1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd January 27, 2008 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va ddb_enable 168.Pq Vt bool 169Run 170.Xr ddb 8 171to install 172.Xr ddb 4 173scripts at boot time. 174.It Va ddb_config 175.Pq Vt str 176Configuration file for 177.Xr ddb 8 . 178Default 179.Pa /etc/ddb.conf . 180.It Va kldxref_enable 181.Pq Vt bool 182Set to 183.Dq Li NO 184by default. 185Set to 186.Dq Li YES 187to automatically rebuild 188.Pa linker.hints 189files with 190.Xr kldxref 8 191at boot time. 192.It Va kldxref_clobber 193.Pq Vt bool 194Set to 195.Dq Li NO 196by default. 197If 198.Va kldxref_enable 199is true, 200setting to 201.Dq Li YES 202will overwrite existing 203.Pa linker.hints 204files at boot time. 205Otherwise, 206only missing 207.Pa linker.hints 208files are generated. 209.It Va kldxref_module_path 210.Pq Vt str 211Empty by default. 212A semi-colon 213.Pq Ql \&; 214delimited list of paths containing 215.Xr kld 4 216modules. 217If empty, 218the contents of the 219.Va kern.module_path 220.Xr sysctl 8 221are used. 222.It Va powerd_enable 223.Pq Vt bool 224If set to 225.Dq Li YES , 226enable the system power control facility with the 227.Xr powerd 8 228daemon. 229.It Va powerd_flags 230.Pq Vt str 231If 232.Va powerd_enable 233is set to 234.Dq Li YES , 235these are the flags to pass to the 236.Xr powerd 8 237daemon. 238.It Va tmpmfs 239Controls the creation of a 240.Pa /tmp 241memory file system. 242Always happens if set to 243.Dq Li YES 244and never happens if set to 245.Dq Li NO . 246If set to anything else, a memory file system is created if 247.Pa /tmp 248is not writable. 249.It Va tmpsize 250Controls the size of a created 251.Pa /tmp 252memory file system. 253.It Va tmpmfs_flags 254Extra options passed to the 255.Xr mdmfs 8 256utility when the memory file system for 257.Pa /tmp 258is created. 259The default is 260.Dq Li "-S" , 261which inhibits the use of softupdates on 262.Pa /tmp 263so that file system space is freed without delay 264after file truncation or deletion. 265See 266.Xr mdmfs 8 267for other options you can use in 268.Va tmpmfs_flags . 269.It Va varmfs 270Controls the creation of a 271.Pa /var 272memory file system. 273Always happens if set to 274.Dq Li YES 275and never happens if set to 276.Dq Li NO . 277If set to anything else, a memory file system is created if 278.Pa /var 279is not writable. 280.It Va varsize 281Controls the size of a created 282.Pa /var 283memory file system. 284.It Va varmfs_flags 285Extra options passed to the 286.Xr mdmfs 8 287utility when the memory file system for 288.Pa /var 289is created. 290The default is 291.Dq Li "-S" , 292which inhibits the use of softupdates on 293.Pa /var 294so that file system space is freed without delay 295after file truncation or deletion. 296See 297.Xr mdmfs 8 298for other options you can use in 299.Va varmfs_flags . 300.It Va populate_var 301Controls the automatic population of the 302.Pa /var 303file system. 304Always happens if set to 305.Dq Li YES 306and never happens if set to 307.Dq Li NO . 308If set to anything else, a memory file system is created if 309.Pa /var 310is not writable. 311Note that this process requires access to certain commands in 312.Pa /usr 313before 314.Pa /usr 315is mounted on normal systems. 316.It Va cleanvar_enable 317.Pq Vt bool 318Clean the 319.Pa /var 320directory. 321.It Va local_startup 322.Pq Vt str 323List of directories to search for startup script files. 324.It Va script_name_sep 325.Pq Vt str 326The field separator to use for breaking down the list of startup script files 327into individual filenames. 328The default is a space. 329It is not necessary to change this unless there are startup scripts with names 330containing spaces. 331.It Va hostapd_enable 332.Pq Vt bool 333Set to 334.Dq Li YES 335to start 336.Xr hostapd 8 337at system boot time. 338.It Va hostname 339.Pq Vt str 340The fully qualified domain name (FQDN) of this host on the network. 341This should almost certainly be set to something meaningful, even if 342there is no network connection. 343If 344.Xr dhclient 8 345is used to set the hostname via DHCP, 346this variable should be set to an empty string. 347.It Va ipv6_enable 348.Pq Vt bool 349Enable support for IPv6 networking. 350Note that this requires that the kernel has been compiled with 351.Cd "options INET6" . 352.It Va nisdomainname 353.Pq Vt str 354The NIS domain name of this host, or 355.Dq Li NO 356if NIS is not used. 357.It Va dhclient_program 358.Pq Vt str 359Path to the DHCP client program 360.Pa ( /sbin/dhclient , 361the 362.Ox 363DHCP client, 364is the default). 365.It Va dhclient_flags 366.Pq Vt str 367Additional flags to pass to the DHCP client program. 368For the 369.Ox 370DHCP client, see the 371.Xr dhclient 8 372manpage for a description of the command line options available. 373.It Va dhclient_flags_ Ns Aq Ar iface 374Additional flags to pass to the DHCP client program running on 375.Ar iface 376only. 377When specified, this variable overrides 378.Va dhclient_flags . 379.It Va background_dhclient 380.Pq Vt bool 381Set to 382.Dq Li YES 383to start the DHCP client in background. 384This can cause trouble with applications depending on 385a working network, but it will provide a faster startup 386in many cases. 387.It Va background_dhclient_ Ns Aq Ar iface 388When specified, this variable overrides the 389.Va background_dhclient 390variable for interface 391.Ar iface 392only. 393.It Va synchronous_dhclient 394.Pq Bt bool 395Set to 396.Dq Li NO 397to start 398.Xr dhclient 8 399only in response to interface events and not synchronously at startup. 400This behavior can be overridden on a per-interface basis by replacing 401the 402.Dq Li DHCP 403keyword in the 404.Va ifconfig_ Ns Aq Ar interface 405variable with 406.Dq Li SYNCDHCP 407or 408.Dq Li NOSYNCDHCP . 409.It Va firewall_enable 410.Pq Vt bool 411Set to 412.Dq Li YES 413to load firewall rules at startup. 414If the kernel was not built with 415.Cd "options IPFIREWALL" , 416the 417.Pa ipfw.ko 418kernel module will be loaded. 419See also 420.Va ipfilter_enable . 421.It Va ipv6_firewall_enable 422.Pq Vt bool 423The IPv6 equivalent of 424.Va firewall_enable . 425Set to 426.Dq Li YES 427to load IPv6 firewall rules at startup. 428If the kernel was not built with 429.Cd "options IPV6FIREWALL" , 430the 431.Pa ipfw.ko 432kernel module will be loaded. 433.It Va firewall_script 434.Pq Vt str 435This variable specifies the full path to the firewall script to run. 436The default is 437.Pa /etc/rc.firewall . 438.It Va ipv6_firewall_script 439.Pq Vt str 440The IPv6 equivalent of 441.Va firewall_script . 442.It Va firewall_type 443.Pq Vt str 444Names the firewall type from the selection in 445.Pa /etc/rc.firewall , 446or the file which contains the local firewall ruleset. 447Valid selections from 448.Pa /etc/rc.firewall 449are: 450.Pp 451.Bl -tag -width ".Li simple" -compact 452.It Li open 453unrestricted IP access 454.It Li closed 455all IP services disabled, except via 456.Dq Li lo0 457.It Li client 458basic protection for a workstation 459.It Li simple 460basic protection for a LAN. 461.El 462.Pp 463If a filename is specified, the full path 464must be given. 465.It Va ipv6_firewall_type 466.Pq Vt str 467The IPv6 equivalent of 468.Va firewall_type . 469.It Va firewall_quiet 470.Pq Vt bool 471Set to 472.Dq Li YES 473to disable the display of firewall rules on the console during boot. 474.It Va ipv6_firewall_quiet 475.Pq Vt bool 476The IPv6 equivalent of 477.Va firewall_quiet . 478.It Va firewall_logging 479.Pq Vt bool 480Set to 481.Dq Li YES 482to enable firewall event logging. 483This is equivalent to the 484.Dv IPFIREWALL_VERBOSE 485kernel option. 486.It Va ipv6_firewall_logging 487.Pq Vt bool 488The IPv6 equivalent of 489.Va firewall_logging . 490.It Va firewall_flags 491.Pq Vt str 492Flags passed to 493.Xr ipfw 8 494if 495.Va firewall_type 496specifies a filename. 497.It Va ipv6_firewall_flags 498.Pq Vt str 499The IPv6 equivalent of 500.Va firewall_flags . 501.\" ----- firewall_nat_enable setting -------------------------------- 502.It Va firewall_nat_enable 503.Pq Vt bool 504The 505.Xr ipfw 8 506equivalent of 507.Va natd_enable . 508Setting this to 509.Dq Li YES 510enables kernel NAT. 511.Va firewall_enable 512must also be set to 513.Dq Li YES . 514.It Va firewall_nat_interface 515.Pq Vt str 516The 517.Xr ipfw 8 518equivalent of 519.Va natd_interface . 520This is the name of the public interface or IP address on which 521kernel NAT should run. 522.It Va firewall_nat_flags 523.Pq Vt str 524Additional configuration parameters for kernel NAT should be placed here. 525.It Va dummynet_enable 526.Pq Vt bool 527Setting this to 528.Dq Li YES 529will automatically load the 530.Xr dummynet 4 531module if 532.Va firewall_enable 533is also set to 534.Dq Li YES . 535.\" ------------------------------------------------------------------- 536.It Va natd_program 537.Pq Vt str 538Path to 539.Xr natd 8 . 540.It Va natd_enable 541.Pq Vt bool 542Set to 543.Dq Li YES 544to enable 545.Xr natd 8 . 546.Va firewall_enable 547must also be set to 548.Dq Li YES , 549and 550.Xr divert 4 551sockets must be enabled in the kernel. 552If the kernel was not built with 553.Cd "options IPDIVERT" , 554the 555.Pa ipdivert.ko 556kernel module will be loaded. 557.It Va natd_interface 558.Pq Vt str 559This is the name of the public interface on which 560.Xr natd 8 561should run. 562The interface may be given as an interface name or as an IP address. 563.It Va natd_flags 564.Pq Vt str 565Additional 566.Xr natd 8 567flags should be placed here. 568The 569.Fl n 570or 571.Fl a 572flag is automatically added with the above 573.Va natd_interface 574as an argument. 575.\" ----- ipfilter_enable setting -------------------------------- 576.It Va ipfilter_enable 577.Pq Vt bool 578Set to 579.Dq Li NO 580by default. 581Setting this to 582.Dq Li YES 583enables 584.Xr ipf 8 585packet filtering. 586.Pp 587Typical usage will require putting 588.Bd -literal 589ipfilter_enable="YES" 590ipnat_enable="YES" 591ipmon_enable="YES" 592ipfs_enable="YES" 593.Ed 594.Pp 595into 596.Pa /etc/rc.conf 597and editing 598.Pa /etc/ipf.rules 599and 600.Pa /etc/ipnat.rules 601appropriately. 602.Pp 603Note that 604.Va ipfilter_enable 605and 606.Va ipnat_enable 607can be enabled independently. 608.Va ipmon_enable 609and 610.Va ipfs_enable 611both require at least one of 612.Va ipfilter_enable 613and 614.Va ipnat_enable 615to be enabled. 616.Pp 617Having 618.Bd -literal 619options IPFILTER 620options IPFILTER_LOG 621options IPFILTER_DEFAULT_BLOCK 622.Ed 623.Pp 624in the kernel configuration file is a good idea, too. 625.\" ----- ipfilter_program setting ------------------------------ 626.It Va ipfilter_program 627.Pq Vt str 628Path to 629.Xr ipf 8 630(default 631.Pa /sbin/ipf ) . 632.\" ----- ipfilter_rules setting -------------------------------- 633.It Va ipfilter_rules 634.Pq Vt str 635Set to 636.Pa /etc/ipf.rules 637by default. 638This variable contains the name of the filter rule definition file. 639The file is expected to be readable for the 640.Xr ipf 8 641command to execute. 642.\" ----- ipv6_ipfilter_rules setting --------------------------- 643.It Va ipv6_ipfilter_rules 644.Pq Vt str 645Set to 646.Pa /etc/ipf6.rules 647by default. 648This variable contains the IPv6 filter rule definition file. 649The file is expected to be readable for the 650.Xr ipf 8 651command to execute. 652.\" ----- ipfilter_flags setting -------------------------------- 653.It Va ipfilter_flags 654.Pq Vt str 655Empty by default. 656This variable contains flags passed to the 657.Xr ipf 8 658program. 659.\" ----- ipnat_enable setting ---------------------------------- 660.It Va ipnat_enable 661.Pq Vt bool 662Set to 663.Dq Li NO 664by default. 665Set it to 666.Dq Li YES 667to enable 668.Xr ipnat 8 669network address translation. 670See 671.Va ipfilter_enable 672for a detailed discussion. 673.\" ----- ipnat_program setting --------------------------------- 674.It Va ipnat_program 675.Pq Vt str 676Path to 677.Xr ipnat 8 678(default 679.Pa /sbin/ipnat ) . 680.\" ----- ipnat_rules setting ----------------------------------- 681.It Va ipnat_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipnat.rules 685by default. 686This variable contains the name of the file 687holding the network address translation definition. 688This file is expected to be readable for the 689.Xr ipnat 8 690command to execute. 691.\" ----- ipnat_flags setting ----------------------------------- 692.It Va ipnat_flags 693.Pq Vt str 694Empty by default. 695This variable contains flags passed to the 696.Xr ipnat 8 697program. 698.\" ----- ipmon_enable setting ---------------------------------- 699.It Va ipmon_enable 700.Pq Vt bool 701Set to 702.Dq Li NO 703by default. 704Set it to 705.Dq Li YES 706to enable 707.Xr ipmon 8 708monitoring (logging 709.Xr ipf 8 710and 711.Xr ipnat 8 712events). 713Setting this variable needs setting 714.Va ipfilter_enable 715or 716.Va ipnat_enable 717too. 718See 719.Va ipfilter_enable 720for a detailed discussion. 721.\" ----- ipmon_program setting --------------------------------- 722.It Va ipmon_program 723.Pq Vt str 724Path to 725.Xr ipmon 8 726(default 727.Pa /sbin/ipmon ) . 728.\" ----- ipmon_flags setting ----------------------------------- 729.It Va ipmon_flags 730.Pq Vt str 731Set to 732.Dq Li -Ds 733by default. 734This variable contains flags passed to the 735.Xr ipmon 8 736program. 737Another typical example would be 738.Dq Fl D Pa /var/log/ipflog 739to have 740.Xr ipmon 8 741log directly to a file bypassing 742.Xr syslogd 8 . 743Make sure to adjust 744.Pa /etc/newsyslog.conf 745in such case like this: 746.Bd -literal 747/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 748.Ed 749.\" ----- ipfs_enable setting ----------------------------------- 750.It Va ipfs_enable 751.Pq Vt bool 752Set to 753.Dq Li NO 754by default. 755Set it to 756.Dq Li YES 757to enable 758.Xr ipfs 8 759saving the filter and NAT state tables during shutdown 760and reloading them during startup again. 761Setting this variable needs setting 762.Va ipfilter_enable 763or 764.Va ipnat_enable 765to 766.Dq Li YES 767too. 768See 769.Va ipfilter_enable 770for a detailed discussion. 771Note that if 772.Va kern_securelevel 773is set to 3, 774.Va ipfs_enable 775cannot be used 776because the raised securelevel will prevent 777.Xr ipfs 8 778from saving the state tables at shutdown time. 779.\" ----- ipfs_program setting ---------------------------------- 780.It Va ipfs_program 781.Pq Vt str 782Path to 783.Xr ipfs 8 784(default 785.Pa /sbin/ipfs ) . 786.\" ----- ipfs_flags setting ------------------------------------ 787.It Va ipfs_flags 788.Pq Vt str 789Empty by default. 790This variable contains flags passed to the 791.Xr ipfs 8 792program. 793.\" ----- end of added ipf hook --------------------------------- 794.It Va pf_enable 795.Pq Vt bool 796Set to 797.Dq Li NO 798by default. 799Setting this to 800.Dq Li YES 801enables 802.Xr pf 4 803packet filtering. 804.Pp 805Typical usage will require putting 806.Pp 807.Dl pf_enable="YES" 808.Pp 809into 810.Pa /etc/rc.conf 811and editing 812.Pa /etc/pf.conf 813appropriately. 814Adding 815.Pp 816.Dl "device pf" 817.Pp 818builds support for 819.Xr pf 4 820into the kernel, otherwise the 821kernel module will be loaded. 822.It Va pf_rules 823.Pq Vt str 824Path to 825.Xr pf 4 826ruleset configuration file 827(default 828.Pa /etc/pf.conf ) . 829.It Va pf_program 830.Pq Vt str 831Path to 832.Xr pfctl 8 833(default 834.Pa /sbin/pfctl ) . 835.It Va pf_flags 836.Pq Vt str 837If 838.Va pf_enable 839is set to 840.Dq Li YES , 841these flags are passed to the 842.Xr pfctl 8 843program when loading the ruleset. 844.It Va pflog_enable 845.Pq Vt bool 846Set to 847.Dq Li NO 848by default. 849Setting this to 850.Dq Li YES 851enables 852.Xr pflogd 8 853which logs packets from the 854.Xr pf 4 855packet filter. 856.It Va pflog_logfile 857.Pq Vt str 858If 859.Va pflog_enable 860is set to 861.Dq Li YES 862this controls where 863.Xr pflogd 8 864stores the logfile 865(default 866.Pa /var/log/pflog ) . 867Check 868.Pa /etc/newsyslog.conf 869to adjust logfile rotation for this. 870.It Va pflog_program 871.Pq Vt str 872Path to 873.Xr pflogd 8 874(default 875.Pa /sbin/pflogd ) . 876.It Va pflog_flags 877.Pq Vt str 878Empty by default. 879This variable contains additional flags passed to the 880.Xr pflogd 8 881program. 882.It Va ftpproxy_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr ftp-proxy 8 891which supports the 892.Xr pf 4 893packet filter in translating ftp connections. 894.It Va ftpproxy_flags 895.Pq Vt str 896Empty by default. 897This variable contains additional flags passed to the 898.Xr ftp-proxy 8 899program. 900.It Va pfsync_enable 901.Pq Vt bool 902Set to 903.Dq Li NO 904by default. 905Setting this to 906.Dq Li YES 907enables exposing 908.Xr pf 4 909state changes to other hosts over the network by means of 910.Xr pfsync 4 . 911The 912.Va pfsync_syncdev 913variable 914must also be set then. 915.It Va pfsync_syncdev 916.Pq Vt str 917Empty by default. 918This variable specifies the name of the network interface 919.Xr pfsync 4 920should operate through. 921It must be set accordingly if 922.Va pfsync_enable 923is set to 924.Dq Li YES . 925.It Va pfsync_syncpeer 926.Pq Vt str 927Empty by default. 928This variable is optional. 929By default, state change messages are sent out on the synchronisation 930interface using IP multicast packets. 931The protocol is IP protocol 240, PFSYNC, and the multicast group used is 932224.0.0.240. 933When a peer address is specified using the 934.Va pfsync_syncpeer 935option, the peer address is used as a destination for the pfsync 936traffic, and the traffic can then be protected using 937.Xr ipsec 4 . 938See the 939.Xr pfsync 4 940manpage for more details about using 941.Xr ipsec 4 942with 943.Xr pfsync 4 944interfaces. 945.It Va pfsync_ifconfig 946.Pq Vt str 947Empty by default. 948This variable can contain additional options to be passed to the 949.Xr ifconfig 8 950command used to set up 951.Xr pfsync 4 . 952.It Va tcp_extensions 953.Pq Vt bool 954Set to 955.Dq Li YES 956by default. 957Setting this to 958.Dq Li NO 959disables certain TCP options as described by 960.Rs 961.%T "RFC 1323" 962.Re 963Setting this to 964.Dq Li NO 965might help remedy such problems with connections as randomly hanging 966or other weird behavior. 967Some network devices are known 968to be broken with respect to these options. 969.It Va log_in_vain 970.Pq Vt int 971Set to 0 by default. 972The 973.Xr sysctl 8 974variables, 975.Va net.inet.tcp.log_in_vain 976and 977.Va net.inet.udp.log_in_vain , 978as described in 979.Xr tcp 4 980and 981.Xr udp 4 , 982are set to the given value. 983.It Va tcp_keepalive 984.Pq Vt bool 985Set to 986.Dq Li YES 987by default. 988Setting to 989.Dq Li NO 990will disable probing idle TCP connections to verify that the 991peer is still up and reachable. 992.It Va tcp_drop_synfin 993.Pq Vt bool 994Set to 995.Dq Li NO 996by default. 997Setting to 998.Dq Li YES 999will cause the kernel to ignore TCP frames that have both 1000the SYN and FIN flags set. 1001This prevents OS fingerprinting, but may 1002break some legitimate applications. 1003.It Va icmp_drop_redirect 1004.Pq Vt bool 1005Set to 1006.Dq Li NO 1007by default. 1008Setting to 1009.Dq Li YES 1010will cause the kernel to ignore ICMP REDIRECT packets. 1011Refer to 1012.Xr icmp 4 1013for more information. 1014.It Va icmp_log_redirect 1015.Pq Vt bool 1016Set to 1017.Dq Li NO 1018by default. 1019Setting to 1020.Dq Li YES 1021will cause the kernel to log ICMP REDIRECT packets. 1022Note that 1023the log messages are not rate-limited, so this option should only be used 1024for troubleshooting networks. 1025Refer to 1026.Xr icmp 4 1027for more information. 1028.It Va icmp_bmcastecho 1029.Pq Vt bool 1030Set to 1031.Dq Li YES 1032to respond to broadcast or multicast ICMP ping packets. 1033Refer to 1034.Xr icmp 4 1035for more information. 1036.It Va ip_portrange_first 1037.Pq Vt int 1038If not set to 1039.Dq Li NO , 1040this is the first port in the default portrange. 1041Refer to 1042.Xr ip 4 1043for more information. 1044.It Va ip_portrange_last 1045.Pq Vt int 1046If not set to 1047.Dq Li NO , 1048this is the last port in the default portrange. 1049Refer to 1050.Xr ip 4 1051for more information. 1052.It Va network_interfaces 1053.Pq Vt str 1054Set to the list of network interfaces to configure on this host or 1055.Dq Li AUTO 1056(the default) for all current interfaces. 1057Setting the 1058.Va network_interfaces 1059variable to anything other than the default is deprecated. 1060Interfaces that the administrator wishes to store configuration for, 1061but not start at boot should be configured with the 1062.Dq Li NOAUTO 1063keyword in their 1064.Va ifconfig_ Ns Aq Ar interface 1065variables as described below. 1066.Pp 1067An 1068.Va ifconfig_ Ns Aq Ar interface 1069variable is also assumed to exist for each value of 1070.Ar interface . 1071When an interface name contains any of the characters 1072.Dq Li .-/+ 1073they are translated to 1074.Dq Li _ 1075before lookup. 1076The variable can contain arguments to 1077.Xr ifconfig 8 , 1078as well as special case-insensitive keywords described below. 1079Such keywords are removed before passing the value to 1080.Xr ifconfig 8 1081while the order of the other arguments is preserved. 1082.Pp 1083One can configure more than one IPv4 address with the 1084.Va ipv4_addrs_ Ns Aq Ar interface 1085variable. 1086One or more IP addresses must be provided in Classless Inter-Domain 1087Routing (CIDR) address notation, whose last byte can be a range like 1088192.168.0.5-23/24. 1089In this case the address 192.168.0.5 will be configured with the 1090netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1091the non-conflicting netmask /32 as explained in the 1092.Xr ifconfig 8 1093alias section. 1094With the interface in question being 1095.Li ed0 , 1096an example could look like: 1097.Bd -literal 1098ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1099.Ed 1100.Pp 1101It is also possible to add IP alias entries using 1102.Xr ifconfig 8 1103syntax. 1104Assuming that the interface in question was 1105.Li ed0 , 1106it might look 1107something like this: 1108.Bd -literal 1109ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1110ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1111.Ed 1112.Pp 1113And so on. 1114For each 1115.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1116entry that is found, 1117its contents are passed to 1118.Xr ifconfig 8 . 1119Execution stops at the first unsuccessful access, so if 1120something like this is present: 1121.Bd -literal 1122ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1123ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1124ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1125ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1126.Ed 1127.Pp 1128Then note that alias4 would 1129.Em not 1130be added since the search would 1131stop with the missing 1132.Dq Li alias3 1133entry. 1134Due to this difficult to manage behavior, the 1135.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1136form is deprecated. 1137.Pp 1138If the 1139.Pa /etc/start_if. Ns Aq Ar interface 1140file is present, it is read and executed by the 1141.Xr sh 1 1142interpreter 1143before configuring the interface as specified in the 1144.Va ifconfig_ Ns Aq Ar interface 1145and 1146.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1147variables. 1148.Pp 1149If the 1150.Va ifconfig_ Ns Aq Ar interface 1151contains the keyword 1152.Dq Li NOAUTO 1153then the interface will not be configured 1154at boot or by 1155.Pa /etc/pccard_ether 1156when 1157.Va network_interfaces 1158is set to 1159.Dq Li AUTO . 1160.Pp 1161It is possible to bring up an interface with DHCP by adding 1162.Dq Li DHCP 1163to the 1164.Va ifconfig_ Ns Aq Ar interface 1165variable. 1166For instance, to initialize the 1167.Li ed0 1168device via DHCP, 1169it is possible to use something like: 1170.Bd -literal 1171ifconfig_ed0="DHCP" 1172.Ed 1173.Pp 1174Also, if you want to configure your wireless interface with 1175.Xr wpa_supplicant 8 1176for use with WPA, EAP/LEAP or WEP, you need to add 1177.Dq Li WPA 1178to the 1179.Va ifconfig_ Ns Aq Ar interface 1180variable. 1181.Pp 1182Finally, you can add 1183.Xr ifconfig 8 1184options in this variable, in addition to the 1185.Pa /etc/start_if. Ns Aq Ar interface 1186file. 1187For instance, to initialize the 1188.Li wi0 1189device via DHCP, using WPA authentication and 802.11b mode, it is 1190possible to use something like: 1191.Bd -literal 1192ifconfig_wi0="DHCP WPA mode 11b" 1193.Ed 1194.Pp 1195In addition to the 1196.Va ifconfig_ Ns Aq Ar interface 1197form, a fallback variable 1198.Va ifconfig_DEFAULT 1199may be configured. 1200It will be used for all interfaces with no 1201.Va ifconfig_ Ns Aq Ar interface 1202variable. 1203This is intended to replace the no longer supported 1204.Va pccard_ifconfig 1205variable. 1206.Pp 1207It is also possible to rename interface by doing: 1208.Bd -literal 1209ifconfig_ed0_name="net0" 1210ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1211.Ed 1212.It Va ipv6_network_interfaces 1213.Pq Vt str 1214This is the IPv6 equivalent of 1215.Va network_interfaces . 1216Instead of setting the ifconfig variables as 1217.Va ifconfig_ Ns Aq Ar interface 1218they should be set as 1219.Va ipv6_ifconfig_ Ns Aq Ar interface . 1220Aliases should be set as 1221.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1222.Va ipv6_prefix_ Ns Aq Ar interface 1223does something. 1224Interfaces that do not have a 1225.Va ipv6_ifconfig_ Ns Aq Ar interface 1226setting will be auto configured by 1227.Xr rtsol 8 1228if the 1229.Va ipv6_gateway_enable 1230is set to 1231.Dq Li NO . 1232Note that the IPv6 networking code does not support the 1233.Pa /etc/start_if. Ns Aq Ar interface 1234files. 1235.It Va ipv6_default_interface 1236.Pq Vt str 1237If not set to 1238.Dq Li NO , 1239this is the default output interface for scoped addresses. 1240Now this works only for IPv6 link local multicast addresses. 1241.It Va cloned_interfaces 1242.Pq Vt str 1243Set to the list of clonable network interfaces to create on this host. 1244Entries in 1245.Va cloned_interfaces 1246are automatically appended to 1247.Va network_interfaces 1248for configuration. 1249.It Va fec_interfaces 1250.Pq Vt str 1251Set to the list of 1252.Xr ng_fec 4 1253Fast EtherChannel interfaces to configure on this host. 1254A 1255.Va fecconfig_ Ns Aq Ar interface 1256variable is assumed to exist for each value of 1257.Ar interface . 1258The value of this variable is used to configure link aggregated interfaces 1259according to the syntax of the 1260.Cm NGM_FEC_ADD_IFACE 1261to 1262.Xr ngctl 8 1263msg. 1264Additionally, this option ensures that each listed interface is created 1265via the 1266.Cm mkpeer 1267command to 1268.Xr ngctl 8 1269before attempting to configure it. 1270For example: 1271.Bd -literal 1272fec_interfaces="fec0" 1273fecconfig_fec0="em0 em1" 1274ifconfig_fec0="DHCP" 1275.Ed 1276.It Va gif_interfaces 1277.Pq Vt str 1278Set to the list of 1279.Xr gif 4 1280tunnel interfaces to configure on this host. 1281A 1282.Va gifconfig_ Ns Aq Ar interface 1283variable is assumed to exist for each value of 1284.Ar interface . 1285The value of this variable is used to configure the link layer of the 1286tunnel according to the syntax of the 1287.Cm tunnel 1288option to 1289.Xr ifconfig 8 . 1290Additionally, this option ensures that each listed interface is created 1291via the 1292.Cm create 1293option to 1294.Xr ifconfig 8 1295before attempting to configure it. 1296.It Va sppp_interfaces 1297.Pq Vt str 1298Set to the list of 1299.Xr sppp 4 1300interfaces to configure on this host. 1301A 1302.Va spppconfig_ Ns Aq Ar interface 1303variable is assumed to exist for each value of 1304.Ar interface . 1305Each interface should also be configured by a general 1306.Va ifconfig_ Ns Aq Ar interface 1307setting. 1308Refer to 1309.Xr spppcontrol 8 1310for more information about available options. 1311.It Va ppp_enable 1312.Pq Vt bool 1313If set to 1314.Dq Li YES , 1315run the 1316.Xr ppp 8 1317daemon. 1318.It Va ppp_profile 1319.Pq Vt str 1320The name of the profile to use from 1321.Pa /etc/ppp/ppp.conf . 1322Also used for per-profile overrides of 1323.Va ppp_mode 1324and 1325.Va ppp_nat . 1326When the profile name contains any of the characters 1327.Dq Li .-/+ 1328they are translated to 1329.Dq Li _ 1330for the proposes of the override variable names. 1331.It Va ppp_mode 1332.Pq Vt str 1333Mode in which to run the 1334.Xr ppp 8 1335daemon. 1336.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1337.Pq Vt str 1338Overrides the global 1339.Va ppp_mode 1340for 1341.Ar profile . 1342Accepted modes are 1343.Dq Li auto , 1344.Dq Li ddial , 1345.Dq Li direct 1346and 1347.Dq Li dedicated . 1348See the manual for a full description. 1349.It Va ppp_nat 1350.Pq Vt bool 1351If set to 1352.Dq Li YES , 1353enables network address translation. 1354Used in conjunction with 1355.Va gateway_enable 1356allows hosts on private network addresses access to the Internet using 1357this host as a network address translating router. 1358.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1359.Pq Vt str 1360Overrides the global 1361.Va ppp_nat 1362for 1363.Ar profile . 1364.It Va ppp_user 1365.Pq Vt str 1366The name of the user under which 1367.Xr ppp 8 1368should be started. 1369By 1370default, 1371.Xr ppp 8 1372is started as 1373.Dq Li root . 1374.It Va rc_conf_files 1375.Pq Vt str 1376This option is used to specify a list of files that will override 1377the settings in 1378.Pa /etc/defaults/rc.conf . 1379The files will be read in the order in which they are specified and should 1380include the full path to the file. 1381By default, the files specified are 1382.Pa /etc/rc.conf 1383and 1384.Pa /etc/rc.conf.local 1385.It Va zfs_enable 1386.Pq Vt bool 1387If set to 1388.Dq Li YES , 1389.Pa /etc/rc.d/zfs 1390will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1391(ZVOLs). 1392.It Va gbde_autoattach_all 1393.Pq Vt bool 1394If set to 1395.Dq Li YES , 1396.Pa /etc/rc.d/gbde 1397will attempt to automatically initialize your .bde devices in 1398.Pa /etc/fstab . 1399.It Va gbde_devices 1400.Pq Vt str 1401List the devices that the script should try to attach, 1402or 1403.Dq Li AUTO . 1404.It Va gbde_lockdir 1405.Pq Vt str 1406The directory where the 1407.Xr gbde 4 1408lockfiles are located. 1409The default lockfile directory is 1410.Pa /etc . 1411.Pp 1412The lockfile for each individual 1413.Xr gbde 4 1414device can be overridden by setting the variable 1415.Va gbde_lock_ Ns Aq Ar device , 1416where 1417.Ar device 1418is the encrypted device without the 1419.Dq Pa /dev/ 1420and 1421.Dq Pa .bde 1422parts. 1423.It Va gbde_attach_attempts 1424.Pq Vt int 1425Number of times to attempt attaching to a 1426.Xr gbde 4 1427device, i.e., how many times the user is asked for the pass-phrase. 1428Default is 3. 1429.It Va geli_devices 1430.Pq Vt str 1431List of devices to automatically attach on boot. 1432Note that .eli devices from 1433.Pa /etc/fstab 1434are automatically appended to this list. 1435.It Va geli_tries 1436.Pq Vt int 1437Number of times user is asked for the pass-phrase. 1438If empty, it will be taken from 1439.Va kern.geom.eli.tries 1440sysctl variable. 1441.It Va geli_default_flags 1442.Pq Vt str 1443Default flags to use by 1444.Xr geli 8 1445when configuring disk encryption. 1446Flags can be configured for every device separately by defining 1447.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1448variable. 1449.It Va geli_autodetach 1450.Pq Vt str 1451Specifies if GELI devices should be marked for detach on last close after 1452file systems are mounted. 1453Default is 1454.Dq Li YES . 1455This can be changed for every device separately by defining 1456.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1457variable. 1458.It Va geli_swap_flags 1459Options passed to the 1460.Xr geli 8 1461utility when encrypted GEOM providers for swap partitions are created. 1462The default is 1463.Dq Li "-a aes -l 256 -s 4096 -d" . 1464.It Va root_rw_mount 1465.Pq Vt bool 1466Set to 1467.Dq Li YES 1468by default. 1469After the file systems are checked at boot time, the root file system 1470is remounted as read-write if this is set to 1471.Dq Li YES . 1472Diskless systems that mount their root file system from a read-only remote 1473NFS share should set this to 1474.Dq Li NO 1475in their 1476.Pa rc.conf . 1477.It Va fsck_y_enable 1478.Pq Vt bool 1479If set to 1480.Dq Li YES , 1481.Xr fsck 8 1482will be run with the 1483.Fl y 1484flag if the initial preen 1485of the file systems fails. 1486.It Va background_fsck 1487.Pq Vt bool 1488If set to 1489.Dq Li YES , 1490the system will attempt to run 1491.Xr fsck 8 1492in the background where possible. 1493.It Va background_fsck_delay 1494.Pq Vt int 1495The amount of time in seconds to sleep before starting a background 1496.Xr fsck 8 . 1497It defaults to sixty seconds to allow large applications such as 1498the X server to start before disk I/O bandwidth is monopolized by 1499.Xr fsck 8 . 1500If set to a negative number, the background file system check will be 1501delayed indefinitely to allow the administrator to run it at a more 1502convenient time. 1503For example it may be run from 1504.Xr cron 8 1505by adding a line like 1506.Pp 1507.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1508.Pp 1509to 1510.Pa /etc/crontab . 1511.It Va netfs_types 1512.Pq Vt str 1513List of file system types that are network-based. 1514This list should generally not be modified by end users. 1515Use 1516.Va extra_netfs_types 1517instead. 1518.It Va extra_netfs_types 1519.Pq Vt str 1520If set to something other than 1521.Dq Li NO 1522(the default), 1523this variable extends the list of file system types 1524for which automatic mounting at startup by 1525.Xr rc 8 1526should be delayed until the network is initialized. 1527It should contain 1528a whitespace-separated list of network file system descriptor pairs, 1529each consisting of a file system type as passed to 1530.Xr mount 8 1531and a human-readable, one-word description, 1532joined with a colon 1533.Pq Ql \&: . 1534Extending the default list in this way is only necessary 1535when third party file system types are used. 1536.It Va syslogd_enable 1537.Pq Vt bool 1538If set to 1539.Dq Li YES , 1540run the 1541.Xr syslogd 8 1542daemon. 1543.It Va syslogd_program 1544.Pq Vt str 1545Path to 1546.Xr syslogd 8 1547(default 1548.Pa /usr/sbin/syslogd ) . 1549.It Va syslogd_flags 1550.Pq Vt str 1551If 1552.Va syslogd_enable 1553is set to 1554.Dq Li YES , 1555these are the flags to pass to 1556.Xr syslogd 8 . 1557.It Va inetd_enable 1558.Pq Vt bool 1559If set to 1560.Dq Li YES , 1561run the 1562.Xr inetd 8 1563daemon. 1564.It Va inetd_program 1565.Pq Vt str 1566Path to 1567.Xr inetd 8 1568(default 1569.Pa /usr/sbin/inetd ) . 1570.It Va inetd_flags 1571.Pq Vt str 1572If 1573.Va inetd_enable 1574is set to 1575.Dq Li YES , 1576these are the flags to pass to 1577.Xr inetd 8 . 1578.It Va named_enable 1579.Pq Vt bool 1580If set to 1581.Dq Li YES , 1582run the 1583.Xr named 8 1584daemon. 1585.It Va named_program 1586.Pq Vt str 1587Path to 1588.Xr named 8 1589(default 1590.Pa /usr/sbin/named ) . 1591.It Va named_flags 1592.Pq Vt str 1593If 1594.Va named_enable 1595is set to 1596.Dq Li YES , 1597these are the flags to pass to 1598.Xr named 8 . 1599.It Va named_pidfile 1600.Pq Vt str 1601This is the default path to the 1602.Xr named 8 1603daemon's PID file. 1604This must match the location in 1605.Xr named.conf 5 . 1606.It Va named_uid 1607.Pq Vt str 1608The user that the 1609.Xr named 8 1610process should be run as. 1611.It Va named_chrootdir 1612.Pq Vt str 1613The root directory for a name server run in a 1614.Xr chroot 8 1615environment (default 1616.Pa /var/named ) . 1617If left empty 1618.Xr named 8 1619will not be run in a 1620.Xr chroot 8 1621environment. 1622.It Va named_chroot_autoupdate 1623.Pq Vt bool 1624Set to 1625.Dq Li NO 1626to disable automatic update of the 1627.Xr chroot 8 1628environment. 1629.It Va named_symlink_enable 1630.Pq Vt bool 1631Set to 1632.Dq Li NO 1633to disable symlinking of 1634daemon's PID file 1635into the 1636.Xr chroot 8 1637environment. 1638.It Va kerberos5_server_enable 1639.Pq Vt bool 1640Set to 1641.Dq Li YES 1642to start a Kerberos 5 authentication server 1643at boot time. 1644.It Va kerberos5_server 1645.Pq Vt str 1646If 1647.Va kerberos5_server_enable 1648is set to 1649.Dq Li YES 1650this is the path to Kerberos 5 Authentication Server. 1651.It Va kerberos5_server_flags 1652.Pq Vt str 1653Empty by default. 1654This variable contains additional flags to be passed to the Kerberos 5 1655authentication server. 1656.It Va kadmind5_server_enable 1657.Pq Vt bool 1658Set to 1659.Dq Li YES 1660to start 1661.Xr kadmind 8 , 1662the Kerberos 5 Administration Daemon; set to 1663.Dq Li NO 1664on a slave server. 1665.It Va kadmind5_server 1666.Pq Vt str 1667If 1668.Va kadmind5_server_enable 1669is set to 1670.Dq Li YES 1671this is the path to Kerberos 5 Administration Daemon. 1672.It Va kpasswdd_server_enable 1673.Pq Vt bool 1674Set to 1675.Dq Li YES 1676to start 1677.Xr kpasswdd 8 , 1678the Kerberos 5 Password-Changing Daemon; set to 1679.Dq Li NO 1680on a slave server. 1681.It Va kpasswdd_server 1682.Pq Vt str 1683If 1684.Va kpasswdd_server_enable 1685is set to 1686.Dq Li YES 1687this is the path to Kerberos 5 Password-Changing Daemon. 1688.It Va rwhod_enable 1689.Pq Vt bool 1690If set to 1691.Dq Li YES , 1692run the 1693.Xr rwhod 8 1694daemon at boot time. 1695.It Va rwhod_flags 1696.Pq Vt str 1697If 1698.Va rwhod_enable 1699is set to 1700.Dq Li YES , 1701these are the flags to pass to it. 1702.It Va amd_enable 1703.Pq Vt bool 1704If set to 1705.Dq Li YES , 1706run the 1707.Xr amd 8 1708daemon at boot time. 1709.It Va amd_flags 1710.Pq Vt str 1711If 1712.Va amd_enable 1713is set to 1714.Dq Li YES , 1715these are the flags to pass to it. 1716See the 1717.Xr amd 8 1718manpage for more information. 1719.It Va amd_map_program 1720.Pq Vt str 1721If set, 1722the specified program is run to get the list of 1723.Xr amd 8 1724maps. 1725For example, if the 1726.Xr amd 8 1727maps are stored in NIS, one can set this to 1728run 1729.Xr ypcat 1 1730to get a list of 1731.Xr amd 8 1732maps from the 1733.Pa amd.master 1734NIS map. 1735.It Va update_motd 1736.Pq Vt bool 1737If set to 1738.Dq Li YES , 1739.Pa /etc/motd 1740will be updated at boot time to reflect the kernel release 1741being run. 1742If set to 1743.Dq Li NO , 1744.Pa /etc/motd 1745will not be updated. 1746.It Va nfs_client_enable 1747.Pq Vt bool 1748If set to 1749.Dq Li YES , 1750run the NFS client daemons at boot time. 1751.It Va nfs_access_cache 1752.Pq Vt int 1753If 1754.Va nfs_client_enable 1755is set to 1756.Dq Li YES , 1757this can be set to 1758.Dq Li 0 1759to disable NFS ACCESS RPC caching, or to the number of seconds for which 1760NFS ACCESS 1761results should be cached. 1762A value of 2-10 seconds will substantially reduce network 1763traffic for many NFS operations. 1764.It Va nfs_server_enable 1765.Pq Vt bool 1766If set to 1767.Dq Li YES , 1768run the NFS server daemons at boot time. 1769.It Va nfs_server_flags 1770.Pq Vt str 1771If 1772.Va nfs_server_enable 1773is set to 1774.Dq Li YES , 1775these are the flags to pass to the 1776.Xr nfsd 8 1777daemon. 1778.It Va idmapd_enable 1779.Pq Vt bool 1780If set to 1781.Dq Li YES , 1782run the ID mapping daemon for NFS version 4. 1783.It Va idmapd_flags 1784.Pq Vt str 1785If 1786.Va idmapd_enable 1787is set to 1788.Dq Li YES , 1789these are the flags to pass to the 1790.Xr idmapd 8 1791daemon. 1792.It Va mountd_enable 1793.Pq Vt bool 1794If set to 1795.Dq Li YES , 1796and no 1797.Va nfs_server_enable 1798is set, start 1799.Xr mountd 8 , 1800but not 1801.Xr nfsd 8 1802daemon. 1803It is commonly needed to run CFS without real NFS used. 1804.It Va mountd_flags 1805.Pq Vt str 1806If 1807.Va mountd_enable 1808is set to 1809.Dq Li YES , 1810these are the flags to pass to the 1811.Xr mountd 8 1812daemon. 1813.It Va weak_mountd_authentication 1814.Pq Vt bool 1815If set to 1816.Dq Li YES , 1817allow services like PCNFSD to make non-privileged mount 1818requests. 1819.It Va nfs_reserved_port_only 1820.Pq Vt bool 1821If set to 1822.Dq Li YES , 1823provide NFS services only on a secure port. 1824.It Va nfs_bufpackets 1825.Pq Vt int 1826If set to a number, indicates the number of packets worth of 1827socket buffer space to reserve on an NFS client. 1828The kernel default is typically 4. 1829Using a higher number may be 1830useful on gigabit networks to improve performance. 1831The minimum value is 18322 and the maximum is 64. 1833.It Va rpc_lockd_enable 1834.Pq Vt bool 1835If set to 1836.Dq Li YES 1837and also an NFS server or client, run 1838.Xr rpc.lockd 8 1839at boot time. 1840.It Va rpc_lockd_flags 1841.Pq Vt str 1842If 1843.Va rpc_lockd_enable 1844is set to 1845.Dq Li YES , 1846these are the flags to pass to the 1847.Xr rpc.lockd 8 1848daemon. 1849.It Va rpc_statd_enable 1850.Pq Vt bool 1851If set to 1852.Dq Li YES 1853and also an NFS server or client, run 1854.Xr rpc.statd 8 1855at boot time. 1856.It Va rpc_statd_flags 1857.Pq Vt str 1858If 1859.Va rpc_statd_enable 1860is set to 1861.Dq Li YES , 1862these are the flags to pass to the 1863.Xr rpc.statd 8 1864daemon. 1865.It Va rpcbind_program 1866.Pq Vt str 1867Path to 1868.Xr rpcbind 8 1869(default 1870.Pa /usr/sbin/rpcbind ) . 1871.It Va rpcbind_enable 1872.Pq Vt bool 1873If set to 1874.Dq Li YES , 1875run the 1876.Xr rpcbind 8 1877service at boot time. 1878.It Va rpcbind_flags 1879.Pq Vt str 1880If 1881.Va rpcbind_enable 1882is set to 1883.Dq Li YES , 1884these are the flags to pass to the 1885.Xr rpcbind 8 1886daemon. 1887.It Va keyserv_enable 1888.Pq Vt bool 1889If set to 1890.Dq Li YES , 1891run the 1892.Xr keyserv 8 1893daemon on boot for running Secure RPC. 1894.It Va keyserv_flags 1895.Pq Vt str 1896If 1897.Va keyserv_enable 1898is set to 1899.Dq Li YES , 1900these are the flags to pass to 1901.Xr keyserv 8 1902daemon. 1903.It Va pppoed_enable 1904.Pq Vt bool 1905If set to 1906.Dq Li YES , 1907run the 1908.Xr pppoed 8 1909daemon at boot time to provide PPP over Ethernet services. 1910.It Va pppoed_ Ns Aq Ar provider 1911.Pq Vt str 1912.Xr pppoed 8 1913listens to requests to this 1914.Ar provider 1915and ultimately runs 1916.Xr ppp 8 1917with a 1918.Ar system 1919argument of the same name. 1920.It Va pppoed_flags 1921.Pq Vt str 1922Additional flags to pass to 1923.Xr pppoed 8 . 1924.It Va pppoed_interface 1925.Pq Vt str 1926The network interface to run 1927.Xr pppoed 8 1928on. 1929This is mandatory when 1930.Va pppoed_enable 1931is set to 1932.Dq Li YES . 1933.It Va timed_enable 1934.Pq Vt bool 1935If set to 1936.Dq Li YES , 1937run the 1938.Xr timed 8 1939service at boot time. 1940This command is intended for networks of 1941machines where a consistent 1942.Dq "network time" 1943for all hosts must be established. 1944This is often useful in large NFS 1945environments where time stamps on files are expected to be consistent 1946network-wide. 1947.It Va timed_flags 1948.Pq Vt str 1949If 1950.Va timed_enable 1951is set to 1952.Dq Li YES , 1953these are the flags to pass to the 1954.Xr timed 8 1955service. 1956.It Va ntpdate_enable 1957.Pq Vt bool 1958If set to 1959.Dq Li YES , 1960run 1961.Xr ntpdate 8 1962at system startup. 1963This command is intended to 1964synchronize the system clock only 1965.Em once 1966from some standard reference. 1967An option to set this up initially 1968(from a list of known servers) is also provided by the 1969.Xr sysinstall 8 1970program when the system is first installed. 1971.It Va ntpdate_config 1972.Pq Vt str 1973Configuration file for 1974.Xr ntpdate 8 . 1975Default 1976.Pa /etc/ntp.conf . 1977.It Va ntpdate_hosts 1978.Pq Vt str 1979A whitespace-separated list of NTP servers to synchronize with at startup. 1980The default is to use the servers listed in 1981.Va ntpdate_config , 1982if that file exists. 1983.It Va ntpdate_program 1984.Pq Vt str 1985Path to 1986.Xr ntpdate 8 1987(default 1988.Pa /usr/sbin/ntpdate ) . 1989.It Va ntpdate_flags 1990.Pq Vt str 1991If 1992.Va ntpdate_enable 1993is set to 1994.Dq Li YES , 1995these are the flags to pass to the 1996.Xr ntpdate 8 1997command (typically a hostname). 1998.It Va ntpd_enable 1999.Pq Vt bool 2000If set to 2001.Dq Li YES , 2002run the 2003.Xr ntpd 8 2004command at boot time. 2005.It Va ntpd_program 2006.Pq Vt str 2007Path to 2008.Xr ntpd 8 2009(default 2010.Pa /usr/sbin/ntpd ) . 2011.It Va ntpd_config 2012.Pq Vt str 2013Path to 2014.Xr ntpd 8 2015configuration file. 2016Default 2017.Pa /etc/ntp.conf . 2018.It Va ntpd_flags 2019.Pq Vt str 2020If 2021.Va ntpd_enable 2022is set to 2023.Dq Li YES , 2024these are the flags to pass to the 2025.Xr ntpd 8 2026daemon. 2027.It Va ntpd_sync_on_start 2028.Pq Vt bool 2029If set to 2030.Dq Li YES , 2031.Xr ntpd 8 2032is run with the 2033.Fl g 2034flag, which syncs the system's clock on startup. 2035See 2036.Xr ntpd 8 2037for more information regarding the 2038.Fl g 2039option. 2040This is a preferred alternative to using 2041.Xr ntpdate 8 2042or specifying the 2043.Va ntpdate_enable 2044variable. 2045.It Va nis_client_enable 2046.Pq Vt bool 2047If set to 2048.Dq Li YES , 2049run the 2050.Xr ypbind 8 2051service at system boot time. 2052.It Va nis_client_flags 2053.Pq Vt str 2054If 2055.Va nis_client_enable 2056is set to 2057.Dq Li YES , 2058these are the flags to pass to the 2059.Xr ypbind 8 2060service. 2061.It Va nis_ypset_enable 2062.Pq Vt bool 2063If set to 2064.Dq Li YES , 2065run the 2066.Xr ypset 8 2067daemon at system boot time. 2068.It Va nis_ypset_flags 2069.Pq Vt str 2070If 2071.Va nis_ypset_enable 2072is set to 2073.Dq Li YES , 2074these are the flags to pass to the 2075.Xr ypset 8 2076daemon. 2077.It Va nis_server_enable 2078.Pq Vt bool 2079If set to 2080.Dq Li YES , 2081run the 2082.Xr ypserv 8 2083daemon at system boot time. 2084.It Va nis_server_flags 2085.Pq Vt str 2086If 2087.Va nis_server_enable 2088is set to 2089.Dq Li YES , 2090these are the flags to pass to the 2091.Xr ypserv 8 2092daemon. 2093.It Va nis_ypxfrd_enable 2094.Pq Vt bool 2095If set to 2096.Dq Li YES , 2097run the 2098.Xr rpc.ypxfrd 8 2099daemon at system boot time. 2100.It Va nis_ypxfrd_flags 2101.Pq Vt str 2102If 2103.Va nis_ypxfrd_enable 2104is set to 2105.Dq Li YES , 2106these are the flags to pass to the 2107.Xr rpc.ypxfrd 8 2108daemon. 2109.It Va nis_yppasswdd_enable 2110.Pq Vt bool 2111If set to 2112.Dq Li YES , 2113run the 2114.Xr rpc.yppasswdd 8 2115daemon at system boot time. 2116.It Va nis_yppasswdd_flags 2117.Pq Vt str 2118If 2119.Va nis_yppasswdd_enable 2120is set to 2121.Dq Li YES , 2122these are the flags to pass to the 2123.Xr rpc.yppasswdd 8 2124daemon. 2125.It Va rpc_ypupdated_enable 2126.Pq Vt bool 2127If set to 2128.Dq Li YES , 2129run the 2130.Nm rpc.ypupdated 2131daemon at system boot time. 2132.It Va bsnmpd_enable 2133.Pq Vt bool 2134If set to 2135.Dq Li YES , 2136run the 2137.Xr bsnmpd 1 2138daemon at system boot time. 2139Be sure to understand the security implications of running SNMP daemon 2140on your host. 2141.It Va bsnmpd_flags 2142.Pq Vt str 2143If 2144.Va bsnmpd_enable 2145is set to 2146.Dq Li YES , 2147these are the flags to pass to the 2148.Xr bsnmpd 1 2149daemon. 2150.It Va defaultrouter 2151.Pq Vt str 2152If not set to 2153.Dq Li NO , 2154create a default route to this host name or IP address 2155(use an IP address if this router is also required to get to the 2156name server!). 2157.It Va ipv6_defaultrouter 2158.Pq Vt str 2159The IPv6 equivalent of 2160.Va defaultrouter . 2161.It Va static_routes 2162.Pq Vt str 2163Set to the list of static routes that are to be added at system 2164boot time. 2165If not set to 2166.Dq Li NO 2167then for each whitespace separated 2168.Ar element 2169in the value, a 2170.Va route_ Ns Aq Ar element 2171variable is assumed to exist 2172whose contents will later be passed to a 2173.Dq Nm route Cm add 2174operation. 2175For example: 2176.Bd -literal 2177static_routes="mcast gif0local" 2178route_mcast="-net 224.0.0.0/4 -iface gif0" 2179route_gif0local="-host 169.254.1.1 -iface lo0" 2180.Ed 2181.It Va ipv6_static_routes 2182.Pq Vt str 2183The IPv6 equivalent of 2184.Va static_routes . 2185If not set to 2186.Dq Li NO 2187then for each whitespace separated 2188.Ar element 2189in the value, a 2190.Va ipv6_route_ Ns Aq Ar element 2191variable is assumed to exist 2192whose contents will later be passed to a 2193.Dq Nm route Cm add Fl inet6 2194operation. 2195.It Va natm_static_routes 2196.Pq Vt str 2197The 2198.Xr natmip 4 2199equivalent of 2200.Va static_routes . 2201If not empty then for each whitespace separated 2202.Ar element 2203in the value, a 2204.Va route_ Ns Aq Ar element 2205variable is assumed to exist whose contents will later be passed to a 2206.Dq Nm atmconfig Cm natm Cm add 2207operation. 2208.It Va gateway_enable 2209.Pq Vt bool 2210If set to 2211.Dq Li YES , 2212configure host to act as an IP router, e.g.\& to forward packets 2213between interfaces. 2214.It Va ipv6_gateway_enable 2215.Pq Vt bool 2216The IPv6 equivalent of 2217.Va gateway_enable . 2218.It Va router_enable 2219.Pq Vt bool 2220If set to 2221.Dq Li YES , 2222run a routing daemon of some sort, based on the 2223settings of 2224.Va router 2225and 2226.Va router_flags . 2227.It Va ipv6_router_enable 2228.Pq Vt bool 2229The IPv6 equivalent of 2230.Va router_enable . 2231If set to 2232.Dq Li YES , 2233run a routing daemon of some sort, based on the 2234settings of 2235.Va ipv6_router 2236and 2237.Va ipv6_router_flags . 2238.It Va router 2239.Pq Vt str 2240If 2241.Va router_enable 2242is set to 2243.Dq Li YES , 2244this is the name of the routing daemon to use. 2245.It Va ipv6_router 2246.Pq Vt str 2247The IPv6 equivalent of 2248.Va router . 2249.It Va router_flags 2250.Pq Vt str 2251If 2252.Va router_enable 2253is set to 2254.Dq Li YES , 2255these are the flags to pass to the routing daemon. 2256.It Va ipv6_router_flags 2257.Pq Vt str 2258The IPv6 equivalent of 2259.Va router_flags . 2260.It Va mrouted_enable 2261.Pq Vt bool 2262If set to 2263.Dq Li YES , 2264run the multicast routing daemon, 2265.Xr mrouted 8 . 2266.It Va mroute6d_enable 2267.Pq Vt bool 2268The IPv6 equivalent of 2269.Va mrouted_enable . 2270If set to 2271.Dq Li YES , 2272run the IPv6 multicast routing daemon. 2273.Pp 2274Note that multicast routing daemons are no longer included in the 2275.Fx 2276base system, however, both 2277.Xr mrouted 8 2278and 2279.Xr pim6dd 8 2280may be installed from the 2281.Fx 2282Ports Collection. 2283.It Va mrouted_flags 2284.Pq Vt str 2285If 2286.Va mrouted_enable 2287is set to 2288.Dq Li YES , 2289these are the flags to pass to the 2290.Xr mrouted 8 2291daemon. 2292.It Va mroute6d_flags 2293.Pq Vt str 2294The IPv6 equivalent of 2295.Va mrouted_flags . 2296If 2297.Va mroute6d_enable 2298is set to 2299.Dq Li YES , 2300these are the flags passed to the IPv6 multicast routing daemon. 2301.It Va mroute6d_program 2302.Pq Vt str 2303If 2304.Va mroute6d_enable 2305is set to 2306.Dq Li YES , 2307this is the path to the IPv6 multicast routing daemon. 2308.It Va rtadvd_enable 2309.Pq Vt bool 2310If set to 2311.Dq Li YES , 2312run the 2313.Xr rtadvd 8 2314daemon at boot time. 2315.Xr rtadvd 8 2316will only run if 2317.Va ipv6_gateway_enable 2318is also set to 2319.Dq Li YES . 2320The 2321.Xr rtadvd 8 2322utility sends router advertisement packets to the interfaces specified in 2323.Va rtadvd_interfaces 2324and should only be enabled with great care. 2325You may want to fine-tune 2326.Xr rtadvd.conf 5 . 2327.It Va rtadvd_interfaces 2328.Pq Vt str 2329If 2330.Va rtadvd_enable 2331is set to 2332.Dq Li YES 2333this is the list of interfaces to use. 2334.It Va ipxgateway_enable 2335.Pq Vt bool 2336If set to 2337.Dq Li YES , 2338enable the routing of IPX traffic. 2339.It Va ipxrouted_enable 2340.Pq Vt bool 2341If set to 2342.Dq Li YES , 2343run the 2344.Xr IPXrouted 8 2345daemon at system boot time. 2346.It Va ipxrouted_flags 2347.Pq Vt str 2348If 2349.Va ipxrouted_enable 2350is set to 2351.Dq Li YES , 2352these are the flags to pass to the 2353.Xr IPXrouted 8 2354daemon. 2355.It Va arpproxy_all 2356.Pq Vt bool 2357If set to 2358.Dq Li YES , 2359enable global proxy ARP. 2360.It Va forward_sourceroute 2361.Pq Vt bool 2362If set to 2363.Dq Li YES 2364and 2365.Va gateway_enable 2366is also set to 2367.Dq Li YES , 2368source-routed packets are forwarded. 2369.It Va accept_sourceroute 2370.Pq Vt bool 2371If set to 2372.Dq Li YES , 2373the system will accept source-routed packets directed at it. 2374.It Va rarpd_enable 2375.Pq Vt bool 2376If set to 2377.Dq Li YES , 2378run the 2379.Xr rarpd 8 2380daemon at system boot time. 2381.It Va rarpd_flags 2382.Pq Vt str 2383If 2384.Va rarpd_enable 2385is set to 2386.Dq Li YES , 2387these are the flags to pass to the 2388.Xr rarpd 8 2389daemon. 2390.It Va bootparamd_enable 2391.Pq Vt bool 2392If set to 2393.Dq Li YES , 2394run the 2395.Xr bootparamd 8 2396daemon at system boot time. 2397.It Va bootparamd_flags 2398.Pq Vt str 2399If 2400.Va bootparamd_enable 2401is set to 2402.Dq Li YES , 2403these are the flags to pass to the 2404.Xr bootparamd 8 2405daemon. 2406.It Va stf_interface_ipv4addr 2407.Pq Vt str 2408If not set to 2409.Dq Li NO , 2410this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2411interface). 2412Specify this entry to enable the 6to4 interface. 2413.It Va stf_interface_ipv4plen 2414.Pq Vt int 2415Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2416An effective value is 0-31. 2417.It Va stf_interface_ipv6_ifid 2418.Pq Vt str 2419IPv6 interface ID for 2420.Xr stf 4 . 2421This can be set to 2422.Dq Li AUTO . 2423.It Va stf_interface_ipv6_slaid 2424.Pq Vt str 2425IPv6 Site Level Aggregator for 2426.Xr stf 4 . 2427.It Va ipv6_faith_prefix 2428.Pq Vt str 2429If not set to 2430.Dq Li NO , 2431this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2432translator. 2433You also need 2434.Xr faithd 8 2435setup. 2436.It Va ipv6_ipv4mapping 2437.Pq Vt bool 2438If set to 2439.Dq Li YES 2440this enables IPv4 mapped IPv6 address communication (like 2441.Li ::ffff:a.b.c.d ) . 2442.It Va atm_enable 2443.Pq Vt bool 2444Set to 2445.Dq Li YES 2446to enable the configuration of ATM interfaces at system boot time. 2447For all of the ATM variables described below, please refer to the 2448.Xr atm 8 2449manual page for further details on the available command parameters. 2450Also refer to the files in 2451.Pa /usr/share/examples/atm 2452for more detailed configuration information. 2453.It Va atm_load 2454.Pq Vt str 2455This is a list of physical ATM interface drivers to load. 2456Typical values are 2457.Dq Li hfa_pci 2458and/or 2459.Dq Li hea_pci . 2460.It Va atm_netif_ Ns Aq Ar intf 2461.Pq Vt str 2462For the ATM physical interface 2463.Ar intf , 2464this variable defines the name prefix and count for the ATM network 2465interfaces to be created. 2466The value will be passed as the parameters of an 2467.Dq Nm atm Cm "set netif" Ar intf 2468command. 2469.It Va atm_sigmgr_ Ns Aq Ar intf 2470.Pq Vt str 2471For the ATM physical interface 2472.Ar intf , 2473this variable defines the ATM signalling manager to be used. 2474The value will be passed as the parameters of an 2475.Dq Nm atm Cm attach Ar intf 2476command. 2477.It Va atm_prefix_ Ns Aq Ar intf 2478.Pq Vt str 2479For the ATM physical interface 2480.Ar intf , 2481this variable defines the NSAP prefix for interfaces using a UNI signalling 2482manager. 2483If set to 2484.Dq Li ILMI , 2485the prefix will automatically be set via the 2486.Xr ilmid 8 2487daemon. 2488Otherwise, the value will be passed as the parameters of an 2489.Dq Nm atm Cm "set prefix" Ar intf 2490command. 2491.It Va atm_macaddr_ Ns Aq Ar intf 2492.Pq Vt str 2493For the ATM physical interface 2494.Ar intf , 2495this variable defines the MAC address for interfaces using a UNI signalling 2496manager. 2497If set to 2498.Dq Li NO , 2499the hardware MAC address contained in the ATM interface card will be used. 2500Otherwise, the value will be passed as the parameters of an 2501.Dq Nm atm Cm "set mac" Ar intf 2502command. 2503.It Va atm_arpserver_ Ns Aq Ar netif 2504.Pq Vt str 2505For the ATM network interface 2506.Ar netif , 2507this variable defines the ATM address for a host which is to provide ATMARP 2508service. 2509This variable is only applicable to interfaces using a UNI signalling 2510manager. 2511If set to 2512.Dq Li local , 2513this host will become an ATMARP server. 2514The value will be passed as the parameters of an 2515.Dq Nm atm Cm "set arpserver" Ar netif 2516command. 2517.It Va atm_scsparp_ Ns Aq Ar netif 2518.Pq Vt bool 2519If set to 2520.Dq Li YES , 2521SCSP/ATMARP service for the network interface 2522.Ar netif 2523will be initiated using the 2524.Xr scspd 8 2525and 2526.Xr atmarpd 8 2527daemons. 2528This variable is only applicable if 2529.Va atm_arpserver_ Ns Aq Ar netif 2530is set to 2531.Dq Li local . 2532.It Va atm_pvcs 2533.Pq Vt str 2534Set to the list of ATM PVCs to be added at system 2535boot time. 2536For each whitespace separated 2537.Ar element 2538in the value, an 2539.Va atm_pvc_ Ns Aq Ar element 2540variable is assumed to exist. 2541The value of each of these variables 2542will be passed as the parameters of an 2543.Dq Nm atm Cm "add pvc" 2544command. 2545.It Va atm_arps 2546.Pq Vt str 2547Set to the list of permanent ATM ARP entries to be added 2548at system boot time. 2549For each whitespace separated 2550.Ar element 2551in the value, an 2552.Va atm_arp_ Ns Aq Ar element 2553variable is assumed to exist. 2554The value of each of these variables 2555will be passed as the parameters of an 2556.Dq Nm atm Cm "add arp" 2557command. 2558.It Va natm_interfaces 2559.Pq Vt str 2560Set to the list of 2561.Xr natm 4 2562interfaces that will also be used for HARP through 2563.Xr harp 4 . 2564If this list is not empty all interfaces in the list will be brought up 2565with 2566.Xr ifconfig 8 2567and 2568.Xr harp 4 2569will be loaded. 2570For this to work the interface drivers must be either compiled into the 2571kernel or must reside on the root partition. 2572.It Va keybell 2573.Pq Vt str 2574The keyboard bell sound. 2575Set to 2576.Dq Li normal , 2577.Dq Li visual , 2578.Dq Li off , 2579or 2580.Dq Li NO 2581if the default behavior is desired. 2582For details, refer to the 2583.Xr kbdcontrol 1 2584manpage. 2585.It Va keyboard 2586.Pq Vt str 2587If set to a non-null string, the virtual console's keyboard input is 2588set to this device. 2589.It Va keymap 2590.Pq Vt str 2591If set to 2592.Dq Li NO , 2593no keymap is installed, otherwise the value is used to install 2594the keymap file in 2595.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2596.It Va keyrate 2597.Pq Vt str 2598The keyboard repeat speed. 2599Set to 2600.Dq Li slow , 2601.Dq Li normal , 2602.Dq Li fast , 2603or 2604.Dq Li NO 2605if the default behavior is desired. 2606.It Va keychange 2607.Pq Vt str 2608If not set to 2609.Dq Li NO , 2610attempt to program the function keys with the value. 2611The value should 2612be a single string of the form: 2613.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2614.It Va cursor 2615.Pq Vt str 2616Can be set to the value of 2617.Dq Li normal , 2618.Dq Li blink , 2619.Dq Li destructive , 2620or 2621.Dq Li NO 2622to set the cursor behavior explicitly or choose the default behavior. 2623.It Va scrnmap 2624.Pq Vt str 2625If set to 2626.Dq Li NO , 2627no screen map is installed, otherwise the value is used to install 2628the screen map file in 2629.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2630.It Va font8x16 2631.Pq Vt str 2632If set to 2633.Dq Li NO , 2634the default 8x16 font value is used for screen size requests, otherwise 2635the value in 2636.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2637is used. 2638.It Va font8x14 2639.Pq Vt str 2640If set to 2641.Dq Li NO , 2642the default 8x14 font value is used for screen size requests, otherwise 2643the value in 2644.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2645is used. 2646.It Va font8x8 2647.Pq Vt str 2648If set to 2649.Dq Li NO , 2650the default 8x8 font value is used for screen size requests, otherwise 2651the value in 2652.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2653is used. 2654.It Va blanktime 2655.Pq Vt int 2656If set to 2657.Dq Li NO , 2658the default screen blanking interval is used, otherwise it is set 2659to 2660.Ar value 2661seconds. 2662.It Va saver 2663.Pq Vt str 2664If not set to 2665.Dq Li NO , 2666this is the actual screen saver to use 2667.Li ( blank , snake , daemon , 2668etc). 2669.It Va moused_nondefault_enable 2670.Pq Vt str 2671If set to 2672.Dq Li NO , 2673the mouse device specified on 2674the command line is not automatically treated as enabled by the 2675.Pa /etc/rc.d/moused 2676script. 2677Having this variable set to 2678.Dq Li YES 2679allows a 2680.Xr usb 4 2681mouse, 2682for example, 2683to be enabled as soon as it is plugged in. 2684.It Va moused_enable 2685.Pq Vt str 2686If set to 2687.Dq Li YES , 2688the 2689.Xr moused 8 2690daemon is started for doing cut/paste selection on the console. 2691.It Va moused_type 2692.Pq Vt str 2693This is the protocol type of the mouse connected to this host. 2694This variable must be set if 2695.Va moused_enable 2696is set to 2697.Dq Li YES . 2698The 2699.Xr moused 8 2700daemon 2701is able to detect the appropriate mouse type automatically in many cases. 2702Set this variable to 2703.Dq Li auto 2704to let the daemon detect it, or 2705select one from the following list if the automatic detection fails. 2706.Pp 2707If the mouse is attached to the PS/2 mouse port, choose 2708.Dq Li auto 2709or 2710.Dq Li ps/2 , 2711regardless of the brand and model of the mouse. 2712Likewise, if the 2713mouse is attached to the bus mouse port, choose 2714.Dq Li auto 2715or 2716.Dq Li busmouse . 2717All other protocols are for serial mice and will not work with 2718the PS/2 and bus mice. 2719If this is a USB mouse, 2720.Dq Li auto 2721is the only protocol type which will work. 2722.Pp 2723.Bl -tag -width ".Li x10mouseremote" -compact 2724.It Li microsoft 2725Microsoft mouse (serial) 2726.It Li intellimouse 2727Microsoft IntelliMouse (serial) 2728.It Li mousesystems 2729Mouse systems Corp.\& mouse (serial) 2730.It Li mmseries 2731MM Series mouse (serial) 2732.It Li logitech 2733Logitech mouse (serial) 2734.It Li busmouse 2735A bus mouse 2736.It Li mouseman 2737Logitech MouseMan and TrackMan (serial) 2738.It Li glidepoint 2739ALPS GlidePoint (serial) 2740.It Li thinkingmouse 2741Kensington ThinkingMouse (serial) 2742.It Li ps/2 2743PS/2 mouse 2744.It Li mmhittab 2745MM HitTablet (serial) 2746.It Li x10mouseremote 2747X10 MouseRemote (serial) 2748.It Li versapad 2749Interlink VersaPad (serial) 2750.El 2751.Pp 2752Even if the mouse is not in the above list, it may be compatible 2753with one in the list. 2754Refer to the manual page for 2755.Xr moused 8 2756for compatibility information. 2757.Pp 2758It should also be noted that while this is enabled, any 2759other client of the mouse (such as an X server) should access 2760the mouse through the virtual mouse device, 2761.Pa /dev/sysmouse , 2762and configure it as a 2763.Dq Li sysmouse 2764type mouse, since all 2765mouse data is converted to this single canonical format when 2766using 2767.Xr moused 8 . 2768If the client program does not support the 2769.Dq Li sysmouse 2770type, 2771specify the 2772.Dq Li mousesystems 2773type. 2774It is the second preferred type. 2775.It Va moused_port 2776.Pq Vt str 2777If 2778.Va moused_enable 2779is set to 2780.Dq Li YES , 2781this is the actual port the mouse is on. 2782It might be 2783.Pa /dev/cuad0 2784for a COM1 serial mouse, 2785.Pa /dev/psm0 2786for a PS/2 mouse or 2787.Pa /dev/mse0 2788for a bus mouse, for example. 2789.It Va moused_flags 2790.Pq Vt str 2791If 2792.Va moused_flags 2793is set, its value is used as an additional set of flags to pass to the 2794.Xr moused 8 2795daemon. 2796.It Va "moused_" Ns Ar XXX Ns Va "_flags" 2797When 2798.Va moused_nondefault_enable 2799is enabled, and a 2800.Xr moused 8 2801daemon is started for a non-default port, the 2802.Va "moused_" Ns Ar XXX Ns Va "_flags" 2803set of options has precedence over and replaces the default 2804.Va moused_flags (where 2805.Ar XXX 2806is the name of the non-default port, i.e.\& 2807.Ar ums0 ) . 2808By setting 2809.Va "moused_" Ns Ar XXX Ns Va "_flags" 2810it is possible to set up a different set of default flags for each 2811.Xr moused 8 2812instance. 2813For example, you can use 2814.Dq Li "-3" 2815for the default 2816.Va moused_flags 2817to make your laptop's touchpad more comfortable to use, 2818but an empty set of options for 2819.Va moused_ums0_flags 2820when your 2821.Xr usb 4 2822mouse has three or more buttons. 2823.It Va mousechar_start 2824.Pq Vt int 2825If set to 2826.Dq Li NO , 2827the default mouse cursor character range 2828.Li 0xd0 Ns - Ns Li 0xd3 2829is used, 2830otherwise the range start is set 2831to 2832.Ar value 2833character, see 2834.Xr vidcontrol 1 . 2835Use if the default range is occupied in the language code table. 2836.It Va allscreens_flags 2837.Pq Vt str 2838If set, 2839.Xr vidcontrol 1 2840is run with these options for each of the virtual terminals 2841.Pq Pa /dev/ttyv* . 2842For example, 2843.Dq Fl m Cm on 2844will enable the mouse pointer on all virtual terminals 2845if 2846.Va moused_enable 2847is set to 2848.Dq Li YES . 2849.It Va allscreens_kbdflags 2850.Pq Vt str 2851If set, 2852.Xr kbdcontrol 1 2853is run with these options for each of the virtual terminals 2854.Pq Pa /dev/ttyv* . 2855For example, 2856.Dq Fl h Li 200 2857will set the 2858.Xr syscons 4 2859scrollback (history) buffer to 200 lines. 2860.It Va cron_enable 2861.Pq Vt bool 2862If set to 2863.Dq Li YES , 2864run the 2865.Xr cron 8 2866daemon at system boot time. 2867.It Va cron_program 2868.Pq Vt str 2869Path to 2870.Xr cron 8 2871(default 2872.Pa /usr/sbin/cron ) . 2873.It Va cron_flags 2874.Pq Vt str 2875If 2876.Va cron_enable 2877is set to 2878.Dq Li YES , 2879these are the flags to pass to 2880.Xr cron 8 . 2881.It Va cron_dst 2882.Pq Vt bool 2883If set to 2884.Dq Li YES , 2885enable the special handling of transitions to and from the 2886Daylight Saving Time in 2887.Xr cron 8 2888(equivalent to using the flag 2889.Fl s ) . 2890.It Va lpd_program 2891.Pq Vt str 2892Path to 2893.Xr lpd 8 2894(default 2895.Pa /usr/sbin/lpd ) . 2896.It Va lpd_enable 2897.Pq Vt bool 2898If set to 2899.Dq Li YES , 2900run the 2901.Xr lpd 8 2902daemon at system boot time. 2903.It Va lpd_flags 2904.Pq Vt str 2905If 2906.Va lpd_enable 2907is set to 2908.Dq Li YES , 2909these are the flags to pass to the 2910.Xr lpd 8 2911daemon. 2912.It Va chkprintcap_enable 2913.Pq Vt bool 2914If set to 2915.Dq Li YES , 2916run the 2917.Xr chkprintcap 8 2918command before starting the 2919.Xr lpd 8 2920daemon. 2921.It Va chkprintcap_flags 2922.Pq Vt str 2923If 2924.Va lpd_enable 2925and 2926.Va chkprintcap_enable 2927are set to 2928.Dq Li YES , 2929these are the flags to pass to the 2930.Xr chkprintcap 8 2931program. 2932The default is 2933.Dq Li -d , 2934which causes missing directories to be created. 2935.It Va mta_start_script 2936.Pq Vt str 2937This variable specifies the full path to the script to run to start 2938a mail transfer agent. 2939The default is 2940.Pa /etc/rc.sendmail . 2941The 2942.Va sendmail_* 2943variables which 2944.Pa /etc/rc.sendmail 2945uses are documented in the 2946.Xr rc.sendmail 8 2947manual page. 2948.It Va dumpdev 2949.Pq Vt str 2950Indicates the device (usually a swap partition) to which a crash dump 2951should be written in the event of a system crash. 2952If the value of this variable is 2953.Dq Li AUTO , 2954the first suitable swap device listed in 2955.Pa /etc/fstab 2956will be used as dump device. 2957Otherwise, the value of this variable is passed as the argument to 2958.Xr dumpon 8 . 2959To disable crash dumps, set this variable to 2960.Dq Li NO . 2961.It Va dumpdir 2962.Pq Vt str 2963When the system reboots after a crash and a crash dump is found on the 2964device specified by the 2965.Va dumpdev 2966variable, 2967.Xr savecore 8 2968will save that crash dump and a copy of the kernel to the directory 2969specified by the 2970.Va dumpdir 2971variable. 2972The default value is 2973.Pa /var/crash . 2974Set to 2975.Dq Li NO 2976to not run 2977.Xr savecore 8 2978at boot time when 2979.Va dumpdir 2980is set. 2981.It Va savecore_flags 2982.Pq Vt str 2983If crash dumps are enabled, these are the flags to pass to the 2984.Xr savecore 8 2985utility. 2986.It Va enable_quotas 2987.Pq Vt bool 2988Set to 2989.Dq Li YES 2990to turn on user and group disk quotas on system startup via the 2991.Xr quotaon 8 2992command for all file systems marked as having quotas enabled in 2993.Pa /etc/fstab . 2994The kernel must be built with 2995.Cd "options QUOTA" 2996for disk quotas to function. 2997.It Va check_quotas 2998.Pq Vt bool 2999Set to 3000.Dq Li YES 3001to enable user and group disk quota checking via the 3002.Xr quotacheck 8 3003command. 3004.It Va quotacheck_flags 3005.Pq Vt str 3006If 3007.Va enable_quotas 3008is set to 3009.Dq Li YES , 3010and 3011.Va check_quotas 3012is set to 3013.Dq Li YES , 3014these are the flags to pass to the 3015.Xr quotacheck 8 3016utility. 3017The default is 3018.Dq Li "-a" , 3019which checks quotas for all file systems with quotas enabled in 3020.Pa /etc/fstab . 3021.It Va quotaon_flags 3022.Pq Vt str 3023If 3024.Va enable_quotas 3025is set to 3026.Dq Li YES , 3027these are the flags to pass to the 3028.Xr quotaon 8 3029utility. 3030The default is 3031.Dq Li "-a" , 3032which enables quotas for all file systems with quotas enabled in 3033.Pa /etc/fstab . 3034.It Va quotaoff_flags 3035.Pq Vt str 3036If 3037.Va enable_quotas 3038is set to 3039.Dq Li YES , 3040these are the flags to pass to the 3041.Xr quotaoff 8 3042utility when shutting down the quota system. 3043The default is 3044.Dq Li "-a" , 3045which disables quotas for all file systems with quotas enabled in 3046.Pa /etc/fstab . 3047.It Va accounting_enable 3048.Pq Vt bool 3049Set to 3050.Dq Li YES 3051to enable system accounting through the 3052.Xr accton 8 3053facility. 3054.It Va ibcs2_enable 3055.Pq Vt bool 3056Set to 3057.Dq Li YES 3058to enable iBCS2 (SCO) binary emulation at system initial boot 3059time. 3060.It Va ibcs2_loaders 3061.Pq Vt str 3062If not set to 3063.Dq Li NO 3064and if 3065.Va ibcs2_enable 3066is set to 3067.Dq Li YES , 3068this specifies a list of additional iBCS2 loaders to enable. 3069.It Va linux_enable 3070.Pq Vt bool 3071Set to 3072.Dq Li YES 3073to enable Linux/ELF binary emulation at system initial 3074boot time. 3075.It Va svr4_enable 3076.Pq Vt bool 3077If set to 3078.Dq Li YES , 3079enable SysVR4 emulation at boot time. 3080.It Va sysvipc_enable 3081.Pq Vt bool 3082If set to 3083.Dq Li YES , 3084load System V IPC primitives at boot time. 3085.It Va clear_tmp_enable 3086.Pq Vt bool 3087Set to 3088.Dq Li YES 3089to have 3090.Pa /tmp 3091cleaned at startup. 3092.It Va clear_tmp_X 3093.Pq Vt bool 3094Set to 3095.Dq Li NO 3096to disable removing of X11 lock files, 3097and the removal and (secure) recreation 3098of the various socket directories for X11 3099related programs. 3100.It Va ldconfig_paths 3101.Pq Vt str 3102Set to the list of shared library paths to use with 3103.Xr ldconfig 8 . 3104NOTE: 3105.Pa /usr/lib 3106will always be added first, so it need not appear in this list. 3107.It Va ldconfig32_paths 3108.Pq Vt str 3109Set to the list of 32-bit compatibility shared library paths to 3110use with 3111.Xr ldconfig 8 . 3112.It Va ldconfig_paths_aout 3113.Pq Vt str 3114Set to the list of shared library paths to use with 3115.Xr ldconfig 8 3116legacy 3117.Xr a.out 5 3118support. 3119.It Va ldconfig_insecure 3120.Pq Vt bool 3121The 3122.Xr ldconfig 8 3123utility normally refuses to use directories 3124which are writable by anyone except root. 3125Set this variable to 3126.Dq Li YES 3127to disable that security check during system startup. 3128.It Va ldconfig_local_dirs 3129.Pq Vt str 3130Set to the list of local 3131.Xr ldconfig 8 3132directories. 3133The names of all files in the directories listed will be 3134passed as arguments to 3135.Xr ldconfig 8 . 3136.It Va ldconfig_local32_dirs 3137.Pq Vt str 3138Set to the list of local 32-bit compatibility 3139.Xr ldconfig 8 3140directories. 3141The names of all files in the directories listed will be 3142passed as arguments to 3143.Dq Nm ldconfig Fl 32 . 3144.It Va kern_securelevel_enable 3145.Pq Vt bool 3146Set to 3147.Dq Li YES 3148to set the kernel security level at system startup. 3149.It Va kern_securelevel 3150.Pq Vt int 3151The kernel security level to set at startup. 3152The allowed range of 3153.Ar value 3154ranges from \-1 (the compile time default) to 3 (the 3155most secure). 3156See 3157.Xr init 8 3158for the list of possible security levels and their effect 3159on system operation. 3160.It Va sshd_program 3161.Pq Vt str 3162Path to the SSH server program 3163.Pa ( /usr/sbin/sshd 3164is the default). 3165.It Va sshd_enable 3166.Pq Vt bool 3167Set to 3168.Dq Li YES 3169to start 3170.Xr sshd 8 3171at system boot time. 3172.It Va sshd_flags 3173.Pq Vt str 3174If 3175.Va sshd_enable 3176is set to 3177.Dq Li YES , 3178these are the flags to pass to the 3179.Xr sshd 8 3180daemon. 3181.It Va ftpd_program 3182.Pq Vt str 3183Path to the FTP server program 3184.Pa ( /usr/libexec/ftpd 3185is the default). 3186.It Va ftpd_enable 3187.Pq Vt bool 3188Set to 3189.Dq Li YES 3190to start 3191.Xr ftpd 8 3192as a stand-alone daemon at system boot time. 3193.It Va ftpd_flags 3194.Pq Vt str 3195If 3196.Va ftpd_enable 3197is set to 3198.Dq Li YES , 3199these are the additional flags to pass to the 3200.Xr ftpd 8 3201daemon. 3202.It Va watchdogd_enable 3203.Pq Vt bool 3204If set to 3205.Dq Li YES , 3206start the 3207.Xr watchdogd 8 3208daemon at boot time. 3209This requires that the kernel have been compiled with a 3210.Xr watchdog 4 3211compatible device. 3212.It Va watchdogd_flags 3213.Pq Vt str 3214If 3215.Va watchdogd_enable 3216is set to 3217.Dq Li YES , 3218these are the flags passed to the 3219.Xr watchdogd 8 3220daemon. 3221.It Va performance_cx_lowest 3222.Pq Vt str 3223CPU idle state to use while on AC power. 3224The string 3225.Dq Li LOW 3226indicates that 3227.Xr acpi 4 3228should use the lowest power state available while 3229.Dq Li HIGH 3230indicates that the lowest latency state (less power savings) should be used. 3231.It Va performance_cpu_freq 3232.Pq Vt str 3233CPU clock frequency to use while on AC power. 3234The string 3235.Dq Li LOW 3236indicates that 3237.Xr cpufreq 4 3238should use the lowest frequency available while 3239.Dq Li HIGH 3240indicates that the highest frequency (less power savings) should be used. 3241.It Va economy_cx_lowest 3242.Pq Vt str 3243CPU idle state to use when off AC power. 3244The string 3245.Dq Li LOW 3246indicates that 3247.Xr acpi 4 3248should use the lowest power state available while 3249.Dq Li HIGH 3250indicates that the lowest latency state (less power savings) should be used. 3251.It Va economy_cpu_freq 3252.Pq Vt str 3253CPU clock frequency to use when off AC power. 3254The string 3255.Dq Li LOW 3256indicates that 3257.Xr cpufreq 4 3258should use the lowest frequency available while 3259.Dq Li HIGH 3260indicates that the highest frequency (less power savings) should be used. 3261.It Va jail_enable 3262.Pq Vt bool 3263If set to 3264.Dq Li NO , 3265any configured jails will not be started. 3266.It Va jail_list 3267.Pq Vt str 3268A space separated list of names for jails. 3269This is purely a configuration aid to help identify and 3270configure multiple jails. 3271The names specified in this list will be used to 3272identify settings common to an instance of a jail. 3273Assuming that the jail in question was named 3274.Li vjail , 3275you would have the following dependent variables: 3276.Bd -literal 3277jail_vjail_hostname="jail.example.com" 3278jail_vjail_ip="192.168.1.100" 3279jail_vjail_rootdir="/var/jails/vjail/root" 3280.Ed 3281.Pp 3282.It Va jail_flags 3283.Pq Vt str 3284Unset by default. 3285When set, use as default value for 3286.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3287for every jail in 3288.Va jail_list . 3289.It Va jail_interface 3290.Pq Vt str 3291Unset by default. 3292When set, use as default value for 3293.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3294for every jail in 3295.Va jail_list . 3296.It Va jail_fstab 3297.Pq Vt str 3298Unset by default. 3299When set, use as default value for 3300.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3301for every jail in 3302.Va jail_list . 3303.It Va jail_mount_enable 3304.Pq Vt bool 3305Set to 3306.Dq Li NO 3307by default. 3308When set to 3309.Dq Li YES , 3310sets 3311.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3312to 3313.Dq Li YES 3314by default for every jail in 3315.Va jail_list . 3316.It Va jail_devfs_ruleset 3317.Pq Vt str 3318Unset by default. 3319When set, sets 3320.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3321to given value for every jail in 3322.Va jail_list . 3323.It Va jail_devfs_enable 3324.Pq Vt bool 3325Set to 3326.Dq Li NO 3327by default. 3328When set to 3329.Dq Li YES , 3330sets 3331.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3332to 3333.Dq Li YES 3334by default for every jail in 3335.Va jail_list . 3336.It Va jail_fdescfs_enable 3337.Pq Vt bool 3338Set to 3339.Dq Li NO 3340by default. 3341When set to 3342.Dq Li YES , 3343sets 3344.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3345to 3346.Dq Li YES 3347by default for every jail in 3348.Va jail_list . 3349.It Va jail_procfs_enable 3350.Pq Vt bool 3351Set to 3352.Dq Li NO 3353by default. 3354When set to 3355.Dq Li YES , 3356sets 3357.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3358to 3359.Dq Li YES 3360by default for every jail in 3361.Va jail_list . 3362.It Va jail_exec_start 3363.Pq Vt str 3364Unset by default. 3365When set, use as default value for 3366.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3367for every jail in 3368.Va jail_list . 3369.It Va jail_exec_afterstart Ns Aq Ar N 3370.Pq Vt str 3371Unset by default. 3372When set, use as default value for 3373.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3374for every jail in 3375.Va jail_list . 3376.It Va jail_exec_stop 3377Unset by default. 3378When set, use as default value for 3379.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3380for every jail in 3381.Va jail_list . 3382.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3383.Pq Vt str 3384Unset by default. 3385Set to the root directory used by jail 3386.Va jname . 3387.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3388.Pq Vt str 3389Unset by default. 3390Set to the fully qualified domain name (FQDN) assigned to jail 3391.Va jname . 3392.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3393.Pq Vt str 3394Unset by default. 3395Set to the IP address assigned to jail 3396.Va jname . 3397.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3398.Pq Vt str 3399Set to 3400.Dq Li -l -U root 3401by default. 3402These are flags to pass to 3403.Xr jail . 3404.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3405.Pq Vt str 3406Unset by default. 3407When set, sets the interface to use when setting IP address alias. 3408Note that the alias is created at jail startup and removed at jail shutdown. 3409.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3410.Pq Vt str 3411Set to 3412.Pa /etc/fstab. Ns Aq Ar jname 3413by default. 3414This is the file system information file to use for jail 3415.Va jname . 3416.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3417.Pq Vt bool 3418Set to 3419.Dq Li NO 3420by default. 3421When set to 3422.Dq Li YES , 3423mount all file systems from 3424.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3425at jail startup. 3426.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3427.Pq Vt str 3428Unset by default. 3429When set, defines the device file system ruleset file to use for jail 3430.Va jname . 3431.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3432.Pq Vt bool 3433Set to 3434.Dq Li NO 3435by default. 3436When set to 3437.Dq Li YES , 3438mount the device file system inside jail 3439.Ar jname 3440at jail startup. 3441.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3442.Pq Vt bool 3443Set to 3444.Dq Li NO 3445by default. 3446When set to 3447.Dq Li YES , 3448mount the file-descriptor file system inside jail 3449.Ar jname 3450at jail startup. 3451.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3452.Pq Vt bool 3453Set to 3454.Dq Li NO 3455by default. 3456When set to 3457.Dq Li YES , 3458mount the process file system inside jail 3459.Ar jname 3460at jail startup. 3461.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3462.Pq Vt str 3463Set to 3464.Dq Li /bin/sh /etc/rc 3465by default. 3466This is the command executed at jail startup. 3467.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3468.Pq Vt str 3469Unset by default. 3470This is the command run as 3471.Ar N Ns 3472th command 3473after jail startup, where 3474.Ar N 3475is 1, 2, and so on. 3476.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3477.Pq Vt str 3478Set to 3479.Dq Li /bin/sh /etc/rc.shutdown 3480by default. 3481This is the command executed at jail shutdown. 3482.It Va jail_set_hostname_allow 3483.Pq Vt bool 3484If set to 3485.Dq Li NO , 3486do not allow the root user in a jail to set its hostname. 3487.It Va jail_socket_unixiproute_only 3488.Pq Vt bool 3489If set to 3490.Dq Li YES , 3491do not allow any sockets, 3492besides UNIX/IP/route sockets, 3493to be used within a jail. 3494.It Va jail_sysvipc_allow 3495.Pq Vt bool 3496If set to 3497.Dq Li YES , 3498allow applications within a jail to use System V IPC. 3499.\" ----- ISDN settings --------------------------------- 3500.It Va isdn_enable 3501.Pq Vt bool 3502Set to 3503.Dq Li NO 3504by default. 3505When set to 3506.Dq Li YES , 3507starts the 3508.Xr isdnd 8 3509daemon 3510at system boot time. 3511.It Va isdn_flags 3512.Pq Vt str 3513Set to 3514.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3515by default. 3516Additional flags to pass to 3517.Xr isdnd 8 3518(but see 3519.Va isdn_fsdev 3520and 3521.Va isdn_ttype 3522for certain tunable parameters). 3523.It Va isdn_ttype 3524.Pq Vt str 3525Set to 3526.Dq Li cons25 3527by default. 3528The terminal type of the output device when 3529.Xr isdnd 8 3530operates in full-screen mode. 3531.It Va isdn_screenflags 3532.Pq Vt str 3533Set to 3534.Dq Li NO 3535by default. 3536The video mode for full-screen mode (only for 3537.Xr syscons 4 3538console driver, see 3539.Xr vidcontrol 1 3540for valid modes). 3541.It Va isdn_fsdev 3542.Pq Vt str 3543Set to 3544.Dq Li NO 3545by default. 3546The output device for 3547.Xr isdnd 8 3548in full-screen mode (or 3549.Dq Li NO 3550for daemon mode). 3551.It Va isdn_trace 3552.Pq Vt bool 3553Set to 3554.Dq Li NO 3555by default. 3556When set to 3557.Dq Li YES , 3558enables the ISDN protocol trace utility 3559.Xr isdntrace 8 3560at system boot time. 3561.It Va isdn_traceflags 3562.Pq Vt str 3563Set to 3564.Dq Fl f Pa /var/tmp/isdntrace0 3565by default. 3566Flags for 3567.Xr isdntrace 8 . 3568.\" ----------------------------------------------------- 3569.It Va harvest_interrupt 3570.Pq Vt bool 3571Set to 3572.Dq Li YES 3573to use hardware interrupts as an entropy source. 3574Refer to 3575.Xr random 4 3576for more information. 3577.It Va harvest_ethernet 3578.Pq Vt bool 3579Set to 3580.Dq Li YES 3581to use LAN traffic as an entropy source. 3582Refer to 3583.Xr random 4 3584for more information. 3585.It Va harvest_p_to_p 3586.Pq Vt bool 3587Set to 3588.Dq Li YES 3589to use serial line traffic as an entropy source. 3590Refer to 3591.Xr random 4 3592for more information. 3593.It Va entropy_dir 3594.Pq Vt str 3595Set to 3596.Dq Li NO 3597to disable caching entropy via 3598.Xr cron 8 . 3599Otherwise set to the directory used to store entropy files in. 3600.It Va entropy_file 3601.Pq Vt str 3602Set to 3603.Dq Li NO 3604to disable caching entropy through reboots. 3605Otherwise set to the filename used to store cached entropy through 3606reboots. 3607This file should be located on the root file system to seed the 3608.Xr random 4 3609device as early as possible in the boot process. 3610.It Va entropy_save_sz 3611.Pq Vt int 3612Size of the entropy cache files saved by 3613.Nm save-entropy 3614periodically. 3615.It Va entropy_save_num 3616.Pq Vt int 3617Number of entropy cache files to save by 3618.Nm save-entropy 3619periodically. 3620.It Va ipsec_enable 3621.Pq Vt bool 3622Set to 3623.Dq Li YES 3624to run 3625.Xr setkey 8 3626on 3627.Va ipsec_file 3628at boot time. 3629.It Va ipsec_file 3630.Pq Vt str 3631Configuration file for 3632.Xr setkey 8 . 3633.It Va dmesg_enable 3634.Pq Vt bool 3635Set to 3636.Dq Li YES 3637to save 3638.Xr dmesg 8 3639to 3640.Pa /var/run/dmesg.boot 3641on boot. 3642.It Va rcshutdown_timeout 3643.Pq Vt int 3644If set, start a watchdog timer in the background which will terminate 3645.Pa rc.shutdown 3646if 3647.Xr shutdown 8 3648has not completed within the specified time (in seconds). 3649Notice that in addition to this soft timeout, 3650.Xr init 8 3651also applies a hard timeout for the execution of 3652.Pa rc.shutdown . 3653This is configured via 3654.Xr sysctl 8 3655variable 3656.Va kern.init_shutdown_timeout 3657and defaults to 120 seconds. 3658Setting the value of 3659.Va rcshutdown_timeout 3660to more than 120 seconds will have no effect until the 3661.Xr sysctl 8 3662variable 3663.Va kern.init_shutdown_timeout 3664is also increased. 3665.It Va virecover_enable 3666.Pq Vt bool 3667Set to 3668.Dq Li NO 3669to prevent the system from trying to 3670recover pre-maturely terminated 3671.Xr vi 1 3672sessions. 3673.It Va ugidfw_enable 3674.Pq Vt bool 3675Set to 3676.Dq Li YES 3677to load the 3678.Xr mac_bsdextended 4 3679module upon system initialization and load a default 3680ruleset file. 3681.It Va bsdextended_script 3682.Pq Vt str 3683The default 3684.Xr mac_bsdextended 4 3685ruleset file to load. 3686The default value of this variable is 3687.Pa /etc/rc.bsdextended . 3688.It Va newsyslog_enable 3689.Pq Vt bool 3690If set to 3691.Dq Li YES , 3692run 3693.Xr newsyslog 8 3694command at startup. 3695.It Va newsyslog_flags 3696.Pq Vt str 3697If 3698.Va newsyslog_enable 3699is set to 3700.Dq Li YES , 3701these are the flags to pass to the 3702.Xr newsyslog 8 3703program. 3704The default is 3705.Dq Li -CN , 3706which causes log files flagged with a 3707.Cm C 3708to be created. 3709.It Va mdconfig_md Ns Aq Ar X 3710.Pq Vt str 3711Arguments to 3712.Xr mdconfig 8 3713for 3714.Xr md 4 3715device 3716.Ar X . 3717At minimum a 3718.Fl t Ar type 3719must be specified and either a 3720.Fl s Ar size 3721for malloc or swap backed 3722.Xr md 4 3723devices or a 3724.Fl f Ar file 3725for vnode backed 3726.Xr md 4 3727devices. 3728Note that 3729.Va mdconfig_md Ns Aq Ar X 3730variables are evaluated until one variable is unset or null. 3731.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3732.Pq Vt str 3733Optional arguments passed to 3734.Xr newfs 8 3735to initialize 3736.Xr md 4 3737device 3738.Ar X . 3739.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3740.Pq Vt str 3741An ownership specification passed to 3742.Xr chown 8 3743after the specified 3744.Xr md 4 3745device 3746.Ar X 3747has been mounted. 3748Both the 3749.Xr md 4 3750device and the mount point will be changed. 3751.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3752.Pq Vt str 3753A mode string passed to 3754.Xr chmod 1 3755after the specified 3756.Xr md 4 3757device 3758.Ar X 3759has been mounted. 3760Both the 3761.Xr md 4 3762device and the mount point will be changed. 3763.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3764.Pq Vt str 3765Files to be copied to the mount point of the 3766.Xr md 4 3767device 3768.Ar X 3769after it has been mounted. 3770.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3771.Pq Vt str 3772Command to execute after the specified 3773.Xr md 4 3774device 3775.Ar X 3776has been mounted. 3777Note that the command is passed to 3778.Ic eval 3779and that both 3780.Va _dev 3781and 3782.Va _mp 3783variables can be used to reference respectively the 3784.Xr md 4 3785device and the mount point. 3786Assuming that the 3787.Xr md 4 3788device is 3789.Li md0 , 3790one could set the following: 3791.Bd -literal 3792mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3793.Ed 3794.It Va ramdisk_units 3795.Pq Vt str 3796A list of one or more ramdisk units to configure with 3797.Xr mdconfig 8 3798and 3799.Xr newfs 8 3800in time to be mounted from 3801.Xr fstab 5 . 3802Each listed unit 3803.Ar X 3804must specify at least a 3805.Ar type 3806in a 3807.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3808variable. 3809Note that this way to configure ramdisks has been deprecated 3810in favor of new 3811.Va mdconfig_md* 3812variables (see above). 3813.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3814.Pq Vt str 3815Arguments to 3816.Xr mdconfig 8 3817for ramdisk 3818.Ar X . 3819At minimum a 3820.Fl t Ar type 3821must be specified, where 3822.Ar type 3823must be one of 3824.Cm malloc 3825or 3826.Cm swap . 3827.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3828.Pq Vt str 3829Optional arguments passed to 3830.Xr newfs 8 3831to initialize ramdisk 3832.Ar X . 3833.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3834.Pq Vt str 3835An ownership specification passed to 3836.Xr chown 8 3837after the specified ramdisk unit 3838.Ar X 3839has been mounted. 3840Both the 3841.Xr md 4 3842device and the mount point will be changed. 3843.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3844.Pq Vt str 3845A mode string passed to 3846.Xr chmod 1 3847after the specified ramdisk unit 3848.Ar X 3849has been mounted. 3850Both the 3851.Xr md 4 3852device and the mount point will be changed. 3853.It Va autobridge_interfaces 3854.Pq Vt str 3855Set to the list of bridge interfaces that will have newly arriving interfaces 3856checked against to be automatically added. 3857If not set to 3858.Dq Li NO 3859then for each whitespace separated 3860.Ar element 3861in the value, a 3862.Va autobridge_ Ns Aq Ar element 3863variable is assumed to exist which has a whitespace separated list of interface 3864names to match, these names can use wildcards. 3865For example: 3866.Bd -literal 3867autobridge_interfaces="bridge0" 3868autobridge_bridge0="tap* dc0 vlan[345]" 3869.Ed 3870.It Va mixer_enable 3871.Pq Vt bool 3872If set to 3873.Dq Li YES , 3874enable support for sound mixer. 3875.El 3876.Sh FILES 3877.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3878.It Pa /etc/defaults/rc.conf 3879.It Pa /etc/rc.conf 3880.It Pa /etc/rc.conf.local 3881.El 3882.Sh SEE ALSO 3883.Xr catman 1 , 3884.Xr chmod 1 , 3885.Xr gdb 1 , 3886.Xr info 1 , 3887.Xr kbdcontrol 1 , 3888.Xr makewhatis 1 , 3889.Xr sh 1 , 3890.Xr vi 1 , 3891.Xr vidcontrol 1 , 3892.Xr bridge 4 , 3893.Xr dummynet 4 , 3894.Xr ip 4 , 3895.Xr ipf 4 , 3896.Xr ipfw 4 , 3897.Xr ipnat 4 , 3898.Xr kld 4 , 3899.Xr pf 4 , 3900.Xr pflog 4 , 3901.Xr pfsync 4 , 3902.Xr tcp 4 , 3903.Xr udp 4 , 3904.Xr exports 5 , 3905.Xr fstab 5 , 3906.Xr ipf 5 , 3907.Xr ipnat 5 , 3908.Xr motd 5 , 3909.Xr newsyslog.conf 5 , 3910.Xr pf.conf 5 , 3911.Xr accton 8 , 3912.Xr amd 8 , 3913.Xr apm 8 , 3914.Xr atm 8 , 3915.Xr chkprintcap 8 , 3916.Xr chown 8 , 3917.Xr cron 8 , 3918.Xr dhclient 8 , 3919.Xr ftpd 8 , 3920.Xr geli 8 , 3921.Xr ifconfig 8 , 3922.Xr inetd 8 , 3923.Xr ipf 8 , 3924.Xr ipfw 8 , 3925.Xr ipnat 8 , 3926.Xr isdnd 8 , 3927.Xr isdntrace 8 , 3928.Xr jail 8 , 3929.Xr kldxref 8 , 3930.Xr lpd 8 , 3931.Xr mdconfig 8 , 3932.Xr mdmfs 8 , 3933.Xr mixer 8 , 3934.Xr mountd 8 , 3935.Xr moused 8 , 3936.Xr mrouted 8 , 3937.Xr named 8 , 3938.Xr newfs 8 , 3939.Xr newsyslog 8 , 3940.Xr nfsd 8 , 3941.Xr ntpd 8 , 3942.Xr ntpdate 8 , 3943.Xr pfctl 8 , 3944.Xr pflogd 8 , 3945.Xr powerd 8 , 3946.Xr quotacheck 8 , 3947.Xr quotaon 8 , 3948.Xr rc 8 , 3949.Xr rc.sendmail 8 , 3950.Xr route 8 , 3951.Xr routed 8 , 3952.Xr rpcbind 8 , 3953.Xr rpc.lockd 8 , 3954.Xr rpc.statd 8 , 3955.Xr rwhod 8 , 3956.Xr savecore 8 , 3957.Xr sshd 8 , 3958.Xr swapon 8 , 3959.Xr sysctl 8 , 3960.Xr syslogd 8 , 3961.Xr timed 8 , 3962.Xr yp 8 , 3963.Xr ypbind 8 , 3964.Xr ypserv 8 , 3965.Xr ypset 8 3966.Sh HISTORY 3967The 3968.Nm 3969file appeared in 3970.Fx 2.2.2 . 3971.Sh AUTHORS 3972.An Jordan K. Hubbard . 3973