1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd January 27, 2008 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va kldxref_enable 168.Pq Vt bool 169Set to 170.Dq Li NO 171by default. 172Set to 173.Dq Li YES 174to automatically rebuild 175.Pa linker.hints 176files with 177.Xr kldxref 8 178at boot time. 179.It Va kldxref_clobber 180.Pq Vt bool 181Set to 182.Dq Li NO 183by default. 184If 185.Va kldxref_enable 186is true, 187setting to 188.Dq Li YES 189will overwrite existing 190.Pa linker.hints 191files at boot time. 192Otherwise, 193only missing 194.Pa linker.hints 195files are generated. 196.It Va kldxref_module_path 197.Pq Vt str 198Empty by default. 199A semi-colon 200.Pq Ql \&; 201delimited list of paths containing 202.Xr kld 4 203modules. 204If empty, 205the contents of the 206.Va kern.module_path 207.Xr sysctl 8 208are used. 209.It Va powerd_enable 210.Pq Vt bool 211If set to 212.Dq Li YES , 213enable the system power control facility with the 214.Xr powerd 8 215daemon. 216.It Va powerd_flags 217.Pq Vt str 218If 219.Va powerd_enable 220is set to 221.Dq Li YES , 222these are the flags to pass to the 223.Xr powerd 8 224daemon. 225.It Va tmpmfs 226Controls the creation of a 227.Pa /tmp 228memory file system. 229Always happens if set to 230.Dq Li YES 231and never happens if set to 232.Dq Li NO . 233If set to anything else, a memory file system is created if 234.Pa /tmp 235is not writable. 236.It Va tmpsize 237Controls the size of a created 238.Pa /tmp 239memory file system. 240.It Va tmpmfs_flags 241Extra options passed to the 242.Xr mdmfs 8 243utility when the memory file system for 244.Pa /tmp 245is created. 246The default is 247.Dq Li "-S" , 248which inhibits the use of softupdates on 249.Pa /tmp 250so that file system space is freed without delay 251after file truncation or deletion. 252See 253.Xr mdmfs 8 254for other options you can use in 255.Va tmpmfs_flags . 256.It Va varmfs 257Controls the creation of a 258.Pa /var 259memory file system. 260Always happens if set to 261.Dq Li YES 262and never happens if set to 263.Dq Li NO . 264If set to anything else, a memory file system is created if 265.Pa /var 266is not writable. 267.It Va varsize 268Controls the size of a created 269.Pa /var 270memory file system. 271.It Va varmfs_flags 272Extra options passed to the 273.Xr mdmfs 8 274utility when the memory file system for 275.Pa /var 276is created. 277The default is 278.Dq Li "-S" , 279which inhibits the use of softupdates on 280.Pa /var 281so that file system space is freed without delay 282after file truncation or deletion. 283See 284.Xr mdmfs 8 285for other options you can use in 286.Va varmfs_flags . 287.It Va populate_var 288Controls the automatic population of the 289.Pa /var 290file system. 291Always happens if set to 292.Dq Li YES 293and never happens if set to 294.Dq Li NO . 295If set to anything else, a memory file system is created if 296.Pa /var 297is not writable. 298Note that this process requires access to certain commands in 299.Pa /usr 300before 301.Pa /usr 302is mounted on normal systems. 303.It Va cleanvar_enable 304.Pq Vt bool 305Clean the 306.Pa /var 307directory. 308.It Va local_startup 309.Pq Vt str 310List of directories to search for startup script files. 311.It Va script_name_sep 312.Pq Vt str 313The field separator to use for breaking down the list of startup script files 314into individual filenames. 315The default is a space. 316It is not necessary to change this unless there are startup scripts with names 317containing spaces. 318.It Va hostapd_enable 319.Pq Vt bool 320Set to 321.Dq Li YES 322to start 323.Xr hostapd 8 324at system boot time. 325.It Va hostname 326.Pq Vt str 327The fully qualified domain name (FQDN) of this host on the network. 328This should almost certainly be set to something meaningful, even if 329there is no network connection. 330If 331.Xr dhclient 8 332is used to set the hostname via DHCP, 333this variable should be set to an empty string. 334.It Va ipv6_enable 335.Pq Vt bool 336Enable support for IPv6 networking. 337Note that this requires that the kernel has been compiled with 338.Cd "options INET6" . 339.It Va nisdomainname 340.Pq Vt str 341The NIS domain name of this host, or 342.Dq Li NO 343if NIS is not used. 344.It Va dhclient_program 345.Pq Vt str 346Path to the DHCP client program 347.Pa ( /sbin/dhclient , 348the 349.Ox 350DHCP client, 351is the default). 352.It Va dhclient_flags 353.Pq Vt str 354Additional flags to pass to the DHCP client program. 355For the 356.Ox 357DHCP client, see the 358.Xr dhclient 8 359manpage for a description of the command line options available. 360.It Va dhclient_flags_ Ns Aq Ar iface 361Additional flags to pass to the DHCP client program running on 362.Ar iface 363only. 364When specified, this variable overrides 365.Va dhclient_flags . 366.It Va background_dhclient 367.Pq Vt bool 368Set to 369.Dq Li YES 370to start the DHCP client in background. 371This can cause trouble with applications depending on 372a working network, but it will provide a faster startup 373in many cases. 374.It Va background_dhclient_ Ns Aq Ar iface 375When specified, this variable overrides the 376.Va background_dhclient 377variable for interface 378.Ar iface 379only. 380.It Va synchronous_dhclient 381.Pq Bt bool 382Set to 383.Dq Li NO 384to start 385.Xr dhclient 8 386only in response to interface events and not synchronously at startup. 387This behavior can be overridden on a per-interface basis by replacing 388the 389.Dq Li DHCP 390keyword in the 391.Va ifconfig_ Ns Aq Ar interface 392variable with 393.Dq Li SYNCDHCP 394or 395.Dq Li NOSYNCDHCP . 396.It Va firewall_enable 397.Pq Vt bool 398Set to 399.Dq Li YES 400to load firewall rules at startup. 401If the kernel was not built with 402.Cd "options IPFIREWALL" , 403the 404.Pa ipfw.ko 405kernel module will be loaded. 406See also 407.Va ipfilter_enable . 408.It Va ipv6_firewall_enable 409.Pq Vt bool 410The IPv6 equivalent of 411.Va firewall_enable . 412Set to 413.Dq Li YES 414to load IPv6 firewall rules at startup. 415If the kernel was not built with 416.Cd "options IPV6FIREWALL" , 417the 418.Pa ipfw.ko 419kernel module will be loaded. 420.It Va firewall_script 421.Pq Vt str 422This variable specifies the full path to the firewall script to run. 423The default is 424.Pa /etc/rc.firewall . 425.It Va ipv6_firewall_script 426.Pq Vt str 427The IPv6 equivalent of 428.Va firewall_script . 429.It Va firewall_type 430.Pq Vt str 431Names the firewall type from the selection in 432.Pa /etc/rc.firewall , 433or the file which contains the local firewall ruleset. 434Valid selections from 435.Pa /etc/rc.firewall 436are: 437.Pp 438.Bl -tag -width ".Li simple" -compact 439.It Li open 440unrestricted IP access 441.It Li closed 442all IP services disabled, except via 443.Dq Li lo0 444.It Li client 445basic protection for a workstation 446.It Li simple 447basic protection for a LAN. 448.El 449.Pp 450If a filename is specified, the full path 451must be given. 452.It Va ipv6_firewall_type 453.Pq Vt str 454The IPv6 equivalent of 455.Va firewall_type . 456.It Va firewall_quiet 457.Pq Vt bool 458Set to 459.Dq Li YES 460to disable the display of firewall rules on the console during boot. 461.It Va ipv6_firewall_quiet 462.Pq Vt bool 463The IPv6 equivalent of 464.Va firewall_quiet . 465.It Va firewall_logging 466.Pq Vt bool 467Set to 468.Dq Li YES 469to enable firewall event logging. 470This is equivalent to the 471.Dv IPFIREWALL_VERBOSE 472kernel option. 473.It Va ipv6_firewall_logging 474.Pq Vt bool 475The IPv6 equivalent of 476.Va firewall_logging . 477.It Va firewall_flags 478.Pq Vt str 479Flags passed to 480.Xr ipfw 8 481if 482.Va firewall_type 483specifies a filename. 484.It Va ipv6_firewall_flags 485.Pq Vt str 486The IPv6 equivalent of 487.Va firewall_flags . 488.\" ----- firewall_nat_enable setting -------------------------------- 489.It Va firewall_nat_enable 490.Pq Vt bool 491The 492.Xr ipfw 8 493equivalent of 494.Va natd_enable . 495Setting this to 496.Dq Li YES 497enables kernel NAT. 498.Va firewall_enable 499must also be set to 500.Dq Li YES . 501.It Va firewall_nat_interface 502.Pq Vt str 503The 504.Xr ipfw 8 505equivalent of 506.Va natd_interface . 507This is the name of the public interface or IP address on which 508kernel NAT should run. 509.It Va firewall_nat_flags 510.Pq Vt str 511Additional configuration parameters for kernel NAT should be placed here. 512.It Va dummynet_enable 513.Pq Vt bool 514Setting this to 515.Dq Li YES 516will automatically load the 517.Xr dummynet 4 518module if 519.Va firewall_enable 520is also set to 521.Dq Li YES . 522.\" ------------------------------------------------------------------- 523.It Va natd_program 524.Pq Vt str 525Path to 526.Xr natd 8 . 527.It Va natd_enable 528.Pq Vt bool 529Set to 530.Dq Li YES 531to enable 532.Xr natd 8 . 533.Va firewall_enable 534must also be set to 535.Dq Li YES , 536and 537.Xr divert 4 538sockets must be enabled in the kernel. 539If the kernel was not built with 540.Cd "options IPDIVERT" , 541the 542.Pa ipdivert.ko 543kernel module will be loaded. 544.It Va natd_interface 545.Pq Vt str 546This is the name of the public interface on which 547.Xr natd 8 548should run. 549The interface may be given as an interface name or as an IP address. 550.It Va natd_flags 551.Pq Vt str 552Additional 553.Xr natd 8 554flags should be placed here. 555The 556.Fl n 557or 558.Fl a 559flag is automatically added with the above 560.Va natd_interface 561as an argument. 562.\" ----- ipfilter_enable setting -------------------------------- 563.It Va ipfilter_enable 564.Pq Vt bool 565Set to 566.Dq Li NO 567by default. 568Setting this to 569.Dq Li YES 570enables 571.Xr ipf 8 572packet filtering. 573.Pp 574Typical usage will require putting 575.Bd -literal 576ipfilter_enable="YES" 577ipnat_enable="YES" 578ipmon_enable="YES" 579ipfs_enable="YES" 580.Ed 581.Pp 582into 583.Pa /etc/rc.conf 584and editing 585.Pa /etc/ipf.rules 586and 587.Pa /etc/ipnat.rules 588appropriately. 589.Pp 590Note that 591.Va ipfilter_enable 592and 593.Va ipnat_enable 594can be enabled independently. 595.Va ipmon_enable 596and 597.Va ipfs_enable 598both require at least one of 599.Va ipfilter_enable 600and 601.Va ipnat_enable 602to be enabled. 603.Pp 604Having 605.Bd -literal 606options IPFILTER 607options IPFILTER_LOG 608options IPFILTER_DEFAULT_BLOCK 609.Ed 610.Pp 611in the kernel configuration file is a good idea, too. 612.\" ----- ipfilter_program setting ------------------------------ 613.It Va ipfilter_program 614.Pq Vt str 615Path to 616.Xr ipf 8 617(default 618.Pa /sbin/ipf ) . 619.\" ----- ipfilter_rules setting -------------------------------- 620.It Va ipfilter_rules 621.Pq Vt str 622Set to 623.Pa /etc/ipf.rules 624by default. 625This variable contains the name of the filter rule definition file. 626The file is expected to be readable for the 627.Xr ipf 8 628command to execute. 629.\" ----- ipv6_ipfilter_rules setting --------------------------- 630.It Va ipv6_ipfilter_rules 631.Pq Vt str 632Set to 633.Pa /etc/ipf6.rules 634by default. 635This variable contains the IPv6 filter rule definition file. 636The file is expected to be readable for the 637.Xr ipf 8 638command to execute. 639.\" ----- ipfilter_flags setting -------------------------------- 640.It Va ipfilter_flags 641.Pq Vt str 642Empty by default. 643This variable contains flags passed to the 644.Xr ipf 8 645program. 646.\" ----- ipnat_enable setting ---------------------------------- 647.It Va ipnat_enable 648.Pq Vt bool 649Set to 650.Dq Li NO 651by default. 652Set it to 653.Dq Li YES 654to enable 655.Xr ipnat 8 656network address translation. 657See 658.Va ipfilter_enable 659for a detailed discussion. 660.\" ----- ipnat_program setting --------------------------------- 661.It Va ipnat_program 662.Pq Vt str 663Path to 664.Xr ipnat 8 665(default 666.Pa /sbin/ipnat ) . 667.\" ----- ipnat_rules setting ----------------------------------- 668.It Va ipnat_rules 669.Pq Vt str 670Set to 671.Pa /etc/ipnat.rules 672by default. 673This variable contains the name of the file 674holding the network address translation definition. 675This file is expected to be readable for the 676.Xr ipnat 8 677command to execute. 678.\" ----- ipnat_flags setting ----------------------------------- 679.It Va ipnat_flags 680.Pq Vt str 681Empty by default. 682This variable contains flags passed to the 683.Xr ipnat 8 684program. 685.\" ----- ipmon_enable setting ---------------------------------- 686.It Va ipmon_enable 687.Pq Vt bool 688Set to 689.Dq Li NO 690by default. 691Set it to 692.Dq Li YES 693to enable 694.Xr ipmon 8 695monitoring (logging 696.Xr ipf 8 697and 698.Xr ipnat 8 699events). 700Setting this variable needs setting 701.Va ipfilter_enable 702or 703.Va ipnat_enable 704too. 705See 706.Va ipfilter_enable 707for a detailed discussion. 708.\" ----- ipmon_program setting --------------------------------- 709.It Va ipmon_program 710.Pq Vt str 711Path to 712.Xr ipmon 8 713(default 714.Pa /sbin/ipmon ) . 715.\" ----- ipmon_flags setting ----------------------------------- 716.It Va ipmon_flags 717.Pq Vt str 718Set to 719.Dq Li -Ds 720by default. 721This variable contains flags passed to the 722.Xr ipmon 8 723program. 724Another typical example would be 725.Dq Fl D Pa /var/log/ipflog 726to have 727.Xr ipmon 8 728log directly to a file bypassing 729.Xr syslogd 8 . 730Make sure to adjust 731.Pa /etc/newsyslog.conf 732in such case like this: 733.Bd -literal 734/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 735.Ed 736.\" ----- ipfs_enable setting ----------------------------------- 737.It Va ipfs_enable 738.Pq Vt bool 739Set to 740.Dq Li NO 741by default. 742Set it to 743.Dq Li YES 744to enable 745.Xr ipfs 8 746saving the filter and NAT state tables during shutdown 747and reloading them during startup again. 748Setting this variable needs setting 749.Va ipfilter_enable 750or 751.Va ipnat_enable 752to 753.Dq Li YES 754too. 755See 756.Va ipfilter_enable 757for a detailed discussion. 758Note that if 759.Va kern_securelevel 760is set to 3, 761.Va ipfs_enable 762cannot be used 763because the raised securelevel will prevent 764.Xr ipfs 8 765from saving the state tables at shutdown time. 766.\" ----- ipfs_program setting ---------------------------------- 767.It Va ipfs_program 768.Pq Vt str 769Path to 770.Xr ipfs 8 771(default 772.Pa /sbin/ipfs ) . 773.\" ----- ipfs_flags setting ------------------------------------ 774.It Va ipfs_flags 775.Pq Vt str 776Empty by default. 777This variable contains flags passed to the 778.Xr ipfs 8 779program. 780.\" ----- end of added ipf hook --------------------------------- 781.It Va pf_enable 782.Pq Vt bool 783Set to 784.Dq Li NO 785by default. 786Setting this to 787.Dq Li YES 788enables 789.Xr pf 4 790packet filtering. 791.Pp 792Typical usage will require putting 793.Pp 794.Dl pf_enable="YES" 795.Pp 796into 797.Pa /etc/rc.conf 798and editing 799.Pa /etc/pf.conf 800appropriately. 801Adding 802.Pp 803.Dl "device pf" 804.Pp 805builds support for 806.Xr pf 4 807into the kernel, otherwise the 808kernel module will be loaded. 809.It Va pf_rules 810.Pq Vt str 811Path to 812.Xr pf 4 813ruleset configuration file 814(default 815.Pa /etc/pf.conf ) . 816.It Va pf_program 817.Pq Vt str 818Path to 819.Xr pfctl 8 820(default 821.Pa /sbin/pfctl ) . 822.It Va pf_flags 823.Pq Vt str 824If 825.Va pf_enable 826is set to 827.Dq Li YES , 828these flags are passed to the 829.Xr pfctl 8 830program when loading the ruleset. 831.It Va pflog_enable 832.Pq Vt bool 833Set to 834.Dq Li NO 835by default. 836Setting this to 837.Dq Li YES 838enables 839.Xr pflogd 8 840which logs packets from the 841.Xr pf 4 842packet filter. 843.It Va pflog_logfile 844.Pq Vt str 845If 846.Va pflog_enable 847is set to 848.Dq Li YES 849this controls where 850.Xr pflogd 8 851stores the logfile 852(default 853.Pa /var/log/pflog ) . 854Check 855.Pa /etc/newsyslog.conf 856to adjust logfile rotation for this. 857.It Va pflog_program 858.Pq Vt str 859Path to 860.Xr pflogd 8 861(default 862.Pa /sbin/pflogd ) . 863.It Va pflog_flags 864.Pq Vt str 865Empty by default. 866This variable contains additional flags passed to the 867.Xr pflogd 8 868program. 869.It Va ftpproxy_enable 870.Pq Vt bool 871Set to 872.Dq Li NO 873by default. 874Setting this to 875.Dq Li YES 876enables 877.Xr ftp-proxy 8 878which supports the 879.Xr pf 4 880packet filter in translating ftp connections. 881.It Va ftpproxy_flags 882.Pq Vt str 883Empty by default. 884This variable contains additional flags passed to the 885.Xr ftp-proxy 8 886program. 887.It Va pfsync_enable 888.Pq Vt bool 889Set to 890.Dq Li NO 891by default. 892Setting this to 893.Dq Li YES 894enables exposing 895.Xr pf 4 896state changes to other hosts over the network by means of 897.Xr pfsync 4 . 898The 899.Va pfsync_syncdev 900variable 901must also be set then. 902.It Va pfsync_syncdev 903.Pq Vt str 904Empty by default. 905This variable specifies the name of the network interface 906.Xr pfsync 4 907should operate through. 908It must be set accordingly if 909.Va pfsync_enable 910is set to 911.Dq Li YES . 912.It Va pfsync_syncpeer 913.Pq Vt str 914Empty by default. 915This variable is optional. 916By default, state change messages are sent out on the synchronisation 917interface using IP multicast packets. 918The protocol is IP protocol 240, PFSYNC, and the multicast group used is 919224.0.0.240. 920When a peer address is specified using the 921.Va pfsync_syncpeer 922option, the peer address is used as a destination for the pfsync 923traffic, and the traffic can then be protected using 924.Xr ipsec 4 . 925See the 926.Xr pfsync 4 927manpage for more details about using 928.Xr ipsec 4 929with 930.Xr pfsync 4 931interfaces. 932.It Va pfsync_ifconfig 933.Pq Vt str 934Empty by default. 935This variable can contain additional options to be passed to the 936.Xr ifconfig 8 937command used to set up 938.Xr pfsync 4 . 939.It Va tcp_extensions 940.Pq Vt bool 941Set to 942.Dq Li YES 943by default. 944Setting this to 945.Dq Li NO 946disables certain TCP options as described by 947.Rs 948.%T "RFC 1323" 949.Re 950Setting this to 951.Dq Li NO 952might help remedy such problems with connections as randomly hanging 953or other weird behavior. 954Some network devices are known 955to be broken with respect to these options. 956.It Va log_in_vain 957.Pq Vt int 958Set to 0 by default. 959The 960.Xr sysctl 8 961variables, 962.Va net.inet.tcp.log_in_vain 963and 964.Va net.inet.udp.log_in_vain , 965as described in 966.Xr tcp 4 967and 968.Xr udp 4 , 969are set to the given value. 970.It Va tcp_keepalive 971.Pq Vt bool 972Set to 973.Dq Li YES 974by default. 975Setting to 976.Dq Li NO 977will disable probing idle TCP connections to verify that the 978peer is still up and reachable. 979.It Va tcp_drop_synfin 980.Pq Vt bool 981Set to 982.Dq Li NO 983by default. 984Setting to 985.Dq Li YES 986will cause the kernel to ignore TCP frames that have both 987the SYN and FIN flags set. 988This prevents OS fingerprinting, but may 989break some legitimate applications. 990.It Va icmp_drop_redirect 991.Pq Vt bool 992Set to 993.Dq Li NO 994by default. 995Setting to 996.Dq Li YES 997will cause the kernel to ignore ICMP REDIRECT packets. 998Refer to 999.Xr icmp 4 1000for more information. 1001.It Va icmp_log_redirect 1002.Pq Vt bool 1003Set to 1004.Dq Li NO 1005by default. 1006Setting to 1007.Dq Li YES 1008will cause the kernel to log ICMP REDIRECT packets. 1009Note that 1010the log messages are not rate-limited, so this option should only be used 1011for troubleshooting networks. 1012Refer to 1013.Xr icmp 4 1014for more information. 1015.It Va icmp_bmcastecho 1016.Pq Vt bool 1017Set to 1018.Dq Li YES 1019to respond to broadcast or multicast ICMP ping packets. 1020Refer to 1021.Xr icmp 4 1022for more information. 1023.It Va ip_portrange_first 1024.Pq Vt int 1025If not set to 1026.Dq Li NO , 1027this is the first port in the default portrange. 1028Refer to 1029.Xr ip 4 1030for more information. 1031.It Va ip_portrange_last 1032.Pq Vt int 1033If not set to 1034.Dq Li NO , 1035this is the last port in the default portrange. 1036Refer to 1037.Xr ip 4 1038for more information. 1039.It Va network_interfaces 1040.Pq Vt str 1041Set to the list of network interfaces to configure on this host or 1042.Dq Li AUTO 1043(the default) for all current interfaces. 1044Setting the 1045.Va network_interfaces 1046variable to anything other than the default is deprecated. 1047Interfaces that the administrator wishes to store configuration for, 1048but not start at boot should be configured with the 1049.Dq Li NOAUTO 1050keyword in their 1051.Va ifconfig_ Ns Aq Ar interface 1052variables as described below. 1053.Pp 1054An 1055.Va ifconfig_ Ns Aq Ar interface 1056variable is also assumed to exist for each value of 1057.Ar interface . 1058When an interface name contains any of the characters 1059.Dq Li .-/+ 1060they are translated to 1061.Dq Li _ 1062before lookup. 1063The variable can contain arguments to 1064.Xr ifconfig 8 , 1065as well as special case-insensitive keywords described below. 1066Such keywords are removed before passing the value to 1067.Xr ifconfig 8 1068while the order of the other arguments is preserved. 1069.Pp 1070One can configure more than one IPv4 address with the 1071.Va ipv4_addrs_ Ns Aq Ar interface 1072variable. 1073One or more IP addresses must be provided in Classless Inter-Domain 1074Routing (CIDR) address notation, whose last byte can be a range like 1075192.168.0.5-23/24. 1076In this case the address 192.168.0.5 will be configured with the 1077netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1078the non-conflicting netmask /32 as explained in the 1079.Xr ifconfig 8 1080alias section. 1081With the interface in question being 1082.Li ed0 , 1083an example could look like: 1084.Bd -literal 1085ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1086.Ed 1087.Pp 1088It is also possible to add IP alias entries using 1089.Xr ifconfig 8 1090syntax. 1091Assuming that the interface in question was 1092.Li ed0 , 1093it might look 1094something like this: 1095.Bd -literal 1096ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1097ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1098.Ed 1099.Pp 1100And so on. 1101For each 1102.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1103entry that is found, 1104its contents are passed to 1105.Xr ifconfig 8 . 1106Execution stops at the first unsuccessful access, so if 1107something like this is present: 1108.Bd -literal 1109ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1110ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1111ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1112ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1113.Ed 1114.Pp 1115Then note that alias4 would 1116.Em not 1117be added since the search would 1118stop with the missing 1119.Dq Li alias3 1120entry. 1121Due to this difficult to manage behavior, the 1122.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1123form is deprecated. 1124.Pp 1125If the 1126.Pa /etc/start_if. Ns Aq Ar interface 1127file is present, it is read and executed by the 1128.Xr sh 1 1129interpreter 1130before configuring the interface as specified in the 1131.Va ifconfig_ Ns Aq Ar interface 1132and 1133.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1134variables. 1135.Pp 1136If the 1137.Va ifconfig_ Ns Aq Ar interface 1138contains the keyword 1139.Dq Li NOAUTO 1140then the interface will not be configured 1141at boot or by 1142.Pa /etc/pccard_ether 1143when 1144.Va network_interfaces 1145is set to 1146.Dq Li AUTO . 1147.Pp 1148It is possible to bring up an interface with DHCP by adding 1149.Dq Li DHCP 1150to the 1151.Va ifconfig_ Ns Aq Ar interface 1152variable. 1153For instance, to initialize the 1154.Li ed0 1155device via DHCP, 1156it is possible to use something like: 1157.Bd -literal 1158ifconfig_ed0="DHCP" 1159.Ed 1160.Pp 1161Also, if you want to configure your wireless interface with 1162.Xr wpa_supplicant 8 1163for use with WPA, EAP/LEAP or WEP, you need to add 1164.Dq Li WPA 1165to the 1166.Va ifconfig_ Ns Aq Ar interface 1167variable. 1168.Pp 1169Finally, you can add 1170.Xr ifconfig 8 1171options in this variable, in addition to the 1172.Pa /etc/start_if. Ns Aq Ar interface 1173file. 1174For instance, to initialize the 1175.Li wi0 1176device via DHCP, using WPA authentication and 802.11b mode, it is 1177possible to use something like: 1178.Bd -literal 1179ifconfig_wi0="DHCP WPA mode 11b" 1180.Ed 1181.Pp 1182In addition to the 1183.Va ifconfig_ Ns Aq Ar interface 1184form, a fallback variable 1185.Va ifconfig_DEFAULT 1186may be configured. 1187It will be used for all interfaces with no 1188.Va ifconfig_ Ns Aq Ar interface 1189variable. 1190This is intended to replace the no longer supported 1191.Va pccard_ifconfig 1192variable. 1193.Pp 1194It is also possible to rename interface by doing: 1195.Bd -literal 1196ifconfig_ed0_name="net0" 1197ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1198.Ed 1199.It Va ipv6_network_interfaces 1200.Pq Vt str 1201This is the IPv6 equivalent of 1202.Va network_interfaces . 1203Instead of setting the ifconfig variables as 1204.Va ifconfig_ Ns Aq Ar interface 1205they should be set as 1206.Va ipv6_ifconfig_ Ns Aq Ar interface . 1207Aliases should be set as 1208.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1209.Va ipv6_prefix_ Ns Aq Ar interface 1210does something. 1211Interfaces that do not have a 1212.Va ipv6_ifconfig_ Ns Aq Ar interface 1213setting will be auto configured by 1214.Xr rtsol 8 1215if the 1216.Va ipv6_gateway_enable 1217is set to 1218.Dq Li NO . 1219Note that the IPv6 networking code does not support the 1220.Pa /etc/start_if. Ns Aq Ar interface 1221files. 1222.It Va ipv6_default_interface 1223.Pq Vt str 1224If not set to 1225.Dq Li NO , 1226this is the default output interface for scoped addresses. 1227Now this works only for IPv6 link local multicast addresses. 1228.It Va cloned_interfaces 1229.Pq Vt str 1230Set to the list of clonable network interfaces to create on this host. 1231Entries in 1232.Va cloned_interfaces 1233are automatically appended to 1234.Va network_interfaces 1235for configuration. 1236.It Va fec_interfaces 1237.Pq Vt str 1238Set to the list of 1239.Xr ng_fec 4 1240Fast EtherChannel interfaces to configure on this host. 1241A 1242.Va fecconfig_ Ns Aq Ar interface 1243variable is assumed to exist for each value of 1244.Ar interface . 1245The value of this variable is used to configure link aggregated interfaces 1246according to the syntax of the 1247.Cm NGM_FEC_ADD_IFACE 1248to 1249.Xr ngctl 8 1250msg. 1251Additionally, this option ensures that each listed interface is created 1252via the 1253.Cm mkpeer 1254command to 1255.Xr ngctl 8 1256before attempting to configure it. 1257For example: 1258.Bd -literal 1259fec_interfaces="fec0" 1260fecconfig_fec0="em0 em1" 1261ifconfig_fec0="DHCP" 1262.Ed 1263.It Va gif_interfaces 1264.Pq Vt str 1265Set to the list of 1266.Xr gif 4 1267tunnel interfaces to configure on this host. 1268A 1269.Va gifconfig_ Ns Aq Ar interface 1270variable is assumed to exist for each value of 1271.Ar interface . 1272The value of this variable is used to configure the link layer of the 1273tunnel according to the syntax of the 1274.Cm tunnel 1275option to 1276.Xr ifconfig 8 . 1277Additionally, this option ensures that each listed interface is created 1278via the 1279.Cm create 1280option to 1281.Xr ifconfig 8 1282before attempting to configure it. 1283.It Va sppp_interfaces 1284.Pq Vt str 1285Set to the list of 1286.Xr sppp 4 1287interfaces to configure on this host. 1288A 1289.Va spppconfig_ Ns Aq Ar interface 1290variable is assumed to exist for each value of 1291.Ar interface . 1292Each interface should also be configured by a general 1293.Va ifconfig_ Ns Aq Ar interface 1294setting. 1295Refer to 1296.Xr spppcontrol 8 1297for more information about available options. 1298.It Va ppp_enable 1299.Pq Vt bool 1300If set to 1301.Dq Li YES , 1302run the 1303.Xr ppp 8 1304daemon. 1305.It Va ppp_mode 1306.Pq Vt str 1307Mode in which to run the 1308.Xr ppp 8 1309daemon. 1310Accepted modes are 1311.Dq Li auto , 1312.Dq Li ddial , 1313.Dq Li direct 1314and 1315.Dq Li dedicated . 1316See the manual for a full description. 1317.It Va ppp_nat 1318.Pq Vt bool 1319If set to 1320.Dq Li YES , 1321enables network address translation. 1322Used in conjunction with 1323.Va gateway_enable 1324allows hosts on private network addresses access to the Internet using 1325this host as a network address translating router. 1326.It Va ppp_profile 1327.Pq Vt str 1328The name of the profile to use from 1329.Pa /etc/ppp/ppp.conf . 1330.It Va ppp_user 1331.Pq Vt str 1332The name of the user under which 1333.Xr ppp 8 1334should be started. 1335By 1336default, 1337.Xr ppp 8 1338is started as 1339.Dq Li root . 1340.It Va rc_conf_files 1341.Pq Vt str 1342This option is used to specify a list of files that will override 1343the settings in 1344.Pa /etc/defaults/rc.conf . 1345The files will be read in the order in which they are specified and should 1346include the full path to the file. 1347By default, the files specified are 1348.Pa /etc/rc.conf 1349and 1350.Pa /etc/rc.conf.local 1351.It Va zfs_enable 1352.Pq Vt bool 1353If set to 1354.Dq Li YES , 1355.Pa /etc/rc.d/zfs 1356will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1357(ZVOLs). 1358.It Va gbde_autoattach_all 1359.Pq Vt bool 1360If set to 1361.Dq Li YES , 1362.Pa /etc/rc.d/gbde 1363will attempt to automatically initialize your .bde devices in 1364.Pa /etc/fstab . 1365.It Va gbde_devices 1366.Pq Vt str 1367List the devices that the script should try to attach, 1368or 1369.Dq Li AUTO . 1370.It Va gbde_lockdir 1371.Pq Vt str 1372The directory where the 1373.Xr gbde 4 1374lockfiles are located. 1375The default lockfile directory is 1376.Pa /etc . 1377.Pp 1378The lockfile for each individual 1379.Xr gbde 4 1380device can be overridden by setting the variable 1381.Va gbde_lock_ Ns Aq Ar device , 1382where 1383.Ar device 1384is the encrypted device without the 1385.Dq Pa /dev/ 1386and 1387.Dq Pa .bde 1388parts. 1389.It Va gbde_attach_attempts 1390.Pq Vt int 1391Number of times to attempt attaching to a 1392.Xr gbde 4 1393device, i.e., how many times the user is asked for the pass-phrase. 1394Default is 3. 1395.It Va geli_devices 1396.Pq Vt str 1397List of devices to automatically attach on boot. 1398Note that .eli devices from 1399.Pa /etc/fstab 1400are automatically appended to this list. 1401.It Va geli_tries 1402.Pq Vt int 1403Number of times user is asked for the pass-phrase. 1404If empty, it will be taken from 1405.Va kern.geom.eli.tries 1406sysctl variable. 1407.It Va geli_default_flags 1408.Pq Vt str 1409Default flags to use by 1410.Xr geli 8 1411when configuring disk encryption. 1412Flags can be configured for every device separately by defining 1413.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1414variable. 1415.It Va geli_autodetach 1416.Pq Vt str 1417Specifies if GELI devices should be marked for detach on last close after 1418file systems are mounted. 1419Default is 1420.Dq Li YES . 1421This can be changed for every device separately by defining 1422.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1423variable. 1424.It Va geli_swap_flags 1425Options passed to the 1426.Xr geli 8 1427utility when encrypted GEOM providers for swap partitions are created. 1428The default is 1429.Dq Li "-a aes -l 256 -s 4096 -d" . 1430.It Va root_rw_mount 1431.Pq Vt bool 1432Set to 1433.Dq Li YES 1434by default. 1435After the file systems are checked at boot time, the root file system 1436is remounted as read-write if this is set to 1437.Dq Li YES . 1438Diskless systems that mount their root file system from a read-only remote 1439NFS share should set this to 1440.Dq Li NO 1441in their 1442.Pa rc.conf . 1443.It Va fsck_y_enable 1444.Pq Vt bool 1445If set to 1446.Dq Li YES , 1447.Xr fsck 8 1448will be run with the 1449.Fl y 1450flag if the initial preen 1451of the file systems fails. 1452.It Va background_fsck 1453.Pq Vt bool 1454If set to 1455.Dq Li YES , 1456the system will attempt to run 1457.Xr fsck 8 1458in the background where possible. 1459.It Va background_fsck_delay 1460.Pq Vt int 1461The amount of time in seconds to sleep before starting a background 1462.Xr fsck 8 . 1463It defaults to sixty seconds to allow large applications such as 1464the X server to start before disk I/O bandwidth is monopolized by 1465.Xr fsck 8 . 1466If set to a negative number, the background file system check will be 1467delayed indefinitely to allow the administrator to run it at a more 1468convenient time. 1469For example it may be run from 1470.Xr cron 8 1471by adding a line like 1472.Pp 1473.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1474.Pp 1475to 1476.Pa /etc/crontab . 1477.It Va netfs_types 1478.Pq Vt str 1479List of file system types that are network-based. 1480This list should generally not be modified by end users. 1481Use 1482.Va extra_netfs_types 1483instead. 1484.It Va extra_netfs_types 1485.Pq Vt str 1486If set to something other than 1487.Dq Li NO 1488(the default), 1489this variable extends the list of file system types 1490for which automatic mounting at startup by 1491.Xr rc 8 1492should be delayed until the network is initialized. 1493It should contain 1494a whitespace-separated list of network file system descriptor pairs, 1495each consisting of a file system type as passed to 1496.Xr mount 8 1497and a human-readable, one-word description, 1498joined with a colon 1499.Pq Ql \&: . 1500Extending the default list in this way is only necessary 1501when third party file system types are used. 1502.It Va syslogd_enable 1503.Pq Vt bool 1504If set to 1505.Dq Li YES , 1506run the 1507.Xr syslogd 8 1508daemon. 1509.It Va syslogd_program 1510.Pq Vt str 1511Path to 1512.Xr syslogd 8 1513(default 1514.Pa /usr/sbin/syslogd ) . 1515.It Va syslogd_flags 1516.Pq Vt str 1517If 1518.Va syslogd_enable 1519is set to 1520.Dq Li YES , 1521these are the flags to pass to 1522.Xr syslogd 8 . 1523.It Va inetd_enable 1524.Pq Vt bool 1525If set to 1526.Dq Li YES , 1527run the 1528.Xr inetd 8 1529daemon. 1530.It Va inetd_program 1531.Pq Vt str 1532Path to 1533.Xr inetd 8 1534(default 1535.Pa /usr/sbin/inetd ) . 1536.It Va inetd_flags 1537.Pq Vt str 1538If 1539.Va inetd_enable 1540is set to 1541.Dq Li YES , 1542these are the flags to pass to 1543.Xr inetd 8 . 1544.It Va named_enable 1545.Pq Vt bool 1546If set to 1547.Dq Li YES , 1548run the 1549.Xr named 8 1550daemon. 1551.It Va named_program 1552.Pq Vt str 1553Path to 1554.Xr named 8 1555(default 1556.Pa /usr/sbin/named ) . 1557.It Va named_flags 1558.Pq Vt str 1559If 1560.Va named_enable 1561is set to 1562.Dq Li YES , 1563these are the flags to pass to 1564.Xr named 8 . 1565.It Va named_pidfile 1566.Pq Vt str 1567This is the default path to the 1568.Xr named 8 1569daemon's PID file. 1570This must match the location in 1571.Xr named.conf 5 . 1572.It Va named_uid 1573.Pq Vt str 1574The user that the 1575.Xr named 8 1576process should be run as. 1577.It Va named_chrootdir 1578.Pq Vt str 1579The root directory for a name server run in a 1580.Xr chroot 8 1581environment (default 1582.Pa /var/named ) . 1583If left empty 1584.Xr named 8 1585will not be run in a 1586.Xr chroot 8 1587environment. 1588.It Va named_chroot_autoupdate 1589.Pq Vt bool 1590Set to 1591.Dq Li NO 1592to disable automatic update of the 1593.Xr chroot 8 1594environment. 1595.It Va named_symlink_enable 1596.Pq Vt bool 1597Set to 1598.Dq Li NO 1599to disable symlinking of 1600daemon's PID file 1601into the 1602.Xr chroot 8 1603environment. 1604.It Va kerberos5_server_enable 1605.Pq Vt bool 1606Set to 1607.Dq Li YES 1608to start a Kerberos 5 authentication server 1609at boot time. 1610.It Va kerberos5_server 1611.Pq Vt str 1612If 1613.Va kerberos5_server_enable 1614is set to 1615.Dq Li YES 1616this is the path to Kerberos 5 Authentication Server. 1617.It Va kerberos5_server_flags 1618.Pq Vt str 1619Empty by default. 1620This variable contains additional flags to be passed to the Kerberos 5 1621authentication server. 1622.It Va kadmind5_server_enable 1623.Pq Vt bool 1624Set to 1625.Dq Li YES 1626to start 1627.Xr kadmind 8 , 1628the Kerberos 5 Administration Daemon; set to 1629.Dq Li NO 1630on a slave server. 1631.It Va kadmind5_server 1632.Pq Vt str 1633If 1634.Va kadmind5_server_enable 1635is set to 1636.Dq Li YES 1637this is the path to Kerberos 5 Administration Daemon. 1638.It Va kpasswdd_server_enable 1639.Pq Vt bool 1640Set to 1641.Dq Li YES 1642to start 1643.Xr kpasswdd 8 , 1644the Kerberos 5 Password-Changing Daemon; set to 1645.Dq Li NO 1646on a slave server. 1647.It Va kpasswdd_server 1648.Pq Vt str 1649If 1650.Va kpasswdd_server_enable 1651is set to 1652.Dq Li YES 1653this is the path to Kerberos 5 Password-Changing Daemon. 1654.It Va rwhod_enable 1655.Pq Vt bool 1656If set to 1657.Dq Li YES , 1658run the 1659.Xr rwhod 8 1660daemon at boot time. 1661.It Va rwhod_flags 1662.Pq Vt str 1663If 1664.Va rwhod_enable 1665is set to 1666.Dq Li YES , 1667these are the flags to pass to it. 1668.It Va amd_enable 1669.Pq Vt bool 1670If set to 1671.Dq Li YES , 1672run the 1673.Xr amd 8 1674daemon at boot time. 1675.It Va amd_flags 1676.Pq Vt str 1677If 1678.Va amd_enable 1679is set to 1680.Dq Li YES , 1681these are the flags to pass to it. 1682See the 1683.Xr amd 8 1684manpage for more information. 1685.It Va amd_map_program 1686.Pq Vt str 1687If set, 1688the specified program is run to get the list of 1689.Xr amd 8 1690maps. 1691For example, if the 1692.Xr amd 8 1693maps are stored in NIS, one can set this to 1694run 1695.Xr ypcat 1 1696to get a list of 1697.Xr amd 8 1698maps from the 1699.Pa amd.master 1700NIS map. 1701.It Va update_motd 1702.Pq Vt bool 1703If set to 1704.Dq Li YES , 1705.Pa /etc/motd 1706will be updated at boot time to reflect the kernel release 1707being run. 1708If set to 1709.Dq Li NO , 1710.Pa /etc/motd 1711will not be updated. 1712.It Va nfs_client_enable 1713.Pq Vt bool 1714If set to 1715.Dq Li YES , 1716run the NFS client daemons at boot time. 1717.It Va nfs_access_cache 1718.Pq Vt int 1719If 1720.Va nfs_client_enable 1721is set to 1722.Dq Li YES , 1723this can be set to 1724.Dq Li 0 1725to disable NFS ACCESS RPC caching, or to the number of seconds for which 1726NFS ACCESS 1727results should be cached. 1728A value of 2-10 seconds will substantially reduce network 1729traffic for many NFS operations. 1730.It Va nfs_server_enable 1731.Pq Vt bool 1732If set to 1733.Dq Li YES , 1734run the NFS server daemons at boot time. 1735.It Va nfs_server_flags 1736.Pq Vt str 1737If 1738.Va nfs_server_enable 1739is set to 1740.Dq Li YES , 1741these are the flags to pass to the 1742.Xr nfsd 8 1743daemon. 1744.It Va idmapd_enable 1745.Pq Vt bool 1746If set to 1747.Dq Li YES , 1748run the ID mapping daemon for NFS version 4. 1749.It Va idmapd_flags 1750.Pq Vt str 1751If 1752.Va idmapd_enable 1753is set to 1754.Dq Li YES , 1755these are the flags to pass to the 1756.Xr idmapd 8 1757daemon. 1758.It Va mountd_enable 1759.Pq Vt bool 1760If set to 1761.Dq Li YES , 1762and no 1763.Va nfs_server_enable 1764is set, start 1765.Xr mountd 8 , 1766but not 1767.Xr nfsd 8 1768daemon. 1769It is commonly needed to run CFS without real NFS used. 1770.It Va mountd_flags 1771.Pq Vt str 1772If 1773.Va mountd_enable 1774is set to 1775.Dq Li YES , 1776these are the flags to pass to the 1777.Xr mountd 8 1778daemon. 1779.It Va weak_mountd_authentication 1780.Pq Vt bool 1781If set to 1782.Dq Li YES , 1783allow services like PCNFSD to make non-privileged mount 1784requests. 1785.It Va nfs_reserved_port_only 1786.Pq Vt bool 1787If set to 1788.Dq Li YES , 1789provide NFS services only on a secure port. 1790.It Va nfs_bufpackets 1791.Pq Vt int 1792If set to a number, indicates the number of packets worth of 1793socket buffer space to reserve on an NFS client. 1794The kernel default is typically 4. 1795Using a higher number may be 1796useful on gigabit networks to improve performance. 1797The minimum value is 17982 and the maximum is 64. 1799.It Va rpc_lockd_enable 1800.Pq Vt bool 1801If set to 1802.Dq Li YES 1803and also an NFS server or client, run 1804.Xr rpc.lockd 8 1805at boot time. 1806.It Va rpc_lockd_flags 1807.Pq Vt str 1808If 1809.Va rpc_lockd_enable 1810is set to 1811.Dq Li YES , 1812these are the flags to pass to the 1813.Xr rpc.lockd 8 1814daemon. 1815.It Va rpc_statd_enable 1816.Pq Vt bool 1817If set to 1818.Dq Li YES 1819and also an NFS server or client, run 1820.Xr rpc.statd 8 1821at boot time. 1822.It Va rpc_statd_flags 1823.Pq Vt str 1824If 1825.Va rpc_statd_enable 1826is set to 1827.Dq Li YES , 1828these are the flags to pass to the 1829.Xr rpc.statd 8 1830daemon. 1831.It Va rpcbind_program 1832.Pq Vt str 1833Path to 1834.Xr rpcbind 8 1835(default 1836.Pa /usr/sbin/rpcbind ) . 1837.It Va rpcbind_enable 1838.Pq Vt bool 1839If set to 1840.Dq Li YES , 1841run the 1842.Xr rpcbind 8 1843service at boot time. 1844.It Va rpcbind_flags 1845.Pq Vt str 1846If 1847.Va rpcbind_enable 1848is set to 1849.Dq Li YES , 1850these are the flags to pass to the 1851.Xr rpcbind 8 1852daemon. 1853.It Va keyserv_enable 1854.Pq Vt bool 1855If set to 1856.Dq Li YES , 1857run the 1858.Xr keyserv 8 1859daemon on boot for running Secure RPC. 1860.It Va keyserv_flags 1861.Pq Vt str 1862If 1863.Va keyserv_enable 1864is set to 1865.Dq Li YES , 1866these are the flags to pass to 1867.Xr keyserv 8 1868daemon. 1869.It Va pppoed_enable 1870.Pq Vt bool 1871If set to 1872.Dq Li YES , 1873run the 1874.Xr pppoed 8 1875daemon at boot time to provide PPP over Ethernet services. 1876.It Va pppoed_ Ns Aq Ar provider 1877.Pq Vt str 1878.Xr pppoed 8 1879listens to requests to this 1880.Ar provider 1881and ultimately runs 1882.Xr ppp 8 1883with a 1884.Ar system 1885argument of the same name. 1886.It Va pppoed_flags 1887.Pq Vt str 1888Additional flags to pass to 1889.Xr pppoed 8 . 1890.It Va pppoed_interface 1891.Pq Vt str 1892The network interface to run 1893.Xr pppoed 8 1894on. 1895This is mandatory when 1896.Va pppoed_enable 1897is set to 1898.Dq Li YES . 1899.It Va timed_enable 1900.Pq Vt bool 1901If set to 1902.Dq Li YES , 1903run the 1904.Xr timed 8 1905service at boot time. 1906This command is intended for networks of 1907machines where a consistent 1908.Dq "network time" 1909for all hosts must be established. 1910This is often useful in large NFS 1911environments where time stamps on files are expected to be consistent 1912network-wide. 1913.It Va timed_flags 1914.Pq Vt str 1915If 1916.Va timed_enable 1917is set to 1918.Dq Li YES , 1919these are the flags to pass to the 1920.Xr timed 8 1921service. 1922.It Va ntpdate_enable 1923.Pq Vt bool 1924If set to 1925.Dq Li YES , 1926run 1927.Xr ntpdate 8 1928at system startup. 1929This command is intended to 1930synchronize the system clock only 1931.Em once 1932from some standard reference. 1933An option to set this up initially 1934(from a list of known servers) is also provided by the 1935.Xr sysinstall 8 1936program when the system is first installed. 1937.It Va ntpdate_config 1938.Pq Vt str 1939Configuration file for 1940.Xr ntpdate 8 . 1941Default 1942.Pa /etc/ntp.conf . 1943.It Va ntpdate_hosts 1944.Pq Vt str 1945A whitespace-separated list of NTP servers to synchronize with at startup. 1946The default is to use the servers listed in 1947.Va ntpdate_config , 1948if that file exists. 1949.It Va ntpdate_program 1950.Pq Vt str 1951Path to 1952.Xr ntpdate 8 1953(default 1954.Pa /usr/sbin/ntpdate ) . 1955.It Va ntpdate_flags 1956.Pq Vt str 1957If 1958.Va ntpdate_enable 1959is set to 1960.Dq Li YES , 1961these are the flags to pass to the 1962.Xr ntpdate 8 1963command (typically a hostname). 1964.It Va ntpd_enable 1965.Pq Vt bool 1966If set to 1967.Dq Li YES , 1968run the 1969.Xr ntpd 8 1970command at boot time. 1971.It Va ntpd_program 1972.Pq Vt str 1973Path to 1974.Xr ntpd 8 1975(default 1976.Pa /usr/sbin/ntpd ) . 1977.It Va ntpd_config 1978.Pq Vt str 1979Path to 1980.Xr ntpd 8 1981configuration file. 1982Default 1983.Pa /etc/ntp.conf . 1984.It Va ntpd_flags 1985.Pq Vt str 1986If 1987.Va ntpd_enable 1988is set to 1989.Dq Li YES , 1990these are the flags to pass to the 1991.Xr ntpd 8 1992daemon. 1993.It Va ntpd_sync_on_start 1994.Pq Vt bool 1995If set to 1996.Dq Li YES , 1997.Xr ntpd 8 1998is run with the 1999.Fl g 2000flag, which syncs the system's clock on startup. 2001See 2002.Xr ntpd 8 2003for more information regarding the 2004.Fl g 2005option. 2006This is a preferred alternative to using 2007.Xr ntpdate 8 2008or specifying the 2009.Va ntpdate_enable 2010variable. 2011.It Va nis_client_enable 2012.Pq Vt bool 2013If set to 2014.Dq Li YES , 2015run the 2016.Xr ypbind 8 2017service at system boot time. 2018.It Va nis_client_flags 2019.Pq Vt str 2020If 2021.Va nis_client_enable 2022is set to 2023.Dq Li YES , 2024these are the flags to pass to the 2025.Xr ypbind 8 2026service. 2027.It Va nis_ypset_enable 2028.Pq Vt bool 2029If set to 2030.Dq Li YES , 2031run the 2032.Xr ypset 8 2033daemon at system boot time. 2034.It Va nis_ypset_flags 2035.Pq Vt str 2036If 2037.Va nis_ypset_enable 2038is set to 2039.Dq Li YES , 2040these are the flags to pass to the 2041.Xr ypset 8 2042daemon. 2043.It Va nis_server_enable 2044.Pq Vt bool 2045If set to 2046.Dq Li YES , 2047run the 2048.Xr ypserv 8 2049daemon at system boot time. 2050.It Va nis_server_flags 2051.Pq Vt str 2052If 2053.Va nis_server_enable 2054is set to 2055.Dq Li YES , 2056these are the flags to pass to the 2057.Xr ypserv 8 2058daemon. 2059.It Va nis_ypxfrd_enable 2060.Pq Vt bool 2061If set to 2062.Dq Li YES , 2063run the 2064.Xr rpc.ypxfrd 8 2065daemon at system boot time. 2066.It Va nis_ypxfrd_flags 2067.Pq Vt str 2068If 2069.Va nis_ypxfrd_enable 2070is set to 2071.Dq Li YES , 2072these are the flags to pass to the 2073.Xr rpc.ypxfrd 8 2074daemon. 2075.It Va nis_yppasswdd_enable 2076.Pq Vt bool 2077If set to 2078.Dq Li YES , 2079run the 2080.Xr rpc.yppasswdd 8 2081daemon at system boot time. 2082.It Va nis_yppasswdd_flags 2083.Pq Vt str 2084If 2085.Va nis_yppasswdd_enable 2086is set to 2087.Dq Li YES , 2088these are the flags to pass to the 2089.Xr rpc.yppasswdd 8 2090daemon. 2091.It Va rpc_ypupdated_enable 2092.Pq Vt bool 2093If set to 2094.Dq Li YES , 2095run the 2096.Nm rpc.ypupdated 2097daemon at system boot time. 2098.It Va bsnmpd_enable 2099.Pq Vt bool 2100If set to 2101.Dq Li YES , 2102run the 2103.Xr bsnmpd 1 2104daemon at system boot time. 2105Be sure to understand the security implications of running SNMP daemon 2106on your host. 2107.It Va bsnmpd_flags 2108.Pq Vt str 2109If 2110.Va bsnmpd_enable 2111is set to 2112.Dq Li YES , 2113these are the flags to pass to the 2114.Xr bsnmpd 1 2115daemon. 2116.It Va defaultrouter 2117.Pq Vt str 2118If not set to 2119.Dq Li NO , 2120create a default route to this host name or IP address 2121(use an IP address if this router is also required to get to the 2122name server!). 2123.It Va ipv6_defaultrouter 2124.Pq Vt str 2125The IPv6 equivalent of 2126.Va defaultrouter . 2127.It Va static_routes 2128.Pq Vt str 2129Set to the list of static routes that are to be added at system 2130boot time. 2131If not set to 2132.Dq Li NO 2133then for each whitespace separated 2134.Ar element 2135in the value, a 2136.Va route_ Ns Aq Ar element 2137variable is assumed to exist 2138whose contents will later be passed to a 2139.Dq Nm route Cm add 2140operation. 2141For example: 2142.Bd -literal 2143static_routes="mcast gif0local" 2144route_mcast="-net 224.0.0.0/4 -iface gif0" 2145route_gif0local="-host 169.254.1.1 -iface lo0" 2146.Ed 2147.It Va ipv6_static_routes 2148.Pq Vt str 2149The IPv6 equivalent of 2150.Va static_routes . 2151If not set to 2152.Dq Li NO 2153then for each whitespace separated 2154.Ar element 2155in the value, a 2156.Va ipv6_route_ Ns Aq Ar element 2157variable is assumed to exist 2158whose contents will later be passed to a 2159.Dq Nm route Cm add Fl inet6 2160operation. 2161.It Va natm_static_routes 2162.Pq Vt str 2163The 2164.Xr natmip 4 2165equivalent of 2166.Va static_routes . 2167If not empty then for each whitespace separated 2168.Ar element 2169in the value, a 2170.Va route_ Ns Aq Ar element 2171variable is assumed to exist whose contents will later be passed to a 2172.Dq Nm atmconfig Cm natm Cm add 2173operation. 2174.It Va gateway_enable 2175.Pq Vt bool 2176If set to 2177.Dq Li YES , 2178configure host to act as an IP router, e.g.\& to forward packets 2179between interfaces. 2180.It Va ipv6_gateway_enable 2181.Pq Vt bool 2182The IPv6 equivalent of 2183.Va gateway_enable . 2184.It Va router_enable 2185.Pq Vt bool 2186If set to 2187.Dq Li YES , 2188run a routing daemon of some sort, based on the 2189settings of 2190.Va router 2191and 2192.Va router_flags . 2193.It Va ipv6_router_enable 2194.Pq Vt bool 2195The IPv6 equivalent of 2196.Va router_enable . 2197If set to 2198.Dq Li YES , 2199run a routing daemon of some sort, based on the 2200settings of 2201.Va ipv6_router 2202and 2203.Va ipv6_router_flags . 2204.It Va router 2205.Pq Vt str 2206If 2207.Va router_enable 2208is set to 2209.Dq Li YES , 2210this is the name of the routing daemon to use. 2211.It Va ipv6_router 2212.Pq Vt str 2213The IPv6 equivalent of 2214.Va router . 2215.It Va router_flags 2216.Pq Vt str 2217If 2218.Va router_enable 2219is set to 2220.Dq Li YES , 2221these are the flags to pass to the routing daemon. 2222.It Va ipv6_router_flags 2223.Pq Vt str 2224The IPv6 equivalent of 2225.Va router_flags . 2226.It Va mrouted_enable 2227.Pq Vt bool 2228If set to 2229.Dq Li YES , 2230run the multicast routing daemon, 2231.Xr mrouted 8 . 2232.It Va mroute6d_enable 2233.Pq Vt bool 2234The IPv6 equivalent of 2235.Va mrouted_enable . 2236If set to 2237.Dq Li YES , 2238run the IPv6 multicast routing daemon. 2239.Pp 2240Note that multicast routing daemons are no longer included in the 2241.Fx 2242base system, however, both 2243.Xr mrouted 8 2244and 2245.Xr pim6dd 8 2246may be installed from the 2247.Fx 2248Ports Collection. 2249.It Va mrouted_flags 2250.Pq Vt str 2251If 2252.Va mrouted_enable 2253is set to 2254.Dq Li YES , 2255these are the flags to pass to the 2256.Xr mrouted 8 2257daemon. 2258.It Va mroute6d_flags 2259.Pq Vt str 2260The IPv6 equivalent of 2261.Va mrouted_flags . 2262If 2263.Va mroute6d_enable 2264is set to 2265.Dq Li YES , 2266these are the flags passed to the IPv6 multicast routing daemon. 2267.It Va mroute6d_program 2268.Pq Vt str 2269If 2270.Va mroute6d_enable 2271is set to 2272.Dq Li YES , 2273this is the path to the IPv6 multicast routing daemon. 2274.It Va rtadvd_enable 2275.Pq Vt bool 2276If set to 2277.Dq Li YES , 2278run the 2279.Xr rtadvd 8 2280daemon at boot time. 2281.Xr rtadvd 8 2282will only run if 2283.Va ipv6_gateway_enable 2284is also set to 2285.Dq Li YES . 2286The 2287.Xr rtadvd 8 2288utility sends router advertisement packets to the interfaces specified in 2289.Va rtadvd_interfaces 2290and should only be enabled with great care. 2291You may want to fine-tune 2292.Xr rtadvd.conf 5 . 2293.It Va rtadvd_interfaces 2294.Pq Vt str 2295If 2296.Va rtadvd_enable 2297is set to 2298.Dq Li YES 2299this is the list of interfaces to use. 2300.It Va ipxgateway_enable 2301.Pq Vt bool 2302If set to 2303.Dq Li YES , 2304enable the routing of IPX traffic. 2305.It Va ipxrouted_enable 2306.Pq Vt bool 2307If set to 2308.Dq Li YES , 2309run the 2310.Xr IPXrouted 8 2311daemon at system boot time. 2312.It Va ipxrouted_flags 2313.Pq Vt str 2314If 2315.Va ipxrouted_enable 2316is set to 2317.Dq Li YES , 2318these are the flags to pass to the 2319.Xr IPXrouted 8 2320daemon. 2321.It Va arpproxy_all 2322.Pq Vt bool 2323If set to 2324.Dq Li YES , 2325enable global proxy ARP. 2326.It Va forward_sourceroute 2327.Pq Vt bool 2328If set to 2329.Dq Li YES 2330and 2331.Va gateway_enable 2332is also set to 2333.Dq Li YES , 2334source-routed packets are forwarded. 2335.It Va accept_sourceroute 2336.Pq Vt bool 2337If set to 2338.Dq Li YES , 2339the system will accept source-routed packets directed at it. 2340.It Va rarpd_enable 2341.Pq Vt bool 2342If set to 2343.Dq Li YES , 2344run the 2345.Xr rarpd 8 2346daemon at system boot time. 2347.It Va rarpd_flags 2348.Pq Vt str 2349If 2350.Va rarpd_enable 2351is set to 2352.Dq Li YES , 2353these are the flags to pass to the 2354.Xr rarpd 8 2355daemon. 2356.It Va bootparamd_enable 2357.Pq Vt bool 2358If set to 2359.Dq Li YES , 2360run the 2361.Xr bootparamd 8 2362daemon at system boot time. 2363.It Va bootparamd_flags 2364.Pq Vt str 2365If 2366.Va bootparamd_enable 2367is set to 2368.Dq Li YES , 2369these are the flags to pass to the 2370.Xr bootparamd 8 2371daemon. 2372.It Va stf_interface_ipv4addr 2373.Pq Vt str 2374If not set to 2375.Dq Li NO , 2376this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2377interface). 2378Specify this entry to enable the 6to4 interface. 2379.It Va stf_interface_ipv4plen 2380.Pq Vt int 2381Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2382An effective value is 0-31. 2383.It Va stf_interface_ipv6_ifid 2384.Pq Vt str 2385IPv6 interface ID for 2386.Xr stf 4 . 2387This can be set to 2388.Dq Li AUTO . 2389.It Va stf_interface_ipv6_slaid 2390.Pq Vt str 2391IPv6 Site Level Aggregator for 2392.Xr stf 4 . 2393.It Va ipv6_faith_prefix 2394.Pq Vt str 2395If not set to 2396.Dq Li NO , 2397this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2398translator. 2399You also need 2400.Xr faithd 8 2401setup. 2402.It Va ipv6_ipv4mapping 2403.Pq Vt bool 2404If set to 2405.Dq Li YES 2406this enables IPv4 mapped IPv6 address communication (like 2407.Li ::ffff:a.b.c.d ) . 2408.It Va atm_enable 2409.Pq Vt bool 2410Set to 2411.Dq Li YES 2412to enable the configuration of ATM interfaces at system boot time. 2413For all of the ATM variables described below, please refer to the 2414.Xr atm 8 2415manual page for further details on the available command parameters. 2416Also refer to the files in 2417.Pa /usr/share/examples/atm 2418for more detailed configuration information. 2419.It Va atm_load 2420.Pq Vt str 2421This is a list of physical ATM interface drivers to load. 2422Typical values are 2423.Dq Li hfa_pci 2424and/or 2425.Dq Li hea_pci . 2426.It Va atm_netif_ Ns Aq Ar intf 2427.Pq Vt str 2428For the ATM physical interface 2429.Ar intf , 2430this variable defines the name prefix and count for the ATM network 2431interfaces to be created. 2432The value will be passed as the parameters of an 2433.Dq Nm atm Cm "set netif" Ar intf 2434command. 2435.It Va atm_sigmgr_ Ns Aq Ar intf 2436.Pq Vt str 2437For the ATM physical interface 2438.Ar intf , 2439this variable defines the ATM signalling manager to be used. 2440The value will be passed as the parameters of an 2441.Dq Nm atm Cm attach Ar intf 2442command. 2443.It Va atm_prefix_ Ns Aq Ar intf 2444.Pq Vt str 2445For the ATM physical interface 2446.Ar intf , 2447this variable defines the NSAP prefix for interfaces using a UNI signalling 2448manager. 2449If set to 2450.Dq Li ILMI , 2451the prefix will automatically be set via the 2452.Xr ilmid 8 2453daemon. 2454Otherwise, the value will be passed as the parameters of an 2455.Dq Nm atm Cm "set prefix" Ar intf 2456command. 2457.It Va atm_macaddr_ Ns Aq Ar intf 2458.Pq Vt str 2459For the ATM physical interface 2460.Ar intf , 2461this variable defines the MAC address for interfaces using a UNI signalling 2462manager. 2463If set to 2464.Dq Li NO , 2465the hardware MAC address contained in the ATM interface card will be used. 2466Otherwise, the value will be passed as the parameters of an 2467.Dq Nm atm Cm "set mac" Ar intf 2468command. 2469.It Va atm_arpserver_ Ns Aq Ar netif 2470.Pq Vt str 2471For the ATM network interface 2472.Ar netif , 2473this variable defines the ATM address for a host which is to provide ATMARP 2474service. 2475This variable is only applicable to interfaces using a UNI signalling 2476manager. 2477If set to 2478.Dq Li local , 2479this host will become an ATMARP server. 2480The value will be passed as the parameters of an 2481.Dq Nm atm Cm "set arpserver" Ar netif 2482command. 2483.It Va atm_scsparp_ Ns Aq Ar netif 2484.Pq Vt bool 2485If set to 2486.Dq Li YES , 2487SCSP/ATMARP service for the network interface 2488.Ar netif 2489will be initiated using the 2490.Xr scspd 8 2491and 2492.Xr atmarpd 8 2493daemons. 2494This variable is only applicable if 2495.Va atm_arpserver_ Ns Aq Ar netif 2496is set to 2497.Dq Li local . 2498.It Va atm_pvcs 2499.Pq Vt str 2500Set to the list of ATM PVCs to be added at system 2501boot time. 2502For each whitespace separated 2503.Ar element 2504in the value, an 2505.Va atm_pvc_ Ns Aq Ar element 2506variable is assumed to exist. 2507The value of each of these variables 2508will be passed as the parameters of an 2509.Dq Nm atm Cm "add pvc" 2510command. 2511.It Va atm_arps 2512.Pq Vt str 2513Set to the list of permanent ATM ARP entries to be added 2514at system boot time. 2515For each whitespace separated 2516.Ar element 2517in the value, an 2518.Va atm_arp_ Ns Aq Ar element 2519variable is assumed to exist. 2520The value of each of these variables 2521will be passed as the parameters of an 2522.Dq Nm atm Cm "add arp" 2523command. 2524.It Va natm_interfaces 2525.Pq Vt str 2526Set to the list of 2527.Xr natm 4 2528interfaces that will also be used for HARP through 2529.Xr harp 4 . 2530If this list is not empty all interfaces in the list will be brought up 2531with 2532.Xr ifconfig 8 2533and 2534.Xr harp 4 2535will be loaded. 2536For this to work the interface drivers must be either compiled into the 2537kernel or must reside on the root partition. 2538.It Va keybell 2539.Pq Vt str 2540The keyboard bell sound. 2541Set to 2542.Dq Li normal , 2543.Dq Li visual , 2544.Dq Li off , 2545or 2546.Dq Li NO 2547if the default behavior is desired. 2548For details, refer to the 2549.Xr kbdcontrol 1 2550manpage. 2551.It Va keyboard 2552.Pq Vt str 2553If set to a non-null string, the virtual console's keyboard input is 2554set to this device. 2555.It Va keymap 2556.Pq Vt str 2557If set to 2558.Dq Li NO , 2559no keymap is installed, otherwise the value is used to install 2560the keymap file in 2561.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2562.It Va keyrate 2563.Pq Vt str 2564The keyboard repeat speed. 2565Set to 2566.Dq Li slow , 2567.Dq Li normal , 2568.Dq Li fast , 2569or 2570.Dq Li NO 2571if the default behavior is desired. 2572.It Va keychange 2573.Pq Vt str 2574If not set to 2575.Dq Li NO , 2576attempt to program the function keys with the value. 2577The value should 2578be a single string of the form: 2579.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2580.It Va cursor 2581.Pq Vt str 2582Can be set to the value of 2583.Dq Li normal , 2584.Dq Li blink , 2585.Dq Li destructive , 2586or 2587.Dq Li NO 2588to set the cursor behavior explicitly or choose the default behavior. 2589.It Va scrnmap 2590.Pq Vt str 2591If set to 2592.Dq Li NO , 2593no screen map is installed, otherwise the value is used to install 2594the screen map file in 2595.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2596.It Va font8x16 2597.Pq Vt str 2598If set to 2599.Dq Li NO , 2600the default 8x16 font value is used for screen size requests, otherwise 2601the value in 2602.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2603is used. 2604.It Va font8x14 2605.Pq Vt str 2606If set to 2607.Dq Li NO , 2608the default 8x14 font value is used for screen size requests, otherwise 2609the value in 2610.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2611is used. 2612.It Va font8x8 2613.Pq Vt str 2614If set to 2615.Dq Li NO , 2616the default 8x8 font value is used for screen size requests, otherwise 2617the value in 2618.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2619is used. 2620.It Va blanktime 2621.Pq Vt int 2622If set to 2623.Dq Li NO , 2624the default screen blanking interval is used, otherwise it is set 2625to 2626.Ar value 2627seconds. 2628.It Va saver 2629.Pq Vt str 2630If not set to 2631.Dq Li NO , 2632this is the actual screen saver to use 2633.Li ( blank , snake , daemon , 2634etc). 2635.It Va moused_nondefault_enable 2636.Pq Vt str 2637If set to 2638.Dq Li NO , 2639the mouse device specified on 2640the command line is not automatically treated as enabled by the 2641.Pa /etc/rc.d/moused 2642script. 2643Having this variable set to 2644.Dq Li YES 2645allows a 2646.Xr usb 4 2647mouse, 2648for example, 2649to be enabled as soon as it is plugged in. 2650.It Va moused_enable 2651.Pq Vt str 2652If set to 2653.Dq Li YES , 2654the 2655.Xr moused 8 2656daemon is started for doing cut/paste selection on the console. 2657.It Va moused_type 2658.Pq Vt str 2659This is the protocol type of the mouse connected to this host. 2660This variable must be set if 2661.Va moused_enable 2662is set to 2663.Dq Li YES . 2664The 2665.Xr moused 8 2666daemon 2667is able to detect the appropriate mouse type automatically in many cases. 2668Set this variable to 2669.Dq Li auto 2670to let the daemon detect it, or 2671select one from the following list if the automatic detection fails. 2672.Pp 2673If the mouse is attached to the PS/2 mouse port, choose 2674.Dq Li auto 2675or 2676.Dq Li ps/2 , 2677regardless of the brand and model of the mouse. 2678Likewise, if the 2679mouse is attached to the bus mouse port, choose 2680.Dq Li auto 2681or 2682.Dq Li busmouse . 2683All other protocols are for serial mice and will not work with 2684the PS/2 and bus mice. 2685If this is a USB mouse, 2686.Dq Li auto 2687is the only protocol type which will work. 2688.Pp 2689.Bl -tag -width ".Li x10mouseremote" -compact 2690.It Li microsoft 2691Microsoft mouse (serial) 2692.It Li intellimouse 2693Microsoft IntelliMouse (serial) 2694.It Li mousesystems 2695Mouse systems Corp.\& mouse (serial) 2696.It Li mmseries 2697MM Series mouse (serial) 2698.It Li logitech 2699Logitech mouse (serial) 2700.It Li busmouse 2701A bus mouse 2702.It Li mouseman 2703Logitech MouseMan and TrackMan (serial) 2704.It Li glidepoint 2705ALPS GlidePoint (serial) 2706.It Li thinkingmouse 2707Kensington ThinkingMouse (serial) 2708.It Li ps/2 2709PS/2 mouse 2710.It Li mmhittab 2711MM HitTablet (serial) 2712.It Li x10mouseremote 2713X10 MouseRemote (serial) 2714.It Li versapad 2715Interlink VersaPad (serial) 2716.El 2717.Pp 2718Even if the mouse is not in the above list, it may be compatible 2719with one in the list. 2720Refer to the manual page for 2721.Xr moused 8 2722for compatibility information. 2723.Pp 2724It should also be noted that while this is enabled, any 2725other client of the mouse (such as an X server) should access 2726the mouse through the virtual mouse device, 2727.Pa /dev/sysmouse , 2728and configure it as a 2729.Dq Li sysmouse 2730type mouse, since all 2731mouse data is converted to this single canonical format when 2732using 2733.Xr moused 8 . 2734If the client program does not support the 2735.Dq Li sysmouse 2736type, 2737specify the 2738.Dq Li mousesystems 2739type. 2740It is the second preferred type. 2741.It Va moused_port 2742.Pq Vt str 2743If 2744.Va moused_enable 2745is set to 2746.Dq Li YES , 2747this is the actual port the mouse is on. 2748It might be 2749.Pa /dev/cuad0 2750for a COM1 serial mouse, 2751.Pa /dev/psm0 2752for a PS/2 mouse or 2753.Pa /dev/mse0 2754for a bus mouse, for example. 2755.It Va moused_flags 2756.Pq Vt str 2757If 2758.Va moused_flags 2759is set, its value is used as an additional set of flags to pass to the 2760.Xr moused 8 2761daemon. 2762.It Va "moused_" Ns Ar XXX Ns Va "_flags" 2763When 2764.Va moused_nondefault_enable 2765is enabled, and a 2766.Xr moused 8 2767daemon is started for a non-default port, the 2768.Va "moused_" Ns Ar XXX Ns Va "_flags" 2769set of options has precedence over and replaces the default 2770.Va moused_flags (where 2771.Ar XXX 2772is the name of the non-default port, i.e.\& 2773.Ar ums0 ) . 2774By setting 2775.Va "moused_" Ns Ar XXX Ns Va "_flags" 2776it is possible to set up a different set of default flags for each 2777.Xr moused 8 2778instance. 2779For example, you can use 2780.Dq Li "-3" 2781for the default 2782.Va moused_flags 2783to make your laptop's touchpad more comfortable to use, 2784but an empty set of options for 2785.Va moused_ums0_flags 2786when your 2787.Xr usb 4 2788mouse has three or more buttons. 2789.It Va mousechar_start 2790.Pq Vt int 2791If set to 2792.Dq Li NO , 2793the default mouse cursor character range 2794.Li 0xd0 Ns - Ns Li 0xd3 2795is used, 2796otherwise the range start is set 2797to 2798.Ar value 2799character, see 2800.Xr vidcontrol 1 . 2801Use if the default range is occupied in the language code table. 2802.It Va allscreens_flags 2803.Pq Vt str 2804If set, 2805.Xr vidcontrol 1 2806is run with these options for each of the virtual terminals 2807.Pq Pa /dev/ttyv* . 2808For example, 2809.Dq Fl m Cm on 2810will enable the mouse pointer on all virtual terminals 2811if 2812.Va moused_enable 2813is set to 2814.Dq Li YES . 2815.It Va allscreens_kbdflags 2816.Pq Vt str 2817If set, 2818.Xr kbdcontrol 1 2819is run with these options for each of the virtual terminals 2820.Pq Pa /dev/ttyv* . 2821For example, 2822.Dq Fl h Li 200 2823will set the 2824.Xr syscons 4 2825scrollback (history) buffer to 200 lines. 2826.It Va cron_enable 2827.Pq Vt bool 2828If set to 2829.Dq Li YES , 2830run the 2831.Xr cron 8 2832daemon at system boot time. 2833.It Va cron_program 2834.Pq Vt str 2835Path to 2836.Xr cron 8 2837(default 2838.Pa /usr/sbin/cron ) . 2839.It Va cron_flags 2840.Pq Vt str 2841If 2842.Va cron_enable 2843is set to 2844.Dq Li YES , 2845these are the flags to pass to 2846.Xr cron 8 . 2847.It Va cron_dst 2848.Pq Vt bool 2849If set to 2850.Dq Li YES , 2851enable the special handling of transitions to and from the 2852Daylight Saving Time in 2853.Xr cron 8 2854(equivalent to using the flag 2855.Fl s ) . 2856.It Va lpd_program 2857.Pq Vt str 2858Path to 2859.Xr lpd 8 2860(default 2861.Pa /usr/sbin/lpd ) . 2862.It Va lpd_enable 2863.Pq Vt bool 2864If set to 2865.Dq Li YES , 2866run the 2867.Xr lpd 8 2868daemon at system boot time. 2869.It Va lpd_flags 2870.Pq Vt str 2871If 2872.Va lpd_enable 2873is set to 2874.Dq Li YES , 2875these are the flags to pass to the 2876.Xr lpd 8 2877daemon. 2878.It Va chkprintcap_enable 2879.Pq Vt bool 2880If set to 2881.Dq Li YES , 2882run the 2883.Xr chkprintcap 8 2884command before starting the 2885.Xr lpd 8 2886daemon. 2887.It Va chkprintcap_flags 2888.Pq Vt str 2889If 2890.Va lpd_enable 2891and 2892.Va chkprintcap_enable 2893are set to 2894.Dq Li YES , 2895these are the flags to pass to the 2896.Xr chkprintcap 8 2897program. 2898The default is 2899.Dq Li -d , 2900which causes missing directories to be created. 2901.It Va mta_start_script 2902.Pq Vt str 2903This variable specifies the full path to the script to run to start 2904a mail transfer agent. 2905The default is 2906.Pa /etc/rc.sendmail . 2907The 2908.Va sendmail_* 2909variables which 2910.Pa /etc/rc.sendmail 2911uses are documented in the 2912.Xr rc.sendmail 8 2913manual page. 2914.It Va dumpdev 2915.Pq Vt str 2916Indicates the device (usually a swap partition) to which a crash dump 2917should be written in the event of a system crash. 2918If the value of this variable is 2919.Dq Li AUTO , 2920the first suitable swap device listed in 2921.Pa /etc/fstab 2922will be used as dump device. 2923Otherwise, the value of this variable is passed as the argument to 2924.Xr dumpon 8 . 2925To disable crash dumps, set this variable to 2926.Dq Li NO . 2927.It Va dumpdir 2928.Pq Vt str 2929When the system reboots after a crash and a crash dump is found on the 2930device specified by the 2931.Va dumpdev 2932variable, 2933.Xr savecore 8 2934will save that crash dump and a copy of the kernel to the directory 2935specified by the 2936.Va dumpdir 2937variable. 2938The default value is 2939.Pa /var/crash . 2940Set to 2941.Dq Li NO 2942to not run 2943.Xr savecore 8 2944at boot time when 2945.Va dumpdir 2946is set. 2947.It Va savecore_flags 2948.Pq Vt str 2949If crash dumps are enabled, these are the flags to pass to the 2950.Xr savecore 8 2951utility. 2952.It Va enable_quotas 2953.Pq Vt bool 2954Set to 2955.Dq Li YES 2956to turn on user and group disk quotas on system startup via the 2957.Xr quotaon 8 2958command for all file systems marked as having quotas enabled in 2959.Pa /etc/fstab . 2960The kernel must be built with 2961.Cd "options QUOTA" 2962for disk quotas to function. 2963.It Va check_quotas 2964.Pq Vt bool 2965Set to 2966.Dq Li YES 2967to enable user and group disk quota checking via the 2968.Xr quotacheck 8 2969command. 2970.It Va quotacheck_flags 2971.Pq Vt str 2972If 2973.Va enable_quotas 2974is set to 2975.Dq Li YES , 2976and 2977.Va check_quotas 2978is set to 2979.Dq Li YES , 2980these are the flags to pass to the 2981.Xr quotacheck 8 2982utility. 2983The default is 2984.Dq Li "-a" , 2985which checks quotas for all file systems with quotas enabled in 2986.Pa /etc/fstab . 2987.It Va quotaon_flags 2988.Pq Vt str 2989If 2990.Va enable_quotas 2991is set to 2992.Dq Li YES , 2993these are the flags to pass to the 2994.Xr quotaon 8 2995utility. 2996The default is 2997.Dq Li "-a" , 2998which enables quotas for all file systems with quotas enabled in 2999.Pa /etc/fstab . 3000.It Va quotaoff_flags 3001.Pq Vt str 3002If 3003.Va enable_quotas 3004is set to 3005.Dq Li YES , 3006these are the flags to pass to the 3007.Xr quotaoff 8 3008utility when shutting down the quota system. 3009The default is 3010.Dq Li "-a" , 3011which disables quotas for all file systems with quotas enabled in 3012.Pa /etc/fstab . 3013.It Va accounting_enable 3014.Pq Vt bool 3015Set to 3016.Dq Li YES 3017to enable system accounting through the 3018.Xr accton 8 3019facility. 3020.It Va ibcs2_enable 3021.Pq Vt bool 3022Set to 3023.Dq Li YES 3024to enable iBCS2 (SCO) binary emulation at system initial boot 3025time. 3026.It Va ibcs2_loaders 3027.Pq Vt str 3028If not set to 3029.Dq Li NO 3030and if 3031.Va ibcs2_enable 3032is set to 3033.Dq Li YES , 3034this specifies a list of additional iBCS2 loaders to enable. 3035.It Va linux_enable 3036.Pq Vt bool 3037Set to 3038.Dq Li YES 3039to enable Linux/ELF binary emulation at system initial 3040boot time. 3041.It Va svr4_enable 3042.Pq Vt bool 3043If set to 3044.Dq Li YES , 3045enable SysVR4 emulation at boot time. 3046.It Va sysvipc_enable 3047.Pq Vt bool 3048If set to 3049.Dq Li YES , 3050load System V IPC primitives at boot time. 3051.It Va clear_tmp_enable 3052.Pq Vt bool 3053Set to 3054.Dq Li YES 3055to have 3056.Pa /tmp 3057cleaned at startup. 3058.It Va clear_tmp_X 3059.Pq Vt bool 3060Set to 3061.Dq Li NO 3062to disable removing of X11 lock files, 3063and the removal and (secure) recreation 3064of the various socket directories for X11 3065related programs. 3066.It Va ldconfig_paths 3067.Pq Vt str 3068Set to the list of shared library paths to use with 3069.Xr ldconfig 8 . 3070NOTE: 3071.Pa /usr/lib 3072will always be added first, so it need not appear in this list. 3073.It Va ldconfig32_paths 3074.Pq Vt str 3075Set to the list of 32-bit compatibility shared library paths to 3076use with 3077.Xr ldconfig 8 . 3078.It Va ldconfig_paths_aout 3079.Pq Vt str 3080Set to the list of shared library paths to use with 3081.Xr ldconfig 8 3082legacy 3083.Xr a.out 5 3084support. 3085.It Va ldconfig_insecure 3086.Pq Vt bool 3087The 3088.Xr ldconfig 8 3089utility normally refuses to use directories 3090which are writable by anyone except root. 3091Set this variable to 3092.Dq Li YES 3093to disable that security check during system startup. 3094.It Va ldconfig_local_dirs 3095.Pq Vt str 3096Set to the list of local 3097.Xr ldconfig 8 3098directories. 3099The names of all files in the directories listed will be 3100passed as arguments to 3101.Xr ldconfig 8 . 3102.It Va ldconfig_local32_dirs 3103.Pq Vt str 3104Set to the list of local 32-bit compatibility 3105.Xr ldconfig 8 3106directories. 3107The names of all files in the directories listed will be 3108passed as arguments to 3109.Dq Nm ldconfig Fl 32 . 3110.It Va kern_securelevel_enable 3111.Pq Vt bool 3112Set to 3113.Dq Li YES 3114to set the kernel security level at system startup. 3115.It Va kern_securelevel 3116.Pq Vt int 3117The kernel security level to set at startup. 3118The allowed range of 3119.Ar value 3120ranges from \-1 (the compile time default) to 3 (the 3121most secure). 3122See 3123.Xr init 8 3124for the list of possible security levels and their effect 3125on system operation. 3126.It Va sshd_program 3127.Pq Vt str 3128Path to the SSH server program 3129.Pa ( /usr/sbin/sshd 3130is the default). 3131.It Va sshd_enable 3132.Pq Vt bool 3133Set to 3134.Dq Li YES 3135to start 3136.Xr sshd 8 3137at system boot time. 3138.It Va sshd_flags 3139.Pq Vt str 3140If 3141.Va sshd_enable 3142is set to 3143.Dq Li YES , 3144these are the flags to pass to the 3145.Xr sshd 8 3146daemon. 3147.It Va ftpd_program 3148.Pq Vt str 3149Path to the FTP server program 3150.Pa ( /usr/libexec/ftpd 3151is the default). 3152.It Va ftpd_enable 3153.Pq Vt bool 3154Set to 3155.Dq Li YES 3156to start 3157.Xr ftpd 8 3158as a stand-alone daemon at system boot time. 3159.It Va ftpd_flags 3160.Pq Vt str 3161If 3162.Va ftpd_enable 3163is set to 3164.Dq Li YES , 3165these are the additional flags to pass to the 3166.Xr ftpd 8 3167daemon. 3168.It Va watchdogd_enable 3169.Pq Vt bool 3170If set to 3171.Dq Li YES , 3172start the 3173.Xr watchdogd 8 3174daemon at boot time. 3175This requires that the kernel have been compiled with a 3176.Xr watchdog 4 3177compatible device. 3178.It Va watchdogd_flags 3179.Pq Vt str 3180If 3181.Va watchdogd_enable 3182is set to 3183.Dq Li YES , 3184these are the flags passed to the 3185.Xr watchdogd 8 3186daemon. 3187.It Va performance_cx_lowest 3188.Pq Vt str 3189CPU idle state to use while on AC power. 3190The string 3191.Dq Li LOW 3192indicates that 3193.Xr acpi 4 3194should use the lowest power state available while 3195.Dq Li HIGH 3196indicates that the lowest latency state (less power savings) should be used. 3197.It Va performance_cpu_freq 3198.Pq Vt str 3199CPU clock frequency to use while on AC power. 3200The string 3201.Dq Li LOW 3202indicates that 3203.Xr cpufreq 4 3204should use the lowest frequency available while 3205.Dq Li HIGH 3206indicates that the highest frequency (less power savings) should be used. 3207.It Va economy_cx_lowest 3208.Pq Vt str 3209CPU idle state to use when off AC power. 3210The string 3211.Dq Li LOW 3212indicates that 3213.Xr acpi 4 3214should use the lowest power state available while 3215.Dq Li HIGH 3216indicates that the lowest latency state (less power savings) should be used. 3217.It Va economy_cpu_freq 3218.Pq Vt str 3219CPU clock frequency to use when off AC power. 3220The string 3221.Dq Li LOW 3222indicates that 3223.Xr cpufreq 4 3224should use the lowest frequency available while 3225.Dq Li HIGH 3226indicates that the highest frequency (less power savings) should be used. 3227.It Va jail_enable 3228.Pq Vt bool 3229If set to 3230.Dq Li NO , 3231any configured jails will not be started. 3232.It Va jail_list 3233.Pq Vt str 3234A space separated list of names for jails. 3235This is purely a configuration aid to help identify and 3236configure multiple jails. 3237The names specified in this list will be used to 3238identify settings common to an instance of a jail. 3239Assuming that the jail in question was named 3240.Li vjail , 3241you would have the following dependent variables: 3242.Bd -literal 3243jail_vjail_hostname="jail.example.com" 3244jail_vjail_ip="192.168.1.100" 3245jail_vjail_rootdir="/var/jails/vjail/root" 3246.Ed 3247.Pp 3248.It Va jail_flags 3249.Pq Vt str 3250Unset by default. 3251When set, use as default value for 3252.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3253for every jail in 3254.Va jail_list . 3255.It Va jail_interface 3256.Pq Vt str 3257Unset by default. 3258When set, use as default value for 3259.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3260for every jail in 3261.Va jail_list . 3262.It Va jail_fstab 3263.Pq Vt str 3264Unset by default. 3265When set, use as default value for 3266.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3267for every jail in 3268.Va jail_list . 3269.It Va jail_mount_enable 3270.Pq Vt bool 3271Set to 3272.Dq Li NO 3273by default. 3274When set to 3275.Dq Li YES , 3276sets 3277.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3278to 3279.Dq Li YES 3280by default for every jail in 3281.Va jail_list . 3282.It Va jail_devfs_ruleset 3283.Pq Vt str 3284Unset by default. 3285When set, sets 3286.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3287to given value for every jail in 3288.Va jail_list . 3289.It Va jail_devfs_enable 3290.Pq Vt bool 3291Set to 3292.Dq Li NO 3293by default. 3294When set to 3295.Dq Li YES , 3296sets 3297.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3298to 3299.Dq Li YES 3300by default for every jail in 3301.Va jail_list . 3302.It Va jail_fdescfs_enable 3303.Pq Vt bool 3304Set to 3305.Dq Li NO 3306by default. 3307When set to 3308.Dq Li YES , 3309sets 3310.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3311to 3312.Dq Li YES 3313by default for every jail in 3314.Va jail_list . 3315.It Va jail_procfs_enable 3316.Pq Vt bool 3317Set to 3318.Dq Li NO 3319by default. 3320When set to 3321.Dq Li YES , 3322sets 3323.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3324to 3325.Dq Li YES 3326by default for every jail in 3327.Va jail_list . 3328.It Va jail_exec_start 3329.Pq Vt str 3330Unset by default. 3331When set, use as default value for 3332.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3333for every jail in 3334.Va jail_list . 3335.It Va jail_exec_afterstart Ns Aq Ar N 3336.Pq Vt str 3337Unset by default. 3338When set, use as default value for 3339.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3340for every jail in 3341.Va jail_list . 3342.It Va jail_exec_stop 3343Unset by default. 3344When set, use as default value for 3345.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3346for every jail in 3347.Va jail_list . 3348.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3349.Pq Vt str 3350Unset by default. 3351Set to the root directory used by jail 3352.Va jname . 3353.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3354.Pq Vt str 3355Unset by default. 3356Set to the fully qualified domain name (FQDN) assigned to jail 3357.Va jname . 3358.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3359.Pq Vt str 3360Unset by default. 3361Set to the IP address assigned to jail 3362.Va jname . 3363.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3364.Pq Vt str 3365Set to 3366.Dq Li -l -U root 3367by default. 3368These are flags to pass to 3369.Xr jail . 3370.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3371.Pq Vt str 3372Unset by default. 3373When set, sets the interface to use when setting IP address alias. 3374Note that the alias is created at jail startup and removed at jail shutdown. 3375.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3376.Pq Vt str 3377Set to 3378.Pa /etc/fstab. Ns Aq Ar jname 3379by default. 3380This is the file system information file to use for jail 3381.Va jname . 3382.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3383.Pq Vt bool 3384Set to 3385.Dq Li NO 3386by default. 3387When set to 3388.Dq Li YES , 3389mount all file systems from 3390.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3391at jail startup. 3392.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3393.Pq Vt str 3394Unset by default. 3395When set, defines the device file system ruleset file to use for jail 3396.Va jname . 3397.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3398.Pq Vt bool 3399Set to 3400.Dq Li NO 3401by default. 3402When set to 3403.Dq Li YES , 3404mount the device file system inside jail 3405.Ar jname 3406at jail startup. 3407.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3408.Pq Vt bool 3409Set to 3410.Dq Li NO 3411by default. 3412When set to 3413.Dq Li YES , 3414mount the file-descriptor file system inside jail 3415.Ar jname 3416at jail startup. 3417.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3418.Pq Vt bool 3419Set to 3420.Dq Li NO 3421by default. 3422When set to 3423.Dq Li YES , 3424mount the process file system inside jail 3425.Ar jname 3426at jail startup. 3427.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3428.Pq Vt str 3429Set to 3430.Dq Li /bin/sh /etc/rc 3431by default. 3432This is the command executed at jail startup. 3433.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3434.Pq Vt str 3435Unset by default. 3436This is the command run as 3437.Ar N Ns 3438th command 3439after jail startup, where 3440.Ar N 3441is 1, 2, and so on. 3442.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3443.Pq Vt str 3444Set to 3445.Dq Li /bin/sh /etc/rc.shutdown 3446by default. 3447This is the command executed at jail shutdown. 3448.It Va jail_set_hostname_allow 3449.Pq Vt bool 3450If set to 3451.Dq Li NO , 3452do not allow the root user in a jail to set its hostname. 3453.It Va jail_socket_unixiproute_only 3454.Pq Vt bool 3455If set to 3456.Dq Li YES , 3457do not allow any sockets, 3458besides UNIX/IP/route sockets, 3459to be used within a jail. 3460.It Va jail_sysvipc_allow 3461.Pq Vt bool 3462If set to 3463.Dq Li YES , 3464allow applications within a jail to use System V IPC. 3465.\" ----- ISDN settings --------------------------------- 3466.It Va isdn_enable 3467.Pq Vt bool 3468Set to 3469.Dq Li NO 3470by default. 3471When set to 3472.Dq Li YES , 3473starts the 3474.Xr isdnd 8 3475daemon 3476at system boot time. 3477.It Va isdn_flags 3478.Pq Vt str 3479Set to 3480.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3481by default. 3482Additional flags to pass to 3483.Xr isdnd 8 3484(but see 3485.Va isdn_fsdev 3486and 3487.Va isdn_ttype 3488for certain tunable parameters). 3489.It Va isdn_ttype 3490.Pq Vt str 3491Set to 3492.Dq Li cons25 3493by default. 3494The terminal type of the output device when 3495.Xr isdnd 8 3496operates in full-screen mode. 3497.It Va isdn_screenflags 3498.Pq Vt str 3499Set to 3500.Dq Li NO 3501by default. 3502The video mode for full-screen mode (only for 3503.Xr syscons 4 3504console driver, see 3505.Xr vidcontrol 1 3506for valid modes). 3507.It Va isdn_fsdev 3508.Pq Vt str 3509Set to 3510.Dq Li NO 3511by default. 3512The output device for 3513.Xr isdnd 8 3514in full-screen mode (or 3515.Dq Li NO 3516for daemon mode). 3517.It Va isdn_trace 3518.Pq Vt bool 3519Set to 3520.Dq Li NO 3521by default. 3522When set to 3523.Dq Li YES , 3524enables the ISDN protocol trace utility 3525.Xr isdntrace 8 3526at system boot time. 3527.It Va isdn_traceflags 3528.Pq Vt str 3529Set to 3530.Dq Fl f Pa /var/tmp/isdntrace0 3531by default. 3532Flags for 3533.Xr isdntrace 8 . 3534.\" ----------------------------------------------------- 3535.It Va harvest_interrupt 3536.Pq Vt bool 3537Set to 3538.Dq Li YES 3539to use hardware interrupts as an entropy source. 3540Refer to 3541.Xr random 4 3542for more information. 3543.It Va harvest_ethernet 3544.Pq Vt bool 3545Set to 3546.Dq Li YES 3547to use LAN traffic as an entropy source. 3548Refer to 3549.Xr random 4 3550for more information. 3551.It Va harvest_p_to_p 3552.Pq Vt bool 3553Set to 3554.Dq Li YES 3555to use serial line traffic as an entropy source. 3556Refer to 3557.Xr random 4 3558for more information. 3559.It Va entropy_dir 3560.Pq Vt str 3561Set to 3562.Dq Li NO 3563to disable caching entropy via 3564.Xr cron 8 . 3565Otherwise set to the directory used to store entropy files in. 3566.It Va entropy_file 3567.Pq Vt str 3568Set to 3569.Dq Li NO 3570to disable caching entropy through reboots. 3571Otherwise set to the filename used to store cached entropy through 3572reboots. 3573This file should be located on the root file system to seed the 3574.Xr random 4 3575device as early as possible in the boot process. 3576.It Va entropy_save_sz 3577.Pq Vt int 3578Size of the entropy cache files saved by 3579.Nm save-entropy 3580periodically. 3581.It Va entropy_save_num 3582.Pq Vt int 3583Number of entropy cache files to save by 3584.Nm save-entropy 3585periodically. 3586.It Va ipsec_enable 3587.Pq Vt bool 3588Set to 3589.Dq Li YES 3590to run 3591.Xr setkey 8 3592on 3593.Va ipsec_file 3594at boot time. 3595.It Va ipsec_file 3596.Pq Vt str 3597Configuration file for 3598.Xr setkey 8 . 3599.It Va dmesg_enable 3600.Pq Vt bool 3601Set to 3602.Dq Li YES 3603to save 3604.Xr dmesg 8 3605to 3606.Pa /var/run/dmesg.boot 3607on boot. 3608.It Va rcshutdown_timeout 3609.Pq Vt int 3610If set, start a watchdog timer in the background which will terminate 3611.Pa rc.shutdown 3612if 3613.Xr shutdown 8 3614has not completed within the specified time (in seconds). 3615Notice that in addition to this soft timeout, 3616.Xr init 8 3617also applies a hard timeout for the execution of 3618.Pa rc.shutdown . 3619This is configured via 3620.Xr sysctl 8 3621variable 3622.Va kern.init_shutdown_timeout 3623and defaults to 120 seconds. 3624Setting the value of 3625.Va rcshutdown_timeout 3626to more than 120 seconds will have no effect until the 3627.Xr sysctl 8 3628variable 3629.Va kern.init_shutdown_timeout 3630is also increased. 3631.It Va virecover_enable 3632.Pq Vt bool 3633Set to 3634.Dq Li NO 3635to prevent the system from trying to 3636recover pre-maturely terminated 3637.Xr vi 1 3638sessions. 3639.It Va ugidfw_enable 3640.Pq Vt bool 3641Set to 3642.Dq Li YES 3643to load the 3644.Xr mac_bsdextended 4 3645module upon system initialization and load a default 3646ruleset file. 3647.It Va bsdextended_script 3648.Pq Vt str 3649The default 3650.Xr mac_bsdextended 4 3651ruleset file to load. 3652The default value of this variable is 3653.Pa /etc/rc.bsdextended . 3654.It Va newsyslog_enable 3655.Pq Vt bool 3656If set to 3657.Dq Li YES , 3658run 3659.Xr newsyslog 8 3660command at startup. 3661.It Va newsyslog_flags 3662.Pq Vt str 3663If 3664.Va newsyslog_enable 3665is set to 3666.Dq Li YES , 3667these are the flags to pass to the 3668.Xr newsyslog 8 3669program. 3670The default is 3671.Dq Li -CN , 3672which causes log files flagged with a 3673.Cm C 3674to be created. 3675.It Va mdconfig_md Ns Aq Ar X 3676.Pq Vt str 3677Arguments to 3678.Xr mdconfig 8 3679for 3680.Xr md 4 3681device 3682.Ar X . 3683At minimum a 3684.Fl t Ar type 3685must be specified and either a 3686.Fl s Ar size 3687for malloc or swap backed 3688.Xr md 4 3689devices or a 3690.Fl f Ar file 3691for vnode backed 3692.Xr md 4 3693devices. 3694Note that 3695.Va mdconfig_md Ns Aq Ar X 3696variables are evaluated until one variable is unset or null. 3697.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3698.Pq Vt str 3699Optional arguments passed to 3700.Xr newfs 8 3701to initialize 3702.Xr md 4 3703device 3704.Ar X . 3705.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3706.Pq Vt str 3707An ownership specification passed to 3708.Xr chown 8 3709after the specified 3710.Xr md 4 3711device 3712.Ar X 3713has been mounted. 3714Both the 3715.Xr md 4 3716device and the mount point will be changed. 3717.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3718.Pq Vt str 3719A mode string passed to 3720.Xr chmod 1 3721after the specified 3722.Xr md 4 3723device 3724.Ar X 3725has been mounted. 3726Both the 3727.Xr md 4 3728device and the mount point will be changed. 3729.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3730.Pq Vt str 3731Files to be copied to the mount point of the 3732.Xr md 4 3733device 3734.Ar X 3735after it has been mounted. 3736.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3737.Pq Vt str 3738Command to execute after the specified 3739.Xr md 4 3740device 3741.Ar X 3742has been mounted. 3743Note that the command is passed to 3744.Ic eval 3745and that both 3746.Va _dev 3747and 3748.Va _mp 3749variables can be used to reference respectively the 3750.Xr md 4 3751device and the mount point. 3752Assuming that the 3753.Xr md 4 3754device is 3755.Li md0 , 3756one could set the following: 3757.Bd -literal 3758mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3759.Ed 3760.It Va ramdisk_units 3761.Pq Vt str 3762A list of one or more ramdisk units to configure with 3763.Xr mdconfig 8 3764and 3765.Xr newfs 8 3766in time to be mounted from 3767.Xr fstab 5 . 3768Each listed unit 3769.Ar X 3770must specify at least a 3771.Ar type 3772in a 3773.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3774variable. 3775Note that this way to configure ramdisks has been deprecated 3776in favor of new 3777.Va mdconfig_md* 3778variables (see above). 3779.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3780.Pq Vt str 3781Arguments to 3782.Xr mdconfig 8 3783for ramdisk 3784.Ar X . 3785At minimum a 3786.Fl t Ar type 3787must be specified, where 3788.Ar type 3789must be one of 3790.Cm malloc 3791or 3792.Cm swap . 3793.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3794.Pq Vt str 3795Optional arguments passed to 3796.Xr newfs 8 3797to initialize ramdisk 3798.Ar X . 3799.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3800.Pq Vt str 3801An ownership specification passed to 3802.Xr chown 8 3803after the specified ramdisk unit 3804.Ar X 3805has been mounted. 3806Both the 3807.Xr md 4 3808device and the mount point will be changed. 3809.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3810.Pq Vt str 3811A mode string passed to 3812.Xr chmod 1 3813after the specified ramdisk unit 3814.Ar X 3815has been mounted. 3816Both the 3817.Xr md 4 3818device and the mount point will be changed. 3819.It Va autobridge_interfaces 3820.Pq Vt str 3821Set to the list of bridge interfaces that will have newly arriving interfaces 3822checked against to be automatically added. 3823If not set to 3824.Dq Li NO 3825then for each whitespace separated 3826.Ar element 3827in the value, a 3828.Va autobridge_ Ns Aq Ar element 3829variable is assumed to exist which has a whitespace separated list of interface 3830names to match, these names can use wildcards. 3831For example: 3832.Bd -literal 3833autobridge_interfaces="bridge0" 3834autobridge_bridge0="tap* dc0 vlan[345]" 3835.Ed 3836.It Va mixer_enable 3837.Pq Vt bool 3838If set to 3839.Dq Li YES , 3840enable support for sound mixer. 3841.El 3842.Sh FILES 3843.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3844.It Pa /etc/defaults/rc.conf 3845.It Pa /etc/rc.conf 3846.It Pa /etc/rc.conf.local 3847.El 3848.Sh SEE ALSO 3849.Xr catman 1 , 3850.Xr chmod 1 , 3851.Xr gdb 1 , 3852.Xr info 1 , 3853.Xr kbdcontrol 1 , 3854.Xr makewhatis 1 , 3855.Xr sh 1 , 3856.Xr vi 1 , 3857.Xr vidcontrol 1 , 3858.Xr bridge 4 , 3859.Xr dummynet 4 , 3860.Xr ip 4 , 3861.Xr ipf 4 , 3862.Xr ipfw 4 , 3863.Xr ipnat 4 , 3864.Xr kld 4 , 3865.Xr pf 4 , 3866.Xr pflog 4 , 3867.Xr pfsync 4 , 3868.Xr tcp 4 , 3869.Xr udp 4 , 3870.Xr exports 5 , 3871.Xr fstab 5 , 3872.Xr ipf 5 , 3873.Xr ipnat 5 , 3874.Xr motd 5 , 3875.Xr newsyslog.conf 5 , 3876.Xr pf.conf 5 , 3877.Xr accton 8 , 3878.Xr amd 8 , 3879.Xr apm 8 , 3880.Xr atm 8 , 3881.Xr chkprintcap 8 , 3882.Xr chown 8 , 3883.Xr cron 8 , 3884.Xr dhclient 8 , 3885.Xr ftpd 8 , 3886.Xr geli 8 , 3887.Xr ifconfig 8 , 3888.Xr inetd 8 , 3889.Xr ipf 8 , 3890.Xr ipfw 8 , 3891.Xr ipnat 8 , 3892.Xr isdnd 8 , 3893.Xr isdntrace 8 , 3894.Xr jail 8 , 3895.Xr kldxref 8 , 3896.Xr lpd 8 , 3897.Xr mdconfig 8 , 3898.Xr mdmfs 8 , 3899.Xr mixer 8 , 3900.Xr mountd 8 , 3901.Xr moused 8 , 3902.Xr mrouted 8 , 3903.Xr named 8 , 3904.Xr newfs 8 , 3905.Xr newsyslog 8 , 3906.Xr nfsd 8 , 3907.Xr ntpd 8 , 3908.Xr ntpdate 8 , 3909.Xr pfctl 8 , 3910.Xr pflogd 8 , 3911.Xr powerd 8 , 3912.Xr quotacheck 8 , 3913.Xr quotaon 8 , 3914.Xr rc 8 , 3915.Xr rc.sendmail 8 , 3916.Xr route 8 , 3917.Xr routed 8 , 3918.Xr rpcbind 8 , 3919.Xr rpc.lockd 8 , 3920.Xr rpc.statd 8 , 3921.Xr rwhod 8 , 3922.Xr savecore 8 , 3923.Xr sshd 8 , 3924.Xr swapon 8 , 3925.Xr sysctl 8 , 3926.Xr syslogd 8 , 3927.Xr timed 8 , 3928.Xr yp 8 , 3929.Xr ypbind 8 , 3930.Xr ypserv 8 , 3931.Xr ypset 8 3932.Sh HISTORY 3933The 3934.Nm 3935file appeared in 3936.Fx 2.2.2 . 3937.Sh AUTHORS 3938.An Jordan K. Hubbard . 3939