1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 5, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va devmatch_enable 255.Pq Vt bool 256If set to 257.Dq Li NO , 258disable auto-loading of kernel modules with 259.Xr devmatch 8 . 260.It Va devmatch_blocklist 261.Pq Vt str 262A whitespace-separated list of kernel modules to be ignored by 263.Xr devmatch 8 . 264.It Va devmatch_blacklist 265.Pq Vt str 266This variable is deprecated. 267Use 268.Va devmatch_blocklist 269instead. 270A whitespace-separated list of kernel modules to be ignored by 271.Xr devmatch 8 . 272.It Va kld_list 273.Pq Vt str 274A whitespace-separated list of kernel modules to load right after 275the local disks are mounted, without any 276.Pa .ko 277extension or path. 278Loading modules at this point in the boot process is 279much faster than doing it via 280.Pa /boot/loader.conf 281for those modules not necessary for mounting local disks. 282.It Va kldxref_enable 283.Pq Vt bool 284Set to 285.Dq Li NO 286by default. 287Set to 288.Dq Li YES 289to automatically rebuild 290.Pa linker.hints 291files with 292.Xr kldxref 8 293at boot time. 294.It Va kldxref_clobber 295.Pq Vt bool 296Set to 297.Dq Li NO 298by default. 299If 300.Va kldxref_enable 301is true, 302setting to 303.Dq Li YES 304will overwrite existing 305.Pa linker.hints 306files at boot time. 307Otherwise, 308only missing 309.Pa linker.hints 310files are generated. 311.It Va kldxref_module_path 312.Pq Vt str 313Empty by default. 314A semi-colon 315.Pq Ql \&; 316delimited list of paths containing 317.Xr kld 4 318modules. 319If empty, 320the contents of the 321.Va kern.module_path 322.Xr sysctl 8 323are used. 324.It Va powerd_enable 325.Pq Vt bool 326If set to 327.Dq Li YES , 328enable the system power control facility with the 329.Xr powerd 8 330daemon. 331.It Va powerd_flags 332.Pq Vt str 333If 334.Va powerd_enable 335is set to 336.Dq Li YES , 337these are the flags to pass to the 338.Xr powerd 8 339daemon. 340.It Va tmpmfs 341Controls the creation of a 342.Pa /tmp 343memory file system. 344Always happens if set to 345.Dq Li YES 346and never happens if set to 347.Dq Li NO . 348If set to anything else, a memory file system is created if 349.Pa /tmp 350is not writable. 351.It Va tmpsize 352Controls the size of a created 353.Pa /tmp 354memory file system. 355.It Va tmpmfs_flags 356Extra options passed to the 357.Xr mdmfs 8 358utility when the memory file system for 359.Pa /tmp 360is created. 361The default is 362.Dq Li "-S" , 363which inhibits the use of softupdates on 364.Pa /tmp 365so that file system space is freed without delay 366after file truncation or deletion. 367See 368.Xr mdmfs 8 369for other options you can use in 370.Va tmpmfs_flags . 371.It Va varmfs 372Controls the creation of a 373.Pa /var 374memory file system. 375Always happens if set to 376.Dq Li YES 377and never happens if set to 378.Dq Li NO . 379If set to anything else, a memory file system is created if 380.Pa /var 381is not writable. 382.It Va varsize 383Controls the size of a created 384.Pa /var 385memory file system. 386.It Va varmfs_flags 387Extra options passed to the 388.Xr mdmfs 8 389utility when the memory file system for 390.Pa /var 391is created. 392The default is 393.Dq Li "-S" , 394which inhibits the use of softupdates on 395.Pa /var 396so that file system space is freed without delay 397after file truncation or deletion. 398See 399.Xr mdmfs 8 400for other options you can use in 401.Va varmfs_flags . 402.It Va populate_var 403Controls the automatic population of the 404.Pa /var 405file system. 406Always happens if set to 407.Dq Li YES 408and never happens if set to 409.Dq Li NO . 410If set to anything else, a memory file system is created if 411.Pa /var 412is not writable. 413Note that this process requires access to certain commands in 414.Pa /usr 415before 416.Pa /usr 417is mounted on normal systems. 418.It Va cleanvar_enable 419.Pq Vt bool 420Clean the 421.Pa /var 422directory. 423.It Va local_startup 424.Pq Vt str 425List of directories to search for startup script files. 426.It Va script_name_sep 427.Pq Vt str 428The field separator to use for breaking down the list of startup script files 429into individual filenames. 430The default is a space. 431It is not necessary to change this unless there are startup scripts with names 432containing spaces. 433.It Va hostapd_enable 434.Pq Vt bool 435Set to 436.Dq Li YES 437to start 438.Xr hostapd 8 439at system boot time. 440.It Va hostname 441.Pq Vt str 442The fully qualified domain name (FQDN) of this host on the network. 443This should almost certainly be set to something meaningful, even if 444there is no network connection. 445If 446.Xr dhclient 8 447is used to set the hostname via DHCP, 448this variable should be set to an empty string. 449Within a 450.Xr jail 8 451the hostname is generally already set and this variable may be absent. 452If this value remains unset when the system is done booting 453your console login will display the default hostname of 454.Dq Amnesiac . 455.It Va nisdomainname 456.Pq Vt str 457The NIS domain name of this host, or 458.Dq Li NO 459if NIS is not used. 460.It Va dhclient_program 461.Pq Vt str 462Path to the DHCP client program 463.Pa ( /sbin/dhclient , 464the 465.Ox 466DHCP client, 467is the default). 468.It Va dhclient_flags 469.Pq Vt str 470Additional flags to pass to the DHCP client program. 471For the 472.Ox 473DHCP client, see the 474.Xr dhclient 8 475manpage for a description of the command line options available. 476.It Va dhclient_flags_ Ns Aq Ar iface 477Additional flags to pass to the DHCP client program running on 478.Ar iface 479only. 480When specified, this variable overrides 481.Va dhclient_flags . 482.It Va background_dhclient 483.Pq Vt bool 484Set to 485.Dq Li YES 486to start the DHCP client in background. 487This can cause trouble with applications depending on 488a working network, but it will provide a faster startup 489in many cases. 490.It Va background_dhclient_ Ns Aq Ar iface 491When specified, this variable overrides the 492.Va background_dhclient 493variable for interface 494.Ar iface 495only. 496.It Va synchronous_dhclient 497.Pq Vt bool 498Set to 499.Dq Li YES 500to start 501.Xr dhclient 8 502synchronously at startup. 503This behavior can be overridden on a per-interface basis by replacing 504the 505.Dq Li DHCP 506keyword in the 507.Va ifconfig_ Ns Aq Ar interface 508variable with 509.Dq Li SYNCDHCP 510or 511.Dq Li NOSYNCDHCP . 512.It Va defaultroute_delay 513.Pq Vt int 514When set to a positive value, wait up to this long after configuring 515DHCP interfaces at startup to give the interfaces time to receive a lease. 516.It Va firewall_enable 517.Pq Vt bool 518Set to 519.Dq Li YES 520to load firewall rules at startup. 521If the kernel was not built with 522.Cd "options IPFIREWALL" , 523the 524.Pa ipfw.ko 525kernel module will be loaded. 526See also 527.Va ipfilter_enable . 528.It Va firewall_script 529.Pq Vt str 530This variable specifies the full path to the firewall script to run. 531The default is 532.Pa /etc/rc.firewall . 533.It Va firewall_type 534.Pq Vt str 535Names the firewall type from the selection in 536.Pa /etc/rc.firewall , 537or the file which contains the local firewall ruleset. 538Valid selections from 539.Pa /etc/rc.firewall 540are: 541.Pp 542.Bl -tag -width ".Li workstation" -compact 543.It Li open 544unrestricted IP access 545.It Li closed 546all IP services disabled, except via 547.Dq Li lo0 548.It Li client 549basic protection for a workstation 550.It Li workstation 551basic protection for a workstation using stateful firewalling 552.It Li simple 553basic protection for a LAN. 554.El 555.Pp 556If a filename is specified, the full path 557must be given. 558.Pp 559Most of the predefined rulesets define additional configuration variables. 560These are documented in 561.Pa /etc/rc.firewall . 562.It Va firewall_quiet 563.Pq Vt bool 564Set to 565.Dq Li YES 566to disable the display of firewall rules on the console during boot. 567.It Va firewall_logging 568.Pq Vt bool 569Set to 570.Dq Li YES 571to enable firewall event logging. 572This is equivalent to the 573.Dv IPFIREWALL_VERBOSE 574kernel option. 575.It Va firewall_logif 576.Pq Vt bool 577Set to 578.Dq Li YES 579to create pseudo interface 580.Li ipfw0 581for logging. 582For more details, see 583.Xr ipfw 8 584manual page. 585.It Va firewall_flags 586.Pq Vt str 587Flags passed to 588.Xr ipfw 8 589if 590.Va firewall_type 591specifies a filename. 592.It Va firewall_coscripts 593.Pq Vt str 594List of executables and/or rc scripts to run after firewall starts/stops. 595Default is empty. 596.\" ----- firewall_nat_enable setting -------------------------------- 597.It Va firewall_nat_enable 598.Pq Vt bool 599The 600.Xr ipfw 8 601equivalent of 602.Va natd_enable . 603Setting this to 604.Dq Li YES 605will automatically load the 606.Xr ipfw 8 607NAT kernel module if 608.Va firewall_enable 609is also set to 610.Dq Li YES . 611.It Va firewall_nat_interface 612.Pq Vt str 613The 614.Xr ipfw 8 615equivalent of 616.Va natd_interface . 617This is the name of the public interface or IP address on which 618kernel NAT should run. 619.It Va firewall_nat_flags 620.Pq Vt str 621Additional configuration parameters for kernel NAT should be placed here. 622.It Va firewall_nat64_enable 623.Pq Vt bool 624Setting this to 625.Dq Li YES 626will automatically load the 627.Xr ipfw 8 628NAT64 kernel module if 629.Va firewall_enable 630is also set to 631.Dq Li YES . 632.It Va firewall_nptv6_enable 633.Pq Vt bool 634Setting this to 635.Dq Li YES 636will automatically load the 637.Xr ipfw 8 638NPTv6 kernel module if 639.Va firewall_enable 640is also set to 641.Dq Li YES . 642.It Va firewall_pmod_enable 643.Pq Vt bool 644Setting this to 645.Dq Li YES 646will automatically load the 647.Xr ipfw 8 648pmod kernel module if 649.Va firewall_enable 650is also set to 651.Dq Li YES . 652.It Va dummynet_enable 653.Pq Vt bool 654Setting this to 655.Dq Li YES 656will automatically load the 657.Xr dummynet 4 658module if 659.Va firewall_enable 660is also set to 661.Dq Li YES . 662.\" ------------------------------------------------------------------- 663.It Va ipfw_netflow_enable 664.Pq Vt bool 665Setting this to 666.Dq Li YES 667will enable netflow logging via 668.Xr ng_netflow 4 669.Pp 670By default a ipfw rule is inserted and all packets are duplicated with 671the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 672port using protocol version 5. 673.It Va ipfw_netflow_hook 674.Pq Vt int 675netflow hook name, must be numerical 676(default 677.Pa 9995 ) . 678.It Va ipfw_netflow_rule 679.Pq Vt int 680ipfw rule number 681(default 682.Pa 1000 ) . 683.It Va ipfw_netflow_ip 684.Pq Vt str 685Destination server ip for receiving netflow data 686(default 687.Pa 127.0.0.1 ) . 688.It Va ipfw_netflow_port 689.Pq Vt int 690Destination server port for receiving netflow data 691(default 692.Pa 9995 ) . 693.It Va ipfw_netflow_version 694.Pq Vt int 695Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 696.It Va ipfw_netflow_fib 697.Pq Vt int 698Only match packet in FIB 699.Pa ipfw_netflow_fib 700(default is undefined meaning all FIBs). 701.It Va natd_program 702.Pq Vt str 703Path to 704.Xr natd 8 . 705.It Va natd_enable 706.Pq Vt bool 707Set to 708.Dq Li YES 709to enable 710.Xr natd 8 . 711.Va firewall_enable 712must also be set to 713.Dq Li YES , 714and 715.Xr divert 4 716sockets must be enabled in the kernel. 717If the kernel was not built with 718.Cd "options IPDIVERT" , 719the 720.Pa ipdivert.ko 721kernel module will be loaded. 722.It Va natd_interface 723.Pq Vt str 724This is the name of the public interface on which 725.Xr natd 8 726should run. 727The interface may be given as an interface name or as an IP address. 728.It Va natd_flags 729.Pq Vt str 730Additional 731.Xr natd 8 732flags should be placed here. 733The 734.Fl n 735or 736.Fl a 737flag is automatically added with the above 738.Va natd_interface 739as an argument. 740.\" ----- ipfilter_enable setting -------------------------------- 741.It Va ipfilter_enable 742.Pq Vt bool 743Set to 744.Dq Li NO 745by default. 746Setting this to 747.Dq Li YES 748enables 749.Xr ipf 8 750packet filtering. 751.Pp 752Typical usage will require putting 753.Bd -literal 754ipfilter_enable="YES" 755ipnat_enable="YES" 756ipmon_enable="YES" 757ipfs_enable="YES" 758.Ed 759.Pp 760into 761.Pa /etc/rc.conf 762and editing 763.Pa /etc/ipf.rules 764and 765.Pa /etc/ipnat.rules 766appropriately. 767.Pp 768Note that 769.Va ipfilter_enable 770and 771.Va ipnat_enable 772can be enabled independently. 773.Va ipmon_enable 774and 775.Va ipfs_enable 776both require at least one of 777.Va ipfilter_enable 778and 779.Va ipnat_enable 780to be enabled. 781.Pp 782Having 783.Bd -literal 784options IPFILTER 785options IPFILTER_LOG 786options IPFILTER_DEFAULT_BLOCK 787.Ed 788.Pp 789in the kernel configuration file is a good idea, too. 790.\" ----- ipfilter_program setting ------------------------------ 791.It Va ipfilter_program 792.Pq Vt str 793Path to 794.Xr ipf 8 795(default 796.Pa /sbin/ipf ) . 797.\" ----- ipfilter_rules setting -------------------------------- 798.It Va ipfilter_rules 799.Pq Vt str 800Set to 801.Pa /etc/ipf.rules 802by default. 803This variable contains the name of the filter rule definition file. 804The file is expected to be readable for the 805.Xr ipf 8 806command to execute. 807.\" ----- ipfilter_flags setting -------------------------------- 808.It Va ipfilter_flags 809.Pq Vt str 810Empty by default. 811This variable contains flags passed to the 812.Xr ipf 8 813program. 814.\" ----- ipnat_enable setting ---------------------------------- 815.It Va ipnat_enable 816.Pq Vt bool 817Set to 818.Dq Li NO 819by default. 820Set it to 821.Dq Li YES 822to enable 823.Xr ipnat 8 824network address translation. 825See 826.Va ipfilter_enable 827for a detailed discussion. 828.\" ----- ipnat_program setting --------------------------------- 829.It Va ipnat_program 830.Pq Vt str 831Path to 832.Xr ipnat 8 833(default 834.Pa /sbin/ipnat ) . 835.\" ----- ipnat_rules setting ----------------------------------- 836.It Va ipnat_rules 837.Pq Vt str 838Set to 839.Pa /etc/ipnat.rules 840by default. 841This variable contains the name of the file 842holding the network address translation definition. 843This file is expected to be readable for the 844.Xr ipnat 8 845command to execute. 846.\" ----- ipnat_flags setting ----------------------------------- 847.It Va ipnat_flags 848.Pq Vt str 849Empty by default. 850This variable contains flags passed to the 851.Xr ipnat 8 852program. 853.\" ----- ipmon_enable setting ---------------------------------- 854.It Va ipmon_enable 855.Pq Vt bool 856Set to 857.Dq Li NO 858by default. 859Set it to 860.Dq Li YES 861to enable 862.Xr ipmon 8 863monitoring (logging 864.Xr ipf 8 865and 866.Xr ipnat 8 867events). 868Setting this variable needs setting 869.Va ipfilter_enable 870or 871.Va ipnat_enable 872too. 873See 874.Va ipfilter_enable 875for a detailed discussion. 876.\" ----- ipmon_program setting --------------------------------- 877.It Va ipmon_program 878.Pq Vt str 879Path to 880.Xr ipmon 8 881(default 882.Pa /sbin/ipmon ) . 883.\" ----- ipmon_flags setting ----------------------------------- 884.It Va ipmon_flags 885.Pq Vt str 886Set to 887.Dq Li -Ds 888by default. 889This variable contains flags passed to the 890.Xr ipmon 8 891program. 892Another typical example would be 893.Dq Fl D Pa /var/log/ipflog 894to have 895.Xr ipmon 8 896log directly to a file bypassing 897.Xr syslogd 8 . 898Make sure to adjust 899.Pa /etc/newsyslog.conf 900in such case like this: 901.Bd -literal 902/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 903.Ed 904.\" ----- ipfs_enable setting ----------------------------------- 905.It Va ipfs_enable 906.Pq Vt bool 907Set to 908.Dq Li NO 909by default. 910Set it to 911.Dq Li YES 912to enable 913.Xr ipfs 8 914saving the filter and NAT state tables during shutdown 915and reloading them during startup again. 916Setting this variable needs setting 917.Va ipfilter_enable 918or 919.Va ipnat_enable 920to 921.Dq Li YES 922too. 923See 924.Va ipfilter_enable 925for a detailed discussion. 926Note that if 927.Va kern_securelevel 928is set to 3, 929.Va ipfs_enable 930cannot be used 931because the raised securelevel will prevent 932.Xr ipfs 8 933from saving the state tables at shutdown time. 934.\" ----- ipfs_program setting ---------------------------------- 935.It Va ipfs_program 936.Pq Vt str 937Path to 938.Xr ipfs 8 939(default 940.Pa /sbin/ipfs ) . 941.\" ----- ipfs_flags setting ------------------------------------ 942.It Va ipfs_flags 943.Pq Vt str 944Empty by default. 945This variable contains flags passed to the 946.Xr ipfs 8 947program. 948.\" ----- end of added ipf hook --------------------------------- 949.It Va pf_enable 950.Pq Vt bool 951Set to 952.Dq Li NO 953by default. 954Setting this to 955.Dq Li YES 956enables 957.Xr pf 4 958packet filtering. 959.Pp 960Typical usage will require putting 961.Pp 962.Dl pf_enable="YES" 963.Pp 964into 965.Pa /etc/rc.conf 966and editing 967.Pa /etc/pf.conf 968appropriately. 969Adding 970.Pp 971.Dl "device pf" 972.Pp 973builds support for 974.Xr pf 4 975into the kernel, otherwise the 976kernel module will be loaded. 977.It Va pf_rules 978.Pq Vt str 979Path to 980.Xr pf 4 981ruleset configuration file 982(default 983.Pa /etc/pf.conf ) . 984.It Va pf_program 985.Pq Vt str 986Path to 987.Xr pfctl 8 988(default 989.Pa /sbin/pfctl ) . 990.It Va pf_flags 991.Pq Vt str 992If 993.Va pf_enable 994is set to 995.Dq Li YES , 996these flags are passed to the 997.Xr pfctl 8 998program when loading the ruleset. 999.It Va pf_fallback_rules_enable 1000.Pq Vt bool 1001Set to 1002.Dq Li NO 1003by default. 1004Setting this to 1005.Dq Li YES 1006enables loading 1007.Va pf_fallback_rules_file 1008or 1009.Va pf_fallback_rules 1010in case of a problem when loading the ruleset in 1011.Va pf_rules . 1012.It Va pf_fallback_rules_file 1013.Pq Vt str 1014Path to a pf ruleset to load in case of failure when loading the 1015ruleset in 1016.Va pf_rules 1017(default 1018.Pa /etc/pf-fallback.conf ) . 1019.It Va pf_fallback_rules 1020.Pq Vt str 1021A pf ruleset to load in case of failure when loading the ruleset in 1022.Va pf_rules 1023and 1024.Va pf_fallback_rules_file 1025is not found. 1026Multiple rules can be set as follows: 1027.Bd -literal 1028pf_fallback_rules="\\ 1029 block drop log all\\ 1030 pass in quick on em0" 1031.Pp 1032.Ed 1033The default fallback rule is 1034.Dq block drop log all 1035.It Va pflog_enable 1036.Pq Vt bool 1037Set to 1038.Dq Li NO 1039by default. 1040Setting this to 1041.Dq Li YES 1042enables 1043.Xr pflogd 8 1044which logs packets from the 1045.Xr pf 4 1046packet filter. 1047.It Va pflog_logfile 1048.Pq Vt str 1049If 1050.Va pflog_enable 1051is set to 1052.Dq Li YES 1053this controls where 1054.Xr pflogd 8 1055stores the logfile 1056(default 1057.Pa /var/log/pflog ) . 1058Check 1059.Pa /etc/newsyslog.conf 1060to adjust logfile rotation for this. 1061.It Va pflog_program 1062.Pq Vt str 1063Path to 1064.Xr pflogd 8 1065(default 1066.Pa /sbin/pflogd ) . 1067.It Va pflog_flags 1068.Pq Vt str 1069Empty by default. 1070This variable contains additional flags passed to the 1071.Xr pflogd 8 1072program. 1073.It Va pflog_instances 1074.Pq Vt str 1075If logging to more than one 1076.Xr pflog 4 1077interface is desired, 1078.Va pflog_instances 1079is set to the list of 1080.Xr pflogd 8 1081instances that should be started at system boot time. 1082If 1083.Va pflog_instances 1084is set, for each whitespace-separated 1085.Ar element 1086in the list, 1087.Ao Ar element Ac Ns Va _dev 1088and 1089.Ao Ar element Ac Ns Va _logfile 1090elements are assumed to exist. 1091.Ao Ar element Ac Ns Va _dev 1092must contain the 1093.Xr pflog 4 1094interface to be watched by the named 1095.Xr pflogd 8 1096instance. 1097.Ao Ar element Ac Ns Va _logfile 1098must contain the name of the logfile that will be used by the 1099.Xr pflogd 8 1100instance. 1101.It Va ftpproxy_enable 1102.Pq Vt bool 1103Set to 1104.Dq Li NO 1105by default. 1106Setting this to 1107.Dq Li YES 1108enables 1109.Xr ftp-proxy 8 1110which supports the 1111.Xr pf 4 1112packet filter in translating ftp connections. 1113.It Va ftpproxy_flags 1114.Pq Vt str 1115Empty by default. 1116This variable contains additional flags passed to the 1117.Xr ftp-proxy 8 1118program. 1119.It Va ftpproxy_instances 1120.Pq Vt str 1121Empty by default. 1122If multiple instances of 1123.Xr ftp-proxy 8 1124are desired at boot time, 1125.Va ftpproxy_instances 1126should contain a whitespace-separated list of instance names. 1127For each 1128.Ar element 1129in the list, a variable named 1130.Ao Ar element Ac Ns Va _flags 1131should be defined, containing the command-line flags to be passed to the 1132.Xr ftp-proxy 8 1133instance. 1134.It Va pfsync_enable 1135.Pq Vt bool 1136Set to 1137.Dq Li NO 1138by default. 1139Setting this to 1140.Dq Li YES 1141enables exposing 1142.Xr pf 4 1143state changes to other hosts over the network by means of 1144.Xr pfsync 4 . 1145The 1146.Va pfsync_syncdev 1147variable 1148must also be set then. 1149.It Va pfsync_syncdev 1150.Pq Vt str 1151Empty by default. 1152This variable specifies the name of the network interface 1153.Xr pfsync 4 1154should operate through. 1155It must be set accordingly if 1156.Va pfsync_enable 1157is set to 1158.Dq Li YES . 1159.It Va pfsync_syncpeer 1160.Pq Vt str 1161Empty by default. 1162This variable is optional. 1163By default, state change messages are sent out on the synchronisation 1164interface using IP multicast packets. 1165The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1166224.0.0.240. 1167When a peer address is specified using the 1168.Va pfsync_syncpeer 1169option, the peer address is used as a destination for the pfsync 1170traffic, and the traffic can then be protected using 1171.Xr ipsec 4 . 1172See the 1173.Xr pfsync 4 1174manpage for more details about using 1175.Xr ipsec 4 1176with 1177.Xr pfsync 4 1178interfaces. 1179.It Va pfsync_ifconfig 1180.Pq Vt str 1181Empty by default. 1182This variable can contain additional options to be passed to the 1183.Xr ifconfig 8 1184command used to set up 1185.Xr pfsync 4 . 1186.It Va tcp_extensions 1187.Pq Vt bool 1188Set to 1189.Dq Li YES 1190by default. 1191Setting this to 1192.Dq Li NO 1193disables certain TCP options as described by 1194.Rs 1195.%T "RFC 1323" 1196.Re 1197Setting this to 1198.Dq Li NO 1199might help remedy such problems with connections as randomly hanging 1200or other weird behavior. 1201Some network devices are known 1202to be broken with respect to these options. 1203.It Va log_in_vain 1204.Pq Vt int 1205Set to 0 by default. 1206The 1207.Xr sysctl 8 1208variables, 1209.Va net.inet.tcp.log_in_vain 1210and 1211.Va net.inet.udp.log_in_vain , 1212as described in 1213.Xr tcp 4 1214and 1215.Xr udp 4 , 1216are set to the given value. 1217.It Va tcp_keepalive 1218.Pq Vt bool 1219Set to 1220.Dq Li YES 1221by default. 1222Setting to 1223.Dq Li NO 1224will disable probing idle TCP connections to verify that the 1225peer is still up and reachable. 1226.It Va tcp_drop_synfin 1227.Pq Vt bool 1228Set to 1229.Dq Li NO 1230by default. 1231Setting to 1232.Dq Li YES 1233will cause the kernel to ignore TCP frames that have both 1234the SYN and FIN flags set. 1235This prevents OS fingerprinting, but may 1236break some legitimate applications. 1237.It Va icmp_drop_redirect 1238.Pq Vt bool 1239Set to 1240.Dq Li AUTO 1241by default. 1242This setting will be identical to 1243.Dq Li YES , 1244if a dynamicrouting daemon is enabled, because redirect processing may 1245cause performance issues for large routing tables. 1246If no such service is enabled, this setting behaves like a 1247.Dq Li NO . 1248Setting to 1249.Dq Li YES 1250will cause the kernel to ignore ICMP REDIRECT packets. 1251Setting to 1252.Dq Li NO 1253will cause the kernel to process ICMP REDIRECT packets. 1254Refer to 1255.Xr icmp 4 1256for more information. 1257.It Va icmp_log_redirect 1258.Pq Vt bool 1259Set to 1260.Dq Li NO 1261by default. 1262Setting to 1263.Dq Li YES 1264will cause the kernel to log ICMP REDIRECT packets. 1265Note that 1266the log messages are not rate-limited, so this option should only be used 1267for troubleshooting networks. 1268Refer to 1269.Xr icmp 4 1270for more information. 1271.It Va icmp_bmcastecho 1272.Pq Vt bool 1273Set to 1274.Dq Li YES 1275to respond to broadcast or multicast ICMP ping packets. 1276Refer to 1277.Xr icmp 4 1278for more information. 1279.It Va ip_portrange_first 1280.Pq Vt int 1281If not set to 1282.Dq Li NO , 1283this is the first port in the default portrange. 1284Refer to 1285.Xr ip 4 1286for more information. 1287.It Va ip_portrange_last 1288.Pq Vt int 1289If not set to 1290.Dq Li NO , 1291this is the last port in the default portrange. 1292Refer to 1293.Xr ip 4 1294for more information. 1295.It Va network_interfaces 1296.Pq Vt str 1297Set to the list of network interfaces to configure on this host or 1298.Dq Li AUTO 1299(the default) for all current interfaces. 1300Setting the 1301.Va network_interfaces 1302variable to anything other than the default is deprecated. 1303Interfaces that the administrator wishes to store configuration for, 1304but not start at boot should be configured with the 1305.Dq Li NOAUTO 1306keyword in their 1307.Va ifconfig_ Ns Aq Ar interface 1308variables as described below. 1309.Pp 1310An 1311.Va ifconfig_ Ns Aq Ar interface 1312variable is also assumed to exist for each value of 1313.Ar interface . 1314When an interface name contains any of the characters 1315.Dq Li .-/+ 1316they are translated to 1317.Dq Li _ 1318before lookup. 1319The variable can contain arguments to 1320.Xr ifconfig 8 , 1321as well as special case-insensitive keywords described below. 1322Such keywords are removed before passing the value to 1323.Xr ifconfig 8 1324while the order of the other arguments is preserved. 1325.Pp 1326It is possible to add IP alias entries using 1327.Xr ifconfig 8 1328syntax with the address family keyword such as 1329.Li inet . 1330Assuming that the interface in question was 1331.Li em0 , 1332it might look something like this: 1333.Bd -literal 1334ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1335ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1336.Ed 1337.Pp 1338It also possible to configure multiple IP addresses in Classless 1339Inter-Domain Routing 1340.Pq CIDR 1341address notation, 1342whose each address component can be a range like 1343.Li inet 192.0.2.5-23/24 1344or 1345.Li inet6 2001:db8:1-f::1/64 . 1346This notation allows address and prefix length part only, 1347not the other address modifiers. 1348Note that the maximum number of the generated addresses from a range 1349specification is limited to an integer value specified in 1350.Va netif_ipexpand_max 1351in 1352.Nm 1353because a small typo can unexpectedly generate a large number of addresses. 1354The default value is 1355.Li 2048 . 1356It can be increased by adding the following line into 1357.Nm : 1358.Bd -literal 1359netif_ipexpand_max="4096" 1360.Ed 1361.Pp 1362In the case of 1363.Li 192.0.2.5-23/24 , 1364the address 192.0.2.5 will be configured with the 1365netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1366the non-conflicting netmask /32 as explained in the 1367.Xr ifconfig 8 1368alias section. 1369Note that this special netmask handling is only for 1370.Li inet , 1371not for the other address families such as 1372.Li inet6 . 1373.Pp 1374With the interface in question being 1375.Li em0 , 1376an example could look like: 1377.Bd -literal 1378ifconfig_em0_alias2="inet 192.0.2.129/27" 1379ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1380.Ed 1381.Pp 1382and so on. 1383.Pp 1384Note that deprecated 1385.Va ipv4_addrs_ Ns Aq Ar interface 1386variable was supported for IPv4 CIDR address notation. 1387The 1388.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1389variable replaces it, though 1390.Va ipv4_addrs_ Ns Aq Ar interface 1391is still supported for backward compatibility. 1392.Pp 1393For each 1394.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1395entry with an address family keyword, 1396its contents are passed to 1397.Xr ifconfig 8 . 1398Execution stops at the first unsuccessful access, so if 1399something like this is present: 1400.Bd -literal 1401ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1402ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1403ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1404ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1405.Ed 1406.Pp 1407Then note that alias4 would 1408.Em not 1409be added since the search would 1410stop with the missing 1411.Dq Li alias3 1412entry. 1413Because of this difficult to manage behavior, 1414there is 1415.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1416variable, which has the same functionality as 1417.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1418and can have all of entries in a variable like the following: 1419.Bd -literal 1420ifconfig_em0_aliases="\\ 1421 inet 127.0.0.251 netmask 0xffffffff \\ 1422 inet 127.0.0.252 netmask 0xffffffff \\ 1423 inet 127.0.0.253 netmask 0xffffffff \\ 1424 inet 127.0.0.254 netmask 0xffffffff" 1425.Ed 1426.Pp 1427It also supports CIDR notation. 1428.Pp 1429If the 1430.Pa /etc/start_if . Ns Aq Ar interface 1431file is present, it is read and executed by the 1432.Xr sh 1 1433interpreter 1434before configuring the interface as specified in the 1435.Va ifconfig_ Ns Aq Ar interface 1436and 1437.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1438variables. 1439.Pp 1440If a 1441.Va vlans_ Ns Aq Ar interface 1442variable is set, 1443a 1444.Xr vlan 4 1445interface will be created for each item in the list with the 1446.Ar vlandev 1447argument set to 1448.Ar interface . 1449If a vlan interface's name is a number, 1450then that number is used as the vlan tag and the new vlan interface is 1451named 1452.Ar interface . Ns Ar tag . 1453Otherwise, 1454the vlan tag must be specified via a 1455.Va vlan 1456parameter in the 1457.Va create_args_ Ns Aq Ar interface 1458variable. 1459.Pp 1460To create a vlan device named 1461.Li em0.101 1462on 1463.Li em0 1464with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1465.Bd -literal 1466vlans_em0="101" 1467ifconfig_em0_101="inet 192.0.2.1/24" 1468.Ed 1469.Pp 1470To create a vlan device named 1471.Li myvlan 1472on 1473.Li em0 1474with the vlan tag 102: 1475.Bd -literal 1476vlans_em0="myvlan" 1477create_args_myvlan="vlan 102" 1478.Ed 1479.Pp 1480If a 1481.Va wlans_ Ns Aq Ar interface 1482variable is set, 1483an 1484.Xr wlan 4 1485interface will be created for each item in the list with the 1486.Ar wlandev 1487argument set to 1488.Ar interface . 1489Further wlan cloning arguments may be passed to the 1490.Xr ifconfig 8 1491.Cm create 1492command by setting the 1493.Va create_args_ Ns Aq Ar interface 1494variable. 1495One or more 1496.Xr wlan 4 1497devices must be created for each wireless devices as of 1498.Fx 8.0 . 1499Debugging flags for 1500.Xr wlan 4 1501devices as set by 1502.Xr wlandebug 8 1503may be specified with an 1504.Va wlandebug_ Ns Aq Ar interface 1505variable. 1506The contents of this variable will be passed directly to 1507.Xr wlandebug 8 . 1508.Pp 1509If the 1510.Va ifconfig_ Ns Aq Ar interface 1511contains the keyword 1512.Dq Li NOAUTO 1513then the interface will not be configured 1514at boot or by 1515.Pa /etc/pccard_ether 1516when 1517.Va network_interfaces 1518is set to 1519.Dq Li AUTO . 1520.Pp 1521It is possible to bring up an interface with DHCP by adding 1522.Dq Li DHCP 1523to the 1524.Va ifconfig_ Ns Aq Ar interface 1525variable. 1526For instance, to initialize the 1527.Li em0 1528device via DHCP, 1529it is possible to use something like: 1530.Bd -literal 1531ifconfig_em0="DHCP" 1532.Ed 1533.Pp 1534If you want to configure your wireless interface with 1535.Xr wpa_supplicant 8 1536for use with WPA, EAP/LEAP or WEP, you need to add 1537.Dq Li WPA 1538to the 1539.Va ifconfig_ Ns Aq Ar interface 1540variable. 1541.Pp 1542On the other hand, if you want to configure your wireless interface with 1543.Xr hostapd 8 , 1544you need to add 1545.Dq Li HOSTAP 1546to the 1547.Va ifconfig_ Ns Aq Ar interface 1548variable. 1549.Xr hostapd 8 1550will use the settings from 1551.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1552.Pp 1553Finally, you can add 1554.Xr ifconfig 8 1555options in this variable, in addition to the 1556.Pa /etc/start_if . Ns Aq Ar interface 1557file. 1558For instance, to configure an 1559.Xr ath 4 1560wireless device in station mode with an address obtained 1561via DHCP, using WPA authentication and 802.11b mode, it is 1562possible to use something like: 1563.Bd -literal 1564wlans_ath0="wlan0" 1565ifconfig_wlan0="DHCP WPA mode 11b" 1566.Ed 1567.Pp 1568In addition to the 1569.Va ifconfig_ Ns Aq Ar interface 1570form, a fallback variable 1571.Va ifconfig_DEFAULT 1572may be configured. 1573It will be used for all interfaces with no 1574.Va ifconfig_ Ns Aq Ar interface 1575variable. 1576This is intended to replace the no longer supported 1577.Va pccard_ifconfig 1578variable. 1579.Pp 1580It is also possible to rename an interface by doing: 1581.Bd -literal 1582ifconfig_em0_name="net0" 1583ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1584.Ed 1585.It Va ipv6_enable 1586.Pq Vt bool 1587This variable is deprecated. 1588Use 1589.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1590and 1591.Va ipv6_activate_all_interfaces 1592if necessary. 1593.Pp 1594If the variable is 1595.Dq Li YES , 1596.Dq Li inet6 accept_rtadv 1597is added to all of 1598.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1599and the 1600.Va ipv6_activate_all_interfaces 1601is defined as 1602.Dq Li YES . 1603.It Va ipv6_prefer 1604.Pq Vt bool 1605This variable is deprecated. 1606Use 1607.Va ip6addrctl_policy 1608instead. 1609.Pp 1610If the variable is 1611.Dq Li YES , 1612the default address selection policy table set by 1613.Xr ip6addrctl 8 1614will be IPv6-preferred. 1615.Pp 1616If the variable is 1617.Dq Li NO , 1618the default address selection policy table set by 1619.Xr ip6addrctl 8 1620will be IPv4-preferred. 1621.It Va ipv6_activate_all_interfaces 1622.Pq Vt bool 1623This controls initial configuration on IPv6-capable 1624interfaces with no corresponding 1625.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1626variable. 1627Note that it is not always necessary to set this variable to 1628.Dq YES 1629to use IPv6 functionality on 1630.Fx . 1631In most cases, just configuring 1632.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1633variables works. 1634.Pp 1635If the variable is 1636.Dq Li NO , 1637all interfaces which do not have a corresponding 1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1639variable will be marked as 1640.Dq Li IFDISABLED 1641at creation. 1642This means that all of IPv6 functionality on that interface 1643is completely disabled to enforce a security policy. 1644If the variable is set to 1645.Dq YES , 1646the flag will be cleared on all of the interfaces. 1647.Pp 1648In most cases, just defining an 1649.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1650for an IPv6-capable interface should be sufficient. 1651However, if an interface is added dynamically 1652.Pq by some tunneling protocols such as PPP, for example , 1653it is often difficult to define the variable in advance. 1654In such a case, configuring the 1655.Dq Li IFDISABLED 1656flag can be disabled by setting this variable to 1657.Dq YES . 1658.Pp 1659For more details of the 1660.Dq Li IFDISABLED 1661flag and keywords 1662.Dq Li inet6 ifdisabled , 1663see 1664.Xr ifconfig 8 . 1665.Pp 1666Default is 1667.Dq Li NO . 1668.It Va ipv6_privacy 1669.Pq Vt bool 1670If the variable is 1671.Dq Li YES 1672privacy addresses will be generated for each IPv6 1673interface as described in RFC 4941. 1674.It Va ipv6_network_interfaces 1675.Pq Vt str 1676This is the IPv6 equivalent of 1677.Va network_interfaces . 1678Normally manual configuration of this variable is not needed. 1679.It Va ipv6_cpe_wanif 1680.Pq Vt str 1681If the variable is set to an interface name, 1682the 1683.Xr ifconfig 8 1684options 1685.Dq inet6 -no_radr accept_rtadv 1686will be added to the specified interface automatically before evaluating 1687.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1688and two 1689.Xr sysctl 8 1690variables 1691.Va net.inet6.ip6.rfc6204w3 1692and 1693.Va net.inet6.ip6.no_radr 1694will be set to 1. 1695.Pp 1696This means the specified interface will accept ICMPv6 Router 1697Advertisement messages on that link and add the discovered 1698routers into the Default Router List. 1699While the other interfaces can still accept RA messages if the 1700.Dq inet6 accept_rtadv 1701option is specified, adding 1702routes into the Default Router List will be disabled by 1703.Dq inet6 no_radr 1704option by default. 1705See 1706.Xr ifconfig 8 1707for more details. 1708.Pp 1709Note that ICMPv6 Router Advertisement messages will be 1710accepted even when 1711.Va net.inet6.ip6.forwarding 1712is 1 1713.Pq packet forwarding is enabled 1714when 1715.Va net.inet6.ip6.rfc6204w3 1716is set to 1. 1717.Pp 1718Default is 1719.Dq Li NO . 1720.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1721.Pq Vt str 1722This assigns arbitrary description to an interface. 1723The 1724.Xr sysctl 8 1725variable 1726.Va net.ifdescr_maxlen 1727limits its length. 1728This static setting may be overridden by commands 1729started with dynamic interface configuration utilities 1730like 1731.Xr dhclient 8 1732hooks. 1733The description can be seen with 1734.Xr ifconfig 8 1735command and it may be exported with 1736.Xr bsnmpd 1 1737daemon using its MIB-2 module. 1738.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1739.Pq Vt str 1740IPv6 functionality on an interface should be configured by 1741.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1742instead of setting ifconfig parameters in 1743.Va ifconfig_ Ns Aq Ar interface . 1744If this variable is empty, all of IPv6 configurations on the 1745specified interface by other variables such as 1746.Va ipv6_prefix_ Ns Ao Ar interface Ac 1747will be ignored. 1748.Pp 1749Aliases should be set by 1750.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1751with 1752.Dq Li inet6 1753keyword. 1754For example: 1755.Bd -literal 1756ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1757ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1758.Ed 1759.Pp 1760Interfaces that have an 1761.Dq Li inet6 accept_rtadv 1762keyword in 1763.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1764setting will be automatically configured by SLAAC 1765.Pq StateLess Address AutoConfiguration 1766described in 1767.Rs 1768.%T "RFC 4862" 1769.Re 1770.Pp 1771Note that a link-local address will be automatically configured in 1772addition to the configured global-scope addresses because the IPv6 1773specifications require it on each link. 1774The address is calculated from the MAC address by using an algorithm 1775defined in 1776.Rs 1777.%T "RFC 4862" 1778.%O "Section 5.3" 1779.Re 1780.Pp 1781If only a link-local address is needed on the interface, 1782the following configuration can be used: 1783.Bd -literal 1784ifconfig_em0_ipv6="inet6 auto_linklocal" 1785.Ed 1786.Pp 1787A link-local address can also be configured manually. 1788This is useful for the default router address of an IPv6 router 1789so that it does not change when the network interface 1790card is replaced. 1791For example: 1792.Bd -literal 1793ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1794.Ed 1795.It Va ipv6_prefix_ Ns Aq Ar interface 1796.Pq Vt str 1797If one or more prefixes are defined in 1798.Va ipv6_prefix_ Ns Aq Ar interface 1799addresses based on each prefix and the EUI-64 interface index will be 1800configured on that interface. 1801Note that this variable will be ignored when 1802.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1803is empty. 1804.Pp 1805For example, the following configuration 1806.Bd -literal 1807ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1808.Ed 1809.Pp 1810is equivalent to the following: 1811.Bd -literal 1812ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1813ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1814ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1815ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1816.Ed 1817.Pp 1818These Subnet-Router anycast addresses will be added only when 1819.Va ipv6_gateway_enable 1820is YES. 1821.It Va ipv6_default_interface 1822.Pq Vt str 1823If not set to 1824.Dq Li NO , 1825this is the default output interface for scoped addresses. 1826This works only with ipv6_gateway_enable="NO". 1827.It Va ip6addrctl_enable 1828.Pq Vt bool 1829This variable is to enable configuring default address selection policy table 1830.Pq RFC 3484 . 1831The table can be specified in another variable 1832.Va ip6addrctl_policy . 1833For 1834.Va ip6addrctl_policy 1835the following keywords can be specified: 1836.Dq Li ipv4_prefer , 1837.Dq Li ipv6_prefer , 1838or 1839.Dq Li AUTO . 1840.Pp 1841If 1842.Dq Li ipv4_prefer 1843or 1844.Dq Li ipv6_prefer 1845is specified, 1846.Xr ip6addrctl 8 1847installs a pre-defined policy table described in Section 10.3 1848.Pq IPv4-preferred 1849or 2.1 1850.Pq IPv6-preferred 1851of RFC 3484. 1852.Pp 1853If 1854.Dq Li AUTO 1855is specified, it attempts to read a file 1856.Pa /etc/ip6addrctl.conf 1857first. 1858If this file is found, 1859.Xr ip6addrctl 8 1860reads and installs it. 1861If not found, a policy is automatically set 1862according to 1863.Va ipv6_activate_all_interfaces 1864variable; if the variable is set to 1865.Dq Li YES 1866the IPv6-preferred one is used. 1867Otherwise IPv4-preferred. 1868.Pp 1869The default value of 1870.Va ip6addrctl_enable 1871and 1872.Va ip6addrctl_policy 1873are 1874.Dq Li YES 1875and 1876.Dq Li AUTO , 1877respectively. 1878.It Va cloned_interfaces 1879.Pq Vt str 1880Set to the list of clonable network interfaces to create on this host. 1881Further cloning arguments may be passed to the 1882.Xr ifconfig 8 1883.Cm create 1884command for each interface by setting the 1885.Va create_args_ Ns Aq Ar interface 1886variable. 1887If an interface name is specified with 1888.Dq :sticky 1889keyword, 1890the interface will not be destroyed even when 1891.Pa rc.d/netif 1892script is invoked with 1893.Dq stop 1894argument. 1895This is useful when reconfiguring the interface without destroying it. 1896Entries in 1897.Va cloned_interfaces 1898are automatically appended to 1899.Va network_interfaces 1900for configuration. 1901.It Va cloned_interfaces_sticky 1902.Pq Vt bool 1903This variable is to globally enable functionality of 1904.Dq :sticky 1905keyword in 1906.Va cloned_interfaces 1907for all interfaces. 1908The default value is 1909.Dq NO . 1910Even if this variable is specified to 1911.Dq YES , 1912.Dq :nosticky 1913keyword can be used to override it on per interface basis. 1914.It Va gif_interfaces 1915Set to the list of 1916.Xr gif 4 1917tunnel interfaces to configure on this host. 1918A 1919.Va gifconfig_ Ns Aq Ar interface 1920variable is assumed to exist for each value of 1921.Ar interface . 1922The value of this variable is used to configure the link layer of the 1923tunnel using the 1924.Cm tunnel 1925option to 1926.Xr ifconfig 8 . 1927Additionally, this option ensures that each listed interface is created 1928via the 1929.Cm create 1930option to 1931.Xr ifconfig 8 1932before attempting to configure it. 1933.Pp 1934For example, configure two 1935.Xr gif 4 1936interfaces with: 1937.Bd -literal 1938gif_interfaces="gif0 gif1" 1939gifconfig_gif0="100.64.0.1 100.64.0.2" 1940ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1941gifconfig_gif1="inet6 2a00::1 2a01::1" 1942ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1943.Ed 1944.It Va ppp_enable 1945.Pq Vt bool 1946If set to 1947.Dq Li YES , 1948run the 1949.Xr ppp 8 1950daemon. 1951.It Va ppp_profile 1952.Pq Vt str 1953The name of the profile to use from 1954.Pa /etc/ppp/ppp.conf . 1955Also used for per-profile overrides of 1956.Va ppp_mode 1957and 1958.Va ppp_nat , 1959and 1960.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1961When the profile name contains any of the characters 1962.Dq Li .-/+ 1963they are translated to 1964.Dq Li _ 1965for the proposes of the override variable names. 1966.It Va ppp_mode 1967.Pq Vt str 1968Mode in which to run the 1969.Xr ppp 8 1970daemon. 1971.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1972.Pq Vt str 1973Overrides the global 1974.Va ppp_mode 1975for 1976.Ar profile . 1977Accepted modes are 1978.Dq Li auto , 1979.Dq Li ddial , 1980.Dq Li direct 1981and 1982.Dq Li dedicated . 1983See the manual for a full description. 1984.It Va ppp_nat 1985.Pq Vt bool 1986If set to 1987.Dq Li YES , 1988enables network address translation. 1989Used in conjunction with 1990.Va gateway_enable 1991allows hosts on private network addresses access to the Internet using 1992this host as a network address translating router. 1993Default is 1994.Dq Li YES . 1995.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1996.Pq Vt str 1997Overrides the global 1998.Va ppp_nat 1999for 2000.Ar profile . 2001.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2002.Pq Vt int 2003Set the unit number to be used for this profile. 2004See the manual description of 2005.Fl unit Ns Ar N 2006for details. 2007.It Va ppp_user 2008.Pq Vt str 2009The name of the user under which 2010.Xr ppp 8 2011should be started. 2012By 2013default, 2014.Xr ppp 8 2015is started as 2016.Dq Li root . 2017.It Va rc_conf_files 2018.Pq Vt str 2019This option is used to specify a list of files that will override 2020the settings in 2021.Pa /etc/defaults/rc.conf . 2022The files will be read in the order in which they are specified and should 2023include the full path to the file. 2024By default, the files specified are 2025.Pa /etc/rc.conf 2026and 2027.Pa /etc/rc.conf.local 2028.It Va zfs_enable 2029.Pq Vt bool 2030If set to 2031.Dq Li YES , 2032.Pa /etc/rc.d/zfs 2033will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2034(ZVOLs). 2035.It Va gptboot_enable 2036.Pq Vt bool 2037If set to 2038.Dq Li YES , 2039.Pa /etc/rc.d/gptboot 2040will log if the system successfully (or not) booted from a GPT partition, 2041which had the 2042.Ar bootonce 2043attribute set using 2044.Xr gpart 8 2045utility. 2046.It Va gbde_autoattach_all 2047.Pq Vt bool 2048If set to 2049.Dq Li YES , 2050.Pa /etc/rc.d/gbde 2051will attempt to automatically initialize your .bde devices in 2052.Pa /etc/fstab . 2053.It Va gbde_devices 2054.Pq Vt str 2055List the devices that the script should try to attach, 2056or 2057.Dq Li AUTO . 2058.It Va gbde_lockdir 2059.Pq Vt str 2060The directory where the 2061.Xr gbde 4 2062lockfiles are located. 2063The default lockfile directory is 2064.Pa /etc . 2065.Pp 2066The lockfile for each individual 2067.Xr gbde 4 2068device can be overridden by setting the variable 2069.Va gbde_lock_ Ns Aq Ar device , 2070where 2071.Ar device 2072is the encrypted device without the 2073.Dq Pa /dev/ 2074and 2075.Dq Pa .bde 2076parts. 2077.It Va gbde_attach_attempts 2078.Pq Vt int 2079Number of times to attempt attaching to a 2080.Xr gbde 4 2081device, i.e., how many times the user is asked for the pass-phrase. 2082Default is 3. 2083.It Va geli_devices 2084.Pq Vt str 2085List of devices to automatically attach on boot. 2086Note that .eli devices from 2087.Pa /etc/fstab 2088are automatically appended to this list. 2089.It Va geli_groups 2090.Pq Vt str 2091List of groups containing devices to automatically attach on boot with the same 2092keyfiles and passphrase. 2093This must be accompanied with a corresponding 2094.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2095variable. 2096.It Va geli_tries 2097.Pq Vt int 2098Number of times user is asked for the pass-phrase. 2099If empty, it will be taken from 2100.Va kern.geom.eli.tries 2101sysctl variable. 2102.It Va geli_default_flags 2103.Pq Vt str 2104Default flags to use by 2105.Xr geli 8 2106when configuring disk encryption. 2107Flags can be configured for every device separately by defining the 2108.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2109variable, and for every group separately by defining the 2110.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2111variable. 2112.It Va geli_autodetach 2113.Pq Vt str 2114Specifies if GELI devices should be marked for detach on last close after 2115file systems are mounted. 2116Default is 2117.Dq Li YES . 2118This can be changed for every device separately by defining the 2119.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2120variable. 2121.It Va root_rw_mount 2122.Pq Vt bool 2123Set to 2124.Dq Li YES 2125by default. 2126After the file systems are checked at boot time, the root file system 2127is remounted as read-write if this is set to 2128.Dq Li YES . 2129Diskless systems that mount their root file system from a read-only remote 2130NFS share should set this to 2131.Dq Li NO 2132in their 2133.Pa rc.conf . 2134.It Va fsck_y_enable 2135.Pq Vt bool 2136If set to 2137.Dq Li YES , 2138.Xr fsck 8 2139will be run with the 2140.Fl y 2141flag if the initial preen 2142of the file systems fails. 2143.It Va background_fsck 2144.Pq Vt bool 2145If set to 2146.Dq Li NO , 2147the system will not attempt to run 2148.Xr fsck 8 2149in the background where possible. 2150.It Va background_fsck_delay 2151.Pq Vt int 2152The amount of time in seconds to sleep before starting a background 2153.Xr fsck 8 . 2154It defaults to sixty seconds to allow large applications such as 2155the X server to start before disk I/O bandwidth is monopolized by 2156.Xr fsck 8 . 2157If set to a negative number, the background file system check will be 2158delayed indefinitely to allow the administrator to run it at a more 2159convenient time. 2160For example it may be run from 2161.Xr cron 8 2162by adding a line like 2163.Pp 2164.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2165.Pp 2166to 2167.Pa /etc/crontab . 2168.It Va netfs_types 2169.Pq Vt str 2170List of file system types that are network-based. 2171This list should generally not be modified by end users. 2172Use 2173.Va extra_netfs_types 2174instead. 2175.It Va extra_netfs_types 2176.Pq Vt str 2177If set to something other than 2178.Dq Li NO 2179(the default), 2180this variable extends the list of file system types 2181for which automatic mounting at startup by 2182.Xr rc 8 2183should be delayed until the network is initialized. 2184It should contain 2185a whitespace-separated list of network file system descriptor pairs, 2186each consisting of a file system type as passed to 2187.Xr mount 8 2188and a human-readable, one-word description, 2189joined with a colon 2190.Pq Ql \&: . 2191Extending the default list in this way is only necessary 2192when third party file system types are used. 2193.It Va syslogd_enable 2194.Pq Vt bool 2195If set to 2196.Dq Li YES , 2197run the 2198.Xr syslogd 8 2199daemon. 2200.It Va syslogd_program 2201.Pq Vt str 2202Path to 2203.Xr syslogd 8 2204(default 2205.Pa /usr/sbin/syslogd ) . 2206.It Va syslogd_flags 2207.Pq Vt str 2208If 2209.Va syslogd_enable 2210is set to 2211.Dq Li YES , 2212these are the flags to pass to 2213.Xr syslogd 8 . 2214.It Va inetd_enable 2215.Pq Vt bool 2216If set to 2217.Dq Li YES , 2218run the 2219.Xr inetd 8 2220daemon. 2221.It Va inetd_program 2222.Pq Vt str 2223Path to 2224.Xr inetd 8 2225(default 2226.Pa /usr/sbin/inetd ) . 2227.It Va inetd_flags 2228.Pq Vt str 2229If 2230.Va inetd_enable 2231is set to 2232.Dq Li YES , 2233these are the flags to pass to 2234.Xr inetd 8 . 2235.It Va hastd_enable 2236.Pq Vt bool 2237If set to 2238.Dq Li YES , 2239run the 2240.Xr hastd 8 2241daemon. 2242.It Va hastd_program 2243.Pq Vt str 2244Path to 2245.Xr hastd 8 2246(default 2247.Pa /sbin/hastd ) . 2248.It Va hastd_flags 2249.Pq Vt str 2250If 2251.Va hastd_enable 2252is set to 2253.Dq Li YES , 2254these are the flags to pass to 2255.Xr hastd 8 . 2256.It Va local_unbound_enable 2257.Pq Vt bool 2258If set to 2259.Dq Li YES , 2260run the 2261.Xr unbound 8 2262daemon as a local caching resolver. 2263.It Va kdc_enable 2264.Pq Vt bool 2265Set to 2266.Dq Li YES 2267to start a Kerberos 5 authentication server 2268at boot time. 2269.It Va kdc_program 2270.Pq Vt str 2271If 2272.Va kdc_enable 2273is set to 2274.Dq Li YES 2275this is the path to Kerberos 5 Authentication Server. 2276.It Va kdc_flags 2277.Pq Vt str 2278Empty by default. 2279This variable contains additional flags to be passed to the Kerberos 5 2280authentication server. 2281.It Va kadmind_enable 2282.Pq Vt bool 2283Set to 2284.Dq Li YES 2285to start 2286.Xr kadmind 8 , 2287the Kerberos 5 Administration Daemon; set to 2288.Dq Li NO 2289on a slave server. 2290.It Va kadmind_program 2291.Pq Vt str 2292If 2293.Va kadmind_enable 2294is set to 2295.Dq Li YES 2296this is the path to Kerberos 5 Administration Daemon. 2297.It Va kpasswdd_enable 2298.Pq Vt bool 2299Set to 2300.Dq Li YES 2301to start 2302.Xr kpasswdd 8 , 2303the Kerberos 5 Password-Changing Daemon; set to 2304.Dq Li NO 2305on a slave server. 2306.It Va kpasswdd_program 2307.Pq Vt str 2308If 2309.Va kpasswdd_enable 2310is set to 2311.Dq Li YES 2312this is the path to Kerberos 5 Password-Changing Daemon. 2313.It Va kfd_enable 2314.Pq Vt bool 2315Set to 2316.Dq Li YES 2317to start 2318.Xr kfd 8 , 2319the Kerberos 5 ticket forwarding daemon, at the boot time. 2320.It Va kfd_program 2321.Pq Vt str 2322Path to 2323.Xr kfd 8 2324(default 2325.Pa /usr/libexec/kfd ) . 2326.It Va rwhod_enable 2327.Pq Vt bool 2328If set to 2329.Dq Li YES , 2330run the 2331.Xr rwhod 8 2332daemon at boot time. 2333.It Va rwhod_flags 2334.Pq Vt str 2335If 2336.Va rwhod_enable 2337is set to 2338.Dq Li YES , 2339these are the flags to pass to it. 2340.It Va update_motd 2341.Pq Vt bool 2342If set to 2343.Dq Li YES , 2344.Pa /etc/motd 2345will be updated at boot time to reflect the kernel release 2346being run. 2347If set to 2348.Dq Li NO , 2349.Pa /etc/motd 2350will not be updated. 2351.It Va nfs_client_enable 2352.Pq Vt bool 2353If set to 2354.Dq Li YES , 2355run the NFS client daemons at boot time. 2356.It Va nfs_access_cache 2357.Pq Vt int 2358If 2359.Va nfs_client_enable 2360is set to 2361.Dq Li YES , 2362this can be set to 2363.Dq Li 0 2364to disable NFS ACCESS RPC caching, or to the number of seconds for which 2365NFS ACCESS 2366results should be cached. 2367A value of 2-10 seconds will substantially reduce network 2368traffic for many NFS operations. 2369.It Va nfs_server_enable 2370.Pq Vt bool 2371If set to 2372.Dq Li YES , 2373run the NFS server daemons at boot time. 2374.It Va nfs_server_flags 2375.Pq Vt str 2376If 2377.Va nfs_server_enable 2378is set to 2379.Dq Li YES , 2380these are the flags to pass to the 2381.Xr nfsd 8 2382daemon. 2383.It Va nfsv4_server_enable 2384.Pq Vt bool 2385If 2386.Va nfs_server_enable 2387is set to 2388.Dq Li YES 2389and 2390.Va nfsv4_server_enable 2391are set to 2392.Dq Li YES , 2393enable the server for NFSv4 as well as NFSv2 and NFSv3. 2394.It Va nfsuserd_enable 2395.Pq Vt bool 2396If 2397.Va nfsuserd_enable 2398is set to 2399.Dq Li YES , 2400run the nfsuserd daemon, which is needed for NFSv4 in order 2401to map between user/group names vs uid/gid numbers. 2402If 2403.Va nfsv4_server_enable 2404is set to 2405.Dq Li YES , 2406this will be forced enabled. 2407.It Va nfsuserd_flags 2408.Pq Vt str 2409If 2410.Va nfsuserd_enable 2411is set to 2412.Dq Li YES , 2413these are the flags to pass to the 2414.Xr nfsuserd 8 2415daemon. 2416.It Va nfscbd_enable 2417.Pq Vt bool 2418If 2419.Va nfscbd_enable 2420is set to 2421.Dq Li YES , 2422run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2423.It Va nfscbd_flags 2424.Pq Vt str 2425If 2426.Va nfscbd_enable 2427is set to 2428.Dq Li YES , 2429these are the flags to pass to the 2430.Xr nfscbd 8 2431daemon. 2432.It Va mountd_enable 2433.Pq Vt bool 2434If set to 2435.Dq Li YES , 2436and no 2437.Va nfs_server_enable 2438is set, start 2439.Xr mountd 8 , 2440but not 2441.Xr nfsd 8 2442daemon. 2443It is commonly needed to run CFS without real NFS used. 2444.It Va mountd_flags 2445.Pq Vt str 2446If 2447.Va mountd_enable 2448is set to 2449.Dq Li YES , 2450these are the flags to pass to the 2451.Xr mountd 8 2452daemon. 2453.It Va weak_mountd_authentication 2454.Pq Vt bool 2455If set to 2456.Dq Li YES , 2457allow services like PCNFSD to make non-privileged mount 2458requests. 2459.It Va nfs_reserved_port_only 2460.Pq Vt bool 2461If set to 2462.Dq Li YES , 2463provide NFS services only on a secure port. 2464.It Va nfs_bufpackets 2465.Pq Vt int 2466If set to a number, indicates the number of packets worth of 2467socket buffer space to reserve on an NFS client. 2468The kernel default is typically 4. 2469Using a higher number may be 2470useful on gigabit networks to improve performance. 2471The minimum value is 24722 and the maximum is 64. 2473.It Va rpc_lockd_enable 2474.Pq Vt bool 2475If set to 2476.Dq Li YES 2477and also an NFS server or client, run 2478.Xr rpc.lockd 8 2479at boot time. 2480.It Va rpc_lockd_flags 2481.Pq Vt str 2482If 2483.Va rpc_lockd_enable 2484is set to 2485.Dq Li YES , 2486these are the flags to pass to the 2487.Xr rpc.lockd 8 2488daemon. 2489.It Va rpc_statd_enable 2490.Pq Vt bool 2491If set to 2492.Dq Li YES 2493and also an NFS server or client, run 2494.Xr rpc.statd 8 2495at boot time. 2496.It Va rpc_statd_flags 2497.Pq Vt str 2498If 2499.Va rpc_statd_enable 2500is set to 2501.Dq Li YES , 2502these are the flags to pass to the 2503.Xr rpc.statd 8 2504daemon. 2505.It Va rpcbind_program 2506.Pq Vt str 2507Path to 2508.Xr rpcbind 8 2509(default 2510.Pa /usr/sbin/rpcbind ) . 2511.It Va rpcbind_enable 2512.Pq Vt bool 2513If set to 2514.Dq Li YES , 2515run the 2516.Xr rpcbind 8 2517service at boot time. 2518.It Va rpcbind_flags 2519.Pq Vt str 2520If 2521.Va rpcbind_enable 2522is set to 2523.Dq Li YES , 2524these are the flags to pass to the 2525.Xr rpcbind 8 2526daemon. 2527.It Va keyserv_enable 2528.Pq Vt bool 2529If set to 2530.Dq Li YES , 2531run the 2532.Xr keyserv 8 2533daemon on boot for running Secure RPC. 2534.It Va keyserv_flags 2535.Pq Vt str 2536If 2537.Va keyserv_enable 2538is set to 2539.Dq Li YES , 2540these are the flags to pass to 2541.Xr keyserv 8 2542daemon. 2543.It Va pppoed_enable 2544.Pq Vt bool 2545If set to 2546.Dq Li YES , 2547run the 2548.Xr pppoed 8 2549daemon at boot time to provide PPP over Ethernet services. 2550.It Va pppoed_ Ns Aq Ar provider 2551.Pq Vt str 2552.Xr pppoed 8 2553listens to requests to this 2554.Ar provider 2555and ultimately runs 2556.Xr ppp 8 2557with a 2558.Ar system 2559argument of the same name. 2560.It Va pppoed_flags 2561.Pq Vt str 2562Additional flags to pass to 2563.Xr pppoed 8 . 2564.It Va pppoed_interface 2565.Pq Vt str 2566The network interface to run 2567.Xr pppoed 8 2568on. 2569This is mandatory when 2570.Va pppoed_enable 2571is set to 2572.Dq Li YES . 2573.It Va ntpdate_enable 2574.Pq Vt bool 2575If set to 2576.Dq Li YES , 2577run 2578.Xr ntpdate 8 2579at system startup. 2580This command is intended to 2581synchronize the system clock only 2582.Em once 2583from some standard reference. 2584.Pp 2585Note that the use of the 2586.Va ntpd_sync_on_start 2587variable is a preferred alternative to the 2588.Xr ntpdate 8 2589utility as 2590.Xr ntpdate 8 2591is to be retired from the NTP distribution. 2592.It Va ntpdate_config 2593.Pq Vt str 2594Configuration file for 2595.Xr ntpdate 8 . 2596Default 2597.Pa /etc/ntp.conf . 2598.It Va ntpdate_hosts 2599.Pq Vt str 2600A whitespace-separated list of NTP servers to synchronize with at startup. 2601The default is to use the servers listed in 2602.Va ntpdate_config , 2603if that file exists. 2604.It Va ntpdate_program 2605.Pq Vt str 2606Path to 2607.Xr ntpdate 8 2608(default 2609.Pa /usr/sbin/ntpdate ) . 2610.It Va ntpdate_flags 2611.Pq Vt str 2612If 2613.Va ntpdate_enable 2614is set to 2615.Dq Li YES , 2616these are the flags to pass to the 2617.Xr ntpdate 8 2618command (typically a hostname). 2619.It Va ntpd_enable 2620.Pq Vt bool 2621If set to 2622.Dq Li YES , 2623run the 2624.Xr ntpd 8 2625command at boot time. 2626.It Va ntpd_program 2627.Pq Vt str 2628Path to 2629.Xr ntpd 8 2630(default 2631.Pa /usr/sbin/ntpd ) . 2632.It Va ntpd_config 2633.Pq Vt str 2634Path to 2635.Xr ntpd 8 2636configuration file. 2637Default 2638.Pa /etc/ntp.conf . 2639.It Va ntpd_flags 2640.Pq Vt str 2641If 2642.Va ntpd_enable 2643is set to 2644.Dq Li YES , 2645these are the flags to pass to the 2646.Xr ntpd 8 2647daemon. 2648.It Va ntpd_sync_on_start 2649.Pq Vt bool 2650If set to 2651.Dq Li YES , 2652.Xr ntpd 8 2653is run with the 2654.Fl g 2655flag, which syncs the system's clock on startup. 2656See 2657.Xr ntpd 8 2658for more information regarding the 2659.Fl g 2660option. 2661This is a preferred alternative to using 2662.Xr ntpdate 8 2663or specifying the 2664.Va ntpdate_enable 2665variable. 2666.It Va nis_client_enable 2667.Pq Vt bool 2668If set to 2669.Dq Li YES , 2670run the 2671.Xr ypbind 8 2672service at system boot time. 2673.It Va nis_client_flags 2674.Pq Vt str 2675If 2676.Va nis_client_enable 2677is set to 2678.Dq Li YES , 2679these are the flags to pass to the 2680.Xr ypbind 8 2681service. 2682.It Va nis_ypldap_enable 2683.Pq Vt bool 2684If set to 2685.Dq Li YES , 2686run the 2687.Xr ypldap 8 2688daemon at system boot time. 2689.It Va nis_ypldap_flags 2690.Pq Vt str 2691If 2692.Va nis.ypldap_enable 2693is set to 2694.Dq Li YES , 2695these are the flags to pass to the 2696.Xr ypldap 8 2697daemon. 2698.It Va nis_ypset_enable 2699.Pq Vt bool 2700If set to 2701.Dq Li YES , 2702run the 2703.Xr ypset 8 2704daemon at system boot time. 2705.It Va nis_ypset_flags 2706.Pq Vt str 2707If 2708.Va nis_ypset_enable 2709is set to 2710.Dq Li YES , 2711these are the flags to pass to the 2712.Xr ypset 8 2713daemon. 2714.It Va nis_server_enable 2715.Pq Vt bool 2716If set to 2717.Dq Li YES , 2718run the 2719.Xr ypserv 8 2720daemon at system boot time. 2721.It Va nis_server_flags 2722.Pq Vt str 2723If 2724.Va nis_server_enable 2725is set to 2726.Dq Li YES , 2727these are the flags to pass to the 2728.Xr ypserv 8 2729daemon. 2730.It Va nis_ypxfrd_enable 2731.Pq Vt bool 2732If set to 2733.Dq Li YES , 2734run the 2735.Xr rpc.ypxfrd 8 2736daemon at system boot time. 2737.It Va nis_ypxfrd_flags 2738.Pq Vt str 2739If 2740.Va nis_ypxfrd_enable 2741is set to 2742.Dq Li YES , 2743these are the flags to pass to the 2744.Xr rpc.ypxfrd 8 2745daemon. 2746.It Va nis_yppasswdd_enable 2747.Pq Vt bool 2748If set to 2749.Dq Li YES , 2750run the 2751.Xr rpc.yppasswdd 8 2752daemon at system boot time. 2753.It Va nis_yppasswdd_flags 2754.Pq Vt str 2755If 2756.Va nis_yppasswdd_enable 2757is set to 2758.Dq Li YES , 2759these are the flags to pass to the 2760.Xr rpc.yppasswdd 8 2761daemon. 2762.It Va rpc_ypupdated_enable 2763.Pq Vt bool 2764If set to 2765.Dq Li YES , 2766run the 2767.Nm rpc.ypupdated 2768daemon at system boot time. 2769.It Va bsnmpd_enable 2770.Pq Vt bool 2771If set to 2772.Dq Li YES , 2773run the 2774.Xr bsnmpd 1 2775daemon at system boot time. 2776Be sure to understand the security implications of running SNMP daemon 2777on your host. 2778.It Va bsnmpd_flags 2779.Pq Vt str 2780If 2781.Va bsnmpd_enable 2782is set to 2783.Dq Li YES , 2784these are the flags to pass to the 2785.Xr bsnmpd 1 2786daemon. 2787.It Va defaultrouter 2788.Pq Vt str 2789If not set to 2790.Dq Li NO , 2791create a default route to this host name or IP address 2792(use an IP address if this router is also required to get to the 2793name server!). 2794.It Va defaultrouter_fibN 2795.Pq Vt str 2796If not set to 2797.Dq Li NO , 2798create a default route in FIB N to this host name or IP address. 2799.It Va ipv6_defaultrouter 2800.Pq Vt str 2801The IPv6 equivalent of 2802.Va defaultrouter . 2803.It Va ipv6_defaultrouter_fibN 2804.Pq Vt str 2805The IPv6 equivalent of 2806.Va defaultrouter_fibN . 2807.It Va static_arp_pairs 2808.Pq Vt str 2809Set to the list of static ARP pairs that are to be added at system 2810boot time. 2811For each whitespace separated 2812.Ar element 2813in the value, a 2814.Va static_arp_ Ns Aq Ar element 2815variable is assumed to exist whose contents will later be passed to a 2816.Dq Nm arp Cm -S 2817operation. 2818For example 2819.Bd -literal 2820static_arp_pairs="gw" 2821static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2822.Ed 2823.It Va static_ndp_pairs 2824.Pq Vt str 2825Set to the list of static NDP pairs that are to be added at system 2826boot time. 2827For each whitespace separated 2828.Ar element 2829in the value, a 2830.Va static_ndp_ Ns Aq Ar element 2831variable is assumed to exist whose contents will later be passed to a 2832.Dq Nm ndp Cm -s 2833operation. 2834For example 2835.Bd -literal 2836static_ndp_pairs="gw" 2837static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2838.Ed 2839.It Va static_routes 2840.Pq Vt str 2841Set to the list of static routes that are to be added at system 2842boot time. 2843If not set to 2844.Dq Li NO 2845then for each whitespace separated 2846.Ar element 2847in the value, a 2848.Va route_ Ns Aq Ar element 2849variable is assumed to exist 2850whose contents will later be passed to a 2851.Dq Nm route Cm add 2852operation. 2853For example: 2854.Bd -literal 2855static_routes="ext mcast:gif0 gif0local:gif0" 2856route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2857route_mcast="-net 224.0.0.0/4 -iface gif0" 2858route_gif0local="-host 169.254.1.1 -iface lo0" 2859.Ed 2860.Pp 2861When an 2862.Ar element 2863is in the form of 2864.Li name:ifname , 2865the route is specific to the interface 2866.Li ifname . 2867.It Va ipv6_static_routes 2868.Pq Vt str 2869The IPv6 equivalent of 2870.Va static_routes . 2871If not set to 2872.Dq Li NO 2873then for each whitespace separated 2874.Ar element 2875in the value, a 2876.Va ipv6_route_ Ns Aq Ar element 2877variable is assumed to exist 2878whose contents will later be passed to a 2879.Dq Nm route Cm add Fl inet6 2880operation. 2881.It Va gateway_enable 2882.Pq Vt bool 2883If set to 2884.Dq Li YES , 2885configure host to act as an IP router, e.g.\& to forward packets 2886between interfaces. 2887.It Va ipv6_gateway_enable 2888.Pq Vt bool 2889The IPv6 equivalent of 2890.Va gateway_enable . 2891.It Va routed_enable 2892.Pq Vt bool 2893If set to 2894.Dq Li YES , 2895run a routing daemon of some sort, based on the 2896settings of 2897.Va routed_program 2898and 2899.Va routed_flags . 2900.It Va route6d_enable 2901.Pq Vt bool 2902The IPv6 equivalent of 2903.Va routed_enable . 2904If set to 2905.Dq Li YES , 2906run a routing daemon of some sort, based on the 2907settings of 2908.Va route6d_program 2909and 2910.Va route6d_flags . 2911.It Va routed_program 2912.Pq Vt str 2913If 2914.Va routed_enable 2915is set to 2916.Dq Li YES , 2917this is the name of the routing daemon to use. 2918.It Va route6d_program 2919.Pq Vt str 2920The IPv6 equivalent of 2921.Va routed_program . 2922.It Va routed_flags 2923.Pq Vt str 2924If 2925.Va routed_enable 2926is set to 2927.Dq Li YES , 2928these are the flags to pass to the routing daemon. 2929.It Va route6d_flags 2930.Pq Vt str 2931The IPv6 equivalent of 2932.Va routed_flags . 2933.It Va rtadvd_enable 2934.Pq Vt bool 2935If set to 2936.Dq Li YES , 2937run the 2938.Xr rtadvd 8 2939daemon at boot time. 2940The 2941.Xr rtadvd 8 2942utility sends ICMPv6 Router Advertisement messages to 2943the interfaces specified in 2944.Va rtadvd_interfaces . 2945This should only be enabled with great care. 2946You may want to fine-tune 2947.Xr rtadvd.conf 5 . 2948.It Va rtadvd_interfaces 2949.Pq Vt str 2950If 2951.Va rtadvd_enable 2952is set to 2953.Dq Li YES 2954this is the list of interfaces to use. 2955.It Va arpproxy_all 2956.Pq Vt bool 2957If set to 2958.Dq Li YES , 2959enable global proxy ARP. 2960.It Va forward_sourceroute 2961.Pq Vt bool 2962If set to 2963.Dq Li YES 2964and 2965.Va gateway_enable 2966is also set to 2967.Dq Li YES , 2968source-routed packets are forwarded. 2969.It Va accept_sourceroute 2970.Pq Vt bool 2971If set to 2972.Dq Li YES , 2973the system will accept source-routed packets directed at it. 2974.It Va rarpd_enable 2975.Pq Vt bool 2976If set to 2977.Dq Li YES , 2978run the 2979.Xr rarpd 8 2980daemon at system boot time. 2981.It Va rarpd_flags 2982.Pq Vt str 2983If 2984.Va rarpd_enable 2985is set to 2986.Dq Li YES , 2987these are the flags to pass to the 2988.Xr rarpd 8 2989daemon. 2990.It Va bootparamd_enable 2991.Pq Vt bool 2992If set to 2993.Dq Li YES , 2994run the 2995.Xr bootparamd 8 2996daemon at system boot time. 2997.It Va bootparamd_flags 2998.Pq Vt str 2999If 3000.Va bootparamd_enable 3001is set to 3002.Dq Li YES , 3003these are the flags to pass to the 3004.Xr bootparamd 8 3005daemon. 3006.It Va stf_interface_ipv4addr 3007.Pq Vt str 3008If not set to 3009.Dq Li NO , 3010this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3011interface). 3012Specify this entry to enable the 6to4 interface. 3013.It Va stf_interface_ipv4plen 3014.Pq Vt int 3015Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3016An effective value is 0-31. 3017.It Va stf_interface_ipv6_ifid 3018.Pq Vt str 3019IPv6 interface ID for 3020.Xr stf 4 . 3021This can be set to 3022.Dq Li AUTO . 3023.It Va stf_interface_ipv6_slaid 3024.Pq Vt str 3025IPv6 Site Level Aggregator for 3026.Xr stf 4 . 3027.It Va ipv6_ipv4mapping 3028.Pq Vt bool 3029If set to 3030.Dq Li YES 3031this enables IPv4 mapped IPv6 address communication (like 3032.Li ::ffff:a.b.c.d ) . 3033.It Va rtsold_enable 3034.Pq Vt bool 3035Set to 3036.Dq Li YES 3037to enable the 3038.Xr rtsold 8 3039daemon to send ICMPv6 Router Solicitation messages. 3040.It Va rtsold_flags 3041.Pq Vt str 3042If 3043.Va rtsold_enable 3044is set to 3045.Dq Li YES , 3046these are the flags to pass to 3047.Xr rtsold 8 . 3048.It Va rtsol_flags 3049.Pq Vt str 3050For interfaces configured with the 3051.Dq Li inet6 accept_rtadv 3052keyword, these are the flags to pass to 3053.Xr rtsol 8 . 3054.Pp 3055Note that 3056.Va rtsold_enable 3057is mutually exclusive to 3058.Va rtsol_flags ; 3059.Va rtsold_enable 3060takes precedence. 3061.It Va keybell 3062.Pq Vt str 3063The keyboard bell sound. 3064Set to 3065.Dq Li normal , 3066.Dq Li visual , 3067.Dq Li off , 3068or 3069.Dq Li NO 3070if the default behavior is desired. 3071For details, refer to the 3072.Xr kbdcontrol 1 3073manpage. 3074.It Va keyboard 3075.Pq Vt str 3076If set to a non-null string, the virtual console's keyboard input is 3077set to this device. 3078.It Va keymap 3079.Pq Vt str 3080If set to 3081.Dq Li NO , 3082no keymap is installed, otherwise the value is used to install 3083the keymap file found in 3084.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3085(if using 3086.Xr syscons 4 ) or 3087.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3088(if using 3089.Xr vt 4 ) . 3090.It Va keyrate 3091.Pq Vt str 3092The keyboard repeat speed. 3093Set to 3094.Dq Li slow , 3095.Dq Li normal , 3096.Dq Li fast , 3097or 3098.Dq Li NO 3099if the default behavior is desired. 3100.It Va keychange 3101.Pq Vt str 3102If not set to 3103.Dq Li NO , 3104attempt to program the function keys with the value. 3105The value should 3106be a single string of the form: 3107.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3108.It Va cursor 3109.Pq Vt str 3110Can be set to the value of 3111.Dq Li normal , 3112.Dq Li blink , 3113.Dq Li destructive , 3114or 3115.Dq Li NO 3116to set the cursor behavior explicitly or choose the default behavior. 3117.It Va scrnmap 3118.Pq Vt str 3119If set to 3120.Dq Li NO , 3121no screen map is installed, otherwise the value is used to install 3122the screen map file in 3123.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3124This parameter is ignored when using 3125.Xr vt 4 3126as the console driver. 3127.It Va font8x16 3128.Pq Vt str 3129If set to 3130.Dq Li NO , 3131the default 8x16 font value is used for screen size requests, otherwise 3132the value in 3133.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3134or 3135.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3136is used (depending on the console driver being used). 3137.It Va font8x14 3138.Pq Vt str 3139If set to 3140.Dq Li NO , 3141the default 8x14 font value is used for screen size requests, otherwise 3142the value in 3143.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3144or 3145.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3146is used (depending on the console driver being used). 3147.It Va font8x8 3148.Pq Vt str 3149If set to 3150.Dq Li NO , 3151the default 8x8 font value is used for screen size requests, otherwise 3152the value in 3153.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3154or 3155.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3156is used (depending on the console driver being used). 3157.It Va blanktime 3158.Pq Vt int 3159If set to 3160.Dq Li NO , 3161the default screen blanking interval is used, otherwise it is set 3162to 3163.Ar value 3164seconds. 3165.It Va saver 3166.Pq Vt str 3167If not set to 3168.Dq Li NO , 3169this is the actual screen saver to use 3170.Li ( blank , snake , daemon , 3171etc). 3172.It Va moused_nondefault_enable 3173.Pq Vt str 3174If set to 3175.Dq Li NO , 3176the mouse device specified on 3177the command line is not automatically treated as enabled by the 3178.Pa /etc/rc.d/moused 3179script. 3180Having this variable set to 3181.Dq Li YES 3182allows a 3183.Xr usb 4 3184mouse, 3185for example, 3186to be enabled as soon as it is plugged in. 3187.It Va moused_enable 3188.Pq Vt str 3189If set to 3190.Dq Li YES , 3191the 3192.Xr moused 8 3193daemon is started for doing cut/paste selection on the console. 3194.It Va moused_type 3195.Pq Vt str 3196This is the protocol type of the mouse connected to this host. 3197This variable must be set if 3198.Va moused_enable 3199is set to 3200.Dq Li YES . 3201The 3202.Xr moused 8 3203daemon 3204is able to detect the appropriate mouse type automatically in many cases. 3205Set this variable to 3206.Dq Li auto 3207to let the daemon detect it, or 3208select one from the following list if the automatic detection fails. 3209.Pp 3210If the mouse is attached to the PS/2 mouse port, choose 3211.Dq Li auto 3212or 3213.Dq Li ps/2 , 3214regardless of the brand and model of the mouse. 3215Likewise, if the 3216mouse is attached to the bus mouse port, choose 3217.Dq Li auto 3218or 3219.Dq Li busmouse . 3220All other protocols are for serial mice and will not work with 3221the PS/2 and bus mice. 3222If this is a USB mouse, 3223.Dq Li auto 3224is the only protocol type which will work. 3225.Pp 3226.Bl -tag -width ".Li x10mouseremote" -compact 3227.It Li microsoft 3228Microsoft mouse (serial) 3229.It Li intellimouse 3230Microsoft IntelliMouse (serial) 3231.It Li mousesystems 3232Mouse systems Corp.\& mouse (serial) 3233.It Li mmseries 3234MM Series mouse (serial) 3235.It Li logitech 3236Logitech mouse (serial) 3237.It Li busmouse 3238A bus mouse 3239.It Li mouseman 3240Logitech MouseMan and TrackMan (serial) 3241.It Li glidepoint 3242ALPS GlidePoint (serial) 3243.It Li thinkingmouse 3244Kensington ThinkingMouse (serial) 3245.It Li ps/2 3246PS/2 mouse 3247.It Li mmhittab 3248MM HitTablet (serial) 3249.It Li x10mouseremote 3250X10 MouseRemote (serial) 3251.It Li versapad 3252Interlink VersaPad (serial) 3253.El 3254.Pp 3255Even if the mouse is not in the above list, it may be compatible 3256with one in the list. 3257Refer to the manual page for 3258.Xr moused 8 3259for compatibility information. 3260.Pp 3261It should also be noted that while this is enabled, any 3262other client of the mouse (such as an X server) should access 3263the mouse through the virtual mouse device, 3264.Pa /dev/sysmouse , 3265and configure it as a 3266.Dq Li sysmouse 3267type mouse, since all 3268mouse data is converted to this single canonical format when 3269using 3270.Xr moused 8 . 3271If the client program does not support the 3272.Dq Li sysmouse 3273type, 3274specify the 3275.Dq Li mousesystems 3276type. 3277It is the second preferred type. 3278.It Va moused_port 3279.Pq Vt str 3280If 3281.Va moused_enable 3282is set to 3283.Dq Li YES , 3284this is the actual port the mouse is on. 3285It might be 3286.Pa /dev/cuau0 3287for a COM1 serial mouse, or 3288.Pa /dev/psm0 3289for a PS/2 mouse, for example. 3290.It Va moused_flags 3291.Pq Vt str 3292If 3293.Va moused_flags 3294is set, its value is used as an additional set of flags to pass to the 3295.Xr moused 8 3296daemon. 3297.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3298When 3299.Va moused_nondefault_enable 3300is enabled, and a 3301.Xr moused 8 3302daemon is started for a non-default port, the 3303.Va "moused_" Ns Ar XXX Ns Va "_flags" 3304set of options has precedence over and replaces the default 3305.Va moused_flags 3306(where 3307.Ar XXX 3308is the name of the non-default port, i.e.,\& 3309.Ar ums0 ) . 3310By setting 3311.Va "moused_" Ns Ar XXX Ns Va "_flags" 3312it is possible to set up a different set of default flags for each 3313.Xr moused 8 3314instance. 3315For example, you can use 3316.Dq Li "-3" 3317for the default 3318.Va moused_flags 3319to make your laptop's touchpad more comfortable to use, 3320but an empty set of options for 3321.Va moused_ums0_flags 3322when your 3323.Xr usb 4 3324mouse has three or more buttons. 3325.It Va mousechar_start 3326.Pq Vt int 3327If set to 3328.Dq Li NO , 3329the default mouse cursor character range 3330.Li 0xd0 Ns - Ns Li 0xd3 3331is used, 3332otherwise the range start is set 3333to 3334.Ar value 3335character, see 3336.Xr vidcontrol 1 . 3337Use if the default range is occupied in the language code table. 3338.It Va allscreens_flags 3339.Pq Vt str 3340If set, 3341.Xr vidcontrol 1 3342is run with these options for each of the virtual terminals 3343.Pq Pa /dev/ttyv* . 3344For example, 3345.Dq Fl m Cm on 3346will enable the mouse pointer on all virtual terminals 3347if 3348.Va moused_enable 3349is set to 3350.Dq Li YES . 3351.It Va allscreens_kbdflags 3352.Pq Vt str 3353If set, 3354.Xr kbdcontrol 1 3355is run with these options for each of the virtual terminals 3356.Pq Pa /dev/ttyv* . 3357For example, 3358.Dq Fl h Li 200 3359will set the 3360.Xr syscons 4 3361or 3362.Xr vt 4 3363scrollback (history) buffer to 200 lines. 3364.It Va cron_enable 3365.Pq Vt bool 3366If set to 3367.Dq Li YES , 3368run the 3369.Xr cron 8 3370daemon at system boot time. 3371.It Va cron_program 3372.Pq Vt str 3373Path to 3374.Xr cron 8 3375(default 3376.Pa /usr/sbin/cron ) . 3377.It Va cron_flags 3378.Pq Vt str 3379If 3380.Va cron_enable 3381is set to 3382.Dq Li YES , 3383these are the flags to pass to 3384.Xr cron 8 . 3385.It Va cron_dst 3386.Pq Vt bool 3387If set to 3388.Dq Li YES , 3389enable the special handling of transitions to and from the 3390Daylight Saving Time in 3391.Xr cron 8 3392(equivalent to using the flag 3393.Fl s ) . 3394.It Va lpd_program 3395.Pq Vt str 3396Path to 3397.Xr lpd 8 3398(default 3399.Pa /usr/sbin/lpd ) . 3400.It Va lpd_enable 3401.Pq Vt bool 3402If set to 3403.Dq Li YES , 3404run the 3405.Xr lpd 8 3406daemon at system boot time. 3407.It Va lpd_flags 3408.Pq Vt str 3409If 3410.Va lpd_enable 3411is set to 3412.Dq Li YES , 3413these are the flags to pass to the 3414.Xr lpd 8 3415daemon. 3416.It Va chkprintcap_enable 3417.Pq Vt bool 3418If set to 3419.Dq Li YES , 3420run the 3421.Xr chkprintcap 8 3422command before starting the 3423.Xr lpd 8 3424daemon. 3425.It Va chkprintcap_flags 3426.Pq Vt str 3427If 3428.Va lpd_enable 3429and 3430.Va chkprintcap_enable 3431are set to 3432.Dq Li YES , 3433these are the flags to pass to the 3434.Xr chkprintcap 8 3435program. 3436The default is 3437.Dq Li -d , 3438which causes missing directories to be created. 3439.It Va mta_start_script 3440.Pq Vt str 3441This variable specifies the full path to the script to run to start 3442a mail transfer agent. 3443The default is 3444.Pa /etc/rc.sendmail . 3445The 3446.Va sendmail_* 3447variables which 3448.Pa /etc/rc.sendmail 3449uses are documented in the 3450.Xr rc.sendmail 8 3451manual page. 3452.It Va dumpdev 3453.Pq Vt str 3454Indicates the device (usually a swap partition) to which a crash dump 3455should be written in the event of a system crash. 3456If the value of this variable is 3457.Dq Li AUTO , 3458the first suitable swap device listed in 3459.Pa /etc/fstab 3460will be used as dump device. 3461Otherwise, the value of this variable is passed as the argument to 3462.Xr dumpon 8 3463and 3464.Xr savecore 8 . 3465To disable crash dumps, set this variable to 3466.Dq Li NO . 3467.It Va dumpon_flags 3468.Pq Vt str 3469Flags to pass to 3470.Xr dumpon 8 3471when configuring 3472.Va dumpdev 3473as the system dump device. 3474.It Va dumpdir 3475.Pq Vt str 3476When the system reboots after a crash and a crash dump is found on the 3477device specified by the 3478.Va dumpdev 3479variable, 3480.Xr savecore 8 3481will save that crash dump and a copy of the kernel to the directory 3482specified by the 3483.Va dumpdir 3484variable. 3485The default value is 3486.Pa /var/crash . 3487Set to 3488.Dq Li NO 3489to not run 3490.Xr savecore 8 3491at boot time when 3492.Va dumpdir 3493is set. 3494.It Va savecore_enable 3495.Pq Vt bool 3496If set to 3497.Dq Li NO , 3498disable automatic extraction of the crash dump from the 3499.Va dumpdev . 3500.It Va savecore_flags 3501.Pq Vt str 3502If crash dumps are enabled, these are the flags to pass to the 3503.Xr savecore 8 3504utility. 3505.It Va quota_enable 3506.Pq Vt bool 3507Set to 3508.Dq Li YES 3509to turn on user and group disk quotas on system startup via the 3510.Xr quotaon 8 3511command for all file systems marked as having quotas enabled in 3512.Pa /etc/fstab . 3513The kernel must be built with 3514.Cd "options QUOTA" 3515for disk quotas to function. 3516.It Va check_quotas 3517.Pq Vt bool 3518Set to 3519.Dq Li YES 3520to enable user and group disk quota checking via the 3521.Xr quotacheck 8 3522command. 3523.It Va quotacheck_flags 3524.Pq Vt str 3525If 3526.Va quota_enable 3527is set to 3528.Dq Li YES , 3529and 3530.Va check_quotas 3531is set to 3532.Dq Li YES , 3533these are the flags to pass to the 3534.Xr quotacheck 8 3535utility. 3536The default is 3537.Dq Li "-a" , 3538which checks quotas for all file systems with quotas enabled in 3539.Pa /etc/fstab . 3540.It Va quotaon_flags 3541.Pq Vt str 3542If 3543.Va quota_enable 3544is set to 3545.Dq Li YES , 3546these are the flags to pass to the 3547.Xr quotaon 8 3548utility. 3549The default is 3550.Dq Li "-a" , 3551which enables quotas for all file systems with quotas enabled in 3552.Pa /etc/fstab . 3553.It Va quotaoff_flags 3554.Pq Vt str 3555If 3556.Va quota_enable 3557is set to 3558.Dq Li YES , 3559these are the flags to pass to the 3560.Xr quotaoff 8 3561utility when shutting down the quota system. 3562The default is 3563.Dq Li "-a" , 3564which disables quotas for all file systems with quotas enabled in 3565.Pa /etc/fstab . 3566.It Va accounting_enable 3567.Pq Vt bool 3568Set to 3569.Dq Li YES 3570to enable system accounting through the 3571.Xr accton 8 3572facility. 3573.It Va firstboot_sentinel 3574.Pq Vt str 3575This variable specifies the full path to a 3576.Dq first boot 3577sentinel file. 3578If a file exists with this path, 3579.Pa rc.d 3580scripts with the 3581.Dq firstboot 3582keyword will be run on startup and the sentinel file will be deleted 3583after the boot process completes. 3584The sentinel file must be located on a writable file system which is 3585mounted no later than 3586.Va early_late_divider 3587to function properly. 3588The default is 3589.Pa /firstboot . 3590.It Va linux_enable 3591.Pq Vt bool 3592Set to 3593.Dq Li YES 3594to enable Linux/ELF binary emulation at system initial 3595boot time. 3596.It Va sysvipc_enable 3597.Pq Vt bool 3598If set to 3599.Dq Li YES , 3600load System V IPC primitives at boot time. 3601.It Va clear_tmp_enable 3602.Pq Vt bool 3603Set to 3604.Dq Li YES 3605to have 3606.Pa /tmp 3607cleaned at startup. 3608.It Va clear_tmp_X 3609.Pq Vt bool 3610Set to 3611.Dq Li NO 3612to disable removing of X11 lock files, 3613and the removal and (secure) recreation 3614of the various socket directories for X11 3615related programs. 3616.It Va ldconfig_paths 3617.Pq Vt str 3618Set to the list of shared library paths to use with 3619.Xr ldconfig 8 . 3620NOTE: 3621.Pa /lib 3622and 3623.Pa /usr/lib 3624will always be added first, so they need not appear in this list. 3625.It Va ldconfig32_paths 3626.Pq Vt str 3627Set to the list of 32-bit compatibility shared library paths to 3628use with 3629.Xr ldconfig 8 . 3630.It Va ldconfig_insecure 3631.Pq Vt bool 3632The 3633.Xr ldconfig 8 3634utility normally refuses to use directories 3635which are writable by anyone except root. 3636Set this variable to 3637.Dq Li YES 3638to disable that security check during system startup. 3639.It Va ldconfig_local_dirs 3640.Pq Vt str 3641Set to the list of local 3642.Xr ldconfig 8 3643directories. 3644The names of all files in the directories listed will be 3645passed as arguments to 3646.Xr ldconfig 8 . 3647.It Va ldconfig_local32_dirs 3648.Pq Vt str 3649Set to the list of local 32-bit compatibility 3650.Xr ldconfig 8 3651directories. 3652The names of all files in the directories listed will be 3653passed as arguments to 3654.Dq Nm ldconfig Fl 32 . 3655.It Va kern_securelevel_enable 3656.Pq Vt bool 3657Set to 3658.Dq Li YES 3659to set the kernel security level at system startup. 3660.It Va kern_securelevel 3661.Pq Vt int 3662The kernel security level to set at startup. 3663The allowed range of 3664.Ar value 3665ranges from \-1 (the compile time default) to 3 (the 3666most secure). 3667See 3668.Xr security 7 3669for the list of possible security levels and their effect 3670on system operation. 3671.It Va sshd_program 3672.Pq Vt str 3673Path to the SSH server program 3674.Pa ( /usr/sbin/sshd 3675is the default). 3676.It Va sshd_enable 3677.Pq Vt bool 3678Set to 3679.Dq Li YES 3680to start 3681.Xr sshd 8 3682at system boot time. 3683.It Va sshd_flags 3684.Pq Vt str 3685If 3686.Va sshd_enable 3687is set to 3688.Dq Li YES , 3689these are the flags to pass to the 3690.Xr sshd 8 3691daemon. 3692.It Va ftpd_program 3693.Pq Vt str 3694Path to the FTP server program 3695.Pa ( /usr/libexec/ftpd 3696is the default). 3697.It Va ftpd_enable 3698.Pq Vt bool 3699Set to 3700.Dq Li YES 3701to start 3702.Xr ftpd 8 3703as a stand-alone daemon at system boot time. 3704.It Va ftpd_flags 3705.Pq Vt str 3706If 3707.Va ftpd_enable 3708is set to 3709.Dq Li YES , 3710these are the additional flags to pass to the 3711.Xr ftpd 8 3712daemon. 3713.It Va watchdogd_enable 3714.Pq Vt bool 3715If set to 3716.Dq Li YES , 3717start the 3718.Xr watchdogd 8 3719daemon at boot time. 3720This requires that the kernel have been compiled with a 3721.Xr watchdog 4 3722compatible device. 3723.It Va watchdogd_flags 3724.Pq Vt str 3725If 3726.Va watchdogd_enable 3727is set to 3728.Dq Li YES , 3729these are the flags passed to the 3730.Xr watchdogd 8 3731daemon. 3732.It Va watchdogd_timeout 3733.Pq Vt int 3734If 3735.Va watchdogd_enable 3736is set to 3737.Dq Li YES , 3738this is a timeout that will be used by the 3739.Xr watchdogd 8 3740daemon. 3741If this option is set, it overrides 3742.Fl t 3743in 3744.Va watchdogd_flags . 3745.It Va watchdogd_shutdown_timeout 3746.Pq Vt int 3747If 3748.Va watchdogd_enable 3749is set to 3750.Dq Li YES , 3751this is a timeout that will be set by the 3752.Xr watchdogd 8 3753daemon when it exits during the system shutdown. 3754This timeout will not be set when returning to the single-user mode 3755or when the watchdogd service is stopped individually using the 3756.Xr service 8 3757command or the rc.d script. 3758Note that the timeout will be applied if 3759.Xr watchdogd 8 3760is stopped outside of 3761.Xr rc 8 3762framework. 3763If this option is set, it overrides 3764.Fl x 3765in 3766.Va watchdogd_flags . 3767.It Va devfs_rulesets 3768.Pq Vt str 3769List of files containing sets of rules for 3770.Xr devfs 8 . 3771.It Va devfs_system_ruleset 3772.Pq Vt str 3773Rule name(s) to apply to the system 3774.Pa /dev 3775itself. 3776.It Va devfs_set_rulesets 3777.Pq Vt str 3778Pairs of already-mounted 3779.Pa dev 3780directories and rulesets that should be applied to them. 3781For example: /mount/dev=ruleset_name 3782.It Va devfs_load_rulesets 3783.Pq Vt bool 3784If set, always load the default rulesets listed in 3785.Va devfs_rulesets . 3786.It Va performance_cx_lowest 3787.Pq Vt str 3788CPU idle state to use while on AC power. 3789The string 3790.Dq Li LOW 3791indicates that 3792.Xr acpi 4 3793should use the lowest power state available while 3794.Dq Li HIGH 3795indicates that the lowest latency state (less power savings) should be used. 3796.It Va performance_cpu_freq 3797.Pq Vt str 3798CPU clock frequency to use while on AC power. 3799The string 3800.Dq Li LOW 3801indicates that 3802.Xr cpufreq 4 3803should use the lowest frequency available while 3804.Dq Li HIGH 3805indicates that the highest frequency (less power savings) should be used. 3806.It Va economy_cx_lowest 3807.Pq Vt str 3808CPU idle state to use when off AC power. 3809The string 3810.Dq Li LOW 3811indicates that 3812.Xr acpi 4 3813should use the lowest power state available while 3814.Dq Li HIGH 3815indicates that the lowest latency state (less power savings) should be used. 3816.It Va economy_cpu_freq 3817.Pq Vt str 3818CPU clock frequency to use when off AC power. 3819The string 3820.Dq Li LOW 3821indicates that 3822.Xr cpufreq 4 3823should use the lowest frequency available while 3824.Dq Li HIGH 3825indicates that the highest frequency (less power savings) should be used. 3826.It Va jail_enable 3827.Pq Vt bool 3828If set to 3829.Dq Li NO , 3830any configured jails will not be started. 3831.It Va jail_conf 3832.Pq Vt str 3833The configuration filename used by 3834.Xr jail 8 3835utility. 3836The default value is 3837.Pa /etc/jail.conf . 3838.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3839and 3840.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3841will also be used if 3842.Va Ao Ar jname Ac Va 3843is set in 3844.Va jail_list . 3845.It Va jail_parallel_start 3846.Pq Vt bool 3847If set to 3848.Dq Li YES , 3849all configured jails will be started in the background (in parallel). 3850.It Va jail_flags 3851.Pq Vt str 3852Unset by default. 3853When set, use as default value for 3854.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3855for every jail in 3856.Va jail_list . 3857.It Va jail_list 3858.Pq Vt str 3859A space-delimited list of jail names. 3860When left empty, all of the 3861.Xr jail 8 3862instances defined in the configuration file are started. 3863The names specified in this list control the jail startup order. 3864.Xr jail 8 3865instances missing from 3866.Va jail_list 3867must be started manually. 3868Note that a jail's 3869.Va depend 3870parameter in the configuration file may override this list. 3871.It Va jail_reverse_stop 3872.Pq Vt bool 3873When set to 3874.Dq Li YES , 3875all configured jails in 3876.Va jail_list 3877are stopped in reverse order. 3878.It Va jail_ Ns * variables 3879Note that older releases supported per-jail configuration via 3880.Nm 3881variables. 3882For example, 3883hostname of a jail named 3884.Li vjail 3885was able to be set by 3886.Li jail_vjail_hostname . 3887These per-jail configuration variables are now obsolete in favor of 3888.Xr jail 8 3889configuration file. 3890For backward compatibility, 3891when per-jail configuration variables are defined, 3892.Xr jail 8 3893configuration files are created as 3894.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3895and used. 3896.Pp 3897The following per-jail parameters are handled by 3898.Pa rc.d/jail 3899script out of their corresponding 3900.Nm 3901variables. 3902In addition to them, parameters in 3903.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3904will be added to the configuration file. 3905They must be a semi-colon 3906.Pq Ql \&; 3907delimited list of 3908.Dq key=value . 3909For more details, 3910see 3911.Xr jail 8 3912manual page. 3913.Bl -tag -width "host.hostname" -offset indent 3914.It Li path 3915set from 3916.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3917.It Li host.hostname 3918set from 3919.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3920.It Li exec.consolelog 3921set from 3922.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3923The default value is 3924.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3925.It Li interface 3926set from 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3928.It Li vnet.interface 3929set from 3930.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3931This implies 3932.Li vnet 3933parameter will be enabled and cannot be specified with 3934.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3935.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3936and/or 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3938at the same time. 3939.It Li fstab 3940set from 3941.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3942.It Li mount 3943set from 3944.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3945.It Li exec.fib 3946set from 3947.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3948.It Li exec.start 3949set from 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3951The parameter name was 3952.Li command 3953in some older releases. 3954.It Li exec.prestart 3955set from 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3957.It Li exec.poststart 3958set from 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3960.It Li exec.stop 3961set from 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3963.It Li exec.prestop 3964set from 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3966.It Li exec.poststop 3967set from 3968.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3969.It Li ip4.addr 3970set if 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3972or 3973.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3974contain IPv4 addresses 3975.It Li ip6.addr 3976set if 3977.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3978or 3979.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3980contain IPv6 addresses 3981.It Li allow.mount 3982set from 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3984.It Li mount.devfs 3985set from 3986.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3987.It Li devfs_ruleset 3988set from 3989.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3990This must be an integer, 3991not a string. 3992.It Li mount.fdescfs 3993set from 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3995.It Li allow.set_hostname 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3998.It Li allow.rawsocket 3999set from 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4001.It Li allow.sysvipc 4002set from 4003.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4004.El 4005.\" ----------------------------------------------------- 4006.It Va harvest_mask 4007.Pq Vt int 4008Set to a bit-mask 4009representing the entropy sources 4010you wish to harvest. 4011Refer to 4012.Xr random 4 4013for more information. 4014.It Va entropy_dir 4015.Pq Vt str 4016Set to 4017.Dq Li NO 4018to disable caching entropy via 4019.Xr cron 8 . 4020Otherwise set to the directory 4021in which the entropy files are stored. 4022To be useful, 4023there must be 4024a system cron job 4025that regularly writes and rotates 4026files here. 4027All files found 4028will be used at boot time. 4029The default is 4030.Pa /var/db/entropy . 4031.It Va entropy_file 4032.Pq Vt str 4033Set to 4034.Dq Li NO 4035to disable caching entropy through reboots. 4036Otherwise set to the name 4037of a file used to store cached entropy. 4038This file should be located 4039on a file system that is readable 4040before all the volumes specified in 4041.Xr fstab 5 4042are mounted. 4043By default, 4044.Pa /entropy 4045is used, 4046but if 4047.Pa /var/db/entropy-file 4048is found it will also be used. 4049This will be of some use to 4050.Xr bsdinstall 8 . 4051.It Va entropy_boot_file 4052.Pq Vt str 4053Set to 4054.Dq Li NO 4055to disable 4056very early caching entropy 4057through reboots. 4058Otherwise set to the filename 4059used to read 4060very early reboot cached entropy. 4061This file should be located where 4062.Xr loader 8 4063can read it. 4064See also 4065.Xr loader.conf 5 . 4066The default location is 4067.Pa /boot/entropy . 4068.It Va entropy_save_sz 4069.Pq Vt int 4070Size of the entropy cache files saved by 4071.Nm save-entropy 4072periodically. 4073.It Va entropy_save_num 4074.Pq Vt int 4075Number of entropy cache files to save by 4076.Nm save-entropy 4077periodically. 4078.It Va ipsec_enable 4079.Pq Vt bool 4080Set to 4081.Dq Li YES 4082to run 4083.Xr setkey 8 4084on 4085.Va ipsec_file 4086at boot time. 4087.It Va ipsec_file 4088.Pq Vt str 4089Configuration file for 4090.Xr setkey 8 . 4091.It Va dmesg_enable 4092.Pq Vt bool 4093Set to 4094.Dq Li YES 4095to save 4096.Xr dmesg 8 4097to 4098.Pa /var/run/dmesg.boot 4099on boot. 4100.It Va rcshutdown_timeout 4101.Pq Vt int 4102If set, start a watchdog timer in the background which will terminate 4103.Pa rc.shutdown 4104if 4105.Xr shutdown 8 4106has not completed within the specified time (in seconds). 4107Notice that in addition to this soft timeout, 4108.Xr init 8 4109also applies a hard timeout for the execution of 4110.Pa rc.shutdown . 4111This is configured via 4112.Xr sysctl 8 4113variable 4114.Va kern.init_shutdown_timeout 4115and defaults to 120 seconds. 4116Setting the value of 4117.Va rcshutdown_timeout 4118to more than 120 seconds will have no effect until the 4119.Xr sysctl 8 4120variable 4121.Va kern.init_shutdown_timeout 4122is also increased. 4123.It Va virecover_enable 4124.Pq Vt bool 4125Set to 4126.Dq Li NO 4127to prevent the system from trying to 4128recover pre-maturely terminated 4129.Xr vi 1 4130sessions. 4131.It Va ugidfw_enable 4132.Pq Vt bool 4133Set to 4134.Dq Li YES 4135to load the 4136.Xr mac_bsdextended 4 4137module upon system initialization and load a default 4138ruleset file. 4139.It Va bsdextended_script 4140.Pq Vt str 4141The default 4142.Xr mac_bsdextended 4 4143ruleset file to load. 4144The default value of this variable is 4145.Pa /etc/rc.bsdextended . 4146.It Va newsyslog_enable 4147.Pq Vt bool 4148If set to 4149.Dq Li YES , 4150run 4151.Xr newsyslog 8 4152command at startup. 4153.It Va newsyslog_flags 4154.Pq Vt str 4155If 4156.Va newsyslog_enable 4157is set to 4158.Dq Li YES , 4159these are the flags to pass to the 4160.Xr newsyslog 8 4161program. 4162The default is 4163.Dq Li -CN , 4164which causes log files flagged with a 4165.Cm C 4166to be created. 4167.It Va mdconfig_md Ns Aq Ar X 4168.Pq Vt str 4169Arguments to 4170.Xr mdconfig 8 4171for 4172.Xr md 4 4173device 4174.Ar X . 4175At minimum a 4176.Fl t Ar type 4177must be specified and either a 4178.Fl s Ar size 4179for malloc or swap backed 4180.Xr md 4 4181devices or a 4182.Fl f Ar file 4183for vnode backed 4184.Xr md 4 4185devices. 4186Note that 4187.Va mdconfig_md Ns Aq Ar X 4188variables are evaluated until one variable is unset or null. 4189.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4190.Pq Vt str 4191Optional arguments passed to 4192.Xr newfs 8 4193to initialize 4194.Xr md 4 4195device 4196.Ar X . 4197.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4198.Pq Vt str 4199An ownership specification passed to 4200.Xr chown 8 4201after the specified 4202.Xr md 4 4203device 4204.Ar X 4205has been mounted. 4206Both the 4207.Xr md 4 4208device and the mount point will be changed. 4209.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4210.Pq Vt str 4211A mode string passed to 4212.Xr chmod 1 4213after the specified 4214.Xr md 4 4215device 4216.Ar X 4217has been mounted. 4218Both the 4219.Xr md 4 4220device and the mount point will be changed. 4221.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4222.Pq Vt str 4223Files to be copied to the mount point of the 4224.Xr md 4 4225device 4226.Ar X 4227after it has been mounted. 4228.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4229.Pq Vt str 4230Command to execute after the specified 4231.Xr md 4 4232device 4233.Ar X 4234has been mounted. 4235Note that the command is passed to 4236.Ic eval 4237and that both 4238.Va _dev 4239and 4240.Va _mp 4241variables can be used to reference respectively the 4242.Xr md 4 4243device and the mount point. 4244Assuming that the 4245.Xr md 4 4246device is 4247.Li md0 , 4248one could set the following: 4249.Bd -literal 4250mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4251.Ed 4252.It Va autobridge_interfaces 4253.Pq Vt str 4254Set to the list of bridge interfaces that will have newly arriving interfaces 4255checked against to be automatically added. 4256If not set to 4257.Dq Li NO 4258then for each whitespace separated 4259.Ar element 4260in the value, a 4261.Va autobridge_ Ns Aq Ar element 4262variable is assumed to exist which has a whitespace separated list of interface 4263names to match, these names can use wildcards. 4264For example: 4265.Bd -literal 4266autobridge_interfaces="bridge0" 4267autobridge_bridge0="tap* dc0 vlan[345]" 4268.Ed 4269.It Va mixer_enable 4270.Pq Vt bool 4271If set to 4272.Dq Li YES , 4273enable support for sound mixer. 4274.It Va hcsecd_enable 4275.Pq Vt bool 4276If set to 4277.Dq Li YES , 4278enable Bluetooth security daemon. 4279.It Va hcsecd_config 4280.Pq Vt str 4281Configuration file for 4282.Xr hcsecd 8 . 4283Default 4284.Pa /etc/bluetooth/hcsecd.conf . 4285.It Va sdpd_enable 4286.Pq Vt bool 4287If set to 4288.Dq Li YES , 4289enable Bluetooth Service Discovery Protocol daemon. 4290.It Va sdpd_control 4291.Pq Vt str 4292Path to 4293.Xr sdpd 8 4294control socket. 4295Default 4296.Pa /var/run/sdp . 4297.It Va sdpd_groupname 4298.Pq Vt str 4299Sets 4300.Xr sdpd 8 4301group to run as after it initializes. 4302Default 4303.Dq Li nobody . 4304.It Va sdpd_username 4305.Pq Vt str 4306Sets 4307.Xr sdpd 8 4308user to run as after it initializes. 4309Default 4310.Dq Li nobody . 4311.It Va bthidd_enable 4312.Pq Vt bool 4313If set to 4314.Dq Li YES , 4315enable Bluetooth Human Interface Device daemon. 4316.It Va bthidd_config 4317.Pq Vt str 4318Configuration file for 4319.Xr bthidd 8 . 4320Default 4321.Pa /etc/bluetooth/bthidd.conf . 4322.It Va bthidd_hids 4323.Pq Vt str 4324Path to a file, where 4325.Xr bthidd 8 4326will store information about known HID devices. 4327Default 4328.Pa /var/db/bthidd.hids . 4329.It Va rfcomm_pppd_server_enable 4330.Pq Vt bool 4331If set to 4332.Dq Li YES , 4333enable Bluetooth RFCOMM PPP wrapper daemon. 4334.It Va rfcomm_pppd_server_profile 4335.Pq Vt str 4336The name of the profile to use from 4337.Pa /etc/ppp/ppp.conf . 4338Multiple profiles can be specified here. 4339Also used to specify per-profile overrides. 4340When the profile name contains any of the characters 4341.Dq Li .-/+ 4342they are translated to 4343.Dq Li _ 4344for the proposes of the override variable names. 4345.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4346.Pq Vt str 4347Overrides local address to listen on. 4348By default 4349.Xr rfcomm_pppd 8 4350will listen on 4351.Dq Li ANY 4352address. 4353The address can be specified as BD_ADDR or name. 4354.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4355.Pq Vt str 4356Overrides local RFCOMM channel to listen on. 4357By default 4358.Xr rfcomm_pppd 8 4359will listen on RFCOMM channel 1. 4360Must set properly if multiple profiles used in the same time. 4361.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4362.Pq Vt bool 4363Tells 4364.Xr rfcomm_pppd 8 4365if it should register Serial Port service on the specified RFCOMM channel. 4366Default 4367.Dq Li NO . 4368.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4369.Pq Vt bool 4370Tells 4371.Xr rfcomm_pppd 8 4372if it should register Dial-Up Networking service on the specified 4373RFCOMM channel. 4374Default 4375.Dq Li NO . 4376.It Va ubthidhci_enable 4377.Pq Vt bool 4378If set to 4379.Dq Li YES , 4380change the USB Bluetooth controller from HID mode to HCI mode. 4381You also need to specify the location of USB Bluetooth controller with the 4382.Va ubthidhci_busnum 4383and 4384.Va ubthidhci_addr 4385variables. 4386.It Va ubthidhci_busnum 4387Bus number where the USB Bluetooth controller is located. 4388Check the output of 4389.Xr usbconfig 8 4390on your system to find this information. 4391.It Va ubthidhci_addr 4392Bus address of the USB Bluetooth controller. 4393Check the output of 4394.Xr usbconfig 8 4395on your system to find this information. 4396.It Va netwait_enable 4397.Pq Vt bool 4398If set to 4399.Dq Li YES , 4400delays the start of network-reliant services until 4401.Va netwait_if 4402is up and ICMP packets to a destination defined in 4403.Va netwait_ip 4404are flowing. 4405Link state is examined first, followed by 4406.Dq Li pinging 4407an IP address to verify network usability. 4408If no destination can be reached or timeouts are exceeded, 4409network services are started anyway with no guarantee that 4410the network is usable. 4411Use of this variable requires both 4412.Va netwait_ip 4413and 4414.Va netwait_if 4415to be set. 4416.It Va netwait_ip 4417.Pq Vt str 4418Empty by default. 4419This variable contains a space-delimited list of IP addresses to 4420.Xr ping 8 . 4421DNS hostnames should not be used as resolution is not guaranteed 4422to be functional at this point. 4423If multiple IP addresses are specified, 4424each will be tried until one is successful or the list is exhausted. 4425.It Va netwait_timeout 4426.Pq Vt int 4427Indicates the total number of seconds to perform a 4428.Dq Li ping 4429against each IP address in 4430.Va netwait_ip , 4431at a rate of one ping per second. 4432If any of the pings are successful, 4433full network connectivity is considered reliable. 4434The default is 60. 4435.It Va netwait_if 4436.Pq Vt str 4437Empty by default. 4438Defines the name of the network interface on which watch for link. 4439.Xr ifconfig 8 4440is used to monitor the interface, looking for 4441.Dq Li status: no carrier . 4442Once gone, the link is considered up. 4443This can be a 4444.Xr vlan 4 4445interface if desired. 4446.It Va netwait_if_timeout 4447.Pq Vt int 4448Defines the total number of seconds to wait for link to become usable, 4449polled at a 1-second interval. 4450The default is 30. 4451.It Va rctl_enable 4452.Pq Vt bool 4453If set to 4454.Dq Li YES , 4455load 4456.Xr rctl 8 4457rules from the defined ruleset. 4458The kernel must be built with 4459.Cd "options RACCT" 4460and 4461.Cd "options RCTL" . 4462.It Va rctl_rules 4463.Pq Vt str 4464Set to 4465.Pa /etc/rctl.conf 4466by default. 4467This variables contains the 4468.Xr rctl.conf 5 4469ruleset to load for 4470.Xr rctl 8 . 4471.It Va iovctl_files 4472.Pq Vt str 4473A space-separated list of configuration files used by 4474.Xr iovctl 8 . 4475The default value is an empty string. 4476.It Va autofs_enable 4477.Pq Vt bool 4478If set to 4479.Dq Li YES , 4480start the 4481.Xr automount 8 4482utility and the 4483.Xr automountd 8 4484and 4485.Xr autounmountd 8 4486daemons at boot time. 4487.It Va automount_flags 4488.Pq Vt str 4489If 4490.Va autofs_enable 4491is set to 4492.Dq Li YES , 4493these are the flags to pass to the 4494.Xr automount 8 4495program. 4496By default no flags are passed. 4497.It Va automountd_flags 4498.Pq Vt str 4499If 4500.Va autofs_enable 4501is set to 4502.Dq Li YES , 4503these are the flags to pass to the 4504.Xr automountd 8 4505daemon. 4506By default no flags are passed. 4507.It Va autounmountd_flags 4508.Pq Vt str 4509If 4510.Va autofs_enable 4511is set to 4512.Dq Li YES , 4513these are the flags to pass to the 4514.Xr autounmountd 8 4515daemon. 4516By default no flags are passed. 4517.It Va ctld_enable 4518.Pq Vt bool 4519If set to 4520.Dq Li YES , 4521start the 4522.Xr ctld 8 4523daemon at boot time. 4524.It Va iscsid_enable 4525.Pq Vt bool 4526If set to 4527.Dq Li YES , 4528start the 4529.Xr iscsid 8 4530daemon at boot time. 4531.It Va iscsictl_enable 4532.Pq Vt bool 4533If set to 4534.Dq Li YES , 4535start the 4536.Xr iscsictl 8 4537utility at boot time. 4538.It Va iscsictl_flags 4539.Pq Vt str 4540If 4541.Va iscsictl_enable 4542is set to 4543.Dq Li YES , 4544these are the flags to pass to the 4545.Xr iscsictl 8 4546program. 4547The default is 4548.Dq Li -Aa , 4549which configures sessions based on the 4550.Pa /etc/iscsi.conf 4551configuration file. 4552.It Va cfumass_enable 4553.Pq Vt bool 4554If set to 4555.Dq Li YES , 4556create and export an USB LUN using 4557.Xr cfumass 4 4558at boot time. 4559.It Va cfumass_dir 4560.Pq Vt str 4561The directory where the files exported by USB LUN are located. 4562The default directory is 4563.Pa /var/cfumass . 4564.It Va service_delete_empty 4565.Pq Vt bool 4566If set to 4567.Dq Li YES , 4568.Ql Li service delete 4569removes empty 4570.Dq Li rc.conf.d 4571files. 4572.It Va zfs_bootonce_activate 4573.Pq Vt bool 4574If set to 4575.Dq Li YES , 4576and a boot environment marked bootonce is successfully booted, 4577it will be made permanently active. 4578.El 4579.Sh FILES 4580.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4581.It Pa /etc/defaults/rc.conf 4582.It Pa /etc/defaults/vendor.conf 4583.It Pa /etc/rc.conf 4584.It Pa /etc/rc.conf.local 4585.El 4586.Sh SEE ALSO 4587.Xr chmod 1 , 4588.Xr gdb 1 , 4589.Xr info 1 , 4590.Xr kbdcontrol 1 , 4591.Xr sh 1 , 4592.Xr vi 1 , 4593.Xr vidcontrol 1 , 4594.Xr bridge 4 , 4595.Xr dummynet 4 , 4596.Xr ip 4 , 4597.Xr ipf 4 , 4598.Xr ipfw 4 , 4599.Xr ipnat 4 , 4600.Xr kld 4 , 4601.Xr pf 4 , 4602.Xr pflog 4 , 4603.Xr pfsync 4 , 4604.Xr tcp 4 , 4605.Xr udp 4 , 4606.Xr exports 5 , 4607.Xr fstab 5 , 4608.Xr ipf 5 , 4609.Xr ipnat 5 , 4610.Xr jail.conf 5 , 4611.Xr loader.conf 5 , 4612.Xr motd 5 , 4613.Xr newsyslog.conf 5 , 4614.Xr pf.conf 5 , 4615.Xr firewall 7 , 4616.Xr growfs 7 , 4617.Xr security 7 , 4618.Xr tuning 7 , 4619.Xr accton 8 , 4620.Xr apm 8 , 4621.Xr bsdinstall 8 , 4622.Xr bthidd 8 , 4623.Xr chkprintcap 8 , 4624.Xr chown 8 , 4625.Xr cron 8 , 4626.Xr devfs 8 , 4627.Xr dhclient 8 , 4628.Xr ftpd 8 , 4629.Xr geli 8 , 4630.Xr hcsecd 8 , 4631.Xr ifconfig 8 , 4632.Xr inetd 8 , 4633.Xr iovctl 8 , 4634.Xr ipf 8 , 4635.Xr ipfw 8 , 4636.Xr ipnat 8 , 4637.Xr jail 8 , 4638.Xr kldxref 8 , 4639.Xr loader 8 , 4640.Xr lpd 8 , 4641.Xr makewhatis 8 , 4642.Xr mdconfig 8 , 4643.Xr mdmfs 8 , 4644.Xr mixer 8 , 4645.Xr mountd 8 , 4646.Xr moused 8 , 4647.Xr newfs 8 , 4648.Xr newsyslog 8 , 4649.Xr nfsd 8 , 4650.Xr ntpd 8 , 4651.Xr ntpdate 8 , 4652.Xr pfctl 8 , 4653.Xr pflogd 8 , 4654.Xr ping 8 , 4655.Xr powerd 8 , 4656.Xr quotacheck 8 , 4657.Xr quotaon 8 , 4658.Xr rc 8 , 4659.Xr rc.sendmail 8 , 4660.Xr rcorder 8 , 4661.Xr rfcomm_pppd 8 , 4662.Xr route 8 , 4663.Xr routed 8 , 4664.Xr rpc.lockd 8 , 4665.Xr rpc.statd 8 , 4666.Xr rpcbind 8 , 4667.Xr rwhod 8 , 4668.Xr savecore 8 , 4669.Xr sdpd 8 , 4670.Xr service 8 , 4671.Xr sshd 8 , 4672.Xr swapon 8 , 4673.Xr sysctl 8 , 4674.Xr syslogd 8 , 4675.Xr sysrc 8 , 4676.Xr unbound 8 , 4677.Xr usbconfig 8 , 4678.Xr wlandebug 8 , 4679.Xr yp 8 , 4680.Xr ypbind 8 , 4681.Xr ypserv 8 , 4682.Xr ypset 8 4683.Sh HISTORY 4684The 4685.Nm 4686file appeared in 4687.Fx 2.2.2 . 4688.Sh AUTHORS 4689.An Jordan K. Hubbard . 4690