1.\" $NetBSD: rc.conf.5,v 1.159 2015/03/30 11:01:53 wiz Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd March 30, 2015 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Sq Ic YES , 127.Sq Ic TRUE , 128.Sq Ic ON 129or 130.Sq Ic 1 131for true, and 132.Sq Ic NO , 133.Sq Ic FALSE , 134.Sq Ic OFF 135or 136.Sq Ic 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with "_flags" appended, and determine what 141arguments are passed to the program if it is enabled. 142.Pp 143If a variable that 144.Xr rc 8 145expects to be set is not set, or the value is not one of the allowed 146values, a warning will be printed. 147.Ss Overall control 148.Bl -tag -width net_interfaces 149.It Sy do_rcshutdown 150Boolean value. 151If false, 152.Xr shutdown 8 153will not run 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_rcorder_flags 156A string. 157Extra arguments to the 158.Xr rcorder 8 159run by 160.Pa /etc/rc.shutdown . 161.It Sy rcshutdown_timeout 162A number. 163If non-blank, use this as the number of seconds to run a watchdog timer for 164which will terminate 165.Pa /etc/rc.shutdown 166if the timer expires before the shutdown script completes. 167.It Sy rc_configured 168Boolean value. 169If false then the system will drop into single-user mode during boot. 170.It Sy rc_fast_and_loose 171If set to a non-empty string, 172each script in 173.Pa /etc/rc.d 174will be executed in the current shell rather than a sub shell. 175This may be faster on slow machines that have an expensive 176.Xr fork 2 177operation. 178.Bl -hang 179.It Em Note : 180Use this at your own risk! 181A rogue command or script may inadvertently prevent boot to multiuser. 182.El 183.It Sy rc_rcorder_flags 184A string. 185Extra arguments to the 186.Xr rcorder 8 187run by 188.Pa /etc/rc . 189.It Sy rc_directories 190A string. 191Space separated list of directories searched for rc scripts. 192The default is 193.Pa /etc/rc.d . 194All directories in 195.Ev rc_directories 196must be located in the root filesystem, otherwise they will be silently 197skipped. 198.It Sy rc_silent 199Boolean value. 200If true then the usual output is suppressed, and 201.Xr rc 8 202invokes the command specified in the 203.Va rc_silent_cmd 204variable once for each line of suppressed output. 205The default value of 206.Va rc_silent 207is set from the 208.Dv AB_SILENT 209flag in the kernel's 210.Va boothowto 211variable (see 212.Xr boot 8 , 213.Xr reboot 2 ) . 214.It Sy rc_silent_cmd 215A command to be executed once per line of suppressed output, when 216.Va rc_silent 217is true. 218The default value of 219.Va rc_silent_cmd 220is 221.Dq twiddle , 222which will display a spinning symbol instead of each line of output. 223Another useful value is 224.Dq \&: , 225which will display nothing at all. 226.El 227.Ss Basic network configuration 228.Bl -tag -width net_interfaces 229.It Sy defaultroute 230A string. 231Default IPv4 network route. 232If empty or not set, then the contents of 233.Pa /etc/mygate 234(if it exists) are used. 235.It Sy defaultroute6 236A string. 237Default IPv6 network route. 238If empty or not set, then the contents of 239.Pa /etc/mygate6 240(if it exists) are used. 241.It Sy domainname 242A string. 243.Tn NIS 244(YP) domain of host. 245If empty or not set, then the contents of 246.Pa /etc/defaultdomain 247(if it exists) are used. 248.It Sy force_down_interfaces 249A space separated list of interface names. 250These interfaces will be configured down when going from multiuser to singleuser 251mode or on system shutdown. 252.Pp 253This is important for some stateful interfaces, for example PPP over ISDN 254connections that cost money by connection time or PPPoE interfaces which 255have no direct means of noticing 256.Dq disconnect 257events. 258.Pp 259All active 260.Xr pppoe 4 261and 262.Xr ippp 4 263interfaces will be automatically added to this list. 264.It Sy hostname 265A string. 266Name of host. 267If empty or not set, then the contents of 268.Pa /etc/myname 269(if it exists) are used. 270.El 271.Ss Boottime file-system and swap configuration 272.Bl -tag -width net_interfaces 273.It Sy critical_filesystems_local 274A string. 275File systems mounted very early in the system boot before networking 276services are available. 277Usually 278.Pa /var 279is part of this, because it is needed by services such as 280.Xr dhclient 8 281which may be required to get the network operational. 282The default is 283.Dq "OPTIONAL:/var" , 284where the 285.Dq "OPTIONAL:" 286prefix means that it's not an error if the file system is not 287present in 288.Xr fstab 5 . 289.It Sy critical_filesystems_remote 290A string. 291File systems such as 292.Pa /usr 293that may require network services to be available to mount, 294that must be available early in the system boot for general services to use. 295The default is 296.Dq "OPTIONAL:/usr" , 297where the 298.Dq "OPTIONAL:" 299prefix means that it is not an error if the file system is not 300present in 301.Xr fstab 5 . 302.It Sy fsck_flags 303A string. 304A file system is checked with 305.Xr fsck 8 306during boot before mounting it. 307This option may be used to override the default command-line options 308passed to the 309.Xr fsck 8 310program. 311.Pp 312When set to 313.Fl y , 314.Xr fsck 8 315assumes yes as the answer to all operator questions during file system checks. 316This might be important with hosts where the administrator does not have 317access to the console and an unsuccessful shutdown must not make the host 318unbootable even if the file system checks would fail in preen mode. 319.It Sy no_swap 320Boolean value. 321Should be true if you have deliberately configured your system with no swap. 322If false and no swap devices are configured, the system will warn you. 323.It Sy resize_root 324Boolean value. 325Set to true to have the system resize the root file system to fill its 326partition. 327Will only attempt to resize the root file system if it is of type ffs and does 328not have logging enabled. 329Defaults to false. 330.It Sy swapoff 331Boolean value. 332Remove block-type swap devices at shutdown time. 333Useful if swapping onto RAIDframe devices. 334.El 335.Ss Block device subsystems 336.Bl -tag -width net_interfaces 337.It Sy ccd 338Boolean value. 339Configures concatenated disk devices according to 340.Xr ccd.conf 5 . 341.It Sy cgd 342Boolean value. 343Configures cryptographic disk devices. 344Requires 345.Pa /etc/cgd/cgd.conf . 346See 347.Xr cgdconfig 8 348for additional details. 349.It Sy lvm 350Boolean value. 351Configures the logical volume manager. 352See 353.Xr lvm 8 354for additional details. 355.It Sy raidframe 356Boolean value. 357Configures 358.Xr raid 4 , 359RAIDframe disk devices. 360See 361.Xr raidctl 8 362for additional details. 363.El 364.Ss One-time actions to perform or programs to run on boot-up 365.Bl -tag -width net_interfaces 366.It Sy accounting 367Boolean value. 368Enables process accounting with 369.Xr accton 8 . 370Requires 371.Pa /var/account/acct 372to exist. 373.It Sy clear_tmp 374Boolean value. 375Clear 376.Pa /tmp 377after reboot. 378.It Sy dmesg 379Boolean value. 380Create 381.Pa /var/run/dmesg.boot 382from the output of 383.Xr dmesg 8 . 384Passes 385.Sy dmesg_flags . 386.It Sy envsys 387Boolean value. 388Sets preferences for the environmental systems framework, 389.Xr envsys 4 . 390Requires 391.Pa /etc/envsys.conf , 392which is described in 393.Xr envsys.conf 5 . 394.It Sy gpio 395Boolean value. 396Configure 397.Xr gpio 4 398devices. 399See 400.Xr gpio.conf 5 . 401.It Sy ldconfig 402Boolean value. 403Configures 404.Xr a.out 5 405runtime link editor directory cache. 406.It Sy mixerctl 407Boolean value. 408Read 409.Xr mixerctl.conf 5 410for how to set mixer values. 411List in 412.Sy mixerctl_mixers 413the devices whose settings are to be saved at shutdown and 414restored at start-up. 415.It Sy newsyslog 416Boolean value. 417Run 418.Nm newsyslog 419to trim logfiles before syslogd starts. 420Intended for laptop users. 421Passes 422.Sy newsyslog_flags . 423.It Sy per_user_tmp 424Boolean value. 425Enables a per-user 426.Pa /tmp 427directory. 428.Sy per_user_tmp_dir 429can be used to override the default location of the 430.Dq real 431temporary directories, 432.Dq Pa /private/tmp . 433See 434.Xr security 7 435for additional details. 436.It Sy quota 437Boolean value. 438Checks and enables quotas by running 439.Xr quotacheck 8 440and 441.Xr quotaon 8 . 442.It Sy random_seed 443Boolean value. 444During boot-up, runs the 445.Xr rndctl 8 446utility with the 447.Fl L 448flag to seed the random number subsystem from an entropy file. 449During shutdown, runs the 450.Xr rndctl 8 451utility with the 452.Fl S 453flag to save some random information to the entropy file. 454The entropy file name is specified by the 455.Sy random_file 456variable, and defaults to 457.Pa /var/db/entropy-file . 458The entropy file must be on a local file system that is writable early during 459boot-up (just after the file systems specified in 460.Sy critical_filesystems_local 461have been mounted), and correspondingly late during shutdown. 462.It Sy rndctl 463Boolean value. 464Runs the 465.Xr rndctl 8 466utility one or more times according to the specification in 467.Sy rndctl_flags . 468.Pp 469If 470.Sy rndctl_flags 471does not contain a semicolon 472.Pq Ql \&; 473then it is expected to contain zero or more flags, 474followed by one or more device or type names. 475The 476.Xr rndctl 8 477command will be executed once for each device or type name. 478If the specified flags do not include any of 479.Fl c , C , e , 480or 481.Fl E , 482then the flags 483.Fl c 484and 485.Fl e 486are added, to specify that entropy from the relevant device or type 487should be both collected and estimated. 488If the specified flags do not include either of 489.Fl d 490or 491.Fl t , 492then the flag 493.Fl d 494is added, to specify that the non-flag arguments are device names, 495not type names. 496.Pp 497.Sy rndctl_flags 498may contain multiple semicolon-separated segments, in which each 499segment contains flags and device or type names as described above. 500This allows different flags to be associated with different 501device or type names. 502For example, given 503.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 504the following commands will be executed: 505.Li "rndctl -c -e -d wd0" ; 506.Li "rndctl -c -e -d wd1" ; 507.Li "rndctl -c -e -t tty" ; 508.Li "rndctl -c -t net" . 509.It Sy rtclocaltime 510Boolean value. 511Sets the real time clock to local time by adjusting the 512.Xr sysctl 7 513value of 514.Pa kern.rtc_offset . 515The offset from UTC is calculated automatically according 516to the time zone information in the file 517.Pa /etc/localtime . 518.It Sy savecore 519Boolean value. 520Runs the 521.Xr savecore 8 522utility. 523Passes 524.Sy savecore_flags . 525The directory where crash dumps are stored is specified by 526.Sy savecore_dir . 527The default setting is 528.Dq Pa /var/crash . 529.It Sy sysdb 530Boolean value. 531Builds various system databases, including 532.Pa /var/run/dev.cdb , 533.Pa /etc/spwd.db , 534.Pa /var/db/netgroup.db , 535.Pa /var/db/services.cdb , 536and entries for 537.Xr utmp 5 . 538.It Sy tpctl 539Boolean value. 540Run 541.Xr tpctl 8 542to calibrate touch panel device. 543Passes 544.Sy tpctl_flags . 545.It Sy update_motd 546Boolean value. 547Updates the 548.Nx 549version string in the 550.Pa /etc/motd 551file to reflect the version of the running kernel. 552See 553.Xr motd 5 . 554.It Sy virecover 555Boolean value. 556Send notification mail to users if any recoverable files exist in 557.Pa /var/tmp/vi.recover . 558Read 559.Xr virecover 8 560for more information. 561.It Sy wdogctl 562Boolean value. 563Configures watchdog timers. 564Passes 565.Sy wdogctl_flags . 566Refer to 567.Xr wdogctl 8 568for information on how to configure a timer. 569.El 570.Ss System security settings 571.Bl -tag -width net_interfaces 572.It Sy securelevel 573A number. 574The system securelevel is set to the specified value early 575in the boot process, before any external logins, or other programs 576that run users job, are started. 577If set to nothing, the default action is taken, as described in 578.Xr init 8 579and 580.Xr secmodel_securelevel 9 , 581which contains definitive information about the system securelevel. 582Note that setting 583.Sy securelevel 584to 0 in 585.Nm 586will actually result in the system booting with securelevel set to 1, as 587.Xr init 8 588will raise the level when 589.Xr rc 8 590completes. 591.It Sy permit_nonalpha 592Boolean value. 593Allow passwords to include non-alpha characters, usually to allow 594NIS/YP netgroups. 595.It Sy veriexec 596Boolean value. 597Load Veriexec fingerprints during startup. 598Read 599.Xr veriexecctl 8 600for more information. 601.It Sy veriexec_strict 602A number. 603Controls the strict level of Veriexec. 604Level 0 is learning mode, used when building the signatures file. 605It will only output messages but will not enforce anything. 606Level 1 will only prevent access to files with a fingerprint 607mismatch. 608Level 2 will also deny writing to and removing of 609monitored files, as well as enforce access type (as specified in 610the signatures file). 611Level 3 will take a step further and prevent 612access to files that are not monitored. 613.It Sy veriexec_verbose 614A number. 615Controls the verbosity of Veriexec. 616Recommended operation is at level 0, verbose output (mostly used when 617building the signatures file) is at level 1. 618Level 2 is for debugging only and should not be used. 619.It Sy veriexec_flags 620A string. 621Flags to pass to the 622.Nm veriexecctl 623command. 624.El 625.Ss Networking startup 626.Bl -tag -width net_interfaces 627.It Sy altqd 628Boolean value. 629ALTQ configuration/monitoring daemon. 630Passes 631.Sy altqd_flags . 632.It Sy auto_ifconfig 633Boolean value. 634Sets the 635.Sy net_interfaces 636variable (see below) to the output of 637.Xr ifconfig 8 638with the 639.Dq Li -l 640flag and suppresses warnings about interfaces in this list that 641do not have an ifconfig file or variable. 642.It Sy dhclient 643Boolean value. 644Set true to configure some or all network interfaces using 645the ISC DHCP client. 646If you set 647.Sy dhclient 648true, then 649.Pa /var 650must be in 651.Sy critical_filesystems_local , 652or 653.Pa /var 654must be on the root file system, 655or you must modify the 656.Sy dhclient_flags 657variable to direct the DHCP client to store the leases file 658in some other directory on the root file system. 659You must not provide ifconfig information or ifaliases 660information for any interface that is to be configured using the DHCP client. 661Interface aliases can be set up in the DHCP client configuration 662file if needed - see 663.Xr dhclient.conf 5 664for details. 665.Pp 666Passes 667.Sy dhclient_flags 668to the DHCP client. 669See 670.Xr dhclient 8 671for complete documentation. 672If you wish to configure all broadcast 673network interfaces using the DHCP client, you can leave this blank. 674To configure only specific interfaces, name the interfaces to be configured 675on the command line. 676.Pp 677If you must run the DHCP client before mounting critical file systems, 678then you should specify an alternate location for the DHCP client's lease 679file in the 680.Sy dhclient_flags 681variable - for example, "-lf /tmp/dhclient.leases". 682.It Sy dhcpcd 683Boolean value. 684Set true to configure some or all network interfaces using dhcpcd. 685If you set 686.Sy dhcpcd 687true, then 688.Pa /var 689must be in 690.Sy critical_filesystems_local , 691or 692.Pa /var 693must be on the root file system. 694If you need to restrict dhcpcd to one or a number of interfaces, 695or need a separate configuration per interface, 696then this should be done in the configuration file - see 697.Xr dhcpcd.conf 5 698for details. 699.It Sy dhcpcd_flags 700Passes 701.Sy dhcpcd_flags 702to dhcpcd. 703See 704.Xr dhcpcd 8 705for complete documentation. 706.It Sy flushroutes 707Boolean value. 708Flushes the route table on networking startup. 709Useful when coming up to multiuser mode after going down to 710single-user mode. 711.It Sy ftp_proxy 712Boolean value. 713Runs 714.Xr ftp-proxy 8 , 715the proxy daemon for the Internet File Transfer Protocol. 716.It Sy hostapd 717Boolean value. 718Runs 719.Xr hostapd 8 , 720the authenticator for IEEE 802.11 networks. 721.It Sy ifaliases_* 722A string. 723List of 724.Sq Em "address netmask" 725pairs to configure additional network addresses for the given 726configured interface 727.Dq * 728(e.g. 729.Sy ifaliases_le0 ) . 730If 731.Em netmask 732is 733.Dq - , 734then use the default netmask for the interface. 735.Pp 736.Sy ifaliases_* 737covers limited cases only and is considered unrecommended. 738We recommend using 739.Sy ifconfig_nnX 740variables or 741.Pa /etc/ifconfig.xxN 742files with multiple lines instead. 743.It Sy ifwatchd 744Boolean value. 745Monitor dynamic interfaces and perform actions upon address changes. 746Passes 747.Sy ifwatchd_flags . 748.It Sy ip6mode 749A string. 750An IPv6 node can be a router 751.Pq nodes that forward packet for others 752or a host 753.Pq nodes that do not forward . 754A host can be autoconfigured 755based on the information advertised by adjacent IPv6 routers. 756By setting 757.Sy ip6mode 758to 759.Dq Li router , 760.Dq Li host , 761or 762.Dq Li autohost , 763you can configure your node as a router, 764a non-autoconfigured host, or an autoconfigured host. 765Invalid values will be ignored, and the node will be configured as 766a non-autoconfigured host. 767You may want to check 768.Sy rtsol 769and 770.Sy rtsold 771as well, if you set the variable to 772.Dq Li autohost . 773.It Sy ip6uniquelocal 774Boolean value. 775If 776.Sy ip6mode 777is equal to 778.Dq Li router , 779and 780.Sy ip6uniquelocal 781is false, 782a reject route will be installed on boot to avoid misconfiguration relating 783to unique-local addresses. 784If 785.Sy ip6uniquelocal 786is true, the reject route won't be installed. 787.It Sy ipfilter 788Boolean value. 789Runs 790.Xr ipf 8 791to load in packet filter specifications from 792.Pa /etc/ipf.conf 793at network boot time, before any interfaces are configured. 794Passes 795.Sy ipfilter_flags . 796See 797.Xr ipf.conf 5 . 798.It Sy ipfs 799Boolean value. 800Runs 801.Xr ipfs 8 802to save and restore information for ipnat and ipfilter state tables. 803The information is stored in 804.Pa /var/db/ipf/ipstate.ipf 805and 806.Pa /var/db/ipf/ipnat.ipf . 807Passes 808.Sy ipfs_flags . 809.It Sy ipmon 810Boolean value. 811Runs 812.Xr ipmon 8 813to read 814.Xr ipf 8 815packet log information and log it to a file or the system log. 816Passes 817.Sy ipmon_flags . 818.It Sy ipmon_flags 819A string. 820Specifies arguments to supply to 821.Xr ipmon 8 . 822Defaults to 823.Dq Li -ns . 824A typical example would be 825.Dq Fl nD Pa /var/log/ipflog 826to have 827.Xr ipmon 8 828log directly to a file bypassing 829.Xr syslogd 8 . 830If the 831.Dq -D 832argument is used, remember to modify 833.Pa /etc/newsyslog.conf 834accordingly; for example: 835.Bd -literal 836/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 837.Ed 838.It Sy ipnat 839Boolean value. 840Runs 841.Xr ipnat 8 842to load in the IP network address translation (NAT) rules from 843.Pa /etc/ipnat.conf 844at network boot time, before any interfaces are configured. 845See 846.Xr ipnat.conf 5 . 847.It Sy ipsec 848Boolean value. 849Runs 850.Xr setkey 8 851to load in IPsec manual keys and policies from 852.Pa /etc/ipsec.conf 853at network boot time, before any interfaces are configured. 854.It Sy net_interfaces 855A string. 856The list of network interfaces to be configured at boot time. 857For each interface "xxN", the system first looks for ifconfig 858parameters in the variable 859.Sy ifconfig_xxN , 860and then in the file 861.Pa /etc/ifconfig.xxN . 862If 863.Sy auto_ifconfig 864is false, and neither the variable nor the file is found, 865a warning is printed. 866Information in either the variable or the file is parsed identically, 867except that, if an 868.Sy ifconfig_xxN 869variable contains a single line with embedded semicolons, 870then the value is split into multiple lines prior to further parsing, 871treating the semicolon as a line separator. 872.Pp 873One common case it to set the 874.Sy ifconfig_xxN 875variable to a set of arguments to be passed to an 876.Xr ifconfig 8 877command after the interface name. 878Refer to 879.Xr ifconfig.if 5 880for more details on 881.Pa /etc/ifconfig.xxN 882files, and note that the information there also applies to 883.Sy ifconfig_xxN 884variables (after the variables are split into lines). 885.It Sy ntpdate 886Boolean value. 887Runs 888.Xr ntpdate 8 889to set the system time from one of the hosts in 890.Sy ntpdate_hosts . 891If 892.Sy ntpdate_hosts 893is empty, it will attempt to find a list of hosts in 894.Pa /etc/ntp.conf . 895Passes 896.Sy ntpdate_flags . 897.It Sy pf 898Boolean value. 899Enable 900.Xr pf 4 901at network boot time: 902Load the initial configuration 903.Xr pf.boot.conf 5 904before the network is up. 905After the network has been configured, then load the final ruleset 906.Xr pf.conf 5 . 907.It Sy pf_rules 908A string. 909The path of the 910.Xr pf.conf 5 911ruleset that will be used when loading the final ruleset. 912.It Sy pflogd 913Boolean value. 914Run 915.Xr pflogd 8 916for dumping packet filter logging information to a file. 917.It Sy ppp 918A boolean. 919Toggles starting 920.Xr pppd 8 921on startup. 922See 923.Sy ppp_peers 924below. 925.It Sy ppp_peers 926A string. 927If 928.Sy ppp 929is true and 930.Sy ppp_peers 931is not empty, then 932.Pa /etc/rc.d/ppp 933will check each word in 934.Sy ppp_peers 935for a corresponding ppp configuration file in 936.Pa /etc/ppp/peers 937and will call 938.Xr pppd 8 939with the 940.Dq call Sy peer 941option. 942.It Sy racoon 943Boolean value. 944Runs 945.Xr racoon 8 , 946the IKE (ISAKMP/Oakley) key management daemon. 947.It Sy rtsol 948Boolean value. 949Run 950.Xr rtsol 8 , 951router solicitation command for IPv6 hosts. 952On nomadic hosts like notebook computers, you may want to enable 953.Sy rtsold 954as well. 955Passes 956.Sy rtsol_flags . 957This is only for autoconfigured IPv6 hosts, so set 958.Sy ip6mode 959to 960.Dq Li autohost 961if you use it. 962.It Sy wpa_supplicant 963Boolean value. 964Run 965.Xr wpa_supplicant 8 , 966WPA/802.11i Supplicant for wireless network devices. 967If you set 968.Sy wpa_supplicant 969true, then 970.Pa /usr 971must be in 972.Sy critical_filesystems_local , 973or 974.Pa /usr 975must be on the root file system. 976.El 977.Ss Daemons required by other daemons 978.Bl -tag -width net_interfaces 979.It Sy inetd 980Boolean value. 981Runs the 982.Xr inetd 8 983daemon to start network server processes (as listed in 984.Pa /etc/inetd.conf ) 985as necessary. 986Passes 987.Sy inetd_flags . 988The 989.Dq Li -l 990flag turns on libwrap connection logging. 991.It Sy rpcbind 992Boolean value. 993The 994.Xr rpcbind 8 995daemon is required for any 996.Xr rpc 3 997services. 998These include NFS, 999.Tn NIS , 1000.Xr rpc.bootparamd 8 , 1001.Xr rpc.rstatd 8 , 1002.Xr rpc.rusersd 8 , 1003and 1004.Xr rpc.rwalld 8 . 1005Passes 1006.Sy rpcbind_flags . 1007.El 1008.Ss Commonly used daemons 1009.Bl -tag -width net_interfaces 1010.It Sy cron 1011Boolean value. 1012Run 1013.Xr cron 8 . 1014.It Sy ftpd 1015Boolean value. 1016Runs the 1017.Xr ftpd 8 1018daemon and passes 1019.Sy ftpd_flags . 1020.It Sy httpd 1021Boolean value. 1022Runs the 1023.Xr httpd 8 1024daemon and passes 1025.Sy httpd_flags . 1026.It Sy httpd_wwwdir 1027A string. 1028The 1029.Xr httpd 8 1030WWW root directory. 1031Used only if 1032.Sy httpd 1033is true. 1034The default setting is 1035.Dq Pa /var/www . 1036.It Sy httpd_wwwuser 1037A string. 1038If non-blank and 1039.Sy httpd 1040is true, run 1041.Xr httpd 8 1042and cause it to switch to the specified user after initialization. 1043It is preferred to 1044.Sy httpd_user 1045because 1046.Xr httpd 8 1047is requiring extra privileges to start listening on default port 80. 1048The default setting is 1049.Dq Dv _httpd . 1050.It Sy lpd 1051Boolean value. 1052Runs 1053.Xr lpd 8 1054and passes 1055.Sy lpd_flags . 1056The 1057.Dq Li -l 1058flag will turn on extra logging. 1059.It Sy mdnsd 1060Boolean value. 1061Runs 1062.Xr mdnsd 8 . 1063.It Sy named 1064Boolean value. 1065Runs 1066.Xr named 8 1067and passes 1068.Sy named_flags . 1069.It Sy named_chrootdir 1070A string. 1071If non-blank and 1072.Sy named 1073is true, run 1074.Xr named 8 1075as the unprivileged user and group 1076.Sq named , 1077.Xr chroot 2 Ns ed 1078to 1079.Sy named_chrootdir . 1080.Sy named_chrootdir Ns Pa /var/run/log 1081will be added to the list of log sockets that 1082.Xr syslogd 8 1083listens to. 1084.It Sy ntpd 1085Boolean value. 1086Runs 1087.Xr ntpd 8 1088and passes 1089.Sy ntpd_flags . 1090.It Sy ntpd_chrootdir 1091A string. 1092If non-blank and 1093.Sy ntpd 1094is true, run 1095.Xr ntpd 8 1096as the unprivileged user and group 1097.Sq ntpd , 1098.Xr chroot 2 Ns ed 1099to 1100.Sy ntpd_chrootdir . 1101.Sy ntpd_chrootdir Ns Pa /var/run/log 1102will be added to the list of log sockets that 1103.Xr syslogd 8 1104listens to. 1105This option requires that the kernel has 1106.Dl pseudo-device clockctl 1107compiled in, and that 1108.Pa /dev/clockctl 1109is present. 1110.It Sy postfix 1111Boolean value. 1112Starts 1113.Xr postfix 1 1114mail system. 1115.It Sy sshd 1116Boolean value. 1117Runs 1118.Xr sshd 8 1119and passes 1120.Sy sshd_flags . 1121.It Sy syslogd 1122Boolean value. 1123Runs 1124.Xr syslogd 8 1125and passes 1126.Sy syslogd_flags . 1127.It Sy timed 1128Boolean value. 1129Runs 1130.Xr timed 8 1131and passes 1132.Sy timed_flags . 1133The 1134.Dq Li -M 1135option allows 1136.Xr timed 8 1137to be a master time source as well as a slave. 1138If you are also running 1139.Xr ntpd 8 , 1140only one machine running both should have the 1141.Dq Li -M 1142flag given to 1143.Xr timed 8 . 1144.El 1145.Ss Routing daemons 1146.Bl -tag -width net_interfaces 1147.It Sy mrouted 1148Boolean value. 1149Runs 1150.Xr mrouted 8 , 1151the DVMRP multicast routing protocol daemon. 1152Passes 1153.Sy mrouted_flags . 1154.It Sy route6d 1155Boolean value. 1156Runs 1157.Xr route6d 8 , 1158the RIPng routing protocol daemon for IPv6. 1159Passes 1160.Sy route6d_flags . 1161.It Sy routed 1162Boolean value. 1163Runs 1164.Xr routed 8 , 1165the RIP routing protocol daemon. 1166Passes 1167.Sy routed_flags . 1168.\" This should be false 1169.\" if 1170.\" .Sy gated 1171.\" is true. 1172.It Sy rtsold 1173Boolean value. 1174Runs 1175.Xr rtsold 8 , 1176the IPv6 router solicitation daemon. 1177.Xr rtsold 8 1178periodically transmits router solicitation packets 1179to find IPv6 routers on the network. 1180This configuration is mainly for nomadic hosts like notebook computers. 1181Stationary hosts should work fine with just 1182.Sy rtsol . 1183Passes 1184.Sy rtsold_flags . 1185This is only for autoconfigured IPv6 hosts, so set 1186.Sy ip6mode 1187to 1188.Dq Li autohost 1189if you use it. 1190.El 1191.Ss Daemons used to boot other hosts over a network 1192.Bl -tag -width net_interfaces 1193.It Sy bootparamd 1194Boolean value. 1195Runs 1196.Xr bootparamd 8 , 1197the boot parameter server, with 1198.Sy bootparamd_flags 1199as options. 1200Used to boot 1201.Nx 1202and 1203.Tn "SunOS 4.x" 1204systems. 1205.It Sy dhcpd 1206Boolean value. 1207Runs 1208.Xr dhcpd 8 , 1209the Dynamic Host Configuration Protocol (DHCP) daemon, 1210for assigning IP addresses to hosts and passing boot information. 1211Passes 1212.Sy dhcpd_flags . 1213.It Sy dhcrelay 1214Boolean value. 1215Runs 1216.Xr dhcrelay 8 . 1217Passes 1218.Sy dhcrelay_flags . 1219.It Sy mopd 1220Boolean value. 1221Runs 1222.Xr mopd 8 , 1223the 1224.Tn DEC 1225.Tn MOP 1226protocol daemon; used for booting 1227.Tn VAX 1228and other 1229.Tn DEC 1230machines. 1231Passes 1232.Sy mopd_flags . 1233.It Sy ndbootd 1234Boolean value. 1235Runs 1236.Xr ndbootd 8 , 1237the Sun Network Disk (ND) Protocol server. 1238Passes 1239.Sy ndbootd_flags . 1240.It Sy rarpd 1241Boolean value. 1242Runs 1243.Xr rarpd 8 , 1244the reverse ARP daemon, often used to boot 1245.Nx 1246and Sun workstations. 1247Passes 1248.Sy rarpd_flags . 1249.It Sy rbootd 1250Boolean value. 1251Runs 1252.Xr rbootd 8 , 1253the 1254.Tn HP 1255boot protocol daemon; used for booting 1256.Tn HP 1257workstations. 1258Passes 1259.Sy rbootd_flags . 1260.It Sy rtadvd 1261Boolean value. 1262Runs 1263.Xr rtadvd 8 , 1264the IPv6 router advertisement daemon, which is used to advertise 1265information about the subnet to IPv6 end hosts. 1266Passes 1267.Sy rtadvd_flags . 1268This is only for IPv6 routers, so set 1269.Sy ip6mode 1270to 1271.Dq Li router 1272if you use it. 1273.El 1274.Ss X Window System daemons 1275.Bl -tag -width net_interfaces 1276.It Sy xdm 1277Boolean value. 1278Runs the 1279.Xr xdm 1 1280X display manager. 1281These X daemons are available only with the optional X distribution of 1282.Nx . 1283.It Sy xfs 1284Boolean value. 1285Runs the 1286.Xr xfs 1 1287X11 font server, which supplies local X font files to X terminals. 1288.El 1289.Ss NIS (YP) daemons 1290.Bl -tag -width net_interfaces 1291.It Sy ypbind 1292Boolean value. 1293Runs 1294.Xr ypbind 8 , 1295which lets 1296.Tn NIS 1297(YP) clients use information from a 1298.Tn NIS 1299server. 1300Passes 1301.Sy ypbind_flags . 1302.It Sy yppasswdd 1303Boolean value. 1304Runs 1305.Xr yppasswdd 8 , 1306which allows remote 1307.Tn NIS 1308users to update password on master server. 1309Passes 1310.Sy yppasswdd_flags . 1311.It Sy ypserv 1312Boolean value. 1313Runs 1314.Xr ypserv 8 , 1315the 1316.Tn NIS 1317(YP) server for distributing information from certain files in 1318.Pa /etc . 1319Passes 1320.Sy ypserv_flags . 1321The 1322.Dq Li -d 1323flag causes it to use DNS for lookups in 1324.Pa /etc/hosts 1325that fail. 1326.El 1327.Ss NFS daemons and parameters 1328.Bl -tag -width net_interfaces 1329.It Sy amd 1330Boolean value. 1331Runs 1332.Xr amd 8 , 1333the automounter daemon, which automatically mounts NFS file systems 1334whenever a file or directory within that file system is accessed. 1335Passes 1336.Sy amd_flags . 1337.It Sy amd_dir 1338A string. 1339The 1340.Xr amd 8 1341mount directory. 1342Used only if 1343.Sy amd 1344is true. 1345.It Sy lockd 1346Boolean value. 1347Runs 1348.Xr rpc.lockd 8 1349if 1350.Sy nfs_server 1351and/or 1352.Sy nfs_client 1353are true. 1354Passes 1355.Sy lockd_flags . 1356.It Sy mountd 1357Boolean value. 1358Runs 1359.Xr mountd 8 1360and passes 1361.Sy mountd_flags . 1362.It Sy nfs_client 1363Boolean value. 1364The number of local NFS asynchronous I/O server is now controlled via 1365.Xr sysctl 8 . 1366.It Sy nfs_server 1367Boolean value. 1368Sets up a host to be a NFS server by running 1369.Xr nfsd 8 1370and passing 1371.Sy nfsd_flags . 1372.It Sy statd 1373Boolean value. 1374Runs 1375.Xr rpc.statd 8 , 1376a status monitoring daemon used when 1377.Xr rpc.lockd 8 1378is running, if 1379.Sy nfs_server 1380and/or 1381.Sy nfs_client 1382are true. 1383Passes 1384.Sy statd_flags . 1385.El 1386.Ss Bluetooth support 1387.Bl -tag -width net_interfaces 1388.It Sy bluetooth 1389Boolean value. 1390Configure Bluetooth support, comprising the following tasks: 1391.Bl -dash -compact 1392.It 1393attach serial Bluetooth controllers as listed in the 1394.Pa /etc/bluetooth/btdevctl.conf 1395configuration file. 1396.It 1397enable Bluetooth controllers with useful defaults, plus 1398additional options as detailed below. 1399.It 1400optionally, start 1401.Xr bthcid 8 , 1402the Bluetooth Link Key/PIN Code manager, passing 1403.Sy bthcid_flags . 1404.It 1405configure local Bluetooth drivers as listed in the 1406.Pa /etc/bluetooth/btdevctl.conf 1407configuration file. 1408.It 1409optionally, start 1410.Xr sdpd 8 , 1411the Service Discovery server, passing 1412.Sy sdpd_flags . 1413.El 1414.It Sy btconfig_devices 1415A string. 1416An optional list of Bluetooth controllers to configure. 1417.It Sy btconfig_{dev} 1418A string. 1419Additional configuration options for specific Bluetooth controllers. 1420.It Sy btconfig_args 1421A string. 1422Additional configuration options for Bluetooth controllers without 1423specific options as above. 1424.It Sy bthcid 1425Boolean value. 1426If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1427.It Sy sdpd 1428Boolean value. 1429If set to false, disable starting the Bluetooth Service Discovery server. 1430.El 1431.Ss Other daemons 1432.Bl -tag -width net_interfaces 1433.It Sy identd 1434Boolean value. 1435Runs 1436.Xr identd 8 , 1437the daemon for the user identification protocol. 1438Passes 1439.Sy identd_flags . 1440.It Sy iscsi_target 1441Boolean value. 1442Runs the server for iSCSI requests, 1443.Xr iscsi-target 8 . 1444Passes 1445.Sy iscsi_target_flags . 1446.It Sy isdnd 1447Boolean value. 1448Runs 1449.Xr isdnd 8 , 1450the isdn4bsd ISDN connection management daemon. 1451Passes 1452.Sy isdnd_flags . 1453.It Sy isdn_autoupdown 1454Boolean value. 1455Set all configured ISDN interfaces to 1456.Dq up . 1457If 1458.Sy isdn_interfaces 1459is not blank, only the listed interfaces will be modified. 1460Used only if 1461.Sy isdnd 1462is true. 1463.It Sy kdc 1464Boolean value. 1465Runs the 1466.Xr kdc 8 1467Kerberos v4 and v5 server. 1468This should be run on Kerberos master and slave servers. 1469.It Sy rwhod 1470Boolean value. 1471Runs 1472.Xr rwhod 8 1473to support the 1474.Xr rwho 1 1475and 1476.Xr ruptime 1 1477commands. 1478.El 1479.Ss Hardware daemons 1480.Bl -tag -width net_interfaces 1481.It Sy apmd 1482Boolean value. 1483Runs 1484.Xr apmd 8 1485and passes 1486.Sy apmd_flags . 1487.It Sy irdaattach 1488Boolean value. 1489Runs 1490.Xr irdaattach 8 1491and passes 1492.Sy irdaattach_flags . 1493.It Sy moused 1494Boolean value. 1495Runs 1496.Xr moused 8 , 1497to pass serial mouse data to the wscons mouse mux. 1498Passes 1499.Sy moused_flags . 1500.It Sy screenblank 1501Boolean value. 1502Runs 1503.Xr screenblank 1 1504and passes 1505.Sy screenblank_flags . 1506.It Sy wscons 1507Boolean value. 1508Configures the 1509.Xr wscons 4 1510console driver, from the configuration file 1511.Pa /etc/wscons.conf . 1512.It Sy wsmoused 1513Boolean value. 1514Runs 1515.Xr wsmoused 8 , 1516to provide copy and paste text support in wscons displays. 1517Passes 1518.Sy wsmoused_flags . 1519.El 1520.Sh FILES 1521.Bl -tag -width /etc/defaults/rc.conf -compact 1522.It Pa /etc/rc.conf 1523The file 1524.Nm 1525resides in 1526.Pa /etc . 1527.It Pa /etc/defaults/rc.conf 1528Default settings for 1529.Nm , 1530sourced by 1531.Nm 1532before the end-user configuration section. 1533.It Pa /etc/rc.conf.d/ Ns Ar foo 1534.Ar foo Ns No -specific 1535.Nm 1536overrides. 1537.El 1538.Sh SEE ALSO 1539.Xr boot 8 , 1540.Xr rc 8 , 1541.Xr rc.d 8 , 1542.Xr rc.subr 8 , 1543.Xr rcorder 8 1544.Sh HISTORY 1545The 1546.Nm 1547file appeared in 1548.Nx 1.3 . 1549