1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 23, 2011 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory, which will be included by the 74.Va load_rc_config 75function. 76For jail configurations you could use the file 77.Pa /etc/rc.conf.d/jail 78to store jail specific configuration options. 79Also see the 80.Va rc_conf_files 81variable below. 82.Pp 83Options are set with 84.Dq Ar name Ns Li = Ns Ar value 85assignments that use 86.Xr sh 1 87syntax. 88The following list provides a name and short description for each 89variable that can be set in the 90.Nm 91file: 92.Bl -tag -width indent-two 93.It Va rc_debug 94.Pq Vt bool 95If set to 96.Dq Li YES , 97enable output of debug messages from rc scripts. 98This variable can be helpful in diagnosing mistakes when 99editing or integrating new scripts. 100Beware that this produces copious output to the terminal and 101.Xr syslog 3 . 102.It Va rc_info 103.Pq Vt bool 104If set to 105.Dq Li NO , 106disable informational messages from the rc scripts. 107Informational messages are displayed when 108a condition that is not serious enough to warrant a warning or 109an error occurs. 110.It Va rc_startmsgs 111.Pq Vt bool 112If set to 113.Dq Li YES , 114show 115.Dq Starting foo: 116when faststart is used (e.g., at boot time). 117.It Va early_late_divider 118.Pq Vt str 119The name of the script that should be used as the 120delimiter between the 121.Dq early 122and 123.Dq late 124stages of the boot process. 125The early stage should contain all the services needed to 126get the disks (local or remote) mounted so that the late 127stage can include scripts contained in the directories 128listed in the 129.Va local_startup 130variable (see below). 131Thus, the two likely candidates for this value are 132.Pa mountcritlocal 133for the typical system, and 134.Pa mountcritremote 135if the system needs remote file 136systems mounted to get access to the 137.Va local_startup 138directories; for example when 139.Pa /usr/local 140is NFS mounted. 141For 142.Pa rc.conf 143within a 144.Xr jail 8 145.Pa NETWORKING 146is likely to be an appropriate value. 147Extreme care should be taken when changing this value, 148and before changing it one should ensure that there are 149adequate provisions to recover from a failed boot 150(such as physical contact with the machine, 151or reliable remote console access). 152.It Va swapfile 153.Pq Vt str 154If set to 155.Dq Li NO , 156no swapfile is installed, otherwise the value is used as the full 157pathname to a file to use for additional swap space. 158.It Va apm_enable 159.Pq Vt bool 160If set to 161.Dq Li YES , 162enable support for Automatic Power Management with 163the 164.Xr apm 8 165command. 166.It Va apmd_enable 167.Pq Vt bool 168Run 169.Xr apmd 8 170to handle APM event from userland. 171This also enables support for APM. 172.It Va apmd_flags 173.Pq Vt str 174If 175.Va apmd_enable 176is set to 177.Dq Li YES , 178these are the flags to pass to the 179.Xr apmd 8 180daemon. 181.It Va devd_enable 182.Pq Vt bool 183Run 184.Xr devd 8 185to handle device added, removed or unknown events from the kernel. 186.It Va ddb_enable 187.Pq Vt bool 188Run 189.Xr ddb 8 190to install 191.Xr ddb 4 192scripts at boot time. 193.It Va ddb_config 194.Pq Vt str 195Configuration file for 196.Xr ddb 8 . 197Default 198.Pa /etc/ddb.conf . 199.It Va kld_list 200.Pq Vt str 201A list of kernel modules to load right after the local 202disks are mounted. 203Loading modules at this point in the boot process is 204much faster than doing it via 205.Pa /boot/loader.conf 206for those modules not necessary for mounting local disk. 207.It Va kldxref_enable 208.Pq Vt bool 209Set to 210.Dq Li NO 211by default. 212Set to 213.Dq Li YES 214to automatically rebuild 215.Pa linker.hints 216files with 217.Xr kldxref 8 218at boot time. 219.It Va kldxref_clobber 220.Pq Vt bool 221Set to 222.Dq Li NO 223by default. 224If 225.Va kldxref_enable 226is true, 227setting to 228.Dq Li YES 229will overwrite existing 230.Pa linker.hints 231files at boot time. 232Otherwise, 233only missing 234.Pa linker.hints 235files are generated. 236.It Va kldxref_module_path 237.Pq Vt str 238Empty by default. 239A semi-colon 240.Pq Ql \&; 241delimited list of paths containing 242.Xr kld 4 243modules. 244If empty, 245the contents of the 246.Va kern.module_path 247.Xr sysctl 8 248are used. 249.It Va powerd_enable 250.Pq Vt bool 251If set to 252.Dq Li YES , 253enable the system power control facility with the 254.Xr powerd 8 255daemon. 256.It Va powerd_flags 257.Pq Vt str 258If 259.Va powerd_enable 260is set to 261.Dq Li YES , 262these are the flags to pass to the 263.Xr powerd 8 264daemon. 265.It Va tmpmfs 266Controls the creation of a 267.Pa /tmp 268memory file system. 269Always happens if set to 270.Dq Li YES 271and never happens if set to 272.Dq Li NO . 273If set to anything else, a memory file system is created if 274.Pa /tmp 275is not writable. 276.It Va tmpsize 277Controls the size of a created 278.Pa /tmp 279memory file system. 280.It Va tmpmfs_flags 281Extra options passed to the 282.Xr mdmfs 8 283utility when the memory file system for 284.Pa /tmp 285is created. 286The default is 287.Dq Li "-S" , 288which inhibits the use of softupdates on 289.Pa /tmp 290so that file system space is freed without delay 291after file truncation or deletion. 292See 293.Xr mdmfs 8 294for other options you can use in 295.Va tmpmfs_flags . 296.It Va varmfs 297Controls the creation of a 298.Pa /var 299memory file system. 300Always happens if set to 301.Dq Li YES 302and never happens if set to 303.Dq Li NO . 304If set to anything else, a memory file system is created if 305.Pa /var 306is not writable. 307.It Va varsize 308Controls the size of a created 309.Pa /var 310memory file system. 311.It Va varmfs_flags 312Extra options passed to the 313.Xr mdmfs 8 314utility when the memory file system for 315.Pa /var 316is created. 317The default is 318.Dq Li "-S" , 319which inhibits the use of softupdates on 320.Pa /var 321so that file system space is freed without delay 322after file truncation or deletion. 323See 324.Xr mdmfs 8 325for other options you can use in 326.Va varmfs_flags . 327.It Va populate_var 328Controls the automatic population of the 329.Pa /var 330file system. 331Always happens if set to 332.Dq Li YES 333and never happens if set to 334.Dq Li NO . 335If set to anything else, a memory file system is created if 336.Pa /var 337is not writable. 338Note that this process requires access to certain commands in 339.Pa /usr 340before 341.Pa /usr 342is mounted on normal systems. 343.It Va cleanvar_enable 344.Pq Vt bool 345Clean the 346.Pa /var 347directory. 348.It Va local_startup 349.Pq Vt str 350List of directories to search for startup script files. 351.It Va script_name_sep 352.Pq Vt str 353The field separator to use for breaking down the list of startup script files 354into individual filenames. 355The default is a space. 356It is not necessary to change this unless there are startup scripts with names 357containing spaces. 358.It Va hostapd_enable 359.Pq Vt bool 360Set to 361.Dq Li YES 362to start 363.Xr hostapd 8 364at system boot time. 365.It Va hostname 366.Pq Vt str 367The fully qualified domain name (FQDN) of this host on the network. 368This should almost certainly be set to something meaningful, even if 369there is no network connection. 370If 371.Xr dhclient 8 372is used to set the hostname via DHCP, 373this variable should be set to an empty string. 374If this value remains unset when the system is done booting 375your console login will display the default hostname of 376.Dq Amnesiac. 377.It Va nisdomainname 378.Pq Vt str 379The NIS domain name of this host, or 380.Dq Li NO 381if NIS is not used. 382.It Va dhclient_program 383.Pq Vt str 384Path to the DHCP client program 385.Pa ( /sbin/dhclient , 386the 387.Ox 388DHCP client, 389is the default). 390.It Va dhclient_flags 391.Pq Vt str 392Additional flags to pass to the DHCP client program. 393For the 394.Ox 395DHCP client, see the 396.Xr dhclient 8 397manpage for a description of the command line options available. 398.It Va dhclient_flags_ Ns Aq Ar iface 399Additional flags to pass to the DHCP client program running on 400.Ar iface 401only. 402When specified, this variable overrides 403.Va dhclient_flags . 404.It Va background_dhclient 405.Pq Vt bool 406Set to 407.Dq Li YES 408to start the DHCP client in background. 409This can cause trouble with applications depending on 410a working network, but it will provide a faster startup 411in many cases. 412.It Va background_dhclient_ Ns Aq Ar iface 413When specified, this variable overrides the 414.Va background_dhclient 415variable for interface 416.Ar iface 417only. 418.It Va synchronous_dhclient 419.Pq Vt bool 420Set to 421.Dq Li YES 422to start 423.Xr dhclient 8 424synchronously at startup. 425This behavior can be overridden on a per-interface basis by replacing 426the 427.Dq Li DHCP 428keyword in the 429.Va ifconfig_ Ns Aq Ar interface 430variable with 431.Dq Li SYNCDHCP 432or 433.Dq Li NOSYNCDHCP . 434.It Va defaultroute_delay 435.Pq Vt int 436When set to a positive value, wait up to this long after configuring 437DHCP interfaces at startup to give the interfaces time to receive a lease. 438.It Va firewall_enable 439.Pq Vt bool 440Set to 441.Dq Li YES 442to load firewall rules at startup. 443If the kernel was not built with 444.Cd "options IPFIREWALL" , 445the 446.Pa ipfw.ko 447kernel module will be loaded. 448See also 449.Va ipfilter_enable . 450.It Va firewall_script 451.Pq Vt str 452This variable specifies the full path to the firewall script to run. 453The default is 454.Pa /etc/rc.firewall . 455.It Va firewall_type 456.Pq Vt str 457Names the firewall type from the selection in 458.Pa /etc/rc.firewall , 459or the file which contains the local firewall ruleset. 460Valid selections from 461.Pa /etc/rc.firewall 462are: 463.Pp 464.Bl -tag -width ".Li simple" -compact 465.It Li open 466unrestricted IP access 467.It Li closed 468all IP services disabled, except via 469.Dq Li lo0 470.It Li client 471basic protection for a workstation 472.It Li simple 473basic protection for a LAN. 474.El 475.Pp 476If a filename is specified, the full path 477must be given. 478.It Va firewall_quiet 479.Pq Vt bool 480Set to 481.Dq Li YES 482to disable the display of firewall rules on the console during boot. 483.It Va firewall_logging 484.Pq Vt bool 485Set to 486.Dq Li YES 487to enable firewall event logging. 488This is equivalent to the 489.Dv IPFIREWALL_VERBOSE 490kernel option. 491.It Va firewall_flags 492.Pq Vt str 493Flags passed to 494.Xr ipfw 8 495if 496.Va firewall_type 497specifies a filename. 498.It Va firewall_coscripts 499.Pq Vt str 500List of executables and/or rc scripts to run after firewall starts/stops. 501Default is empty. 502.\" ----- firewall_nat_enable setting -------------------------------- 503.It Va firewall_nat_enable 504.Pq Vt bool 505The 506.Xr ipfw 8 507equivalent of 508.Va natd_enable . 509Setting this to 510.Dq Li YES 511enables kernel NAT. 512.Va firewall_enable 513must also be set to 514.Dq Li YES . 515.It Va firewall_nat_interface 516.Pq Vt str 517The 518.Xr ipfw 8 519equivalent of 520.Va natd_interface . 521This is the name of the public interface or IP address on which 522kernel NAT should run. 523.It Va firewall_nat_flags 524.Pq Vt str 525Additional configuration parameters for kernel NAT should be placed here. 526.It Va dummynet_enable 527.Pq Vt bool 528Setting this to 529.Dq Li YES 530will automatically load the 531.Xr dummynet 4 532module if 533.Va firewall_enable 534is also set to 535.Dq Li YES . 536.\" ------------------------------------------------------------------- 537.It Va natd_program 538.Pq Vt str 539Path to 540.Xr natd 8 . 541.It Va natd_enable 542.Pq Vt bool 543Set to 544.Dq Li YES 545to enable 546.Xr natd 8 . 547.Va firewall_enable 548must also be set to 549.Dq Li YES , 550and 551.Xr divert 4 552sockets must be enabled in the kernel. 553If the kernel was not built with 554.Cd "options IPDIVERT" , 555the 556.Pa ipdivert.ko 557kernel module will be loaded. 558.It Va natd_interface 559.Pq Vt str 560This is the name of the public interface on which 561.Xr natd 8 562should run. 563The interface may be given as an interface name or as an IP address. 564.It Va natd_flags 565.Pq Vt str 566Additional 567.Xr natd 8 568flags should be placed here. 569The 570.Fl n 571or 572.Fl a 573flag is automatically added with the above 574.Va natd_interface 575as an argument. 576.\" ----- ipfilter_enable setting -------------------------------- 577.It Va ipfilter_enable 578.Pq Vt bool 579Set to 580.Dq Li NO 581by default. 582Setting this to 583.Dq Li YES 584enables 585.Xr ipf 8 586packet filtering. 587.Pp 588Typical usage will require putting 589.Bd -literal 590ipfilter_enable="YES" 591ipnat_enable="YES" 592ipmon_enable="YES" 593ipfs_enable="YES" 594.Ed 595.Pp 596into 597.Pa /etc/rc.conf 598and editing 599.Pa /etc/ipf.rules 600and 601.Pa /etc/ipnat.rules 602appropriately. 603.Pp 604Note that 605.Va ipfilter_enable 606and 607.Va ipnat_enable 608can be enabled independently. 609.Va ipmon_enable 610and 611.Va ipfs_enable 612both require at least one of 613.Va ipfilter_enable 614and 615.Va ipnat_enable 616to be enabled. 617.Pp 618Having 619.Bd -literal 620options IPFILTER 621options IPFILTER_LOG 622options IPFILTER_DEFAULT_BLOCK 623.Ed 624.Pp 625in the kernel configuration file is a good idea, too. 626.\" ----- ipfilter_program setting ------------------------------ 627.It Va ipfilter_program 628.Pq Vt str 629Path to 630.Xr ipf 8 631(default 632.Pa /sbin/ipf ) . 633.\" ----- ipfilter_rules setting -------------------------------- 634.It Va ipfilter_rules 635.Pq Vt str 636Set to 637.Pa /etc/ipf.rules 638by default. 639This variable contains the name of the filter rule definition file. 640The file is expected to be readable for the 641.Xr ipf 8 642command to execute. 643.\" ----- ipv6_ipfilter_rules setting --------------------------- 644.It Va ipv6_ipfilter_rules 645.Pq Vt str 646Set to 647.Pa /etc/ipf6.rules 648by default. 649This variable contains the IPv6 filter rule definition file. 650The file is expected to be readable for the 651.Xr ipf 8 652command to execute. 653.\" ----- ipfilter_flags setting -------------------------------- 654.It Va ipfilter_flags 655.Pq Vt str 656Empty by default. 657This variable contains flags passed to the 658.Xr ipf 8 659program. 660.\" ----- ipnat_enable setting ---------------------------------- 661.It Va ipnat_enable 662.Pq Vt bool 663Set to 664.Dq Li NO 665by default. 666Set it to 667.Dq Li YES 668to enable 669.Xr ipnat 8 670network address translation. 671See 672.Va ipfilter_enable 673for a detailed discussion. 674.\" ----- ipnat_program setting --------------------------------- 675.It Va ipnat_program 676.Pq Vt str 677Path to 678.Xr ipnat 8 679(default 680.Pa /sbin/ipnat ) . 681.\" ----- ipnat_rules setting ----------------------------------- 682.It Va ipnat_rules 683.Pq Vt str 684Set to 685.Pa /etc/ipnat.rules 686by default. 687This variable contains the name of the file 688holding the network address translation definition. 689This file is expected to be readable for the 690.Xr ipnat 8 691command to execute. 692.\" ----- ipnat_flags setting ----------------------------------- 693.It Va ipnat_flags 694.Pq Vt str 695Empty by default. 696This variable contains flags passed to the 697.Xr ipnat 8 698program. 699.\" ----- ipmon_enable setting ---------------------------------- 700.It Va ipmon_enable 701.Pq Vt bool 702Set to 703.Dq Li NO 704by default. 705Set it to 706.Dq Li YES 707to enable 708.Xr ipmon 8 709monitoring (logging 710.Xr ipf 8 711and 712.Xr ipnat 8 713events). 714Setting this variable needs setting 715.Va ipfilter_enable 716or 717.Va ipnat_enable 718too. 719See 720.Va ipfilter_enable 721for a detailed discussion. 722.\" ----- ipmon_program setting --------------------------------- 723.It Va ipmon_program 724.Pq Vt str 725Path to 726.Xr ipmon 8 727(default 728.Pa /sbin/ipmon ) . 729.\" ----- ipmon_flags setting ----------------------------------- 730.It Va ipmon_flags 731.Pq Vt str 732Set to 733.Dq Li -Ds 734by default. 735This variable contains flags passed to the 736.Xr ipmon 8 737program. 738Another typical example would be 739.Dq Fl D Pa /var/log/ipflog 740to have 741.Xr ipmon 8 742log directly to a file bypassing 743.Xr syslogd 8 . 744Make sure to adjust 745.Pa /etc/newsyslog.conf 746in such case like this: 747.Bd -literal 748/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 749.Ed 750.\" ----- ipfs_enable setting ----------------------------------- 751.It Va ipfs_enable 752.Pq Vt bool 753Set to 754.Dq Li NO 755by default. 756Set it to 757.Dq Li YES 758to enable 759.Xr ipfs 8 760saving the filter and NAT state tables during shutdown 761and reloading them during startup again. 762Setting this variable needs setting 763.Va ipfilter_enable 764or 765.Va ipnat_enable 766to 767.Dq Li YES 768too. 769See 770.Va ipfilter_enable 771for a detailed discussion. 772Note that if 773.Va kern_securelevel 774is set to 3, 775.Va ipfs_enable 776cannot be used 777because the raised securelevel will prevent 778.Xr ipfs 8 779from saving the state tables at shutdown time. 780.\" ----- ipfs_program setting ---------------------------------- 781.It Va ipfs_program 782.Pq Vt str 783Path to 784.Xr ipfs 8 785(default 786.Pa /sbin/ipfs ) . 787.\" ----- ipfs_flags setting ------------------------------------ 788.It Va ipfs_flags 789.Pq Vt str 790Empty by default. 791This variable contains flags passed to the 792.Xr ipfs 8 793program. 794.\" ----- end of added ipf hook --------------------------------- 795.It Va pf_enable 796.Pq Vt bool 797Set to 798.Dq Li NO 799by default. 800Setting this to 801.Dq Li YES 802enables 803.Xr pf 4 804packet filtering. 805.Pp 806Typical usage will require putting 807.Pp 808.Dl pf_enable="YES" 809.Pp 810into 811.Pa /etc/rc.conf 812and editing 813.Pa /etc/pf.conf 814appropriately. 815Adding 816.Pp 817.Dl "device pf" 818.Pp 819builds support for 820.Xr pf 4 821into the kernel, otherwise the 822kernel module will be loaded. 823.It Va pf_rules 824.Pq Vt str 825Path to 826.Xr pf 4 827ruleset configuration file 828(default 829.Pa /etc/pf.conf ) . 830.It Va pf_program 831.Pq Vt str 832Path to 833.Xr pfctl 8 834(default 835.Pa /sbin/pfctl ) . 836.It Va pf_flags 837.Pq Vt str 838If 839.Va pf_enable 840is set to 841.Dq Li YES , 842these flags are passed to the 843.Xr pfctl 8 844program when loading the ruleset. 845.It Va pflog_enable 846.Pq Vt bool 847Set to 848.Dq Li NO 849by default. 850Setting this to 851.Dq Li YES 852enables 853.Xr pflogd 8 854which logs packets from the 855.Xr pf 4 856packet filter. 857.It Va pflog_logfile 858.Pq Vt str 859If 860.Va pflog_enable 861is set to 862.Dq Li YES 863this controls where 864.Xr pflogd 8 865stores the logfile 866(default 867.Pa /var/log/pflog ) . 868Check 869.Pa /etc/newsyslog.conf 870to adjust logfile rotation for this. 871.It Va pflog_program 872.Pq Vt str 873Path to 874.Xr pflogd 8 875(default 876.Pa /sbin/pflogd ) . 877.It Va pflog_flags 878.Pq Vt str 879Empty by default. 880This variable contains additional flags passed to the 881.Xr pflogd 8 882program. 883.It Va ftpproxy_enable 884.Pq Vt bool 885Set to 886.Dq Li NO 887by default. 888Setting this to 889.Dq Li YES 890enables 891.Xr ftp-proxy 8 892which supports the 893.Xr pf 4 894packet filter in translating ftp connections. 895.It Va ftpproxy_flags 896.Pq Vt str 897Empty by default. 898This variable contains additional flags passed to the 899.Xr ftp-proxy 8 900program. 901.It Va pfsync_enable 902.Pq Vt bool 903Set to 904.Dq Li NO 905by default. 906Setting this to 907.Dq Li YES 908enables exposing 909.Xr pf 4 910state changes to other hosts over the network by means of 911.Xr pfsync 4 . 912The 913.Va pfsync_syncdev 914variable 915must also be set then. 916.It Va pfsync_syncdev 917.Pq Vt str 918Empty by default. 919This variable specifies the name of the network interface 920.Xr pfsync 4 921should operate through. 922It must be set accordingly if 923.Va pfsync_enable 924is set to 925.Dq Li YES . 926.It Va pfsync_syncpeer 927.Pq Vt str 928Empty by default. 929This variable is optional. 930By default, state change messages are sent out on the synchronisation 931interface using IP multicast packets. 932The protocol is IP protocol 240, PFSYNC, and the multicast group used is 933224.0.0.240. 934When a peer address is specified using the 935.Va pfsync_syncpeer 936option, the peer address is used as a destination for the pfsync 937traffic, and the traffic can then be protected using 938.Xr ipsec 4 . 939See the 940.Xr pfsync 4 941manpage for more details about using 942.Xr ipsec 4 943with 944.Xr pfsync 4 945interfaces. 946.It Va pfsync_ifconfig 947.Pq Vt str 948Empty by default. 949This variable can contain additional options to be passed to the 950.Xr ifconfig 8 951command used to set up 952.Xr pfsync 4 . 953.It Va tcp_extensions 954.Pq Vt bool 955Set to 956.Dq Li YES 957by default. 958Setting this to 959.Dq Li NO 960disables certain TCP options as described by 961.Rs 962.%T "RFC 1323" 963.Re 964Setting this to 965.Dq Li NO 966might help remedy such problems with connections as randomly hanging 967or other weird behavior. 968Some network devices are known 969to be broken with respect to these options. 970.It Va log_in_vain 971.Pq Vt int 972Set to 0 by default. 973The 974.Xr sysctl 8 975variables, 976.Va net.inet.tcp.log_in_vain 977and 978.Va net.inet.udp.log_in_vain , 979as described in 980.Xr tcp 4 981and 982.Xr udp 4 , 983are set to the given value. 984.It Va tcp_keepalive 985.Pq Vt bool 986Set to 987.Dq Li YES 988by default. 989Setting to 990.Dq Li NO 991will disable probing idle TCP connections to verify that the 992peer is still up and reachable. 993.It Va tcp_drop_synfin 994.Pq Vt bool 995Set to 996.Dq Li NO 997by default. 998Setting to 999.Dq Li YES 1000will cause the kernel to ignore TCP frames that have both 1001the SYN and FIN flags set. 1002This prevents OS fingerprinting, but may 1003break some legitimate applications. 1004.It Va icmp_drop_redirect 1005.Pq Vt bool 1006Set to 1007.Dq Li NO 1008by default. 1009Setting to 1010.Dq Li YES 1011will cause the kernel to ignore ICMP REDIRECT packets. 1012Refer to 1013.Xr icmp 4 1014for more information. 1015.It Va icmp_log_redirect 1016.Pq Vt bool 1017Set to 1018.Dq Li NO 1019by default. 1020Setting to 1021.Dq Li YES 1022will cause the kernel to log ICMP REDIRECT packets. 1023Note that 1024the log messages are not rate-limited, so this option should only be used 1025for troubleshooting networks. 1026Refer to 1027.Xr icmp 4 1028for more information. 1029.It Va icmp_bmcastecho 1030.Pq Vt bool 1031Set to 1032.Dq Li YES 1033to respond to broadcast or multicast ICMP ping packets. 1034Refer to 1035.Xr icmp 4 1036for more information. 1037.It Va ip_portrange_first 1038.Pq Vt int 1039If not set to 1040.Dq Li NO , 1041this is the first port in the default portrange. 1042Refer to 1043.Xr ip 4 1044for more information. 1045.It Va ip_portrange_last 1046.Pq Vt int 1047If not set to 1048.Dq Li NO , 1049this is the last port in the default portrange. 1050Refer to 1051.Xr ip 4 1052for more information. 1053.It Va network_interfaces 1054.Pq Vt str 1055Set to the list of network interfaces to configure on this host or 1056.Dq Li AUTO 1057(the default) for all current interfaces. 1058Setting the 1059.Va network_interfaces 1060variable to anything other than the default is deprecated. 1061Interfaces that the administrator wishes to store configuration for, 1062but not start at boot should be configured with the 1063.Dq Li NOAUTO 1064keyword in their 1065.Va ifconfig_ Ns Aq Ar interface 1066variables as described below. 1067.Pp 1068An 1069.Va ifconfig_ Ns Aq Ar interface 1070variable is also assumed to exist for each value of 1071.Ar interface . 1072When an interface name contains any of the characters 1073.Dq Li .-/+ 1074they are translated to 1075.Dq Li _ 1076before lookup. 1077The variable can contain arguments to 1078.Xr ifconfig 8 , 1079as well as special case-insensitive keywords described below. 1080Such keywords are removed before passing the value to 1081.Xr ifconfig 8 1082while the order of the other arguments is preserved. 1083.Pp 1084One can configure more than one IPv4 address with the 1085.Va ipv4_addrs_ Ns Aq Ar interface 1086variable. 1087One or more IP addresses must be provided in Classless Inter-Domain 1088Routing (CIDR) address notation, whose last byte can be a range like 1089192.0.2.5-23/24. 1090In this case the address 192.0.2.5 will be configured with the 1091netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1092the non-conflicting netmask /32 as explained in the 1093.Xr ifconfig 8 1094alias section. 1095With the interface in question being 1096.Li ed0 , 1097an example could look like: 1098.Bd -literal 1099ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1100.Ed 1101.Pp 1102It is also possible to add IP alias entries using 1103.Xr ifconfig 8 1104syntax. 1105Assuming that the interface in question was 1106.Li ed0 , 1107it might look 1108something like this: 1109.Bd -literal 1110ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1111ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1112.Ed 1113.Pp 1114And so on. 1115For each 1116.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1117entry that is found, 1118its contents are passed to 1119.Xr ifconfig 8 . 1120Execution stops at the first unsuccessful access, so if 1121something like this is present: 1122.Bd -literal 1123ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1124ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1125ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1126ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1127.Ed 1128.Pp 1129Then note that alias4 would 1130.Em not 1131be added since the search would 1132stop with the missing 1133.Dq Li alias3 1134entry. 1135Due to this difficult to manage behavior, the 1136.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1137form is deprecated. 1138.Pp 1139If the 1140.Pa /etc/start_if. Ns Aq Ar interface 1141file is present, it is read and executed by the 1142.Xr sh 1 1143interpreter 1144before configuring the interface as specified in the 1145.Va ifconfig_ Ns Aq Ar interface 1146and 1147.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1148variables. 1149.Pp 1150If a 1151.Va vlans_ Ns Aq Ar interface 1152variable is set, 1153a 1154.Xr vlan 4 1155interface will be created for each item in the list with the 1156.Ar vlandev 1157argument set to 1158.Ar interface . 1159If a vlan interface's name is a number, 1160then that number is used as the vlan tag and the new vlan interface is 1161named 1162.Ar interface . Ns Ar tag . 1163Otherwise, 1164the vlan tag must be specified via a 1165.Va vlan 1166parameter in the 1167.Va create_args_ Ns Aq Ar interface 1168variable. 1169.Pp 1170To create a vlan device named 1171.Li em0.101 1172on 1173.Li em0 1174with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1175.Bd -literal 1176vlans_em0="101" 1177ifconfig_em0_101="inet 192.0.2.1/24" 1178.Ed 1179.Pp 1180To create a vlan device named 1181.Li myvlan 1182on 1183.Li em0 1184with the vlan tag 102: 1185.Bd -literal 1186vlans_em0="myvlan" 1187create_args_myvlan="vlan 102" 1188.Ed 1189.Pp 1190If a 1191.Va wlans_ Ns Aq Ar interface 1192variable is set, 1193an 1194.Xr wlan 4 1195interface will be created for each item in the list with the 1196.Ar wlandev 1197argument set to 1198.Ar interface . 1199Further wlan cloning arguments may be passed to the 1200.Xr ifconfig 8 1201.Cm create 1202command by setting the 1203.Va create_args_ Ns Aq Ar interface 1204variable. 1205One or more 1206.Xr wlan 4 1207devices must be created for each wireless devices as of 1208.Fx 8.0 . 1209Debugging flags for 1210.Xr wlan 4 1211devices as set by 1212.Xr wlandebug 8 1213may be specified with an 1214.Va wlandebug_ Ns Aq Ar interface 1215variable. 1216The contents of this variable will be passed directly to 1217.Xr wlandebug 8 . 1218.Pp 1219If the 1220.Va ifconfig_ Ns Aq Ar interface 1221contains the keyword 1222.Dq Li NOAUTO 1223then the interface will not be configured 1224at boot or by 1225.Pa /etc/pccard_ether 1226when 1227.Va network_interfaces 1228is set to 1229.Dq Li AUTO . 1230.Pp 1231It is possible to bring up an interface with DHCP by adding 1232.Dq Li DHCP 1233to the 1234.Va ifconfig_ Ns Aq Ar interface 1235variable. 1236For instance, to initialize the 1237.Li ed0 1238device via DHCP, 1239it is possible to use something like: 1240.Bd -literal 1241ifconfig_ed0="DHCP" 1242.Ed 1243.Pp 1244Also, if you want to configure your wireless interface with 1245.Xr wpa_supplicant 8 1246for use with WPA, EAP/LEAP or WEP, you need to add 1247.Dq Li WPA 1248to the 1249.Va ifconfig_ Ns Aq Ar interface 1250variable. 1251.Pp 1252Finally, you can add 1253.Xr ifconfig 8 1254options in this variable, in addition to the 1255.Pa /etc/start_if. Ns Aq Ar interface 1256file. 1257For instance, to configure an 1258.Xr ath 4 1259wireless device in station mode with an address obtained 1260via DHCP, using WPA authentication and 802.11b mode, it is 1261possible to use something like: 1262.Bd -literal 1263wlans_ath0="wlan0" 1264ifconfig_wlan0="DHCP WPA mode 11b" 1265.Ed 1266.Pp 1267In addition to the 1268.Va ifconfig_ Ns Aq Ar interface 1269form, a fallback variable 1270.Va ifconfig_DEFAULT 1271may be configured. 1272It will be used for all interfaces with no 1273.Va ifconfig_ Ns Aq Ar interface 1274variable. 1275This is intended to replace the no longer supported 1276.Va pccard_ifconfig 1277variable. 1278.Pp 1279It is also possible to rename an interface by doing: 1280.Bd -literal 1281ifconfig_ed0_name="net0" 1282ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1283.Ed 1284.It Va ipv6_enable 1285This variable is deprecated. 1286Use 1287.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1288and 1289.Va ipv6_activate_all_interfaces 1290if necessary. 1291.Pp 1292.Pq Vt bool 1293If the variable is 1294.Dq Li YES , 1295.Dq Li inet6 accept_rtadv 1296is added to all of 1297.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1298and the 1299.Va ipv6_activate_all_interfaces 1300is defined as 1301.Dq Li YES . 1302.It Va ipv6_prefer 1303This variable is deprecated. 1304Use 1305.Va ip6addrctl_policy 1306instead. 1307.Pp 1308.Pq Vt bool 1309If the variable is 1310.Dq Li YES , 1311the default address selection policy table set by 1312.Xr ip6addrctl 8 1313will be IPv6-preferred. 1314.Pp 1315If the variable is 1316.Dq Li NO , 1317the default address selection policy table set by 1318.Xr ip6addrctl 8 1319will be IPv4-preferred. 1320.It Va ipv6_activate_all_interfaces 1321.Pq Vt bool 1322This controls initial configuration on IPv6-capable 1323interfaces with no corresponding 1324.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1325variable. 1326Note that it is not always necessary to set this variable to 1327.Dq YES 1328to use IPv6 functionality on 1329.Fx . 1330In most cases, just configuring 1331.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1332variables works. 1333.Pp 1334If the variable is 1335.Dq Li NO , 1336all interfaces which do not have a corresponding 1337.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1338variable will be marked as 1339.Dq Li IFDISABLED 1340at creation. 1341This means that all of IPv6 functionality on that interface 1342is completely disabled to enforce a security policy. 1343If the variable is set to 1344.Dq YES , 1345the flag will be cleared on all of the interfaces. 1346.Pp 1347In most cases, just defining an 1348.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1349for an IPv6-capable interface should be sufficient. 1350However, if an interface is added dynamically 1351.Pq by some tunneling protocols such as PPP, for example , 1352it is often difficult to define the variable in advance. 1353In such a case, configuring the 1354.Dq Li IFDISABLED 1355flag can be disabled by setting this variable to 1356.Dq YES . 1357.Pp 1358For more details of the 1359.Dq Li IFDISABLED 1360flag and keywords 1361.Dq Li inet6 ifdisabled , 1362see 1363.Xr ifconfig 8 . 1364.Pp 1365Default is 1366.Dq Li NO . 1367.It Va ipv6_privacy 1368.Pq Vt bool 1369If the variable is 1370.Dq Li YES 1371privacy addresses will be generated for each IPv6 1372interface as described in RFC 4941. 1373.It Va ipv6_network_interfaces 1374.Pq Vt str 1375This is the IPv6 equivalent of 1376.Va network_interfaces . 1377Normally manual configuration of this variable is not needed. 1378.Pp 1379.It Va ipv6_cpe_wanif 1380.Pq Vt str 1381If the variable is set to an interface name, 1382the 1383.Xr ifconfig 8 1384options 1385.Dq inet6 -no_radr accept_rtadv 1386will be added to the specified interface automatically before evaluating 1387.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1388and two 1389.Xr sysctl 8 1390variables 1391.Va net.inet6.ip6.rfc6204w3 1392and 1393.Va net.inet6.ip6.no_radr 1394will be set to 1. 1395.Pp 1396This means the specified interface will accept ICMPv6 Router 1397Advertisement messages on that link and add the discovered 1398routers into the Default Router List. 1399While the other interfaces can still accept RA messages if the 1400.Dq inet6 accept_rtadv 1401option is specified, adding 1402routes into the Default Router List will be disabled by 1403.Dq inet6 no_radr 1404option by default. 1405See 1406.Xr ifconfig 8 1407for more details. 1408.Pp 1409Note that ICMPv6 Router Advertisement messages will be 1410accepted even when 1411.Va net.inet6.ip6.forwarding 1412is 1 1413.Pq packet fowarding is enabled 1414when 1415.Va net.inet6.ip6.rfc6204w3 1416is set to 1. 1417.Pp 1418Default is 1419.Dq Li NO . 1420.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1421.Pq Vt str 1422IPv6 functionality on an interface should be configured by 1423.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1424instead of setting ifconfig parameters in 1425.Va ifconfig_ Ns Aq Ar interface . 1426If this variable is empty, all of IPv6 configurations on the 1427specified interface by other variables such as 1428.Va ipv6_prefix_ Ns Ao Ar interface Ac 1429will be ignored. 1430.Pp 1431Aliases should be set by 1432.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1433with 1434.Dq Li inet6 1435keyword. For example: 1436.Bd -literal 1437ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1438ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1439.Ed 1440.Pp 1441Interfaces that have an 1442.Dq Li inet6 accept_rtadv 1443keyword in 1444.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1445setting will be automatically configured by SLAAC 1446.Pq StateLess Address AutoConfiguration 1447described in 1448.Rs 1449.%T "RFC 4862" 1450.Re 1451.Pp 1452Note that a link-local address will be automatically configured in 1453addition to the configured global-scope addresses because the IPv6 1454specifications require it on each link. 1455The address is calculated from the MAC address by using an algorithm 1456defined in 1457.Rs 1458.%T "RFC 4862" 1459.%O "Section 5.3" 1460.Re 1461.Pp 1462If only a link-local address is needed on the interface, 1463the following configuration can be used: 1464.Bd -literal 1465ifconfig_ed0_ipv6="inet6 auto_linklocal" 1466.Ed 1467.Pp 1468A link-local address can also be configured manually. 1469This is useful for the default router address of an IPv6 router 1470so that it does not change when the network interface 1471card is replaced. 1472For example: 1473.Bd -literal 1474ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1475.Ed 1476.It Va ipv6_prefix_ Ns Aq Ar interface 1477.Pq Vt str 1478If one or more prefixes are defined in 1479.Va ipv6_prefix_ Ns Aq Ar interface 1480addresses based on each prefix and the EUI-64 interface index will be 1481configured on that interface. 1482Note that this variable will be ignored when 1483.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1484is empty. 1485.Pp 1486For example, the following configuration 1487.Bd -literal 1488ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1489.Ed 1490.Pp 1491is equivalent to the following: 1492.Bd -literal 1493ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1494ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1495ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1496ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1497.Ed 1498.Pp 1499These Subnet-Router anycast addresses will be added only when 1500.Va ipv6_gateway_enable 1501is YES. 1502.It Va ipv6_default_interface 1503.Pq Vt str 1504If not set to 1505.Dq Li NO , 1506this is the default output interface for scoped addresses. 1507This works only with ipv6_gateway_enable="NO". 1508.It Va ip6addrctl_enable 1509.Pq Vt bool 1510This variable is to enable configuring default address selection policy table 1511.Pq RFC 3484 . 1512The table can be specified in another variable 1513.Va ip6addrctl_policy . 1514For 1515.Va ip6addrctl_policy 1516the following keywords can be specified: 1517.Dq Li ipv4_prefer , 1518.Dq Li ipv6_prefer , 1519or 1520.Dq Li AUTO . 1521.Pp 1522If 1523.Dq Li ipv4_prefer 1524or 1525.Dq Li ipv6_prefer 1526is specified, 1527.Xr ip6addrctl 8 1528installs a pre-defined policy table described in Section 2.1 1529.Pq IPv6-preferred 1530or 10.3 1531.Pq IPv4-preferred 1532of RFC 3484. 1533.Pp 1534If 1535.Dq Li AUTO 1536is specified, it attempts to read a file 1537.Pa /etc/ip6addrctl.conf 1538first. If this file is found, 1539.Xr ip6addrctl 8 1540reads and installs it. If not found, a policy is automatically set 1541according to 1542.Va ipv6_activate_all_interfaces 1543variable; if the variable is set to 1544.Dq Li YES 1545the IPv6-preferred one is used. Otherwise IPv4-preferred. 1546.Pp 1547The default value of 1548.Va ip6addrctl_enable 1549and 1550.Va ip6addrctl_policy 1551are 1552.Dq Li YES 1553and 1554.Dq Li AUTO , 1555respectively. 1556.It Va cloned_interfaces 1557.Pq Vt str 1558Set to the list of clonable network interfaces to create on this host. 1559Further cloning arguments may be passed to the 1560.Xr ifconfig 8 1561.Cm create 1562command for each interface by setting the 1563.Va create_args_ Ns Aq Ar interface 1564variable. 1565Entries in 1566.Va cloned_interfaces 1567are automatically appended to 1568.Va network_interfaces 1569for configuration. 1570.It Va fec_interfaces 1571.Pq Vt str 1572Set to the list of 1573.Xr ng_fec 4 1574Fast EtherChannel interfaces to configure on this host. 1575A 1576.Va fecconfig_ Ns Aq Ar interface 1577variable is assumed to exist for each value of 1578.Ar interface . 1579The value of this variable is used to configure link aggregated interfaces 1580according to the syntax of the 1581.Cm NGM_FEC_ADD_IFACE 1582to 1583.Xr ngctl 8 1584msg. 1585Additionally, this option ensures that each listed interface is created 1586via the 1587.Cm mkpeer 1588command to 1589.Xr ngctl 8 1590before attempting to configure it. 1591For example: 1592.Bd -literal 1593fec_interfaces="fec0" 1594fecconfig_fec0="em0 em1" 1595ifconfig_fec0="DHCP" 1596.Ed 1597.It Va gif_interfaces 1598.Pq Vt str 1599Set to the list of 1600.Xr gif 4 1601tunnel interfaces to configure on this host. 1602A 1603.Va gifconfig_ Ns Aq Ar interface 1604variable is assumed to exist for each value of 1605.Ar interface . 1606The value of this variable is used to configure the link layer of the 1607tunnel according to the syntax of the 1608.Cm tunnel 1609option to 1610.Xr ifconfig 8 . 1611Additionally, this option ensures that each listed interface is created 1612via the 1613.Cm create 1614option to 1615.Xr ifconfig 8 1616before attempting to configure it. 1617.It Va sppp_interfaces 1618.Pq Vt str 1619Set to the list of 1620.Xr sppp 4 1621interfaces to configure on this host. 1622A 1623.Va spppconfig_ Ns Aq Ar interface 1624variable is assumed to exist for each value of 1625.Ar interface . 1626Each interface should also be configured by a general 1627.Va ifconfig_ Ns Aq Ar interface 1628setting. 1629Refer to 1630.Xr spppcontrol 8 1631for more information about available options. 1632.It Va ppp_enable 1633.Pq Vt bool 1634If set to 1635.Dq Li YES , 1636run the 1637.Xr ppp 8 1638daemon. 1639.It Va ppp_profile 1640.Pq Vt str 1641The name of the profile to use from 1642.Pa /etc/ppp/ppp.conf . 1643Also used for per-profile overrides of 1644.Va ppp_mode 1645and 1646.Va ppp_nat , 1647and 1648.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1649When the profile name contains any of the characters 1650.Dq Li .-/+ 1651they are translated to 1652.Dq Li _ 1653for the proposes of the override variable names. 1654.It Va ppp_mode 1655.Pq Vt str 1656Mode in which to run the 1657.Xr ppp 8 1658daemon. 1659.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1660.Pq Vt str 1661Overrides the global 1662.Va ppp_mode 1663for 1664.Ar profile . 1665Accepted modes are 1666.Dq Li auto , 1667.Dq Li ddial , 1668.Dq Li direct 1669and 1670.Dq Li dedicated . 1671See the manual for a full description. 1672.It Va ppp_nat 1673.Pq Vt bool 1674If set to 1675.Dq Li YES , 1676enables network address translation. 1677Used in conjunction with 1678.Va gateway_enable 1679allows hosts on private network addresses access to the Internet using 1680this host as a network address translating router. 1681.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1682.Pq Vt str 1683Overrides the global 1684.Va ppp_nat 1685for 1686.Ar profile . 1687.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1688.Pq Vt int 1689Set the unit number to be used for this profile. 1690See the manual description of 1691.Fl unit Ns Ar N 1692for details. 1693.It Va ppp_user 1694.Pq Vt str 1695The name of the user under which 1696.Xr ppp 8 1697should be started. 1698By 1699default, 1700.Xr ppp 8 1701is started as 1702.Dq Li root . 1703.It Va rc_conf_files 1704.Pq Vt str 1705This option is used to specify a list of files that will override 1706the settings in 1707.Pa /etc/defaults/rc.conf . 1708The files will be read in the order in which they are specified and should 1709include the full path to the file. 1710By default, the files specified are 1711.Pa /etc/rc.conf 1712and 1713.Pa /etc/rc.conf.local 1714.It Va zfs_enable 1715.Pq Vt bool 1716If set to 1717.Dq Li YES , 1718.Pa /etc/rc.d/zfs 1719will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1720(ZVOLs). 1721.It Va gptboot_enable 1722.Pq Vt bool 1723If set to 1724.Dq Li YES , 1725.Pa /etc/rc.d/gptboot 1726will log if the system successfully (or not) booted from a GPT partition, 1727which had the 1728.Ar bootonce 1729attribute set using 1730.Xr gpart 8 1731utility. 1732.It Va gbde_autoattach_all 1733.Pq Vt bool 1734If set to 1735.Dq Li YES , 1736.Pa /etc/rc.d/gbde 1737will attempt to automatically initialize your .bde devices in 1738.Pa /etc/fstab . 1739.It Va gbde_devices 1740.Pq Vt str 1741List the devices that the script should try to attach, 1742or 1743.Dq Li AUTO . 1744.It Va gbde_lockdir 1745.Pq Vt str 1746The directory where the 1747.Xr gbde 4 1748lockfiles are located. 1749The default lockfile directory is 1750.Pa /etc . 1751.Pp 1752The lockfile for each individual 1753.Xr gbde 4 1754device can be overridden by setting the variable 1755.Va gbde_lock_ Ns Aq Ar device , 1756where 1757.Ar device 1758is the encrypted device without the 1759.Dq Pa /dev/ 1760and 1761.Dq Pa .bde 1762parts. 1763.It Va gbde_attach_attempts 1764.Pq Vt int 1765Number of times to attempt attaching to a 1766.Xr gbde 4 1767device, i.e., how many times the user is asked for the pass-phrase. 1768Default is 3. 1769.It Va geli_devices 1770.Pq Vt str 1771List of devices to automatically attach on boot. 1772Note that .eli devices from 1773.Pa /etc/fstab 1774are automatically appended to this list. 1775.It Va geli_tries 1776.Pq Vt int 1777Number of times user is asked for the pass-phrase. 1778If empty, it will be taken from 1779.Va kern.geom.eli.tries 1780sysctl variable. 1781.It Va geli_default_flags 1782.Pq Vt str 1783Default flags to use by 1784.Xr geli 8 1785when configuring disk encryption. 1786Flags can be configured for every device separately by defining 1787.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1788variable. 1789.It Va geli_autodetach 1790.Pq Vt str 1791Specifies if GELI devices should be marked for detach on last close after 1792file systems are mounted. 1793Default is 1794.Dq Li YES . 1795This can be changed for every device separately by defining 1796.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1797variable. 1798.It Va geli_swap_flags 1799Options passed to the 1800.Xr geli 8 1801utility when encrypted GEOM providers for swap partitions are created. 1802The default is 1803.Dq Li "-e aes -l 256 -s 4096 -d" . 1804.It Va root_rw_mount 1805.Pq Vt bool 1806Set to 1807.Dq Li YES 1808by default. 1809After the file systems are checked at boot time, the root file system 1810is remounted as read-write if this is set to 1811.Dq Li YES . 1812Diskless systems that mount their root file system from a read-only remote 1813NFS share should set this to 1814.Dq Li NO 1815in their 1816.Pa rc.conf . 1817.It Va fsck_y_enable 1818.Pq Vt bool 1819If set to 1820.Dq Li YES , 1821.Xr fsck 8 1822will be run with the 1823.Fl y 1824flag if the initial preen 1825of the file systems fails. 1826.It Va background_fsck 1827.Pq Vt bool 1828If set to 1829.Dq Li YES , 1830the system will attempt to run 1831.Xr fsck 8 1832in the background where possible. 1833.It Va background_fsck_delay 1834.Pq Vt int 1835The amount of time in seconds to sleep before starting a background 1836.Xr fsck 8 . 1837It defaults to sixty seconds to allow large applications such as 1838the X server to start before disk I/O bandwidth is monopolized by 1839.Xr fsck 8 . 1840If set to a negative number, the background file system check will be 1841delayed indefinitely to allow the administrator to run it at a more 1842convenient time. 1843For example it may be run from 1844.Xr cron 8 1845by adding a line like 1846.Pp 1847.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1848.Pp 1849to 1850.Pa /etc/crontab . 1851.It Va netfs_types 1852.Pq Vt str 1853List of file system types that are network-based. 1854This list should generally not be modified by end users. 1855Use 1856.Va extra_netfs_types 1857instead. 1858.It Va extra_netfs_types 1859.Pq Vt str 1860If set to something other than 1861.Dq Li NO 1862(the default), 1863this variable extends the list of file system types 1864for which automatic mounting at startup by 1865.Xr rc 8 1866should be delayed until the network is initialized. 1867It should contain 1868a whitespace-separated list of network file system descriptor pairs, 1869each consisting of a file system type as passed to 1870.Xr mount 8 1871and a human-readable, one-word description, 1872joined with a colon 1873.Pq Ql \&: . 1874Extending the default list in this way is only necessary 1875when third party file system types are used. 1876.It Va syslogd_enable 1877.Pq Vt bool 1878If set to 1879.Dq Li YES , 1880run the 1881.Xr syslogd 8 1882daemon. 1883.It Va syslogd_program 1884.Pq Vt str 1885Path to 1886.Xr syslogd 8 1887(default 1888.Pa /usr/sbin/syslogd ) . 1889.It Va syslogd_flags 1890.Pq Vt str 1891If 1892.Va syslogd_enable 1893is set to 1894.Dq Li YES , 1895these are the flags to pass to 1896.Xr syslogd 8 . 1897.It Va inetd_enable 1898.Pq Vt bool 1899If set to 1900.Dq Li YES , 1901run the 1902.Xr inetd 8 1903daemon. 1904.It Va inetd_program 1905.Pq Vt str 1906Path to 1907.Xr inetd 8 1908(default 1909.Pa /usr/sbin/inetd ) . 1910.It Va inetd_flags 1911.Pq Vt str 1912If 1913.Va inetd_enable 1914is set to 1915.Dq Li YES , 1916these are the flags to pass to 1917.Xr inetd 8 . 1918.It Va hastd_enable 1919.Pq Vt bool 1920If set to 1921.Dq Li YES , 1922run the 1923.Xr hastd 8 1924daemon. 1925.It Va hastd_program 1926.Pq Vt str 1927Path to 1928.Xr hastd 8 1929(default 1930.Pa /sbin/hastd ) . 1931.It Va hastd_flags 1932.Pq Vt str 1933If 1934.Va hastd_enable 1935is set to 1936.Dq Li YES , 1937these are the flags to pass to 1938.Xr hastd 8 . 1939.It Va named_enable 1940.Pq Vt bool 1941If set to 1942.Dq Li YES , 1943run the 1944.Xr named 8 1945daemon. 1946.It Va named_program 1947.Pq Vt str 1948Path to 1949.Xr named 8 1950(default 1951.Pa /usr/sbin/named ) . 1952.It Va named_conf 1953.Pq Vt str 1954Path to 1955.Xr named 8 1956configuration file, (default 1957.Pa /etc/namedb/named.conf ) . 1958.It Va named_flags 1959.Pq Vt str 1960If 1961.Va named_enable 1962is set to 1963.Dq Li YES , 1964these are the flags to pass to 1965.Xr named 8 . 1966.It Va named_uid 1967.Pq Vt str 1968The user that the 1969.Xr named 8 1970process should be run as. 1971.It Va named_chrootdir 1972.Pq Vt str 1973The root directory for a name server run in a 1974.Xr chroot 8 1975environment (default 1976.Pa /var/named ) . 1977If left empty 1978.Xr named 8 1979will not be run in a 1980.Xr chroot 8 1981environment. 1982.It Va named_chroot_autoupdate 1983.Pq Vt bool 1984Set to 1985.Dq Li NO 1986to disable automatic update of the 1987.Xr chroot 8 1988environment. 1989.It Va named_symlink_enable 1990.Pq Vt bool 1991Set to 1992.Dq Li NO 1993to disable symlinking of 1994daemon's PID file 1995into the 1996.Xr chroot 8 1997environment. 1998.It Va named_wait 1999.Pq Vt bool 2000Set to have 2001.Pa /etc/rc.d/named 2002loop until working name service is established. 2003.It Va named_wait_host 2004.Pq Vt str 2005Name of host to lookup for the named_wait option. 2006(Default localhost) 2007.It Va named_auto_forward 2008.Pq Vt bool 2009Set to enable automatic creation of a forwarder 2010configuration file derived from 2011.Pa /etc/resolv.conf . 2012.It Va named_auto_forward_only 2013.Pq Vt bool 2014Set to change the default forwarder configuration from 2015.Dq forward first 2016to 2017.Dq forward only . 2018.It Va kerberos5_server_enable 2019.Pq Vt bool 2020Set to 2021.Dq Li YES 2022to start a Kerberos 5 authentication server 2023at boot time. 2024.It Va kerberos5_server 2025.Pq Vt str 2026If 2027.Va kerberos5_server_enable 2028is set to 2029.Dq Li YES 2030this is the path to Kerberos 5 Authentication Server. 2031.It Va kerberos5_server_flags 2032.Pq Vt str 2033Empty by default. 2034This variable contains additional flags to be passed to the Kerberos 5 2035authentication server. 2036.It Va kadmind5_server_enable 2037.Pq Vt bool 2038Set to 2039.Dq Li YES 2040to start 2041.Xr kadmind 8 , 2042the Kerberos 5 Administration Daemon; set to 2043.Dq Li NO 2044on a slave server. 2045.It Va kadmind5_server 2046.Pq Vt str 2047If 2048.Va kadmind5_server_enable 2049is set to 2050.Dq Li YES 2051this is the path to Kerberos 5 Administration Daemon. 2052.It Va kpasswdd_server_enable 2053.Pq Vt bool 2054Set to 2055.Dq Li YES 2056to start 2057.Xr kpasswdd 8 , 2058the Kerberos 5 Password-Changing Daemon; set to 2059.Dq Li NO 2060on a slave server. 2061.It Va kpasswdd_server 2062.Pq Vt str 2063If 2064.Va kpasswdd_server_enable 2065is set to 2066.Dq Li YES 2067this is the path to Kerberos 5 Password-Changing Daemon. 2068.It Va rwhod_enable 2069.Pq Vt bool 2070If set to 2071.Dq Li YES , 2072run the 2073.Xr rwhod 8 2074daemon at boot time. 2075.It Va rwhod_flags 2076.Pq Vt str 2077If 2078.Va rwhod_enable 2079is set to 2080.Dq Li YES , 2081these are the flags to pass to it. 2082.It Va amd_enable 2083.Pq Vt bool 2084If set to 2085.Dq Li YES , 2086run the 2087.Xr amd 8 2088daemon at boot time. 2089.It Va amd_flags 2090.Pq Vt str 2091If 2092.Va amd_enable 2093is set to 2094.Dq Li YES , 2095these are the flags to pass to it. 2096See the 2097.Xr amd 8 2098manpage for more information. 2099.It Va amd_map_program 2100.Pq Vt str 2101If set, 2102the specified program is run to get the list of 2103.Xr amd 8 2104maps. 2105For example, if the 2106.Xr amd 8 2107maps are stored in NIS, one can set this to 2108run 2109.Xr ypcat 1 2110to get a list of 2111.Xr amd 8 2112maps from the 2113.Pa amd.master 2114NIS map. 2115.It Va update_motd 2116.Pq Vt bool 2117If set to 2118.Dq Li YES , 2119.Pa /etc/motd 2120will be updated at boot time to reflect the kernel release 2121being run. 2122If set to 2123.Dq Li NO , 2124.Pa /etc/motd 2125will not be updated. 2126.It Va nfs_client_enable 2127.Pq Vt bool 2128If set to 2129.Dq Li YES , 2130run the NFS client daemons at boot time. 2131.It Va nfs_access_cache 2132.Pq Vt int 2133If 2134.Va nfs_client_enable 2135is set to 2136.Dq Li YES , 2137this can be set to 2138.Dq Li 0 2139to disable NFS ACCESS RPC caching, or to the number of seconds for which 2140NFS ACCESS 2141results should be cached. 2142A value of 2-10 seconds will substantially reduce network 2143traffic for many NFS operations. 2144.It Va nfs_server_enable 2145.Pq Vt bool 2146If set to 2147.Dq Li YES , 2148run the NFS server daemons at boot time. 2149.It Va nfs_server_flags 2150.Pq Vt str 2151If 2152.Va nfs_server_enable 2153is set to 2154.Dq Li YES , 2155these are the flags to pass to the 2156.Xr nfsd 8 2157daemon. 2158.It Va nfsv4_server_enable 2159.Pq Vt bool 2160If 2161.Va nfs_server_enable 2162is set to 2163.Dq Li YES 2164and 2165.Va nfsv4_server_enable 2166are set to 2167.Dq Li YES , 2168enable the server for NFSv4 as well as NFSv2 and NFSv3. 2169.It Va nfsuserd_enable 2170.Pq Vt bool 2171If 2172.Va nfsuserd_enable 2173is set to 2174.Dq Li YES , 2175run the nfsuserd daemon, which is needed for NFSv4 in order 2176to map between user/group names vs uid/gid numbers. 2177If 2178.Va nfsv4_server_enable 2179is set to 2180.Dq Li YES , 2181this will be forced enabled. 2182.It Va nfsuserd_flags 2183.Pq Vt str 2184If 2185.Va nfsuserd_enable 2186is set to 2187.Dq Li YES , 2188these are the flags to pass to the 2189.Xr nfsuserd 8 2190daemon. 2191.It Va nfscbd_enable 2192.Pq Vt bool 2193If 2194.Va nfscbd_enable 2195is set to 2196.Dq Li YES , 2197run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2198.It Va nfscbd_flags 2199.Pq Vt str 2200If 2201.Va nfscbd_enable 2202is set to 2203.Dq Li YES , 2204these are the flags to pass to the 2205.Xr nfscbd 8 2206daemon. 2207.It Va oldnfs_server_enable 2208.Pq Vt bool 2209If 2210.Va oldnfs_server_enable 2211is set to 2212.Dq Li YES , 2213force the NFS server daemons to run the old NFS server code 2214that does not support NFSv4. 2215.It Va mountd_enable 2216.Pq Vt bool 2217If set to 2218.Dq Li YES , 2219and no 2220.Va nfs_server_enable 2221is set, start 2222.Xr mountd 8 , 2223but not 2224.Xr nfsd 8 2225daemon. 2226It is commonly needed to run CFS without real NFS used. 2227.It Va mountd_flags 2228.Pq Vt str 2229If 2230.Va mountd_enable 2231is set to 2232.Dq Li YES , 2233these are the flags to pass to the 2234.Xr mountd 8 2235daemon. 2236.It Va weak_mountd_authentication 2237.Pq Vt bool 2238If set to 2239.Dq Li YES , 2240allow services like PCNFSD to make non-privileged mount 2241requests. 2242.It Va nfs_reserved_port_only 2243.Pq Vt bool 2244If set to 2245.Dq Li YES , 2246provide NFS services only on a secure port. 2247.It Va nfs_bufpackets 2248.Pq Vt int 2249If set to a number, indicates the number of packets worth of 2250socket buffer space to reserve on an NFS client. 2251The kernel default is typically 4. 2252Using a higher number may be 2253useful on gigabit networks to improve performance. 2254The minimum value is 22552 and the maximum is 64. 2256.It Va rpc_lockd_enable 2257.Pq Vt bool 2258If set to 2259.Dq Li YES 2260and also an NFS server or client, run 2261.Xr rpc.lockd 8 2262at boot time. 2263.It Va rpc_lockd_flags 2264.Pq Vt str 2265If 2266.Va rpc_lockd_enable 2267is set to 2268.Dq Li YES , 2269these are the flags to pass to the 2270.Xr rpc.lockd 8 2271daemon. 2272.It Va rpc_statd_enable 2273.Pq Vt bool 2274If set to 2275.Dq Li YES 2276and also an NFS server or client, run 2277.Xr rpc.statd 8 2278at boot time. 2279.It Va rpc_statd_flags 2280.Pq Vt str 2281If 2282.Va rpc_statd_enable 2283is set to 2284.Dq Li YES , 2285these are the flags to pass to the 2286.Xr rpc.statd 8 2287daemon. 2288.It Va rpcbind_program 2289.Pq Vt str 2290Path to 2291.Xr rpcbind 8 2292(default 2293.Pa /usr/sbin/rpcbind ) . 2294.It Va rpcbind_enable 2295.Pq Vt bool 2296If set to 2297.Dq Li YES , 2298run the 2299.Xr rpcbind 8 2300service at boot time. 2301.It Va rpcbind_flags 2302.Pq Vt str 2303If 2304.Va rpcbind_enable 2305is set to 2306.Dq Li YES , 2307these are the flags to pass to the 2308.Xr rpcbind 8 2309daemon. 2310.It Va keyserv_enable 2311.Pq Vt bool 2312If set to 2313.Dq Li YES , 2314run the 2315.Xr keyserv 8 2316daemon on boot for running Secure RPC. 2317.It Va keyserv_flags 2318.Pq Vt str 2319If 2320.Va keyserv_enable 2321is set to 2322.Dq Li YES , 2323these are the flags to pass to 2324.Xr keyserv 8 2325daemon. 2326.It Va pppoed_enable 2327.Pq Vt bool 2328If set to 2329.Dq Li YES , 2330run the 2331.Xr pppoed 8 2332daemon at boot time to provide PPP over Ethernet services. 2333.It Va pppoed_ Ns Aq Ar provider 2334.Pq Vt str 2335.Xr pppoed 8 2336listens to requests to this 2337.Ar provider 2338and ultimately runs 2339.Xr ppp 8 2340with a 2341.Ar system 2342argument of the same name. 2343.It Va pppoed_flags 2344.Pq Vt str 2345Additional flags to pass to 2346.Xr pppoed 8 . 2347.It Va pppoed_interface 2348.Pq Vt str 2349The network interface to run 2350.Xr pppoed 8 2351on. 2352This is mandatory when 2353.Va pppoed_enable 2354is set to 2355.Dq Li YES . 2356.It Va timed_enable 2357.Pq Vt bool 2358If set to 2359.Dq Li YES , 2360run the 2361.Xr timed 8 2362service at boot time. 2363This command is intended for networks of 2364machines where a consistent 2365.Dq "network time" 2366for all hosts must be established. 2367This is often useful in large NFS 2368environments where time stamps on files are expected to be consistent 2369network-wide. 2370.It Va timed_flags 2371.Pq Vt str 2372If 2373.Va timed_enable 2374is set to 2375.Dq Li YES , 2376these are the flags to pass to the 2377.Xr timed 8 2378service. 2379.It Va ntpdate_enable 2380.Pq Vt bool 2381If set to 2382.Dq Li YES , 2383run 2384.Xr ntpdate 8 2385at system startup. 2386This command is intended to 2387synchronize the system clock only 2388.Em once 2389from some standard reference. 2390An option to set this up initially 2391(from a list of known servers) is also provided by the 2392.Xr sysinstall 8 2393program when the system is first installed. 2394.It Va ntpdate_config 2395.Pq Vt str 2396Configuration file for 2397.Xr ntpdate 8 . 2398Default 2399.Pa /etc/ntp.conf . 2400.It Va ntpdate_hosts 2401.Pq Vt str 2402A whitespace-separated list of NTP servers to synchronize with at startup. 2403The default is to use the servers listed in 2404.Va ntpdate_config , 2405if that file exists. 2406.It Va ntpdate_program 2407.Pq Vt str 2408Path to 2409.Xr ntpdate 8 2410(default 2411.Pa /usr/sbin/ntpdate ) . 2412.It Va ntpdate_flags 2413.Pq Vt str 2414If 2415.Va ntpdate_enable 2416is set to 2417.Dq Li YES , 2418these are the flags to pass to the 2419.Xr ntpdate 8 2420command (typically a hostname). 2421.It Va ntpd_enable 2422.Pq Vt bool 2423If set to 2424.Dq Li YES , 2425run the 2426.Xr ntpd 8 2427command at boot time. 2428.It Va ntpd_program 2429.Pq Vt str 2430Path to 2431.Xr ntpd 8 2432(default 2433.Pa /usr/sbin/ntpd ) . 2434.It Va ntpd_config 2435.Pq Vt str 2436Path to 2437.Xr ntpd 8 2438configuration file. 2439Default 2440.Pa /etc/ntp.conf . 2441.It Va ntpd_flags 2442.Pq Vt str 2443If 2444.Va ntpd_enable 2445is set to 2446.Dq Li YES , 2447these are the flags to pass to the 2448.Xr ntpd 8 2449daemon. 2450.It Va ntpd_sync_on_start 2451.Pq Vt bool 2452If set to 2453.Dq Li YES , 2454.Xr ntpd 8 2455is run with the 2456.Fl g 2457flag, which syncs the system's clock on startup. 2458See 2459.Xr ntpd 8 2460for more information regarding the 2461.Fl g 2462option. 2463This is a preferred alternative to using 2464.Xr ntpdate 8 2465or specifying the 2466.Va ntpdate_enable 2467variable. 2468.It Va nis_client_enable 2469.Pq Vt bool 2470If set to 2471.Dq Li YES , 2472run the 2473.Xr ypbind 8 2474service at system boot time. 2475.It Va nis_client_flags 2476.Pq Vt str 2477If 2478.Va nis_client_enable 2479is set to 2480.Dq Li YES , 2481these are the flags to pass to the 2482.Xr ypbind 8 2483service. 2484.It Va nis_ypset_enable 2485.Pq Vt bool 2486If set to 2487.Dq Li YES , 2488run the 2489.Xr ypset 8 2490daemon at system boot time. 2491.It Va nis_ypset_flags 2492.Pq Vt str 2493If 2494.Va nis_ypset_enable 2495is set to 2496.Dq Li YES , 2497these are the flags to pass to the 2498.Xr ypset 8 2499daemon. 2500.It Va nis_server_enable 2501.Pq Vt bool 2502If set to 2503.Dq Li YES , 2504run the 2505.Xr ypserv 8 2506daemon at system boot time. 2507.It Va nis_server_flags 2508.Pq Vt str 2509If 2510.Va nis_server_enable 2511is set to 2512.Dq Li YES , 2513these are the flags to pass to the 2514.Xr ypserv 8 2515daemon. 2516.It Va nis_ypxfrd_enable 2517.Pq Vt bool 2518If set to 2519.Dq Li YES , 2520run the 2521.Xr rpc.ypxfrd 8 2522daemon at system boot time. 2523.It Va nis_ypxfrd_flags 2524.Pq Vt str 2525If 2526.Va nis_ypxfrd_enable 2527is set to 2528.Dq Li YES , 2529these are the flags to pass to the 2530.Xr rpc.ypxfrd 8 2531daemon. 2532.It Va nis_yppasswdd_enable 2533.Pq Vt bool 2534If set to 2535.Dq Li YES , 2536run the 2537.Xr rpc.yppasswdd 8 2538daemon at system boot time. 2539.It Va nis_yppasswdd_flags 2540.Pq Vt str 2541If 2542.Va nis_yppasswdd_enable 2543is set to 2544.Dq Li YES , 2545these are the flags to pass to the 2546.Xr rpc.yppasswdd 8 2547daemon. 2548.It Va rpc_ypupdated_enable 2549.Pq Vt bool 2550If set to 2551.Dq Li YES , 2552run the 2553.Nm rpc.ypupdated 2554daemon at system boot time. 2555.It Va bsnmpd_enable 2556.Pq Vt bool 2557If set to 2558.Dq Li YES , 2559run the 2560.Xr bsnmpd 1 2561daemon at system boot time. 2562Be sure to understand the security implications of running SNMP daemon 2563on your host. 2564.It Va bsnmpd_flags 2565.Pq Vt str 2566If 2567.Va bsnmpd_enable 2568is set to 2569.Dq Li YES , 2570these are the flags to pass to the 2571.Xr bsnmpd 1 2572daemon. 2573.It Va defaultrouter 2574.Pq Vt str 2575If not set to 2576.Dq Li NO , 2577create a default route to this host name or IP address 2578(use an IP address if this router is also required to get to the 2579name server!). 2580.It Va ipv6_defaultrouter 2581.Pq Vt str 2582The IPv6 equivalent of 2583.Va defaultrouter . 2584.It Va static_arp_pairs 2585.Pq Vt str 2586Set to the list of static ARP pairs that are to be added at system 2587boot time. 2588For each whitespace separated 2589.Ar element 2590in the value, a 2591.Va static_arp_ Ns Aq Ar element 2592variable is assumed to exist whose contents will later be passed to a 2593.Dq Nm arp Cm -S 2594operation. 2595For example 2596.Bd -literal 2597static_arp_pairs="gw" 2598static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2599.Ed 2600.It Va static_ndp_pairs 2601.Pq Vt str 2602Set to the list of static NDP pairs that are to be added at system 2603boot time. 2604For each whitespace separated 2605.Ar element 2606in the value, a 2607.Va static_ndp_ Ns Aq Ar element 2608variable is assumed to exist whose contents will later be passed to a 2609.Dq Nm ndp Cm -s 2610operation. 2611For example 2612.Bd -literal 2613static_ndp_pairs="gw" 2614static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2615.Ed 2616.It Va static_routes 2617.Pq Vt str 2618Set to the list of static routes that are to be added at system 2619boot time. 2620If not set to 2621.Dq Li NO 2622then for each whitespace separated 2623.Ar element 2624in the value, a 2625.Va route_ Ns Aq Ar element 2626variable is assumed to exist 2627whose contents will later be passed to a 2628.Dq Nm route Cm add 2629operation. 2630For example: 2631.Bd -literal 2632static_routes="mcast gif0local" 2633route_mcast="-net 224.0.0.0/4 -iface gif0" 2634route_gif0local="-host 169.254.1.1 -iface lo0" 2635.Ed 2636.It Va ipv6_static_routes 2637.Pq Vt str 2638The IPv6 equivalent of 2639.Va static_routes . 2640If not set to 2641.Dq Li NO 2642then for each whitespace separated 2643.Ar element 2644in the value, a 2645.Va ipv6_route_ Ns Aq Ar element 2646variable is assumed to exist 2647whose contents will later be passed to a 2648.Dq Nm route Cm add Fl inet6 2649operation. 2650.It Va natm_static_routes 2651.Pq Vt str 2652The 2653.Xr natmip 4 2654equivalent of 2655.Va static_routes . 2656If not empty then for each whitespace separated 2657.Ar element 2658in the value, a 2659.Va route_ Ns Aq Ar element 2660variable is assumed to exist whose contents will later be passed to a 2661.Dq Nm atmconfig Cm natm Cm add 2662operation. 2663.It Va gateway_enable 2664.Pq Vt bool 2665If set to 2666.Dq Li YES , 2667configure host to act as an IP router, e.g.\& to forward packets 2668between interfaces. 2669.It Va ipv6_gateway_enable 2670.Pq Vt bool 2671The IPv6 equivalent of 2672.Va gateway_enable . 2673.It Va routed_enable 2674.Pq Vt bool 2675If set to 2676.Dq Li YES , 2677run a routing daemon of some sort, based on the 2678settings of 2679.Va routed_program 2680and 2681.Va routed_flags . 2682.It Va route6d_enable 2683.Pq Vt bool 2684The IPv6 equivalent of 2685.Va routed_enable . 2686If set to 2687.Dq Li YES , 2688run a routing daemon of some sort, based on the 2689settings of 2690.Va route6d_program 2691and 2692.Va route6d_flags . 2693.It Va routed_program 2694.Pq Vt str 2695If 2696.Va routed_enable 2697is set to 2698.Dq Li YES , 2699this is the name of the routing daemon to use. 2700.It Va route6d_program 2701.Pq Vt str 2702The IPv6 equivalent of 2703.Va routed_program . 2704.It Va routed_flags 2705.Pq Vt str 2706If 2707.Va routed_enable 2708is set to 2709.Dq Li YES , 2710these are the flags to pass to the routing daemon. 2711.It Va route6d_flags 2712.Pq Vt str 2713The IPv6 equivalent of 2714.Va routed_flags . 2715.It Va mrouted_enable 2716.Pq Vt bool 2717If set to 2718.Dq Li YES , 2719run the multicast routing daemon, 2720.Xr mrouted 8 . 2721.It Va mroute6d_enable 2722.Pq Vt bool 2723The IPv6 equivalent of 2724.Va mrouted_enable . 2725If set to 2726.Dq Li YES , 2727run the IPv6 multicast routing daemon. 2728.Pp 2729Note that multicast routing daemons are no longer included in the 2730.Fx 2731base system, however, both 2732.Xr mrouted 8 2733and 2734.Xr pim6dd 8 2735may be installed from the 2736.Fx 2737Ports Collection. 2738.It Va mrouted_flags 2739.Pq Vt str 2740If 2741.Va mrouted_enable 2742is set to 2743.Dq Li YES , 2744these are the flags to pass to the 2745.Xr mrouted 8 2746daemon. 2747.It Va mroute6d_flags 2748.Pq Vt str 2749The IPv6 equivalent of 2750.Va mrouted_flags . 2751If 2752.Va mroute6d_enable 2753is set to 2754.Dq Li YES , 2755these are the flags passed to the IPv6 multicast routing daemon. 2756.It Va mroute6d_program 2757.Pq Vt str 2758If 2759.Va mroute6d_enable 2760is set to 2761.Dq Li YES , 2762this is the path to the IPv6 multicast routing daemon. 2763.It Va rtadvd_enable 2764.Pq Vt bool 2765If set to 2766.Dq Li YES , 2767run the 2768.Xr rtadvd 8 2769daemon at boot time. 2770The 2771.Xr rtadvd 8 2772utility sends ICMPv6 Router Advertisement messages to 2773the interfaces specified in 2774.Va rtadvd_interfaces . 2775This should only be enabled with great care. 2776You may want to fine-tune 2777.Xr rtadvd.conf 5 . 2778.It Va rtadvd_interfaces 2779.Pq Vt str 2780If 2781.Va rtadvd_enable 2782is set to 2783.Dq Li YES 2784this is the list of interfaces to use. 2785.It Va ipxgateway_enable 2786.Pq Vt bool 2787If set to 2788.Dq Li YES , 2789enable the routing of IPX traffic. 2790.It Va ipxrouted_enable 2791.Pq Vt bool 2792If set to 2793.Dq Li YES , 2794run the 2795.Xr IPXrouted 8 2796daemon at system boot time. 2797.It Va ipxrouted_flags 2798.Pq Vt str 2799If 2800.Va ipxrouted_enable 2801is set to 2802.Dq Li YES , 2803these are the flags to pass to the 2804.Xr IPXrouted 8 2805daemon. 2806.It Va arpproxy_all 2807.Pq Vt bool 2808If set to 2809.Dq Li YES , 2810enable global proxy ARP. 2811.It Va forward_sourceroute 2812.Pq Vt bool 2813If set to 2814.Dq Li YES 2815and 2816.Va gateway_enable 2817is also set to 2818.Dq Li YES , 2819source-routed packets are forwarded. 2820.It Va accept_sourceroute 2821.Pq Vt bool 2822If set to 2823.Dq Li YES , 2824the system will accept source-routed packets directed at it. 2825.It Va rarpd_enable 2826.Pq Vt bool 2827If set to 2828.Dq Li YES , 2829run the 2830.Xr rarpd 8 2831daemon at system boot time. 2832.It Va rarpd_flags 2833.Pq Vt str 2834If 2835.Va rarpd_enable 2836is set to 2837.Dq Li YES , 2838these are the flags to pass to the 2839.Xr rarpd 8 2840daemon. 2841.It Va bootparamd_enable 2842.Pq Vt bool 2843If set to 2844.Dq Li YES , 2845run the 2846.Xr bootparamd 8 2847daemon at system boot time. 2848.It Va bootparamd_flags 2849.Pq Vt str 2850If 2851.Va bootparamd_enable 2852is set to 2853.Dq Li YES , 2854these are the flags to pass to the 2855.Xr bootparamd 8 2856daemon. 2857.It Va stf_interface_ipv4addr 2858.Pq Vt str 2859If not set to 2860.Dq Li NO , 2861this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2862interface). 2863Specify this entry to enable the 6to4 interface. 2864.It Va stf_interface_ipv4plen 2865.Pq Vt int 2866Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2867An effective value is 0-31. 2868.It Va stf_interface_ipv6_ifid 2869.Pq Vt str 2870IPv6 interface ID for 2871.Xr stf 4 . 2872This can be set to 2873.Dq Li AUTO . 2874.It Va stf_interface_ipv6_slaid 2875.Pq Vt str 2876IPv6 Site Level Aggregator for 2877.Xr stf 4 . 2878.It Va ipv6_faith_prefix 2879.Pq Vt str 2880If not set to 2881.Dq Li NO , 2882this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2883translator. 2884You also need 2885.Xr faithd 8 2886setup. 2887.It Va ipv6_ipv4mapping 2888.Pq Vt bool 2889If set to 2890.Dq Li YES 2891this enables IPv4 mapped IPv6 address communication (like 2892.Li ::ffff:a.b.c.d ) . 2893.It Va atm_enable 2894.Pq Vt bool 2895Set to 2896.Dq Li YES 2897to enable the configuration of ATM interfaces at system boot time. 2898For all of the ATM variables described below, please refer to the 2899.Xr atm 8 2900manual page for further details on the available command parameters. 2901Also refer to the files in 2902.Pa /usr/share/examples/atm 2903for more detailed configuration information. 2904.It Va atm_load 2905.Pq Vt str 2906This is a list of physical ATM interface drivers to load. 2907Typical values are 2908.Dq Li hfa_pci 2909and/or 2910.Dq Li hea_pci . 2911.It Va atm_netif_ Ns Aq Ar intf 2912.Pq Vt str 2913For the ATM physical interface 2914.Ar intf , 2915this variable defines the name prefix and count for the ATM network 2916interfaces to be created. 2917The value will be passed as the parameters of an 2918.Dq Nm atm Cm "set netif" Ar intf 2919command. 2920.It Va atm_sigmgr_ Ns Aq Ar intf 2921.Pq Vt str 2922For the ATM physical interface 2923.Ar intf , 2924this variable defines the ATM signalling manager to be used. 2925The value will be passed as the parameters of an 2926.Dq Nm atm Cm attach Ar intf 2927command. 2928.It Va atm_prefix_ Ns Aq Ar intf 2929.Pq Vt str 2930For the ATM physical interface 2931.Ar intf , 2932this variable defines the NSAP prefix for interfaces using a UNI signalling 2933manager. 2934If set to 2935.Dq Li ILMI , 2936the prefix will automatically be set via the 2937.Xr ilmid 8 2938daemon. 2939Otherwise, the value will be passed as the parameters of an 2940.Dq Nm atm Cm "set prefix" Ar intf 2941command. 2942.It Va atm_macaddr_ Ns Aq Ar intf 2943.Pq Vt str 2944For the ATM physical interface 2945.Ar intf , 2946this variable defines the MAC address for interfaces using a UNI signalling 2947manager. 2948If set to 2949.Dq Li NO , 2950the hardware MAC address contained in the ATM interface card will be used. 2951Otherwise, the value will be passed as the parameters of an 2952.Dq Nm atm Cm "set mac" Ar intf 2953command. 2954.It Va atm_arpserver_ Ns Aq Ar netif 2955.Pq Vt str 2956For the ATM network interface 2957.Ar netif , 2958this variable defines the ATM address for a host which is to provide ATMARP 2959service. 2960This variable is only applicable to interfaces using a UNI signalling 2961manager. 2962If set to 2963.Dq Li local , 2964this host will become an ATMARP server. 2965The value will be passed as the parameters of an 2966.Dq Nm atm Cm "set arpserver" Ar netif 2967command. 2968.It Va atm_scsparp_ Ns Aq Ar netif 2969.Pq Vt bool 2970If set to 2971.Dq Li YES , 2972SCSP/ATMARP service for the network interface 2973.Ar netif 2974will be initiated using the 2975.Xr scspd 8 2976and 2977.Xr atmarpd 8 2978daemons. 2979This variable is only applicable if 2980.Va atm_arpserver_ Ns Aq Ar netif 2981is set to 2982.Dq Li local . 2983.It Va atm_pvcs 2984.Pq Vt str 2985Set to the list of ATM PVCs to be added at system 2986boot time. 2987For each whitespace separated 2988.Ar element 2989in the value, an 2990.Va atm_pvc_ Ns Aq Ar element 2991variable is assumed to exist. 2992The value of each of these variables 2993will be passed as the parameters of an 2994.Dq Nm atm Cm "add pvc" 2995command. 2996.It Va atm_arps 2997.Pq Vt str 2998Set to the list of permanent ATM ARP entries to be added 2999at system boot time. 3000For each whitespace separated 3001.Ar element 3002in the value, an 3003.Va atm_arp_ Ns Aq Ar element 3004variable is assumed to exist. 3005The value of each of these variables 3006will be passed as the parameters of an 3007.Dq Nm atm Cm "add arp" 3008command. 3009.It Va natm_interfaces 3010.Pq Vt str 3011Set to the list of 3012.Xr natm 4 3013interfaces that will also be used for HARP through 3014.Xr harp 4 . 3015If this list is not empty all interfaces in the list will be brought up 3016with 3017.Xr ifconfig 8 3018and 3019.Xr harp 4 3020will be loaded. 3021For this to work the interface drivers must be either compiled into the 3022kernel or must reside on the root partition. 3023.It Va keybell 3024.Pq Vt str 3025The keyboard bell sound. 3026Set to 3027.Dq Li normal , 3028.Dq Li visual , 3029.Dq Li off , 3030or 3031.Dq Li NO 3032if the default behavior is desired. 3033For details, refer to the 3034.Xr kbdcontrol 1 3035manpage. 3036.It Va keyboard 3037.Pq Vt str 3038If set to a non-null string, the virtual console's keyboard input is 3039set to this device. 3040.It Va keymap 3041.Pq Vt str 3042If set to 3043.Dq Li NO , 3044no keymap is installed, otherwise the value is used to install 3045the keymap file in 3046.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3047.It Va keyrate 3048.Pq Vt str 3049The keyboard repeat speed. 3050Set to 3051.Dq Li slow , 3052.Dq Li normal , 3053.Dq Li fast , 3054or 3055.Dq Li NO 3056if the default behavior is desired. 3057.It Va keychange 3058.Pq Vt str 3059If not set to 3060.Dq Li NO , 3061attempt to program the function keys with the value. 3062The value should 3063be a single string of the form: 3064.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3065.It Va cursor 3066.Pq Vt str 3067Can be set to the value of 3068.Dq Li normal , 3069.Dq Li blink , 3070.Dq Li destructive , 3071or 3072.Dq Li NO 3073to set the cursor behavior explicitly or choose the default behavior. 3074.It Va scrnmap 3075.Pq Vt str 3076If set to 3077.Dq Li NO , 3078no screen map is installed, otherwise the value is used to install 3079the screen map file in 3080.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3081.It Va font8x16 3082.Pq Vt str 3083If set to 3084.Dq Li NO , 3085the default 8x16 font value is used for screen size requests, otherwise 3086the value in 3087.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3088is used. 3089.It Va font8x14 3090.Pq Vt str 3091If set to 3092.Dq Li NO , 3093the default 8x14 font value is used for screen size requests, otherwise 3094the value in 3095.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3096is used. 3097.It Va font8x8 3098.Pq Vt str 3099If set to 3100.Dq Li NO , 3101the default 8x8 font value is used for screen size requests, otherwise 3102the value in 3103.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3104is used. 3105.It Va blanktime 3106.Pq Vt int 3107If set to 3108.Dq Li NO , 3109the default screen blanking interval is used, otherwise it is set 3110to 3111.Ar value 3112seconds. 3113.It Va saver 3114.Pq Vt str 3115If not set to 3116.Dq Li NO , 3117this is the actual screen saver to use 3118.Li ( blank , snake , daemon , 3119etc). 3120.It Va moused_nondefault_enable 3121.Pq Vt str 3122If set to 3123.Dq Li NO , 3124the mouse device specified on 3125the command line is not automatically treated as enabled by the 3126.Pa /etc/rc.d/moused 3127script. 3128Having this variable set to 3129.Dq Li YES 3130allows a 3131.Xr usb 4 3132mouse, 3133for example, 3134to be enabled as soon as it is plugged in. 3135.It Va moused_enable 3136.Pq Vt str 3137If set to 3138.Dq Li YES , 3139the 3140.Xr moused 8 3141daemon is started for doing cut/paste selection on the console. 3142.It Va moused_type 3143.Pq Vt str 3144This is the protocol type of the mouse connected to this host. 3145This variable must be set if 3146.Va moused_enable 3147is set to 3148.Dq Li YES . 3149The 3150.Xr moused 8 3151daemon 3152is able to detect the appropriate mouse type automatically in many cases. 3153Set this variable to 3154.Dq Li auto 3155to let the daemon detect it, or 3156select one from the following list if the automatic detection fails. 3157.Pp 3158If the mouse is attached to the PS/2 mouse port, choose 3159.Dq Li auto 3160or 3161.Dq Li ps/2 , 3162regardless of the brand and model of the mouse. 3163Likewise, if the 3164mouse is attached to the bus mouse port, choose 3165.Dq Li auto 3166or 3167.Dq Li busmouse . 3168All other protocols are for serial mice and will not work with 3169the PS/2 and bus mice. 3170If this is a USB mouse, 3171.Dq Li auto 3172is the only protocol type which will work. 3173.Pp 3174.Bl -tag -width ".Li x10mouseremote" -compact 3175.It Li microsoft 3176Microsoft mouse (serial) 3177.It Li intellimouse 3178Microsoft IntelliMouse (serial) 3179.It Li mousesystems 3180Mouse systems Corp.\& mouse (serial) 3181.It Li mmseries 3182MM Series mouse (serial) 3183.It Li logitech 3184Logitech mouse (serial) 3185.It Li busmouse 3186A bus mouse 3187.It Li mouseman 3188Logitech MouseMan and TrackMan (serial) 3189.It Li glidepoint 3190ALPS GlidePoint (serial) 3191.It Li thinkingmouse 3192Kensington ThinkingMouse (serial) 3193.It Li ps/2 3194PS/2 mouse 3195.It Li mmhittab 3196MM HitTablet (serial) 3197.It Li x10mouseremote 3198X10 MouseRemote (serial) 3199.It Li versapad 3200Interlink VersaPad (serial) 3201.El 3202.Pp 3203Even if the mouse is not in the above list, it may be compatible 3204with one in the list. 3205Refer to the manual page for 3206.Xr moused 8 3207for compatibility information. 3208.Pp 3209It should also be noted that while this is enabled, any 3210other client of the mouse (such as an X server) should access 3211the mouse through the virtual mouse device, 3212.Pa /dev/sysmouse , 3213and configure it as a 3214.Dq Li sysmouse 3215type mouse, since all 3216mouse data is converted to this single canonical format when 3217using 3218.Xr moused 8 . 3219If the client program does not support the 3220.Dq Li sysmouse 3221type, 3222specify the 3223.Dq Li mousesystems 3224type. 3225It is the second preferred type. 3226.It Va moused_port 3227.Pq Vt str 3228If 3229.Va moused_enable 3230is set to 3231.Dq Li YES , 3232this is the actual port the mouse is on. 3233It might be 3234.Pa /dev/cuad0 3235for a COM1 serial mouse, 3236.Pa /dev/psm0 3237for a PS/2 mouse or 3238.Pa /dev/mse0 3239for a bus mouse, for example. 3240.It Va moused_flags 3241.Pq Vt str 3242If 3243.Va moused_flags 3244is set, its value is used as an additional set of flags to pass to the 3245.Xr moused 8 3246daemon. 3247.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3248When 3249.Va moused_nondefault_enable 3250is enabled, and a 3251.Xr moused 8 3252daemon is started for a non-default port, the 3253.Va "moused_" Ns Ar XXX Ns Va "_flags" 3254set of options has precedence over and replaces the default 3255.Va moused_flags (where 3256.Ar XXX 3257is the name of the non-default port, i.e.\& 3258.Ar ums0 ) . 3259By setting 3260.Va "moused_" Ns Ar XXX Ns Va "_flags" 3261it is possible to set up a different set of default flags for each 3262.Xr moused 8 3263instance. 3264For example, you can use 3265.Dq Li "-3" 3266for the default 3267.Va moused_flags 3268to make your laptop's touchpad more comfortable to use, 3269but an empty set of options for 3270.Va moused_ums0_flags 3271when your 3272.Xr usb 4 3273mouse has three or more buttons. 3274.It Va mousechar_start 3275.Pq Vt int 3276If set to 3277.Dq Li NO , 3278the default mouse cursor character range 3279.Li 0xd0 Ns - Ns Li 0xd3 3280is used, 3281otherwise the range start is set 3282to 3283.Ar value 3284character, see 3285.Xr vidcontrol 1 . 3286Use if the default range is occupied in the language code table. 3287.It Va allscreens_flags 3288.Pq Vt str 3289If set, 3290.Xr vidcontrol 1 3291is run with these options for each of the virtual terminals 3292.Pq Pa /dev/ttyv* . 3293For example, 3294.Dq Fl m Cm on 3295will enable the mouse pointer on all virtual terminals 3296if 3297.Va moused_enable 3298is set to 3299.Dq Li YES . 3300.It Va allscreens_kbdflags 3301.Pq Vt str 3302If set, 3303.Xr kbdcontrol 1 3304is run with these options for each of the virtual terminals 3305.Pq Pa /dev/ttyv* . 3306For example, 3307.Dq Fl h Li 200 3308will set the 3309.Xr syscons 4 3310scrollback (history) buffer to 200 lines. 3311.It Va cron_enable 3312.Pq Vt bool 3313If set to 3314.Dq Li YES , 3315run the 3316.Xr cron 8 3317daemon at system boot time. 3318.It Va cron_program 3319.Pq Vt str 3320Path to 3321.Xr cron 8 3322(default 3323.Pa /usr/sbin/cron ) . 3324.It Va cron_flags 3325.Pq Vt str 3326If 3327.Va cron_enable 3328is set to 3329.Dq Li YES , 3330these are the flags to pass to 3331.Xr cron 8 . 3332.It Va cron_dst 3333.Pq Vt bool 3334If set to 3335.Dq Li YES , 3336enable the special handling of transitions to and from the 3337Daylight Saving Time in 3338.Xr cron 8 3339(equivalent to using the flag 3340.Fl s ) . 3341.It Va lpd_program 3342.Pq Vt str 3343Path to 3344.Xr lpd 8 3345(default 3346.Pa /usr/sbin/lpd ) . 3347.It Va lpd_enable 3348.Pq Vt bool 3349If set to 3350.Dq Li YES , 3351run the 3352.Xr lpd 8 3353daemon at system boot time. 3354.It Va lpd_flags 3355.Pq Vt str 3356If 3357.Va lpd_enable 3358is set to 3359.Dq Li YES , 3360these are the flags to pass to the 3361.Xr lpd 8 3362daemon. 3363.It Va chkprintcap_enable 3364.Pq Vt bool 3365If set to 3366.Dq Li YES , 3367run the 3368.Xr chkprintcap 8 3369command before starting the 3370.Xr lpd 8 3371daemon. 3372.It Va chkprintcap_flags 3373.Pq Vt str 3374If 3375.Va lpd_enable 3376and 3377.Va chkprintcap_enable 3378are set to 3379.Dq Li YES , 3380these are the flags to pass to the 3381.Xr chkprintcap 8 3382program. 3383The default is 3384.Dq Li -d , 3385which causes missing directories to be created. 3386.It Va mta_start_script 3387.Pq Vt str 3388This variable specifies the full path to the script to run to start 3389a mail transfer agent. 3390The default is 3391.Pa /etc/rc.sendmail . 3392The 3393.Va sendmail_* 3394variables which 3395.Pa /etc/rc.sendmail 3396uses are documented in the 3397.Xr rc.sendmail 8 3398manual page. 3399.It Va dumpdev 3400.Pq Vt str 3401Indicates the device (usually a swap partition) to which a crash dump 3402should be written in the event of a system crash. 3403If the value of this variable is 3404.Dq Li AUTO , 3405the first suitable swap device listed in 3406.Pa /etc/fstab 3407will be used as dump device. 3408Otherwise, the value of this variable is passed as the argument to 3409.Xr dumpon 8 . 3410To disable crash dumps, set this variable to 3411.Dq Li NO . 3412.It Va dumpdir 3413.Pq Vt str 3414When the system reboots after a crash and a crash dump is found on the 3415device specified by the 3416.Va dumpdev 3417variable, 3418.Xr savecore 8 3419will save that crash dump and a copy of the kernel to the directory 3420specified by the 3421.Va dumpdir 3422variable. 3423The default value is 3424.Pa /var/crash . 3425Set to 3426.Dq Li NO 3427to not run 3428.Xr savecore 8 3429at boot time when 3430.Va dumpdir 3431is set. 3432.It Va savecore_flags 3433.Pq Vt str 3434If crash dumps are enabled, these are the flags to pass to the 3435.Xr savecore 8 3436utility. 3437.It Va quota_enable 3438.Pq Vt bool 3439Set to 3440.Dq Li YES 3441to turn on user and group disk quotas on system startup via the 3442.Xr quotaon 8 3443command for all file systems marked as having quotas enabled in 3444.Pa /etc/fstab . 3445The kernel must be built with 3446.Cd "options QUOTA" 3447for disk quotas to function. 3448.It Va check_quotas 3449.Pq Vt bool 3450Set to 3451.Dq Li YES 3452to enable user and group disk quota checking via the 3453.Xr quotacheck 8 3454command. 3455.It Va quotacheck_flags 3456.Pq Vt str 3457If 3458.Va quota_enable 3459is set to 3460.Dq Li YES , 3461and 3462.Va check_quotas 3463is set to 3464.Dq Li YES , 3465these are the flags to pass to the 3466.Xr quotacheck 8 3467utility. 3468The default is 3469.Dq Li "-a" , 3470which checks quotas for all file systems with quotas enabled in 3471.Pa /etc/fstab . 3472.It Va quotaon_flags 3473.Pq Vt str 3474If 3475.Va quota_enable 3476is set to 3477.Dq Li YES , 3478these are the flags to pass to the 3479.Xr quotaon 8 3480utility. 3481The default is 3482.Dq Li "-a" , 3483which enables quotas for all file systems with quotas enabled in 3484.Pa /etc/fstab . 3485.It Va quotaoff_flags 3486.Pq Vt str 3487If 3488.Va quota_enable 3489is set to 3490.Dq Li YES , 3491these are the flags to pass to the 3492.Xr quotaoff 8 3493utility when shutting down the quota system. 3494The default is 3495.Dq Li "-a" , 3496which disables quotas for all file systems with quotas enabled in 3497.Pa /etc/fstab . 3498.It Va accounting_enable 3499.Pq Vt bool 3500Set to 3501.Dq Li YES 3502to enable system accounting through the 3503.Xr accton 8 3504facility. 3505.It Va ibcs2_enable 3506.Pq Vt bool 3507Set to 3508.Dq Li YES 3509to enable iBCS2 (SCO) binary emulation at system initial boot 3510time. 3511.It Va ibcs2_loaders 3512.Pq Vt str 3513If not set to 3514.Dq Li NO 3515and if 3516.Va ibcs2_enable 3517is set to 3518.Dq Li YES , 3519this specifies a list of additional iBCS2 loaders to enable. 3520.It Va linux_enable 3521.Pq Vt bool 3522Set to 3523.Dq Li YES 3524to enable Linux/ELF binary emulation at system initial 3525boot time. 3526.It Va svr4_enable 3527.Pq Vt bool 3528If set to 3529.Dq Li YES , 3530enable SysVR4 emulation at boot time. 3531.It Va sysvipc_enable 3532.Pq Vt bool 3533If set to 3534.Dq Li YES , 3535load System V IPC primitives at boot time. 3536.It Va clear_tmp_enable 3537.Pq Vt bool 3538Set to 3539.Dq Li YES 3540to have 3541.Pa /tmp 3542cleaned at startup. 3543.It Va clear_tmp_X 3544.Pq Vt bool 3545Set to 3546.Dq Li NO 3547to disable removing of X11 lock files, 3548and the removal and (secure) recreation 3549of the various socket directories for X11 3550related programs. 3551.It Va ldconfig_paths 3552.Pq Vt str 3553Set to the list of shared library paths to use with 3554.Xr ldconfig 8 . 3555NOTE: 3556.Pa /usr/lib 3557will always be added first, so it need not appear in this list. 3558.It Va ldconfig32_paths 3559.Pq Vt str 3560Set to the list of 32-bit compatibility shared library paths to 3561use with 3562.Xr ldconfig 8 . 3563.It Va ldconfig_paths_aout 3564.Pq Vt str 3565Set to the list of shared library paths to use with 3566.Xr ldconfig 8 3567legacy 3568.Xr a.out 5 3569support. 3570.It Va ldconfig_insecure 3571.Pq Vt bool 3572The 3573.Xr ldconfig 8 3574utility normally refuses to use directories 3575which are writable by anyone except root. 3576Set this variable to 3577.Dq Li YES 3578to disable that security check during system startup. 3579.It Va ldconfig_local_dirs 3580.Pq Vt str 3581Set to the list of local 3582.Xr ldconfig 8 3583directories. 3584The names of all files in the directories listed will be 3585passed as arguments to 3586.Xr ldconfig 8 . 3587.It Va ldconfig_local32_dirs 3588.Pq Vt str 3589Set to the list of local 32-bit compatibility 3590.Xr ldconfig 8 3591directories. 3592The names of all files in the directories listed will be 3593passed as arguments to 3594.Dq Nm ldconfig Fl 32 . 3595.It Va kern_securelevel_enable 3596.Pq Vt bool 3597Set to 3598.Dq Li YES 3599to set the kernel security level at system startup. 3600.It Va kern_securelevel 3601.Pq Vt int 3602The kernel security level to set at startup. 3603The allowed range of 3604.Ar value 3605ranges from \-1 (the compile time default) to 3 (the 3606most secure). 3607See 3608.Xr security 7 3609for the list of possible security levels and their effect 3610on system operation. 3611.It Va sshd_program 3612.Pq Vt str 3613Path to the SSH server program 3614.Pa ( /usr/sbin/sshd 3615is the default). 3616.It Va sshd_enable 3617.Pq Vt bool 3618Set to 3619.Dq Li YES 3620to start 3621.Xr sshd 8 3622at system boot time. 3623.It Va sshd_flags 3624.Pq Vt str 3625If 3626.Va sshd_enable 3627is set to 3628.Dq Li YES , 3629these are the flags to pass to the 3630.Xr sshd 8 3631daemon. 3632.It Va ftpd_program 3633.Pq Vt str 3634Path to the FTP server program 3635.Pa ( /usr/libexec/ftpd 3636is the default). 3637.It Va ftpd_enable 3638.Pq Vt bool 3639Set to 3640.Dq Li YES 3641to start 3642.Xr ftpd 8 3643as a stand-alone daemon at system boot time. 3644.It Va ftpd_flags 3645.Pq Vt str 3646If 3647.Va ftpd_enable 3648is set to 3649.Dq Li YES , 3650these are the additional flags to pass to the 3651.Xr ftpd 8 3652daemon. 3653.It Va watchdogd_enable 3654.Pq Vt bool 3655If set to 3656.Dq Li YES , 3657start the 3658.Xr watchdogd 8 3659daemon at boot time. 3660This requires that the kernel have been compiled with a 3661.Xr watchdog 4 3662compatible device. 3663.It Va watchdogd_flags 3664.Pq Vt str 3665If 3666.Va watchdogd_enable 3667is set to 3668.Dq Li YES , 3669these are the flags passed to the 3670.Xr watchdogd 8 3671daemon. 3672.It Va performance_cx_lowest 3673.Pq Vt str 3674CPU idle state to use while on AC power. 3675The string 3676.Dq Li LOW 3677indicates that 3678.Xr acpi 4 3679should use the lowest power state available while 3680.Dq Li HIGH 3681indicates that the lowest latency state (less power savings) should be used. 3682.It Va performance_cpu_freq 3683.Pq Vt str 3684CPU clock frequency to use while on AC power. 3685The string 3686.Dq Li LOW 3687indicates that 3688.Xr cpufreq 4 3689should use the lowest frequency available while 3690.Dq Li HIGH 3691indicates that the highest frequency (less power savings) should be used. 3692.It Va economy_cx_lowest 3693.Pq Vt str 3694CPU idle state to use when off AC power. 3695The string 3696.Dq Li LOW 3697indicates that 3698.Xr acpi 4 3699should use the lowest power state available while 3700.Dq Li HIGH 3701indicates that the lowest latency state (less power savings) should be used. 3702.It Va economy_cpu_freq 3703.Pq Vt str 3704CPU clock frequency to use when off AC power. 3705The string 3706.Dq Li LOW 3707indicates that 3708.Xr cpufreq 4 3709should use the lowest frequency available while 3710.Dq Li HIGH 3711indicates that the highest frequency (less power savings) should be used. 3712.It Va jail_enable 3713.Pq Vt bool 3714If set to 3715.Dq Li NO , 3716any configured jails will not be started. 3717.It jail_parallel_start 3718.Pq Vt bool 3719If set to 3720.Dq Li YES 3721all configured jails will be started in the background (= in parallel). 3722.It Va jail_list 3723.Pq Vt str 3724A space separated list of names for jails. 3725This is purely a configuration aid to help identify and 3726configure multiple jails. 3727The names specified in this list will be used to 3728identify settings common to an instance of a jail, 3729and should contain alphanumeric characters only. 3730Assuming that the jail in question was named 3731.Li vjail , 3732you would have the following dependent variables: 3733.Bd -literal 3734jail_vjail_hostname="jail.example.com" 3735jail_vjail_ip="192.0.2.100" 3736jail_vjail_rootdir="/var/jails/vjail/root" 3737.Ed 3738.Pp 3739.It Va jail_flags 3740.Pq Vt str 3741Unset by default. 3742When set, use as default value for 3743.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3744for every jail in 3745.Va jail_list . 3746.It Va jail_interface 3747.Pq Vt str 3748Unset by default. 3749When set, use as default value for 3750.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3751for every jail in 3752.Va jail_list . 3753.It Va jail_fstab 3754.Pq Vt str 3755Unset by default. 3756When set, use as default value for 3757.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3758for every jail in 3759.Va jail_list . 3760.It Va jail_mount_enable 3761.Pq Vt bool 3762Set to 3763.Dq Li NO 3764by default. 3765When set to 3766.Dq Li YES , 3767sets 3768.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3769to 3770.Dq Li YES 3771by default for every jail in 3772.Va jail_list . 3773.It Va jail_devfs_ruleset 3774.Pq Vt str 3775Unset by default. 3776When set, sets 3777.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3778to given value for every jail in 3779.Va jail_list . 3780.It Va jail_devfs_enable 3781.Pq Vt bool 3782Set to 3783.Dq Li NO 3784by default. 3785When set to 3786.Dq Li YES , 3787sets 3788.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3789to 3790.Dq Li YES 3791by default for every jail in 3792.Va jail_list . 3793.It Va jail_fdescfs_enable 3794.Pq Vt bool 3795Set to 3796.Dq Li NO 3797by default. 3798When set to 3799.Dq Li YES , 3800sets 3801.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3802to 3803.Dq Li YES 3804by default for every jail in 3805.Va jail_list . 3806.It Va jail_procfs_enable 3807.Pq Vt bool 3808Set to 3809.Dq Li NO 3810by default. 3811When set to 3812.Dq Li YES , 3813sets 3814.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3815to 3816.Dq Li YES 3817by default for every jail in 3818.Va jail_list . 3819.It Va jail_exec_prestart Ns Aq Ar N 3820.Pq Vt str 3821Unset by default. 3822When set, use as default value for 3823.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3824for every jail in 3825.Va jail_list . 3826.It Va jail_exec_start 3827.Pq Vt str 3828Unset by default. 3829When set, use as default value for 3830.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3831for every jail in 3832.Va jail_list . 3833.It Va jail_exec_afterstart Ns Aq Ar N 3834.Pq Vt str 3835Unset by default. 3836When set, use as default value for 3837.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3838for every jail in 3839.Va jail_list . 3840.It Va jail_exec_poststart Ns Aq Ar N 3841.Pq Vt str 3842Unset by default. 3843When set, use as default value for 3844.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3845for every jail in 3846.Va jail_list . 3847.It Va jail_exec_prestop Ns Aq Ar N 3848.Pq Vt str 3849Unset by default. 3850When set, use as default value for 3851.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3852for every jail in 3853.Va jail_list . 3854.It Va jail_exec_stop 3855Unset by default. 3856When set, use as default value for 3857.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3858for every jail in 3859.Va jail_list . 3860.It Va jail_exec_poststop Ns Aq Ar N 3861.Pq Vt str 3862Unset by default. 3863When set, use as default value for 3864.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3865for every jail in 3866.Va jail_list . 3867.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3868.Pq Vt str 3869Unset by default. 3870Set to the root directory used by jail 3871.Va jname . 3872.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3873.Pq Vt str 3874Unset by default. 3875Set to the fully qualified domain name (FQDN) assigned to jail 3876.Va jname . 3877.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3878.Pq Vt str 3879Unset by default. 3880Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 3881The argument can be a sole address or a comma separated list of addresses. 3882Additionally each address can be prefixed by the name of an interface 3883followed by a pipe to overwrite 3884.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3885or 3886.Va jail_interface 3887and/or suffixed by a netmask, prefixlen or prefix. 3888In case no netmask, prefixlen or prefix is given, 3889.Sq /32 3890will be used for IPv4 and 3891.Sq /128 3892will be used for an IPv6 address. 3893If no address is given for the jail then the jail will be started with 3894no networking support. 3895.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3896.Pq Vt str 3897Unset by default. 3898Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 3899The sequence starts with 3900.Dq Li _multi0 3901and the numbers have to be strictly ascending. 3902These entries follow the same syntax as their primary 3903.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3904entry. 3905The order of the entries can be important as the first address for 3906each address family found will be the primary address of the jail. 3907See 3908.Va ip-addresses 3909option in 3910.Xr jail 8 3911for more details. 3912.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3913.Pq Vt str 3914Set to 3915.Dq Li -l -U root 3916by default. 3917These are flags to pass to 3918.Xr jail 8 . 3919.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3920.Pq Vt str 3921Unset by default. 3922When set, sets the interface to use when setting IP address alias. 3923Note that the alias is created at jail startup and removed at jail shutdown. 3924.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3925.Pq Vt str 3926Unset by default. 3927When set, the jail is started with the specified forwarding table (sometimes 3928referred to as a routing table) via 3929.Xr setfib 1 . 3930.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3931.Pq Vt str 3932Set to 3933.Pa /etc/fstab. Ns Aq Ar jname 3934by default. 3935This is the file system information file to use for jail 3936.Va jname . 3937.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3938.Pq Vt bool 3939Set to 3940.Dq Li NO 3941by default. 3942When set to 3943.Dq Li YES , 3944mount all file systems from 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3946at jail startup. 3947.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3948.Pq Vt str 3949Unset by default. 3950When set, defines the device file system ruleset file to use for jail 3951.Va jname . 3952.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3953.Pq Vt bool 3954Set to 3955.Dq Li NO 3956by default. 3957When set to 3958.Dq Li YES , 3959mount the device file system inside jail 3960.Ar jname 3961at jail startup. 3962.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3963.Pq Vt bool 3964Set to 3965.Dq Li NO 3966by default. 3967When set to 3968.Dq Li YES , 3969mount the file-descriptor file system inside jail 3970.Ar jname 3971at jail startup. 3972.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3973.Pq Vt bool 3974Set to 3975.Dq Li NO 3976by default. 3977When set to 3978.Dq Li YES , 3979mount the process file system inside jail 3980.Ar jname 3981at jail startup. 3982.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3983.Pq Vt str 3984Unset by default. 3985This is the command run as 3986.Ar N Ns 3987th command 3988before jail startup, where 3989.Ar N 3990is 0, 1, and so on. 3991It is run outside the jail. 3992.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3993.Pq Vt str 3994Set to 3995.Dq Li /bin/sh /etc/rc 3996by default. 3997This is the command executed in a jail at jail startup. 3998.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3999.Pq Vt str 4000Unset by default. 4001This is the command run as 4002.Ar N Ns 4003th command 4004in a jail 4005after jail startup, where 4006.Ar N 4007is 1, 2, and so on. 4008.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4009.Pq Vt str 4010Unset by default. 4011This is the command run as 4012.Ar N Ns 4013th command 4014after jail startup, where 4015.Ar N 4016is 0, 1, and so on. 4017It is run outside the jail. 4018.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4019.Pq Vt str 4020Unset by default. 4021This is the command run as 4022.Ar N Ns 4023th command 4024before jail shutdown, where 4025.Ar N 4026is 0, 1, and so on. 4027It is run outside the jail. 4028.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4029.Pq Vt str 4030Set to 4031.Dq Li /bin/sh /etc/rc.shutdown 4032by default. 4033This is the command executed in a jail at jail shutdown. 4034.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4035.Pq Vt str 4036Unset by default. 4037This is the command run as 4038.Ar N Ns 4039th command 4040after jail shutdown, where 4041.Ar N 4042is 0, 1, and so on. 4043It is run outside the jail. 4044.It Va jail_set_hostname_allow 4045.Pq Vt bool 4046If set to 4047.Dq Li NO , 4048do not allow the root user in a jail to set its hostname. 4049.It Va jail_socket_unixiproute_only 4050.Pq Vt bool 4051If set to 4052.Dq Li YES , 4053do not allow any sockets, 4054besides UNIX/IP/route sockets, 4055to be used within a jail. 4056.It Va jail_sysvipc_allow 4057.Pq Vt bool 4058If set to 4059.Dq Li YES , 4060allow applications within a jail to use System V IPC. 4061.\" ----------------------------------------------------- 4062.It Va harvest_interrupt 4063.Pq Vt bool 4064Set to 4065.Dq Li YES 4066to use hardware interrupts as an entropy source. 4067Refer to 4068.Xr random 4 4069for more information. 4070.It Va harvest_ethernet 4071.Pq Vt bool 4072Set to 4073.Dq Li YES 4074to use LAN traffic as an entropy source. 4075Refer to 4076.Xr random 4 4077for more information. 4078.It Va harvest_p_to_p 4079.Pq Vt bool 4080Set to 4081.Dq Li YES 4082to use serial line traffic as an entropy source. 4083Refer to 4084.Xr random 4 4085for more information. 4086.It Va entropy_dir 4087.Pq Vt str 4088Set to 4089.Dq Li NO 4090to disable caching entropy via 4091.Xr cron 8 . 4092Otherwise set to the directory used to store entropy files in. 4093.It Va entropy_file 4094.Pq Vt str 4095Set to 4096.Dq Li NO 4097to disable caching entropy through reboots. 4098Otherwise set to the filename used to store cached entropy through 4099reboots. 4100This file should be located on the root file system to seed the 4101.Xr random 4 4102device as early as possible in the boot process. 4103.It Va entropy_save_sz 4104.Pq Vt int 4105Size of the entropy cache files saved by 4106.Nm save-entropy 4107periodically. 4108.It Va entropy_save_num 4109.Pq Vt int 4110Number of entropy cache files to save by 4111.Nm save-entropy 4112periodically. 4113.It Va ipsec_enable 4114.Pq Vt bool 4115Set to 4116.Dq Li YES 4117to run 4118.Xr setkey 8 4119on 4120.Va ipsec_file 4121at boot time. 4122.It Va ipsec_file 4123.Pq Vt str 4124Configuration file for 4125.Xr setkey 8 . 4126.It Va dmesg_enable 4127.Pq Vt bool 4128Set to 4129.Dq Li YES 4130to save 4131.Xr dmesg 8 4132to 4133.Pa /var/run/dmesg.boot 4134on boot. 4135.It Va rcshutdown_timeout 4136.Pq Vt int 4137If set, start a watchdog timer in the background which will terminate 4138.Pa rc.shutdown 4139if 4140.Xr shutdown 8 4141has not completed within the specified time (in seconds). 4142Notice that in addition to this soft timeout, 4143.Xr init 8 4144also applies a hard timeout for the execution of 4145.Pa rc.shutdown . 4146This is configured via 4147.Xr sysctl 8 4148variable 4149.Va kern.init_shutdown_timeout 4150and defaults to 120 seconds. 4151Setting the value of 4152.Va rcshutdown_timeout 4153to more than 120 seconds will have no effect until the 4154.Xr sysctl 8 4155variable 4156.Va kern.init_shutdown_timeout 4157is also increased. 4158.It Va virecover_enable 4159.Pq Vt bool 4160Set to 4161.Dq Li NO 4162to prevent the system from trying to 4163recover pre-maturely terminated 4164.Xr vi 1 4165sessions. 4166.It Va ugidfw_enable 4167.Pq Vt bool 4168Set to 4169.Dq Li YES 4170to load the 4171.Xr mac_bsdextended 4 4172module upon system initialization and load a default 4173ruleset file. 4174.It Va bsdextended_script 4175.Pq Vt str 4176The default 4177.Xr mac_bsdextended 4 4178ruleset file to load. 4179The default value of this variable is 4180.Pa /etc/rc.bsdextended . 4181.It Va newsyslog_enable 4182.Pq Vt bool 4183If set to 4184.Dq Li YES , 4185run 4186.Xr newsyslog 8 4187command at startup. 4188.It Va newsyslog_flags 4189.Pq Vt str 4190If 4191.Va newsyslog_enable 4192is set to 4193.Dq Li YES , 4194these are the flags to pass to the 4195.Xr newsyslog 8 4196program. 4197The default is 4198.Dq Li -CN , 4199which causes log files flagged with a 4200.Cm C 4201to be created. 4202.It Va mdconfig_md Ns Aq Ar X 4203.Pq Vt str 4204Arguments to 4205.Xr mdconfig 8 4206for 4207.Xr md 4 4208device 4209.Ar X . 4210At minimum a 4211.Fl t Ar type 4212must be specified and either a 4213.Fl s Ar size 4214for malloc or swap backed 4215.Xr md 4 4216devices or a 4217.Fl f Ar file 4218for vnode backed 4219.Xr md 4 4220devices. 4221Note that 4222.Va mdconfig_md Ns Aq Ar X 4223variables are evaluated until one variable is unset or null. 4224.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4225.Pq Vt str 4226Optional arguments passed to 4227.Xr newfs 8 4228to initialize 4229.Xr md 4 4230device 4231.Ar X . 4232.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4233.Pq Vt str 4234An ownership specification passed to 4235.Xr chown 8 4236after the specified 4237.Xr md 4 4238device 4239.Ar X 4240has been mounted. 4241Both the 4242.Xr md 4 4243device and the mount point will be changed. 4244.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4245.Pq Vt str 4246A mode string passed to 4247.Xr chmod 1 4248after the specified 4249.Xr md 4 4250device 4251.Ar X 4252has been mounted. 4253Both the 4254.Xr md 4 4255device and the mount point will be changed. 4256.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4257.Pq Vt str 4258Files to be copied to the mount point of the 4259.Xr md 4 4260device 4261.Ar X 4262after it has been mounted. 4263.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4264.Pq Vt str 4265Command to execute after the specified 4266.Xr md 4 4267device 4268.Ar X 4269has been mounted. 4270Note that the command is passed to 4271.Ic eval 4272and that both 4273.Va _dev 4274and 4275.Va _mp 4276variables can be used to reference respectively the 4277.Xr md 4 4278device and the mount point. 4279Assuming that the 4280.Xr md 4 4281device is 4282.Li md0 , 4283one could set the following: 4284.Bd -literal 4285mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4286.Ed 4287.It Va autobridge_interfaces 4288.Pq Vt str 4289Set to the list of bridge interfaces that will have newly arriving interfaces 4290checked against to be automatically added. 4291If not set to 4292.Dq Li NO 4293then for each whitespace separated 4294.Ar element 4295in the value, a 4296.Va autobridge_ Ns Aq Ar element 4297variable is assumed to exist which has a whitespace separated list of interface 4298names to match, these names can use wildcards. 4299For example: 4300.Bd -literal 4301autobridge_interfaces="bridge0" 4302autobridge_bridge0="tap* dc0 vlan[345]" 4303.Ed 4304.It Va mixer_enable 4305.Pq Vt bool 4306If set to 4307.Dq Li YES , 4308enable support for sound mixer. 4309.It Va hcsecd_enable 4310.Pq Vt bool 4311If set to 4312.Dq Li YES , 4313enable Bluetooth security daemon. 4314.It Va hcsecd_config 4315.Pq Vt str 4316Configuration file for 4317.Xr hcsecd 8 . 4318Default 4319.Pa /etc/bluetooth/hcsecd.conf . 4320.It Va sdpd_enable 4321.Pq Vt bool 4322If set to 4323.Dq Li YES , 4324enable Bluetooth Service Discovery Protocol daemon. 4325.It Va sdpd_control 4326.Pq Vt str 4327Path to 4328.Xr sdpd 8 4329control socket. 4330Default 4331.Pa /var/run/sdp . 4332.It Va sdpd_groupname 4333.Pq Vt str 4334Sets 4335.Xr sdpd 8 4336group to run as after it initializes. 4337Default 4338.Dq Li nobody . 4339.It Va sdpd_username 4340.Pq Vt str 4341Sets 4342.Xr sdpd 8 4343user to run as after it initializes. 4344Default 4345.Dq Li nobody . 4346.It Va bthidd_enable 4347.Pq Vt bool 4348If set to 4349.Dq Li YES , 4350enable Bluetooth Human Interface Device daemon. 4351.It Va bthidd_config 4352.Pq Vt str 4353Configuration file for 4354.Xr bthidd 8 . 4355Default 4356.Pa /etc/bluetooth/bthidd.conf . 4357.It Va bthidd_hids 4358.Pq Vt str 4359Path to a file, where 4360.Xr bthidd 8 4361will store information about known HID devices. 4362Default 4363.Pa /var/db/bthidd.hids . 4364.It Va rfcomm_pppd_server_enable 4365.Pq Vt bool 4366If set to 4367.Dq Li YES , 4368enable Bluetooth RFCOMM PPP wrapper daemon. 4369.It Va rfcomm_pppd_server_profile 4370.Pq Vt str 4371The name of the profile to use from 4372.Pa /etc/ppp/ppp.conf . 4373Multiple profiles can be specified here. 4374Also used to specify per-profile overrides. 4375When the profile name contains any of the characters 4376.Dq Li .-/+ 4377they are translated to 4378.Dq Li _ 4379for the proposes of the override variable names. 4380.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4381.Pq Vt str 4382Overrides local address to listen on. 4383By default 4384.Xr rfcomm_pppd 8 4385will listen on 4386.Dq Li ANY 4387address. 4388The address can be specified as BD_ADDR or name. 4389.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4390.Pq Vt str 4391Overrides local RFCOMM channel to listen on. 4392By default 4393.Xr rfcomm_pppd 8 4394will listen on RFCOMM channel 1. 4395Must set properly if multiple profiles used in the same time. 4396.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4397.Pq Vt bool 4398Tells 4399.Xr rfcomm_pppd 8 4400if it should register Serial Port service on the specified RFCOMM channel. 4401Default 4402.Dq Li NO . 4403.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4404.Pq Vt bool 4405Tells 4406.Xr rfcomm_pppd 8 4407if it should register Dial-Up Networking service on the specified 4408RFCOMM channel. 4409Default 4410.Dq Li NO . 4411.It Va ubthidhci_enable 4412.Pq Vt bool 4413If set to 4414.Dq Li YES , 4415change the USB Bluetooth controller from HID mode to HCI mode. 4416You also need to specify the location of USB Bluetooth controller with the 4417.Va ubthidhci_busnum 4418and 4419.Va ubthidhci_addr 4420variables. 4421.It Va ubthidhci_busnum 4422Bus number where the USB Bluetooth controller is located. 4423Check the output of 4424.Xr usbconfig 8 4425on your system to find this information. 4426.It Va ubthidhci_addr 4427Bus address of the USB Bluetooth controller. 4428Check the output of 4429.Xr usbconfig 8 4430on your system to find this information. 4431.It Va netwait_enable 4432.Pq Vt bool 4433If set to 4434.Dq Li YES , 4435delays the start of network-reliant services until 4436.Va netwait_if 4437is up and ICMP packets to a destination defined in 4438.Va netwait_ip 4439are flowing. 4440Link state is examined first, followed by 4441.Dq Li pinging 4442an IP address to verify network usability. 4443If no destination can be reached or timeouts are exceeded, 4444network services are started anyway with no guarantee that 4445the network is usable. 4446Use of this variable requires both 4447.Va netwait_ip 4448and 4449.Va netwait_if 4450to be set. 4451.It Va netwait_ip 4452.Pq Vt str 4453Empty by default. 4454This variable contains a space-delimited list of IP addresses to 4455.Xr ping 8 . 4456DNS hostnames should not be used as resolution is not guaranteed 4457to be functional at this point. 4458If multiple IP addresses are specified, 4459each will be tried until one is successful or the list is exhausted. 4460.It Va netwait_timeout 4461.Pq Vt int 4462Indicates the total number of seconds to perform a 4463.Dq Li ping 4464against each IP address in 4465.Va netwait_ip , 4466at a rate of one ping per second. 4467If any of the pings are successful, 4468full network connectivity is considered reliable. 4469The default is 60. 4470.It Va netwait_if 4471.Pq Vt str 4472Empty by default. 4473Defines the name of the network interface on which watch for link. 4474.Xr ifconfig 8 4475is used to monitor the interface, looking for 4476.Dq Li status: no carrier . 4477Once gone, the link is considered up. 4478This can be a 4479.Xr vlan 4 4480interface if desired. 4481.It Va netwait_if_timeout 4482.Pq Vt int 4483Defines the total number of seconds to wait for link to become usable, 4484polled at a 1-second interval. 4485The default is 30. 4486.El 4487.Sh FILES 4488.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4489.It Pa /etc/defaults/rc.conf 4490.It Pa /etc/rc.conf 4491.It Pa /etc/rc.conf.local 4492.El 4493.Sh SEE ALSO 4494.Xr catman 1 , 4495.Xr chmod 1 , 4496.Xr gdb 1 , 4497.Xr info 1 , 4498.Xr kbdcontrol 1 , 4499.Xr makewhatis 1 , 4500.Xr sh 1 , 4501.Xr vi 1 , 4502.Xr vidcontrol 1 , 4503.Xr bridge 4 , 4504.Xr dummynet 4 , 4505.Xr ip 4 , 4506.Xr ipf 4 , 4507.Xr ipfw 4 , 4508.Xr ipnat 4 , 4509.Xr kld 4 , 4510.Xr pf 4 , 4511.Xr pflog 4 , 4512.Xr pfsync 4 , 4513.Xr tcp 4 , 4514.Xr udp 4 , 4515.Xr exports 5 , 4516.Xr fstab 5 , 4517.Xr ipf 5 , 4518.Xr ipnat 5 , 4519.Xr motd 5 , 4520.Xr newsyslog.conf 5 , 4521.Xr pf.conf 5 , 4522.Xr security 7 , 4523.Xr accton 8 , 4524.Xr amd 8 , 4525.Xr apm 8 , 4526.Xr atm 8 , 4527.Xr bthidd 8 , 4528.Xr chkprintcap 8 , 4529.Xr chown 8 , 4530.Xr cron 8 , 4531.Xr dhclient 8 , 4532.Xr ftpd 8 , 4533.Xr geli 8 , 4534.Xr hcsecd 8 , 4535.Xr ifconfig 8 , 4536.Xr inetd 8 , 4537.Xr ipf 8 , 4538.Xr ipfw 8 , 4539.Xr ipnat 8 , 4540.Xr jail 8 , 4541.Xr kldxref 8 , 4542.Xr lpd 8 , 4543.Xr mdconfig 8 , 4544.Xr mdmfs 8 , 4545.Xr mixer 8 , 4546.Xr mountd 8 , 4547.Xr moused 8 , 4548.Xr mrouted 8 , 4549.Xr named 8 , 4550.Xr newfs 8 , 4551.Xr newsyslog 8 , 4552.Xr nfsd 8 , 4553.Xr ntpd 8 , 4554.Xr ntpdate 8 , 4555.Xr pfctl 8 , 4556.Xr pflogd 8 , 4557.Xr ping 8 , 4558.Xr powerd 8 , 4559.Xr quotacheck 8 , 4560.Xr quotaon 8 , 4561.Xr rc 8 , 4562.Xr rc.sendmail 8 , 4563.Xr rfcomm_pppd 8 , 4564.Xr route 8 , 4565.Xr routed 8 , 4566.Xr rpcbind 8 , 4567.Xr rpc.lockd 8 , 4568.Xr rpc.statd 8 , 4569.Xr rwhod 8 , 4570.Xr savecore 8 , 4571.Xr sdpd 8 , 4572.Xr sshd 8 , 4573.Xr swapon 8 , 4574.Xr sysctl 8 , 4575.Xr syslogd 8 , 4576.Xr timed 8 , 4577.Xr usbconfig 8 , 4578.Xr wlandebug 8 , 4579.Xr yp 8 , 4580.Xr ypbind 8 , 4581.Xr ypserv 8 , 4582.Xr ypset 8 4583.Sh HISTORY 4584The 4585.Nm 4586file appeared in 4587.Fx 2.2.2 . 4588.Sh AUTHORS 4589.An Jordan K. Hubbard . 4590