1.\" $NetBSD: rc.conf.5,v 1.168 2018/01/09 09:17:52 wiz Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd January 8, 2018 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Sq Ic YES , 127.Sq Ic TRUE , 128.Sq Ic ON 129or 130.Sq Ic 1 131for true, and 132.Sq Ic NO , 133.Sq Ic FALSE , 134.Sq Ic OFF 135or 136.Sq Ic 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with "_flags" appended, and determine what 141arguments are passed to the program if it is enabled. 142.Pp 143If a variable that 144.Xr rc 8 145expects to be set is not set, or the value is not one of the allowed 146values, a warning will be printed. 147.Ss Overall control 148.Bl -tag -width net_interfaces 149.It Sy do_rcshutdown 150Boolean value. 151If false, 152.Xr shutdown 8 153will not run 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_rcorder_flags 156A string. 157Extra arguments to the 158.Xr rcorder 8 159run by 160.Pa /etc/rc.shutdown . 161.It Sy rcshutdown_timeout 162A number. 163If non-blank, use this as the number of seconds to run a watchdog timer for 164which will terminate 165.Pa /etc/rc.shutdown 166if the timer expires before the shutdown script completes. 167.It Sy rc_configured 168Boolean value. 169If false then the system will drop into single-user mode during boot. 170.It Sy rc_fast_and_loose 171If set to a non-empty string, 172each script in 173.Pa /etc/rc.d 174will be executed in the current shell rather than a sub shell. 175This may be faster on slow machines that have an expensive 176.Xr fork 2 177operation. 178.Bl -hang 179.It Em Note : 180Use this at your own risk! 181A rogue command or script may inadvertently prevent boot to multiuser. 182.El 183.It Sy rc_rcorder_flags 184A string. 185Extra arguments to the 186.Xr rcorder 8 187run by 188.Pa /etc/rc . 189.It Sy rc_directories 190A string. 191Space separated list of directories searched for rc scripts. 192The default is 193.Pa /etc/rc.d . 194All directories in 195.Ev rc_directories 196must be located in the root file system, otherwise they will be silently 197skipped. 198.It Sy rc_silent 199Boolean value. 200If true then the usual output is suppressed, and 201.Xr rc 8 202invokes the command specified in the 203.Va rc_silent_cmd 204variable once for each line of suppressed output. 205The default value of 206.Va rc_silent 207is set from the 208.Dv AB_SILENT 209flag in the kernel's 210.Va boothowto 211variable (see 212.Xr boot 8 , 213.Xr reboot 2 ) . 214.It Sy rc_silent_cmd 215A command to be executed once per line of suppressed output, when 216.Va rc_silent 217is true. 218The default value of 219.Va rc_silent_cmd 220is 221.Dq twiddle , 222which will display a spinning symbol instead of each line of output. 223Another useful value is 224.Dq \&: , 225which will display nothing at all. 226.El 227.Ss Basic network configuration 228.Bl -tag -width net_interfaces 229.It Sy defaultroute 230A string. 231Default IPv4 network route. 232If empty or not set, then the contents of 233.Pa /etc/mygate 234(if it exists) are used. 235.It Sy defaultroute6 236A string. 237Default IPv6 network route. 238If empty or not set, then the contents of 239.Pa /etc/mygate6 240(if it exists) are used. 241.It Sy domainname 242A string. 243NIS (YP) domain of host. 244If empty or not set, then the contents of 245.Pa /etc/defaultdomain 246(if it exists) are used. 247.It Sy force_down_interfaces 248A space separated list of interface names. 249These interfaces will be configured down when going from multiuser to single-user 250mode or on system shutdown. 251.Pp 252This is important for some stateful interfaces, for example PPP over ISDN 253connections that cost money by connection time or PPPoE interfaces which 254have no direct means of noticing 255.Dq disconnect 256events. 257.Pp 258All active 259.Xr pppoe 4 260and 261.Xr ippp 4 262interfaces will be automatically added to this list. 263.It Sy hostname 264A string. 265Name of host. 266If empty or not set, then the contents of 267.Pa /etc/myname 268(if it exists) are used. 269.El 270.Ss Boottime file-system and swap configuration 271.Bl -tag -width net_interfaces 272.It Sy critical_filesystems_local 273A string. 274File systems mounted very early in the system boot before networking 275services are available. 276Usually 277.Pa /var 278is part of this, because it is needed by services such as 279.Xr dhcpcd 8 280which may be required to get the network operational. 281The default is 282.Dq "OPTIONAL:/var" , 283where the 284.Dq "OPTIONAL:" 285prefix means that it's not an error if the file system is not 286present in 287.Xr fstab 5 . 288.It Sy critical_filesystems_remote 289A string. 290File systems such as 291.Pa /usr 292that may require network services to be available to mount, 293that must be available early in the system boot for general services to use. 294The default is 295.Dq "OPTIONAL:/usr" , 296where the 297.Dq "OPTIONAL:" 298prefix means that it is not an error if the file system is not 299present in 300.Xr fstab 5 . 301.It Sy fsck_flags 302A string. 303A file system is checked with 304.Xr fsck 8 305during boot before mounting it. 306This option may be used to override the default command-line options 307passed to the 308.Xr fsck 8 309program. 310.Pp 311When set to 312.Fl y , 313.Xr fsck 8 314assumes yes as the answer to all operator questions during file system checks. 315This might be important with hosts where the administrator does not have 316access to the console and an unsuccessful shutdown must not make the host 317unbootable even if the file system checks would fail in preen mode. 318.It Sy no_swap 319Boolean value. 320Should be true if you have deliberately configured your system with no swap. 321If false and no swap devices are configured, the system will warn you. 322.It Sy resize_root 323Boolean value. 324Set to true to have the system resize the root file system to fill its 325partition. 326Will only attempt to resize the root file system if it is of type ffs and does 327not have logging enabled. 328Defaults to false. 329.It Sy swapoff 330Boolean value. 331Remove block-type swap devices at shutdown time. 332Useful if swapping onto RAIDframe devices. 333.El 334.Ss Block device subsystems 335.Bl -tag -width net_interfaces 336.It Sy ccd 337Boolean value. 338Configures concatenated disk devices according to 339.Xr ccd.conf 5 . 340.It Sy cgd 341Boolean value. 342Configures cryptographic disk devices. 343Requires 344.Pa /etc/cgd/cgd.conf . 345See 346.Xr cgdconfig 8 347for additional details. 348.It Sy lvm 349Boolean value. 350Configures the logical volume manager. 351See 352.Xr lvm 8 353for additional details. 354.It Sy raidframe 355Boolean value. 356Configures 357.Xr raid 4 , 358RAIDframe disk devices. 359See 360.Xr raidctl 8 361for additional details. 362.El 363.Ss One-time actions to perform or programs to run on boot-up 364.Bl -tag -width net_interfaces 365.It Sy accounting 366Boolean value. 367Enables process accounting with 368.Xr accton 8 . 369Requires 370.Pa /var/account/acct 371to exist. 372.It Sy clear_tmp 373Boolean value. 374Clear 375.Pa /tmp 376after reboot. 377.It Sy dmesg 378Boolean value. 379Create 380.Pa /var/run/dmesg.boot 381from the output of 382.Xr dmesg 8 . 383Passes 384.Sy dmesg_flags . 385.It Sy envsys 386Boolean value. 387Sets preferences for the environmental systems framework, 388.Xr envsys 4 . 389Requires 390.Pa /etc/envsys.conf , 391which is described in 392.Xr envsys.conf 5 . 393.It Sy gpio 394Boolean value. 395Configure 396.Xr gpio 4 397devices. 398See 399.Xr gpio.conf 5 . 400.It Sy ldconfig 401Boolean value. 402Configures 403.Xr a.out 5 404runtime link editor directory cache. 405.It Sy mixerctl 406Boolean value. 407Read 408.Xr mixerctl.conf 5 409for how to set mixer values. 410List in 411.Sy mixerctl_mixers 412the devices whose settings are to be saved at shutdown and 413restored at start-up. 414.It Sy newsyslog 415Boolean value. 416Run 417.Nm newsyslog 418to trim log files before syslogd starts. 419Intended for laptop users. 420Passes 421.Sy newsyslog_flags . 422.It Sy per_user_tmp 423Boolean value. 424Enables a per-user 425.Pa /tmp 426directory. 427.Sy per_user_tmp_dir 428can be used to override the default location of the 429.Dq real 430temporary directories, 431.Dq Pa /private/tmp . 432See 433.Xr security 7 434for additional details. 435.It Sy quota 436Boolean value. 437Checks and enables quotas by running 438.Xr quotacheck 8 439and 440.Xr quotaon 8 . 441.It Sy random_seed 442Boolean value. 443During boot-up, runs the 444.Xr rndctl 8 445utility with the 446.Fl L 447flag to seed the random number subsystem from an entropy file. 448During shutdown, runs the 449.Xr rndctl 8 450utility with the 451.Fl S 452flag to save some random information to the entropy file. 453The entropy file name is specified by the 454.Sy random_file 455variable, and defaults to 456.Pa /var/db/entropy-file . 457The entropy file must be on a local file system that is writable early during 458boot-up (just after the file systems specified in 459.Sy critical_filesystems_local 460have been mounted), and correspondingly late during shutdown. 461.It Sy rndctl 462Boolean value. 463Runs the 464.Xr rndctl 8 465utility one or more times according to the specification in 466.Sy rndctl_flags . 467.Pp 468If 469.Sy rndctl_flags 470does not contain a semicolon 471.Pq Ql \&; 472then it is expected to contain zero or more flags, 473followed by one or more device or type names. 474The 475.Xr rndctl 8 476command will be executed once for each device or type name. 477If the specified flags do not include any of 478.Fl c , C , e , 479or 480.Fl E , 481then the flags 482.Fl c 483and 484.Fl e 485are added, to specify that entropy from the relevant device or type 486should be both collected and estimated. 487If the specified flags do not include either of 488.Fl d 489or 490.Fl t , 491then the flag 492.Fl d 493is added, to specify that the non-flag arguments are device names, 494not type names. 495.Pp 496.Sy rndctl_flags 497may contain multiple semicolon-separated segments, in which each 498segment contains flags and device or type names as described above. 499This allows different flags to be associated with different 500device or type names. 501For example, given 502.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 503the following commands will be executed: 504.Li "rndctl -c -e -d wd0" ; 505.Li "rndctl -c -e -d wd1" ; 506.Li "rndctl -c -e -t tty" ; 507.Li "rndctl -c -t net" . 508.It Sy rtclocaltime 509Boolean value. 510Sets the real time clock to local time by adjusting the 511.Xr sysctl 7 512value of 513.Pa kern.rtc_offset . 514The offset from UTC is calculated automatically according 515to the time zone information in the file 516.Pa /etc/localtime . 517.It Sy savecore 518Boolean value. 519Runs the 520.Xr savecore 8 521utility. 522Passes 523.Sy savecore_flags . 524The directory where crash dumps are stored is specified by 525.Sy savecore_dir . 526The default setting is 527.Dq Pa /var/crash . 528.It Sy sysdb 529Boolean value. 530Builds various system databases, including 531.Pa /var/run/dev.cdb , 532.Pa /etc/spwd.db , 533.Pa /var/db/netgroup.db , 534.Pa /var/db/services.cdb , 535and entries for 536.Xr utmp 5 . 537.It Sy tpctl 538Boolean value. 539Run 540.Xr tpctl 8 541to calibrate touch panel device. 542Passes 543.Sy tpctl_flags . 544.It Sy update_motd 545Boolean value. 546Updates the 547.Nx 548version string in the 549.Pa /etc/motd 550file to reflect the version of the running kernel. 551See 552.Xr motd 5 . 553.It Sy virecover 554Boolean value. 555Send notification mail to users if any recoverable files exist in 556.Pa /var/tmp/vi.recover . 557Read 558.Xr virecover 8 559for more information. 560.It Sy wdogctl 561Boolean value. 562Configures watchdog timers. 563Passes 564.Sy wdogctl_flags . 565Refer to 566.Xr wdogctl 8 567for information on how to configure a timer. 568.El 569.Ss System security settings 570.Bl -tag -width net_interfaces 571.It Sy securelevel 572A number. 573The system securelevel is set to the specified value early 574in the boot process, before any external logins, or other programs 575that run users job, are started. 576If set to nothing, the default action is taken, as described in 577.Xr init 8 578and 579.Xr secmodel_securelevel 9 , 580which contains definitive information about the system securelevel. 581Note that setting 582.Sy securelevel 583to 0 in 584.Nm 585will actually result in the system booting with securelevel set to 1, as 586.Xr init 8 587will raise the level when 588.Xr rc 8 589completes. 590.It Sy permit_nonalpha 591Boolean value. 592Allow passwords to include non-alpha characters, usually to allow 593NIS/YP netgroups. 594.It Sy veriexec 595Boolean value. 596Load Veriexec fingerprints during startup. 597Read 598.Xr veriexecctl 8 599for more information. 600.It Sy veriexec_strict 601A number. 602Controls the strict level of Veriexec. 603Level 0 is learning mode, used when building the signatures file. 604It will only output messages but will not enforce anything. 605Level 1 will only prevent access to files with a fingerprint 606mismatch. 607Level 2 will also deny writing to and removing of 608monitored files, as well as enforce access type (as specified in 609the signatures file). 610Level 3 will take a step further and prevent 611access to files that are not monitored. 612.It Sy veriexec_verbose 613A number. 614Controls the verbosity of Veriexec. 615Recommended operation is at level 0, verbose output (mostly used when 616building the signatures file) is at level 1. 617Level 2 is for debugging only and should not be used. 618.It Sy veriexec_flags 619A string. 620Flags to pass to the 621.Nm veriexecctl 622command. 623.El 624.Ss Networking startup 625.Bl -tag -width net_interfaces 626.It Sy altqd 627Boolean value. 628ALTQ configuration/monitoring daemon. 629Passes 630.Sy altqd_flags . 631.It Sy auto_ifconfig 632Boolean value. 633Sets the 634.Sy net_interfaces 635variable (see below) to the output of 636.Xr ifconfig 8 637with the 638.Dq Li -l 639flag and suppresses warnings about interfaces in this list that 640do not have an ifconfig file or variable. 641.It Sy dhclient 642Boolean value. 643Set true to configure some or all network interfaces using 644the ISC DHCP client. 645If you set 646.Sy dhclient 647true, then 648.Pa /var 649must be in 650.Sy critical_filesystems_local , 651or 652.Pa /var 653must be on the root file system, 654or you must modify the 655.Sy dhclient_flags 656variable to direct the DHCP client to store the leases file 657in some other directory on the root file system. 658You must not provide ifconfig information or ifaliases 659information for any interface that is to be configured using the DHCP client. 660Interface aliases can be set up in the DHCP client configuration 661file if needed - see 662.Xr dhclient.conf 5 663for details. 664.Pp 665Passes 666.Sy dhclient_flags 667to the DHCP client. 668See 669.Xr dhclient 8 670for complete documentation. 671If you wish to configure all broadcast 672network interfaces using the DHCP client, you can leave this blank. 673To configure only specific interfaces, name the interfaces to be configured 674on the command line. 675.Pp 676If you must run the DHCP client before mounting critical file systems, 677then you should specify an alternate location for the DHCP client's lease 678file in the 679.Sy dhclient_flags 680variable - for example, "-lf /tmp/dhclient.leases". 681.It Sy dhcpcd 682Boolean value. 683Set true to configure some or all network interfaces using dhcpcd. 684If you set 685.Sy dhcpcd 686true, then 687.Pa /var 688must be in 689.Sy critical_filesystems_local , 690or 691.Pa /var 692must be on the root file system. 693If you need to restrict dhcpcd to one or a number of interfaces, 694or need a separate configuration per interface, 695then this should be done in the configuration file - see 696.Xr dhcpcd.conf 5 697for details. 698dhcpcd presently ignores the 699.Sy wpa_supplicant 700variable in rc.conf and will start wpa_supplicant if a suitable 701wpa_supplicant.conf is found unless otherwise instructed in 702.Xr dhcpcd.conf 5 . 703.It Sy dhcpcd_flags 704Passes 705.Sy dhcpcd_flags 706to dhcpcd. 707See 708.Xr dhcpcd 8 709for complete documentation. 710.It Sy flushroutes 711Boolean value. 712Flushes the route table on networking startup. 713Useful when coming up to multiuser mode after going down to 714single-user mode. 715.It Sy ftp_proxy 716Boolean value. 717Runs 718.Xr ftp-proxy 8 , 719the proxy daemon for the Internet File Transfer Protocol. 720.It Sy hostapd 721Boolean value. 722Runs 723.Xr hostapd 8 , 724the authenticator for IEEE 802.11 networks. 725.It Sy ifaliases_* 726A string. 727List of 728.Sq Em "address netmask" 729pairs to configure additional network addresses for the given 730configured interface 731.Dq * 732(e.g. 733.Sy ifaliases_le0 ) . 734If 735.Em netmask 736is 737.Dq - , 738then use the default netmask for the interface. 739.Pp 740.Sy ifaliases_* 741covers limited cases only and is considered unrecommended. 742We recommend using 743.Sy ifconfig_nnX 744variables or 745.Pa /etc/ifconfig.xxN 746files with multiple lines instead. 747.It Sy ifwatchd 748Boolean value. 749Monitor dynamic interfaces and perform actions upon address changes. 750Passes 751.Sy ifwatchd_flags . 752.It Sy ip6addrctl 753Boolean value. 754Fine grain control of address and routing priorities. 755.It Sy ip6addrctl_policy 756A string. 757Can be: 758.Bl -tag -width auto -compact 759.It Li auto 760automatically determine from system settings; will read priorities from 761.Pa /etc/ip6addrctl.conf 762or if that file does not exist it will default to IPv6 first, then IPv4. 763.It Li ipv4_prefer 764try IPv4 before IPv6. 765.It Li ipv6_prefer 766try IPv6 before IPv4. 767.El 768.It Sy ip6addrctl_verbose 769Boolean value. 770If set, print the resulting prefixes and priorities map. 771.It Sy ip6mode 772A string. 773An IPv6 node can be a router 774.Pq nodes that forward packet for others 775or a host 776.Pq nodes that do not forward . 777A host can be autoconfigured 778based on the information advertised by adjacent IPv6 routers. 779By setting 780.Sy ip6mode 781to 782.Dq Li router , 783.Dq Li host , 784or 785.Dq Li autohost , 786you can configure your node as a router, 787a non-autoconfigured host, or an autoconfigured host. 788Invalid values will be ignored, and the node will be configured as 789a non-autoconfigured host. 790You may want to check 791.Sy rtsol 792and 793.Sy rtsold 794as well, if you set the variable to 795.Dq Li autohost . 796.It Sy ip6uniquelocal 797Boolean value. 798If 799.Sy ip6mode 800is equal to 801.Dq Li router , 802and 803.Sy ip6uniquelocal 804is false, 805a reject route will be installed on boot to avoid misconfiguration relating 806to unique-local addresses. 807If 808.Sy ip6uniquelocal 809is true, the reject route won't be installed. 810.It Sy ipfilter 811Boolean value. 812Runs 813.Xr ipf 8 814to load in packet filter specifications from 815.Pa /etc/ipf.conf 816at network boot time, before any interfaces are configured. 817Passes 818.Sy ipfilter_flags . 819See 820.Xr ipf.conf 5 . 821.It Sy ipfs 822Boolean value. 823Runs 824.Xr ipfs 8 825to save and restore information for ipnat and ipfilter state tables. 826The information is stored in 827.Pa /var/db/ipf/ipstate.ipf 828and 829.Pa /var/db/ipf/ipnat.ipf . 830Passes 831.Sy ipfs_flags . 832.It Sy ipmon 833Boolean value. 834Runs 835.Xr ipmon 8 836to read 837.Xr ipf 8 838packet log information and log it to a file or the system log. 839Passes 840.Sy ipmon_flags . 841.It Sy ipmon_flags 842A string. 843Specifies arguments to supply to 844.Xr ipmon 8 . 845Defaults to 846.Dq Li -ns . 847A typical example would be 848.Dq Fl nD Pa /var/log/ipflog 849to have 850.Xr ipmon 8 851log directly to a file bypassing 852.Xr syslogd 8 . 853If the 854.Dq -D 855argument is used, remember to modify 856.Pa /etc/newsyslog.conf 857accordingly; for example: 858.Bd -literal 859/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 860.Ed 861.It Sy ipnat 862Boolean value. 863Runs 864.Xr ipnat 8 865to load in the IP network address translation (NAT) rules from 866.Pa /etc/ipnat.conf 867at network boot time, before any interfaces are configured. 868See 869.Xr ipnat.conf 5 . 870.It Sy ipsec 871Boolean value. 872Runs 873.Xr setkey 8 874to load in IPsec manual keys and policies from 875.Pa /etc/ipsec.conf 876at network boot time, before any interfaces are configured. 877.It Sy net_interfaces 878A string. 879The list of network interfaces to be configured at boot time. 880For each interface "xxN", the system first looks for ifconfig 881parameters in the variable 882.Sy ifconfig_xxN , 883and then in the file 884.Pa /etc/ifconfig.xxN . 885If 886.Sy auto_ifconfig 887is false, and neither the variable nor the file is found, 888a warning is printed. 889Information in either the variable or the file is parsed identically, 890except that, if an 891.Sy ifconfig_xxN 892variable contains a single line with embedded semicolons, 893then the value is split into multiple lines prior to further parsing, 894treating the semicolon as a line separator. 895.Pp 896One common case it to set the 897.Sy ifconfig_xxN 898variable to a set of arguments to be passed to an 899.Xr ifconfig 8 900command after the interface name. 901Refer to 902.Xr ifconfig.if 5 903for more details on 904.Pa /etc/ifconfig.xxN 905files, and note that the information there also applies to 906.Sy ifconfig_xxN 907variables (after the variables are split into lines). 908.It Sy ntpdate 909Boolean value. 910Runs 911.Xr ntpdate 8 912to set the system time from one of the hosts in 913.Sy ntpdate_hosts . 914If 915.Sy ntpdate_hosts 916is empty, it will attempt to find a list of hosts in 917.Pa /etc/ntp.conf . 918Passes 919.Sy ntpdate_flags . 920.It Sy pf 921Boolean value. 922Enable 923.Xr pf 4 924at network boot time: 925Load the initial configuration 926.Xr pf.boot.conf 5 927before the network is up. 928After the network has been configured, then load the final rule set 929.Xr pf.conf 5 . 930.It Sy pf_rules 931A string. 932The path of the 933.Xr pf.conf 5 934rule set that will be used when loading the final rule set. 935.It Sy pflogd 936Boolean value. 937Run 938.Xr pflogd 8 939for dumping packet filter logging information to a file. 940.It Sy ppp 941A boolean. 942Toggles starting 943.Xr pppd 8 944on startup. 945See 946.Sy ppp_peers 947below. 948.It Sy ppp_peers 949A string. 950If 951.Sy ppp 952is true and 953.Sy ppp_peers 954is not empty, then 955.Pa /etc/rc.d/ppp 956will check each word in 957.Sy ppp_peers 958for a corresponding ppp configuration file in 959.Pa /etc/ppp/peers 960and will call 961.Xr pppd 8 962with the 963.Dq call Sy peer 964option. 965.It Sy racoon 966Boolean value. 967Runs 968.Xr racoon 8 , 969the IKE (ISAKMP/Oakley) key management daemon. 970.It Sy rtsol 971Boolean value. 972Run 973.Xr rtsol 8 , 974router solicitation command for IPv6 hosts. 975On nomadic hosts like notebook computers, you may want to enable 976.Sy rtsold 977as well. 978Passes 979.Sy rtsol_flags . 980This is only for autoconfigured IPv6 hosts, so set 981.Sy ip6mode 982to 983.Dq Li autohost 984if you use it. 985.It Sy wpa_supplicant 986Boolean value. 987Run 988.Xr wpa_supplicant 8 , 989WPA/802.11i Supplicant for wireless network devices. 990If you set 991.Sy wpa_supplicant 992true, then 993.Pa /usr 994must be in 995.Sy critical_filesystems_local , 996or 997.Pa /usr 998must be on the root file system. 999dhcpcd ignores this variable, see the 1000.Sy dhcpcd 1001variable for details. 1002.El 1003.Ss Daemons required by other daemons 1004.Bl -tag -width net_interfaces 1005.It Sy inetd 1006Boolean value. 1007Runs the 1008.Xr inetd 8 1009daemon to start network server processes (as listed in 1010.Pa /etc/inetd.conf ) 1011as necessary. 1012Passes 1013.Sy inetd_flags . 1014The 1015.Dq Li -l 1016flag turns on libwrap connection logging. 1017.It Sy rpcbind 1018Boolean value. 1019The 1020.Xr rpcbind 8 1021daemon is required for any 1022.Xr rpc 3 1023services. 1024These include NFS, NIS, 1025.Xr rpc.bootparamd 8 , 1026.Xr rpc.rstatd 8 , 1027.Xr rpc.rusersd 8 , 1028and 1029.Xr rpc.rwalld 8 . 1030Passes 1031.Sy rpcbind_flags . 1032.El 1033.Ss Commonly used daemons 1034.Bl -tag -width net_interfaces 1035.It Sy cron 1036Boolean value. 1037Run 1038.Xr cron 8 . 1039.It Sy ftpd 1040Boolean value. 1041Runs the 1042.Xr ftpd 8 1043daemon and passes 1044.Sy ftpd_flags . 1045.It Sy httpd 1046Boolean value. 1047Runs the 1048.Xr httpd 8 1049daemon and passes 1050.Sy httpd_flags . 1051.It Sy httpd_wwwdir 1052A string. 1053The 1054.Xr httpd 8 1055WWW root directory. 1056Used only if 1057.Sy httpd 1058is true. 1059The default setting is 1060.Dq Pa /var/www . 1061.It Sy httpd_wwwuser 1062A string. 1063If non-blank and 1064.Sy httpd 1065is true, run 1066.Xr httpd 8 1067and cause it to switch to the specified user after initialization. 1068It is preferred to 1069.Sy httpd_user 1070because 1071.Xr httpd 8 1072is requiring extra privileges to start listening on default port 80. 1073The default setting is 1074.Dq Dv _httpd . 1075.It Sy lpd 1076Boolean value. 1077Runs 1078.Xr lpd 8 1079and passes 1080.Sy lpd_flags . 1081The 1082.Dq Li -l 1083flag will turn on extra logging. 1084.It Sy mdnsd 1085Boolean value. 1086Runs 1087.Xr mdnsd 8 . 1088.It Sy named 1089Boolean value. 1090Runs 1091.Xr named 8 1092and passes 1093.Sy named_flags . 1094.It Sy named_chrootdir 1095A string. 1096If non-blank and 1097.Sy named 1098is true, run 1099.Xr named 8 1100as the unprivileged user and group 1101.Sq named , 1102.Xr chroot 2 Ns ed 1103to 1104.Sy named_chrootdir . 1105.Sy named_chrootdir Ns Pa /var/run/log 1106will be added to the list of log sockets that 1107.Xr syslogd 8 1108listens to. 1109.It Sy ntpd 1110Boolean value. 1111Runs 1112.Xr ntpd 8 1113and passes 1114.Sy ntpd_flags . 1115.It Sy ntpd_chrootdir 1116A string. 1117If non-blank and 1118.Sy ntpd 1119is true, run 1120.Xr ntpd 8 1121as the unprivileged user and group 1122.Sq ntpd , 1123.Xr chroot 2 Ns ed 1124to 1125.Sy ntpd_chrootdir . 1126.Sy ntpd_chrootdir Ns Pa /var/run/log 1127will be added to the list of log sockets that 1128.Xr syslogd 8 1129listens to. 1130This option requires that the kernel has 1131.Dl pseudo-device clockctl 1132compiled in, and that 1133.Pa /dev/clockctl 1134is present. 1135.It Sy postfix 1136Boolean value. 1137Starts 1138.Xr postfix 1 1139mail system. 1140.It Sy sshd 1141Boolean value. 1142Runs 1143.Xr sshd 8 1144and passes 1145.Sy sshd_flags . 1146.It Sy syslogd 1147Boolean value. 1148Runs 1149.Xr syslogd 8 1150and passes 1151.Sy syslogd_flags . 1152.It Sy timed 1153Boolean value. 1154Runs 1155.Xr timed 8 1156and passes 1157.Sy timed_flags . 1158The 1159.Dq Li -M 1160option allows 1161.Xr timed 8 1162to be a master time source as well as a slave. 1163If you are also running 1164.Xr ntpd 8 , 1165only one machine running both should have the 1166.Dq Li -M 1167flag given to 1168.Xr timed 8 . 1169.El 1170.Ss Routing daemons 1171.Bl -tag -width net_interfaces 1172.It Sy mrouted 1173Boolean value. 1174Runs 1175.Xr mrouted 8 , 1176the DVMRP multicast routing protocol daemon. 1177Passes 1178.Sy mrouted_flags . 1179.It Sy route6d 1180Boolean value. 1181Runs 1182.Xr route6d 8 , 1183the RIPng routing protocol daemon for IPv6. 1184Passes 1185.Sy route6d_flags . 1186.It Sy routed 1187Boolean value. 1188Runs 1189.Xr routed 8 , 1190the RIP routing protocol daemon. 1191Passes 1192.Sy routed_flags . 1193.\" This should be false 1194.\" if 1195.\" .Sy gated 1196.\" is true. 1197.It Sy rtsold 1198Boolean value. 1199Runs 1200.Xr rtsold 8 , 1201the IPv6 router solicitation daemon. 1202.Xr rtsold 8 1203periodically transmits router solicitation packets 1204to find IPv6 routers on the network. 1205This configuration is mainly for nomadic hosts like notebook computers. 1206Stationary hosts should work fine with just 1207.Sy rtsol . 1208Passes 1209.Sy rtsold_flags . 1210This is only for autoconfigured IPv6 hosts, so set 1211.Sy ip6mode 1212to 1213.Dq Li autohost 1214if you use it. 1215.El 1216.Ss Daemons used to boot other hosts over a network 1217.Bl -tag -width net_interfaces 1218.It Sy bootparamd 1219Boolean value. 1220Runs 1221.Xr bootparamd 8 , 1222the boot parameter server, with 1223.Sy bootparamd_flags 1224as options. 1225Used to boot 1226.Nx 1227and SunOS 4.x systems. 1228.It Sy dhcpd 1229Boolean value. 1230Runs 1231.Xr dhcpd 8 , 1232the Dynamic Host Configuration Protocol (DHCP) daemon, 1233for assigning IP addresses to hosts and passing boot information. 1234Passes 1235.Sy dhcpd_flags . 1236.It Sy dhcrelay 1237Boolean value. 1238Runs 1239.Xr dhcrelay 8 . 1240Passes 1241.Sy dhcrelay_flags . 1242.It Sy mopd 1243Boolean value. 1244Runs 1245.Xr mopd 8 , 1246the DEC MOP protocol daemon; used for booting VAX and other DEC 1247machines. 1248Passes 1249.Sy mopd_flags . 1250.It Sy ndbootd 1251Boolean value. 1252Runs 1253.Xr ndbootd 8 , 1254the Sun Network Disk (ND) Protocol server. 1255Passes 1256.Sy ndbootd_flags . 1257.It Sy rarpd 1258Boolean value. 1259Runs 1260.Xr rarpd 8 , 1261the reverse ARP daemon, often used to boot 1262.Nx 1263and Sun workstations. 1264Passes 1265.Sy rarpd_flags . 1266.It Sy rbootd 1267Boolean value. 1268Runs 1269.Xr rbootd 8 , 1270the HP boot protocol daemon; used for booting HP workstations. 1271Passes 1272.Sy rbootd_flags . 1273.It Sy rtadvd 1274Boolean value. 1275Runs 1276.Xr rtadvd 8 , 1277the IPv6 router advertisement daemon, which is used to advertise 1278information about the subnet to IPv6 end hosts. 1279Passes 1280.Sy rtadvd_flags . 1281This is only for IPv6 routers, so set 1282.Sy ip6mode 1283to 1284.Dq Li router 1285if you use it. 1286.El 1287.Ss X Window System daemons 1288.Bl -tag -width net_interfaces 1289.It Sy xdm 1290Boolean value. 1291Runs the 1292.Xr xdm 1 1293X display manager. 1294These X daemons are available only with the optional X distribution of 1295.Nx . 1296.It Sy xfs 1297Boolean value. 1298Runs the 1299.Xr xfs 1 1300X11 font server, which supplies local X font files to X terminals. 1301.El 1302.Ss NIS (YP) daemons 1303.Bl -tag -width net_interfaces 1304.It Sy ypbind 1305Boolean value. 1306Runs 1307.Xr ypbind 8 , 1308which lets NIS (YP) clients use information from a NIS server. 1309Passes 1310.Sy ypbind_flags . 1311.It Sy yppasswdd 1312Boolean value. 1313Runs 1314.Xr yppasswdd 8 , 1315which allows remote NIS users to update password on master server. 1316Passes 1317.Sy yppasswdd_flags . 1318.It Sy ypserv 1319Boolean value. 1320Runs 1321.Xr ypserv 8 , 1322the NIS (YP) server for distributing information from certain files 1323in 1324.Pa /etc . 1325Passes 1326.Sy ypserv_flags . 1327The 1328.Dq Li -d 1329flag causes it to use DNS for lookups in 1330.Pa /etc/hosts 1331that fail. 1332.El 1333.Ss NFS daemons and parameters 1334.Bl -tag -width net_interfaces 1335.It Sy amd 1336Boolean value. 1337Runs 1338.Xr amd 8 , 1339the automounter daemon, which automatically mounts NFS file systems 1340whenever a file or directory within that file system is accessed. 1341Passes 1342.Sy amd_flags . 1343.It Sy amd_dir 1344A string. 1345The 1346.Xr amd 8 1347mount directory. 1348Used only if 1349.Sy amd 1350is true. 1351.It Sy lockd 1352Boolean value. 1353Runs 1354.Xr rpc.lockd 8 1355if 1356.Sy nfs_server 1357and/or 1358.Sy nfs_client 1359are true. 1360Passes 1361.Sy lockd_flags . 1362.It Sy mountd 1363Boolean value. 1364Runs 1365.Xr mountd 8 1366and passes 1367.Sy mountd_flags . 1368.It Sy nfs_client 1369Boolean value. 1370The number of local NFS asynchronous I/O server is now controlled via 1371.Xr sysctl 8 . 1372.It Sy nfs_server 1373Boolean value. 1374Sets up a host to be a NFS server by running 1375.Xr nfsd 8 1376and passing 1377.Sy nfsd_flags . 1378.It Sy statd 1379Boolean value. 1380Runs 1381.Xr rpc.statd 8 , 1382a status monitoring daemon used when 1383.Xr rpc.lockd 8 1384is running, if 1385.Sy nfs_server 1386and/or 1387.Sy nfs_client 1388are true. 1389Passes 1390.Sy statd_flags . 1391.El 1392.Ss Bluetooth support 1393.Bl -tag -width net_interfaces 1394.It Sy bluetooth 1395Boolean value. 1396Configure Bluetooth support, comprising the following tasks: 1397.Bl -dash -compact 1398.It 1399attach serial Bluetooth controllers as listed in the 1400.Pa /etc/bluetooth/btattach.conf 1401configuration file. 1402.It 1403enable Bluetooth controllers with useful defaults, plus 1404additional options as detailed below. 1405.It 1406optionally, start 1407.Xr bthcid 8 , 1408the Bluetooth Link Key/PIN Code manager, passing 1409.Sy bthcid_flags . 1410.It 1411configure local Bluetooth drivers as listed in the 1412.Pa /etc/bluetooth/btdevctl.conf 1413configuration file. 1414.It 1415optionally, start 1416.Xr sdpd 8 , 1417the Service Discovery server, passing 1418.Sy sdpd_flags . 1419.El 1420.It Sy btconfig_devices 1421A string. 1422An optional list of Bluetooth controllers to configure. 1423.It Sy btconfig_{dev} 1424A string. 1425Additional configuration options for specific Bluetooth controllers. 1426.It Sy btconfig_args 1427A string. 1428Additional configuration options for Bluetooth controllers without 1429specific options as above. 1430.It Sy bthcid 1431Boolean value. 1432If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1433.It Sy sdpd 1434Boolean value. 1435If set to false, disable starting the Bluetooth Service Discovery server. 1436.El 1437.Ss Other daemons 1438.Bl -tag -width net_interfaces 1439.It Sy identd 1440Boolean value. 1441Runs 1442.Xr identd 8 , 1443the daemon for the user identification protocol. 1444Passes 1445.Sy identd_flags . 1446.It Sy iscsi_target 1447Boolean value. 1448Runs the server for iSCSI requests, 1449.Xr iscsi-target 8 . 1450Passes 1451.Sy iscsi_target_flags . 1452.It Sy isdnd 1453Boolean value. 1454Runs 1455.Xr isdnd 8 , 1456the isdn4bsd ISDN connection management daemon. 1457Passes 1458.Sy isdnd_flags . 1459.It Sy isdn_autoupdown 1460Boolean value. 1461Set all configured ISDN interfaces to 1462.Dq up . 1463If 1464.Sy isdn_interfaces 1465is not blank, only the listed interfaces will be modified. 1466Used only if 1467.Sy isdnd 1468is true. 1469.It Sy kdc 1470Boolean value. 1471Runs the 1472.Xr kdc 8 1473Kerberos v4 and v5 server. 1474This should be run on Kerberos master and slave servers. 1475.It Sy rwhod 1476Boolean value. 1477Runs 1478.Xr rwhod 8 1479to support the 1480.Xr rwho 1 1481and 1482.Xr ruptime 1 1483commands. 1484.It Sy autofs 1485Boolean value. 1486If set to 1487.Dq Li YES , 1488start the 1489.Xr automount 8 1490utility and the 1491.Xr automountd 8 1492and 1493.Xr autounmountd 8 1494daemons at boot time. 1495.It Sy automount_flags 1496A string. 1497If 1498.Sy autofs 1499is set to 1500.Dq Li YES , 1501these are the flags to pass to the 1502.Xr automount 8 1503program. 1504By default no flags are passed. 1505.It Sy automountd_flags 1506A string. 1507If 1508.Sy autofs 1509is set to 1510.Dq Li YES , 1511these are the flags to pass to the 1512.Xr automountd 8 1513daemon. 1514By default no flags are passed. 1515.It Sy autounmountd_flags 1516A string. 1517If 1518.Sy autofs 1519is set to 1520.Dq Li YES , 1521these are the flags to pass to the 1522.Xr autounmountd 8 1523daemon. 1524By default no flags are passed. 1525.El 1526.Ss Hardware daemons 1527.Bl -tag -width net_interfaces 1528.It Sy apmd 1529Boolean value. 1530Runs 1531.Xr apmd 8 1532and passes 1533.Sy apmd_flags . 1534.It Sy irdaattach 1535Boolean value. 1536Runs 1537.Xr irdaattach 8 1538and passes 1539.Sy irdaattach_flags . 1540.It Sy moused 1541Boolean value. 1542Runs 1543.Xr moused 8 , 1544to pass serial mouse data to the wscons mouse mux. 1545Passes 1546.Sy moused_flags . 1547.It Sy screenblank 1548Boolean value. 1549Runs 1550.Xr screenblank 1 1551and passes 1552.Sy screenblank_flags . 1553.It Sy wscons 1554Boolean value. 1555Configures the 1556.Xr wscons 4 1557console driver, from the configuration file 1558.Pa /etc/wscons.conf . 1559.It Sy wsmoused 1560Boolean value. 1561Runs 1562.Xr wsmoused 8 , 1563to provide copy and paste text support in wscons displays. 1564Passes 1565.Sy wsmoused_flags . 1566.El 1567.Sh FILES 1568.Bl -tag -width /etc/defaults/rc.conf -compact 1569.It Pa /etc/rc.conf 1570The file 1571.Nm 1572resides in 1573.Pa /etc . 1574.It Pa /etc/defaults/rc.conf 1575Default settings for 1576.Nm , 1577sourced by 1578.Nm 1579before the end-user configuration section. 1580.It Pa /etc/rc.conf.d/ Ns Ar foo 1581.Ar foo Ns No -specific 1582.Nm 1583overrides. 1584.El 1585.Sh SEE ALSO 1586.Xr boot 8 , 1587.Xr rc 8 , 1588.Xr rc.d 8 , 1589.Xr rc.subr 8 , 1590.Xr rcorder 8 1591.Sh HISTORY 1592The 1593.Nm 1594file appeared in 1595.Nx 1.3 . 1596