1.\" $NetBSD: rc.conf.5,v 1.162 2015/10/09 19:49:25 plunky Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd July 9, 2015 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Sq Ic YES , 127.Sq Ic TRUE , 128.Sq Ic ON 129or 130.Sq Ic 1 131for true, and 132.Sq Ic NO , 133.Sq Ic FALSE , 134.Sq Ic OFF 135or 136.Sq Ic 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with "_flags" appended, and determine what 141arguments are passed to the program if it is enabled. 142.Pp 143If a variable that 144.Xr rc 8 145expects to be set is not set, or the value is not one of the allowed 146values, a warning will be printed. 147.Ss Overall control 148.Bl -tag -width net_interfaces 149.It Sy do_rcshutdown 150Boolean value. 151If false, 152.Xr shutdown 8 153will not run 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_rcorder_flags 156A string. 157Extra arguments to the 158.Xr rcorder 8 159run by 160.Pa /etc/rc.shutdown . 161.It Sy rcshutdown_timeout 162A number. 163If non-blank, use this as the number of seconds to run a watchdog timer for 164which will terminate 165.Pa /etc/rc.shutdown 166if the timer expires before the shutdown script completes. 167.It Sy rc_configured 168Boolean value. 169If false then the system will drop into single-user mode during boot. 170.It Sy rc_fast_and_loose 171If set to a non-empty string, 172each script in 173.Pa /etc/rc.d 174will be executed in the current shell rather than a sub shell. 175This may be faster on slow machines that have an expensive 176.Xr fork 2 177operation. 178.Bl -hang 179.It Em Note : 180Use this at your own risk! 181A rogue command or script may inadvertently prevent boot to multiuser. 182.El 183.It Sy rc_rcorder_flags 184A string. 185Extra arguments to the 186.Xr rcorder 8 187run by 188.Pa /etc/rc . 189.It Sy rc_directories 190A string. 191Space separated list of directories searched for rc scripts. 192The default is 193.Pa /etc/rc.d . 194All directories in 195.Ev rc_directories 196must be located in the root file system, otherwise they will be silently 197skipped. 198.It Sy rc_silent 199Boolean value. 200If true then the usual output is suppressed, and 201.Xr rc 8 202invokes the command specified in the 203.Va rc_silent_cmd 204variable once for each line of suppressed output. 205The default value of 206.Va rc_silent 207is set from the 208.Dv AB_SILENT 209flag in the kernel's 210.Va boothowto 211variable (see 212.Xr boot 8 , 213.Xr reboot 2 ) . 214.It Sy rc_silent_cmd 215A command to be executed once per line of suppressed output, when 216.Va rc_silent 217is true. 218The default value of 219.Va rc_silent_cmd 220is 221.Dq twiddle , 222which will display a spinning symbol instead of each line of output. 223Another useful value is 224.Dq \&: , 225which will display nothing at all. 226.El 227.Ss Basic network configuration 228.Bl -tag -width net_interfaces 229.It Sy defaultroute 230A string. 231Default IPv4 network route. 232If empty or not set, then the contents of 233.Pa /etc/mygate 234(if it exists) are used. 235.It Sy defaultroute6 236A string. 237Default IPv6 network route. 238If empty or not set, then the contents of 239.Pa /etc/mygate6 240(if it exists) are used. 241.It Sy domainname 242A string. 243.Tn NIS 244(YP) domain of host. 245If empty or not set, then the contents of 246.Pa /etc/defaultdomain 247(if it exists) are used. 248.It Sy force_down_interfaces 249A space separated list of interface names. 250These interfaces will be configured down when going from multiuser to single-user 251mode or on system shutdown. 252.Pp 253This is important for some stateful interfaces, for example PPP over ISDN 254connections that cost money by connection time or PPPoE interfaces which 255have no direct means of noticing 256.Dq disconnect 257events. 258.Pp 259All active 260.Xr pppoe 4 261and 262.Xr ippp 4 263interfaces will be automatically added to this list. 264.It Sy hostname 265A string. 266Name of host. 267If empty or not set, then the contents of 268.Pa /etc/myname 269(if it exists) are used. 270.El 271.Ss Boottime file-system and swap configuration 272.Bl -tag -width net_interfaces 273.It Sy critical_filesystems_local 274A string. 275File systems mounted very early in the system boot before networking 276services are available. 277Usually 278.Pa /var 279is part of this, because it is needed by services such as 280.Xr dhclient 8 281which may be required to get the network operational. 282The default is 283.Dq "OPTIONAL:/var" , 284where the 285.Dq "OPTIONAL:" 286prefix means that it's not an error if the file system is not 287present in 288.Xr fstab 5 . 289.It Sy critical_filesystems_remote 290A string. 291File systems such as 292.Pa /usr 293that may require network services to be available to mount, 294that must be available early in the system boot for general services to use. 295The default is 296.Dq "OPTIONAL:/usr" , 297where the 298.Dq "OPTIONAL:" 299prefix means that it is not an error if the file system is not 300present in 301.Xr fstab 5 . 302.It Sy fsck_flags 303A string. 304A file system is checked with 305.Xr fsck 8 306during boot before mounting it. 307This option may be used to override the default command-line options 308passed to the 309.Xr fsck 8 310program. 311.Pp 312When set to 313.Fl y , 314.Xr fsck 8 315assumes yes as the answer to all operator questions during file system checks. 316This might be important with hosts where the administrator does not have 317access to the console and an unsuccessful shutdown must not make the host 318unbootable even if the file system checks would fail in preen mode. 319.It Sy no_swap 320Boolean value. 321Should be true if you have deliberately configured your system with no swap. 322If false and no swap devices are configured, the system will warn you. 323.It Sy resize_root 324Boolean value. 325Set to true to have the system resize the root file system to fill its 326partition. 327Will only attempt to resize the root file system if it is of type ffs and does 328not have logging enabled. 329Defaults to false. 330.It Sy swapoff 331Boolean value. 332Remove block-type swap devices at shutdown time. 333Useful if swapping onto RAIDframe devices. 334.El 335.Ss Block device subsystems 336.Bl -tag -width net_interfaces 337.It Sy ccd 338Boolean value. 339Configures concatenated disk devices according to 340.Xr ccd.conf 5 . 341.It Sy cgd 342Boolean value. 343Configures cryptographic disk devices. 344Requires 345.Pa /etc/cgd/cgd.conf . 346See 347.Xr cgdconfig 8 348for additional details. 349.It Sy lvm 350Boolean value. 351Configures the logical volume manager. 352See 353.Xr lvm 8 354for additional details. 355.It Sy raidframe 356Boolean value. 357Configures 358.Xr raid 4 , 359RAIDframe disk devices. 360See 361.Xr raidctl 8 362for additional details. 363.El 364.Ss One-time actions to perform or programs to run on boot-up 365.Bl -tag -width net_interfaces 366.It Sy accounting 367Boolean value. 368Enables process accounting with 369.Xr accton 8 . 370Requires 371.Pa /var/account/acct 372to exist. 373.It Sy clear_tmp 374Boolean value. 375Clear 376.Pa /tmp 377after reboot. 378.It Sy dmesg 379Boolean value. 380Create 381.Pa /var/run/dmesg.boot 382from the output of 383.Xr dmesg 8 . 384Passes 385.Sy dmesg_flags . 386.It Sy envsys 387Boolean value. 388Sets preferences for the environmental systems framework, 389.Xr envsys 4 . 390Requires 391.Pa /etc/envsys.conf , 392which is described in 393.Xr envsys.conf 5 . 394.It Sy gpio 395Boolean value. 396Configure 397.Xr gpio 4 398devices. 399See 400.Xr gpio.conf 5 . 401.It Sy ldconfig 402Boolean value. 403Configures 404.Xr a.out 5 405runtime link editor directory cache. 406.It Sy mixerctl 407Boolean value. 408Read 409.Xr mixerctl.conf 5 410for how to set mixer values. 411List in 412.Sy mixerctl_mixers 413the devices whose settings are to be saved at shutdown and 414restored at start-up. 415.It Sy newsyslog 416Boolean value. 417Run 418.Nm newsyslog 419to trim log files before syslogd starts. 420Intended for laptop users. 421Passes 422.Sy newsyslog_flags . 423.It Sy per_user_tmp 424Boolean value. 425Enables a per-user 426.Pa /tmp 427directory. 428.Sy per_user_tmp_dir 429can be used to override the default location of the 430.Dq real 431temporary directories, 432.Dq Pa /private/tmp . 433See 434.Xr security 7 435for additional details. 436.It Sy quota 437Boolean value. 438Checks and enables quotas by running 439.Xr quotacheck 8 440and 441.Xr quotaon 8 . 442.It Sy random_seed 443Boolean value. 444During boot-up, runs the 445.Xr rndctl 8 446utility with the 447.Fl L 448flag to seed the random number subsystem from an entropy file. 449During shutdown, runs the 450.Xr rndctl 8 451utility with the 452.Fl S 453flag to save some random information to the entropy file. 454The entropy file name is specified by the 455.Sy random_file 456variable, and defaults to 457.Pa /var/db/entropy-file . 458The entropy file must be on a local file system that is writable early during 459boot-up (just after the file systems specified in 460.Sy critical_filesystems_local 461have been mounted), and correspondingly late during shutdown. 462.It Sy rndctl 463Boolean value. 464Runs the 465.Xr rndctl 8 466utility one or more times according to the specification in 467.Sy rndctl_flags . 468.Pp 469If 470.Sy rndctl_flags 471does not contain a semicolon 472.Pq Ql \&; 473then it is expected to contain zero or more flags, 474followed by one or more device or type names. 475The 476.Xr rndctl 8 477command will be executed once for each device or type name. 478If the specified flags do not include any of 479.Fl c , C , e , 480or 481.Fl E , 482then the flags 483.Fl c 484and 485.Fl e 486are added, to specify that entropy from the relevant device or type 487should be both collected and estimated. 488If the specified flags do not include either of 489.Fl d 490or 491.Fl t , 492then the flag 493.Fl d 494is added, to specify that the non-flag arguments are device names, 495not type names. 496.Pp 497.Sy rndctl_flags 498may contain multiple semicolon-separated segments, in which each 499segment contains flags and device or type names as described above. 500This allows different flags to be associated with different 501device or type names. 502For example, given 503.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 504the following commands will be executed: 505.Li "rndctl -c -e -d wd0" ; 506.Li "rndctl -c -e -d wd1" ; 507.Li "rndctl -c -e -t tty" ; 508.Li "rndctl -c -t net" . 509.It Sy rtclocaltime 510Boolean value. 511Sets the real time clock to local time by adjusting the 512.Xr sysctl 7 513value of 514.Pa kern.rtc_offset . 515The offset from UTC is calculated automatically according 516to the time zone information in the file 517.Pa /etc/localtime . 518.It Sy savecore 519Boolean value. 520Runs the 521.Xr savecore 8 522utility. 523Passes 524.Sy savecore_flags . 525The directory where crash dumps are stored is specified by 526.Sy savecore_dir . 527The default setting is 528.Dq Pa /var/crash . 529.It Sy sysdb 530Boolean value. 531Builds various system databases, including 532.Pa /var/run/dev.cdb , 533.Pa /etc/spwd.db , 534.Pa /var/db/netgroup.db , 535.Pa /var/db/services.cdb , 536and entries for 537.Xr utmp 5 . 538.It Sy tpctl 539Boolean value. 540Run 541.Xr tpctl 8 542to calibrate touch panel device. 543Passes 544.Sy tpctl_flags . 545.It Sy update_motd 546Boolean value. 547Updates the 548.Nx 549version string in the 550.Pa /etc/motd 551file to reflect the version of the running kernel. 552See 553.Xr motd 5 . 554.It Sy virecover 555Boolean value. 556Send notification mail to users if any recoverable files exist in 557.Pa /var/tmp/vi.recover . 558Read 559.Xr virecover 8 560for more information. 561.It Sy wdogctl 562Boolean value. 563Configures watchdog timers. 564Passes 565.Sy wdogctl_flags . 566Refer to 567.Xr wdogctl 8 568for information on how to configure a timer. 569.El 570.Ss System security settings 571.Bl -tag -width net_interfaces 572.It Sy securelevel 573A number. 574The system securelevel is set to the specified value early 575in the boot process, before any external logins, or other programs 576that run users job, are started. 577If set to nothing, the default action is taken, as described in 578.Xr init 8 579and 580.Xr secmodel_securelevel 9 , 581which contains definitive information about the system securelevel. 582Note that setting 583.Sy securelevel 584to 0 in 585.Nm 586will actually result in the system booting with securelevel set to 1, as 587.Xr init 8 588will raise the level when 589.Xr rc 8 590completes. 591.It Sy permit_nonalpha 592Boolean value. 593Allow passwords to include non-alpha characters, usually to allow 594NIS/YP netgroups. 595.It Sy veriexec 596Boolean value. 597Load Veriexec fingerprints during startup. 598Read 599.Xr veriexecctl 8 600for more information. 601.It Sy veriexec_strict 602A number. 603Controls the strict level of Veriexec. 604Level 0 is learning mode, used when building the signatures file. 605It will only output messages but will not enforce anything. 606Level 1 will only prevent access to files with a fingerprint 607mismatch. 608Level 2 will also deny writing to and removing of 609monitored files, as well as enforce access type (as specified in 610the signatures file). 611Level 3 will take a step further and prevent 612access to files that are not monitored. 613.It Sy veriexec_verbose 614A number. 615Controls the verbosity of Veriexec. 616Recommended operation is at level 0, verbose output (mostly used when 617building the signatures file) is at level 1. 618Level 2 is for debugging only and should not be used. 619.It Sy veriexec_flags 620A string. 621Flags to pass to the 622.Nm veriexecctl 623command. 624.El 625.Ss Networking startup 626.Bl -tag -width net_interfaces 627.It Sy altqd 628Boolean value. 629ALTQ configuration/monitoring daemon. 630Passes 631.Sy altqd_flags . 632.It Sy auto_ifconfig 633Boolean value. 634Sets the 635.Sy net_interfaces 636variable (see below) to the output of 637.Xr ifconfig 8 638with the 639.Dq Li -l 640flag and suppresses warnings about interfaces in this list that 641do not have an ifconfig file or variable. 642.It Sy dhclient 643Boolean value. 644Set true to configure some or all network interfaces using 645the ISC DHCP client. 646If you set 647.Sy dhclient 648true, then 649.Pa /var 650must be in 651.Sy critical_filesystems_local , 652or 653.Pa /var 654must be on the root file system, 655or you must modify the 656.Sy dhclient_flags 657variable to direct the DHCP client to store the leases file 658in some other directory on the root file system. 659You must not provide ifconfig information or ifaliases 660information for any interface that is to be configured using the DHCP client. 661Interface aliases can be set up in the DHCP client configuration 662file if needed - see 663.Xr dhclient.conf 5 664for details. 665.Pp 666Passes 667.Sy dhclient_flags 668to the DHCP client. 669See 670.Xr dhclient 8 671for complete documentation. 672If you wish to configure all broadcast 673network interfaces using the DHCP client, you can leave this blank. 674To configure only specific interfaces, name the interfaces to be configured 675on the command line. 676.Pp 677If you must run the DHCP client before mounting critical file systems, 678then you should specify an alternate location for the DHCP client's lease 679file in the 680.Sy dhclient_flags 681variable - for example, "-lf /tmp/dhclient.leases". 682.It Sy dhcpcd 683Boolean value. 684Set true to configure some or all network interfaces using dhcpcd. 685If you set 686.Sy dhcpcd 687true, then 688.Pa /var 689must be in 690.Sy critical_filesystems_local , 691or 692.Pa /var 693must be on the root file system. 694If you need to restrict dhcpcd to one or a number of interfaces, 695or need a separate configuration per interface, 696then this should be done in the configuration file - see 697.Xr dhcpcd.conf 5 698for details. 699dhcpcd presently ignores the 700.Sy wpa_supplicant 701variable in rc.conf and will start wpa_supplicant if a suitable 702wpa_supplicant.conf is found unless otherwise instructed in 703.Xr dhcpcd.conf 5 . 704.It Sy dhcpcd_flags 705Passes 706.Sy dhcpcd_flags 707to dhcpcd. 708See 709.Xr dhcpcd 8 710for complete documentation. 711.It Sy flushroutes 712Boolean value. 713Flushes the route table on networking startup. 714Useful when coming up to multiuser mode after going down to 715single-user mode. 716.It Sy ftp_proxy 717Boolean value. 718Runs 719.Xr ftp-proxy 8 , 720the proxy daemon for the Internet File Transfer Protocol. 721.It Sy hostapd 722Boolean value. 723Runs 724.Xr hostapd 8 , 725the authenticator for IEEE 802.11 networks. 726.It Sy ifaliases_* 727A string. 728List of 729.Sq Em "address netmask" 730pairs to configure additional network addresses for the given 731configured interface 732.Dq * 733(e.g. 734.Sy ifaliases_le0 ) . 735If 736.Em netmask 737is 738.Dq - , 739then use the default netmask for the interface. 740.Pp 741.Sy ifaliases_* 742covers limited cases only and is considered unrecommended. 743We recommend using 744.Sy ifconfig_nnX 745variables or 746.Pa /etc/ifconfig.xxN 747files with multiple lines instead. 748.It Sy ifwatchd 749Boolean value. 750Monitor dynamic interfaces and perform actions upon address changes. 751Passes 752.Sy ifwatchd_flags . 753.It Sy ip6mode 754A string. 755An IPv6 node can be a router 756.Pq nodes that forward packet for others 757or a host 758.Pq nodes that do not forward . 759A host can be autoconfigured 760based on the information advertised by adjacent IPv6 routers. 761By setting 762.Sy ip6mode 763to 764.Dq Li router , 765.Dq Li host , 766or 767.Dq Li autohost , 768you can configure your node as a router, 769a non-autoconfigured host, or an autoconfigured host. 770Invalid values will be ignored, and the node will be configured as 771a non-autoconfigured host. 772You may want to check 773.Sy rtsol 774and 775.Sy rtsold 776as well, if you set the variable to 777.Dq Li autohost . 778.It Sy ip6uniquelocal 779Boolean value. 780If 781.Sy ip6mode 782is equal to 783.Dq Li router , 784and 785.Sy ip6uniquelocal 786is false, 787a reject route will be installed on boot to avoid misconfiguration relating 788to unique-local addresses. 789If 790.Sy ip6uniquelocal 791is true, the reject route won't be installed. 792.It Sy ipfilter 793Boolean value. 794Runs 795.Xr ipf 8 796to load in packet filter specifications from 797.Pa /etc/ipf.conf 798at network boot time, before any interfaces are configured. 799Passes 800.Sy ipfilter_flags . 801See 802.Xr ipf.conf 5 . 803.It Sy ipfs 804Boolean value. 805Runs 806.Xr ipfs 8 807to save and restore information for ipnat and ipfilter state tables. 808The information is stored in 809.Pa /var/db/ipf/ipstate.ipf 810and 811.Pa /var/db/ipf/ipnat.ipf . 812Passes 813.Sy ipfs_flags . 814.It Sy ipmon 815Boolean value. 816Runs 817.Xr ipmon 8 818to read 819.Xr ipf 8 820packet log information and log it to a file or the system log. 821Passes 822.Sy ipmon_flags . 823.It Sy ipmon_flags 824A string. 825Specifies arguments to supply to 826.Xr ipmon 8 . 827Defaults to 828.Dq Li -ns . 829A typical example would be 830.Dq Fl nD Pa /var/log/ipflog 831to have 832.Xr ipmon 8 833log directly to a file bypassing 834.Xr syslogd 8 . 835If the 836.Dq -D 837argument is used, remember to modify 838.Pa /etc/newsyslog.conf 839accordingly; for example: 840.Bd -literal 841/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 842.Ed 843.It Sy ipnat 844Boolean value. 845Runs 846.Xr ipnat 8 847to load in the IP network address translation (NAT) rules from 848.Pa /etc/ipnat.conf 849at network boot time, before any interfaces are configured. 850See 851.Xr ipnat.conf 5 . 852.It Sy ipsec 853Boolean value. 854Runs 855.Xr setkey 8 856to load in IPsec manual keys and policies from 857.Pa /etc/ipsec.conf 858at network boot time, before any interfaces are configured. 859.It Sy net_interfaces 860A string. 861The list of network interfaces to be configured at boot time. 862For each interface "xxN", the system first looks for ifconfig 863parameters in the variable 864.Sy ifconfig_xxN , 865and then in the file 866.Pa /etc/ifconfig.xxN . 867If 868.Sy auto_ifconfig 869is false, and neither the variable nor the file is found, 870a warning is printed. 871Information in either the variable or the file is parsed identically, 872except that, if an 873.Sy ifconfig_xxN 874variable contains a single line with embedded semicolons, 875then the value is split into multiple lines prior to further parsing, 876treating the semicolon as a line separator. 877.Pp 878One common case it to set the 879.Sy ifconfig_xxN 880variable to a set of arguments to be passed to an 881.Xr ifconfig 8 882command after the interface name. 883Refer to 884.Xr ifconfig.if 5 885for more details on 886.Pa /etc/ifconfig.xxN 887files, and note that the information there also applies to 888.Sy ifconfig_xxN 889variables (after the variables are split into lines). 890.It Sy ntpdate 891Boolean value. 892Runs 893.Xr ntpdate 8 894to set the system time from one of the hosts in 895.Sy ntpdate_hosts . 896If 897.Sy ntpdate_hosts 898is empty, it will attempt to find a list of hosts in 899.Pa /etc/ntp.conf . 900Passes 901.Sy ntpdate_flags . 902.It Sy pf 903Boolean value. 904Enable 905.Xr pf 4 906at network boot time: 907Load the initial configuration 908.Xr pf.boot.conf 5 909before the network is up. 910After the network has been configured, then load the final rule set 911.Xr pf.conf 5 . 912.It Sy pf_rules 913A string. 914The path of the 915.Xr pf.conf 5 916rule set that will be used when loading the final rule set. 917.It Sy pflogd 918Boolean value. 919Run 920.Xr pflogd 8 921for dumping packet filter logging information to a file. 922.It Sy ppp 923A boolean. 924Toggles starting 925.Xr pppd 8 926on startup. 927See 928.Sy ppp_peers 929below. 930.It Sy ppp_peers 931A string. 932If 933.Sy ppp 934is true and 935.Sy ppp_peers 936is not empty, then 937.Pa /etc/rc.d/ppp 938will check each word in 939.Sy ppp_peers 940for a corresponding ppp configuration file in 941.Pa /etc/ppp/peers 942and will call 943.Xr pppd 8 944with the 945.Dq call Sy peer 946option. 947.It Sy racoon 948Boolean value. 949Runs 950.Xr racoon 8 , 951the IKE (ISAKMP/Oakley) key management daemon. 952.It Sy rtsol 953Boolean value. 954Run 955.Xr rtsol 8 , 956router solicitation command for IPv6 hosts. 957On nomadic hosts like notebook computers, you may want to enable 958.Sy rtsold 959as well. 960Passes 961.Sy rtsol_flags . 962This is only for autoconfigured IPv6 hosts, so set 963.Sy ip6mode 964to 965.Dq Li autohost 966if you use it. 967.It Sy wpa_supplicant 968Boolean value. 969Run 970.Xr wpa_supplicant 8 , 971WPA/802.11i Supplicant for wireless network devices. 972If you set 973.Sy wpa_supplicant 974true, then 975.Pa /usr 976must be in 977.Sy critical_filesystems_local , 978or 979.Pa /usr 980must be on the root file system. 981dhcpcd ignores this variable, see the 982.Sy dhcpcd 983variable for details. 984.El 985.Ss Daemons required by other daemons 986.Bl -tag -width net_interfaces 987.It Sy inetd 988Boolean value. 989Runs the 990.Xr inetd 8 991daemon to start network server processes (as listed in 992.Pa /etc/inetd.conf ) 993as necessary. 994Passes 995.Sy inetd_flags . 996The 997.Dq Li -l 998flag turns on libwrap connection logging. 999.It Sy rpcbind 1000Boolean value. 1001The 1002.Xr rpcbind 8 1003daemon is required for any 1004.Xr rpc 3 1005services. 1006These include NFS, 1007.Tn NIS , 1008.Xr rpc.bootparamd 8 , 1009.Xr rpc.rstatd 8 , 1010.Xr rpc.rusersd 8 , 1011and 1012.Xr rpc.rwalld 8 . 1013Passes 1014.Sy rpcbind_flags . 1015.El 1016.Ss Commonly used daemons 1017.Bl -tag -width net_interfaces 1018.It Sy cron 1019Boolean value. 1020Run 1021.Xr cron 8 . 1022.It Sy ftpd 1023Boolean value. 1024Runs the 1025.Xr ftpd 8 1026daemon and passes 1027.Sy ftpd_flags . 1028.It Sy httpd 1029Boolean value. 1030Runs the 1031.Xr httpd 8 1032daemon and passes 1033.Sy httpd_flags . 1034.It Sy httpd_wwwdir 1035A string. 1036The 1037.Xr httpd 8 1038WWW root directory. 1039Used only if 1040.Sy httpd 1041is true. 1042The default setting is 1043.Dq Pa /var/www . 1044.It Sy httpd_wwwuser 1045A string. 1046If non-blank and 1047.Sy httpd 1048is true, run 1049.Xr httpd 8 1050and cause it to switch to the specified user after initialization. 1051It is preferred to 1052.Sy httpd_user 1053because 1054.Xr httpd 8 1055is requiring extra privileges to start listening on default port 80. 1056The default setting is 1057.Dq Dv _httpd . 1058.It Sy lpd 1059Boolean value. 1060Runs 1061.Xr lpd 8 1062and passes 1063.Sy lpd_flags . 1064The 1065.Dq Li -l 1066flag will turn on extra logging. 1067.It Sy mdnsd 1068Boolean value. 1069Runs 1070.Xr mdnsd 8 . 1071.It Sy named 1072Boolean value. 1073Runs 1074.Xr named 8 1075and passes 1076.Sy named_flags . 1077.It Sy named_chrootdir 1078A string. 1079If non-blank and 1080.Sy named 1081is true, run 1082.Xr named 8 1083as the unprivileged user and group 1084.Sq named , 1085.Xr chroot 2 Ns ed 1086to 1087.Sy named_chrootdir . 1088.Sy named_chrootdir Ns Pa /var/run/log 1089will be added to the list of log sockets that 1090.Xr syslogd 8 1091listens to. 1092.It Sy ntpd 1093Boolean value. 1094Runs 1095.Xr ntpd 8 1096and passes 1097.Sy ntpd_flags . 1098.It Sy ntpd_chrootdir 1099A string. 1100If non-blank and 1101.Sy ntpd 1102is true, run 1103.Xr ntpd 8 1104as the unprivileged user and group 1105.Sq ntpd , 1106.Xr chroot 2 Ns ed 1107to 1108.Sy ntpd_chrootdir . 1109.Sy ntpd_chrootdir Ns Pa /var/run/log 1110will be added to the list of log sockets that 1111.Xr syslogd 8 1112listens to. 1113This option requires that the kernel has 1114.Dl pseudo-device clockctl 1115compiled in, and that 1116.Pa /dev/clockctl 1117is present. 1118.It Sy postfix 1119Boolean value. 1120Starts 1121.Xr postfix 1 1122mail system. 1123.It Sy sshd 1124Boolean value. 1125Runs 1126.Xr sshd 8 1127and passes 1128.Sy sshd_flags . 1129.It Sy syslogd 1130Boolean value. 1131Runs 1132.Xr syslogd 8 1133and passes 1134.Sy syslogd_flags . 1135.It Sy timed 1136Boolean value. 1137Runs 1138.Xr timed 8 1139and passes 1140.Sy timed_flags . 1141The 1142.Dq Li -M 1143option allows 1144.Xr timed 8 1145to be a master time source as well as a slave. 1146If you are also running 1147.Xr ntpd 8 , 1148only one machine running both should have the 1149.Dq Li -M 1150flag given to 1151.Xr timed 8 . 1152.El 1153.Ss Routing daemons 1154.Bl -tag -width net_interfaces 1155.It Sy mrouted 1156Boolean value. 1157Runs 1158.Xr mrouted 8 , 1159the DVMRP multicast routing protocol daemon. 1160Passes 1161.Sy mrouted_flags . 1162.It Sy route6d 1163Boolean value. 1164Runs 1165.Xr route6d 8 , 1166the RIPng routing protocol daemon for IPv6. 1167Passes 1168.Sy route6d_flags . 1169.It Sy routed 1170Boolean value. 1171Runs 1172.Xr routed 8 , 1173the RIP routing protocol daemon. 1174Passes 1175.Sy routed_flags . 1176.\" This should be false 1177.\" if 1178.\" .Sy gated 1179.\" is true. 1180.It Sy rtsold 1181Boolean value. 1182Runs 1183.Xr rtsold 8 , 1184the IPv6 router solicitation daemon. 1185.Xr rtsold 8 1186periodically transmits router solicitation packets 1187to find IPv6 routers on the network. 1188This configuration is mainly for nomadic hosts like notebook computers. 1189Stationary hosts should work fine with just 1190.Sy rtsol . 1191Passes 1192.Sy rtsold_flags . 1193This is only for autoconfigured IPv6 hosts, so set 1194.Sy ip6mode 1195to 1196.Dq Li autohost 1197if you use it. 1198.El 1199.Ss Daemons used to boot other hosts over a network 1200.Bl -tag -width net_interfaces 1201.It Sy bootparamd 1202Boolean value. 1203Runs 1204.Xr bootparamd 8 , 1205the boot parameter server, with 1206.Sy bootparamd_flags 1207as options. 1208Used to boot 1209.Nx 1210and 1211.Tn "SunOS 4.x" 1212systems. 1213.It Sy dhcpd 1214Boolean value. 1215Runs 1216.Xr dhcpd 8 , 1217the Dynamic Host Configuration Protocol (DHCP) daemon, 1218for assigning IP addresses to hosts and passing boot information. 1219Passes 1220.Sy dhcpd_flags . 1221.It Sy dhcrelay 1222Boolean value. 1223Runs 1224.Xr dhcrelay 8 . 1225Passes 1226.Sy dhcrelay_flags . 1227.It Sy mopd 1228Boolean value. 1229Runs 1230.Xr mopd 8 , 1231the 1232.Tn DEC 1233.Tn MOP 1234protocol daemon; used for booting 1235.Tn VAX 1236and other 1237.Tn DEC 1238machines. 1239Passes 1240.Sy mopd_flags . 1241.It Sy ndbootd 1242Boolean value. 1243Runs 1244.Xr ndbootd 8 , 1245the Sun Network Disk (ND) Protocol server. 1246Passes 1247.Sy ndbootd_flags . 1248.It Sy rarpd 1249Boolean value. 1250Runs 1251.Xr rarpd 8 , 1252the reverse ARP daemon, often used to boot 1253.Nx 1254and Sun workstations. 1255Passes 1256.Sy rarpd_flags . 1257.It Sy rbootd 1258Boolean value. 1259Runs 1260.Xr rbootd 8 , 1261the 1262.Tn HP 1263boot protocol daemon; used for booting 1264.Tn HP 1265workstations. 1266Passes 1267.Sy rbootd_flags . 1268.It Sy rtadvd 1269Boolean value. 1270Runs 1271.Xr rtadvd 8 , 1272the IPv6 router advertisement daemon, which is used to advertise 1273information about the subnet to IPv6 end hosts. 1274Passes 1275.Sy rtadvd_flags . 1276This is only for IPv6 routers, so set 1277.Sy ip6mode 1278to 1279.Dq Li router 1280if you use it. 1281.El 1282.Ss X Window System daemons 1283.Bl -tag -width net_interfaces 1284.It Sy xdm 1285Boolean value. 1286Runs the 1287.Xr xdm 1 1288X display manager. 1289These X daemons are available only with the optional X distribution of 1290.Nx . 1291.It Sy xfs 1292Boolean value. 1293Runs the 1294.Xr xfs 1 1295X11 font server, which supplies local X font files to X terminals. 1296.El 1297.Ss NIS (YP) daemons 1298.Bl -tag -width net_interfaces 1299.It Sy ypbind 1300Boolean value. 1301Runs 1302.Xr ypbind 8 , 1303which lets 1304.Tn NIS 1305(YP) clients use information from a 1306.Tn NIS 1307server. 1308Passes 1309.Sy ypbind_flags . 1310.It Sy yppasswdd 1311Boolean value. 1312Runs 1313.Xr yppasswdd 8 , 1314which allows remote 1315.Tn NIS 1316users to update password on master server. 1317Passes 1318.Sy yppasswdd_flags . 1319.It Sy ypserv 1320Boolean value. 1321Runs 1322.Xr ypserv 8 , 1323the 1324.Tn NIS 1325(YP) server for distributing information from certain files in 1326.Pa /etc . 1327Passes 1328.Sy ypserv_flags . 1329The 1330.Dq Li -d 1331flag causes it to use DNS for lookups in 1332.Pa /etc/hosts 1333that fail. 1334.El 1335.Ss NFS daemons and parameters 1336.Bl -tag -width net_interfaces 1337.It Sy amd 1338Boolean value. 1339Runs 1340.Xr amd 8 , 1341the automounter daemon, which automatically mounts NFS file systems 1342whenever a file or directory within that file system is accessed. 1343Passes 1344.Sy amd_flags . 1345.It Sy amd_dir 1346A string. 1347The 1348.Xr amd 8 1349mount directory. 1350Used only if 1351.Sy amd 1352is true. 1353.It Sy lockd 1354Boolean value. 1355Runs 1356.Xr rpc.lockd 8 1357if 1358.Sy nfs_server 1359and/or 1360.Sy nfs_client 1361are true. 1362Passes 1363.Sy lockd_flags . 1364.It Sy mountd 1365Boolean value. 1366Runs 1367.Xr mountd 8 1368and passes 1369.Sy mountd_flags . 1370.It Sy nfs_client 1371Boolean value. 1372The number of local NFS asynchronous I/O server is now controlled via 1373.Xr sysctl 8 . 1374.It Sy nfs_server 1375Boolean value. 1376Sets up a host to be a NFS server by running 1377.Xr nfsd 8 1378and passing 1379.Sy nfsd_flags . 1380.It Sy statd 1381Boolean value. 1382Runs 1383.Xr rpc.statd 8 , 1384a status monitoring daemon used when 1385.Xr rpc.lockd 8 1386is running, if 1387.Sy nfs_server 1388and/or 1389.Sy nfs_client 1390are true. 1391Passes 1392.Sy statd_flags . 1393.El 1394.Ss Bluetooth support 1395.Bl -tag -width net_interfaces 1396.It Sy bluetooth 1397Boolean value. 1398Configure Bluetooth support, comprising the following tasks: 1399.Bl -dash -compact 1400.It 1401attach serial Bluetooth controllers as listed in the 1402.Pa /etc/bluetooth/btattach.conf 1403configuration file. 1404.It 1405enable Bluetooth controllers with useful defaults, plus 1406additional options as detailed below. 1407.It 1408optionally, start 1409.Xr bthcid 8 , 1410the Bluetooth Link Key/PIN Code manager, passing 1411.Sy bthcid_flags . 1412.It 1413configure local Bluetooth drivers as listed in the 1414.Pa /etc/bluetooth/btdevctl.conf 1415configuration file. 1416.It 1417optionally, start 1418.Xr sdpd 8 , 1419the Service Discovery server, passing 1420.Sy sdpd_flags . 1421.El 1422.It Sy btconfig_devices 1423A string. 1424An optional list of Bluetooth controllers to configure. 1425.It Sy btconfig_{dev} 1426A string. 1427Additional configuration options for specific Bluetooth controllers. 1428.It Sy btconfig_args 1429A string. 1430Additional configuration options for Bluetooth controllers without 1431specific options as above. 1432.It Sy bthcid 1433Boolean value. 1434If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1435.It Sy sdpd 1436Boolean value. 1437If set to false, disable starting the Bluetooth Service Discovery server. 1438.El 1439.Ss Other daemons 1440.Bl -tag -width net_interfaces 1441.It Sy identd 1442Boolean value. 1443Runs 1444.Xr identd 8 , 1445the daemon for the user identification protocol. 1446Passes 1447.Sy identd_flags . 1448.It Sy iscsi_target 1449Boolean value. 1450Runs the server for iSCSI requests, 1451.Xr iscsi-target 8 . 1452Passes 1453.Sy iscsi_target_flags . 1454.It Sy isdnd 1455Boolean value. 1456Runs 1457.Xr isdnd 8 , 1458the isdn4bsd ISDN connection management daemon. 1459Passes 1460.Sy isdnd_flags . 1461.It Sy isdn_autoupdown 1462Boolean value. 1463Set all configured ISDN interfaces to 1464.Dq up . 1465If 1466.Sy isdn_interfaces 1467is not blank, only the listed interfaces will be modified. 1468Used only if 1469.Sy isdnd 1470is true. 1471.It Sy kdc 1472Boolean value. 1473Runs the 1474.Xr kdc 8 1475Kerberos v4 and v5 server. 1476This should be run on Kerberos master and slave servers. 1477.It Sy rwhod 1478Boolean value. 1479Runs 1480.Xr rwhod 8 1481to support the 1482.Xr rwho 1 1483and 1484.Xr ruptime 1 1485commands. 1486.El 1487.Ss Hardware daemons 1488.Bl -tag -width net_interfaces 1489.It Sy apmd 1490Boolean value. 1491Runs 1492.Xr apmd 8 1493and passes 1494.Sy apmd_flags . 1495.It Sy irdaattach 1496Boolean value. 1497Runs 1498.Xr irdaattach 8 1499and passes 1500.Sy irdaattach_flags . 1501.It Sy moused 1502Boolean value. 1503Runs 1504.Xr moused 8 , 1505to pass serial mouse data to the wscons mouse mux. 1506Passes 1507.Sy moused_flags . 1508.It Sy screenblank 1509Boolean value. 1510Runs 1511.Xr screenblank 1 1512and passes 1513.Sy screenblank_flags . 1514.It Sy wscons 1515Boolean value. 1516Configures the 1517.Xr wscons 4 1518console driver, from the configuration file 1519.Pa /etc/wscons.conf . 1520.It Sy wsmoused 1521Boolean value. 1522Runs 1523.Xr wsmoused 8 , 1524to provide copy and paste text support in wscons displays. 1525Passes 1526.Sy wsmoused_flags . 1527.El 1528.Sh FILES 1529.Bl -tag -width /etc/defaults/rc.conf -compact 1530.It Pa /etc/rc.conf 1531The file 1532.Nm 1533resides in 1534.Pa /etc . 1535.It Pa /etc/defaults/rc.conf 1536Default settings for 1537.Nm , 1538sourced by 1539.Nm 1540before the end-user configuration section. 1541.It Pa /etc/rc.conf.d/ Ns Ar foo 1542.Ar foo Ns No -specific 1543.Nm 1544overrides. 1545.El 1546.Sh SEE ALSO 1547.Xr boot 8 , 1548.Xr rc 8 , 1549.Xr rc.d 8 , 1550.Xr rc.subr 8 , 1551.Xr rcorder 8 1552.Sh HISTORY 1553The 1554.Nm 1555file appeared in 1556.Nx 1.3 . 1557