1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd February 23, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va rc_parallel_start 144.Pq Vt bool 145If set to 146.Dq Li YES , 147enable parallel startup of services. 148Care should be taken to ensure that no loops occur, by using 149.Nm rcorder 150.Fl p . 151.It Va early_late_divider 152.Pq Vt str 153The name of the script that should be used as the 154delimiter between the 155.Dq early 156and 157.Dq late 158stages of the boot process. 159The early stage should contain all the services needed to 160get the disks (local or remote) mounted so that the late 161stage can include scripts contained in the directories 162listed in the 163.Va local_startup 164variable (see below). 165Thus, the two likely candidates for this value are 166.Pa mountcritlocal 167for the typical system, and 168.Pa mountcritremote 169if the system needs remote file 170systems mounted to get access to the 171.Va local_startup 172directories; for example when 173.Pa /usr/local 174is NFS mounted. 175For 176.Pa rc.conf 177within a 178.Xr jail 8 179.Pa NETWORKING 180is likely to be an appropriate value. 181Extreme care should be taken when changing this value, 182and before changing it one should ensure that there are 183adequate provisions to recover from a failed boot 184(such as physical contact with the machine, 185or reliable remote console access). 186.It Va always_force_depends 187.Pq Vt bool 188Various 189.Pa rc.d 190scripts use the force_depend function to check whether required 191services are already running, and to start them if necessary. 192By default during boot time this check is bypassed if the 193required service is enabled in 194.Pa /etc/rc.conf[.local] . 195Setting this option will bypass that check at boot time and 196always test whether or not the service is actually running. 197Enabling this option is likely to increase your boot time if 198services are enabled that utilize the force_depend check. 199.It Ao Ar name Ac Ns Va _chroot 200.Pq Vt str 201.Xr chroot 8 202to this directory before running the service. 203.It Ao Ar name Ac Ns Va _user 204.Pq Vt str 205Run the service under this user account. 206.It Ao Ar name Ac Ns Va _group 207.Pq Vt str 208Run the chrooted service under this system group. 209Unlike the _user 210setting, this setting has no effect if the service is not chrooted. 211.It Ao Ar name Ac Ns Va _fib 212.Pq Vt int 213The 214.Xr setfib 1 215value to run the service under. 216.It Ao Ar name Ac Ns Va _nice 217.Pq Vt int 218The 219.Xr nice 1 220value to run the service under. 221.It Va apm_enable 222.Pq Vt bool 223If set to 224.Dq Li YES , 225enable support for Automatic Power Management with 226the 227.Xr apm 8 228command. 229.It Va apmd_enable 230.Pq Vt bool 231Run 232.Xr apmd 8 233to handle APM event from userland. 234This also enables support for APM. 235.It Va apmd_flags 236.Pq Vt str 237If 238.Va apmd_enable 239is set to 240.Dq Li YES , 241these are the flags to pass to the 242.Xr apmd 8 243daemon. 244.It Va devd_enable 245.Pq Vt bool 246Run 247.Xr devd 8 248to handle device added, removed or unknown events from the kernel. 249.It Va ddb_enable 250.Pq Vt bool 251Run 252.Xr ddb 8 253to install 254.Xr ddb 4 255scripts at boot time. 256.It Va ddb_config 257.Pq Vt str 258Configuration file for 259.Xr ddb 8 . 260Default 261.Pa /etc/ddb.conf . 262.It Va devmatch_enable 263.Pq Vt bool 264If set to 265.Dq Li NO , 266disable auto-loading of kernel modules with 267.Xr devmatch 8 . 268.It Va devmatch_blacklist 269.Pq Vt str 270A whitespace-separated list of kernel modules to be ignored by 271.Xr devmatch 8 . 272.It Va kld_list 273.Pq Vt str 274A whitespace-separated list of kernel modules to load right after 275the local disks are mounted, without any 276.Pa .ko 277extension or path. 278Loading modules at this point in the boot process is 279much faster than doing it via 280.Pa /boot/loader.conf 281for those modules not necessary for mounting local disks. 282.It Va kldxref_enable 283.Pq Vt bool 284Set to 285.Dq Li NO 286by default. 287Set to 288.Dq Li YES 289to automatically rebuild 290.Pa linker.hints 291files with 292.Xr kldxref 8 293at boot time. 294.It Va kldxref_clobber 295.Pq Vt bool 296Set to 297.Dq Li NO 298by default. 299If 300.Va kldxref_enable 301is true, 302setting to 303.Dq Li YES 304will overwrite existing 305.Pa linker.hints 306files at boot time. 307Otherwise, 308only missing 309.Pa linker.hints 310files are generated. 311.It Va kldxref_module_path 312.Pq Vt str 313Empty by default. 314A semi-colon 315.Pq Ql \&; 316delimited list of paths containing 317.Xr kld 4 318modules. 319If empty, 320the contents of the 321.Va kern.module_path 322.Xr sysctl 8 323are used. 324.It Va powerd_enable 325.Pq Vt bool 326If set to 327.Dq Li YES , 328enable the system power control facility with the 329.Xr powerd 8 330daemon. 331.It Va powerd_flags 332.Pq Vt str 333If 334.Va powerd_enable 335is set to 336.Dq Li YES , 337these are the flags to pass to the 338.Xr powerd 8 339daemon. 340.It Va tmpmfs 341Controls the creation of a 342.Pa /tmp 343memory file system. 344Always happens if set to 345.Dq Li YES 346and never happens if set to 347.Dq Li NO . 348If set to anything else, a memory file system is created if 349.Pa /tmp 350is not writable. 351.It Va tmpsize 352Controls the size of a created 353.Pa /tmp 354memory file system. 355.It Va tmpmfs_flags 356Extra options passed to the 357.Xr mdmfs 8 358utility when the memory file system for 359.Pa /tmp 360is created. 361The default is 362.Dq Li "-S" , 363which inhibits the use of softupdates on 364.Pa /tmp 365so that file system space is freed without delay 366after file truncation or deletion. 367See 368.Xr mdmfs 8 369for other options you can use in 370.Va tmpmfs_flags . 371.It Va varmfs 372Controls the creation of a 373.Pa /var 374memory file system. 375Always happens if set to 376.Dq Li YES 377and never happens if set to 378.Dq Li NO . 379If set to anything else, a memory file system is created if 380.Pa /var 381is not writable. 382.It Va varsize 383Controls the size of a created 384.Pa /var 385memory file system. 386.It Va varmfs_flags 387Extra options passed to the 388.Xr mdmfs 8 389utility when the memory file system for 390.Pa /var 391is created. 392The default is 393.Dq Li "-S" , 394which inhibits the use of softupdates on 395.Pa /var 396so that file system space is freed without delay 397after file truncation or deletion. 398See 399.Xr mdmfs 8 400for other options you can use in 401.Va varmfs_flags . 402.It Va populate_var 403Controls the automatic population of the 404.Pa /var 405file system. 406Always happens if set to 407.Dq Li YES 408and never happens if set to 409.Dq Li NO . 410If set to anything else, a memory file system is created if 411.Pa /var 412is not writable. 413Note that this process requires access to certain commands in 414.Pa /usr 415before 416.Pa /usr 417is mounted on normal systems. 418.It Va cleanvar_enable 419.Pq Vt bool 420Clean the 421.Pa /var 422directory. 423.It Va local_startup 424.Pq Vt str 425List of directories to search for startup script files. 426.It Va script_name_sep 427.Pq Vt str 428The field separator to use for breaking down the list of startup script files 429into individual filenames. 430The default is a space. 431It is not necessary to change this unless there are startup scripts with names 432containing spaces. 433.It Va hostapd_enable 434.Pq Vt bool 435Set to 436.Dq Li YES 437to start 438.Xr hostapd 8 439at system boot time. 440.It Va hostname 441.Pq Vt str 442The fully qualified domain name (FQDN) of this host on the network. 443This should almost certainly be set to something meaningful, even if 444there is no network connection. 445If 446.Xr dhclient 8 447is used to set the hostname via DHCP, 448this variable should be set to an empty string. 449Within a 450.Xr jail 8 451the hostname is generally already set and this variable may be absent. 452If this value remains unset when the system is done booting 453your console login will display the default hostname of 454.Dq Amnesiac . 455.It Va nisdomainname 456.Pq Vt str 457The NIS domain name of this host, or 458.Dq Li NO 459if NIS is not used. 460.It Va dhclient_program 461.Pq Vt str 462Path to the DHCP client program 463.Pa ( /sbin/dhclient , 464the 465.Ox 466DHCP client, 467is the default). 468.It Va dhclient_flags 469.Pq Vt str 470Additional flags to pass to the DHCP client program. 471For the 472.Ox 473DHCP client, see the 474.Xr dhclient 8 475manpage for a description of the command line options available. 476.It Va dhclient_flags_ Ns Aq Ar iface 477Additional flags to pass to the DHCP client program running on 478.Ar iface 479only. 480When specified, this variable overrides 481.Va dhclient_flags . 482.It Va background_dhclient 483.Pq Vt bool 484Set to 485.Dq Li YES 486to start the DHCP client in background. 487This can cause trouble with applications depending on 488a working network, but it will provide a faster startup 489in many cases. 490.It Va background_dhclient_ Ns Aq Ar iface 491When specified, this variable overrides the 492.Va background_dhclient 493variable for interface 494.Ar iface 495only. 496.It Va synchronous_dhclient 497.Pq Vt bool 498Set to 499.Dq Li YES 500to start 501.Xr dhclient 8 502synchronously at startup. 503This behavior can be overridden on a per-interface basis by replacing 504the 505.Dq Li DHCP 506keyword in the 507.Va ifconfig_ Ns Aq Ar interface 508variable with 509.Dq Li SYNCDHCP 510or 511.Dq Li NOSYNCDHCP . 512.It Va defaultroute_delay 513.Pq Vt int 514When set to a positive value, wait up to this long after configuring 515DHCP interfaces at startup to give the interfaces time to receive a lease. 516.It Va firewall_enable 517.Pq Vt bool 518Set to 519.Dq Li YES 520to load firewall rules at startup. 521If the kernel was not built with 522.Cd "options IPFIREWALL" , 523the 524.Pa ipfw.ko 525kernel module will be loaded. 526See also 527.Va ipfilter_enable . 528.It Va firewall_script 529.Pq Vt str 530This variable specifies the full path to the firewall script to run. 531The default is 532.Pa /etc/rc.firewall . 533.It Va firewall_type 534.Pq Vt str 535Names the firewall type from the selection in 536.Pa /etc/rc.firewall , 537or the file which contains the local firewall ruleset. 538Valid selections from 539.Pa /etc/rc.firewall 540are: 541.Pp 542.Bl -tag -width ".Li simple" -compact 543.It Li open 544unrestricted IP access 545.It Li closed 546all IP services disabled, except via 547.Dq Li lo0 548.It Li client 549basic protection for a workstation 550.It Li simple 551basic protection for a LAN. 552.El 553.Pp 554If a filename is specified, the full path 555must be given. 556.It Va firewall_quiet 557.Pq Vt bool 558Set to 559.Dq Li YES 560to disable the display of firewall rules on the console during boot. 561.It Va firewall_logging 562.Pq Vt bool 563Set to 564.Dq Li YES 565to enable firewall event logging. 566This is equivalent to the 567.Dv IPFIREWALL_VERBOSE 568kernel option. 569.It Va firewall_logif 570.Pq Vt bool 571Set to 572.Dq Li YES 573to create pseudo interface 574.Li ipfw0 575for logging. 576For more details, see 577.Xr ipfw 8 578manual page. 579.It Va firewall_flags 580.Pq Vt str 581Flags passed to 582.Xr ipfw 8 583if 584.Va firewall_type 585specifies a filename. 586.It Va firewall_coscripts 587.Pq Vt str 588List of executables and/or rc scripts to run after firewall starts/stops. 589Default is empty. 590.\" ----- firewall_nat_enable setting -------------------------------- 591.It Va firewall_nat_enable 592.Pq Vt bool 593The 594.Xr ipfw 8 595equivalent of 596.Va natd_enable . 597Setting this to 598.Dq Li YES 599will automatically load the 600.Xr ipfw 8 601NAT kernel module if 602.Va firewall_enable 603is also set to 604.Dq Li YES . 605.It Va firewall_nat_interface 606.Pq Vt str 607The 608.Xr ipfw 8 609equivalent of 610.Va natd_interface . 611This is the name of the public interface or IP address on which 612kernel NAT should run. 613.It Va firewall_nat_flags 614.Pq Vt str 615Additional configuration parameters for kernel NAT should be placed here. 616.It Va firewall_nat64_enable 617.Pq Vt bool 618Setting this to 619.Dq Li YES 620will automatically load the 621.Xr ipfw 8 622NAT64 kernel module if 623.Va firewall_enable 624is also set to 625.Dq Li YES . 626.It Va firewall_nptv6_enable 627.Pq Vt bool 628Setting this to 629.Dq Li YES 630will automatically load the 631.Xr ipfw 8 632NPTv6 kernel module if 633.Va firewall_enable 634is also set to 635.Dq Li YES . 636.It Va firewall_pmod_enable 637.Pq Vt bool 638Setting this to 639.Dq Li YES 640will automatically load the 641.Xr ipfw 8 642pmod kernel module if 643.Va firewall_enable 644is also set to 645.Dq Li YES . 646.It Va dummynet_enable 647.Pq Vt bool 648Setting this to 649.Dq Li YES 650will automatically load the 651.Xr dummynet 4 652module if 653.Va firewall_enable 654is also set to 655.Dq Li YES . 656.\" ------------------------------------------------------------------- 657.It Va ipfw_netflow_enable 658.Pq Vt bool 659Setting this to 660.Dq Li YES 661will enable netflow logging via 662.Xr ng_netflow 4 663.Pp 664By default a ipfw rule is inserted and all packets are duplicated with 665the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 666port using protocol version 5. 667.It Va ipfw_netflow_hook 668.Pq Vt int 669netflow hook name, must be numerical 670(default 671.Pa 9995 ) . 672.It Va ipfw_netflow_rule 673.Pq Vt int 674ipfw rule number 675(default 676.Pa 1000 ) . 677.It Va ipfw_netflow_ip 678.Pq Vt str 679Destination server ip for receiving netflow data 680(default 681.Pa 127.0.0.1 ) . 682.It Va ipfw_netflow_port 683.Pq Vt int 684Destination server port for receiving netflow data 685(default 686.Pa 9995 ) . 687.It Va ipfw_netflow_version 688.Pq Vt int 689Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 690.It Va ipfw_netflow_fib 691.Pq Vt int 692Only match packet in FIB 693.Pa ipfw_netflow_fib 694(default is undefined meaning all FIBs). 695.It Va natd_program 696.Pq Vt str 697Path to 698.Xr natd 8 . 699.It Va natd_enable 700.Pq Vt bool 701Set to 702.Dq Li YES 703to enable 704.Xr natd 8 . 705.Va firewall_enable 706must also be set to 707.Dq Li YES , 708and 709.Xr divert 4 710sockets must be enabled in the kernel. 711If the kernel was not built with 712.Cd "options IPDIVERT" , 713the 714.Pa ipdivert.ko 715kernel module will be loaded. 716.It Va natd_interface 717.Pq Vt str 718This is the name of the public interface on which 719.Xr natd 8 720should run. 721The interface may be given as an interface name or as an IP address. 722.It Va natd_flags 723.Pq Vt str 724Additional 725.Xr natd 8 726flags should be placed here. 727The 728.Fl n 729or 730.Fl a 731flag is automatically added with the above 732.Va natd_interface 733as an argument. 734.\" ----- ipfilter_enable setting -------------------------------- 735.It Va ipfilter_enable 736.Pq Vt bool 737Set to 738.Dq Li NO 739by default. 740Setting this to 741.Dq Li YES 742enables 743.Xr ipf 8 744packet filtering. 745.Pp 746Typical usage will require putting 747.Bd -literal 748ipfilter_enable="YES" 749ipnat_enable="YES" 750ipmon_enable="YES" 751ipfs_enable="YES" 752.Ed 753.Pp 754into 755.Pa /etc/rc.conf 756and editing 757.Pa /etc/ipf.rules 758and 759.Pa /etc/ipnat.rules 760appropriately. 761.Pp 762Note that 763.Va ipfilter_enable 764and 765.Va ipnat_enable 766can be enabled independently. 767.Va ipmon_enable 768and 769.Va ipfs_enable 770both require at least one of 771.Va ipfilter_enable 772and 773.Va ipnat_enable 774to be enabled. 775.Pp 776Having 777.Bd -literal 778options IPFILTER 779options IPFILTER_LOG 780options IPFILTER_DEFAULT_BLOCK 781.Ed 782.Pp 783in the kernel configuration file is a good idea, too. 784.\" ----- ipfilter_program setting ------------------------------ 785.It Va ipfilter_program 786.Pq Vt str 787Path to 788.Xr ipf 8 789(default 790.Pa /sbin/ipf ) . 791.\" ----- ipfilter_rules setting -------------------------------- 792.It Va ipfilter_rules 793.Pq Vt str 794Set to 795.Pa /etc/ipf.rules 796by default. 797This variable contains the name of the filter rule definition file. 798The file is expected to be readable for the 799.Xr ipf 8 800command to execute. 801.\" ----- ipv6_ipfilter_rules setting --------------------------- 802.It Va ipv6_ipfilter_rules 803.Pq Vt str 804Set to 805.Pa /etc/ipf6.rules 806by default. 807This variable contains the IPv6 filter rule definition file. 808The file is expected to be readable for the 809.Xr ipf 8 810command to execute. 811.\" ----- ipfilter_flags setting -------------------------------- 812.It Va ipfilter_flags 813.Pq Vt str 814Empty by default. 815This variable contains flags passed to the 816.Xr ipf 8 817program. 818.\" ----- ipnat_enable setting ---------------------------------- 819.It Va ipnat_enable 820.Pq Vt bool 821Set to 822.Dq Li NO 823by default. 824Set it to 825.Dq Li YES 826to enable 827.Xr ipnat 8 828network address translation. 829See 830.Va ipfilter_enable 831for a detailed discussion. 832.\" ----- ipnat_program setting --------------------------------- 833.It Va ipnat_program 834.Pq Vt str 835Path to 836.Xr ipnat 8 837(default 838.Pa /sbin/ipnat ) . 839.\" ----- ipnat_rules setting ----------------------------------- 840.It Va ipnat_rules 841.Pq Vt str 842Set to 843.Pa /etc/ipnat.rules 844by default. 845This variable contains the name of the file 846holding the network address translation definition. 847This file is expected to be readable for the 848.Xr ipnat 8 849command to execute. 850.\" ----- ipnat_flags setting ----------------------------------- 851.It Va ipnat_flags 852.Pq Vt str 853Empty by default. 854This variable contains flags passed to the 855.Xr ipnat 8 856program. 857.\" ----- ipmon_enable setting ---------------------------------- 858.It Va ipmon_enable 859.Pq Vt bool 860Set to 861.Dq Li NO 862by default. 863Set it to 864.Dq Li YES 865to enable 866.Xr ipmon 8 867monitoring (logging 868.Xr ipf 8 869and 870.Xr ipnat 8 871events). 872Setting this variable needs setting 873.Va ipfilter_enable 874or 875.Va ipnat_enable 876too. 877See 878.Va ipfilter_enable 879for a detailed discussion. 880.\" ----- ipmon_program setting --------------------------------- 881.It Va ipmon_program 882.Pq Vt str 883Path to 884.Xr ipmon 8 885(default 886.Pa /sbin/ipmon ) . 887.\" ----- ipmon_flags setting ----------------------------------- 888.It Va ipmon_flags 889.Pq Vt str 890Set to 891.Dq Li -Ds 892by default. 893This variable contains flags passed to the 894.Xr ipmon 8 895program. 896Another typical example would be 897.Dq Fl D Pa /var/log/ipflog 898to have 899.Xr ipmon 8 900log directly to a file bypassing 901.Xr syslogd 8 . 902Make sure to adjust 903.Pa /etc/newsyslog.conf 904in such case like this: 905.Bd -literal 906/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 907.Ed 908.\" ----- ipfs_enable setting ----------------------------------- 909.It Va ipfs_enable 910.Pq Vt bool 911Set to 912.Dq Li NO 913by default. 914Set it to 915.Dq Li YES 916to enable 917.Xr ipfs 8 918saving the filter and NAT state tables during shutdown 919and reloading them during startup again. 920Setting this variable needs setting 921.Va ipfilter_enable 922or 923.Va ipnat_enable 924to 925.Dq Li YES 926too. 927See 928.Va ipfilter_enable 929for a detailed discussion. 930Note that if 931.Va kern_securelevel 932is set to 3, 933.Va ipfs_enable 934cannot be used 935because the raised securelevel will prevent 936.Xr ipfs 8 937from saving the state tables at shutdown time. 938.\" ----- ipfs_program setting ---------------------------------- 939.It Va ipfs_program 940.Pq Vt str 941Path to 942.Xr ipfs 8 943(default 944.Pa /sbin/ipfs ) . 945.\" ----- ipfs_flags setting ------------------------------------ 946.It Va ipfs_flags 947.Pq Vt str 948Empty by default. 949This variable contains flags passed to the 950.Xr ipfs 8 951program. 952.\" ----- end of added ipf hook --------------------------------- 953.It Va pf_enable 954.Pq Vt bool 955Set to 956.Dq Li NO 957by default. 958Setting this to 959.Dq Li YES 960enables 961.Xr pf 4 962packet filtering. 963.Pp 964Typical usage will require putting 965.Pp 966.Dl pf_enable="YES" 967.Pp 968into 969.Pa /etc/rc.conf 970and editing 971.Pa /etc/pf.conf 972appropriately. 973Adding 974.Pp 975.Dl "device pf" 976.Pp 977builds support for 978.Xr pf 4 979into the kernel, otherwise the 980kernel module will be loaded. 981.It Va pf_rules 982.Pq Vt str 983Path to 984.Xr pf 4 985ruleset configuration file 986(default 987.Pa /etc/pf.conf ) . 988.It Va pf_program 989.Pq Vt str 990Path to 991.Xr pfctl 8 992(default 993.Pa /sbin/pfctl ) . 994.It Va pf_flags 995.Pq Vt str 996If 997.Va pf_enable 998is set to 999.Dq Li YES , 1000these flags are passed to the 1001.Xr pfctl 8 1002program when loading the ruleset. 1003.It Va pflog_enable 1004.Pq Vt bool 1005Set to 1006.Dq Li NO 1007by default. 1008Setting this to 1009.Dq Li YES 1010enables 1011.Xr pflogd 8 1012which logs packets from the 1013.Xr pf 4 1014packet filter. 1015.It Va pflog_logfile 1016.Pq Vt str 1017If 1018.Va pflog_enable 1019is set to 1020.Dq Li YES 1021this controls where 1022.Xr pflogd 8 1023stores the logfile 1024(default 1025.Pa /var/log/pflog ) . 1026Check 1027.Pa /etc/newsyslog.conf 1028to adjust logfile rotation for this. 1029.It Va pflog_program 1030.Pq Vt str 1031Path to 1032.Xr pflogd 8 1033(default 1034.Pa /sbin/pflogd ) . 1035.It Va pflog_flags 1036.Pq Vt str 1037Empty by default. 1038This variable contains additional flags passed to the 1039.Xr pflogd 8 1040program. 1041.It Va pflog_instances 1042.Pq Vt str 1043If logging to more than one 1044.Xr pflog 4 1045interface is desired, 1046.Va pflog_instances 1047is set to the list of 1048.Xr pflogd 8 1049instances that should be started at system boot time. 1050If 1051.Va pflog_instances 1052is set, for each whitespace-separated 1053.Ar element 1054in the list, 1055.Ao Ar element Ac Ns Va _dev 1056and 1057.Ao Ar element Ac Ns Va _logfile 1058elements are assumed to exist. 1059.Ao Ar element Ac Ns Va _dev 1060must contain the 1061.Xr pflog 4 1062interface to be watched by the named 1063.Xr pflogd 8 1064instance. 1065.Ao Ar element Ac Ns Va _logfile 1066must contain the name of the logfile that will be used by the 1067.Xr pflogd 8 1068instance. 1069.It Va ftpproxy_enable 1070.Pq Vt bool 1071Set to 1072.Dq Li NO 1073by default. 1074Setting this to 1075.Dq Li YES 1076enables 1077.Xr ftp-proxy 8 1078which supports the 1079.Xr pf 4 1080packet filter in translating ftp connections. 1081.It Va ftpproxy_flags 1082.Pq Vt str 1083Empty by default. 1084This variable contains additional flags passed to the 1085.Xr ftp-proxy 8 1086program. 1087.It Va ftpproxy_instances 1088.Pq Vt str 1089Empty by default. 1090If multiple instances of 1091.Xr ftp-proxy 8 1092are desired at boot time, 1093.Va ftpproxy_instances 1094should contain a whitespace-separated list of instance names. 1095For each 1096.Ar element 1097in the list, a variable named 1098.Ao Ar element Ac Ns Va _flags 1099should be defined, containing the command-line flags to be passed to the 1100.Xr ftp-proxy 8 1101instance. 1102.It Va pfsync_enable 1103.Pq Vt bool 1104Set to 1105.Dq Li NO 1106by default. 1107Setting this to 1108.Dq Li YES 1109enables exposing 1110.Xr pf 4 1111state changes to other hosts over the network by means of 1112.Xr pfsync 4 . 1113The 1114.Va pfsync_syncdev 1115variable 1116must also be set then. 1117.It Va pfsync_syncdev 1118.Pq Vt str 1119Empty by default. 1120This variable specifies the name of the network interface 1121.Xr pfsync 4 1122should operate through. 1123It must be set accordingly if 1124.Va pfsync_enable 1125is set to 1126.Dq Li YES . 1127.It Va pfsync_syncpeer 1128.Pq Vt str 1129Empty by default. 1130This variable is optional. 1131By default, state change messages are sent out on the synchronisation 1132interface using IP multicast packets. 1133The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1134224.0.0.240. 1135When a peer address is specified using the 1136.Va pfsync_syncpeer 1137option, the peer address is used as a destination for the pfsync 1138traffic, and the traffic can then be protected using 1139.Xr ipsec 4 . 1140See the 1141.Xr pfsync 4 1142manpage for more details about using 1143.Xr ipsec 4 1144with 1145.Xr pfsync 4 1146interfaces. 1147.It Va pfsync_ifconfig 1148.Pq Vt str 1149Empty by default. 1150This variable can contain additional options to be passed to the 1151.Xr ifconfig 8 1152command used to set up 1153.Xr pfsync 4 . 1154.It Va tcp_extensions 1155.Pq Vt bool 1156Set to 1157.Dq Li YES 1158by default. 1159Setting this to 1160.Dq Li NO 1161disables certain TCP options as described by 1162.Rs 1163.%T "RFC 1323" 1164.Re 1165Setting this to 1166.Dq Li NO 1167might help remedy such problems with connections as randomly hanging 1168or other weird behavior. 1169Some network devices are known 1170to be broken with respect to these options. 1171.It Va log_in_vain 1172.Pq Vt int 1173Set to 0 by default. 1174The 1175.Xr sysctl 8 1176variables, 1177.Va net.inet.tcp.log_in_vain 1178and 1179.Va net.inet.udp.log_in_vain , 1180as described in 1181.Xr tcp 4 1182and 1183.Xr udp 4 , 1184are set to the given value. 1185.It Va tcp_keepalive 1186.Pq Vt bool 1187Set to 1188.Dq Li YES 1189by default. 1190Setting to 1191.Dq Li NO 1192will disable probing idle TCP connections to verify that the 1193peer is still up and reachable. 1194.It Va tcp_drop_synfin 1195.Pq Vt bool 1196Set to 1197.Dq Li NO 1198by default. 1199Setting to 1200.Dq Li YES 1201will cause the kernel to ignore TCP frames that have both 1202the SYN and FIN flags set. 1203This prevents OS fingerprinting, but may 1204break some legitimate applications. 1205.It Va icmp_drop_redirect 1206.Pq Vt bool 1207Set to 1208.Dq Li AUTO 1209by default. 1210This setting will be identical to 1211.Dq Li YES , 1212if a dynamicrouting daemon is enabled, because redirect processing may 1213cause performance issues for large routing tables. 1214If no such service is enabled, this setting behaves like a 1215.Dq Li NO . 1216Setting to 1217.Dq Li YES 1218will cause the kernel to ignore ICMP REDIRECT packets. 1219Setting to 1220.Dq Li NO 1221will cause the kernel to process ICMP REDIRECT packets. 1222Refer to 1223.Xr icmp 4 1224for more information. 1225.It Va icmp_log_redirect 1226.Pq Vt bool 1227Set to 1228.Dq Li NO 1229by default. 1230Setting to 1231.Dq Li YES 1232will cause the kernel to log ICMP REDIRECT packets. 1233Note that 1234the log messages are not rate-limited, so this option should only be used 1235for troubleshooting networks. 1236Refer to 1237.Xr icmp 4 1238for more information. 1239.It Va icmp_bmcastecho 1240.Pq Vt bool 1241Set to 1242.Dq Li YES 1243to respond to broadcast or multicast ICMP ping packets. 1244Refer to 1245.Xr icmp 4 1246for more information. 1247.It Va ip_portrange_first 1248.Pq Vt int 1249If not set to 1250.Dq Li NO , 1251this is the first port in the default portrange. 1252Refer to 1253.Xr ip 4 1254for more information. 1255.It Va ip_portrange_last 1256.Pq Vt int 1257If not set to 1258.Dq Li NO , 1259this is the last port in the default portrange. 1260Refer to 1261.Xr ip 4 1262for more information. 1263.It Va network_interfaces 1264.Pq Vt str 1265Set to the list of network interfaces to configure on this host or 1266.Dq Li AUTO 1267(the default) for all current interfaces. 1268Setting the 1269.Va network_interfaces 1270variable to anything other than the default is deprecated. 1271Interfaces that the administrator wishes to store configuration for, 1272but not start at boot should be configured with the 1273.Dq Li NOAUTO 1274keyword in their 1275.Va ifconfig_ Ns Aq Ar interface 1276variables as described below. 1277.Pp 1278An 1279.Va ifconfig_ Ns Aq Ar interface 1280variable is also assumed to exist for each value of 1281.Ar interface . 1282When an interface name contains any of the characters 1283.Dq Li .-/+ 1284they are translated to 1285.Dq Li _ 1286before lookup. 1287The variable can contain arguments to 1288.Xr ifconfig 8 , 1289as well as special case-insensitive keywords described below. 1290Such keywords are removed before passing the value to 1291.Xr ifconfig 8 1292while the order of the other arguments is preserved. 1293.Pp 1294It is possible to add IP alias entries using 1295.Xr ifconfig 8 1296syntax with the address family keyword such as 1297.Li inet . 1298Assuming that the interface in question was 1299.Li em0 , 1300it might look something like this: 1301.Bd -literal 1302ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1303ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1304.Ed 1305.Pp 1306It also possible to configure multiple IP addresses in Classless 1307Inter-Domain Routing 1308.Pq CIDR 1309address notation, 1310whose each address component can be a range like 1311.Li inet 192.0.2.5-23/24 1312or 1313.Li inet6 2001:db8:1-f::1/64 . 1314This notation allows address and prefix length part only, 1315not the other address modifiers. 1316Note that the maximum number of the generated addresses from a range 1317specification is limited to an integer value specified in 1318.Va netif_ipexpand_max 1319in 1320.Nm 1321because a small typo can unexpectedly generate a large number of addresses. 1322The default value is 1323.Li 2048 . 1324It can be increased by adding the following line into 1325.Nm : 1326.Bd -literal 1327netif_ipexpand_max="4096" 1328.Ed 1329.Pp 1330In the case of 1331.Li 192.0.2.5-23/24 , 1332the address 192.0.2.5 will be configured with the 1333netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1334the non-conflicting netmask /32 as explained in the 1335.Xr ifconfig 8 1336alias section. 1337Note that this special netmask handling is only for 1338.Li inet , 1339not for the other address families such as 1340.Li inet6 . 1341.Pp 1342With the interface in question being 1343.Li em0 , 1344an example could look like: 1345.Bd -literal 1346ifconfig_em0_alias2="inet 192.0.2.129/27" 1347ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1348.Ed 1349.Pp 1350and so on. 1351.Pp 1352Note that deprecated 1353.Va ipv4_addrs_ Ns Aq Ar interface 1354variable was supported for IPv4 CIDR address notation. 1355The 1356.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1357variable replaces it, though 1358.Va ipv4_addrs_ Ns Aq Ar interface 1359is still supported for backward compatibility. 1360.Pp 1361For each 1362.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1363entry with an address family keyword, 1364its contents are passed to 1365.Xr ifconfig 8 . 1366Execution stops at the first unsuccessful access, so if 1367something like this is present: 1368.Bd -literal 1369ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1370ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1371ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1372ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1373.Ed 1374.Pp 1375Then note that alias4 would 1376.Em not 1377be added since the search would 1378stop with the missing 1379.Dq Li alias3 1380entry. 1381Because of this difficult to manage behavior, 1382there is 1383.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1384variable, which has the same functionality as 1385.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1386and can have all of entries in a variable like the following: 1387.Bd -literal 1388ifconfig_em0_aliases="\\ 1389 inet 127.0.0.251 netmask 0xffffffff \\ 1390 inet 127.0.0.252 netmask 0xffffffff \\ 1391 inet 127.0.0.253 netmask 0xffffffff \\ 1392 inet 127.0.0.254 netmask 0xffffffff" 1393.Ed 1394.Pp 1395It also supports CIDR notation. 1396.Pp 1397If the 1398.Pa /etc/start_if. Ns Aq Ar interface 1399file is present, it is read and executed by the 1400.Xr sh 1 1401interpreter 1402before configuring the interface as specified in the 1403.Va ifconfig_ Ns Aq Ar interface 1404and 1405.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1406variables. 1407.Pp 1408If a 1409.Va vlans_ Ns Aq Ar interface 1410variable is set, 1411a 1412.Xr vlan 4 1413interface will be created for each item in the list with the 1414.Ar vlandev 1415argument set to 1416.Ar interface . 1417If a vlan interface's name is a number, 1418then that number is used as the vlan tag and the new vlan interface is 1419named 1420.Ar interface . Ns Ar tag . 1421Otherwise, 1422the vlan tag must be specified via a 1423.Va vlan 1424parameter in the 1425.Va create_args_ Ns Aq Ar interface 1426variable. 1427.Pp 1428To create a vlan device named 1429.Li em0.101 1430on 1431.Li em0 1432with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1433.Bd -literal 1434vlans_em0="101" 1435ifconfig_em0_101="inet 192.0.2.1/24" 1436.Ed 1437.Pp 1438To create a vlan device named 1439.Li myvlan 1440on 1441.Li em0 1442with the vlan tag 102: 1443.Bd -literal 1444vlans_em0="myvlan" 1445create_args_myvlan="vlan 102" 1446.Ed 1447.Pp 1448If a 1449.Va wlans_ Ns Aq Ar interface 1450variable is set, 1451an 1452.Xr wlan 4 1453interface will be created for each item in the list with the 1454.Ar wlandev 1455argument set to 1456.Ar interface . 1457Further wlan cloning arguments may be passed to the 1458.Xr ifconfig 8 1459.Cm create 1460command by setting the 1461.Va create_args_ Ns Aq Ar interface 1462variable. 1463One or more 1464.Xr wlan 4 1465devices must be created for each wireless devices as of 1466.Fx 8.0 . 1467Debugging flags for 1468.Xr wlan 4 1469devices as set by 1470.Xr wlandebug 8 1471may be specified with an 1472.Va wlandebug_ Ns Aq Ar interface 1473variable. 1474The contents of this variable will be passed directly to 1475.Xr wlandebug 8 . 1476.Pp 1477If the 1478.Va ifconfig_ Ns Aq Ar interface 1479contains the keyword 1480.Dq Li NOAUTO 1481then the interface will not be configured 1482at boot or by 1483.Pa /etc/pccard_ether 1484when 1485.Va network_interfaces 1486is set to 1487.Dq Li AUTO . 1488.Pp 1489It is possible to bring up an interface with DHCP by adding 1490.Dq Li DHCP 1491to the 1492.Va ifconfig_ Ns Aq Ar interface 1493variable. 1494For instance, to initialize the 1495.Li em0 1496device via DHCP, 1497it is possible to use something like: 1498.Bd -literal 1499ifconfig_em0="DHCP" 1500.Ed 1501.Pp 1502If you want to configure your wireless interface with 1503.Xr wpa_supplicant 8 1504for use with WPA, EAP/LEAP or WEP, you need to add 1505.Dq Li WPA 1506to the 1507.Va ifconfig_ Ns Aq Ar interface 1508variable. 1509.Pp 1510On the other hand, if you want to configure your wireless interface with 1511.Xr hostapd 8 , 1512you need to add 1513.Dq Li HOSTAP 1514to the 1515.Va ifconfig_ Ns Aq Ar interface 1516variable. 1517.Xr hostapd 8 1518will use the settings from 1519.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1520.Pp 1521Finally, you can add 1522.Xr ifconfig 8 1523options in this variable, in addition to the 1524.Pa /etc/start_if. Ns Aq Ar interface 1525file. 1526For instance, to configure an 1527.Xr ath 4 1528wireless device in station mode with an address obtained 1529via DHCP, using WPA authentication and 802.11b mode, it is 1530possible to use something like: 1531.Bd -literal 1532wlans_ath0="wlan0" 1533ifconfig_wlan0="DHCP WPA mode 11b" 1534.Ed 1535.Pp 1536In addition to the 1537.Va ifconfig_ Ns Aq Ar interface 1538form, a fallback variable 1539.Va ifconfig_DEFAULT 1540may be configured. 1541It will be used for all interfaces with no 1542.Va ifconfig_ Ns Aq Ar interface 1543variable. 1544This is intended to replace the no longer supported 1545.Va pccard_ifconfig 1546variable. 1547.Pp 1548It is also possible to rename an interface by doing: 1549.Bd -literal 1550ifconfig_em0_name="net0" 1551ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1552.Ed 1553.It Va ipv6_enable 1554.Pq Vt bool 1555This variable is deprecated. 1556Use 1557.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1558and 1559.Va ipv6_activate_all_interfaces 1560if necessary. 1561.Pp 1562If the variable is 1563.Dq Li YES , 1564.Dq Li inet6 accept_rtadv 1565is added to all of 1566.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1567and the 1568.Va ipv6_activate_all_interfaces 1569is defined as 1570.Dq Li YES . 1571.It Va ipv6_prefer 1572.Pq Vt bool 1573This variable is deprecated. 1574Use 1575.Va ip6addrctl_policy 1576instead. 1577.Pp 1578If the variable is 1579.Dq Li YES , 1580the default address selection policy table set by 1581.Xr ip6addrctl 8 1582will be IPv6-preferred. 1583.Pp 1584If the variable is 1585.Dq Li NO , 1586the default address selection policy table set by 1587.Xr ip6addrctl 8 1588will be IPv4-preferred. 1589.It Va ipv6_activate_all_interfaces 1590.Pq Vt bool 1591This controls initial configuration on IPv6-capable 1592interfaces with no corresponding 1593.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1594variable. 1595Note that it is not always necessary to set this variable to 1596.Dq YES 1597to use IPv6 functionality on 1598.Fx . 1599In most cases, just configuring 1600.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1601variables works. 1602.Pp 1603If the variable is 1604.Dq Li NO , 1605all interfaces which do not have a corresponding 1606.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1607variable will be marked as 1608.Dq Li IFDISABLED 1609at creation. 1610This means that all of IPv6 functionality on that interface 1611is completely disabled to enforce a security policy. 1612If the variable is set to 1613.Dq YES , 1614the flag will be cleared on all of the interfaces. 1615.Pp 1616In most cases, just defining an 1617.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1618for an IPv6-capable interface should be sufficient. 1619However, if an interface is added dynamically 1620.Pq by some tunneling protocols such as PPP, for example , 1621it is often difficult to define the variable in advance. 1622In such a case, configuring the 1623.Dq Li IFDISABLED 1624flag can be disabled by setting this variable to 1625.Dq YES . 1626.Pp 1627For more details of the 1628.Dq Li IFDISABLED 1629flag and keywords 1630.Dq Li inet6 ifdisabled , 1631see 1632.Xr ifconfig 8 . 1633.Pp 1634Default is 1635.Dq Li NO . 1636.It Va ipv6_privacy 1637.Pq Vt bool 1638If the variable is 1639.Dq Li YES 1640privacy addresses will be generated for each IPv6 1641interface as described in RFC 4941. 1642.It Va ipv6_network_interfaces 1643.Pq Vt str 1644This is the IPv6 equivalent of 1645.Va network_interfaces . 1646Normally manual configuration of this variable is not needed. 1647.It Va ipv6_cpe_wanif 1648.Pq Vt str 1649If the variable is set to an interface name, 1650the 1651.Xr ifconfig 8 1652options 1653.Dq inet6 -no_radr accept_rtadv 1654will be added to the specified interface automatically before evaluating 1655.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1656and two 1657.Xr sysctl 8 1658variables 1659.Va net.inet6.ip6.rfc6204w3 1660and 1661.Va net.inet6.ip6.no_radr 1662will be set to 1. 1663.Pp 1664This means the specified interface will accept ICMPv6 Router 1665Advertisement messages on that link and add the discovered 1666routers into the Default Router List. 1667While the other interfaces can still accept RA messages if the 1668.Dq inet6 accept_rtadv 1669option is specified, adding 1670routes into the Default Router List will be disabled by 1671.Dq inet6 no_radr 1672option by default. 1673See 1674.Xr ifconfig 8 1675for more details. 1676.Pp 1677Note that ICMPv6 Router Advertisement messages will be 1678accepted even when 1679.Va net.inet6.ip6.forwarding 1680is 1 1681.Pq packet forwarding is enabled 1682when 1683.Va net.inet6.ip6.rfc6204w3 1684is set to 1. 1685.Pp 1686Default is 1687.Dq Li NO . 1688.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1689.Pq Vt str 1690This assigns arbitrary description to an interface. 1691The 1692.Xr sysctl 8 1693variable 1694.Va net.ifdescr_maxlen 1695limits its length. 1696This static setting may be overridden by commands 1697started with dynamic interface configuration utilities 1698like 1699.Xr dhclient 8 1700hooks. 1701The description can be seen with 1702.Xr ifconfig 8 1703command and it may be exported with 1704.Xr bsnmpd 1 1705daemon using its MIB-2 module. 1706.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1707.Pq Vt str 1708IPv6 functionality on an interface should be configured by 1709.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1710instead of setting ifconfig parameters in 1711.Va ifconfig_ Ns Aq Ar interface . 1712If this variable is empty, all of IPv6 configurations on the 1713specified interface by other variables such as 1714.Va ipv6_prefix_ Ns Ao Ar interface Ac 1715will be ignored. 1716.Pp 1717Aliases should be set by 1718.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1719with 1720.Dq Li inet6 1721keyword. 1722For example: 1723.Bd -literal 1724ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1725ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1726.Ed 1727.Pp 1728Interfaces that have an 1729.Dq Li inet6 accept_rtadv 1730keyword in 1731.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1732setting will be automatically configured by SLAAC 1733.Pq StateLess Address AutoConfiguration 1734described in 1735.Rs 1736.%T "RFC 4862" 1737.Re 1738.Pp 1739Note that a link-local address will be automatically configured in 1740addition to the configured global-scope addresses because the IPv6 1741specifications require it on each link. 1742The address is calculated from the MAC address by using an algorithm 1743defined in 1744.Rs 1745.%T "RFC 4862" 1746.%O "Section 5.3" 1747.Re 1748.Pp 1749If only a link-local address is needed on the interface, 1750the following configuration can be used: 1751.Bd -literal 1752ifconfig_em0_ipv6="inet6 auto_linklocal" 1753.Ed 1754.Pp 1755A link-local address can also be configured manually. 1756This is useful for the default router address of an IPv6 router 1757so that it does not change when the network interface 1758card is replaced. 1759For example: 1760.Bd -literal 1761ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1762.Ed 1763.It Va ipv6_prefix_ Ns Aq Ar interface 1764.Pq Vt str 1765If one or more prefixes are defined in 1766.Va ipv6_prefix_ Ns Aq Ar interface 1767addresses based on each prefix and the EUI-64 interface index will be 1768configured on that interface. 1769Note that this variable will be ignored when 1770.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1771is empty. 1772.Pp 1773For example, the following configuration 1774.Bd -literal 1775ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1776.Ed 1777.Pp 1778is equivalent to the following: 1779.Bd -literal 1780ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1781ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1782ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1783ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1784.Ed 1785.Pp 1786These Subnet-Router anycast addresses will be added only when 1787.Va ipv6_gateway_enable 1788is YES. 1789.It Va ipv6_default_interface 1790.Pq Vt str 1791If not set to 1792.Dq Li NO , 1793this is the default output interface for scoped addresses. 1794This works only with ipv6_gateway_enable="NO". 1795.It Va ip6addrctl_enable 1796.Pq Vt bool 1797This variable is to enable configuring default address selection policy table 1798.Pq RFC 3484 . 1799The table can be specified in another variable 1800.Va ip6addrctl_policy . 1801For 1802.Va ip6addrctl_policy 1803the following keywords can be specified: 1804.Dq Li ipv4_prefer , 1805.Dq Li ipv6_prefer , 1806or 1807.Dq Li AUTO . 1808.Pp 1809If 1810.Dq Li ipv4_prefer 1811or 1812.Dq Li ipv6_prefer 1813is specified, 1814.Xr ip6addrctl 8 1815installs a pre-defined policy table described in Section 10.3 1816.Pq IPv4-preferred 1817or 2.1 1818.Pq IPv6-preferred 1819of RFC 3484. 1820.Pp 1821If 1822.Dq Li AUTO 1823is specified, it attempts to read a file 1824.Pa /etc/ip6addrctl.conf 1825first. 1826If this file is found, 1827.Xr ip6addrctl 8 1828reads and installs it. 1829If not found, a policy is automatically set 1830according to 1831.Va ipv6_activate_all_interfaces 1832variable; if the variable is set to 1833.Dq Li YES 1834the IPv6-preferred one is used. 1835Otherwise IPv4-preferred. 1836.Pp 1837The default value of 1838.Va ip6addrctl_enable 1839and 1840.Va ip6addrctl_policy 1841are 1842.Dq Li YES 1843and 1844.Dq Li AUTO , 1845respectively. 1846.It Va cloned_interfaces 1847.Pq Vt str 1848Set to the list of clonable network interfaces to create on this host. 1849Further cloning arguments may be passed to the 1850.Xr ifconfig 8 1851.Cm create 1852command for each interface by setting the 1853.Va create_args_ Ns Aq Ar interface 1854variable. 1855If an interface name is specified with 1856.Dq :sticky 1857keyword, 1858the interface will not be destroyed even when 1859.Pa rc.d/netif 1860script is invoked with 1861.Dq stop 1862argument. 1863This is useful when reconfiguring the interface without destroying it. 1864Entries in 1865.Va cloned_interfaces 1866are automatically appended to 1867.Va network_interfaces 1868for configuration. 1869.It Va cloned_interfaces_sticky 1870.Pq Vt bool 1871This variable is to globally enable functionality of 1872.Dq :sticky 1873keyword in 1874.Va cloned_interfaces 1875for all interfaces. 1876The default value is 1877.Dq NO . 1878Even if this variable is specified to 1879.Dq YES , 1880.Dq :nosticky 1881keyword can be used to override it on per interface basis. 1882.It Va gif_interfaces 1883Set to the list of 1884.Xr gif 4 1885tunnel interfaces to configure on this host. 1886A 1887.Va gifconfig_ Ns Aq Ar interface 1888variable is assumed to exist for each value of 1889.Ar interface . 1890The value of this variable is used to configure the link layer of the 1891tunnel using the 1892.Cm tunnel 1893option to 1894.Xr ifconfig . 1895Additionally, this option ensures that each listed interface is created 1896via the 1897.Cm create 1898option to 1899.Xr ifconfig 1900before attempting to configure it. 1901.Pp 1902For example, configure two 1903.Xr gif 1904interfaces with: 1905.Bd -literal 1906gif_interfaces="gif0 gif1" 1907gifconfig_gif0="100.64.0.1 100.64.0.2" 1908ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1909gifconfig_gif1="inet6 2a00::1 2a01::1" 1910ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1911.Ed 1912.It Va sppp_interfaces 1913.Pq Vt str 1914Set to the list of 1915.Xr sppp 4 1916interfaces to configure on this host. 1917A 1918.Va spppconfig_ Ns Aq Ar interface 1919variable is assumed to exist for each value of 1920.Ar interface . 1921Each interface should also be configured by a general 1922.Va ifconfig_ Ns Aq Ar interface 1923setting. 1924Refer to 1925.Xr spppcontrol 8 1926for more information about available options. 1927.It Va ppp_enable 1928.Pq Vt bool 1929If set to 1930.Dq Li YES , 1931run the 1932.Xr ppp 8 1933daemon. 1934.It Va ppp_profile 1935.Pq Vt str 1936The name of the profile to use from 1937.Pa /etc/ppp/ppp.conf . 1938Also used for per-profile overrides of 1939.Va ppp_mode 1940and 1941.Va ppp_nat , 1942and 1943.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1944When the profile name contains any of the characters 1945.Dq Li .-/+ 1946they are translated to 1947.Dq Li _ 1948for the proposes of the override variable names. 1949.It Va ppp_mode 1950.Pq Vt str 1951Mode in which to run the 1952.Xr ppp 8 1953daemon. 1954.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1955.Pq Vt str 1956Overrides the global 1957.Va ppp_mode 1958for 1959.Ar profile . 1960Accepted modes are 1961.Dq Li auto , 1962.Dq Li ddial , 1963.Dq Li direct 1964and 1965.Dq Li dedicated . 1966See the manual for a full description. 1967.It Va ppp_nat 1968.Pq Vt bool 1969If set to 1970.Dq Li YES , 1971enables network address translation. 1972Used in conjunction with 1973.Va gateway_enable 1974allows hosts on private network addresses access to the Internet using 1975this host as a network address translating router. 1976Default is 1977.Dq Li YES . 1978.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1979.Pq Vt str 1980Overrides the global 1981.Va ppp_nat 1982for 1983.Ar profile . 1984.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1985.Pq Vt int 1986Set the unit number to be used for this profile. 1987See the manual description of 1988.Fl unit Ns Ar N 1989for details. 1990.It Va ppp_user 1991.Pq Vt str 1992The name of the user under which 1993.Xr ppp 8 1994should be started. 1995By 1996default, 1997.Xr ppp 8 1998is started as 1999.Dq Li root . 2000.It Va rc_conf_files 2001.Pq Vt str 2002This option is used to specify a list of files that will override 2003the settings in 2004.Pa /etc/defaults/rc.conf . 2005The files will be read in the order in which they are specified and should 2006include the full path to the file. 2007By default, the files specified are 2008.Pa /etc/rc.conf 2009and 2010.Pa /etc/rc.conf.local 2011.It Va zfs_enable 2012.Pq Vt bool 2013If set to 2014.Dq Li YES , 2015.Pa /etc/rc.d/zfs 2016will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2017(ZVOLs). 2018.It Va gptboot_enable 2019.Pq Vt bool 2020If set to 2021.Dq Li YES , 2022.Pa /etc/rc.d/gptboot 2023will log if the system successfully (or not) booted from a GPT partition, 2024which had the 2025.Ar bootonce 2026attribute set using 2027.Xr gpart 8 2028utility. 2029.It Va gbde_autoattach_all 2030.Pq Vt bool 2031If set to 2032.Dq Li YES , 2033.Pa /etc/rc.d/gbde 2034will attempt to automatically initialize your .bde devices in 2035.Pa /etc/fstab . 2036.It Va gbde_devices 2037.Pq Vt str 2038List the devices that the script should try to attach, 2039or 2040.Dq Li AUTO . 2041.It Va gbde_lockdir 2042.Pq Vt str 2043The directory where the 2044.Xr gbde 4 2045lockfiles are located. 2046The default lockfile directory is 2047.Pa /etc . 2048.Pp 2049The lockfile for each individual 2050.Xr gbde 4 2051device can be overridden by setting the variable 2052.Va gbde_lock_ Ns Aq Ar device , 2053where 2054.Ar device 2055is the encrypted device without the 2056.Dq Pa /dev/ 2057and 2058.Dq Pa .bde 2059parts. 2060.It Va gbde_attach_attempts 2061.Pq Vt int 2062Number of times to attempt attaching to a 2063.Xr gbde 4 2064device, i.e., how many times the user is asked for the pass-phrase. 2065Default is 3. 2066.It Va geli_devices 2067.Pq Vt str 2068List of devices to automatically attach on boot. 2069Note that .eli devices from 2070.Pa /etc/fstab 2071are automatically appended to this list. 2072.It Va geli_groups 2073.Pq Vt str 2074List of groups containing devices to automatically attach on boot with the same 2075keyfiles and passphrase. 2076This must be accompanied with a corresponding 2077.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2078variable. 2079.It Va geli_tries 2080.Pq Vt int 2081Number of times user is asked for the pass-phrase. 2082If empty, it will be taken from 2083.Va kern.geom.eli.tries 2084sysctl variable. 2085.It Va geli_default_flags 2086.Pq Vt str 2087Default flags to use by 2088.Xr geli 8 2089when configuring disk encryption. 2090Flags can be configured for every device separately by defining the 2091.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2092variable, and for every group separately by defining the 2093.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2094variable. 2095.It Va geli_autodetach 2096.Pq Vt str 2097Specifies if GELI devices should be marked for detach on last close after 2098file systems are mounted. 2099Default is 2100.Dq Li YES . 2101This can be changed for every device separately by defining the 2102.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2103variable. 2104.It Va root_rw_mount 2105.Pq Vt bool 2106Set to 2107.Dq Li YES 2108by default. 2109After the file systems are checked at boot time, the root file system 2110is remounted as read-write if this is set to 2111.Dq Li YES . 2112Diskless systems that mount their root file system from a read-only remote 2113NFS share should set this to 2114.Dq Li NO 2115in their 2116.Pa rc.conf . 2117.It Va fsck_y_enable 2118.Pq Vt bool 2119If set to 2120.Dq Li YES , 2121.Xr fsck 8 2122will be run with the 2123.Fl y 2124flag if the initial preen 2125of the file systems fails. 2126.It Va background_fsck 2127.Pq Vt bool 2128If set to 2129.Dq Li NO , 2130the system will not attempt to run 2131.Xr fsck 8 2132in the background where possible. 2133.It Va background_fsck_delay 2134.Pq Vt int 2135The amount of time in seconds to sleep before starting a background 2136.Xr fsck 8 . 2137It defaults to sixty seconds to allow large applications such as 2138the X server to start before disk I/O bandwidth is monopolized by 2139.Xr fsck 8 . 2140If set to a negative number, the background file system check will be 2141delayed indefinitely to allow the administrator to run it at a more 2142convenient time. 2143For example it may be run from 2144.Xr cron 8 2145by adding a line like 2146.Pp 2147.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2148.Pp 2149to 2150.Pa /etc/crontab . 2151.It Va netfs_types 2152.Pq Vt str 2153List of file system types that are network-based. 2154This list should generally not be modified by end users. 2155Use 2156.Va extra_netfs_types 2157instead. 2158.It Va extra_netfs_types 2159.Pq Vt str 2160If set to something other than 2161.Dq Li NO 2162(the default), 2163this variable extends the list of file system types 2164for which automatic mounting at startup by 2165.Xr rc 8 2166should be delayed until the network is initialized. 2167It should contain 2168a whitespace-separated list of network file system descriptor pairs, 2169each consisting of a file system type as passed to 2170.Xr mount 8 2171and a human-readable, one-word description, 2172joined with a colon 2173.Pq Ql \&: . 2174Extending the default list in this way is only necessary 2175when third party file system types are used. 2176.It Va syslogd_enable 2177.Pq Vt bool 2178If set to 2179.Dq Li YES , 2180run the 2181.Xr syslogd 8 2182daemon. 2183.It Va syslogd_program 2184.Pq Vt str 2185Path to 2186.Xr syslogd 8 2187(default 2188.Pa /usr/sbin/syslogd ) . 2189.It Va syslogd_flags 2190.Pq Vt str 2191If 2192.Va syslogd_enable 2193is set to 2194.Dq Li YES , 2195these are the flags to pass to 2196.Xr syslogd 8 . 2197.It Va inetd_enable 2198.Pq Vt bool 2199If set to 2200.Dq Li YES , 2201run the 2202.Xr inetd 8 2203daemon. 2204.It Va inetd_program 2205.Pq Vt str 2206Path to 2207.Xr inetd 8 2208(default 2209.Pa /usr/sbin/inetd ) . 2210.It Va inetd_flags 2211.Pq Vt str 2212If 2213.Va inetd_enable 2214is set to 2215.Dq Li YES , 2216these are the flags to pass to 2217.Xr inetd 8 . 2218.It Va hastd_enable 2219.Pq Vt bool 2220If set to 2221.Dq Li YES , 2222run the 2223.Xr hastd 8 2224daemon. 2225.It Va hastd_program 2226.Pq Vt str 2227Path to 2228.Xr hastd 8 2229(default 2230.Pa /sbin/hastd ) . 2231.It Va hastd_flags 2232.Pq Vt str 2233If 2234.Va hastd_enable 2235is set to 2236.Dq Li YES , 2237these are the flags to pass to 2238.Xr hastd 8 . 2239.It Va local_unbound_enable 2240.Pq Vt bool 2241If set to 2242.Dq Li YES , 2243run the 2244.Xr unbound 8 2245daemon as a local caching resolver. 2246.It Va kdc_enable 2247.Pq Vt bool 2248Set to 2249.Dq Li YES 2250to start a Kerberos 5 authentication server 2251at boot time. 2252.It Va kdc_program 2253.Pq Vt str 2254If 2255.Va kdc_enable 2256is set to 2257.Dq Li YES 2258this is the path to Kerberos 5 Authentication Server. 2259.It Va kdc_flags 2260.Pq Vt str 2261Empty by default. 2262This variable contains additional flags to be passed to the Kerberos 5 2263authentication server. 2264.It Va kadmind_enable 2265.Pq Vt bool 2266Set to 2267.Dq Li YES 2268to start 2269.Xr kadmind 8 , 2270the Kerberos 5 Administration Daemon; set to 2271.Dq Li NO 2272on a slave server. 2273.It Va kadmind_program 2274.Pq Vt str 2275If 2276.Va kadmind_enable 2277is set to 2278.Dq Li YES 2279this is the path to Kerberos 5 Administration Daemon. 2280.It Va kpasswdd_enable 2281.Pq Vt bool 2282Set to 2283.Dq Li YES 2284to start 2285.Xr kpasswdd 8 , 2286the Kerberos 5 Password-Changing Daemon; set to 2287.Dq Li NO 2288on a slave server. 2289.It Va kpasswdd_program 2290.Pq Vt str 2291If 2292.Va kpasswdd_enable 2293is set to 2294.Dq Li YES 2295this is the path to Kerberos 5 Password-Changing Daemon. 2296.It Va kfd_enable 2297.Pq Vt bool 2298Set to 2299.Dq Li YES 2300to start 2301.Xr kfd 8 , 2302the Kerberos 5 ticket forwarding daemon, at the boot time. 2303.It Va kfd_program 2304.Pq Vt str 2305Path to 2306.Xr kfd 8 2307(default 2308.Pa /usr/libexec/kfd ) . 2309.It Va rwhod_enable 2310.Pq Vt bool 2311If set to 2312.Dq Li YES , 2313run the 2314.Xr rwhod 8 2315daemon at boot time. 2316.It Va rwhod_flags 2317.Pq Vt str 2318If 2319.Va rwhod_enable 2320is set to 2321.Dq Li YES , 2322these are the flags to pass to it. 2323.It Va amd_enable 2324.Pq Vt bool 2325If set to 2326.Dq Li YES , 2327run the 2328.Xr amd 8 2329daemon at boot time. 2330.It Va amd_flags 2331.Pq Vt str 2332If 2333.Va amd_enable 2334is set to 2335.Dq Li YES , 2336these are the flags to pass to it. 2337See the 2338.Xr amd 8 2339manpage for more information. 2340.It Va amd_map_program 2341.Pq Vt str 2342If set, 2343the specified program is run to get the list of 2344.Xr amd 8 2345maps. 2346For example, if the 2347.Xr amd 8 2348maps are stored in NIS, one can set this to 2349run 2350.Xr ypcat 1 2351to get a list of 2352.Xr amd 8 2353maps from the 2354.Pa amd.master 2355NIS map. 2356.It Va update_motd 2357.Pq Vt bool 2358If set to 2359.Dq Li YES , 2360.Pa /etc/motd 2361will be updated at boot time to reflect the kernel release 2362being run. 2363If set to 2364.Dq Li NO , 2365.Pa /etc/motd 2366will not be updated. 2367.It Va nfs_client_enable 2368.Pq Vt bool 2369If set to 2370.Dq Li YES , 2371run the NFS client daemons at boot time. 2372.It Va nfs_access_cache 2373.Pq Vt int 2374If 2375.Va nfs_client_enable 2376is set to 2377.Dq Li YES , 2378this can be set to 2379.Dq Li 0 2380to disable NFS ACCESS RPC caching, or to the number of seconds for which 2381NFS ACCESS 2382results should be cached. 2383A value of 2-10 seconds will substantially reduce network 2384traffic for many NFS operations. 2385.It Va nfs_server_enable 2386.Pq Vt bool 2387If set to 2388.Dq Li YES , 2389run the NFS server daemons at boot time. 2390.It Va nfs_server_flags 2391.Pq Vt str 2392If 2393.Va nfs_server_enable 2394is set to 2395.Dq Li YES , 2396these are the flags to pass to the 2397.Xr nfsd 8 2398daemon. 2399.It Va nfsv4_server_enable 2400.Pq Vt bool 2401If 2402.Va nfs_server_enable 2403is set to 2404.Dq Li YES 2405and 2406.Va nfsv4_server_enable 2407are set to 2408.Dq Li YES , 2409enable the server for NFSv4 as well as NFSv2 and NFSv3. 2410.It Va nfsuserd_enable 2411.Pq Vt bool 2412If 2413.Va nfsuserd_enable 2414is set to 2415.Dq Li YES , 2416run the nfsuserd daemon, which is needed for NFSv4 in order 2417to map between user/group names vs uid/gid numbers. 2418If 2419.Va nfsv4_server_enable 2420is set to 2421.Dq Li YES , 2422this will be forced enabled. 2423.It Va nfsuserd_flags 2424.Pq Vt str 2425If 2426.Va nfsuserd_enable 2427is set to 2428.Dq Li YES , 2429these are the flags to pass to the 2430.Xr nfsuserd 8 2431daemon. 2432.It Va nfscbd_enable 2433.Pq Vt bool 2434If 2435.Va nfscbd_enable 2436is set to 2437.Dq Li YES , 2438run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2439.It Va nfscbd_flags 2440.Pq Vt str 2441If 2442.Va nfscbd_enable 2443is set to 2444.Dq Li YES , 2445these are the flags to pass to the 2446.Xr nfscbd 8 2447daemon. 2448.It Va mountd_enable 2449.Pq Vt bool 2450If set to 2451.Dq Li YES , 2452and no 2453.Va nfs_server_enable 2454is set, start 2455.Xr mountd 8 , 2456but not 2457.Xr nfsd 8 2458daemon. 2459It is commonly needed to run CFS without real NFS used. 2460.It Va mountd_flags 2461.Pq Vt str 2462If 2463.Va mountd_enable 2464is set to 2465.Dq Li YES , 2466these are the flags to pass to the 2467.Xr mountd 8 2468daemon. 2469.It Va weak_mountd_authentication 2470.Pq Vt bool 2471If set to 2472.Dq Li YES , 2473allow services like PCNFSD to make non-privileged mount 2474requests. 2475.It Va nfs_reserved_port_only 2476.Pq Vt bool 2477If set to 2478.Dq Li YES , 2479provide NFS services only on a secure port. 2480.It Va nfs_bufpackets 2481.Pq Vt int 2482If set to a number, indicates the number of packets worth of 2483socket buffer space to reserve on an NFS client. 2484The kernel default is typically 4. 2485Using a higher number may be 2486useful on gigabit networks to improve performance. 2487The minimum value is 24882 and the maximum is 64. 2489.It Va rpc_lockd_enable 2490.Pq Vt bool 2491If set to 2492.Dq Li YES 2493and also an NFS server or client, run 2494.Xr rpc.lockd 8 2495at boot time. 2496.It Va rpc_lockd_flags 2497.Pq Vt str 2498If 2499.Va rpc_lockd_enable 2500is set to 2501.Dq Li YES , 2502these are the flags to pass to the 2503.Xr rpc.lockd 8 2504daemon. 2505.It Va rpc_statd_enable 2506.Pq Vt bool 2507If set to 2508.Dq Li YES 2509and also an NFS server or client, run 2510.Xr rpc.statd 8 2511at boot time. 2512.It Va rpc_statd_flags 2513.Pq Vt str 2514If 2515.Va rpc_statd_enable 2516is set to 2517.Dq Li YES , 2518these are the flags to pass to the 2519.Xr rpc.statd 8 2520daemon. 2521.It Va rpcbind_program 2522.Pq Vt str 2523Path to 2524.Xr rpcbind 8 2525(default 2526.Pa /usr/sbin/rpcbind ) . 2527.It Va rpcbind_enable 2528.Pq Vt bool 2529If set to 2530.Dq Li YES , 2531run the 2532.Xr rpcbind 8 2533service at boot time. 2534.It Va rpcbind_flags 2535.Pq Vt str 2536If 2537.Va rpcbind_enable 2538is set to 2539.Dq Li YES , 2540these are the flags to pass to the 2541.Xr rpcbind 8 2542daemon. 2543.It Va keyserv_enable 2544.Pq Vt bool 2545If set to 2546.Dq Li YES , 2547run the 2548.Xr keyserv 8 2549daemon on boot for running Secure RPC. 2550.It Va keyserv_flags 2551.Pq Vt str 2552If 2553.Va keyserv_enable 2554is set to 2555.Dq Li YES , 2556these are the flags to pass to 2557.Xr keyserv 8 2558daemon. 2559.It Va pppoed_enable 2560.Pq Vt bool 2561If set to 2562.Dq Li YES , 2563run the 2564.Xr pppoed 8 2565daemon at boot time to provide PPP over Ethernet services. 2566.It Va pppoed_ Ns Aq Ar provider 2567.Pq Vt str 2568.Xr pppoed 8 2569listens to requests to this 2570.Ar provider 2571and ultimately runs 2572.Xr ppp 8 2573with a 2574.Ar system 2575argument of the same name. 2576.It Va pppoed_flags 2577.Pq Vt str 2578Additional flags to pass to 2579.Xr pppoed 8 . 2580.It Va pppoed_interface 2581.Pq Vt str 2582The network interface to run 2583.Xr pppoed 8 2584on. 2585This is mandatory when 2586.Va pppoed_enable 2587is set to 2588.Dq Li YES . 2589.It Va timed_enable 2590.Pq Vt bool 2591If set to 2592.Dq Li YES , 2593run the 2594.Xr timed 8 2595service at boot time. 2596This command is intended for networks of 2597machines where a consistent 2598.Dq "network time" 2599for all hosts must be established. 2600This is often useful in large NFS 2601environments where time stamps on files are expected to be consistent 2602network-wide. 2603.It Va timed_flags 2604.Pq Vt str 2605If 2606.Va timed_enable 2607is set to 2608.Dq Li YES , 2609these are the flags to pass to the 2610.Xr timed 8 2611service. 2612.It Va ntpdate_enable 2613.Pq Vt bool 2614If set to 2615.Dq Li YES , 2616run 2617.Xr ntpdate 8 2618at system startup. 2619This command is intended to 2620synchronize the system clock only 2621.Em once 2622from some standard reference. 2623.Pp 2624Note that the use of the 2625.Va ntpd_sync_on_start 2626variable is a preferred alternative to the 2627.Xr ntpdate 8 2628utility as 2629.Xr ntpdate 8 2630is to be retired from the NTP distribution. 2631.It Va ntpdate_config 2632.Pq Vt str 2633Configuration file for 2634.Xr ntpdate 8 . 2635Default 2636.Pa /etc/ntp.conf . 2637.It Va ntpdate_hosts 2638.Pq Vt str 2639A whitespace-separated list of NTP servers to synchronize with at startup. 2640The default is to use the servers listed in 2641.Va ntpdate_config , 2642if that file exists. 2643.It Va ntpdate_program 2644.Pq Vt str 2645Path to 2646.Xr ntpdate 8 2647(default 2648.Pa /usr/sbin/ntpdate ) . 2649.It Va ntpdate_flags 2650.Pq Vt str 2651If 2652.Va ntpdate_enable 2653is set to 2654.Dq Li YES , 2655these are the flags to pass to the 2656.Xr ntpdate 8 2657command (typically a hostname). 2658.It Va ntpd_enable 2659.Pq Vt bool 2660If set to 2661.Dq Li YES , 2662run the 2663.Xr ntpd 8 2664command at boot time. 2665.It Va ntpd_program 2666.Pq Vt str 2667Path to 2668.Xr ntpd 8 2669(default 2670.Pa /usr/sbin/ntpd ) . 2671.It Va ntpd_config 2672.Pq Vt str 2673Path to 2674.Xr ntpd 8 2675configuration file. 2676Default 2677.Pa /etc/ntp.conf . 2678.It Va ntpd_flags 2679.Pq Vt str 2680If 2681.Va ntpd_enable 2682is set to 2683.Dq Li YES , 2684these are the flags to pass to the 2685.Xr ntpd 8 2686daemon. 2687.It Va ntpd_sync_on_start 2688.Pq Vt bool 2689If set to 2690.Dq Li YES , 2691.Xr ntpd 8 2692is run with the 2693.Fl g 2694flag, which syncs the system's clock on startup. 2695See 2696.Xr ntpd 8 2697for more information regarding the 2698.Fl g 2699option. 2700This is a preferred alternative to using 2701.Xr ntpdate 8 2702or specifying the 2703.Va ntpdate_enable 2704variable. 2705.It Va nis_client_enable 2706.Pq Vt bool 2707If set to 2708.Dq Li YES , 2709run the 2710.Xr ypbind 8 2711service at system boot time. 2712.It Va nis_client_flags 2713.Pq Vt str 2714If 2715.Va nis_client_enable 2716is set to 2717.Dq Li YES , 2718these are the flags to pass to the 2719.Xr ypbind 8 2720service. 2721.It Va nis_ypldap_enable 2722.Pq Vt bool 2723If set to 2724.Dq Li YES , 2725run the 2726.Xr ypldap 8 2727daemon at system boot time. 2728.It Va nis_ypldap_flags 2729.Pq Vt str 2730If 2731.Va nis.ypldap_enable 2732is set to 2733.Dq Li YES , 2734these are the flags to pass to the 2735.Xr ypldap 8 2736daemon. 2737.It Va nis_ypset_enable 2738.Pq Vt bool 2739If set to 2740.Dq Li YES , 2741run the 2742.Xr ypset 8 2743daemon at system boot time. 2744.It Va nis_ypset_flags 2745.Pq Vt str 2746If 2747.Va nis_ypset_enable 2748is set to 2749.Dq Li YES , 2750these are the flags to pass to the 2751.Xr ypset 8 2752daemon. 2753.It Va nis_server_enable 2754.Pq Vt bool 2755If set to 2756.Dq Li YES , 2757run the 2758.Xr ypserv 8 2759daemon at system boot time. 2760.It Va nis_server_flags 2761.Pq Vt str 2762If 2763.Va nis_server_enable 2764is set to 2765.Dq Li YES , 2766these are the flags to pass to the 2767.Xr ypserv 8 2768daemon. 2769.It Va nis_ypxfrd_enable 2770.Pq Vt bool 2771If set to 2772.Dq Li YES , 2773run the 2774.Xr rpc.ypxfrd 8 2775daemon at system boot time. 2776.It Va nis_ypxfrd_flags 2777.Pq Vt str 2778If 2779.Va nis_ypxfrd_enable 2780is set to 2781.Dq Li YES , 2782these are the flags to pass to the 2783.Xr rpc.ypxfrd 8 2784daemon. 2785.It Va nis_yppasswdd_enable 2786.Pq Vt bool 2787If set to 2788.Dq Li YES , 2789run the 2790.Xr rpc.yppasswdd 8 2791daemon at system boot time. 2792.It Va nis_yppasswdd_flags 2793.Pq Vt str 2794If 2795.Va nis_yppasswdd_enable 2796is set to 2797.Dq Li YES , 2798these are the flags to pass to the 2799.Xr rpc.yppasswdd 8 2800daemon. 2801.It Va rpc_ypupdated_enable 2802.Pq Vt bool 2803If set to 2804.Dq Li YES , 2805run the 2806.Nm rpc.ypupdated 2807daemon at system boot time. 2808.It Va bsnmpd_enable 2809.Pq Vt bool 2810If set to 2811.Dq Li YES , 2812run the 2813.Xr bsnmpd 1 2814daemon at system boot time. 2815Be sure to understand the security implications of running SNMP daemon 2816on your host. 2817.It Va bsnmpd_flags 2818.Pq Vt str 2819If 2820.Va bsnmpd_enable 2821is set to 2822.Dq Li YES , 2823these are the flags to pass to the 2824.Xr bsnmpd 1 2825daemon. 2826.It Va defaultrouter 2827.Pq Vt str 2828If not set to 2829.Dq Li NO , 2830create a default route to this host name or IP address 2831(use an IP address if this router is also required to get to the 2832name server!). 2833.It Va ipv6_defaultrouter 2834.Pq Vt str 2835The IPv6 equivalent of 2836.Va defaultrouter . 2837.It Va static_arp_pairs 2838.Pq Vt str 2839Set to the list of static ARP pairs that are to be added at system 2840boot time. 2841For each whitespace separated 2842.Ar element 2843in the value, a 2844.Va static_arp_ Ns Aq Ar element 2845variable is assumed to exist whose contents will later be passed to a 2846.Dq Nm arp Cm -S 2847operation. 2848For example 2849.Bd -literal 2850static_arp_pairs="gw" 2851static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2852.Ed 2853.It Va static_ndp_pairs 2854.Pq Vt str 2855Set to the list of static NDP pairs that are to be added at system 2856boot time. 2857For each whitespace separated 2858.Ar element 2859in the value, a 2860.Va static_ndp_ Ns Aq Ar element 2861variable is assumed to exist whose contents will later be passed to a 2862.Dq Nm ndp Cm -s 2863operation. 2864For example 2865.Bd -literal 2866static_ndp_pairs="gw" 2867static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2868.Ed 2869.It Va static_routes 2870.Pq Vt str 2871Set to the list of static routes that are to be added at system 2872boot time. 2873If not set to 2874.Dq Li NO 2875then for each whitespace separated 2876.Ar element 2877in the value, a 2878.Va route_ Ns Aq Ar element 2879variable is assumed to exist 2880whose contents will later be passed to a 2881.Dq Nm route Cm add 2882operation. 2883For example: 2884.Bd -literal 2885static_routes="ext mcast:gif0 gif0local:gif0" 2886route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2887route_mcast="-net 224.0.0.0/4 -iface gif0" 2888route_gif0local="-host 169.254.1.1 -iface lo0" 2889.Ed 2890.Pp 2891When an 2892.Ar element 2893is in the form of 2894.Li name:ifname , 2895the route is specific to the interface 2896.Li ifname . 2897.It Va ipv6_static_routes 2898.Pq Vt str 2899The IPv6 equivalent of 2900.Va static_routes . 2901If not set to 2902.Dq Li NO 2903then for each whitespace separated 2904.Ar element 2905in the value, a 2906.Va ipv6_route_ Ns Aq Ar element 2907variable is assumed to exist 2908whose contents will later be passed to a 2909.Dq Nm route Cm add Fl inet6 2910operation. 2911.It Va gateway_enable 2912.Pq Vt bool 2913If set to 2914.Dq Li YES , 2915configure host to act as an IP router, e.g.\& to forward packets 2916between interfaces. 2917.It Va ipv6_gateway_enable 2918.Pq Vt bool 2919The IPv6 equivalent of 2920.Va gateway_enable . 2921.It Va routed_enable 2922.Pq Vt bool 2923If set to 2924.Dq Li YES , 2925run a routing daemon of some sort, based on the 2926settings of 2927.Va routed_program 2928and 2929.Va routed_flags . 2930.It Va route6d_enable 2931.Pq Vt bool 2932The IPv6 equivalent of 2933.Va routed_enable . 2934If set to 2935.Dq Li YES , 2936run a routing daemon of some sort, based on the 2937settings of 2938.Va route6d_program 2939and 2940.Va route6d_flags . 2941.It Va routed_program 2942.Pq Vt str 2943If 2944.Va routed_enable 2945is set to 2946.Dq Li YES , 2947this is the name of the routing daemon to use. 2948.It Va route6d_program 2949.Pq Vt str 2950The IPv6 equivalent of 2951.Va routed_program . 2952.It Va routed_flags 2953.Pq Vt str 2954If 2955.Va routed_enable 2956is set to 2957.Dq Li YES , 2958these are the flags to pass to the routing daemon. 2959.It Va route6d_flags 2960.Pq Vt str 2961The IPv6 equivalent of 2962.Va routed_flags . 2963.It Va rtadvd_enable 2964.Pq Vt bool 2965If set to 2966.Dq Li YES , 2967run the 2968.Xr rtadvd 8 2969daemon at boot time. 2970The 2971.Xr rtadvd 8 2972utility sends ICMPv6 Router Advertisement messages to 2973the interfaces specified in 2974.Va rtadvd_interfaces . 2975This should only be enabled with great care. 2976You may want to fine-tune 2977.Xr rtadvd.conf 5 . 2978.It Va rtadvd_interfaces 2979.Pq Vt str 2980If 2981.Va rtadvd_enable 2982is set to 2983.Dq Li YES 2984this is the list of interfaces to use. 2985.It Va arpproxy_all 2986.Pq Vt bool 2987If set to 2988.Dq Li YES , 2989enable global proxy ARP. 2990.It Va forward_sourceroute 2991.Pq Vt bool 2992If set to 2993.Dq Li YES 2994and 2995.Va gateway_enable 2996is also set to 2997.Dq Li YES , 2998source-routed packets are forwarded. 2999.It Va accept_sourceroute 3000.Pq Vt bool 3001If set to 3002.Dq Li YES , 3003the system will accept source-routed packets directed at it. 3004.It Va rarpd_enable 3005.Pq Vt bool 3006If set to 3007.Dq Li YES , 3008run the 3009.Xr rarpd 8 3010daemon at system boot time. 3011.It Va rarpd_flags 3012.Pq Vt str 3013If 3014.Va rarpd_enable 3015is set to 3016.Dq Li YES , 3017these are the flags to pass to the 3018.Xr rarpd 8 3019daemon. 3020.It Va bootparamd_enable 3021.Pq Vt bool 3022If set to 3023.Dq Li YES , 3024run the 3025.Xr bootparamd 8 3026daemon at system boot time. 3027.It Va bootparamd_flags 3028.Pq Vt str 3029If 3030.Va bootparamd_enable 3031is set to 3032.Dq Li YES , 3033these are the flags to pass to the 3034.Xr bootparamd 8 3035daemon. 3036.It Va stf_interface_ipv4addr 3037.Pq Vt str 3038If not set to 3039.Dq Li NO , 3040this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3041interface). 3042Specify this entry to enable the 6to4 interface. 3043.It Va stf_interface_ipv4plen 3044.Pq Vt int 3045Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3046An effective value is 0-31. 3047.It Va stf_interface_ipv6_ifid 3048.Pq Vt str 3049IPv6 interface ID for 3050.Xr stf 4 . 3051This can be set to 3052.Dq Li AUTO . 3053.It Va stf_interface_ipv6_slaid 3054.Pq Vt str 3055IPv6 Site Level Aggregator for 3056.Xr stf 4 . 3057.It Va ipv6_ipv4mapping 3058.Pq Vt bool 3059If set to 3060.Dq Li YES 3061this enables IPv4 mapped IPv6 address communication (like 3062.Li ::ffff:a.b.c.d ) . 3063.It Va rtsold_enable 3064.Pq Vt bool 3065Set to 3066.Dq Li YES 3067to enable the 3068.Xr rtsold 8 3069daemon to send ICMPv6 Router Solicitation messages. 3070.It Va rtsold_flags 3071.Pq Vt str 3072If 3073.Va rtsold_enable 3074is set to 3075.Dq Li YES , 3076these are the flags to pass to 3077.Xr rtsold 8 . 3078.It Va rtsol_flags 3079.Pq Vt str 3080For interfaces configured with the 3081.Dq Li inet6 accept_rtadv 3082keyword, these are the flags to pass to 3083.Xr rtsol 8 . 3084.Pp 3085Note that 3086.Va rtsold_enable 3087is mutually exclusive to 3088.Va rtsol_flags ; 3089.Va rtsold_enable 3090takes precedence. 3091.It Va keybell 3092.Pq Vt str 3093The keyboard bell sound. 3094Set to 3095.Dq Li normal , 3096.Dq Li visual , 3097.Dq Li off , 3098or 3099.Dq Li NO 3100if the default behavior is desired. 3101For details, refer to the 3102.Xr kbdcontrol 1 3103manpage. 3104.It Va keyboard 3105.Pq Vt str 3106If set to a non-null string, the virtual console's keyboard input is 3107set to this device. 3108.It Va keymap 3109.Pq Vt str 3110If set to 3111.Dq Li NO , 3112no keymap is installed, otherwise the value is used to install 3113the keymap file found in 3114.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3115(if using 3116.Xr syscons 4 ) or 3117.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3118(if using 3119.Xr vt 4 ) . 3120.It Va keyrate 3121.Pq Vt str 3122The keyboard repeat speed. 3123Set to 3124.Dq Li slow , 3125.Dq Li normal , 3126.Dq Li fast , 3127or 3128.Dq Li NO 3129if the default behavior is desired. 3130.It Va keychange 3131.Pq Vt str 3132If not set to 3133.Dq Li NO , 3134attempt to program the function keys with the value. 3135The value should 3136be a single string of the form: 3137.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3138.It Va cursor 3139.Pq Vt str 3140Can be set to the value of 3141.Dq Li normal , 3142.Dq Li blink , 3143.Dq Li destructive , 3144or 3145.Dq Li NO 3146to set the cursor behavior explicitly or choose the default behavior. 3147.It Va scrnmap 3148.Pq Vt str 3149If set to 3150.Dq Li NO , 3151no screen map is installed, otherwise the value is used to install 3152the screen map file in 3153.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3154This parameter is ignored when using 3155.Xr vt 4 3156as the console driver. 3157.It Va font8x16 3158.Pq Vt str 3159If set to 3160.Dq Li NO , 3161the default 8x16 font value is used for screen size requests, otherwise 3162the value in 3163.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3164or 3165.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3166is used (depending on the console driver being used). 3167.It Va font8x14 3168.Pq Vt str 3169If set to 3170.Dq Li NO , 3171the default 8x14 font value is used for screen size requests, otherwise 3172the value in 3173.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3174or 3175.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3176is used (depending on the console driver being used). 3177.It Va font8x8 3178.Pq Vt str 3179If set to 3180.Dq Li NO , 3181the default 8x8 font value is used for screen size requests, otherwise 3182the value in 3183.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3184or 3185.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3186is used (depending on the console driver being used). 3187.It Va blanktime 3188.Pq Vt int 3189If set to 3190.Dq Li NO , 3191the default screen blanking interval is used, otherwise it is set 3192to 3193.Ar value 3194seconds. 3195.It Va saver 3196.Pq Vt str 3197If not set to 3198.Dq Li NO , 3199this is the actual screen saver to use 3200.Li ( blank , snake , daemon , 3201etc). 3202.It Va moused_nondefault_enable 3203.Pq Vt str 3204If set to 3205.Dq Li NO , 3206the mouse device specified on 3207the command line is not automatically treated as enabled by the 3208.Pa /etc/rc.d/moused 3209script. 3210Having this variable set to 3211.Dq Li YES 3212allows a 3213.Xr usb 4 3214mouse, 3215for example, 3216to be enabled as soon as it is plugged in. 3217.It Va moused_enable 3218.Pq Vt str 3219If set to 3220.Dq Li YES , 3221the 3222.Xr moused 8 3223daemon is started for doing cut/paste selection on the console. 3224.It Va moused_type 3225.Pq Vt str 3226This is the protocol type of the mouse connected to this host. 3227This variable must be set if 3228.Va moused_enable 3229is set to 3230.Dq Li YES . 3231The 3232.Xr moused 8 3233daemon 3234is able to detect the appropriate mouse type automatically in many cases. 3235Set this variable to 3236.Dq Li auto 3237to let the daemon detect it, or 3238select one from the following list if the automatic detection fails. 3239.Pp 3240If the mouse is attached to the PS/2 mouse port, choose 3241.Dq Li auto 3242or 3243.Dq Li ps/2 , 3244regardless of the brand and model of the mouse. 3245Likewise, if the 3246mouse is attached to the bus mouse port, choose 3247.Dq Li auto 3248or 3249.Dq Li busmouse . 3250All other protocols are for serial mice and will not work with 3251the PS/2 and bus mice. 3252If this is a USB mouse, 3253.Dq Li auto 3254is the only protocol type which will work. 3255.Pp 3256.Bl -tag -width ".Li x10mouseremote" -compact 3257.It Li microsoft 3258Microsoft mouse (serial) 3259.It Li intellimouse 3260Microsoft IntelliMouse (serial) 3261.It Li mousesystems 3262Mouse systems Corp.\& mouse (serial) 3263.It Li mmseries 3264MM Series mouse (serial) 3265.It Li logitech 3266Logitech mouse (serial) 3267.It Li busmouse 3268A bus mouse 3269.It Li mouseman 3270Logitech MouseMan and TrackMan (serial) 3271.It Li glidepoint 3272ALPS GlidePoint (serial) 3273.It Li thinkingmouse 3274Kensington ThinkingMouse (serial) 3275.It Li ps/2 3276PS/2 mouse 3277.It Li mmhittab 3278MM HitTablet (serial) 3279.It Li x10mouseremote 3280X10 MouseRemote (serial) 3281.It Li versapad 3282Interlink VersaPad (serial) 3283.El 3284.Pp 3285Even if the mouse is not in the above list, it may be compatible 3286with one in the list. 3287Refer to the manual page for 3288.Xr moused 8 3289for compatibility information. 3290.Pp 3291It should also be noted that while this is enabled, any 3292other client of the mouse (such as an X server) should access 3293the mouse through the virtual mouse device, 3294.Pa /dev/sysmouse , 3295and configure it as a 3296.Dq Li sysmouse 3297type mouse, since all 3298mouse data is converted to this single canonical format when 3299using 3300.Xr moused 8 . 3301If the client program does not support the 3302.Dq Li sysmouse 3303type, 3304specify the 3305.Dq Li mousesystems 3306type. 3307It is the second preferred type. 3308.It Va moused_port 3309.Pq Vt str 3310If 3311.Va moused_enable 3312is set to 3313.Dq Li YES , 3314this is the actual port the mouse is on. 3315It might be 3316.Pa /dev/cuau0 3317for a COM1 serial mouse, or 3318.Pa /dev/psm0 3319for a PS/2 mouse, for example. 3320.It Va moused_flags 3321.Pq Vt str 3322If 3323.Va moused_flags 3324is set, its value is used as an additional set of flags to pass to the 3325.Xr moused 8 3326daemon. 3327.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3328When 3329.Va moused_nondefault_enable 3330is enabled, and a 3331.Xr moused 8 3332daemon is started for a non-default port, the 3333.Va "moused_" Ns Ar XXX Ns Va "_flags" 3334set of options has precedence over and replaces the default 3335.Va moused_flags 3336(where 3337.Ar XXX 3338is the name of the non-default port, i.e.,\& 3339.Ar ums0 ) . 3340By setting 3341.Va "moused_" Ns Ar XXX Ns Va "_flags" 3342it is possible to set up a different set of default flags for each 3343.Xr moused 8 3344instance. 3345For example, you can use 3346.Dq Li "-3" 3347for the default 3348.Va moused_flags 3349to make your laptop's touchpad more comfortable to use, 3350but an empty set of options for 3351.Va moused_ums0_flags 3352when your 3353.Xr usb 4 3354mouse has three or more buttons. 3355.It Va mousechar_start 3356.Pq Vt int 3357If set to 3358.Dq Li NO , 3359the default mouse cursor character range 3360.Li 0xd0 Ns - Ns Li 0xd3 3361is used, 3362otherwise the range start is set 3363to 3364.Ar value 3365character, see 3366.Xr vidcontrol 1 . 3367Use if the default range is occupied in the language code table. 3368.It Va allscreens_flags 3369.Pq Vt str 3370If set, 3371.Xr vidcontrol 1 3372is run with these options for each of the virtual terminals 3373.Pq Pa /dev/ttyv* . 3374For example, 3375.Dq Fl m Cm on 3376will enable the mouse pointer on all virtual terminals 3377if 3378.Va moused_enable 3379is set to 3380.Dq Li YES . 3381.It Va allscreens_kbdflags 3382.Pq Vt str 3383If set, 3384.Xr kbdcontrol 1 3385is run with these options for each of the virtual terminals 3386.Pq Pa /dev/ttyv* . 3387For example, 3388.Dq Fl h Li 200 3389will set the 3390.Xr syscons 4 3391or 3392.Xr vt 4 3393scrollback (history) buffer to 200 lines. 3394.It Va cron_enable 3395.Pq Vt bool 3396If set to 3397.Dq Li YES , 3398run the 3399.Xr cron 8 3400daemon at system boot time. 3401.It Va cron_program 3402.Pq Vt str 3403Path to 3404.Xr cron 8 3405(default 3406.Pa /usr/sbin/cron ) . 3407.It Va cron_flags 3408.Pq Vt str 3409If 3410.Va cron_enable 3411is set to 3412.Dq Li YES , 3413these are the flags to pass to 3414.Xr cron 8 . 3415.It Va cron_dst 3416.Pq Vt bool 3417If set to 3418.Dq Li YES , 3419enable the special handling of transitions to and from the 3420Daylight Saving Time in 3421.Xr cron 8 3422(equivalent to using the flag 3423.Fl s ) . 3424.It Va lpd_program 3425.Pq Vt str 3426Path to 3427.Xr lpd 8 3428(default 3429.Pa /usr/sbin/lpd ) . 3430.It Va lpd_enable 3431.Pq Vt bool 3432If set to 3433.Dq Li YES , 3434run the 3435.Xr lpd 8 3436daemon at system boot time. 3437.It Va lpd_flags 3438.Pq Vt str 3439If 3440.Va lpd_enable 3441is set to 3442.Dq Li YES , 3443these are the flags to pass to the 3444.Xr lpd 8 3445daemon. 3446.It Va chkprintcap_enable 3447.Pq Vt bool 3448If set to 3449.Dq Li YES , 3450run the 3451.Xr chkprintcap 8 3452command before starting the 3453.Xr lpd 8 3454daemon. 3455.It Va chkprintcap_flags 3456.Pq Vt str 3457If 3458.Va lpd_enable 3459and 3460.Va chkprintcap_enable 3461are set to 3462.Dq Li YES , 3463these are the flags to pass to the 3464.Xr chkprintcap 8 3465program. 3466The default is 3467.Dq Li -d , 3468which causes missing directories to be created. 3469.It Va mta_start_script 3470.Pq Vt str 3471This variable specifies the full path to the script to run to start 3472a mail transfer agent. 3473The default is 3474.Pa /etc/rc.sendmail . 3475The 3476.Va sendmail_* 3477variables which 3478.Pa /etc/rc.sendmail 3479uses are documented in the 3480.Xr rc.sendmail 8 3481manual page. 3482.It Va dumpdev 3483.Pq Vt str 3484Indicates the device (usually a swap partition) to which a crash dump 3485should be written in the event of a system crash. 3486If the value of this variable is 3487.Dq Li AUTO , 3488the first suitable swap device listed in 3489.Pa /etc/fstab 3490will be used as dump device. 3491Otherwise, the value of this variable is passed as the argument to 3492.Xr dumpon 8 3493and 3494.Xr savecore 8 . 3495To disable crash dumps, set this variable to 3496.Dq Li NO . 3497.It Va dumpon_flags 3498.Pq Vt str 3499Flags to pass to 3500.Xr dumpon 8 3501when configuring 3502.Va dumpdev 3503as the system dump device. 3504.It Va dumpdir 3505.Pq Vt str 3506When the system reboots after a crash and a crash dump is found on the 3507device specified by the 3508.Va dumpdev 3509variable, 3510.Xr savecore 8 3511will save that crash dump and a copy of the kernel to the directory 3512specified by the 3513.Va dumpdir 3514variable. 3515The default value is 3516.Pa /var/crash . 3517Set to 3518.Dq Li NO 3519to not run 3520.Xr savecore 8 3521at boot time when 3522.Va dumpdir 3523is set. 3524.It Va savecore_enable 3525.Pq Vt bool 3526If set to 3527.Dq Li NO , 3528disable automatic extraction of the crash dump from the 3529.Va dumpdev . 3530.It Va savecore_flags 3531.Pq Vt str 3532If crash dumps are enabled, these are the flags to pass to the 3533.Xr savecore 8 3534utility. 3535.It Va quota_enable 3536.Pq Vt bool 3537Set to 3538.Dq Li YES 3539to turn on user and group disk quotas on system startup via the 3540.Xr quotaon 8 3541command for all file systems marked as having quotas enabled in 3542.Pa /etc/fstab . 3543The kernel must be built with 3544.Cd "options QUOTA" 3545for disk quotas to function. 3546.It Va check_quotas 3547.Pq Vt bool 3548Set to 3549.Dq Li YES 3550to enable user and group disk quota checking via the 3551.Xr quotacheck 8 3552command. 3553.It Va quotacheck_flags 3554.Pq Vt str 3555If 3556.Va quota_enable 3557is set to 3558.Dq Li YES , 3559and 3560.Va check_quotas 3561is set to 3562.Dq Li YES , 3563these are the flags to pass to the 3564.Xr quotacheck 8 3565utility. 3566The default is 3567.Dq Li "-a" , 3568which checks quotas for all file systems with quotas enabled in 3569.Pa /etc/fstab . 3570.It Va quotaon_flags 3571.Pq Vt str 3572If 3573.Va quota_enable 3574is set to 3575.Dq Li YES , 3576these are the flags to pass to the 3577.Xr quotaon 8 3578utility. 3579The default is 3580.Dq Li "-a" , 3581which enables quotas for all file systems with quotas enabled in 3582.Pa /etc/fstab . 3583.It Va quotaoff_flags 3584.Pq Vt str 3585If 3586.Va quota_enable 3587is set to 3588.Dq Li YES , 3589these are the flags to pass to the 3590.Xr quotaoff 8 3591utility when shutting down the quota system. 3592The default is 3593.Dq Li "-a" , 3594which disables quotas for all file systems with quotas enabled in 3595.Pa /etc/fstab . 3596.It Va accounting_enable 3597.Pq Vt bool 3598Set to 3599.Dq Li YES 3600to enable system accounting through the 3601.Xr accton 8 3602facility. 3603.It Va firstboot_sentinel 3604.Pq Vt str 3605This variable specifies the full path to a 3606.Dq first boot 3607sentinel file. 3608If a file exists with this path, 3609.Pa rc.d 3610scripts with the 3611.Dq firstboot 3612keyword will be run on startup and the sentinel file will be deleted 3613after the boot process completes. 3614The sentinel file must be located on a writable file system which is 3615mounted no later than 3616.Va early_late_divider 3617to function properly. 3618The default is 3619.Pa /firstboot . 3620.It Va linux_enable 3621.Pq Vt bool 3622Set to 3623.Dq Li YES 3624to enable Linux/ELF binary emulation at system initial 3625boot time. 3626.It Va sysvipc_enable 3627.Pq Vt bool 3628If set to 3629.Dq Li YES , 3630load System V IPC primitives at boot time. 3631.It Va clear_tmp_enable 3632.Pq Vt bool 3633Set to 3634.Dq Li YES 3635to have 3636.Pa /tmp 3637cleaned at startup. 3638.It Va clear_tmp_X 3639.Pq Vt bool 3640Set to 3641.Dq Li NO 3642to disable removing of X11 lock files, 3643and the removal and (secure) recreation 3644of the various socket directories for X11 3645related programs. 3646.It Va ldconfig_paths 3647.Pq Vt str 3648Set to the list of shared library paths to use with 3649.Xr ldconfig 8 . 3650NOTE: 3651.Pa /lib 3652and 3653.Pa /usr/lib 3654will always be added first, so they need not appear in this list. 3655.It Va ldconfig32_paths 3656.Pq Vt str 3657Set to the list of 32-bit compatibility shared library paths to 3658use with 3659.Xr ldconfig 8 . 3660.It Va ldconfig_insecure 3661.Pq Vt bool 3662The 3663.Xr ldconfig 8 3664utility normally refuses to use directories 3665which are writable by anyone except root. 3666Set this variable to 3667.Dq Li YES 3668to disable that security check during system startup. 3669.It Va ldconfig_local_dirs 3670.Pq Vt str 3671Set to the list of local 3672.Xr ldconfig 8 3673directories. 3674The names of all files in the directories listed will be 3675passed as arguments to 3676.Xr ldconfig 8 . 3677.It Va ldconfig_local32_dirs 3678.Pq Vt str 3679Set to the list of local 32-bit compatibility 3680.Xr ldconfig 8 3681directories. 3682The names of all files in the directories listed will be 3683passed as arguments to 3684.Dq Nm ldconfig Fl 32 . 3685.It Va kern_securelevel_enable 3686.Pq Vt bool 3687Set to 3688.Dq Li YES 3689to set the kernel security level at system startup. 3690.It Va kern_securelevel 3691.Pq Vt int 3692The kernel security level to set at startup. 3693The allowed range of 3694.Ar value 3695ranges from \-1 (the compile time default) to 3 (the 3696most secure). 3697See 3698.Xr security 7 3699for the list of possible security levels and their effect 3700on system operation. 3701.It Va sshd_program 3702.Pq Vt str 3703Path to the SSH server program 3704.Pa ( /usr/sbin/sshd 3705is the default). 3706.It Va sshd_enable 3707.Pq Vt bool 3708Set to 3709.Dq Li YES 3710to start 3711.Xr sshd 8 3712at system boot time. 3713.It Va sshd_flags 3714.Pq Vt str 3715If 3716.Va sshd_enable 3717is set to 3718.Dq Li YES , 3719these are the flags to pass to the 3720.Xr sshd 8 3721daemon. 3722.It Va ftpd_program 3723.Pq Vt str 3724Path to the FTP server program 3725.Pa ( /usr/libexec/ftpd 3726is the default). 3727.It Va ftpd_enable 3728.Pq Vt bool 3729Set to 3730.Dq Li YES 3731to start 3732.Xr ftpd 8 3733as a stand-alone daemon at system boot time. 3734.It Va ftpd_flags 3735.Pq Vt str 3736If 3737.Va ftpd_enable 3738is set to 3739.Dq Li YES , 3740these are the additional flags to pass to the 3741.Xr ftpd 8 3742daemon. 3743.It Va watchdogd_enable 3744.Pq Vt bool 3745If set to 3746.Dq Li YES , 3747start the 3748.Xr watchdogd 8 3749daemon at boot time. 3750This requires that the kernel have been compiled with a 3751.Xr watchdog 4 3752compatible device. 3753.It Va watchdogd_flags 3754.Pq Vt str 3755If 3756.Va watchdogd_enable 3757is set to 3758.Dq Li YES , 3759these are the flags passed to the 3760.Xr watchdogd 8 3761daemon. 3762.It Va watchdogd_timeout 3763.Pq Vt int 3764If 3765.Va watchdogd_enable 3766is set to 3767.Dq Li YES , 3768this is a timeout that will be used by the 3769.Xr watchdogd 8 3770daemon. 3771If this option is set, it overrides 3772.Fl t 3773in 3774.Va watchdogd_flags . 3775.It Va watchdogd_shutdown_timeout 3776.Pq Vt int 3777If 3778.Va watchdogd_enable 3779is set to 3780.Dq Li YES , 3781this is a timeout that will be set by the 3782.Xr watchdogd 8 3783daemon when it exits during the system shutdown. 3784This timeout will not be set when returning to the single-user mode 3785or when the watchdogd service is stopped individually using the 3786.Xr service 8 3787command or the rc.d script. 3788Note that the timeout will be applied if 3789.Xr watchdogd 8 3790is stopped outside of 3791.Xr rc 8 3792framework. 3793If this option is set, it overrides 3794.Fl x 3795in 3796.Va watchdogd_flags . 3797.It Va devfs_rulesets 3798.Pq Vt str 3799List of files containing sets of rules for 3800.Xr devfs 8 . 3801.It Va devfs_system_ruleset 3802.Pq Vt str 3803Rule name(s) to apply to the system 3804.Pa /dev 3805itself. 3806.It Va devfs_set_rulesets 3807.Pq Vt str 3808Pairs of already-mounted 3809.Pa dev 3810directories and rulesets that should be applied to them. 3811For example: /mount/dev=ruleset_name 3812.It Va devfs_load_rulesets 3813.Pq Vt bool 3814If set, always load the default rulesets listed in 3815.Va devfs_rulesets . 3816.It Va performance_cx_lowest 3817.Pq Vt str 3818CPU idle state to use while on AC power. 3819The string 3820.Dq Li LOW 3821indicates that 3822.Xr acpi 4 3823should use the lowest power state available while 3824.Dq Li HIGH 3825indicates that the lowest latency state (less power savings) should be used. 3826.It Va performance_cpu_freq 3827.Pq Vt str 3828CPU clock frequency to use while on AC power. 3829The string 3830.Dq Li LOW 3831indicates that 3832.Xr cpufreq 4 3833should use the lowest frequency available while 3834.Dq Li HIGH 3835indicates that the highest frequency (less power savings) should be used. 3836.It Va economy_cx_lowest 3837.Pq Vt str 3838CPU idle state to use when off AC power. 3839The string 3840.Dq Li LOW 3841indicates that 3842.Xr acpi 4 3843should use the lowest power state available while 3844.Dq Li HIGH 3845indicates that the lowest latency state (less power savings) should be used. 3846.It Va economy_cpu_freq 3847.Pq Vt str 3848CPU clock frequency to use when off AC power. 3849The string 3850.Dq Li LOW 3851indicates that 3852.Xr cpufreq 4 3853should use the lowest frequency available while 3854.Dq Li HIGH 3855indicates that the highest frequency (less power savings) should be used. 3856.It Va jail_enable 3857.Pq Vt bool 3858If set to 3859.Dq Li NO , 3860any configured jails will not be started. 3861.It Va jail_conf 3862.Pq Vt str 3863The configuration filename used by 3864.Xr jail 8 3865utility. 3866The default value is 3867.Pa /etc/jail.conf . 3868.It Va jail_parallel_start 3869.Pq Vt bool 3870If set to 3871.Dq Li YES , 3872all configured jails will be started in the background (in parallel). 3873.It Va jail_flags 3874.Pq Vt str 3875Unset by default. 3876When set, use as default value for 3877.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3878for every jail in 3879.Va jail_list . 3880.It Va jail_list 3881.Pq Vt str 3882A space-delimited list of jail names. 3883When left empty, all of the 3884.Xr jail 8 3885instances defined in the configuration file are started. 3886The names specified in this list control the jail startup order. 3887.Xr jail 8 3888instances missing from 3889.Va jail_list 3890must be started manually. 3891Note that a jail's 3892.Va depend 3893parameter in the configuration file may override this list. 3894.It Va jail_reverse_stop 3895.Pq Vt bool 3896When set to 3897.Dq Li YES , 3898all configured jails in 3899.Va jail_list 3900are stopped in reverse order. 3901.It Va jail_ Ns * variables 3902Note that older releases supported per-jail configuration via 3903.Nm 3904variables. 3905For example, 3906hostname of a jail named 3907.Li vjail 3908was able to be set by 3909.Li jail_vjail_hostname . 3910These per-jail configuration variables are now obsolete in favor of 3911.Xr jail 8 3912configuration file. 3913For backward compatibility, 3914when per-jail configuration variables are defined, 3915.Xr jail 8 3916configuration files are created as 3917.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3918and used. 3919.Pp 3920The following per-jail parameters are handled by 3921.Pa rc.d/jail 3922script out of their corresponding 3923.Nm 3924variables. 3925In addition to them, parameters in 3926.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3927will be added to the configuration file. 3928They must be a semi-colon 3929.Pq Ql \&; 3930delimited list of 3931.Dq key=value . 3932For more details, 3933see 3934.Xr jail 8 3935manual page. 3936.Bl -tag -width "host.hostname" -offset indent 3937.It Li path 3938set from 3939.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3940.It Li host.hostname 3941set from 3942.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3943.It Li exec.consolelog 3944set from 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3946The default value is 3947.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3948.It Li interface 3949set from 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3951.It Li vnet.interface 3952set from 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3954This implies 3955.Li vnet 3956parameter will be enabled and cannot be specified with 3957.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3958.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3959and/or 3960.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3961at the same time. 3962.It Li fstab 3963set from 3964.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3965.It Li mount 3966set from 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3968.It Li exec.fib 3969set from 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3971.It Li exec.start 3972set from 3973.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3974The parameter name was 3975.Li command 3976in some older releases. 3977.It Li exec.prestart 3978set from 3979.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3980.It Li exec.poststart 3981set from 3982.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3983.It Li exec.stop 3984set from 3985.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3986.It Li exec.prestop 3987set from 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3989.It Li exec.poststop 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3992.It Li ip4.addr 3993set if 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3995or 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3997contain IPv4 addresses 3998.It Li ip6.addr 3999set if 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4001or 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4003contain IPv6 addresses 4004.It Li allow.mount 4005set from 4006.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4007.It Li mount.devfs 4008set from 4009.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4010.It Li devfs_ruleset 4011set from 4012.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4013This must be an integer, 4014not a string. 4015.It Li mount.fdescfs 4016set from 4017.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4018.It Li allow.set_hostname 4019set from 4020.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4021.It Li allow.rawsocket 4022set from 4023.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4024.It Li allow.sysvipc 4025set from 4026.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4027.El 4028.\" ----------------------------------------------------- 4029.It Va harvest_mask 4030.Pq Vt int 4031Set to a bit-mask 4032representing the entropy sources 4033you wish to harvest. 4034Refer to 4035.Xr random 4 4036for more information. 4037.It Va entropy_dir 4038.Pq Vt str 4039Set to 4040.Dq Li NO 4041to disable caching entropy via 4042.Xr cron 8 . 4043Otherwise set to the directory 4044in which the entropy files are stored. 4045To be useful, 4046there must be 4047a system cron job 4048that regularly writes and rotates 4049files here. 4050All files found 4051will be used at boot time. 4052The default is 4053.Pa /var/db/entropy . 4054.It Va entropy_file 4055.Pq Vt str 4056Set to 4057.Dq Li NO 4058to disable caching entropy through reboots. 4059Otherwise set to the name 4060of a file used to store cached entropy. 4061This file should be located 4062on a file system that is readable 4063before all the volumes specified in 4064.Xr fstab 5 4065are mounted. 4066By default, 4067.Pa /entropy 4068is used, 4069but if 4070.Pa /var/db/entropy-file 4071is found it will also be used. 4072This will be of some use to 4073.Xr bsdinstall 8 . 4074.It Va entropy_boot_file 4075.Pq Vt str 4076Set to 4077.Dq Li NO 4078to disable 4079very early caching entropy 4080through reboots. 4081Otherwise set to the filename 4082used to read 4083very early reboot cached entropy. 4084This file should be located where 4085.Xr loader 8 4086can read it. 4087See also 4088.Xr loader.conf 5 . 4089The default location is 4090.Pa /boot/entropy . 4091.It Va entropy_save_sz 4092.Pq Vt int 4093Size of the entropy cache files saved by 4094.Nm save-entropy 4095periodically. 4096.It Va entropy_save_num 4097.Pq Vt int 4098Number of entropy cache files to save by 4099.Nm save-entropy 4100periodically. 4101.It Va ipsec_enable 4102.Pq Vt bool 4103Set to 4104.Dq Li YES 4105to run 4106.Xr setkey 8 4107on 4108.Va ipsec_file 4109at boot time. 4110.It Va ipsec_file 4111.Pq Vt str 4112Configuration file for 4113.Xr setkey 8 . 4114.It Va dmesg_enable 4115.Pq Vt bool 4116Set to 4117.Dq Li YES 4118to save 4119.Xr dmesg 8 4120to 4121.Pa /var/run/dmesg.boot 4122on boot. 4123.It Va rcshutdown_timeout 4124.Pq Vt int 4125If set, start a watchdog timer in the background which will terminate 4126.Pa rc.shutdown 4127if 4128.Xr shutdown 8 4129has not completed within the specified time (in seconds). 4130Notice that in addition to this soft timeout, 4131.Xr init 8 4132also applies a hard timeout for the execution of 4133.Pa rc.shutdown . 4134This is configured via 4135.Xr sysctl 8 4136variable 4137.Va kern.init_shutdown_timeout 4138and defaults to 120 seconds. 4139Setting the value of 4140.Va rcshutdown_timeout 4141to more than 120 seconds will have no effect until the 4142.Xr sysctl 8 4143variable 4144.Va kern.init_shutdown_timeout 4145is also increased. 4146.It Va virecover_enable 4147.Pq Vt bool 4148Set to 4149.Dq Li NO 4150to prevent the system from trying to 4151recover pre-maturely terminated 4152.Xr vi 1 4153sessions. 4154.It Va ugidfw_enable 4155.Pq Vt bool 4156Set to 4157.Dq Li YES 4158to load the 4159.Xr mac_bsdextended 4 4160module upon system initialization and load a default 4161ruleset file. 4162.It Va bsdextended_script 4163.Pq Vt str 4164The default 4165.Xr mac_bsdextended 4 4166ruleset file to load. 4167The default value of this variable is 4168.Pa /etc/rc.bsdextended . 4169.It Va newsyslog_enable 4170.Pq Vt bool 4171If set to 4172.Dq Li YES , 4173run 4174.Xr newsyslog 8 4175command at startup. 4176.It Va newsyslog_flags 4177.Pq Vt str 4178If 4179.Va newsyslog_enable 4180is set to 4181.Dq Li YES , 4182these are the flags to pass to the 4183.Xr newsyslog 8 4184program. 4185The default is 4186.Dq Li -CN , 4187which causes log files flagged with a 4188.Cm C 4189to be created. 4190.It Va mdconfig_md Ns Aq Ar X 4191.Pq Vt str 4192Arguments to 4193.Xr mdconfig 8 4194for 4195.Xr md 4 4196device 4197.Ar X . 4198At minimum a 4199.Fl t Ar type 4200must be specified and either a 4201.Fl s Ar size 4202for malloc or swap backed 4203.Xr md 4 4204devices or a 4205.Fl f Ar file 4206for vnode backed 4207.Xr md 4 4208devices. 4209Note that 4210.Va mdconfig_md Ns Aq Ar X 4211variables are evaluated until one variable is unset or null. 4212.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4213.Pq Vt str 4214Optional arguments passed to 4215.Xr newfs 8 4216to initialize 4217.Xr md 4 4218device 4219.Ar X . 4220.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4221.Pq Vt str 4222An ownership specification passed to 4223.Xr chown 8 4224after the specified 4225.Xr md 4 4226device 4227.Ar X 4228has been mounted. 4229Both the 4230.Xr md 4 4231device and the mount point will be changed. 4232.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4233.Pq Vt str 4234A mode string passed to 4235.Xr chmod 1 4236after the specified 4237.Xr md 4 4238device 4239.Ar X 4240has been mounted. 4241Both the 4242.Xr md 4 4243device and the mount point will be changed. 4244.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4245.Pq Vt str 4246Files to be copied to the mount point of the 4247.Xr md 4 4248device 4249.Ar X 4250after it has been mounted. 4251.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4252.Pq Vt str 4253Command to execute after the specified 4254.Xr md 4 4255device 4256.Ar X 4257has been mounted. 4258Note that the command is passed to 4259.Ic eval 4260and that both 4261.Va _dev 4262and 4263.Va _mp 4264variables can be used to reference respectively the 4265.Xr md 4 4266device and the mount point. 4267Assuming that the 4268.Xr md 4 4269device is 4270.Li md0 , 4271one could set the following: 4272.Bd -literal 4273mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4274.Ed 4275.It Va autobridge_interfaces 4276.Pq Vt str 4277Set to the list of bridge interfaces that will have newly arriving interfaces 4278checked against to be automatically added. 4279If not set to 4280.Dq Li NO 4281then for each whitespace separated 4282.Ar element 4283in the value, a 4284.Va autobridge_ Ns Aq Ar element 4285variable is assumed to exist which has a whitespace separated list of interface 4286names to match, these names can use wildcards. 4287For example: 4288.Bd -literal 4289autobridge_interfaces="bridge0" 4290autobridge_bridge0="tap* dc0 vlan[345]" 4291.Ed 4292.It Va mixer_enable 4293.Pq Vt bool 4294If set to 4295.Dq Li YES , 4296enable support for sound mixer. 4297.It Va hcsecd_enable 4298.Pq Vt bool 4299If set to 4300.Dq Li YES , 4301enable Bluetooth security daemon. 4302.It Va hcsecd_config 4303.Pq Vt str 4304Configuration file for 4305.Xr hcsecd 8 . 4306Default 4307.Pa /etc/bluetooth/hcsecd.conf . 4308.It Va sdpd_enable 4309.Pq Vt bool 4310If set to 4311.Dq Li YES , 4312enable Bluetooth Service Discovery Protocol daemon. 4313.It Va sdpd_control 4314.Pq Vt str 4315Path to 4316.Xr sdpd 8 4317control socket. 4318Default 4319.Pa /var/run/sdp . 4320.It Va sdpd_groupname 4321.Pq Vt str 4322Sets 4323.Xr sdpd 8 4324group to run as after it initializes. 4325Default 4326.Dq Li nobody . 4327.It Va sdpd_username 4328.Pq Vt str 4329Sets 4330.Xr sdpd 8 4331user to run as after it initializes. 4332Default 4333.Dq Li nobody . 4334.It Va bthidd_enable 4335.Pq Vt bool 4336If set to 4337.Dq Li YES , 4338enable Bluetooth Human Interface Device daemon. 4339.It Va bthidd_config 4340.Pq Vt str 4341Configuration file for 4342.Xr bthidd 8 . 4343Default 4344.Pa /etc/bluetooth/bthidd.conf . 4345.It Va bthidd_hids 4346.Pq Vt str 4347Path to a file, where 4348.Xr bthidd 8 4349will store information about known HID devices. 4350Default 4351.Pa /var/db/bthidd.hids . 4352.It Va rfcomm_pppd_server_enable 4353.Pq Vt bool 4354If set to 4355.Dq Li YES , 4356enable Bluetooth RFCOMM PPP wrapper daemon. 4357.It Va rfcomm_pppd_server_profile 4358.Pq Vt str 4359The name of the profile to use from 4360.Pa /etc/ppp/ppp.conf . 4361Multiple profiles can be specified here. 4362Also used to specify per-profile overrides. 4363When the profile name contains any of the characters 4364.Dq Li .-/+ 4365they are translated to 4366.Dq Li _ 4367for the proposes of the override variable names. 4368.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4369.Pq Vt str 4370Overrides local address to listen on. 4371By default 4372.Xr rfcomm_pppd 8 4373will listen on 4374.Dq Li ANY 4375address. 4376The address can be specified as BD_ADDR or name. 4377.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4378.Pq Vt str 4379Overrides local RFCOMM channel to listen on. 4380By default 4381.Xr rfcomm_pppd 8 4382will listen on RFCOMM channel 1. 4383Must set properly if multiple profiles used in the same time. 4384.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4385.Pq Vt bool 4386Tells 4387.Xr rfcomm_pppd 8 4388if it should register Serial Port service on the specified RFCOMM channel. 4389Default 4390.Dq Li NO . 4391.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4392.Pq Vt bool 4393Tells 4394.Xr rfcomm_pppd 8 4395if it should register Dial-Up Networking service on the specified 4396RFCOMM channel. 4397Default 4398.Dq Li NO . 4399.It Va ubthidhci_enable 4400.Pq Vt bool 4401If set to 4402.Dq Li YES , 4403change the USB Bluetooth controller from HID mode to HCI mode. 4404You also need to specify the location of USB Bluetooth controller with the 4405.Va ubthidhci_busnum 4406and 4407.Va ubthidhci_addr 4408variables. 4409.It Va ubthidhci_busnum 4410Bus number where the USB Bluetooth controller is located. 4411Check the output of 4412.Xr usbconfig 8 4413on your system to find this information. 4414.It Va ubthidhci_addr 4415Bus address of the USB Bluetooth controller. 4416Check the output of 4417.Xr usbconfig 8 4418on your system to find this information. 4419.It Va netwait_enable 4420.Pq Vt bool 4421If set to 4422.Dq Li YES , 4423delays the start of network-reliant services until 4424.Va netwait_if 4425is up and ICMP packets to a destination defined in 4426.Va netwait_ip 4427are flowing. 4428Link state is examined first, followed by 4429.Dq Li pinging 4430an IP address to verify network usability. 4431If no destination can be reached or timeouts are exceeded, 4432network services are started anyway with no guarantee that 4433the network is usable. 4434Use of this variable requires both 4435.Va netwait_ip 4436and 4437.Va netwait_if 4438to be set. 4439.It Va netwait_ip 4440.Pq Vt str 4441Empty by default. 4442This variable contains a space-delimited list of IP addresses to 4443.Xr ping 8 . 4444DNS hostnames should not be used as resolution is not guaranteed 4445to be functional at this point. 4446If multiple IP addresses are specified, 4447each will be tried until one is successful or the list is exhausted. 4448.It Va netwait_timeout 4449.Pq Vt int 4450Indicates the total number of seconds to perform a 4451.Dq Li ping 4452against each IP address in 4453.Va netwait_ip , 4454at a rate of one ping per second. 4455If any of the pings are successful, 4456full network connectivity is considered reliable. 4457The default is 60. 4458.It Va netwait_if 4459.Pq Vt str 4460Empty by default. 4461Defines the name of the network interface on which watch for link. 4462.Xr ifconfig 8 4463is used to monitor the interface, looking for 4464.Dq Li status: no carrier . 4465Once gone, the link is considered up. 4466This can be a 4467.Xr vlan 4 4468interface if desired. 4469.It Va netwait_if_timeout 4470.Pq Vt int 4471Defines the total number of seconds to wait for link to become usable, 4472polled at a 1-second interval. 4473The default is 30. 4474.It Va rctl_enable 4475.Pq Vt bool 4476If set to 4477.Dq Li YES , 4478load 4479.Xr rctl 8 4480rules from the defined ruleset. 4481The kernel must be built with 4482.Cd "options RACCT" 4483and 4484.Cd "options RCTL" . 4485.It Va rctl_rules 4486.Pq Vt str 4487Set to 4488.Pa /etc/rctl.conf 4489by default. 4490This variables contains the 4491.Xr rctl.conf 5 4492ruleset to load for 4493.Xr rctl 8 . 4494.It Va iovctl_files 4495.Pq Vt str 4496A space-separated list of configuration files used by 4497.Xr iovctl 8 . 4498The default value is an empty string. 4499.It Va autofs_enable 4500.Pq Vt bool 4501If set to 4502.Dq Li YES , 4503start the 4504.Xr automount 8 4505utility and the 4506.Xr automountd 8 4507and 4508.Xr autounmountd 8 4509daemons at boot time. 4510.It Va automount_flags 4511.Pq Vt str 4512If 4513.Va autofs_enable 4514is set to 4515.Dq Li YES , 4516these are the flags to pass to the 4517.Xr automount 8 4518program. 4519By default no flags are passed. 4520.It Va automountd_flags 4521.Pq Vt str 4522If 4523.Va autofs_enable 4524is set to 4525.Dq Li YES , 4526these are the flags to pass to the 4527.Xr automountd 8 4528daemon. 4529By default no flags are passed. 4530.It Va autounmountd_flags 4531.Pq Vt str 4532If 4533.Va autofs_enable 4534is set to 4535.Dq Li YES , 4536these are the flags to pass to the 4537.Xr autounmountd 8 4538daemon. 4539By default no flags are passed. 4540.It Va ctld_enable 4541.Pq Vt bool 4542If set to 4543.Dq Li YES , 4544start the 4545.Xr ctld 8 4546daemon at boot time. 4547.It Va iscsid_enable 4548.Pq Vt bool 4549If set to 4550.Dq Li YES , 4551start the 4552.Xr iscsid 8 4553daemon at boot time. 4554.It Va iscsictl_enable 4555.Pq Vt bool 4556If set to 4557.Dq Li YES , 4558start the 4559.Xr iscsictl 8 4560utility at boot time. 4561.It Va iscsictl_flags 4562.Pq Vt str 4563If 4564.Va iscsictl_enable 4565is set to 4566.Dq Li YES , 4567these are the flags to pass to the 4568.Xr iscsictl 8 4569program. 4570The default is 4571.Dq Li -Aa , 4572which configures sessions based on the 4573.Pa /etc/iscsi.conf 4574configuration file. 4575.It Va cfumass_enable 4576.Pq Vt bool 4577If set to 4578.Dq Li YES , 4579create and export an USB LUN using 4580.Xr cfumass 4 4581at boot time. 4582.It Va cfumass_dir 4583.Pq Vt str 4584The directory where the files exported by USB LUN are located. 4585The default directory is 4586.Pa /var/cfumass . 4587.It Va service_delete_empty 4588.Pq Vt bool 4589If set to 4590.Dq Li YES , 4591.Ql Li service delete 4592removes empty 4593.Dq Li rc.conf.d 4594files. 4595.It Va zfs_bootonce_activate 4596.Pq Vt bool 4597If set to 4598.Dq Li YES , 4599and a boot environment marked bootonce is successfully booted, 4600it will be made permanently active. 4601.El 4602.Sh FILES 4603.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4604.It Pa /etc/defaults/rc.conf 4605.It Pa /etc/defaults/vendor.conf 4606.It Pa /etc/rc.conf 4607.It Pa /etc/rc.conf.local 4608.El 4609.Sh SEE ALSO 4610.Xr chmod 1 , 4611.Xr gdb 1 , 4612.Xr info 1 , 4613.Xr kbdcontrol 1 , 4614.Xr makewhatis 1 , 4615.Xr sh 1 , 4616.Xr vi 1 , 4617.Xr vidcontrol 1 , 4618.Xr bridge 4 , 4619.Xr dummynet 4 , 4620.Xr ip 4 , 4621.Xr ipf 4 , 4622.Xr ipfw 4 , 4623.Xr ipnat 4 , 4624.Xr kld 4 , 4625.Xr pf 4 , 4626.Xr pflog 4 , 4627.Xr pfsync 4 , 4628.Xr tcp 4 , 4629.Xr udp 4 , 4630.Xr exports 5 , 4631.Xr fstab 5 , 4632.Xr ipf 5 , 4633.Xr ipnat 5 , 4634.Xr jail.conf 5 , 4635.Xr loader.conf 5 , 4636.Xr motd 5 , 4637.Xr newsyslog.conf 5 , 4638.Xr pf.conf 5 , 4639.Xr security 7 , 4640.Xr accton 8 , 4641.Xr amd 8 , 4642.Xr apm 8 , 4643.Xr bsdinstall 8 , 4644.Xr bthidd 8 , 4645.Xr chkprintcap 8 , 4646.Xr chown 8 , 4647.Xr cron 8 , 4648.Xr devfs 8 , 4649.Xr dhclient 8 , 4650.Xr ftpd 8 , 4651.Xr geli 8 , 4652.Xr hcsecd 8 , 4653.Xr ifconfig 8 , 4654.Xr inetd 8 , 4655.Xr iovctl 8 , 4656.Xr ipf 8 , 4657.Xr ipfw 8 , 4658.Xr ipnat 8 , 4659.Xr jail 8 , 4660.Xr kldxref 8 , 4661.Xr loader 8 , 4662.Xr lpd 8 , 4663.Xr mdconfig 8 , 4664.Xr mdmfs 8 , 4665.Xr mixer 8 , 4666.Xr mountd 8 , 4667.Xr moused 8 , 4668.Xr newfs 8 , 4669.Xr newsyslog 8 , 4670.Xr nfsd 8 , 4671.Xr ntpd 8 , 4672.Xr ntpdate 8 , 4673.Xr pfctl 8 , 4674.Xr pflogd 8 , 4675.Xr ping 8 , 4676.Xr powerd 8 , 4677.Xr quotacheck 8 , 4678.Xr quotaon 8 , 4679.Xr rc 8 , 4680.Xr rc.sendmail 8 , 4681.Xr rcorder 8 , 4682.Xr rfcomm_pppd 8 , 4683.Xr route 8 , 4684.Xr routed 8 , 4685.Xr rpc.lockd 8 , 4686.Xr rpc.statd 8 , 4687.Xr rpcbind 8 , 4688.Xr rwhod 8 , 4689.Xr savecore 8 , 4690.Xr sdpd 8 , 4691.Xr service 8 , 4692.Xr sshd 8 , 4693.Xr swapon 8 , 4694.Xr sysctl 8 , 4695.Xr syslogd 8 , 4696.Xr sysrc 8 , 4697.Xr timed 8 , 4698.Xr unbound 8 , 4699.Xr usbconfig 8 , 4700.Xr wlandebug 8 , 4701.Xr yp 8 , 4702.Xr ypbind 8 , 4703.Xr ypserv 8 , 4704.Xr ypset 8 4705.Sh HISTORY 4706The 4707.Nm 4708file appeared in 4709.Fx 2.2.2 . 4710.Sh AUTHORS 4711.An Jordan K. Hubbard . 4712