xref: /freebsd/share/man/man5/rc.conf.5 (revision 058ac3e8063366dafa634d9107642e12b038bf09)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd November 14, 2022
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/defaults/vendor.conf
63allows vendors to override
64.Fx
65defaults.
66The file
67.Pa /etc/rc.conf.local
68is used to override settings in
69.Pa /etc/rc.conf
70for historical reasons.
71.Pp
72The sysrc(8) command provides a scripting interface to modify system
73config files.
74.Pp
75In addition to
76.Pa /etc/rc.conf.local
77you can also place smaller configuration files for each
78.Xr rc 8
79script in the
80.Pa /etc/rc.conf.d
81directory or
82.Ao Ar dir Ac Ns Pa /rc.conf.d
83directories specified in
84.Va local_startup ,
85which will be included by the
86.Va load_rc_config
87function.
88For jail configurations you could use the file
89.Pa /etc/rc.conf.d/jail
90to store jail-specific configuration options.
91If
92.Va local_startup
93contains
94.Pa /usr/local/etc/rc.d
95and
96.Pa /opt/conf ,
97.Pa /usr/local/etc/rc.conf.d/jail
98and
99.Pa /opt/conf/rc.conf.d/jail
100will be loaded.
101If
102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
103is a directory,
104all of files in the directory will be loaded.
105Also see the
106.Va rc_conf_files
107variable below.
108.Pp
109Options are set with
110.Dq Ar name Ns Li = Ns Ar value
111assignments that use
112.Xr sh 1
113syntax.
114The following list provides a name and short description for each
115variable that can be set in the
116.Nm
117file:
118.Bl -tag -width indent-two
119.It Va rc_debug
120.Pq Vt bool
121If set to
122.Dq Li YES ,
123enable output of debug messages from rc scripts.
124This variable can be helpful in diagnosing mistakes when
125editing or integrating new scripts.
126Beware that this produces copious output to the terminal and
127.Xr syslog 3 .
128.It Va rc_info
129.Pq Vt bool
130If set to
131.Dq Li NO ,
132disable informational messages from the rc scripts.
133Informational messages are displayed when
134a condition that is not serious enough to warrant a warning or
135an error occurs.
136.It Va rc_startmsgs
137.Pq Vt bool
138If set to
139.Dq Li YES ,
140show
141.Dq Starting foo:
142when faststart is used (e.g., at boot time).
143.It Va early_late_divider
144.Pq Vt str
145The name of the script that should be used as the
146delimiter between the
147.Dq early
148and
149.Dq late
150stages of the boot process.
151The early stage should contain all the services needed to
152get the disks (local or remote) mounted so that the late
153stage can include scripts contained in the directories
154listed in the
155.Va local_startup
156variable (see below).
157Thus, the two likely candidates for this value are
158.Pa mountcritlocal
159for the typical system, and
160.Pa mountcritremote
161if the system needs remote file
162systems mounted to get access to the
163.Va local_startup
164directories; for example when
165.Pa /usr/local
166is NFS mounted.
167For
168.Pa rc.conf
169within a
170.Xr jail 8
171.Pa NETWORKING
172is likely to be an appropriate value.
173Extreme care should be taken when changing this value,
174and before changing it one should ensure that there are
175adequate provisions to recover from a failed boot
176(such as physical contact with the machine,
177or reliable remote console access).
178.It Va always_force_depends
179.Pq Vt bool
180Various
181.Pa rc.d
182scripts use the force_depend function to check whether required
183services are already running, and to start them if necessary.
184By default during boot time this check is bypassed if the
185required service is enabled in
186.Pa /etc/rc.conf[.local] .
187Setting this option will bypass that check at boot time and
188always test whether or not the service is actually running.
189Enabling this option is likely to increase your boot time if
190services are enabled that utilize the force_depend check.
191.It Ao Ar name Ac Ns Va _chroot
192.Pq Vt str
193.Xr chroot 8
194to this directory before running the service.
195.It Ao Ar name Ac Ns Va _fib
196.Pq Vt int
197The
198.Xr setfib 1
199value to run the service under.
200.It Ao Ar name Ac Ns Va _group
201.Pq Vt str
202Run the chrooted service under this system group.
203Unlike the
204.Ao Ar name Ac Ns Va _user
205setting, this setting has no effect if the service is not chrooted.
206.It Ao Ar name Ac Ns Va _limits
207.Pq Vt str
208Resource limits to apply to the service using
209.Xr limits 1 .
210By default, resource limits are based on the login class defined in
211.Ao Ar name Ac Ns Va _login_class .
212.It Ao Ar name Ac Ns Va _login_class
213.Pq Vt str
214Login class to be used with
215.Ao Ar name Ac Ns Va _limits .
216Defaults to
217.Dq Li daemon .
218.It Ao Ar name Ac Ns Va _nice
219.Pq Vt int
220The
221.Xr nice 1
222value to run the service under.
223.It Ao Ar name Ac Ns Va _oomprotect
224.Pq Vt str
225Use
226.Xr protect 1
227to prevent the service from being killed when swap space
228is exhausted.
229Use
230.Dq Li YES
231to protect only the service itself, and
232.Dq Li ALL
233to protect the service and all its child processes.
234.Pp
235Please note that rc scripts which redefine
236.Dl ${argument}_cmd
237.Pq see Xr rc.subr 8
238such as PostgreSQL will not inherit the OOM killer protection.
239.Pp
240This variable has no effect on services running within a
241.Xr jail 8 .
242.It Ao Ar name Ac Ns Va _umask
243.Pq Vt int
244Run the service using this
245.Xr umask 1
246value.
247.It Ao Ar name Ac Ns Va _user
248.Pq Vt str
249Run the service under this user account.
250.It Va apm_enable
251.Pq Vt bool
252If set to
253.Dq Li YES ,
254enable support for Automatic Power Management with
255the
256.Xr apm 8
257command.
258.It Va apmd_enable
259.Pq Vt bool
260Run
261.Xr apmd 8
262to handle APM event from userland.
263This also enables support for APM.
264.It Va apmd_flags
265.Pq Vt str
266If
267.Va apmd_enable
268is set to
269.Dq Li YES ,
270these are the flags to pass to the
271.Xr apmd 8
272daemon.
273.It Va devd_enable
274.Pq Vt bool
275Run
276.Xr devd 8
277to handle device added, removed or unknown events from the kernel.
278.It Va ddb_enable
279.Pq Vt bool
280Run
281.Xr ddb 8
282to install
283.Xr ddb 4
284scripts at boot time.
285.It Va ddb_config
286.Pq Vt str
287Configuration file for
288.Xr ddb 8 .
289Default
290.Pa /etc/ddb.conf .
291.It Va devmatch_enable
292.Pq Vt bool
293If set to
294.Dq Li NO ,
295disable auto-loading of kernel modules with
296.Xr devmatch 8 .
297.It Va devmatch_blocklist
298.Pq Vt str
299A whitespace-separated list of kernel modules to be ignored by
300.Xr devmatch 8 .
301In addition, the
302.Xr kenv 1
303.Va devmatch_blocklist
304is appended to this variable to allow disabling of
305.Xr devmatch 8
306loaded modules from the boot loader.
307.It Va devmatch_blacklist
308.Pq Vt str
309This variable is deprecated.
310Use
311.Va devmatch_blocklist
312instead.
313A whitespace-separated list of kernel modules to be ignored by
314.Xr devmatch 8 .
315.It Va kld_list
316.Pq Vt str
317A whitespace-separated list of kernel modules to load right after
318the local disks are mounted, without any
319.Pa .ko
320extension or path.
321Loading modules at this point in the boot process is
322much faster than doing it via
323.Pa /boot/loader.conf
324for those modules not necessary for mounting local disks.
325.It Va kldxref_enable
326.Pq Vt bool
327Set to
328.Dq Li NO
329by default.
330Set to
331.Dq Li YES
332to automatically rebuild
333.Pa linker.hints
334files with
335.Xr kldxref 8
336at boot time.
337.It Va kldxref_clobber
338.Pq Vt bool
339Set to
340.Dq Li NO
341by default.
342If
343.Va kldxref_enable
344is true,
345setting to
346.Dq Li YES
347will overwrite existing
348.Pa linker.hints
349files at boot time.
350Otherwise,
351only missing
352.Pa linker.hints
353files are generated.
354.It Va kldxref_module_path
355.Pq Vt str
356Empty by default.
357A semi-colon
358.Pq Ql \&;
359delimited list of paths containing
360.Xr kld 4
361modules.
362If empty,
363the contents of the
364.Va kern.module_path
365.Xr sysctl 8
366are used.
367.It Va powerd_enable
368.Pq Vt bool
369If set to
370.Dq Li YES ,
371enable the system power control facility with the
372.Xr powerd 8
373daemon.
374.It Va powerd_flags
375.Pq Vt str
376If
377.Va powerd_enable
378is set to
379.Dq Li YES ,
380these are the flags to pass to the
381.Xr powerd 8
382daemon.
383.It Va tmpmfs
384Controls the creation of a
385.Pa /tmp
386memory file system.
387Always happens if set to
388.Dq Li YES
389and never happens if set to
390.Dq Li NO .
391If set to anything else, a memory file system is created if
392.Pa /tmp
393is not writable.
394.It Va tmpsize
395Controls the size of a created
396.Pa /tmp
397memory file system.
398.It Va tmpmfs_flags
399Extra options passed to the
400.Xr mdmfs 8
401utility when the memory file system for
402.Pa /tmp
403is created.
404The default is
405.Dq Li "-S" ,
406which inhibits the use of softupdates on
407.Pa /tmp
408so that file system space is freed without delay
409after file truncation or deletion.
410See
411.Xr mdmfs 8
412for other options you can use in
413.Va tmpmfs_flags .
414.It Va varmfs
415Controls the creation of a
416.Pa /var
417memory file system.
418Always happens if set to
419.Dq Li YES
420and never happens if set to
421.Dq Li NO .
422If set to anything else, a memory file system is created if
423.Pa /var
424is not writable.
425.It Va varsize
426Controls the size of a created
427.Pa /var
428memory file system.
429.It Va varmfs_flags
430Extra options passed to the
431.Xr mdmfs 8
432utility when the memory file system for
433.Pa /var
434is created.
435The default is
436.Dq Li "-S" ,
437which inhibits the use of softupdates on
438.Pa /var
439so that file system space is freed without delay
440after file truncation or deletion.
441See
442.Xr mdmfs 8
443for other options you can use in
444.Va varmfs_flags .
445.It Va populate_var
446Controls the automatic population of the
447.Pa /var
448file system.
449Always happens if set to
450.Dq Li YES
451and never happens if set to
452.Dq Li NO .
453If set to anything else, a memory file system is created if
454.Pa /var
455is not writable.
456Note that this process requires access to certain commands in
457.Pa /usr
458before
459.Pa /usr
460is mounted on normal systems.
461.It Va cleanvar_enable
462.Pq Vt bool
463Clean the
464.Pa /var
465directory.
466.It Va var_run_enable
467.Pq Vt bool
468Set to "YES" to enable saving of the
469.Pa /var/run
470directory strcucture into an mtree file at shutdown and the reload of the
471.Pa /var/run
472directory structure at boot.
473.It Va var_run_autosave
474.Pq Vt bool
475In some cases it may be undesirable to save
476.Pa /var/run
477at shutdown.
478When set to "NO"
479.Pa /var/run
480is loaded at reboot but not saved at shutdown. Typically in this scenario
481a
482.Pa service
483.Pa var_run
484.Pa save
485would be performed to save a copy of the
486.Pa /var/run
487directory structure once, to be reload during all subsequent reboots.
488.It Va var_run_mtree
489.Pq Vt str
490Where to save the
491.Pa /var/run
492mtree. The default location is
493.Pa /var/db/mtree/BSD.var-run.mtree .
494.It Va local_startup
495.Pq Vt str
496List of directories to search for startup script files.
497.It Va script_name_sep
498.Pq Vt str
499The field separator to use for breaking down the list of startup script files
500into individual filenames.
501The default is a space.
502It is not necessary to change this unless there are startup scripts with names
503containing spaces.
504.It Va hostapd_enable
505.Pq Vt bool
506Set to
507.Dq Li YES
508to start
509.Xr hostapd 8
510at system boot time.
511.It Va hostname
512.Pq Vt str
513The fully qualified domain name (FQDN) of this host on the network.
514This should almost certainly be set to something meaningful, even if
515there is no network connection.
516If
517.Xr dhclient 8
518is used to set the hostname via DHCP,
519this variable should be set to an empty string.
520Within a
521.Xr jail 8
522the hostname is generally already set and this variable may be absent.
523If this value remains unset when the system is done booting
524your console login will display the default hostname of
525.Dq Amnesiac .
526.It Va nisdomainname
527.Pq Vt str
528The NIS domain name of this host, or
529.Dq Li NO
530if NIS is not used.
531.It Va dhclient_program
532.Pq Vt str
533Path to the DHCP client program
534.Pa ( /sbin/dhclient ,
535the
536.Ox
537DHCP client,
538is the default).
539.It Va dhclient_flags
540.Pq Vt str
541Additional flags to pass to the DHCP client program.
542For the
543.Ox
544DHCP client, see the
545.Xr dhclient 8
546manpage for a description of the command line options available.
547.It Va dhclient_flags_ Ns Aq Ar iface
548Additional flags to pass to the DHCP client program running on
549.Ar iface
550only.
551When specified, this variable overrides
552.Va dhclient_flags .
553.It Va background_dhclient
554.Pq Vt bool
555Set to
556.Dq Li YES
557to start the DHCP client in background.
558This can cause trouble with applications depending on
559a working network, but it will provide a faster startup
560in many cases.
561.It Va background_dhclient_ Ns Aq Ar iface
562When specified, this variable overrides the
563.Va background_dhclient
564variable for interface
565.Ar iface
566only.
567.It Va synchronous_dhclient
568.Pq Vt bool
569Set to
570.Dq Li YES
571to start
572.Xr dhclient 8
573synchronously at startup.
574This behavior can be overridden on a per-interface basis by replacing
575the
576.Dq Li DHCP
577keyword in the
578.Va ifconfig_ Ns Aq Ar interface
579variable with
580.Dq Li SYNCDHCP
581or
582.Dq Li NOSYNCDHCP .
583.It Va defaultroute_delay
584.Pq Vt int
585When set to a positive value, wait up to this long after configuring
586DHCP interfaces at startup to give the interfaces time to receive a lease.
587.It Va firewall_enable
588.Pq Vt bool
589Set to
590.Dq Li YES
591to load firewall rules at startup.
592If the kernel was not built with
593.Cd "options IPFIREWALL" ,
594the
595.Pa ipfw.ko
596kernel module will be loaded.
597See also
598.Va ipfilter_enable .
599.It Va firewall_script
600.Pq Vt str
601This variable specifies the full path to the firewall script to run.
602The default is
603.Pa /etc/rc.firewall .
604.It Va firewall_type
605.Pq Vt str
606Names the firewall type from the selection in
607.Pa /etc/rc.firewall ,
608or the file which contains the local firewall ruleset.
609Valid selections from
610.Pa /etc/rc.firewall
611are:
612.Pp
613.Bl -tag -width ".Li workstation" -compact
614.It Li open
615unrestricted IP access
616.It Li closed
617all IP services disabled, except via
618.Dq Li lo0
619.It Li client
620basic protection for a workstation
621.It Li workstation
622basic protection for a workstation using stateful firewalling
623.It Li simple
624basic protection for a LAN.
625.El
626.Pp
627If a filename is specified, the full path
628must be given.
629.Pp
630Most of the predefined rulesets define additional configuration variables.
631These are documented in
632.Pa /etc/rc.firewall .
633.It Va firewall_quiet
634.Pq Vt bool
635Set to
636.Dq Li YES
637to disable the display of firewall rules on the console during boot.
638.It Va firewall_logging
639.Pq Vt bool
640Set to
641.Dq Li YES
642to enable firewall event logging.
643This is equivalent to the
644.Dv IPFIREWALL_VERBOSE
645kernel option.
646.It Va firewall_logif
647.Pq Vt bool
648Set to
649.Dq Li YES
650to create pseudo interface
651.Li ipfw0
652for logging.
653For more details, see
654.Xr ipfw 8
655manual page.
656.It Va firewall_flags
657.Pq Vt str
658Flags passed to
659.Xr ipfw 8
660if
661.Va firewall_type
662specifies a filename.
663.It Va firewall_coscripts
664.Pq Vt str
665List of executables and/or rc scripts to run after firewall starts/stops.
666Default is empty.
667.\" ----- firewall_nat_enable setting --------------------------------
668.It Va firewall_nat_enable
669.Pq Vt bool
670The
671.Xr ipfw 8
672equivalent of
673.Va natd_enable .
674Setting this to
675.Dq Li YES
676will automatically load the
677.Xr ipfw 8
678NAT kernel module if
679.Va firewall_enable
680is also set to
681.Dq Li YES .
682.It Va firewall_nat_interface
683.Pq Vt str
684The
685.Xr ipfw 8
686equivalent of
687.Va natd_interface .
688This is the name of the public interface or IP address on which
689kernel NAT should run.
690.It Va firewall_nat_flags
691.Pq Vt str
692Additional configuration parameters for kernel NAT should be placed here.
693.It Va firewall_nat64_enable
694.Pq Vt bool
695Setting this to
696.Dq Li YES
697will automatically load the
698.Xr ipfw 8
699NAT64 kernel module if
700.Va firewall_enable
701is also set to
702.Dq Li YES .
703.It Va firewall_nptv6_enable
704.Pq Vt bool
705Setting this to
706.Dq Li YES
707will automatically load the
708.Xr ipfw 8
709NPTv6 kernel module if
710.Va firewall_enable
711is also set to
712.Dq Li YES .
713.It Va firewall_pmod_enable
714.Pq Vt bool
715Setting this to
716.Dq Li YES
717will automatically load the
718.Xr ipfw 8
719pmod kernel module if
720.Va firewall_enable
721is also set to
722.Dq Li YES .
723.It Va dummynet_enable
724.Pq Vt bool
725Setting this to
726.Dq Li YES
727will automatically load the
728.Xr dummynet 4
729module if
730.Va firewall_enable
731is also set to
732.Dq Li YES .
733.\" -------------------------------------------------------------------
734.It Va ipfw_netflow_enable
735.Pq Vt bool
736Setting this to
737.Dq Li YES
738will enable netflow logging via
739.Xr ng_netflow 4
740.Pp
741By default a ipfw rule is inserted and all packets are duplicated with
742the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
743port using protocol version 5.
744.It Va ipfw_netflow_hook
745.Pq Vt int
746netflow hook name, must be numerical
747(default
748.Pa 9995 ) .
749.It Va ipfw_netflow_rule
750.Pq Vt int
751ipfw rule number
752(default
753.Pa 1000 ) .
754.It Va ipfw_netflow_ip
755.Pq Vt str
756Destination server ip for receiving netflow data
757(default
758.Pa 127.0.0.1 ) .
759.It Va ipfw_netflow_port
760.Pq Vt int
761Destination server port for receiving netflow data
762(default
763.Pa 9995 ) .
764.It Va ipfw_netflow_version
765.Pq Vt int
766Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
767.It Va ipfw_netflow_fib
768.Pq Vt int
769Only match packet in FIB
770.Pa ipfw_netflow_fib
771(default is undefined meaning all FIBs).
772.It Va natd_program
773.Pq Vt str
774Path to
775.Xr natd 8 .
776.It Va natd_enable
777.Pq Vt bool
778Set to
779.Dq Li YES
780to enable
781.Xr natd 8 .
782.Va firewall_enable
783must also be set to
784.Dq Li YES ,
785and
786.Xr divert 4
787sockets must be enabled in the kernel.
788If the kernel was not built with
789.Cd "options IPDIVERT" ,
790the
791.Pa ipdivert.ko
792kernel module will be loaded.
793.It Va natd_interface
794.Pq Vt str
795This is the name of the public interface on which
796.Xr natd 8
797should run.
798The interface may be given as an interface name or as an IP address.
799.It Va natd_flags
800.Pq Vt str
801Additional
802.Xr natd 8
803flags should be placed here.
804The
805.Fl n
806or
807.Fl a
808flag is automatically added with the above
809.Va natd_interface
810as an argument.
811.\" ----- ipfilter_enable setting --------------------------------
812.It Va ipfilter_enable
813.Pq Vt bool
814Set to
815.Dq Li NO
816by default.
817Setting this to
818.Dq Li YES
819enables
820.Xr ipf 8
821packet filtering.
822.Pp
823Typical usage will require putting
824.Bd -literal
825ipfilter_enable="YES"
826ipnat_enable="YES"
827ipmon_enable="YES"
828ipfs_enable="YES"
829.Ed
830.Pp
831into
832.Pa /etc/rc.conf
833and editing
834.Pa /etc/ipf.rules
835and
836.Pa /etc/ipnat.rules
837appropriately.
838.Pp
839Note that
840.Va ipfilter_enable
841and
842.Va ipnat_enable
843can be enabled independently.
844.Va ipmon_enable
845and
846.Va ipfs_enable
847both require at least one of
848.Va ipfilter_enable
849and
850.Va ipnat_enable
851to be enabled.
852.Pp
853Having
854.Bd -literal
855options IPFILTER
856options IPFILTER_LOG
857options IPFILTER_DEFAULT_BLOCK
858.Ed
859.Pp
860in the kernel configuration file is a good idea, too.
861.\" ----- ipfilter_program setting ------------------------------
862.It Va ipfilter_program
863.Pq Vt str
864Path to
865.Xr ipf 8
866(default
867.Pa /sbin/ipf ) .
868.\" ----- ipfilter_rules setting --------------------------------
869.It Va ipfilter_rules
870.Pq Vt str
871Set to
872.Pa /etc/ipf.rules
873by default.
874This variable contains the name of the filter rule definition file.
875The file is expected to be readable for the
876.Xr ipf 8
877command to execute.
878.\" ----- ipfilter_flags setting --------------------------------
879.It Va ipfilter_flags
880.Pq Vt str
881Empty by default.
882This variable contains flags passed to the
883.Xr ipf 8
884program.
885.\" ----- ipnat_enable setting ----------------------------------
886.It Va ipnat_enable
887.Pq Vt bool
888Set to
889.Dq Li NO
890by default.
891Set it to
892.Dq Li YES
893to enable
894.Xr ipnat 8
895network address translation.
896See
897.Va ipfilter_enable
898for a detailed discussion.
899.\" ----- ipnat_program setting ---------------------------------
900.It Va ipnat_program
901.Pq Vt str
902Path to
903.Xr ipnat 8
904(default
905.Pa /sbin/ipnat ) .
906.\" ----- ipnat_rules setting -----------------------------------
907.It Va ipnat_rules
908.Pq Vt str
909Set to
910.Pa /etc/ipnat.rules
911by default.
912This variable contains the name of the file
913holding the network address translation definition.
914This file is expected to be readable for the
915.Xr ipnat 8
916command to execute.
917.\" ----- ipnat_flags setting -----------------------------------
918.It Va ipnat_flags
919.Pq Vt str
920Empty by default.
921This variable contains flags passed to the
922.Xr ipnat 8
923program.
924.\" ----- ipmon_enable setting ----------------------------------
925.It Va ipmon_enable
926.Pq Vt bool
927Set to
928.Dq Li NO
929by default.
930Set it to
931.Dq Li YES
932to enable
933.Xr ipmon 8
934monitoring (logging
935.Xr ipf 8
936and
937.Xr ipnat 8
938events).
939Setting this variable needs setting
940.Va ipfilter_enable
941or
942.Va ipnat_enable
943too.
944See
945.Va ipfilter_enable
946for a detailed discussion.
947.\" ----- ipmon_program setting ---------------------------------
948.It Va ipmon_program
949.Pq Vt str
950Path to
951.Xr ipmon 8
952(default
953.Pa /sbin/ipmon ) .
954.\" ----- ipmon_flags setting -----------------------------------
955.It Va ipmon_flags
956.Pq Vt str
957Set to
958.Dq Li -Ds
959by default.
960This variable contains flags passed to the
961.Xr ipmon 8
962program.
963Another typical example would be
964.Dq Fl D Pa /var/log/ipflog
965to have
966.Xr ipmon 8
967log directly to a file bypassing
968.Xr syslogd 8 .
969Make sure to adjust
970.Pa /etc/newsyslog.conf
971in such case like this:
972.Bd -literal
973/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
974.Ed
975.\" ----- ipfs_enable setting -----------------------------------
976.It Va ipfs_enable
977.Pq Vt bool
978Set to
979.Dq Li NO
980by default.
981Set it to
982.Dq Li YES
983to enable
984.Xr ipfs 8
985saving the filter and NAT state tables during shutdown
986and reloading them during startup again.
987Setting this variable needs setting
988.Va ipfilter_enable
989or
990.Va ipnat_enable
991to
992.Dq Li YES
993too.
994See
995.Va ipfilter_enable
996for a detailed discussion.
997Note that if
998.Va kern_securelevel
999is set to 3,
1000.Va ipfs_enable
1001cannot be used
1002because the raised securelevel will prevent
1003.Xr ipfs 8
1004from saving the state tables at shutdown time.
1005.\" ----- ipfs_program setting ----------------------------------
1006.It Va ipfs_program
1007.Pq Vt str
1008Path to
1009.Xr ipfs 8
1010(default
1011.Pa /sbin/ipfs ) .
1012.\" ----- ipfs_flags setting ------------------------------------
1013.It Va ipfs_flags
1014.Pq Vt str
1015Empty by default.
1016This variable contains flags passed to the
1017.Xr ipfs 8
1018program.
1019.\" ----- end of added ipf hook ---------------------------------
1020.It Va pf_enable
1021.Pq Vt bool
1022Set to
1023.Dq Li NO
1024by default.
1025Setting this to
1026.Dq Li YES
1027enables
1028.Xr pf 4
1029packet filtering.
1030.Pp
1031Typical usage will require putting
1032.Pp
1033.Dl pf_enable="YES"
1034.Pp
1035into
1036.Pa /etc/rc.conf
1037and editing
1038.Pa /etc/pf.conf
1039appropriately.
1040Adding
1041.Pp
1042.Dl "device pf"
1043.Pp
1044builds support for
1045.Xr pf 4
1046into the kernel, otherwise the
1047kernel module will be loaded.
1048.It Va pf_rules
1049.Pq Vt str
1050Path to
1051.Xr pf 4
1052ruleset configuration file
1053(default
1054.Pa /etc/pf.conf ) .
1055.It Va pf_program
1056.Pq Vt str
1057Path to
1058.Xr pfctl 8
1059(default
1060.Pa /sbin/pfctl ) .
1061.It Va pf_flags
1062.Pq Vt str
1063If
1064.Va pf_enable
1065is set to
1066.Dq Li YES ,
1067these flags are passed to the
1068.Xr pfctl 8
1069program when loading the ruleset.
1070.It Va pf_fallback_rules_enable
1071.Pq Vt bool
1072Set to
1073.Dq Li NO
1074by default.
1075Setting this to
1076.Dq Li YES
1077enables loading
1078.Va pf_fallback_rules_file
1079or
1080.Va pf_fallback_rules
1081in case of a problem when loading the ruleset in
1082.Va pf_rules .
1083.It Va pf_fallback_rules_file
1084.Pq Vt str
1085Path to a pf ruleset to load in case of failure when loading the
1086ruleset in
1087.Va pf_rules
1088(default
1089.Pa /etc/pf-fallback.conf ) .
1090.It Va pf_fallback_rules
1091.Pq Vt str
1092A pf ruleset to load in case of failure when loading the ruleset in
1093.Va pf_rules
1094and
1095.Va pf_fallback_rules_file
1096is not found.
1097Multiple rules can be set as follows:
1098.Bd -literal
1099pf_fallback_rules="\\
1100	block drop log all\\
1101	pass in quick on em0"
1102.Pp
1103.Ed
1104The default fallback rule is
1105.Dq block drop log all
1106.It Va pflog_enable
1107.Pq Vt bool
1108Set to
1109.Dq Li NO
1110by default.
1111Setting this to
1112.Dq Li YES
1113enables
1114.Xr pflogd 8
1115which logs packets from the
1116.Xr pf 4
1117packet filter.
1118.It Va pflog_logfile
1119.Pq Vt str
1120If
1121.Va pflog_enable
1122is set to
1123.Dq Li YES
1124this controls where
1125.Xr pflogd 8
1126stores the logfile
1127(default
1128.Pa /var/log/pflog ) .
1129Check
1130.Pa /etc/newsyslog.conf
1131to adjust logfile rotation for this.
1132.It Va pflog_program
1133.Pq Vt str
1134Path to
1135.Xr pflogd 8
1136(default
1137.Pa /sbin/pflogd ) .
1138.It Va pflog_flags
1139.Pq Vt str
1140Empty by default.
1141This variable contains additional flags passed to the
1142.Xr pflogd 8
1143program.
1144.It Va pflog_instances
1145.Pq Vt str
1146If logging to more than one
1147.Xr pflog 4
1148interface is desired,
1149.Va pflog_instances
1150is set to the list of
1151.Xr pflogd 8
1152instances that should be started at system boot time.
1153If
1154.Va pflog_instances
1155is set, for each whitespace-separated
1156.Ar element
1157in the list,
1158.Ao Ar element Ac Ns Va _dev
1159and
1160.Ao Ar element Ac Ns Va _logfile
1161elements are assumed to exist.
1162.Ao Ar element Ac Ns Va _dev
1163must contain the
1164.Xr pflog 4
1165interface to be watched by the named
1166.Xr pflogd 8
1167instance.
1168.Ao Ar element Ac Ns Va _logfile
1169must contain the name of the logfile that will be used by the
1170.Xr pflogd 8
1171instance.
1172.It Va ftpproxy_enable
1173.Pq Vt bool
1174Set to
1175.Dq Li NO
1176by default.
1177Setting this to
1178.Dq Li YES
1179enables
1180.Xr ftp-proxy 8
1181which supports the
1182.Xr pf 4
1183packet filter in translating ftp connections.
1184.It Va ftpproxy_flags
1185.Pq Vt str
1186Empty by default.
1187This variable contains additional flags passed to the
1188.Xr ftp-proxy 8
1189program.
1190.It Va ftpproxy_instances
1191.Pq Vt str
1192Empty by default.
1193If multiple instances of
1194.Xr ftp-proxy 8
1195are desired at boot time,
1196.Va ftpproxy_instances
1197should contain a whitespace-separated list of instance names.
1198For each
1199.Ar element
1200in the list, a variable named
1201.Ao Ar element Ac Ns Va _flags
1202should be defined, containing the command-line flags to be passed to the
1203.Xr ftp-proxy 8
1204instance.
1205.It Va pfsync_enable
1206.Pq Vt bool
1207Set to
1208.Dq Li NO
1209by default.
1210Setting this to
1211.Dq Li YES
1212enables exposing
1213.Xr pf 4
1214state changes to other hosts over the network by means of
1215.Xr pfsync 4 .
1216The
1217.Va pfsync_syncdev
1218variable
1219must also be set then.
1220.It Va pfsync_syncdev
1221.Pq Vt str
1222Empty by default.
1223This variable specifies the name of the network interface
1224.Xr pfsync 4
1225should operate through.
1226It must be set accordingly if
1227.Va pfsync_enable
1228is set to
1229.Dq Li YES .
1230.It Va pfsync_syncpeer
1231.Pq Vt str
1232Empty by default.
1233This variable is optional.
1234By default, state change messages are sent out on the synchronisation
1235interface using IP multicast packets.
1236The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1237224.0.0.240.
1238When a peer address is specified using the
1239.Va pfsync_syncpeer
1240option, the peer address is used as a destination for the pfsync
1241traffic, and the traffic can then be protected using
1242.Xr ipsec 4 .
1243See the
1244.Xr pfsync 4
1245manpage for more details about using
1246.Xr ipsec 4
1247with
1248.Xr pfsync 4
1249interfaces.
1250.It Va pfsync_ifconfig
1251.Pq Vt str
1252Empty by default.
1253This variable can contain additional options to be passed to the
1254.Xr ifconfig 8
1255command used to set up
1256.Xr pfsync 4 .
1257.It Va tcp_extensions
1258.Pq Vt bool
1259Set to
1260.Dq Li YES
1261by default.
1262Setting this to
1263.Dq Li NO
1264disables certain TCP options as described by
1265.Rs
1266.%T "RFC 1323"
1267.Re
1268Setting this to
1269.Dq Li NO
1270might help remedy such problems with connections as randomly hanging
1271or other weird behavior.
1272Some network devices are known
1273to be broken with respect to these options.
1274.It Va log_in_vain
1275.Pq Vt int
1276Set to 0 by default.
1277The
1278.Xr sysctl 8
1279variables,
1280.Va net.inet.tcp.log_in_vain
1281and
1282.Va net.inet.udp.log_in_vain ,
1283as described in
1284.Xr tcp 4
1285and
1286.Xr udp 4 ,
1287are set to the given value.
1288.It Va tcp_keepalive
1289.Pq Vt bool
1290Set to
1291.Dq Li YES
1292by default.
1293Setting to
1294.Dq Li NO
1295will disable probing idle TCP connections to verify that the
1296peer is still up and reachable.
1297.It Va tcp_drop_synfin
1298.Pq Vt bool
1299Set to
1300.Dq Li NO
1301by default.
1302Setting to
1303.Dq Li YES
1304will cause the kernel to ignore TCP frames that have both
1305the SYN and FIN flags set.
1306This prevents OS fingerprinting, but may
1307break some legitimate applications.
1308.It Va icmp_drop_redirect
1309.Pq Vt bool
1310Set to
1311.Dq Li AUTO
1312by default.
1313This setting will be identical to
1314.Dq Li YES ,
1315if a dynamicrouting daemon is enabled, because redirect processing may
1316cause performance issues for large routing tables.
1317If no such service is enabled, this setting behaves like a
1318.Dq Li NO .
1319Setting to
1320.Dq Li YES
1321will cause the kernel to ignore ICMP REDIRECT packets.
1322Setting to
1323.Dq Li NO
1324will cause the kernel to process ICMP REDIRECT packets.
1325Refer to
1326.Xr icmp 4
1327for more information.
1328.It Va icmp_log_redirect
1329.Pq Vt bool
1330Set to
1331.Dq Li NO
1332by default.
1333Setting to
1334.Dq Li YES
1335will cause the kernel to log ICMP REDIRECT packets.
1336Note that
1337the log messages are not rate-limited, so this option should only be used
1338for troubleshooting networks.
1339Refer to
1340.Xr icmp 4
1341for more information.
1342.It Va icmp_bmcastecho
1343.Pq Vt bool
1344Set to
1345.Dq Li YES
1346to respond to broadcast or multicast ICMP ping packets.
1347Refer to
1348.Xr icmp 4
1349for more information.
1350.It Va ip_portrange_first
1351.Pq Vt int
1352If not set to
1353.Dq Li NO ,
1354this is the first port in the default portrange.
1355Refer to
1356.Xr ip 4
1357for more information.
1358.It Va ip_portrange_last
1359.Pq Vt int
1360If not set to
1361.Dq Li NO ,
1362this is the last port in the default portrange.
1363Refer to
1364.Xr ip 4
1365for more information.
1366.It Va network_interfaces
1367.Pq Vt str
1368Set to the list of network interfaces to configure on this host or
1369.Dq Li AUTO
1370(the default) for all current interfaces.
1371Setting the
1372.Va network_interfaces
1373variable to anything other than the default is deprecated.
1374Interfaces that the administrator wishes to store configuration for,
1375but not start at boot should be configured with the
1376.Dq Li NOAUTO
1377keyword in their
1378.Va ifconfig_ Ns Aq Ar interface
1379variables as described below.
1380.Pp
1381An
1382.Va ifconfig_ Ns Aq Ar interface
1383variable is also assumed to exist for each value of
1384.Ar interface .
1385When an interface name contains any of the characters
1386.Dq Li .-/+
1387they are translated to
1388.Dq Li _
1389before lookup.
1390The variable can contain arguments to
1391.Xr ifconfig 8 ,
1392as well as special case-insensitive keywords described below.
1393Such keywords are removed before passing the value to
1394.Xr ifconfig 8
1395while the order of the other arguments is preserved.
1396.Pp
1397It is possible to add IP alias entries using
1398.Xr ifconfig 8
1399syntax with the address family keyword such as
1400.Li inet .
1401Assuming that the interface in question was
1402.Li em0 ,
1403it might look something like this:
1404.Bd -literal
1405ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1406ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1407.Ed
1408.Pp
1409It also possible to configure multiple IP addresses in Classless
1410Inter-Domain Routing
1411.Pq CIDR
1412address notation,
1413whose each address component can be a range like
1414.Li inet 192.0.2.5-23/24
1415or
1416.Li inet6 2001:db8:1-f::1/64 .
1417This notation allows address and prefix length part only,
1418not the other address modifiers.
1419Note that the maximum number of the generated addresses from a range
1420specification is limited to an integer value specified in
1421.Va netif_ipexpand_max
1422in
1423.Nm
1424because a small typo can unexpectedly generate a large number of addresses.
1425The default value is
1426.Li 2048 .
1427It can be increased by adding the following line into
1428.Nm :
1429.Bd -literal
1430netif_ipexpand_max="4096"
1431.Ed
1432.Pp
1433In the case of
1434.Li 192.0.2.5-23/24 ,
1435the address 192.0.2.5 will be configured with the
1436netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1437the non-conflicting netmask /32 as explained in the
1438.Xr ifconfig 8
1439alias section.
1440Note that this special netmask handling is only for
1441.Li inet ,
1442not for the other address families such as
1443.Li inet6 .
1444.Pp
1445With the interface in question being
1446.Li em0 ,
1447an example could look like:
1448.Bd -literal
1449ifconfig_em0_alias2="inet 192.0.2.129/27"
1450ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1451.Ed
1452.Pp
1453and so on.
1454.Pp
1455Note that deprecated
1456.Va ipv4_addrs_ Ns Aq Ar interface
1457variable was supported for IPv4 CIDR address notation.
1458The
1459.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1460variable replaces it, though
1461.Va ipv4_addrs_ Ns Aq Ar interface
1462is still supported for backward compatibility.
1463.Pp
1464For each
1465.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1466entry with an address family keyword,
1467its contents are passed to
1468.Xr ifconfig 8 .
1469Execution stops at the first unsuccessful access, so if
1470something like this is present:
1471.Bd -literal
1472ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1473ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1474ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1475ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1476.Ed
1477.Pp
1478Then note that alias4 would
1479.Em not
1480be added since the search would
1481stop with the missing
1482.Dq Li alias3
1483entry.
1484Because of this difficult to manage behavior,
1485there is
1486.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1487variable, which has the same functionality as
1488.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1489and can have all of entries in a variable like the following:
1490.Bd -literal
1491ifconfig_em0_aliases="\\
1492	inet 127.0.0.251 netmask 0xffffffff \\
1493	inet 127.0.0.252 netmask 0xffffffff \\
1494	inet 127.0.0.253 netmask 0xffffffff \\
1495	inet 127.0.0.254 netmask 0xffffffff"
1496.Ed
1497.Pp
1498It also supports CIDR notation.
1499.Pp
1500If the
1501.Pa /etc/start_if . Ns Aq Ar interface
1502file is present, it is read and executed by the
1503.Xr sh 1
1504interpreter
1505before configuring the interface as specified in the
1506.Va ifconfig_ Ns Aq Ar interface
1507and
1508.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1509variables.
1510.Pp
1511If a
1512.Va vlans_ Ns Aq Ar interface
1513variable is set,
1514a
1515.Xr vlan 4
1516interface will be created for each item in the list with the
1517.Ar vlandev
1518argument set to
1519.Ar interface .
1520If a vlan interface's name is a number,
1521then that number is used as the vlan tag and the new vlan interface is
1522named
1523.Ar interface . Ns Ar tag .
1524Otherwise,
1525the vlan tag must be specified via a
1526.Va vlan
1527parameter in the
1528.Va create_args_ Ns Aq Ar interface
1529variable.
1530.Pp
1531To create a vlan device named
1532.Li em0.101
1533on
1534.Li em0
1535with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1536.Bd -literal
1537vlans_em0="101"
1538ifconfig_em0_101="inet 192.0.2.1/24"
1539.Ed
1540.Pp
1541To create a vlan device named
1542.Li myvlan
1543on
1544.Li em0
1545with the vlan tag 102:
1546.Bd -literal
1547vlans_em0="myvlan"
1548create_args_myvlan="vlan 102"
1549.Ed
1550.Pp
1551If a
1552.Va wlans_ Ns Aq Ar interface
1553variable is set,
1554an
1555.Xr wlan 4
1556interface will be created for each item in the list with the
1557.Ar wlandev
1558argument set to
1559.Ar interface .
1560Further wlan cloning arguments may be passed to the
1561.Xr ifconfig 8
1562.Cm create
1563command by setting the
1564.Va create_args_ Ns Aq Ar interface
1565variable.
1566One or more
1567.Xr wlan 4
1568devices must be created for each wireless devices as of
1569.Fx 8.0 .
1570Debugging flags for
1571.Xr wlan 4
1572devices as set by
1573.Xr wlandebug 8
1574may be specified with an
1575.Va wlandebug_ Ns Aq Ar interface
1576variable.
1577The contents of this variable will be passed directly to
1578.Xr wlandebug 8 .
1579.Pp
1580If the
1581.Va ifconfig_ Ns Aq Ar interface
1582contains the keyword
1583.Dq Li NOAUTO
1584then the interface will not be configured
1585at boot or by
1586.Pa /etc/pccard_ether
1587when
1588.Va network_interfaces
1589is set to
1590.Dq Li AUTO .
1591.Pp
1592It is possible to bring up an interface with DHCP by adding
1593.Dq Li DHCP
1594to the
1595.Va ifconfig_ Ns Aq Ar interface
1596variable.
1597For instance, to initialize the
1598.Li em0
1599device via DHCP,
1600it is possible to use something like:
1601.Bd -literal
1602ifconfig_em0="DHCP"
1603.Ed
1604.Pp
1605If you want to configure your wireless interface with
1606.Xr wpa_supplicant 8
1607for use with WPA, EAP/LEAP or WEP, you need to add
1608.Dq Li WPA
1609to the
1610.Va ifconfig_ Ns Aq Ar interface
1611variable.
1612.Pp
1613On the other hand, if you want to configure your wireless interface with
1614.Xr hostapd 8 ,
1615you need to add
1616.Dq Li HOSTAP
1617to the
1618.Va ifconfig_ Ns Aq Ar interface
1619variable.
1620.Xr hostapd 8
1621will use the settings from
1622.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1623.Pp
1624Finally, you can add
1625.Xr ifconfig 8
1626options in this variable, in addition to the
1627.Pa /etc/start_if . Ns Aq Ar interface
1628file.
1629For instance, to configure an
1630.Xr ath 4
1631wireless device in station mode with an address obtained
1632via DHCP, using WPA authentication and 802.11b mode, it is
1633possible to use something like:
1634.Bd -literal
1635wlans_ath0="wlan0"
1636ifconfig_wlan0="DHCP WPA mode 11b"
1637.Ed
1638.Pp
1639In addition to the
1640.Va ifconfig_ Ns Aq Ar interface
1641form, a fallback variable
1642.Va ifconfig_DEFAULT
1643may be configured.
1644It will be used for all interfaces with no
1645.Va ifconfig_ Ns Aq Ar interface
1646variable.
1647This is intended to replace the no longer supported
1648.Va pccard_ifconfig
1649variable.
1650.Pp
1651It is also possible to rename an interface by doing:
1652.Bd -literal
1653ifconfig_em0_name="net0"
1654ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1655.Ed
1656.It Va ipv6_enable
1657.Pq Vt bool
1658This variable is deprecated.
1659Use
1660.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1661and
1662.Va ipv6_activate_all_interfaces
1663if necessary.
1664.Pp
1665If the variable is
1666.Dq Li YES ,
1667.Dq Li inet6 accept_rtadv
1668is added to all of
1669.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1670and the
1671.Va ipv6_activate_all_interfaces
1672is defined as
1673.Dq Li YES .
1674.It Va ipv6_prefer
1675.Pq Vt bool
1676This variable is deprecated.
1677Use
1678.Va ip6addrctl_policy
1679instead.
1680.Pp
1681If the variable is
1682.Dq Li YES ,
1683the default address selection policy table set by
1684.Xr ip6addrctl 8
1685will be IPv6-preferred.
1686.Pp
1687If the variable is
1688.Dq Li NO ,
1689the default address selection policy table set by
1690.Xr ip6addrctl 8
1691will be IPv4-preferred.
1692.It Va ipv6_activate_all_interfaces
1693.Pq Vt bool
1694This controls initial configuration on IPv6-capable
1695interfaces with no corresponding
1696.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1697variable.
1698Note that it is not always necessary to set this variable to
1699.Dq YES
1700to use IPv6 functionality on
1701.Fx .
1702In most cases, just configuring
1703.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1704variables works.
1705.Pp
1706If the variable is
1707.Dq Li NO ,
1708all interfaces which do not have a corresponding
1709.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1710variable will be marked as
1711.Dq Li IFDISABLED
1712at creation.
1713This means that all of IPv6 functionality on that interface
1714is completely disabled to enforce a security policy.
1715If the variable is set to
1716.Dq YES ,
1717the flag will be cleared on all of the interfaces.
1718.Pp
1719In most cases, just defining an
1720.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1721for an IPv6-capable interface should be sufficient.
1722However, if an interface is added dynamically
1723.Pq by some tunneling protocols such as PPP, for example ,
1724it is often difficult to define the variable in advance.
1725In such a case, configuring the
1726.Dq Li IFDISABLED
1727flag can be disabled by setting this variable to
1728.Dq YES .
1729.Pp
1730For more details of the
1731.Dq Li IFDISABLED
1732flag and keywords
1733.Dq Li inet6 ifdisabled ,
1734see
1735.Xr ifconfig 8 .
1736.Pp
1737Default is
1738.Dq Li NO .
1739.It Va ipv6_privacy
1740.Pq Vt bool
1741If the variable is
1742.Dq Li YES
1743privacy addresses will be generated for each IPv6
1744interface as described in RFC 4941.
1745.It Va ipv6_network_interfaces
1746.Pq Vt str
1747This is the IPv6 equivalent of
1748.Va network_interfaces .
1749Normally manual configuration of this variable is not needed.
1750.It Va ipv6_cpe_wanif
1751.Pq Vt str
1752If the variable is set to an interface name,
1753the
1754.Xr ifconfig 8
1755options
1756.Dq inet6 -no_radr accept_rtadv
1757will be added to the specified interface automatically before evaluating
1758.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1759and two
1760.Xr sysctl 8
1761variables
1762.Va net.inet6.ip6.rfc6204w3
1763and
1764.Va net.inet6.ip6.no_radr
1765will be set to 1.
1766.Pp
1767This means the specified interface will accept ICMPv6 Router
1768Advertisement messages on that link and add the discovered
1769routers into the Default Router List.
1770While the other interfaces can still accept RA messages if the
1771.Dq inet6 accept_rtadv
1772option is specified, adding
1773routes into the Default Router List will be disabled by
1774.Dq inet6 no_radr
1775option by default.
1776See
1777.Xr ifconfig 8
1778for more details.
1779.Pp
1780Note that ICMPv6 Router Advertisement messages will be
1781accepted even when
1782.Va net.inet6.ip6.forwarding
1783is 1
1784.Pq packet forwarding is enabled
1785when
1786.Va net.inet6.ip6.rfc6204w3
1787is set to 1.
1788.Pp
1789Default is
1790.Dq Li NO .
1791.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1792.Pq Vt str
1793This assigns arbitrary description to an interface.
1794The
1795.Xr sysctl 8
1796variable
1797.Va net.ifdescr_maxlen
1798limits its length.
1799This static setting may be overridden by commands
1800started with dynamic interface configuration utilities
1801like
1802.Xr dhclient 8
1803hooks.
1804The description can be seen with
1805.Xr ifconfig 8
1806command and it may be exported with
1807.Xr bsnmpd 1
1808daemon using its MIB-2 module.
1809.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1810.Pq Vt str
1811IPv6 functionality on an interface should be configured by
1812.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1813instead of setting ifconfig parameters in
1814.Va ifconfig_ Ns Aq Ar interface .
1815If this variable is empty, all of IPv6 configurations on the
1816specified interface by other variables such as
1817.Va ipv6_prefix_ Ns Ao Ar interface Ac
1818will be ignored.
1819.Pp
1820Aliases should be set by
1821.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1822with
1823.Dq Li inet6
1824keyword.
1825For example:
1826.Bd -literal
1827ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1828ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1829.Ed
1830.Pp
1831Interfaces that have an
1832.Dq Li inet6 accept_rtadv
1833keyword in
1834.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1835setting will be automatically configured by SLAAC
1836.Pq StateLess Address AutoConfiguration
1837described in
1838.Rs
1839.%T "RFC 4862"
1840.Re
1841.Pp
1842Note that a link-local address will be automatically configured in
1843addition to the configured global-scope addresses because the IPv6
1844specifications require it on each link.
1845The address is calculated from the MAC address by using an algorithm
1846defined in
1847.Rs
1848.%T "RFC 4862"
1849.%O "Section 5.3"
1850.Re
1851.Pp
1852If only a link-local address is needed on the interface,
1853the following configuration can be used:
1854.Bd -literal
1855ifconfig_em0_ipv6="inet6 auto_linklocal"
1856.Ed
1857.Pp
1858A link-local address can also be configured manually.
1859This is useful for the default router address of an IPv6 router
1860so that it does not change when the network interface
1861card is replaced.
1862For example:
1863.Bd -literal
1864ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1865.Ed
1866.It Va ipv6_prefix_ Ns Aq Ar interface
1867.Pq Vt str
1868If one or more prefixes are defined in
1869.Va ipv6_prefix_ Ns Aq Ar interface
1870addresses based on each prefix and the EUI-64 interface index will be
1871configured on that interface.
1872Note that this variable will be ignored when
1873.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1874is empty.
1875.Pp
1876For example, the following configuration
1877.Bd -literal
1878ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1879.Ed
1880.Pp
1881is equivalent to the following:
1882.Bd -literal
1883ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1884ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1885ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1886ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1887.Ed
1888.Pp
1889These Subnet-Router anycast addresses will be added only when
1890.Va ipv6_gateway_enable
1891is YES.
1892.It Va ipv6_default_interface
1893.Pq Vt str
1894If not set to
1895.Dq Li NO ,
1896this is the default output interface for scoped addresses.
1897This works only with ipv6_gateway_enable="NO".
1898.It Va ip6addrctl_enable
1899.Pq Vt bool
1900This variable is to enable configuring default address selection policy table
1901.Pq RFC 3484 .
1902The table can be specified in another variable
1903.Va ip6addrctl_policy .
1904For
1905.Va ip6addrctl_policy
1906the following keywords can be specified:
1907.Dq Li ipv4_prefer ,
1908.Dq Li ipv6_prefer ,
1909or
1910.Dq Li AUTO .
1911.Pp
1912If
1913.Dq Li ipv4_prefer
1914or
1915.Dq Li ipv6_prefer
1916is specified,
1917.Xr ip6addrctl 8
1918installs a pre-defined policy table described in Section 10.3
1919.Pq IPv4-preferred
1920or 2.1
1921.Pq IPv6-preferred
1922of RFC 3484.
1923.Pp
1924If
1925.Dq Li AUTO
1926is specified, it attempts to read a file
1927.Pa /etc/ip6addrctl.conf
1928first.
1929If this file is found,
1930.Xr ip6addrctl 8
1931reads and installs it.
1932If not found, a policy is automatically set
1933according to
1934.Va ipv6_activate_all_interfaces
1935variable; if the variable is set to
1936.Dq Li YES
1937the IPv6-preferred one is used.
1938Otherwise IPv4-preferred.
1939.Pp
1940The default value of
1941.Va ip6addrctl_enable
1942and
1943.Va ip6addrctl_policy
1944are
1945.Dq Li YES
1946and
1947.Dq Li AUTO ,
1948respectively.
1949.It Va cloned_interfaces
1950.Pq Vt str
1951Set to the list of clonable network interfaces to create on this host.
1952Further cloning arguments may be passed to the
1953.Xr ifconfig 8
1954.Cm create
1955command for each interface by setting the
1956.Va create_args_ Ns Aq Ar interface
1957variable.
1958If an interface name is specified with
1959.Dq :sticky
1960keyword,
1961the interface will not be destroyed even when
1962.Pa rc.d/netif
1963script is invoked with
1964.Dq stop
1965argument.
1966This is useful when reconfiguring the interface without destroying it.
1967Entries in
1968.Va cloned_interfaces
1969are automatically appended to
1970.Va network_interfaces
1971for configuration.
1972.It Va cloned_interfaces_sticky
1973.Pq Vt bool
1974This variable is to globally enable functionality of
1975.Dq :sticky
1976keyword in
1977.Va cloned_interfaces
1978for all interfaces.
1979The default value is
1980.Dq NO .
1981Even if this variable is specified to
1982.Dq YES ,
1983.Dq :nosticky
1984keyword can be used to override it on per interface basis.
1985.It Va gif_interfaces
1986Set to the list of
1987.Xr gif 4
1988tunnel interfaces to configure on this host.
1989A
1990.Va gifconfig_ Ns Aq Ar interface
1991variable is assumed to exist for each value of
1992.Ar interface .
1993The value of this variable is used to configure the link layer of the
1994tunnel using the
1995.Cm tunnel
1996option to
1997.Xr ifconfig 8 .
1998Additionally, this option ensures that each listed interface is created
1999via the
2000.Cm create
2001option to
2002.Xr ifconfig 8
2003before attempting to configure it.
2004.Pp
2005For example, configure two
2006.Xr gif 4
2007interfaces with:
2008.Bd -literal
2009gif_interfaces="gif0 gif1"
2010gifconfig_gif0="100.64.0.1 100.64.0.2"
2011ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
2012gifconfig_gif1="inet6 2a00::1 2a01::1"
2013ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
2014.Ed
2015.It Va ppp_enable
2016.Pq Vt bool
2017If set to
2018.Dq Li YES ,
2019run the
2020.Xr ppp 8
2021daemon.
2022.It Va ppp_profile
2023.Pq Vt str
2024The name of the profile to use from
2025.Pa /etc/ppp/ppp.conf .
2026Also used for per-profile overrides of
2027.Va ppp_mode
2028and
2029.Va ppp_nat ,
2030and
2031.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
2032When the profile name contains any of the characters
2033.Dq Li .-/+
2034they are translated to
2035.Dq Li _
2036for the proposes of the override variable names.
2037.It Va ppp_mode
2038.Pq Vt str
2039Mode in which to run the
2040.Xr ppp 8
2041daemon.
2042.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
2043.Pq Vt str
2044Overrides the global
2045.Va ppp_mode
2046for
2047.Ar profile .
2048Accepted modes are
2049.Dq Li auto ,
2050.Dq Li ddial ,
2051.Dq Li direct
2052and
2053.Dq Li dedicated .
2054See the manual for a full description.
2055.It Va ppp_nat
2056.Pq Vt bool
2057If set to
2058.Dq Li YES ,
2059enables network address translation.
2060Used in conjunction with
2061.Va gateway_enable
2062allows hosts on private network addresses access to the Internet using
2063this host as a network address translating router.
2064Default is
2065.Dq Li YES .
2066.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
2067.Pq Vt str
2068Overrides the global
2069.Va ppp_nat
2070for
2071.Ar profile .
2072.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
2073.Pq Vt int
2074Set the unit number to be used for this profile.
2075See the manual description of
2076.Fl unit Ns Ar N
2077for details.
2078.It Va ppp_user
2079.Pq Vt str
2080The name of the user under which
2081.Xr ppp 8
2082should be started.
2083By
2084default,
2085.Xr ppp 8
2086is started as
2087.Dq Li root .
2088.It Va rc_conf_files
2089.Pq Vt str
2090This option is used to specify a list of files that will override
2091the settings in
2092.Pa /etc/defaults/rc.conf .
2093The files will be read in the order in which they are specified and should
2094include the full path to the file.
2095By default, the files specified are
2096.Pa /etc/rc.conf
2097and
2098.Pa /etc/rc.conf.local
2099.It Va zfs_enable
2100.Pq Vt bool
2101If set to
2102.Dq Li YES ,
2103.Pa /etc/rc.d/zfs
2104will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2105(ZVOLs).
2106.It Va zpool_reguid
2107.Pq Vt str
2108A space-separated list of ZFS pool names for which new pool GUIDs should be
2109assigned upon first boot.
2110This is useful when using a ZFS pool copied from a template, such as a virtual
2111machine image.
2112.It Va zpool_upgrade
2113.Pq Vt str
2114A space-separated list of ZFS pool names for which version should be upgraded
2115upon first boot.
2116This is useful when using a ZFS pool generated by the
2117.Xr makefs 8
2118utility.
2119.It Va gptboot_enable
2120.Pq Vt bool
2121If set to
2122.Dq Li YES ,
2123.Pa /etc/rc.d/gptboot
2124will log if the system successfully (or not) booted from a GPT partition,
2125which had the
2126.Ar bootonce
2127attribute set using
2128.Xr gpart 8
2129utility.
2130.It Va gbde_autoattach_all
2131.Pq Vt bool
2132If set to
2133.Dq Li YES ,
2134.Pa /etc/rc.d/gbde
2135will attempt to automatically initialize your .bde devices in
2136.Pa /etc/fstab .
2137.It Va gbde_devices
2138.Pq Vt str
2139List the devices that the script should try to attach,
2140or
2141.Dq Li AUTO .
2142.It Va gbde_lockdir
2143.Pq Vt str
2144The directory where the
2145.Xr gbde 4
2146lockfiles are located.
2147The default lockfile directory is
2148.Pa /etc .
2149.Pp
2150The lockfile for each individual
2151.Xr gbde 4
2152device can be overridden by setting the variable
2153.Va gbde_lock_ Ns Aq Ar device ,
2154where
2155.Ar device
2156is the encrypted device without the
2157.Dq Pa /dev/
2158and
2159.Dq Pa .bde
2160parts.
2161.It Va gbde_attach_attempts
2162.Pq Vt int
2163Number of times to attempt attaching to a
2164.Xr gbde 4
2165device, i.e., how many times the user is asked for the pass-phrase.
2166Default is 3.
2167.It Va geli_devices
2168.Pq Vt str
2169List of devices to automatically attach on boot.
2170Note that .eli devices from
2171.Pa /etc/fstab
2172are automatically appended to this list.
2173.It Va geli_groups
2174.Pq Vt str
2175List of groups containing devices to automatically attach on boot with the same
2176keyfiles and passphrase.
2177This must be accompanied with a corresponding
2178.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2179variable.
2180.It Va geli_tries
2181.Pq Vt int
2182Number of times user is asked for the pass-phrase.
2183If empty, it will be taken from
2184.Va kern.geom.eli.tries
2185sysctl variable.
2186.It Va geli_default_flags
2187.Pq Vt str
2188Default flags to use by
2189.Xr geli 8
2190when configuring disk encryption.
2191Flags can be configured for every device separately by defining the
2192.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2193variable, and for every group separately by defining the
2194.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2195variable.
2196.It Va geli_autodetach
2197.Pq Vt str
2198Specifies if GELI devices should be marked for detach on last close after
2199file systems are mounted.
2200Default is
2201.Dq Li YES .
2202This can be changed for every device separately by defining the
2203.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2204variable.
2205.It Va root_rw_mount
2206.Pq Vt bool
2207Set to
2208.Dq Li YES
2209by default.
2210After the file systems are checked at boot time, the root file system
2211is remounted as read-write if this is set to
2212.Dq Li YES .
2213Diskless systems that mount their root file system from a read-only remote
2214NFS share should set this to
2215.Dq Li NO
2216in their
2217.Pa rc.conf .
2218.It Va fsck_y_enable
2219.Pq Vt bool
2220If set to
2221.Dq Li YES ,
2222.Xr fsck 8
2223will be run with the
2224.Fl y
2225flag if the initial preen
2226of the file systems fails.
2227.It Va background_fsck
2228.Pq Vt bool
2229If set to
2230.Dq Li NO ,
2231the system will not attempt to run
2232.Xr fsck 8
2233in the background where possible.
2234.It Va background_fsck_delay
2235.Pq Vt int
2236The amount of time in seconds to sleep before starting a background
2237.Xr fsck 8 .
2238It defaults to sixty seconds to allow large applications such as
2239the X server to start before disk I/O bandwidth is monopolized by
2240.Xr fsck 8 .
2241If set to a negative number, the background file system check will be
2242delayed indefinitely to allow the administrator to run it at a more
2243convenient time.
2244For example it may be run from
2245.Xr cron 8
2246by adding a line like
2247.Pp
2248.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2249.Pp
2250to
2251.Pa /etc/crontab .
2252.It Va netfs_types
2253.Pq Vt str
2254List of file system types that are network-based.
2255This list should generally not be modified by end users.
2256Use
2257.Va extra_netfs_types
2258instead.
2259.It Va extra_netfs_types
2260.Pq Vt str
2261If set to something other than
2262.Dq Li NO
2263(the default),
2264this variable extends the list of file system types
2265for which automatic mounting at startup by
2266.Xr rc 8
2267should be delayed until the network is initialized.
2268It should contain
2269a whitespace-separated list of network file system descriptor pairs,
2270each consisting of a file system type as passed to
2271.Xr mount 8
2272and a human-readable, one-word description,
2273joined with a colon
2274.Pq Ql \&: .
2275Extending the default list in this way is only necessary
2276when third party file system types are used.
2277.It Va syslogd_enable
2278.Pq Vt bool
2279If set to
2280.Dq Li YES ,
2281run the
2282.Xr syslogd 8
2283daemon.
2284.It Va syslogd_program
2285.Pq Vt str
2286Path to
2287.Xr syslogd 8
2288(default
2289.Pa /usr/sbin/syslogd ) .
2290.It Va syslogd_flags
2291.Pq Vt str
2292If
2293.Va syslogd_enable
2294is set to
2295.Dq Li YES ,
2296these are the flags to pass to
2297.Xr syslogd 8 .
2298.It Va inetd_enable
2299.Pq Vt bool
2300If set to
2301.Dq Li YES ,
2302run the
2303.Xr inetd 8
2304daemon.
2305.It Va inetd_program
2306.Pq Vt str
2307Path to
2308.Xr inetd 8
2309(default
2310.Pa /usr/sbin/inetd ) .
2311.It Va inetd_flags
2312.Pq Vt str
2313If
2314.Va inetd_enable
2315is set to
2316.Dq Li YES ,
2317these are the flags to pass to
2318.Xr inetd 8 .
2319.It Va hastd_enable
2320.Pq Vt bool
2321If set to
2322.Dq Li YES ,
2323run the
2324.Xr hastd 8
2325daemon.
2326.It Va hastd_program
2327.Pq Vt str
2328Path to
2329.Xr hastd 8
2330(default
2331.Pa /sbin/hastd ) .
2332.It Va hastd_flags
2333.Pq Vt str
2334If
2335.Va hastd_enable
2336is set to
2337.Dq Li YES ,
2338these are the flags to pass to
2339.Xr hastd 8 .
2340.It Va local_unbound_enable
2341.Pq Vt bool
2342If set to
2343.Dq Li YES ,
2344run the
2345.Xr unbound 8
2346daemon as a local caching resolver.
2347.It Va kdc_enable
2348.Pq Vt bool
2349Set to
2350.Dq Li YES
2351to start a Kerberos 5 authentication server
2352at boot time.
2353.It Va kdc_program
2354.Pq Vt str
2355If
2356.Va kdc_enable
2357is set to
2358.Dq Li YES
2359this is the path to Kerberos 5 Authentication Server.
2360.It Va kdc_flags
2361.Pq Vt str
2362Empty by default.
2363This variable contains additional flags to be passed to the Kerberos 5
2364authentication server.
2365.It Va kadmind_enable
2366.Pq Vt bool
2367Set to
2368.Dq Li YES
2369to start
2370.Xr kadmind 8 ,
2371the Kerberos 5 Administration Daemon; set to
2372.Dq Li NO
2373on a slave server.
2374.It Va kadmind_program
2375.Pq Vt str
2376If
2377.Va kadmind_enable
2378is set to
2379.Dq Li YES
2380this is the path to Kerberos 5 Administration Daemon.
2381.It Va kpasswdd_enable
2382.Pq Vt bool
2383Set to
2384.Dq Li YES
2385to start
2386.Xr kpasswdd 8 ,
2387the Kerberos 5 Password-Changing Daemon; set to
2388.Dq Li NO
2389on a slave server.
2390.It Va kpasswdd_program
2391.Pq Vt str
2392If
2393.Va kpasswdd_enable
2394is set to
2395.Dq Li YES
2396this is the path to Kerberos 5 Password-Changing Daemon.
2397.It Va kfd_enable
2398.Pq Vt bool
2399Set to
2400.Dq Li YES
2401to start
2402.Xr kfd 8 ,
2403the Kerberos 5 ticket forwarding daemon, at the boot time.
2404.It Va kfd_program
2405.Pq Vt str
2406Path to
2407.Xr kfd 8
2408(default
2409.Pa /usr/libexec/kfd ) .
2410.It Va rwhod_enable
2411.Pq Vt bool
2412If set to
2413.Dq Li YES ,
2414run the
2415.Xr rwhod 8
2416daemon at boot time.
2417.It Va rwhod_flags
2418.Pq Vt str
2419If
2420.Va rwhod_enable
2421is set to
2422.Dq Li YES ,
2423these are the flags to pass to it.
2424.It Va update_motd
2425.Pq Vt bool
2426If set to
2427.Dq Li YES ,
2428.Pa /etc/motd
2429will be updated at boot time to reflect the kernel release
2430being run.
2431If set to
2432.Dq Li NO ,
2433.Pa /etc/motd
2434will not be updated.
2435.It Va nfs_client_enable
2436.Pq Vt bool
2437If set to
2438.Dq Li YES ,
2439run the NFS client daemons at boot time.
2440.It Va nfs_access_cache
2441.Pq Vt int
2442If
2443.Va nfs_client_enable
2444is set to
2445.Dq Li YES ,
2446this can be set to
2447.Dq Li 0
2448to disable NFS ACCESS RPC caching, or to the number of seconds for which
2449NFS ACCESS
2450results should be cached.
2451A value of 2-10 seconds will substantially reduce network
2452traffic for many NFS operations.
2453.It Va nfs_server_enable
2454.Pq Vt bool
2455If set to
2456.Dq Li YES ,
2457run the NFS server daemons at boot time.
2458.It Va nfs_server_flags
2459.Pq Vt str
2460If
2461.Va nfs_server_enable
2462is set to
2463.Dq Li YES ,
2464these are the flags to pass to the
2465.Xr nfsd 8
2466daemon.
2467.It Va nfsv4_server_enable
2468.Pq Vt bool
2469If
2470.Va nfs_server_enable
2471is set to
2472.Dq Li YES
2473and
2474.Va nfsv4_server_enable
2475is set to
2476.Dq Li YES ,
2477enable the server for NFSv4 as well as NFSv2 and NFSv3.
2478.It Va nfsv4_server_only
2479.Pq Vt bool
2480If
2481.Va nfs_server_enable
2482is set to
2483.Dq Li YES
2484and
2485.Va nfsv4_server_only
2486is set to
2487.Dq Li YES ,
2488enable the NFS server for NFSv4 only.
2489.It Va nfs_server_maxio
2490.Pq Vt int
2491value to set vfs.nfsd.srvmaxio to, which is the
2492maximum I/O size for the NFS server.
2493.It Va tlsclntd_enable
2494.Pq Vt bool
2495If set to
2496.Dq Li YES ,
2497run the
2498.Xr rpc.tlsclntd 8
2499daemon, which is needed for NFS-over-TLS NFS mounts.
2500.It Va tlsservd_enable
2501.Pq Vt bool
2502If set to
2503.Dq Li YES ,
2504run the
2505.Xr rpc.tlsservd 8
2506daemon, which is needed for the
2507.Xr nfsd 8
2508to support NFS-over-TLS NFS mounts.
2509.It Va nfsuserd_enable
2510.Pq Vt bool
2511If
2512.Va nfsuserd_enable
2513is set to
2514.Dq Li YES ,
2515run the nfsuserd daemon, which is needed for NFSv4 in order
2516to map between user/group names vs uid/gid numbers.
2517If
2518.Va nfsv4_server_enable
2519is set to
2520.Dq Li YES ,
2521this will be forced enabled.
2522.It Va nfsuserd_flags
2523.Pq Vt str
2524If
2525.Va nfsuserd_enable
2526is set to
2527.Dq Li YES ,
2528these are the flags to pass to the
2529.Xr nfsuserd 8
2530daemon.
2531.It Va nfscbd_enable
2532.Pq Vt bool
2533If
2534.Va nfscbd_enable
2535is set to
2536.Dq Li YES ,
2537run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2538.It Va nfscbd_flags
2539.Pq Vt str
2540If
2541.Va nfscbd_enable
2542is set to
2543.Dq Li YES ,
2544these are the flags to pass to the
2545.Xr nfscbd 8
2546daemon.
2547.It Va mountd_enable
2548.Pq Vt bool
2549If set to
2550.Dq Li YES ,
2551and no
2552.Va nfs_server_enable
2553is set, start
2554.Xr mountd 8 ,
2555but not
2556.Xr nfsd 8
2557daemon.
2558It is commonly needed to run CFS without real NFS used.
2559.It Va mountd_flags
2560.Pq Vt str
2561If
2562.Va mountd_enable
2563is set to
2564.Dq Li YES ,
2565these are the flags to pass to the
2566.Xr mountd 8
2567daemon.
2568.It Va weak_mountd_authentication
2569.Pq Vt bool
2570If set to
2571.Dq Li YES ,
2572allow services like PCNFSD to make non-privileged mount
2573requests.
2574.It Va nfs_reserved_port_only
2575.Pq Vt bool
2576If set to
2577.Dq Li YES ,
2578provide NFS services only on a secure port.
2579.It Va nfs_bufpackets
2580.Pq Vt int
2581If set to a number, indicates the number of packets worth of
2582socket buffer space to reserve on an NFS client.
2583The kernel default is typically 4.
2584Using a higher number may be
2585useful on gigabit networks to improve performance.
2586The minimum value is
25872 and the maximum is 64.
2588.It Va rpc_lockd_enable
2589.Pq Vt bool
2590If set to
2591.Dq Li YES
2592and also an NFS server or client, run
2593.Xr rpc.lockd 8
2594at boot time.
2595.It Va rpc_lockd_flags
2596.Pq Vt str
2597If
2598.Va rpc_lockd_enable
2599is set to
2600.Dq Li YES ,
2601these are the flags to pass to the
2602.Xr rpc.lockd 8
2603daemon.
2604.It Va rpc_statd_enable
2605.Pq Vt bool
2606If set to
2607.Dq Li YES
2608and also an NFS server or client, run
2609.Xr rpc.statd 8
2610at boot time.
2611.It Va rpc_statd_flags
2612.Pq Vt str
2613If
2614.Va rpc_statd_enable
2615is set to
2616.Dq Li YES ,
2617these are the flags to pass to the
2618.Xr rpc.statd 8
2619daemon.
2620.It Va rpcbind_program
2621.Pq Vt str
2622Path to
2623.Xr rpcbind 8
2624(default
2625.Pa /usr/sbin/rpcbind ) .
2626.It Va rpcbind_enable
2627.Pq Vt bool
2628If set to
2629.Dq Li YES ,
2630run the
2631.Xr rpcbind 8
2632service at boot time.
2633.It Va rpcbind_flags
2634.Pq Vt str
2635If
2636.Va rpcbind_enable
2637is set to
2638.Dq Li YES ,
2639these are the flags to pass to the
2640.Xr rpcbind 8
2641daemon.
2642.It Va keyserv_enable
2643.Pq Vt bool
2644If set to
2645.Dq Li YES ,
2646run the
2647.Xr keyserv 8
2648daemon on boot for running Secure RPC.
2649.It Va keyserv_flags
2650.Pq Vt str
2651If
2652.Va keyserv_enable
2653is set to
2654.Dq Li YES ,
2655these are the flags to pass to
2656.Xr keyserv 8
2657daemon.
2658.It Va pppoed_enable
2659.Pq Vt bool
2660If set to
2661.Dq Li YES ,
2662run the
2663.Xr pppoed 8
2664daemon at boot time to provide PPP over Ethernet services.
2665.It Va pppoed_ Ns Aq Ar provider
2666.Pq Vt str
2667.Xr pppoed 8
2668listens to requests to this
2669.Ar provider
2670and ultimately runs
2671.Xr ppp 8
2672with a
2673.Ar system
2674argument of the same name.
2675.It Va pppoed_flags
2676.Pq Vt str
2677Additional flags to pass to
2678.Xr pppoed 8 .
2679.It Va pppoed_interface
2680.Pq Vt str
2681The network interface to run
2682.Xr pppoed 8
2683on.
2684This is mandatory when
2685.Va pppoed_enable
2686is set to
2687.Dq Li YES .
2688.It Va ntpdate_enable
2689.Pq Vt bool
2690If set to
2691.Dq Li YES ,
2692run
2693.Xr ntpdate 8
2694at system startup.
2695This command is intended to
2696synchronize the system clock only
2697.Em once
2698from some standard reference.
2699.Pp
2700Note that the use of the
2701.Va ntpd_sync_on_start
2702variable is a preferred alternative to the
2703.Xr ntpdate 8
2704utility as
2705.Xr ntpdate 8
2706is to be retired from the NTP distribution.
2707.It Va ntpdate_config
2708.Pq Vt str
2709Configuration file for
2710.Xr ntpdate 8 .
2711Default
2712.Pa /etc/ntp.conf .
2713.It Va ntpdate_hosts
2714.Pq Vt str
2715A whitespace-separated list of NTP servers to synchronize with at startup.
2716The default is to use the servers listed in
2717.Va ntpdate_config ,
2718if that file exists.
2719.It Va ntpdate_program
2720.Pq Vt str
2721Path to
2722.Xr ntpdate 8
2723(default
2724.Pa /usr/sbin/ntpdate ) .
2725.It Va ntpdate_flags
2726.Pq Vt str
2727If
2728.Va ntpdate_enable
2729is set to
2730.Dq Li YES ,
2731these are the flags to pass to the
2732.Xr ntpdate 8
2733command (typically a hostname).
2734.It Va ntpd_enable
2735.Pq Vt bool
2736If set to
2737.Dq Li YES ,
2738run the
2739.Xr ntpd 8
2740command at boot time.
2741.It Va ntpd_program
2742.Pq Vt str
2743Path to
2744.Xr ntpd 8
2745(default
2746.Pa /usr/sbin/ntpd ) .
2747.It Va ntpd_config
2748.Pq Vt str
2749Path to
2750.Xr ntpd 8
2751configuration file.
2752Default
2753.Pa /etc/ntp.conf .
2754.It Va ntpd_flags
2755.Pq Vt str
2756If
2757.Va ntpd_enable
2758is set to
2759.Dq Li YES ,
2760these are the flags to pass to the
2761.Xr ntpd 8
2762daemon.
2763.It Va ntpd_sync_on_start
2764.Pq Vt bool
2765If set to
2766.Dq Li YES ,
2767.Xr ntpd 8
2768is run with the
2769.Fl g
2770flag, which syncs the system's clock on startup.
2771See
2772.Xr ntpd 8
2773for more information regarding the
2774.Fl g
2775option.
2776This is a preferred alternative to using
2777.Xr ntpdate 8
2778or specifying the
2779.Va ntpdate_enable
2780variable.
2781.It Va nis_client_enable
2782.Pq Vt bool
2783If set to
2784.Dq Li YES ,
2785run the
2786.Xr ypbind 8
2787service at system boot time.
2788.It Va nis_client_flags
2789.Pq Vt str
2790If
2791.Va nis_client_enable
2792is set to
2793.Dq Li YES ,
2794these are the flags to pass to the
2795.Xr ypbind 8
2796service.
2797.It Va nis_ypldap_enable
2798.Pq Vt bool
2799If set to
2800.Dq Li YES ,
2801run the
2802.Xr ypldap 8
2803daemon at system boot time.
2804.It Va nis_ypldap_flags
2805.Pq Vt str
2806If
2807.Va nis.ypldap_enable
2808is set to
2809.Dq Li YES ,
2810these are the flags to pass to the
2811.Xr ypldap 8
2812daemon.
2813.It Va nis_ypset_enable
2814.Pq Vt bool
2815If set to
2816.Dq Li YES ,
2817run the
2818.Xr ypset 8
2819daemon at system boot time.
2820.It Va nis_ypset_flags
2821.Pq Vt str
2822If
2823.Va nis_ypset_enable
2824is set to
2825.Dq Li YES ,
2826these are the flags to pass to the
2827.Xr ypset 8
2828daemon.
2829.It Va nis_server_enable
2830.Pq Vt bool
2831If set to
2832.Dq Li YES ,
2833run the
2834.Xr ypserv 8
2835daemon at system boot time.
2836.It Va nis_server_flags
2837.Pq Vt str
2838If
2839.Va nis_server_enable
2840is set to
2841.Dq Li YES ,
2842these are the flags to pass to the
2843.Xr ypserv 8
2844daemon.
2845.It Va nis_ypxfrd_enable
2846.Pq Vt bool
2847If set to
2848.Dq Li YES ,
2849run the
2850.Xr rpc.ypxfrd 8
2851daemon at system boot time.
2852.It Va nis_ypxfrd_flags
2853.Pq Vt str
2854If
2855.Va nis_ypxfrd_enable
2856is set to
2857.Dq Li YES ,
2858these are the flags to pass to the
2859.Xr rpc.ypxfrd 8
2860daemon.
2861.It Va nis_yppasswdd_enable
2862.Pq Vt bool
2863If set to
2864.Dq Li YES ,
2865run the
2866.Xr rpc.yppasswdd 8
2867daemon at system boot time.
2868.It Va nis_yppasswdd_flags
2869.Pq Vt str
2870If
2871.Va nis_yppasswdd_enable
2872is set to
2873.Dq Li YES ,
2874these are the flags to pass to the
2875.Xr rpc.yppasswdd 8
2876daemon.
2877.It Va rpc_ypupdated_enable
2878.Pq Vt bool
2879If set to
2880.Dq Li YES ,
2881run the
2882.Nm rpc.ypupdated
2883daemon at system boot time.
2884.It Va bsnmpd_enable
2885.Pq Vt bool
2886If set to
2887.Dq Li YES ,
2888run the
2889.Xr bsnmpd 1
2890daemon at system boot time.
2891Be sure to understand the security implications of running SNMP daemon
2892on your host.
2893.It Va bsnmpd_flags
2894.Pq Vt str
2895If
2896.Va bsnmpd_enable
2897is set to
2898.Dq Li YES ,
2899these are the flags to pass to the
2900.Xr bsnmpd 1
2901daemon.
2902.It Va defaultrouter
2903.Pq Vt str
2904If not set to
2905.Dq Li NO ,
2906create a default route to this host name or IP address
2907(use an IP address if this router is also required to get to the
2908name server!).
2909.It Va defaultrouter_fibN
2910.Pq Vt str
2911If not set to
2912.Dq Li NO ,
2913create a default route in FIB N to this host name or IP address.
2914.It Va ipv6_defaultrouter
2915.Pq Vt str
2916The IPv6 equivalent of
2917.Va defaultrouter .
2918.It Va ipv6_defaultrouter_fibN
2919.Pq Vt str
2920The IPv6 equivalent of
2921.Va defaultrouter_fibN .
2922.It Va static_arp_pairs
2923.Pq Vt str
2924Set to the list of static ARP pairs that are to be added at system
2925boot time.
2926For each whitespace separated
2927.Ar element
2928in the value, a
2929.Va static_arp_ Ns Aq Ar element
2930variable is assumed to exist whose contents will later be passed to a
2931.Dq Nm arp Cm -S
2932operation.
2933For example
2934.Bd -literal
2935static_arp_pairs="gw"
2936static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2937.Ed
2938.It Va static_ndp_pairs
2939.Pq Vt str
2940Set to the list of static NDP pairs that are to be added at system
2941boot time.
2942For each whitespace separated
2943.Ar element
2944in the value, a
2945.Va static_ndp_ Ns Aq Ar element
2946variable is assumed to exist whose contents will later be passed to a
2947.Dq Nm ndp Cm -s
2948operation.
2949For example
2950.Bd -literal
2951static_ndp_pairs="gw"
2952static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2953.Ed
2954.It Va static_routes
2955.Pq Vt str
2956Set to the list of static routes that are to be added at system
2957boot time.
2958If not set to
2959.Dq Li NO
2960then for each whitespace separated
2961.Ar element
2962in the value, a
2963.Va route_ Ns Aq Ar element
2964variable is assumed to exist
2965whose contents will later be passed to a
2966.Dq Nm route Cm add
2967operation.
2968For example:
2969.Bd -literal
2970static_routes="ext mcast:gif0 gif0local:gif0"
2971route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2972route_mcast="-net 224.0.0.0/4 -iface gif0"
2973route_gif0local="-host 169.254.1.1 -iface lo0"
2974.Ed
2975.Pp
2976When an
2977.Ar element
2978is in the form of
2979.Li name:ifname ,
2980the route is specific to the interface
2981.Li ifname .
2982.It Va ipv6_static_routes
2983.Pq Vt str
2984The IPv6 equivalent of
2985.Va static_routes .
2986If not set to
2987.Dq Li NO
2988then for each whitespace separated
2989.Ar element
2990in the value, a
2991.Va ipv6_route_ Ns Aq Ar element
2992variable is assumed to exist
2993whose contents will later be passed to a
2994.Dq Nm route Cm add Fl inet6
2995operation.
2996.It Va gateway_enable
2997.Pq Vt bool
2998If set to
2999.Dq Li YES ,
3000configure host to act as an IP router, e.g.\& to forward packets
3001between interfaces.
3002.It Va ipv6_gateway_enable
3003.Pq Vt bool
3004The IPv6 equivalent of
3005.Va gateway_enable .
3006.It Va routed_enable
3007.Pq Vt bool
3008If set to
3009.Dq Li YES ,
3010run a routing daemon of some sort, based on the
3011settings of
3012.Va routed_program
3013and
3014.Va routed_flags .
3015.It Va route6d_enable
3016.Pq Vt bool
3017The IPv6 equivalent of
3018.Va routed_enable .
3019If set to
3020.Dq Li YES ,
3021run a routing daemon of some sort, based on the
3022settings of
3023.Va route6d_program
3024and
3025.Va route6d_flags .
3026.It Va routed_program
3027.Pq Vt str
3028If
3029.Va routed_enable
3030is set to
3031.Dq Li YES ,
3032this is the name of the routing daemon to use.
3033.It Va route6d_program
3034.Pq Vt str
3035The IPv6 equivalent of
3036.Va routed_program .
3037.It Va routed_flags
3038.Pq Vt str
3039If
3040.Va routed_enable
3041is set to
3042.Dq Li YES ,
3043these are the flags to pass to the routing daemon.
3044.It Va route6d_flags
3045.Pq Vt str
3046The IPv6 equivalent of
3047.Va routed_flags .
3048.It Va rtadvd_enable
3049.Pq Vt bool
3050If set to
3051.Dq Li YES ,
3052run the
3053.Xr rtadvd 8
3054daemon at boot time.
3055The
3056.Xr rtadvd 8
3057utility sends ICMPv6 Router Advertisement messages to
3058the interfaces specified in
3059.Va rtadvd_interfaces .
3060This should only be enabled with great care.
3061You may want to fine-tune
3062.Xr rtadvd.conf 5 .
3063.It Va rtadvd_interfaces
3064.Pq Vt str
3065If
3066.Va rtadvd_enable
3067is set to
3068.Dq Li YES
3069this is the list of interfaces to use.
3070.It Va arpproxy_all
3071.Pq Vt bool
3072If set to
3073.Dq Li YES ,
3074enable global proxy ARP.
3075.It Va forward_sourceroute
3076.Pq Vt bool
3077If set to
3078.Dq Li YES
3079and
3080.Va gateway_enable
3081is also set to
3082.Dq Li YES ,
3083source-routed packets are forwarded.
3084.It Va accept_sourceroute
3085.Pq Vt bool
3086If set to
3087.Dq Li YES ,
3088the system will accept source-routed packets directed at it.
3089.It Va rarpd_enable
3090.Pq Vt bool
3091If set to
3092.Dq Li YES ,
3093run the
3094.Xr rarpd 8
3095daemon at system boot time.
3096.It Va rarpd_flags
3097.Pq Vt str
3098If
3099.Va rarpd_enable
3100is set to
3101.Dq Li YES ,
3102these are the flags to pass to the
3103.Xr rarpd 8
3104daemon.
3105.It Va bootparamd_enable
3106.Pq Vt bool
3107If set to
3108.Dq Li YES ,
3109run the
3110.Xr bootparamd 8
3111daemon at system boot time.
3112.It Va bootparamd_flags
3113.Pq Vt str
3114If
3115.Va bootparamd_enable
3116is set to
3117.Dq Li YES ,
3118these are the flags to pass to the
3119.Xr bootparamd 8
3120daemon.
3121.It Va stf_interface_ipv4addr
3122.Pq Vt str
3123If not set to
3124.Dq Li NO ,
3125this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3126interface).
3127Specify this entry to enable the 6to4 interface.
3128.It Va stf_interface_ipv4plen
3129.Pq Vt int
3130Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3131An effective value is 0-31.
3132.It Va stf_interface_ipv6_ifid
3133.Pq Vt str
3134IPv6 interface ID for
3135.Xr stf 4 .
3136This can be set to
3137.Dq Li AUTO .
3138.It Va stf_interface_ipv6_slaid
3139.Pq Vt str
3140IPv6 Site Level Aggregator for
3141.Xr stf 4 .
3142.It Va ipv6_ipv4mapping
3143.Pq Vt bool
3144If set to
3145.Dq Li YES
3146this enables IPv4 mapped IPv6 address communication (like
3147.Li ::ffff:a.b.c.d ) .
3148.It Va rtsold_enable
3149.Pq Vt bool
3150Set to
3151.Dq Li YES
3152to enable the
3153.Xr rtsold 8
3154daemon to send ICMPv6 Router Solicitation messages.
3155.It Va rtsold_flags
3156.Pq Vt str
3157If
3158.Va rtsold_enable
3159is set to
3160.Dq Li YES ,
3161these are the flags to pass to
3162.Xr rtsold 8 .
3163.It Va rtsol_flags
3164.Pq Vt str
3165For interfaces configured with the
3166.Dq Li inet6 accept_rtadv
3167keyword, these are the flags to pass to
3168.Xr rtsol 8 .
3169.Pp
3170Note that
3171.Va rtsold_enable
3172is mutually exclusive to
3173.Va rtsol_flags ;
3174.Va rtsold_enable
3175takes precedence.
3176.It Va keybell
3177.Pq Vt str
3178The keyboard bell sound.
3179Set to
3180.Dq Li normal ,
3181.Dq Li visual ,
3182.Dq Li off ,
3183or
3184.Dq Li NO
3185if the default behavior is desired.
3186For details, refer to the
3187.Xr kbdcontrol 1
3188manpage.
3189.It Va keyboard
3190.Pq Vt str
3191If set to a non-null string, the virtual console's keyboard input is
3192set to this device.
3193.It Va keymap
3194.Pq Vt str
3195If set to
3196.Dq Li NO ,
3197no keymap is installed, otherwise the value is used to install
3198the keymap file found in
3199.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3200(if using
3201.Xr syscons 4 ) or
3202.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3203(if using
3204.Xr vt 4 ) .
3205.It Va keyrate
3206.Pq Vt str
3207The keyboard repeat speed.
3208Set to
3209.Dq Li slow ,
3210.Dq Li normal ,
3211.Dq Li fast ,
3212or
3213.Dq Li NO
3214if the default behavior is desired.
3215.It Va keychange
3216.Pq Vt str
3217If not set to
3218.Dq Li NO ,
3219attempt to program the function keys with the value.
3220The value should
3221be a single string of the form:
3222.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3223.It Va cursor
3224.Pq Vt str
3225Can be set to the value of
3226.Dq Li normal ,
3227.Dq Li blink ,
3228.Dq Li destructive ,
3229or
3230.Dq Li NO
3231to set the cursor behavior explicitly or choose the default behavior.
3232.It Va scrnmap
3233.Pq Vt str
3234If set to
3235.Dq Li NO ,
3236no screen map is installed, otherwise the value is used to install
3237the screen map file in
3238.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3239This parameter is ignored when using
3240.Xr vt 4
3241as the console driver.
3242.It Va font8x16
3243.Pq Vt str
3244If set to
3245.Dq Li NO ,
3246the default 8x16 font value is used for screen size requests, otherwise
3247the value in
3248.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3249or
3250.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3251is used (depending on the console driver being used).
3252.It Va font8x14
3253.Pq Vt str
3254If set to
3255.Dq Li NO ,
3256the default 8x14 font value is used for screen size requests, otherwise
3257the value in
3258.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3259or
3260.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3261is used (depending on the console driver being used).
3262.It Va font8x8
3263.Pq Vt str
3264If set to
3265.Dq Li NO ,
3266the default 8x8 font value is used for screen size requests, otherwise
3267the value in
3268.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3269or
3270.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3271is used (depending on the console driver being used).
3272.It Va blanktime
3273.Pq Vt int
3274If set to
3275.Dq Li NO ,
3276the default screen blanking interval is used, otherwise it is set
3277to
3278.Ar value
3279seconds.
3280.It Va saver
3281.Pq Vt str
3282If not set to
3283.Dq Li NO ,
3284this is the actual screen saver to use
3285.Li ( blank , snake , daemon ,
3286etc).
3287.It Va moused_nondefault_enable
3288.Pq Vt str
3289If set to
3290.Dq Li NO ,
3291the mouse device specified on
3292the command line is not automatically treated as enabled by the
3293.Pa /etc/rc.d/moused
3294script.
3295Having this variable set to
3296.Dq Li YES
3297allows a
3298.Xr usb 4
3299mouse,
3300for example,
3301to be enabled as soon as it is plugged in.
3302.It Va moused_enable
3303.Pq Vt str
3304If set to
3305.Dq Li YES ,
3306the
3307.Xr moused 8
3308daemon is started for doing cut/paste selection on the console.
3309.It Va moused_type
3310.Pq Vt str
3311This is the protocol type of the mouse connected to this host.
3312This variable must be set if
3313.Va moused_enable
3314is set to
3315.Dq Li YES .
3316The
3317.Xr moused 8
3318daemon
3319is able to detect the appropriate mouse type automatically in many cases.
3320Set this variable to
3321.Dq Li auto
3322to let the daemon detect it, or
3323select one from the following list if the automatic detection fails.
3324.Pp
3325If the mouse is attached to the PS/2 mouse port, choose
3326.Dq Li auto
3327or
3328.Dq Li ps/2 ,
3329regardless of the brand and model of the mouse.
3330Likewise, if the
3331mouse is attached to the bus mouse port, choose
3332.Dq Li auto
3333or
3334.Dq Li busmouse .
3335All other protocols are for serial mice and will not work with
3336the PS/2 and bus mice.
3337If this is a USB mouse,
3338.Dq Li auto
3339is the only protocol type which will work.
3340.Pp
3341.Bl -tag -width ".Li x10mouseremote" -compact
3342.It Li microsoft
3343Microsoft mouse (serial)
3344.It Li intellimouse
3345Microsoft IntelliMouse (serial)
3346.It Li mousesystems
3347Mouse systems Corp.\& mouse (serial)
3348.It Li mmseries
3349MM Series mouse (serial)
3350.It Li logitech
3351Logitech mouse (serial)
3352.It Li busmouse
3353A bus mouse
3354.It Li mouseman
3355Logitech MouseMan and TrackMan (serial)
3356.It Li glidepoint
3357ALPS GlidePoint (serial)
3358.It Li thinkingmouse
3359Kensington ThinkingMouse (serial)
3360.It Li ps/2
3361PS/2 mouse
3362.It Li mmhittab
3363MM HitTablet (serial)
3364.It Li x10mouseremote
3365X10 MouseRemote (serial)
3366.It Li versapad
3367Interlink VersaPad (serial)
3368.El
3369.Pp
3370Even if the mouse is not in the above list, it may be compatible
3371with one in the list.
3372Refer to the manual page for
3373.Xr moused 8
3374for compatibility information.
3375.Pp
3376It should also be noted that while this is enabled, any
3377other client of the mouse (such as an X server) should access
3378the mouse through the virtual mouse device,
3379.Pa /dev/sysmouse ,
3380and configure it as a
3381.Dq Li sysmouse
3382type mouse, since all
3383mouse data is converted to this single canonical format when
3384using
3385.Xr moused 8 .
3386If the client program does not support the
3387.Dq Li sysmouse
3388type,
3389specify the
3390.Dq Li mousesystems
3391type.
3392It is the second preferred type.
3393.It Va moused_port
3394.Pq Vt str
3395If
3396.Va moused_enable
3397is set to
3398.Dq Li YES ,
3399this is the actual port the mouse is on.
3400It might be
3401.Pa /dev/cuau0
3402for a COM1 serial mouse, or
3403.Pa /dev/psm0
3404for a PS/2 mouse, for example.
3405.It Va moused_flags
3406.Pq Vt str
3407If
3408.Va moused_flags
3409is set, its value is used as an additional set of flags to pass to the
3410.Xr moused 8
3411daemon.
3412.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3413When
3414.Va moused_nondefault_enable
3415is enabled, and a
3416.Xr moused 8
3417daemon is started for a non-default port, the
3418.Va "moused_" Ns Ar XXX Ns Va "_flags"
3419set of options has precedence over and replaces the default
3420.Va moused_flags
3421(where
3422.Ar XXX
3423is the name of the non-default port, i.e.,\&
3424.Ar ums0 ) .
3425By setting
3426.Va "moused_" Ns Ar XXX Ns Va "_flags"
3427it is possible to set up a different set of default flags for each
3428.Xr moused 8
3429instance.
3430For example, you can use
3431.Dq Li "-3"
3432for the default
3433.Va moused_flags
3434to make your laptop's touchpad more comfortable to use,
3435but an empty set of options for
3436.Va moused_ums0_flags
3437when your
3438.Xr usb 4
3439mouse has three or more buttons.
3440.It Va mousechar_start
3441.Pq Vt int
3442If set to
3443.Dq Li NO ,
3444the default mouse cursor character range
3445.Li 0xd0 Ns - Ns Li 0xd3
3446is used,
3447otherwise the range start is set
3448to
3449.Ar value
3450character, see
3451.Xr vidcontrol 1 .
3452Use if the default range is occupied in the language code table.
3453.It Va allscreens_flags
3454.Pq Vt str
3455If set,
3456.Xr vidcontrol 1
3457is run with these options for each of the virtual terminals
3458.Pq Pa /dev/ttyv* .
3459For example,
3460.Dq Fl m Cm on
3461will enable the mouse pointer on all virtual terminals
3462if
3463.Va moused_enable
3464is set to
3465.Dq Li YES .
3466.It Va allscreens_kbdflags
3467.Pq Vt str
3468If set,
3469.Xr kbdcontrol 1
3470is run with these options for each of the virtual terminals
3471.Pq Pa /dev/ttyv* .
3472For example,
3473.Dq Fl h Li 200
3474will set the
3475.Xr syscons 4
3476or
3477.Xr vt 4
3478scrollback (history) buffer to 200 lines.
3479.It Va cron_enable
3480.Pq Vt bool
3481If set to
3482.Dq Li YES ,
3483run the
3484.Xr cron 8
3485daemon at system boot time.
3486.It Va cron_program
3487.Pq Vt str
3488Path to
3489.Xr cron 8
3490(default
3491.Pa /usr/sbin/cron ) .
3492.It Va cron_flags
3493.Pq Vt str
3494If
3495.Va cron_enable
3496is set to
3497.Dq Li YES ,
3498these are the flags to pass to
3499.Xr cron 8 .
3500.It Va cron_dst
3501.Pq Vt bool
3502If set to
3503.Dq Li YES ,
3504enable the special handling of transitions to and from the
3505Daylight Saving Time in
3506.Xr cron 8
3507(equivalent to using the flag
3508.Fl s ) .
3509.It Va lpd_program
3510.Pq Vt str
3511Path to
3512.Xr lpd 8
3513(default
3514.Pa /usr/sbin/lpd ) .
3515.It Va lpd_enable
3516.Pq Vt bool
3517If set to
3518.Dq Li YES ,
3519run the
3520.Xr lpd 8
3521daemon at system boot time.
3522.It Va lpd_flags
3523.Pq Vt str
3524If
3525.Va lpd_enable
3526is set to
3527.Dq Li YES ,
3528these are the flags to pass to the
3529.Xr lpd 8
3530daemon.
3531.It Va chkprintcap_enable
3532.Pq Vt bool
3533If set to
3534.Dq Li YES ,
3535run the
3536.Xr chkprintcap 8
3537command before starting the
3538.Xr lpd 8
3539daemon.
3540.It Va chkprintcap_flags
3541.Pq Vt str
3542If
3543.Va lpd_enable
3544and
3545.Va chkprintcap_enable
3546are set to
3547.Dq Li YES ,
3548these are the flags to pass to the
3549.Xr chkprintcap 8
3550program.
3551The default is
3552.Dq Li -d ,
3553which causes missing directories to be created.
3554.It Va dumpdev
3555.Pq Vt str
3556Indicates the device (usually a swap partition) to which a crash dump
3557should be written in the event of a system crash.
3558If the value of this variable is
3559.Dq Li AUTO ,
3560the first suitable swap device listed in
3561.Pa /etc/fstab
3562will be used as dump device.
3563Otherwise, the value of this variable is passed as the argument to
3564.Xr dumpon 8
3565and
3566.Xr savecore 8 .
3567To disable crash dumps, set this variable to
3568.Dq Li NO .
3569.It Va dumpon_flags
3570.Pq Vt str
3571Flags to pass to
3572.Xr dumpon 8
3573when configuring
3574.Va dumpdev
3575as the system dump device.
3576.It Va dumpdir
3577.Pq Vt str
3578When the system reboots after a crash and a crash dump is found on the
3579device specified by the
3580.Va dumpdev
3581variable,
3582.Xr savecore 8
3583will save that crash dump and a copy of the kernel to the directory
3584specified by the
3585.Va dumpdir
3586variable.
3587The default value is
3588.Pa /var/crash .
3589Set to
3590.Dq Li NO
3591to not run
3592.Xr savecore 8
3593at boot time when
3594.Va dumpdir
3595is set.
3596.It Va savecore_enable
3597.Pq Vt bool
3598If set to
3599.Dq Li NO ,
3600disable automatic extraction of the crash dump from the
3601.Va dumpdev .
3602.It Va savecore_flags
3603.Pq Vt str
3604If crash dumps are enabled, these are the flags to pass to the
3605.Xr savecore 8
3606utility.
3607.It Va quota_enable
3608.Pq Vt bool
3609Set to
3610.Dq Li YES
3611to turn on user and group disk quotas on system startup via the
3612.Xr quotaon 8
3613command for all file systems marked as having quotas enabled in
3614.Pa /etc/fstab .
3615The kernel must be built with
3616.Cd "options QUOTA"
3617for disk quotas to function.
3618.It Va check_quotas
3619.Pq Vt bool
3620Set to
3621.Dq Li YES
3622to enable user and group disk quota checking via the
3623.Xr quotacheck 8
3624command.
3625.It Va quotacheck_flags
3626.Pq Vt str
3627If
3628.Va quota_enable
3629is set to
3630.Dq Li YES ,
3631and
3632.Va check_quotas
3633is set to
3634.Dq Li YES ,
3635these are the flags to pass to the
3636.Xr quotacheck 8
3637utility.
3638The default is
3639.Dq Li "-a" ,
3640which checks quotas for all file systems with quotas enabled in
3641.Pa /etc/fstab .
3642.It Va quotaon_flags
3643.Pq Vt str
3644If
3645.Va quota_enable
3646is set to
3647.Dq Li YES ,
3648these are the flags to pass to the
3649.Xr quotaon 8
3650utility.
3651The default is
3652.Dq Li "-a" ,
3653which enables quotas for all file systems with quotas enabled in
3654.Pa /etc/fstab .
3655.It Va quotaoff_flags
3656.Pq Vt str
3657If
3658.Va quota_enable
3659is set to
3660.Dq Li YES ,
3661these are the flags to pass to the
3662.Xr quotaoff 8
3663utility when shutting down the quota system.
3664The default is
3665.Dq Li "-a" ,
3666which disables quotas for all file systems with quotas enabled in
3667.Pa /etc/fstab .
3668.It Va accounting_enable
3669.Pq Vt bool
3670Set to
3671.Dq Li YES
3672to enable system accounting through the
3673.Xr accton 8
3674facility.
3675.It Va firstboot_sentinel
3676.Pq Vt str
3677This variable specifies the full path to a
3678.Dq first boot
3679sentinel file.
3680If a file exists with this path,
3681.Pa rc.d
3682scripts with the
3683.Dq firstboot
3684keyword will be run on startup and the sentinel file will be deleted
3685after the boot process completes.
3686The sentinel file must be located on a writable file system which is
3687mounted no later than
3688.Va early_late_divider
3689to function properly.
3690The default is
3691.Pa /firstboot .
3692.It Va linux_enable
3693.Pq Vt bool
3694Set to
3695.Dq Li YES
3696to enable Linux/ELF binary emulation at system initial
3697boot time.
3698.It Va sysvipc_enable
3699.Pq Vt bool
3700If set to
3701.Dq Li YES ,
3702load System V IPC primitives at boot time.
3703.It Va clear_tmp_enable
3704.Pq Vt bool
3705Set to
3706.Dq Li YES
3707to have
3708.Pa /tmp
3709cleaned at startup.
3710.It Va clear_tmp_X
3711.Pq Vt bool
3712Set to
3713.Dq Li NO
3714to disable removing of X11 lock files,
3715and the removal and (secure) recreation
3716of the various socket directories for X11
3717related programs.
3718.It Va ldconfig_paths
3719.Pq Vt str
3720Set to the list of shared library paths to use with
3721.Xr ldconfig 8 .
3722NOTE:
3723.Pa /lib
3724and
3725.Pa /usr/lib
3726will always be added first, so they need not appear in this list.
3727.It Va ldconfig32_paths
3728.Pq Vt str
3729Set to the list of 32-bit compatibility shared library paths to
3730use with
3731.Xr ldconfig 8 .
3732.It Va ldconfig_insecure
3733.Pq Vt bool
3734The
3735.Xr ldconfig 8
3736utility normally refuses to use directories
3737which are writable by anyone except root.
3738Set this variable to
3739.Dq Li YES
3740to disable that security check during system startup.
3741.It Va ldconfig_local_dirs
3742.Pq Vt str
3743Set to the list of local
3744.Xr ldconfig 8
3745directories.
3746The names of all files in the directories listed will be
3747passed as arguments to
3748.Xr ldconfig 8 .
3749.It Va ldconfig_local32_dirs
3750.Pq Vt str
3751Set to the list of local 32-bit compatibility
3752.Xr ldconfig 8
3753directories.
3754The names of all files in the directories listed will be
3755passed as arguments to
3756.Dq Nm ldconfig Fl 32 .
3757.It Va kern_securelevel_enable
3758.Pq Vt bool
3759Set to
3760.Dq Li YES
3761to set the kernel security level at system startup.
3762.It Va kern_securelevel
3763.Pq Vt int
3764The kernel security level to set at startup.
3765The allowed range of
3766.Ar value
3767ranges from \-1 (the compile time default) to 3 (the
3768most secure).
3769See
3770.Xr security 7
3771for the list of possible security levels and their effect
3772on system operation.
3773.It Va sshd_program
3774.Pq Vt str
3775Path to the SSH server program
3776.Pa ( /usr/sbin/sshd
3777is the default).
3778.It Va sshd_enable
3779.Pq Vt bool
3780Set to
3781.Dq Li YES
3782to start
3783.Xr sshd 8
3784at system boot time.
3785.It Va sshd_flags
3786.Pq Vt str
3787If
3788.Va sshd_enable
3789is set to
3790.Dq Li YES ,
3791these are the flags to pass to the
3792.Xr sshd 8
3793daemon.
3794.It Va ftpd_program
3795.Pq Vt str
3796Path to the FTP server program
3797.Pa ( /usr/libexec/ftpd
3798is the default).
3799.It Va ftpd_enable
3800.Pq Vt bool
3801Set to
3802.Dq Li YES
3803to start
3804.Xr ftpd 8
3805as a stand-alone daemon at system boot time.
3806.It Va ftpd_flags
3807.Pq Vt str
3808If
3809.Va ftpd_enable
3810is set to
3811.Dq Li YES ,
3812these are the additional flags to pass to the
3813.Xr ftpd 8
3814daemon.
3815.It Va watchdogd_enable
3816.Pq Vt bool
3817If set to
3818.Dq Li YES ,
3819start the
3820.Xr watchdogd 8
3821daemon at boot time.
3822This requires that the kernel have been compiled with a
3823.Xr watchdog 4
3824compatible device.
3825.It Va watchdogd_flags
3826.Pq Vt str
3827If
3828.Va watchdogd_enable
3829is set to
3830.Dq Li YES ,
3831these are the flags passed to the
3832.Xr watchdogd 8
3833daemon.
3834.It Va watchdogd_timeout
3835.Pq Vt int
3836If
3837.Va watchdogd_enable
3838is set to
3839.Dq Li YES ,
3840this is a timeout that will be used by the
3841.Xr watchdogd 8
3842daemon.
3843If this option is set, it overrides
3844.Fl t
3845in
3846.Va watchdogd_flags .
3847.It Va watchdogd_shutdown_timeout
3848.Pq Vt int
3849If
3850.Va watchdogd_enable
3851is set to
3852.Dq Li YES ,
3853this is a timeout that will be set by the
3854.Xr watchdogd 8
3855daemon when it exits during the system shutdown.
3856This timeout will not be set when returning to the single-user mode
3857or when the watchdogd service is stopped individually using the
3858.Xr service 8
3859command or the rc.d script.
3860Note that the timeout will be applied if
3861.Xr watchdogd 8
3862is stopped outside of
3863.Xr rc 8
3864framework.
3865If this option is set, it overrides
3866.Fl x
3867in
3868.Va watchdogd_flags .
3869.It Va devfs_rulesets
3870.Pq Vt str
3871List of files containing sets of rules for
3872.Xr devfs 8 .
3873.It Va devfs_system_ruleset
3874.Pq Vt str
3875Rule name(s) to apply to the system
3876.Pa /dev
3877itself.
3878.It Va devfs_set_rulesets
3879.Pq Vt str
3880Pairs of already-mounted
3881.Pa dev
3882directories and rulesets that should be applied to them.
3883For example: /mount/dev=ruleset_name
3884.It Va devfs_load_rulesets
3885.Pq Vt bool
3886If set, always load the default rulesets listed in
3887.Va devfs_rulesets .
3888.It Va performance_cx_lowest
3889.Pq Vt str
3890CPU idle state to use while on AC power.
3891The string
3892.Dq Li LOW
3893indicates that
3894.Xr acpi 4
3895should use the lowest power state available while
3896.Dq Li HIGH
3897indicates that the lowest latency state (less power savings) should be used.
3898.It Va performance_cpu_freq
3899.Pq Vt str
3900CPU clock frequency to use while on AC power.
3901The string
3902.Dq Li LOW
3903indicates that
3904.Xr cpufreq 4
3905should use the lowest frequency available while
3906.Dq Li HIGH
3907indicates that the highest frequency (less power savings) should be used.
3908.It Va economy_cx_lowest
3909.Pq Vt str
3910CPU idle state to use when off AC power.
3911The string
3912.Dq Li LOW
3913indicates that
3914.Xr acpi 4
3915should use the lowest power state available while
3916.Dq Li HIGH
3917indicates that the lowest latency state (less power savings) should be used.
3918.It Va economy_cpu_freq
3919.Pq Vt str
3920CPU clock frequency to use when off AC power.
3921The string
3922.Dq Li LOW
3923indicates that
3924.Xr cpufreq 4
3925should use the lowest frequency available while
3926.Dq Li HIGH
3927indicates that the highest frequency (less power savings) should be used.
3928.It Va jail_enable
3929.Pq Vt bool
3930If set to
3931.Dq Li NO ,
3932any configured jails will not be started.
3933.It Va jail_conf
3934.Pq Vt str
3935The configuration filename used by
3936.Xr jail 8
3937utility.
3938The default value is
3939.Pa /etc/jail.conf .
3940.Pa /etc/jail.  Ns Ao Ar jname Ac Ns Va .conf
3941and
3942.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf
3943will also be used if
3944.Va Ao Ar jname Ac Va
3945is set in
3946.Va jail_list .
3947.It Va jail_parallel_start
3948.Pq Vt bool
3949If set to
3950.Dq Li YES ,
3951all configured jails will be started in the background (in parallel).
3952.It Va jail_flags
3953.Pq Vt str
3954Unset by default.
3955When set, use as default value for
3956.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3957for every jail in
3958.Va jail_list .
3959.It Va jail_list
3960.Pq Vt str
3961A space-delimited list of jail names.
3962When left empty, all of the
3963.Xr jail 8
3964instances defined in the configuration file are started.
3965The names specified in this list control the jail startup order.
3966.Xr jail 8
3967instances missing from
3968.Va jail_list
3969must be started manually.
3970Note that a jail's
3971.Va depend
3972parameter in the configuration file may override this list.
3973.It Va jail_reverse_stop
3974.Pq Vt bool
3975When set to
3976.Dq Li YES ,
3977all configured jails in
3978.Va jail_list
3979are stopped in reverse order.
3980.It Va jail_ Ns * variables
3981Note that older releases supported per-jail configuration via
3982.Nm
3983variables.
3984For example,
3985hostname of a jail named
3986.Li vjail
3987was able to be set by
3988.Li jail_vjail_hostname .
3989These per-jail configuration variables are now obsolete in favor of
3990.Xr jail 8
3991configuration file.
3992For backward compatibility,
3993when per-jail configuration variables are defined,
3994.Xr jail 8
3995configuration files are created as
3996.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf
3997and used.
3998.Pp
3999The following per-jail parameters are handled by
4000.Pa rc.d/jail
4001script out of their corresponding
4002.Nm
4003variables.
4004In addition to them, parameters in
4005.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
4006will be added to the configuration file.
4007They must be a semi-colon
4008.Pq Ql \&;
4009delimited list of
4010.Dq key=value .
4011For more details,
4012see
4013.Xr jail 8
4014manual page.
4015.Bl  -tag -width "host.hostname" -offset indent
4016.It Li path
4017set from
4018.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
4019.It Li host.hostname
4020set from
4021.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
4022.It Li exec.consolelog
4023set from
4024.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
4025The default value is
4026.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log .
4027.It Li interface
4028set from
4029.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
4030.It Li vnet.interface
4031set from
4032.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
4033This implies
4034.Li vnet
4035parameter will be enabled and cannot be specified with
4036.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
4037.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4038and/or
4039.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4040at the same time.
4041.It Li fstab
4042set from
4043.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
4044.It Li mount
4045set from
4046.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
4047.It Li exec.fib
4048set from
4049.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
4050.It Li exec.start
4051set from
4052.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
4053The parameter name was
4054.Li command
4055in some older releases.
4056.It Li exec.prestart
4057set from
4058.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
4059.It Li exec.poststart
4060set from
4061.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
4062.It Li exec.stop
4063set from
4064.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4065.It Li exec.prestop
4066set from
4067.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
4068.It Li exec.poststop
4069set from
4070.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
4071.It Li ip4.addr
4072set if
4073.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4074or
4075.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4076contain IPv4 addresses
4077.It Li ip6.addr
4078set if
4079.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4080or
4081.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4082contain IPv6 addresses
4083.It Li allow.mount
4084set from
4085.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4086.It Li mount.devfs
4087set from
4088.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4089.It Li devfs_ruleset
4090set from
4091.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4092This must be an integer,
4093not a string.
4094.It Li mount.fdescfs
4095set from
4096.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4097.It Li allow.set_hostname
4098set from
4099.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4100.It Li allow.rawsocket
4101set from
4102.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4103.It Li allow.sysvipc
4104set from
4105.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4106.El
4107.\" -----------------------------------------------------
4108.It Va harvest_mask
4109.Pq Vt int
4110Set to a bit-mask
4111representing the entropy sources
4112you wish to harvest.
4113Refer to
4114.Xr random 4
4115for more information.
4116.It Va entropy_dir
4117.Pq Vt str
4118Set to
4119.Dq Li NO
4120to disable caching entropy via
4121.Xr cron 8 .
4122Otherwise set to the directory
4123in which the entropy files are stored.
4124To be useful,
4125there must be
4126a system cron job
4127that regularly writes and rotates
4128files here.
4129All files found
4130will be used at boot time.
4131The default is
4132.Pa /var/db/entropy .
4133.It Va entropy_file
4134.Pq Vt str
4135Set to
4136.Dq Li NO
4137to disable caching entropy through reboots.
4138Otherwise set to the name
4139of a file used to store cached entropy.
4140This file should be located
4141on a file system that is readable
4142before all the volumes specified in
4143.Xr fstab 5
4144are mounted.
4145By default,
4146.Pa /entropy
4147is used,
4148but if
4149.Pa /var/db/entropy-file
4150is found it will also be used.
4151This will be of some use to
4152.Xr bsdinstall 8 .
4153.It Va entropy_boot_file
4154.Pq Vt str
4155Set to
4156.Dq Li NO
4157to disable
4158very early caching entropy
4159through reboots.
4160Otherwise set to the filename
4161used to read
4162very early reboot cached entropy.
4163This file should be located where
4164.Xr loader 8
4165can read it.
4166See also
4167.Xr loader.conf 5 .
4168The default location is
4169.Pa /boot/entropy .
4170.It Va entropy_save_sz
4171.Pq Vt int
4172Size of the entropy cache files saved by
4173.Nm save-entropy
4174periodically.
4175.It Va entropy_save_num
4176.Pq Vt int
4177Number of entropy cache files to save by
4178.Nm save-entropy
4179periodically.
4180.It Va ipsec_enable
4181.Pq Vt bool
4182Set to
4183.Dq Li YES
4184to run
4185.Xr setkey 8
4186on
4187.Va ipsec_file
4188at boot time.
4189.It Va ipsec_file
4190.Pq Vt str
4191Configuration file for
4192.Xr setkey 8 .
4193.It Va dmesg_enable
4194.Pq Vt bool
4195Set to
4196.Dq Li YES
4197to save
4198.Xr dmesg 8
4199to
4200.Pa /var/run/dmesg.boot
4201on boot.
4202.It Va rcshutdown_timeout
4203.Pq Vt int
4204If set, start a watchdog timer in the background which will terminate
4205.Pa rc.shutdown
4206if
4207.Xr shutdown 8
4208has not completed within the specified time (in seconds).
4209Notice that in addition to this soft timeout,
4210.Xr init 8
4211also applies a hard timeout for the execution of
4212.Pa rc.shutdown .
4213This is configured via
4214.Xr sysctl 8
4215variable
4216.Va kern.init_shutdown_timeout
4217and defaults to 120 seconds.
4218Setting the value of
4219.Va rcshutdown_timeout
4220to more than 120 seconds will have no effect until the
4221.Xr sysctl 8
4222variable
4223.Va kern.init_shutdown_timeout
4224is also increased.
4225.It Va virecover_enable
4226.Pq Vt bool
4227Set to
4228.Dq Li NO
4229to prevent the system from trying to
4230recover pre-maturely terminated
4231.Xr vi 1
4232sessions.
4233.It Va ugidfw_enable
4234.Pq Vt bool
4235Set to
4236.Dq Li YES
4237to load the
4238.Xr mac_bsdextended 4
4239module upon system initialization and load a default
4240ruleset file.
4241.It Va bsdextended_script
4242.Pq Vt str
4243The default
4244.Xr mac_bsdextended 4
4245ruleset file to load.
4246The default value of this variable is
4247.Pa /etc/rc.bsdextended .
4248.It Va newsyslog_enable
4249.Pq Vt bool
4250If set to
4251.Dq Li YES ,
4252run
4253.Xr newsyslog 8
4254command at startup.
4255.It Va newsyslog_flags
4256.Pq Vt str
4257If
4258.Va newsyslog_enable
4259is set to
4260.Dq Li YES ,
4261these are the flags to pass to the
4262.Xr newsyslog 8
4263program.
4264The default is
4265.Dq Li -CN ,
4266which causes log files flagged with a
4267.Cm C
4268to be created.
4269.It Va mdconfig_md Ns Aq Ar X
4270.Pq Vt str
4271Arguments to
4272.Xr mdconfig 8
4273for
4274.Xr md 4
4275device
4276.Ar X .
4277At minimum a
4278.Fl t Ar type
4279must be specified and either a
4280.Fl s Ar size
4281for malloc or swap backed
4282.Xr md 4
4283devices or a
4284.Fl f Ar file
4285for vnode backed
4286.Xr md 4
4287devices.
4288Note that
4289.Va mdconfig_md Ns Aq Ar X
4290variables are evaluated until one variable is unset or null.
4291.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4292.Pq Vt str
4293Optional arguments passed to
4294.Xr newfs 8
4295to initialize
4296.Xr md 4
4297device
4298.Ar X .
4299.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4300.Pq Vt str
4301An ownership specification passed to
4302.Xr chown 8
4303after the specified
4304.Xr md 4
4305device
4306.Ar X
4307has been mounted.
4308Both the
4309.Xr md 4
4310device and the mount point will be changed.
4311.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4312.Pq Vt str
4313A mode string passed to
4314.Xr chmod 1
4315after the specified
4316.Xr md 4
4317device
4318.Ar X
4319has been mounted.
4320Both the
4321.Xr md 4
4322device and the mount point will be changed.
4323.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4324.Pq Vt str
4325Files to be copied to the mount point of the
4326.Xr md 4
4327device
4328.Ar X
4329after it has been mounted.
4330.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4331.Pq Vt str
4332Command to execute after the specified
4333.Xr md 4
4334device
4335.Ar X
4336has been mounted.
4337Note that the command is passed to
4338.Ic eval
4339and that both
4340.Va _dev
4341and
4342.Va _mp
4343variables can be used to reference respectively the
4344.Xr md 4
4345device and the mount point.
4346Assuming that the
4347.Xr md 4
4348device is
4349.Li md0 ,
4350one could set the following:
4351.Bd -literal
4352mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4353.Ed
4354.It Va autobridge_interfaces
4355.Pq Vt str
4356Set to the list of bridge interfaces that will have newly arriving interfaces
4357checked against to be automatically added.
4358If not set to
4359.Dq Li NO
4360then for each whitespace separated
4361.Ar element
4362in the value, a
4363.Va autobridge_ Ns Aq Ar element
4364variable is assumed to exist which has a whitespace separated list of interface
4365names to match, these names can use wildcards.
4366For example:
4367.Bd -literal
4368autobridge_interfaces="bridge0"
4369autobridge_bridge0="tap* dc0 vlan[345]"
4370.Ed
4371.It Va mixer_enable
4372.Pq Vt bool
4373If set to
4374.Dq Li YES ,
4375enable support for sound mixer.
4376.It Va hcsecd_enable
4377.Pq Vt bool
4378If set to
4379.Dq Li YES ,
4380enable Bluetooth security daemon.
4381.It Va hcsecd_config
4382.Pq Vt str
4383Configuration file for
4384.Xr hcsecd 8 .
4385Default
4386.Pa /etc/bluetooth/hcsecd.conf .
4387.It Va sdpd_enable
4388.Pq Vt bool
4389If set to
4390.Dq Li YES ,
4391enable Bluetooth Service Discovery Protocol daemon.
4392.It Va sdpd_control
4393.Pq Vt str
4394Path to
4395.Xr sdpd 8
4396control socket.
4397Default
4398.Pa /var/run/sdp .
4399.It Va sdpd_groupname
4400.Pq Vt str
4401Sets
4402.Xr sdpd 8
4403group to run as after it initializes.
4404Default
4405.Dq Li nobody .
4406.It Va sdpd_username
4407.Pq Vt str
4408Sets
4409.Xr sdpd 8
4410user to run as after it initializes.
4411Default
4412.Dq Li nobody .
4413.It Va bthidd_enable
4414.Pq Vt bool
4415If set to
4416.Dq Li YES ,
4417enable Bluetooth Human Interface Device daemon.
4418.It Va bthidd_config
4419.Pq Vt str
4420Configuration file for
4421.Xr bthidd 8 .
4422Default
4423.Pa /etc/bluetooth/bthidd.conf .
4424.It Va bthidd_hids
4425.Pq Vt str
4426Path to a file, where
4427.Xr bthidd 8
4428will store information about known HID devices.
4429Default
4430.Pa /var/db/bthidd.hids .
4431.It Va rfcomm_pppd_server_enable
4432.Pq Vt bool
4433If set to
4434.Dq Li YES ,
4435enable Bluetooth RFCOMM PPP wrapper daemon.
4436.It Va rfcomm_pppd_server_profile
4437.Pq Vt str
4438The name of the profile to use from
4439.Pa /etc/ppp/ppp.conf .
4440Multiple profiles can be specified here.
4441Also used to specify per-profile overrides.
4442When the profile name contains any of the characters
4443.Dq Li .-/+
4444they are translated to
4445.Dq Li _
4446for the proposes of the override variable names.
4447.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4448.Pq Vt str
4449Overrides local address to listen on.
4450By default
4451.Xr rfcomm_pppd 8
4452will listen on
4453.Dq Li ANY
4454address.
4455The address can be specified as BD_ADDR or name.
4456.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4457.Pq Vt str
4458Overrides local RFCOMM channel to listen on.
4459By default
4460.Xr rfcomm_pppd 8
4461will listen on RFCOMM channel 1.
4462Must set properly if multiple profiles used in the same time.
4463.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4464.Pq Vt bool
4465Tells
4466.Xr rfcomm_pppd 8
4467if it should register Serial Port service on the specified RFCOMM channel.
4468Default
4469.Dq Li NO .
4470.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4471.Pq Vt bool
4472Tells
4473.Xr rfcomm_pppd 8
4474if it should register Dial-Up Networking service on the specified
4475RFCOMM channel.
4476Default
4477.Dq Li NO .
4478.It Va ubthidhci_enable
4479.Pq Vt bool
4480If set to
4481.Dq Li YES ,
4482change the USB Bluetooth controller from HID mode to HCI mode.
4483You also need to specify the location of USB Bluetooth controller with the
4484.Va ubthidhci_busnum
4485and
4486.Va ubthidhci_addr
4487variables.
4488.It Va ubthidhci_busnum
4489Bus number where the USB Bluetooth controller is located.
4490Check the output of
4491.Xr usbconfig 8
4492on your system to find this information.
4493.It Va ubthidhci_addr
4494Bus address of the USB Bluetooth controller.
4495Check the output of
4496.Xr usbconfig 8
4497on your system to find this information.
4498.It Va netwait_enable
4499.Pq Vt bool
4500If set to
4501.Dq Li YES ,
4502delays the start of network-reliant services until
4503.Va netwait_if
4504is up and ICMP packets to a destination defined in
4505.Va netwait_ip
4506are flowing.
4507Link state is examined first, followed by
4508.Dq Li pinging
4509an IP address to verify network usability.
4510If no destination can be reached or timeouts are exceeded,
4511network services are started anyway with no guarantee that
4512the network is usable.
4513Use of this variable requires both
4514.Va netwait_ip
4515and
4516.Va netwait_if
4517to be set.
4518.It Va netwait_ip
4519.Pq Vt str
4520Empty by default.
4521This variable contains a space-delimited list of IP addresses to
4522.Xr ping 8 .
4523DNS hostnames should not be used as resolution is not guaranteed
4524to be functional at this point.
4525If multiple IP addresses are specified,
4526each will be tried until one is successful or the list is exhausted.
4527.It Va netwait_timeout
4528.Pq Vt int
4529Indicates the total number of seconds to perform a
4530.Dq Li ping
4531against each IP address in
4532.Va netwait_ip ,
4533at a rate of one ping per second.
4534If any of the pings are successful,
4535full network connectivity is considered reliable.
4536The default is 60.
4537.It Va netwait_if
4538.Pq Vt str
4539Empty by default.
4540Defines the name of the network interface on which watch for link.
4541.Xr ifconfig 8
4542is used to monitor the interface, looking for
4543.Dq Li status: no carrier .
4544Once gone, the link is considered up.
4545This can be a
4546.Xr vlan 4
4547interface if desired.
4548.It Va netwait_if_timeout
4549.Pq Vt int
4550Defines the total number of seconds to wait for link to become usable,
4551polled at a 1-second interval.
4552The default is 30.
4553.It Va rctl_enable
4554.Pq Vt bool
4555If set to
4556.Dq Li YES ,
4557load
4558.Xr rctl 8
4559rules from the defined ruleset.
4560The kernel must be built with
4561.Cd "options RACCT"
4562and
4563.Cd "options RCTL" .
4564.It Va rctl_rules
4565.Pq Vt str
4566Set to
4567.Pa /etc/rctl.conf
4568by default.
4569This variables contains the
4570.Xr rctl.conf 5
4571ruleset to load for
4572.Xr rctl 8 .
4573.It Va iovctl_files
4574.Pq Vt str
4575A space-separated list of configuration files used by
4576.Xr iovctl 8 .
4577The default value is an empty string.
4578.It Va autofs_enable
4579.Pq Vt bool
4580If set to
4581.Dq Li YES ,
4582start the
4583.Xr automount 8
4584utility and the
4585.Xr automountd 8
4586and
4587.Xr autounmountd 8
4588daemons at boot time.
4589.It Va automount_flags
4590.Pq Vt str
4591If
4592.Va autofs_enable
4593is set to
4594.Dq Li YES ,
4595these are the flags to pass to the
4596.Xr automount 8
4597program.
4598By default no flags are passed.
4599.It Va automountd_flags
4600.Pq Vt str
4601If
4602.Va autofs_enable
4603is set to
4604.Dq Li YES ,
4605these are the flags to pass to the
4606.Xr automountd 8
4607daemon.
4608By default no flags are passed.
4609.It Va autounmountd_flags
4610.Pq Vt str
4611If
4612.Va autofs_enable
4613is set to
4614.Dq Li YES ,
4615these are the flags to pass to the
4616.Xr autounmountd 8
4617daemon.
4618By default no flags are passed.
4619.It Va ctld_enable
4620.Pq Vt bool
4621If set to
4622.Dq Li YES ,
4623start the
4624.Xr ctld 8
4625daemon at boot time.
4626.It Va iscsid_enable
4627.Pq Vt bool
4628If set to
4629.Dq Li YES ,
4630start the
4631.Xr iscsid 8
4632daemon at boot time.
4633.It Va iscsictl_enable
4634.Pq Vt bool
4635If set to
4636.Dq Li YES ,
4637start the
4638.Xr iscsictl 8
4639utility at boot time.
4640.It Va iscsictl_flags
4641.Pq Vt str
4642If
4643.Va iscsictl_enable
4644is set to
4645.Dq Li YES ,
4646these are the flags to pass to the
4647.Xr iscsictl 8
4648program.
4649The default is
4650.Dq Li -Aa ,
4651which configures sessions based on the
4652.Pa /etc/iscsi.conf
4653configuration file.
4654.It Va cfumass_enable
4655.Pq Vt bool
4656If set to
4657.Dq Li YES ,
4658create and export an USB LUN using
4659.Xr cfumass 4
4660at boot time.
4661.It Va cfumass_dir
4662.Pq Vt str
4663The directory where the files exported by USB LUN are located.
4664The default directory is
4665.Pa /var/cfumass .
4666.It Va service_delete_empty
4667.Pq Vt bool
4668If set to
4669.Dq Li YES ,
4670.Ql Li service delete
4671removes empty
4672.Dq Li rc.conf.d
4673files.
4674.It Va zfs_bootonce_activate
4675.Pq Vt bool
4676If set to
4677.Dq Li YES ,
4678and a boot environment marked bootonce is successfully booted,
4679it will be made permanently active.
4680.It Va zfskeys_enable
4681.Pq Vt bool
4682If set to
4683.Dq Li YES ,
4684enable auto-loading of encryption keys for encrypted ZFS datasets.
4685For every dataset the script will first load the appropriate encryption key
4686and then attempt to unlock the dataset.
4687.Pp
4688The script operates only on datasets which are encrypted with
4689ZFS native encryption
4690and have a ZFS
4691.Dq Li keylocation
4692dataset property beginning with
4693.Dq Li file:// .
4694.It Va zfskeys_datasets
4695.Pq Vt str
4696A whitespace-separated list of ZFS datasets to unlock.
4697The list is empty by default,
4698which means that the script will attempt to unlock all datasets.
4699.It Va zfskeys_timeout
4700.Pq Vt int
4701Define the total number of seconds to wait for the zfskeys script
4702to unlock an encrypted dataset.
4703The default is 10.
4704.It Va sendmail_enable
4705.Pq Vt str
4706If set to
4707.Dq Li YES ,
4708run the
4709.Xr sendmail 8
4710daemon at system boot time.
4711If set to
4712.Dq Li NO ,
4713do not run a
4714.Xr sendmail 8
4715daemon to listen for incoming network mail.
4716This does not preclude a
4717.Xr sendmail 8
4718daemon listening on the SMTP port of the loopback interface.
4719The
4720.Dq Li NONE
4721option sets each
4722.Va sendmail_enable ,
4723.Va sendmail_submit_enable ,
4724.Va sendmail_outbound_enable ,
4725.Va sendmail_msp_queue_enable
4726to
4727.Dq Li NO .
4728.It Va sendmail_cert_create
4729.Pq Vt str
4730If
4731.Va sendmail_enable
4732is set to
4733.Dq Li YES ,
4734create a signed certificate
4735.Pa /etc/mail/certs/host.cert
4736representing
4737.Pa /etc/mail/certs/host.key
4738by the CA certificate in
4739.Pa /etc/mail/certs/cacert.pem .
4740This will enable connecting hosts to negotiate STARTTLS allowing incoming
4741email to be encrypted in transit.
4742.Xr sendmail 8
4743needs to be configured to use these generated files.
4744The default configuration in
4745.Pa /etc/mail/freebsd.mc
4746has the required options in it.
4747.It Va sendmail_cert_cn
4748.Pq Vt str
4749If
4750.Va sendmail_enable
4751is set to
4752.Dq Li YES
4753and
4754.Va sendmail_cert_create
4755is set to
4756.Dq Li YES ,
4757this is the Common Name (CN) of the certificate that will be created.
4758If
4759.Va sendmail_cert_cn
4760is not set, the system's hostname will be used.
4761If there is no hostname set,
4762.Dq Li amnesiac
4763will be used.
4764.It Va sendmail_flags
4765.Pq Vt str
4766If
4767.Va sendmail_enable
4768is set to
4769.Dq Li YES ,
4770these are the flags to pass to the
4771.Xr sendmail 8
4772daemon.
4773.It Va sendmail_submit_enable
4774.Pq Vt bool
4775If set to
4776.Dq Li YES
4777and
4778.Va sendmail_enable
4779is set to
4780.Dq Li NO ,
4781run
4782.Xr sendmail 8
4783using
4784.Va sendmail_submit_flags
4785instead of
4786.Va sendmail_flags .
4787This is intended to allow local mail submission via
4788a localhost-only listening SMTP service required for running
4789.Xr sendmail 8
4790as a non-set-user-ID binary.
4791Note that this does not work inside
4792.Xr jail 2
4793systems, as jails do not allow binding to just the localhost interface.
4794.It Va sendmail_submit_flags
4795.Pq Vt str
4796If
4797.Va sendmail_enable
4798is set to
4799.Dq Li NO
4800and
4801.Va sendmail_submit_enable
4802is set to
4803.Dq Li YES ,
4804these are the flags to pass to the
4805.Xr sendmail 8
4806daemon.
4807.It Va sendmail_outbound_enable
4808.Pq Vt bool
4809If set to
4810.Dq Li YES
4811and both
4812.Va sendmail_enable
4813and
4814.Va sendmail_submit_enable
4815are set to
4816.Dq Li NO ,
4817run
4818.Xr sendmail 8
4819using
4820.Va sendmail_outbound_flags
4821instead of
4822.Va sendmail_flags .
4823This is intended to allow local mail queue management
4824for systems that do not offer a listening SMTP service.
4825.It Va sendmail_outbound_flags
4826.Pq Vt str
4827If both
4828.Va sendmail_enable
4829and
4830.Va sendmail_submit_enable
4831are set to
4832.Dq Li NO
4833and
4834.Va sendmail_outbound_enable
4835is set to
4836.Dq Li YES ,
4837these are the flags to pass to the
4838.Xr sendmail 8
4839daemon.
4840.It Va sendmail_msp_queue_enable
4841.Pq Vt bool
4842If set to
4843.Dq Li YES ,
4844start a client (MSP) queue runner
4845.Xr sendmail 8
4846daemon at system boot time.
4847As of sendmail 8.12, a separate queue is used for command line
4848submissions.
4849The client queue runner ensures that nothing is
4850left behind in the submission queue.
4851.It Va sendmail_msp_queue_flags
4852.Pq Vt str
4853If
4854.Va sendmail_msp_queue_enable
4855is set to
4856daemon.
4857.Dq Li YES ,
4858these are the flags to pass to the
4859.Xr sendmail 8
4860.El
4861.Sh FILES
4862.Bl -tag -width "/etc/defaults/rc.conf" -compact
4863.It Pa /etc/defaults/rc.conf
4864.It Pa /etc/defaults/vendor.conf
4865.It Pa /etc/rc.conf
4866.It Pa /etc/rc.conf.local
4867.It Pa /etc/rc.conf.d/
4868.El
4869.Sh SEE ALSO
4870.Xr chmod 1 ,
4871.Xr gdb 1 Pq Pa ports/devel/gdb ,
4872.Xr info 1 ,
4873.Xr kbdcontrol 1 ,
4874.Xr limits 1 ,
4875.Xr protect 1 ,
4876.Xr sh 1 ,
4877.Xr umask 1 ,
4878.Xr vi 1 ,
4879.Xr vidcontrol 1 ,
4880.Xr bridge 4 ,
4881.Xr dummynet 4 ,
4882.Xr ip 4 ,
4883.Xr ipf 4 ,
4884.Xr ipfw 4 ,
4885.Xr ipnat 4 ,
4886.Xr kld 4 ,
4887.Xr pf 4 ,
4888.Xr pflog 4 ,
4889.Xr pfsync 4 ,
4890.Xr tcp 4 ,
4891.Xr udp 4 ,
4892.Xr exports 5 ,
4893.Xr fstab 5 ,
4894.Xr ipf 5 ,
4895.Xr ipnat 5 ,
4896.Xr jail.conf 5 ,
4897.Xr loader.conf 5 ,
4898.Xr login.conf 5 ,
4899.Xr motd 5 ,
4900.Xr newsyslog.conf 5 ,
4901.Xr pf.conf 5 ,
4902.Xr firewall 7 ,
4903.Xr growfs 7 ,
4904.Xr security 7 ,
4905.Xr tuning 7 ,
4906.Xr accton 8 ,
4907.Xr apm 8 ,
4908.Xr bsdinstall 8 ,
4909.Xr bthidd 8 ,
4910.Xr chkprintcap 8 ,
4911.Xr chown 8 ,
4912.Xr cron 8 ,
4913.Xr devfs 8 ,
4914.Xr dhclient 8 ,
4915.Xr ftpd 8 ,
4916.Xr geli 8 ,
4917.Xr hcsecd 8 ,
4918.Xr ifconfig 8 ,
4919.Xr inetd 8 ,
4920.Xr iovctl 8 ,
4921.Xr ipf 8 ,
4922.Xr ipfw 8 ,
4923.Xr ipnat 8 ,
4924.Xr jail 8 ,
4925.Xr kldxref 8 ,
4926.Xr loader 8 ,
4927.Xr lpd 8 ,
4928.Xr makewhatis 8 ,
4929.Xr mdconfig 8 ,
4930.Xr mdmfs 8 ,
4931.Xr mixer 8 ,
4932.Xr mountd 8 ,
4933.Xr moused 8 ,
4934.Xr newfs 8 ,
4935.Xr newsyslog 8 ,
4936.Xr nfsd 8 ,
4937.Xr ntpd 8 ,
4938.Xr ntpdate 8 ,
4939.Xr pfctl 8 ,
4940.Xr pflogd 8 ,
4941.Xr ping 8 ,
4942.Xr powerd 8 ,
4943.Xr quotacheck 8 ,
4944.Xr quotaon 8 ,
4945.Xr rc 8 ,
4946.Xr rc.subr 8 ,
4947.Xr rcorder 8 ,
4948.Xr rfcomm_pppd 8 ,
4949.Xr route 8 ,
4950.Xr routed 8 ,
4951.Xr rpc.lockd 8 ,
4952.Xr rpc.statd 8 ,
4953.Xr rpc.tlsclntd 8 ,
4954.Xr rpc.tlsservd 8 ,
4955.Xr rpcbind 8 ,
4956.Xr rwhod 8 ,
4957.Xr savecore 8 ,
4958.Xr sdpd 8 ,
4959.Xr sendmail 8 ,
4960.Xr service 8 ,
4961.Xr sshd 8 ,
4962.Xr swapon 8 ,
4963.Xr sysctl 8 ,
4964.Xr syslogd 8 ,
4965.Xr sysrc 8 ,
4966.Xr unbound 8 ,
4967.Xr usbconfig 8 ,
4968.Xr wlandebug 8 ,
4969.Xr yp 8 ,
4970.Xr ypbind 8 ,
4971.Xr ypserv 8 ,
4972.Xr ypset 8
4973.Sh HISTORY
4974The
4975.Nm
4976file appeared in
4977.Fx 2.2.2 .
4978.Sh AUTHORS
4979.An Jordan K. Hubbard .
4980