1049The 1050.Dq Li -l 1051flag will turn on extra logging. 1052.It Sy mdnsd 1053Boolean value. 1054Runs 1055.Xr mdnsd 8 . 1056.It Sy named 1057Boolean value. 1058Runs 1059.Xr named 8 1060and passes 1061.Sy named_flags . 1062.It Sy named_chrootdir 1063A string. 1064If non-blank and 1065.Sy named 1066is true, run 1067.Xr named 8 1068as the unprivileged user and group 1069.Sq named , 1070.Xr chroot 2 Ns ed 1071to 1072.Sy named_chrootdir . 1073.Sy named_chrootdir Ns Pa /var/run/log 1074will be added to the list of log sockets that 1075.Xr syslogd 8 1076listens to. 1077.It Sy ntpd 1078Boolean value. 1079Runs 1080.Xr ntpd 8 1081and passes 1082.Sy ntpd_flags . 1083.It Sy ntpd_chrootdir 1084A string. 1085If non-blank and 1086.Sy ntpd 1087is true, run 1088.Xr ntpd 8 1089as the unprivileged user and group 1090.Sq ntpd , 1091.Xr chroot 2 Ns ed 1092to 1093.Sy ntpd_chrootdir . 1094.Sy ntpd_chrootdir Ns Pa /var/run/log 1095will be added to the list of log sockets that 1096.Xr syslogd 8 1097listens to. 1098This option requires that the kernel has 1099.Dl pseudo-device clockctl 1100compiled in, and that 1101.Pa /dev/clockctl 1102is present. 1103.It Sy postfix 1104Boolean value. 1105Starts 1106.Xr postfix 1 1107mail system. 1108.It Sy sshd 1109Boolean value. 1110Runs 1111.Xr sshd 8 1112and passes 1113.Sy sshd_flags . 1114.It Sy syslogd 1115Boolean value. 1116Runs 1117.Xr syslogd 8 1118and passes 1119.Sy syslogd_flags . 1120.It Sy timed 1121Boolean value. 1122Runs 1123.Xr timed 8 1124and passes 1125.Sy timed_flags . 1126The 1127.Dq Li -M 1128option allows 1129.Xr timed 8 1130to be a master time source as well as a slave. 1131If you are also running 1132.Xr ntpd 8 , 1133only one machine running both should have the 1134.Dq Li -M 1135flag given to 1136.Xr timed 8 . 1137.El 1138.Ss Routing daemons 1139.Bl -tag -width net_interfaces 1140.It Sy mrouted 1141Boolean value. 1142Runs 1143.Xr mrouted 8 , 1144the DVMRP multicast routing protocol daemon. 1145Passes 1146.Sy mrouted_flags . 1147.It Sy route6d 1148Boolean value. 1149Runs 1150.Xr route6d 8 , 1151the RIPng routing protocol daemon for IPv6. 1152Passes 1153.Sy route6d_flags . 1154.It Sy routed 1155Boolean value. 1156Runs 1157.Xr routed 8 , 1158the RIP routing protocol daemon. 1159Passes 1160.Sy routed_flags . 1161.\" This should be false 1162.\" if 1163.\" .Sy gated 1164.\" is true. 1165.It Sy rtsold 1166Boolean value. 1167Runs 1168.Xr rtsold 8 , 1169the IPv6 router solicitation daemon. 1170.Xr rtsold 8 1171periodically transmits router solicitation packets 1172to find IPv6 routers on the network. 1173This configuration is mainly for nomadic hosts like notebook computers. 1174Stationary hosts should work fine with just 1175.Sy rtsol . 1176Passes 1177.Sy rtsold_flags . 1178This is only for autoconfigured IPv6 hosts, so set 1179.Sy ip6mode 1180to 1181.Dq Li autohost 1182if you use it. 1183.El 1184.Ss Daemons used to boot other hosts over a network 1185.Bl -tag -width net_interfaces 1186.It Sy bootparamd 1187Boolean value. 1188Runs 1189.Xr bootparamd 8 , 1190the boot parameter server, with 1191.Sy bootparamd_flags 1192as options. 1193Used to boot 1194.Nx 1195and 1196.Tn "SunOS 4.x" 1197systems. 1198.It Sy dhcpd 1199Boolean value. 1200Runs 1201.Xr dhcpd 8 , 1202the Dynamic Host Configuration Protocol (DHCP) daemon, 1203for assigning IP addresses to hosts and passing boot information. 1204Passes 1205.Sy dhcpd_flags . 1206.It Sy dhcrelay 1207Boolean value. 1208Runs 1209.Xr dhcrelay 8 . 1210Passes 1211.Sy dhcrelay_flags . 1212.It Sy mopd 1213Boolean value. 1214Runs 1215.Xr mopd 8 , 1216the 1217.Tn DEC 1218.Tn MOP 1219protocol daemon; used for booting 1220.Tn VAX 1221and other 1222.Tn DEC 1223machines. 1224Passes 1225.Sy mopd_flags . 1226.It Sy ndbootd 1227Boolean value. 1228Runs 1229.Xr ndbootd 8 , 1230the Sun Network Disk (ND) Protocol server. 1231Passes 1232.Sy ndbootd_flags . 1233.It Sy rarpd 1234Boolean value. 1235Runs 1236.Xr rarpd 8 , 1237the reverse ARP daemon, often used to boot 1238.Nx 1239and Sun workstations. 1240Passes 1241.Sy rarpd_flags . 1242.It Sy rbootd 1243Boolean value. 1244Runs 1245.Xr rbootd 8 , 1246the 1247.Tn HP 1248boot protocol daemon; used for booting 1249.Tn HP 1250workstations. 1251Passes 1252.Sy rbootd_flags . 1253.It Sy rtadvd 1254Boolean value. 1255Runs 1256.Xr rtadvd 8 , 1257the IPv6 router advertisement daemon, which is used to advertise 1258information about the subnet to IPv6 end hosts. 1259Passes 1260.Sy rtadvd_flags . 1261This is only for IPv6 routers, so set 1262.Sy ip6mode 1263to 1264.Dq Li router 1265if you use it. 1266.El 1267.Ss X Window System daemons 1268.Bl -tag -width net_interfaces 1269.It Sy xdm 1270Boolean value. 1271Runs the 1272.Xr xdm 1 1273X display manager. 1274These X daemons are available only with the optional X distribution of 1275.Nx . 1276.It Sy xfs 1277Boolean value. 1278Runs the 1279.Xr xfs 1 1280X11 font server, which supplies local X font files to X terminals. 1281.El 1282.Ss NIS (YP) daemons 1283.Bl -tag -width net_interfaces 1284.It Sy ypbind 1285Boolean value. 1286Runs 1287.Xr ypbind 8 , 1288which lets 1289.Tn NIS 1290(YP) clients use information from a 1291.Tn NIS 1292server. 1293Passes 1294.Sy ypbind_flags . 1295.It Sy yppasswdd 1296Boolean value. 1297Runs 1298.Xr yppasswdd 8 , 1299which allows remote 1300.Tn NIS 1301users to update password on master server. 1302Passes 1303.Sy yppasswdd_flags . 1304.It Sy ypserv 1305Boolean value. 1306Runs 1307.Xr ypserv 8 , 1308the 1309.Tn NIS 1310(YP) server for distributing information from certain files in 1311.Pa /etc . 1312Passes 1313.Sy ypserv_flags . 1314The 1315.Dq Li -d 1316flag causes it to use DNS for lookups in 1317.Pa /etc/hosts 1318that fail. 1319.El 1320.Ss NFS daemons and parameters 1321.Bl -tag -width net_interfaces 1322.It Sy amd 1323Boolean value. 1324Runs 1325.Xr amd 8 , 1326the automounter daemon, which automatically mounts NFS file systems 1327whenever a file or directory within that file system is accessed. 1328Passes 1329.Sy amd_flags . 1330.It Sy amd_dir 1331A string. 1332The 1333.Xr amd 8 1334mount directory. 1335Used only if 1336.Sy amd 1337is true. 1338.It Sy lockd 1339Boolean value. 1340Runs 1341.Xr rpc.lockd 8 1342if 1343.Sy nfs_server 1344and/or 1345.Sy nfs_client 1346are true. 1347Passes 1348.Sy lockd_flags . 1349.It Sy mountd 1350Boolean value. 1351Runs 1352.Xr mountd 8 1353and passes 1354.Sy mountd_flags . 1355.It Sy nfs_client 1356Boolean value. 1357The number of local NFS asynchronous I/O server is now controlled via 1358.Xr sysctl 8 . 1359.It Sy nfs_server 1360Boolean value. 1361Sets up a host to be a NFS server by running 1362.Xr nfsd 8 1363and passing 1364.Sy nfsd_flags . 1365.It Sy statd 1366Boolean value. 1367Runs 1368.Xr rpc.statd 8 , 1369a status monitoring daemon used when 1370.Xr rpc.lockd 8 1371is running, if 1372.Sy nfs_server 1373and/or 1374.Sy nfs_client 1375are true. 1376Passes 1377.Sy statd_flags . 1378.El 1379.Ss Bluetooth support 1380.Bl -tag -width net_interfaces 1381.It Sy bluetooth 1382Boolean value. 1383Configure Bluetooth support, comprising the following tasks: 1384.Bl -dash -compact 1385.It 1386attach serial Bluetooth controllers as listed in the 1387.Pa /etc/bluetooth/btdevctl.conf 1388configuration file. 1389.It 1390enable Bluetooth controllers with useful defaults, plus 1391additional options as detailed below. 1392.It 1393optionally, start 1394.Xr bthcid 8 , 1395the Bluetooth Link Key/PIN Code manager, passing 1396.Sy bthcid_flags . 1397.It 1398configure local Bluetooth drivers as listed in the 1399.Pa /etc/bluetooth/btdevctl.conf 1400configuration file. 1401.It 1402optionally, start 1403.Xr sdpd 8 , 1404the Service Discovery server, passing 1405.Sy sdpd_flags . 1406.El 1407.It Sy btconfig_devices 1408A string. 1409An optional list of Bluetooth controllers to configure. 1410.It Sy btconfig_{dev} 1411A string. 1412Additional configuration options for specific Bluetooth controllers. 1413.It Sy btconfig_args 1414A string. 1415Additional configuration options for Bluetooth controllers without 1416specific options as above. 1417.It Sy bthcid 1418Boolean value. 1419If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1420.It Sy sdpd 1421Boolean value. 1422If set to false, disable starting the Bluetooth Service Discovery server. 1423.El 1424.Ss Other daemons 1425.Bl -tag -width net_interfaces 1426.It Sy identd 1427Boolean value. 1428Runs 1429.Xr identd 8 , 1430the daemon for the user identification protocol. 1431Passes 1432.Sy identd_flags . 1433.It Sy iscsi_target 1434Boolean value. 1435Runs the server for iSCSI requests, 1436.Xr iscsi-target 8 . 1437Passes 1438.Sy iscsi_target_flags . 1439.It Sy isdnd 1440Boolean value. 1441Runs 1442.Xr isdnd 8 , 1443the isdn4bsd ISDN connection management daemon. 1444Passes 1445.Sy isdnd_flags . 1446.It Sy isdn_autoupdown 1447Boolean value. 1448Set all configured ISDN interfaces to 1449.Dq up . 1450If 1451.Sy isdn_interfaces 1452is not blank, only the listed interfaces will be modified. 1453Used only if 1454.Sy isdnd 1455is true. 1456.It Sy kdc 1457Boolean value. 1458Runs the 1459.Xr kdc 8 1460Kerberos v4 and v5 server. 1461This should be run on Kerberos master and slave servers. 1462.It Sy rwhod 1463Boolean value. 1464Runs 1465.Xr rwhod 8 1466to support the 1467.Xr rwho 1 1468and 1469.Xr ruptime 1 1470commands. 1471.El 1472.Ss Hardware daemons 1473.Bl -tag -width net_interfaces 1474.It Sy apmd 1475Boolean value. 1476Runs 1477.Xr apmd 8 1478and passes 1479.Sy apmd_flags . 1480.It Sy irdaattach 1481Boolean value. 1482Runs 1483.Xr irdaattach 8 1484and passes 1485.Sy irdaattach_flags . 1486.It Sy moused 1487Boolean value. 1488Runs 1489.Xr moused 8 , 1490to pass serial mouse data to the wscons mouse mux. 1491Passes 1492.Sy moused_flags . 1493.It Sy screenblank 1494Boolean value. 1495Runs 1496.Xr screenblank 1 1497and passes 1498.Sy screenblank_flags . 1499.It Sy wscons 1500Boolean value. 1501Configures the 1502.Xr wscons 4 1503console driver, from the configuration file 1504.Pa /etc/wscons.conf . 1505.It Sy wsmoused 1506Boolean value. 1507Runs 1508.Xr wsmoused 8 , 1509to provide copy and paste text support in wscons displays. 1510Passes 1511.Sy wsmoused_flags . 1512.El 1513.Sh FILES 1514.Bl -tag -width /etc/defaults/rc.conf -compact 1515.It Pa /etc/rc.conf 1516The file 1517.Nm 1518resides in 1519.Pa /etc . 1520.It Pa /etc/defaults/rc.conf 1521Default settings for 1522.Nm , 1523sourced by 1524.Nm 1525before the end-user configuration section. 1526.It Pa /etc/rc.conf.d/ Ns Ar foo 1527.Ar foo Ns No -specific 1528.Nm 1529overrides. 1530.El 1531.Sh SEE ALSO 1532.Xr boot 8 , 1533.Xr rc 8 , 1534.Xr rc.d 8 , 1535.Xr rc.subr 8 , 1536.Xr rcorder 8 1537.Sh HISTORY 1538The 1539.Nm 1540file appeared in 1541.Nx 1.3 . 1542