1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd January 12, 2008 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va kldxref_enable 168.Pq Vt bool 169Set to 170.Dq Li NO 171by default. 172Set to 173.Dq Li YES 174to automatically rebuild 175.Pa linker.hints 176files with 177.Xr kldxref 8 178at boot time. 179.It Va kldxref_clobber 180.Pq Vt bool 181Set to 182.Dq Li NO 183by default. 184If 185.Va kldxref_enable 186is true, 187setting to 188.Dq Li YES 189will overwrite existing 190.Pa linker.hints 191files at boot time. 192Otherwise, 193only missing 194.Pa linker.hints 195files are generated. 196.It Va kldxref_module_path 197.Pq Vt str 198Empty by default. 199A semi-colon 200.Pq Ql \&; 201delimited list of paths containing 202.Xr kld 4 203modules. 204If empty, 205the contents of the 206.Va kern.module_path 207.Xr sysctl 8 208are used. 209.It Va powerd_enable 210.Pq Vt bool 211If set to 212.Dq Li YES , 213enable the system power control facility with the 214.Xr powerd 8 215daemon. 216.It Va powerd_flags 217.Pq Vt str 218If 219.Va powerd_enable 220is set to 221.Dq Li YES , 222these are the flags to pass to the 223.Xr powerd 8 224daemon. 225.It Va tmpmfs 226Controls the creation of a 227.Pa /tmp 228memory file system. 229Always happens if set to 230.Dq Li YES 231and never happens if set to 232.Dq Li NO . 233If set to anything else, a memory file system is created if 234.Pa /tmp 235is not writable. 236.It Va tmpsize 237Controls the size of a created 238.Pa /tmp 239memory file system. 240.It Va tmpmfs_flags 241Extra options passed to the 242.Xr mdmfs 8 243utility when the memory file system for 244.Pa /tmp 245is created. 246The default is 247.Dq Li "-S" , 248which inhibits the use of softupdates on 249.Pa /tmp 250so that file system space is freed without delay 251after file truncation or deletion. 252See 253.Xr mdmfs 8 254for other options you can use in 255.Va tmpmfs_flags . 256.It Va varmfs 257Controls the creation of a 258.Pa /var 259memory file system. 260Always happens if set to 261.Dq Li YES 262and never happens if set to 263.Dq Li NO . 264If set to anything else, a memory file system is created if 265.Pa /var 266is not writable. 267.It Va varsize 268Controls the size of a created 269.Pa /var 270memory file system. 271.It Va varmfs_flags 272Extra options passed to the 273.Xr mdmfs 8 274utility when the memory file system for 275.Pa /var 276is created. 277The default is 278.Dq Li "-S" , 279which inhibits the use of softupdates on 280.Pa /var 281so that file system space is freed without delay 282after file truncation or deletion. 283See 284.Xr mdmfs 8 285for other options you can use in 286.Va varmfs_flags . 287.It Va populate_var 288Controls the automatic population of the 289.Pa /var 290file system. 291Always happens if set to 292.Dq Li YES 293and never happens if set to 294.Dq Li NO . 295If set to anything else, a memory file system is created if 296.Pa /var 297is not writable. 298Note that this process requires access to certain commands in 299.Pa /usr 300before 301.Pa /usr 302is mounted on normal systems. 303.It Va cleanvar_enable 304.Pq Vt bool 305Clean the 306.Pa /var 307directory. 308.It Va local_startup 309.Pq Vt str 310List of directories to search for startup script files. 311.It Va script_name_sep 312.Pq Vt str 313The field separator to use for breaking down the list of startup script files 314into individual filenames. 315The default is a space. 316It is not necessary to change this unless there are startup scripts with names 317containing spaces. 318.It Va hostapd_enable 319.Pq Vt bool 320Set to 321.Dq Li YES 322to start 323.Xr hostapd 8 324at system boot time. 325.It Va hostname 326.Pq Vt str 327The fully qualified domain name (FQDN) of this host on the network. 328This should almost certainly be set to something meaningful, even if 329there is no network connection. 330If 331.Xr dhclient 8 332is used to set the hostname via DHCP, 333this variable should be set to an empty string. 334.It Va ipv6_enable 335.Pq Vt bool 336Enable support for IPv6 networking. 337Note that this requires that the kernel has been compiled with 338.Cd "options INET6" . 339.It Va nisdomainname 340.Pq Vt str 341The NIS domain name of this host, or 342.Dq Li NO 343if NIS is not used. 344.It Va dhclient_program 345.Pq Vt str 346Path to the DHCP client program 347.Pa ( /sbin/dhclient , 348the 349.Ox 350DHCP client, 351is the default). 352.It Va dhclient_flags 353.Pq Vt str 354Additional flags to pass to the DHCP client program. 355For the 356.Ox 357DHCP client, see the 358.Xr dhclient 8 359manpage for a description of the command line options available. 360.It Va dhclient_flags_ Ns Aq Ar iface 361Additional flags to pass to the DHCP client program running on 362.Ar iface 363only. 364When specified, this variable overrides 365.Va dhclient_flags . 366.It Va background_dhclient 367.Pq Vt bool 368Set to 369.Dq Li YES 370to start the DHCP client in background. 371This can cause trouble with applications depending on 372a working network, but it will provide a faster startup 373in many cases. 374.It Va background_dhclient_ Ns Aq Ar iface 375When specified, this variable overrides the 376.Va background_dhclient 377variable for interface 378.Ar iface 379only. 380.It Va synchronous_dhclient 381.Pq Bt bool 382Set to 383.Dq Li NO 384to start 385.Xr dhclient 8 386only in response to interface events and not synchronously at startup. 387This behavior can be overridden on a per-interface basis by replacing 388the 389.Dq Li DHCP 390keyword in the 391.Va ifconfig_ Ns Aq Ar interface 392variable with 393.Dq Li SYNCDHCP 394or 395.Dq Li NOSYNCDHCP . 396.It Va firewall_enable 397.Pq Vt bool 398Set to 399.Dq Li YES 400to load firewall rules at startup. 401If the kernel was not built with 402.Cd "options IPFIREWALL" , 403the 404.Pa ipfw.ko 405kernel module will be loaded. 406See also 407.Va ipfilter_enable . 408.It Va ipv6_firewall_enable 409.Pq Vt bool 410The IPv6 equivalent of 411.Va firewall_enable . 412Set to 413.Dq Li YES 414to load IPv6 firewall rules at startup. 415If the kernel was not built with 416.Cd "options IPV6FIREWALL" , 417the 418.Pa ipfw.ko 419kernel module will be loaded. 420.It Va firewall_script 421.Pq Vt str 422This variable specifies the full path to the firewall script to run. 423The default is 424.Pa /etc/rc.firewall . 425.It Va ipv6_firewall_script 426.Pq Vt str 427The IPv6 equivalent of 428.Va firewall_script . 429.It Va firewall_type 430.Pq Vt str 431Names the firewall type from the selection in 432.Pa /etc/rc.firewall , 433or the file which contains the local firewall ruleset. 434Valid selections from 435.Pa /etc/rc.firewall 436are: 437.Pp 438.Bl -tag -width ".Li simple" -compact 439.It Li open 440unrestricted IP access 441.It Li closed 442all IP services disabled, except via 443.Dq Li lo0 444.It Li client 445basic protection for a workstation 446.It Li simple 447basic protection for a LAN. 448.El 449.Pp 450If a filename is specified, the full path 451must be given. 452.It Va ipv6_firewall_type 453.Pq Vt str 454The IPv6 equivalent of 455.Va firewall_type . 456.It Va firewall_quiet 457.Pq Vt bool 458Set to 459.Dq Li YES 460to disable the display of firewall rules on the console during boot. 461.It Va ipv6_firewall_quiet 462.Pq Vt bool 463The IPv6 equivalent of 464.Va firewall_quiet . 465.It Va firewall_logging 466.Pq Vt bool 467Set to 468.Dq Li YES 469to enable firewall event logging. 470This is equivalent to the 471.Dv IPFIREWALL_VERBOSE 472kernel option. 473.It Va ipv6_firewall_logging 474.Pq Vt bool 475The IPv6 equivalent of 476.Va firewall_logging . 477.It Va firewall_flags 478.Pq Vt str 479Flags passed to 480.Xr ipfw 8 481if 482.Va firewall_type 483specifies a filename. 484.It Va ipv6_firewall_flags 485.Pq Vt str 486The IPv6 equivalent of 487.Va firewall_flags . 488.It Va natd_program 489.Pq Vt str 490Path to 491.Xr natd 8 . 492.It Va natd_enable 493.Pq Vt bool 494Set to 495.Dq Li YES 496to enable 497.Xr natd 8 . 498.Va firewall_enable 499must also be set to 500.Dq Li YES , 501and 502.Xr divert 4 503sockets must be enabled in the kernel. 504If the kernel was not built with 505.Cd "options IPDIVERT" , 506the 507.Pa ipdivert.ko 508kernel module will be loaded. 509.It Va natd_interface 510.Pq Vt str 511This is the name of the public interface on which 512.Xr natd 8 513should run. 514The interface may be given as an interface name or as an IP address. 515.It Va natd_flags 516.Pq Vt str 517Additional 518.Xr natd 8 519flags should be placed here. 520The 521.Fl n 522or 523.Fl a 524flag is automatically added with the above 525.Va natd_interface 526as an argument. 527.\" ----- ipfilter_enable setting -------------------------------- 528.It Va ipfilter_enable 529.Pq Vt bool 530Set to 531.Dq Li NO 532by default. 533Setting this to 534.Dq Li YES 535enables 536.Xr ipf 8 537packet filtering. 538.Pp 539Typical usage will require putting 540.Bd -literal 541ipfilter_enable="YES" 542ipnat_enable="YES" 543ipmon_enable="YES" 544ipfs_enable="YES" 545.Ed 546.Pp 547into 548.Pa /etc/rc.conf 549and editing 550.Pa /etc/ipf.rules 551and 552.Pa /etc/ipnat.rules 553appropriately. 554.Pp 555Note that 556.Va ipfilter_enable 557and 558.Va ipnat_enable 559can be enabled independently. 560.Va ipmon_enable 561and 562.Va ipfs_enable 563both require at least one of 564.Va ipfilter_enable 565and 566.Va ipnat_enable 567to be enabled. 568.Pp 569Having 570.Bd -literal 571options IPFILTER 572options IPFILTER_LOG 573options IPFILTER_DEFAULT_BLOCK 574.Ed 575.Pp 576in the kernel configuration file is a good idea, too. 577.\" ----- ipfilter_program setting ------------------------------ 578.It Va ipfilter_program 579.Pq Vt str 580Path to 581.Xr ipf 8 582(default 583.Pa /sbin/ipf ) . 584.\" ----- ipfilter_rules setting -------------------------------- 585.It Va ipfilter_rules 586.Pq Vt str 587Set to 588.Pa /etc/ipf.rules 589by default. 590This variable contains the name of the filter rule definition file. 591The file is expected to be readable for the 592.Xr ipf 8 593command to execute. 594.\" ----- ipv6_ipfilter_rules setting --------------------------- 595.It Va ipv6_ipfilter_rules 596.Pq Vt str 597Set to 598.Pa /etc/ipf6.rules 599by default. 600This variable contains the IPv6 filter rule definition file. 601The file is expected to be readable for the 602.Xr ipf 8 603command to execute. 604.\" ----- ipfilter_flags setting -------------------------------- 605.It Va ipfilter_flags 606.Pq Vt str 607Empty by default. 608This variable contains flags passed to the 609.Xr ipf 8 610program. 611.\" ----- ipnat_enable setting ---------------------------------- 612.It Va ipnat_enable 613.Pq Vt bool 614Set to 615.Dq Li NO 616by default. 617Set it to 618.Dq Li YES 619to enable 620.Xr ipnat 8 621network address translation. 622See 623.Va ipfilter_enable 624for a detailed discussion. 625.\" ----- ipnat_program setting --------------------------------- 626.It Va ipnat_program 627.Pq Vt str 628Path to 629.Xr ipnat 8 630(default 631.Pa /sbin/ipnat ) . 632.\" ----- ipnat_rules setting ----------------------------------- 633.It Va ipnat_rules 634.Pq Vt str 635Set to 636.Pa /etc/ipnat.rules 637by default. 638This variable contains the name of the file 639holding the network address translation definition. 640This file is expected to be readable for the 641.Xr ipnat 8 642command to execute. 643.\" ----- ipnat_flags setting ----------------------------------- 644.It Va ipnat_flags 645.Pq Vt str 646Empty by default. 647This variable contains flags passed to the 648.Xr ipnat 8 649program. 650.\" ----- ipmon_enable setting ---------------------------------- 651.It Va ipmon_enable 652.Pq Vt bool 653Set to 654.Dq Li NO 655by default. 656Set it to 657.Dq Li YES 658to enable 659.Xr ipmon 8 660monitoring (logging 661.Xr ipf 8 662and 663.Xr ipnat 8 664events). 665Setting this variable needs setting 666.Va ipfilter_enable 667or 668.Va ipnat_enable 669too. 670See 671.Va ipfilter_enable 672for a detailed discussion. 673.\" ----- ipmon_program setting --------------------------------- 674.It Va ipmon_program 675.Pq Vt str 676Path to 677.Xr ipmon 8 678(default 679.Pa /sbin/ipmon ) . 680.\" ----- ipmon_flags setting ----------------------------------- 681.It Va ipmon_flags 682.Pq Vt str 683Set to 684.Dq Li -Ds 685by default. 686This variable contains flags passed to the 687.Xr ipmon 8 688program. 689Another typical example would be 690.Dq Fl D Pa /var/log/ipflog 691to have 692.Xr ipmon 8 693log directly to a file bypassing 694.Xr syslogd 8 . 695Make sure to adjust 696.Pa /etc/newsyslog.conf 697in such case like this: 698.Bd -literal 699/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 700.Ed 701.\" ----- ipfs_enable setting ----------------------------------- 702.It Va ipfs_enable 703.Pq Vt bool 704Set to 705.Dq Li NO 706by default. 707Set it to 708.Dq Li YES 709to enable 710.Xr ipfs 8 711saving the filter and NAT state tables during shutdown 712and reloading them during startup again. 713Setting this variable needs setting 714.Va ipfilter_enable 715or 716.Va ipnat_enable 717to 718.Dq Li YES 719too. 720See 721.Va ipfilter_enable 722for a detailed discussion. 723Note that if 724.Va kern_securelevel 725is set to 3, 726.Va ipfs_enable 727cannot be used 728because the raised securelevel will prevent 729.Xr ipfs 8 730from saving the state tables at shutdown time. 731.\" ----- ipfs_program setting ---------------------------------- 732.It Va ipfs_program 733.Pq Vt str 734Path to 735.Xr ipfs 8 736(default 737.Pa /sbin/ipfs ) . 738.\" ----- ipfs_flags setting ------------------------------------ 739.It Va ipfs_flags 740.Pq Vt str 741Empty by default. 742This variable contains flags passed to the 743.Xr ipfs 8 744program. 745.\" ----- end of added ipf hook --------------------------------- 746.It Va pf_enable 747.Pq Vt bool 748Set to 749.Dq Li NO 750by default. 751Setting this to 752.Dq Li YES 753enables 754.Xr pf 4 755packet filtering. 756.Pp 757Typical usage will require putting 758.Pp 759.Dl pf_enable="YES" 760.Pp 761into 762.Pa /etc/rc.conf 763and editing 764.Pa /etc/pf.conf 765appropriately. 766Adding 767.Pp 768.Dl "device pf" 769.Pp 770builds support for 771.Xr pf 4 772into the kernel, otherwise the 773kernel module will be loaded. 774.It Va pf_rules 775.Pq Vt str 776Path to 777.Xr pf 4 778ruleset configuration file 779(default 780.Pa /etc/pf.conf ) . 781.It Va pf_program 782.Pq Vt str 783Path to 784.Xr pfctl 8 785(default 786.Pa /sbin/pfctl ) . 787.It Va pf_flags 788.Pq Vt str 789If 790.Va pf_enable 791is set to 792.Dq Li YES , 793these flags are passed to the 794.Xr pfctl 8 795program when loading the ruleset. 796.It Va pflog_enable 797.Pq Vt bool 798Set to 799.Dq Li NO 800by default. 801Setting this to 802.Dq Li YES 803enables 804.Xr pflogd 8 805which logs packets from the 806.Xr pf 4 807packet filter. 808.It Va pflog_logfile 809.Pq Vt str 810If 811.Va pflog_enable 812is set to 813.Dq Li YES 814this controls where 815.Xr pflogd 8 816stores the logfile 817(default 818.Pa /var/log/pflog ) . 819Check 820.Pa /etc/newsyslog.conf 821to adjust logfile rotation for this. 822.It Va pflog_program 823.Pq Vt str 824Path to 825.Xr pflogd 8 826(default 827.Pa /sbin/pflogd ) . 828.It Va pflog_flags 829.Pq Vt str 830Empty by default. 831This variable contains additional flags passed to the 832.Xr pflogd 8 833program. 834.It Va ftpproxy_enable 835.Pq Vt bool 836Set to 837.Dq Li NO 838by default. 839Setting this to 840.Dq Li YES 841enables 842.Xr ftp-proxy 8 843which supports the 844.Xr pf 4 845packet filter in translating ftp connections. 846.It Va ftpproxy_flags 847.Pq Vt str 848Empty by default. 849This variable contains additional flags passed to the 850.Xr ftp-proxy 8 851program. 852.It Va pfsync_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Setting this to 858.Dq Li YES 859enables exposing 860.Xr pf 4 861state changes to other hosts over the network by means of 862.Xr pfsync 4 . 863The 864.Va pfsync_syncdev 865variable 866must also be set then. 867.It Va pfsync_syncdev 868.Pq Vt str 869Empty by default. 870This variable specifies the name of the network interface 871.Xr pfsync 4 872should operate through. 873It must be set accordingly if 874.Va pfsync_enable 875is set to 876.Dq Li YES . 877.It Va pfsync_syncpeer 878.Pq Vt str 879Empty by default. 880This variable is optional. 881By default, state change messages are sent out on the synchronisation 882interface using IP multicast packets. 883The protocol is IP protocol 240, PFSYNC, and the multicast group used is 884224.0.0.240. 885When a peer address is specified using the 886.Va pfsync_syncpeer 887option, the peer address is used as a destination for the pfsync 888traffic, and the traffic can then be protected using 889.Xr ipsec 4 . 890See the 891.Xr pfsync 4 892manpage for more details about using 893.Xr ipsec 4 894with 895.Xr pfsync 4 896interfaces. 897.It Va pfsync_ifconfig 898.Pq Vt str 899Empty by default. 900This variable can contain additional options to be passed to the 901.Xr ifconfig 8 902command used to set up 903.Xr pfsync 4 . 904.It Va tcp_extensions 905.Pq Vt bool 906Set to 907.Dq Li YES 908by default. 909Setting this to 910.Dq Li NO 911disables certain TCP options as described by 912.Rs 913.%T "RFC 1323" 914.Re 915Setting this to 916.Dq Li NO 917might help remedy such problems with connections as randomly hanging 918or other weird behavior. 919Some network devices are known 920to be broken with respect to these options. 921.It Va log_in_vain 922.Pq Vt int 923Set to 0 by default. 924The 925.Xr sysctl 8 926variables, 927.Va net.inet.tcp.log_in_vain 928and 929.Va net.inet.udp.log_in_vain , 930as described in 931.Xr tcp 4 932and 933.Xr udp 4 , 934are set to the given value. 935.It Va tcp_keepalive 936.Pq Vt bool 937Set to 938.Dq Li YES 939by default. 940Setting to 941.Dq Li NO 942will disable probing idle TCP connections to verify that the 943peer is still up and reachable. 944.It Va tcp_drop_synfin 945.Pq Vt bool 946Set to 947.Dq Li NO 948by default. 949Setting to 950.Dq Li YES 951will cause the kernel to ignore TCP frames that have both 952the SYN and FIN flags set. 953This prevents OS fingerprinting, but may 954break some legitimate applications. 955.It Va icmp_drop_redirect 956.Pq Vt bool 957Set to 958.Dq Li NO 959by default. 960Setting to 961.Dq Li YES 962will cause the kernel to ignore ICMP REDIRECT packets. 963Refer to 964.Xr icmp 4 965for more information. 966.It Va icmp_log_redirect 967.Pq Vt bool 968Set to 969.Dq Li NO 970by default. 971Setting to 972.Dq Li YES 973will cause the kernel to log ICMP REDIRECT packets. 974Note that 975the log messages are not rate-limited, so this option should only be used 976for troubleshooting networks. 977Refer to 978.Xr icmp 4 979for more information. 980.It Va icmp_bmcastecho 981.Pq Vt bool 982Set to 983.Dq Li YES 984to respond to broadcast or multicast ICMP ping packets. 985Refer to 986.Xr icmp 4 987for more information. 988.It Va ip_portrange_first 989.Pq Vt int 990If not set to 991.Dq Li NO , 992this is the first port in the default portrange. 993Refer to 994.Xr ip 4 995for more information. 996.It Va ip_portrange_last 997.Pq Vt int 998If not set to 999.Dq Li NO , 1000this is the last port in the default portrange. 1001Refer to 1002.Xr ip 4 1003for more information. 1004.It Va network_interfaces 1005.Pq Vt str 1006Set to the list of network interfaces to configure on this host or 1007.Dq Li AUTO 1008(the default) for all current interfaces. 1009Setting the 1010.Va network_interfaces 1011variable to anything other than the default is deprecated. 1012Interfaces that the administrator wishes to store configuration for, 1013but not start at boot should be configured with the 1014.Dq Li NOAUTO 1015keyword in their 1016.Va ifconfig_ Ns Aq Ar interface 1017variables as described below. 1018.Pp 1019An 1020.Va ifconfig_ Ns Aq Ar interface 1021variable is also assumed to exist for each value of 1022.Ar interface . 1023When an interface name contains any of the characters 1024.Dq Li .-/+ 1025they are translated to 1026.Dq Li _ 1027before lookup. 1028The variable can contain arguments to 1029.Xr ifconfig 8 , 1030as well as special case-insensitive keywords described below. 1031Such keywords are removed before passing the value to 1032.Xr ifconfig 8 1033while the order of the other arguments is preserved. 1034.Pp 1035One can configure more than one IPv4 address with the 1036.Va ipv4_addrs_ Ns Aq Ar interface 1037variable. 1038One or more IP addresses must be provided in Classless Inter-Domain 1039Routing (CIDR) address notation, whose last byte can be a range like 1040192.168.0.5-23/24. 1041In this case the address 192.168.0.5 will be configured with the 1042netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1043the non-conflicting netmask /32 as explained in the 1044.Xr ifconfig 8 1045alias section. 1046With the interface in question being 1047.Li ed0 , 1048an example could look like: 1049.Bd -literal 1050ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1051.Ed 1052.Pp 1053It is also possible to add IP alias entries using 1054.Xr ifconfig 8 1055syntax. 1056Assuming that the interface in question was 1057.Li ed0 , 1058it might look 1059something like this: 1060.Bd -literal 1061ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1062ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1063.Ed 1064.Pp 1065And so on. 1066For each 1067.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1068entry that is found, 1069its contents are passed to 1070.Xr ifconfig 8 . 1071Execution stops at the first unsuccessful access, so if 1072something like this is present: 1073.Bd -literal 1074ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1075ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1076ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1077ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1078.Ed 1079.Pp 1080Then note that alias4 would 1081.Em not 1082be added since the search would 1083stop with the missing 1084.Dq Li alias3 1085entry. 1086Due to this difficult to manage behavior, the 1087.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1088form is deprecated. 1089.Pp 1090If the 1091.Pa /etc/start_if. Ns Aq Ar interface 1092file is present, it is read and executed by the 1093.Xr sh 1 1094interpreter 1095before configuring the interface as specified in the 1096.Va ifconfig_ Ns Aq Ar interface 1097and 1098.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1099variables. 1100.Pp 1101If the 1102.Va ifconfig_ Ns Aq Ar interface 1103contains the keyword 1104.Dq Li NOAUTO 1105then the interface will not be configured 1106at boot or by 1107.Pa /etc/pccard_ether 1108when 1109.Va network_interfaces 1110is set to 1111.Dq Li AUTO . 1112.Pp 1113It is possible to bring up an interface with DHCP by adding 1114.Dq Li DHCP 1115to the 1116.Va ifconfig_ Ns Aq Ar interface 1117variable. 1118For instance, to initialize the 1119.Li ed0 1120device via DHCP, 1121it is possible to use something like: 1122.Bd -literal 1123ifconfig_ed0="DHCP" 1124.Ed 1125.Pp 1126Also, if you want to configure your wireless interface with 1127.Xr wpa_supplicant 8 1128for use with WPA, EAP/LEAP or WEP, you need to add 1129.Dq Li WPA 1130to the 1131.Va ifconfig_ Ns Aq Ar interface 1132variable. 1133.Pp 1134Finally, you can add 1135.Xr ifconfig 8 1136options in this variable, in addition to the 1137.Pa /etc/start_if. Ns Aq Ar interface 1138file. 1139For instance, to initialize the 1140.Li wi0 1141device via DHCP, using WPA authentication and 802.11b mode, it is 1142possible to use something like: 1143.Bd -literal 1144ifconfig_wi0="DHCP WPA mode 11b" 1145.Ed 1146.Pp 1147In addition to the 1148.Va ifconfig_ Ns Aq Ar interface 1149form, a fallback variable 1150.Va ifconfig_DEFAULT 1151may be configured. 1152It will be used for all interfaces with no 1153.Va ifconfig_ Ns Aq Ar interface 1154variable. 1155This is intended to replace the no longer supported 1156.Va pccard_ifconfig 1157variable. 1158.Pp 1159It is also possible to rename interface by doing: 1160.Bd -literal 1161ifconfig_ed0_name="net0" 1162ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1163.Ed 1164.It Va ipv6_network_interfaces 1165.Pq Vt str 1166This is the IPv6 equivalent of 1167.Va network_interfaces . 1168Instead of setting the ifconfig variables as 1169.Va ifconfig_ Ns Aq Ar interface 1170they should be set as 1171.Va ipv6_ifconfig_ Ns Aq Ar interface . 1172Aliases should be set as 1173.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1174.Va ipv6_prefix_ Ns Aq Ar interface 1175does something. 1176Interfaces that do not have a 1177.Va ipv6_ifconfig_ Ns Aq Ar interface 1178setting will be auto configured by 1179.Xr rtsol 8 1180if the 1181.Va ipv6_gateway_enable 1182is set to 1183.Dq Li NO . 1184Note that the IPv6 networking code does not support the 1185.Pa /etc/start_if. Ns Aq Ar interface 1186files. 1187.It Va ipv6_default_interface 1188.Pq Vt str 1189If not set to 1190.Dq Li NO , 1191this is the default output interface for scoped addresses. 1192Now this works only for IPv6 link local multicast addresses. 1193.It Va cloned_interfaces 1194.Pq Vt str 1195Set to the list of clonable network interfaces to create on this host. 1196Entries in 1197.Va cloned_interfaces 1198are automatically appended to 1199.Va network_interfaces 1200for configuration. 1201.It Va fec_interfaces 1202.Pq Vt str 1203Set to the list of 1204.Xr ng_fec 4 1205Fast EtherChannel interfaces to configure on this host. 1206A 1207.Va fecconfig_ Ns Aq Ar interface 1208variable is assumed to exist for each value of 1209.Ar interface . 1210The value of this variable is used to configure link aggregated interfaces 1211according to the syntax of the 1212.Cm NGM_FEC_ADD_IFACE 1213to 1214.Xr ngctl 8 1215msg. 1216Additionally, this option ensures that each listed interface is created 1217via the 1218.Cm mkpeer 1219command to 1220.Xr ngctl 8 1221before attempting to configure it. 1222For example: 1223.Bd -literal 1224fec_interfaces="fec0" 1225fecconfig_fec0="em0 em1" 1226ifconfig_fec0="DHCP" 1227.Ed 1228.It Va gif_interfaces 1229.Pq Vt str 1230Set to the list of 1231.Xr gif 4 1232tunnel interfaces to configure on this host. 1233A 1234.Va gifconfig_ Ns Aq Ar interface 1235variable is assumed to exist for each value of 1236.Ar interface . 1237The value of this variable is used to configure the link layer of the 1238tunnel according to the syntax of the 1239.Cm tunnel 1240option to 1241.Xr ifconfig 8 . 1242Additionally, this option ensures that each listed interface is created 1243via the 1244.Cm create 1245option to 1246.Xr ifconfig 8 1247before attempting to configure it. 1248.It Va sppp_interfaces 1249.Pq Vt str 1250Set to the list of 1251.Xr sppp 4 1252interfaces to configure on this host. 1253A 1254.Va spppconfig_ Ns Aq Ar interface 1255variable is assumed to exist for each value of 1256.Ar interface . 1257Each interface should also be configured by a general 1258.Va ifconfig_ Ns Aq Ar interface 1259setting. 1260Refer to 1261.Xr spppcontrol 8 1262for more information about available options. 1263.It Va ppp_enable 1264.Pq Vt bool 1265If set to 1266.Dq Li YES , 1267run the 1268.Xr ppp 8 1269daemon. 1270.It Va ppp_mode 1271.Pq Vt str 1272Mode in which to run the 1273.Xr ppp 8 1274daemon. 1275Accepted modes are 1276.Dq Li auto , 1277.Dq Li ddial , 1278.Dq Li direct 1279and 1280.Dq Li dedicated . 1281See the manual for a full description. 1282.It Va ppp_nat 1283.Pq Vt bool 1284If set to 1285.Dq Li YES , 1286enables network address translation. 1287Used in conjunction with 1288.Va gateway_enable 1289allows hosts on private network addresses access to the Internet using 1290this host as a network address translating router. 1291.It Va ppp_profile 1292.Pq Vt str 1293The name of the profile to use from 1294.Pa /etc/ppp/ppp.conf . 1295.It Va ppp_user 1296.Pq Vt str 1297The name of the user under which 1298.Xr ppp 8 1299should be started. 1300By 1301default, 1302.Xr ppp 8 1303is started as 1304.Dq Li root . 1305.It Va rc_conf_files 1306.Pq Vt str 1307This option is used to specify a list of files that will override 1308the settings in 1309.Pa /etc/defaults/rc.conf . 1310The files will be read in the order in which they are specified and should 1311include the full path to the file. 1312By default, the files specified are 1313.Pa /etc/rc.conf 1314and 1315.Pa /etc/rc.conf.local 1316.It Va zfs_enable 1317.Pq Vt bool 1318If set to 1319.Dq Li YES , 1320.Pa /etc/rc.d/zfs 1321will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1322(ZVOLs). 1323.It Va gbde_autoattach_all 1324.Pq Vt bool 1325If set to 1326.Dq Li YES , 1327.Pa /etc/rc.d/gbde 1328will attempt to automatically initialize your .bde devices in 1329.Pa /etc/fstab . 1330.It Va gbde_devices 1331.Pq Vt str 1332List the devices that the script should try to attach, 1333or 1334.Dq Li AUTO . 1335.It Va gbde_lockdir 1336.Pq Vt str 1337The directory where the 1338.Xr gbde 4 1339lockfiles are located. 1340The default lockfile directory is 1341.Pa /etc . 1342.Pp 1343The lockfile for each individual 1344.Xr gbde 4 1345device can be overridden by setting the variable 1346.Va gbde_lock_ Ns Aq Ar device , 1347where 1348.Ar device 1349is the encrypted device without the 1350.Dq Pa /dev/ 1351and 1352.Dq Pa .bde 1353parts. 1354.It Va gbde_attach_attempts 1355.Pq Vt int 1356Number of times to attempt attaching to a 1357.Xr gbde 4 1358device, i.e., how many times the user is asked for the pass-phrase. 1359Default is 3. 1360.It Va geli_devices 1361.Pq Vt str 1362List of devices to automatically attach on boot. 1363Note that .eli devices from 1364.Pa /etc/fstab 1365are automatically appended to this list. 1366.It Va geli_tries 1367.Pq Vt int 1368Number of times user is asked for the pass-phrase. 1369If empty, it will be taken from 1370.Va kern.geom.eli.tries 1371sysctl variable. 1372.It Va geli_default_flags 1373.Pq Vt str 1374Default flags to use by 1375.Xr geli 8 1376when configuring disk encryption. 1377Flags can be configured for every device separately by defining 1378.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1379variable. 1380.It Va geli_autodetach 1381.Pq Vt str 1382Specifies if GELI devices should be marked for detach on last close after 1383file systems are mounted. 1384Default is 1385.Dq Li YES . 1386This can be changed for every device separately by defining 1387.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1388variable. 1389.It Va geli_swap_flags 1390Options passed to the 1391.Xr geli 8 1392utility when encrypted GEOM providers for swap partitions are created. 1393The default is 1394.Dq Li "-a aes -l 256 -s 4096 -d" . 1395.It Va root_rw_mount 1396.Pq Vt bool 1397Set to 1398.Dq Li YES 1399by default. 1400After the file systems are checked at boot time, the root file system 1401is remounted as read-write if this is set to 1402.Dq Li YES . 1403Diskless systems that mount their root file system from a read-only remote 1404NFS share should set this to 1405.Dq Li NO 1406in their 1407.Pa rc.conf . 1408.It Va fsck_y_enable 1409.Pq Vt bool 1410If set to 1411.Dq Li YES , 1412.Xr fsck 8 1413will be run with the 1414.Fl y 1415flag if the initial preen 1416of the file systems fails. 1417.It Va background_fsck 1418.Pq Vt bool 1419If set to 1420.Dq Li YES , 1421the system will attempt to run 1422.Xr fsck 8 1423in the background where possible. 1424.It Va background_fsck_delay 1425.Pq Vt int 1426The amount of time in seconds to sleep before starting a background 1427.Xr fsck 8 . 1428It defaults to sixty seconds to allow large applications such as 1429the X server to start before disk I/O bandwidth is monopolized by 1430.Xr fsck 8 . 1431If set to a negative number, the background file system check will be 1432delayed indefinitely to allow the administrator to run it at a more 1433convenient time. 1434For example it may be run from 1435.Xr cron 8 1436by adding a line like 1437.Pp 1438.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1439.Pp 1440to 1441.Pa /etc/crontab . 1442.It Va netfs_types 1443.Pq Vt str 1444List of file system types that are network-based. 1445This list should generally not be modified by end users. 1446Use 1447.Va extra_netfs_types 1448instead. 1449.It Va extra_netfs_types 1450.Pq Vt str 1451If set to something other than 1452.Dq Li NO 1453(the default), 1454this variable extends the list of file system types 1455for which automatic mounting at startup by 1456.Xr rc 8 1457should be delayed until the network is initialized. 1458It should contain 1459a whitespace-separated list of network file system descriptor pairs, 1460each consisting of a file system type as passed to 1461.Xr mount 8 1462and a human-readable, one-word description, 1463joined with a colon 1464.Pq Ql \&: . 1465Extending the default list in this way is only necessary 1466when third party file system types are used. 1467.It Va syslogd_enable 1468.Pq Vt bool 1469If set to 1470.Dq Li YES , 1471run the 1472.Xr syslogd 8 1473daemon. 1474.It Va syslogd_program 1475.Pq Vt str 1476Path to 1477.Xr syslogd 8 1478(default 1479.Pa /usr/sbin/syslogd ) . 1480.It Va syslogd_flags 1481.Pq Vt str 1482If 1483.Va syslogd_enable 1484is set to 1485.Dq Li YES , 1486these are the flags to pass to 1487.Xr syslogd 8 . 1488.It Va inetd_enable 1489.Pq Vt bool 1490If set to 1491.Dq Li YES , 1492run the 1493.Xr inetd 8 1494daemon. 1495.It Va inetd_program 1496.Pq Vt str 1497Path to 1498.Xr inetd 8 1499(default 1500.Pa /usr/sbin/inetd ) . 1501.It Va inetd_flags 1502.Pq Vt str 1503If 1504.Va inetd_enable 1505is set to 1506.Dq Li YES , 1507these are the flags to pass to 1508.Xr inetd 8 . 1509.It Va named_enable 1510.Pq Vt bool 1511If set to 1512.Dq Li YES , 1513run the 1514.Xr named 8 1515daemon. 1516.It Va named_program 1517.Pq Vt str 1518Path to 1519.Xr named 8 1520(default 1521.Pa /usr/sbin/named ) . 1522.It Va named_flags 1523.Pq Vt str 1524If 1525.Va named_enable 1526is set to 1527.Dq Li YES , 1528these are the flags to pass to 1529.Xr named 8 . 1530.It Va named_pidfile 1531.Pq Vt str 1532This is the default path to the 1533.Xr named 8 1534daemon's PID file. 1535This must match the location in 1536.Xr named.conf 5 . 1537.It Va named_uid 1538.Pq Vt str 1539The user that the 1540.Xr named 8 1541process should be run as. 1542.It Va named_chrootdir 1543.Pq Vt str 1544The root directory for a name server run in a 1545.Xr chroot 8 1546environment (default 1547.Pa /var/named ) . 1548If left empty 1549.Xr named 8 1550will not be run in a 1551.Xr chroot 8 1552environment. 1553.It Va named_chroot_autoupdate 1554.Pq Vt bool 1555Set to 1556.Dq Li NO 1557to disable automatic update of the 1558.Xr chroot 8 1559environment. 1560.It Va named_symlink_enable 1561.Pq Vt bool 1562Set to 1563.Dq Li NO 1564to disable symlinking of 1565daemon's PID file 1566into the 1567.Xr chroot 8 1568environment. 1569.It Va kerberos5_server_enable 1570.Pq Vt bool 1571Set to 1572.Dq Li YES 1573to start a Kerberos 5 authentication server 1574at boot time. 1575.It Va kerberos5_server 1576.Pq Vt str 1577If 1578.Va kerberos5_server_enable 1579is set to 1580.Dq Li YES 1581this is the path to Kerberos 5 Authentication Server. 1582.It Va kerberos5_server_flags 1583.Pq Vt str 1584Empty by default. 1585This variable contains additional flags to be passed to the Kerberos 5 1586authentication server. 1587.It Va kadmind5_server_enable 1588.Pq Vt bool 1589Set to 1590.Dq Li YES 1591to start 1592.Xr kadmind 8 , 1593the Kerberos 5 Administration Daemon; set to 1594.Dq Li NO 1595on a slave server. 1596.It Va kadmind5_server 1597.Pq Vt str 1598If 1599.Va kadmind5_server_enable 1600is set to 1601.Dq Li YES 1602this is the path to Kerberos 5 Administration Daemon. 1603.It Va kpasswdd_server_enable 1604.Pq Vt bool 1605Set to 1606.Dq Li YES 1607to start 1608.Xr kpasswdd 8 , 1609the Kerberos 5 Password-Changing Daemon; set to 1610.Dq Li NO 1611on a slave server. 1612.It Va kpasswdd_server 1613.Pq Vt str 1614If 1615.Va kpasswdd_server_enable 1616is set to 1617.Dq Li YES 1618this is the path to Kerberos 5 Password-Changing Daemon. 1619.It Va rwhod_enable 1620.Pq Vt bool 1621If set to 1622.Dq Li YES , 1623run the 1624.Xr rwhod 8 1625daemon at boot time. 1626.It Va rwhod_flags 1627.Pq Vt str 1628If 1629.Va rwhod_enable 1630is set to 1631.Dq Li YES , 1632these are the flags to pass to it. 1633.It Va amd_enable 1634.Pq Vt bool 1635If set to 1636.Dq Li YES , 1637run the 1638.Xr amd 8 1639daemon at boot time. 1640.It Va amd_flags 1641.Pq Vt str 1642If 1643.Va amd_enable 1644is set to 1645.Dq Li YES , 1646these are the flags to pass to it. 1647See the 1648.Xr amd 8 1649manpage for more information. 1650.It Va amd_map_program 1651.Pq Vt str 1652If set, 1653the specified program is run to get the list of 1654.Xr amd 8 1655maps. 1656For example, if the 1657.Xr amd 8 1658maps are stored in NIS, one can set this to 1659run 1660.Xr ypcat 1 1661to get a list of 1662.Xr amd 8 1663maps from the 1664.Pa amd.master 1665NIS map. 1666.It Va update_motd 1667.Pq Vt bool 1668If set to 1669.Dq Li YES , 1670.Pa /etc/motd 1671will be updated at boot time to reflect the kernel release 1672being run. 1673If set to 1674.Dq Li NO , 1675.Pa /etc/motd 1676will not be updated. 1677.It Va nfs_client_enable 1678.Pq Vt bool 1679If set to 1680.Dq Li YES , 1681run the NFS client daemons at boot time. 1682.It Va nfs_access_cache 1683.Pq Vt int 1684If 1685.Va nfs_client_enable 1686is set to 1687.Dq Li YES , 1688this can be set to 1689.Dq Li 0 1690to disable NFS ACCESS RPC caching, or to the number of seconds for which 1691NFS ACCESS 1692results should be cached. 1693A value of 2-10 seconds will substantially reduce network 1694traffic for many NFS operations. 1695.It Va nfs_server_enable 1696.Pq Vt bool 1697If set to 1698.Dq Li YES , 1699run the NFS server daemons at boot time. 1700.It Va nfs_server_flags 1701.Pq Vt str 1702If 1703.Va nfs_server_enable 1704is set to 1705.Dq Li YES , 1706these are the flags to pass to the 1707.Xr nfsd 8 1708daemon. 1709.It Va idmapd_enable 1710.Pq Vt bool 1711If set to 1712.Dq Li YES , 1713run the ID mapping daemon for NFS version 4. 1714.It Va idmapd_flags 1715.Pq Vt str 1716If 1717.Va idmapd_enable 1718is set to 1719.Dq Li YES , 1720these are the flags to pass to the 1721.Xr idmapd 8 1722daemon. 1723.It Va mountd_enable 1724.Pq Vt bool 1725If set to 1726.Dq Li YES , 1727and no 1728.Va nfs_server_enable 1729is set, start 1730.Xr mountd 8 , 1731but not 1732.Xr nfsd 8 1733daemon. 1734It is commonly needed to run CFS without real NFS used. 1735.It Va mountd_flags 1736.Pq Vt str 1737If 1738.Va mountd_enable 1739is set to 1740.Dq Li YES , 1741these are the flags to pass to the 1742.Xr mountd 8 1743daemon. 1744.It Va weak_mountd_authentication 1745.Pq Vt bool 1746If set to 1747.Dq Li YES , 1748allow services like PCNFSD to make non-privileged mount 1749requests. 1750.It Va nfs_reserved_port_only 1751.Pq Vt bool 1752If set to 1753.Dq Li YES , 1754provide NFS services only on a secure port. 1755.It Va nfs_bufpackets 1756.Pq Vt int 1757If set to a number, indicates the number of packets worth of 1758socket buffer space to reserve on an NFS client. 1759The kernel default is typically 4. 1760Using a higher number may be 1761useful on gigabit networks to improve performance. 1762The minimum value is 17632 and the maximum is 64. 1764.It Va rpc_lockd_enable 1765.Pq Vt bool 1766If set to 1767.Dq Li YES 1768and also an NFS server or client, run 1769.Xr rpc.lockd 8 1770at boot time. 1771.It Va rpc_lockd_flags 1772.Pq Vt str 1773If 1774.Va rpc_lockd_enable 1775is set to 1776.Dq Li YES , 1777these are the flags to pass to the 1778.Xr rpc.lockd 8 1779daemon. 1780.It Va rpc_statd_enable 1781.Pq Vt bool 1782If set to 1783.Dq Li YES 1784and also an NFS server or client, run 1785.Xr rpc.statd 8 1786at boot time. 1787.It Va rpc_statd_flags 1788.Pq Vt str 1789If 1790.Va rpc_statd_enable 1791is set to 1792.Dq Li YES , 1793these are the flags to pass to the 1794.Xr rpc.statd 8 1795daemon. 1796.It Va rpcbind_program 1797.Pq Vt str 1798Path to 1799.Xr rpcbind 8 1800(default 1801.Pa /usr/sbin/rpcbind ) . 1802.It Va rpcbind_enable 1803.Pq Vt bool 1804If set to 1805.Dq Li YES , 1806run the 1807.Xr rpcbind 8 1808service at boot time. 1809.It Va rpcbind_flags 1810.Pq Vt str 1811If 1812.Va rpcbind_enable 1813is set to 1814.Dq Li YES , 1815these are the flags to pass to the 1816.Xr rpcbind 8 1817daemon. 1818.It Va keyserv_enable 1819.Pq Vt bool 1820If set to 1821.Dq Li YES , 1822run the 1823.Xr keyserv 8 1824daemon on boot for running Secure RPC. 1825.It Va keyserv_flags 1826.Pq Vt str 1827If 1828.Va keyserv_enable 1829is set to 1830.Dq Li YES , 1831these are the flags to pass to 1832.Xr keyserv 8 1833daemon. 1834.It Va pppoed_enable 1835.Pq Vt bool 1836If set to 1837.Dq Li YES , 1838run the 1839.Xr pppoed 8 1840daemon at boot time to provide PPP over Ethernet services. 1841.It Va pppoed_ Ns Aq Ar provider 1842.Pq Vt str 1843.Xr pppoed 8 1844listens to requests to this 1845.Ar provider 1846and ultimately runs 1847.Xr ppp 8 1848with a 1849.Ar system 1850argument of the same name. 1851.It Va pppoed_flags 1852.Pq Vt str 1853Additional flags to pass to 1854.Xr pppoed 8 . 1855.It Va pppoed_interface 1856.Pq Vt str 1857The network interface to run 1858.Xr pppoed 8 1859on. 1860This is mandatory when 1861.Va pppoed_enable 1862is set to 1863.Dq Li YES . 1864.It Va timed_enable 1865.Pq Vt bool 1866If set to 1867.Dq Li YES , 1868run the 1869.Xr timed 8 1870service at boot time. 1871This command is intended for networks of 1872machines where a consistent 1873.Dq "network time" 1874for all hosts must be established. 1875This is often useful in large NFS 1876environments where time stamps on files are expected to be consistent 1877network-wide. 1878.It Va timed_flags 1879.Pq Vt str 1880If 1881.Va timed_enable 1882is set to 1883.Dq Li YES , 1884these are the flags to pass to the 1885.Xr timed 8 1886service. 1887.It Va ntpdate_enable 1888.Pq Vt bool 1889If set to 1890.Dq Li YES , 1891run 1892.Xr ntpdate 8 1893at system startup. 1894This command is intended to 1895synchronize the system clock only 1896.Em once 1897from some standard reference. 1898An option to set this up initially 1899(from a list of known servers) is also provided by the 1900.Xr sysinstall 8 1901program when the system is first installed. 1902.It Va ntpdate_config 1903.Pq Vt str 1904Configuration file for 1905.Xr ntpdate 8 . 1906Default 1907.Pa /etc/ntp.conf . 1908.It Va ntpdate_hosts 1909.Pq Vt str 1910A whitespace-separated list of NTP servers to synchronize with at startup. 1911The default is to use the servers listed in 1912.Va ntpdate_config , 1913if that file exists. 1914.It Va ntpdate_program 1915.Pq Vt str 1916Path to 1917.Xr ntpdate 8 1918(default 1919.Pa /usr/sbin/ntpdate ) . 1920.It Va ntpdate_flags 1921.Pq Vt str 1922If 1923.Va ntpdate_enable 1924is set to 1925.Dq Li YES , 1926these are the flags to pass to the 1927.Xr ntpdate 8 1928command (typically a hostname). 1929.It Va ntpd_enable 1930.Pq Vt bool 1931If set to 1932.Dq Li YES , 1933run the 1934.Xr ntpd 8 1935command at boot time. 1936.It Va ntpd_program 1937.Pq Vt str 1938Path to 1939.Xr ntpd 8 1940(default 1941.Pa /usr/sbin/ntpd ) . 1942.It Va ntpd_config 1943.Pq Vt str 1944Path to 1945.Xr ntpd 8 1946configuration file. 1947Default 1948.Pa /etc/ntp.conf . 1949.It Va ntpd_flags 1950.Pq Vt str 1951If 1952.Va ntpd_enable 1953is set to 1954.Dq Li YES , 1955these are the flags to pass to the 1956.Xr ntpd 8 1957daemon. 1958.It Va ntpd_sync_on_start 1959.Pq Vt bool 1960If set to 1961.Dq Li YES , 1962.Xr ntpd 8 1963is run with the 1964.Fl g 1965flag, which syncs the system's clock on startup. 1966See 1967.Xr ntpd 8 1968for more information regarding the 1969.Fl g 1970option. 1971This is a preferred alternative to using 1972.Xr ntpdate 8 1973or specifying the 1974.Va ntpdate_enable 1975variable. 1976.It Va nis_client_enable 1977.Pq Vt bool 1978If set to 1979.Dq Li YES , 1980run the 1981.Xr ypbind 8 1982service at system boot time. 1983.It Va nis_client_flags 1984.Pq Vt str 1985If 1986.Va nis_client_enable 1987is set to 1988.Dq Li YES , 1989these are the flags to pass to the 1990.Xr ypbind 8 1991service. 1992.It Va nis_ypset_enable 1993.Pq Vt bool 1994If set to 1995.Dq Li YES , 1996run the 1997.Xr ypset 8 1998daemon at system boot time. 1999.It Va nis_ypset_flags 2000.Pq Vt str 2001If 2002.Va nis_ypset_enable 2003is set to 2004.Dq Li YES , 2005these are the flags to pass to the 2006.Xr ypset 8 2007daemon. 2008.It Va nis_server_enable 2009.Pq Vt bool 2010If set to 2011.Dq Li YES , 2012run the 2013.Xr ypserv 8 2014daemon at system boot time. 2015.It Va nis_server_flags 2016.Pq Vt str 2017If 2018.Va nis_server_enable 2019is set to 2020.Dq Li YES , 2021these are the flags to pass to the 2022.Xr ypserv 8 2023daemon. 2024.It Va nis_ypxfrd_enable 2025.Pq Vt bool 2026If set to 2027.Dq Li YES , 2028run the 2029.Xr rpc.ypxfrd 8 2030daemon at system boot time. 2031.It Va nis_ypxfrd_flags 2032.Pq Vt str 2033If 2034.Va nis_ypxfrd_enable 2035is set to 2036.Dq Li YES , 2037these are the flags to pass to the 2038.Xr rpc.ypxfrd 8 2039daemon. 2040.It Va nis_yppasswdd_enable 2041.Pq Vt bool 2042If set to 2043.Dq Li YES , 2044run the 2045.Xr rpc.yppasswdd 8 2046daemon at system boot time. 2047.It Va nis_yppasswdd_flags 2048.Pq Vt str 2049If 2050.Va nis_yppasswdd_enable 2051is set to 2052.Dq Li YES , 2053these are the flags to pass to the 2054.Xr rpc.yppasswdd 8 2055daemon. 2056.It Va rpc_ypupdated_enable 2057.Pq Vt bool 2058If set to 2059.Dq Li YES , 2060run the 2061.Nm rpc.ypupdated 2062daemon at system boot time. 2063.It Va bsnmpd_enable 2064.Pq Vt bool 2065If set to 2066.Dq Li YES , 2067run the 2068.Xr bsnmpd 1 2069daemon at system boot time. 2070Be sure to understand the security implications of running SNMP daemon 2071on your host. 2072.It Va bsnmpd_flags 2073.Pq Vt str 2074If 2075.Va bsnmpd_enable 2076is set to 2077.Dq Li YES , 2078these are the flags to pass to the 2079.Xr bsnmpd 1 2080daemon. 2081.It Va defaultrouter 2082.Pq Vt str 2083If not set to 2084.Dq Li NO , 2085create a default route to this host name or IP address 2086(use an IP address if this router is also required to get to the 2087name server!). 2088.It Va ipv6_defaultrouter 2089.Pq Vt str 2090The IPv6 equivalent of 2091.Va defaultrouter . 2092.It Va static_routes 2093.Pq Vt str 2094Set to the list of static routes that are to be added at system 2095boot time. 2096If not set to 2097.Dq Li NO 2098then for each whitespace separated 2099.Ar element 2100in the value, a 2101.Va route_ Ns Aq Ar element 2102variable is assumed to exist 2103whose contents will later be passed to a 2104.Dq Nm route Cm add 2105operation. 2106For example: 2107.Bd -literal 2108static_routes="mcast gif0local" 2109route_mcast="-net 224.0.0.0/4 -iface gif0" 2110route_gif0local="-host 169.254.1.1 -iface lo0" 2111.Ed 2112.It Va ipv6_static_routes 2113.Pq Vt str 2114The IPv6 equivalent of 2115.Va static_routes . 2116If not set to 2117.Dq Li NO 2118then for each whitespace separated 2119.Ar element 2120in the value, a 2121.Va ipv6_route_ Ns Aq Ar element 2122variable is assumed to exist 2123whose contents will later be passed to a 2124.Dq Nm route Cm add Fl inet6 2125operation. 2126.It Va natm_static_routes 2127.Pq Vt str 2128The 2129.Xr natmip 4 2130equivalent of 2131.Va static_routes . 2132If not empty then for each whitespace separated 2133.Ar element 2134in the value, a 2135.Va route_ Ns Aq Ar element 2136variable is assumed to exist whose contents will later be passed to a 2137.Dq Nm atmconfig Cm natm Cm add 2138operation. 2139.It Va gateway_enable 2140.Pq Vt bool 2141If set to 2142.Dq Li YES , 2143configure host to act as an IP router, e.g.\& to forward packets 2144between interfaces. 2145.It Va ipv6_gateway_enable 2146.Pq Vt bool 2147The IPv6 equivalent of 2148.Va gateway_enable . 2149.It Va router_enable 2150.Pq Vt bool 2151If set to 2152.Dq Li YES , 2153run a routing daemon of some sort, based on the 2154settings of 2155.Va router 2156and 2157.Va router_flags . 2158.It Va ipv6_router_enable 2159.Pq Vt bool 2160The IPv6 equivalent of 2161.Va router_enable . 2162If set to 2163.Dq Li YES , 2164run a routing daemon of some sort, based on the 2165settings of 2166.Va ipv6_router 2167and 2168.Va ipv6_router_flags . 2169.It Va router 2170.Pq Vt str 2171If 2172.Va router_enable 2173is set to 2174.Dq Li YES , 2175this is the name of the routing daemon to use. 2176.It Va ipv6_router 2177.Pq Vt str 2178The IPv6 equivalent of 2179.Va router . 2180.It Va router_flags 2181.Pq Vt str 2182If 2183.Va router_enable 2184is set to 2185.Dq Li YES , 2186these are the flags to pass to the routing daemon. 2187.It Va ipv6_router_flags 2188.Pq Vt str 2189The IPv6 equivalent of 2190.Va router_flags . 2191.It Va mrouted_enable 2192.Pq Vt bool 2193If set to 2194.Dq Li YES , 2195run the multicast routing daemon, 2196.Xr mrouted 8 . 2197.It Va mroute6d_enable 2198.Pq Vt bool 2199The IPv6 equivalent of 2200.Va mrouted_enable . 2201If set to 2202.Dq Li YES , 2203run the IPv6 multicast routing daemon. 2204.Pp 2205Note that multicast routing daemons are no longer included in the 2206.Fx 2207base system, however, both 2208.Xr mrouted 8 2209and 2210.Xr pim6dd 8 2211may be installed from the 2212.Fx 2213Ports Collection. 2214.It Va mrouted_flags 2215.Pq Vt str 2216If 2217.Va mrouted_enable 2218is set to 2219.Dq Li YES , 2220these are the flags to pass to the 2221.Xr mrouted 8 2222daemon. 2223.It Va mroute6d_flags 2224.Pq Vt str 2225The IPv6 equivalent of 2226.Va mrouted_flags . 2227If 2228.Va mroute6d_enable 2229is set to 2230.Dq Li YES , 2231these are the flags passed to the IPv6 multicast routing daemon. 2232.It Va mroute6d_program 2233.Pq Vt str 2234If 2235.Va mroute6d_enable 2236is set to 2237.Dq Li YES , 2238this is the path to the IPv6 multicast routing daemon. 2239.It Va rtadvd_enable 2240.Pq Vt bool 2241If set to 2242.Dq Li YES , 2243run the 2244.Xr rtadvd 8 2245daemon at boot time. 2246.Xr rtadvd 8 2247will only run if 2248.Va ipv6_gateway_enable 2249is also set to 2250.Dq Li YES . 2251The 2252.Xr rtadvd 8 2253utility sends router advertisement packets to the interfaces specified in 2254.Va rtadvd_interfaces 2255and should only be enabled with great care. 2256You may want to fine-tune 2257.Xr rtadvd.conf 5 . 2258.It Va rtadvd_interfaces 2259.Pq Vt str 2260If 2261.Va rtadvd_enable 2262is set to 2263.Dq Li YES 2264this is the list of interfaces to use. 2265.It Va ipxgateway_enable 2266.Pq Vt bool 2267If set to 2268.Dq Li YES , 2269enable the routing of IPX traffic. 2270.It Va ipxrouted_enable 2271.Pq Vt bool 2272If set to 2273.Dq Li YES , 2274run the 2275.Xr IPXrouted 8 2276daemon at system boot time. 2277.It Va ipxrouted_flags 2278.Pq Vt str 2279If 2280.Va ipxrouted_enable 2281is set to 2282.Dq Li YES , 2283these are the flags to pass to the 2284.Xr IPXrouted 8 2285daemon. 2286.It Va arpproxy_all 2287.Pq Vt bool 2288If set to 2289.Dq Li YES , 2290enable global proxy ARP. 2291.It Va forward_sourceroute 2292.Pq Vt bool 2293If set to 2294.Dq Li YES 2295and 2296.Va gateway_enable 2297is also set to 2298.Dq Li YES , 2299source-routed packets are forwarded. 2300.It Va accept_sourceroute 2301.Pq Vt bool 2302If set to 2303.Dq Li YES , 2304the system will accept source-routed packets directed at it. 2305.It Va rarpd_enable 2306.Pq Vt bool 2307If set to 2308.Dq Li YES , 2309run the 2310.Xr rarpd 8 2311daemon at system boot time. 2312.It Va rarpd_flags 2313.Pq Vt str 2314If 2315.Va rarpd_enable 2316is set to 2317.Dq Li YES , 2318these are the flags to pass to the 2319.Xr rarpd 8 2320daemon. 2321.It Va bootparamd_enable 2322.Pq Vt bool 2323If set to 2324.Dq Li YES , 2325run the 2326.Xr bootparamd 8 2327daemon at system boot time. 2328.It Va bootparamd_flags 2329.Pq Vt str 2330If 2331.Va bootparamd_enable 2332is set to 2333.Dq Li YES , 2334these are the flags to pass to the 2335.Xr bootparamd 8 2336daemon. 2337.It Va stf_interface_ipv4addr 2338.Pq Vt str 2339If not set to 2340.Dq Li NO , 2341this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2342interface). 2343Specify this entry to enable the 6to4 interface. 2344.It Va stf_interface_ipv4plen 2345.Pq Vt int 2346Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2347An effective value is 0-31. 2348.It Va stf_interface_ipv6_ifid 2349.Pq Vt str 2350IPv6 interface ID for 2351.Xr stf 4 . 2352This can be set to 2353.Dq Li AUTO . 2354.It Va stf_interface_ipv6_slaid 2355.Pq Vt str 2356IPv6 Site Level Aggregator for 2357.Xr stf 4 . 2358.It Va ipv6_faith_prefix 2359.Pq Vt str 2360If not set to 2361.Dq Li NO , 2362this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2363translator. 2364You also need 2365.Xr faithd 8 2366setup. 2367.It Va ipv6_ipv4mapping 2368.Pq Vt bool 2369If set to 2370.Dq Li YES 2371this enables IPv4 mapped IPv6 address communication (like 2372.Li ::ffff:a.b.c.d ) . 2373.It Va atm_enable 2374.Pq Vt bool 2375Set to 2376.Dq Li YES 2377to enable the configuration of ATM interfaces at system boot time. 2378For all of the ATM variables described below, please refer to the 2379.Xr atm 8 2380manual page for further details on the available command parameters. 2381Also refer to the files in 2382.Pa /usr/share/examples/atm 2383for more detailed configuration information. 2384.It Va atm_load 2385.Pq Vt str 2386This is a list of physical ATM interface drivers to load. 2387Typical values are 2388.Dq Li hfa_pci 2389and/or 2390.Dq Li hea_pci . 2391.It Va atm_netif_ Ns Aq Ar intf 2392.Pq Vt str 2393For the ATM physical interface 2394.Ar intf , 2395this variable defines the name prefix and count for the ATM network 2396interfaces to be created. 2397The value will be passed as the parameters of an 2398.Dq Nm atm Cm "set netif" Ar intf 2399command. 2400.It Va atm_sigmgr_ Ns Aq Ar intf 2401.Pq Vt str 2402For the ATM physical interface 2403.Ar intf , 2404this variable defines the ATM signalling manager to be used. 2405The value will be passed as the parameters of an 2406.Dq Nm atm Cm attach Ar intf 2407command. 2408.It Va atm_prefix_ Ns Aq Ar intf 2409.Pq Vt str 2410For the ATM physical interface 2411.Ar intf , 2412this variable defines the NSAP prefix for interfaces using a UNI signalling 2413manager. 2414If set to 2415.Dq Li ILMI , 2416the prefix will automatically be set via the 2417.Xr ilmid 8 2418daemon. 2419Otherwise, the value will be passed as the parameters of an 2420.Dq Nm atm Cm "set prefix" Ar intf 2421command. 2422.It Va atm_macaddr_ Ns Aq Ar intf 2423.Pq Vt str 2424For the ATM physical interface 2425.Ar intf , 2426this variable defines the MAC address for interfaces using a UNI signalling 2427manager. 2428If set to 2429.Dq Li NO , 2430the hardware MAC address contained in the ATM interface card will be used. 2431Otherwise, the value will be passed as the parameters of an 2432.Dq Nm atm Cm "set mac" Ar intf 2433command. 2434.It Va atm_arpserver_ Ns Aq Ar netif 2435.Pq Vt str 2436For the ATM network interface 2437.Ar netif , 2438this variable defines the ATM address for a host which is to provide ATMARP 2439service. 2440This variable is only applicable to interfaces using a UNI signalling 2441manager. 2442If set to 2443.Dq Li local , 2444this host will become an ATMARP server. 2445The value will be passed as the parameters of an 2446.Dq Nm atm Cm "set arpserver" Ar netif 2447command. 2448.It Va atm_scsparp_ Ns Aq Ar netif 2449.Pq Vt bool 2450If set to 2451.Dq Li YES , 2452SCSP/ATMARP service for the network interface 2453.Ar netif 2454will be initiated using the 2455.Xr scspd 8 2456and 2457.Xr atmarpd 8 2458daemons. 2459This variable is only applicable if 2460.Va atm_arpserver_ Ns Aq Ar netif 2461is set to 2462.Dq Li local . 2463.It Va atm_pvcs 2464.Pq Vt str 2465Set to the list of ATM PVCs to be added at system 2466boot time. 2467For each whitespace separated 2468.Ar element 2469in the value, an 2470.Va atm_pvc_ Ns Aq Ar element 2471variable is assumed to exist. 2472The value of each of these variables 2473will be passed as the parameters of an 2474.Dq Nm atm Cm "add pvc" 2475command. 2476.It Va atm_arps 2477.Pq Vt str 2478Set to the list of permanent ATM ARP entries to be added 2479at system boot time. 2480For each whitespace separated 2481.Ar element 2482in the value, an 2483.Va atm_arp_ Ns Aq Ar element 2484variable is assumed to exist. 2485The value of each of these variables 2486will be passed as the parameters of an 2487.Dq Nm atm Cm "add arp" 2488command. 2489.It Va natm_interfaces 2490.Pq Vt str 2491Set to the list of 2492.Xr natm 4 2493interfaces that will also be used for HARP through 2494.Xr harp 4 . 2495If this list is not empty all interfaces in the list will be brought up 2496with 2497.Xr ifconfig 8 2498and 2499.Xr harp 4 2500will be loaded. 2501For this to work the interface drivers must be either compiled into the 2502kernel or must reside on the root partition. 2503.It Va keybell 2504.Pq Vt str 2505The keyboard bell sound. 2506Set to 2507.Dq Li normal , 2508.Dq Li visual , 2509.Dq Li off , 2510or 2511.Dq Li NO 2512if the default behavior is desired. 2513For details, refer to the 2514.Xr kbdcontrol 1 2515manpage. 2516.It Va keyboard 2517.Pq Vt str 2518If set to a non-null string, the virtual console's keyboard input is 2519set to this device. 2520.It Va keymap 2521.Pq Vt str 2522If set to 2523.Dq Li NO , 2524no keymap is installed, otherwise the value is used to install 2525the keymap file in 2526.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2527.It Va keyrate 2528.Pq Vt str 2529The keyboard repeat speed. 2530Set to 2531.Dq Li slow , 2532.Dq Li normal , 2533.Dq Li fast , 2534or 2535.Dq Li NO 2536if the default behavior is desired. 2537.It Va keychange 2538.Pq Vt str 2539If not set to 2540.Dq Li NO , 2541attempt to program the function keys with the value. 2542The value should 2543be a single string of the form: 2544.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2545.It Va cursor 2546.Pq Vt str 2547Can be set to the value of 2548.Dq Li normal , 2549.Dq Li blink , 2550.Dq Li destructive , 2551or 2552.Dq Li NO 2553to set the cursor behavior explicitly or choose the default behavior. 2554.It Va scrnmap 2555.Pq Vt str 2556If set to 2557.Dq Li NO , 2558no screen map is installed, otherwise the value is used to install 2559the screen map file in 2560.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2561.It Va font8x16 2562.Pq Vt str 2563If set to 2564.Dq Li NO , 2565the default 8x16 font value is used for screen size requests, otherwise 2566the value in 2567.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2568is used. 2569.It Va font8x14 2570.Pq Vt str 2571If set to 2572.Dq Li NO , 2573the default 8x14 font value is used for screen size requests, otherwise 2574the value in 2575.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2576is used. 2577.It Va font8x8 2578.Pq Vt str 2579If set to 2580.Dq Li NO , 2581the default 8x8 font value is used for screen size requests, otherwise 2582the value in 2583.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2584is used. 2585.It Va blanktime 2586.Pq Vt int 2587If set to 2588.Dq Li NO , 2589the default screen blanking interval is used, otherwise it is set 2590to 2591.Ar value 2592seconds. 2593.It Va saver 2594.Pq Vt str 2595If not set to 2596.Dq Li NO , 2597this is the actual screen saver to use 2598.Li ( blank , snake , daemon , 2599etc). 2600.It Va moused_nondefault_enable 2601.Pq Vt str 2602If set to 2603.Dq Li NO , 2604the mouse device specified on 2605the command line is not automatically treated as enabled by the 2606.Pa /etc/rc.d/moused 2607script. 2608Having this variable set to 2609.Dq Li YES 2610allows a 2611.Xr usb 4 2612mouse, 2613for example, 2614to be enabled as soon as it is plugged in. 2615.It Va moused_enable 2616.Pq Vt str 2617If set to 2618.Dq Li YES , 2619the 2620.Xr moused 8 2621daemon is started for doing cut/paste selection on the console. 2622.It Va moused_type 2623.Pq Vt str 2624This is the protocol type of the mouse connected to this host. 2625This variable must be set if 2626.Va moused_enable 2627is set to 2628.Dq Li YES . 2629The 2630.Xr moused 8 2631daemon 2632is able to detect the appropriate mouse type automatically in many cases. 2633Set this variable to 2634.Dq Li auto 2635to let the daemon detect it, or 2636select one from the following list if the automatic detection fails. 2637.Pp 2638If the mouse is attached to the PS/2 mouse port, choose 2639.Dq Li auto 2640or 2641.Dq Li ps/2 , 2642regardless of the brand and model of the mouse. 2643Likewise, if the 2644mouse is attached to the bus mouse port, choose 2645.Dq Li auto 2646or 2647.Dq Li busmouse . 2648All other protocols are for serial mice and will not work with 2649the PS/2 and bus mice. 2650If this is a USB mouse, 2651.Dq Li auto 2652is the only protocol type which will work. 2653.Pp 2654.Bl -tag -width ".Li x10mouseremote" -compact 2655.It Li microsoft 2656Microsoft mouse (serial) 2657.It Li intellimouse 2658Microsoft IntelliMouse (serial) 2659.It Li mousesystems 2660Mouse systems Corp.\& mouse (serial) 2661.It Li mmseries 2662MM Series mouse (serial) 2663.It Li logitech 2664Logitech mouse (serial) 2665.It Li busmouse 2666A bus mouse 2667.It Li mouseman 2668Logitech MouseMan and TrackMan (serial) 2669.It Li glidepoint 2670ALPS GlidePoint (serial) 2671.It Li thinkingmouse 2672Kensington ThinkingMouse (serial) 2673.It Li ps/2 2674PS/2 mouse 2675.It Li mmhittab 2676MM HitTablet (serial) 2677.It Li x10mouseremote 2678X10 MouseRemote (serial) 2679.It Li versapad 2680Interlink VersaPad (serial) 2681.El 2682.Pp 2683Even if the mouse is not in the above list, it may be compatible 2684with one in the list. 2685Refer to the manual page for 2686.Xr moused 8 2687for compatibility information. 2688.Pp 2689It should also be noted that while this is enabled, any 2690other client of the mouse (such as an X server) should access 2691the mouse through the virtual mouse device, 2692.Pa /dev/sysmouse , 2693and configure it as a 2694.Dq Li sysmouse 2695type mouse, since all 2696mouse data is converted to this single canonical format when 2697using 2698.Xr moused 8 . 2699If the client program does not support the 2700.Dq Li sysmouse 2701type, 2702specify the 2703.Dq Li mousesystems 2704type. 2705It is the second preferred type. 2706.It Va moused_port 2707.Pq Vt str 2708If 2709.Va moused_enable 2710is set to 2711.Dq Li YES , 2712this is the actual port the mouse is on. 2713It might be 2714.Pa /dev/cuad0 2715for a COM1 serial mouse, 2716.Pa /dev/psm0 2717for a PS/2 mouse or 2718.Pa /dev/mse0 2719for a bus mouse, for example. 2720.It Va moused_flags 2721.Pq Vt str 2722If 2723.Va moused_flags 2724is set, its value is used as an additional set of flags to pass to the 2725.Xr moused 8 2726daemon. 2727.It Va "moused_" Ns Ar XXX Ns Va "_flags" 2728When 2729.Va moused_nondefault_enable 2730is enabled, and a 2731.Xr moused 8 2732daemon is started for a non-default port, the 2733.Va "moused_" Ns Ar XXX Ns Va "_flags" 2734set of options has precedence over and replaces the default 2735.Va moused_flags (where 2736.Ar XXX 2737is the name of the non-default port, i.e.\& 2738.Ar ums0 ) . 2739By setting 2740.Va "moused_" Ns Ar XXX Ns Va "_flags" 2741it is possible to set up a different set of default flags for each 2742.Xr moused 8 2743instance. 2744For example, you can use 2745.Dq Li "-3" 2746for the default 2747.Va moused_flags 2748to make your laptop's touchpad more comfortable to use, 2749but an empty set of options for 2750.Va moused_ums0_flags 2751when your 2752.Xr usb 4 2753mouse has three or more buttons. 2754.It Va mousechar_start 2755.Pq Vt int 2756If set to 2757.Dq Li NO , 2758the default mouse cursor character range 2759.Li 0xd0 Ns - Ns Li 0xd3 2760is used, 2761otherwise the range start is set 2762to 2763.Ar value 2764character, see 2765.Xr vidcontrol 1 . 2766Use if the default range is occupied in the language code table. 2767.It Va allscreens_flags 2768.Pq Vt str 2769If set, 2770.Xr vidcontrol 1 2771is run with these options for each of the virtual terminals 2772.Pq Pa /dev/ttyv* . 2773For example, 2774.Dq Fl m Cm on 2775will enable the mouse pointer on all virtual terminals 2776if 2777.Va moused_enable 2778is set to 2779.Dq Li YES . 2780.It Va allscreens_kbdflags 2781.Pq Vt str 2782If set, 2783.Xr kbdcontrol 1 2784is run with these options for each of the virtual terminals 2785.Pq Pa /dev/ttyv* . 2786For example, 2787.Dq Fl h Li 200 2788will set the 2789.Xr syscons 4 2790scrollback (history) buffer to 200 lines. 2791.It Va cron_enable 2792.Pq Vt bool 2793If set to 2794.Dq Li YES , 2795run the 2796.Xr cron 8 2797daemon at system boot time. 2798.It Va cron_program 2799.Pq Vt str 2800Path to 2801.Xr cron 8 2802(default 2803.Pa /usr/sbin/cron ) . 2804.It Va cron_flags 2805.Pq Vt str 2806If 2807.Va cron_enable 2808is set to 2809.Dq Li YES , 2810these are the flags to pass to 2811.Xr cron 8 . 2812.It Va cron_dst 2813.Pq Vt bool 2814If set to 2815.Dq Li YES , 2816enable the special handling of transitions to and from the 2817Daylight Saving Time in 2818.Xr cron 8 2819(equivalent to using the flag 2820.Fl s ) . 2821.It Va lpd_program 2822.Pq Vt str 2823Path to 2824.Xr lpd 8 2825(default 2826.Pa /usr/sbin/lpd ) . 2827.It Va lpd_enable 2828.Pq Vt bool 2829If set to 2830.Dq Li YES , 2831run the 2832.Xr lpd 8 2833daemon at system boot time. 2834.It Va lpd_flags 2835.Pq Vt str 2836If 2837.Va lpd_enable 2838is set to 2839.Dq Li YES , 2840these are the flags to pass to the 2841.Xr lpd 8 2842daemon. 2843.It Va chkprintcap_enable 2844.Pq Vt bool 2845If set to 2846.Dq Li YES , 2847run the 2848.Xr chkprintcap 8 2849command before starting the 2850.Xr lpd 8 2851daemon. 2852.It Va chkprintcap_flags 2853.Pq Vt str 2854If 2855.Va lpd_enable 2856and 2857.Va chkprintcap_enable 2858are set to 2859.Dq Li YES , 2860these are the flags to pass to the 2861.Xr chkprintcap 8 2862program. 2863The default is 2864.Dq Li -d , 2865which causes missing directories to be created. 2866.It Va mta_start_script 2867.Pq Vt str 2868This variable specifies the full path to the script to run to start 2869a mail transfer agent. 2870The default is 2871.Pa /etc/rc.sendmail . 2872The 2873.Va sendmail_* 2874variables which 2875.Pa /etc/rc.sendmail 2876uses are documented in the 2877.Xr rc.sendmail 8 2878manual page. 2879.It Va dumpdev 2880.Pq Vt str 2881Indicates the device (usually a swap partition) to which a crash dump 2882should be written in the event of a system crash. 2883If the value of this variable is 2884.Dq Li AUTO , 2885the first suitable swap device listed in 2886.Pa /etc/fstab 2887will be used as dump device. 2888Otherwise, the value of this variable is passed as the argument to 2889.Xr dumpon 8 . 2890To disable crash dumps, set this variable to 2891.Dq Li NO . 2892.It Va dumpdir 2893.Pq Vt str 2894When the system reboots after a crash and a crash dump is found on the 2895device specified by the 2896.Va dumpdev 2897variable, 2898.Xr savecore 8 2899will save that crash dump and a copy of the kernel to the directory 2900specified by the 2901.Va dumpdir 2902variable. 2903The default value is 2904.Pa /var/crash . 2905Set to 2906.Dq Li NO 2907to not run 2908.Xr savecore 8 2909at boot time when 2910.Va dumpdir 2911is set. 2912.It Va savecore_flags 2913.Pq Vt str 2914If crash dumps are enabled, these are the flags to pass to the 2915.Xr savecore 8 2916utility. 2917.It Va enable_quotas 2918.Pq Vt bool 2919Set to 2920.Dq Li YES 2921to turn on user and group disk quotas on system startup via the 2922.Xr quotaon 8 2923command for all file systems marked as having quotas enabled in 2924.Pa /etc/fstab . 2925The kernel must be built with 2926.Cd "options QUOTA" 2927for disk quotas to function. 2928.It Va check_quotas 2929.Pq Vt bool 2930Set to 2931.Dq Li YES 2932to enable user and group disk quota checking via the 2933.Xr quotacheck 8 2934command. 2935.It Va quotacheck_flags 2936.Pq Vt str 2937If 2938.Va enable_quotas 2939is set to 2940.Dq Li YES , 2941and 2942.Va check_quotas 2943is set to 2944.Dq Li YES , 2945these are the flags to pass to the 2946.Xr quotacheck 8 2947utility. 2948The default is 2949.Dq Li "-a" , 2950which checks quotas for all file systems with quotas enabled in 2951.Pa /etc/fstab . 2952.It Va quotaon_flags 2953.Pq Vt str 2954If 2955.Va enable_quotas 2956is set to 2957.Dq Li YES , 2958these are the flags to pass to the 2959.Xr quotaon 8 2960utility. 2961The default is 2962.Dq Li "-a" , 2963which enables quotas for all file systems with quotas enabled in 2964.Pa /etc/fstab . 2965.It Va quotaoff_flags 2966.Pq Vt str 2967If 2968.Va enable_quotas 2969is set to 2970.Dq Li YES , 2971these are the flags to pass to the 2972.Xr quotaoff 8 2973utility when shutting down the quota system. 2974The default is 2975.Dq Li "-a" , 2976which disables quotas for all file systems with quotas enabled in 2977.Pa /etc/fstab . 2978.It Va accounting_enable 2979.Pq Vt bool 2980Set to 2981.Dq Li YES 2982to enable system accounting through the 2983.Xr accton 8 2984facility. 2985.It Va ibcs2_enable 2986.Pq Vt bool 2987Set to 2988.Dq Li YES 2989to enable iBCS2 (SCO) binary emulation at system initial boot 2990time. 2991.It Va ibcs2_loaders 2992.Pq Vt str 2993If not set to 2994.Dq Li NO 2995and if 2996.Va ibcs2_enable 2997is set to 2998.Dq Li YES , 2999this specifies a list of additional iBCS2 loaders to enable. 3000.It Va linux_enable 3001.Pq Vt bool 3002Set to 3003.Dq Li YES 3004to enable Linux/ELF binary emulation at system initial 3005boot time. 3006.It Va svr4_enable 3007.Pq Vt bool 3008If set to 3009.Dq Li YES , 3010enable SysVR4 emulation at boot time. 3011.It Va sysvipc_enable 3012.Pq Vt bool 3013If set to 3014.Dq Li YES , 3015load System V IPC primitives at boot time. 3016.It Va clear_tmp_enable 3017.Pq Vt bool 3018Set to 3019.Dq Li YES 3020to have 3021.Pa /tmp 3022cleaned at startup. 3023.It Va clear_tmp_X 3024.Pq Vt bool 3025Set to 3026.Dq Li NO 3027to disable removing of X11 lock files, 3028and the removal and (secure) recreation 3029of the various socket directories for X11 3030related programs. 3031.It Va ldconfig_paths 3032.Pq Vt str 3033Set to the list of shared library paths to use with 3034.Xr ldconfig 8 . 3035NOTE: 3036.Pa /usr/lib 3037will always be added first, so it need not appear in this list. 3038.It Va ldconfig32_paths 3039.Pq Vt str 3040Set to the list of 32-bit compatibility shared library paths to 3041use with 3042.Xr ldconfig 8 . 3043.It Va ldconfig_paths_aout 3044.Pq Vt str 3045Set to the list of shared library paths to use with 3046.Xr ldconfig 8 3047legacy 3048.Xr a.out 5 3049support. 3050.It Va ldconfig_insecure 3051.Pq Vt bool 3052The 3053.Xr ldconfig 8 3054utility normally refuses to use directories 3055which are writable by anyone except root. 3056Set this variable to 3057.Dq Li YES 3058to disable that security check during system startup. 3059.It Va ldconfig_local_dirs 3060.Pq Vt str 3061Set to the list of local 3062.Xr ldconfig 8 3063directories. 3064The names of all files in the directories listed will be 3065passed as arguments to 3066.Xr ldconfig 8 . 3067.It Va ldconfig_local32_dirs 3068.Pq Vt str 3069Set to the list of local 32-bit compatibility 3070.Xr ldconfig 8 3071directories. 3072The names of all files in the directories listed will be 3073passed as arguments to 3074.Dq Nm ldconfig Fl 32 . 3075.It Va kern_securelevel_enable 3076.Pq Vt bool 3077Set to 3078.Dq Li YES 3079to set the kernel security level at system startup. 3080.It Va kern_securelevel 3081.Pq Vt int 3082The kernel security level to set at startup. 3083The allowed range of 3084.Ar value 3085ranges from \-1 (the compile time default) to 3 (the 3086most secure). 3087See 3088.Xr init 8 3089for the list of possible security levels and their effect 3090on system operation. 3091.It Va sshd_program 3092.Pq Vt str 3093Path to the SSH server program 3094.Pa ( /usr/sbin/sshd 3095is the default). 3096.It Va sshd_enable 3097.Pq Vt bool 3098Set to 3099.Dq Li YES 3100to start 3101.Xr sshd 8 3102at system boot time. 3103.It Va sshd_flags 3104.Pq Vt str 3105If 3106.Va sshd_enable 3107is set to 3108.Dq Li YES , 3109these are the flags to pass to the 3110.Xr sshd 8 3111daemon. 3112.It Va ftpd_program 3113.Pq Vt str 3114Path to the FTP server program 3115.Pa ( /usr/libexec/ftpd 3116is the default). 3117.It Va ftpd_enable 3118.Pq Vt bool 3119Set to 3120.Dq Li YES 3121to start 3122.Xr ftpd 8 3123as a stand-alone daemon at system boot time. 3124.It Va ftpd_flags 3125.Pq Vt str 3126If 3127.Va ftpd_enable 3128is set to 3129.Dq Li YES , 3130these are the additional flags to pass to the 3131.Xr ftpd 8 3132daemon. 3133.It Va watchdogd_enable 3134.Pq Vt bool 3135If set to 3136.Dq Li YES , 3137start the 3138.Xr watchdogd 8 3139daemon at boot time. 3140This requires that the kernel have been compiled with a 3141.Xr watchdog 4 3142compatible device. 3143.It Va watchdogd_flags 3144.Pq Vt str 3145If 3146.Va watchdogd_enable 3147is set to 3148.Dq Li YES , 3149these are the flags passed to the 3150.Xr watchdogd 8 3151daemon. 3152.It Va performance_cx_lowest 3153.Pq Vt str 3154CPU idle state to use while on AC power. 3155The string 3156.Dq Li LOW 3157indicates that 3158.Xr acpi 4 3159should use the lowest power state available while 3160.Dq Li HIGH 3161indicates that the lowest latency state (less power savings) should be used. 3162.It Va performance_cpu_freq 3163.Pq Vt str 3164CPU clock frequency to use while on AC power. 3165The string 3166.Dq Li LOW 3167indicates that 3168.Xr cpufreq 4 3169should use the lowest frequency available while 3170.Dq Li HIGH 3171indicates that the highest frequency (less power savings) should be used. 3172.It Va economy_cx_lowest 3173.Pq Vt str 3174CPU idle state to use when off AC power. 3175The string 3176.Dq Li LOW 3177indicates that 3178.Xr acpi 4 3179should use the lowest power state available while 3180.Dq Li HIGH 3181indicates that the lowest latency state (less power savings) should be used. 3182.It Va economy_cpu_freq 3183.Pq Vt str 3184CPU clock frequency to use when off AC power. 3185The string 3186.Dq Li LOW 3187indicates that 3188.Xr cpufreq 4 3189should use the lowest frequency available while 3190.Dq Li HIGH 3191indicates that the highest frequency (less power savings) should be used. 3192.It Va jail_enable 3193.Pq Vt bool 3194If set to 3195.Dq Li NO , 3196any configured jails will not be started. 3197.It Va jail_list 3198.Pq Vt str 3199A space separated list of names for jails. 3200This is purely a configuration aid to help identify and 3201configure multiple jails. 3202The names specified in this list will be used to 3203identify settings common to an instance of a jail. 3204Assuming that the jail in question was named 3205.Li vjail , 3206you would have the following dependent variables: 3207.Bd -literal 3208jail_vjail_hostname="jail.example.com" 3209jail_vjail_ip="192.168.1.100" 3210jail_vjail_rootdir="/var/jails/vjail/root" 3211.Ed 3212.Pp 3213.It Va jail_flags 3214.Pq Vt str 3215Unset by default. 3216When set, use as default value for 3217.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3218for every jail in 3219.Va jail_list . 3220.It Va jail_interface 3221.Pq Vt str 3222Unset by default. 3223When set, use as default value for 3224.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3225for every jail in 3226.Va jail_list . 3227.It Va jail_fstab 3228.Pq Vt str 3229Unset by default. 3230When set, use as default value for 3231.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3232for every jail in 3233.Va jail_list . 3234.It Va jail_mount_enable 3235.Pq Vt bool 3236Set to 3237.Dq Li NO 3238by default. 3239When set to 3240.Dq Li YES , 3241sets 3242.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3243to 3244.Dq Li YES 3245by default for every jail in 3246.Va jail_list . 3247.It Va jail_devfs_ruleset 3248.Pq Vt str 3249Unset by default. 3250When set, sets 3251.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3252to given value for every jail in 3253.Va jail_list . 3254.It Va jail_devfs_enable 3255.Pq Vt bool 3256Set to 3257.Dq Li NO 3258by default. 3259When set to 3260.Dq Li YES , 3261sets 3262.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3263to 3264.Dq Li YES 3265by default for every jail in 3266.Va jail_list . 3267.It Va jail_fdescfs_enable 3268.Pq Vt bool 3269Set to 3270.Dq Li NO 3271by default. 3272When set to 3273.Dq Li YES , 3274sets 3275.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3276to 3277.Dq Li YES 3278by default for every jail in 3279.Va jail_list . 3280.It Va jail_procfs_enable 3281.Pq Vt bool 3282Set to 3283.Dq Li NO 3284by default. 3285When set to 3286.Dq Li YES , 3287sets 3288.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3289to 3290.Dq Li YES 3291by default for every jail in 3292.Va jail_list . 3293.It Va jail_exec_start 3294.Pq Vt str 3295Unset by default. 3296When set, use as default value for 3297.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3298for every jail in 3299.Va jail_list . 3300.It Va jail_exec_afterstart Ns Aq Ar N 3301.Pq Vt str 3302Unset by default. 3303When set, use as default value for 3304.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3305for every jail in 3306.Va jail_list . 3307.It Va jail_exec_stop 3308Unset by default. 3309When set, use as default value for 3310.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3311for every jail in 3312.Va jail_list . 3313.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3314.Pq Vt str 3315Unset by default. 3316Set to the root directory used by jail 3317.Va jname . 3318.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3319.Pq Vt str 3320Unset by default. 3321Set to the fully qualified domain name (FQDN) assigned to jail 3322.Va jname . 3323.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3324.Pq Vt str 3325Unset by default. 3326Set to the IP address assigned to jail 3327.Va jname . 3328.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3329.Pq Vt str 3330Set to 3331.Dq Li -l -U root 3332by default. 3333These are flags to pass to 3334.Xr jail . 3335.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3336.Pq Vt str 3337Unset by default. 3338When set, sets the interface to use when setting IP address alias. 3339Note that the alias is created at jail startup and removed at jail shutdown. 3340.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3341.Pq Vt str 3342Set to 3343.Pa /etc/fstab. Ns Aq Ar jname 3344by default. 3345This is the file system information file to use for jail 3346.Va jname . 3347.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3348.Pq Vt bool 3349Set to 3350.Dq Li NO 3351by default. 3352When set to 3353.Dq Li YES , 3354mount all file systems from 3355.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3356at jail startup. 3357.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3358.Pq Vt str 3359Unset by default. 3360When set, defines the device file system ruleset file to use for jail 3361.Va jname . 3362.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3363.Pq Vt bool 3364Set to 3365.Dq Li NO 3366by default. 3367When set to 3368.Dq Li YES , 3369mount the device file system inside jail 3370.Ar jname 3371at jail startup. 3372.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3373.Pq Vt bool 3374Set to 3375.Dq Li NO 3376by default. 3377When set to 3378.Dq Li YES , 3379mount the file-descriptor file system inside jail 3380.Ar jname 3381at jail startup. 3382.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3383.Pq Vt bool 3384Set to 3385.Dq Li NO 3386by default. 3387When set to 3388.Dq Li YES , 3389mount the process file system inside jail 3390.Ar jname 3391at jail startup. 3392.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3393.Pq Vt str 3394Set to 3395.Dq Li /bin/sh /etc/rc 3396by default. 3397This is the command executed at jail startup. 3398.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3399.Pq Vt str 3400Unset by default. 3401This is the command run as 3402.Ar N Ns 3403th command 3404after jail startup, where 3405.Ar N 3406is 1, 2, and so on. 3407.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3408.Pq Vt str 3409Set to 3410.Dq Li /bin/sh /etc/rc.shutdown 3411by default. 3412This is the command executed at jail shutdown. 3413.It Va jail_set_hostname_allow 3414.Pq Vt bool 3415If set to 3416.Dq Li NO , 3417do not allow the root user in a jail to set its hostname. 3418.It Va jail_socket_unixiproute_only 3419.Pq Vt bool 3420If set to 3421.Dq Li YES , 3422do not allow any sockets, 3423besides UNIX/IP/route sockets, 3424to be used within a jail. 3425.It Va jail_sysvipc_allow 3426.Pq Vt bool 3427If set to 3428.Dq Li YES , 3429allow applications within a jail to use System V IPC. 3430.\" ----- ISDN settings --------------------------------- 3431.It Va isdn_enable 3432.Pq Vt bool 3433Set to 3434.Dq Li NO 3435by default. 3436When set to 3437.Dq Li YES , 3438starts the 3439.Xr isdnd 8 3440daemon 3441at system boot time. 3442.It Va isdn_flags 3443.Pq Vt str 3444Set to 3445.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3446by default. 3447Additional flags to pass to 3448.Xr isdnd 8 3449(but see 3450.Va isdn_fsdev 3451and 3452.Va isdn_ttype 3453for certain tunable parameters). 3454.It Va isdn_ttype 3455.Pq Vt str 3456Set to 3457.Dq Li cons25 3458by default. 3459The terminal type of the output device when 3460.Xr isdnd 8 3461operates in full-screen mode. 3462.It Va isdn_screenflags 3463.Pq Vt str 3464Set to 3465.Dq Li NO 3466by default. 3467The video mode for full-screen mode (only for 3468.Xr syscons 4 3469console driver, see 3470.Xr vidcontrol 1 3471for valid modes). 3472.It Va isdn_fsdev 3473.Pq Vt str 3474Set to 3475.Dq Li NO 3476by default. 3477The output device for 3478.Xr isdnd 8 3479in full-screen mode (or 3480.Dq Li NO 3481for daemon mode). 3482.It Va isdn_trace 3483.Pq Vt bool 3484Set to 3485.Dq Li NO 3486by default. 3487When set to 3488.Dq Li YES , 3489enables the ISDN protocol trace utility 3490.Xr isdntrace 8 3491at system boot time. 3492.It Va isdn_traceflags 3493.Pq Vt str 3494Set to 3495.Dq Fl f Pa /var/tmp/isdntrace0 3496by default. 3497Flags for 3498.Xr isdntrace 8 . 3499.\" ----------------------------------------------------- 3500.It Va harvest_interrupt 3501.Pq Vt bool 3502Set to 3503.Dq Li YES 3504to use hardware interrupts as an entropy source. 3505Refer to 3506.Xr random 4 3507for more information. 3508.It Va harvest_ethernet 3509.Pq Vt bool 3510Set to 3511.Dq Li YES 3512to use LAN traffic as an entropy source. 3513Refer to 3514.Xr random 4 3515for more information. 3516.It Va harvest_p_to_p 3517.Pq Vt bool 3518Set to 3519.Dq Li YES 3520to use serial line traffic as an entropy source. 3521Refer to 3522.Xr random 4 3523for more information. 3524.It Va entropy_dir 3525.Pq Vt str 3526Set to 3527.Dq Li NO 3528to disable caching entropy via 3529.Xr cron 8 . 3530Otherwise set to the directory used to store entropy files in. 3531.It Va entropy_file 3532.Pq Vt str 3533Set to 3534.Dq Li NO 3535to disable caching entropy through reboots. 3536Otherwise set to the filename used to store cached entropy through 3537reboots. 3538This file should be located on the root file system to seed the 3539.Xr random 4 3540device as early as possible in the boot process. 3541.It Va entropy_save_sz 3542.Pq Vt int 3543Size of the entropy cache files saved by 3544.Nm save-entropy 3545periodically. 3546.It Va entropy_save_num 3547.Pq Vt int 3548Number of entropy cache files to save by 3549.Nm save-entropy 3550periodically. 3551.It Va ipsec_enable 3552.Pq Vt bool 3553Set to 3554.Dq Li YES 3555to run 3556.Xr setkey 8 3557on 3558.Va ipsec_file 3559at boot time. 3560.It Va ipsec_file 3561.Pq Vt str 3562Configuration file for 3563.Xr setkey 8 . 3564.It Va dmesg_enable 3565.Pq Vt bool 3566Set to 3567.Dq Li YES 3568to save 3569.Xr dmesg 8 3570to 3571.Pa /var/run/dmesg.boot 3572on boot. 3573.It Va rcshutdown_timeout 3574.Pq Vt int 3575If set, start a watchdog timer in the background which will terminate 3576.Pa rc.shutdown 3577if 3578.Xr shutdown 8 3579has not completed within the specified time (in seconds). 3580Notice that in addition to this soft timeout, 3581.Xr init 8 3582also applies a hard timeout for the execution of 3583.Pa rc.shutdown . 3584This is configured via 3585.Xr sysctl 8 3586variable 3587.Va kern.init_shutdown_timeout 3588and defaults to 120 seconds. 3589Setting the value of 3590.Va rcshutdown_timeout 3591to more than 120 seconds will have no effect until the 3592.Xr sysctl 8 3593variable 3594.Va kern.init_shutdown_timeout 3595is also increased. 3596.It Va virecover_enable 3597.Pq Vt bool 3598Set to 3599.Dq Li NO 3600to prevent the system from trying to 3601recover pre-maturely terminated 3602.Xr vi 1 3603sessions. 3604.It Va ugidfw_enable 3605.Pq Vt bool 3606Set to 3607.Dq Li YES 3608to load the 3609.Xr mac_bsdextended 4 3610module upon system initialization and load a default 3611ruleset file. 3612.It Va bsdextended_script 3613.Pq Vt str 3614The default 3615.Xr mac_bsdextended 4 3616ruleset file to load. 3617The default value of this variable is 3618.Pa /etc/rc.bsdextended . 3619.It Va newsyslog_enable 3620.Pq Vt bool 3621If set to 3622.Dq Li YES , 3623run 3624.Xr newsyslog 8 3625command at startup. 3626.It Va newsyslog_flags 3627.Pq Vt str 3628If 3629.Va newsyslog_enable 3630is set to 3631.Dq Li YES , 3632these are the flags to pass to the 3633.Xr newsyslog 8 3634program. 3635The default is 3636.Dq Li -CN , 3637which causes log files flagged with a 3638.Cm C 3639to be created. 3640.It Va mdconfig_md Ns Aq Ar X 3641.Pq Vt str 3642Arguments to 3643.Xr mdconfig 8 3644for 3645.Xr md 4 3646device 3647.Ar X . 3648At minimum a 3649.Fl t Ar type 3650must be specified and either a 3651.Fl s Ar size 3652for malloc or swap backed 3653.Xr md 4 3654devices or a 3655.Fl f Ar file 3656for vnode backed 3657.Xr md 4 3658devices. 3659Note that 3660.Va mdconfig_md Ns Aq Ar X 3661variables are evaluated until one variable is unset or null. 3662.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3663.Pq Vt str 3664Optional arguments passed to 3665.Xr newfs 8 3666to initialize 3667.Xr md 4 3668device 3669.Ar X . 3670.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3671.Pq Vt str 3672An ownership specification passed to 3673.Xr chown 8 3674after the specified 3675.Xr md 4 3676device 3677.Ar X 3678has been mounted. 3679Both the 3680.Xr md 4 3681device and the mount point will be changed. 3682.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3683.Pq Vt str 3684A mode string passed to 3685.Xr chmod 1 3686after the specified 3687.Xr md 4 3688device 3689.Ar X 3690has been mounted. 3691Both the 3692.Xr md 4 3693device and the mount point will be changed. 3694.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3695.Pq Vt str 3696Files to be copied to the mount point of the 3697.Xr md 4 3698device 3699.Ar X 3700after it has been mounted. 3701.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3702.Pq Vt str 3703Command to execute after the specified 3704.Xr md 4 3705device 3706.Ar X 3707has been mounted. 3708Note that the command is passed to 3709.Ic eval 3710and that both 3711.Va _dev 3712and 3713.Va _mp 3714variables can be used to reference respectively the 3715.Xr md 4 3716device and the mount point. 3717Assuming that the 3718.Xr md 4 3719device is 3720.Li md0 , 3721one could set the following: 3722.Bd -literal 3723mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3724.Ed 3725.It Va ramdisk_units 3726.Pq Vt str 3727A list of one or more ramdisk units to configure with 3728.Xr mdconfig 8 3729and 3730.Xr newfs 8 3731in time to be mounted from 3732.Xr fstab 5 . 3733Each listed unit 3734.Ar X 3735must specify at least a 3736.Ar type 3737in a 3738.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3739variable. 3740Note that this way to configure ramdisks has been deprecated 3741in favor of new 3742.Va mdconfig_md* 3743variables (see above). 3744.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3745.Pq Vt str 3746Arguments to 3747.Xr mdconfig 8 3748for ramdisk 3749.Ar X . 3750At minimum a 3751.Fl t Ar type 3752must be specified, where 3753.Ar type 3754must be one of 3755.Cm malloc 3756or 3757.Cm swap . 3758.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3759.Pq Vt str 3760Optional arguments passed to 3761.Xr newfs 8 3762to initialize ramdisk 3763.Ar X . 3764.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3765.Pq Vt str 3766An ownership specification passed to 3767.Xr chown 8 3768after the specified ramdisk unit 3769.Ar X 3770has been mounted. 3771Both the 3772.Xr md 4 3773device and the mount point will be changed. 3774.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3775.Pq Vt str 3776A mode string passed to 3777.Xr chmod 1 3778after the specified ramdisk unit 3779.Ar X 3780has been mounted. 3781Both the 3782.Xr md 4 3783device and the mount point will be changed. 3784.It Va autobridge_interfaces 3785.Pq Vt str 3786Set to the list of bridge interfaces that will have newly arriving interfaces 3787checked against to be automatically added. 3788If not set to 3789.Dq Li NO 3790then for each whitespace separated 3791.Ar element 3792in the value, a 3793.Va autobridge_ Ns Aq Ar element 3794variable is assumed to exist which has a whitespace separated list of interface 3795names to match, these names can use wildcards. 3796For example: 3797.Bd -literal 3798autobridge_interfaces="bridge0" 3799autobridge_bridge0="tap* dc0 vlan[345]" 3800.Ed 3801.It Va mixer_enable 3802.Pq Vt bool 3803If set to 3804.Dq Li YES , 3805enable support for sound mixer. 3806.El 3807.Sh FILES 3808.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3809.It Pa /etc/defaults/rc.conf 3810.It Pa /etc/rc.conf 3811.It Pa /etc/rc.conf.local 3812.El 3813.Sh SEE ALSO 3814.Xr catman 1 , 3815.Xr chmod 1 , 3816.Xr gdb 1 , 3817.Xr info 1 , 3818.Xr kbdcontrol 1 , 3819.Xr makewhatis 1 , 3820.Xr sh 1 , 3821.Xr vi 1 , 3822.Xr vidcontrol 1 , 3823.Xr bridge 4 , 3824.Xr ip 4 , 3825.Xr ipf 4 , 3826.Xr ipfw 4 , 3827.Xr ipnat 4 , 3828.Xr kld 4 , 3829.Xr pf 4 , 3830.Xr pflog 4 , 3831.Xr pfsync 4 , 3832.Xr tcp 4 , 3833.Xr udp 4 , 3834.Xr exports 5 , 3835.Xr fstab 5 , 3836.Xr ipf 5 , 3837.Xr ipnat 5 , 3838.Xr motd 5 , 3839.Xr newsyslog.conf 5 , 3840.Xr pf.conf 5 , 3841.Xr accton 8 , 3842.Xr amd 8 , 3843.Xr apm 8 , 3844.Xr atm 8 , 3845.Xr chkprintcap 8 , 3846.Xr chown 8 , 3847.Xr cron 8 , 3848.Xr dhclient 8 , 3849.Xr ftpd 8 , 3850.Xr geli 8 , 3851.Xr ifconfig 8 , 3852.Xr inetd 8 , 3853.Xr ipf 8 , 3854.Xr ipfw 8 , 3855.Xr ipnat 8 , 3856.Xr isdnd 8 , 3857.Xr isdntrace 8 , 3858.Xr jail 8 , 3859.Xr kldxref 8 , 3860.Xr lpd 8 , 3861.Xr mdconfig 8 , 3862.Xr mdmfs 8 , 3863.Xr mixer 8 , 3864.Xr mountd 8 , 3865.Xr moused 8 , 3866.Xr mrouted 8 , 3867.Xr named 8 , 3868.Xr newfs 8 , 3869.Xr newsyslog 8 , 3870.Xr nfsd 8 , 3871.Xr ntpd 8 , 3872.Xr ntpdate 8 , 3873.Xr pfctl 8 , 3874.Xr pflogd 8 , 3875.Xr powerd 8 , 3876.Xr quotacheck 8 , 3877.Xr quotaon 8 , 3878.Xr rc 8 , 3879.Xr rc.sendmail 8 , 3880.Xr route 8 , 3881.Xr routed 8 , 3882.Xr rpcbind 8 , 3883.Xr rpc.lockd 8 , 3884.Xr rpc.statd 8 , 3885.Xr rwhod 8 , 3886.Xr savecore 8 , 3887.Xr sshd 8 , 3888.Xr swapon 8 , 3889.Xr sysctl 8 , 3890.Xr syslogd 8 , 3891.Xr timed 8 , 3892.Xr yp 8 , 3893.Xr ypbind 8 , 3894.Xr ypserv 8 , 3895.Xr ypset 8 3896.Sh HISTORY 3897The 3898.Nm 3899file appeared in 3900.Fx 2.2.2 . 3901.Sh AUTHORS 3902.An Jordan K. Hubbard . 3903