1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd December 19, 2018 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67The sysrc(8) command provides a scripting interface to modify system 68config files. 69.Pp 70In addition to 71.Pa /etc/rc.conf.local 72you can also place smaller configuration files for each 73.Xr rc 8 74script in the 75.Pa /etc/rc.conf.d 76directory or 77.Ao Ar dir Ac Ns Pa /rc.conf.d 78directories specified in 79.Va local_startup , 80which will be included by the 81.Va load_rc_config 82function. 83For jail configurations you could use the file 84.Pa /etc/rc.conf.d/jail 85to store jail specific configuration options. 86If 87.Va local_startup 88contains 89.Pa /usr/local/etc/rc.d 90and 91.Pa /opt/conf , 92.Pa /usr/local/rc.conf.d/jail 93and 94.Pa /opt/conf/rc.conf.d/jail 95will be loaded. 96If 97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 98is a directory, 99all of files in the directory will be loaded. 100Also see the 101.Va rc_conf_files 102variable below. 103.Pp 104Options are set with 105.Dq Ar name Ns Li = Ns Ar value 106assignments that use 107.Xr sh 1 108syntax. 109The following list provides a name and short description for each 110variable that can be set in the 111.Nm 112file: 113.Bl -tag -width indent-two 114.It Va rc_debug 115.Pq Vt bool 116If set to 117.Dq Li YES , 118enable output of debug messages from rc scripts. 119This variable can be helpful in diagnosing mistakes when 120editing or integrating new scripts. 121Beware that this produces copious output to the terminal and 122.Xr syslog 3 . 123.It Va rc_info 124.Pq Vt bool 125If set to 126.Dq Li NO , 127disable informational messages from the rc scripts. 128Informational messages are displayed when 129a condition that is not serious enough to warrant a warning or 130an error occurs. 131.It Va rc_startmsgs 132.Pq Vt bool 133If set to 134.Dq Li YES , 135show 136.Dq Starting foo: 137when faststart is used (e.g., at boot time). 138.It Va early_late_divider 139.Pq Vt str 140The name of the script that should be used as the 141delimiter between the 142.Dq early 143and 144.Dq late 145stages of the boot process. 146The early stage should contain all the services needed to 147get the disks (local or remote) mounted so that the late 148stage can include scripts contained in the directories 149listed in the 150.Va local_startup 151variable (see below). 152Thus, the two likely candidates for this value are 153.Pa mountcritlocal 154for the typical system, and 155.Pa mountcritremote 156if the system needs remote file 157systems mounted to get access to the 158.Va local_startup 159directories; for example when 160.Pa /usr/local 161is NFS mounted. 162For 163.Pa rc.conf 164within a 165.Xr jail 8 166.Pa NETWORKING 167is likely to be an appropriate value. 168Extreme care should be taken when changing this value, 169and before changing it one should ensure that there are 170adequate provisions to recover from a failed boot 171(such as physical contact with the machine, 172or reliable remote console access). 173.It Va always_force_depends 174.Pq Vt bool 175Various 176.Pa rc.d 177scripts use the force_depend function to check whether required 178services are already running, and to start them if necessary. 179By default during boot time this check is bypassed if the 180required service is enabled in 181.Pa /etc/rc.conf[.local] . 182Setting this option will bypass that check at boot time and 183always test whether or not the service is actually running. 184Enabling this option is likely to increase your boot time if 185services are enabled that utilize the force_depend check. 186.It Ao Ar name Ac Ns Va _chroot 187.Pq Vt str 188.Xr chroot 8 189to this directory before running the service. 190.It Ao Ar name Ac Ns Va _user 191.Pq Vt str 192Run the service under this user account. 193.It Ao Ar name Ac Ns Va _group 194.Pq Vt str 195Run the chrooted service under this system group. 196Unlike the _user 197setting, this setting has no effect if the service is not chrooted. 198.It Ao Ar name Ac Ns Va _fib 199.Pq Vt int 200The 201.Xr setfib 1 202value to run the service under. 203.It Ao Ar name Ac Ns Va _nice 204.Pq Vt int 205The 206.Xr nice 1 207value to run the service under. 208.It Va apm_enable 209.Pq Vt bool 210If set to 211.Dq Li YES , 212enable support for Automatic Power Management with 213the 214.Xr apm 8 215command. 216.It Va apmd_enable 217.Pq Vt bool 218Run 219.Xr apmd 8 220to handle APM event from userland. 221This also enables support for APM. 222.It Va apmd_flags 223.Pq Vt str 224If 225.Va apmd_enable 226is set to 227.Dq Li YES , 228these are the flags to pass to the 229.Xr apmd 8 230daemon. 231.It Va devd_enable 232.Pq Vt bool 233Run 234.Xr devd 8 235to handle device added, removed or unknown events from the kernel. 236.It Va ddb_enable 237.Pq Vt bool 238Run 239.Xr ddb 8 240to install 241.Xr ddb 4 242scripts at boot time. 243.It Va ddb_config 244.Pq Vt str 245Configuration file for 246.Xr ddb 8 . 247Default 248.Pa /etc/ddb.conf . 249.It Va kld_list 250.Pq Vt str 251A whitespace-separated list of kernel modules to load right after 252the local disks are mounted, without any 253.Pa .ko 254extension or path. 255Loading modules at this point in the boot process is 256much faster than doing it via 257.Pa /boot/loader.conf 258for those modules not necessary for mounting local disks. 259.It Va kldxref_enable 260.Pq Vt bool 261Set to 262.Dq Li NO 263by default. 264Set to 265.Dq Li YES 266to automatically rebuild 267.Pa linker.hints 268files with 269.Xr kldxref 8 270at boot time. 271.It Va kldxref_clobber 272.Pq Vt bool 273Set to 274.Dq Li NO 275by default. 276If 277.Va kldxref_enable 278is true, 279setting to 280.Dq Li YES 281will overwrite existing 282.Pa linker.hints 283files at boot time. 284Otherwise, 285only missing 286.Pa linker.hints 287files are generated. 288.It Va kldxref_module_path 289.Pq Vt str 290Empty by default. 291A semi-colon 292.Pq Ql \&; 293delimited list of paths containing 294.Xr kld 4 295modules. 296If empty, 297the contents of the 298.Va kern.module_path 299.Xr sysctl 8 300are used. 301.It Va powerd_enable 302.Pq Vt bool 303If set to 304.Dq Li YES , 305enable the system power control facility with the 306.Xr powerd 8 307daemon. 308.It Va powerd_flags 309.Pq Vt str 310If 311.Va powerd_enable 312is set to 313.Dq Li YES , 314these are the flags to pass to the 315.Xr powerd 8 316daemon. 317.It Va tmpmfs 318Controls the creation of a 319.Pa /tmp 320memory file system. 321Always happens if set to 322.Dq Li YES 323and never happens if set to 324.Dq Li NO . 325If set to anything else, a memory file system is created if 326.Pa /tmp 327is not writable. 328.It Va tmpsize 329Controls the size of a created 330.Pa /tmp 331memory file system. 332.It Va tmpmfs_flags 333Extra options passed to the 334.Xr mdmfs 8 335utility when the memory file system for 336.Pa /tmp 337is created. 338The default is 339.Dq Li "-S" , 340which inhibits the use of softupdates on 341.Pa /tmp 342so that file system space is freed without delay 343after file truncation or deletion. 344See 345.Xr mdmfs 8 346for other options you can use in 347.Va tmpmfs_flags . 348.It Va varmfs 349Controls the creation of a 350.Pa /var 351memory file system. 352Always happens if set to 353.Dq Li YES 354and never happens if set to 355.Dq Li NO . 356If set to anything else, a memory file system is created if 357.Pa /var 358is not writable. 359.It Va varsize 360Controls the size of a created 361.Pa /var 362memory file system. 363.It Va varmfs_flags 364Extra options passed to the 365.Xr mdmfs 8 366utility when the memory file system for 367.Pa /var 368is created. 369The default is 370.Dq Li "-S" , 371which inhibits the use of softupdates on 372.Pa /var 373so that file system space is freed without delay 374after file truncation or deletion. 375See 376.Xr mdmfs 8 377for other options you can use in 378.Va varmfs_flags . 379.It Va populate_var 380Controls the automatic population of the 381.Pa /var 382file system. 383Always happens if set to 384.Dq Li YES 385and never happens if set to 386.Dq Li NO . 387If set to anything else, a memory file system is created if 388.Pa /var 389is not writable. 390Note that this process requires access to certain commands in 391.Pa /usr 392before 393.Pa /usr 394is mounted on normal systems. 395.It Va cleanvar_enable 396.Pq Vt bool 397Clean the 398.Pa /var 399directory. 400.It Va local_startup 401.Pq Vt str 402List of directories to search for startup script files. 403.It Va script_name_sep 404.Pq Vt str 405The field separator to use for breaking down the list of startup script files 406into individual filenames. 407The default is a space. 408It is not necessary to change this unless there are startup scripts with names 409containing spaces. 410.It Va hostapd_enable 411.Pq Vt bool 412Set to 413.Dq Li YES 414to start 415.Xr hostapd 8 416at system boot time. 417.It Va hostname 418.Pq Vt str 419The fully qualified domain name (FQDN) of this host on the network. 420This should almost certainly be set to something meaningful, even if 421there is no network connection. 422If 423.Xr dhclient 8 424is used to set the hostname via DHCP, 425this variable should be set to an empty string. 426Within a 427.Xr jail 8 428the hostname is generally already set and this variable may absent. 429If this value remains unset when the system is done booting 430your console login will display the default hostname of 431.Dq Amnesiac . 432.It Va nisdomainname 433.Pq Vt str 434The NIS domain name of this host, or 435.Dq Li NO 436if NIS is not used. 437.It Va dhclient_program 438.Pq Vt str 439Path to the DHCP client program 440.Pa ( /sbin/dhclient , 441the 442.Ox 443DHCP client, 444is the default). 445.It Va dhclient_flags 446.Pq Vt str 447Additional flags to pass to the DHCP client program. 448For the 449.Ox 450DHCP client, see the 451.Xr dhclient 8 452manpage for a description of the command line options available. 453.It Va dhclient_flags_ Ns Aq Ar iface 454Additional flags to pass to the DHCP client program running on 455.Ar iface 456only. 457When specified, this variable overrides 458.Va dhclient_flags . 459.It Va background_dhclient 460.Pq Vt bool 461Set to 462.Dq Li YES 463to start the DHCP client in background. 464This can cause trouble with applications depending on 465a working network, but it will provide a faster startup 466in many cases. 467.It Va background_dhclient_ Ns Aq Ar iface 468When specified, this variable overrides the 469.Va background_dhclient 470variable for interface 471.Ar iface 472only. 473.It Va synchronous_dhclient 474.Pq Vt bool 475Set to 476.Dq Li YES 477to start 478.Xr dhclient 8 479synchronously at startup. 480This behavior can be overridden on a per-interface basis by replacing 481the 482.Dq Li DHCP 483keyword in the 484.Va ifconfig_ Ns Aq Ar interface 485variable with 486.Dq Li SYNCDHCP 487or 488.Dq Li NOSYNCDHCP . 489.It Va defaultroute_delay 490.Pq Vt int 491When set to a positive value, wait up to this long after configuring 492DHCP interfaces at startup to give the interfaces time to receive a lease. 493.It Va firewall_enable 494.Pq Vt bool 495Set to 496.Dq Li YES 497to load firewall rules at startup. 498If the kernel was not built with 499.Cd "options IPFIREWALL" , 500the 501.Pa ipfw.ko 502kernel module will be loaded. 503See also 504.Va ipfilter_enable . 505.It Va firewall_script 506.Pq Vt str 507This variable specifies the full path to the firewall script to run. 508The default is 509.Pa /etc/rc.firewall . 510.It Va firewall_type 511.Pq Vt str 512Names the firewall type from the selection in 513.Pa /etc/rc.firewall , 514or the file which contains the local firewall ruleset. 515Valid selections from 516.Pa /etc/rc.firewall 517are: 518.Pp 519.Bl -tag -width ".Li simple" -compact 520.It Li open 521unrestricted IP access 522.It Li closed 523all IP services disabled, except via 524.Dq Li lo0 525.It Li client 526basic protection for a workstation 527.It Li simple 528basic protection for a LAN. 529.El 530.Pp 531If a filename is specified, the full path 532must be given. 533.It Va firewall_quiet 534.Pq Vt bool 535Set to 536.Dq Li YES 537to disable the display of firewall rules on the console during boot. 538.It Va firewall_logging 539.Pq Vt bool 540Set to 541.Dq Li YES 542to enable firewall event logging. 543This is equivalent to the 544.Dv IPFIREWALL_VERBOSE 545kernel option. 546.It Va firewall_logif 547.Pq Vt bool 548Set to 549.Dq Li YES 550to create pseudo interface 551.Li ipfw0 552for logging. 553For more details, see 554.Xr ipfw 8 555manual page. 556.It Va firewall_flags 557.Pq Vt str 558Flags passed to 559.Xr ipfw 8 560if 561.Va firewall_type 562specifies a filename. 563.It Va firewall_coscripts 564.Pq Vt str 565List of executables and/or rc scripts to run after firewall starts/stops. 566Default is empty. 567.\" ----- firewall_nat_enable setting -------------------------------- 568.It Va firewall_nat_enable 569.Pq Vt bool 570The 571.Xr ipfw 8 572equivalent of 573.Va natd_enable . 574Setting this to 575.Dq Li YES 576enables kernel NAT. 577.Va firewall_enable 578must also be set to 579.Dq Li YES . 580.It Va firewall_nat_interface 581.Pq Vt str 582The 583.Xr ipfw 8 584equivalent of 585.Va natd_interface . 586This is the name of the public interface or IP address on which 587kernel NAT should run. 588.It Va firewall_nat_flags 589.Pq Vt str 590Additional configuration parameters for kernel NAT should be placed here. 591.It Va dummynet_enable 592.Pq Vt bool 593Setting this to 594.Dq Li YES 595will automatically load the 596.Xr dummynet 4 597module if 598.Va firewall_enable 599is also set to 600.Dq Li YES . 601.\" ------------------------------------------------------------------- 602.It Va ipfw_netflow_enable 603.Pq Vt bool 604Setting this to 605.Dq Li YES 606will enable netflow logging via 607.Xr ng_netflow 4 608.Pp 609By default a ipfw rule is inserted and all packets are duplicated with 610the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 611port using protocol version 5. 612.It Va ipfw_netflow_hook 613.Pq Vt int 614netflow hook name, must be numerical 615(default 616.Pa 9995 ) . 617.It Va ipfw_netflow_rule 618.Pq Vt int 619ipfw rule number 620(default 621.Pa 1000 ) . 622.It Va ipfw_netflow_ip 623.Pq Vt str 624Destination server ip for receiving netflow data 625(default 626.Pa 127.0.0.1 ) . 627.It Va ipfw_netflow_port 628.Pq Vt int 629Destination server port for receiving netflow data 630(default 631.Pa 9995 ) . 632.It Va ipfw_netflow_version 633.Pq Vt int 634Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 635.It Va ipfw_netflow_fib 636.Pq Vt int 637Only match packet in FIB 638.Pa ipfw_netflow_fib 639(default is undefined meaning all FIBs). 640.It Va natd_program 641.Pq Vt str 642Path to 643.Xr natd 8 . 644.It Va natd_enable 645.Pq Vt bool 646Set to 647.Dq Li YES 648to enable 649.Xr natd 8 . 650.Va firewall_enable 651must also be set to 652.Dq Li YES , 653and 654.Xr divert 4 655sockets must be enabled in the kernel. 656If the kernel was not built with 657.Cd "options IPDIVERT" , 658the 659.Pa ipdivert.ko 660kernel module will be loaded. 661.It Va natd_interface 662.Pq Vt str 663This is the name of the public interface on which 664.Xr natd 8 665should run. 666The interface may be given as an interface name or as an IP address. 667.It Va natd_flags 668.Pq Vt str 669Additional 670.Xr natd 8 671flags should be placed here. 672The 673.Fl n 674or 675.Fl a 676flag is automatically added with the above 677.Va natd_interface 678as an argument. 679.\" ----- ipfilter_enable setting -------------------------------- 680.It Va ipfilter_enable 681.Pq Vt bool 682Set to 683.Dq Li NO 684by default. 685Setting this to 686.Dq Li YES 687enables 688.Xr ipf 8 689packet filtering. 690.Pp 691Typical usage will require putting 692.Bd -literal 693ipfilter_enable="YES" 694ipnat_enable="YES" 695ipmon_enable="YES" 696ipfs_enable="YES" 697.Ed 698.Pp 699into 700.Pa /etc/rc.conf 701and editing 702.Pa /etc/ipf.rules 703and 704.Pa /etc/ipnat.rules 705appropriately. 706.Pp 707Note that 708.Va ipfilter_enable 709and 710.Va ipnat_enable 711can be enabled independently. 712.Va ipmon_enable 713and 714.Va ipfs_enable 715both require at least one of 716.Va ipfilter_enable 717and 718.Va ipnat_enable 719to be enabled. 720.Pp 721Having 722.Bd -literal 723options IPFILTER 724options IPFILTER_LOG 725options IPFILTER_DEFAULT_BLOCK 726.Ed 727.Pp 728in the kernel configuration file is a good idea, too. 729.\" ----- ipfilter_program setting ------------------------------ 730.It Va ipfilter_program 731.Pq Vt str 732Path to 733.Xr ipf 8 734(default 735.Pa /sbin/ipf ) . 736.\" ----- ipfilter_rules setting -------------------------------- 737.It Va ipfilter_rules 738.Pq Vt str 739Set to 740.Pa /etc/ipf.rules 741by default. 742This variable contains the name of the filter rule definition file. 743The file is expected to be readable for the 744.Xr ipf 8 745command to execute. 746.\" ----- ipv6_ipfilter_rules setting --------------------------- 747.It Va ipv6_ipfilter_rules 748.Pq Vt str 749Set to 750.Pa /etc/ipf6.rules 751by default. 752This variable contains the IPv6 filter rule definition file. 753The file is expected to be readable for the 754.Xr ipf 8 755command to execute. 756.\" ----- ipfilter_flags setting -------------------------------- 757.It Va ipfilter_flags 758.Pq Vt str 759Empty by default. 760This variable contains flags passed to the 761.Xr ipf 8 762program. 763.\" ----- ipnat_enable setting ---------------------------------- 764.It Va ipnat_enable 765.Pq Vt bool 766Set to 767.Dq Li NO 768by default. 769Set it to 770.Dq Li YES 771to enable 772.Xr ipnat 8 773network address translation. 774See 775.Va ipfilter_enable 776for a detailed discussion. 777.\" ----- ipnat_program setting --------------------------------- 778.It Va ipnat_program 779.Pq Vt str 780Path to 781.Xr ipnat 8 782(default 783.Pa /sbin/ipnat ) . 784.\" ----- ipnat_rules setting ----------------------------------- 785.It Va ipnat_rules 786.Pq Vt str 787Set to 788.Pa /etc/ipnat.rules 789by default. 790This variable contains the name of the file 791holding the network address translation definition. 792This file is expected to be readable for the 793.Xr ipnat 8 794command to execute. 795.\" ----- ipnat_flags setting ----------------------------------- 796.It Va ipnat_flags 797.Pq Vt str 798Empty by default. 799This variable contains flags passed to the 800.Xr ipnat 8 801program. 802.\" ----- ipmon_enable setting ---------------------------------- 803.It Va ipmon_enable 804.Pq Vt bool 805Set to 806.Dq Li NO 807by default. 808Set it to 809.Dq Li YES 810to enable 811.Xr ipmon 8 812monitoring (logging 813.Xr ipf 8 814and 815.Xr ipnat 8 816events). 817Setting this variable needs setting 818.Va ipfilter_enable 819or 820.Va ipnat_enable 821too. 822See 823.Va ipfilter_enable 824for a detailed discussion. 825.\" ----- ipmon_program setting --------------------------------- 826.It Va ipmon_program 827.Pq Vt str 828Path to 829.Xr ipmon 8 830(default 831.Pa /sbin/ipmon ) . 832.\" ----- ipmon_flags setting ----------------------------------- 833.It Va ipmon_flags 834.Pq Vt str 835Set to 836.Dq Li -Ds 837by default. 838This variable contains flags passed to the 839.Xr ipmon 8 840program. 841Another typical example would be 842.Dq Fl D Pa /var/log/ipflog 843to have 844.Xr ipmon 8 845log directly to a file bypassing 846.Xr syslogd 8 . 847Make sure to adjust 848.Pa /etc/newsyslog.conf 849in such case like this: 850.Bd -literal 851/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 852.Ed 853.\" ----- ipfs_enable setting ----------------------------------- 854.It Va ipfs_enable 855.Pq Vt bool 856Set to 857.Dq Li NO 858by default. 859Set it to 860.Dq Li YES 861to enable 862.Xr ipfs 8 863saving the filter and NAT state tables during shutdown 864and reloading them during startup again. 865Setting this variable needs setting 866.Va ipfilter_enable 867or 868.Va ipnat_enable 869to 870.Dq Li YES 871too. 872See 873.Va ipfilter_enable 874for a detailed discussion. 875Note that if 876.Va kern_securelevel 877is set to 3, 878.Va ipfs_enable 879cannot be used 880because the raised securelevel will prevent 881.Xr ipfs 8 882from saving the state tables at shutdown time. 883.\" ----- ipfs_program setting ---------------------------------- 884.It Va ipfs_program 885.Pq Vt str 886Path to 887.Xr ipfs 8 888(default 889.Pa /sbin/ipfs ) . 890.\" ----- ipfs_flags setting ------------------------------------ 891.It Va ipfs_flags 892.Pq Vt str 893Empty by default. 894This variable contains flags passed to the 895.Xr ipfs 8 896program. 897.\" ----- end of added ipf hook --------------------------------- 898.It Va pf_enable 899.Pq Vt bool 900Set to 901.Dq Li NO 902by default. 903Setting this to 904.Dq Li YES 905enables 906.Xr pf 4 907packet filtering. 908.Pp 909Typical usage will require putting 910.Pp 911.Dl pf_enable="YES" 912.Pp 913into 914.Pa /etc/rc.conf 915and editing 916.Pa /etc/pf.conf 917appropriately. 918Adding 919.Pp 920.Dl "device pf" 921.Pp 922builds support for 923.Xr pf 4 924into the kernel, otherwise the 925kernel module will be loaded. 926.It Va pf_rules 927.Pq Vt str 928Path to 929.Xr pf 4 930ruleset configuration file 931(default 932.Pa /etc/pf.conf ) . 933.It Va pf_program 934.Pq Vt str 935Path to 936.Xr pfctl 8 937(default 938.Pa /sbin/pfctl ) . 939.It Va pf_flags 940.Pq Vt str 941If 942.Va pf_enable 943is set to 944.Dq Li YES , 945these flags are passed to the 946.Xr pfctl 8 947program when loading the ruleset. 948.It Va pflog_enable 949.Pq Vt bool 950Set to 951.Dq Li NO 952by default. 953Setting this to 954.Dq Li YES 955enables 956.Xr pflogd 8 957which logs packets from the 958.Xr pf 4 959packet filter. 960.It Va pflog_logfile 961.Pq Vt str 962If 963.Va pflog_enable 964is set to 965.Dq Li YES 966this controls where 967.Xr pflogd 8 968stores the logfile 969(default 970.Pa /var/log/pflog ) . 971Check 972.Pa /etc/newsyslog.conf 973to adjust logfile rotation for this. 974.It Va pflog_program 975.Pq Vt str 976Path to 977.Xr pflogd 8 978(default 979.Pa /sbin/pflogd ) . 980.It Va pflog_flags 981.Pq Vt str 982Empty by default. 983This variable contains additional flags passed to the 984.Xr pflogd 8 985program. 986.It Va pflog_instances 987.Pq Vt str 988If logging to more than one 989.Xr pflog 4 990interface is desired, 991.Va pflog_instances 992is set to the list of 993.Xr pflogd 8 994instances that should be started at system boot time. 995If 996.Va pflog_instances 997is set, for each whitespace-separated 998.Ar element 999in the list, 1000.Ao Ar element Ac Ns Va _dev 1001and 1002.Ao Ar element Ac Ns Va _logfile 1003elements are assumed to exist. 1004.Ao Ar element Ac Ns Va _dev 1005must contain the 1006.Xr pflog 4 1007interface to be watched by the named 1008.Xr pflogd 8 1009instance. 1010.Ao Ar element Ac Ns Va _logfile 1011must contain the name of the logfile that will be used by the 1012.Xr pflogd 8 1013instance. 1014.It Va ftpproxy_enable 1015.Pq Vt bool 1016Set to 1017.Dq Li NO 1018by default. 1019Setting this to 1020.Dq Li YES 1021enables 1022.Xr ftp-proxy 8 1023which supports the 1024.Xr pf 4 1025packet filter in translating ftp connections. 1026.It Va ftpproxy_flags 1027.Pq Vt str 1028Empty by default. 1029This variable contains additional flags passed to the 1030.Xr ftp-proxy 8 1031program. 1032.It Va ftpproxy_instances 1033.Pq Vt str 1034Empty by default. 1035If multiple instances of 1036.Xr ftp-proxy 8 1037are desired at boot time, 1038.Va ftpproxy_instances 1039should contain a whitespace-separated list of instance names. 1040For each 1041.Ar element 1042in the list, a variable named 1043.Ao Ar element Ac Ns Va _flags 1044should be defined, containing the command-line flags to be passed to the 1045.Xr ftp-proxy 8 1046instance. 1047.It Va pfsync_enable 1048.Pq Vt bool 1049Set to 1050.Dq Li NO 1051by default. 1052Setting this to 1053.Dq Li YES 1054enables exposing 1055.Xr pf 4 1056state changes to other hosts over the network by means of 1057.Xr pfsync 4 . 1058The 1059.Va pfsync_syncdev 1060variable 1061must also be set then. 1062.It Va pfsync_syncdev 1063.Pq Vt str 1064Empty by default. 1065This variable specifies the name of the network interface 1066.Xr pfsync 4 1067should operate through. 1068It must be set accordingly if 1069.Va pfsync_enable 1070is set to 1071.Dq Li YES . 1072.It Va pfsync_syncpeer 1073.Pq Vt str 1074Empty by default. 1075This variable is optional. 1076By default, state change messages are sent out on the synchronisation 1077interface using IP multicast packets. 1078The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1079224.0.0.240. 1080When a peer address is specified using the 1081.Va pfsync_syncpeer 1082option, the peer address is used as a destination for the pfsync 1083traffic, and the traffic can then be protected using 1084.Xr ipsec 4 . 1085See the 1086.Xr pfsync 4 1087manpage for more details about using 1088.Xr ipsec 4 1089with 1090.Xr pfsync 4 1091interfaces. 1092.It Va pfsync_ifconfig 1093.Pq Vt str 1094Empty by default. 1095This variable can contain additional options to be passed to the 1096.Xr ifconfig 8 1097command used to set up 1098.Xr pfsync 4 . 1099.It Va tcp_extensions 1100.Pq Vt bool 1101Set to 1102.Dq Li YES 1103by default. 1104Setting this to 1105.Dq Li NO 1106disables certain TCP options as described by 1107.Rs 1108.%T "RFC 1323" 1109.Re 1110Setting this to 1111.Dq Li NO 1112might help remedy such problems with connections as randomly hanging 1113or other weird behavior. 1114Some network devices are known 1115to be broken with respect to these options. 1116.It Va log_in_vain 1117.Pq Vt int 1118Set to 0 by default. 1119The 1120.Xr sysctl 8 1121variables, 1122.Va net.inet.tcp.log_in_vain 1123and 1124.Va net.inet.udp.log_in_vain , 1125as described in 1126.Xr tcp 4 1127and 1128.Xr udp 4 , 1129are set to the given value. 1130.It Va tcp_keepalive 1131.Pq Vt bool 1132Set to 1133.Dq Li YES 1134by default. 1135Setting to 1136.Dq Li NO 1137will disable probing idle TCP connections to verify that the 1138peer is still up and reachable. 1139.It Va tcp_drop_synfin 1140.Pq Vt bool 1141Set to 1142.Dq Li NO 1143by default. 1144Setting to 1145.Dq Li YES 1146will cause the kernel to ignore TCP frames that have both 1147the SYN and FIN flags set. 1148This prevents OS fingerprinting, but may 1149break some legitimate applications. 1150.It Va icmp_drop_redirect 1151.Pq Vt bool 1152Set to 1153.Dq Li NO 1154by default. 1155Setting to 1156.Dq Li YES 1157will cause the kernel to ignore ICMP REDIRECT packets. 1158Refer to 1159.Xr icmp 4 1160for more information. 1161.It Va icmp_log_redirect 1162.Pq Vt bool 1163Set to 1164.Dq Li NO 1165by default. 1166Setting to 1167.Dq Li YES 1168will cause the kernel to log ICMP REDIRECT packets. 1169Note that 1170the log messages are not rate-limited, so this option should only be used 1171for troubleshooting networks. 1172Refer to 1173.Xr icmp 4 1174for more information. 1175.It Va icmp_bmcastecho 1176.Pq Vt bool 1177Set to 1178.Dq Li YES 1179to respond to broadcast or multicast ICMP ping packets. 1180Refer to 1181.Xr icmp 4 1182for more information. 1183.It Va ip_portrange_first 1184.Pq Vt int 1185If not set to 1186.Dq Li NO , 1187this is the first port in the default portrange. 1188Refer to 1189.Xr ip 4 1190for more information. 1191.It Va ip_portrange_last 1192.Pq Vt int 1193If not set to 1194.Dq Li NO , 1195this is the last port in the default portrange. 1196Refer to 1197.Xr ip 4 1198for more information. 1199.It Va network_interfaces 1200.Pq Vt str 1201Set to the list of network interfaces to configure on this host or 1202.Dq Li AUTO 1203(the default) for all current interfaces. 1204Setting the 1205.Va network_interfaces 1206variable to anything other than the default is deprecated. 1207Interfaces that the administrator wishes to store configuration for, 1208but not start at boot should be configured with the 1209.Dq Li NOAUTO 1210keyword in their 1211.Va ifconfig_ Ns Aq Ar interface 1212variables as described below. 1213.Pp 1214An 1215.Va ifconfig_ Ns Aq Ar interface 1216variable is also assumed to exist for each value of 1217.Ar interface . 1218When an interface name contains any of the characters 1219.Dq Li .-/+ 1220they are translated to 1221.Dq Li _ 1222before lookup. 1223The variable can contain arguments to 1224.Xr ifconfig 8 , 1225as well as special case-insensitive keywords described below. 1226Such keywords are removed before passing the value to 1227.Xr ifconfig 8 1228while the order of the other arguments is preserved. 1229.Pp 1230It is possible to add IP alias entries using 1231.Xr ifconfig 8 1232syntax with the address family keyword such as 1233.Li inet . 1234Assuming that the interface in question was 1235.Li ed0 , 1236it might look something like this: 1237.Bd -literal 1238ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1239ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1240.Ed 1241.Pp 1242It also possible to configure multiple IP addresses in Classless 1243Inter-Domain Routing 1244.Pq CIDR 1245address notation, 1246whose each address component can be a range like 1247.Li inet 192.0.2.5-23/24 1248or 1249.Li inet6 2001:db8:1-f::1/64 . 1250This notation allows address and prefix length part only, 1251not the other address modifiers. 1252Note that the maximum number of the generated addresses from a range 1253specification is limited to an integer value specified in 1254.Va netif_ipexpand_max 1255in 1256.Nm 1257because a small typo can unexpectedly generate a large number of addresses. 1258The default value is 1259.Li 2048 . 1260It can be increased by adding the following line into 1261.Nm : 1262.Bd -literal 1263netif_ipexpand_max="4096" 1264.Ed 1265.Pp 1266In the case of 1267.Li 192.0.2.5-23/24 , 1268the address 192.0.2.5 will be configured with the 1269netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1270the non-conflicting netmask /32 as explained in the 1271.Xr ifconfig 8 1272alias section. 1273Note that this special netmask handling is only for 1274.Li inet , 1275not for the other address families such as 1276.Li inet6 . 1277.Pp 1278With the interface in question being 1279.Li ed0 , 1280an example could look like: 1281.Bd -literal 1282ifconfig_ed0_alias2="inet 192.0.2.129/27" 1283ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1284.Ed 1285.Pp 1286and so on. 1287.Pp 1288Note that 1289.Va ipv4_addrs_ Ns Aq Ar interface 1290variable was supported for IPv4 CIDR address notation. 1291It is now deprecated because the functionality was integrated into 1292.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1293though 1294.Va ipv4_addrs_ Ns Aq Ar interface 1295is still supported for backward compatibility. 1296.Pp 1297For each 1298.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1299entry with an address family keyword, 1300its contents are passed to 1301.Xr ifconfig 8 . 1302Execution stops at the first unsuccessful access, so if 1303something like this is present: 1304.Bd -literal 1305ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1306ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1307ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1308ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1309.Ed 1310.Pp 1311Then note that alias4 would 1312.Em not 1313be added since the search would 1314stop with the missing 1315.Dq Li alias3 1316entry. 1317Because of this difficult to manage behavior, 1318there is 1319.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1320variable, which has the same functionality as 1321.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1322and can have all of entries in a variable like the following: 1323.Bd -literal 1324ifconfig_ed0_aliases="\\ 1325 inet 127.0.0.251 netmask 0xffffffff \\ 1326 inet 127.0.0.252 netmask 0xffffffff \\ 1327 inet 127.0.0.253 netmask 0xffffffff \\ 1328 inet 127.0.0.254 netmask 0xffffffff" 1329.Ed 1330.Pp 1331It also supports CIDR notation. 1332.Pp 1333If the 1334.Pa /etc/start_if. Ns Aq Ar interface 1335file is present, it is read and executed by the 1336.Xr sh 1 1337interpreter 1338before configuring the interface as specified in the 1339.Va ifconfig_ Ns Aq Ar interface 1340and 1341.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1342variables. 1343.Pp 1344If a 1345.Va vlans_ Ns Aq Ar interface 1346variable is set, 1347a 1348.Xr vlan 4 1349interface will be created for each item in the list with the 1350.Ar vlandev 1351argument set to 1352.Ar interface . 1353If a vlan interface's name is a number, 1354then that number is used as the vlan tag and the new vlan interface is 1355named 1356.Ar interface . Ns Ar tag . 1357Otherwise, 1358the vlan tag must be specified via a 1359.Va vlan 1360parameter in the 1361.Va create_args_ Ns Aq Ar interface 1362variable. 1363.Pp 1364To create a vlan device named 1365.Li em0.101 1366on 1367.Li em0 1368with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1369.Bd -literal 1370vlans_em0="101" 1371ifconfig_em0_101="inet 192.0.2.1/24" 1372.Ed 1373.Pp 1374To create a vlan device named 1375.Li myvlan 1376on 1377.Li em0 1378with the vlan tag 102: 1379.Bd -literal 1380vlans_em0="myvlan" 1381create_args_myvlan="vlan 102" 1382.Ed 1383.Pp 1384If a 1385.Va wlans_ Ns Aq Ar interface 1386variable is set, 1387an 1388.Xr wlan 4 1389interface will be created for each item in the list with the 1390.Ar wlandev 1391argument set to 1392.Ar interface . 1393Further wlan cloning arguments may be passed to the 1394.Xr ifconfig 8 1395.Cm create 1396command by setting the 1397.Va create_args_ Ns Aq Ar interface 1398variable. 1399One or more 1400.Xr wlan 4 1401devices must be created for each wireless devices as of 1402.Fx 8.0 . 1403Debugging flags for 1404.Xr wlan 4 1405devices as set by 1406.Xr wlandebug 8 1407may be specified with an 1408.Va wlandebug_ Ns Aq Ar interface 1409variable. 1410The contents of this variable will be passed directly to 1411.Xr wlandebug 8 . 1412.Pp 1413If the 1414.Va ifconfig_ Ns Aq Ar interface 1415contains the keyword 1416.Dq Li NOAUTO 1417then the interface will not be configured 1418at boot or by 1419.Pa /etc/pccard_ether 1420when 1421.Va network_interfaces 1422is set to 1423.Dq Li AUTO . 1424.Pp 1425It is possible to bring up an interface with DHCP by adding 1426.Dq Li DHCP 1427to the 1428.Va ifconfig_ Ns Aq Ar interface 1429variable. 1430For instance, to initialize the 1431.Li ed0 1432device via DHCP, 1433it is possible to use something like: 1434.Bd -literal 1435ifconfig_ed0="DHCP" 1436.Ed 1437.Pp 1438If you want to configure your wireless interface with 1439.Xr wpa_supplicant 8 1440for use with WPA, EAP/LEAP or WEP, you need to add 1441.Dq Li WPA 1442to the 1443.Va ifconfig_ Ns Aq Ar interface 1444variable. 1445.Pp 1446On the other hand, if you want to configure your wireless interface with 1447.Xr hostapd 8 , 1448you need to add 1449.Dq Li HOSTAP 1450to the 1451.Va ifconfig_ Ns Aq Ar interface 1452variable. 1453.Xr hostapd 8 1454will use the settings from 1455.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1456.Pp 1457Finally, you can add 1458.Xr ifconfig 8 1459options in this variable, in addition to the 1460.Pa /etc/start_if. Ns Aq Ar interface 1461file. 1462For instance, to configure an 1463.Xr ath 4 1464wireless device in station mode with an address obtained 1465via DHCP, using WPA authentication and 802.11b mode, it is 1466possible to use something like: 1467.Bd -literal 1468wlans_ath0="wlan0" 1469ifconfig_wlan0="DHCP WPA mode 11b" 1470.Ed 1471.Pp 1472In addition to the 1473.Va ifconfig_ Ns Aq Ar interface 1474form, a fallback variable 1475.Va ifconfig_DEFAULT 1476may be configured. 1477It will be used for all interfaces with no 1478.Va ifconfig_ Ns Aq Ar interface 1479variable. 1480This is intended to replace the no longer supported 1481.Va pccard_ifconfig 1482variable. 1483.Pp 1484It is also possible to rename an interface by doing: 1485.Bd -literal 1486ifconfig_ed0_name="net0" 1487ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1488.Ed 1489.It Va ipv6_enable 1490.Pq Vt bool 1491This variable is deprecated. 1492Use 1493.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1494and 1495.Va ipv6_activate_all_interfaces 1496if necessary. 1497.Pp 1498If the variable is 1499.Dq Li YES , 1500.Dq Li inet6 accept_rtadv 1501is added to all of 1502.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1503and the 1504.Va ipv6_activate_all_interfaces 1505is defined as 1506.Dq Li YES . 1507.It Va ipv6_prefer 1508.Pq Vt bool 1509This variable is deprecated. 1510Use 1511.Va ip6addrctl_policy 1512instead. 1513.Pp 1514If the variable is 1515.Dq Li YES , 1516the default address selection policy table set by 1517.Xr ip6addrctl 8 1518will be IPv6-preferred. 1519.Pp 1520If the variable is 1521.Dq Li NO , 1522the default address selection policy table set by 1523.Xr ip6addrctl 8 1524will be IPv4-preferred. 1525.It Va ipv6_activate_all_interfaces 1526.Pq Vt bool 1527This controls initial configuration on IPv6-capable 1528interfaces with no corresponding 1529.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1530variable. 1531Note that it is not always necessary to set this variable to 1532.Dq YES 1533to use IPv6 functionality on 1534.Fx . 1535In most cases, just configuring 1536.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1537variables works. 1538.Pp 1539If the variable is 1540.Dq Li NO , 1541all interfaces which do not have a corresponding 1542.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1543variable will be marked as 1544.Dq Li IFDISABLED 1545at creation. 1546This means that all of IPv6 functionality on that interface 1547is completely disabled to enforce a security policy. 1548If the variable is set to 1549.Dq YES , 1550the flag will be cleared on all of the interfaces. 1551.Pp 1552In most cases, just defining an 1553.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1554for an IPv6-capable interface should be sufficient. 1555However, if an interface is added dynamically 1556.Pq by some tunneling protocols such as PPP, for example , 1557it is often difficult to define the variable in advance. 1558In such a case, configuring the 1559.Dq Li IFDISABLED 1560flag can be disabled by setting this variable to 1561.Dq YES . 1562.Pp 1563For more details of the 1564.Dq Li IFDISABLED 1565flag and keywords 1566.Dq Li inet6 ifdisabled , 1567see 1568.Xr ifconfig 8 . 1569.Pp 1570Default is 1571.Dq Li NO . 1572.It Va ipv6_privacy 1573.Pq Vt bool 1574If the variable is 1575.Dq Li YES 1576privacy addresses will be generated for each IPv6 1577interface as described in RFC 4941. 1578.It Va ipv6_network_interfaces 1579.Pq Vt str 1580This is the IPv6 equivalent of 1581.Va network_interfaces . 1582Normally manual configuration of this variable is not needed. 1583.It Va ipv6_cpe_wanif 1584.Pq Vt str 1585If the variable is set to an interface name, 1586the 1587.Xr ifconfig 8 1588options 1589.Dq inet6 -no_radr accept_rtadv 1590will be added to the specified interface automatically before evaluating 1591.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1592and two 1593.Xr sysctl 8 1594variables 1595.Va net.inet6.ip6.rfc6204w3 1596and 1597.Va net.inet6.ip6.no_radr 1598will be set to 1. 1599.Pp 1600This means the specified interface will accept ICMPv6 Router 1601Advertisement messages on that link and add the discovered 1602routers into the Default Router List. 1603While the other interfaces can still accept RA messages if the 1604.Dq inet6 accept_rtadv 1605option is specified, adding 1606routes into the Default Router List will be disabled by 1607.Dq inet6 no_radr 1608option by default. 1609See 1610.Xr ifconfig 8 1611for more details. 1612.Pp 1613Note that ICMPv6 Router Advertisement messages will be 1614accepted even when 1615.Va net.inet6.ip6.forwarding 1616is 1 1617.Pq packet forwarding is enabled 1618when 1619.Va net.inet6.ip6.rfc6204w3 1620is set to 1. 1621.Pp 1622Default is 1623.Dq Li NO . 1624.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1625.Pq Vt str 1626This assigns arbitrary description to an interface. 1627The 1628.Xr sysctl 8 1629variable 1630.Va net.ifdescr_maxlen 1631limits its length. 1632This static setting may be overridden by commands 1633started with dynamic interface configuration utilities 1634like 1635.Xr dhclient 8 1636hooks. The description can be seen with 1637.Xr ifconfig 8 1638command and it may be exported with 1639.Xr bsnmpd 1 1640daemon using its MIB-2 module. 1641.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1642.Pq Vt str 1643IPv6 functionality on an interface should be configured by 1644.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1645instead of setting ifconfig parameters in 1646.Va ifconfig_ Ns Aq Ar interface . 1647If this variable is empty, all of IPv6 configurations on the 1648specified interface by other variables such as 1649.Va ipv6_prefix_ Ns Ao Ar interface Ac 1650will be ignored. 1651.Pp 1652Aliases should be set by 1653.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1654with 1655.Dq Li inet6 1656keyword. 1657For example: 1658.Bd -literal 1659ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1660ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1661.Ed 1662.Pp 1663Interfaces that have an 1664.Dq Li inet6 accept_rtadv 1665keyword in 1666.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1667setting will be automatically configured by SLAAC 1668.Pq StateLess Address AutoConfiguration 1669described in 1670.Rs 1671.%T "RFC 4862" 1672.Re 1673.Pp 1674Note that a link-local address will be automatically configured in 1675addition to the configured global-scope addresses because the IPv6 1676specifications require it on each link. 1677The address is calculated from the MAC address by using an algorithm 1678defined in 1679.Rs 1680.%T "RFC 4862" 1681.%O "Section 5.3" 1682.Re 1683.Pp 1684If only a link-local address is needed on the interface, 1685the following configuration can be used: 1686.Bd -literal 1687ifconfig_ed0_ipv6="inet6 auto_linklocal" 1688.Ed 1689.Pp 1690A link-local address can also be configured manually. 1691This is useful for the default router address of an IPv6 router 1692so that it does not change when the network interface 1693card is replaced. 1694For example: 1695.Bd -literal 1696ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1697.Ed 1698.It Va ipv6_prefix_ Ns Aq Ar interface 1699.Pq Vt str 1700If one or more prefixes are defined in 1701.Va ipv6_prefix_ Ns Aq Ar interface 1702addresses based on each prefix and the EUI-64 interface index will be 1703configured on that interface. 1704Note that this variable will be ignored when 1705.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1706is empty. 1707.Pp 1708For example, the following configuration 1709.Bd -literal 1710ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1711.Ed 1712.Pp 1713is equivalent to the following: 1714.Bd -literal 1715ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1716ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1717ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1718ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1719.Ed 1720.Pp 1721These Subnet-Router anycast addresses will be added only when 1722.Va ipv6_gateway_enable 1723is YES. 1724.It Va ipv6_default_interface 1725.Pq Vt str 1726If not set to 1727.Dq Li NO , 1728this is the default output interface for scoped addresses. 1729This works only with ipv6_gateway_enable="NO". 1730.It Va ip6addrctl_enable 1731.Pq Vt bool 1732This variable is to enable configuring default address selection policy table 1733.Pq RFC 3484 . 1734The table can be specified in another variable 1735.Va ip6addrctl_policy . 1736For 1737.Va ip6addrctl_policy 1738the following keywords can be specified: 1739.Dq Li ipv4_prefer , 1740.Dq Li ipv6_prefer , 1741or 1742.Dq Li AUTO . 1743.Pp 1744If 1745.Dq Li ipv4_prefer 1746or 1747.Dq Li ipv6_prefer 1748is specified, 1749.Xr ip6addrctl 8 1750installs a pre-defined policy table described in Section 2.1 1751.Pq IPv6-preferred 1752or 10.3 1753.Pq IPv4-preferred 1754of RFC 3484. 1755.Pp 1756If 1757.Dq Li AUTO 1758is specified, it attempts to read a file 1759.Pa /etc/ip6addrctl.conf 1760first. 1761If this file is found, 1762.Xr ip6addrctl 8 1763reads and installs it. 1764If not found, a policy is automatically set 1765according to 1766.Va ipv6_activate_all_interfaces 1767variable; if the variable is set to 1768.Dq Li YES 1769the IPv6-preferred one is used. 1770Otherwise IPv4-preferred. 1771.Pp 1772The default value of 1773.Va ip6addrctl_enable 1774and 1775.Va ip6addrctl_policy 1776are 1777.Dq Li YES 1778and 1779.Dq Li AUTO , 1780respectively. 1781.It Va cloned_interfaces 1782.Pq Vt str 1783Set to the list of clonable network interfaces to create on this host. 1784Further cloning arguments may be passed to the 1785.Xr ifconfig 8 1786.Cm create 1787command for each interface by setting the 1788.Va create_args_ Ns Aq Ar interface 1789variable. 1790If an interface name is specified with 1791.Dq :sticky 1792keyword, 1793the interface will not be destroyed even when 1794.Pa rc.d/netif 1795script is invoked with 1796.Dq stop 1797argument. 1798This is useful when reconfiguring the interface without destroying it. 1799Entries in 1800.Va cloned_interfaces 1801are automatically appended to 1802.Va network_interfaces 1803for configuration. 1804.It Va cloned_interfaces_sticky 1805.Pq Vt bool 1806This variable is to globally enable functionality of 1807.Dq :sticky 1808keyword in 1809.Va cloned_interfaces 1810for all interfaces. 1811The default value is 1812.Dq NO . 1813Even if this variable is specified to 1814.Dq YES , 1815.Dq :nosticky 1816keyword can be used to override it on per interface basis. 1817.It Va gif_interfaces 1818.Pq Vt str 1819This variable is deprecated in favor of 1820.Va cloned_interfaces . 1821Set to the list of 1822.Xr gif 4 1823tunnel interfaces to configure on this host. 1824For each 1825.Xr gif 1826tunnel interface, set a variable named 1827.Va ifconfig_ Ns Aq Ar interface 1828with the parameters for the 1829.Xr ifconfig 8 1830command to configure the link level for 1831.Ar interface 1832with the 1833.Cm tunnel 1834option. 1835The value of this variable is used to configure the link layer of the 1836tunnel using the 1837.Cm tunnel 1838option to 1839.Xr ifconfig . 1840For example, configure two 1841.Xr gif 1842interfaces with: 1843.Bd -literal -offset indent 1844gif_interfaces="gif0 gif1" 1845ifconfig_gif0="tunnel src_addr0 dst_addr0" 1846ifconfig_gif1="tunnel src_addr1 dst_addr1" 1847.Ed 1848.Pp 1849Additionally, this option ensures that each listed interface is created 1850via the 1851.Cm create 1852option to 1853.Xr ifconfig . 1854This example also works with 1855.Va cloned_interfaces 1856instead of 1857.Va gif_interfaces . 1858.It Va sppp_interfaces 1859.Pq Vt str 1860Set to the list of 1861.Xr sppp 4 1862interfaces to configure on this host. 1863A 1864.Va spppconfig_ Ns Aq Ar interface 1865variable is assumed to exist for each value of 1866.Ar interface . 1867Each interface should also be configured by a general 1868.Va ifconfig_ Ns Aq Ar interface 1869setting. 1870Refer to 1871.Xr spppcontrol 8 1872for more information about available options. 1873.It Va ppp_enable 1874.Pq Vt bool 1875If set to 1876.Dq Li YES , 1877run the 1878.Xr ppp 8 1879daemon. 1880.It Va ppp_profile 1881.Pq Vt str 1882The name of the profile to use from 1883.Pa /etc/ppp/ppp.conf . 1884Also used for per-profile overrides of 1885.Va ppp_mode 1886and 1887.Va ppp_nat , 1888and 1889.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1890When the profile name contains any of the characters 1891.Dq Li .-/+ 1892they are translated to 1893.Dq Li _ 1894for the proposes of the override variable names. 1895.It Va ppp_mode 1896.Pq Vt str 1897Mode in which to run the 1898.Xr ppp 8 1899daemon. 1900.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1901.Pq Vt str 1902Overrides the global 1903.Va ppp_mode 1904for 1905.Ar profile . 1906Accepted modes are 1907.Dq Li auto , 1908.Dq Li ddial , 1909.Dq Li direct 1910and 1911.Dq Li dedicated . 1912See the manual for a full description. 1913.It Va ppp_nat 1914.Pq Vt bool 1915If set to 1916.Dq Li YES , 1917enables network address translation. 1918Used in conjunction with 1919.Va gateway_enable 1920allows hosts on private network addresses access to the Internet using 1921this host as a network address translating router. 1922.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1923.Pq Vt str 1924Overrides the global 1925.Va ppp_nat 1926for 1927.Ar profile . 1928.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1929.Pq Vt int 1930Set the unit number to be used for this profile. 1931See the manual description of 1932.Fl unit Ns Ar N 1933for details. 1934.It Va ppp_user 1935.Pq Vt str 1936The name of the user under which 1937.Xr ppp 8 1938should be started. 1939By 1940default, 1941.Xr ppp 8 1942is started as 1943.Dq Li root . 1944.It Va rc_conf_files 1945.Pq Vt str 1946This option is used to specify a list of files that will override 1947the settings in 1948.Pa /etc/defaults/rc.conf . 1949The files will be read in the order in which they are specified and should 1950include the full path to the file. 1951By default, the files specified are 1952.Pa /etc/rc.conf 1953and 1954.Pa /etc/rc.conf.local 1955.It Va zfs_enable 1956.Pq Vt bool 1957If set to 1958.Dq Li YES , 1959.Pa /etc/rc.d/zfs 1960will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1961(ZVOLs). 1962.It Va gptboot_enable 1963.Pq Vt bool 1964If set to 1965.Dq Li YES , 1966.Pa /etc/rc.d/gptboot 1967will log if the system successfully (or not) booted from a GPT partition, 1968which had the 1969.Ar bootonce 1970attribute set using 1971.Xr gpart 8 1972utility. 1973.It Va gbde_autoattach_all 1974.Pq Vt bool 1975If set to 1976.Dq Li YES , 1977.Pa /etc/rc.d/gbde 1978will attempt to automatically initialize your .bde devices in 1979.Pa /etc/fstab . 1980.It Va gbde_devices 1981.Pq Vt str 1982List the devices that the script should try to attach, 1983or 1984.Dq Li AUTO . 1985.It Va gbde_lockdir 1986.Pq Vt str 1987The directory where the 1988.Xr gbde 4 1989lockfiles are located. 1990The default lockfile directory is 1991.Pa /etc . 1992.Pp 1993The lockfile for each individual 1994.Xr gbde 4 1995device can be overridden by setting the variable 1996.Va gbde_lock_ Ns Aq Ar device , 1997where 1998.Ar device 1999is the encrypted device without the 2000.Dq Pa /dev/ 2001and 2002.Dq Pa .bde 2003parts. 2004.It Va gbde_attach_attempts 2005.Pq Vt int 2006Number of times to attempt attaching to a 2007.Xr gbde 4 2008device, i.e., how many times the user is asked for the pass-phrase. 2009Default is 3. 2010.It Va geli_devices 2011.Pq Vt str 2012List of devices to automatically attach on boot. 2013Note that .eli devices from 2014.Pa /etc/fstab 2015are automatically appended to this list. 2016.It Va geli_groups 2017.Pq Vt str 2018List of groups containing devices to automatically attach on boot with the same 2019keyfiles and passphrase. 2020This must be accompanied with a corresponding 2021.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2022variable. 2023.It Va geli_tries 2024.Pq Vt int 2025Number of times user is asked for the pass-phrase. 2026If empty, it will be taken from 2027.Va kern.geom.eli.tries 2028sysctl variable. 2029.It Va geli_default_flags 2030.Pq Vt str 2031Default flags to use by 2032.Xr geli 8 2033when configuring disk encryption. 2034Flags can be configured for every device separately by defining the 2035.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2036variable, and for every group separately by defining the 2037.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2038variable. 2039.It Va geli_autodetach 2040.Pq Vt str 2041Specifies if GELI devices should be marked for detach on last close after 2042file systems are mounted. 2043Default is 2044.Dq Li YES . 2045This can be changed for every device separately by defining the 2046.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2047variable. 2048.It Va root_rw_mount 2049.Pq Vt bool 2050Set to 2051.Dq Li YES 2052by default. 2053After the file systems are checked at boot time, the root file system 2054is remounted as read-write if this is set to 2055.Dq Li YES . 2056Diskless systems that mount their root file system from a read-only remote 2057NFS share should set this to 2058.Dq Li NO 2059in their 2060.Pa rc.conf . 2061.It Va fsck_y_enable 2062.Pq Vt bool 2063If set to 2064.Dq Li YES , 2065.Xr fsck 8 2066will be run with the 2067.Fl y 2068flag if the initial preen 2069of the file systems fails. 2070.It Va background_fsck 2071.Pq Vt bool 2072If set to 2073.Dq Li NO , 2074the system will not attempt to run 2075.Xr fsck 8 2076in the background where possible. 2077.It Va background_fsck_delay 2078.Pq Vt int 2079The amount of time in seconds to sleep before starting a background 2080.Xr fsck 8 . 2081It defaults to sixty seconds to allow large applications such as 2082the X server to start before disk I/O bandwidth is monopolized by 2083.Xr fsck 8 . 2084If set to a negative number, the background file system check will be 2085delayed indefinitely to allow the administrator to run it at a more 2086convenient time. 2087For example it may be run from 2088.Xr cron 8 2089by adding a line like 2090.Pp 2091.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2092.Pp 2093to 2094.Pa /etc/crontab . 2095.It Va netfs_types 2096.Pq Vt str 2097List of file system types that are network-based. 2098This list should generally not be modified by end users. 2099Use 2100.Va extra_netfs_types 2101instead. 2102.It Va extra_netfs_types 2103.Pq Vt str 2104If set to something other than 2105.Dq Li NO 2106(the default), 2107this variable extends the list of file system types 2108for which automatic mounting at startup by 2109.Xr rc 8 2110should be delayed until the network is initialized. 2111It should contain 2112a whitespace-separated list of network file system descriptor pairs, 2113each consisting of a file system type as passed to 2114.Xr mount 8 2115and a human-readable, one-word description, 2116joined with a colon 2117.Pq Ql \&: . 2118Extending the default list in this way is only necessary 2119when third party file system types are used. 2120.It Va syslogd_enable 2121.Pq Vt bool 2122If set to 2123.Dq Li YES , 2124run the 2125.Xr syslogd 8 2126daemon. 2127.It Va syslogd_program 2128.Pq Vt str 2129Path to 2130.Xr syslogd 8 2131(default 2132.Pa /usr/sbin/syslogd ) . 2133.It Va syslogd_flags 2134.Pq Vt str 2135If 2136.Va syslogd_enable 2137is set to 2138.Dq Li YES , 2139these are the flags to pass to 2140.Xr syslogd 8 . 2141.It Va inetd_enable 2142.Pq Vt bool 2143If set to 2144.Dq Li YES , 2145run the 2146.Xr inetd 8 2147daemon. 2148.It Va inetd_program 2149.Pq Vt str 2150Path to 2151.Xr inetd 8 2152(default 2153.Pa /usr/sbin/inetd ) . 2154.It Va inetd_flags 2155.Pq Vt str 2156If 2157.Va inetd_enable 2158is set to 2159.Dq Li YES , 2160these are the flags to pass to 2161.Xr inetd 8 . 2162.It Va hastd_enable 2163.Pq Vt bool 2164If set to 2165.Dq Li YES , 2166run the 2167.Xr hastd 8 2168daemon. 2169.It Va hastd_program 2170.Pq Vt str 2171Path to 2172.Xr hastd 8 2173(default 2174.Pa /sbin/hastd ) . 2175.It Va hastd_flags 2176.Pq Vt str 2177If 2178.Va hastd_enable 2179is set to 2180.Dq Li YES , 2181these are the flags to pass to 2182.Xr hastd 8 . 2183.It Va local_unbound_enable 2184.Pq Vt bool 2185If set to 2186.Dq Li YES , 2187run the 2188.Xr unbound 8 2189daemon as a local caching resolver. 2190.It Va kdc_enable 2191.Pq Vt bool 2192Set to 2193.Dq Li YES 2194to start a Kerberos 5 authentication server 2195at boot time. 2196.It Va kdc_program 2197.Pq Vt str 2198If 2199.Va kdc_enable 2200is set to 2201.Dq Li YES 2202this is the path to Kerberos 5 Authentication Server. 2203.It Va kdc_flags 2204.Pq Vt str 2205Empty by default. 2206This variable contains additional flags to be passed to the Kerberos 5 2207authentication server. 2208.It Va kadmind_enable 2209.Pq Vt bool 2210Set to 2211.Dq Li YES 2212to start 2213.Xr kadmind 8 , 2214the Kerberos 5 Administration Daemon; set to 2215.Dq Li NO 2216on a slave server. 2217.It Va kadmind_program 2218.Pq Vt str 2219If 2220.Va kadmind_enable 2221is set to 2222.Dq Li YES 2223this is the path to Kerberos 5 Administration Daemon. 2224.It Va kpasswdd_enable 2225.Pq Vt bool 2226Set to 2227.Dq Li YES 2228to start 2229.Xr kpasswdd 8 , 2230the Kerberos 5 Password-Changing Daemon; set to 2231.Dq Li NO 2232on a slave server. 2233.It Va kpasswdd_program 2234.Pq Vt str 2235If 2236.Va kpasswdd_enable 2237is set to 2238.Dq Li YES 2239this is the path to Kerberos 5 Password-Changing Daemon. 2240.It Va kfd_enable 2241.Pq Vt bool 2242Set to 2243.Dq Li YES 2244to start 2245.Xr kfd 8 , 2246the Kerberos 5 ticket forwarding daemon, at the boot time. 2247.It Va kfd_program 2248.Pq Vt str 2249Path to 2250.Xr kfd 8 2251(default 2252.Pa /usr/libexec/kfd ) . 2253.It Va rwhod_enable 2254.Pq Vt bool 2255If set to 2256.Dq Li YES , 2257run the 2258.Xr rwhod 8 2259daemon at boot time. 2260.It Va rwhod_flags 2261.Pq Vt str 2262If 2263.Va rwhod_enable 2264is set to 2265.Dq Li YES , 2266these are the flags to pass to it. 2267.It Va amd_enable 2268.Pq Vt bool 2269If set to 2270.Dq Li YES , 2271run the 2272.Xr amd 8 2273daemon at boot time. 2274.It Va amd_flags 2275.Pq Vt str 2276If 2277.Va amd_enable 2278is set to 2279.Dq Li YES , 2280these are the flags to pass to it. 2281See the 2282.Xr amd 8 2283manpage for more information. 2284.It Va amd_map_program 2285.Pq Vt str 2286If set, 2287the specified program is run to get the list of 2288.Xr amd 8 2289maps. 2290For example, if the 2291.Xr amd 8 2292maps are stored in NIS, one can set this to 2293run 2294.Xr ypcat 1 2295to get a list of 2296.Xr amd 8 2297maps from the 2298.Pa amd.master 2299NIS map. 2300.It Va update_motd 2301.Pq Vt bool 2302If set to 2303.Dq Li YES , 2304.Pa /etc/motd 2305will be updated at boot time to reflect the kernel release 2306being run. 2307If set to 2308.Dq Li NO , 2309.Pa /etc/motd 2310will not be updated. 2311.It Va nfs_client_enable 2312.Pq Vt bool 2313If set to 2314.Dq Li YES , 2315run the NFS client daemons at boot time. 2316.It Va nfs_access_cache 2317.Pq Vt int 2318If 2319.Va nfs_client_enable 2320is set to 2321.Dq Li YES , 2322this can be set to 2323.Dq Li 0 2324to disable NFS ACCESS RPC caching, or to the number of seconds for which 2325NFS ACCESS 2326results should be cached. 2327A value of 2-10 seconds will substantially reduce network 2328traffic for many NFS operations. 2329.It Va nfs_server_enable 2330.Pq Vt bool 2331If set to 2332.Dq Li YES , 2333run the NFS server daemons at boot time. 2334.It Va nfs_server_flags 2335.Pq Vt str 2336If 2337.Va nfs_server_enable 2338is set to 2339.Dq Li YES , 2340these are the flags to pass to the 2341.Xr nfsd 8 2342daemon. 2343.It Va nfsv4_server_enable 2344.Pq Vt bool 2345If 2346.Va nfs_server_enable 2347is set to 2348.Dq Li YES 2349and 2350.Va nfsv4_server_enable 2351are set to 2352.Dq Li YES , 2353enable the server for NFSv4 as well as NFSv2 and NFSv3. 2354.It Va nfsuserd_enable 2355.Pq Vt bool 2356If 2357.Va nfsuserd_enable 2358is set to 2359.Dq Li YES , 2360run the nfsuserd daemon, which is needed for NFSv4 in order 2361to map between user/group names vs uid/gid numbers. 2362If 2363.Va nfsv4_server_enable 2364is set to 2365.Dq Li YES , 2366this will be forced enabled. 2367.It Va nfsuserd_flags 2368.Pq Vt str 2369If 2370.Va nfsuserd_enable 2371is set to 2372.Dq Li YES , 2373these are the flags to pass to the 2374.Xr nfsuserd 8 2375daemon. 2376.It Va nfscbd_enable 2377.Pq Vt bool 2378If 2379.Va nfscbd_enable 2380is set to 2381.Dq Li YES , 2382run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2383.It Va nfscbd_flags 2384.Pq Vt str 2385If 2386.Va nfscbd_enable 2387is set to 2388.Dq Li YES , 2389these are the flags to pass to the 2390.Xr nfscbd 8 2391daemon. 2392.It Va mountd_enable 2393.Pq Vt bool 2394If set to 2395.Dq Li YES , 2396and no 2397.Va nfs_server_enable 2398is set, start 2399.Xr mountd 8 , 2400but not 2401.Xr nfsd 8 2402daemon. 2403It is commonly needed to run CFS without real NFS used. 2404.It Va mountd_flags 2405.Pq Vt str 2406If 2407.Va mountd_enable 2408is set to 2409.Dq Li YES , 2410these are the flags to pass to the 2411.Xr mountd 8 2412daemon. 2413.It Va weak_mountd_authentication 2414.Pq Vt bool 2415If set to 2416.Dq Li YES , 2417allow services like PCNFSD to make non-privileged mount 2418requests. 2419.It Va nfs_reserved_port_only 2420.Pq Vt bool 2421If set to 2422.Dq Li YES , 2423provide NFS services only on a secure port. 2424.It Va nfs_bufpackets 2425.Pq Vt int 2426If set to a number, indicates the number of packets worth of 2427socket buffer space to reserve on an NFS client. 2428The kernel default is typically 4. 2429Using a higher number may be 2430useful on gigabit networks to improve performance. 2431The minimum value is 24322 and the maximum is 64. 2433.It Va rpc_lockd_enable 2434.Pq Vt bool 2435If set to 2436.Dq Li YES 2437and also an NFS server or client, run 2438.Xr rpc.lockd 8 2439at boot time. 2440.It Va rpc_lockd_flags 2441.Pq Vt str 2442If 2443.Va rpc_lockd_enable 2444is set to 2445.Dq Li YES , 2446these are the flags to pass to the 2447.Xr rpc.lockd 8 2448daemon. 2449.It Va rpc_statd_enable 2450.Pq Vt bool 2451If set to 2452.Dq Li YES 2453and also an NFS server or client, run 2454.Xr rpc.statd 8 2455at boot time. 2456.It Va rpc_statd_flags 2457.Pq Vt str 2458If 2459.Va rpc_statd_enable 2460is set to 2461.Dq Li YES , 2462these are the flags to pass to the 2463.Xr rpc.statd 8 2464daemon. 2465.It Va rpcbind_program 2466.Pq Vt str 2467Path to 2468.Xr rpcbind 8 2469(default 2470.Pa /usr/sbin/rpcbind ) . 2471.It Va rpcbind_enable 2472.Pq Vt bool 2473If set to 2474.Dq Li YES , 2475run the 2476.Xr rpcbind 8 2477service at boot time. 2478.It Va rpcbind_flags 2479.Pq Vt str 2480If 2481.Va rpcbind_enable 2482is set to 2483.Dq Li YES , 2484these are the flags to pass to the 2485.Xr rpcbind 8 2486daemon. 2487.It Va keyserv_enable 2488.Pq Vt bool 2489If set to 2490.Dq Li YES , 2491run the 2492.Xr keyserv 8 2493daemon on boot for running Secure RPC. 2494.It Va keyserv_flags 2495.Pq Vt str 2496If 2497.Va keyserv_enable 2498is set to 2499.Dq Li YES , 2500these are the flags to pass to 2501.Xr keyserv 8 2502daemon. 2503.It Va pppoed_enable 2504.Pq Vt bool 2505If set to 2506.Dq Li YES , 2507run the 2508.Xr pppoed 8 2509daemon at boot time to provide PPP over Ethernet services. 2510.It Va pppoed_ Ns Aq Ar provider 2511.Pq Vt str 2512.Xr pppoed 8 2513listens to requests to this 2514.Ar provider 2515and ultimately runs 2516.Xr ppp 8 2517with a 2518.Ar system 2519argument of the same name. 2520.It Va pppoed_flags 2521.Pq Vt str 2522Additional flags to pass to 2523.Xr pppoed 8 . 2524.It Va pppoed_interface 2525.Pq Vt str 2526The network interface to run 2527.Xr pppoed 8 2528on. 2529This is mandatory when 2530.Va pppoed_enable 2531is set to 2532.Dq Li YES . 2533.It Va timed_enable 2534.Pq Vt bool 2535If set to 2536.Dq Li YES , 2537run the 2538.Xr timed 8 2539service at boot time. 2540This command is intended for networks of 2541machines where a consistent 2542.Dq "network time" 2543for all hosts must be established. 2544This is often useful in large NFS 2545environments where time stamps on files are expected to be consistent 2546network-wide. 2547.It Va timed_flags 2548.Pq Vt str 2549If 2550.Va timed_enable 2551is set to 2552.Dq Li YES , 2553these are the flags to pass to the 2554.Xr timed 8 2555service. 2556.It Va ntpdate_enable 2557.Pq Vt bool 2558If set to 2559.Dq Li YES , 2560run 2561.Xr ntpdate 8 2562at system startup. 2563This command is intended to 2564synchronize the system clock only 2565.Em once 2566from some standard reference. 2567.Pp 2568Note that the use of the 2569.Va ntpd_sync_on_start 2570variable is a preferred alternative to the 2571.Xr ntpdate 8 2572utility as 2573.Xr ntpdate 8 2574is to be retired from the NTP distribution. 2575.It Va ntpdate_config 2576.Pq Vt str 2577Configuration file for 2578.Xr ntpdate 8 . 2579Default 2580.Pa /etc/ntp.conf . 2581.It Va ntpdate_hosts 2582.Pq Vt str 2583A whitespace-separated list of NTP servers to synchronize with at startup. 2584The default is to use the servers listed in 2585.Va ntpdate_config , 2586if that file exists. 2587.It Va ntpdate_program 2588.Pq Vt str 2589Path to 2590.Xr ntpdate 8 2591(default 2592.Pa /usr/sbin/ntpdate ) . 2593.It Va ntpdate_flags 2594.Pq Vt str 2595If 2596.Va ntpdate_enable 2597is set to 2598.Dq Li YES , 2599these are the flags to pass to the 2600.Xr ntpdate 8 2601command (typically a hostname). 2602.It Va ntpd_enable 2603.Pq Vt bool 2604If set to 2605.Dq Li YES , 2606run the 2607.Xr ntpd 8 2608command at boot time. 2609.It Va ntpd_program 2610.Pq Vt str 2611Path to 2612.Xr ntpd 8 2613(default 2614.Pa /usr/sbin/ntpd ) . 2615.It Va ntpd_config 2616.Pq Vt str 2617Path to 2618.Xr ntpd 8 2619configuration file. 2620Default 2621.Pa /etc/ntp.conf . 2622.It Va ntpd_flags 2623.Pq Vt str 2624If 2625.Va ntpd_enable 2626is set to 2627.Dq Li YES , 2628these are the flags to pass to the 2629.Xr ntpd 8 2630daemon. 2631.It Va ntpd_sync_on_start 2632.Pq Vt bool 2633If set to 2634.Dq Li YES , 2635.Xr ntpd 8 2636is run with the 2637.Fl g 2638flag, which syncs the system's clock on startup. 2639See 2640.Xr ntpd 8 2641for more information regarding the 2642.Fl g 2643option. 2644This is a preferred alternative to using 2645.Xr ntpdate 8 2646or specifying the 2647.Va ntpdate_enable 2648variable. 2649.It Va nis_client_enable 2650.Pq Vt bool 2651If set to 2652.Dq Li YES , 2653run the 2654.Xr ypbind 8 2655service at system boot time. 2656.It Va nis_client_flags 2657.Pq Vt str 2658If 2659.Va nis_client_enable 2660is set to 2661.Dq Li YES , 2662these are the flags to pass to the 2663.Xr ypbind 8 2664service. 2665.It Va nis_ypldap_enable 2666.Pq Vt bool 2667If set to 2668.Dq Li YES , 2669run the 2670.Xr ypldap 8 2671daemon at system boot time. 2672.It Va nis_ypldap_flags 2673.Pq Vt str 2674If 2675.Va nis.ypldap_enable 2676is set to 2677.Dq Li YES , 2678these are the flags to pass to the 2679.Xr ypldap 8 2680daemon. 2681.It Va nis_ypset_enable 2682.Pq Vt bool 2683If set to 2684.Dq Li YES , 2685run the 2686.Xr ypset 8 2687daemon at system boot time. 2688.It Va nis_ypset_flags 2689.Pq Vt str 2690If 2691.Va nis_ypset_enable 2692is set to 2693.Dq Li YES , 2694these are the flags to pass to the 2695.Xr ypset 8 2696daemon. 2697.It Va nis_server_enable 2698.Pq Vt bool 2699If set to 2700.Dq Li YES , 2701run the 2702.Xr ypserv 8 2703daemon at system boot time. 2704.It Va nis_server_flags 2705.Pq Vt str 2706If 2707.Va nis_server_enable 2708is set to 2709.Dq Li YES , 2710these are the flags to pass to the 2711.Xr ypserv 8 2712daemon. 2713.It Va nis_ypxfrd_enable 2714.Pq Vt bool 2715If set to 2716.Dq Li YES , 2717run the 2718.Xr rpc.ypxfrd 8 2719daemon at system boot time. 2720.It Va nis_ypxfrd_flags 2721.Pq Vt str 2722If 2723.Va nis_ypxfrd_enable 2724is set to 2725.Dq Li YES , 2726these are the flags to pass to the 2727.Xr rpc.ypxfrd 8 2728daemon. 2729.It Va nis_yppasswdd_enable 2730.Pq Vt bool 2731If set to 2732.Dq Li YES , 2733run the 2734.Xr rpc.yppasswdd 8 2735daemon at system boot time. 2736.It Va nis_yppasswdd_flags 2737.Pq Vt str 2738If 2739.Va nis_yppasswdd_enable 2740is set to 2741.Dq Li YES , 2742these are the flags to pass to the 2743.Xr rpc.yppasswdd 8 2744daemon. 2745.It Va rpc_ypupdated_enable 2746.Pq Vt bool 2747If set to 2748.Dq Li YES , 2749run the 2750.Nm rpc.ypupdated 2751daemon at system boot time. 2752.It Va bsnmpd_enable 2753.Pq Vt bool 2754If set to 2755.Dq Li YES , 2756run the 2757.Xr bsnmpd 1 2758daemon at system boot time. 2759Be sure to understand the security implications of running SNMP daemon 2760on your host. 2761.It Va bsnmpd_flags 2762.Pq Vt str 2763If 2764.Va bsnmpd_enable 2765is set to 2766.Dq Li YES , 2767these are the flags to pass to the 2768.Xr bsnmpd 1 2769daemon. 2770.It Va defaultrouter 2771.Pq Vt str 2772If not set to 2773.Dq Li NO , 2774create a default route to this host name or IP address 2775(use an IP address if this router is also required to get to the 2776name server!). 2777.It Va ipv6_defaultrouter 2778.Pq Vt str 2779The IPv6 equivalent of 2780.Va defaultrouter . 2781.It Va static_arp_pairs 2782.Pq Vt str 2783Set to the list of static ARP pairs that are to be added at system 2784boot time. 2785For each whitespace separated 2786.Ar element 2787in the value, a 2788.Va static_arp_ Ns Aq Ar element 2789variable is assumed to exist whose contents will later be passed to a 2790.Dq Nm arp Cm -S 2791operation. 2792For example 2793.Bd -literal 2794static_arp_pairs="gw" 2795static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2796.Ed 2797.It Va static_ndp_pairs 2798.Pq Vt str 2799Set to the list of static NDP pairs that are to be added at system 2800boot time. 2801For each whitespace separated 2802.Ar element 2803in the value, a 2804.Va static_ndp_ Ns Aq Ar element 2805variable is assumed to exist whose contents will later be passed to a 2806.Dq Nm ndp Cm -s 2807operation. 2808For example 2809.Bd -literal 2810static_ndp_pairs="gw" 2811static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2812.Ed 2813.It Va static_routes 2814.Pq Vt str 2815Set to the list of static routes that are to be added at system 2816boot time. 2817If not set to 2818.Dq Li NO 2819then for each whitespace separated 2820.Ar element 2821in the value, a 2822.Va route_ Ns Aq Ar element 2823variable is assumed to exist 2824whose contents will later be passed to a 2825.Dq Nm route Cm add 2826operation. 2827For example: 2828.Bd -literal 2829static_routes="ext mcast:gif0 gif0local:gif0" 2830route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2831route_mcast="-net 224.0.0.0/4 -iface gif0" 2832route_gif0local="-host 169.254.1.1 -iface lo0" 2833.Ed 2834.Pp 2835When an 2836.Ar element 2837is in the form of 2838.Li name:ifname , 2839the route is specific to the interface 2840.Li ifname . 2841.It Va ipv6_static_routes 2842.Pq Vt str 2843The IPv6 equivalent of 2844.Va static_routes . 2845If not set to 2846.Dq Li NO 2847then for each whitespace separated 2848.Ar element 2849in the value, a 2850.Va ipv6_route_ Ns Aq Ar element 2851variable is assumed to exist 2852whose contents will later be passed to a 2853.Dq Nm route Cm add Fl inet6 2854operation. 2855.It Va gateway_enable 2856.Pq Vt bool 2857If set to 2858.Dq Li YES , 2859configure host to act as an IP router, e.g.\& to forward packets 2860between interfaces. 2861.It Va ipv6_gateway_enable 2862.Pq Vt bool 2863The IPv6 equivalent of 2864.Va gateway_enable . 2865.It Va routed_enable 2866.Pq Vt bool 2867If set to 2868.Dq Li YES , 2869run a routing daemon of some sort, based on the 2870settings of 2871.Va routed_program 2872and 2873.Va routed_flags . 2874.It Va route6d_enable 2875.Pq Vt bool 2876The IPv6 equivalent of 2877.Va routed_enable . 2878If set to 2879.Dq Li YES , 2880run a routing daemon of some sort, based on the 2881settings of 2882.Va route6d_program 2883and 2884.Va route6d_flags . 2885.It Va routed_program 2886.Pq Vt str 2887If 2888.Va routed_enable 2889is set to 2890.Dq Li YES , 2891this is the name of the routing daemon to use. 2892.It Va route6d_program 2893.Pq Vt str 2894The IPv6 equivalent of 2895.Va routed_program . 2896.It Va routed_flags 2897.Pq Vt str 2898If 2899.Va routed_enable 2900is set to 2901.Dq Li YES , 2902these are the flags to pass to the routing daemon. 2903.It Va route6d_flags 2904.Pq Vt str 2905The IPv6 equivalent of 2906.Va routed_flags . 2907.It Va rtadvd_enable 2908.Pq Vt bool 2909If set to 2910.Dq Li YES , 2911run the 2912.Xr rtadvd 8 2913daemon at boot time. 2914The 2915.Xr rtadvd 8 2916utility sends ICMPv6 Router Advertisement messages to 2917the interfaces specified in 2918.Va rtadvd_interfaces . 2919This should only be enabled with great care. 2920You may want to fine-tune 2921.Xr rtadvd.conf 5 . 2922.It Va rtadvd_interfaces 2923.Pq Vt str 2924If 2925.Va rtadvd_enable 2926is set to 2927.Dq Li YES 2928this is the list of interfaces to use. 2929.It Va arpproxy_all 2930.Pq Vt bool 2931If set to 2932.Dq Li YES , 2933enable global proxy ARP. 2934.It Va forward_sourceroute 2935.Pq Vt bool 2936If set to 2937.Dq Li YES 2938and 2939.Va gateway_enable 2940is also set to 2941.Dq Li YES , 2942source-routed packets are forwarded. 2943.It Va accept_sourceroute 2944.Pq Vt bool 2945If set to 2946.Dq Li YES , 2947the system will accept source-routed packets directed at it. 2948.It Va rarpd_enable 2949.Pq Vt bool 2950If set to 2951.Dq Li YES , 2952run the 2953.Xr rarpd 8 2954daemon at system boot time. 2955.It Va rarpd_flags 2956.Pq Vt str 2957If 2958.Va rarpd_enable 2959is set to 2960.Dq Li YES , 2961these are the flags to pass to the 2962.Xr rarpd 8 2963daemon. 2964.It Va bootparamd_enable 2965.Pq Vt bool 2966If set to 2967.Dq Li YES , 2968run the 2969.Xr bootparamd 8 2970daemon at system boot time. 2971.It Va bootparamd_flags 2972.Pq Vt str 2973If 2974.Va bootparamd_enable 2975is set to 2976.Dq Li YES , 2977these are the flags to pass to the 2978.Xr bootparamd 8 2979daemon. 2980.It Va stf_interface_ipv4addr 2981.Pq Vt str 2982If not set to 2983.Dq Li NO , 2984this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2985interface). 2986Specify this entry to enable the 6to4 interface. 2987.It Va stf_interface_ipv4plen 2988.Pq Vt int 2989Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2990An effective value is 0-31. 2991.It Va stf_interface_ipv6_ifid 2992.Pq Vt str 2993IPv6 interface ID for 2994.Xr stf 4 . 2995This can be set to 2996.Dq Li AUTO . 2997.It Va stf_interface_ipv6_slaid 2998.Pq Vt str 2999IPv6 Site Level Aggregator for 3000.Xr stf 4 . 3001.It Va ipv6_ipv4mapping 3002.Pq Vt bool 3003If set to 3004.Dq Li YES 3005this enables IPv4 mapped IPv6 address communication (like 3006.Li ::ffff:a.b.c.d ) . 3007.It Va rtsold_enable 3008.Pq Vt bool 3009Set to 3010.Dq Li YES 3011to enable the 3012.Xr rtsold 8 3013daemon to send ICMPv6 Router Solicitation messages. 3014.It Va rtsold_flags 3015.Pq Vt str 3016If 3017.Va rtsold_enable 3018is set to 3019.Dq Li YES , 3020these are the flags to pass to 3021.Xr rtsold 8 . 3022.It Va rtsol_flags 3023.Pq Vt str 3024For interfaces configured with the 3025.Dq Li inet6 accept_rtadv 3026keyword, these are the flags to pass to 3027.Xr rtsol 8 . 3028.Pp 3029Note that 3030.Va rtsold_enable 3031is mutually exclusive to 3032.Va rtsol_flags ; 3033.Va rtsold_enable 3034takes precedence. 3035.It Va keybell 3036.Pq Vt str 3037The keyboard bell sound. 3038Set to 3039.Dq Li normal , 3040.Dq Li visual , 3041.Dq Li off , 3042or 3043.Dq Li NO 3044if the default behavior is desired. 3045For details, refer to the 3046.Xr kbdcontrol 1 3047manpage. 3048.It Va keyboard 3049.Pq Vt str 3050If set to a non-null string, the virtual console's keyboard input is 3051set to this device. 3052.It Va keymap 3053.Pq Vt str 3054If set to 3055.Dq Li NO , 3056no keymap is installed, otherwise the value is used to install 3057the keymap file found in 3058.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3059(if using 3060.Xr syscons 4 ) or 3061.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3062(if using 3063.Xr vt 4 ) . 3064.It Va keyrate 3065.Pq Vt str 3066The keyboard repeat speed. 3067Set to 3068.Dq Li slow , 3069.Dq Li normal , 3070.Dq Li fast , 3071or 3072.Dq Li NO 3073if the default behavior is desired. 3074.It Va keychange 3075.Pq Vt str 3076If not set to 3077.Dq Li NO , 3078attempt to program the function keys with the value. 3079The value should 3080be a single string of the form: 3081.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3082.It Va cursor 3083.Pq Vt str 3084Can be set to the value of 3085.Dq Li normal , 3086.Dq Li blink , 3087.Dq Li destructive , 3088or 3089.Dq Li NO 3090to set the cursor behavior explicitly or choose the default behavior. 3091.It Va scrnmap 3092.Pq Vt str 3093If set to 3094.Dq Li NO , 3095no screen map is installed, otherwise the value is used to install 3096the screen map file in 3097.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3098This parameter is ignored when using 3099.Xr vt 4 3100as the console driver. 3101.It Va font8x16 3102.Pq Vt str 3103If set to 3104.Dq Li NO , 3105the default 8x16 font value is used for screen size requests, otherwise 3106the value in 3107.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3108or 3109.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3110is used (depending on the console driver being used). 3111.It Va font8x14 3112.Pq Vt str 3113If set to 3114.Dq Li NO , 3115the default 8x14 font value is used for screen size requests, otherwise 3116the value in 3117.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3118or 3119.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3120is used (depending on the console driver being used). 3121.It Va font8x8 3122.Pq Vt str 3123If set to 3124.Dq Li NO , 3125the default 8x8 font value is used for screen size requests, otherwise 3126the value in 3127.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3128or 3129.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3130is used (depending on the console driver being used). 3131.It Va blanktime 3132.Pq Vt int 3133If set to 3134.Dq Li NO , 3135the default screen blanking interval is used, otherwise it is set 3136to 3137.Ar value 3138seconds. 3139.It Va saver 3140.Pq Vt str 3141If not set to 3142.Dq Li NO , 3143this is the actual screen saver to use 3144.Li ( blank , snake , daemon , 3145etc). 3146.It Va moused_nondefault_enable 3147.Pq Vt str 3148If set to 3149.Dq Li NO , 3150the mouse device specified on 3151the command line is not automatically treated as enabled by the 3152.Pa /etc/rc.d/moused 3153script. 3154Having this variable set to 3155.Dq Li YES 3156allows a 3157.Xr usb 4 3158mouse, 3159for example, 3160to be enabled as soon as it is plugged in. 3161.It Va moused_enable 3162.Pq Vt str 3163If set to 3164.Dq Li YES , 3165the 3166.Xr moused 8 3167daemon is started for doing cut/paste selection on the console. 3168.It Va moused_type 3169.Pq Vt str 3170This is the protocol type of the mouse connected to this host. 3171This variable must be set if 3172.Va moused_enable 3173is set to 3174.Dq Li YES . 3175The 3176.Xr moused 8 3177daemon 3178is able to detect the appropriate mouse type automatically in many cases. 3179Set this variable to 3180.Dq Li auto 3181to let the daemon detect it, or 3182select one from the following list if the automatic detection fails. 3183.Pp 3184If the mouse is attached to the PS/2 mouse port, choose 3185.Dq Li auto 3186or 3187.Dq Li ps/2 , 3188regardless of the brand and model of the mouse. 3189Likewise, if the 3190mouse is attached to the bus mouse port, choose 3191.Dq Li auto 3192or 3193.Dq Li busmouse . 3194All other protocols are for serial mice and will not work with 3195the PS/2 and bus mice. 3196If this is a USB mouse, 3197.Dq Li auto 3198is the only protocol type which will work. 3199.Pp 3200.Bl -tag -width ".Li x10mouseremote" -compact 3201.It Li microsoft 3202Microsoft mouse (serial) 3203.It Li intellimouse 3204Microsoft IntelliMouse (serial) 3205.It Li mousesystems 3206Mouse systems Corp.\& mouse (serial) 3207.It Li mmseries 3208MM Series mouse (serial) 3209.It Li logitech 3210Logitech mouse (serial) 3211.It Li busmouse 3212A bus mouse 3213.It Li mouseman 3214Logitech MouseMan and TrackMan (serial) 3215.It Li glidepoint 3216ALPS GlidePoint (serial) 3217.It Li thinkingmouse 3218Kensington ThinkingMouse (serial) 3219.It Li ps/2 3220PS/2 mouse 3221.It Li mmhittab 3222MM HitTablet (serial) 3223.It Li x10mouseremote 3224X10 MouseRemote (serial) 3225.It Li versapad 3226Interlink VersaPad (serial) 3227.El 3228.Pp 3229Even if the mouse is not in the above list, it may be compatible 3230with one in the list. 3231Refer to the manual page for 3232.Xr moused 8 3233for compatibility information. 3234.Pp 3235It should also be noted that while this is enabled, any 3236other client of the mouse (such as an X server) should access 3237the mouse through the virtual mouse device, 3238.Pa /dev/sysmouse , 3239and configure it as a 3240.Dq Li sysmouse 3241type mouse, since all 3242mouse data is converted to this single canonical format when 3243using 3244.Xr moused 8 . 3245If the client program does not support the 3246.Dq Li sysmouse 3247type, 3248specify the 3249.Dq Li mousesystems 3250type. 3251It is the second preferred type. 3252.It Va moused_port 3253.Pq Vt str 3254If 3255.Va moused_enable 3256is set to 3257.Dq Li YES , 3258this is the actual port the mouse is on. 3259It might be 3260.Pa /dev/cuau0 3261for a COM1 serial mouse, or 3262.Pa /dev/psm0 3263for a PS/2 mouse, for example. 3264.It Va moused_flags 3265.Pq Vt str 3266If 3267.Va moused_flags 3268is set, its value is used as an additional set of flags to pass to the 3269.Xr moused 8 3270daemon. 3271.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3272When 3273.Va moused_nondefault_enable 3274is enabled, and a 3275.Xr moused 8 3276daemon is started for a non-default port, the 3277.Va "moused_" Ns Ar XXX Ns Va "_flags" 3278set of options has precedence over and replaces the default 3279.Va moused_flags 3280(where 3281.Ar XXX 3282is the name of the non-default port, i.e.,\& 3283.Ar ums0 ) . 3284By setting 3285.Va "moused_" Ns Ar XXX Ns Va "_flags" 3286it is possible to set up a different set of default flags for each 3287.Xr moused 8 3288instance. 3289For example, you can use 3290.Dq Li "-3" 3291for the default 3292.Va moused_flags 3293to make your laptop's touchpad more comfortable to use, 3294but an empty set of options for 3295.Va moused_ums0_flags 3296when your 3297.Xr usb 4 3298mouse has three or more buttons. 3299.It Va mousechar_start 3300.Pq Vt int 3301If set to 3302.Dq Li NO , 3303the default mouse cursor character range 3304.Li 0xd0 Ns - Ns Li 0xd3 3305is used, 3306otherwise the range start is set 3307to 3308.Ar value 3309character, see 3310.Xr vidcontrol 1 . 3311Use if the default range is occupied in the language code table. 3312.It Va allscreens_flags 3313.Pq Vt str 3314If set, 3315.Xr vidcontrol 1 3316is run with these options for each of the virtual terminals 3317.Pq Pa /dev/ttyv* . 3318For example, 3319.Dq Fl m Cm on 3320will enable the mouse pointer on all virtual terminals 3321if 3322.Va moused_enable 3323is set to 3324.Dq Li YES . 3325.It Va allscreens_kbdflags 3326.Pq Vt str 3327If set, 3328.Xr kbdcontrol 1 3329is run with these options for each of the virtual terminals 3330.Pq Pa /dev/ttyv* . 3331For example, 3332.Dq Fl h Li 200 3333will set the 3334.Xr syscons 4 3335or 3336.Xr vt 4 3337scrollback (history) buffer to 200 lines. 3338.It Va cron_enable 3339.Pq Vt bool 3340If set to 3341.Dq Li YES , 3342run the 3343.Xr cron 8 3344daemon at system boot time. 3345.It Va cron_program 3346.Pq Vt str 3347Path to 3348.Xr cron 8 3349(default 3350.Pa /usr/sbin/cron ) . 3351.It Va cron_flags 3352.Pq Vt str 3353If 3354.Va cron_enable 3355is set to 3356.Dq Li YES , 3357these are the flags to pass to 3358.Xr cron 8 . 3359.It Va cron_dst 3360.Pq Vt bool 3361If set to 3362.Dq Li YES , 3363enable the special handling of transitions to and from the 3364Daylight Saving Time in 3365.Xr cron 8 3366(equivalent to using the flag 3367.Fl s ) . 3368.It Va lpd_program 3369.Pq Vt str 3370Path to 3371.Xr lpd 8 3372(default 3373.Pa /usr/sbin/lpd ) . 3374.It Va lpd_enable 3375.Pq Vt bool 3376If set to 3377.Dq Li YES , 3378run the 3379.Xr lpd 8 3380daemon at system boot time. 3381.It Va lpd_flags 3382.Pq Vt str 3383If 3384.Va lpd_enable 3385is set to 3386.Dq Li YES , 3387these are the flags to pass to the 3388.Xr lpd 8 3389daemon. 3390.It Va chkprintcap_enable 3391.Pq Vt bool 3392If set to 3393.Dq Li YES , 3394run the 3395.Xr chkprintcap 8 3396command before starting the 3397.Xr lpd 8 3398daemon. 3399.It Va chkprintcap_flags 3400.Pq Vt str 3401If 3402.Va lpd_enable 3403and 3404.Va chkprintcap_enable 3405are set to 3406.Dq Li YES , 3407these are the flags to pass to the 3408.Xr chkprintcap 8 3409program. 3410The default is 3411.Dq Li -d , 3412which causes missing directories to be created. 3413.It Va mta_start_script 3414.Pq Vt str 3415This variable specifies the full path to the script to run to start 3416a mail transfer agent. 3417The default is 3418.Pa /etc/rc.sendmail . 3419The 3420.Va sendmail_* 3421variables which 3422.Pa /etc/rc.sendmail 3423uses are documented in the 3424.Xr rc.sendmail 8 3425manual page. 3426.It Va dumpdev 3427.Pq Vt str 3428Indicates the device (usually a swap partition) to which a crash dump 3429should be written in the event of a system crash. 3430If the value of this variable is 3431.Dq Li AUTO , 3432the first suitable swap device listed in 3433.Pa /etc/fstab 3434will be used as dump device. 3435Otherwise, the value of this variable is passed as the argument to 3436.Xr dumpon 8 . 3437To disable crash dumps, set this variable to 3438.Dq Li NO . 3439.It Va dumpon_flags 3440.Pq Vt str 3441Flags to pass to 3442.Xr dumpon 8 3443when configuring 3444.Va dumpdev 3445as the system dump device. 3446.It Va dumpdir 3447.Pq Vt str 3448When the system reboots after a crash and a crash dump is found on the 3449device specified by the 3450.Va dumpdev 3451variable, 3452.Xr savecore 8 3453will save that crash dump and a copy of the kernel to the directory 3454specified by the 3455.Va dumpdir 3456variable. 3457The default value is 3458.Pa /var/crash . 3459Set to 3460.Dq Li NO 3461to not run 3462.Xr savecore 8 3463at boot time when 3464.Va dumpdir 3465is set. 3466.It Va savecore_enable 3467.Pq Vt bool 3468If set to 3469.Dq Li NO , 3470disable automatic extraction of the crash dump from the 3471.Va dumpdev . 3472.It Va savecore_flags 3473.Pq Vt str 3474If crash dumps are enabled, these are the flags to pass to the 3475.Xr savecore 8 3476utility. 3477.It Va quota_enable 3478.Pq Vt bool 3479Set to 3480.Dq Li YES 3481to turn on user and group disk quotas on system startup via the 3482.Xr quotaon 8 3483command for all file systems marked as having quotas enabled in 3484.Pa /etc/fstab . 3485The kernel must be built with 3486.Cd "options QUOTA" 3487for disk quotas to function. 3488.It Va check_quotas 3489.Pq Vt bool 3490Set to 3491.Dq Li YES 3492to enable user and group disk quota checking via the 3493.Xr quotacheck 8 3494command. 3495.It Va quotacheck_flags 3496.Pq Vt str 3497If 3498.Va quota_enable 3499is set to 3500.Dq Li YES , 3501and 3502.Va check_quotas 3503is set to 3504.Dq Li YES , 3505these are the flags to pass to the 3506.Xr quotacheck 8 3507utility. 3508The default is 3509.Dq Li "-a" , 3510which checks quotas for all file systems with quotas enabled in 3511.Pa /etc/fstab . 3512.It Va quotaon_flags 3513.Pq Vt str 3514If 3515.Va quota_enable 3516is set to 3517.Dq Li YES , 3518these are the flags to pass to the 3519.Xr quotaon 8 3520utility. 3521The default is 3522.Dq Li "-a" , 3523which enables quotas for all file systems with quotas enabled in 3524.Pa /etc/fstab . 3525.It Va quotaoff_flags 3526.Pq Vt str 3527If 3528.Va quota_enable 3529is set to 3530.Dq Li YES , 3531these are the flags to pass to the 3532.Xr quotaoff 8 3533utility when shutting down the quota system. 3534The default is 3535.Dq Li "-a" , 3536which disables quotas for all file systems with quotas enabled in 3537.Pa /etc/fstab . 3538.It Va accounting_enable 3539.Pq Vt bool 3540Set to 3541.Dq Li YES 3542to enable system accounting through the 3543.Xr accton 8 3544facility. 3545.It Va firstboot_sentinel 3546.Pq Vt str 3547This variable specifies the full path to a 3548.Dq first boot 3549sentinel file. 3550If a file exists with this path, 3551.Pa rc.d 3552scripts with the 3553.Dq firstboot 3554keyword will be run on startup and the sentinel file will be deleted 3555after the boot process completes. 3556The sentinel file must be located on a writable file system which is 3557mounted no later than 3558.Va early_late_divider 3559to function properly. 3560The default is 3561.Pa /firstboot . 3562.It Va linux_enable 3563.Pq Vt bool 3564Set to 3565.Dq Li YES 3566to enable Linux/ELF binary emulation at system initial 3567boot time. 3568.It Va sysvipc_enable 3569.Pq Vt bool 3570If set to 3571.Dq Li YES , 3572load System V IPC primitives at boot time. 3573.It Va clear_tmp_enable 3574.Pq Vt bool 3575Set to 3576.Dq Li YES 3577to have 3578.Pa /tmp 3579cleaned at startup. 3580.It Va clear_tmp_X 3581.Pq Vt bool 3582Set to 3583.Dq Li NO 3584to disable removing of X11 lock files, 3585and the removal and (secure) recreation 3586of the various socket directories for X11 3587related programs. 3588.It Va ldconfig_paths 3589.Pq Vt str 3590Set to the list of shared library paths to use with 3591.Xr ldconfig 8 . 3592NOTE: 3593.Pa /usr/lib 3594will always be added first, so it need not appear in this list. 3595.It Va ldconfig32_paths 3596.Pq Vt str 3597Set to the list of 32-bit compatibility shared library paths to 3598use with 3599.Xr ldconfig 8 . 3600.It Va ldconfig_paths_aout 3601.Pq Vt str 3602Set to the list of shared library paths to use with 3603.Xr ldconfig 8 3604legacy 3605.Xr a.out 5 3606support. 3607.It Va ldconfig_insecure 3608.Pq Vt bool 3609The 3610.Xr ldconfig 8 3611utility normally refuses to use directories 3612which are writable by anyone except root. 3613Set this variable to 3614.Dq Li YES 3615to disable that security check during system startup. 3616.It Va ldconfig_local_dirs 3617.Pq Vt str 3618Set to the list of local 3619.Xr ldconfig 8 3620directories. 3621The names of all files in the directories listed will be 3622passed as arguments to 3623.Xr ldconfig 8 . 3624.It Va ldconfig_local32_dirs 3625.Pq Vt str 3626Set to the list of local 32-bit compatibility 3627.Xr ldconfig 8 3628directories. 3629The names of all files in the directories listed will be 3630passed as arguments to 3631.Dq Nm ldconfig Fl 32 . 3632.It Va kern_securelevel_enable 3633.Pq Vt bool 3634Set to 3635.Dq Li YES 3636to set the kernel security level at system startup. 3637.It Va kern_securelevel 3638.Pq Vt int 3639The kernel security level to set at startup. 3640The allowed range of 3641.Ar value 3642ranges from \-1 (the compile time default) to 3 (the 3643most secure). 3644See 3645.Xr security 7 3646for the list of possible security levels and their effect 3647on system operation. 3648.It Va sshd_program 3649.Pq Vt str 3650Path to the SSH server program 3651.Pa ( /usr/sbin/sshd 3652is the default). 3653.It Va sshd_enable 3654.Pq Vt bool 3655Set to 3656.Dq Li YES 3657to start 3658.Xr sshd 8 3659at system boot time. 3660.It Va sshd_flags 3661.Pq Vt str 3662If 3663.Va sshd_enable 3664is set to 3665.Dq Li YES , 3666these are the flags to pass to the 3667.Xr sshd 8 3668daemon. 3669.It Va ftpd_program 3670.Pq Vt str 3671Path to the FTP server program 3672.Pa ( /usr/libexec/ftpd 3673is the default). 3674.It Va ftpd_enable 3675.Pq Vt bool 3676Set to 3677.Dq Li YES 3678to start 3679.Xr ftpd 8 3680as a stand-alone daemon at system boot time. 3681.It Va ftpd_flags 3682.Pq Vt str 3683If 3684.Va ftpd_enable 3685is set to 3686.Dq Li YES , 3687these are the additional flags to pass to the 3688.Xr ftpd 8 3689daemon. 3690.It Va watchdogd_enable 3691.Pq Vt bool 3692If set to 3693.Dq Li YES , 3694start the 3695.Xr watchdogd 8 3696daemon at boot time. 3697This requires that the kernel have been compiled with a 3698.Xr watchdog 4 3699compatible device. 3700.It Va watchdogd_flags 3701.Pq Vt str 3702If 3703.Va watchdogd_enable 3704is set to 3705.Dq Li YES , 3706these are the flags passed to the 3707.Xr watchdogd 8 3708daemon. 3709.It Va devfs_rulesets 3710.Pq Vt str 3711List of files containing sets of rules for 3712.Xr devfs 8 . 3713.It Va devfs_system_ruleset 3714.Pq Vt str 3715Rule name(s) to apply to the system 3716.Pa /dev 3717itself. 3718.It Va devfs_set_rulesets 3719.Pq Vt str 3720Pairs of already-mounted 3721.Pa dev 3722directories and rulesets that should be applied to them. 3723For example: /mount/dev=ruleset_name 3724.It Va devfs_load_rulesets 3725.Pq Vt bool 3726If set, always load the default rulesets listed in 3727.Va devfs_rulesets . 3728.It Va performance_cx_lowest 3729.Pq Vt str 3730CPU idle state to use while on AC power. 3731The string 3732.Dq Li LOW 3733indicates that 3734.Xr acpi 4 3735should use the lowest power state available while 3736.Dq Li HIGH 3737indicates that the lowest latency state (less power savings) should be used. 3738.It Va performance_cpu_freq 3739.Pq Vt str 3740CPU clock frequency to use while on AC power. 3741The string 3742.Dq Li LOW 3743indicates that 3744.Xr cpufreq 4 3745should use the lowest frequency available while 3746.Dq Li HIGH 3747indicates that the highest frequency (less power savings) should be used. 3748.It Va economy_cx_lowest 3749.Pq Vt str 3750CPU idle state to use when off AC power. 3751The string 3752.Dq Li LOW 3753indicates that 3754.Xr acpi 4 3755should use the lowest power state available while 3756.Dq Li HIGH 3757indicates that the lowest latency state (less power savings) should be used. 3758.It Va economy_cpu_freq 3759.Pq Vt str 3760CPU clock frequency to use when off AC power. 3761The string 3762.Dq Li LOW 3763indicates that 3764.Xr cpufreq 4 3765should use the lowest frequency available while 3766.Dq Li HIGH 3767indicates that the highest frequency (less power savings) should be used. 3768.It Va jail_enable 3769.Pq Vt bool 3770If set to 3771.Dq Li NO , 3772any configured jails will not be started. 3773.It Va jail_conf 3774.Pq Vt str 3775The configuration filename used by 3776.Xr jail 8 3777utility. 3778The default value is 3779.Pa /etc/jail.conf . 3780.It Va jail_parallel_start 3781.Pq Vt bool 3782If set to 3783.Dq Li YES , 3784all configured jails will be started in the background (in parallel). 3785.It Va jail_flags 3786.Pq Vt str 3787Unset by default. 3788When set, use as default value for 3789.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3790for every jail in 3791.Va jail_list . 3792.It Va jail_list 3793.Pq Vt str 3794A space-delimited list of jail names. 3795When left empty, all of the 3796.Xr jail 8 3797instances defined in the configuration file are started. 3798The names specified in this list control the jail startup order. 3799.Xr jail 8 3800instances missing from 3801.Va jail_list 3802must be started manually. 3803Note that a jail's 3804.Va depend 3805parameter in the configuration file may override this list. 3806.It Va jail_reverse_stop 3807.Pq Vt bool 3808When set to 3809.Dq Li YES , 3810all configured jails in 3811.Va jail_list 3812are stopped in reverse order. 3813.It Va jail_* variables 3814Note that older releases supported per-jail configuration via 3815.Nm 3816variables. 3817For example, 3818hostname of a jail named 3819.Li vjail 3820was able to be set by 3821.Li jail_vjail_hostname . 3822These per-jail configuration variables are now obsolete in favor of 3823.Xr jail 8 3824configuration file. 3825For backward compatibility, 3826when per-jail configuration variables are defined, 3827.Xr jail 8 3828configuration files are created as 3829.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3830and used. 3831.Pp 3832The following per-jail parameters are handled by 3833.Pa rc.d/jail 3834script out of their corresponding 3835.Nm 3836variables. 3837In addition to them, parameters in 3838.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3839will be added to the configuration file. 3840They must be a semi-colon 3841.Pq Ql \&; 3842delimited list of 3843.Dq key=value . 3844For more details, 3845see 3846.Xr jail 8 3847manual page. 3848.Bl -tag -width "host.hostname" -offset indent 3849.It Li path 3850set from 3851.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3852.It Li host.hostname 3853set from 3854.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3855.It Li exec.consolelog 3856set from 3857.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3858The default value is 3859.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3860.It Li interface 3861set from 3862.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3863.It Li vnet.interface 3864set from 3865.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3866This implies 3867.Li vnet 3868parameter will be enabled and cannot be specified with 3869.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3870.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3871and/or 3872.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3873at the same time. 3874.It Li fstab 3875set from 3876.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3877.It Li mount 3878set from 3879.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3880.It Li exec.fib 3881set from 3882.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3883.It Li exec.start 3884set from 3885.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3886The parameter name was 3887.Li command 3888in some older releases. 3889.It Li exec.prestart 3890set from 3891.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3892.It Li exec.poststart 3893set from 3894.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3895.It Li exec.stop 3896set from 3897.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3898.It Li exec.prestop 3899set from 3900.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3901.It Li exec.poststop 3902set from 3903.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3904.It Li ip4.addr 3905set if 3906.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3907or 3908.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3909contain IPv4 addresses 3910.It Li ip6.addr 3911set if 3912.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3913or 3914.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3915contain IPv6 addresses 3916.It Li allow.mount 3917set from 3918.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3919.It Li mount.devfs 3920set from 3921.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3922.It Li devfs_ruleset 3923set from 3924.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3925This must be an integer, 3926not a string. 3927.It Li mount.fdescfs 3928set from 3929.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3930.It Li allow.set_hostname 3931set from 3932.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3933.It Li allow.rawsocket 3934set from 3935.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3936.It Li allow.sysvipc 3937set from 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3939.El 3940.\" ----------------------------------------------------- 3941.It Va harvest_mask 3942.Pq Vt int 3943Set to a bit-mask 3944representing the entropy sources 3945you wish to harvest. 3946Refer to 3947.Xr random 4 3948for more information. 3949.It Va entropy_dir 3950.Pq Vt str 3951Set to 3952.Dq Li NO 3953to disable caching entropy via 3954.Xr cron 8 . 3955Otherwise set to the directory 3956in which the entropy files are stored. 3957To be useful, 3958there must be 3959a system cron job 3960that regularly writes and rotates 3961files here. 3962All files found 3963will be used at boot time. 3964The default is 3965.Pa /var/db/entropy . 3966.It Va entropy_file 3967.Pq Vt str 3968Set to 3969.Dq Li NO 3970to disable caching entropy through reboots. 3971Otherwise set to the name 3972of a file used to store cached entropy. 3973This file should be located 3974on a file system that is readable 3975before all the volumes specified in 3976.Xr fstab 5 3977are mounted. 3978By default, 3979.Pa /entropy 3980is used, 3981but if 3982.Pa /var/db/entropy-file 3983is found it will also be used. 3984This will be of some use to 3985.Xr bsdinstall 8 . 3986.It Va entropy_boot_file 3987.Pq Vt str 3988Set to 3989.Dq Li NO 3990to disable 3991very early caching entropy 3992through reboots. 3993Otherwise set to the filename 3994used to read 3995very early reboot cached entropy. 3996This file should be located where 3997.Xr loader 8 3998can read it. 3999See also 4000.Xr loader.conf 5 . 4001The default location is 4002.Pa /boot/entropy . 4003.It Va entropy_save_sz 4004.Pq Vt int 4005Size of the entropy cache files saved by 4006.Nm save-entropy 4007periodically. 4008.It Va entropy_save_num 4009.Pq Vt int 4010Number of entropy cache files to save by 4011.Nm save-entropy 4012periodically. 4013.It Va ipsec_enable 4014.Pq Vt bool 4015Set to 4016.Dq Li YES 4017to run 4018.Xr setkey 8 4019on 4020.Va ipsec_file 4021at boot time. 4022.It Va ipsec_file 4023.Pq Vt str 4024Configuration file for 4025.Xr setkey 8 . 4026.It Va dmesg_enable 4027.Pq Vt bool 4028Set to 4029.Dq Li YES 4030to save 4031.Xr dmesg 8 4032to 4033.Pa /var/run/dmesg.boot 4034on boot. 4035.It Va rcshutdown_timeout 4036.Pq Vt int 4037If set, start a watchdog timer in the background which will terminate 4038.Pa rc.shutdown 4039if 4040.Xr shutdown 8 4041has not completed within the specified time (in seconds). 4042Notice that in addition to this soft timeout, 4043.Xr init 8 4044also applies a hard timeout for the execution of 4045.Pa rc.shutdown . 4046This is configured via 4047.Xr sysctl 8 4048variable 4049.Va kern.init_shutdown_timeout 4050and defaults to 120 seconds. 4051Setting the value of 4052.Va rcshutdown_timeout 4053to more than 120 seconds will have no effect until the 4054.Xr sysctl 8 4055variable 4056.Va kern.init_shutdown_timeout 4057is also increased. 4058.It Va virecover_enable 4059.Pq Vt bool 4060Set to 4061.Dq Li NO 4062to prevent the system from trying to 4063recover pre-maturely terminated 4064.Xr vi 1 4065sessions. 4066.It Va ugidfw_enable 4067.Pq Vt bool 4068Set to 4069.Dq Li YES 4070to load the 4071.Xr mac_bsdextended 4 4072module upon system initialization and load a default 4073ruleset file. 4074.It Va bsdextended_script 4075.Pq Vt str 4076The default 4077.Xr mac_bsdextended 4 4078ruleset file to load. 4079The default value of this variable is 4080.Pa /etc/rc.bsdextended . 4081.It Va newsyslog_enable 4082.Pq Vt bool 4083If set to 4084.Dq Li YES , 4085run 4086.Xr newsyslog 8 4087command at startup. 4088.It Va newsyslog_flags 4089.Pq Vt str 4090If 4091.Va newsyslog_enable 4092is set to 4093.Dq Li YES , 4094these are the flags to pass to the 4095.Xr newsyslog 8 4096program. 4097The default is 4098.Dq Li -CN , 4099which causes log files flagged with a 4100.Cm C 4101to be created. 4102.It Va mdconfig_md Ns Aq Ar X 4103.Pq Vt str 4104Arguments to 4105.Xr mdconfig 8 4106for 4107.Xr md 4 4108device 4109.Ar X . 4110At minimum a 4111.Fl t Ar type 4112must be specified and either a 4113.Fl s Ar size 4114for malloc or swap backed 4115.Xr md 4 4116devices or a 4117.Fl f Ar file 4118for vnode backed 4119.Xr md 4 4120devices. 4121Note that 4122.Va mdconfig_md Ns Aq Ar X 4123variables are evaluated until one variable is unset or null. 4124.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4125.Pq Vt str 4126Optional arguments passed to 4127.Xr newfs 8 4128to initialize 4129.Xr md 4 4130device 4131.Ar X . 4132.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4133.Pq Vt str 4134An ownership specification passed to 4135.Xr chown 8 4136after the specified 4137.Xr md 4 4138device 4139.Ar X 4140has been mounted. 4141Both the 4142.Xr md 4 4143device and the mount point will be changed. 4144.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4145.Pq Vt str 4146A mode string passed to 4147.Xr chmod 1 4148after the specified 4149.Xr md 4 4150device 4151.Ar X 4152has been mounted. 4153Both the 4154.Xr md 4 4155device and the mount point will be changed. 4156.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4157.Pq Vt str 4158Files to be copied to the mount point of the 4159.Xr md 4 4160device 4161.Ar X 4162after it has been mounted. 4163.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4164.Pq Vt str 4165Command to execute after the specified 4166.Xr md 4 4167device 4168.Ar X 4169has been mounted. 4170Note that the command is passed to 4171.Ic eval 4172and that both 4173.Va _dev 4174and 4175.Va _mp 4176variables can be used to reference respectively the 4177.Xr md 4 4178device and the mount point. 4179Assuming that the 4180.Xr md 4 4181device is 4182.Li md0 , 4183one could set the following: 4184.Bd -literal 4185mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4186.Ed 4187.It Va autobridge_interfaces 4188.Pq Vt str 4189Set to the list of bridge interfaces that will have newly arriving interfaces 4190checked against to be automatically added. 4191If not set to 4192.Dq Li NO 4193then for each whitespace separated 4194.Ar element 4195in the value, a 4196.Va autobridge_ Ns Aq Ar element 4197variable is assumed to exist which has a whitespace separated list of interface 4198names to match, these names can use wildcards. 4199For example: 4200.Bd -literal 4201autobridge_interfaces="bridge0" 4202autobridge_bridge0="tap* dc0 vlan[345]" 4203.Ed 4204.It Va mixer_enable 4205.Pq Vt bool 4206If set to 4207.Dq Li YES , 4208enable support for sound mixer. 4209.It Va hcsecd_enable 4210.Pq Vt bool 4211If set to 4212.Dq Li YES , 4213enable Bluetooth security daemon. 4214.It Va hcsecd_config 4215.Pq Vt str 4216Configuration file for 4217.Xr hcsecd 8 . 4218Default 4219.Pa /etc/bluetooth/hcsecd.conf . 4220.It Va sdpd_enable 4221.Pq Vt bool 4222If set to 4223.Dq Li YES , 4224enable Bluetooth Service Discovery Protocol daemon. 4225.It Va sdpd_control 4226.Pq Vt str 4227Path to 4228.Xr sdpd 8 4229control socket. 4230Default 4231.Pa /var/run/sdp . 4232.It Va sdpd_groupname 4233.Pq Vt str 4234Sets 4235.Xr sdpd 8 4236group to run as after it initializes. 4237Default 4238.Dq Li nobody . 4239.It Va sdpd_username 4240.Pq Vt str 4241Sets 4242.Xr sdpd 8 4243user to run as after it initializes. 4244Default 4245.Dq Li nobody . 4246.It Va bthidd_enable 4247.Pq Vt bool 4248If set to 4249.Dq Li YES , 4250enable Bluetooth Human Interface Device daemon. 4251.It Va bthidd_config 4252.Pq Vt str 4253Configuration file for 4254.Xr bthidd 8 . 4255Default 4256.Pa /etc/bluetooth/bthidd.conf . 4257.It Va bthidd_hids 4258.Pq Vt str 4259Path to a file, where 4260.Xr bthidd 8 4261will store information about known HID devices. 4262Default 4263.Pa /var/db/bthidd.hids . 4264.It Va rfcomm_pppd_server_enable 4265.Pq Vt bool 4266If set to 4267.Dq Li YES , 4268enable Bluetooth RFCOMM PPP wrapper daemon. 4269.It Va rfcomm_pppd_server_profile 4270.Pq Vt str 4271The name of the profile to use from 4272.Pa /etc/ppp/ppp.conf . 4273Multiple profiles can be specified here. 4274Also used to specify per-profile overrides. 4275When the profile name contains any of the characters 4276.Dq Li .-/+ 4277they are translated to 4278.Dq Li _ 4279for the proposes of the override variable names. 4280.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4281.Pq Vt str 4282Overrides local address to listen on. 4283By default 4284.Xr rfcomm_pppd 8 4285will listen on 4286.Dq Li ANY 4287address. 4288The address can be specified as BD_ADDR or name. 4289.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4290.Pq Vt str 4291Overrides local RFCOMM channel to listen on. 4292By default 4293.Xr rfcomm_pppd 8 4294will listen on RFCOMM channel 1. 4295Must set properly if multiple profiles used in the same time. 4296.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4297.Pq Vt bool 4298Tells 4299.Xr rfcomm_pppd 8 4300if it should register Serial Port service on the specified RFCOMM channel. 4301Default 4302.Dq Li NO . 4303.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4304.Pq Vt bool 4305Tells 4306.Xr rfcomm_pppd 8 4307if it should register Dial-Up Networking service on the specified 4308RFCOMM channel. 4309Default 4310.Dq Li NO . 4311.It Va ubthidhci_enable 4312.Pq Vt bool 4313If set to 4314.Dq Li YES , 4315change the USB Bluetooth controller from HID mode to HCI mode. 4316You also need to specify the location of USB Bluetooth controller with the 4317.Va ubthidhci_busnum 4318and 4319.Va ubthidhci_addr 4320variables. 4321.It Va ubthidhci_busnum 4322Bus number where the USB Bluetooth controller is located. 4323Check the output of 4324.Xr usbconfig 8 4325on your system to find this information. 4326.It Va ubthidhci_addr 4327Bus address of the USB Bluetooth controller. 4328Check the output of 4329.Xr usbconfig 8 4330on your system to find this information. 4331.It Va netwait_enable 4332.Pq Vt bool 4333If set to 4334.Dq Li YES , 4335delays the start of network-reliant services until 4336.Va netwait_if 4337is up and ICMP packets to a destination defined in 4338.Va netwait_ip 4339are flowing. 4340Link state is examined first, followed by 4341.Dq Li pinging 4342an IP address to verify network usability. 4343If no destination can be reached or timeouts are exceeded, 4344network services are started anyway with no guarantee that 4345the network is usable. 4346Use of this variable requires both 4347.Va netwait_ip 4348and 4349.Va netwait_if 4350to be set. 4351.It Va netwait_ip 4352.Pq Vt str 4353Empty by default. 4354This variable contains a space-delimited list of IP addresses to 4355.Xr ping 8 . 4356DNS hostnames should not be used as resolution is not guaranteed 4357to be functional at this point. 4358If multiple IP addresses are specified, 4359each will be tried until one is successful or the list is exhausted. 4360.It Va netwait_timeout 4361.Pq Vt int 4362Indicates the total number of seconds to perform a 4363.Dq Li ping 4364against each IP address in 4365.Va netwait_ip , 4366at a rate of one ping per second. 4367If any of the pings are successful, 4368full network connectivity is considered reliable. 4369The default is 60. 4370.It Va netwait_if 4371.Pq Vt str 4372Empty by default. 4373Defines the name of the network interface on which watch for link. 4374.Xr ifconfig 8 4375is used to monitor the interface, looking for 4376.Dq Li status: no carrier . 4377Once gone, the link is considered up. 4378This can be a 4379.Xr vlan 4 4380interface if desired. 4381.It Va netwait_if_timeout 4382.Pq Vt int 4383Defines the total number of seconds to wait for link to become usable, 4384polled at a 1-second interval. 4385The default is 30. 4386.It Va rctl_enable 4387.Pq Vt bool 4388If set to 4389.Dq Li YES , 4390load 4391.Xr rctl 8 4392rules from the defined ruleset. 4393The kernel must be built with 4394.Cd "options RACCT" 4395and 4396.Cd "options RCTL" . 4397.It Va rctl_rules 4398.Pq Vt str 4399Set to 4400.Pa /etc/rctl.conf 4401by default. 4402This variables contains the 4403.Xr rctl.conf 5 4404ruleset to load for 4405.Xr rctl 8 . 4406.It Va iovctl_files 4407.Pq Vt str 4408A space-separated list of configuration files used by 4409.Xr iovctl 8 . 4410The default value is an empty string. 4411.It Va autofs_enable 4412.Pq Vt bool 4413If set to 4414.Dq Li YES , 4415start the 4416.Xr automount 8 4417utility and the 4418.Xr automountd 8 4419and 4420.Xr autounmountd 8 4421daemons at boot time. 4422.It Va automount_flags 4423.Pq Vt str 4424If 4425.Va autofs_enable 4426is set to 4427.Dq Li YES , 4428these are the flags to pass to the 4429.Xr automount 8 4430program. 4431By default no flags are passed. 4432.It Va automountd_flags 4433.Pq Vt str 4434If 4435.Va autofs_enable 4436is set to 4437.Dq Li YES , 4438these are the flags to pass to the 4439.Xr automountd 8 4440daemon. 4441By default no flags are passed. 4442.It Va autounmountd_flags 4443.Pq Vt str 4444If 4445.Va autofs_enable 4446is set to 4447.Dq Li YES , 4448these are the flags to pass to the 4449.Xr autounmountd 8 4450daemon. 4451By default no flags are passed. 4452.It Va ctld_enable 4453.Pq Vt bool 4454If set to 4455.Dq Li YES , 4456start the 4457.Xr ctld 8 4458daemon at boot time. 4459.It Va iscsid_enable 4460.Pq Vt bool 4461If set to 4462.Dq Li YES , 4463start the 4464.Xr iscsid 8 4465daemon at boot time. 4466.It Va iscsictl_enable 4467.Pq Vt bool 4468If set to 4469.Dq Li YES , 4470start the 4471.Xr iscsictl 8 4472utility at boot time. 4473.It Va iscsictl_flags 4474.Pq Vt str 4475If 4476.Va iscsictl_enable 4477is set to 4478.Dq Li YES , 4479these are the flags to pass to the 4480.Xr iscsictl 8 4481program. 4482The default is 4483.Dq Li -Aa , 4484which configures sessions based on the 4485.Pa /etc/iscsi.conf 4486configuration file. 4487.It Va cfumass_enable 4488.Pq Vt bool 4489If set to 4490.Dq Li YES , 4491create and export an USB LUN using 4492.Xr cfumass 4 4493at boot time. 4494.It Va cfumass_dir 4495.Pq Vt str 4496The directory where the files exported by USB LUN are located. 4497The default directory is 4498.Pa /var/cfumass . 4499.It Va service_delete_empty 4500.Pq Vt bool 4501If set to 4502.Dq Li YES , 4503.Ql Li service delete 4504removes empty 4505.Dq Li rc.conf.d 4506files. 4507.El 4508.Sh FILES 4509.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4510.It Pa /etc/defaults/rc.conf 4511.It Pa /etc/rc.conf 4512.It Pa /etc/rc.conf.local 4513.El 4514.Sh SEE ALSO 4515.Xr chmod 1 , 4516.Xr gdb 1 , 4517.Xr info 1 , 4518.Xr kbdcontrol 1 , 4519.Xr makewhatis 1 , 4520.Xr sh 1 , 4521.Xr vi 1 , 4522.Xr vidcontrol 1 , 4523.Xr bridge 4 , 4524.Xr dummynet 4 , 4525.Xr ip 4 , 4526.Xr ipf 4 , 4527.Xr ipfw 4 , 4528.Xr ipnat 4 , 4529.Xr kld 4 , 4530.Xr pf 4 , 4531.Xr pflog 4 , 4532.Xr pfsync 4 , 4533.Xr tcp 4 , 4534.Xr udp 4 , 4535.Xr exports 5 , 4536.Xr fstab 5 , 4537.Xr ipf 5 , 4538.Xr ipnat 5 , 4539.Xr jail.conf 5 , 4540.Xr loader.conf 5 , 4541.Xr motd 5 , 4542.Xr newsyslog.conf 5 , 4543.Xr pf.conf 5 , 4544.Xr security 7 , 4545.Xr accton 8 , 4546.Xr amd 8 , 4547.Xr apm 8 , 4548.Xr bsdinstall 8 , 4549.Xr bthidd 8 , 4550.Xr chkprintcap 8 , 4551.Xr chown 8 , 4552.Xr cron 8 , 4553.Xr devfs 8 , 4554.Xr dhclient 8 , 4555.Xr ftpd 8 , 4556.Xr geli 8 , 4557.Xr hcsecd 8 , 4558.Xr ifconfig 8 , 4559.Xr inetd 8 , 4560.Xr iovctl 8 , 4561.Xr ipf 8 , 4562.Xr ipfw 8 , 4563.Xr ipnat 8 , 4564.Xr jail 8 , 4565.Xr kldxref 8 , 4566.Xr loader 8 , 4567.Xr lpd 8 , 4568.Xr mdconfig 8 , 4569.Xr mdmfs 8 , 4570.Xr mixer 8 , 4571.Xr mountd 8 , 4572.Xr moused 8 , 4573.Xr newfs 8 , 4574.Xr newsyslog 8 , 4575.Xr nfsd 8 , 4576.Xr ntpd 8 , 4577.Xr ntpdate 8 , 4578.Xr pfctl 8 , 4579.Xr pflogd 8 , 4580.Xr ping 8 , 4581.Xr powerd 8 , 4582.Xr quotacheck 8 , 4583.Xr quotaon 8 , 4584.Xr rc 8 , 4585.Xr rc.sendmail 8 , 4586.Xr rfcomm_pppd 8 , 4587.Xr route 8 , 4588.Xr routed 8 , 4589.Xr rpc.lockd 8 , 4590.Xr rpc.statd 8 , 4591.Xr rpcbind 8 , 4592.Xr rwhod 8 , 4593.Xr savecore 8 , 4594.Xr sdpd 8 , 4595.Xr service 8 , 4596.Xr sshd 8 , 4597.Xr swapon 8 , 4598.Xr sysctl 8 , 4599.Xr syslogd 8 , 4600.Xr sysrc 8 , 4601.Xr timed 8 , 4602.Xr unbound 8 , 4603.Xr usbconfig 8 , 4604.Xr wlandebug 8 , 4605.Xr yp 8 , 4606.Xr ypbind 8 , 4607.Xr ypserv 8 , 4608.Xr ypset 8 4609.Sh HISTORY 4610The 4611.Nm 4612file appeared in 4613.Fx 2.2.2 . 4614.Sh AUTHORS 4615.An Jordan K. Hubbard . 4616