Lines Matching +full:ao +full:- +full:secure
93 to store jail-specific configuration options.
105 .Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
120 .Bl -tag -width indent-two
193 .It Ao Ar name Ac Ns Va _chroot
197 .It Ao Ar name Ac Ns Va _cpuset
205 .It Ao Ar name Ac Ns Va _fib
210 .It Ao Ar name Ac Ns Va _group
216 .It Ao Ar name Ac Ns Va _limits
222 .It Ao Ar name Ac Ns Va _login_class
228 .It Ao Ar name Ac Ns Va _nice
233 .It Ao Ar name Ac Ns Va _oomprotect
252 .It Ao Ar name Ac Ns Va _setup
257 .It Ao Ar name Ac Ns Va _umask
262 .It Ao Ar name Ac Ns Va _user
265 .It Ao Ar name Ac Ns Va _svcj
269 auto-jail the service with inherited filesystem and other
272 .It Ao Ar name Ac Ns Va _svcj_ipaddrs
277 .It Ao Ar name Ac Ns Va _svcj_options
328 disable auto-loading of kernel modules with
332 A whitespace-separated list of kernel modules to be ignored by
346 A whitespace-separated list of kernel modules to be ignored by
350 A whitespace-separated list of kernel modules to load right after
386 A semi-colon
413 Enable auto-jailing of all services which are not explicitly
440 .Dq Li "-S" ,
471 .Dq Li "-S" ,
527 .Pa /var/db/mtree/BSD.var-run.mtree .
572 .Pa machine-id
587 .Dq Li -r
592 .Pa machine-id
594 .Pa /etc/machine-id .
641 This behavior can be overridden on a per-interface basis by replacing
680 .Bl -tag -width ".Li workstation" -compact
734 .\" ----- firewall_nat_enable setting --------------------------------
800 .\" -------------------------------------------------------------------
879 .\" ----- ipfilter_enable setting --------------------------------
892 .Bd -literal
922 .Bd -literal
929 .\" ----- ipfilter_program setting ------------------------------
936 .\" ----- ipfilter_rules setting --------------------------------
946 .\" ----- ipfilter_flags setting --------------------------------
953 .\" ----- ipnat_enable setting ----------------------------------
967 .\" ----- ipnat_program setting ---------------------------------
974 .\" ----- ipnat_rules setting -----------------------------------
985 .\" ----- ipnat_flags setting -----------------------------------
992 .\" ----- ipmon_enable setting ----------------------------------
1015 .\" ----- ipmon_program setting ---------------------------------
1022 .\" ----- ipmon_flags setting -----------------------------------
1026 .Dq Li -Ds
1040 .Bd -literal
1043 .\" ----- ipfs_enable setting -----------------------------------
1073 .\" ----- ipfs_program setting ----------------------------------
1080 .\" ----- ipfs_flags setting ------------------------------------
1087 .\" ----- end of added ipf hook ---------------------------------
1157 .Pa /etc/pf-fallback.conf ) .
1166 .Bd -literal
1223 is set, for each whitespace-separated
1248 .Xr ftp-proxy 8
1256 .Xr ftp-proxy 8
1262 .Xr ftp-proxy 8
1265 should contain a whitespace-separated list of instance names.
1270 should be defined, containing the command-line flags to be passed to the
1271 .Xr ftp-proxy 8
1405 the log messages are not rate-limited, so this option should only be used
1454 .Dq Li .-/+
1465 as well as special case-insensitive keywords described below.
1471 .Bd -literal
1476 .Va ifconfig_ Ns Ao Ar interface Ac Ns Pa _ipv6
1489 .Bd -literal
1495 Inter-Domain Routing
1499 .Li inet 192.0.2.5-23/24
1501 .Li inet6 2001:db8:1-f::1/64 .
1514 .Bd -literal
1519 .Li 192.0.2.5-23/24 ,
1521 addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting prefix length /32 as
1533 .Bd -literal
1535 ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1544 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1550 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1556 .Bd -literal
1571 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1573 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1575 .Bd -literal
1593 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1621 .Bd -literal
1631 .Bd -literal
1686 .Bd -literal
1707 .Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1719 .Bd -literal
1734 .Bd -literal
1742 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1751 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1767 will be IPv6-preferred.
1773 will be IPv4-preferred.
1776 This controls initial configuration on IPv6-capable
1778 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1785 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1791 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1802 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1803 for an IPv6-capable interface should be sufficient.
1838 .Dq inet6 -no_radr accept_rtadv
1840 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1873 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1890 daemon using its MIB-2 module.
1891 .It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1894 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1899 .Va ipv6_prefix_ Ns Ao Ar interface Ac
1903 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1908 .Bd -literal
1916 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1924 Note that a link-local address will be automatically configured in
1925 addition to the configured global-scope addresses because the IPv6
1934 If only a link-local address is needed on the interface,
1936 .Bd -literal
1940 A link-local address can also be configured manually.
1945 .Bd -literal
1952 addresses based on each prefix and the EUI-64 interface index will be
1955 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1959 .Bd -literal
1964 .Bd -literal
1971 These Subnet-Router anycast addresses will be added only when
2000 installs a pre-defined policy table described in Section 10.3
2001 .Pq IPv4-preferred
2003 .Pq IPv6-preferred
2019 the IPv6-preferred one is used.
2020 Otherwise IPv4-preferred.
2090 .Bd -literal
2108 Also used for per-profile overrides of
2113 .Va ppp_ Ns Ao Ar profile Ac Ns _unit .
2115 .Dq Li .-/+
2124 .It Va ppp_ Ns Ao Ar profile Ac Ns _mode
2148 .It Va ppp_ Ns Ao Ar profile Ac Ns _nat
2154 .It Va ppp_ Ns Ao Ar profile Ac Ns _unit
2190 A space-separated list of ZFS pool names for which new pool GUIDs should be
2196 A space-separated list of ZFS pool names for which the version should be
2223 .Va geli_ Ns Ao Ar group Ac Ns Va _devices
2227 Number of times user is asked for the pass-phrase.
2237 .Va geli_ Ns Ao Ar device Ac Ns Va _flags
2239 .Va geli_ Ns Ao Ar group Ac Ns Va _flags
2248 .Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2256 is remounted as read-write if this is set to
2258 Diskless systems that mount their root file system from a read-only remote
2299 List of file system types that are network-based.
2314 a whitespace-separated list of network file system descriptor pairs,
2317 and a human-readable, one-word description,
2461 the Kerberos 5 Password-Changing Daemon; set to
2470 this is the path to Kerberos 5 Password-Changing Daemon.
2525 A value of 2-10 seconds will substantially reduce network
2573 daemon, which is needed for NFS-over-TLS NFS mounts.
2582 to support NFS-over-TLS NFS mounts.
2646 allow services like PCNFSD to make non-privileged mount
2652 provide NFS services only on a secure port.
2773 A whitespace-separated list of NTP servers to synchronize with at startup.
2989 .Dq Nm arp Cm -S
2992 .Bd -literal
3005 .Dq Nm ndp Cm -s
3008 .Bd -literal
3027 .Bd -literal
3029 route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
3030 route_mcast="-net 224.0.0.0/4 -iface gif0"
3031 route_gif0local="-host 169.254.1.1 -iface lo0"
3123 You may want to fine-tune
3153 source-routed packets are forwarded.
3158 the system will accept source-routed packets directed at it.
3201 An effective value is 0-31.
3261 If set to a non-null string, the virtual console's keyboard input is
3269 .Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3272 .Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3411 .Bl -tag -width ".Li x10mouseremote" -compact
3487 daemon is started for a non-default port, the
3493 is the name of the non-default port, i.e.,\&
3501 .Dq Li "-3"
3515 .Li 0xd0 Ns - Ns Li 0xd3
3622 .Dq Li -d ,
3709 .Dq Li "-a" ,
3722 .Dq Li "-a" ,
3735 .Dq Li "-a" ,
3785 and the removal and (secure) recreation
3799 Set to the list of 32-bit compatibility shared library paths to
3821 Set to the list of local 32-bit compatibility
3837 ranges from \-1 (the compile time default) to 3 (the
3838 most secure).
3881 as a stand-alone daemon at system boot time.
3932 This timeout will not be set when returning to the single-user mode
3956 Pairs of already-mounted
4016 .Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf
4018 .Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf
4032 .Va jail_ Ns Ao Ar jname Ac Ns Va _flags
4037 A space-delimited list of jail names.
4057 Note that older releases supported per-jail configuration via
4065 These per-jail configuration variables are now obsolete in favor of
4069 when per-jail configuration variables are defined,
4072 .Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf
4075 The following per-jail parameters are handled by
4081 .Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
4083 They must be a semi-colon
4091 .Bl -tag -width "host.hostname" -offset indent
4094 .Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
4097 .Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
4100 .Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
4102 .Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log .
4105 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
4108 .Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
4112 .Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
4113 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4115 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4119 .Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
4122 .Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
4125 .Va jail_ Ns Ao Ar jname Ac Ns Va _fib
4128 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
4134 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
4137 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
4140 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4143 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
4146 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
4149 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4151 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4155 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4157 .Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4161 .Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4164 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4167 .Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4172 .Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4175 .Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4178 .Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4181 .Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4183 .\" -----------------------------------------------------
4186 Set to a bit-mask
4225 .Pa /var/db/entropy-file
4249 .Nm save-entropy
4254 .Nm save-entropy
4341 .Dq Li -CN ,
4367 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4375 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4387 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4399 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4406 .It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4427 .Bd -literal
4443 .Bd -literal
4517 Also used to specify per-profile overrides.
4519 .Dq Li .-/+
4523 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4532 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4539 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4546 .It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4550 if it should register Dial-Up Networking service on the specified
4585 delays the start of network-reliant services until
4604 This variable contains a space-delimited list of IP addresses to
4634 polled at a 1-second interval.
4658 A space-separated list of configuration files used by
4733 .Dq Li -Aa ,
4767 enable auto-loading of encryption keys for encrypted ZFS datasets.
4779 A whitespace-separated list of ZFS datasets to unlock.
4871 a localhost-only listening SMTP service required for running
4873 as a non-set-user-ID binary.
4946 some destructive actions require removal of the action-specific safe-belts
4958 parent (if you allow child-jails in your jails, service jails
4967 .Bl -tag -width indent-two
5024 All non-network options can be combined with all other options.
5033 .Va svcj- Ns Ar name .
5065 .Bl -tag -width "/etc/defaults/rc.conf" -compact