1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd Jul 3, 2000 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information. 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. In new installations, the 39.Nm 40file is generally initialized by the system installation utility: 41.Pa /stand/sysinstall . 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. Instead, it is included by the 47various generic startup scripts in 48.Pa /etc 49which conditionalize their 50internal actions according to the settings found there. 51.Pp 52The 53.Pa /etc/rc.conf 54file is included from the file 55.Pa /etc/defaults/rc.conf , 56which specifies the default settings for all the available options. 57Options 58need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66See the 67.Dq rc_conf_files 68option below. 69.Pp 70The following list provides a name and short description for each 71variable you can set in the 72.Nm 73file: 74.Bl -tag -width Ar 75.It Ar swapfile 76(str) If set to 77.Ar NO 78then no swapfile is installed, otherwise the value is used as the full 79pathname to a file to use for additional swap space. 80.It Ar apm_enable 81(bool) If set to 82.Ar YES , 83enable support for Automatic Power Management with 84the 85.Xr apm 8 86command. 87.It Ar apmd_enable 88(bool) Run 89.Xr apmd 8 90to handle APM event from userland. 91This also enable support for APM. 92.It Ar apmd_flags 93(str) If 94.Ar apmd_enable 95is set to 96.Ar YES , 97these are the flags to pass to the 98.Xr apmd 8 99daemon. 100.It Ar pccard_enable 101(bool) If set to 102.Ar YES , 103enable PCCARD support at boot time. 104.It Ar pccard_mem 105(str) Set to PCCARD controller memory address or 106.Ar DEFAULT 107for the default value. 108.It Ar pccard_ifconfig 109(str) List of arguments to be passed to ifconfig(8) at boot time or on 110insertion of of the card (e.g. "inet 192.168.1.1 netmask 255.255.255.0" 111for a fixed address or "DHCP" for a DHCP client). 112.It Ar pccard_beep 113(integer) If 0, 114set the PCCARD controller to silent mode. 115If 1, 116set it to beep mode. 117If 2, 118set it to melody mode. 119.It Ar pccard_conf 120(str) Path to the configuration file for the 121.Xr pccardd 8 122daemon (e.g. 123.Pa /etc/pccard.conf.sample ) . 124.It Ar pccardd_flags 125(str) If 126.Ar pccard_enable 127is set to 128.Ar YES , 129these are the flags to pass to the 130.Xr pccardd 8 131daemon. 132.It Ar local_startup 133(str) List of directories to search for startup script files. 134.It Ar hostname 135(str) The Fully Qualified Domain Name of your host on the network. 136This should almost certainly be set to something meaningful, even if 137you are not connected to a network. If you are using 138.Xr dhclient 8 139to set your hostname via DHCP, this variable should be set to an empty string. 140.It Ar nisdomainname 141(str) The NIS domainname of your host, or 142.Ar NO 143if you are not running NIS. 144.It Ar dhcp_program 145(str) Path to the DHCP client program 146.Po 147.Pa /sbin/dhclient , 148the ISC DHCP client, 149is the default 150.Pc . 151.It Ar dhcp_flags 152(str) Additional flags to pass to the DHCP client program. 153For the ISC DHCP client, see the 154.Xr dhclient 8 155page for a description of the command line options available. 156.It Ar firewall_enable 157(bool) Set to 158.Ar NO 159if you do not want have firewall rules loaded at startup, or 160.Ar YES 161if you do. 162If set to 163.Ar YES , 164and the kernel was not built with IPFIREWALL, the ipfw 165kernel module will be loaded. 166See also 167.Ar ipfilter_enable . 168.It Ar firewall_script 169(str) If you want to run a firewall script other than 170.Pa /etc/rc.firewall , 171set this variable to the full path to that script. 172.It Ar firewall_type 173(str) Names the firewall type from the selection in 174.Pa /etc/rc.firewall , 175or the file which contains the local firewall ruleset. Valid selections 176from 177.Pa /etc/rc.firewall , 178are 179.Dq open 180- unrestricted IP access; 181.Dq closed 182- all IP services disabled, except via lo0; 183.Dq client 184- basic protection for a workstation; 185.Dq simple 186- basic protection for a LAN. If a filename is specified, the full path 187must be given. 188.It Ar firewall_quiet 189(bool) Set to 190.Ar YES 191to disable the display of ipfw rules on the console during boot. 192.It Ar firewall_logging 193(bool) Set to 194.Ar YES 195to enable ipfw event logging. 196This is equivalent to the IPFIREWALL_VERBOSE kernel option. 197.It Ar natd_program 198(str) path to 199.Xr natd 8 . 200.It Ar natd_enable 201(bool) Set to 202.Ar YES 203to enable natd. 204.Ar Firewall_enable 205must also be set to 206.Ar YES , 207and 208.Xr divert 4 209sockets must be enabled in your kernel. 210.It Ar natd_interface 211This is the name of the public interface on which natd should run. It 212is mandatory if 213.Ar natd_enable 214is set to 215.Ar YES . 216The interface may be given as an interface name or as an IP address. 217.It Ar natd_flags 218Additional natd flags should be placed here. The 219.Fl n 220or 221.Fl a 222flag is automatically added with the above 223.Ar natd_interface 224as an argument. 225.\" ----- ipfilter_enable seting -------------------------------- 226.It Ar ipfilter_enable 227(bool) Set to 228.Ar NO 229by default. 230Setting this to 231.Ar YES 232enables 233.Xr ipf 8 234packet filtering. 235Strictly speaking almost any filter could be established 236"abusing" this setting and the fact that 237.Ar ipfilter_program , 238.Ar ipfilter_rules 239and 240.Ar ipfilter_flags 241are concatenated to form a command, 242as long as the file specified in 243.Ar ipfilter_rules 244is readable. 245When 246.Ar ipfilter_enable 247and 248.Ar ipnat_enable 249are set to 250.Ar YES 251and the file specified in 252.Ar ipnat_rules 253is readable, 254.Ar ipnat_program , 255.Ar ipnat_rules 256and 257.Ar ipnat_flags 258make up a command line to start a network address translation program. 259When 260.Ar ipfilter_enable 261and 262.Ar ipmon_enable 263are set to 264.Ar YES , 265.Ar ipmon_program 266and 267.Ar ipmon_flags 268form another command line for monitoring the above actions. 269See 270.Pa /etc/rc.network 271for details. 272.Pp 273Typical usage will require putting 274.Bd -literal 275ipfilter_enable="YES" 276ipfilter_flags="" 277ipnat_enable="YES" 278ipmon_enable="YES" 279 280.Ed 281into 282.Pa /etc/rc.conf 283and editing 284.Pa /etc/ipf.rules 285and 286.Pa /etc/ipnat.rules 287appropriately. 288Turning off 289.Ar firewall_enable 290when using ipf is recommended. 291Having 292.Bd -literal 293options IPFILTER 294options IPFILTER_LOG 295options IPFILTER_DEFAULT_BLOCK 296 297.Ed 298in the kernel configuration file is a good idea, too. 299.\" ----- ipfilter_program setting ------------------------------ 300.It Ar ipfilter_program 301(str) Set to 302.Ar /sbin/ipf -Fa -f 303by default. 304This variable contains a command line 305up to (but not including) the filter rule definition 306(expected to live in a separate file). 307See 308.Ar ipfilter_enable 309for a detailled discussion. 310.\" ----- ipfilter_rules setting -------------------------------- 311.It Ar ipfilter_rules 312(str) Set to 313.Ar /etc/ipf.rules 314by default. 315This variable contains the name of the filter rule definition file. 316The file is expected to be readable for the filter command to execute. 317See 318.Ar ipfilter_enable 319for a detailled discussion. 320.\" ----- ipfilter_flags setting -------------------------------- 321.It Ar ipfilter_flags 322(str) Set to 323.Ar -E 324by default. 325This variable contains flags appended to the filter command 326after the rule definition filename. 327The default setting will initialize an on demand loaded ipf module. 328When compiling ipfilter directly into your kernel (as is recommended) 329the variable should be empty to not initialize 330the code more than once. 331See 332.Ar ipfilter_enable 333for a detailled discussion. 334.\" ----- ipnat_enable setting ---------------------------------- 335.It Ar ipnat_enable 336(bool) Set to 337.Ar NO 338by default. 339Set it to 340.Ar YES 341to enable 342.Xr ipnat 8 343network address translation. 344Setting this variable needs setting 345.Ar ipfilter_enable , 346too. 347See 348.Ar ipfilter_enable 349for a detailled discussion. 350.\" ----- ipnat_program setting --------------------------------- 351.It Ar ipnat_program 352(str) Set to 353.Ar /sbin/ipnat -CF -f 354by default. 355This variable contains a command line 356up to (but not including) the translation rule definition 357(expected to live in a separate file). 358See 359.Ar ipfilter_enable 360for a detailled discussion. 361.\" ----- ipnat_rules setting ----------------------------------- 362.It Ar ipnat_rules 363(str) Set to 364.Ar /etc/ipnat.rules 365by default. 366This variable contains the name of the file 367holding the network address translation definition. 368This file is expected to be readable for the NAT command to execute. 369See 370.Ar ipfilter_enable 371for a detailled discussion. 372.\" ----- ipnat_flags setting ----------------------------------- 373.It Ar ipnat_flags 374(str) Empty by default. 375This variable contains additional flags 376appended to the ipnat command line 377after the rule definition filename. 378See 379.Ar ipfilter_enable 380for a detailled discussion. 381.\" ----- ipmon_enable setting ---------------------------------- 382.It Ar ipmon_enable 383(bool) Set to 384.Ar NO 385by default. 386Set it to 387.Ar YES 388to enable 389.Xr ipmon 8 390monitoring (logging 391.Xr ipf 8 392and 393.Xr ipnat 8 394events). 395Setting this variable needs setting 396.Ar ipfilter_enable , 397too. 398See 399.Ar ipfilter_enable 400for a detailled discussion. 401.\" ----- ipmon_program setting --------------------------------- 402.It Ar ipmon_program 403(str) Set to 404.Ar /sbin/ipmon 405by default. 406This variable contains the 407.Xr ipmon 8 408executable filename. 409See 410.Ar ipfilter_enable 411for a detailled discussion. 412.\" ----- ipmon_flags setting ----------------------------------- 413.It Ar ipmon_flags 414(str) Set to 415.Ar -Ds 416by default. 417This variable contains flags passed to the 418.Xr ipmon 8 419program. 420Another typical example would be 421.Ar -D /var/log/ipflog 422to have 423.Xr ipmon 8 424log directly to a file bypassing 425.Xr syslogd 8 . 426Make sure to adjust 427.Pa /etc/newsyslog.conf 428in such case like this: 429.Bd -literal 430/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 431 432.Ed 433See 434.Ar ipfilter_enable 435for a detailled discussion. 436.\" ----- end of added ipf hook --------------------------------- 437.It Ar tcp_extensions 438(bool) Set to 439.Ar NO 440by default. 441Setting this to YES enables certain TCP options as described by 442.Rs 443.%T RFC 1323 444.Re 445If you have problems with connections 446randomly hanging or other weird behavior of such nature, you might 447try setting this back to 448.Ar NO 449and seeing if that helps. Some hardware/software out there is known 450to be broken with respect to these options. 451.It Ar log_in_vain 452(bool) Set to 453.Ar NO 454by default. 455Setting to YES will enable logging of connection attempts to ports that 456have no listening socket on them. 457.It Ar tcp_keepalive 458(bool) Set to 459.Ar YES 460by default. 461Setting to NO will disable probing idle TCP connections to verify that the 462peer is still up and reachable. 463.It Ar tcp_drop_synfin 464(bool) Set to 465.Ar NO 466by default. 467Setting to YES will cause the kernel to ignore TCP frames that have both 468the SYN and FIN flags set. 469This prevents OS fingerprinting, but may 470break some legitimate applications. 471This option is only available if the 472kernel was built with the TCP_DROP_SYNFIN option. 473.It Ar tcp_restrict_rst 474(bool) Set to 475.Ar NO 476by default. 477Setting to YES will cause the kernel to refrain from emitting TCP RST frames 478in response to invalid TCP packets (e.g. frames destined for closed ports). 479This option is only available if the kernel was built with the 480TCP_RESTRICT_RST option. 481.It Ar icmp_drop_redirect 482(bool) Set to 483.Ar NO 484by default. 485Setting to YES will cause the kernel to ignore ICMP REDIRECT packets. 486.It Ar icmp_log_redirect 487(bool) Set to 488.Ar NO 489by default. 490Setting to YES will cause the kernel to log ICMP REDIRECT packets. 491Note that 492the log messages are not rate-limited, so this option should only be used 493for troubleshooting your own network. 494.It Ar network_interfaces 495(str) Set to the list of network interfaces to configure on this host. 496For example, if you had a loopback device (standard) and an SMC Elite 497Ultra NIC, you might have this set to 498.Qq Ar "lo0 ed0" 499for the two interfaces. An 500.No ifconfig_ Ns Em interface 501variable is also assumed to exist for each value of 502.Em interface . 503It is also possible to add IP alias entries here in cases where you 504want a single interface to have multiple IP addresses registered against 505it. 506Assuming that the interface in question was ed0, it might look 507something like this: 508.Bd -literal 509ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 510ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 511 512.Ed 513And so on. For each ifconfig_<interface>_alias<n> entry that is 514found, its contents are passed to 515.Xr ifconfig 8 . 516Execution stops at the first unsuccessful access, so if you 517had something like: 518.Bd -literal 519ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 520ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 521ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 522ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 523 524.Ed 525Then note that alias4 would 526.Em not 527be added since the search would 528stop with the missing alias3 entry. 529.Pp 530You can bring up an interface with DHCP by setting the 531.No ifconfig_ Ns Em interface 532variable to 533.Dq DHCP . 534For instance, to initialize your ed0 device via DHCP, 535you might have something like: 536.Bd -literal 537ifconfig_ed0="DHCP" 538.Ed 539.It Ar ppp_enable 540(bool) If set to 541.Ar YES , 542run the 543.Xr ppp 8 544daemon. 545.It Ar ppp_mode 546(str) Mode in which to run the 547.Xr ppp 8 548daemon. Accepted modes are 549.Ar auto , ddial , direct 550and 551.Ar dedicated . 552See the manual for a full description. 553.It Ar ppp_nat 554(bool) If set to 555.Ar YES , 556enables packet aliasing. 557Used in conjunction with 558.Ar gateway_enable 559allows hosts on private network addresses access to the Internet using 560this host as a network address translating router. 561.It Ar ppp_profile 562(str) The name of the profile to use from 563.Pa /etc/ppp/ppp.conf . 564.It Ar ppp_user 565(str) The name of the user under which ppp should be started. By 566default, ppp is started as 567.Ar root . 568.It Ar rc_conf_files 569(str) This option is used to specify a list of files that will override 570the settings in 571.Pa /etc/defaults/rc.conf . 572The files will be read in the order in which they are specified and should 573include the full path to the file. 574By default, the files specified are 575.Pa /etc/rc.conf 576and 577.Pa /etc/rc.conf.local 578.It Ar syslogd_enable 579(bool) If set to 580.Ar YES , 581run the 582.Xr syslogd 8 583daemon. 584.It Ar syslogd_flags 585(str) if syslogd_enable is set to 586.Ar YES , 587these are the flags to pass to 588.Xr syslogd 8 . 589.It Ar inetd_enable 590(bool) If set to 591.Ar YES , 592run the 593.Xr inetd 8 594daemon. 595.It Ar inetd_flags 596(str) if inetd_enable is set to 597.Ar YES , 598these are the flags to pass to 599.Xr inetd 8 . 600.It Ar named_enable 601(bool) If set to 602.Ar YES , 603run the 604.Xr named 8 605daemon. 606.It Ar named_program 607(str) path to 608.Xr named 8 609(default 610.Pa /usr/sbin/named ) . 611.It Ar named_flags 612(str) if 613.Ar named_enable 614is set to 615.Ar YES , 616these are the flags to pass to 617.Xr named 8 . 618.It Ar kerberos_server_enable 619(bool) Set to 620.Ar YES 621if you want to run a Kerberos authentication server 622at boot time. 623.It Ar kadmind_server_enable 624.Ar YES 625if you want to run 626.Xr kadmind 8 627the Kerberos Administration Daemon); set to 628.Ar NO 629on a slave server. 630.It Ar kerberos_stash 631(str) 632If 633.Ar YES , 634instruct the Kerberos servers to use the stashed master key instead of 635prompting for it (only if 636.Ar kerberos_server_enable 637is set to 638.Ar YES , 639and is used for both 640.Xr kerberos 1 641and 642.Xr kadmind 8 ). 643.It Ar rwhod_enable 644(bool) If set to 645.Ar YES , 646run the 647.Xr rwhod 8 648daemon at boot time. 649.It Ar rwhod_flags 650(str) If 651.Ar rwhod_enable 652is set to 653.Ar YES , 654these are the flags to pass to it. 655.It Ar amd_enable 656(bool) If set to 657.Ar YES , 658run the 659.Xr amd 8 660daemon at boot time. 661.It Ar amd_flags 662(str) If 663.Ar amd_enable 664is set to 665.Ar YES , 666these are the flags to pass to it. 667See the 668.Xr amd 8 669.Xr info 1 670page for more information. 671.It Ar update_motd 672(bool) If set to 673.Ar YES , 674.Pa /etc/motd 675will be updated at boot time to reflect the kernel release 676bring run. If set to 677.Ar NO , 678.Pa /etc/motd 679will not be updated 680.It Ar nfs_client_enable 681(bool) If set to 682.Ar YES , 683run the NFS client daemons at boot time. 684.It Ar nfs_client_flags 685(str) If 686.Ar nfs_client_enable 687is set to 688.Ar YES , 689these are the flags to pass to the 690.Xr nfsiod 8 691daemon. 692.It Ar nfs_access_cache 693if 694.Ar nfs_client_enable 695is set to 696.Ar YES , 697this can be set to 698.Ar 0 699to disable NFS ACCESS RPC caching, or to the number of seconds for which NFS ACCESS 700results should be cached. A value of 2-10 seconds will substantially reduce network 701traffic for many NFS operations. 702.It Ar nfs_server_enable 703(bool) If set to 704.Ar YES , 705run the NFS server daemons at boot time. 706.It Ar nfs_server_flags 707(str) If 708.Ar nfs_server_enable 709is set to 710.Ar YES , 711these are the flags to pass to the 712.Xr nfsd 8 713daemon. 714.It Ar single_mountd_enable 715(bool) If set to 716.Ar YES , 717and no 718.Ar nfs_server_enable 719is set, start 720.Xr mountd 8 , 721but not 722.Xr nfsd 8 723daemon. 724It is commonly needed to run CFS without real NFS used. 725.It Ar weak_mountd_authentication 726(bool) If set to 727.Ar YES , 728allow services like PCNFSD to make non-privileged mount 729requests. 730.It Ar nfs_privport 731(bool) If set to 732.Ar YES , 733provide NFS services only on a secure port. 734.It Ar nfs_bufpackets 735(integer) If set to a number, indicates the number of packets worth of 736socket buffer space to reserve on an NFS client. If set to 737.Ar DEFAULT , 738the kernel default is used (typically 4). Using a higher number may be 739useful on gigabit networks to improve performance. The minimum value is 7402 and the maximum is 64. 741.It Ar rcp_lockd_enable 742(bool) If set to 743.Ar YES 744and also an NFS server, run 745.Xr rpc.lockd 8 746at boot time. 747.It Ar rcp_statd_enable 748(bool) If set to 749.Ar YES 750and also an NFS server, run 751.Xr rpc.statd 8 752at boot time. 753.It Ar portmap_program 754(str) path to 755.Xr portmap 8 756(default 757.Pa /usr/sbin/portmap ) . 758.It Ar portmap_enable 759(bool) If set to 760.Ar YES , 761run the 762.Xr portmap 8 763service at boot time. 764.It Ar portmap_flags 765(str) If 766.Ar portmap_enable 767is set to 768.Ar YES , 769these are the flags to pass to the 770.Xr portmap 8 771daemon. 772.It Ar xtend_enable 773(bool) If set to 774.Ar YES 775then run the 776.Xr xtend 8 777daemon at boot time. 778.It Ar xtend_flags 779(str) If 780.Ar xtend_enable 781is set to 782.Ar YES , 783these are the flags to pass to the 784.Xr xtend 8 785daemon. 786.It Ar pppoed_enable 787(bool) If set to 788.Ar YES 789then run the 790.Xr pppoed 8 791daemon at boot time to provide PPP over Ethernet services. 792.It Ar pppoed_provider 793.Xr pppoed 8 794listens to requests to this 795.Ar provider 796and ultimately runs 797.Xr ppp 8 798with a 799.Ar system 800argument of the same name. 801.It Ar pppoed_flags 802Additional flags to pass to 803.Xr pppoed 8 . 804.It Ar pppoed_interface 805The network interface to run pppoed on. This is mandatory when 806.Ar pppoed_enable 807is set to 808.Dq YES . 809.It Ar timed_enable 810(boot) if 811.Ar YES 812then run the 813.Xr timed 8 814service at boot time. This command is intended for networks of 815machines where a consistent 816.Qq "network time" 817for all hosts must be established. This is often useful in large NFS 818environments where time stamps on files are expected to be consistent 819network-wide. 820.It Ar timed_flags 821(str) If 822.Ar timed_enable 823is set to 824.Ar YES , 825these are the flags to pass to the 826.Xr timed 8 827service. 828.It Ar ntpdate_enable 829(bool) If set to 830.Ar YES , 831run ntpdate at system startup. This command is intended to 832synchronize the system clock only 833.Ar once 834from some standard reference. An option to set this up initially 835(from a list of known servers) is also provided by the 836.Pa /stand/sysinstall 837program when the system is first installed. 838.It Ar ntpdate_program 839(str) path to 840.Xr ntpdate 8 841(default 842.Pa /usr/sbin/ntpdate ) . 843.It Ar ntpdate_flags 844(str) If 845.Ar ntpdate_enable 846is set to 847.Ar YES , 848these are the flags to pass to the 849.Xr ntpdate 8 850command (typically a hostname). 851.It Ar xntpd_enable 852(bool) If set to 853.Ar YES 854then run the 855.Xr xntpd 8 856command at boot time. 857.It Ar xntpd_program 858(str) path to 859.Xr xntpd 8 860(default 861.Pa /usr/sbin/xntpd ) . 862.It Ar xntpd_flags 863(str) If 864.Ar xntpd_enable 865is set to 866.Ar YES , 867these are the flags to pass to the 868.Xr xntpd 8 869daemon. 870.It Ar nis_client_enable 871(bool) If set to 872.Ar YES 873then run the 874.Xr ypbind 8 875service at system boot time. 876.It Ar nis_client_flags 877(str) If 878.Ar nis_client_enable 879is set to 880.Ar YES , 881these are the flags to pass to the 882.Xr ypbind 8 883service. 884.It Ar nis_ypset_enable 885(bool) If set to 886.Ar YES 887then run the 888.Xr ypset 8 889daemon at system boot time. 890.It Ar nis_ypset_flags 891(str) If 892.Ar nis_ypset_enable 893is set to 894.Ar YES , 895these are the flags to pass to the 896.Xr ypset 8 897daemon. 898.It Ar nis_server_enable 899(bool) If set to 900.Ar YES 901then run the 902.Xr ypserv 8 903daemon at system boot time. 904.It Ar nis_server_flags 905(str) If 906.Ar nis_server_enable 907is set to 908.Ar YES , 909these are the flags to pass to the 910.Xr ypserv 8 911daemon. 912.It Ar nis_ypxfrd_enable 913(bool) If set to 914.Ar YES 915then run the 916.Xr ypxfrd 8 917daemon at system boot time. 918.It Ar nis_ypxfrd_flags 919(str) If 920.Ar nis_ypxfrd_enable 921is set to 922.Ar YES , 923these are the flags to pass to the 924.Xr ypxfrd 8 925daemon. 926.It Ar nis_yppasswdd_enable 927(bool) If set to 928.Ar YES 929then run the 930.Xr yppasswdd 8 931daemon at system boot time. 932.It Ar nis_yppasswdd_flags 933(str) If 934.Ar nis_yppasswdd_enable 935is set to 936.Ar YES , 937these are the flags to pass to the 938.Xr yppasswdd 8 939daemon. 940.It Ar defaultrouter 941(str) If not set to 942.Ar NO 943then create a default route to this host name or IP address (use IP 944address value if you also require this router to get to a name 945server!) 946.It Ar static_routes 947(str) Set to the list of static routes you would like to add at system 948boot time. If not set to 949.Ar NO 950then for each whitespace separated 951.Em element 952in the value, a 953.No route_ Ns element 954variable is assumed to exist 955whose contents will later be passed to a 956.Dq route add 957operation. 958.It Ar gateway_enable 959(bool) If set to 960.Ar YES , 961then configure host to at as an IP router, e.g. to forward packets 962between interfaces. 963.It Ar router_enable 964(bool) If set to 965.Ar YES 966then run a routing daemon of some sort, based on the 967settings of 968.Ar router 969and 970.Ar router_flags . 971.It Ar router 972(str) If 973.Ar router_enable 974is set to 975.Ar YES , 976this is the name of the routing daemon to use. 977.It Ar router_flags 978(str) If 979.Ar router_enable 980is set to 981.Ar YES , 982these are the flags to pass to the routing daemon. 983.It Ar mrouted_enable 984(bool) If set to 985.Ar YES 986then run the multicast routing daemon, 987.Xr mrouted 8 . 988.It Ar mrouted_flags 989(str) If 990.Ar mrouted_enable 991is set to 992.Ar YES , 993these are the flags to pass to the multicast routing daemon. 994.It Ar ipxgateway_enable 995(bool) If set to 996.Ar YES 997then enable the routing of IPX traffic. 998.It Ar ipxrouted_enable 999(bool) If set to 1000.Ar YES 1001then run the 1002.Xr IPXrouted 8 1003daemon at system boot time. 1004.It Ar ipxrouted_flags 1005(str) If 1006.Ar ipxrouted_enable 1007is set to 1008.Ar YES , 1009these are the flags to pass to the 1010.Xr IPXrouted 8 1011daemon. 1012.It Ar arpproxy_all 1013If set to 1014.Ar YES 1015then enable global proxy ARP. 1016.It Ar forward_sourceroute 1017If set to 1018.Ar YES 1019then when 1020.Ar gateway_enable 1021is also set to 1022.Ar YES , 1023source routed packets are forwarded. 1024.It Ar accept_sourceroute 1025If set to 1026.Ar YES 1027then the system will accept source routed packets directed at it. 1028.It Ar rarpd_enable 1029(bool) If set to 1030.Ar YES 1031then run the 1032.Xr rarpd 8 1033daemon at system boot time. 1034.It Ar rarpd_flags 1035(str) If 1036.Ar rarpd_enable 1037is set to 1038.Ar YES , 1039these are the flags to pass to the 1040.Xr rarpd 8 1041daemon. 1042.It Ar atm_enable 1043(bool) Set to 1044.Ar YES 1045to enable the configuration of ATM interfaces at system boot time. 1046For all of the ATM variables described below, please refer to the 1047.Xr atm 8 1048man page for further details on the available command parameters. 1049Also refer to the files in 1050.Pa /usr/share/examples/atm 1051for more detailed configuration information. 1052.It Ar atm_netif_<intf> 1053(str) For the ATM physical interface 1054.Va <intf> , 1055this variable defines the name prefix and count for the ATM network interfaces to be created. 1056The value will be passed as the parameters of an 1057.Dq atm set netif Va <intf> 1058command. 1059.It Ar atm_sigmgr_<intf> 1060(str) For the ATM physical interface 1061.Va <intf> , 1062this variable defines the ATM signalling manager to be used. 1063The value will be passed as the parameters of an 1064.Dq atm attach Va <intf> 1065command. 1066.It Ar atm_prefix_<intf> 1067(str) For the ATM physical interface 1068.Va <intf> , 1069this variable defines the NSAP prefix for interfaces using a UNI signalling 1070manager. If set to 1071.Em ILMI , 1072then the prefix will automatically be set via the 1073.Xr ilmid 8 1074daemon. Otherwise, the value will be passed as the parameters of an 1075.Dq atm set prefix Va <intf> 1076command. 1077.It Ar atm_macaddr_<intf> 1078(str) For the ATM physical interface 1079.Va <intf> , 1080this variable defines the MAC address for interfaces using a UNI signalling 1081manager. If set to 1082.Em NO , 1083then the hardware MAC address contained in the ATM interface card will be used. 1084Otherwise, the value will be passed as the parameters of an 1085.Dq atm set mac Va <intf> 1086command. 1087.It Ar atm_arpserver_<netif> 1088(str) For the ATM network interface 1089.Va <netif> , 1090this variable defines the ATM address for a host which is to provide ATMARP 1091service. This variable is only applicable to interfaces using a UNI signalling 1092manager. If set to 1093.Em local , 1094then this host will become an ATMARP server. 1095The value will be passed as the parameters of an 1096.Dq atm set arpserver Va <netif> 1097command. 1098.It Ar atm_scsparp_<netif> 1099(bool) If set to 1100.Em YES , 1101then SCSP/ATMARP service for the network interface 1102.Va <netif> 1103will be initiated using the 1104.Xr scspd 8 1105and 1106.Xr atmarpd 8 1107daemons. This variable is only applicable if 1108.So 1109.No atm_arpserver_ Ns Va <netif> 1110.No Ns = Ns Qq local 1111.Sc 1112is defined. 1113.It Ar atm_pvcs 1114(str) Set to the list of ATM PVCs you would like to add at system 1115boot time. For each whitespace separated 1116.Em element 1117in the value, an 1118.No atm_pvc_ Ns Em element 1119variable is assumed to exist. The value of each of these variables 1120will be passed as the parameters of an 1121.Dq atm add pvc 1122command. 1123.It Ar atm_arps 1124(str) Set to the list of permanent ATM ARP entries you would like to add 1125at system boot time. For each whitespace separated 1126.Em element 1127in the value, an 1128.No atm_arp_ Ns Em element 1129variable is assumed to exist. The value of each of these variables 1130will be passed as the parameters of an 1131.Dq atm add arp 1132command. 1133.It Ar keymap 1134(str) If set to 1135.Ar NO 1136then no keymap is installed, otherwise the value is used to install 1137the keymap file in 1138.Pa /usr/share/syscons/keymaps/<value>.kbd 1139.It Ar keyrate 1140(str) The keyboard repeat speed. Set to 1141.Ar slow , 1142.Ar normal , 1143.Ar fast 1144or 1145.Ar NO 1146if the default behavior is desired. 1147.It Ar keychange 1148(str) If not set to 1149.Ar NO , 1150attempt to program the function keys with the value. The value should 1151be a single string of the form: 1152.Qq Ar "<funkey_number> <new_value> [<funkey_number> <new_value>]..." 1153.It Ar cursor 1154(str) Can be set to the value of 1155.Ar normal , 1156.Ar blink , 1157.Ar destructive 1158or 1159.Ar NO 1160to set the cursor behavior explicitly or choose the default behavior. 1161.It Ar scrnmap 1162(str) If set to 1163.Ar NO 1164then no screen map is installed, otherwise the value is used to install 1165the screen map file in 1166.Pa /usr/share/syscons/scrnmaps/<value> . 1167.It Ar font8x16 1168(str) If set to 1169.Ar NO 1170then the default 8x16 font value is used for screen size requests, otherwise 1171the value in 1172.Pa /usr/share/syscons/fonts/<value> 1173is used. 1174.It Ar font8x14 1175(str) If set to 1176.Ar NO 1177then the default 8x14 font value is used for screen size requests, otherwise 1178the value in 1179.Pa /usr/share/syscons/fonts/<value> 1180is used. 1181.It Ar font8x8 1182(str) If set to 1183.Ar NO 1184then the default 8x8 font value is used for screen size requests, otherwise 1185the value in 1186.Pa /usr/share/syscons/fonts/<value> 1187is used. 1188.It Ar blanktime 1189(int) If set to 1190.Ar NO 1191then the default screen blanking interval is used, otherwise it is set 1192to 1193.Ar value 1194seconds. 1195.It Ar saver 1196(str) If not set to 1197.Ar NO , 1198this is the actual screen saver to use (blank, snake, daemon, etc). 1199.It Ar moused_enable 1200(str) If set to 1201.Ar YES , 1202the 1203.Xr moused 8 1204daemon is started for doing cut/paste selection on the console. 1205.It Ar moused_type 1206(str) This is the protocol type of mouse you would like to use. 1207This variable must be set if 1208.Ar moused_enable 1209is set to 1210.Ar YES . 1211The 1212.Xr moused 8 1213daemon 1214is able to detect the appropriate mouse type automatically in many cases. 1215You can set this variable to 1216.Ar auto 1217to let the daemon detect it, or 1218select one from the following list if the automatic detection fails. 1219.Pp 1220If your mouse is attached to the PS/2 mouse port, you should 1221always choose 1222.Ar auto 1223or 1224.Ar ps/2 , 1225regardless of the brand and model of the mouse. Likewise, if your 1226mouse is attached to the bus mouse port, choose 1227.Ar auto 1228or 1229.Ar busmouse . 1230All other protocols are for serial mice and will not work with 1231the PS/2 and bus mice. 1232If you have a USB mouse, 1233.Ar auto 1234is the only protocol type which works with the USB mouse. 1235.Bd -literal 1236microsoft Microsoft mouse (serial) 1237intellimouse Microsoft IntelliMouse (serial) 1238mousesystems Mouse systems Corp mouse (serial) 1239mmseries MM Series mouse (serial) 1240logitech Logitech mouse (serial) 1241busmouse A bus mouse 1242mouseman Logitech MouseMan and TrackMan (serial) 1243glidepoint ALPS GlidePoint (serial) 1244thinkingmouse Kensignton ThinkingMouse (serial) 1245ps/2 PS/2 mouse 1246mmhittab MM HitTablet (serial) 1247x10mouseremote X10 MouseRemote (serial) 1248versapad Interlink VersaPad (serial) 1249 1250.Ed 1251Even if your mouse is not in the above list, it may be compatible 1252with one in the list. 1253Refer to the man page for 1254.Xr moused 8 1255for compatibility information. 1256.Pp 1257It should also be noted that while this is enabled, any 1258other client of the mouse (such as an X server) should access 1259the mouse through the virtual mouse device: 1260.Pa /dev/sysmouse 1261and configure it as a sysmouse type mouse, since all 1262mouse data is converted to this single canonical format when 1263using 1264.Xr moused 8 . 1265If the client program does not support the sysmouse type, 1266specify the mousesystems type. 1267It is the second prefered type. 1268.It Ar moused_port 1269(str) If 1270.Ar moused_enable 1271is set to 1272.Ar YES , 1273this is the actual port the mouse is on. 1274It might be 1275.Pa /dev/cuaa0 1276for a COM1 serial mouse, 1277.Pa /dev/psm0 1278for a PS/2 mouse or 1279.Pa /dev/mse0 1280for a bus mouse, for example. 1281.It Ar moused_flags 1282(str) If 1283.Ar moused_type 1284is set, these are the additional flags to pass to the 1285.Xr moused 8 1286daemon. 1287.It Ar allscreens_flags 1288(str) If set, 1289.Xr vidcontrol 1 1290is run with these options for each of the virtual terminals 1291.Pq Pa /dev/ttyv* . 1292For example, 1293.Ar -m on 1294will enable the mouse pointer on all virtual terminals 1295if 1296.Ar moused_enable 1297is set to 1298.Ar YES . 1299.It Ar cron_enable 1300(bool) If set to 1301.Ar YES 1302then run the 1303.Xr cron 8 1304daemon at system boot time. 1305.It Ar lpd_program 1306(str) path to 1307.Xr lpd 8 1308(default 1309.Pa /usr/sbin/lpd ) . 1310.It Ar lpd_enable 1311(bool) If set to 1312.Ar YES 1313then run the 1314.Xr lpd 8 1315daemon at system boot time. 1316.It Ar lpd_flags 1317(str) If 1318.Ar lpd_enable 1319is set to 1320.Ar YES , 1321these are the flags to pass to the 1322.Xr lpd 8 1323daemon. 1324.It Ar sendmail_enable 1325(bool) If set to 1326.Ar YES 1327then run the 1328.Xr sendmail 8 1329daemon at system boot time. 1330.It Ar sendmail_flags 1331(str) If 1332.Ar sendmail_enable 1333is set to 1334.Ar YES , 1335these are the flags to pass to the 1336.Xr sendmail 8 1337daemon. 1338.It Ar dumpdev 1339(str) If not set to 1340.Ar NO 1341then point kernel crash-dumps at the swap device 1342specified as 1343.Em value . 1344When the system restarts, 1345a crash-dump found on the specified device 1346will typically be stored in the 1347.Pa /var/crash 1348directory by the 1349.Xr savecore 8 1350program. 1351.It Ar check_quotas 1352(bool) Set to 1353.Ar YES 1354if you want to enable user disk quota checking via the 1355.Xr quotacheck 8 1356command. 1357.It Ar accounting_enable 1358(bool) Set to 1359.Ar YES 1360if you wish to enable system accounting through the 1361.Xr accton 8 1362facility. 1363.It Ar ibcs2_enable 1364(bool) Set to 1365.Ar YES 1366if you wish to enable iBCS2 (SCO) binary emulation at system initial boot 1367time. 1368.It Ar ibcs2_loaders 1369(str) If not set to 1370.Ar NO 1371and if 1372.Ar ibcs2_enable 1373is set to 1374.Ar YES , 1375this specifies a list of additional iBCS2 loaders to enable. 1376.It Ar linux_enable 1377(bool) Set to 1378.Ar YES 1379if you wish to enable Linux/ELF binary emulation at system initial 1380boot time. 1381.It Ar osf1_enable 1382(bool) Set to 1383.Ar YES 1384if you wish to enable OSF/1 (Digital UNIX) binary emulation at system 1385initial boot time. (alpha) 1386.It Ar clear_tmp_enable 1387(bool) Set to 1388.Ar YES 1389if you want 1390.Pa /tmp 1391to be cleaned at startup. 1392.It Ar ldconfig_paths 1393(str) Set to the list of shared library paths to use with 1394.Xr ldconfig 8 . 1395NOTE: 1396.Pa /usr/lib 1397will always be added first, so it need not appear in this list. 1398.It Ar ldconfig_insecure 1399(bool) The 1400.Xr ldconfig 8 1401utility normally refuses to use directories 1402which are writable by anyone except root. 1403Set this variable to 1404.Ar YES 1405if you want to disable that security check during system startup. 1406.It Ar kern_securelevel_enable 1407(bool) Set to 1408.Ar YES 1409if you wish to set the kernel security level at system startup. 1410.It Ar kern_securelevel 1411(int) The kernel security level to set at startup. 1412The allowed range of 1413.Ar value 1414ranges from -1 (the compile time default) to 3 (the 1415most secure). See 1416.Xr init 8 1417for the list of possible security levels and their effect 1418on system operation. 1419.It Ar start_vinum 1420(bool) Set to 1421.Ar YES 1422if you want to start 1423.Xr vinum 8 1424at system boot time. 1425.It Ar sshd_program 1426(str) Path to the SSH server program 1427.Po 1428.Pa /usr/sbin/sshd 1429is the default 1430.Pc . 1431.It Ar sshd_enable 1432(bool) Set to 1433.Ar YES 1434if you want to start 1435.Xr sshd 8 1436at system boot time. 1437.It Ar sshd_flags 1438(str) If 1439.Ar sshd_enable 1440is set to 1441.Ar YES , 1442these are the flags to pass to the 1443.Xr sshd 8 1444daemon. 1445.It Ar unaligned_print 1446(bool) If set to 1447.Ar NO 1448then unaligned access warnings will not be printed. (alpha) 1449.Sh FILES 1450.Bl -tag -width /etc/defaults/rc.conf -compact 1451.It Pa /etc/defaults/rc.conf 1452.It Pa /etc/rc.conf 1453.It Pa /etc/rc.conf.local 1454.El 1455.Sh SEE ALSO 1456.Xr catman 1 , 1457.Xr makewhatis 1 , 1458.Xr gdb 1 , 1459.Xr info 1 , 1460.Xr exports 5 , 1461.Xr motd 5 , 1462.Xr accton 8 , 1463.Xr amd 8 , 1464.Xr apm 8 , 1465.Xr atm 8 , 1466.Xr cron 8 , 1467.Xr dhclient 8 , 1468.Xr gated 8 , 1469.Xr ifconfig 8 , 1470.Xr inetd 8 , 1471.Xr lpd 8 , 1472.Xr moused 8 , 1473.Xr mrouted 8 , 1474.Xr named 8 , 1475.Xr nfsd 8 , 1476.Xr nfsiod 8 , 1477.Xr ntpdate 8 , 1478.Xr pcnfsd 8 , 1479.Xr portmap 8 , 1480.Xr quotacheck 8 , 1481.Xr rc 8 , 1482.Xr route 8 , 1483.Xr routed 8 , 1484.Xr rpc.lockd 8 , 1485.Xr rpc.statd 8 , 1486.Xr rwhod 8 , 1487.Xr savecore 8 , 1488.Xr sendmail 8 , 1489.Xr sshd 8 , 1490.Xr sysctl 8 , 1491.Xr syslogd 8 , 1492.Xr swapon 8 , 1493.Xr tickadj 8 , 1494.Xr timed 8 , 1495.Xr vinum 8 , 1496.Xr vnconfig 8 , 1497.Xr xntpd 8 , 1498.Xr xtend 8 , 1499.Xr ypbind 8 , 1500.Xr ypserv 8 , 1501.Xr ypset 8 1502.Sh HISTORY 1503The 1504.Nm 1505file appeared in 1506.Fx 2.2.2 . 1507.Sh AUTHORS 1508.An Jordan K. Hubbard . 1509