1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd February 26, 2017 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory or 74.Ao Ar dir Ac Ns Pa /rc.conf.d 75directories specified in 76.Va local_startup , 77which will be included by the 78.Va load_rc_config 79function. 80For jail configurations you could use the file 81.Pa /etc/rc.conf.d/jail 82to store jail specific configuration options. 83If 84.Va local_startup 85contains 86.Pa /usr/local/etc/rc.d 87and 88.Pa /opt/conf , 89.Pa /usr/local/rc.conf.d/jail 90and 91.Pa /opt/conf/rc.conf.d/jail 92will be loaded. 93If 94.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 95is a directory, 96all of files in the directory will be loaded. 97Also see the 98.Va rc_conf_files 99variable below. 100.Pp 101Options are set with 102.Dq Ar name Ns Li = Ns Ar value 103assignments that use 104.Xr sh 1 105syntax. 106The following list provides a name and short description for each 107variable that can be set in the 108.Nm 109file: 110.Bl -tag -width indent-two 111.It Va rc_debug 112.Pq Vt bool 113If set to 114.Dq Li YES , 115enable output of debug messages from rc scripts. 116This variable can be helpful in diagnosing mistakes when 117editing or integrating new scripts. 118Beware that this produces copious output to the terminal and 119.Xr syslog 3 . 120.It Va rc_info 121.Pq Vt bool 122If set to 123.Dq Li NO , 124disable informational messages from the rc scripts. 125Informational messages are displayed when 126a condition that is not serious enough to warrant a warning or 127an error occurs. 128.It Va rc_startmsgs 129.Pq Vt bool 130If set to 131.Dq Li YES , 132show 133.Dq Starting foo: 134when faststart is used (e.g., at boot time). 135.It Va early_late_divider 136.Pq Vt str 137The name of the script that should be used as the 138delimiter between the 139.Dq early 140and 141.Dq late 142stages of the boot process. 143The early stage should contain all the services needed to 144get the disks (local or remote) mounted so that the late 145stage can include scripts contained in the directories 146listed in the 147.Va local_startup 148variable (see below). 149Thus, the two likely candidates for this value are 150.Pa mountcritlocal 151for the typical system, and 152.Pa mountcritremote 153if the system needs remote file 154systems mounted to get access to the 155.Va local_startup 156directories; for example when 157.Pa /usr/local 158is NFS mounted. 159For 160.Pa rc.conf 161within a 162.Xr jail 8 163.Pa NETWORKING 164is likely to be an appropriate value. 165Extreme care should be taken when changing this value, 166and before changing it one should ensure that there are 167adequate provisions to recover from a failed boot 168(such as physical contact with the machine, 169or reliable remote console access). 170.It Va always_force_depends 171.Pq Vt bool 172Various 173.Pa rc.d 174scripts use the force_depend function to check whether required 175services are already running, and to start them if necessary. 176By default during boot time this check is bypassed if the 177required service is enabled in 178.Pa /etc/rc.conf[.local] . 179Setting this option will bypass that check at boot time and 180always test whether or not the service is actually running. 181Enabling this option is likely to increase your boot time if 182services are enabled that utilize the force_depend check. 183.It Ao Ar name Ac Ns Va _chroot 184.Pq Vt str 185.Xr chroot 8 186to this directory before running the service. 187.It Ao Ar name Ac Ns Va _user 188.Pq Vt str 189Run the service under this user account. 190.It Ao Ar name Ac Ns Va _group 191.Pq Vt str 192Run the chrooted service under this system group. 193Unlike the _user 194setting, this setting has no effect if the service is not chrooted. 195.It Ao Ar name Ac Ns Va _fib 196.Pq Vt int 197The 198.Xr setfib 1 199value to run the service under. 200.It Ao Ar name Ac Ns Va _nice 201.Pq Vt int 202The 203.Xr nice 1 204value to run the service under. 205.It Va apm_enable 206.Pq Vt bool 207If set to 208.Dq Li YES , 209enable support for Automatic Power Management with 210the 211.Xr apm 8 212command. 213.It Va apmd_enable 214.Pq Vt bool 215Run 216.Xr apmd 8 217to handle APM event from userland. 218This also enables support for APM. 219.It Va apmd_flags 220.Pq Vt str 221If 222.Va apmd_enable 223is set to 224.Dq Li YES , 225these are the flags to pass to the 226.Xr apmd 8 227daemon. 228.It Va devd_enable 229.Pq Vt bool 230Run 231.Xr devd 8 232to handle device added, removed or unknown events from the kernel. 233.It Va ddb_enable 234.Pq Vt bool 235Run 236.Xr ddb 8 237to install 238.Xr ddb 4 239scripts at boot time. 240.It Va ddb_config 241.Pq Vt str 242Configuration file for 243.Xr ddb 8 . 244Default 245.Pa /etc/ddb.conf . 246.It Va kld_list 247.Pq Vt str 248A list of kernel modules to load right after the local 249disks are mounted. 250Loading modules at this point in the boot process is 251much faster than doing it via 252.Pa /boot/loader.conf 253for those modules not necessary for mounting local disk. 254.It Va kldxref_enable 255.Pq Vt bool 256Set to 257.Dq Li NO 258by default. 259Set to 260.Dq Li YES 261to automatically rebuild 262.Pa linker.hints 263files with 264.Xr kldxref 8 265at boot time. 266.It Va kldxref_clobber 267.Pq Vt bool 268Set to 269.Dq Li NO 270by default. 271If 272.Va kldxref_enable 273is true, 274setting to 275.Dq Li YES 276will overwrite existing 277.Pa linker.hints 278files at boot time. 279Otherwise, 280only missing 281.Pa linker.hints 282files are generated. 283.It Va kldxref_module_path 284.Pq Vt str 285Empty by default. 286A semi-colon 287.Pq Ql \&; 288delimited list of paths containing 289.Xr kld 4 290modules. 291If empty, 292the contents of the 293.Va kern.module_path 294.Xr sysctl 8 295are used. 296.It Va powerd_enable 297.Pq Vt bool 298If set to 299.Dq Li YES , 300enable the system power control facility with the 301.Xr powerd 8 302daemon. 303.It Va powerd_flags 304.Pq Vt str 305If 306.Va powerd_enable 307is set to 308.Dq Li YES , 309these are the flags to pass to the 310.Xr powerd 8 311daemon. 312.It Va tmpmfs 313Controls the creation of a 314.Pa /tmp 315memory file system. 316Always happens if set to 317.Dq Li YES 318and never happens if set to 319.Dq Li NO . 320If set to anything else, a memory file system is created if 321.Pa /tmp 322is not writable. 323.It Va tmpsize 324Controls the size of a created 325.Pa /tmp 326memory file system. 327.It Va tmpmfs_flags 328Extra options passed to the 329.Xr mdmfs 8 330utility when the memory file system for 331.Pa /tmp 332is created. 333The default is 334.Dq Li "-S" , 335which inhibits the use of softupdates on 336.Pa /tmp 337so that file system space is freed without delay 338after file truncation or deletion. 339See 340.Xr mdmfs 8 341for other options you can use in 342.Va tmpmfs_flags . 343.It Va varmfs 344Controls the creation of a 345.Pa /var 346memory file system. 347Always happens if set to 348.Dq Li YES 349and never happens if set to 350.Dq Li NO . 351If set to anything else, a memory file system is created if 352.Pa /var 353is not writable. 354.It Va varsize 355Controls the size of a created 356.Pa /var 357memory file system. 358.It Va varmfs_flags 359Extra options passed to the 360.Xr mdmfs 8 361utility when the memory file system for 362.Pa /var 363is created. 364The default is 365.Dq Li "-S" , 366which inhibits the use of softupdates on 367.Pa /var 368so that file system space is freed without delay 369after file truncation or deletion. 370See 371.Xr mdmfs 8 372for other options you can use in 373.Va varmfs_flags . 374.It Va populate_var 375Controls the automatic population of the 376.Pa /var 377file system. 378Always happens if set to 379.Dq Li YES 380and never happens if set to 381.Dq Li NO . 382If set to anything else, a memory file system is created if 383.Pa /var 384is not writable. 385Note that this process requires access to certain commands in 386.Pa /usr 387before 388.Pa /usr 389is mounted on normal systems. 390.It Va cleanvar_enable 391.Pq Vt bool 392Clean the 393.Pa /var 394directory. 395.It Va local_startup 396.Pq Vt str 397List of directories to search for startup script files. 398.It Va script_name_sep 399.Pq Vt str 400The field separator to use for breaking down the list of startup script files 401into individual filenames. 402The default is a space. 403It is not necessary to change this unless there are startup scripts with names 404containing spaces. 405.It Va hostapd_enable 406.Pq Vt bool 407Set to 408.Dq Li YES 409to start 410.Xr hostapd 8 411at system boot time. 412.It Va hostname 413.Pq Vt str 414The fully qualified domain name (FQDN) of this host on the network. 415This should almost certainly be set to something meaningful, even if 416there is no network connection. 417If 418.Xr dhclient 8 419is used to set the hostname via DHCP, 420this variable should be set to an empty string. 421If this value remains unset when the system is done booting 422your console login will display the default hostname of 423.Dq Amnesiac . 424.It Va nisdomainname 425.Pq Vt str 426The NIS domain name of this host, or 427.Dq Li NO 428if NIS is not used. 429.It Va dhclient_program 430.Pq Vt str 431Path to the DHCP client program 432.Pa ( /sbin/dhclient , 433the 434.Ox 435DHCP client, 436is the default). 437.It Va dhclient_flags 438.Pq Vt str 439Additional flags to pass to the DHCP client program. 440For the 441.Ox 442DHCP client, see the 443.Xr dhclient 8 444manpage for a description of the command line options available. 445.It Va dhclient_flags_ Ns Aq Ar iface 446Additional flags to pass to the DHCP client program running on 447.Ar iface 448only. 449When specified, this variable overrides 450.Va dhclient_flags . 451.It Va background_dhclient 452.Pq Vt bool 453Set to 454.Dq Li YES 455to start the DHCP client in background. 456This can cause trouble with applications depending on 457a working network, but it will provide a faster startup 458in many cases. 459.It Va background_dhclient_ Ns Aq Ar iface 460When specified, this variable overrides the 461.Va background_dhclient 462variable for interface 463.Ar iface 464only. 465.It Va synchronous_dhclient 466.Pq Vt bool 467Set to 468.Dq Li YES 469to start 470.Xr dhclient 8 471synchronously at startup. 472This behavior can be overridden on a per-interface basis by replacing 473the 474.Dq Li DHCP 475keyword in the 476.Va ifconfig_ Ns Aq Ar interface 477variable with 478.Dq Li SYNCDHCP 479or 480.Dq Li NOSYNCDHCP . 481.It Va defaultroute_delay 482.Pq Vt int 483When set to a positive value, wait up to this long after configuring 484DHCP interfaces at startup to give the interfaces time to receive a lease. 485.It Va firewall_enable 486.Pq Vt bool 487Set to 488.Dq Li YES 489to load firewall rules at startup. 490If the kernel was not built with 491.Cd "options IPFIREWALL" , 492the 493.Pa ipfw.ko 494kernel module will be loaded. 495See also 496.Va ipfilter_enable . 497.It Va firewall_script 498.Pq Vt str 499This variable specifies the full path to the firewall script to run. 500The default is 501.Pa /etc/rc.firewall . 502.It Va firewall_type 503.Pq Vt str 504Names the firewall type from the selection in 505.Pa /etc/rc.firewall , 506or the file which contains the local firewall ruleset. 507Valid selections from 508.Pa /etc/rc.firewall 509are: 510.Pp 511.Bl -tag -width ".Li simple" -compact 512.It Li open 513unrestricted IP access 514.It Li closed 515all IP services disabled, except via 516.Dq Li lo0 517.It Li client 518basic protection for a workstation 519.It Li simple 520basic protection for a LAN. 521.El 522.Pp 523If a filename is specified, the full path 524must be given. 525.It Va firewall_quiet 526.Pq Vt bool 527Set to 528.Dq Li YES 529to disable the display of firewall rules on the console during boot. 530.It Va firewall_logging 531.Pq Vt bool 532Set to 533.Dq Li YES 534to enable firewall event logging. 535This is equivalent to the 536.Dv IPFIREWALL_VERBOSE 537kernel option. 538.It Va firewall_logif 539.Pq Vt bool 540Set to 541.Dq Li YES 542to create pseudo interface 543.Li ipfw0 544for logging. 545For more details, see 546.Xr ipfw 8 547manual page. 548.It Va firewall_flags 549.Pq Vt str 550Flags passed to 551.Xr ipfw 8 552if 553.Va firewall_type 554specifies a filename. 555.It Va firewall_coscripts 556.Pq Vt str 557List of executables and/or rc scripts to run after firewall starts/stops. 558Default is empty. 559.\" ----- firewall_nat_enable setting -------------------------------- 560.It Va firewall_nat_enable 561.Pq Vt bool 562The 563.Xr ipfw 8 564equivalent of 565.Va natd_enable . 566Setting this to 567.Dq Li YES 568enables kernel NAT. 569.Va firewall_enable 570must also be set to 571.Dq Li YES . 572.It Va firewall_nat_interface 573.Pq Vt str 574The 575.Xr ipfw 8 576equivalent of 577.Va natd_interface . 578This is the name of the public interface or IP address on which 579kernel NAT should run. 580.It Va firewall_nat_flags 581.Pq Vt str 582Additional configuration parameters for kernel NAT should be placed here. 583.It Va dummynet_enable 584.Pq Vt bool 585Setting this to 586.Dq Li YES 587will automatically load the 588.Xr dummynet 4 589module if 590.Va firewall_enable 591is also set to 592.Dq Li YES . 593.\" ------------------------------------------------------------------- 594.It Va ipfw_netflow_enable 595.Pq Vt bool 596Setting this to 597.Dq Li YES 598will enable netflow logging via 599.Xr ng_netflow 4 600.Pp 601By default a ipfw rule is inserted and all packets are duplicated with 602the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 603port using protocol version 5. 604.It Va ipfw_netflow_hook 605.Pq Vt int 606netflow hook name, must be numerical 607(default 608.Pa 9995 ) . 609.It Va ipfw_netflow_rule 610.Pq Vt int 611ipfw rule number 612(default 613.Pa 1000 ) . 614.It Va ipfw_netflow_ip 615.Pq Vt str 616Destination server ip for receiving netflow data 617(default 618.Pa 127.0.0.1 ) . 619.It Va ipfw_netflow_port 620.Pq Vt int 621Destination server port for receiving netflow data 622(default 623.Pa 9995 ) . 624.It Va ipfw_netflow_version 625.Pq Vt int 626Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 627.It Va ipfw_netflow_fib 628.Pq Vt int 629Only match packet in FIB 630.Pa ipfw_netflow_fib 631(default is undefined meaning all FIBs). 632.It Va natd_program 633.Pq Vt str 634Path to 635.Xr natd 8 . 636.It Va natd_enable 637.Pq Vt bool 638Set to 639.Dq Li YES 640to enable 641.Xr natd 8 . 642.Va firewall_enable 643must also be set to 644.Dq Li YES , 645and 646.Xr divert 4 647sockets must be enabled in the kernel. 648If the kernel was not built with 649.Cd "options IPDIVERT" , 650the 651.Pa ipdivert.ko 652kernel module will be loaded. 653.It Va natd_interface 654.Pq Vt str 655This is the name of the public interface on which 656.Xr natd 8 657should run. 658The interface may be given as an interface name or as an IP address. 659.It Va natd_flags 660.Pq Vt str 661Additional 662.Xr natd 8 663flags should be placed here. 664The 665.Fl n 666or 667.Fl a 668flag is automatically added with the above 669.Va natd_interface 670as an argument. 671.\" ----- ipfilter_enable setting -------------------------------- 672.It Va ipfilter_enable 673.Pq Vt bool 674Set to 675.Dq Li NO 676by default. 677Setting this to 678.Dq Li YES 679enables 680.Xr ipf 8 681packet filtering. 682.Pp 683Typical usage will require putting 684.Bd -literal 685ipfilter_enable="YES" 686ipnat_enable="YES" 687ipmon_enable="YES" 688ipfs_enable="YES" 689.Ed 690.Pp 691into 692.Pa /etc/rc.conf 693and editing 694.Pa /etc/ipf.rules 695and 696.Pa /etc/ipnat.rules 697appropriately. 698.Pp 699Note that 700.Va ipfilter_enable 701and 702.Va ipnat_enable 703can be enabled independently. 704.Va ipmon_enable 705and 706.Va ipfs_enable 707both require at least one of 708.Va ipfilter_enable 709and 710.Va ipnat_enable 711to be enabled. 712.Pp 713Having 714.Bd -literal 715options IPFILTER 716options IPFILTER_LOG 717options IPFILTER_DEFAULT_BLOCK 718.Ed 719.Pp 720in the kernel configuration file is a good idea, too. 721.\" ----- ipfilter_program setting ------------------------------ 722.It Va ipfilter_program 723.Pq Vt str 724Path to 725.Xr ipf 8 726(default 727.Pa /sbin/ipf ) . 728.\" ----- ipfilter_rules setting -------------------------------- 729.It Va ipfilter_rules 730.Pq Vt str 731Set to 732.Pa /etc/ipf.rules 733by default. 734This variable contains the name of the filter rule definition file. 735The file is expected to be readable for the 736.Xr ipf 8 737command to execute. 738.\" ----- ipv6_ipfilter_rules setting --------------------------- 739.It Va ipv6_ipfilter_rules 740.Pq Vt str 741Set to 742.Pa /etc/ipf6.rules 743by default. 744This variable contains the IPv6 filter rule definition file. 745The file is expected to be readable for the 746.Xr ipf 8 747command to execute. 748.\" ----- ipfilter_flags setting -------------------------------- 749.It Va ipfilter_flags 750.Pq Vt str 751Empty by default. 752This variable contains flags passed to the 753.Xr ipf 8 754program. 755.\" ----- ipnat_enable setting ---------------------------------- 756.It Va ipnat_enable 757.Pq Vt bool 758Set to 759.Dq Li NO 760by default. 761Set it to 762.Dq Li YES 763to enable 764.Xr ipnat 8 765network address translation. 766See 767.Va ipfilter_enable 768for a detailed discussion. 769.\" ----- ipnat_program setting --------------------------------- 770.It Va ipnat_program 771.Pq Vt str 772Path to 773.Xr ipnat 8 774(default 775.Pa /sbin/ipnat ) . 776.\" ----- ipnat_rules setting ----------------------------------- 777.It Va ipnat_rules 778.Pq Vt str 779Set to 780.Pa /etc/ipnat.rules 781by default. 782This variable contains the name of the file 783holding the network address translation definition. 784This file is expected to be readable for the 785.Xr ipnat 8 786command to execute. 787.\" ----- ipnat_flags setting ----------------------------------- 788.It Va ipnat_flags 789.Pq Vt str 790Empty by default. 791This variable contains flags passed to the 792.Xr ipnat 8 793program. 794.\" ----- ipmon_enable setting ---------------------------------- 795.It Va ipmon_enable 796.Pq Vt bool 797Set to 798.Dq Li NO 799by default. 800Set it to 801.Dq Li YES 802to enable 803.Xr ipmon 8 804monitoring (logging 805.Xr ipf 8 806and 807.Xr ipnat 8 808events). 809Setting this variable needs setting 810.Va ipfilter_enable 811or 812.Va ipnat_enable 813too. 814See 815.Va ipfilter_enable 816for a detailed discussion. 817.\" ----- ipmon_program setting --------------------------------- 818.It Va ipmon_program 819.Pq Vt str 820Path to 821.Xr ipmon 8 822(default 823.Pa /sbin/ipmon ) . 824.\" ----- ipmon_flags setting ----------------------------------- 825.It Va ipmon_flags 826.Pq Vt str 827Set to 828.Dq Li -Ds 829by default. 830This variable contains flags passed to the 831.Xr ipmon 8 832program. 833Another typical example would be 834.Dq Fl D Pa /var/log/ipflog 835to have 836.Xr ipmon 8 837log directly to a file bypassing 838.Xr syslogd 8 . 839Make sure to adjust 840.Pa /etc/newsyslog.conf 841in such case like this: 842.Bd -literal 843/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 844.Ed 845.\" ----- ipfs_enable setting ----------------------------------- 846.It Va ipfs_enable 847.Pq Vt bool 848Set to 849.Dq Li NO 850by default. 851Set it to 852.Dq Li YES 853to enable 854.Xr ipfs 8 855saving the filter and NAT state tables during shutdown 856and reloading them during startup again. 857Setting this variable needs setting 858.Va ipfilter_enable 859or 860.Va ipnat_enable 861to 862.Dq Li YES 863too. 864See 865.Va ipfilter_enable 866for a detailed discussion. 867Note that if 868.Va kern_securelevel 869is set to 3, 870.Va ipfs_enable 871cannot be used 872because the raised securelevel will prevent 873.Xr ipfs 8 874from saving the state tables at shutdown time. 875.\" ----- ipfs_program setting ---------------------------------- 876.It Va ipfs_program 877.Pq Vt str 878Path to 879.Xr ipfs 8 880(default 881.Pa /sbin/ipfs ) . 882.\" ----- ipfs_flags setting ------------------------------------ 883.It Va ipfs_flags 884.Pq Vt str 885Empty by default. 886This variable contains flags passed to the 887.Xr ipfs 8 888program. 889.\" ----- end of added ipf hook --------------------------------- 890.It Va pf_enable 891.Pq Vt bool 892Set to 893.Dq Li NO 894by default. 895Setting this to 896.Dq Li YES 897enables 898.Xr pf 4 899packet filtering. 900.Pp 901Typical usage will require putting 902.Pp 903.Dl pf_enable="YES" 904.Pp 905into 906.Pa /etc/rc.conf 907and editing 908.Pa /etc/pf.conf 909appropriately. 910Adding 911.Pp 912.Dl "device pf" 913.Pp 914builds support for 915.Xr pf 4 916into the kernel, otherwise the 917kernel module will be loaded. 918.It Va pf_rules 919.Pq Vt str 920Path to 921.Xr pf 4 922ruleset configuration file 923(default 924.Pa /etc/pf.conf ) . 925.It Va pf_program 926.Pq Vt str 927Path to 928.Xr pfctl 8 929(default 930.Pa /sbin/pfctl ) . 931.It Va pf_flags 932.Pq Vt str 933If 934.Va pf_enable 935is set to 936.Dq Li YES , 937these flags are passed to the 938.Xr pfctl 8 939program when loading the ruleset. 940.It Va pflog_enable 941.Pq Vt bool 942Set to 943.Dq Li NO 944by default. 945Setting this to 946.Dq Li YES 947enables 948.Xr pflogd 8 949which logs packets from the 950.Xr pf 4 951packet filter. 952.It Va pflog_logfile 953.Pq Vt str 954If 955.Va pflog_enable 956is set to 957.Dq Li YES 958this controls where 959.Xr pflogd 8 960stores the logfile 961(default 962.Pa /var/log/pflog ) . 963Check 964.Pa /etc/newsyslog.conf 965to adjust logfile rotation for this. 966.It Va pflog_program 967.Pq Vt str 968Path to 969.Xr pflogd 8 970(default 971.Pa /sbin/pflogd ) . 972.It Va pflog_flags 973.Pq Vt str 974Empty by default. 975This variable contains additional flags passed to the 976.Xr pflogd 8 977program. 978.It Va pflog_instances 979.Pq Vt str 980If logging to more than one 981.Xr pflog 4 982interface is desired, 983.Va pflog_instances 984is set to the list of 985.Xr pflogd 8 986instances that should be started at system boot time. 987If 988.Va pflog_instances 989is set, for each whitespace-seperated 990.Ar element 991in the list, 992.Ao Ar element Ac Ns Va _dev 993and 994.Ao Ar element Ac Ns Va _logfile 995elements are assumed to exist. 996.Ao Ar element Ac Ns Va _dev 997must contain the 998.Xr pflog 4 999interface to be watched by the named 1000.Xr pflogd 8 1001instance. 1002.Ao Ar element Ac Ns Va _logfile 1003must contain the name of the logfile that will be used by the 1004.Xr pflogd 8 1005instance. 1006.It Va ftpproxy_enable 1007.Pq Vt bool 1008Set to 1009.Dq Li NO 1010by default. 1011Setting this to 1012.Dq Li YES 1013enables 1014.Xr ftp-proxy 8 1015which supports the 1016.Xr pf 4 1017packet filter in translating ftp connections. 1018.It Va ftpproxy_flags 1019.Pq Vt str 1020Empty by default. 1021This variable contains additional flags passed to the 1022.Xr ftp-proxy 8 1023program. 1024.It Va ftpproxy_instances 1025.Pq Vt str 1026Empty by default. 1027If multiple instances of 1028.Xr ftp-proxy 8 1029are desired at boot time, 1030.Va ftpproxy_instances 1031should contain a whitespace-seperated list of instance names. 1032For each 1033.Ar element 1034in the list, a variable named 1035.Ao Ar element Ac Ns Va _flags 1036should be defined, containing the command-line flags to be passed to the 1037.Xr ftp-proxy 8 1038instance. 1039.It Va pfsync_enable 1040.Pq Vt bool 1041Set to 1042.Dq Li NO 1043by default. 1044Setting this to 1045.Dq Li YES 1046enables exposing 1047.Xr pf 4 1048state changes to other hosts over the network by means of 1049.Xr pfsync 4 . 1050The 1051.Va pfsync_syncdev 1052variable 1053must also be set then. 1054.It Va pfsync_syncdev 1055.Pq Vt str 1056Empty by default. 1057This variable specifies the name of the network interface 1058.Xr pfsync 4 1059should operate through. 1060It must be set accordingly if 1061.Va pfsync_enable 1062is set to 1063.Dq Li YES . 1064.It Va pfsync_syncpeer 1065.Pq Vt str 1066Empty by default. 1067This variable is optional. 1068By default, state change messages are sent out on the synchronisation 1069interface using IP multicast packets. 1070The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1071224.0.0.240. 1072When a peer address is specified using the 1073.Va pfsync_syncpeer 1074option, the peer address is used as a destination for the pfsync 1075traffic, and the traffic can then be protected using 1076.Xr ipsec 4 . 1077See the 1078.Xr pfsync 4 1079manpage for more details about using 1080.Xr ipsec 4 1081with 1082.Xr pfsync 4 1083interfaces. 1084.It Va pfsync_ifconfig 1085.Pq Vt str 1086Empty by default. 1087This variable can contain additional options to be passed to the 1088.Xr ifconfig 8 1089command used to set up 1090.Xr pfsync 4 . 1091.It Va tcp_extensions 1092.Pq Vt bool 1093Set to 1094.Dq Li YES 1095by default. 1096Setting this to 1097.Dq Li NO 1098disables certain TCP options as described by 1099.Rs 1100.%T "RFC 1323" 1101.Re 1102Setting this to 1103.Dq Li NO 1104might help remedy such problems with connections as randomly hanging 1105or other weird behavior. 1106Some network devices are known 1107to be broken with respect to these options. 1108.It Va log_in_vain 1109.Pq Vt int 1110Set to 0 by default. 1111The 1112.Xr sysctl 8 1113variables, 1114.Va net.inet.tcp.log_in_vain 1115and 1116.Va net.inet.udp.log_in_vain , 1117as described in 1118.Xr tcp 4 1119and 1120.Xr udp 4 , 1121are set to the given value. 1122.It Va tcp_keepalive 1123.Pq Vt bool 1124Set to 1125.Dq Li YES 1126by default. 1127Setting to 1128.Dq Li NO 1129will disable probing idle TCP connections to verify that the 1130peer is still up and reachable. 1131.It Va tcp_drop_synfin 1132.Pq Vt bool 1133Set to 1134.Dq Li NO 1135by default. 1136Setting to 1137.Dq Li YES 1138will cause the kernel to ignore TCP frames that have both 1139the SYN and FIN flags set. 1140This prevents OS fingerprinting, but may 1141break some legitimate applications. 1142.It Va icmp_drop_redirect 1143.Pq Vt bool 1144Set to 1145.Dq Li NO 1146by default. 1147Setting to 1148.Dq Li YES 1149will cause the kernel to ignore ICMP REDIRECT packets. 1150Refer to 1151.Xr icmp 4 1152for more information. 1153.It Va icmp_log_redirect 1154.Pq Vt bool 1155Set to 1156.Dq Li NO 1157by default. 1158Setting to 1159.Dq Li YES 1160will cause the kernel to log ICMP REDIRECT packets. 1161Note that 1162the log messages are not rate-limited, so this option should only be used 1163for troubleshooting networks. 1164Refer to 1165.Xr icmp 4 1166for more information. 1167.It Va icmp_bmcastecho 1168.Pq Vt bool 1169Set to 1170.Dq Li YES 1171to respond to broadcast or multicast ICMP ping packets. 1172Refer to 1173.Xr icmp 4 1174for more information. 1175.It Va ip_portrange_first 1176.Pq Vt int 1177If not set to 1178.Dq Li NO , 1179this is the first port in the default portrange. 1180Refer to 1181.Xr ip 4 1182for more information. 1183.It Va ip_portrange_last 1184.Pq Vt int 1185If not set to 1186.Dq Li NO , 1187this is the last port in the default portrange. 1188Refer to 1189.Xr ip 4 1190for more information. 1191.It Va network_interfaces 1192.Pq Vt str 1193Set to the list of network interfaces to configure on this host or 1194.Dq Li AUTO 1195(the default) for all current interfaces. 1196Setting the 1197.Va network_interfaces 1198variable to anything other than the default is deprecated. 1199Interfaces that the administrator wishes to store configuration for, 1200but not start at boot should be configured with the 1201.Dq Li NOAUTO 1202keyword in their 1203.Va ifconfig_ Ns Aq Ar interface 1204variables as described below. 1205.Pp 1206An 1207.Va ifconfig_ Ns Aq Ar interface 1208variable is also assumed to exist for each value of 1209.Ar interface . 1210When an interface name contains any of the characters 1211.Dq Li .-/+ 1212they are translated to 1213.Dq Li _ 1214before lookup. 1215The variable can contain arguments to 1216.Xr ifconfig 8 , 1217as well as special case-insensitive keywords described below. 1218Such keywords are removed before passing the value to 1219.Xr ifconfig 8 1220while the order of the other arguments is preserved. 1221.Pp 1222It is possible to add IP alias entries using 1223.Xr ifconfig 8 1224syntax with the address family keyword such as 1225.Li inet . 1226Assuming that the interface in question was 1227.Li ed0 , 1228it might look something like this: 1229.Bd -literal 1230ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1231ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1232.Ed 1233.Pp 1234It also possible to configure multiple IP addresses in Classless 1235Inter-Domain Routing 1236.Pq CIDR 1237address notation, 1238whose each address component can be a range like 1239.Li inet 192.0.2.5-23/24 1240or 1241.Li inet6 2001:db8:1-f::1/64 . 1242This notation allows address and prefix length part only, 1243not the other address modifiers. 1244Note that the maximum number of the generated addresses from a range 1245specification is limited to an integer value specified in 1246.Va netif_ipexpand_max 1247in 1248.Nm 1249because a small typo can unexpectedly generate a large number of addresses. 1250The default value is 1251.Li 2048 . 1252It can be increased by adding the following line into 1253.Nm : 1254.Bd -literal 1255netif_ipexpand_max="4096" 1256.Ed 1257.Pp 1258In the case of 1259.Li 192.0.2.5-23/24 , 1260the address 192.0.2.5 will be configured with the 1261netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1262the non-conflicting netmask /32 as explained in the 1263.Xr ifconfig 8 1264alias section. 1265Note that this special netmask handling is only for 1266.Li inet , 1267not for the other address families such as 1268.Li inet6 . 1269.Pp 1270With the interface in question being 1271.Li ed0 , 1272an example could look like: 1273.Bd -literal 1274ifconfig_ed0_alias2="inet 192.0.2.129/27" 1275ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1276.Ed 1277.Pp 1278and so on. 1279.Pp 1280Note that 1281.Va ipv4_addrs_ Ns Aq Ar interface 1282variable was supported for IPv4 CIDR address notation. 1283It is now deprecated because the functionality was integrated into 1284.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1285though 1286.Va ipv4_addrs_ Ns Aq Ar interface 1287is still supported for backward compatibility. 1288.Pp 1289For each 1290.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1291entry with an address family keyword, 1292its contents are passed to 1293.Xr ifconfig 8 . 1294Execution stops at the first unsuccessful access, so if 1295something like this is present: 1296.Bd -literal 1297ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1298ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1299ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1300ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1301.Ed 1302.Pp 1303Then note that alias4 would 1304.Em not 1305be added since the search would 1306stop with the missing 1307.Dq Li alias3 1308entry. 1309Because of this difficult to manage behavior, 1310there is 1311.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1312variable, which has the same functionality as 1313.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1314and can have all of entries in a variable like the following: 1315.Bd -literal 1316ifconfig_ed0_aliases="\\ 1317 inet 127.0.0.251 netmask 0xffffffff \\ 1318 inet 127.0.0.252 netmask 0xffffffff \\ 1319 inet 127.0.0.253 netmask 0xffffffff \\ 1320 inet 127.0.0.254 netmask 0xffffffff" 1321.Ed 1322.Pp 1323It also supports CIDR notation. 1324.Pp 1325If the 1326.Pa /etc/start_if. Ns Aq Ar interface 1327file is present, it is read and executed by the 1328.Xr sh 1 1329interpreter 1330before configuring the interface as specified in the 1331.Va ifconfig_ Ns Aq Ar interface 1332and 1333.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1334variables. 1335.Pp 1336If a 1337.Va vlans_ Ns Aq Ar interface 1338variable is set, 1339a 1340.Xr vlan 4 1341interface will be created for each item in the list with the 1342.Ar vlandev 1343argument set to 1344.Ar interface . 1345If a vlan interface's name is a number, 1346then that number is used as the vlan tag and the new vlan interface is 1347named 1348.Ar interface . Ns Ar tag . 1349Otherwise, 1350the vlan tag must be specified via a 1351.Va vlan 1352parameter in the 1353.Va create_args_ Ns Aq Ar interface 1354variable. 1355.Pp 1356To create a vlan device named 1357.Li em0.101 1358on 1359.Li em0 1360with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1361.Bd -literal 1362vlans_em0="101" 1363ifconfig_em0_101="inet 192.0.2.1/24" 1364.Ed 1365.Pp 1366To create a vlan device named 1367.Li myvlan 1368on 1369.Li em0 1370with the vlan tag 102: 1371.Bd -literal 1372vlans_em0="myvlan" 1373create_args_myvlan="vlan 102" 1374.Ed 1375.Pp 1376If a 1377.Va wlans_ Ns Aq Ar interface 1378variable is set, 1379an 1380.Xr wlan 4 1381interface will be created for each item in the list with the 1382.Ar wlandev 1383argument set to 1384.Ar interface . 1385Further wlan cloning arguments may be passed to the 1386.Xr ifconfig 8 1387.Cm create 1388command by setting the 1389.Va create_args_ Ns Aq Ar interface 1390variable. 1391One or more 1392.Xr wlan 4 1393devices must be created for each wireless devices as of 1394.Fx 8.0 . 1395Debugging flags for 1396.Xr wlan 4 1397devices as set by 1398.Xr wlandebug 8 1399may be specified with an 1400.Va wlandebug_ Ns Aq Ar interface 1401variable. 1402The contents of this variable will be passed directly to 1403.Xr wlandebug 8 . 1404.Pp 1405If the 1406.Va ifconfig_ Ns Aq Ar interface 1407contains the keyword 1408.Dq Li NOAUTO 1409then the interface will not be configured 1410at boot or by 1411.Pa /etc/pccard_ether 1412when 1413.Va network_interfaces 1414is set to 1415.Dq Li AUTO . 1416.Pp 1417It is possible to bring up an interface with DHCP by adding 1418.Dq Li DHCP 1419to the 1420.Va ifconfig_ Ns Aq Ar interface 1421variable. 1422For instance, to initialize the 1423.Li ed0 1424device via DHCP, 1425it is possible to use something like: 1426.Bd -literal 1427ifconfig_ed0="DHCP" 1428.Ed 1429.Pp 1430If you want to configure your wireless interface with 1431.Xr wpa_supplicant 8 1432for use with WPA, EAP/LEAP or WEP, you need to add 1433.Dq Li WPA 1434to the 1435.Va ifconfig_ Ns Aq Ar interface 1436variable. 1437.Pp 1438On the other hand, if you want to configure your wireless interface with 1439.Xr hostapd 8 , 1440you need to add 1441.Dq Li HOSTAP 1442to the 1443.Va ifconfig_ Ns Aq Ar interface 1444variable. 1445.Xr hostapd 8 1446will use the settings from 1447.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1448.Pp 1449Finally, you can add 1450.Xr ifconfig 8 1451options in this variable, in addition to the 1452.Pa /etc/start_if. Ns Aq Ar interface 1453file. 1454For instance, to configure an 1455.Xr ath 4 1456wireless device in station mode with an address obtained 1457via DHCP, using WPA authentication and 802.11b mode, it is 1458possible to use something like: 1459.Bd -literal 1460wlans_ath0="wlan0" 1461ifconfig_wlan0="DHCP WPA mode 11b" 1462.Ed 1463.Pp 1464In addition to the 1465.Va ifconfig_ Ns Aq Ar interface 1466form, a fallback variable 1467.Va ifconfig_DEFAULT 1468may be configured. 1469It will be used for all interfaces with no 1470.Va ifconfig_ Ns Aq Ar interface 1471variable. 1472This is intended to replace the no longer supported 1473.Va pccard_ifconfig 1474variable. 1475.Pp 1476It is also possible to rename an interface by doing: 1477.Bd -literal 1478ifconfig_ed0_name="net0" 1479ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1480.Ed 1481.It Va ipv6_enable 1482.Pq Vt bool 1483This variable is deprecated. 1484Use 1485.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1486and 1487.Va ipv6_activate_all_interfaces 1488if necessary. 1489.Pp 1490If the variable is 1491.Dq Li YES , 1492.Dq Li inet6 accept_rtadv 1493is added to all of 1494.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1495and the 1496.Va ipv6_activate_all_interfaces 1497is defined as 1498.Dq Li YES . 1499.It Va ipv6_prefer 1500.Pq Vt bool 1501This variable is deprecated. 1502Use 1503.Va ip6addrctl_policy 1504instead. 1505.Pp 1506If the variable is 1507.Dq Li YES , 1508the default address selection policy table set by 1509.Xr ip6addrctl 8 1510will be IPv6-preferred. 1511.Pp 1512If the variable is 1513.Dq Li NO , 1514the default address selection policy table set by 1515.Xr ip6addrctl 8 1516will be IPv4-preferred. 1517.It Va ipv6_activate_all_interfaces 1518.Pq Vt bool 1519This controls initial configuration on IPv6-capable 1520interfaces with no corresponding 1521.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1522variable. 1523Note that it is not always necessary to set this variable to 1524.Dq YES 1525to use IPv6 functionality on 1526.Fx . 1527In most cases, just configuring 1528.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1529variables works. 1530.Pp 1531If the variable is 1532.Dq Li NO , 1533all interfaces which do not have a corresponding 1534.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1535variable will be marked as 1536.Dq Li IFDISABLED 1537at creation. 1538This means that all of IPv6 functionality on that interface 1539is completely disabled to enforce a security policy. 1540If the variable is set to 1541.Dq YES , 1542the flag will be cleared on all of the interfaces. 1543.Pp 1544In most cases, just defining an 1545.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1546for an IPv6-capable interface should be sufficient. 1547However, if an interface is added dynamically 1548.Pq by some tunneling protocols such as PPP, for example , 1549it is often difficult to define the variable in advance. 1550In such a case, configuring the 1551.Dq Li IFDISABLED 1552flag can be disabled by setting this variable to 1553.Dq YES . 1554.Pp 1555For more details of the 1556.Dq Li IFDISABLED 1557flag and keywords 1558.Dq Li inet6 ifdisabled , 1559see 1560.Xr ifconfig 8 . 1561.Pp 1562Default is 1563.Dq Li NO . 1564.It Va ipv6_privacy 1565.Pq Vt bool 1566If the variable is 1567.Dq Li YES 1568privacy addresses will be generated for each IPv6 1569interface as described in RFC 4941. 1570.It Va ipv6_network_interfaces 1571.Pq Vt str 1572This is the IPv6 equivalent of 1573.Va network_interfaces . 1574Normally manual configuration of this variable is not needed. 1575.It Va ipv6_cpe_wanif 1576.Pq Vt str 1577If the variable is set to an interface name, 1578the 1579.Xr ifconfig 8 1580options 1581.Dq inet6 -no_radr accept_rtadv 1582will be added to the specified interface automatically before evaluating 1583.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1584and two 1585.Xr sysctl 8 1586variables 1587.Va net.inet6.ip6.rfc6204w3 1588and 1589.Va net.inet6.ip6.no_radr 1590will be set to 1. 1591.Pp 1592This means the specified interface will accept ICMPv6 Router 1593Advertisement messages on that link and add the discovered 1594routers into the Default Router List. 1595While the other interfaces can still accept RA messages if the 1596.Dq inet6 accept_rtadv 1597option is specified, adding 1598routes into the Default Router List will be disabled by 1599.Dq inet6 no_radr 1600option by default. 1601See 1602.Xr ifconfig 8 1603for more details. 1604.Pp 1605Note that ICMPv6 Router Advertisement messages will be 1606accepted even when 1607.Va net.inet6.ip6.forwarding 1608is 1 1609.Pq packet forwarding is enabled 1610when 1611.Va net.inet6.ip6.rfc6204w3 1612is set to 1. 1613.Pp 1614Default is 1615.Dq Li NO . 1616.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1617.Pq Vt str 1618IPv6 functionality on an interface should be configured by 1619.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1620instead of setting ifconfig parameters in 1621.Va ifconfig_ Ns Aq Ar interface . 1622If this variable is empty, all of IPv6 configurations on the 1623specified interface by other variables such as 1624.Va ipv6_prefix_ Ns Ao Ar interface Ac 1625will be ignored. 1626.Pp 1627Aliases should be set by 1628.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1629with 1630.Dq Li inet6 1631keyword. 1632For example: 1633.Bd -literal 1634ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1635ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1636.Ed 1637.Pp 1638Interfaces that have an 1639.Dq Li inet6 accept_rtadv 1640keyword in 1641.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1642setting will be automatically configured by SLAAC 1643.Pq StateLess Address AutoConfiguration 1644described in 1645.Rs 1646.%T "RFC 4862" 1647.Re 1648.Pp 1649Note that a link-local address will be automatically configured in 1650addition to the configured global-scope addresses because the IPv6 1651specifications require it on each link. 1652The address is calculated from the MAC address by using an algorithm 1653defined in 1654.Rs 1655.%T "RFC 4862" 1656.%O "Section 5.3" 1657.Re 1658.Pp 1659If only a link-local address is needed on the interface, 1660the following configuration can be used: 1661.Bd -literal 1662ifconfig_ed0_ipv6="inet6 auto_linklocal" 1663.Ed 1664.Pp 1665A link-local address can also be configured manually. 1666This is useful for the default router address of an IPv6 router 1667so that it does not change when the network interface 1668card is replaced. 1669For example: 1670.Bd -literal 1671ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1672.Ed 1673.It Va ipv6_prefix_ Ns Aq Ar interface 1674.Pq Vt str 1675If one or more prefixes are defined in 1676.Va ipv6_prefix_ Ns Aq Ar interface 1677addresses based on each prefix and the EUI-64 interface index will be 1678configured on that interface. 1679Note that this variable will be ignored when 1680.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1681is empty. 1682.Pp 1683For example, the following configuration 1684.Bd -literal 1685ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1686.Ed 1687.Pp 1688is equivalent to the following: 1689.Bd -literal 1690ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1691ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1692ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1693ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1694.Ed 1695.Pp 1696These Subnet-Router anycast addresses will be added only when 1697.Va ipv6_gateway_enable 1698is YES. 1699.It Va ipv6_default_interface 1700.Pq Vt str 1701If not set to 1702.Dq Li NO , 1703this is the default output interface for scoped addresses. 1704This works only with ipv6_gateway_enable="NO". 1705.It Va ip6addrctl_enable 1706.Pq Vt bool 1707This variable is to enable configuring default address selection policy table 1708.Pq RFC 3484 . 1709The table can be specified in another variable 1710.Va ip6addrctl_policy . 1711For 1712.Va ip6addrctl_policy 1713the following keywords can be specified: 1714.Dq Li ipv4_prefer , 1715.Dq Li ipv6_prefer , 1716or 1717.Dq Li AUTO . 1718.Pp 1719If 1720.Dq Li ipv4_prefer 1721or 1722.Dq Li ipv6_prefer 1723is specified, 1724.Xr ip6addrctl 8 1725installs a pre-defined policy table described in Section 2.1 1726.Pq IPv6-preferred 1727or 10.3 1728.Pq IPv4-preferred 1729of RFC 3484. 1730.Pp 1731If 1732.Dq Li AUTO 1733is specified, it attempts to read a file 1734.Pa /etc/ip6addrctl.conf 1735first. 1736If this file is found, 1737.Xr ip6addrctl 8 1738reads and installs it. 1739If not found, a policy is automatically set 1740according to 1741.Va ipv6_activate_all_interfaces 1742variable; if the variable is set to 1743.Dq Li YES 1744the IPv6-preferred one is used. 1745Otherwise IPv4-preferred. 1746.Pp 1747The default value of 1748.Va ip6addrctl_enable 1749and 1750.Va ip6addrctl_policy 1751are 1752.Dq Li YES 1753and 1754.Dq Li AUTO , 1755respectively. 1756.It Va cloned_interfaces 1757.Pq Vt str 1758Set to the list of clonable network interfaces to create on this host. 1759Further cloning arguments may be passed to the 1760.Xr ifconfig 8 1761.Cm create 1762command for each interface by setting the 1763.Va create_args_ Ns Aq Ar interface 1764variable. 1765If an interface name is specified with 1766.Dq :sticky 1767keyword, 1768the interface will not be destroyed even when 1769.Pa rc.d/netif 1770script is invoked with 1771.Dq stop 1772argument. 1773This is useful when reconfiguring the interface without destroying it. 1774Entries in 1775.Va cloned_interfaces 1776are automatically appended to 1777.Va network_interfaces 1778for configuration. 1779.It Va cloned_interfaces_sticky 1780.Pq Vt bool 1781This variable is to globally enable functionality of 1782.Dq :sticky 1783keyword in 1784.Va cloned_interfaces 1785for all interfaces. 1786The default value is 1787.Dq NO . 1788Even if this variable is specified to 1789.Dq YES , 1790.Dq :nosticky 1791keyword can be used to override it on per interface basis. 1792.It Va gif_interfaces 1793.Pq Vt str 1794This variable is deprecated in favor of 1795.Va cloned_interfaces . 1796Set to the list of 1797.Xr gif 4 1798tunnel interfaces to configure on this host. 1799A 1800.Va gifconfig_ Ns Aq Ar interface 1801variable is assumed to exist for each value of 1802.Ar interface . 1803The value of this variable is used to configure the link layer of the 1804tunnel according to the syntax of the 1805.Cm tunnel 1806option to 1807.Xr ifconfig 8 . 1808Additionally, this option ensures that each listed interface is created 1809via the 1810.Cm create 1811option to 1812.Xr ifconfig 8 1813before attempting to configure it. 1814.It Va sppp_interfaces 1815.Pq Vt str 1816Set to the list of 1817.Xr sppp 4 1818interfaces to configure on this host. 1819A 1820.Va spppconfig_ Ns Aq Ar interface 1821variable is assumed to exist for each value of 1822.Ar interface . 1823Each interface should also be configured by a general 1824.Va ifconfig_ Ns Aq Ar interface 1825setting. 1826Refer to 1827.Xr spppcontrol 8 1828for more information about available options. 1829.It Va ppp_enable 1830.Pq Vt bool 1831If set to 1832.Dq Li YES , 1833run the 1834.Xr ppp 8 1835daemon. 1836.It Va ppp_profile 1837.Pq Vt str 1838The name of the profile to use from 1839.Pa /etc/ppp/ppp.conf . 1840Also used for per-profile overrides of 1841.Va ppp_mode 1842and 1843.Va ppp_nat , 1844and 1845.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1846When the profile name contains any of the characters 1847.Dq Li .-/+ 1848they are translated to 1849.Dq Li _ 1850for the proposes of the override variable names. 1851.It Va ppp_mode 1852.Pq Vt str 1853Mode in which to run the 1854.Xr ppp 8 1855daemon. 1856.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1857.Pq Vt str 1858Overrides the global 1859.Va ppp_mode 1860for 1861.Ar profile . 1862Accepted modes are 1863.Dq Li auto , 1864.Dq Li ddial , 1865.Dq Li direct 1866and 1867.Dq Li dedicated . 1868See the manual for a full description. 1869.It Va ppp_nat 1870.Pq Vt bool 1871If set to 1872.Dq Li YES , 1873enables network address translation. 1874Used in conjunction with 1875.Va gateway_enable 1876allows hosts on private network addresses access to the Internet using 1877this host as a network address translating router. 1878.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1879.Pq Vt str 1880Overrides the global 1881.Va ppp_nat 1882for 1883.Ar profile . 1884.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1885.Pq Vt int 1886Set the unit number to be used for this profile. 1887See the manual description of 1888.Fl unit Ns Ar N 1889for details. 1890.It Va ppp_user 1891.Pq Vt str 1892The name of the user under which 1893.Xr ppp 8 1894should be started. 1895By 1896default, 1897.Xr ppp 8 1898is started as 1899.Dq Li root . 1900.It Va rc_conf_files 1901.Pq Vt str 1902This option is used to specify a list of files that will override 1903the settings in 1904.Pa /etc/defaults/rc.conf . 1905The files will be read in the order in which they are specified and should 1906include the full path to the file. 1907By default, the files specified are 1908.Pa /etc/rc.conf 1909and 1910.Pa /etc/rc.conf.local 1911.It Va zfs_enable 1912.Pq Vt bool 1913If set to 1914.Dq Li YES , 1915.Pa /etc/rc.d/zfs 1916will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1917(ZVOLs). 1918.It Va gptboot_enable 1919.Pq Vt bool 1920If set to 1921.Dq Li YES , 1922.Pa /etc/rc.d/gptboot 1923will log if the system successfully (or not) booted from a GPT partition, 1924which had the 1925.Ar bootonce 1926attribute set using 1927.Xr gpart 8 1928utility. 1929.It Va gbde_autoattach_all 1930.Pq Vt bool 1931If set to 1932.Dq Li YES , 1933.Pa /etc/rc.d/gbde 1934will attempt to automatically initialize your .bde devices in 1935.Pa /etc/fstab . 1936.It Va gbde_devices 1937.Pq Vt str 1938List the devices that the script should try to attach, 1939or 1940.Dq Li AUTO . 1941.It Va gbde_lockdir 1942.Pq Vt str 1943The directory where the 1944.Xr gbde 4 1945lockfiles are located. 1946The default lockfile directory is 1947.Pa /etc . 1948.Pp 1949The lockfile for each individual 1950.Xr gbde 4 1951device can be overridden by setting the variable 1952.Va gbde_lock_ Ns Aq Ar device , 1953where 1954.Ar device 1955is the encrypted device without the 1956.Dq Pa /dev/ 1957and 1958.Dq Pa .bde 1959parts. 1960.It Va gbde_attach_attempts 1961.Pq Vt int 1962Number of times to attempt attaching to a 1963.Xr gbde 4 1964device, i.e., how many times the user is asked for the pass-phrase. 1965Default is 3. 1966.It Va geli_devices 1967.Pq Vt str 1968List of devices to automatically attach on boot. 1969Note that .eli devices from 1970.Pa /etc/fstab 1971are automatically appended to this list. 1972.It Va geli_tries 1973.Pq Vt int 1974Number of times user is asked for the pass-phrase. 1975If empty, it will be taken from 1976.Va kern.geom.eli.tries 1977sysctl variable. 1978.It Va geli_default_flags 1979.Pq Vt str 1980Default flags to use by 1981.Xr geli 8 1982when configuring disk encryption. 1983Flags can be configured for every device separately by defining 1984.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1985variable. 1986.It Va geli_autodetach 1987.Pq Vt str 1988Specifies if GELI devices should be marked for detach on last close after 1989file systems are mounted. 1990Default is 1991.Dq Li YES . 1992This can be changed for every device separately by defining 1993.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1994variable. 1995.It Va root_rw_mount 1996.Pq Vt bool 1997Set to 1998.Dq Li YES 1999by default. 2000After the file systems are checked at boot time, the root file system 2001is remounted as read-write if this is set to 2002.Dq Li YES . 2003Diskless systems that mount their root file system from a read-only remote 2004NFS share should set this to 2005.Dq Li NO 2006in their 2007.Pa rc.conf . 2008.It Va fsck_y_enable 2009.Pq Vt bool 2010If set to 2011.Dq Li YES , 2012.Xr fsck 8 2013will be run with the 2014.Fl y 2015flag if the initial preen 2016of the file systems fails. 2017.It Va background_fsck 2018.Pq Vt bool 2019If set to 2020.Dq Li YES , 2021the system will attempt to run 2022.Xr fsck 8 2023in the background where possible. 2024.It Va background_fsck_delay 2025.Pq Vt int 2026The amount of time in seconds to sleep before starting a background 2027.Xr fsck 8 . 2028It defaults to sixty seconds to allow large applications such as 2029the X server to start before disk I/O bandwidth is monopolized by 2030.Xr fsck 8 . 2031If set to a negative number, the background file system check will be 2032delayed indefinitely to allow the administrator to run it at a more 2033convenient time. 2034For example it may be run from 2035.Xr cron 8 2036by adding a line like 2037.Pp 2038.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2039.Pp 2040to 2041.Pa /etc/crontab . 2042.It Va netfs_types 2043.Pq Vt str 2044List of file system types that are network-based. 2045This list should generally not be modified by end users. 2046Use 2047.Va extra_netfs_types 2048instead. 2049.It Va extra_netfs_types 2050.Pq Vt str 2051If set to something other than 2052.Dq Li NO 2053(the default), 2054this variable extends the list of file system types 2055for which automatic mounting at startup by 2056.Xr rc 8 2057should be delayed until the network is initialized. 2058It should contain 2059a whitespace-separated list of network file system descriptor pairs, 2060each consisting of a file system type as passed to 2061.Xr mount 8 2062and a human-readable, one-word description, 2063joined with a colon 2064.Pq Ql \&: . 2065Extending the default list in this way is only necessary 2066when third party file system types are used. 2067.It Va syslogd_enable 2068.Pq Vt bool 2069If set to 2070.Dq Li YES , 2071run the 2072.Xr syslogd 8 2073daemon. 2074.It Va syslogd_program 2075.Pq Vt str 2076Path to 2077.Xr syslogd 8 2078(default 2079.Pa /usr/sbin/syslogd ) . 2080.It Va syslogd_flags 2081.Pq Vt str 2082If 2083.Va syslogd_enable 2084is set to 2085.Dq Li YES , 2086these are the flags to pass to 2087.Xr syslogd 8 . 2088.It Va inetd_enable 2089.Pq Vt bool 2090If set to 2091.Dq Li YES , 2092run the 2093.Xr inetd 8 2094daemon. 2095.It Va inetd_program 2096.Pq Vt str 2097Path to 2098.Xr inetd 8 2099(default 2100.Pa /usr/sbin/inetd ) . 2101.It Va inetd_flags 2102.Pq Vt str 2103If 2104.Va inetd_enable 2105is set to 2106.Dq Li YES , 2107these are the flags to pass to 2108.Xr inetd 8 . 2109.It Va hastd_enable 2110.Pq Vt bool 2111If set to 2112.Dq Li YES , 2113run the 2114.Xr hastd 8 2115daemon. 2116.It Va hastd_program 2117.Pq Vt str 2118Path to 2119.Xr hastd 8 2120(default 2121.Pa /sbin/hastd ) . 2122.It Va hastd_flags 2123.Pq Vt str 2124If 2125.Va hastd_enable 2126is set to 2127.Dq Li YES , 2128these are the flags to pass to 2129.Xr hastd 8 . 2130.It Va local_unbound_enable 2131.Pq Vt bool 2132If set to 2133.Dq Li YES , 2134run the 2135.Xr unbound 8 2136daemon as a local caching resolver. 2137.It Va kdc_enable 2138.Pq Vt bool 2139Set to 2140.Dq Li YES 2141to start a Kerberos 5 authentication server 2142at boot time. 2143.It Va kdc_program 2144.Pq Vt str 2145If 2146.Va kdc_enable 2147is set to 2148.Dq Li YES 2149this is the path to Kerberos 5 Authentication Server. 2150.It Va kdc_flags 2151.Pq Vt str 2152Empty by default. 2153This variable contains additional flags to be passed to the Kerberos 5 2154authentication server. 2155.It Va kadmind_enable 2156.Pq Vt bool 2157Set to 2158.Dq Li YES 2159to start 2160.Xr kadmind 8 , 2161the Kerberos 5 Administration Daemon; set to 2162.Dq Li NO 2163on a slave server. 2164.It Va kadmind_program 2165.Pq Vt str 2166If 2167.Va kadmind_enable 2168is set to 2169.Dq Li YES 2170this is the path to Kerberos 5 Administration Daemon. 2171.It Va kpasswdd_enable 2172.Pq Vt bool 2173Set to 2174.Dq Li YES 2175to start 2176.Xr kpasswdd 8 , 2177the Kerberos 5 Password-Changing Daemon; set to 2178.Dq Li NO 2179on a slave server. 2180.It Va kpasswdd_program 2181.Pq Vt str 2182If 2183.Va kpasswdd_enable 2184is set to 2185.Dq Li YES 2186this is the path to Kerberos 5 Password-Changing Daemon. 2187.It Va kfd_enable 2188.Pq Vt bool 2189Set to 2190.Dq Li YES 2191to start 2192.Xr kfd 8 , 2193the Kerberos 5 ticket forwarding daemon, at the boot time. 2194.It Va kfd_program 2195.Pq Vt str 2196Path to 2197.Xr kfd 8 2198(default 2199.Pa /usr/libexec/kfd ) . 2200.It Va rwhod_enable 2201.Pq Vt bool 2202If set to 2203.Dq Li YES , 2204run the 2205.Xr rwhod 8 2206daemon at boot time. 2207.It Va rwhod_flags 2208.Pq Vt str 2209If 2210.Va rwhod_enable 2211is set to 2212.Dq Li YES , 2213these are the flags to pass to it. 2214.It Va amd_enable 2215.Pq Vt bool 2216If set to 2217.Dq Li YES , 2218run the 2219.Xr amd 8 2220daemon at boot time. 2221.It Va amd_flags 2222.Pq Vt str 2223If 2224.Va amd_enable 2225is set to 2226.Dq Li YES , 2227these are the flags to pass to it. 2228See the 2229.Xr amd 8 2230manpage for more information. 2231.It Va amd_map_program 2232.Pq Vt str 2233If set, 2234the specified program is run to get the list of 2235.Xr amd 8 2236maps. 2237For example, if the 2238.Xr amd 8 2239maps are stored in NIS, one can set this to 2240run 2241.Xr ypcat 1 2242to get a list of 2243.Xr amd 8 2244maps from the 2245.Pa amd.master 2246NIS map. 2247.It Va update_motd 2248.Pq Vt bool 2249If set to 2250.Dq Li YES , 2251.Pa /etc/motd 2252will be updated at boot time to reflect the kernel release 2253being run. 2254If set to 2255.Dq Li NO , 2256.Pa /etc/motd 2257will not be updated. 2258.It Va nfs_client_enable 2259.Pq Vt bool 2260If set to 2261.Dq Li YES , 2262run the NFS client daemons at boot time. 2263.It Va nfs_access_cache 2264.Pq Vt int 2265If 2266.Va nfs_client_enable 2267is set to 2268.Dq Li YES , 2269this can be set to 2270.Dq Li 0 2271to disable NFS ACCESS RPC caching, or to the number of seconds for which 2272NFS ACCESS 2273results should be cached. 2274A value of 2-10 seconds will substantially reduce network 2275traffic for many NFS operations. 2276.It Va nfs_server_enable 2277.Pq Vt bool 2278If set to 2279.Dq Li YES , 2280run the NFS server daemons at boot time. 2281.It Va nfs_server_flags 2282.Pq Vt str 2283If 2284.Va nfs_server_enable 2285is set to 2286.Dq Li YES , 2287these are the flags to pass to the 2288.Xr nfsd 8 2289daemon. 2290.It Va nfsv4_server_enable 2291.Pq Vt bool 2292If 2293.Va nfs_server_enable 2294is set to 2295.Dq Li YES 2296and 2297.Va nfsv4_server_enable 2298are set to 2299.Dq Li YES , 2300enable the server for NFSv4 as well as NFSv2 and NFSv3. 2301.It Va nfsuserd_enable 2302.Pq Vt bool 2303If 2304.Va nfsuserd_enable 2305is set to 2306.Dq Li YES , 2307run the nfsuserd daemon, which is needed for NFSv4 in order 2308to map between user/group names vs uid/gid numbers. 2309If 2310.Va nfsv4_server_enable 2311is set to 2312.Dq Li YES , 2313this will be forced enabled. 2314.It Va nfsuserd_flags 2315.Pq Vt str 2316If 2317.Va nfsuserd_enable 2318is set to 2319.Dq Li YES , 2320these are the flags to pass to the 2321.Xr nfsuserd 8 2322daemon. 2323.It Va nfscbd_enable 2324.Pq Vt bool 2325If 2326.Va nfscbd_enable 2327is set to 2328.Dq Li YES , 2329run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2330.It Va nfscbd_flags 2331.Pq Vt str 2332If 2333.Va nfscbd_enable 2334is set to 2335.Dq Li YES , 2336these are the flags to pass to the 2337.Xr nfscbd 8 2338daemon. 2339.It Va mountd_enable 2340.Pq Vt bool 2341If set to 2342.Dq Li YES , 2343and no 2344.Va nfs_server_enable 2345is set, start 2346.Xr mountd 8 , 2347but not 2348.Xr nfsd 8 2349daemon. 2350It is commonly needed to run CFS without real NFS used. 2351.It Va mountd_flags 2352.Pq Vt str 2353If 2354.Va mountd_enable 2355is set to 2356.Dq Li YES , 2357these are the flags to pass to the 2358.Xr mountd 8 2359daemon. 2360.It Va weak_mountd_authentication 2361.Pq Vt bool 2362If set to 2363.Dq Li YES , 2364allow services like PCNFSD to make non-privileged mount 2365requests. 2366.It Va nfs_reserved_port_only 2367.Pq Vt bool 2368If set to 2369.Dq Li YES , 2370provide NFS services only on a secure port. 2371.It Va nfs_bufpackets 2372.Pq Vt int 2373If set to a number, indicates the number of packets worth of 2374socket buffer space to reserve on an NFS client. 2375The kernel default is typically 4. 2376Using a higher number may be 2377useful on gigabit networks to improve performance. 2378The minimum value is 23792 and the maximum is 64. 2380.It Va rpc_lockd_enable 2381.Pq Vt bool 2382If set to 2383.Dq Li YES 2384and also an NFS server or client, run 2385.Xr rpc.lockd 8 2386at boot time. 2387.It Va rpc_lockd_flags 2388.Pq Vt str 2389If 2390.Va rpc_lockd_enable 2391is set to 2392.Dq Li YES , 2393these are the flags to pass to the 2394.Xr rpc.lockd 8 2395daemon. 2396.It Va rpc_statd_enable 2397.Pq Vt bool 2398If set to 2399.Dq Li YES 2400and also an NFS server or client, run 2401.Xr rpc.statd 8 2402at boot time. 2403.It Va rpc_statd_flags 2404.Pq Vt str 2405If 2406.Va rpc_statd_enable 2407is set to 2408.Dq Li YES , 2409these are the flags to pass to the 2410.Xr rpc.statd 8 2411daemon. 2412.It Va rpcbind_program 2413.Pq Vt str 2414Path to 2415.Xr rpcbind 8 2416(default 2417.Pa /usr/sbin/rpcbind ) . 2418.It Va rpcbind_enable 2419.Pq Vt bool 2420If set to 2421.Dq Li YES , 2422run the 2423.Xr rpcbind 8 2424service at boot time. 2425.It Va rpcbind_flags 2426.Pq Vt str 2427If 2428.Va rpcbind_enable 2429is set to 2430.Dq Li YES , 2431these are the flags to pass to the 2432.Xr rpcbind 8 2433daemon. 2434.It Va keyserv_enable 2435.Pq Vt bool 2436If set to 2437.Dq Li YES , 2438run the 2439.Xr keyserv 8 2440daemon on boot for running Secure RPC. 2441.It Va keyserv_flags 2442.Pq Vt str 2443If 2444.Va keyserv_enable 2445is set to 2446.Dq Li YES , 2447these are the flags to pass to 2448.Xr keyserv 8 2449daemon. 2450.It Va pppoed_enable 2451.Pq Vt bool 2452If set to 2453.Dq Li YES , 2454run the 2455.Xr pppoed 8 2456daemon at boot time to provide PPP over Ethernet services. 2457.It Va pppoed_ Ns Aq Ar provider 2458.Pq Vt str 2459.Xr pppoed 8 2460listens to requests to this 2461.Ar provider 2462and ultimately runs 2463.Xr ppp 8 2464with a 2465.Ar system 2466argument of the same name. 2467.It Va pppoed_flags 2468.Pq Vt str 2469Additional flags to pass to 2470.Xr pppoed 8 . 2471.It Va pppoed_interface 2472.Pq Vt str 2473The network interface to run 2474.Xr pppoed 8 2475on. 2476This is mandatory when 2477.Va pppoed_enable 2478is set to 2479.Dq Li YES . 2480.It Va timed_enable 2481.Pq Vt bool 2482If set to 2483.Dq Li YES , 2484run the 2485.Xr timed 8 2486service at boot time. 2487This command is intended for networks of 2488machines where a consistent 2489.Dq "network time" 2490for all hosts must be established. 2491This is often useful in large NFS 2492environments where time stamps on files are expected to be consistent 2493network-wide. 2494.It Va timed_flags 2495.Pq Vt str 2496If 2497.Va timed_enable 2498is set to 2499.Dq Li YES , 2500these are the flags to pass to the 2501.Xr timed 8 2502service. 2503.It Va ntpdate_enable 2504.Pq Vt bool 2505If set to 2506.Dq Li YES , 2507run 2508.Xr ntpdate 8 2509at system startup. 2510This command is intended to 2511synchronize the system clock only 2512.Em once 2513from some standard reference. 2514.It Va ntpdate_config 2515.Pq Vt str 2516Configuration file for 2517.Xr ntpdate 8 . 2518Default 2519.Pa /etc/ntp.conf . 2520.It Va ntpdate_hosts 2521.Pq Vt str 2522A whitespace-separated list of NTP servers to synchronize with at startup. 2523The default is to use the servers listed in 2524.Va ntpdate_config , 2525if that file exists. 2526.It Va ntpdate_program 2527.Pq Vt str 2528Path to 2529.Xr ntpdate 8 2530(default 2531.Pa /usr/sbin/ntpdate ) . 2532.It Va ntpdate_flags 2533.Pq Vt str 2534If 2535.Va ntpdate_enable 2536is set to 2537.Dq Li YES , 2538these are the flags to pass to the 2539.Xr ntpdate 8 2540command (typically a hostname). 2541.It Va ntpd_enable 2542.Pq Vt bool 2543If set to 2544.Dq Li YES , 2545run the 2546.Xr ntpd 8 2547command at boot time. 2548.It Va ntpd_program 2549.Pq Vt str 2550Path to 2551.Xr ntpd 8 2552(default 2553.Pa /usr/sbin/ntpd ) . 2554.It Va ntpd_config 2555.Pq Vt str 2556Path to 2557.Xr ntpd 8 2558configuration file. 2559Default 2560.Pa /etc/ntp.conf . 2561.It Va ntpd_flags 2562.Pq Vt str 2563If 2564.Va ntpd_enable 2565is set to 2566.Dq Li YES , 2567these are the flags to pass to the 2568.Xr ntpd 8 2569daemon. 2570.It Va ntpd_sync_on_start 2571.Pq Vt bool 2572If set to 2573.Dq Li YES , 2574.Xr ntpd 8 2575is run with the 2576.Fl g 2577flag, which syncs the system's clock on startup. 2578See 2579.Xr ntpd 8 2580for more information regarding the 2581.Fl g 2582option. 2583This is a preferred alternative to using 2584.Xr ntpdate 8 2585or specifying the 2586.Va ntpdate_enable 2587variable. 2588.It Va nis_client_enable 2589.Pq Vt bool 2590If set to 2591.Dq Li YES , 2592run the 2593.Xr ypbind 8 2594service at system boot time. 2595.It Va nis_client_flags 2596.Pq Vt str 2597If 2598.Va nis_client_enable 2599is set to 2600.Dq Li YES , 2601these are the flags to pass to the 2602.Xr ypbind 8 2603service. 2604.It Va nis_ypldap_enable 2605.Pq Vt bool 2606If set to 2607.Dq Li YES , 2608run the 2609.Xr ypldap 8 2610daemon at system boot time. 2611.It Va nis_ypldap_flags 2612.Pq Vt str 2613If 2614.Va nis.ypldap_enable 2615is set to 2616.Dq Li YES , 2617these are the flags to pass to the 2618.Xr ypldap 8 2619daemon. 2620.It Va nis_ypset_enable 2621.Pq Vt bool 2622If set to 2623.Dq Li YES , 2624run the 2625.Xr ypset 8 2626daemon at system boot time. 2627.It Va nis_ypset_flags 2628.Pq Vt str 2629If 2630.Va nis_ypset_enable 2631is set to 2632.Dq Li YES , 2633these are the flags to pass to the 2634.Xr ypset 8 2635daemon. 2636.It Va nis_server_enable 2637.Pq Vt bool 2638If set to 2639.Dq Li YES , 2640run the 2641.Xr ypserv 8 2642daemon at system boot time. 2643.It Va nis_server_flags 2644.Pq Vt str 2645If 2646.Va nis_server_enable 2647is set to 2648.Dq Li YES , 2649these are the flags to pass to the 2650.Xr ypserv 8 2651daemon. 2652.It Va nis_ypxfrd_enable 2653.Pq Vt bool 2654If set to 2655.Dq Li YES , 2656run the 2657.Xr rpc.ypxfrd 8 2658daemon at system boot time. 2659.It Va nis_ypxfrd_flags 2660.Pq Vt str 2661If 2662.Va nis_ypxfrd_enable 2663is set to 2664.Dq Li YES , 2665these are the flags to pass to the 2666.Xr rpc.ypxfrd 8 2667daemon. 2668.It Va nis_yppasswdd_enable 2669.Pq Vt bool 2670If set to 2671.Dq Li YES , 2672run the 2673.Xr rpc.yppasswdd 8 2674daemon at system boot time. 2675.It Va nis_yppasswdd_flags 2676.Pq Vt str 2677If 2678.Va nis_yppasswdd_enable 2679is set to 2680.Dq Li YES , 2681these are the flags to pass to the 2682.Xr rpc.yppasswdd 8 2683daemon. 2684.It Va rpc_ypupdated_enable 2685.Pq Vt bool 2686If set to 2687.Dq Li YES , 2688run the 2689.Nm rpc.ypupdated 2690daemon at system boot time. 2691.It Va bsnmpd_enable 2692.Pq Vt bool 2693If set to 2694.Dq Li YES , 2695run the 2696.Xr bsnmpd 1 2697daemon at system boot time. 2698Be sure to understand the security implications of running SNMP daemon 2699on your host. 2700.It Va bsnmpd_flags 2701.Pq Vt str 2702If 2703.Va bsnmpd_enable 2704is set to 2705.Dq Li YES , 2706these are the flags to pass to the 2707.Xr bsnmpd 1 2708daemon. 2709.It Va defaultrouter 2710.Pq Vt str 2711If not set to 2712.Dq Li NO , 2713create a default route to this host name or IP address 2714(use an IP address if this router is also required to get to the 2715name server!). 2716.It Va ipv6_defaultrouter 2717.Pq Vt str 2718The IPv6 equivalent of 2719.Va defaultrouter . 2720.It Va static_arp_pairs 2721.Pq Vt str 2722Set to the list of static ARP pairs that are to be added at system 2723boot time. 2724For each whitespace separated 2725.Ar element 2726in the value, a 2727.Va static_arp_ Ns Aq Ar element 2728variable is assumed to exist whose contents will later be passed to a 2729.Dq Nm arp Cm -S 2730operation. 2731For example 2732.Bd -literal 2733static_arp_pairs="gw" 2734static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2735.Ed 2736.It Va static_ndp_pairs 2737.Pq Vt str 2738Set to the list of static NDP pairs that are to be added at system 2739boot time. 2740For each whitespace separated 2741.Ar element 2742in the value, a 2743.Va static_ndp_ Ns Aq Ar element 2744variable is assumed to exist whose contents will later be passed to a 2745.Dq Nm ndp Cm -s 2746operation. 2747For example 2748.Bd -literal 2749static_ndp_pairs="gw" 2750static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2751.Ed 2752.It Va static_routes 2753.Pq Vt str 2754Set to the list of static routes that are to be added at system 2755boot time. 2756If not set to 2757.Dq Li NO 2758then for each whitespace separated 2759.Ar element 2760in the value, a 2761.Va route_ Ns Aq Ar element 2762variable is assumed to exist 2763whose contents will later be passed to a 2764.Dq Nm route Cm add 2765operation. 2766For example: 2767.Bd -literal 2768static_routes="ext mcast:gif0 gif0local:gif0" 2769route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2770route_mcast="-net 224.0.0.0/4 -iface gif0" 2771route_gif0local="-host 169.254.1.1 -iface lo0" 2772.Ed 2773.Pp 2774When an 2775.Ar element 2776is in the form of 2777.Li name:ifname , 2778the route is specific to the interface 2779.Li ifname . 2780.It Va ipv6_static_routes 2781.Pq Vt str 2782The IPv6 equivalent of 2783.Va static_routes . 2784If not set to 2785.Dq Li NO 2786then for each whitespace separated 2787.Ar element 2788in the value, a 2789.Va ipv6_route_ Ns Aq Ar element 2790variable is assumed to exist 2791whose contents will later be passed to a 2792.Dq Nm route Cm add Fl inet6 2793operation. 2794.It Va gateway_enable 2795.Pq Vt bool 2796If set to 2797.Dq Li YES , 2798configure host to act as an IP router, e.g.\& to forward packets 2799between interfaces. 2800.It Va ipv6_gateway_enable 2801.Pq Vt bool 2802The IPv6 equivalent of 2803.Va gateway_enable . 2804.It Va routed_enable 2805.Pq Vt bool 2806If set to 2807.Dq Li YES , 2808run a routing daemon of some sort, based on the 2809settings of 2810.Va routed_program 2811and 2812.Va routed_flags . 2813.It Va route6d_enable 2814.Pq Vt bool 2815The IPv6 equivalent of 2816.Va routed_enable . 2817If set to 2818.Dq Li YES , 2819run a routing daemon of some sort, based on the 2820settings of 2821.Va route6d_program 2822and 2823.Va route6d_flags . 2824.It Va routed_program 2825.Pq Vt str 2826If 2827.Va routed_enable 2828is set to 2829.Dq Li YES , 2830this is the name of the routing daemon to use. 2831.It Va route6d_program 2832.Pq Vt str 2833The IPv6 equivalent of 2834.Va routed_program . 2835.It Va routed_flags 2836.Pq Vt str 2837If 2838.Va routed_enable 2839is set to 2840.Dq Li YES , 2841these are the flags to pass to the routing daemon. 2842.It Va route6d_flags 2843.Pq Vt str 2844The IPv6 equivalent of 2845.Va routed_flags . 2846.It Va rtadvd_enable 2847.Pq Vt bool 2848If set to 2849.Dq Li YES , 2850run the 2851.Xr rtadvd 8 2852daemon at boot time. 2853The 2854.Xr rtadvd 8 2855utility sends ICMPv6 Router Advertisement messages to 2856the interfaces specified in 2857.Va rtadvd_interfaces . 2858This should only be enabled with great care. 2859You may want to fine-tune 2860.Xr rtadvd.conf 5 . 2861.It Va rtadvd_interfaces 2862.Pq Vt str 2863If 2864.Va rtadvd_enable 2865is set to 2866.Dq Li YES 2867this is the list of interfaces to use. 2868.It Va arpproxy_all 2869.Pq Vt bool 2870If set to 2871.Dq Li YES , 2872enable global proxy ARP. 2873.It Va forward_sourceroute 2874.Pq Vt bool 2875If set to 2876.Dq Li YES 2877and 2878.Va gateway_enable 2879is also set to 2880.Dq Li YES , 2881source-routed packets are forwarded. 2882.It Va accept_sourceroute 2883.Pq Vt bool 2884If set to 2885.Dq Li YES , 2886the system will accept source-routed packets directed at it. 2887.It Va rarpd_enable 2888.Pq Vt bool 2889If set to 2890.Dq Li YES , 2891run the 2892.Xr rarpd 8 2893daemon at system boot time. 2894.It Va rarpd_flags 2895.Pq Vt str 2896If 2897.Va rarpd_enable 2898is set to 2899.Dq Li YES , 2900these are the flags to pass to the 2901.Xr rarpd 8 2902daemon. 2903.It Va bootparamd_enable 2904.Pq Vt bool 2905If set to 2906.Dq Li YES , 2907run the 2908.Xr bootparamd 8 2909daemon at system boot time. 2910.It Va bootparamd_flags 2911.Pq Vt str 2912If 2913.Va bootparamd_enable 2914is set to 2915.Dq Li YES , 2916these are the flags to pass to the 2917.Xr bootparamd 8 2918daemon. 2919.It Va stf_interface_ipv4addr 2920.Pq Vt str 2921If not set to 2922.Dq Li NO , 2923this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2924interface). 2925Specify this entry to enable the 6to4 interface. 2926.It Va stf_interface_ipv4plen 2927.Pq Vt int 2928Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2929An effective value is 0-31. 2930.It Va stf_interface_ipv6_ifid 2931.Pq Vt str 2932IPv6 interface ID for 2933.Xr stf 4 . 2934This can be set to 2935.Dq Li AUTO . 2936.It Va stf_interface_ipv6_slaid 2937.Pq Vt str 2938IPv6 Site Level Aggregator for 2939.Xr stf 4 . 2940.It Va ipv6_ipv4mapping 2941.Pq Vt bool 2942If set to 2943.Dq Li YES 2944this enables IPv4 mapped IPv6 address communication (like 2945.Li ::ffff:a.b.c.d ) . 2946.It Va rtsold_enable 2947.Pq Vt bool 2948Set to 2949.Dq Li YES 2950to enable the 2951.Xr rtsold 8 2952daemon to send ICMPv6 Router Solicitation messages. 2953.It Va rtsold_flags 2954.Pq Vt str 2955If 2956.Va rtsold_enable 2957is set to 2958.Dq Li YES , 2959these are the flags to pass to 2960.Xr rtsold 8 . 2961.It Va rtsol_flags 2962.Pq Vt str 2963For interfaces configured with the 2964.Dq Li inet6 accept_rtadv 2965keyword, these are the flags to pass to 2966.Xr rtsol 8 . 2967.Pp 2968Note that 2969.Va rtsold_enable 2970is mutually exclusive to 2971.Va rtsol_flags ; 2972.Va rtsold_enable 2973takes precedence. 2974.It Va keybell 2975.Pq Vt str 2976The keyboard bell sound. 2977Set to 2978.Dq Li normal , 2979.Dq Li visual , 2980.Dq Li off , 2981or 2982.Dq Li NO 2983if the default behavior is desired. 2984For details, refer to the 2985.Xr kbdcontrol 1 2986manpage. 2987.It Va keyboard 2988.Pq Vt str 2989If set to a non-null string, the virtual console's keyboard input is 2990set to this device. 2991.It Va keymap 2992.Pq Vt str 2993If set to 2994.Dq Li NO , 2995no keymap is installed, otherwise the value is used to install 2996the keymap file found in 2997.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 2998(if using 2999.Xr syscons 4 ) or 3000.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3001(if using 3002.Xr vt 4 ) . 3003.It Va keyrate 3004.Pq Vt str 3005The keyboard repeat speed. 3006Set to 3007.Dq Li slow , 3008.Dq Li normal , 3009.Dq Li fast , 3010or 3011.Dq Li NO 3012if the default behavior is desired. 3013.It Va keychange 3014.Pq Vt str 3015If not set to 3016.Dq Li NO , 3017attempt to program the function keys with the value. 3018The value should 3019be a single string of the form: 3020.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3021.It Va cursor 3022.Pq Vt str 3023Can be set to the value of 3024.Dq Li normal , 3025.Dq Li blink , 3026.Dq Li destructive , 3027or 3028.Dq Li NO 3029to set the cursor behavior explicitly or choose the default behavior. 3030.It Va scrnmap 3031.Pq Vt str 3032If set to 3033.Dq Li NO , 3034no screen map is installed, otherwise the value is used to install 3035the screen map file in 3036.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3037This parameter is ignored when using 3038.Xr vt 4 3039as the console driver. 3040.It Va font8x16 3041.Pq Vt str 3042If set to 3043.Dq Li NO , 3044the default 8x16 font value is used for screen size requests, otherwise 3045the value in 3046.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3047or 3048.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3049is used (depending on the console driver being used). 3050.It Va font8x14 3051.Pq Vt str 3052If set to 3053.Dq Li NO , 3054the default 8x14 font value is used for screen size requests, otherwise 3055the value in 3056.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3057or 3058.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3059is used (depending on the console driver being used). 3060.It Va font8x8 3061.Pq Vt str 3062If set to 3063.Dq Li NO , 3064the default 8x8 font value is used for screen size requests, otherwise 3065the value in 3066.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3067or 3068.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3069is used (depending on the console driver being used). 3070.It Va blanktime 3071.Pq Vt int 3072If set to 3073.Dq Li NO , 3074the default screen blanking interval is used, otherwise it is set 3075to 3076.Ar value 3077seconds. 3078.It Va saver 3079.Pq Vt str 3080If not set to 3081.Dq Li NO , 3082this is the actual screen saver to use 3083.Li ( blank , snake , daemon , 3084etc). 3085.It Va moused_nondefault_enable 3086.Pq Vt str 3087If set to 3088.Dq Li NO , 3089the mouse device specified on 3090the command line is not automatically treated as enabled by the 3091.Pa /etc/rc.d/moused 3092script. 3093Having this variable set to 3094.Dq Li YES 3095allows a 3096.Xr usb 4 3097mouse, 3098for example, 3099to be enabled as soon as it is plugged in. 3100.It Va moused_enable 3101.Pq Vt str 3102If set to 3103.Dq Li YES , 3104the 3105.Xr moused 8 3106daemon is started for doing cut/paste selection on the console. 3107.It Va moused_type 3108.Pq Vt str 3109This is the protocol type of the mouse connected to this host. 3110This variable must be set if 3111.Va moused_enable 3112is set to 3113.Dq Li YES . 3114The 3115.Xr moused 8 3116daemon 3117is able to detect the appropriate mouse type automatically in many cases. 3118Set this variable to 3119.Dq Li auto 3120to let the daemon detect it, or 3121select one from the following list if the automatic detection fails. 3122.Pp 3123If the mouse is attached to the PS/2 mouse port, choose 3124.Dq Li auto 3125or 3126.Dq Li ps/2 , 3127regardless of the brand and model of the mouse. 3128Likewise, if the 3129mouse is attached to the bus mouse port, choose 3130.Dq Li auto 3131or 3132.Dq Li busmouse . 3133All other protocols are for serial mice and will not work with 3134the PS/2 and bus mice. 3135If this is a USB mouse, 3136.Dq Li auto 3137is the only protocol type which will work. 3138.Pp 3139.Bl -tag -width ".Li x10mouseremote" -compact 3140.It Li microsoft 3141Microsoft mouse (serial) 3142.It Li intellimouse 3143Microsoft IntelliMouse (serial) 3144.It Li mousesystems 3145Mouse systems Corp.\& mouse (serial) 3146.It Li mmseries 3147MM Series mouse (serial) 3148.It Li logitech 3149Logitech mouse (serial) 3150.It Li busmouse 3151A bus mouse 3152.It Li mouseman 3153Logitech MouseMan and TrackMan (serial) 3154.It Li glidepoint 3155ALPS GlidePoint (serial) 3156.It Li thinkingmouse 3157Kensington ThinkingMouse (serial) 3158.It Li ps/2 3159PS/2 mouse 3160.It Li mmhittab 3161MM HitTablet (serial) 3162.It Li x10mouseremote 3163X10 MouseRemote (serial) 3164.It Li versapad 3165Interlink VersaPad (serial) 3166.El 3167.Pp 3168Even if the mouse is not in the above list, it may be compatible 3169with one in the list. 3170Refer to the manual page for 3171.Xr moused 8 3172for compatibility information. 3173.Pp 3174It should also be noted that while this is enabled, any 3175other client of the mouse (such as an X server) should access 3176the mouse through the virtual mouse device, 3177.Pa /dev/sysmouse , 3178and configure it as a 3179.Dq Li sysmouse 3180type mouse, since all 3181mouse data is converted to this single canonical format when 3182using 3183.Xr moused 8 . 3184If the client program does not support the 3185.Dq Li sysmouse 3186type, 3187specify the 3188.Dq Li mousesystems 3189type. 3190It is the second preferred type. 3191.It Va moused_port 3192.Pq Vt str 3193If 3194.Va moused_enable 3195is set to 3196.Dq Li YES , 3197this is the actual port the mouse is on. 3198It might be 3199.Pa /dev/cuau0 3200for a COM1 serial mouse, 3201.Pa /dev/psm0 3202for a PS/2 mouse or 3203.Pa /dev/mse0 3204for a bus mouse, for example. 3205.It Va moused_flags 3206.Pq Vt str 3207If 3208.Va moused_flags 3209is set, its value is used as an additional set of flags to pass to the 3210.Xr moused 8 3211daemon. 3212.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3213When 3214.Va moused_nondefault_enable 3215is enabled, and a 3216.Xr moused 8 3217daemon is started for a non-default port, the 3218.Va "moused_" Ns Ar XXX Ns Va "_flags" 3219set of options has precedence over and replaces the default 3220.Va moused_flags 3221(where 3222.Ar XXX 3223is the name of the non-default port, i.e.,\& 3224.Ar ums0 ) . 3225By setting 3226.Va "moused_" Ns Ar XXX Ns Va "_flags" 3227it is possible to set up a different set of default flags for each 3228.Xr moused 8 3229instance. 3230For example, you can use 3231.Dq Li "-3" 3232for the default 3233.Va moused_flags 3234to make your laptop's touchpad more comfortable to use, 3235but an empty set of options for 3236.Va moused_ums0_flags 3237when your 3238.Xr usb 4 3239mouse has three or more buttons. 3240.It Va mousechar_start 3241.Pq Vt int 3242If set to 3243.Dq Li NO , 3244the default mouse cursor character range 3245.Li 0xd0 Ns - Ns Li 0xd3 3246is used, 3247otherwise the range start is set 3248to 3249.Ar value 3250character, see 3251.Xr vidcontrol 1 . 3252Use if the default range is occupied in the language code table. 3253.It Va allscreens_flags 3254.Pq Vt str 3255If set, 3256.Xr vidcontrol 1 3257is run with these options for each of the virtual terminals 3258.Pq Pa /dev/ttyv* . 3259For example, 3260.Dq Fl m Cm on 3261will enable the mouse pointer on all virtual terminals 3262if 3263.Va moused_enable 3264is set to 3265.Dq Li YES . 3266.It Va allscreens_kbdflags 3267.Pq Vt str 3268If set, 3269.Xr kbdcontrol 1 3270is run with these options for each of the virtual terminals 3271.Pq Pa /dev/ttyv* . 3272For example, 3273.Dq Fl h Li 200 3274will set the 3275.Xr syscons 4 3276or 3277.Xr vt 4 3278scrollback (history) buffer to 200 lines. 3279.It Va cron_enable 3280.Pq Vt bool 3281If set to 3282.Dq Li YES , 3283run the 3284.Xr cron 8 3285daemon at system boot time. 3286.It Va cron_program 3287.Pq Vt str 3288Path to 3289.Xr cron 8 3290(default 3291.Pa /usr/sbin/cron ) . 3292.It Va cron_flags 3293.Pq Vt str 3294If 3295.Va cron_enable 3296is set to 3297.Dq Li YES , 3298these are the flags to pass to 3299.Xr cron 8 . 3300.It Va cron_dst 3301.Pq Vt bool 3302If set to 3303.Dq Li YES , 3304enable the special handling of transitions to and from the 3305Daylight Saving Time in 3306.Xr cron 8 3307(equivalent to using the flag 3308.Fl s ) . 3309.It Va lpd_program 3310.Pq Vt str 3311Path to 3312.Xr lpd 8 3313(default 3314.Pa /usr/sbin/lpd ) . 3315.It Va lpd_enable 3316.Pq Vt bool 3317If set to 3318.Dq Li YES , 3319run the 3320.Xr lpd 8 3321daemon at system boot time. 3322.It Va lpd_flags 3323.Pq Vt str 3324If 3325.Va lpd_enable 3326is set to 3327.Dq Li YES , 3328these are the flags to pass to the 3329.Xr lpd 8 3330daemon. 3331.It Va chkprintcap_enable 3332.Pq Vt bool 3333If set to 3334.Dq Li YES , 3335run the 3336.Xr chkprintcap 8 3337command before starting the 3338.Xr lpd 8 3339daemon. 3340.It Va chkprintcap_flags 3341.Pq Vt str 3342If 3343.Va lpd_enable 3344and 3345.Va chkprintcap_enable 3346are set to 3347.Dq Li YES , 3348these are the flags to pass to the 3349.Xr chkprintcap 8 3350program. 3351The default is 3352.Dq Li -d , 3353which causes missing directories to be created. 3354.It Va mta_start_script 3355.Pq Vt str 3356This variable specifies the full path to the script to run to start 3357a mail transfer agent. 3358The default is 3359.Pa /etc/rc.sendmail . 3360The 3361.Va sendmail_* 3362variables which 3363.Pa /etc/rc.sendmail 3364uses are documented in the 3365.Xr rc.sendmail 8 3366manual page. 3367.It Va dumpdev 3368.Pq Vt str 3369Indicates the device (usually a swap partition) to which a crash dump 3370should be written in the event of a system crash. 3371If the value of this variable is 3372.Dq Li AUTO , 3373the first suitable swap device listed in 3374.Pa /etc/fstab 3375will be used as dump device. 3376Otherwise, the value of this variable is passed as the argument to 3377.Xr dumpon 8 . 3378To disable crash dumps, set this variable to 3379.Dq Li NO . 3380.It Va dumpdir 3381.Pq Vt str 3382When the system reboots after a crash and a crash dump is found on the 3383device specified by the 3384.Va dumpdev 3385variable, 3386.Xr savecore 8 3387will save that crash dump and a copy of the kernel to the directory 3388specified by the 3389.Va dumpdir 3390variable. 3391The default value is 3392.Pa /var/crash . 3393Set to 3394.Dq Li NO 3395to not run 3396.Xr savecore 8 3397at boot time when 3398.Va dumpdir 3399is set. 3400.It Va dumppubkey 3401.Pq Vt str 3402Path to a public key. 3403It is used by 3404.Xr dumpon 8 3405to encrypt a one-time key for a crash dump. 3406The public key has to match a private key used by 3407.Xr decryptcore 8 3408to decrypt a crash dump after reboot. 3409See 3410.Xr dumpon 8 3411for more details. 3412.It Va savecore_enable 3413.Pq Vt bool 3414If set to 3415.Dq Li NO , 3416disable automatic extraction of the crash dump from the 3417.Va dumpdev . 3418.It Va savecore_flags 3419.Pq Vt str 3420If crash dumps are enabled, these are the flags to pass to the 3421.Xr savecore 8 3422utility. 3423.It Va quota_enable 3424.Pq Vt bool 3425Set to 3426.Dq Li YES 3427to turn on user and group disk quotas on system startup via the 3428.Xr quotaon 8 3429command for all file systems marked as having quotas enabled in 3430.Pa /etc/fstab . 3431The kernel must be built with 3432.Cd "options QUOTA" 3433for disk quotas to function. 3434.It Va check_quotas 3435.Pq Vt bool 3436Set to 3437.Dq Li YES 3438to enable user and group disk quota checking via the 3439.Xr quotacheck 8 3440command. 3441.It Va quotacheck_flags 3442.Pq Vt str 3443If 3444.Va quota_enable 3445is set to 3446.Dq Li YES , 3447and 3448.Va check_quotas 3449is set to 3450.Dq Li YES , 3451these are the flags to pass to the 3452.Xr quotacheck 8 3453utility. 3454The default is 3455.Dq Li "-a" , 3456which checks quotas for all file systems with quotas enabled in 3457.Pa /etc/fstab . 3458.It Va quotaon_flags 3459.Pq Vt str 3460If 3461.Va quota_enable 3462is set to 3463.Dq Li YES , 3464these are the flags to pass to the 3465.Xr quotaon 8 3466utility. 3467The default is 3468.Dq Li "-a" , 3469which enables quotas for all file systems with quotas enabled in 3470.Pa /etc/fstab . 3471.It Va quotaoff_flags 3472.Pq Vt str 3473If 3474.Va quota_enable 3475is set to 3476.Dq Li YES , 3477these are the flags to pass to the 3478.Xr quotaoff 8 3479utility when shutting down the quota system. 3480The default is 3481.Dq Li "-a" , 3482which disables quotas for all file systems with quotas enabled in 3483.Pa /etc/fstab . 3484.It Va accounting_enable 3485.Pq Vt bool 3486Set to 3487.Dq Li YES 3488to enable system accounting through the 3489.Xr accton 8 3490facility. 3491.It Va ibcs2_enable 3492.Pq Vt bool 3493Set to 3494.Dq Li YES 3495to enable iBCS2 (SCO) binary emulation at system initial boot 3496time. 3497.It Va ibcs2_loaders 3498.Pq Vt str 3499If not set to 3500.Dq Li NO 3501and if 3502.Va ibcs2_enable 3503is set to 3504.Dq Li YES , 3505this specifies a list of additional iBCS2 loaders to enable. 3506.It Va firstboot_sentinel 3507.Pq Vt str 3508This variable specifies the full path to a 3509.Dq first boot 3510sentinel file. 3511If a file exists with this path, 3512.Pa rc.d 3513scripts with the 3514.Dq firstboot 3515keyword will be run on startup and the sentinel file will be deleted 3516after the boot process completes. 3517The sentinel file must be located on a writable file system which is 3518mounted no later than 3519.Va early_late_divider 3520to function properly. 3521The default is 3522.Pa /firstboot . 3523.It Va linux_enable 3524.Pq Vt bool 3525Set to 3526.Dq Li YES 3527to enable Linux/ELF binary emulation at system initial 3528boot time. 3529.It Va sysvipc_enable 3530.Pq Vt bool 3531If set to 3532.Dq Li YES , 3533load System V IPC primitives at boot time. 3534.It Va clear_tmp_enable 3535.Pq Vt bool 3536Set to 3537.Dq Li YES 3538to have 3539.Pa /tmp 3540cleaned at startup. 3541.It Va clear_tmp_X 3542.Pq Vt bool 3543Set to 3544.Dq Li NO 3545to disable removing of X11 lock files, 3546and the removal and (secure) recreation 3547of the various socket directories for X11 3548related programs. 3549.It Va ldconfig_paths 3550.Pq Vt str 3551Set to the list of shared library paths to use with 3552.Xr ldconfig 8 . 3553NOTE: 3554.Pa /usr/lib 3555will always be added first, so it need not appear in this list. 3556.It Va ldconfig32_paths 3557.Pq Vt str 3558Set to the list of 32-bit compatibility shared library paths to 3559use with 3560.Xr ldconfig 8 . 3561.It Va ldconfig_paths_aout 3562.Pq Vt str 3563Set to the list of shared library paths to use with 3564.Xr ldconfig 8 3565legacy 3566.Xr a.out 5 3567support. 3568.It Va ldconfig_insecure 3569.Pq Vt bool 3570The 3571.Xr ldconfig 8 3572utility normally refuses to use directories 3573which are writable by anyone except root. 3574Set this variable to 3575.Dq Li YES 3576to disable that security check during system startup. 3577.It Va ldconfig_local_dirs 3578.Pq Vt str 3579Set to the list of local 3580.Xr ldconfig 8 3581directories. 3582The names of all files in the directories listed will be 3583passed as arguments to 3584.Xr ldconfig 8 . 3585.It Va ldconfig_local32_dirs 3586.Pq Vt str 3587Set to the list of local 32-bit compatibility 3588.Xr ldconfig 8 3589directories. 3590The names of all files in the directories listed will be 3591passed as arguments to 3592.Dq Nm ldconfig Fl 32 . 3593.It Va kern_securelevel_enable 3594.Pq Vt bool 3595Set to 3596.Dq Li YES 3597to set the kernel security level at system startup. 3598.It Va kern_securelevel 3599.Pq Vt int 3600The kernel security level to set at startup. 3601The allowed range of 3602.Ar value 3603ranges from \-1 (the compile time default) to 3 (the 3604most secure). 3605See 3606.Xr security 7 3607for the list of possible security levels and their effect 3608on system operation. 3609.It Va sshd_program 3610.Pq Vt str 3611Path to the SSH server program 3612.Pa ( /usr/sbin/sshd 3613is the default). 3614.It Va sshd_enable 3615.Pq Vt bool 3616Set to 3617.Dq Li YES 3618to start 3619.Xr sshd 8 3620at system boot time. 3621.It Va sshd_flags 3622.Pq Vt str 3623If 3624.Va sshd_enable 3625is set to 3626.Dq Li YES , 3627these are the flags to pass to the 3628.Xr sshd 8 3629daemon. 3630.It Va ftpd_program 3631.Pq Vt str 3632Path to the FTP server program 3633.Pa ( /usr/libexec/ftpd 3634is the default). 3635.It Va ftpd_enable 3636.Pq Vt bool 3637Set to 3638.Dq Li YES 3639to start 3640.Xr ftpd 8 3641as a stand-alone daemon at system boot time. 3642.It Va ftpd_flags 3643.Pq Vt str 3644If 3645.Va ftpd_enable 3646is set to 3647.Dq Li YES , 3648these are the additional flags to pass to the 3649.Xr ftpd 8 3650daemon. 3651.It Va watchdogd_enable 3652.Pq Vt bool 3653If set to 3654.Dq Li YES , 3655start the 3656.Xr watchdogd 8 3657daemon at boot time. 3658This requires that the kernel have been compiled with a 3659.Xr watchdog 4 3660compatible device. 3661.It Va watchdogd_flags 3662.Pq Vt str 3663If 3664.Va watchdogd_enable 3665is set to 3666.Dq Li YES , 3667these are the flags passed to the 3668.Xr watchdogd 8 3669daemon. 3670.It Va devfs_rulesets 3671.Pq Vt str 3672List of files containing sets of rules for 3673.Xr devfs 8 . 3674.It Va devfs_system_ruleset 3675.Pq Vt str 3676Rule name(s) to apply to the system 3677.Pa /dev 3678itself. 3679.It Va devfs_set_rulesets 3680.Pq Vt str 3681Pairs of already-mounted 3682.Pa dev 3683directories and rulesets that should be applied to them. 3684For example: /mount/dev=ruleset_name 3685.It Va devfs_load_rulesets 3686.Pq Vt bool 3687If set, always load the default rulesets listed in 3688.Va devfs_rulesets . 3689.It Va performance_cx_lowest 3690.Pq Vt str 3691CPU idle state to use while on AC power. 3692The string 3693.Dq Li LOW 3694indicates that 3695.Xr acpi 4 3696should use the lowest power state available while 3697.Dq Li HIGH 3698indicates that the lowest latency state (less power savings) should be used. 3699.It Va performance_cpu_freq 3700.Pq Vt str 3701CPU clock frequency to use while on AC power. 3702The string 3703.Dq Li LOW 3704indicates that 3705.Xr cpufreq 4 3706should use the lowest frequency available while 3707.Dq Li HIGH 3708indicates that the highest frequency (less power savings) should be used. 3709.It Va economy_cx_lowest 3710.Pq Vt str 3711CPU idle state to use when off AC power. 3712The string 3713.Dq Li LOW 3714indicates that 3715.Xr acpi 4 3716should use the lowest power state available while 3717.Dq Li HIGH 3718indicates that the lowest latency state (less power savings) should be used. 3719.It Va economy_cpu_freq 3720.Pq Vt str 3721CPU clock frequency to use when off AC power. 3722The string 3723.Dq Li LOW 3724indicates that 3725.Xr cpufreq 4 3726should use the lowest frequency available while 3727.Dq Li HIGH 3728indicates that the highest frequency (less power savings) should be used. 3729.It Va jail_enable 3730.Pq Vt bool 3731If set to 3732.Dq Li NO , 3733any configured jails will not be started. 3734.It Va jail_conf 3735.Pq Vt str 3736The configuration filename used by 3737.Xr jail 8 3738utility. 3739The default value is 3740.Pa /etc/jail.conf . 3741.It Va jail_parallel_start 3742.Pq Vt bool 3743If set to 3744.Dq Li YES , 3745all configured jails will be started in the background (in parallel). 3746.It Va jail_flags 3747.Pq Vt str 3748Unset by default. 3749When set, use as default value for 3750.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3751for every jail in 3752.Va jail_list . 3753.It Va jail_list 3754.Pq Vt str 3755A space-delimited list of jail names. 3756When left empty, all of the 3757.Xr jail 8 3758instances defined in the configuration file are started. 3759The names specified in this list control the jail startup order. 3760.Xr jail 8 3761instances missing from 3762.Va jail_list 3763must be started manually. 3764Note that a jail's 3765.Va depend 3766parameter in the configuration file may override this list. 3767.It Va jail_reverse_stop 3768.Pq Vt bool 3769When set to 3770.Dq Li YES , 3771all configured jails in 3772.Va jail_list 3773are stopped in reverse order. 3774.It Va jail_* variables 3775Note that older releases supported per-jail configuration via 3776.Nm 3777variables. 3778For example, 3779hostname of a jail named 3780.Li vjail 3781was able to be set by 3782.Li jail_vjail_hostname . 3783These per-jail configuration variables are now obsolete in favor of 3784.Xr jail 8 3785configuration file. 3786For backward compatibility, 3787when per-jail configuration variables are defined, 3788.Xr jail 8 3789configuration files are created as 3790.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3791and used. 3792.Pp 3793The following per-jail parameters are handled by 3794.Pa rc.d/jail 3795script out of their corresponding 3796.Nm 3797variables. 3798In addition to them, parameters in 3799.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3800will be added to the configuration file. 3801They must be a semi-colon 3802.Pq Ql \&; 3803delimited list of 3804.Dq key=value . 3805For more details, 3806see 3807.Xr jail 8 3808manual page. 3809.Bl -tag -width "host.hostname" -offset indent 3810.It Li path 3811set from 3812.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3813.It Li host.hostname 3814set from 3815.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3816.It Li exec.consolelog 3817set from 3818.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3819The default value is 3820.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3821.It Li interface 3822set from 3823.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3824.It Li vnet.interface 3825set from 3826.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3827This implies 3828.Li vnet 3829parameter will be enabled and cannot be specified with 3830.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3831.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3832and/or 3833.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3834at the same time. 3835.It Li fstab 3836set from 3837.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3838.It Li mount 3839set from 3840.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3841.It Li exec.fib 3842set from 3843.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3844.It Li exec.start 3845set from 3846.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3847The parameter name was 3848.Li command 3849in some older releases. 3850.It Li exec.prestart 3851set from 3852.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3853.It Li exec.poststart 3854set from 3855.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3856.It Li exec.stop 3857set from 3858.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3859.It Li exec.prestop 3860set from 3861.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3862.It Li exec.poststop 3863set from 3864.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3865.It Li ip4.addr 3866set if 3867.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3868or 3869.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3870contain IPv4 addresses 3871.It Li ip6.addr 3872set if 3873.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3874or 3875.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3876contain IPv6 addresses 3877.It Li allow.mount 3878set from 3879.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3880.It Li mount.devfs 3881set from 3882.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3883.It Li devfs_ruleset 3884set from 3885.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3886This must be an integer, 3887not a string. 3888.It Li mount.fdescfs 3889set from 3890.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3891.It Li allow.set_hostname 3892set from 3893.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3894.It Li allow.rawsocket 3895set from 3896.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3897.It Li allow.sysvipc 3898set from 3899.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3900.El 3901.\" ----------------------------------------------------- 3902.It Va harvest_mask 3903.Pq Vt int 3904Set to a bit-mask 3905representing the entropy sources 3906you wish to harvest. 3907Refer to 3908.Xr random 4 3909for more information. 3910.It Va entropy_dir 3911.Pq Vt str 3912Set to 3913.Dq Li NO 3914to disable caching entropy via 3915.Xr cron 8 . 3916Otherwise set to the directory 3917in which the entropy files are stored. 3918To be useful, 3919there must be 3920a system cron job 3921that regularly writes and rotates 3922files here. 3923All files found 3924will be used at boot time. 3925The default is 3926.Pa /var/db/entropy . 3927.It Va entropy_file 3928.Pq Vt str 3929Set to 3930.Dq Li NO 3931to disable caching entropy through reboots. 3932Otherwise set to the name 3933of a file used to store cached entropy. 3934This file should be located 3935on a file system that is readable 3936before all the volumes specified in 3937.Xr fstab 5 3938are mounted. 3939By default, 3940.Pa /entropy 3941is used, 3942but if 3943.Pa /var/db/entropy-file 3944is found it will also be used. 3945This will be of some use to 3946.Xr bsdinstall 8 . 3947.It Va entropy_boot_file 3948.Pq Vt str 3949Set to 3950.Dq Li NO 3951to disable 3952very early caching entropy 3953through reboots. 3954Otherwise set to the filename 3955used to read 3956very early reboot cached entropy. 3957This file should be located where 3958.Xr loader 8 3959can read it. 3960See also 3961.Xr loader.conf 5 . 3962The default location is 3963.Pa /boot/entropy . 3964.It Va entropy_save_sz 3965.Pq Vt int 3966Size of the entropy cache files saved by 3967.Nm save-entropy 3968periodically. 3969.It Va entropy_save_num 3970.Pq Vt int 3971Number of entropy cache files to save by 3972.Nm save-entropy 3973periodically. 3974.It Va ipsec_enable 3975.Pq Vt bool 3976Set to 3977.Dq Li YES 3978to run 3979.Xr setkey 8 3980on 3981.Va ipsec_file 3982at boot time. 3983.It Va ipsec_file 3984.Pq Vt str 3985Configuration file for 3986.Xr setkey 8 . 3987.It Va dmesg_enable 3988.Pq Vt bool 3989Set to 3990.Dq Li YES 3991to save 3992.Xr dmesg 8 3993to 3994.Pa /var/run/dmesg.boot 3995on boot. 3996.It Va rcshutdown_timeout 3997.Pq Vt int 3998If set, start a watchdog timer in the background which will terminate 3999.Pa rc.shutdown 4000if 4001.Xr shutdown 8 4002has not completed within the specified time (in seconds). 4003Notice that in addition to this soft timeout, 4004.Xr init 8 4005also applies a hard timeout for the execution of 4006.Pa rc.shutdown . 4007This is configured via 4008.Xr sysctl 8 4009variable 4010.Va kern.init_shutdown_timeout 4011and defaults to 120 seconds. 4012Setting the value of 4013.Va rcshutdown_timeout 4014to more than 120 seconds will have no effect until the 4015.Xr sysctl 8 4016variable 4017.Va kern.init_shutdown_timeout 4018is also increased. 4019.It Va virecover_enable 4020.Pq Vt bool 4021Set to 4022.Dq Li NO 4023to prevent the system from trying to 4024recover pre-maturely terminated 4025.Xr vi 1 4026sessions. 4027.It Va ugidfw_enable 4028.Pq Vt bool 4029Set to 4030.Dq Li YES 4031to load the 4032.Xr mac_bsdextended 4 4033module upon system initialization and load a default 4034ruleset file. 4035.It Va bsdextended_script 4036.Pq Vt str 4037The default 4038.Xr mac_bsdextended 4 4039ruleset file to load. 4040The default value of this variable is 4041.Pa /etc/rc.bsdextended . 4042.It Va newsyslog_enable 4043.Pq Vt bool 4044If set to 4045.Dq Li YES , 4046run 4047.Xr newsyslog 8 4048command at startup. 4049.It Va newsyslog_flags 4050.Pq Vt str 4051If 4052.Va newsyslog_enable 4053is set to 4054.Dq Li YES , 4055these are the flags to pass to the 4056.Xr newsyslog 8 4057program. 4058The default is 4059.Dq Li -CN , 4060which causes log files flagged with a 4061.Cm C 4062to be created. 4063.It Va mdconfig_md Ns Aq Ar X 4064.Pq Vt str 4065Arguments to 4066.Xr mdconfig 8 4067for 4068.Xr md 4 4069device 4070.Ar X . 4071At minimum a 4072.Fl t Ar type 4073must be specified and either a 4074.Fl s Ar size 4075for malloc or swap backed 4076.Xr md 4 4077devices or a 4078.Fl f Ar file 4079for vnode backed 4080.Xr md 4 4081devices. 4082Note that 4083.Va mdconfig_md Ns Aq Ar X 4084variables are evaluated until one variable is unset or null. 4085.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4086.Pq Vt str 4087Optional arguments passed to 4088.Xr newfs 8 4089to initialize 4090.Xr md 4 4091device 4092.Ar X . 4093.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4094.Pq Vt str 4095An ownership specification passed to 4096.Xr chown 8 4097after the specified 4098.Xr md 4 4099device 4100.Ar X 4101has been mounted. 4102Both the 4103.Xr md 4 4104device and the mount point will be changed. 4105.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4106.Pq Vt str 4107A mode string passed to 4108.Xr chmod 1 4109after the specified 4110.Xr md 4 4111device 4112.Ar X 4113has been mounted. 4114Both the 4115.Xr md 4 4116device and the mount point will be changed. 4117.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4118.Pq Vt str 4119Files to be copied to the mount point of the 4120.Xr md 4 4121device 4122.Ar X 4123after it has been mounted. 4124.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4125.Pq Vt str 4126Command to execute after the specified 4127.Xr md 4 4128device 4129.Ar X 4130has been mounted. 4131Note that the command is passed to 4132.Ic eval 4133and that both 4134.Va _dev 4135and 4136.Va _mp 4137variables can be used to reference respectively the 4138.Xr md 4 4139device and the mount point. 4140Assuming that the 4141.Xr md 4 4142device is 4143.Li md0 , 4144one could set the following: 4145.Bd -literal 4146mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4147.Ed 4148.It Va autobridge_interfaces 4149.Pq Vt str 4150Set to the list of bridge interfaces that will have newly arriving interfaces 4151checked against to be automatically added. 4152If not set to 4153.Dq Li NO 4154then for each whitespace separated 4155.Ar element 4156in the value, a 4157.Va autobridge_ Ns Aq Ar element 4158variable is assumed to exist which has a whitespace separated list of interface 4159names to match, these names can use wildcards. 4160For example: 4161.Bd -literal 4162autobridge_interfaces="bridge0" 4163autobridge_bridge0="tap* dc0 vlan[345]" 4164.Ed 4165.It Va mixer_enable 4166.Pq Vt bool 4167If set to 4168.Dq Li YES , 4169enable support for sound mixer. 4170.It Va hcsecd_enable 4171.Pq Vt bool 4172If set to 4173.Dq Li YES , 4174enable Bluetooth security daemon. 4175.It Va hcsecd_config 4176.Pq Vt str 4177Configuration file for 4178.Xr hcsecd 8 . 4179Default 4180.Pa /etc/bluetooth/hcsecd.conf . 4181.It Va sdpd_enable 4182.Pq Vt bool 4183If set to 4184.Dq Li YES , 4185enable Bluetooth Service Discovery Protocol daemon. 4186.It Va sdpd_control 4187.Pq Vt str 4188Path to 4189.Xr sdpd 8 4190control socket. 4191Default 4192.Pa /var/run/sdp . 4193.It Va sdpd_groupname 4194.Pq Vt str 4195Sets 4196.Xr sdpd 8 4197group to run as after it initializes. 4198Default 4199.Dq Li nobody . 4200.It Va sdpd_username 4201.Pq Vt str 4202Sets 4203.Xr sdpd 8 4204user to run as after it initializes. 4205Default 4206.Dq Li nobody . 4207.It Va bthidd_enable 4208.Pq Vt bool 4209If set to 4210.Dq Li YES , 4211enable Bluetooth Human Interface Device daemon. 4212.It Va bthidd_config 4213.Pq Vt str 4214Configuration file for 4215.Xr bthidd 8 . 4216Default 4217.Pa /etc/bluetooth/bthidd.conf . 4218.It Va bthidd_hids 4219.Pq Vt str 4220Path to a file, where 4221.Xr bthidd 8 4222will store information about known HID devices. 4223Default 4224.Pa /var/db/bthidd.hids . 4225.It Va rfcomm_pppd_server_enable 4226.Pq Vt bool 4227If set to 4228.Dq Li YES , 4229enable Bluetooth RFCOMM PPP wrapper daemon. 4230.It Va rfcomm_pppd_server_profile 4231.Pq Vt str 4232The name of the profile to use from 4233.Pa /etc/ppp/ppp.conf . 4234Multiple profiles can be specified here. 4235Also used to specify per-profile overrides. 4236When the profile name contains any of the characters 4237.Dq Li .-/+ 4238they are translated to 4239.Dq Li _ 4240for the proposes of the override variable names. 4241.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4242.Pq Vt str 4243Overrides local address to listen on. 4244By default 4245.Xr rfcomm_pppd 8 4246will listen on 4247.Dq Li ANY 4248address. 4249The address can be specified as BD_ADDR or name. 4250.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4251.Pq Vt str 4252Overrides local RFCOMM channel to listen on. 4253By default 4254.Xr rfcomm_pppd 8 4255will listen on RFCOMM channel 1. 4256Must set properly if multiple profiles used in the same time. 4257.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4258.Pq Vt bool 4259Tells 4260.Xr rfcomm_pppd 8 4261if it should register Serial Port service on the specified RFCOMM channel. 4262Default 4263.Dq Li NO . 4264.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4265.Pq Vt bool 4266Tells 4267.Xr rfcomm_pppd 8 4268if it should register Dial-Up Networking service on the specified 4269RFCOMM channel. 4270Default 4271.Dq Li NO . 4272.It Va ubthidhci_enable 4273.Pq Vt bool 4274If set to 4275.Dq Li YES , 4276change the USB Bluetooth controller from HID mode to HCI mode. 4277You also need to specify the location of USB Bluetooth controller with the 4278.Va ubthidhci_busnum 4279and 4280.Va ubthidhci_addr 4281variables. 4282.It Va ubthidhci_busnum 4283Bus number where the USB Bluetooth controller is located. 4284Check the output of 4285.Xr usbconfig 8 4286on your system to find this information. 4287.It Va ubthidhci_addr 4288Bus address of the USB Bluetooth controller. 4289Check the output of 4290.Xr usbconfig 8 4291on your system to find this information. 4292.It Va netwait_enable 4293.Pq Vt bool 4294If set to 4295.Dq Li YES , 4296delays the start of network-reliant services until 4297.Va netwait_if 4298is up and ICMP packets to a destination defined in 4299.Va netwait_ip 4300are flowing. 4301Link state is examined first, followed by 4302.Dq Li pinging 4303an IP address to verify network usability. 4304If no destination can be reached or timeouts are exceeded, 4305network services are started anyway with no guarantee that 4306the network is usable. 4307Use of this variable requires both 4308.Va netwait_ip 4309and 4310.Va netwait_if 4311to be set. 4312.It Va netwait_ip 4313.Pq Vt str 4314Empty by default. 4315This variable contains a space-delimited list of IP addresses to 4316.Xr ping 8 . 4317DNS hostnames should not be used as resolution is not guaranteed 4318to be functional at this point. 4319If multiple IP addresses are specified, 4320each will be tried until one is successful or the list is exhausted. 4321.It Va netwait_timeout 4322.Pq Vt int 4323Indicates the total number of seconds to perform a 4324.Dq Li ping 4325against each IP address in 4326.Va netwait_ip , 4327at a rate of one ping per second. 4328If any of the pings are successful, 4329full network connectivity is considered reliable. 4330The default is 60. 4331.It Va netwait_if 4332.Pq Vt str 4333Empty by default. 4334Defines the name of the network interface on which watch for link. 4335.Xr ifconfig 8 4336is used to monitor the interface, looking for 4337.Dq Li status: no carrier . 4338Once gone, the link is considered up. 4339This can be a 4340.Xr vlan 4 4341interface if desired. 4342.It Va netwait_if_timeout 4343.Pq Vt int 4344Defines the total number of seconds to wait for link to become usable, 4345polled at a 1-second interval. 4346The default is 30. 4347.It Va rctl_enable 4348.Pq Vt bool 4349If set to 4350.Dq Li YES , 4351load 4352.Xr rctl 8 4353rules from the defined ruleset. 4354The kernel must be built with 4355.Cd "options RACCT" 4356and 4357.Cd "options RCTL" . 4358.It Va rctl_rules 4359.Pq Vt str 4360Set to 4361.Pa /etc/rctl.conf 4362by default. 4363This variables contains the 4364.Xr rctl.conf 5 4365ruleset to load for 4366.Xr rctl 8 . 4367.It Va iovctl_files 4368.Pq Vt str 4369A space-separated list of configuration files used by 4370.Xr iovctl 8 . 4371The default value is an empty string. 4372.It Va autofs_enable 4373.Pq Vt bool 4374If set to 4375.Dq Li YES , 4376start the 4377.Xr automount 8 4378utility and the 4379.Xr automountd 8 4380and 4381.Xr autounmountd 8 4382daemons at boot time. 4383.It Va automount_flags 4384.Pq Vt str 4385If 4386.Va autofs_enable 4387is set to 4388.Dq Li YES , 4389these are the flags to pass to the 4390.Xr automount 8 4391program. 4392By default no flags are passed. 4393.It Va automountd_flags 4394.Pq Vt str 4395If 4396.Va autofs_enable 4397is set to 4398.Dq Li YES , 4399these are the flags to pass to the 4400.Xr automountd 8 4401daemon. 4402By default no flags are passed. 4403.It Va autounmountd_flags 4404.Pq Vt str 4405If 4406.Va autofs_enable 4407is set to 4408.Dq Li YES , 4409these are the flags to pass to the 4410.Xr autounmountd 8 4411daemon. 4412By default no flags are passed. 4413.It Va ctld_enable 4414.Pq Vt bool 4415If set to 4416.Dq Li YES , 4417start the 4418.Xr ctld 8 4419daemon at boot time. 4420.It Va iscsid_enable 4421.Pq Vt bool 4422If set to 4423.Dq Li YES , 4424start the 4425.Xr iscsid 8 4426daemon at boot time. 4427.It Va iscsictl_enable 4428.Pq Vt bool 4429If set to 4430.Dq Li YES , 4431start the 4432.Xr iscsictl 8 4433utility at boot time. 4434.It Va iscsictl_flags 4435.Pq Vt str 4436If 4437.Va iscsictl_enable 4438is set to 4439.Dq Li YES , 4440these are the flags to pass to the 4441.Xr iscsictl 8 4442program. 4443The default is 4444.Dq Li -Aa , 4445which configures sessions based on the 4446.Pa /etc/iscsi.conf 4447configuration file. 4448.El 4449.Sh FILES 4450.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4451.It Pa /etc/defaults/rc.conf 4452.It Pa /etc/rc.conf 4453.It Pa /etc/rc.conf.local 4454.El 4455.Sh SEE ALSO 4456.Xr chmod 1 , 4457.Xr gdb 1 , 4458.Xr info 1 , 4459.Xr kbdcontrol 1 , 4460.Xr makewhatis 1 , 4461.Xr sh 1 , 4462.Xr vi 1 , 4463.Xr vidcontrol 1 , 4464.Xr bridge 4 , 4465.Xr dummynet 4 , 4466.Xr ip 4 , 4467.Xr ipf 4 , 4468.Xr ipfw 4 , 4469.Xr ipnat 4 , 4470.Xr kld 4 , 4471.Xr pf 4 , 4472.Xr pflog 4 , 4473.Xr pfsync 4 , 4474.Xr tcp 4 , 4475.Xr udp 4 , 4476.Xr exports 5 , 4477.Xr fstab 5 , 4478.Xr ipf 5 , 4479.Xr ipnat 5 , 4480.Xr jail.conf 5 , 4481.Xr loader.conf 5 , 4482.Xr motd 5 , 4483.Xr newsyslog.conf 5 , 4484.Xr pf.conf 5 , 4485.Xr security 7 , 4486.Xr accton 8 , 4487.Xr amd 8 , 4488.Xr apm 8 , 4489.Xr bsdinstall 8 , 4490.Xr bthidd 8 , 4491.Xr chkprintcap 8 , 4492.Xr chown 8 , 4493.Xr cron 8 , 4494.Xr devfs 8 , 4495.Xr dhclient 8 , 4496.Xr ftpd 8 , 4497.Xr geli 8 , 4498.Xr hcsecd 8 , 4499.Xr ifconfig 8 , 4500.Xr inetd 8 , 4501.Xr iovctl 8 , 4502.Xr ipf 8 , 4503.Xr ipfw 8 , 4504.Xr ipnat 8 , 4505.Xr jail 8 , 4506.Xr kldxref 8 , 4507.Xr loader 8 , 4508.Xr lpd 8 , 4509.Xr mdconfig 8 , 4510.Xr mdmfs 8 , 4511.Xr mixer 8 , 4512.Xr mountd 8 , 4513.Xr moused 8 , 4514.Xr newfs 8 , 4515.Xr newsyslog 8 , 4516.Xr nfsd 8 , 4517.Xr ntpd 8 , 4518.Xr ntpdate 8 , 4519.Xr pfctl 8 , 4520.Xr pflogd 8 , 4521.Xr ping 8 , 4522.Xr powerd 8 , 4523.Xr quotacheck 8 , 4524.Xr quotaon 8 , 4525.Xr rc 8 , 4526.Xr rc.sendmail 8 , 4527.Xr rfcomm_pppd 8 , 4528.Xr route 8 , 4529.Xr routed 8 , 4530.Xr rpc.lockd 8 , 4531.Xr rpc.statd 8 , 4532.Xr rpcbind 8 , 4533.Xr rwhod 8 , 4534.Xr savecore 8 , 4535.Xr sdpd 8 , 4536.Xr sshd 8 , 4537.Xr swapon 8 , 4538.Xr sysctl 8 , 4539.Xr syslogd 8 , 4540.Xr timed 8 , 4541.Xr unbound 8 , 4542.Xr usbconfig 8 , 4543.Xr wlandebug 8 , 4544.Xr yp 8 , 4545.Xr ypbind 8 , 4546.Xr ypserv 8 , 4547.Xr ypset 8 4548.Sh HISTORY 4549The 4550.Nm 4551file appeared in 4552.Fx 2.2.2 . 4553.Sh AUTHORS 4554.An Jordan K. Hubbard . 4555