xref: /freebsd/share/man/man5/rc.conf.5 (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd January 12, 2008
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility,
42.Xr sysinstall 8 .
43.Pp
44The purpose of
45.Nm
46is not to run commands or perform system startup actions
47directly.
48Instead, it is included by the
49various generic startup scripts in
50.Pa /etc
51which conditionalize their
52internal actions according to the settings found there.
53.Pp
54The
55.Pa /etc/rc.conf
56file is included from the file
57.Pa /etc/defaults/rc.conf ,
58which specifies the default settings for all the available options.
59Options need only be specified in
60.Pa /etc/rc.conf
61when the system administrator wishes to override these defaults.
62The file
63.Pa /etc/rc.conf.local
64is used to override settings in
65.Pa /etc/rc.conf
66for historical reasons.
67See the
68.Va rc_conf_files
69variable below.
70.Pp
71Options are set with
72.Dq Ar name Ns Li = Ns Ar value
73assignments that use
74.Xr sh 1
75syntax.
76The following list provides a name and short description for each
77variable that can be set in the
78.Nm
79file:
80.Bl -tag -width indent-two
81.It Va rc_debug
82.Pq Vt bool
83If set to
84.Dq Li YES ,
85enable output of debug messages from rc scripts.
86This variable can be helpful in diagnosing mistakes when
87editing or integrating new scripts.
88Beware that this produces copious output to the terminal and
89.Xr syslog 3 .
90.It Va rc_info
91.Pq Vt bool
92If set to
93.Dq Li NO ,
94disable informational messages from the rc scripts.
95Informational messages are displayed when
96a condition that is not serious enough to warrant a warning or
97an error occurs.
98.It Va early_late_divider
99.Pq Vt str
100The name of the script that should be used as the
101delimiter between the
102.Dq early
103and
104.Dq late
105stages of the boot process.
106The early stage should contain all the services needed to
107get the disks (local or remote) mounted so that the late
108stage can include scripts contained in the directories
109listed in the
110.Va local_startup
111variable (see below).
112Thus, the two likely candidates for this value are
113.Pa mountcritlocal
114for the typical system, and
115.Pa mountcritremote
116if the system needs remote file
117systems mounted to get access to the
118.Va local_startup
119directories; for example when
120.Pa /usr/local
121is NFS mounted.
122For
123.Pa rc.conf
124within a
125.Xr jail 8
126.Pa NETWORKING
127is likely to be an appropriate value.
128Extreme care should be taken when changing this value,
129and before changing it one should ensure that there are
130adequate provisions to recover from a failed boot
131(such as physical contact with the machine,
132or reliable remote console access).
133.It Va swapfile
134.Pq Vt str
135If set to
136.Dq Li NO ,
137no swapfile is installed, otherwise the value is used as the full
138pathname to a file to use for additional swap space.
139.It Va apm_enable
140.Pq Vt bool
141If set to
142.Dq Li YES ,
143enable support for Automatic Power Management with
144the
145.Xr apm 8
146command.
147.It Va apmd_enable
148.Pq Vt bool
149Run
150.Xr apmd 8
151to handle APM event from userland.
152This also enables support for APM.
153.It Va apmd_flags
154.Pq Vt str
155If
156.Va apmd_enable
157is set to
158.Dq Li YES ,
159these are the flags to pass to the
160.Xr apmd 8
161daemon.
162.It Va devd_enable
163.Pq Vt bool
164Run
165.Xr devd 8
166to handle device added, removed or unknown events from the kernel.
167.It Va kldxref_enable
168.Pq Vt bool
169Set to
170.Dq Li NO
171by default.
172Set to
173.Dq Li YES
174to automatically rebuild
175.Pa linker.hints
176files with
177.Xr kldxref 8
178at boot time.
179.It Va kldxref_clobber
180.Pq Vt bool
181Set to
182.Dq Li NO
183by default.
184If
185.Va kldxref_enable
186is true,
187setting to
188.Dq Li YES
189will overwrite existing
190.Pa linker.hints
191files at boot time.
192Otherwise,
193only missing
194.Pa linker.hints
195files are generated.
196.It Va kldxref_module_path
197.Pq Vt str
198Empty by default.
199A semi-colon
200.Pq Ql \&;
201delimited list of paths containing
202.Xr kld 4
203modules.
204If empty,
205the contents of the
206.Va kern.module_path
207.Xr sysctl 8
208are used.
209.It Va powerd_enable
210.Pq Vt bool
211If set to
212.Dq Li YES ,
213enable the system power control facility with the
214.Xr powerd 8
215daemon.
216.It Va powerd_flags
217.Pq Vt str
218If
219.Va powerd_enable
220is set to
221.Dq Li YES ,
222these are the flags to pass to the
223.Xr powerd 8
224daemon.
225.It Va tmpmfs
226Controls the creation of a
227.Pa /tmp
228memory file system.
229Always happens if set to
230.Dq Li YES
231and never happens if set to
232.Dq Li NO .
233If set to anything else, a memory file system is created if
234.Pa /tmp
235is not writable.
236.It Va tmpsize
237Controls the size of a created
238.Pa /tmp
239memory file system.
240.It Va tmpmfs_flags
241Extra options passed to the
242.Xr mdmfs 8
243utility when the memory file system for
244.Pa /tmp
245is created.
246The default is
247.Dq Li "-S" ,
248which inhibits the use of softupdates on
249.Pa /tmp
250so that file system space is freed without delay
251after file truncation or deletion.
252See
253.Xr mdmfs 8
254for other options you can use in
255.Va tmpmfs_flags .
256.It Va varmfs
257Controls the creation of a
258.Pa /var
259memory file system.
260Always happens if set to
261.Dq Li YES
262and never happens if set to
263.Dq Li NO .
264If set to anything else, a memory file system is created if
265.Pa /var
266is not writable.
267.It Va varsize
268Controls the size of a created
269.Pa /var
270memory file system.
271.It Va varmfs_flags
272Extra options passed to the
273.Xr mdmfs 8
274utility when the memory file system for
275.Pa /var
276is created.
277The default is
278.Dq Li "-S" ,
279which inhibits the use of softupdates on
280.Pa /var
281so that file system space is freed without delay
282after file truncation or deletion.
283See
284.Xr mdmfs 8
285for other options you can use in
286.Va varmfs_flags .
287.It Va populate_var
288Controls the automatic population of the
289.Pa /var
290file system.
291Always happens if set to
292.Dq Li YES
293and never happens if set to
294.Dq Li NO .
295If set to anything else, a memory file system is created if
296.Pa /var
297is not writable.
298Note that this process requires access to certain commands in
299.Pa /usr
300before
301.Pa /usr
302is mounted on normal systems.
303.It Va cleanvar_enable
304.Pq Vt bool
305Clean the
306.Pa /var
307directory.
308.It Va local_startup
309.Pq Vt str
310List of directories to search for startup script files.
311.It Va script_name_sep
312.Pq Vt str
313The field separator to use for breaking down the list of startup script files
314into individual filenames.
315The default is a space.
316It is not necessary to change this unless there are startup scripts with names
317containing spaces.
318.It Va hostapd_enable
319.Pq Vt bool
320Set to
321.Dq Li YES
322to start
323.Xr hostapd 8
324at system boot time.
325.It Va hostname
326.Pq Vt str
327The fully qualified domain name (FQDN) of this host on the network.
328This should almost certainly be set to something meaningful, even if
329there is no network connection.
330If
331.Xr dhclient 8
332is used to set the hostname via DHCP,
333this variable should be set to an empty string.
334.It Va ipv6_enable
335.Pq Vt bool
336Enable support for IPv6 networking.
337Note that this requires that the kernel has been compiled with
338.Cd "options INET6" .
339.It Va nisdomainname
340.Pq Vt str
341The NIS domain name of this host, or
342.Dq Li NO
343if NIS is not used.
344.It Va dhclient_program
345.Pq Vt str
346Path to the DHCP client program
347.Pa ( /sbin/dhclient ,
348the
349.Ox
350DHCP client,
351is the default).
352.It Va dhclient_flags
353.Pq Vt str
354Additional flags to pass to the DHCP client program.
355For the
356.Ox
357DHCP client, see the
358.Xr dhclient 8
359manpage for a description of the command line options available.
360.It Va dhclient_flags_ Ns Aq Ar iface
361Additional flags to pass to the DHCP client program running on
362.Ar iface
363only.
364When specified, this variable overrides
365.Va dhclient_flags .
366.It Va background_dhclient
367.Pq Vt bool
368Set to
369.Dq Li YES
370to start the DHCP client in background.
371This can cause trouble with applications depending on
372a working network, but it will provide a faster startup
373in many cases.
374.It Va background_dhclient_ Ns Aq Ar iface
375When specified, this variable overrides the
376.Va background_dhclient
377variable for interface
378.Ar iface
379only.
380.It Va synchronous_dhclient
381.Pq Bt bool
382Set to
383.Dq Li NO
384to start
385.Xr dhclient 8
386only in response to interface events and not synchronously at startup.
387This behavior can be overridden on a per-interface basis by replacing
388the
389.Dq Li DHCP
390keyword in the
391.Va ifconfig_ Ns Aq Ar interface
392variable with
393.Dq Li SYNCDHCP
394or
395.Dq Li NOSYNCDHCP .
396.It Va firewall_enable
397.Pq Vt bool
398Set to
399.Dq Li YES
400to load firewall rules at startup.
401If the kernel was not built with
402.Cd "options IPFIREWALL" ,
403the
404.Pa ipfw.ko
405kernel module will be loaded.
406See also
407.Va ipfilter_enable .
408.It Va ipv6_firewall_enable
409.Pq Vt bool
410The IPv6 equivalent of
411.Va firewall_enable .
412Set to
413.Dq Li YES
414to load IPv6 firewall rules at startup.
415If the kernel was not built with
416.Cd "options IPV6FIREWALL" ,
417the
418.Pa ipfw.ko
419kernel module will be loaded.
420.It Va firewall_script
421.Pq Vt str
422This variable specifies the full path to the firewall script to run.
423The default is
424.Pa /etc/rc.firewall .
425.It Va ipv6_firewall_script
426.Pq Vt str
427The IPv6 equivalent of
428.Va firewall_script .
429.It Va firewall_type
430.Pq Vt str
431Names the firewall type from the selection in
432.Pa /etc/rc.firewall ,
433or the file which contains the local firewall ruleset.
434Valid selections from
435.Pa /etc/rc.firewall
436are:
437.Pp
438.Bl -tag -width ".Li simple" -compact
439.It Li open
440unrestricted IP access
441.It Li closed
442all IP services disabled, except via
443.Dq Li lo0
444.It Li client
445basic protection for a workstation
446.It Li simple
447basic protection for a LAN.
448.El
449.Pp
450If a filename is specified, the full path
451must be given.
452.It Va ipv6_firewall_type
453.Pq Vt str
454The IPv6 equivalent of
455.Va firewall_type .
456.It Va firewall_quiet
457.Pq Vt bool
458Set to
459.Dq Li YES
460to disable the display of firewall rules on the console during boot.
461.It Va ipv6_firewall_quiet
462.Pq Vt bool
463The IPv6 equivalent of
464.Va firewall_quiet .
465.It Va firewall_logging
466.Pq Vt bool
467Set to
468.Dq Li YES
469to enable firewall event logging.
470This is equivalent to the
471.Dv IPFIREWALL_VERBOSE
472kernel option.
473.It Va ipv6_firewall_logging
474.Pq Vt bool
475The IPv6 equivalent of
476.Va firewall_logging .
477.It Va firewall_flags
478.Pq Vt str
479Flags passed to
480.Xr ipfw 8
481if
482.Va firewall_type
483specifies a filename.
484.It Va ipv6_firewall_flags
485.Pq Vt str
486The IPv6 equivalent of
487.Va firewall_flags .
488.It Va natd_program
489.Pq Vt str
490Path to
491.Xr natd 8 .
492.It Va natd_enable
493.Pq Vt bool
494Set to
495.Dq Li YES
496to enable
497.Xr natd 8 .
498.Va firewall_enable
499must also be set to
500.Dq Li YES ,
501and
502.Xr divert 4
503sockets must be enabled in the kernel.
504If the kernel was not built with
505.Cd "options IPDIVERT" ,
506the
507.Pa ipdivert.ko
508kernel module will be loaded.
509.It Va natd_interface
510.Pq Vt str
511This is the name of the public interface on which
512.Xr natd 8
513should run.
514The interface may be given as an interface name or as an IP address.
515.It Va natd_flags
516.Pq Vt str
517Additional
518.Xr natd 8
519flags should be placed here.
520The
521.Fl n
522or
523.Fl a
524flag is automatically added with the above
525.Va natd_interface
526as an argument.
527.\" ----- ipfilter_enable setting --------------------------------
528.It Va ipfilter_enable
529.Pq Vt bool
530Set to
531.Dq Li NO
532by default.
533Setting this to
534.Dq Li YES
535enables
536.Xr ipf 8
537packet filtering.
538.Pp
539Typical usage will require putting
540.Bd -literal
541ipfilter_enable="YES"
542ipnat_enable="YES"
543ipmon_enable="YES"
544ipfs_enable="YES"
545.Ed
546.Pp
547into
548.Pa /etc/rc.conf
549and editing
550.Pa /etc/ipf.rules
551and
552.Pa /etc/ipnat.rules
553appropriately.
554.Pp
555Note that
556.Va ipfilter_enable
557and
558.Va ipnat_enable
559can be enabled independently.
560.Va ipmon_enable
561and
562.Va ipfs_enable
563both require at least one of
564.Va ipfilter_enable
565and
566.Va ipnat_enable
567to be enabled.
568.Pp
569Having
570.Bd -literal
571options IPFILTER
572options IPFILTER_LOG
573options IPFILTER_DEFAULT_BLOCK
574.Ed
575.Pp
576in the kernel configuration file is a good idea, too.
577.\" ----- ipfilter_program setting ------------------------------
578.It Va ipfilter_program
579.Pq Vt str
580Path to
581.Xr ipf 8
582(default
583.Pa /sbin/ipf ) .
584.\" ----- ipfilter_rules setting --------------------------------
585.It Va ipfilter_rules
586.Pq Vt str
587Set to
588.Pa /etc/ipf.rules
589by default.
590This variable contains the name of the filter rule definition file.
591The file is expected to be readable for the
592.Xr ipf 8
593command to execute.
594.\" ----- ipv6_ipfilter_rules setting ---------------------------
595.It Va ipv6_ipfilter_rules
596.Pq Vt str
597Set to
598.Pa /etc/ipf6.rules
599by default.
600This variable contains the IPv6 filter rule definition file.
601The file is expected to be readable for the
602.Xr ipf 8
603command to execute.
604.\" ----- ipfilter_flags setting --------------------------------
605.It Va ipfilter_flags
606.Pq Vt str
607Empty by default.
608This variable contains flags passed to the
609.Xr ipf 8
610program.
611.\" ----- ipnat_enable setting ----------------------------------
612.It Va ipnat_enable
613.Pq Vt bool
614Set to
615.Dq Li NO
616by default.
617Set it to
618.Dq Li YES
619to enable
620.Xr ipnat 8
621network address translation.
622See
623.Va ipfilter_enable
624for a detailed discussion.
625.\" ----- ipnat_program setting ---------------------------------
626.It Va ipnat_program
627.Pq Vt str
628Path to
629.Xr ipnat 8
630(default
631.Pa /sbin/ipnat ) .
632.\" ----- ipnat_rules setting -----------------------------------
633.It Va ipnat_rules
634.Pq Vt str
635Set to
636.Pa /etc/ipnat.rules
637by default.
638This variable contains the name of the file
639holding the network address translation definition.
640This file is expected to be readable for the
641.Xr ipnat 8
642command to execute.
643.\" ----- ipnat_flags setting -----------------------------------
644.It Va ipnat_flags
645.Pq Vt str
646Empty by default.
647This variable contains flags passed to the
648.Xr ipnat 8
649program.
650.\" ----- ipmon_enable setting ----------------------------------
651.It Va ipmon_enable
652.Pq Vt bool
653Set to
654.Dq Li NO
655by default.
656Set it to
657.Dq Li YES
658to enable
659.Xr ipmon 8
660monitoring (logging
661.Xr ipf 8
662and
663.Xr ipnat 8
664events).
665Setting this variable needs setting
666.Va ipfilter_enable
667or
668.Va ipnat_enable
669too.
670See
671.Va ipfilter_enable
672for a detailed discussion.
673.\" ----- ipmon_program setting ---------------------------------
674.It Va ipmon_program
675.Pq Vt str
676Path to
677.Xr ipmon 8
678(default
679.Pa /sbin/ipmon ) .
680.\" ----- ipmon_flags setting -----------------------------------
681.It Va ipmon_flags
682.Pq Vt str
683Set to
684.Dq Li -Ds
685by default.
686This variable contains flags passed to the
687.Xr ipmon 8
688program.
689Another typical example would be
690.Dq Fl D Pa /var/log/ipflog
691to have
692.Xr ipmon 8
693log directly to a file bypassing
694.Xr syslogd 8 .
695Make sure to adjust
696.Pa /etc/newsyslog.conf
697in such case like this:
698.Bd -literal
699/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
700.Ed
701.\" ----- ipfs_enable setting -----------------------------------
702.It Va ipfs_enable
703.Pq Vt bool
704Set to
705.Dq Li NO
706by default.
707Set it to
708.Dq Li YES
709to enable
710.Xr ipfs 8
711saving the filter and NAT state tables during shutdown
712and reloading them during startup again.
713Setting this variable needs setting
714.Va ipfilter_enable
715or
716.Va ipnat_enable
717to
718.Dq Li YES
719too.
720See
721.Va ipfilter_enable
722for a detailed discussion.
723Note that if
724.Va kern_securelevel
725is set to 3,
726.Va ipfs_enable
727cannot be used
728because the raised securelevel will prevent
729.Xr ipfs 8
730from saving the state tables at shutdown time.
731.\" ----- ipfs_program setting ----------------------------------
732.It Va ipfs_program
733.Pq Vt str
734Path to
735.Xr ipfs 8
736(default
737.Pa /sbin/ipfs ) .
738.\" ----- ipfs_flags setting ------------------------------------
739.It Va ipfs_flags
740.Pq Vt str
741Empty by default.
742This variable contains flags passed to the
743.Xr ipfs 8
744program.
745.\" ----- end of added ipf hook ---------------------------------
746.It Va pf_enable
747.Pq Vt bool
748Set to
749.Dq Li NO
750by default.
751Setting this to
752.Dq Li YES
753enables
754.Xr pf 4
755packet filtering.
756.Pp
757Typical usage will require putting
758.Pp
759.Dl pf_enable="YES"
760.Pp
761into
762.Pa /etc/rc.conf
763and editing
764.Pa /etc/pf.conf
765appropriately.
766Adding
767.Pp
768.Dl "device pf"
769.Pp
770builds support for
771.Xr pf 4
772into the kernel, otherwise the
773kernel module will be loaded.
774.It Va pf_rules
775.Pq Vt str
776Path to
777.Xr pf 4
778ruleset configuration file
779(default
780.Pa /etc/pf.conf ) .
781.It Va pf_program
782.Pq Vt str
783Path to
784.Xr pfctl 8
785(default
786.Pa /sbin/pfctl ) .
787.It Va pf_flags
788.Pq Vt str
789If
790.Va pf_enable
791is set to
792.Dq Li YES ,
793these flags are passed to the
794.Xr pfctl 8
795program when loading the ruleset.
796.It Va pflog_enable
797.Pq Vt bool
798Set to
799.Dq Li NO
800by default.
801Setting this to
802.Dq Li YES
803enables
804.Xr pflogd 8
805which logs packets from the
806.Xr pf 4
807packet filter.
808.It Va pflog_logfile
809.Pq Vt str
810If
811.Va pflog_enable
812is set to
813.Dq Li YES
814this controls where
815.Xr pflogd 8
816stores the logfile
817(default
818.Pa /var/log/pflog ) .
819Check
820.Pa /etc/newsyslog.conf
821to adjust logfile rotation for this.
822.It Va pflog_program
823.Pq Vt str
824Path to
825.Xr pflogd 8
826(default
827.Pa /sbin/pflogd ) .
828.It Va pflog_flags
829.Pq Vt str
830Empty by default.
831This variable contains additional flags passed to the
832.Xr pflogd 8
833program.
834.It Va ftpproxy_enable
835.Pq Vt bool
836Set to
837.Dq Li NO
838by default.
839Setting this to
840.Dq Li YES
841enables
842.Xr ftp-proxy 8
843which supports the
844.Xr pf 4
845packet filter in translating ftp connections.
846.It Va ftpproxy_flags
847.Pq Vt str
848Empty by default.
849This variable contains additional flags passed to the
850.Xr ftp-proxy 8
851program.
852.It Va pfsync_enable
853.Pq Vt bool
854Set to
855.Dq Li NO
856by default.
857Setting this to
858.Dq Li YES
859enables exposing
860.Xr pf 4
861state changes to other hosts over the network by means of
862.Xr pfsync 4 .
863The
864.Va pfsync_syncdev
865variable
866must also be set then.
867.It Va pfsync_syncdev
868.Pq Vt str
869Empty by default.
870This variable specifies the name of the network interface
871.Xr pfsync 4
872should operate through.
873It must be set accordingly if
874.Va pfsync_enable
875is set to
876.Dq Li YES .
877.It Va pfsync_syncpeer
878.Pq Vt str
879Empty by default.
880This variable is optional.
881By default, state change messages are sent out on the synchronisation
882interface using IP multicast packets.
883The protocol is IP protocol 240, PFSYNC, and the multicast group used is
884224.0.0.240.
885When a peer address is specified using the
886.Va pfsync_syncpeer
887option, the peer address is used as a destination for the pfsync
888traffic, and the traffic can then be protected using
889.Xr ipsec 4 .
890See the
891.Xr pfsync 4
892manpage for more details about using
893.Xr ipsec 4
894with
895.Xr pfsync 4
896interfaces.
897.It Va pfsync_ifconfig
898.Pq Vt str
899Empty by default.
900This variable can contain additional options to be passed to the
901.Xr ifconfig 8
902command used to set up
903.Xr pfsync 4 .
904.It Va tcp_extensions
905.Pq Vt bool
906Set to
907.Dq Li YES
908by default.
909Setting this to
910.Dq Li NO
911disables certain TCP options as described by
912.Rs
913.%T "RFC 1323"
914.Re
915Setting this to
916.Dq Li NO
917might help remedy such problems with connections as randomly hanging
918or other weird behavior.
919Some network devices are known
920to be broken with respect to these options.
921.It Va log_in_vain
922.Pq Vt int
923Set to 0 by default.
924The
925.Xr sysctl 8
926variables,
927.Va net.inet.tcp.log_in_vain
928and
929.Va net.inet.udp.log_in_vain ,
930as described in
931.Xr tcp 4
932and
933.Xr udp 4 ,
934are set to the given value.
935.It Va tcp_keepalive
936.Pq Vt bool
937Set to
938.Dq Li YES
939by default.
940Setting to
941.Dq Li NO
942will disable probing idle TCP connections to verify that the
943peer is still up and reachable.
944.It Va tcp_drop_synfin
945.Pq Vt bool
946Set to
947.Dq Li NO
948by default.
949Setting to
950.Dq Li YES
951will cause the kernel to ignore TCP frames that have both
952the SYN and FIN flags set.
953This prevents OS fingerprinting, but may
954break some legitimate applications.
955.It Va icmp_drop_redirect
956.Pq Vt bool
957Set to
958.Dq Li NO
959by default.
960Setting to
961.Dq Li YES
962will cause the kernel to ignore ICMP REDIRECT packets.
963Refer to
964.Xr icmp 4
965for more information.
966.It Va icmp_log_redirect
967.Pq Vt bool
968Set to
969.Dq Li NO
970by default.
971Setting to
972.Dq Li YES
973will cause the kernel to log ICMP REDIRECT packets.
974Note that
975the log messages are not rate-limited, so this option should only be used
976for troubleshooting networks.
977Refer to
978.Xr icmp 4
979for more information.
980.It Va icmp_bmcastecho
981.Pq Vt bool
982Set to
983.Dq Li YES
984to respond to broadcast or multicast ICMP ping packets.
985Refer to
986.Xr icmp 4
987for more information.
988.It Va ip_portrange_first
989.Pq Vt int
990If not set to
991.Dq Li NO ,
992this is the first port in the default portrange.
993Refer to
994.Xr ip 4
995for more information.
996.It Va ip_portrange_last
997.Pq Vt int
998If not set to
999.Dq Li NO ,
1000this is the last port in the default portrange.
1001Refer to
1002.Xr ip 4
1003for more information.
1004.It Va network_interfaces
1005.Pq Vt str
1006Set to the list of network interfaces to configure on this host or
1007.Dq Li AUTO
1008(the default) for all current interfaces.
1009Setting the
1010.Va network_interfaces
1011variable to anything other than the default is deprecated.
1012Interfaces that the administrator wishes to store configuration for,
1013but not start at boot should be configured with the
1014.Dq Li NOAUTO
1015keyword in their
1016.Va ifconfig_ Ns Aq Ar interface
1017variables as described below.
1018.Pp
1019An
1020.Va ifconfig_ Ns Aq Ar interface
1021variable is also assumed to exist for each value of
1022.Ar interface .
1023When an interface name contains any of the characters
1024.Dq Li .-/+
1025they are translated to
1026.Dq Li _
1027before lookup.
1028The variable can contain arguments to
1029.Xr ifconfig 8 ,
1030as well as special case-insensitive keywords described below.
1031Such keywords are removed before passing the value to
1032.Xr ifconfig 8
1033while the order of the other arguments is preserved.
1034.Pp
1035One can configure more than one IPv4 address with the
1036.Va ipv4_addrs_ Ns Aq Ar interface
1037variable.
1038One or more IP addresses must be provided in Classless Inter-Domain
1039Routing (CIDR) address notation, whose last byte can be a range like
1040192.168.0.5-23/24.
1041In this case the address 192.168.0.5 will be configured with the
1042netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with
1043the non-conflicting netmask /32 as explained in the
1044.Xr ifconfig 8
1045alias section.
1046With the interface in question being
1047.Li ed0 ,
1048an example could look like:
1049.Bd -literal
1050ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
1051.Ed
1052.Pp
1053It is also possible to add IP alias entries using
1054.Xr ifconfig 8
1055syntax.
1056Assuming that the interface in question was
1057.Li ed0 ,
1058it might look
1059something like this:
1060.Bd -literal
1061ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1062ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1063.Ed
1064.Pp
1065And so on.
1066For each
1067.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1068entry that is found,
1069its contents are passed to
1070.Xr ifconfig 8 .
1071Execution stops at the first unsuccessful access, so if
1072something like this is present:
1073.Bd -literal
1074ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1075ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1076ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1077ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1078.Ed
1079.Pp
1080Then note that alias4 would
1081.Em not
1082be added since the search would
1083stop with the missing
1084.Dq Li alias3
1085entry.
1086Due to this difficult to manage behavior, the
1087.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1088form is deprecated.
1089.Pp
1090If the
1091.Pa /etc/start_if. Ns Aq Ar interface
1092file is present, it is read and executed by the
1093.Xr sh 1
1094interpreter
1095before configuring the interface as specified in the
1096.Va ifconfig_ Ns Aq Ar interface
1097and
1098.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1099variables.
1100.Pp
1101If the
1102.Va ifconfig_ Ns Aq Ar interface
1103contains the keyword
1104.Dq Li NOAUTO
1105then the interface will not be configured
1106at boot or by
1107.Pa /etc/pccard_ether
1108when
1109.Va network_interfaces
1110is set to
1111.Dq Li AUTO .
1112.Pp
1113It is possible to bring up an interface with DHCP by adding
1114.Dq Li DHCP
1115to the
1116.Va ifconfig_ Ns Aq Ar interface
1117variable.
1118For instance, to initialize the
1119.Li ed0
1120device via DHCP,
1121it is possible to use something like:
1122.Bd -literal
1123ifconfig_ed0="DHCP"
1124.Ed
1125.Pp
1126Also, if you want to configure your wireless interface with
1127.Xr wpa_supplicant 8
1128for use with WPA, EAP/LEAP or WEP, you need to add
1129.Dq Li WPA
1130to the
1131.Va ifconfig_ Ns Aq Ar interface
1132variable.
1133.Pp
1134Finally, you can add
1135.Xr ifconfig 8
1136options in this variable, in addition to the
1137.Pa /etc/start_if. Ns Aq Ar interface
1138file.
1139For instance, to initialize the
1140.Li wi0
1141device via DHCP, using WPA authentication and 802.11b mode, it is
1142possible to use something like:
1143.Bd -literal
1144ifconfig_wi0="DHCP WPA mode 11b"
1145.Ed
1146.Pp
1147In addition to the
1148.Va ifconfig_ Ns Aq Ar interface
1149form, a fallback variable
1150.Va ifconfig_DEFAULT
1151may be configured.
1152It will be used for all interfaces with no
1153.Va ifconfig_ Ns Aq Ar interface
1154variable.
1155This is intended to replace the no longer supported
1156.Va pccard_ifconfig
1157variable.
1158.Pp
1159It is also possible to rename interface by doing:
1160.Bd -literal
1161ifconfig_ed0_name="net0"
1162ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
1163.Ed
1164.It Va ipv6_network_interfaces
1165.Pq Vt str
1166This is the IPv6 equivalent of
1167.Va network_interfaces .
1168Instead of setting the ifconfig variables as
1169.Va ifconfig_ Ns Aq Ar interface
1170they should be set as
1171.Va ipv6_ifconfig_ Ns Aq Ar interface .
1172Aliases should be set as
1173.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
1174.Va ipv6_prefix_ Ns Aq Ar interface
1175does something.
1176Interfaces that do not have a
1177.Va ipv6_ifconfig_ Ns Aq Ar interface
1178setting will be auto configured by
1179.Xr rtsol 8
1180if the
1181.Va ipv6_gateway_enable
1182is set to
1183.Dq Li NO .
1184Note that the IPv6 networking code does not support the
1185.Pa /etc/start_if. Ns Aq Ar interface
1186files.
1187.It Va ipv6_default_interface
1188.Pq Vt str
1189If not set to
1190.Dq Li NO ,
1191this is the default output interface for scoped addresses.
1192Now this works only for IPv6 link local multicast addresses.
1193.It Va cloned_interfaces
1194.Pq Vt str
1195Set to the list of clonable network interfaces to create on this host.
1196Entries in
1197.Va cloned_interfaces
1198are automatically appended to
1199.Va network_interfaces
1200for configuration.
1201.It Va fec_interfaces
1202.Pq Vt str
1203Set to the list of
1204.Xr ng_fec 4
1205Fast EtherChannel interfaces to configure on this host.
1206A
1207.Va fecconfig_ Ns Aq Ar interface
1208variable is assumed to exist for each value of
1209.Ar interface .
1210The value of this variable is used to configure link aggregated interfaces
1211according to the syntax of the
1212.Cm NGM_FEC_ADD_IFACE
1213to
1214.Xr ngctl 8
1215msg.
1216Additionally, this option ensures that each listed interface is created
1217via the
1218.Cm mkpeer
1219command to
1220.Xr ngctl 8
1221before attempting to configure it.
1222For example:
1223.Bd -literal
1224fec_interfaces="fec0"
1225fecconfig_fec0="em0 em1"
1226ifconfig_fec0="DHCP"
1227.Ed
1228.It Va gif_interfaces
1229.Pq Vt str
1230Set to the list of
1231.Xr gif 4
1232tunnel interfaces to configure on this host.
1233A
1234.Va gifconfig_ Ns Aq Ar interface
1235variable is assumed to exist for each value of
1236.Ar interface .
1237The value of this variable is used to configure the link layer of the
1238tunnel according to the syntax of the
1239.Cm tunnel
1240option to
1241.Xr ifconfig 8 .
1242Additionally, this option ensures that each listed interface is created
1243via the
1244.Cm create
1245option to
1246.Xr ifconfig 8
1247before attempting to configure it.
1248.It Va sppp_interfaces
1249.Pq Vt str
1250Set to the list of
1251.Xr sppp 4
1252interfaces to configure on this host.
1253A
1254.Va spppconfig_ Ns Aq Ar interface
1255variable is assumed to exist for each value of
1256.Ar interface .
1257Each interface should also be configured by a general
1258.Va ifconfig_ Ns Aq Ar interface
1259setting.
1260Refer to
1261.Xr spppcontrol 8
1262for more information about available options.
1263.It Va ppp_enable
1264.Pq Vt bool
1265If set to
1266.Dq Li YES ,
1267run the
1268.Xr ppp 8
1269daemon.
1270.It Va ppp_mode
1271.Pq Vt str
1272Mode in which to run the
1273.Xr ppp 8
1274daemon.
1275Accepted modes are
1276.Dq Li auto ,
1277.Dq Li ddial ,
1278.Dq Li direct
1279and
1280.Dq Li dedicated .
1281See the manual for a full description.
1282.It Va ppp_nat
1283.Pq Vt bool
1284If set to
1285.Dq Li YES ,
1286enables network address translation.
1287Used in conjunction with
1288.Va gateway_enable
1289allows hosts on private network addresses access to the Internet using
1290this host as a network address translating router.
1291.It Va ppp_profile
1292.Pq Vt str
1293The name of the profile to use from
1294.Pa /etc/ppp/ppp.conf .
1295.It Va ppp_user
1296.Pq Vt str
1297The name of the user under which
1298.Xr ppp 8
1299should be started.
1300By
1301default,
1302.Xr ppp 8
1303is started as
1304.Dq Li root .
1305.It Va rc_conf_files
1306.Pq Vt str
1307This option is used to specify a list of files that will override
1308the settings in
1309.Pa /etc/defaults/rc.conf .
1310The files will be read in the order in which they are specified and should
1311include the full path to the file.
1312By default, the files specified are
1313.Pa /etc/rc.conf
1314and
1315.Pa /etc/rc.conf.local
1316.It Va zfs_enable
1317.Pq Vt bool
1318If set to
1319.Dq Li YES ,
1320.Pa /etc/rc.d/zfs
1321will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1322(ZVOLs).
1323.It Va gbde_autoattach_all
1324.Pq Vt bool
1325If set to
1326.Dq Li YES ,
1327.Pa /etc/rc.d/gbde
1328will attempt to automatically initialize your .bde devices in
1329.Pa /etc/fstab .
1330.It Va gbde_devices
1331.Pq Vt str
1332List the devices that the script should try to attach,
1333or
1334.Dq Li AUTO .
1335.It Va gbde_lockdir
1336.Pq Vt str
1337The directory where the
1338.Xr gbde 4
1339lockfiles are located.
1340The default lockfile directory is
1341.Pa /etc .
1342.Pp
1343The lockfile for each individual
1344.Xr gbde 4
1345device can be overridden by setting the variable
1346.Va gbde_lock_ Ns Aq Ar device ,
1347where
1348.Ar device
1349is the encrypted device without the
1350.Dq Pa /dev/
1351and
1352.Dq Pa .bde
1353parts.
1354.It Va gbde_attach_attempts
1355.Pq Vt int
1356Number of times to attempt attaching to a
1357.Xr gbde 4
1358device, i.e., how many times the user is asked for the pass-phrase.
1359Default is 3.
1360.It Va geli_devices
1361.Pq Vt str
1362List of devices to automatically attach on boot.
1363Note that .eli devices from
1364.Pa /etc/fstab
1365are automatically appended to this list.
1366.It Va geli_tries
1367.Pq Vt int
1368Number of times user is asked for the pass-phrase.
1369If empty, it will be taken from
1370.Va kern.geom.eli.tries
1371sysctl variable.
1372.It Va geli_default_flags
1373.Pq Vt str
1374Default flags to use by
1375.Xr geli 8
1376when configuring disk encryption.
1377Flags can be configured for every device separately by defining
1378.Va geli_ Ns Ao Ar device Ac Ns Va _flags
1379variable.
1380.It Va geli_autodetach
1381.Pq Vt str
1382Specifies if GELI devices should be marked for detach on last close after
1383file systems are mounted.
1384Default is
1385.Dq Li YES .
1386This can be changed for every device separately by defining
1387.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1388variable.
1389.It Va geli_swap_flags
1390Options passed to the
1391.Xr geli 8
1392utility when encrypted GEOM providers for swap partitions are created.
1393The default is
1394.Dq Li "-a aes -l 256 -s 4096 -d" .
1395.It Va root_rw_mount
1396.Pq Vt bool
1397Set to
1398.Dq Li YES
1399by default.
1400After the file systems are checked at boot time, the root file system
1401is remounted as read-write if this is set to
1402.Dq Li YES .
1403Diskless systems that mount their root file system from a read-only remote
1404NFS share should set this to
1405.Dq Li NO
1406in their
1407.Pa rc.conf .
1408.It Va fsck_y_enable
1409.Pq Vt bool
1410If set to
1411.Dq Li YES ,
1412.Xr fsck 8
1413will be run with the
1414.Fl y
1415flag if the initial preen
1416of the file systems fails.
1417.It Va background_fsck
1418.Pq Vt bool
1419If set to
1420.Dq Li YES ,
1421the system will attempt to run
1422.Xr fsck 8
1423in the background where possible.
1424.It Va background_fsck_delay
1425.Pq Vt int
1426The amount of time in seconds to sleep before starting a background
1427.Xr fsck 8 .
1428It defaults to sixty seconds to allow large applications such as
1429the X server to start before disk I/O bandwidth is monopolized by
1430.Xr fsck 8 .
1431If set to a negative number, the background file system check will be
1432delayed indefinitely to allow the administrator to run it at a more
1433convenient time.
1434For example it may be run from
1435.Xr cron 8
1436by adding a line like
1437.Pp
1438.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1439.Pp
1440to
1441.Pa /etc/crontab .
1442.It Va netfs_types
1443.Pq Vt str
1444List of file system types that are network-based.
1445This list should generally not be modified by end users.
1446Use
1447.Va extra_netfs_types
1448instead.
1449.It Va extra_netfs_types
1450.Pq Vt str
1451If set to something other than
1452.Dq Li NO
1453(the default),
1454this variable extends the list of file system types
1455for which automatic mounting at startup by
1456.Xr rc 8
1457should be delayed until the network is initialized.
1458It should contain
1459a whitespace-separated list of network file system descriptor pairs,
1460each consisting of a file system type as passed to
1461.Xr mount 8
1462and a human-readable, one-word description,
1463joined with a colon
1464.Pq Ql \&: .
1465Extending the default list in this way is only necessary
1466when third party file system types are used.
1467.It Va syslogd_enable
1468.Pq Vt bool
1469If set to
1470.Dq Li YES ,
1471run the
1472.Xr syslogd 8
1473daemon.
1474.It Va syslogd_program
1475.Pq Vt str
1476Path to
1477.Xr syslogd 8
1478(default
1479.Pa /usr/sbin/syslogd ) .
1480.It Va syslogd_flags
1481.Pq Vt str
1482If
1483.Va syslogd_enable
1484is set to
1485.Dq Li YES ,
1486these are the flags to pass to
1487.Xr syslogd 8 .
1488.It Va inetd_enable
1489.Pq Vt bool
1490If set to
1491.Dq Li YES ,
1492run the
1493.Xr inetd 8
1494daemon.
1495.It Va inetd_program
1496.Pq Vt str
1497Path to
1498.Xr inetd 8
1499(default
1500.Pa /usr/sbin/inetd ) .
1501.It Va inetd_flags
1502.Pq Vt str
1503If
1504.Va inetd_enable
1505is set to
1506.Dq Li YES ,
1507these are the flags to pass to
1508.Xr inetd 8 .
1509.It Va named_enable
1510.Pq Vt bool
1511If set to
1512.Dq Li YES ,
1513run the
1514.Xr named 8
1515daemon.
1516.It Va named_program
1517.Pq Vt str
1518Path to
1519.Xr named 8
1520(default
1521.Pa /usr/sbin/named ) .
1522.It Va named_flags
1523.Pq Vt str
1524If
1525.Va named_enable
1526is set to
1527.Dq Li YES ,
1528these are the flags to pass to
1529.Xr named 8 .
1530.It Va named_pidfile
1531.Pq Vt str
1532This is the default path to the
1533.Xr named 8
1534daemon's PID file.
1535This must match the location in
1536.Xr named.conf 5 .
1537.It Va named_uid
1538.Pq Vt str
1539The user that the
1540.Xr named 8
1541process should be run as.
1542.It Va named_chrootdir
1543.Pq Vt str
1544The root directory for a name server run in a
1545.Xr chroot 8
1546environment (default
1547.Pa /var/named ) .
1548If left empty
1549.Xr named 8
1550will not be run in a
1551.Xr chroot 8
1552environment.
1553.It Va named_chroot_autoupdate
1554.Pq Vt bool
1555Set to
1556.Dq Li NO
1557to disable automatic update of the
1558.Xr chroot 8
1559environment.
1560.It Va named_symlink_enable
1561.Pq Vt bool
1562Set to
1563.Dq Li NO
1564to disable symlinking of
1565daemon's PID file
1566into the
1567.Xr chroot 8
1568environment.
1569.It Va kerberos5_server_enable
1570.Pq Vt bool
1571Set to
1572.Dq Li YES
1573to start a Kerberos 5 authentication server
1574at boot time.
1575.It Va kerberos5_server
1576.Pq Vt str
1577If
1578.Va kerberos5_server_enable
1579is set to
1580.Dq Li YES
1581this is the path to Kerberos 5 Authentication Server.
1582.It Va kerberos5_server_flags
1583.Pq Vt str
1584Empty by default.
1585This variable contains additional flags to be passed to the Kerberos 5
1586authentication server.
1587.It Va kadmind5_server_enable
1588.Pq Vt bool
1589Set to
1590.Dq Li YES
1591to start
1592.Xr kadmind 8 ,
1593the Kerberos 5 Administration Daemon; set to
1594.Dq Li NO
1595on a slave server.
1596.It Va kadmind5_server
1597.Pq Vt str
1598If
1599.Va kadmind5_server_enable
1600is set to
1601.Dq Li YES
1602this is the path to Kerberos 5 Administration Daemon.
1603.It Va kpasswdd_server_enable
1604.Pq Vt bool
1605Set to
1606.Dq Li YES
1607to start
1608.Xr kpasswdd 8 ,
1609the Kerberos 5 Password-Changing Daemon; set to
1610.Dq Li NO
1611on a slave server.
1612.It Va kpasswdd_server
1613.Pq Vt str
1614If
1615.Va kpasswdd_server_enable
1616is set to
1617.Dq Li YES
1618this is the path to Kerberos 5 Password-Changing Daemon.
1619.It Va rwhod_enable
1620.Pq Vt bool
1621If set to
1622.Dq Li YES ,
1623run the
1624.Xr rwhod 8
1625daemon at boot time.
1626.It Va rwhod_flags
1627.Pq Vt str
1628If
1629.Va rwhod_enable
1630is set to
1631.Dq Li YES ,
1632these are the flags to pass to it.
1633.It Va amd_enable
1634.Pq Vt bool
1635If set to
1636.Dq Li YES ,
1637run the
1638.Xr amd 8
1639daemon at boot time.
1640.It Va amd_flags
1641.Pq Vt str
1642If
1643.Va amd_enable
1644is set to
1645.Dq Li YES ,
1646these are the flags to pass to it.
1647See the
1648.Xr amd 8
1649manpage for more information.
1650.It Va amd_map_program
1651.Pq Vt str
1652If set,
1653the specified program is run to get the list of
1654.Xr amd 8
1655maps.
1656For example, if the
1657.Xr amd 8
1658maps are stored in NIS, one can set this to
1659run
1660.Xr ypcat 1
1661to get a list of
1662.Xr amd 8
1663maps from the
1664.Pa amd.master
1665NIS map.
1666.It Va update_motd
1667.Pq Vt bool
1668If set to
1669.Dq Li YES ,
1670.Pa /etc/motd
1671will be updated at boot time to reflect the kernel release
1672being run.
1673If set to
1674.Dq Li NO ,
1675.Pa /etc/motd
1676will not be updated.
1677.It Va nfs_client_enable
1678.Pq Vt bool
1679If set to
1680.Dq Li YES ,
1681run the NFS client daemons at boot time.
1682.It Va nfs_access_cache
1683.Pq Vt int
1684If
1685.Va nfs_client_enable
1686is set to
1687.Dq Li YES ,
1688this can be set to
1689.Dq Li 0
1690to disable NFS ACCESS RPC caching, or to the number of seconds for which
1691NFS ACCESS
1692results should be cached.
1693A value of 2-10 seconds will substantially reduce network
1694traffic for many NFS operations.
1695.It Va nfs_server_enable
1696.Pq Vt bool
1697If set to
1698.Dq Li YES ,
1699run the NFS server daemons at boot time.
1700.It Va nfs_server_flags
1701.Pq Vt str
1702If
1703.Va nfs_server_enable
1704is set to
1705.Dq Li YES ,
1706these are the flags to pass to the
1707.Xr nfsd 8
1708daemon.
1709.It Va idmapd_enable
1710.Pq Vt bool
1711If set to
1712.Dq Li YES ,
1713run the ID mapping daemon for NFS version 4.
1714.It Va idmapd_flags
1715.Pq Vt str
1716If
1717.Va idmapd_enable
1718is set to
1719.Dq Li YES ,
1720these are the flags to pass to the
1721.Xr idmapd 8
1722daemon.
1723.It Va mountd_enable
1724.Pq Vt bool
1725If set to
1726.Dq Li YES ,
1727and no
1728.Va nfs_server_enable
1729is set, start
1730.Xr mountd 8 ,
1731but not
1732.Xr nfsd 8
1733daemon.
1734It is commonly needed to run CFS without real NFS used.
1735.It Va mountd_flags
1736.Pq Vt str
1737If
1738.Va mountd_enable
1739is set to
1740.Dq Li YES ,
1741these are the flags to pass to the
1742.Xr mountd 8
1743daemon.
1744.It Va weak_mountd_authentication
1745.Pq Vt bool
1746If set to
1747.Dq Li YES ,
1748allow services like PCNFSD to make non-privileged mount
1749requests.
1750.It Va nfs_reserved_port_only
1751.Pq Vt bool
1752If set to
1753.Dq Li YES ,
1754provide NFS services only on a secure port.
1755.It Va nfs_bufpackets
1756.Pq Vt int
1757If set to a number, indicates the number of packets worth of
1758socket buffer space to reserve on an NFS client.
1759The kernel default is typically 4.
1760Using a higher number may be
1761useful on gigabit networks to improve performance.
1762The minimum value is
17632 and the maximum is 64.
1764.It Va rpc_lockd_enable
1765.Pq Vt bool
1766If set to
1767.Dq Li YES
1768and also an NFS server or client, run
1769.Xr rpc.lockd 8
1770at boot time.
1771.It Va rpc_lockd_flags
1772.Pq Vt str
1773If
1774.Va rpc_lockd_enable
1775is set to
1776.Dq Li YES ,
1777these are the flags to pass to the
1778.Xr rpc.lockd 8
1779daemon.
1780.It Va rpc_statd_enable
1781.Pq Vt bool
1782If set to
1783.Dq Li YES
1784and also an NFS server or client, run
1785.Xr rpc.statd 8
1786at boot time.
1787.It Va rpc_statd_flags
1788.Pq Vt str
1789If
1790.Va rpc_statd_enable
1791is set to
1792.Dq Li YES ,
1793these are the flags to pass to the
1794.Xr rpc.statd 8
1795daemon.
1796.It Va rpcbind_program
1797.Pq Vt str
1798Path to
1799.Xr rpcbind 8
1800(default
1801.Pa /usr/sbin/rpcbind ) .
1802.It Va rpcbind_enable
1803.Pq Vt bool
1804If set to
1805.Dq Li YES ,
1806run the
1807.Xr rpcbind 8
1808service at boot time.
1809.It Va rpcbind_flags
1810.Pq Vt str
1811If
1812.Va rpcbind_enable
1813is set to
1814.Dq Li YES ,
1815these are the flags to pass to the
1816.Xr rpcbind 8
1817daemon.
1818.It Va keyserv_enable
1819.Pq Vt bool
1820If set to
1821.Dq Li YES ,
1822run the
1823.Xr keyserv 8
1824daemon on boot for running Secure RPC.
1825.It Va keyserv_flags
1826.Pq Vt str
1827If
1828.Va keyserv_enable
1829is set to
1830.Dq Li YES ,
1831these are the flags to pass to
1832.Xr keyserv 8
1833daemon.
1834.It Va pppoed_enable
1835.Pq Vt bool
1836If set to
1837.Dq Li YES ,
1838run the
1839.Xr pppoed 8
1840daemon at boot time to provide PPP over Ethernet services.
1841.It Va pppoed_ Ns Aq Ar provider
1842.Pq Vt str
1843.Xr pppoed 8
1844listens to requests to this
1845.Ar provider
1846and ultimately runs
1847.Xr ppp 8
1848with a
1849.Ar system
1850argument of the same name.
1851.It Va pppoed_flags
1852.Pq Vt str
1853Additional flags to pass to
1854.Xr pppoed 8 .
1855.It Va pppoed_interface
1856.Pq Vt str
1857The network interface to run
1858.Xr pppoed 8
1859on.
1860This is mandatory when
1861.Va pppoed_enable
1862is set to
1863.Dq Li YES .
1864.It Va timed_enable
1865.Pq Vt bool
1866If set to
1867.Dq Li YES ,
1868run the
1869.Xr timed 8
1870service at boot time.
1871This command is intended for networks of
1872machines where a consistent
1873.Dq "network time"
1874for all hosts must be established.
1875This is often useful in large NFS
1876environments where time stamps on files are expected to be consistent
1877network-wide.
1878.It Va timed_flags
1879.Pq Vt str
1880If
1881.Va timed_enable
1882is set to
1883.Dq Li YES ,
1884these are the flags to pass to the
1885.Xr timed 8
1886service.
1887.It Va ntpdate_enable
1888.Pq Vt bool
1889If set to
1890.Dq Li YES ,
1891run
1892.Xr ntpdate 8
1893at system startup.
1894This command is intended to
1895synchronize the system clock only
1896.Em once
1897from some standard reference.
1898An option to set this up initially
1899(from a list of known servers) is also provided by the
1900.Xr sysinstall 8
1901program when the system is first installed.
1902.It Va ntpdate_config
1903.Pq Vt str
1904Configuration file for
1905.Xr ntpdate 8 .
1906Default
1907.Pa /etc/ntp.conf .
1908.It Va ntpdate_hosts
1909.Pq Vt str
1910A whitespace-separated list of NTP servers to synchronize with at startup.
1911The default is to use the servers listed in
1912.Va ntpdate_config ,
1913if that file exists.
1914.It Va ntpdate_program
1915.Pq Vt str
1916Path to
1917.Xr ntpdate 8
1918(default
1919.Pa /usr/sbin/ntpdate ) .
1920.It Va ntpdate_flags
1921.Pq Vt str
1922If
1923.Va ntpdate_enable
1924is set to
1925.Dq Li YES ,
1926these are the flags to pass to the
1927.Xr ntpdate 8
1928command (typically a hostname).
1929.It Va ntpd_enable
1930.Pq Vt bool
1931If set to
1932.Dq Li YES ,
1933run the
1934.Xr ntpd 8
1935command at boot time.
1936.It Va ntpd_program
1937.Pq Vt str
1938Path to
1939.Xr ntpd 8
1940(default
1941.Pa /usr/sbin/ntpd ) .
1942.It Va ntpd_config
1943.Pq Vt str
1944Path to
1945.Xr ntpd 8
1946configuration file.
1947Default
1948.Pa /etc/ntp.conf .
1949.It Va ntpd_flags
1950.Pq Vt str
1951If
1952.Va ntpd_enable
1953is set to
1954.Dq Li YES ,
1955these are the flags to pass to the
1956.Xr ntpd 8
1957daemon.
1958.It Va ntpd_sync_on_start
1959.Pq Vt bool
1960If set to
1961.Dq Li YES ,
1962.Xr ntpd 8
1963is run with the
1964.Fl g
1965flag, which syncs the system's clock on startup.
1966See
1967.Xr ntpd 8
1968for more information regarding the
1969.Fl g
1970option.
1971This is a preferred alternative to using
1972.Xr ntpdate 8
1973or specifying the
1974.Va ntpdate_enable
1975variable.
1976.It Va nis_client_enable
1977.Pq Vt bool
1978If set to
1979.Dq Li YES ,
1980run the
1981.Xr ypbind 8
1982service at system boot time.
1983.It Va nis_client_flags
1984.Pq Vt str
1985If
1986.Va nis_client_enable
1987is set to
1988.Dq Li YES ,
1989these are the flags to pass to the
1990.Xr ypbind 8
1991service.
1992.It Va nis_ypset_enable
1993.Pq Vt bool
1994If set to
1995.Dq Li YES ,
1996run the
1997.Xr ypset 8
1998daemon at system boot time.
1999.It Va nis_ypset_flags
2000.Pq Vt str
2001If
2002.Va nis_ypset_enable
2003is set to
2004.Dq Li YES ,
2005these are the flags to pass to the
2006.Xr ypset 8
2007daemon.
2008.It Va nis_server_enable
2009.Pq Vt bool
2010If set to
2011.Dq Li YES ,
2012run the
2013.Xr ypserv 8
2014daemon at system boot time.
2015.It Va nis_server_flags
2016.Pq Vt str
2017If
2018.Va nis_server_enable
2019is set to
2020.Dq Li YES ,
2021these are the flags to pass to the
2022.Xr ypserv 8
2023daemon.
2024.It Va nis_ypxfrd_enable
2025.Pq Vt bool
2026If set to
2027.Dq Li YES ,
2028run the
2029.Xr rpc.ypxfrd 8
2030daemon at system boot time.
2031.It Va nis_ypxfrd_flags
2032.Pq Vt str
2033If
2034.Va nis_ypxfrd_enable
2035is set to
2036.Dq Li YES ,
2037these are the flags to pass to the
2038.Xr rpc.ypxfrd 8
2039daemon.
2040.It Va nis_yppasswdd_enable
2041.Pq Vt bool
2042If set to
2043.Dq Li YES ,
2044run the
2045.Xr rpc.yppasswdd 8
2046daemon at system boot time.
2047.It Va nis_yppasswdd_flags
2048.Pq Vt str
2049If
2050.Va nis_yppasswdd_enable
2051is set to
2052.Dq Li YES ,
2053these are the flags to pass to the
2054.Xr rpc.yppasswdd 8
2055daemon.
2056.It Va rpc_ypupdated_enable
2057.Pq Vt bool
2058If set to
2059.Dq Li YES ,
2060run the
2061.Nm rpc.ypupdated
2062daemon at system boot time.
2063.It Va bsnmpd_enable
2064.Pq Vt bool
2065If set to
2066.Dq Li YES ,
2067run the
2068.Xr bsnmpd 1
2069daemon at system boot time.
2070Be sure to understand the security implications of running SNMP daemon
2071on your host.
2072.It Va bsnmpd_flags
2073.Pq Vt str
2074If
2075.Va bsnmpd_enable
2076is set to
2077.Dq Li YES ,
2078these are the flags to pass to the
2079.Xr bsnmpd 1
2080daemon.
2081.It Va defaultrouter
2082.Pq Vt str
2083If not set to
2084.Dq Li NO ,
2085create a default route to this host name or IP address
2086(use an IP address if this router is also required to get to the
2087name server!).
2088.It Va ipv6_defaultrouter
2089.Pq Vt str
2090The IPv6 equivalent of
2091.Va defaultrouter .
2092.It Va static_routes
2093.Pq Vt str
2094Set to the list of static routes that are to be added at system
2095boot time.
2096If not set to
2097.Dq Li NO
2098then for each whitespace separated
2099.Ar element
2100in the value, a
2101.Va route_ Ns Aq Ar element
2102variable is assumed to exist
2103whose contents will later be passed to a
2104.Dq Nm route Cm add
2105operation.
2106For example:
2107.Bd -literal
2108static_routes="mcast gif0local"
2109route_mcast="-net 224.0.0.0/4 -iface gif0"
2110route_gif0local="-host 169.254.1.1 -iface lo0"
2111.Ed
2112.It Va ipv6_static_routes
2113.Pq Vt str
2114The IPv6 equivalent of
2115.Va static_routes .
2116If not set to
2117.Dq Li NO
2118then for each whitespace separated
2119.Ar element
2120in the value, a
2121.Va ipv6_route_ Ns Aq Ar element
2122variable is assumed to exist
2123whose contents will later be passed to a
2124.Dq Nm route Cm add Fl inet6
2125operation.
2126.It Va natm_static_routes
2127.Pq Vt str
2128The
2129.Xr natmip 4
2130equivalent of
2131.Va static_routes .
2132If not empty then for each whitespace separated
2133.Ar element
2134in the value, a
2135.Va route_ Ns Aq Ar element
2136variable is assumed to exist whose contents will later be passed to a
2137.Dq Nm atmconfig Cm natm Cm add
2138operation.
2139.It Va gateway_enable
2140.Pq Vt bool
2141If set to
2142.Dq Li YES ,
2143configure host to act as an IP router, e.g.\& to forward packets
2144between interfaces.
2145.It Va ipv6_gateway_enable
2146.Pq Vt bool
2147The IPv6 equivalent of
2148.Va gateway_enable .
2149.It Va router_enable
2150.Pq Vt bool
2151If set to
2152.Dq Li YES ,
2153run a routing daemon of some sort, based on the
2154settings of
2155.Va router
2156and
2157.Va router_flags .
2158.It Va ipv6_router_enable
2159.Pq Vt bool
2160The IPv6 equivalent of
2161.Va router_enable .
2162If set to
2163.Dq Li YES ,
2164run a routing daemon of some sort, based on the
2165settings of
2166.Va ipv6_router
2167and
2168.Va ipv6_router_flags .
2169.It Va router
2170.Pq Vt str
2171If
2172.Va router_enable
2173is set to
2174.Dq Li YES ,
2175this is the name of the routing daemon to use.
2176.It Va ipv6_router
2177.Pq Vt str
2178The IPv6 equivalent of
2179.Va router .
2180.It Va router_flags
2181.Pq Vt str
2182If
2183.Va router_enable
2184is set to
2185.Dq Li YES ,
2186these are the flags to pass to the routing daemon.
2187.It Va ipv6_router_flags
2188.Pq Vt str
2189The IPv6 equivalent of
2190.Va router_flags .
2191.It Va mrouted_enable
2192.Pq Vt bool
2193If set to
2194.Dq Li YES ,
2195run the multicast routing daemon,
2196.Xr mrouted 8 .
2197.It Va mroute6d_enable
2198.Pq Vt bool
2199The IPv6 equivalent of
2200.Va mrouted_enable .
2201If set to
2202.Dq Li YES ,
2203run the IPv6 multicast routing daemon.
2204.Pp
2205Note that multicast routing daemons are no longer included in the
2206.Fx
2207base system, however, both
2208.Xr mrouted 8
2209and
2210.Xr pim6dd 8
2211may be installed from the
2212.Fx
2213Ports Collection.
2214.It Va mrouted_flags
2215.Pq Vt str
2216If
2217.Va mrouted_enable
2218is set to
2219.Dq Li YES ,
2220these are the flags to pass to the
2221.Xr mrouted 8
2222daemon.
2223.It Va mroute6d_flags
2224.Pq Vt str
2225The IPv6 equivalent of
2226.Va mrouted_flags .
2227If
2228.Va mroute6d_enable
2229is set to
2230.Dq Li YES ,
2231these are the flags passed to the IPv6 multicast routing daemon.
2232.It Va mroute6d_program
2233.Pq Vt str
2234If
2235.Va mroute6d_enable
2236is set to
2237.Dq Li YES ,
2238this is the path to the IPv6 multicast routing daemon.
2239.It Va rtadvd_enable
2240.Pq Vt bool
2241If set to
2242.Dq Li YES ,
2243run the
2244.Xr rtadvd 8
2245daemon at boot time.
2246.Xr rtadvd 8
2247will only run if
2248.Va ipv6_gateway_enable
2249is also set to
2250.Dq Li YES .
2251The
2252.Xr rtadvd 8
2253utility sends router advertisement packets to the interfaces specified in
2254.Va rtadvd_interfaces
2255and should only be enabled with great care.
2256You may want to fine-tune
2257.Xr rtadvd.conf 5 .
2258.It Va rtadvd_interfaces
2259.Pq Vt str
2260If
2261.Va rtadvd_enable
2262is set to
2263.Dq Li YES
2264this is the list of interfaces to use.
2265.It Va ipxgateway_enable
2266.Pq Vt bool
2267If set to
2268.Dq Li YES ,
2269enable the routing of IPX traffic.
2270.It Va ipxrouted_enable
2271.Pq Vt bool
2272If set to
2273.Dq Li YES ,
2274run the
2275.Xr IPXrouted 8
2276daemon at system boot time.
2277.It Va ipxrouted_flags
2278.Pq Vt str
2279If
2280.Va ipxrouted_enable
2281is set to
2282.Dq Li YES ,
2283these are the flags to pass to the
2284.Xr IPXrouted 8
2285daemon.
2286.It Va arpproxy_all
2287.Pq Vt bool
2288If set to
2289.Dq Li YES ,
2290enable global proxy ARP.
2291.It Va forward_sourceroute
2292.Pq Vt bool
2293If set to
2294.Dq Li YES
2295and
2296.Va gateway_enable
2297is also set to
2298.Dq Li YES ,
2299source-routed packets are forwarded.
2300.It Va accept_sourceroute
2301.Pq Vt bool
2302If set to
2303.Dq Li YES ,
2304the system will accept source-routed packets directed at it.
2305.It Va rarpd_enable
2306.Pq Vt bool
2307If set to
2308.Dq Li YES ,
2309run the
2310.Xr rarpd 8
2311daemon at system boot time.
2312.It Va rarpd_flags
2313.Pq Vt str
2314If
2315.Va rarpd_enable
2316is set to
2317.Dq Li YES ,
2318these are the flags to pass to the
2319.Xr rarpd 8
2320daemon.
2321.It Va bootparamd_enable
2322.Pq Vt bool
2323If set to
2324.Dq Li YES ,
2325run the
2326.Xr bootparamd 8
2327daemon at system boot time.
2328.It Va bootparamd_flags
2329.Pq Vt str
2330If
2331.Va bootparamd_enable
2332is set to
2333.Dq Li YES ,
2334these are the flags to pass to the
2335.Xr bootparamd 8
2336daemon.
2337.It Va stf_interface_ipv4addr
2338.Pq Vt str
2339If not set to
2340.Dq Li NO ,
2341this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2342interface).
2343Specify this entry to enable the 6to4 interface.
2344.It Va stf_interface_ipv4plen
2345.Pq Vt int
2346Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2347An effective value is 0-31.
2348.It Va stf_interface_ipv6_ifid
2349.Pq Vt str
2350IPv6 interface ID for
2351.Xr stf 4 .
2352This can be set to
2353.Dq Li AUTO .
2354.It Va stf_interface_ipv6_slaid
2355.Pq Vt str
2356IPv6 Site Level Aggregator for
2357.Xr stf 4 .
2358.It Va ipv6_faith_prefix
2359.Pq Vt str
2360If not set to
2361.Dq Li NO ,
2362this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2363translator.
2364You also need
2365.Xr faithd 8
2366setup.
2367.It Va ipv6_ipv4mapping
2368.Pq Vt bool
2369If set to
2370.Dq Li YES
2371this enables IPv4 mapped IPv6 address communication (like
2372.Li ::ffff:a.b.c.d ) .
2373.It Va atm_enable
2374.Pq Vt bool
2375Set to
2376.Dq Li YES
2377to enable the configuration of ATM interfaces at system boot time.
2378For all of the ATM variables described below, please refer to the
2379.Xr atm 8
2380manual page for further details on the available command parameters.
2381Also refer to the files in
2382.Pa /usr/share/examples/atm
2383for more detailed configuration information.
2384.It Va atm_load
2385.Pq Vt str
2386This is a list of physical ATM interface drivers to load.
2387Typical values are
2388.Dq Li hfa_pci
2389and/or
2390.Dq Li hea_pci .
2391.It Va atm_netif_ Ns Aq Ar intf
2392.Pq Vt str
2393For the ATM physical interface
2394.Ar intf ,
2395this variable defines the name prefix and count for the ATM network
2396interfaces to be created.
2397The value will be passed as the parameters of an
2398.Dq Nm atm Cm "set netif" Ar intf
2399command.
2400.It Va atm_sigmgr_ Ns Aq Ar intf
2401.Pq Vt str
2402For the ATM physical interface
2403.Ar intf ,
2404this variable defines the ATM signalling manager to be used.
2405The value will be passed as the parameters of an
2406.Dq Nm atm Cm attach Ar intf
2407command.
2408.It Va atm_prefix_ Ns Aq Ar intf
2409.Pq Vt str
2410For the ATM physical interface
2411.Ar intf ,
2412this variable defines the NSAP prefix for interfaces using a UNI signalling
2413manager.
2414If set to
2415.Dq Li ILMI ,
2416the prefix will automatically be set via the
2417.Xr ilmid 8
2418daemon.
2419Otherwise, the value will be passed as the parameters of an
2420.Dq Nm atm Cm "set prefix" Ar intf
2421command.
2422.It Va atm_macaddr_ Ns Aq Ar intf
2423.Pq Vt str
2424For the ATM physical interface
2425.Ar intf ,
2426this variable defines the MAC address for interfaces using a UNI signalling
2427manager.
2428If set to
2429.Dq Li NO ,
2430the hardware MAC address contained in the ATM interface card will be used.
2431Otherwise, the value will be passed as the parameters of an
2432.Dq Nm atm Cm "set mac" Ar intf
2433command.
2434.It Va atm_arpserver_ Ns Aq Ar netif
2435.Pq Vt str
2436For the ATM network interface
2437.Ar netif ,
2438this variable defines the ATM address for a host which is to provide ATMARP
2439service.
2440This variable is only applicable to interfaces using a UNI signalling
2441manager.
2442If set to
2443.Dq Li local ,
2444this host will become an ATMARP server.
2445The value will be passed as the parameters of an
2446.Dq Nm atm Cm "set arpserver" Ar netif
2447command.
2448.It Va atm_scsparp_ Ns Aq Ar netif
2449.Pq Vt bool
2450If set to
2451.Dq Li YES ,
2452SCSP/ATMARP service for the network interface
2453.Ar netif
2454will be initiated using the
2455.Xr scspd 8
2456and
2457.Xr atmarpd 8
2458daemons.
2459This variable is only applicable if
2460.Va atm_arpserver_ Ns Aq Ar netif
2461is set to
2462.Dq Li local .
2463.It Va atm_pvcs
2464.Pq Vt str
2465Set to the list of ATM PVCs to be added at system
2466boot time.
2467For each whitespace separated
2468.Ar element
2469in the value, an
2470.Va atm_pvc_ Ns Aq Ar element
2471variable is assumed to exist.
2472The value of each of these variables
2473will be passed as the parameters of an
2474.Dq Nm atm Cm "add pvc"
2475command.
2476.It Va atm_arps
2477.Pq Vt str
2478Set to the list of permanent ATM ARP entries to be added
2479at system boot time.
2480For each whitespace separated
2481.Ar element
2482in the value, an
2483.Va atm_arp_ Ns Aq Ar element
2484variable is assumed to exist.
2485The value of each of these variables
2486will be passed as the parameters of an
2487.Dq Nm atm Cm "add arp"
2488command.
2489.It Va natm_interfaces
2490.Pq Vt str
2491Set to the list of
2492.Xr natm 4
2493interfaces that will also be used for HARP through
2494.Xr harp 4 .
2495If this list is not empty all interfaces in the list will be brought up
2496with
2497.Xr ifconfig 8
2498and
2499.Xr harp 4
2500will be loaded.
2501For this to work the interface drivers must be either compiled into the
2502kernel or must reside on the root partition.
2503.It Va keybell
2504.Pq Vt str
2505The keyboard bell sound.
2506Set to
2507.Dq Li normal ,
2508.Dq Li visual ,
2509.Dq Li off ,
2510or
2511.Dq Li NO
2512if the default behavior is desired.
2513For details, refer to the
2514.Xr kbdcontrol 1
2515manpage.
2516.It Va keyboard
2517.Pq Vt str
2518If set to a non-null string, the virtual console's keyboard input is
2519set to this device.
2520.It Va keymap
2521.Pq Vt str
2522If set to
2523.Dq Li NO ,
2524no keymap is installed, otherwise the value is used to install
2525the keymap file in
2526.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2527.It Va keyrate
2528.Pq Vt str
2529The keyboard repeat speed.
2530Set to
2531.Dq Li slow ,
2532.Dq Li normal ,
2533.Dq Li fast ,
2534or
2535.Dq Li NO
2536if the default behavior is desired.
2537.It Va keychange
2538.Pq Vt str
2539If not set to
2540.Dq Li NO ,
2541attempt to program the function keys with the value.
2542The value should
2543be a single string of the form:
2544.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2545.It Va cursor
2546.Pq Vt str
2547Can be set to the value of
2548.Dq Li normal ,
2549.Dq Li blink ,
2550.Dq Li destructive ,
2551or
2552.Dq Li NO
2553to set the cursor behavior explicitly or choose the default behavior.
2554.It Va scrnmap
2555.Pq Vt str
2556If set to
2557.Dq Li NO ,
2558no screen map is installed, otherwise the value is used to install
2559the screen map file in
2560.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2561.It Va font8x16
2562.Pq Vt str
2563If set to
2564.Dq Li NO ,
2565the default 8x16 font value is used for screen size requests, otherwise
2566the value in
2567.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2568is used.
2569.It Va font8x14
2570.Pq Vt str
2571If set to
2572.Dq Li NO ,
2573the default 8x14 font value is used for screen size requests, otherwise
2574the value in
2575.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2576is used.
2577.It Va font8x8
2578.Pq Vt str
2579If set to
2580.Dq Li NO ,
2581the default 8x8 font value is used for screen size requests, otherwise
2582the value in
2583.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2584is used.
2585.It Va blanktime
2586.Pq Vt int
2587If set to
2588.Dq Li NO ,
2589the default screen blanking interval is used, otherwise it is set
2590to
2591.Ar value
2592seconds.
2593.It Va saver
2594.Pq Vt str
2595If not set to
2596.Dq Li NO ,
2597this is the actual screen saver to use
2598.Li ( blank , snake , daemon ,
2599etc).
2600.It Va moused_nondefault_enable
2601.Pq Vt str
2602If set to
2603.Dq Li NO ,
2604the mouse device specified on
2605the command line is not automatically treated as enabled by the
2606.Pa /etc/rc.d/moused
2607script.
2608Having this variable set to
2609.Dq Li YES
2610allows a
2611.Xr usb 4
2612mouse,
2613for example,
2614to be enabled as soon as it is plugged in.
2615.It Va moused_enable
2616.Pq Vt str
2617If set to
2618.Dq Li YES ,
2619the
2620.Xr moused 8
2621daemon is started for doing cut/paste selection on the console.
2622.It Va moused_type
2623.Pq Vt str
2624This is the protocol type of the mouse connected to this host.
2625This variable must be set if
2626.Va moused_enable
2627is set to
2628.Dq Li YES .
2629The
2630.Xr moused 8
2631daemon
2632is able to detect the appropriate mouse type automatically in many cases.
2633Set this variable to
2634.Dq Li auto
2635to let the daemon detect it, or
2636select one from the following list if the automatic detection fails.
2637.Pp
2638If the mouse is attached to the PS/2 mouse port, choose
2639.Dq Li auto
2640or
2641.Dq Li ps/2 ,
2642regardless of the brand and model of the mouse.
2643Likewise, if the
2644mouse is attached to the bus mouse port, choose
2645.Dq Li auto
2646or
2647.Dq Li busmouse .
2648All other protocols are for serial mice and will not work with
2649the PS/2 and bus mice.
2650If this is a USB mouse,
2651.Dq Li auto
2652is the only protocol type which will work.
2653.Pp
2654.Bl -tag -width ".Li x10mouseremote" -compact
2655.It Li microsoft
2656Microsoft mouse (serial)
2657.It Li intellimouse
2658Microsoft IntelliMouse (serial)
2659.It Li mousesystems
2660Mouse systems Corp.\& mouse (serial)
2661.It Li mmseries
2662MM Series mouse (serial)
2663.It Li logitech
2664Logitech mouse (serial)
2665.It Li busmouse
2666A bus mouse
2667.It Li mouseman
2668Logitech MouseMan and TrackMan (serial)
2669.It Li glidepoint
2670ALPS GlidePoint (serial)
2671.It Li thinkingmouse
2672Kensington ThinkingMouse (serial)
2673.It Li ps/2
2674PS/2 mouse
2675.It Li mmhittab
2676MM HitTablet (serial)
2677.It Li x10mouseremote
2678X10 MouseRemote (serial)
2679.It Li versapad
2680Interlink VersaPad (serial)
2681.El
2682.Pp
2683Even if the mouse is not in the above list, it may be compatible
2684with one in the list.
2685Refer to the manual page for
2686.Xr moused 8
2687for compatibility information.
2688.Pp
2689It should also be noted that while this is enabled, any
2690other client of the mouse (such as an X server) should access
2691the mouse through the virtual mouse device,
2692.Pa /dev/sysmouse ,
2693and configure it as a
2694.Dq Li sysmouse
2695type mouse, since all
2696mouse data is converted to this single canonical format when
2697using
2698.Xr moused 8 .
2699If the client program does not support the
2700.Dq Li sysmouse
2701type,
2702specify the
2703.Dq Li mousesystems
2704type.
2705It is the second preferred type.
2706.It Va moused_port
2707.Pq Vt str
2708If
2709.Va moused_enable
2710is set to
2711.Dq Li YES ,
2712this is the actual port the mouse is on.
2713It might be
2714.Pa /dev/cuad0
2715for a COM1 serial mouse,
2716.Pa /dev/psm0
2717for a PS/2 mouse or
2718.Pa /dev/mse0
2719for a bus mouse, for example.
2720.It Va moused_flags
2721.Pq Vt str
2722If
2723.Va moused_flags
2724is set, its value is used as an additional set of flags to pass to the
2725.Xr moused 8
2726daemon.
2727.It Va "moused_" Ns Ar XXX Ns Va "_flags"
2728When
2729.Va moused_nondefault_enable
2730is enabled, and a
2731.Xr moused 8
2732daemon is started for a non-default port, the
2733.Va "moused_" Ns Ar XXX Ns Va "_flags"
2734set of options has precedence over and replaces the default
2735.Va moused_flags (where
2736.Ar XXX
2737is the name of the non-default port, i.e.\&
2738.Ar ums0 ) .
2739By setting
2740.Va "moused_" Ns Ar XXX Ns Va "_flags"
2741it is possible to set up a different set of default flags for each
2742.Xr moused 8
2743instance.
2744For example, you can use
2745.Dq Li "-3"
2746for the default
2747.Va moused_flags
2748to make your laptop's touchpad more comfortable to use,
2749but an empty set of options for
2750.Va moused_ums0_flags
2751when your
2752.Xr usb 4
2753mouse has three or more buttons.
2754.It Va mousechar_start
2755.Pq Vt int
2756If set to
2757.Dq Li NO ,
2758the default mouse cursor character range
2759.Li 0xd0 Ns - Ns Li 0xd3
2760is used,
2761otherwise the range start is set
2762to
2763.Ar value
2764character, see
2765.Xr vidcontrol 1 .
2766Use if the default range is occupied in the language code table.
2767.It Va allscreens_flags
2768.Pq Vt str
2769If set,
2770.Xr vidcontrol 1
2771is run with these options for each of the virtual terminals
2772.Pq Pa /dev/ttyv* .
2773For example,
2774.Dq Fl m Cm on
2775will enable the mouse pointer on all virtual terminals
2776if
2777.Va moused_enable
2778is set to
2779.Dq Li YES .
2780.It Va allscreens_kbdflags
2781.Pq Vt str
2782If set,
2783.Xr kbdcontrol 1
2784is run with these options for each of the virtual terminals
2785.Pq Pa /dev/ttyv* .
2786For example,
2787.Dq Fl h Li 200
2788will set the
2789.Xr syscons 4
2790scrollback (history) buffer to 200 lines.
2791.It Va cron_enable
2792.Pq Vt bool
2793If set to
2794.Dq Li YES ,
2795run the
2796.Xr cron 8
2797daemon at system boot time.
2798.It Va cron_program
2799.Pq Vt str
2800Path to
2801.Xr cron 8
2802(default
2803.Pa /usr/sbin/cron ) .
2804.It Va cron_flags
2805.Pq Vt str
2806If
2807.Va cron_enable
2808is set to
2809.Dq Li YES ,
2810these are the flags to pass to
2811.Xr cron 8 .
2812.It Va cron_dst
2813.Pq Vt bool
2814If set to
2815.Dq Li YES ,
2816enable the special handling of transitions to and from the
2817Daylight Saving Time in
2818.Xr cron 8
2819(equivalent to using the flag
2820.Fl s ) .
2821.It Va lpd_program
2822.Pq Vt str
2823Path to
2824.Xr lpd 8
2825(default
2826.Pa /usr/sbin/lpd ) .
2827.It Va lpd_enable
2828.Pq Vt bool
2829If set to
2830.Dq Li YES ,
2831run the
2832.Xr lpd 8
2833daemon at system boot time.
2834.It Va lpd_flags
2835.Pq Vt str
2836If
2837.Va lpd_enable
2838is set to
2839.Dq Li YES ,
2840these are the flags to pass to the
2841.Xr lpd 8
2842daemon.
2843.It Va chkprintcap_enable
2844.Pq Vt bool
2845If set to
2846.Dq Li YES ,
2847run the
2848.Xr chkprintcap 8
2849command before starting the
2850.Xr lpd 8
2851daemon.
2852.It Va chkprintcap_flags
2853.Pq Vt str
2854If
2855.Va lpd_enable
2856and
2857.Va chkprintcap_enable
2858are set to
2859.Dq Li YES ,
2860these are the flags to pass to the
2861.Xr chkprintcap 8
2862program.
2863The default is
2864.Dq Li -d ,
2865which causes missing directories to be created.
2866.It Va mta_start_script
2867.Pq Vt str
2868This variable specifies the full path to the script to run to start
2869a mail transfer agent.
2870The default is
2871.Pa /etc/rc.sendmail .
2872The
2873.Va sendmail_*
2874variables which
2875.Pa /etc/rc.sendmail
2876uses are documented in the
2877.Xr rc.sendmail 8
2878manual page.
2879.It Va dumpdev
2880.Pq Vt str
2881Indicates the device (usually a swap partition) to which a crash dump
2882should be written in the event of a system crash.
2883If the value of this variable is
2884.Dq Li AUTO ,
2885the first suitable swap device listed in
2886.Pa /etc/fstab
2887will be used as dump device.
2888Otherwise, the value of this variable is passed as the argument to
2889.Xr dumpon 8 .
2890To disable crash dumps, set this variable to
2891.Dq Li NO .
2892.It Va dumpdir
2893.Pq Vt str
2894When the system reboots after a crash and a crash dump is found on the
2895device specified by the
2896.Va dumpdev
2897variable,
2898.Xr savecore 8
2899will save that crash dump and a copy of the kernel to the directory
2900specified by the
2901.Va dumpdir
2902variable.
2903The default value is
2904.Pa /var/crash .
2905Set to
2906.Dq Li NO
2907to not run
2908.Xr savecore 8
2909at boot time when
2910.Va dumpdir
2911is set.
2912.It Va savecore_flags
2913.Pq Vt str
2914If crash dumps are enabled, these are the flags to pass to the
2915.Xr savecore 8
2916utility.
2917.It Va enable_quotas
2918.Pq Vt bool
2919Set to
2920.Dq Li YES
2921to turn on user and group disk quotas on system startup via the
2922.Xr quotaon 8
2923command for all file systems marked as having quotas enabled in
2924.Pa /etc/fstab .
2925The kernel must be built with
2926.Cd "options QUOTA"
2927for disk quotas to function.
2928.It Va check_quotas
2929.Pq Vt bool
2930Set to
2931.Dq Li YES
2932to enable user and group disk quota checking via the
2933.Xr quotacheck 8
2934command.
2935.It Va quotacheck_flags
2936.Pq Vt str
2937If
2938.Va enable_quotas
2939is set to
2940.Dq Li YES ,
2941and
2942.Va check_quotas
2943is set to
2944.Dq Li YES ,
2945these are the flags to pass to the
2946.Xr quotacheck 8
2947utility.
2948The default is
2949.Dq Li "-a" ,
2950which checks quotas for all file systems with quotas enabled in
2951.Pa /etc/fstab .
2952.It Va quotaon_flags
2953.Pq Vt str
2954If
2955.Va enable_quotas
2956is set to
2957.Dq Li YES ,
2958these are the flags to pass to the
2959.Xr quotaon 8
2960utility.
2961The default is
2962.Dq Li "-a" ,
2963which enables quotas for all file systems with quotas enabled in
2964.Pa /etc/fstab .
2965.It Va quotaoff_flags
2966.Pq Vt str
2967If
2968.Va enable_quotas
2969is set to
2970.Dq Li YES ,
2971these are the flags to pass to the
2972.Xr quotaoff 8
2973utility when shutting down the quota system.
2974The default is
2975.Dq Li "-a" ,
2976which disables quotas for all file systems with quotas enabled in
2977.Pa /etc/fstab .
2978.It Va accounting_enable
2979.Pq Vt bool
2980Set to
2981.Dq Li YES
2982to enable system accounting through the
2983.Xr accton 8
2984facility.
2985.It Va ibcs2_enable
2986.Pq Vt bool
2987Set to
2988.Dq Li YES
2989to enable iBCS2 (SCO) binary emulation at system initial boot
2990time.
2991.It Va ibcs2_loaders
2992.Pq Vt str
2993If not set to
2994.Dq Li NO
2995and if
2996.Va ibcs2_enable
2997is set to
2998.Dq Li YES ,
2999this specifies a list of additional iBCS2 loaders to enable.
3000.It Va linux_enable
3001.Pq Vt bool
3002Set to
3003.Dq Li YES
3004to enable Linux/ELF binary emulation at system initial
3005boot time.
3006.It Va svr4_enable
3007.Pq Vt bool
3008If set to
3009.Dq Li YES ,
3010enable SysVR4 emulation at boot time.
3011.It Va sysvipc_enable
3012.Pq Vt bool
3013If set to
3014.Dq Li YES ,
3015load System V IPC primitives at boot time.
3016.It Va clear_tmp_enable
3017.Pq Vt bool
3018Set to
3019.Dq Li YES
3020to have
3021.Pa /tmp
3022cleaned at startup.
3023.It Va clear_tmp_X
3024.Pq Vt bool
3025Set to
3026.Dq Li NO
3027to disable removing of X11 lock files,
3028and the removal and (secure) recreation
3029of the various socket directories for X11
3030related programs.
3031.It Va ldconfig_paths
3032.Pq Vt str
3033Set to the list of shared library paths to use with
3034.Xr ldconfig 8 .
3035NOTE:
3036.Pa /usr/lib
3037will always be added first, so it need not appear in this list.
3038.It Va ldconfig32_paths
3039.Pq Vt str
3040Set to the list of 32-bit compatibility shared library paths to
3041use with
3042.Xr ldconfig 8 .
3043.It Va ldconfig_paths_aout
3044.Pq Vt str
3045Set to the list of shared library paths to use with
3046.Xr ldconfig 8
3047legacy
3048.Xr a.out 5
3049support.
3050.It Va ldconfig_insecure
3051.Pq Vt bool
3052The
3053.Xr ldconfig 8
3054utility normally refuses to use directories
3055which are writable by anyone except root.
3056Set this variable to
3057.Dq Li YES
3058to disable that security check during system startup.
3059.It Va ldconfig_local_dirs
3060.Pq Vt str
3061Set to the list of local
3062.Xr ldconfig 8
3063directories.
3064The names of all files in the directories listed will be
3065passed as arguments to
3066.Xr ldconfig 8 .
3067.It Va ldconfig_local32_dirs
3068.Pq Vt str
3069Set to the list of local 32-bit compatibility
3070.Xr ldconfig 8
3071directories.
3072The names of all files in the directories listed will be
3073passed as arguments to
3074.Dq Nm ldconfig Fl 32 .
3075.It Va kern_securelevel_enable
3076.Pq Vt bool
3077Set to
3078.Dq Li YES
3079to set the kernel security level at system startup.
3080.It Va kern_securelevel
3081.Pq Vt int
3082The kernel security level to set at startup.
3083The allowed range of
3084.Ar value
3085ranges from \-1 (the compile time default) to 3 (the
3086most secure).
3087See
3088.Xr init 8
3089for the list of possible security levels and their effect
3090on system operation.
3091.It Va sshd_program
3092.Pq Vt str
3093Path to the SSH server program
3094.Pa ( /usr/sbin/sshd
3095is the default).
3096.It Va sshd_enable
3097.Pq Vt bool
3098Set to
3099.Dq Li YES
3100to start
3101.Xr sshd 8
3102at system boot time.
3103.It Va sshd_flags
3104.Pq Vt str
3105If
3106.Va sshd_enable
3107is set to
3108.Dq Li YES ,
3109these are the flags to pass to the
3110.Xr sshd 8
3111daemon.
3112.It Va ftpd_program
3113.Pq Vt str
3114Path to the FTP server program
3115.Pa ( /usr/libexec/ftpd
3116is the default).
3117.It Va ftpd_enable
3118.Pq Vt bool
3119Set to
3120.Dq Li YES
3121to start
3122.Xr ftpd 8
3123as a stand-alone daemon at system boot time.
3124.It Va ftpd_flags
3125.Pq Vt str
3126If
3127.Va ftpd_enable
3128is set to
3129.Dq Li YES ,
3130these are the additional flags to pass to the
3131.Xr ftpd 8
3132daemon.
3133.It Va watchdogd_enable
3134.Pq Vt bool
3135If set to
3136.Dq Li YES ,
3137start the
3138.Xr watchdogd 8
3139daemon at boot time.
3140This requires that the kernel have been compiled with a
3141.Xr watchdog 4
3142compatible device.
3143.It Va watchdogd_flags
3144.Pq Vt str
3145If
3146.Va watchdogd_enable
3147is set to
3148.Dq Li YES ,
3149these are the flags passed to the
3150.Xr watchdogd 8
3151daemon.
3152.It Va performance_cx_lowest
3153.Pq Vt str
3154CPU idle state to use while on AC power.
3155The string
3156.Dq Li LOW
3157indicates that
3158.Xr acpi 4
3159should use the lowest power state available while
3160.Dq Li HIGH
3161indicates that the lowest latency state (less power savings) should be used.
3162.It Va performance_cpu_freq
3163.Pq Vt str
3164CPU clock frequency to use while on AC power.
3165The string
3166.Dq Li LOW
3167indicates that
3168.Xr cpufreq 4
3169should use the lowest frequency available while
3170.Dq Li HIGH
3171indicates that the highest frequency (less power savings) should be used.
3172.It Va economy_cx_lowest
3173.Pq Vt str
3174CPU idle state to use when off AC power.
3175The string
3176.Dq Li LOW
3177indicates that
3178.Xr acpi 4
3179should use the lowest power state available while
3180.Dq Li HIGH
3181indicates that the lowest latency state (less power savings) should be used.
3182.It Va economy_cpu_freq
3183.Pq Vt str
3184CPU clock frequency to use when off AC power.
3185The string
3186.Dq Li LOW
3187indicates that
3188.Xr cpufreq 4
3189should use the lowest frequency available while
3190.Dq Li HIGH
3191indicates that the highest frequency (less power savings) should be used.
3192.It Va jail_enable
3193.Pq Vt bool
3194If set to
3195.Dq Li NO ,
3196any configured jails will not be started.
3197.It Va jail_list
3198.Pq Vt str
3199A space separated list of names for jails.
3200This is purely a configuration aid to help identify and
3201configure multiple jails.
3202The names specified in this list will be used to
3203identify settings common to an instance of a jail.
3204Assuming that the jail in question was named
3205.Li vjail ,
3206you would have the following dependent variables:
3207.Bd -literal
3208jail_vjail_hostname="jail.example.com"
3209jail_vjail_ip="192.168.1.100"
3210jail_vjail_rootdir="/var/jails/vjail/root"
3211.Ed
3212.Pp
3213.It Va jail_flags
3214.Pq Vt str
3215Unset by default.
3216When set, use as default value for
3217.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3218for every jail in
3219.Va jail_list .
3220.It Va jail_interface
3221.Pq Vt str
3222Unset by default.
3223When set, use as default value for
3224.Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3225for every jail in
3226.Va jail_list .
3227.It Va jail_fstab
3228.Pq Vt str
3229Unset by default.
3230When set, use as default value for
3231.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3232for every jail in
3233.Va jail_list .
3234.It Va jail_mount_enable
3235.Pq Vt bool
3236Set to
3237.Dq Li NO
3238by default.
3239When set to
3240.Dq Li YES ,
3241sets
3242.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3243to
3244.Dq Li YES
3245by default for every jail in
3246.Va jail_list .
3247.It Va jail_devfs_ruleset
3248.Pq Vt str
3249Unset by default.
3250When set, sets
3251.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3252to given value for every jail in
3253.Va jail_list .
3254.It Va jail_devfs_enable
3255.Pq Vt bool
3256Set to
3257.Dq Li NO
3258by default.
3259When set to
3260.Dq Li YES ,
3261sets
3262.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3263to
3264.Dq Li YES
3265by default for every jail in
3266.Va jail_list .
3267.It Va jail_fdescfs_enable
3268.Pq Vt bool
3269Set to
3270.Dq Li NO
3271by default.
3272When set to
3273.Dq Li YES ,
3274sets
3275.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3276to
3277.Dq Li YES
3278by default for every jail in
3279.Va jail_list .
3280.It Va jail_procfs_enable
3281.Pq Vt bool
3282Set to
3283.Dq Li NO
3284by default.
3285When set to
3286.Dq Li YES ,
3287sets
3288.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3289to
3290.Dq Li YES
3291by default for every jail in
3292.Va jail_list .
3293.It Va jail_exec_start
3294.Pq Vt str
3295Unset by default.
3296When set, use as default value for
3297.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3298for every jail in
3299.Va jail_list .
3300.It Va jail_exec_afterstart Ns Aq Ar N
3301.Pq Vt str
3302Unset by default.
3303When set, use as default value for
3304.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3305for every jail in
3306.Va jail_list .
3307.It Va jail_exec_stop
3308Unset by default.
3309When set, use as default value for
3310.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3311for every jail in
3312.Va jail_list .
3313.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3314.Pq Vt str
3315Unset by default.
3316Set to the root directory used by jail
3317.Va jname .
3318.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3319.Pq Vt str
3320Unset by default.
3321Set to the fully qualified domain name (FQDN) assigned to jail
3322.Va jname .
3323.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3324.Pq Vt str
3325Unset by default.
3326Set to the IP address assigned to jail
3327.Va jname .
3328.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3329.Pq Vt str
3330Set to
3331.Dq Li -l -U root
3332by default.
3333These are flags to pass to
3334.Xr jail .
3335.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface
3336.Pq Vt str
3337Unset by default.
3338When set, sets the interface to use when setting IP address alias.
3339Note that the alias is created at jail startup and removed at jail shutdown.
3340.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3341.Pq Vt str
3342Set to
3343.Pa /etc/fstab. Ns Aq Ar jname
3344by default.
3345This is the file system information file to use for jail
3346.Va jname .
3347.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3348.Pq Vt bool
3349Set to
3350.Dq Li NO
3351by default.
3352When set to
3353.Dq Li YES ,
3354mount all file systems from
3355.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3356at jail startup.
3357.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset
3358.Pq Vt str
3359Unset by default.
3360When set, defines the device file system ruleset file to use for jail
3361.Va jname .
3362.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3363.Pq Vt bool
3364Set to
3365.Dq Li NO
3366by default.
3367When set to
3368.Dq Li YES ,
3369mount the device file system inside jail
3370.Ar jname
3371at jail startup.
3372.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3373.Pq Vt bool
3374Set to
3375.Dq Li NO
3376by default.
3377When set to
3378.Dq Li YES ,
3379mount the file-descriptor file system inside jail
3380.Ar jname
3381at jail startup.
3382.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable
3383.Pq Vt bool
3384Set to
3385.Dq Li NO
3386by default.
3387When set to
3388.Dq Li YES ,
3389mount the process file system inside jail
3390.Ar jname
3391at jail startup.
3392.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start
3393.Pq Vt str
3394Set to
3395.Dq Li /bin/sh /etc/rc
3396by default.
3397This is the command executed at jail startup.
3398.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N
3399.Pq Vt str
3400Unset by default.
3401This is the command run as
3402.Ar N Ns
3403th command
3404after jail startup, where
3405.Ar N
3406is 1, 2, and so on.
3407.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3408.Pq Vt str
3409Set to
3410.Dq Li /bin/sh /etc/rc.shutdown
3411by default.
3412This is the command executed at jail shutdown.
3413.It Va jail_set_hostname_allow
3414.Pq Vt bool
3415If set to
3416.Dq Li NO ,
3417do not allow the root user in a jail to set its hostname.
3418.It Va jail_socket_unixiproute_only
3419.Pq Vt bool
3420If set to
3421.Dq Li YES ,
3422do not allow any sockets,
3423besides UNIX/IP/route sockets,
3424to be used within a jail.
3425.It Va jail_sysvipc_allow
3426.Pq Vt bool
3427If set to
3428.Dq Li YES ,
3429allow applications within a jail to use System V IPC.
3430.\" ----- ISDN settings ---------------------------------
3431.It Va isdn_enable
3432.Pq Vt bool
3433Set to
3434.Dq Li NO
3435by default.
3436When set to
3437.Dq Li YES ,
3438starts the
3439.Xr isdnd 8
3440daemon
3441at system boot time.
3442.It Va isdn_flags
3443.Pq Vt str
3444Set to
3445.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
3446by default.
3447Additional flags to pass to
3448.Xr isdnd 8
3449(but see
3450.Va isdn_fsdev
3451and
3452.Va isdn_ttype
3453for certain tunable parameters).
3454.It Va isdn_ttype
3455.Pq Vt str
3456Set to
3457.Dq Li cons25
3458by default.
3459The terminal type of the output device when
3460.Xr isdnd 8
3461operates in full-screen mode.
3462.It Va isdn_screenflags
3463.Pq Vt str
3464Set to
3465.Dq Li NO
3466by default.
3467The video mode for full-screen mode (only for
3468.Xr syscons 4
3469console driver, see
3470.Xr vidcontrol 1
3471for valid modes).
3472.It Va isdn_fsdev
3473.Pq Vt str
3474Set to
3475.Dq Li NO
3476by default.
3477The output device for
3478.Xr isdnd 8
3479in full-screen mode (or
3480.Dq Li NO
3481for daemon mode).
3482.It Va isdn_trace
3483.Pq Vt bool
3484Set to
3485.Dq Li NO
3486by default.
3487When set to
3488.Dq Li YES ,
3489enables the ISDN protocol trace utility
3490.Xr isdntrace 8
3491at system boot time.
3492.It Va isdn_traceflags
3493.Pq Vt str
3494Set to
3495.Dq Fl f Pa /var/tmp/isdntrace0
3496by default.
3497Flags for
3498.Xr isdntrace 8 .
3499.\" -----------------------------------------------------
3500.It Va harvest_interrupt
3501.Pq Vt bool
3502Set to
3503.Dq Li YES
3504to use hardware interrupts as an entropy source.
3505Refer to
3506.Xr random 4
3507for more information.
3508.It Va harvest_ethernet
3509.Pq Vt bool
3510Set to
3511.Dq Li YES
3512to use LAN traffic as an entropy source.
3513Refer to
3514.Xr random 4
3515for more information.
3516.It Va harvest_p_to_p
3517.Pq Vt bool
3518Set to
3519.Dq Li YES
3520to use serial line traffic as an entropy source.
3521Refer to
3522.Xr random 4
3523for more information.
3524.It Va entropy_dir
3525.Pq Vt str
3526Set to
3527.Dq Li NO
3528to disable caching entropy via
3529.Xr cron 8 .
3530Otherwise set to the directory used to store entropy files in.
3531.It Va entropy_file
3532.Pq Vt str
3533Set to
3534.Dq Li NO
3535to disable caching entropy through reboots.
3536Otherwise set to the filename used to store cached entropy through
3537reboots.
3538This file should be located on the root file system to seed the
3539.Xr random 4
3540device as early as possible in the boot process.
3541.It Va entropy_save_sz
3542.Pq Vt int
3543Size of the entropy cache files saved by
3544.Nm save-entropy
3545periodically.
3546.It Va entropy_save_num
3547.Pq Vt int
3548Number of entropy cache files to save by
3549.Nm save-entropy
3550periodically.
3551.It Va ipsec_enable
3552.Pq Vt bool
3553Set to
3554.Dq Li YES
3555to run
3556.Xr setkey 8
3557on
3558.Va ipsec_file
3559at boot time.
3560.It Va ipsec_file
3561.Pq Vt str
3562Configuration file for
3563.Xr setkey 8 .
3564.It Va dmesg_enable
3565.Pq Vt bool
3566Set to
3567.Dq Li YES
3568to save
3569.Xr dmesg 8
3570to
3571.Pa /var/run/dmesg.boot
3572on boot.
3573.It Va rcshutdown_timeout
3574.Pq Vt int
3575If set, start a watchdog timer in the background which will terminate
3576.Pa rc.shutdown
3577if
3578.Xr shutdown 8
3579has not completed within the specified time (in seconds).
3580Notice that in addition to this soft timeout,
3581.Xr init 8
3582also applies a hard timeout for the execution of
3583.Pa rc.shutdown .
3584This is configured via
3585.Xr sysctl 8
3586variable
3587.Va kern.init_shutdown_timeout
3588and defaults to 120 seconds.
3589Setting the value of
3590.Va rcshutdown_timeout
3591to more than 120 seconds will have no effect until the
3592.Xr sysctl 8
3593variable
3594.Va kern.init_shutdown_timeout
3595is also increased.
3596.It Va virecover_enable
3597.Pq Vt bool
3598Set to
3599.Dq Li NO
3600to prevent the system from trying to
3601recover pre-maturely terminated
3602.Xr vi 1
3603sessions.
3604.It Va ugidfw_enable
3605.Pq Vt bool
3606Set to
3607.Dq Li YES
3608to load the
3609.Xr mac_bsdextended 4
3610module upon system initialization and load a default
3611ruleset file.
3612.It Va bsdextended_script
3613.Pq Vt str
3614The default
3615.Xr mac_bsdextended 4
3616ruleset file to load.
3617The default value of this variable is
3618.Pa /etc/rc.bsdextended .
3619.It Va newsyslog_enable
3620.Pq Vt bool
3621If set to
3622.Dq Li YES ,
3623run
3624.Xr newsyslog 8
3625command at startup.
3626.It Va newsyslog_flags
3627.Pq Vt str
3628If
3629.Va newsyslog_enable
3630is set to
3631.Dq Li YES ,
3632these are the flags to pass to the
3633.Xr newsyslog 8
3634program.
3635The default is
3636.Dq Li -CN ,
3637which causes log files flagged with a
3638.Cm C
3639to be created.
3640.It Va mdconfig_md Ns Aq Ar X
3641.Pq Vt str
3642Arguments to
3643.Xr mdconfig 8
3644for
3645.Xr md 4
3646device
3647.Ar X .
3648At minimum a
3649.Fl t Ar type
3650must be specified and either a
3651.Fl s Ar size
3652for malloc or swap backed
3653.Xr md 4
3654devices or a
3655.Fl f Ar file
3656for vnode backed
3657.Xr md 4
3658devices.
3659Note that
3660.Va mdconfig_md Ns Aq Ar X
3661variables are evaluated until one variable is unset or null.
3662.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
3663.Pq Vt str
3664Optional arguments passed to
3665.Xr newfs 8
3666to initialize
3667.Xr md 4
3668device
3669.Ar X .
3670.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
3671.Pq Vt str
3672An ownership specification passed to
3673.Xr chown 8
3674after the specified
3675.Xr md 4
3676device
3677.Ar X
3678has been mounted.
3679Both the
3680.Xr md 4
3681device and the mount point will be changed.
3682.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
3683.Pq Vt str
3684A mode string passed to
3685.Xr chmod 1
3686after the specified
3687.Xr md 4
3688device
3689.Ar X
3690has been mounted.
3691Both the
3692.Xr md 4
3693device and the mount point will be changed.
3694.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
3695.Pq Vt str
3696Files to be copied to the mount point of the
3697.Xr md 4
3698device
3699.Ar X
3700after it has been mounted.
3701.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
3702.Pq Vt str
3703Command to execute after the specified
3704.Xr md 4
3705device
3706.Ar X
3707has been mounted.
3708Note that the command is passed to
3709.Ic eval
3710and that both
3711.Va _dev
3712and
3713.Va _mp
3714variables can be used to reference respectively the
3715.Xr md 4
3716device and the mount point.
3717Assuming that the
3718.Xr md 4
3719device is
3720.Li md0 ,
3721one could set the following:
3722.Bd -literal
3723mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
3724.Ed
3725.It Va ramdisk_units
3726.Pq Vt str
3727A list of one or more ramdisk units to configure with
3728.Xr mdconfig 8
3729and
3730.Xr newfs 8
3731in time to be mounted from
3732.Xr fstab 5 .
3733Each listed unit
3734.Ar X
3735must specify at least a
3736.Ar type
3737in a
3738.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3739variable.
3740Note that this way to configure ramdisks has been deprecated
3741in favor of new
3742.Va mdconfig_md*
3743variables (see above).
3744.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3745.Pq Vt str
3746Arguments to
3747.Xr mdconfig 8
3748for ramdisk
3749.Ar X .
3750At minimum a
3751.Fl t Ar type
3752must be specified, where
3753.Ar type
3754must be one of
3755.Cm malloc
3756or
3757.Cm swap .
3758.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs
3759.Pq Vt str
3760Optional arguments passed to
3761.Xr newfs 8
3762to initialize ramdisk
3763.Ar X .
3764.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner
3765.Pq Vt str
3766An ownership specification passed to
3767.Xr chown 8
3768after the specified ramdisk unit
3769.Ar X
3770has been mounted.
3771Both the
3772.Xr md 4
3773device and the mount point will be changed.
3774.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms
3775.Pq Vt str
3776A mode string passed to
3777.Xr chmod 1
3778after the specified ramdisk unit
3779.Ar X
3780has been mounted.
3781Both the
3782.Xr md 4
3783device and the mount point will be changed.
3784.It Va autobridge_interfaces
3785.Pq Vt str
3786Set to the list of bridge interfaces that will have newly arriving interfaces
3787checked against to be automatically added.
3788If not set to
3789.Dq Li NO
3790then for each whitespace separated
3791.Ar element
3792in the value, a
3793.Va autobridge_ Ns Aq Ar element
3794variable is assumed to exist which has a whitespace separated list of interface
3795names to match, these names can use wildcards.
3796For example:
3797.Bd -literal
3798autobridge_interfaces="bridge0"
3799autobridge_bridge0="tap* dc0 vlan[345]"
3800.Ed
3801.It Va mixer_enable
3802.Pq Vt bool
3803If set to
3804.Dq Li YES ,
3805enable support for sound mixer.
3806.El
3807.Sh FILES
3808.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
3809.It Pa /etc/defaults/rc.conf
3810.It Pa /etc/rc.conf
3811.It Pa /etc/rc.conf.local
3812.El
3813.Sh SEE ALSO
3814.Xr catman 1 ,
3815.Xr chmod 1 ,
3816.Xr gdb 1 ,
3817.Xr info 1 ,
3818.Xr kbdcontrol 1 ,
3819.Xr makewhatis 1 ,
3820.Xr sh 1 ,
3821.Xr vi 1 ,
3822.Xr vidcontrol 1 ,
3823.Xr bridge 4 ,
3824.Xr ip 4 ,
3825.Xr ipf 4 ,
3826.Xr ipfw 4 ,
3827.Xr ipnat 4 ,
3828.Xr kld 4 ,
3829.Xr pf 4 ,
3830.Xr pflog 4 ,
3831.Xr pfsync 4 ,
3832.Xr tcp 4 ,
3833.Xr udp 4 ,
3834.Xr exports 5 ,
3835.Xr fstab 5 ,
3836.Xr ipf 5 ,
3837.Xr ipnat 5 ,
3838.Xr motd 5 ,
3839.Xr newsyslog.conf 5 ,
3840.Xr pf.conf 5 ,
3841.Xr accton 8 ,
3842.Xr amd 8 ,
3843.Xr apm 8 ,
3844.Xr atm 8 ,
3845.Xr chkprintcap 8 ,
3846.Xr chown 8 ,
3847.Xr cron 8 ,
3848.Xr dhclient 8 ,
3849.Xr ftpd 8 ,
3850.Xr geli 8 ,
3851.Xr ifconfig 8 ,
3852.Xr inetd 8 ,
3853.Xr ipf 8 ,
3854.Xr ipfw 8 ,
3855.Xr ipnat 8 ,
3856.Xr isdnd 8 ,
3857.Xr isdntrace 8 ,
3858.Xr jail 8 ,
3859.Xr kldxref 8 ,
3860.Xr lpd 8 ,
3861.Xr mdconfig 8 ,
3862.Xr mdmfs 8 ,
3863.Xr mixer 8 ,
3864.Xr mountd 8 ,
3865.Xr moused 8 ,
3866.Xr mrouted 8 ,
3867.Xr named 8 ,
3868.Xr newfs 8 ,
3869.Xr newsyslog 8 ,
3870.Xr nfsd 8 ,
3871.Xr ntpd 8 ,
3872.Xr ntpdate 8 ,
3873.Xr pfctl 8 ,
3874.Xr pflogd 8 ,
3875.Xr powerd 8 ,
3876.Xr quotacheck 8 ,
3877.Xr quotaon 8 ,
3878.Xr rc 8 ,
3879.Xr rc.sendmail 8 ,
3880.Xr route 8 ,
3881.Xr routed 8 ,
3882.Xr rpcbind 8 ,
3883.Xr rpc.lockd 8 ,
3884.Xr rpc.statd 8 ,
3885.Xr rwhod 8 ,
3886.Xr savecore 8 ,
3887.Xr sshd 8 ,
3888.Xr swapon 8 ,
3889.Xr sysctl 8 ,
3890.Xr syslogd 8 ,
3891.Xr timed 8 ,
3892.Xr yp 8 ,
3893.Xr ypbind 8 ,
3894.Xr ypserv 8 ,
3895.Xr ypset 8
3896.Sh HISTORY
3897The
3898.Nm
3899file appeared in
3900.Fx 2.2.2 .
3901.Sh AUTHORS
3902.An Jordan K. Hubbard .
3903