1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd September 28, 2005 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71The following list provides a name and short description for each 72variable that can be set in the 73.Nm 74file: 75.Bl -tag -width indent-two 76.It Va rc_debug 77.Pq Vt bool 78If set to 79.Dq Li YES , 80enable output of debug messages from rc scripts. 81This variable can be helpful in diagnosing mistakes when 82editing or integrating new scripts. 83Beware that this produces copious output to the terminal and 84.Xr syslog 3 . 85.It Va rc_info 86.Pq Vt bool 87If set to 88.Dq Li NO , 89disable informational messages from the rc scripts. 90Informational messages are displayed when 91a condition that is not serious enough to warrant a warning or 92an error occurs. 93.It Va swapfile 94.Pq Vt str 95If set to 96.Dq Li NO , 97no swapfile is installed, otherwise the value is used as the full 98pathname to a file to use for additional swap space. 99.It Va apm_enable 100.Pq Vt bool 101If set to 102.Dq Li YES , 103enable support for Automatic Power Management with 104the 105.Xr apm 8 106command. 107.It Va apmd_enable 108.Pq Vt bool 109Run 110.Xr apmd 8 111to handle APM event from userland. 112This also enables support for APM. 113.It Va apmd_flags 114.Pq Vt str 115If 116.Va apmd_enable 117is set to 118.Dq Li YES , 119these are the flags to pass to the 120.Xr apmd 8 121daemon. 122.It Va devd_enable 123.Pq Vt bool 124Run 125.Xr devd 8 126to handle device added, removed or unknown events from the kernel. 127.It Va kldxref_enable 128.Pq Vt bool 129Set to 130.Dq Li NO 131by default. 132Set to 133.Dq Li YES 134to automatically rebuild 135.Pa linker.hints 136files with 137.Xr kldxref 8 138at boot time. 139.It Va kldxref_clobber 140.Pq Vt bool 141Set to 142.Dq Li NO 143by default. 144If 145.Va kldxref_enable 146is true, 147setting to 148.Dq Li YES 149will overwrite existing 150.Pa linker.hints 151files at boot time. 152Otherwise, 153only missing 154.Pa linker.hints 155files are generated. 156.It Va kldxref_module_path 157.Pq Vt str 158Empty by default. 159A semi-colon 160.Pq Ql \&; 161delimited list of paths containing 162.Xr kld 4 163modules. 164If empty, 165the contents of the 166.Va kern.module_path 167.Xr sysctl 8 168are used. 169.It Va pccard_enable 170.Pq Vt bool 171If set to 172.Dq Li YES , 173enable PCCARD support at boot time. 174.It Va pccard_mem 175.Pq Vt str 176Set to PCCARD controller memory address or 177.Dq Li DEFAULT 178for the default value. 179.It Va pccard_beep 180.Pq Vt int 181If 0, 182set the PCCARD controller to silent mode. 183If 1, 184set it to beep mode. 185If 2, 186set it to melody mode. 187.It Va pccard_conf 188.Pq Vt str 189Path to the configuration file for the 190.Xr pccardd 8 191daemon (e.g.\& 192.Pa /etc/pccard.conf.sample ) . 193.It Va pccardd_flags 194.Pq Vt str 195If 196.Va pccard_enable 197is set to 198.Dq Li YES , 199these are the flags to pass to the 200.Xr pccardd 8 201daemon. 202.It Va powerd_enable 203.Pq Vt bool 204If set to 205.Dq Li YES , 206enable the system power control facility with the 207.Xr powerd 8 208daemon. 209.It Va powerd_flags 210.Pq Vt str 211If 212.Va powerd_enable 213is set to 214.Dq Li YES , 215these are the flags to pass to the 216.Xr powerd 8 217daemon. 218.It Va tmpmfs 219Controls the creation of a 220.Pa /tmp 221memory file system. 222Always happens if set to 223.Dq Li YES 224and never happens if set to 225.Dq Li NO . 226If set to anything else, a memory file system is created if 227.Pa /tmp 228is not writable. 229.It Va tmpsize 230Controls the size of a created 231.Pa /tmp 232memory file system. 233.It Va tmpmfs_flags 234Extra options passed to the 235.Xr mdmfs 8 236utility when the memory file system for 237.Pa /tmp 238is created. 239The default is 240.Dq Li "-S -M" , 241which inhibits the use of softupdates on 242.Pa /tmp 243to waste as little space as possible 244and creates a pure memory backed disk, which will never be swapped out, 245for maximum performance and system stability at low memory conditions. 246See 247.Xr mdmfs 8 248for other options you can use in 249.Va tmpmfs_flags . 250.It Va varmfs 251Controls the creation of a 252.Pa /var 253memory file system. 254Always happens if set to 255.Dq Li YES 256and never happens if set to 257.Dq Li NO . 258If set to anything else, a memory file system is created if 259.Pa /var 260is not writable. 261.It Va varsize 262Controls the size of a created 263.Pa /var 264memory file system. 265.It Va varmfs_flags 266Extra options passed to the 267.Xr mdmfs 8 268utility when the memory file system for 269.Pa /var 270is created. 271The default is 272.Dq Li "-S -M" , 273which inhibits the use of softupdates on 274.Pa /var 275to waste as little space as possible 276and creates a pure memory backed disk, which will never be swapped out, 277for maximum performance and system stability at low memory conditions. 278See 279.Xr mdmfs 8 280for other options you can use in 281.Va varmfs_flags . 282.It Va populate_var 283Controls the automatic population of the 284.Pa /var 285file system. 286Always happens if set to 287.Dq Li YES 288and never happens if set to 289.Dq Li NO . 290If set to anything else, a memory file system is created if 291.Pa /var 292is not writable. 293Note that this process requires access to certain commands in 294.Pa /usr 295before 296.Pa /usr 297is mounted on normal systems. 298.It Va local_startup 299.Pq Vt str 300List of directories to search for startup script files. 301.It Va script_name_sep 302.Pq Vt str 303The field separator to use for breaking down the list of startup script files 304into individual filenames. 305The default is a space. 306It is not necessary to change this unless there are startup scripts with names 307containing spaces. 308.It Va hostname 309.Pq Vt str 310The fully qualified domain name (FQDN) of this host on the network. 311This should almost certainly be set to something meaningful, even if 312there is no network connection. 313If 314.Xr dhclient 8 315is used to set the hostname via DHCP, 316this variable should be set to an empty string. 317.It Va ipv6_enable 318.Pq Vt bool 319Enable support for IPv6 networking. 320Note that this requires that the kernel has been compiled with 321.Cd "options INET6" . 322.It Va nisdomainname 323.Pq Vt str 324The NIS domain name of this host, or 325.Dq Li NO 326if NIS is not used. 327.It Va dhclient_program 328.Pq Vt str 329Path to the DHCP client program 330.Pa ( /sbin/dhclient , 331the 332.Ox 333DHCP client, 334is the default). 335.It Va dhclient_flags 336.Pq Vt str 337Additional flags to pass to the DHCP client program. 338For the 339.Ox 340DHCP client, see the 341.Xr dhclient 8 342manpage for a description of the command line options available. 343.It Va background_dhclient 344.Pq Vt bool 345Set to 346.Dq Li YES 347to start the DHCP client in background. 348This can cause trouble with applications depending on 349a working network, but it will provide a faster startup 350in many cases. 351.It Va firewall_enable 352.Pq Vt bool 353Set to 354.Dq Li YES 355to load firewall rules at startup. 356If the kernel was not built with 357.Cd "options IPFIREWALL" , 358the 359.Pa ipfw.ko 360kernel module will be loaded. 361See also 362.Va ipfilter_enable . 363.It Va ipv6_firewall_enable 364.Pq Vt bool 365The IPv6 equivalent of 366.Va firewall_enable . 367Set to 368.Dq Li YES 369to load IPv6 firewall rules at startup. 370If the kernel was not built with 371.Cd "options IPV6FIREWALL" , 372the 373.Pa ip6fw.ko 374kernel module will be loaded. 375.It Va firewall_script 376.Pq Vt str 377This variable specifies the full path to the firewall script to run. 378The default is 379.Pa /etc/rc.firewall . 380.It Va ipv6_firewall_script 381.Pq Vt str 382The IPv6 equivalent of 383.Va firewall_script . 384.It Va firewall_type 385.Pq Vt str 386Names the firewall type from the selection in 387.Pa /etc/rc.firewall , 388or the file which contains the local firewall ruleset. 389Valid selections from 390.Pa /etc/rc.firewall 391are: 392.Pp 393.Bl -tag -width ".Li simple" -compact 394.It Li open 395unrestricted IP access 396.It Li closed 397all IP services disabled, except via 398.Dq Li lo0 399.It Li client 400basic protection for a workstation 401.It Li simple 402basic protection for a LAN. 403.El 404.Pp 405If a filename is specified, the full path 406must be given. 407.It Va ipv6_firewall_type 408.Pq Vt str 409The IPv6 equivalent of 410.Va firewall_type . 411.It Va firewall_quiet 412.Pq Vt bool 413Set to 414.Dq Li YES 415to disable the display of firewall rules on the console during boot. 416.It Va ipv6_firewall_quiet 417.Pq Vt bool 418The IPv6 equivalent of 419.Va firewall_quiet . 420.It Va firewall_logging 421.Pq Vt bool 422Set to 423.Dq Li YES 424to enable firewall event logging. 425This is equivalent to the 426.Dv IPFIREWALL_VERBOSE 427kernel option. 428.It Va ipv6_firewall_logging 429.Pq Vt bool 430The IPv6 equivalent of 431.Va firewall_logging . 432.It Va firewall_flags 433.Pq Vt str 434Flags passed to 435.Xr ipfw 8 436if 437.Va firewall_type 438specifies a filename. 439.It Va ipv6_firewall_flags 440.Pq Vt str 441The IPv6 equivalent of 442.Va firewall_flags . 443.It Va natd_program 444.Pq Vt str 445Path to 446.Xr natd 8 . 447.It Va natd_enable 448.Pq Vt bool 449Set to 450.Dq Li YES 451to enable 452.Xr natd 8 . 453.Va firewall_enable 454must also be set to 455.Dq Li YES , 456and 457.Xr divert 4 458sockets must be enabled in the kernel. 459If the kernel was not built with 460.Cd "options IPDIVERT" , 461the 462.Pa ipdivert.ko 463kernel module will be loaded. 464.It Va natd_interface 465.Pq Vt str 466This is the name of the public interface on which 467.Xr natd 8 468should run. 469The interface may be given as an interface name or as an IP address. 470.It Va natd_flags 471.Pq Vt str 472Additional 473.Xr natd 8 474flags should be placed here. 475The 476.Fl n 477or 478.Fl a 479flag is automatically added with the above 480.Va natd_interface 481as an argument. 482.\" ----- ipfilter_enable setting -------------------------------- 483.It Va ipfilter_enable 484.Pq Vt bool 485Set to 486.Dq Li NO 487by default. 488Setting this to 489.Dq Li YES 490enables 491.Xr ipf 8 492packet filtering. 493.Pp 494Typical usage will require putting 495.Bd -literal 496ipfilter_enable="YES" 497ipnat_enable="YES" 498ipmon_enable="YES" 499ipfs_enable="YES" 500.Ed 501.Pp 502into 503.Pa /etc/rc.conf 504and editing 505.Pa /etc/ipf.rules 506and 507.Pa /etc/ipnat.rules 508appropriately. 509.Pp 510Note that 511.Va ipfilter_enable 512and 513.Va ipnat_enable 514can be enabled independently. 515.Va ipmon_enable 516and 517.Va ipfs_enable 518both require at least one of 519.Va ipfilter_enable 520and 521.Va ipnat_enable 522to be enabled. 523.Pp 524Having 525.Bd -literal 526options IPFILTER 527options IPFILTER_LOG 528options IPFILTER_DEFAULT_BLOCK 529.Ed 530.Pp 531in the kernel configuration file is a good idea, too. 532.\" ----- ipfilter_program setting ------------------------------ 533.It Va ipfilter_program 534.Pq Vt str 535Path to 536.Xr ipf 8 537(default 538.Pa /sbin/ipf ) . 539.\" ----- ipfilter_rules setting -------------------------------- 540.It Va ipfilter_rules 541.Pq Vt str 542Set to 543.Pa /etc/ipf.rules 544by default. 545This variable contains the name of the filter rule definition file. 546The file is expected to be readable for the 547.Xr ipf 8 548command to execute. 549.\" ----- ipv6_ipfilter_rules setting --------------------------- 550.It Va ipv6_ipfilter_rules 551.Pq Vt str 552Set to 553.Pa /etc/ipf6.rules 554by default. 555This variable contains the IPv6 filter rule definition file. 556The file is expected to be readable for the 557.Xr ipf 8 558command to execute. 559.\" ----- ipfilter_flags setting -------------------------------- 560.It Va ipfilter_flags 561.Pq Vt str 562Empty by default. 563This variable contains flags passed to the 564.Xr ipf 8 565program. 566.\" ----- ipnat_enable setting ---------------------------------- 567.It Va ipnat_enable 568.Pq Vt bool 569Set to 570.Dq Li NO 571by default. 572Set it to 573.Dq Li YES 574to enable 575.Xr ipnat 1 576network address translation. 577See 578.Va ipfilter_enable 579for a detailed discussion. 580.\" ----- ipnat_program setting --------------------------------- 581.It Va ipnat_program 582.Pq Vt str 583Path to 584.Xr ipnat 1 585(default 586.Pa /sbin/ipnat ) . 587.\" ----- ipnat_rules setting ----------------------------------- 588.It Va ipnat_rules 589.Pq Vt str 590Set to 591.Pa /etc/ipnat.rules 592by default. 593This variable contains the name of the file 594holding the network address translation definition. 595This file is expected to be readable for the 596.Xr ipnat 1 597command to execute. 598.\" ----- ipnat_flags setting ----------------------------------- 599.It Va ipnat_flags 600.Pq Vt str 601Empty by default. 602This variable contains flags passed to the 603.Xr ipnat 1 604program. 605.\" ----- ipmon_enable setting ---------------------------------- 606.It Va ipmon_enable 607.Pq Vt bool 608Set to 609.Dq Li NO 610by default. 611Set it to 612.Dq Li YES 613to enable 614.Xr ipmon 8 615monitoring (logging 616.Xr ipf 8 617and 618.Xr ipnat 1 619events). 620Setting this variable needs setting 621.Va ipfilter_enable 622or 623.Va ipnat_enable 624too. 625See 626.Va ipfilter_enable 627for a detailed discussion. 628.\" ----- ipmon_program setting --------------------------------- 629.It Va ipmon_program 630.Pq Vt str 631Path to 632.Xr ipmon 8 633(default 634.Pa /sbin/ipmon ) . 635.\" ----- ipmon_flags setting ----------------------------------- 636.It Va ipmon_flags 637.Pq Vt str 638Set to 639.Dq Li -Ds 640by default. 641This variable contains flags passed to the 642.Xr ipmon 8 643program. 644Another typical example would be 645.Dq Fl D Pa /var/log/ipflog 646to have 647.Xr ipmon 8 648log directly to a file bypassing 649.Xr syslogd 8 . 650Make sure to adjust 651.Pa /etc/newsyslog.conf 652in such case like this: 653.Bd -literal 654/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 655.Ed 656.\" ----- ipfs_enable setting ----------------------------------- 657.It Va ipfs_enable 658.Pq Vt bool 659Set to 660.Dq Li NO 661by default. 662Set it to 663.Dq Li YES 664to enable 665.Xr ipfs 8 666saving the filter and NAT state tables during shutdown 667and reloading them during startup again. 668Setting this variable needs setting 669.Va ipfilter_enable 670or 671.Va ipnat_enable 672to 673.Dq Li YES 674too. 675See 676.Va ipfilter_enable 677for a detailed discussion. 678Note that if 679.Va kern_securelevel 680is set to 3, 681.Va ipfs_enable 682cannot be used 683because the raised securelevel will prevent 684.Xr ipfs 8 685from saving the state tables at shutdown time. 686.\" ----- ipfs_program setting ---------------------------------- 687.It Va ipfs_program 688.Pq Vt str 689Path to 690.Xr ipfs 8 691(default 692.Pa /sbin/ipfs ) . 693.\" ----- ipfs_flags setting ------------------------------------ 694.It Va ipfs_flags 695.Pq Vt str 696Empty by default. 697This variable contains flags passed to the 698.Xr ipfs 8 699program. 700.\" ----- end of added ipf hook --------------------------------- 701.It Va pf_enable 702.Pq Vt bool 703Set to 704.Dq Li NO 705by default. 706Setting this to 707.Dq Li YES 708enables 709.Xr pf 4 710packet filtering. 711.Pp 712Typical usage will require putting 713.Pp 714.Dl pf_enable="YES" 715.Pp 716into 717.Pa /etc/rc.conf 718and editing 719.Pa /etc/pf.conf 720appropriately. 721.Pp 722.Dl "device pf" 723.Pp 724builds 725.Xr pf 4 726into the kernel. 727Otherwise it is loaded from a module. 728.It Va pf_rules 729.Pq Vt str 730Path to 731.Xr pf 4 732ruleset configuration file 733(default 734.Pa /etc/pf.conf ) . 735.It Va pf_program 736.Pq Vt str 737Path to 738.Xr pfctl 8 739(default 740.Pa /sbin/pfctl ) . 741.It Va pf_flags 742.Pq Vt str 743If 744.Va pf_enable 745is set to 746.Dq Li YES , 747these flags are passed to the 748.Xr pfctl 8 749program when loading the ruleset. 750.It Va pflog_enable 751.Pq Vt bool 752Set to 753.Dq Li NO 754by default. 755Setting this to 756.Dq Li YES 757enables 758.Xr pflogd 8 759which logs packets from the 760.Xr pf 4 761packet filter. 762.It Va pflog_logfile 763.Pq Vt str 764If 765.Va pflog_enable 766is set to 767.Dq Li YES 768this controls where 769.Xr pflogd 8 770stores the logfile 771(default 772.Pa /var/log/pflog ) . 773Check 774.Pa /etc/newsyslog.conf 775to adjust logfile rotation for this. 776.It Va pflog_program 777.Pq Vt str 778Path to 779.Xr pflogd 8 780(default 781.Pa /sbin/pflogd ) . 782.It Va pflog_flags 783.Pq Vt str 784Empty by default. 785This variable contains additional flags passed to the 786.Xr pflogd 8 787program. 788.It Va pfsync_enable 789.Pq Vt bool 790Set to 791.Dq Li NO 792by default. 793Setting this to 794.Dq Li YES 795enables exposing 796.Xr pf 4 797state changes to other hosts over the network by means of 798.Xr pfsync 4 . 799The 800.Va pfsync_syncdev 801variable 802must also be set then. 803.It Va pfsync_syncdev 804.Pq Vt str 805Empty by default. 806This variable specifies the name of the network interface 807.Xr pfsync 4 808should operate through. 809It must be set accordingly if 810.Va pfsync_enable 811is set to 812.Dq Li YES . 813.It Va pfsync_ifconfig 814.Pq Vt str 815Empty by default. 816This variable can contain additional options to be passed to the 817.Xr ifconfig 8 818command used to set up 819.Xr pfsync 4 . 820.It Va tcp_extensions 821.Pq Vt bool 822Set to 823.Dq Li YES 824by default. 825Setting this to 826.Dq Li NO 827disables certain TCP options as described by 828.Rs 829.%T "RFC 1323" 830.Re 831Setting this to 832.Dq Li NO 833might help remedy such problems with connections as randomly hanging 834or other weird behavior. 835Some network devices are known 836to be broken with respect to these options. 837.It Va log_in_vain 838.Pq Vt int 839Set to 0 by default. 840The 841.Xr sysctl 8 842variables, 843.Va net.inet.tcp.log_in_vain 844and 845.Va net.inet.udp.log_in_vain , 846as described in 847.Xr tcp 4 848and 849.Xr udp 4 , 850are set to the given value. 851.It Va tcp_keepalive 852.Pq Vt bool 853Set to 854.Dq Li YES 855by default. 856Setting to 857.Dq Li NO 858will disable probing idle TCP connections to verify that the 859peer is still up and reachable. 860.It Va tcp_drop_synfin 861.Pq Vt bool 862Set to 863.Dq Li NO 864by default. 865Setting to 866.Dq Li YES 867will cause the kernel to ignore TCP frames that have both 868the SYN and FIN flags set. 869This prevents OS fingerprinting, but may 870break some legitimate applications. 871This option is only available if the 872kernel was built with the 873.Dv TCP_DROP_SYNFIN 874option. 875.It Va icmp_drop_redirect 876.Pq Vt bool 877Set to 878.Dq Li NO 879by default. 880Setting to 881.Dq Li YES 882will cause the kernel to ignore ICMP REDIRECT packets. 883Refer to 884.Xr icmp 4 885for more information. 886.It Va icmp_log_redirect 887.Pq Vt bool 888Set to 889.Dq Li NO 890by default. 891Setting to 892.Dq Li YES 893will cause the kernel to log ICMP REDIRECT packets. 894Note that 895the log messages are not rate-limited, so this option should only be used 896for troubleshooting networks. 897Refer to 898.Xr icmp 4 899for more information. 900.It Va icmp_bmcastecho 901.Pq Vt bool 902Set to 903.Dq Li YES 904to respond to broadcast or multicast ICMP ping packets. 905Refer to 906.Xr icmp 4 907for more information. 908.It Va ip_portrange_first 909.Pq Vt int 910If not set to 911.Dq Li NO , 912this is the first port in the default portrange. 913Refer to 914.Xr ip 4 915for more information. 916.It Va ip_portrange_last 917.Pq Vt int 918If not set to 919.Dq Li NO , 920this is the last port in the default portrange. 921Refer to 922.Xr ip 4 923for more information. 924.It Va network_interfaces 925.Pq Vt str 926Set to the list of network interfaces to configure on this host or 927.Dq Li AUTO 928(the default) for all current interfaces. 929For example, if the only active network devices in the system 930are the loopback device 931.Pq Li lo0 932and a NIC using the 933.Xr ed 4 934driver, 935this could be set to 936.Dq Li "lo0 ed0" . 937.Pp 938An 939.Va ifconfig_ Ns Aq Ar interface 940variable is also assumed to exist for each value of 941.Ar interface . 942The variable can contain arguments to 943.Xr ifconfig 8 , 944as well as special case-insensitive keywords described below. 945Such keywords are removed before passing the value to 946.Xr ifconfig 8 947while the order of the other arguments is preserved. 948.Pp 949One can configure more than one IPv4 address with the 950.Va ipv4_addrs_ Ns Aq Ar interface 951variable. 952One or more IP addresses must be provided in Classless Inter-Domain 953Routing (CIDR) address notation, whose last byte can be a range like 954192.168.0.5-23/24. 955In this case the address 192.168.0.5 will be configured with the 956netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 957the non-conflicting netmask /32 as explained in the 958.Xr ifconfig 8 959alias section. 960With the interface in question being 961.Li ed0 , 962an example could look like: 963.Bd -literal 964ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 965.Ed 966.Pp 967It is also possible to add IP alias entries using 968.Xr ifconfig 8 969syntax. 970Assuming that the interface in question was 971.Li ed0 , 972it might look 973something like this: 974.Bd -literal 975ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 976ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 977.Ed 978.Pp 979And so on. 980For each 981.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 982entry that is found, 983its contents are passed to 984.Xr ifconfig 8 . 985Execution stops at the first unsuccessful access, so if 986something like this is present: 987.Bd -literal 988ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 989ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 990ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 991ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 992.Ed 993.Pp 994Then note that alias4 would 995.Em not 996be added since the search would 997stop with the missing 998.Dq Li alias3 999entry. 1000Due to this difficult to manage behavior, the 1001.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1002form is deprecated. 1003.Pp 1004If the 1005.Pa /etc/start_if. Ns Aq Ar interface 1006file is present, it is read and executed by the 1007.Xr sh 1 1008interpreter 1009before configuring the interface as specified in the 1010.Va ifconfig_ Ns Aq Ar interface 1011and 1012.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1013variables. 1014.Pp 1015If the 1016.Va ifconfig_ Ns Aq Ar interface 1017contains the keyword 1018.Dq Li NOAUTO 1019then the interface will not be configured 1020at boot or by 1021.Pa /etc/pccard_ether 1022when 1023.Va network_interfaces 1024is set to 1025.Dq Li AUTO . 1026.Pp 1027It is possible to bring up an interface with DHCP by adding 1028.Dq Li DHCP 1029to the 1030.Va ifconfig_ Ns Aq Ar interface 1031variable. 1032For instance, to initialize the 1033.Li ed0 1034device via DHCP, 1035it is possible to use something like: 1036.Bd -literal 1037ifconfig_ed0="DHCP" 1038.Ed 1039.Pp 1040Also, if your interface needs WPA authentication, it is possible to add 1041.Dq Li WPA 1042to the 1043.Va ifconfig_ Ns Aq Ar interface 1044variable. 1045.Pp 1046Finally, you can add 1047.Xr ifconfig 8 1048options in this variable, in addition to the 1049.Pa /etc/start_if. Ns Aq Ar interface 1050file. 1051For instance, to initialize the 1052.Li wi0 1053device via DHCP, using WPA authentication and 802.11b mode, it is 1054possible to use something like: 1055.Bd -literal 1056ifconfig_wi0="DHCP WPA mode 11b" 1057.Ed 1058.Pp 1059In addition to the 1060.Va ifconfig_ Ns Aq Ar interface 1061form, a fallback variable 1062.Va ifconfig_DEFAULT 1063may be configured. 1064It will be used for all interfaces with no 1065.Va ifconfig_ Ns Aq Ar interface 1066variable. 1067This is intended to replace the no longer supported 1068.Va pccard_ifconfig 1069variable. 1070.Pp 1071It is also possible to rename interface by doing: 1072.Bd -literal 1073ifconfig_ed0_name="net0" 1074ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1075.Ed 1076.It Va ipv6_network_interfaces 1077.Pq Vt str 1078This is the IPv6 equivalent of 1079.Va network_interfaces . 1080Instead of setting the ifconfig variables as 1081.Va ifconfig_ Ns Aq Ar interface 1082they should be set as 1083.Va ipv6_ifconfig_ Ns Aq Ar interface . 1084Aliases should be set as 1085.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1086.Va ipv6_prefix_ Ns Aq Ar interface 1087does something. 1088Interfaces that do not have a 1089.Va ipv6_ifconfig_ Ns Aq Ar interface 1090setting will be auto configured by 1091.Xr rtsol 8 1092if the 1093.Va ipv6_gateway_enable 1094is set to 1095.Dq Li NO . 1096Note that the IPv6 networking code does not support the 1097.Pa /etc/start_if. Ns Aq Ar interface 1098files. 1099.It Va ipv6_default_interface 1100.Pq Vt str 1101If not set to 1102.Dq Li NO , 1103this is the default output interface for scoped addresses. 1104Now this works only for IPv6 link local multicast addresses. 1105.It Va cloned_interfaces 1106.Pq Vt str 1107Set to the list of clonable network interfaces to create on this host. 1108Entries in 1109.Va cloned_interfaces 1110are automatically appended to 1111.Va network_interfaces 1112for configuration. 1113.It Va gif_interfaces 1114.Pq Vt str 1115Set to the list of 1116.Xr gif 4 1117tunnel interfaces to configure on this host. 1118A 1119.Va gifconfig_ Ns Aq Ar interface 1120variable is assumed to exist for each value of 1121.Ar interface . 1122The value of this variable is used to configure the link layer of the 1123tunnel according to the syntax of the 1124.Cm tunnel 1125option to 1126.Xr ifconfig 8 . 1127Additionally, this option ensures that each listed interface is created 1128via the 1129.Cm create 1130option to 1131.Xr ifconfig 8 1132before attempting to configure it. 1133.It Va sppp_interfaces 1134.Pq Vt str 1135Set to the list of 1136.Xr sppp 4 1137interfaces to configure on this host. 1138A 1139.Va spppconfig_ Ns Aq Ar interface 1140variable is assumed to exist for each value of 1141.Ar interface . 1142Each interface should also be configured by a general 1143.Va ifconfig_ Ns Aq Ar interface 1144setting. 1145Refer to 1146.Xr spppcontrol 8 1147for more information about available options. 1148.It Va ppp_enable 1149.Pq Vt bool 1150If set to 1151.Dq Li YES , 1152run the 1153.Xr ppp 8 1154daemon. 1155.It Va ppp_mode 1156.Pq Vt str 1157Mode in which to run the 1158.Xr ppp 8 1159daemon. 1160Accepted modes are 1161.Dq Li auto , 1162.Dq Li ddial , 1163.Dq Li direct 1164and 1165.Dq Li dedicated . 1166See the manual for a full description. 1167.It Va ppp_nat 1168.Pq Vt bool 1169If set to 1170.Dq Li YES , 1171enables network address translation. 1172Used in conjunction with 1173.Va gateway_enable 1174allows hosts on private network addresses access to the Internet using 1175this host as a network address translating router. 1176.It Va ppp_profile 1177.Pq Vt str 1178The name of the profile to use from 1179.Pa /etc/ppp/ppp.conf . 1180.It Va ppp_user 1181.Pq Vt str 1182The name of the user under which 1183.Xr ppp 8 1184should be started. 1185By 1186default, 1187.Xr ppp 8 1188is started as 1189.Dq Li root . 1190.It Va rc_conf_files 1191.Pq Vt str 1192This option is used to specify a list of files that will override 1193the settings in 1194.Pa /etc/defaults/rc.conf . 1195The files will be read in the order in which they are specified and should 1196include the full path to the file. 1197By default, the files specified are 1198.Pa /etc/rc.conf 1199and 1200.Pa /etc/rc.conf.local 1201.It Va gbde_autoattach_all 1202.Pq Vt bool 1203If set to 1204.Dq Li YES , 1205.Pa /etc/rc.d/gbde 1206will attempt to automatically initialize your .bde devices in 1207.Pa /etc/fstab . 1208.It Va gbde_devices 1209.Pq Vt str 1210List the devices that the script should try to attach, 1211or 1212.Dq Li AUTO . 1213.It Va gbde_lockdir 1214.Pq Vt str 1215The directory where the 1216.Xr gbde 4 1217lockfiles are located. 1218The default lockfile directory is 1219.Pa /etc . 1220.Pp 1221The lockfile for each individual 1222.Xr gbde 4 1223device can be overridden by setting the variable 1224.Va gbde_lock_ Ns Aq Ar device , 1225where 1226.Ar device 1227is the encrypted device without the 1228.Dq Pa /dev/ 1229and 1230.Dq Pa .bde 1231parts. 1232.It Va gbde_attach_attempts 1233.Pq Vt int 1234Number of times to attempt attaching to a 1235.Xr gbde 4 1236device, i.e., how many times the user is asked for the pass-phrase. 1237Default is 3. 1238.It Va geli_devices 1239.Pq Vt str 1240List of devices to automatically attach on boot. 1241Note that .eli devices from 1242.Pa /etc/fstab 1243are automatically appended to this list. 1244.It Va geli_tries 1245.Pq Vt int 1246Number of times user is asked for the pass-phrase. 1247If empty, it will be taken from 1248.Va kern.geom.eli.tries 1249sysctl variable. 1250.It Va geli_default_flags 1251.Pq Vt str 1252Default flags to use by 1253.Xr geli 8 1254when configuring disk encryption. 1255Flags can be configured for every device separately by defining 1256.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1257variable. 1258.It Va geli_autodetach 1259.Pq Vt str 1260Specifies if GELI devices should be marked for detach on last close after 1261file systems are mounted. 1262Default is 1263.Dq Li YES . 1264This can be changed for every device separately by defining 1265.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1266variable. 1267.It Va geli_swap_flags 1268Options passed to the 1269.Xr geli 8 1270utility when encrypted GEOM providers for swap partitions are created. 1271The default is 1272.Dq Li "-a aes -l 256 -s 4096 -d" . 1273.It Va root_rw_mount 1274.Pq Vt bool 1275Set to 1276.Dq Li YES 1277by default. 1278After the file systems are checked at boot time, the root file system 1279is remounted as read-write if this is set to 1280.Dq Li YES . 1281Diskless systems that mount their root file system from a read-only remote 1282NFS share should set this to 1283.Dq Li NO 1284in their 1285.Pa rc.conf . 1286.It Va fsck_y_enable 1287.Pq Vt bool 1288If set to 1289.Dq Li YES , 1290.Xr fsck 8 1291will be run with the 1292.Fl y 1293flag if the initial preen 1294of the file systems fails. 1295.It Va background_fsck 1296.Pq Vt bool 1297If set to 1298.Dq Li YES , 1299the system will attempt to run 1300.Xr fsck 8 1301in the background where possible. 1302.It Va background_fsck_delay 1303.Pq Vt int 1304The amount of time in seconds to sleep before starting a background 1305.Xr fsck 8 . 1306It defaults to sixty seconds to allow large applications such as 1307the X server to start before disk I/O bandwidth is monopolized by 1308.Xr fsck 8 . 1309.It Va netfs_types 1310.Pq Vt str 1311List of file system types that are network-based. 1312This list should generally not be modified by end users. 1313Use 1314.Va extra_netfs_types 1315instead. 1316.It Va extra_netfs_types 1317.Pq Vt str 1318If set to something other than 1319.Dq Li NO 1320(the default), 1321this variable extends the list of file system types 1322for which automatic mounting at startup by 1323.Xr rc 8 1324should be delayed until the network is initialized. 1325It should contain 1326a whitespace-separated list of network file system descriptor pairs, 1327each consisting of a file system type as passed to 1328.Xr mount 8 1329and a human-readable, one-word description, 1330joined with a colon 1331.Pq Ql \&: . 1332Extending the default list in this way is only necessary 1333when third party file system types are used. 1334.It Va syslogd_enable 1335.Pq Vt bool 1336If set to 1337.Dq Li YES , 1338run the 1339.Xr syslogd 8 1340daemon. 1341.It Va syslogd_program 1342.Pq Vt str 1343Path to 1344.Xr syslogd 8 1345(default 1346.Pa /usr/sbin/syslogd ) . 1347.It Va syslogd_flags 1348.Pq Vt str 1349If 1350.Va syslogd_enable 1351is set to 1352.Dq Li YES , 1353these are the flags to pass to 1354.Xr syslogd 8 . 1355.It Va inetd_enable 1356.Pq Vt bool 1357If set to 1358.Dq Li YES , 1359run the 1360.Xr inetd 8 1361daemon. 1362.It Va inetd_program 1363.Pq Vt str 1364Path to 1365.Xr inetd 8 1366(default 1367.Pa /usr/sbin/inetd ) . 1368.It Va inetd_flags 1369.Pq Vt str 1370If 1371.Va inetd_enable 1372is set to 1373.Dq Li YES , 1374these are the flags to pass to 1375.Xr inetd 8 . 1376.It Va named_enable 1377.Pq Vt bool 1378If set to 1379.Dq Li YES , 1380run the 1381.Xr named 8 1382daemon. 1383.It Va named_program 1384.Pq Vt str 1385Path to 1386.Xr named 8 1387(default 1388.Pa /usr/sbin/named ) . 1389.It Va named_flags 1390.Pq Vt str 1391If 1392.Va named_enable 1393is set to 1394.Dq Li YES , 1395these are the flags to pass to 1396.Xr named 8 . 1397.It Va named_pidfile 1398.Pq Vt str 1399This is the default path to the 1400.Xr named 8 1401daemon's PID file. 1402Change it if you change the location in 1403.Xr named.conf 5 . 1404.It Va named_chrootdir 1405.Pq Vt str 1406The root directory for a name server run in a 1407.Xr chroot 8 1408environment (default 1409.Pa /var/named ) . 1410If left empty 1411.Xr named 8 1412will not be run in a 1413.Xr chroot 8 1414environment. 1415.It Va named_chroot_autoupdate 1416.Pq Vt bool 1417Set to 1418.Dq Li NO 1419to disable automatic update of the 1420.Xr chroot 8 1421environment. 1422.It Va named_symlink_enable 1423.Pq Vt bool 1424Set to 1425.Dq Li NO 1426to disable symlinking of 1427daemon's PID file 1428into the 1429.Xr chroot 8 1430environment. 1431.It Va kerberos5_server_enable 1432.Pq Vt bool 1433Set to 1434.Dq Li YES 1435to start a Kerberos 5 authentication server 1436at boot time. 1437.It Va kerberos5_server 1438.Pq Vt str 1439If 1440.Va kerberos5_server_enable 1441is set to 1442.Dq Li YES 1443this is the path to Kerberos 5 Authentication Server. 1444.It Va kerberos5_server_flags 1445.Pq Vt str 1446Empty by default. 1447This variable contains additional flags to be passed to the Kerberos 5 1448authentication server. 1449.It Va kadmind5_server_enable 1450.Pq Vt bool 1451Set to 1452.Dq Li YES 1453to start 1454.Xr kadmind 8 , 1455the Kerberos 5 Administration Daemon; set to 1456.Dq Li NO 1457on a slave server. 1458.It Va kadmind5_server 1459.Pq Vt str 1460If 1461.Va kadmind5_server_enable 1462is set to 1463.Dq Li YES 1464this is the path to Kerberos 5 Administration Daemon. 1465.It Va kpasswdd_server_enable 1466.Pq Vt bool 1467Set to 1468.Dq Li YES 1469to start 1470.Xr kpasswdd 8 , 1471the Kerberos 5 Password-Changing Daemon; set to 1472.Dq Li NO 1473on a slave server. 1474.It Va kpasswdd_server 1475.Pq Vt str 1476If 1477.Va kpasswdd_server_enable 1478is set to 1479.Dq Li YES 1480this is the path to Kerberos 5 Password-Changing Daemon. 1481.It Va rwhod_enable 1482.Pq Vt bool 1483If set to 1484.Dq Li YES , 1485run the 1486.Xr rwhod 8 1487daemon at boot time. 1488.It Va rwhod_flags 1489.Pq Vt str 1490If 1491.Va rwhod_enable 1492is set to 1493.Dq Li YES , 1494these are the flags to pass to it. 1495.It Va amd_enable 1496.Pq Vt bool 1497If set to 1498.Dq Li YES , 1499run the 1500.Xr amd 8 1501daemon at boot time. 1502.It Va amd_flags 1503.Pq Vt str 1504If 1505.Va amd_enable 1506is set to 1507.Dq Li YES , 1508these are the flags to pass to it. 1509See the 1510.Xr amd 8 1511manpage for more information. 1512.It Va amd_map_program 1513.Pq Vt str 1514If set, 1515the specified program is run to get the list of 1516.Xr amd 8 1517maps. 1518For example, if the 1519.Xr amd 8 1520maps are stored in NIS, one can set this to 1521run 1522.Xr ypcat 1 1523to get a list of 1524.Xr amd 8 1525maps from the 1526.Pa amd.master 1527NIS map. 1528.It Va update_motd 1529.Pq Vt bool 1530If set to 1531.Dq Li YES , 1532.Pa /etc/motd 1533will be updated at boot time to reflect the kernel release 1534being run. 1535If set to 1536.Dq Li NO , 1537.Pa /etc/motd 1538will not be updated. 1539.It Va nfs_client_enable 1540.Pq Vt bool 1541If set to 1542.Dq Li YES , 1543run the NFS client daemons at boot time. 1544.It Va nfs_access_cache 1545.Pq Vt int 1546If 1547.Va nfs_client_enable 1548is set to 1549.Dq Li YES , 1550this can be set to 1551.Dq Li 0 1552to disable NFS ACCESS RPC caching, or to the number of seconds for which 1553NFS ACCESS 1554results should be cached. 1555A value of 2-10 seconds will substantially reduce network 1556traffic for many NFS operations. 1557.It Va nfs_server_enable 1558.Pq Vt bool 1559If set to 1560.Dq Li YES , 1561run the NFS server daemons at boot time. 1562.It Va nfs_server_flags 1563.Pq Vt str 1564If 1565.Va nfs_server_enable 1566is set to 1567.Dq Li YES , 1568these are the flags to pass to the 1569.Xr nfsd 8 1570daemon. 1571.It Va mountd_enable 1572.Pq Vt bool 1573If set to 1574.Dq Li YES , 1575and no 1576.Va nfs_server_enable 1577is set, start 1578.Xr mountd 8 , 1579but not 1580.Xr nfsd 8 1581daemon. 1582It is commonly needed to run CFS without real NFS used. 1583.It Va mountd_flags 1584.Pq Vt str 1585If 1586.Va mountd_enable 1587is set to 1588.Dq Li YES , 1589these are the flags to pass to the 1590.Xr mountd 8 1591daemon. 1592.It Va weak_mountd_authentication 1593.Pq Vt bool 1594If set to 1595.Dq Li YES , 1596allow services like PCNFSD to make non-privileged mount 1597requests. 1598.It Va nfs_reserved_port_only 1599.Pq Vt bool 1600If set to 1601.Dq Li YES , 1602provide NFS services only on a secure port. 1603.It Va nfs_bufpackets 1604.Pq Vt int 1605If set to a number, indicates the number of packets worth of 1606socket buffer space to reserve on an NFS client. 1607The kernel default is typically 4. 1608Using a higher number may be 1609useful on gigabit networks to improve performance. 1610The minimum value is 16112 and the maximum is 64. 1612.It Va rpc_lockd_enable 1613.Pq Vt bool 1614If set to 1615.Dq Li YES 1616and also an NFS server, run 1617.Xr rpc.lockd 8 1618at boot time. 1619.It Va rpc_statd_enable 1620.Pq Vt bool 1621If set to 1622.Dq Li YES 1623and also an NFS server, run 1624.Xr rpc.statd 8 1625at boot time. 1626.It Va rpcbind_program 1627.Pq Vt str 1628Path to 1629.Xr rpcbind 8 1630(default 1631.Pa /usr/sbin/rpcbind ) . 1632.It Va rpcbind_enable 1633.Pq Vt bool 1634If set to 1635.Dq Li YES , 1636run the 1637.Xr rpcbind 8 1638service at boot time. 1639.It Va rpcbind_flags 1640.Pq Vt str 1641If 1642.Va rpcbind_enable 1643is set to 1644.Dq Li YES , 1645these are the flags to pass to the 1646.Xr rpcbind 8 1647daemon. 1648.It Va keyserv_enable 1649.Pq Vt bool 1650If set to 1651.Dq Li YES , 1652run the 1653.Xr keyserv 8 1654daemon on boot for running Secure RPC. 1655.It Va keyserv_flags 1656.Pq Vt str 1657If 1658.Va keyserv_enable 1659is set to 1660.Dq Li YES , 1661these are the flags to pass to 1662.Xr keyserv 8 1663daemon. 1664.It Va pppoed_enable 1665.Pq Vt bool 1666If set to 1667.Dq Li YES , 1668run the 1669.Xr pppoed 8 1670daemon at boot time to provide PPP over Ethernet services. 1671.It Va pppoed_ Ns Ar provider 1672.Pq Vt str 1673.Xr pppoed 8 1674listens to requests to this 1675.Ar provider 1676and ultimately runs 1677.Xr ppp 8 1678with a 1679.Ar system 1680argument of the same name. 1681.It Va pppoed_flags 1682.Pq Vt str 1683Additional flags to pass to 1684.Xr pppoed 8 . 1685.It Va pppoed_interface 1686.Pq Vt str 1687The network interface to run 1688.Xr pppoed 8 1689on. 1690This is mandatory when 1691.Va pppoed_enable 1692is set to 1693.Dq Li YES . 1694.It Va timed_enable 1695.Pq Vt bool 1696If set to 1697.Dq Li YES , 1698run the 1699.Xr timed 8 1700service at boot time. 1701This command is intended for networks of 1702machines where a consistent 1703.Dq "network time" 1704for all hosts must be established. 1705This is often useful in large NFS 1706environments where time stamps on files are expected to be consistent 1707network-wide. 1708.It Va timed_flags 1709.Pq Vt str 1710If 1711.Va timed_enable 1712is set to 1713.Dq Li YES , 1714these are the flags to pass to the 1715.Xr timed 8 1716service. 1717.It Va ntpdate_enable 1718.Pq Vt bool 1719If set to 1720.Dq Li YES , 1721run 1722.Xr ntpdate 8 1723at system startup. 1724This command is intended to 1725synchronize the system clock only 1726.Em once 1727from some standard reference. 1728An option to set this up initially 1729(from a list of known servers) is also provided by the 1730.Xr sysinstall 8 1731program when the system is first installed. 1732.It Va ntpdate_hosts 1733.Pq Vt str 1734A whitespace-separated list of NTP servers to synchronize with at startup. 1735The default is to use the servers listed in 1736.Pa /etc/ntp.conf , 1737if that file exists. 1738.It Va ntpdate_program 1739.Pq Vt str 1740Path to 1741.Xr ntpdate 8 1742(default 1743.Pa /usr/sbin/ntpdate ) . 1744.It Va ntpdate_flags 1745.Pq Vt str 1746If 1747.Va ntpdate_enable 1748is set to 1749.Dq Li YES , 1750these are the flags to pass to the 1751.Xr ntpdate 8 1752command (typically a hostname). 1753.It Va ntpd_enable 1754.Pq Vt bool 1755If set to 1756.Dq Li YES , 1757run the 1758.Xr ntpd 8 1759command at boot time. 1760.It Va ntpd_program 1761.Pq Vt str 1762Path to 1763.Xr ntpd 8 1764(default 1765.Pa /usr/sbin/ntpd ) . 1766.It Va ntpd_flags 1767.Pq Vt str 1768If 1769.Va ntpd_enable 1770is set to 1771.Dq Li YES , 1772these are the flags to pass to the 1773.Xr ntpd 8 1774daemon. 1775.It Va ntpd_sync_on_start 1776.Pq Vt bool 1777If set to 1778.Dq Li YES , 1779.Xr ntpd 8 1780is run with the 1781.Fl g 1782flag, which syncs the system's clock on startup. 1783See 1784.Xr ntpd 8 1785for more information regarding the 1786.Fl g 1787option. 1788This is a preferred alternative to using 1789.Xr ntpdate 8 1790or specifying the 1791.Va ntpdate_enable 1792variable. 1793.It Va nis_client_enable 1794.Pq Vt bool 1795If set to 1796.Dq Li YES , 1797run the 1798.Xr ypbind 8 1799service at system boot time. 1800.It Va nis_client_flags 1801.Pq Vt str 1802If 1803.Va nis_client_enable 1804is set to 1805.Dq Li YES , 1806these are the flags to pass to the 1807.Xr ypbind 8 1808service. 1809.It Va nis_ypset_enable 1810.Pq Vt bool 1811If set to 1812.Dq Li YES , 1813run the 1814.Xr ypset 8 1815daemon at system boot time. 1816.It Va nis_ypset_flags 1817.Pq Vt str 1818If 1819.Va nis_ypset_enable 1820is set to 1821.Dq Li YES , 1822these are the flags to pass to the 1823.Xr ypset 8 1824daemon. 1825.It Va nis_server_enable 1826.Pq Vt bool 1827If set to 1828.Dq Li YES , 1829run the 1830.Xr ypserv 8 1831daemon at system boot time. 1832.It Va nis_server_flags 1833.Pq Vt str 1834If 1835.Va nis_server_enable 1836is set to 1837.Dq Li YES , 1838these are the flags to pass to the 1839.Xr ypserv 8 1840daemon. 1841.It Va nis_ypxfrd_enable 1842.Pq Vt bool 1843If set to 1844.Dq Li YES , 1845run the 1846.Xr rpc.ypxfrd 8 1847daemon at system boot time. 1848.It Va nis_ypxfrd_flags 1849.Pq Vt str 1850If 1851.Va nis_ypxfrd_enable 1852is set to 1853.Dq Li YES , 1854these are the flags to pass to the 1855.Xr rpc.ypxfrd 8 1856daemon. 1857.It Va nis_yppasswdd_enable 1858.Pq Vt bool 1859If set to 1860.Dq Li YES , 1861run the 1862.Xr rpc.yppasswdd 8 1863daemon at system boot time. 1864.It Va nis_yppasswdd_flags 1865.Pq Vt str 1866If 1867.Va nis_yppasswdd_enable 1868is set to 1869.Dq Li YES , 1870these are the flags to pass to the 1871.Xr rpc.yppasswdd 8 1872daemon. 1873.It Va rpc_ypupdated_enable 1874.Pq Vt bool 1875If set to 1876.Dq Li YES , 1877run the 1878.Nm rpc.ypupdated 1879daemon at system boot time. 1880.It Va bsnmpd_enable 1881.Pq Vt bool 1882If set to 1883.Dq Li YES , 1884run the 1885.Xr bsnmpd 1 1886daemon at system boot time. 1887Be sure to understand the security implications of running SNMP daemon 1888on your host. 1889.It Va bsnmpd_flags 1890.Pq Vt str 1891If 1892.Va bsnmpd_enable 1893is set to 1894.Dq Li YES , 1895these are the flags to pass to the 1896.Xr bsnmpd 1 1897daemon. 1898.It Va defaultrouter 1899.Pq Vt str 1900If not set to 1901.Dq Li NO , 1902create a default route to this host name or IP address 1903(use an IP address if this router is also required to get to the 1904name server!). 1905.It Va ipv6_defaultrouter 1906.Pq Vt str 1907The IPv6 equivalent of 1908.Va defaultrouter . 1909.It Va static_routes 1910.Pq Vt str 1911Set to the list of static routes that are to be added at system 1912boot time. 1913If not set to 1914.Dq Li NO 1915then for each whitespace separated 1916.Ar element 1917in the value, a 1918.Va route_ Ns Aq Ar element 1919variable is assumed to exist 1920whose contents will later be passed to a 1921.Dq Nm route Cm add 1922operation. 1923For example: 1924.Bd -literal 1925static_routes="mcast gif0local" 1926route_mcast="-net 224.0.0.0/4 -iface gif0" 1927route_gif0local="-host 169.254.1.1 -iface lo0" 1928.Ed 1929.It Va ipv6_static_routes 1930.Pq Vt str 1931The IPv6 equivalent of 1932.Va static_routes . 1933If not set to 1934.Dq Li NO 1935then for each whitespace separated 1936.Ar element 1937in the value, a 1938.Va ipv6_route_ Ns Aq Ar element 1939variable is assumed to exist 1940whose contents will later be passed to a 1941.Dq Nm route Cm add Fl inet6 1942operation. 1943.It Va natm_static_routes 1944.Pq Vt str 1945The 1946.Xr natmip 4 1947equivalent of 1948.Va static_routes . 1949If not empty then for each whitespace separated 1950.Ar element 1951in the value, a 1952.Va route_ Ns Aq Ar element 1953variable is assumed to exist whose contents will later be passed to a 1954.Dq Nm atmconfig Cm natm Cm add 1955operation. 1956.It Va gateway_enable 1957.Pq Vt bool 1958If set to 1959.Dq Li YES , 1960configure host to act as an IP router, e.g.\& to forward packets 1961between interfaces. 1962.It Va ipv6_gateway_enable 1963.Pq Vt bool 1964The IPv6 equivalent of 1965.Va gateway_enable . 1966.It Va router_enable 1967.Pq Vt bool 1968If set to 1969.Dq Li YES , 1970run a routing daemon of some sort, based on the 1971settings of 1972.Va router 1973and 1974.Va router_flags . 1975.It Va ipv6_router_enable 1976.Pq Vt bool 1977The IPv6 equivalent of 1978.Va router_enable . 1979If set to 1980.Dq Li YES , 1981run a routing daemon of some sort, based on the 1982settings of 1983.Va ipv6_router 1984and 1985.Va ipv6_router_flags . 1986.It Va router 1987.Pq Vt str 1988If 1989.Va router_enable 1990is set to 1991.Dq Li YES , 1992this is the name of the routing daemon to use. 1993.It Va ipv6_router 1994.Pq Vt str 1995The IPv6 equivalent of 1996.Va router . 1997.It Va router_flags 1998.Pq Vt str 1999If 2000.Va router_enable 2001is set to 2002.Dq Li YES , 2003these are the flags to pass to the routing daemon. 2004.It Va ipv6_router_flags 2005.Pq Vt str 2006The IPv6 equivalent of 2007.Va router_flags . 2008.It Va mrouted_enable 2009.Pq Vt bool 2010If set to 2011.Dq Li YES , 2012run the multicast routing daemon, 2013.Xr mrouted 8 . 2014.It Va mroute6d_enable 2015.Pq Vt bool 2016The IPv6 equivalent of 2017.Va mrouted_enable . 2018If set to 2019.Dq Li YES , 2020run the IPv6 multicast routing daemon. 2021Note that no IPv6 multicast routing daemon is included in the 2022.Fx 2023base system but 2024.Xr pim6dd 8 2025can be installed from the 2026.Fx 2027Ports Collection. 2028.It Va mrouted_flags 2029.Pq Vt str 2030If 2031.Va mrouted_enable 2032is set to 2033.Dq Li YES , 2034these are the flags to pass to the 2035.Xr mrouted 8 2036daemon. 2037.It Va mroute6d_flags 2038.Pq Vt str 2039The IPv6 equivalent of 2040.Va mrouted_flags . 2041If 2042.Va mroute6d_enable 2043is set to 2044.Dq Li YES , 2045these are the flags passed to the IPv6 multicast routing daemon. 2046.It Va mroute6d_program 2047.Pq Vt str 2048If 2049.Va mroute6d_enable 2050is set to 2051.Dq Li YES , 2052this is the path to the IPv6 multicast routing daemon. 2053.It Va rtadvd_enable 2054.Pq Vt bool 2055If set to 2056.Dq Li YES , 2057run the 2058.Xr rtadvd 8 2059daemon at boot time. 2060.Xr rtadvd 8 2061will only run if 2062.Va ipv6_gateway_enable 2063is also set to 2064.Dq Li YES . 2065The 2066.Xr rtadvd 8 2067utility sends router advertisement packets to the interfaces specified in 2068.Va rtadvd_interfaces 2069and should only be enabled with great care. 2070You may want to fine-tune 2071.Xr rtadvd.conf 5 . 2072.It Va rtadvd_interfaces 2073.Pq Vt str 2074If 2075.Va rtadvd_enable 2076is set to 2077.Dq Li YES 2078this is the list of interfaces to use. 2079.It Va ipxgateway_enable 2080.Pq Vt bool 2081If set to 2082.Dq Li YES , 2083enable the routing of IPX traffic. 2084.It Va ipxrouted_enable 2085.Pq Vt bool 2086If set to 2087.Dq Li YES , 2088run the 2089.Xr IPXrouted 8 2090daemon at system boot time. 2091.It Va ipxrouted_flags 2092.Pq Vt str 2093If 2094.Va ipxrouted_enable 2095is set to 2096.Dq Li YES , 2097these are the flags to pass to the 2098.Xr IPXrouted 8 2099daemon. 2100.It Va arpproxy_all 2101.Pq Vt bool 2102If set to 2103.Dq Li YES , 2104enable global proxy ARP. 2105.It Va forward_sourceroute 2106.Pq Vt bool 2107If set to 2108.Dq Li YES 2109and 2110.Va gateway_enable 2111is also set to 2112.Dq Li YES , 2113source-routed packets are forwarded. 2114.It Va accept_sourceroute 2115.Pq Vt bool 2116If set to 2117.Dq Li YES , 2118the system will accept source-routed packets directed at it. 2119.It Va rarpd_enable 2120.Pq Vt bool 2121If set to 2122.Dq Li YES , 2123run the 2124.Xr rarpd 8 2125daemon at system boot time. 2126.It Va rarpd_flags 2127.Pq Vt str 2128If 2129.Va rarpd_enable 2130is set to 2131.Dq Li YES , 2132these are the flags to pass to the 2133.Xr rarpd 8 2134daemon. 2135.It Va bootparamd_enable 2136.Pq Vt bool 2137If set to 2138.Dq Li YES , 2139run the 2140.Xr bootparamd 8 2141daemon at system boot time. 2142.It Va bootparamd_flags 2143.Pq Vt str 2144If 2145.Va bootparamd_enable 2146is set to 2147.Dq Li YES , 2148these are the flags to pass to the 2149.Xr bootparamd 8 2150daemon. 2151.It Va stf_interface_ipv4addr 2152.Pq Vt str 2153If not set to 2154.Dq Li NO , 2155this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2156interface). 2157Specify this entry to enable the 6to4 interface. 2158.It Va stf_interface_ipv4plen 2159.Pq Vt int 2160Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2161An effective value is 0-31. 2162.It Va stf_interface_ipv6_ifid 2163.Pq Vt str 2164IPv6 interface ID for 2165.Xr stf 4 . 2166This can be set to 2167.Dq Li AUTO . 2168.It Va stf_interface_ipv6_slaid 2169.Pq Vt str 2170IPv6 Site Level Aggregator for 2171.Xr stf 4 . 2172.It Va ipv6_faith_prefix 2173.Pq Vt str 2174If not set to 2175.Dq Li NO , 2176this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2177translator. 2178You also need 2179.Xr faithd 8 2180setup. 2181.It Va ipv6_ipv4mapping 2182.Pq Vt bool 2183If set to 2184.Dq Li YES 2185this enables IPv4 mapped IPv6 address communication (like 2186.Li ::ffff:a.b.c.d ) . 2187.It Va atm_enable 2188.Pq Vt bool 2189Set to 2190.Dq Li YES 2191to enable the configuration of ATM interfaces at system boot time. 2192For all of the ATM variables described below, please refer to the 2193.Xr atm 8 2194manual page for further details on the available command parameters. 2195Also refer to the files in 2196.Pa /usr/share/examples/atm 2197for more detailed configuration information. 2198.It Va atm_load 2199.Pq Vt str 2200This is a list of physical ATM interface drivers to load. 2201Typical values are 2202.Dq Li hfa_pci 2203and/or 2204.Dq Li hea_pci . 2205.It Va atm_netif_ Ns Aq Ar intf 2206.Pq Vt str 2207For the ATM physical interface 2208.Ar intf , 2209this variable defines the name prefix and count for the ATM network 2210interfaces to be created. 2211The value will be passed as the parameters of an 2212.Dq Nm atm Cm "set netif" Ar intf 2213command. 2214.It Va atm_sigmgr_ Ns Aq Ar intf 2215.Pq Vt str 2216For the ATM physical interface 2217.Ar intf , 2218this variable defines the ATM signalling manager to be used. 2219The value will be passed as the parameters of an 2220.Dq Nm atm Cm attach Ar intf 2221command. 2222.It Va atm_prefix_ Ns Aq Ar intf 2223.Pq Vt str 2224For the ATM physical interface 2225.Ar intf , 2226this variable defines the NSAP prefix for interfaces using a UNI signalling 2227manager. 2228If set to 2229.Dq Li ILMI , 2230the prefix will automatically be set via the 2231.Xr ilmid 8 2232daemon. 2233Otherwise, the value will be passed as the parameters of an 2234.Dq Nm atm Cm "set prefix" Ar intf 2235command. 2236.It Va atm_macaddr_ Ns Aq Ar intf 2237.Pq Vt str 2238For the ATM physical interface 2239.Ar intf , 2240this variable defines the MAC address for interfaces using a UNI signalling 2241manager. 2242If set to 2243.Dq Li NO , 2244the hardware MAC address contained in the ATM interface card will be used. 2245Otherwise, the value will be passed as the parameters of an 2246.Dq Nm atm Cm "set mac" Ar intf 2247command. 2248.It Va atm_arpserver_ Ns Aq Ar netif 2249.Pq Vt str 2250For the ATM network interface 2251.Ar netif , 2252this variable defines the ATM address for a host which is to provide ATMARP 2253service. 2254This variable is only applicable to interfaces using a UNI signalling 2255manager. 2256If set to 2257.Dq Li local , 2258this host will become an ATMARP server. 2259The value will be passed as the parameters of an 2260.Dq Nm atm Cm "set arpserver" Ar netif 2261command. 2262.It Va atm_scsparp_ Ns Aq Ar netif 2263.Pq Vt bool 2264If set to 2265.Dq Li YES , 2266SCSP/ATMARP service for the network interface 2267.Ar netif 2268will be initiated using the 2269.Xr scspd 8 2270and 2271.Xr atmarpd 8 2272daemons. 2273This variable is only applicable if 2274.Va atm_arpserver_ Ns Aq Ar netif 2275is set to 2276.Dq Li local . 2277.It Va atm_pvcs 2278.Pq Vt str 2279Set to the list of ATM PVCs to be added at system 2280boot time. 2281For each whitespace separated 2282.Ar element 2283in the value, an 2284.Va atm_pvc_ Ns Aq Ar element 2285variable is assumed to exist. 2286The value of each of these variables 2287will be passed as the parameters of an 2288.Dq Nm atm Cm "add pvc" 2289command. 2290.It Va atm_arps 2291.Pq Vt str 2292Set to the list of permanent ATM ARP entries to be added 2293at system boot time. 2294For each whitespace separated 2295.Ar element 2296in the value, an 2297.Va atm_arp_ Ns Aq Ar element 2298variable is assumed to exist. 2299The value of each of these variables 2300will be passed as the parameters of an 2301.Dq Nm atm Cm "add arp" 2302command. 2303.It Va natm_interfaces 2304.Pq Vt str 2305Set to the list of 2306.Xr natm 4 2307interfaces that will also be used for HARP through 2308.Xr harp 4 . 2309If this list is not empty all interfaces in the list will be brought up 2310with 2311.Xr ifconfig 8 2312and 2313.Xr harp 4 2314will be loaded. 2315For this to work the interface drivers must be either compiled into the 2316kernel or must reside on the root partition. 2317.It Va keybell 2318.Pq Vt str 2319The keyboard bell sound. 2320Set to 2321.Dq Li normal , 2322.Dq Li visual , 2323.Dq Li off , 2324or 2325.Dq Li NO 2326if the default behavior is desired. 2327For details, refer to the 2328.Xr kbdcontrol 1 2329manpage. 2330.It Va keyboard 2331.Pq Vt str 2332If set to a non-null string, the virtual console's keyboard input is 2333set to this device. 2334.It Va keymap 2335.Pq Vt str 2336If set to 2337.Dq Li NO , 2338no keymap is installed, otherwise the value is used to install 2339the keymap file in 2340.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2341.It Va keyrate 2342.Pq Vt str 2343The keyboard repeat speed. 2344Set to 2345.Dq Li slow , 2346.Dq Li normal , 2347.Dq Li fast , 2348or 2349.Dq Li NO 2350if the default behavior is desired. 2351.It Va keychange 2352.Pq Vt str 2353If not set to 2354.Dq Li NO , 2355attempt to program the function keys with the value. 2356The value should 2357be a single string of the form: 2358.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2359.It Va cursor 2360.Pq Vt str 2361Can be set to the value of 2362.Dq Li normal , 2363.Dq Li blink , 2364.Dq Li destructive , 2365or 2366.Dq Li NO 2367to set the cursor behavior explicitly or choose the default behavior. 2368.It Va scrnmap 2369.Pq Vt str 2370If set to 2371.Dq Li NO , 2372no screen map is installed, otherwise the value is used to install 2373the screen map file in 2374.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2375.It Va font8x16 2376.Pq Vt str 2377If set to 2378.Dq Li NO , 2379the default 8x16 font value is used for screen size requests, otherwise 2380the value in 2381.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2382is used. 2383.It Va font8x14 2384.Pq Vt str 2385If set to 2386.Dq Li NO , 2387the default 8x14 font value is used for screen size requests, otherwise 2388the value in 2389.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2390is used. 2391.It Va font8x8 2392.Pq Vt str 2393If set to 2394.Dq Li NO , 2395the default 8x8 font value is used for screen size requests, otherwise 2396the value in 2397.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2398is used. 2399.It Va blanktime 2400.Pq Vt int 2401If set to 2402.Dq Li NO , 2403the default screen blanking interval is used, otherwise it is set 2404to 2405.Ar value 2406seconds. 2407.It Va saver 2408.Pq Vt str 2409If not set to 2410.Dq Li NO , 2411this is the actual screen saver to use 2412.Li ( blank , snake , daemon , 2413etc). 2414.It Va moused_nondefault_enable 2415.Pq Vt str 2416If set to 2417.Dq Li NO , 2418the mouse device specified on 2419the command line is not automatically treated as enabled by the 2420.Pa /etc/rc.d/moused 2421script. 2422Having this variable set to 2423.Dq Li YES 2424allows a 2425.Xr usb 4 2426mouse, 2427for example, 2428to be enabled as soon as it is plugged in. 2429.It Va moused_enable 2430.Pq Vt str 2431If set to 2432.Dq Li YES , 2433the 2434.Xr moused 8 2435daemon is started for doing cut/paste selection on the console. 2436.It Va moused_type 2437.Pq Vt str 2438This is the protocol type of the mouse connected to this host. 2439This variable must be set if 2440.Va moused_enable 2441is set to 2442.Dq Li YES . 2443The 2444.Xr moused 8 2445daemon 2446is able to detect the appropriate mouse type automatically in many cases. 2447Set this variable to 2448.Dq Li auto 2449to let the daemon detect it, or 2450select one from the following list if the automatic detection fails. 2451.Pp 2452If the mouse is attached to the PS/2 mouse port, choose 2453.Dq Li auto 2454or 2455.Dq Li ps/2 , 2456regardless of the brand and model of the mouse. 2457Likewise, if the 2458mouse is attached to the bus mouse port, choose 2459.Dq Li auto 2460or 2461.Dq Li busmouse . 2462All other protocols are for serial mice and will not work with 2463the PS/2 and bus mice. 2464If this is a USB mouse, 2465.Dq Li auto 2466is the only protocol type which will work. 2467.Pp 2468.Bl -tag -width ".Li x10mouseremote" -compact 2469.It Li microsoft 2470Microsoft mouse (serial) 2471.It Li intellimouse 2472Microsoft IntelliMouse (serial) 2473.It Li mousesystems 2474Mouse systems Corp.\& mouse (serial) 2475.It Li mmseries 2476MM Series mouse (serial) 2477.It Li logitech 2478Logitech mouse (serial) 2479.It Li busmouse 2480A bus mouse 2481.It Li mouseman 2482Logitech MouseMan and TrackMan (serial) 2483.It Li glidepoint 2484ALPS GlidePoint (serial) 2485.It Li thinkingmouse 2486Kensington ThinkingMouse (serial) 2487.It Li ps/2 2488PS/2 mouse 2489.It Li mmhittab 2490MM HitTablet (serial) 2491.It Li x10mouseremote 2492X10 MouseRemote (serial) 2493.It Li versapad 2494Interlink VersaPad (serial) 2495.El 2496.Pp 2497Even if the mouse is not in the above list, it may be compatible 2498with one in the list. 2499Refer to the manual page for 2500.Xr moused 8 2501for compatibility information. 2502.Pp 2503It should also be noted that while this is enabled, any 2504other client of the mouse (such as an X server) should access 2505the mouse through the virtual mouse device, 2506.Pa /dev/sysmouse , 2507and configure it as a 2508.Dq Li sysmouse 2509type mouse, since all 2510mouse data is converted to this single canonical format when 2511using 2512.Xr moused 8 . 2513If the client program does not support the 2514.Dq Li sysmouse 2515type, 2516specify the 2517.Dq Li mousesystems 2518type. 2519It is the second preferred type. 2520.It Va moused_port 2521.Pq Vt str 2522If 2523.Va moused_enable 2524is set to 2525.Dq Li YES , 2526this is the actual port the mouse is on. 2527It might be 2528.Pa /dev/cuad0 2529for a COM1 serial mouse, 2530.Pa /dev/psm0 2531for a PS/2 mouse or 2532.Pa /dev/mse0 2533for a bus mouse, for example. 2534.It Va moused_flags 2535.Pq Vt str 2536If 2537.Va moused_type 2538is set, these are the additional flags to pass to the 2539.Xr moused 8 2540daemon. 2541.It Va mousechar_start 2542.Pq Vt int 2543If set to 2544.Dq Li NO , 2545the default mouse cursor character range 2546.Li 0xd0 Ns - Ns Li 0xd3 2547is used, 2548otherwise the range start is set 2549to 2550.Ar value 2551character, see 2552.Xr vidcontrol 1 . 2553Use if the default range is occupied in the language code table. 2554.It Va allscreens_flags 2555.Pq Vt str 2556If set, 2557.Xr vidcontrol 1 2558is run with these options for each of the virtual terminals 2559.Pq Pa /dev/ttyv* . 2560For example, 2561.Dq Fl m Cm on 2562will enable the mouse pointer on all virtual terminals 2563if 2564.Va moused_enable 2565is set to 2566.Dq Li YES . 2567.It Va allscreens_kbdflags 2568.Pq Vt str 2569If set, 2570.Xr kbdcontrol 1 2571is run with these options for each of the virtual terminals 2572.Pq Pa /dev/ttyv* . 2573For example, 2574.Dq Fl h Li 200 2575will set the 2576.Xr syscons 4 2577scrollback (history) buffer to 200 lines. 2578.It Va cron_enable 2579.Pq Vt bool 2580If set to 2581.Dq Li YES , 2582run the 2583.Xr cron 8 2584daemon at system boot time. 2585.It Va cron_program 2586.Pq Vt str 2587Path to 2588.Xr cron 8 2589(default 2590.Pa /usr/sbin/cron ) . 2591.It Va cron_flags 2592.Pq Vt str 2593If 2594.Va cron_enable 2595is set to 2596.Dq Li YES , 2597these are the flags to pass to 2598.Xr cron 8 . 2599.It Va cron_dst 2600.Pq Vt bool 2601If set to 2602.Dq Li YES , 2603enable the special handling of transitions to and from the 2604Daylight Saving Time in 2605.Xr cron 8 2606(equivalent to using the flag 2607.Fl s ) . 2608.It Va lpd_program 2609.Pq Vt str 2610Path to 2611.Xr lpd 8 2612(default 2613.Pa /usr/sbin/lpd ) . 2614.It Va lpd_enable 2615.Pq Vt bool 2616If set to 2617.Dq Li YES , 2618run the 2619.Xr lpd 8 2620daemon at system boot time. 2621.It Va lpd_flags 2622.Pq Vt str 2623If 2624.Va lpd_enable 2625is set to 2626.Dq Li YES , 2627these are the flags to pass to the 2628.Xr lpd 8 2629daemon. 2630.It Va chkprintcap_enable 2631.Pq Vt bool 2632If set to 2633.Dq Li YES , 2634run the 2635.Xr chkprintcap 8 2636command before starting the 2637.Xr lpd 8 2638daemon. 2639.It Va chkprintcap_flags 2640.Pq Vt str 2641If 2642.Va lpd_enable 2643and 2644.Va chkprintcap_enable 2645are set to 2646.Dq Li YES , 2647these are the flags to pass to the 2648.Xr chkprintcap 8 2649program. 2650The default is 2651.Dq Li -d , 2652which causes missing directories to be created. 2653.It Va mta_start_script 2654.Pq Vt str 2655This variable specifies the full path to the script to run to start 2656a mail transfer agent. 2657The default is 2658.Pa /etc/rc.sendmail . 2659The 2660.Va sendmail_* 2661variables which 2662.Pa /etc/rc.sendmail 2663uses are documented in the 2664.Xr rc.sendmail 8 2665manual page. 2666.It Va dumpdev 2667.Pq Vt str 2668Indicates the device (usually a swap partition) to which a crash dump 2669should be written in the event of a system crash. 2670If the value of this variable is 2671.Dq Li AUTO , 2672the first suitable swap device listed in 2673.Pa /etc/fstab 2674will be used as dump device. 2675Otherwise, the value of this variable is passed as the argument to 2676.Xr dumpon 8 . 2677To disable crash dumps, set this variable to 2678.Dq Li NO . 2679.It Va dumpdir 2680.Pq Vt str 2681When the system reboots after a crash and a crash dump is found on the 2682device specified by the 2683.Va dumpdev 2684variable, 2685.Xr savecore 8 2686will save that crash dump and a copy of the kernel to the directory 2687specified by the 2688.Va dumpdir 2689variable. 2690The default value is 2691.Pa /var/crash . 2692Set to 2693.Dq Li NO 2694to not run 2695.Xr savecore 8 2696at boot time when 2697.Va dumpdir 2698is set. 2699.It Va savecore_flags 2700.Pq Vt str 2701If crash dumps are enabled, these are the flags to pass to the 2702.Xr savecore 8 2703utility. 2704.It Va enable_quotas 2705.Pq Vt bool 2706Set to 2707.Dq Li YES 2708to turn on user disk quotas on system startup via the 2709.Xr quotaon 8 2710command. 2711.It Va check_quotas 2712.Pq Vt bool 2713Set to 2714.Dq Li YES 2715to enable user disk quota checking via the 2716.Xr quotacheck 8 2717command. 2718.It Va accounting_enable 2719.Pq Vt bool 2720Set to 2721.Dq Li YES 2722to enable system accounting through the 2723.Xr accton 8 2724facility. 2725.It Va ibcs2_enable 2726.Pq Vt bool 2727Set to 2728.Dq Li YES 2729to enable iBCS2 (SCO) binary emulation at system initial boot 2730time. 2731.It Va ibcs2_loaders 2732.Pq Vt str 2733If not set to 2734.Dq Li NO 2735and if 2736.Va ibcs2_enable 2737is set to 2738.Dq Li YES , 2739this specifies a list of additional iBCS2 loaders to enable. 2740.It Va linux_enable 2741.Pq Vt bool 2742Set to 2743.Dq Li YES 2744to enable Linux/ELF binary emulation at system initial 2745boot time. 2746.It Va osf1_enable 2747.Pq Vt bool 2748Set to 2749.Dq Li YES 2750to enable OSF/1 (Digital UNIX) binary emulation at system 2751initial boot time. 2752(alpha) 2753.It Va svr4_enable 2754.Pq Vt bool 2755If set to 2756.Dq Li YES , 2757enable SysVR4 emulation at boot time. 2758.It Va sysvipc_enable 2759.Pq Vt bool 2760If set to 2761.Dq Li YES , 2762load System V IPC primitives at boot time. 2763.It Va clear_tmp_enable 2764.Pq Vt bool 2765Set to 2766.Dq Li YES 2767to have 2768.Pa /tmp 2769cleaned at startup. 2770.It Va ldconfig_paths 2771.Pq Vt str 2772Set to the list of shared library paths to use with 2773.Xr ldconfig 8 . 2774NOTE: 2775.Pa /usr/lib 2776will always be added first, so it need not appear in this list. 2777.It Va ldconfig_paths_aout 2778.Pq Vt str 2779Set to the list of shared library paths to use with 2780.Xr ldconfig 8 2781legacy 2782.Xr a.out 5 2783support. 2784.It Va ldconfig_insecure 2785.Pq Vt bool 2786The 2787.Xr ldconfig 8 2788utility normally refuses to use directories 2789which are writable by anyone except root. 2790Set this variable to 2791.Dq Li YES 2792to disable that security check during system startup. 2793.It Va kern_securelevel_enable 2794.Pq Vt bool 2795Set to 2796.Dq Li YES 2797to set the kernel security level at system startup. 2798.It Va kern_securelevel 2799.Pq Vt int 2800The kernel security level to set at startup. 2801The allowed range of 2802.Ar value 2803ranges from \-1 (the compile time default) to 3 (the 2804most secure). 2805See 2806.Xr init 8 2807for the list of possible security levels and their effect 2808on system operation. 2809.It Va sshd_program 2810.Pq Vt str 2811Path to the SSH server program 2812.Pa ( /usr/sbin/sshd 2813is the default). 2814.It Va sshd_enable 2815.Pq Vt bool 2816Set to 2817.Dq Li YES 2818to start 2819.Xr sshd 8 2820at system boot time. 2821.It Va sshd_flags 2822.Pq Vt str 2823If 2824.Va sshd_enable 2825is set to 2826.Dq Li YES , 2827these are the flags to pass to the 2828.Xr sshd 8 2829daemon. 2830.It Va usbd_enable 2831.Pq Vt bool 2832If set to 2833.Dq Li YES , 2834run the 2835.Xr usbd 8 2836daemon at boot time. 2837.It Va usbd_flags 2838.Pq Vt str 2839If 2840.Va usbd_enable 2841is set to 2842.Dq Li YES , 2843these are the flags passed to the 2844.Xr usbd 8 2845daemon. 2846.It Va watchdogd_enable 2847.Pq Vt bool 2848If set to 2849.Dq Li YES , 2850start the 2851.Xr watchdogd 8 2852daemon at boot time. 2853This requires that the kernel have been compiled with a 2854.Xr watchdog 4 2855compatible device. 2856.It Va watchdogd_flags 2857.Pq Vt str 2858If 2859.Va watchdogd_enable 2860is set to 2861.Dq Li YES , 2862these are the flags passed to the 2863.Xr watchdogd 8 2864daemon. 2865.It Va performance_cx_lowest 2866.Pq Vt str 2867CPU idle state to use while on AC power. 2868The string 2869.Dq Li LOW 2870indicates that 2871.Xr acpi 4 2872should use the lowest power state available while 2873.Dq Li HIGH 2874indicates that the lowest latency state (less power savings) should be used. 2875.It Va performance_cpu_freq 2876.Pq Vt str 2877CPU clock frequency to use while on AC power. 2878The string 2879.Dq Li LOW 2880indicates that 2881.Xr cpufreq 4 2882should use the lowest frequency available while 2883.Dq Li HIGH 2884indicates that the highest frequency (less power savings) should be used. 2885.It Va economy_cx_lowest 2886.Pq Vt str 2887CPU idle state to use when off AC power. 2888The string 2889.Dq Li LOW 2890indicates that 2891.Xr acpi 4 2892should use the lowest power state available while 2893.Dq Li HIGH 2894indicates that the lowest latency state (less power savings) should be used. 2895.It Va economy_cpu_freq 2896.Pq Vt str 2897CPU clock frequency to use when off AC power. 2898The string 2899.Dq Li LOW 2900indicates that 2901.Xr cpufreq 4 2902should use the lowest frequency available while 2903.Dq Li HIGH 2904indicates that the highest frequency (less power savings) should be used. 2905.It Va jail_enable 2906.Pq Vt bool 2907If set to 2908.Dq Li NO , 2909any configured jails will not be started. 2910.It Va jail_list 2911.Pq Vt str 2912A space separated list of names for jails. 2913This is purely a configuration aid to help identify and 2914configure multiple jails. 2915The names specified in this list will be used to 2916identify settings common to an instance of a jail. 2917Assuming that the jail in question was named 2918.Li vjail , 2919you would have the following dependent variables: 2920.Bd -literal 2921jail_vjail_hostname="jail.example.com" 2922jail_vjail_ip="192.168.1.100" 2923jail_vjail_rootdir="/var/jails/vjail/root" 2924jail_vjail_exec="/bin/sh /etc/rc" 2925.Ed 2926.Pp 2927The last one is optional. 2928It defaults to 2929.Pa /etc/rc 2930if it is not set. 2931.It Va jail_set_hostname_allow 2932.Pq Vt bool 2933If set to 2934.Dq Li NO , 2935do not allow the root user in a jail to set its hostname. 2936.It Va jail_socket_unixiproute_only 2937.Pq Vt bool 2938If set to 2939.Dq Li NO , 2940do not allow any protocol, 2941besides TCP/IP, 2942to be used within a jail. 2943.It Va jail_sysvipc_allow 2944.Pq Vt bool 2945If set to 2946.Dq Li YES , 2947allow applications within a jail to use System V IPC. 2948.It Va unaligned_print 2949.Pq Vt bool 2950If set to 2951.Dq Li NO , 2952unaligned access warnings will not be printed. 2953(alpha) 2954.\" ----- ISDN settings --------------------------------- 2955.It Va isdn_enable 2956.Pq Vt bool 2957Set to 2958.Dq Li NO 2959by default. 2960When set to 2961.Dq Li YES , 2962starts the 2963.Xr isdnd 8 2964daemon 2965at system boot time. 2966.It Va isdn_flags 2967.Pq Vt str 2968Set to 2969.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 2970by default. 2971Additional flags to pass to 2972.Xr isdnd 8 2973(but see 2974.Va isdn_fsdev 2975and 2976.Va isdn_ttype 2977for certain tunable parameters). 2978.It Va isdn_ttype 2979.Pq Vt str 2980Set to 2981.Dq Li cons25 2982by default. 2983The terminal type of the output device when 2984.Xr isdnd 8 2985operates in full-screen mode. 2986.It Va isdn_screenflags 2987.Pq Vt str 2988Set to 2989.Dq Li NO 2990by default. 2991The video mode for full-screen mode (only for 2992.Xr syscons 4 2993console driver, see 2994.Xr vidcontrol 1 2995for valid modes). 2996.It Va isdn_fsdev 2997.Pq Vt str 2998Set to 2999.Dq Li NO 3000by default. 3001The output device for 3002.Xr isdnd 8 3003in full-screen mode (or 3004.Dq Li NO 3005for daemon mode). 3006.It Va isdn_trace 3007.Pq Vt bool 3008Set to 3009.Dq Li NO 3010by default. 3011When set to 3012.Dq Li YES , 3013enables the ISDN protocol trace utility 3014.Xr isdntrace 8 3015at system boot time. 3016.It Va isdn_traceflags 3017.Pq Vt str 3018Set to 3019.Dq Fl f Pa /var/tmp/isdntrace0 3020by default. 3021Flags for 3022.Xr isdntrace 8 . 3023.\" ----------------------------------------------------- 3024.It Va pcvt_verbose 3025.Pq Vt bool 3026Set to 3027.Dq Li NO 3028by default. 3029When set to 3030.Dq Li YES , 3031verbose messages about the actions done by the start script are displayed. 3032.Em Note : 3033the 3034.Xr pcvt 4 3035driver must be compiled into the kernel before the 3036.Xr pcvt 4 3037related 3038options described here take any effect. 3039.It Va pcvt_keymap 3040.Pq Vt str 3041Set to 3042.Dq Li NO 3043by default. 3044Use this to configure a national keyboard mapping found in the 3045.Pa /usr/share/misc/keycap.pcvt 3046file of keyboard mappings. 3047(See also the manual pages 3048.Xr keycap 5 3049and 3050.Xr keycap 3 3051for usage of 3052.Xr pcvt 4 Ns 's 3053keycap database and the manual page 3054.Xr kcon 1 3055option 3056.Fl m 3057for national keyboard mapping configuration.) 3058.It Va pcvt_keydel 3059.Pq Vt int 3060Set to 3061.Dq Li NO 3062by default. 3063Used to set the keyboard key repeat delay value. 3064Valid values are 3065in the range 0..3 for delay values of 250, 500, 750 and 1000 msec. 3066(See also the 3067.Xr kcon 1 3068manual page.) 3069.It Va pcvt_keyrate 3070.Pq Vt int 3071Set to 3072.Dq Li NO 3073by default. 3074Used to set the keyboard key repetition rate value. 3075Valid values are 3076in the range 0..31 for repetition values of 2..30 characters per second. 3077.It Va pcvt_keyrepeat 3078.Pq Vt bool 3079Set to 3080.Dq Li NO 3081by default. 3082Set to 3083.Dq Li YES 3084to enable automatic keyboard key repeating. 3085.It Va pcvt_force24 3086.Pq Vt bool 3087Set to 3088.Dq Li NO 3089by default. 3090Set to 3091.Dq Li YES 3092to force 3093.Xr pcvt 4 3094to use 24 lines only (in 25 lines mode) for compatibility 3095with the original 3096.Tn VT220 3097terminal. 3098.It Va pcvt_hpext 3099.Pq Vt bool 3100Set to 3101.Dq Li NO 3102by default. 3103Set to 3104.Dq Li YES 3105to enable the display and functionality of function key labels (as found 3106on 3107.Tn Hewlett-Packard 3108terminals such as the 3109.Tn HP2392A 3110and the 3111.Tn HP700/92 3112in 3113.Tn ANSI 3114mode). 3115.It Va pcvt_lines 3116.Pq Vt int 3117Set to 3118.Dq Li NO 3119by default resulting in a value of 25. 3120Used to set the number of lines on the screen. 3121For VGA displays, valid 3122values are 25, 28, 40 and 50 lines. 3123(See also the 3124.Xr scon 1 3125manual page.) 3126.It Va pcvt_blanktime 3127.Pq Vt int 3128Set to 3129.Dq Li NO 3130by default. 3131Used to set the screen saver timeout in seconds for values greater than 3132zero. 3133.It Va pcvt_cursorh 3134.Pq Vt int 3135Set to 3136.Dq Li NO 3137by default. 3138Used to set the cursor top scanline. 3139(See also the 3140.Xr cursor 1 3141manual page.) 3142.It Va pcvt_cursorl 3143.Pq Vt int 3144Set to 3145.Dq Li NO 3146by default. 3147Used to set the cursor bottom scanline. 3148.It Va pcvt_monohigh 3149.Pq Vt bool 3150Set to 3151.Dq Li NO 3152by default. 3153Set to 3154.Dq Li YES 3155to set intensity to high on monochrome monitors. 3156(See also the 3157.Xr scon 1 3158manual page, option 3159.Fl p , 3160for more information on changing VGA palette 3161values.) 3162.It Va harvest_interrupt 3163.Pq Vt bool 3164Set to 3165.Dq Li YES 3166to use hardware interrupts as an entropy source. 3167Refer to 3168.Xr random 4 3169for more information. 3170.It Va harvest_ethernet 3171.Pq Vt bool 3172Set to 3173.Dq Li YES 3174to use LAN traffic as an entropy source. 3175Refer to 3176.Xr random 4 3177for more information. 3178.It Va harvest_p_to_p 3179.Pq Vt bool 3180Set to 3181.Dq Li YES 3182to use serial line traffic as an entropy source. 3183Refer to 3184.Xr random 4 3185for more information. 3186.It Va entropy_dir 3187.Pq Vt str 3188Set to 3189.Dq Li NO 3190to disable caching entropy via 3191.Xr cron 8 . 3192Otherwise set to the directory used to store entropy files in. 3193.It Va entropy_file 3194.Pq Vt str 3195Set to 3196.Dq Li NO 3197to disable caching entropy through reboots. 3198Otherwise set to the filename used to store cached entropy through 3199reboots. 3200This file should be located on the root file system to seed the 3201.Xr random 4 3202device as early as possible in the boot process. 3203.It Va entropy_save_sz 3204.Pq Vt int 3205Size of the entropy cache files saved by 3206.Nm save-entropy 3207periodically. 3208.It Va entropy_save_num 3209.Pq Vt int 3210Number of entropy cache files to save by 3211.Nm save-entropy 3212periodically. 3213.It Va ipsec_enable 3214.Pq Vt bool 3215Set to 3216.Dq Li YES 3217to run 3218.Xr setkey 8 3219on 3220.Va ipsec_file 3221at boot time. 3222.It Va ipsec_file 3223.Pq Vt str 3224Configuration file for 3225.Xr setkey 8 . 3226.It Va dmesg_enable 3227.Pq Vt bool 3228Set to 3229.Dq Li YES 3230to save 3231.Xr dmesg 8 3232to 3233.Pa /var/run/dmesg.boot 3234on boot. 3235.It Va rcshutdown_timeout 3236.Pq Vt int 3237If set, start a watchdog timer in the background which will terminate 3238.Pa rc.shutdown 3239if 3240.Xr shutdown 8 3241has not completed within the specified time (in seconds). 3242Notice that in addition to this soft timeout, 3243.Xr init 8 3244also applies a hard timeout for the execution of 3245.Pa rc.shutdown . 3246This is configured via 3247.Xr sysctl 8 3248variable 3249.Va kern.init_shutdown_timeout 3250and defaults to 120 seconds. 3251Setting the value of 3252.Va rcshutdown_timeout 3253to more than 120 seconds will have no effect until the 3254.Xr sysctl 8 3255variable 3256.Va kern.init_shutdown_timeout 3257is also increased. 3258.It Va virecover_enable 3259.Pq Vt bool 3260Set to 3261.Dq Li NO 3262to prevent the system from trying to 3263recover pre-maturely terminated 3264.Xr vi 1 3265sessions. 3266.It Va ugidfw_enable 3267.Pq Vt bool 3268Set to 3269.Dq Li YES 3270to load the 3271.Xr mac_bsdextended 4 3272module upon system initialization and load a default 3273ruleset file. 3274.It Va bsdextended_script 3275.Pq Vt str 3276The default 3277.Xr mac_bsdextended 4 3278ruleset file to load. 3279The default value of this variable is 3280.Pa /etc/rc.bsdextended . 3281.It Va newsyslog_enable 3282.Pq Vt bool 3283If set to 3284.Dq Li YES , 3285run 3286.Xr newsyslog 8 3287command at startup. 3288.It Va newsyslog_flags 3289.Pq Vt str 3290If 3291.Va newsyslog_enable 3292is set to 3293.Dq Li YES , 3294these are the flags to pass to the 3295.Xr newsyslog 8 3296program. 3297The default is 3298.Dq Li -CN , 3299which causes log files flagged with a 3300.Cm C 3301to be created. 3302.It Va ramdisk_units 3303.Pq Vt str 3304A list of one or more ramdisk units to configure with 3305.Xr mdconfig 8 3306and 3307.Xr newfs 8 3308in time to be mounted from 3309.Xr fstab 5 . 3310Each listed unit 3311.Ar X 3312must specify at least a 3313.Ar type 3314in a 3315.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3316variable. 3317.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3318.Pq Vt str 3319Arguments to 3320.Xr mdconfig 8 3321for ramdisk 3322.Ar X . 3323At minimum a 3324.Fl t Ar type 3325must be specified, where 3326.Ar type 3327must be one of 3328.Cm malloc 3329or 3330.Cm swap . 3331.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3332.Pq Vt str 3333Optional arguments passed to 3334.Xr newfs 8 3335to initialize ramdisk 3336.Ar X . 3337.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3338.Pq Vt str 3339An ownership specification passed to 3340.Xr chown 8 3341after the specified ramdisk unit 3342.Ar X 3343has been mounted. 3344Both the 3345.Xr md 4 3346device and the mount point will be changed. 3347.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3348.Pq Vt str 3349A mode string passed to 3350.Xr chmod 1 3351after the specified ramdisk unit 3352.Ar X 3353has been mounted. 3354Both the 3355.Xr md 4 3356device and the mount point will be changed. 3357.El 3358.Sh FILES 3359.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3360.It Pa /etc/defaults/rc.conf 3361.It Pa /etc/rc.conf 3362.It Pa /etc/rc.conf.local 3363.El 3364.Sh SEE ALSO 3365.Xr catman 1 , 3366.Xr chmod 1 , 3367.Xr gdb 1 , 3368.Xr info 1 , 3369.Xr kbdcontrol 1 , 3370.Xr makewhatis 1 , 3371.Xr vi 1 , 3372.Xr vidcontrol 1 , 3373.Xr ip 4 , 3374.Xr ipf 4 , 3375.Xr ipfw 4 , 3376.Xr ipnat 4 , 3377.Xr kld 4 , 3378.Xr pf 4 , 3379.Xr pflog 4 , 3380.Xr pfsync 4 , 3381.Xr tcp 4 , 3382.Xr udp 4 , 3383.Xr exports 5 , 3384.Xr ipf 5 , 3385.Xr ipnat 5 , 3386.Xr motd 5 , 3387.Xr newsyslog.conf 5 , 3388.Xr pf.conf 5 , 3389.Xr accton 8 , 3390.Xr amd 8 , 3391.Xr apm 8 , 3392.Xr atm 8 , 3393.Xr chkprintcap 8 , 3394.Xr chown 8 , 3395.Xr cron 8 , 3396.Xr dhclient 8 , 3397.Xr ifconfig 8 , 3398.Xr inetd 8 , 3399.Xr ipf 8 , 3400.Xr ipfw 8 , 3401.Xr ipnat 8 , 3402.Xr isdnd 8 , 3403.Xr isdntrace 8 , 3404.Xr kldxref 8 , 3405.Xr lpd 8 , 3406.Xr mdconfig 8 , 3407.Xr mdmfs 8 , 3408.Xr mountd 8 , 3409.Xr moused 8 , 3410.Xr mrouted 8 , 3411.Xr named 8 , 3412.Xr newfs 8 , 3413.Xr newsyslog 8 , 3414.Xr nfsd 8 , 3415.Xr ntpd 8 , 3416.Xr ntpdate 8 , 3417.Xr pcnfsd 8 , 3418.Xr pfctl 8 , 3419.Xr pflogd 8 , 3420.Xr powerd 8 , 3421.Xr quotacheck 8 , 3422.Xr quotaon 8 , 3423.Xr rc 8 , 3424.Xr rc.sendmail 8 , 3425.Xr route 8 , 3426.Xr routed 8 , 3427.Xr rpcbind 8 , 3428.Xr rpc.lockd 8 , 3429.Xr rpc.statd 8 , 3430.Xr rwhod 8 , 3431.Xr savecore 8 , 3432.Xr sshd 8 , 3433.Xr swapon 8 , 3434.Xr sysctl 8 , 3435.Xr syslogd 8 , 3436.Xr timed 8 , 3437.Xr usbd 8 , 3438.Xr yp 8 , 3439.Xr ypbind 8 , 3440.Xr ypserv 8 , 3441.Xr ypset 8 3442.Sh HISTORY 3443The 3444.Nm 3445file appeared in 3446.Fx 2.2.2 . 3447.Sh AUTHORS 3448.An Jordan K. Hubbard . 3449