1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd February 9, 2007 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va kldxref_enable 168.Pq Vt bool 169Set to 170.Dq Li NO 171by default. 172Set to 173.Dq Li YES 174to automatically rebuild 175.Pa linker.hints 176files with 177.Xr kldxref 8 178at boot time. 179.It Va kldxref_clobber 180.Pq Vt bool 181Set to 182.Dq Li NO 183by default. 184If 185.Va kldxref_enable 186is true, 187setting to 188.Dq Li YES 189will overwrite existing 190.Pa linker.hints 191files at boot time. 192Otherwise, 193only missing 194.Pa linker.hints 195files are generated. 196.It Va kldxref_module_path 197.Pq Vt str 198Empty by default. 199A semi-colon 200.Pq Ql \&; 201delimited list of paths containing 202.Xr kld 4 203modules. 204If empty, 205the contents of the 206.Va kern.module_path 207.Xr sysctl 8 208are used. 209.It Va powerd_enable 210.Pq Vt bool 211If set to 212.Dq Li YES , 213enable the system power control facility with the 214.Xr powerd 8 215daemon. 216.It Va powerd_flags 217.Pq Vt str 218If 219.Va powerd_enable 220is set to 221.Dq Li YES , 222these are the flags to pass to the 223.Xr powerd 8 224daemon. 225.It Va tmpmfs 226Controls the creation of a 227.Pa /tmp 228memory file system. 229Always happens if set to 230.Dq Li YES 231and never happens if set to 232.Dq Li NO . 233If set to anything else, a memory file system is created if 234.Pa /tmp 235is not writable. 236.It Va tmpsize 237Controls the size of a created 238.Pa /tmp 239memory file system. 240.It Va tmpmfs_flags 241Extra options passed to the 242.Xr mdmfs 8 243utility when the memory file system for 244.Pa /tmp 245is created. 246The default is 247.Dq Li "-S -M" , 248which inhibits the use of softupdates on 249.Pa /tmp 250to waste as little space as possible 251and creates a pure memory backed disk, which will never be swapped out, 252for maximum performance and system stability at low memory conditions. 253See 254.Xr mdmfs 8 255for other options you can use in 256.Va tmpmfs_flags . 257.It Va varmfs 258Controls the creation of a 259.Pa /var 260memory file system. 261Always happens if set to 262.Dq Li YES 263and never happens if set to 264.Dq Li NO . 265If set to anything else, a memory file system is created if 266.Pa /var 267is not writable. 268.It Va varsize 269Controls the size of a created 270.Pa /var 271memory file system. 272.It Va varmfs_flags 273Extra options passed to the 274.Xr mdmfs 8 275utility when the memory file system for 276.Pa /var 277is created. 278The default is 279.Dq Li "-S -M" , 280which inhibits the use of softupdates on 281.Pa /var 282to waste as little space as possible 283and creates a pure memory backed disk, which will never be swapped out, 284for maximum performance and system stability at low memory conditions. 285See 286.Xr mdmfs 8 287for other options you can use in 288.Va varmfs_flags . 289.It Va populate_var 290Controls the automatic population of the 291.Pa /var 292file system. 293Always happens if set to 294.Dq Li YES 295and never happens if set to 296.Dq Li NO . 297If set to anything else, a memory file system is created if 298.Pa /var 299is not writable. 300Note that this process requires access to certain commands in 301.Pa /usr 302before 303.Pa /usr 304is mounted on normal systems. 305.It Va cleanvar_enable 306.Pq Vt bool 307Clean the 308.Pa /var 309directory. 310.It Va local_startup 311.Pq Vt str 312List of directories to search for startup script files. 313.It Va script_name_sep 314.Pq Vt str 315The field separator to use for breaking down the list of startup script files 316into individual filenames. 317The default is a space. 318It is not necessary to change this unless there are startup scripts with names 319containing spaces. 320.It Va hostapd_enable 321.Pq Vt bool 322Set to 323.Dq Li YES 324to start 325.Xr hostapd 8 326at system boot time. 327.It Va hostname 328.Pq Vt str 329The fully qualified domain name (FQDN) of this host on the network. 330This should almost certainly be set to something meaningful, even if 331there is no network connection. 332If 333.Xr dhclient 8 334is used to set the hostname via DHCP, 335this variable should be set to an empty string. 336.It Va ipv6_enable 337.Pq Vt bool 338Enable support for IPv6 networking. 339Note that this requires that the kernel has been compiled with 340.Cd "options INET6" . 341.It Va nisdomainname 342.Pq Vt str 343The NIS domain name of this host, or 344.Dq Li NO 345if NIS is not used. 346.It Va dhclient_program 347.Pq Vt str 348Path to the DHCP client program 349.Pa ( /sbin/dhclient , 350the 351.Ox 352DHCP client, 353is the default). 354.It Va dhclient_flags 355.Pq Vt str 356Additional flags to pass to the DHCP client program. 357For the 358.Ox 359DHCP client, see the 360.Xr dhclient 8 361manpage for a description of the command line options available. 362.It Va dhclient_flags_ Ns Aq Ar iface 363Additional flags to pass to the DHCP client program running on 364.Ar iface 365only. 366When specified, this variable overrides 367.Va dhclient_flags . 368.It Va background_dhclient 369.Pq Vt bool 370Set to 371.Dq Li YES 372to start the DHCP client in background. 373This can cause trouble with applications depending on 374a working network, but it will provide a faster startup 375in many cases. 376.It Va background_dhclient_ Ns Aq Ar iface 377When specified, this variable overrides the 378.Va background_dhclient 379variable for interface 380.Ar iface 381only. 382.It Va synchronous_dhclient 383.Pq Bt bool 384Set to 385.Dq Li NO 386to start 387.Xr dhclient 8 388only in response to interface events and not synchronously at startup. 389This behavior can be overridden on a per-interface basis by replacing 390the 391.Dq Li DHCP 392keyword in the 393.Va ifconfig_ Ns Aq Ar interface 394variable with 395.Dq Li SYNCDHCP 396or 397.Dq Li NOSYNCDHCP . 398.It Va firewall_enable 399.Pq Vt bool 400Set to 401.Dq Li YES 402to load firewall rules at startup. 403If the kernel was not built with 404.Cd "options IPFIREWALL" , 405the 406.Pa ipfw.ko 407kernel module will be loaded. 408See also 409.Va ipfilter_enable . 410.It Va ipv6_firewall_enable 411.Pq Vt bool 412The IPv6 equivalent of 413.Va firewall_enable . 414Set to 415.Dq Li YES 416to load IPv6 firewall rules at startup. 417If the kernel was not built with 418.Cd "options IPV6FIREWALL" , 419the 420.Pa ipfw.ko 421kernel module will be loaded. 422.It Va firewall_script 423.Pq Vt str 424This variable specifies the full path to the firewall script to run. 425The default is 426.Pa /etc/rc.firewall . 427.It Va ipv6_firewall_script 428.Pq Vt str 429The IPv6 equivalent of 430.Va firewall_script . 431.It Va firewall_type 432.Pq Vt str 433Names the firewall type from the selection in 434.Pa /etc/rc.firewall , 435or the file which contains the local firewall ruleset. 436Valid selections from 437.Pa /etc/rc.firewall 438are: 439.Pp 440.Bl -tag -width ".Li simple" -compact 441.It Li open 442unrestricted IP access 443.It Li closed 444all IP services disabled, except via 445.Dq Li lo0 446.It Li client 447basic protection for a workstation 448.It Li simple 449basic protection for a LAN. 450.El 451.Pp 452If a filename is specified, the full path 453must be given. 454.It Va ipv6_firewall_type 455.Pq Vt str 456The IPv6 equivalent of 457.Va firewall_type . 458.It Va firewall_quiet 459.Pq Vt bool 460Set to 461.Dq Li YES 462to disable the display of firewall rules on the console during boot. 463.It Va ipv6_firewall_quiet 464.Pq Vt bool 465The IPv6 equivalent of 466.Va firewall_quiet . 467.It Va firewall_logging 468.Pq Vt bool 469Set to 470.Dq Li YES 471to enable firewall event logging. 472This is equivalent to the 473.Dv IPFIREWALL_VERBOSE 474kernel option. 475.It Va ipv6_firewall_logging 476.Pq Vt bool 477The IPv6 equivalent of 478.Va firewall_logging . 479.It Va firewall_flags 480.Pq Vt str 481Flags passed to 482.Xr ipfw 8 483if 484.Va firewall_type 485specifies a filename. 486.It Va ipv6_firewall_flags 487.Pq Vt str 488The IPv6 equivalent of 489.Va firewall_flags . 490.It Va natd_program 491.Pq Vt str 492Path to 493.Xr natd 8 . 494.It Va natd_enable 495.Pq Vt bool 496Set to 497.Dq Li YES 498to enable 499.Xr natd 8 . 500.Va firewall_enable 501must also be set to 502.Dq Li YES , 503and 504.Xr divert 4 505sockets must be enabled in the kernel. 506If the kernel was not built with 507.Cd "options IPDIVERT" , 508the 509.Pa ipdivert.ko 510kernel module will be loaded. 511.It Va natd_interface 512.Pq Vt str 513This is the name of the public interface on which 514.Xr natd 8 515should run. 516The interface may be given as an interface name or as an IP address. 517.It Va natd_flags 518.Pq Vt str 519Additional 520.Xr natd 8 521flags should be placed here. 522The 523.Fl n 524or 525.Fl a 526flag is automatically added with the above 527.Va natd_interface 528as an argument. 529.\" ----- ipfilter_enable setting -------------------------------- 530.It Va ipfilter_enable 531.Pq Vt bool 532Set to 533.Dq Li NO 534by default. 535Setting this to 536.Dq Li YES 537enables 538.Xr ipf 8 539packet filtering. 540.Pp 541Typical usage will require putting 542.Bd -literal 543ipfilter_enable="YES" 544ipnat_enable="YES" 545ipmon_enable="YES" 546ipfs_enable="YES" 547.Ed 548.Pp 549into 550.Pa /etc/rc.conf 551and editing 552.Pa /etc/ipf.rules 553and 554.Pa /etc/ipnat.rules 555appropriately. 556.Pp 557Note that 558.Va ipfilter_enable 559and 560.Va ipnat_enable 561can be enabled independently. 562.Va ipmon_enable 563and 564.Va ipfs_enable 565both require at least one of 566.Va ipfilter_enable 567and 568.Va ipnat_enable 569to be enabled. 570.Pp 571Having 572.Bd -literal 573options IPFILTER 574options IPFILTER_LOG 575options IPFILTER_DEFAULT_BLOCK 576.Ed 577.Pp 578in the kernel configuration file is a good idea, too. 579.\" ----- ipfilter_program setting ------------------------------ 580.It Va ipfilter_program 581.Pq Vt str 582Path to 583.Xr ipf 8 584(default 585.Pa /sbin/ipf ) . 586.\" ----- ipfilter_rules setting -------------------------------- 587.It Va ipfilter_rules 588.Pq Vt str 589Set to 590.Pa /etc/ipf.rules 591by default. 592This variable contains the name of the filter rule definition file. 593The file is expected to be readable for the 594.Xr ipf 8 595command to execute. 596.\" ----- ipv6_ipfilter_rules setting --------------------------- 597.It Va ipv6_ipfilter_rules 598.Pq Vt str 599Set to 600.Pa /etc/ipf6.rules 601by default. 602This variable contains the IPv6 filter rule definition file. 603The file is expected to be readable for the 604.Xr ipf 8 605command to execute. 606.\" ----- ipfilter_flags setting -------------------------------- 607.It Va ipfilter_flags 608.Pq Vt str 609Empty by default. 610This variable contains flags passed to the 611.Xr ipf 8 612program. 613.\" ----- ipnat_enable setting ---------------------------------- 614.It Va ipnat_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Set it to 620.Dq Li YES 621to enable 622.Xr ipnat 8 623network address translation. 624See 625.Va ipfilter_enable 626for a detailed discussion. 627.\" ----- ipnat_program setting --------------------------------- 628.It Va ipnat_program 629.Pq Vt str 630Path to 631.Xr ipnat 8 632(default 633.Pa /sbin/ipnat ) . 634.\" ----- ipnat_rules setting ----------------------------------- 635.It Va ipnat_rules 636.Pq Vt str 637Set to 638.Pa /etc/ipnat.rules 639by default. 640This variable contains the name of the file 641holding the network address translation definition. 642This file is expected to be readable for the 643.Xr ipnat 8 644command to execute. 645.\" ----- ipnat_flags setting ----------------------------------- 646.It Va ipnat_flags 647.Pq Vt str 648Empty by default. 649This variable contains flags passed to the 650.Xr ipnat 8 651program. 652.\" ----- ipmon_enable setting ---------------------------------- 653.It Va ipmon_enable 654.Pq Vt bool 655Set to 656.Dq Li NO 657by default. 658Set it to 659.Dq Li YES 660to enable 661.Xr ipmon 8 662monitoring (logging 663.Xr ipf 8 664and 665.Xr ipnat 8 666events). 667Setting this variable needs setting 668.Va ipfilter_enable 669or 670.Va ipnat_enable 671too. 672See 673.Va ipfilter_enable 674for a detailed discussion. 675.\" ----- ipmon_program setting --------------------------------- 676.It Va ipmon_program 677.Pq Vt str 678Path to 679.Xr ipmon 8 680(default 681.Pa /sbin/ipmon ) . 682.\" ----- ipmon_flags setting ----------------------------------- 683.It Va ipmon_flags 684.Pq Vt str 685Set to 686.Dq Li -Ds 687by default. 688This variable contains flags passed to the 689.Xr ipmon 8 690program. 691Another typical example would be 692.Dq Fl D Pa /var/log/ipflog 693to have 694.Xr ipmon 8 695log directly to a file bypassing 696.Xr syslogd 8 . 697Make sure to adjust 698.Pa /etc/newsyslog.conf 699in such case like this: 700.Bd -literal 701/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 702.Ed 703.\" ----- ipfs_enable setting ----------------------------------- 704.It Va ipfs_enable 705.Pq Vt bool 706Set to 707.Dq Li NO 708by default. 709Set it to 710.Dq Li YES 711to enable 712.Xr ipfs 8 713saving the filter and NAT state tables during shutdown 714and reloading them during startup again. 715Setting this variable needs setting 716.Va ipfilter_enable 717or 718.Va ipnat_enable 719to 720.Dq Li YES 721too. 722See 723.Va ipfilter_enable 724for a detailed discussion. 725Note that if 726.Va kern_securelevel 727is set to 3, 728.Va ipfs_enable 729cannot be used 730because the raised securelevel will prevent 731.Xr ipfs 8 732from saving the state tables at shutdown time. 733.\" ----- ipfs_program setting ---------------------------------- 734.It Va ipfs_program 735.Pq Vt str 736Path to 737.Xr ipfs 8 738(default 739.Pa /sbin/ipfs ) . 740.\" ----- ipfs_flags setting ------------------------------------ 741.It Va ipfs_flags 742.Pq Vt str 743Empty by default. 744This variable contains flags passed to the 745.Xr ipfs 8 746program. 747.\" ----- end of added ipf hook --------------------------------- 748.It Va pf_enable 749.Pq Vt bool 750Set to 751.Dq Li NO 752by default. 753Setting this to 754.Dq Li YES 755enables 756.Xr pf 4 757packet filtering. 758.Pp 759Typical usage will require putting 760.Pp 761.Dl pf_enable="YES" 762.Pp 763into 764.Pa /etc/rc.conf 765and editing 766.Pa /etc/pf.conf 767appropriately. 768.Pp 769.Dl "device pf" 770.Pp 771builds 772.Xr pf 4 773into the kernel. 774Otherwise it is loaded from a module. 775.It Va pf_rules 776.Pq Vt str 777Path to 778.Xr pf 4 779ruleset configuration file 780(default 781.Pa /etc/pf.conf ) . 782.It Va pf_program 783.Pq Vt str 784Path to 785.Xr pfctl 8 786(default 787.Pa /sbin/pfctl ) . 788.It Va pf_flags 789.Pq Vt str 790If 791.Va pf_enable 792is set to 793.Dq Li YES , 794these flags are passed to the 795.Xr pfctl 8 796program when loading the ruleset. 797.It Va pflog_enable 798.Pq Vt bool 799Set to 800.Dq Li NO 801by default. 802Setting this to 803.Dq Li YES 804enables 805.Xr pflogd 8 806which logs packets from the 807.Xr pf 4 808packet filter. 809.It Va pflog_logfile 810.Pq Vt str 811If 812.Va pflog_enable 813is set to 814.Dq Li YES 815this controls where 816.Xr pflogd 8 817stores the logfile 818(default 819.Pa /var/log/pflog ) . 820Check 821.Pa /etc/newsyslog.conf 822to adjust logfile rotation for this. 823.It Va pflog_program 824.Pq Vt str 825Path to 826.Xr pflogd 8 827(default 828.Pa /sbin/pflogd ) . 829.It Va pflog_flags 830.Pq Vt str 831Empty by default. 832This variable contains additional flags passed to the 833.Xr pflogd 8 834program. 835.It Va pfsync_enable 836.Pq Vt bool 837Set to 838.Dq Li NO 839by default. 840Setting this to 841.Dq Li YES 842enables exposing 843.Xr pf 4 844state changes to other hosts over the network by means of 845.Xr pfsync 4 . 846The 847.Va pfsync_syncdev 848variable 849must also be set then. 850.It Va pfsync_syncdev 851.Pq Vt str 852Empty by default. 853This variable specifies the name of the network interface 854.Xr pfsync 4 855should operate through. 856It must be set accordingly if 857.Va pfsync_enable 858is set to 859.Dq Li YES . 860.It Va pfsync_ifconfig 861.Pq Vt str 862Empty by default. 863This variable can contain additional options to be passed to the 864.Xr ifconfig 8 865command used to set up 866.Xr pfsync 4 . 867.It Va tcp_extensions 868.Pq Vt bool 869Set to 870.Dq Li YES 871by default. 872Setting this to 873.Dq Li NO 874disables certain TCP options as described by 875.Rs 876.%T "RFC 1323" 877.Re 878Setting this to 879.Dq Li NO 880might help remedy such problems with connections as randomly hanging 881or other weird behavior. 882Some network devices are known 883to be broken with respect to these options. 884.It Va log_in_vain 885.Pq Vt int 886Set to 0 by default. 887The 888.Xr sysctl 8 889variables, 890.Va net.inet.tcp.log_in_vain 891and 892.Va net.inet.udp.log_in_vain , 893as described in 894.Xr tcp 4 895and 896.Xr udp 4 , 897are set to the given value. 898.It Va tcp_keepalive 899.Pq Vt bool 900Set to 901.Dq Li YES 902by default. 903Setting to 904.Dq Li NO 905will disable probing idle TCP connections to verify that the 906peer is still up and reachable. 907.It Va tcp_drop_synfin 908.Pq Vt bool 909Set to 910.Dq Li NO 911by default. 912Setting to 913.Dq Li YES 914will cause the kernel to ignore TCP frames that have both 915the SYN and FIN flags set. 916This prevents OS fingerprinting, but may 917break some legitimate applications. 918This option is only available if the 919kernel was built with the 920.Dv TCP_DROP_SYNFIN 921option. 922.It Va icmp_drop_redirect 923.Pq Vt bool 924Set to 925.Dq Li NO 926by default. 927Setting to 928.Dq Li YES 929will cause the kernel to ignore ICMP REDIRECT packets. 930Refer to 931.Xr icmp 4 932for more information. 933.It Va icmp_log_redirect 934.Pq Vt bool 935Set to 936.Dq Li NO 937by default. 938Setting to 939.Dq Li YES 940will cause the kernel to log ICMP REDIRECT packets. 941Note that 942the log messages are not rate-limited, so this option should only be used 943for troubleshooting networks. 944Refer to 945.Xr icmp 4 946for more information. 947.It Va icmp_bmcastecho 948.Pq Vt bool 949Set to 950.Dq Li YES 951to respond to broadcast or multicast ICMP ping packets. 952Refer to 953.Xr icmp 4 954for more information. 955.It Va ip_portrange_first 956.Pq Vt int 957If not set to 958.Dq Li NO , 959this is the first port in the default portrange. 960Refer to 961.Xr ip 4 962for more information. 963.It Va ip_portrange_last 964.Pq Vt int 965If not set to 966.Dq Li NO , 967this is the last port in the default portrange. 968Refer to 969.Xr ip 4 970for more information. 971.It Va network_interfaces 972.Pq Vt str 973Set to the list of network interfaces to configure on this host or 974.Dq Li AUTO 975(the default) for all current interfaces. 976Setting the 977.Va network_interfaces 978variable to anything other than the default is deprecated. 979Interfaces that the administrator wishes to store configuration for, 980but not start at boot should be configured with the 981.Dq Li NOAUTO 982keyword in their 983.Va ifconfig_ Ns Aq Ar interface 984variables as described below. 985.Pp 986An 987.Va ifconfig_ Ns Aq Ar interface 988variable is also assumed to exist for each value of 989.Ar interface . 990When an interface name contains any of the characters 991.Dq Li .-/+ 992they are translated to 993.Dq Li _ 994before lookup. 995The variable can contain arguments to 996.Xr ifconfig 8 , 997as well as special case-insensitive keywords described below. 998Such keywords are removed before passing the value to 999.Xr ifconfig 8 1000while the order of the other arguments is preserved. 1001.Pp 1002One can configure more than one IPv4 address with the 1003.Va ipv4_addrs_ Ns Aq Ar interface 1004variable. 1005One or more IP addresses must be provided in Classless Inter-Domain 1006Routing (CIDR) address notation, whose last byte can be a range like 1007192.168.0.5-23/24. 1008In this case the address 192.168.0.5 will be configured with the 1009netmask /24 and the addresses 192.168.0.6 to 192.168.0.23 with 1010the non-conflicting netmask /32 as explained in the 1011.Xr ifconfig 8 1012alias section. 1013With the interface in question being 1014.Li ed0 , 1015an example could look like: 1016.Bd -literal 1017ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" 1018.Ed 1019.Pp 1020It is also possible to add IP alias entries using 1021.Xr ifconfig 8 1022syntax. 1023Assuming that the interface in question was 1024.Li ed0 , 1025it might look 1026something like this: 1027.Bd -literal 1028ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1029ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1030.Ed 1031.Pp 1032And so on. 1033For each 1034.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1035entry that is found, 1036its contents are passed to 1037.Xr ifconfig 8 . 1038Execution stops at the first unsuccessful access, so if 1039something like this is present: 1040.Bd -literal 1041ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1042ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1043ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1044ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1045.Ed 1046.Pp 1047Then note that alias4 would 1048.Em not 1049be added since the search would 1050stop with the missing 1051.Dq Li alias3 1052entry. 1053Due to this difficult to manage behavior, the 1054.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1055form is deprecated. 1056.Pp 1057If the 1058.Pa /etc/start_if. Ns Aq Ar interface 1059file is present, it is read and executed by the 1060.Xr sh 1 1061interpreter 1062before configuring the interface as specified in the 1063.Va ifconfig_ Ns Aq Ar interface 1064and 1065.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1066variables. 1067.Pp 1068If the 1069.Va ifconfig_ Ns Aq Ar interface 1070contains the keyword 1071.Dq Li NOAUTO 1072then the interface will not be configured 1073at boot or by 1074.Pa /etc/pccard_ether 1075when 1076.Va network_interfaces 1077is set to 1078.Dq Li AUTO . 1079.Pp 1080It is possible to bring up an interface with DHCP by adding 1081.Dq Li DHCP 1082to the 1083.Va ifconfig_ Ns Aq Ar interface 1084variable. 1085For instance, to initialize the 1086.Li ed0 1087device via DHCP, 1088it is possible to use something like: 1089.Bd -literal 1090ifconfig_ed0="DHCP" 1091.Ed 1092.Pp 1093Also, if your interface needs WPA authentication, it is possible to add 1094.Dq Li WPA 1095to the 1096.Va ifconfig_ Ns Aq Ar interface 1097variable. 1098.Pp 1099Finally, you can add 1100.Xr ifconfig 8 1101options in this variable, in addition to the 1102.Pa /etc/start_if. Ns Aq Ar interface 1103file. 1104For instance, to initialize the 1105.Li wi0 1106device via DHCP, using WPA authentication and 802.11b mode, it is 1107possible to use something like: 1108.Bd -literal 1109ifconfig_wi0="DHCP WPA mode 11b" 1110.Ed 1111.Pp 1112In addition to the 1113.Va ifconfig_ Ns Aq Ar interface 1114form, a fallback variable 1115.Va ifconfig_DEFAULT 1116may be configured. 1117It will be used for all interfaces with no 1118.Va ifconfig_ Ns Aq Ar interface 1119variable. 1120This is intended to replace the no longer supported 1121.Va pccard_ifconfig 1122variable. 1123.Pp 1124It is also possible to rename interface by doing: 1125.Bd -literal 1126ifconfig_ed0_name="net0" 1127ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000" 1128.Ed 1129.It Va ipv6_network_interfaces 1130.Pq Vt str 1131This is the IPv6 equivalent of 1132.Va network_interfaces . 1133Instead of setting the ifconfig variables as 1134.Va ifconfig_ Ns Aq Ar interface 1135they should be set as 1136.Va ipv6_ifconfig_ Ns Aq Ar interface . 1137Aliases should be set as 1138.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1139.Va ipv6_prefix_ Ns Aq Ar interface 1140does something. 1141Interfaces that do not have a 1142.Va ipv6_ifconfig_ Ns Aq Ar interface 1143setting will be auto configured by 1144.Xr rtsol 8 1145if the 1146.Va ipv6_gateway_enable 1147is set to 1148.Dq Li NO . 1149Note that the IPv6 networking code does not support the 1150.Pa /etc/start_if. Ns Aq Ar interface 1151files. 1152.It Va ipv6_default_interface 1153.Pq Vt str 1154If not set to 1155.Dq Li NO , 1156this is the default output interface for scoped addresses. 1157Now this works only for IPv6 link local multicast addresses. 1158.It Va cloned_interfaces 1159.Pq Vt str 1160Set to the list of clonable network interfaces to create on this host. 1161Entries in 1162.Va cloned_interfaces 1163are automatically appended to 1164.Va network_interfaces 1165for configuration. 1166.It Va fec_interfaces 1167.Pq Vt str 1168Set to the list of 1169.Xr ng_fec 4 1170Fast EtherChannel interfaces to configure on this host. 1171A 1172.Va fecconfig_ Ns Aq Ar interface 1173variable is assumed to exist for each value of 1174.Ar interface . 1175The value of this variable is used to configure link aggregated interfaces 1176according to the syntax of the 1177.Cm NGM_FEC_ADD_IFACE 1178to 1179.Xr ngctl 8 1180msg. 1181Additionally, this option ensures that each listed interface is created 1182via the 1183.Cm mkpeer 1184command to 1185.Xr ngctl 8 1186before attempting to configure it. 1187For example: 1188.Bd -literal 1189fec_interfaces="fec0" 1190fecconfig_fec0="em0 em1" 1191ifconfig_fec0="DHCP" 1192.Ed 1193.It Va gif_interfaces 1194.Pq Vt str 1195Set to the list of 1196.Xr gif 4 1197tunnel interfaces to configure on this host. 1198A 1199.Va gifconfig_ Ns Aq Ar interface 1200variable is assumed to exist for each value of 1201.Ar interface . 1202The value of this variable is used to configure the link layer of the 1203tunnel according to the syntax of the 1204.Cm tunnel 1205option to 1206.Xr ifconfig 8 . 1207Additionally, this option ensures that each listed interface is created 1208via the 1209.Cm create 1210option to 1211.Xr ifconfig 8 1212before attempting to configure it. 1213.It Va sppp_interfaces 1214.Pq Vt str 1215Set to the list of 1216.Xr sppp 4 1217interfaces to configure on this host. 1218A 1219.Va spppconfig_ Ns Aq Ar interface 1220variable is assumed to exist for each value of 1221.Ar interface . 1222Each interface should also be configured by a general 1223.Va ifconfig_ Ns Aq Ar interface 1224setting. 1225Refer to 1226.Xr spppcontrol 8 1227for more information about available options. 1228.It Va ppp_enable 1229.Pq Vt bool 1230If set to 1231.Dq Li YES , 1232run the 1233.Xr ppp 8 1234daemon. 1235.It Va ppp_mode 1236.Pq Vt str 1237Mode in which to run the 1238.Xr ppp 8 1239daemon. 1240Accepted modes are 1241.Dq Li auto , 1242.Dq Li ddial , 1243.Dq Li direct 1244and 1245.Dq Li dedicated . 1246See the manual for a full description. 1247.It Va ppp_nat 1248.Pq Vt bool 1249If set to 1250.Dq Li YES , 1251enables network address translation. 1252Used in conjunction with 1253.Va gateway_enable 1254allows hosts on private network addresses access to the Internet using 1255this host as a network address translating router. 1256.It Va ppp_profile 1257.Pq Vt str 1258The name of the profile to use from 1259.Pa /etc/ppp/ppp.conf . 1260.It Va ppp_user 1261.Pq Vt str 1262The name of the user under which 1263.Xr ppp 8 1264should be started. 1265By 1266default, 1267.Xr ppp 8 1268is started as 1269.Dq Li root . 1270.It Va rc_conf_files 1271.Pq Vt str 1272This option is used to specify a list of files that will override 1273the settings in 1274.Pa /etc/defaults/rc.conf . 1275The files will be read in the order in which they are specified and should 1276include the full path to the file. 1277By default, the files specified are 1278.Pa /etc/rc.conf 1279and 1280.Pa /etc/rc.conf.local 1281.It Va gbde_autoattach_all 1282.Pq Vt bool 1283If set to 1284.Dq Li YES , 1285.Pa /etc/rc.d/gbde 1286will attempt to automatically initialize your .bde devices in 1287.Pa /etc/fstab . 1288.It Va gbde_devices 1289.Pq Vt str 1290List the devices that the script should try to attach, 1291or 1292.Dq Li AUTO . 1293.It Va gbde_lockdir 1294.Pq Vt str 1295The directory where the 1296.Xr gbde 4 1297lockfiles are located. 1298The default lockfile directory is 1299.Pa /etc . 1300.Pp 1301The lockfile for each individual 1302.Xr gbde 4 1303device can be overridden by setting the variable 1304.Va gbde_lock_ Ns Aq Ar device , 1305where 1306.Ar device 1307is the encrypted device without the 1308.Dq Pa /dev/ 1309and 1310.Dq Pa .bde 1311parts. 1312.It Va gbde_attach_attempts 1313.Pq Vt int 1314Number of times to attempt attaching to a 1315.Xr gbde 4 1316device, i.e., how many times the user is asked for the pass-phrase. 1317Default is 3. 1318.It Va geli_devices 1319.Pq Vt str 1320List of devices to automatically attach on boot. 1321Note that .eli devices from 1322.Pa /etc/fstab 1323are automatically appended to this list. 1324.It Va geli_tries 1325.Pq Vt int 1326Number of times user is asked for the pass-phrase. 1327If empty, it will be taken from 1328.Va kern.geom.eli.tries 1329sysctl variable. 1330.It Va geli_default_flags 1331.Pq Vt str 1332Default flags to use by 1333.Xr geli 8 1334when configuring disk encryption. 1335Flags can be configured for every device separately by defining 1336.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1337variable. 1338.It Va geli_autodetach 1339.Pq Vt str 1340Specifies if GELI devices should be marked for detach on last close after 1341file systems are mounted. 1342Default is 1343.Dq Li YES . 1344This can be changed for every device separately by defining 1345.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1346variable. 1347.It Va geli_swap_flags 1348Options passed to the 1349.Xr geli 8 1350utility when encrypted GEOM providers for swap partitions are created. 1351The default is 1352.Dq Li "-a aes -l 256 -s 4096 -d" . 1353.It Va root_rw_mount 1354.Pq Vt bool 1355Set to 1356.Dq Li YES 1357by default. 1358After the file systems are checked at boot time, the root file system 1359is remounted as read-write if this is set to 1360.Dq Li YES . 1361Diskless systems that mount their root file system from a read-only remote 1362NFS share should set this to 1363.Dq Li NO 1364in their 1365.Pa rc.conf . 1366.It Va fsck_y_enable 1367.Pq Vt bool 1368If set to 1369.Dq Li YES , 1370.Xr fsck 8 1371will be run with the 1372.Fl y 1373flag if the initial preen 1374of the file systems fails. 1375.It Va background_fsck 1376.Pq Vt bool 1377If set to 1378.Dq Li YES , 1379the system will attempt to run 1380.Xr fsck 8 1381in the background where possible. 1382.It Va background_fsck_delay 1383.Pq Vt int 1384The amount of time in seconds to sleep before starting a background 1385.Xr fsck 8 . 1386It defaults to sixty seconds to allow large applications such as 1387the X server to start before disk I/O bandwidth is monopolized by 1388.Xr fsck 8 . 1389.It Va netfs_types 1390.Pq Vt str 1391List of file system types that are network-based. 1392This list should generally not be modified by end users. 1393Use 1394.Va extra_netfs_types 1395instead. 1396.It Va extra_netfs_types 1397.Pq Vt str 1398If set to something other than 1399.Dq Li NO 1400(the default), 1401this variable extends the list of file system types 1402for which automatic mounting at startup by 1403.Xr rc 8 1404should be delayed until the network is initialized. 1405It should contain 1406a whitespace-separated list of network file system descriptor pairs, 1407each consisting of a file system type as passed to 1408.Xr mount 8 1409and a human-readable, one-word description, 1410joined with a colon 1411.Pq Ql \&: . 1412Extending the default list in this way is only necessary 1413when third party file system types are used. 1414.It Va syslogd_enable 1415.Pq Vt bool 1416If set to 1417.Dq Li YES , 1418run the 1419.Xr syslogd 8 1420daemon. 1421.It Va syslogd_program 1422.Pq Vt str 1423Path to 1424.Xr syslogd 8 1425(default 1426.Pa /usr/sbin/syslogd ) . 1427.It Va syslogd_flags 1428.Pq Vt str 1429If 1430.Va syslogd_enable 1431is set to 1432.Dq Li YES , 1433these are the flags to pass to 1434.Xr syslogd 8 . 1435.It Va inetd_enable 1436.Pq Vt bool 1437If set to 1438.Dq Li YES , 1439run the 1440.Xr inetd 8 1441daemon. 1442.It Va inetd_program 1443.Pq Vt str 1444Path to 1445.Xr inetd 8 1446(default 1447.Pa /usr/sbin/inetd ) . 1448.It Va inetd_flags 1449.Pq Vt str 1450If 1451.Va inetd_enable 1452is set to 1453.Dq Li YES , 1454these are the flags to pass to 1455.Xr inetd 8 . 1456.It Va named_enable 1457.Pq Vt bool 1458If set to 1459.Dq Li YES , 1460run the 1461.Xr named 8 1462daemon. 1463.It Va named_program 1464.Pq Vt str 1465Path to 1466.Xr named 8 1467(default 1468.Pa /usr/sbin/named ) . 1469.It Va named_flags 1470.Pq Vt str 1471If 1472.Va named_enable 1473is set to 1474.Dq Li YES , 1475these are the flags to pass to 1476.Xr named 8 . 1477.It Va named_pidfile 1478.Pq Vt str 1479This is the default path to the 1480.Xr named 8 1481daemon's PID file. 1482This must match the location in 1483.Xr named.conf 5 . 1484.It Va named_uid 1485.Pq Vt str 1486The user that the 1487.Xr named 8 1488process should be run as. 1489.It Va named_chrootdir 1490.Pq Vt str 1491The root directory for a name server run in a 1492.Xr chroot 8 1493environment (default 1494.Pa /var/named ) . 1495If left empty 1496.Xr named 8 1497will not be run in a 1498.Xr chroot 8 1499environment. 1500.It Va named_chroot_autoupdate 1501.Pq Vt bool 1502Set to 1503.Dq Li NO 1504to disable automatic update of the 1505.Xr chroot 8 1506environment. 1507.It Va named_symlink_enable 1508.Pq Vt bool 1509Set to 1510.Dq Li NO 1511to disable symlinking of 1512daemon's PID file 1513into the 1514.Xr chroot 8 1515environment. 1516.It Va kerberos5_server_enable 1517.Pq Vt bool 1518Set to 1519.Dq Li YES 1520to start a Kerberos 5 authentication server 1521at boot time. 1522.It Va kerberos5_server 1523.Pq Vt str 1524If 1525.Va kerberos5_server_enable 1526is set to 1527.Dq Li YES 1528this is the path to Kerberos 5 Authentication Server. 1529.It Va kerberos5_server_flags 1530.Pq Vt str 1531Empty by default. 1532This variable contains additional flags to be passed to the Kerberos 5 1533authentication server. 1534.It Va kadmind5_server_enable 1535.Pq Vt bool 1536Set to 1537.Dq Li YES 1538to start 1539.Xr kadmind 8 , 1540the Kerberos 5 Administration Daemon; set to 1541.Dq Li NO 1542on a slave server. 1543.It Va kadmind5_server 1544.Pq Vt str 1545If 1546.Va kadmind5_server_enable 1547is set to 1548.Dq Li YES 1549this is the path to Kerberos 5 Administration Daemon. 1550.It Va kpasswdd_server_enable 1551.Pq Vt bool 1552Set to 1553.Dq Li YES 1554to start 1555.Xr kpasswdd 8 , 1556the Kerberos 5 Password-Changing Daemon; set to 1557.Dq Li NO 1558on a slave server. 1559.It Va kpasswdd_server 1560.Pq Vt str 1561If 1562.Va kpasswdd_server_enable 1563is set to 1564.Dq Li YES 1565this is the path to Kerberos 5 Password-Changing Daemon. 1566.It Va rwhod_enable 1567.Pq Vt bool 1568If set to 1569.Dq Li YES , 1570run the 1571.Xr rwhod 8 1572daemon at boot time. 1573.It Va rwhod_flags 1574.Pq Vt str 1575If 1576.Va rwhod_enable 1577is set to 1578.Dq Li YES , 1579these are the flags to pass to it. 1580.It Va amd_enable 1581.Pq Vt bool 1582If set to 1583.Dq Li YES , 1584run the 1585.Xr amd 8 1586daemon at boot time. 1587.It Va amd_flags 1588.Pq Vt str 1589If 1590.Va amd_enable 1591is set to 1592.Dq Li YES , 1593these are the flags to pass to it. 1594See the 1595.Xr amd 8 1596manpage for more information. 1597.It Va amd_map_program 1598.Pq Vt str 1599If set, 1600the specified program is run to get the list of 1601.Xr amd 8 1602maps. 1603For example, if the 1604.Xr amd 8 1605maps are stored in NIS, one can set this to 1606run 1607.Xr ypcat 1 1608to get a list of 1609.Xr amd 8 1610maps from the 1611.Pa amd.master 1612NIS map. 1613.It Va update_motd 1614.Pq Vt bool 1615If set to 1616.Dq Li YES , 1617.Pa /etc/motd 1618will be updated at boot time to reflect the kernel release 1619being run. 1620If set to 1621.Dq Li NO , 1622.Pa /etc/motd 1623will not be updated. 1624.It Va nfs_client_enable 1625.Pq Vt bool 1626If set to 1627.Dq Li YES , 1628run the NFS client daemons at boot time. 1629.It Va nfs_access_cache 1630.Pq Vt int 1631If 1632.Va nfs_client_enable 1633is set to 1634.Dq Li YES , 1635this can be set to 1636.Dq Li 0 1637to disable NFS ACCESS RPC caching, or to the number of seconds for which 1638NFS ACCESS 1639results should be cached. 1640A value of 2-10 seconds will substantially reduce network 1641traffic for many NFS operations. 1642.It Va nfs_server_enable 1643.Pq Vt bool 1644If set to 1645.Dq Li YES , 1646run the NFS server daemons at boot time. 1647.It Va nfs_server_flags 1648.Pq Vt str 1649If 1650.Va nfs_server_enable 1651is set to 1652.Dq Li YES , 1653these are the flags to pass to the 1654.Xr nfsd 8 1655daemon. 1656.It Va idmapd_enable 1657.Pq Vt bool 1658If set to 1659.Dq Li YES , 1660run the ID mapping daemon for NFS version 4. 1661.It Va idmapd_flags 1662.Pq Vt str 1663If 1664.Va idmapd_enable 1665is set to 1666.Dq Li YES , 1667these are the flags to pass to the 1668.Xr idmapd 8 1669daemon. 1670.It Va mountd_enable 1671.Pq Vt bool 1672If set to 1673.Dq Li YES , 1674and no 1675.Va nfs_server_enable 1676is set, start 1677.Xr mountd 8 , 1678but not 1679.Xr nfsd 8 1680daemon. 1681It is commonly needed to run CFS without real NFS used. 1682.It Va mountd_flags 1683.Pq Vt str 1684If 1685.Va mountd_enable 1686is set to 1687.Dq Li YES , 1688these are the flags to pass to the 1689.Xr mountd 8 1690daemon. 1691.It Va weak_mountd_authentication 1692.Pq Vt bool 1693If set to 1694.Dq Li YES , 1695allow services like PCNFSD to make non-privileged mount 1696requests. 1697.It Va nfs_reserved_port_only 1698.Pq Vt bool 1699If set to 1700.Dq Li YES , 1701provide NFS services only on a secure port. 1702.It Va nfs_bufpackets 1703.Pq Vt int 1704If set to a number, indicates the number of packets worth of 1705socket buffer space to reserve on an NFS client. 1706The kernel default is typically 4. 1707Using a higher number may be 1708useful on gigabit networks to improve performance. 1709The minimum value is 17102 and the maximum is 64. 1711.It Va rpc_lockd_enable 1712.Pq Vt bool 1713If set to 1714.Dq Li YES 1715and also an NFS server or client, run 1716.Xr rpc.lockd 8 1717at boot time. 1718.It Va rpc_statd_enable 1719.Pq Vt bool 1720If set to 1721.Dq Li YES 1722and also an NFS server or client, run 1723.Xr rpc.statd 8 1724at boot time. 1725.It Va rpcbind_program 1726.Pq Vt str 1727Path to 1728.Xr rpcbind 8 1729(default 1730.Pa /usr/sbin/rpcbind ) . 1731.It Va rpcbind_enable 1732.Pq Vt bool 1733If set to 1734.Dq Li YES , 1735run the 1736.Xr rpcbind 8 1737service at boot time. 1738.It Va rpcbind_flags 1739.Pq Vt str 1740If 1741.Va rpcbind_enable 1742is set to 1743.Dq Li YES , 1744these are the flags to pass to the 1745.Xr rpcbind 8 1746daemon. 1747.It Va keyserv_enable 1748.Pq Vt bool 1749If set to 1750.Dq Li YES , 1751run the 1752.Xr keyserv 8 1753daemon on boot for running Secure RPC. 1754.It Va keyserv_flags 1755.Pq Vt str 1756If 1757.Va keyserv_enable 1758is set to 1759.Dq Li YES , 1760these are the flags to pass to 1761.Xr keyserv 8 1762daemon. 1763.It Va pppoed_enable 1764.Pq Vt bool 1765If set to 1766.Dq Li YES , 1767run the 1768.Xr pppoed 8 1769daemon at boot time to provide PPP over Ethernet services. 1770.It Va pppoed_ Ns Aq Ar provider 1771.Pq Vt str 1772.Xr pppoed 8 1773listens to requests to this 1774.Ar provider 1775and ultimately runs 1776.Xr ppp 8 1777with a 1778.Ar system 1779argument of the same name. 1780.It Va pppoed_flags 1781.Pq Vt str 1782Additional flags to pass to 1783.Xr pppoed 8 . 1784.It Va pppoed_interface 1785.Pq Vt str 1786The network interface to run 1787.Xr pppoed 8 1788on. 1789This is mandatory when 1790.Va pppoed_enable 1791is set to 1792.Dq Li YES . 1793.It Va timed_enable 1794.Pq Vt bool 1795If set to 1796.Dq Li YES , 1797run the 1798.Xr timed 8 1799service at boot time. 1800This command is intended for networks of 1801machines where a consistent 1802.Dq "network time" 1803for all hosts must be established. 1804This is often useful in large NFS 1805environments where time stamps on files are expected to be consistent 1806network-wide. 1807.It Va timed_flags 1808.Pq Vt str 1809If 1810.Va timed_enable 1811is set to 1812.Dq Li YES , 1813these are the flags to pass to the 1814.Xr timed 8 1815service. 1816.It Va ntpdate_enable 1817.Pq Vt bool 1818If set to 1819.Dq Li YES , 1820run 1821.Xr ntpdate 8 1822at system startup. 1823This command is intended to 1824synchronize the system clock only 1825.Em once 1826from some standard reference. 1827An option to set this up initially 1828(from a list of known servers) is also provided by the 1829.Xr sysinstall 8 1830program when the system is first installed. 1831.It Va ntpdate_config 1832.Pq Vt str 1833Configuration file for 1834.Xr ntpdate 8 . 1835Default 1836.Pa /etc/ntp.conf . 1837.It Va ntpdate_hosts 1838.Pq Vt str 1839A whitespace-separated list of NTP servers to synchronize with at startup. 1840The default is to use the servers listed in 1841.Va ntpdate_config , 1842if that file exists. 1843.It Va ntpdate_program 1844.Pq Vt str 1845Path to 1846.Xr ntpdate 8 1847(default 1848.Pa /usr/sbin/ntpdate ) . 1849.It Va ntpdate_flags 1850.Pq Vt str 1851If 1852.Va ntpdate_enable 1853is set to 1854.Dq Li YES , 1855these are the flags to pass to the 1856.Xr ntpdate 8 1857command (typically a hostname). 1858.It Va ntpd_enable 1859.Pq Vt bool 1860If set to 1861.Dq Li YES , 1862run the 1863.Xr ntpd 8 1864command at boot time. 1865.It Va ntpd_program 1866.Pq Vt str 1867Path to 1868.Xr ntpd 8 1869(default 1870.Pa /usr/sbin/ntpd ) . 1871.It Va ntpd_config 1872.Pq Vt str 1873Path to 1874.Xr ntpd 8 1875configuration file. 1876Default 1877.Pa /etc/ntp.conf . 1878.It Va ntpd_flags 1879.Pq Vt str 1880If 1881.Va ntpd_enable 1882is set to 1883.Dq Li YES , 1884these are the flags to pass to the 1885.Xr ntpd 8 1886daemon. 1887.It Va ntpd_sync_on_start 1888.Pq Vt bool 1889If set to 1890.Dq Li YES , 1891.Xr ntpd 8 1892is run with the 1893.Fl g 1894flag, which syncs the system's clock on startup. 1895See 1896.Xr ntpd 8 1897for more information regarding the 1898.Fl g 1899option. 1900This is a preferred alternative to using 1901.Xr ntpdate 8 1902or specifying the 1903.Va ntpdate_enable 1904variable. 1905.It Va nis_client_enable 1906.Pq Vt bool 1907If set to 1908.Dq Li YES , 1909run the 1910.Xr ypbind 8 1911service at system boot time. 1912.It Va nis_client_flags 1913.Pq Vt str 1914If 1915.Va nis_client_enable 1916is set to 1917.Dq Li YES , 1918these are the flags to pass to the 1919.Xr ypbind 8 1920service. 1921.It Va nis_ypset_enable 1922.Pq Vt bool 1923If set to 1924.Dq Li YES , 1925run the 1926.Xr ypset 8 1927daemon at system boot time. 1928.It Va nis_ypset_flags 1929.Pq Vt str 1930If 1931.Va nis_ypset_enable 1932is set to 1933.Dq Li YES , 1934these are the flags to pass to the 1935.Xr ypset 8 1936daemon. 1937.It Va nis_server_enable 1938.Pq Vt bool 1939If set to 1940.Dq Li YES , 1941run the 1942.Xr ypserv 8 1943daemon at system boot time. 1944.It Va nis_server_flags 1945.Pq Vt str 1946If 1947.Va nis_server_enable 1948is set to 1949.Dq Li YES , 1950these are the flags to pass to the 1951.Xr ypserv 8 1952daemon. 1953.It Va nis_ypxfrd_enable 1954.Pq Vt bool 1955If set to 1956.Dq Li YES , 1957run the 1958.Xr rpc.ypxfrd 8 1959daemon at system boot time. 1960.It Va nis_ypxfrd_flags 1961.Pq Vt str 1962If 1963.Va nis_ypxfrd_enable 1964is set to 1965.Dq Li YES , 1966these are the flags to pass to the 1967.Xr rpc.ypxfrd 8 1968daemon. 1969.It Va nis_yppasswdd_enable 1970.Pq Vt bool 1971If set to 1972.Dq Li YES , 1973run the 1974.Xr rpc.yppasswdd 8 1975daemon at system boot time. 1976.It Va nis_yppasswdd_flags 1977.Pq Vt str 1978If 1979.Va nis_yppasswdd_enable 1980is set to 1981.Dq Li YES , 1982these are the flags to pass to the 1983.Xr rpc.yppasswdd 8 1984daemon. 1985.It Va rpc_ypupdated_enable 1986.Pq Vt bool 1987If set to 1988.Dq Li YES , 1989run the 1990.Nm rpc.ypupdated 1991daemon at system boot time. 1992.It Va bsnmpd_enable 1993.Pq Vt bool 1994If set to 1995.Dq Li YES , 1996run the 1997.Xr bsnmpd 1 1998daemon at system boot time. 1999Be sure to understand the security implications of running SNMP daemon 2000on your host. 2001.It Va bsnmpd_flags 2002.Pq Vt str 2003If 2004.Va bsnmpd_enable 2005is set to 2006.Dq Li YES , 2007these are the flags to pass to the 2008.Xr bsnmpd 1 2009daemon. 2010.It Va defaultrouter 2011.Pq Vt str 2012If not set to 2013.Dq Li NO , 2014create a default route to this host name or IP address 2015(use an IP address if this router is also required to get to the 2016name server!). 2017.It Va ipv6_defaultrouter 2018.Pq Vt str 2019The IPv6 equivalent of 2020.Va defaultrouter . 2021.It Va static_routes 2022.Pq Vt str 2023Set to the list of static routes that are to be added at system 2024boot time. 2025If not set to 2026.Dq Li NO 2027then for each whitespace separated 2028.Ar element 2029in the value, a 2030.Va route_ Ns Aq Ar element 2031variable is assumed to exist 2032whose contents will later be passed to a 2033.Dq Nm route Cm add 2034operation. 2035For example: 2036.Bd -literal 2037static_routes="mcast gif0local" 2038route_mcast="-net 224.0.0.0/4 -iface gif0" 2039route_gif0local="-host 169.254.1.1 -iface lo0" 2040.Ed 2041.It Va ipv6_static_routes 2042.Pq Vt str 2043The IPv6 equivalent of 2044.Va static_routes . 2045If not set to 2046.Dq Li NO 2047then for each whitespace separated 2048.Ar element 2049in the value, a 2050.Va ipv6_route_ Ns Aq Ar element 2051variable is assumed to exist 2052whose contents will later be passed to a 2053.Dq Nm route Cm add Fl inet6 2054operation. 2055.It Va natm_static_routes 2056.Pq Vt str 2057The 2058.Xr natmip 4 2059equivalent of 2060.Va static_routes . 2061If not empty then for each whitespace separated 2062.Ar element 2063in the value, a 2064.Va route_ Ns Aq Ar element 2065variable is assumed to exist whose contents will later be passed to a 2066.Dq Nm atmconfig Cm natm Cm add 2067operation. 2068.It Va gateway_enable 2069.Pq Vt bool 2070If set to 2071.Dq Li YES , 2072configure host to act as an IP router, e.g.\& to forward packets 2073between interfaces. 2074.It Va ipv6_gateway_enable 2075.Pq Vt bool 2076The IPv6 equivalent of 2077.Va gateway_enable . 2078.It Va router_enable 2079.Pq Vt bool 2080If set to 2081.Dq Li YES , 2082run a routing daemon of some sort, based on the 2083settings of 2084.Va router 2085and 2086.Va router_flags . 2087.It Va ipv6_router_enable 2088.Pq Vt bool 2089The IPv6 equivalent of 2090.Va router_enable . 2091If set to 2092.Dq Li YES , 2093run a routing daemon of some sort, based on the 2094settings of 2095.Va ipv6_router 2096and 2097.Va ipv6_router_flags . 2098.It Va router 2099.Pq Vt str 2100If 2101.Va router_enable 2102is set to 2103.Dq Li YES , 2104this is the name of the routing daemon to use. 2105.It Va ipv6_router 2106.Pq Vt str 2107The IPv6 equivalent of 2108.Va router . 2109.It Va router_flags 2110.Pq Vt str 2111If 2112.Va router_enable 2113is set to 2114.Dq Li YES , 2115these are the flags to pass to the routing daemon. 2116.It Va ipv6_router_flags 2117.Pq Vt str 2118The IPv6 equivalent of 2119.Va router_flags . 2120.It Va mrouted_enable 2121.Pq Vt bool 2122If set to 2123.Dq Li YES , 2124run the multicast routing daemon, 2125.Xr mrouted 8 . 2126.It Va mroute6d_enable 2127.Pq Vt bool 2128The IPv6 equivalent of 2129.Va mrouted_enable . 2130If set to 2131.Dq Li YES , 2132run the IPv6 multicast routing daemon. 2133.Pp 2134Note that multicast routing daemons are no longer included in the 2135.Fx 2136base system, however, both 2137.Xr mrouted 8 2138and 2139.Xr pim6dd 8 2140may be installed from the 2141.Fx 2142Ports Collection. 2143.It Va mrouted_flags 2144.Pq Vt str 2145If 2146.Va mrouted_enable 2147is set to 2148.Dq Li YES , 2149these are the flags to pass to the 2150.Xr mrouted 8 2151daemon. 2152.It Va mroute6d_flags 2153.Pq Vt str 2154The IPv6 equivalent of 2155.Va mrouted_flags . 2156If 2157.Va mroute6d_enable 2158is set to 2159.Dq Li YES , 2160these are the flags passed to the IPv6 multicast routing daemon. 2161.It Va mroute6d_program 2162.Pq Vt str 2163If 2164.Va mroute6d_enable 2165is set to 2166.Dq Li YES , 2167this is the path to the IPv6 multicast routing daemon. 2168.It Va rtadvd_enable 2169.Pq Vt bool 2170If set to 2171.Dq Li YES , 2172run the 2173.Xr rtadvd 8 2174daemon at boot time. 2175.Xr rtadvd 8 2176will only run if 2177.Va ipv6_gateway_enable 2178is also set to 2179.Dq Li YES . 2180The 2181.Xr rtadvd 8 2182utility sends router advertisement packets to the interfaces specified in 2183.Va rtadvd_interfaces 2184and should only be enabled with great care. 2185You may want to fine-tune 2186.Xr rtadvd.conf 5 . 2187.It Va rtadvd_interfaces 2188.Pq Vt str 2189If 2190.Va rtadvd_enable 2191is set to 2192.Dq Li YES 2193this is the list of interfaces to use. 2194.It Va ipxgateway_enable 2195.Pq Vt bool 2196If set to 2197.Dq Li YES , 2198enable the routing of IPX traffic. 2199.It Va ipxrouted_enable 2200.Pq Vt bool 2201If set to 2202.Dq Li YES , 2203run the 2204.Xr IPXrouted 8 2205daemon at system boot time. 2206.It Va ipxrouted_flags 2207.Pq Vt str 2208If 2209.Va ipxrouted_enable 2210is set to 2211.Dq Li YES , 2212these are the flags to pass to the 2213.Xr IPXrouted 8 2214daemon. 2215.It Va arpproxy_all 2216.Pq Vt bool 2217If set to 2218.Dq Li YES , 2219enable global proxy ARP. 2220.It Va forward_sourceroute 2221.Pq Vt bool 2222If set to 2223.Dq Li YES 2224and 2225.Va gateway_enable 2226is also set to 2227.Dq Li YES , 2228source-routed packets are forwarded. 2229.It Va accept_sourceroute 2230.Pq Vt bool 2231If set to 2232.Dq Li YES , 2233the system will accept source-routed packets directed at it. 2234.It Va rarpd_enable 2235.Pq Vt bool 2236If set to 2237.Dq Li YES , 2238run the 2239.Xr rarpd 8 2240daemon at system boot time. 2241.It Va rarpd_flags 2242.Pq Vt str 2243If 2244.Va rarpd_enable 2245is set to 2246.Dq Li YES , 2247these are the flags to pass to the 2248.Xr rarpd 8 2249daemon. 2250.It Va bootparamd_enable 2251.Pq Vt bool 2252If set to 2253.Dq Li YES , 2254run the 2255.Xr bootparamd 8 2256daemon at system boot time. 2257.It Va bootparamd_flags 2258.Pq Vt str 2259If 2260.Va bootparamd_enable 2261is set to 2262.Dq Li YES , 2263these are the flags to pass to the 2264.Xr bootparamd 8 2265daemon. 2266.It Va stf_interface_ipv4addr 2267.Pq Vt str 2268If not set to 2269.Dq Li NO , 2270this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2271interface). 2272Specify this entry to enable the 6to4 interface. 2273.It Va stf_interface_ipv4plen 2274.Pq Vt int 2275Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2276An effective value is 0-31. 2277.It Va stf_interface_ipv6_ifid 2278.Pq Vt str 2279IPv6 interface ID for 2280.Xr stf 4 . 2281This can be set to 2282.Dq Li AUTO . 2283.It Va stf_interface_ipv6_slaid 2284.Pq Vt str 2285IPv6 Site Level Aggregator for 2286.Xr stf 4 . 2287.It Va ipv6_faith_prefix 2288.Pq Vt str 2289If not set to 2290.Dq Li NO , 2291this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2292translator. 2293You also need 2294.Xr faithd 8 2295setup. 2296.It Va ipv6_ipv4mapping 2297.Pq Vt bool 2298If set to 2299.Dq Li YES 2300this enables IPv4 mapped IPv6 address communication (like 2301.Li ::ffff:a.b.c.d ) . 2302.It Va atm_enable 2303.Pq Vt bool 2304Set to 2305.Dq Li YES 2306to enable the configuration of ATM interfaces at system boot time. 2307For all of the ATM variables described below, please refer to the 2308.Xr atm 8 2309manual page for further details on the available command parameters. 2310Also refer to the files in 2311.Pa /usr/share/examples/atm 2312for more detailed configuration information. 2313.It Va atm_load 2314.Pq Vt str 2315This is a list of physical ATM interface drivers to load. 2316Typical values are 2317.Dq Li hfa_pci 2318and/or 2319.Dq Li hea_pci . 2320.It Va atm_netif_ Ns Aq Ar intf 2321.Pq Vt str 2322For the ATM physical interface 2323.Ar intf , 2324this variable defines the name prefix and count for the ATM network 2325interfaces to be created. 2326The value will be passed as the parameters of an 2327.Dq Nm atm Cm "set netif" Ar intf 2328command. 2329.It Va atm_sigmgr_ Ns Aq Ar intf 2330.Pq Vt str 2331For the ATM physical interface 2332.Ar intf , 2333this variable defines the ATM signalling manager to be used. 2334The value will be passed as the parameters of an 2335.Dq Nm atm Cm attach Ar intf 2336command. 2337.It Va atm_prefix_ Ns Aq Ar intf 2338.Pq Vt str 2339For the ATM physical interface 2340.Ar intf , 2341this variable defines the NSAP prefix for interfaces using a UNI signalling 2342manager. 2343If set to 2344.Dq Li ILMI , 2345the prefix will automatically be set via the 2346.Xr ilmid 8 2347daemon. 2348Otherwise, the value will be passed as the parameters of an 2349.Dq Nm atm Cm "set prefix" Ar intf 2350command. 2351.It Va atm_macaddr_ Ns Aq Ar intf 2352.Pq Vt str 2353For the ATM physical interface 2354.Ar intf , 2355this variable defines the MAC address for interfaces using a UNI signalling 2356manager. 2357If set to 2358.Dq Li NO , 2359the hardware MAC address contained in the ATM interface card will be used. 2360Otherwise, the value will be passed as the parameters of an 2361.Dq Nm atm Cm "set mac" Ar intf 2362command. 2363.It Va atm_arpserver_ Ns Aq Ar netif 2364.Pq Vt str 2365For the ATM network interface 2366.Ar netif , 2367this variable defines the ATM address for a host which is to provide ATMARP 2368service. 2369This variable is only applicable to interfaces using a UNI signalling 2370manager. 2371If set to 2372.Dq Li local , 2373this host will become an ATMARP server. 2374The value will be passed as the parameters of an 2375.Dq Nm atm Cm "set arpserver" Ar netif 2376command. 2377.It Va atm_scsparp_ Ns Aq Ar netif 2378.Pq Vt bool 2379If set to 2380.Dq Li YES , 2381SCSP/ATMARP service for the network interface 2382.Ar netif 2383will be initiated using the 2384.Xr scspd 8 2385and 2386.Xr atmarpd 8 2387daemons. 2388This variable is only applicable if 2389.Va atm_arpserver_ Ns Aq Ar netif 2390is set to 2391.Dq Li local . 2392.It Va atm_pvcs 2393.Pq Vt str 2394Set to the list of ATM PVCs to be added at system 2395boot time. 2396For each whitespace separated 2397.Ar element 2398in the value, an 2399.Va atm_pvc_ Ns Aq Ar element 2400variable is assumed to exist. 2401The value of each of these variables 2402will be passed as the parameters of an 2403.Dq Nm atm Cm "add pvc" 2404command. 2405.It Va atm_arps 2406.Pq Vt str 2407Set to the list of permanent ATM ARP entries to be added 2408at system boot time. 2409For each whitespace separated 2410.Ar element 2411in the value, an 2412.Va atm_arp_ Ns Aq Ar element 2413variable is assumed to exist. 2414The value of each of these variables 2415will be passed as the parameters of an 2416.Dq Nm atm Cm "add arp" 2417command. 2418.It Va natm_interfaces 2419.Pq Vt str 2420Set to the list of 2421.Xr natm 4 2422interfaces that will also be used for HARP through 2423.Xr harp 4 . 2424If this list is not empty all interfaces in the list will be brought up 2425with 2426.Xr ifconfig 8 2427and 2428.Xr harp 4 2429will be loaded. 2430For this to work the interface drivers must be either compiled into the 2431kernel or must reside on the root partition. 2432.It Va keybell 2433.Pq Vt str 2434The keyboard bell sound. 2435Set to 2436.Dq Li normal , 2437.Dq Li visual , 2438.Dq Li off , 2439or 2440.Dq Li NO 2441if the default behavior is desired. 2442For details, refer to the 2443.Xr kbdcontrol 1 2444manpage. 2445.It Va keyboard 2446.Pq Vt str 2447If set to a non-null string, the virtual console's keyboard input is 2448set to this device. 2449.It Va keymap 2450.Pq Vt str 2451If set to 2452.Dq Li NO , 2453no keymap is installed, otherwise the value is used to install 2454the keymap file in 2455.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2456.It Va keyrate 2457.Pq Vt str 2458The keyboard repeat speed. 2459Set to 2460.Dq Li slow , 2461.Dq Li normal , 2462.Dq Li fast , 2463or 2464.Dq Li NO 2465if the default behavior is desired. 2466.It Va keychange 2467.Pq Vt str 2468If not set to 2469.Dq Li NO , 2470attempt to program the function keys with the value. 2471The value should 2472be a single string of the form: 2473.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2474.It Va cursor 2475.Pq Vt str 2476Can be set to the value of 2477.Dq Li normal , 2478.Dq Li blink , 2479.Dq Li destructive , 2480or 2481.Dq Li NO 2482to set the cursor behavior explicitly or choose the default behavior. 2483.It Va scrnmap 2484.Pq Vt str 2485If set to 2486.Dq Li NO , 2487no screen map is installed, otherwise the value is used to install 2488the screen map file in 2489.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2490.It Va font8x16 2491.Pq Vt str 2492If set to 2493.Dq Li NO , 2494the default 8x16 font value is used for screen size requests, otherwise 2495the value in 2496.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2497is used. 2498.It Va font8x14 2499.Pq Vt str 2500If set to 2501.Dq Li NO , 2502the default 8x14 font value is used for screen size requests, otherwise 2503the value in 2504.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2505is used. 2506.It Va font8x8 2507.Pq Vt str 2508If set to 2509.Dq Li NO , 2510the default 8x8 font value is used for screen size requests, otherwise 2511the value in 2512.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2513is used. 2514.It Va blanktime 2515.Pq Vt int 2516If set to 2517.Dq Li NO , 2518the default screen blanking interval is used, otherwise it is set 2519to 2520.Ar value 2521seconds. 2522.It Va saver 2523.Pq Vt str 2524If not set to 2525.Dq Li NO , 2526this is the actual screen saver to use 2527.Li ( blank , snake , daemon , 2528etc). 2529.It Va moused_nondefault_enable 2530.Pq Vt str 2531If set to 2532.Dq Li NO , 2533the mouse device specified on 2534the command line is not automatically treated as enabled by the 2535.Pa /etc/rc.d/moused 2536script. 2537Having this variable set to 2538.Dq Li YES 2539allows a 2540.Xr usb 4 2541mouse, 2542for example, 2543to be enabled as soon as it is plugged in. 2544.It Va moused_enable 2545.Pq Vt str 2546If set to 2547.Dq Li YES , 2548the 2549.Xr moused 8 2550daemon is started for doing cut/paste selection on the console. 2551.It Va moused_type 2552.Pq Vt str 2553This is the protocol type of the mouse connected to this host. 2554This variable must be set if 2555.Va moused_enable 2556is set to 2557.Dq Li YES . 2558The 2559.Xr moused 8 2560daemon 2561is able to detect the appropriate mouse type automatically in many cases. 2562Set this variable to 2563.Dq Li auto 2564to let the daemon detect it, or 2565select one from the following list if the automatic detection fails. 2566.Pp 2567If the mouse is attached to the PS/2 mouse port, choose 2568.Dq Li auto 2569or 2570.Dq Li ps/2 , 2571regardless of the brand and model of the mouse. 2572Likewise, if the 2573mouse is attached to the bus mouse port, choose 2574.Dq Li auto 2575or 2576.Dq Li busmouse . 2577All other protocols are for serial mice and will not work with 2578the PS/2 and bus mice. 2579If this is a USB mouse, 2580.Dq Li auto 2581is the only protocol type which will work. 2582.Pp 2583.Bl -tag -width ".Li x10mouseremote" -compact 2584.It Li microsoft 2585Microsoft mouse (serial) 2586.It Li intellimouse 2587Microsoft IntelliMouse (serial) 2588.It Li mousesystems 2589Mouse systems Corp.\& mouse (serial) 2590.It Li mmseries 2591MM Series mouse (serial) 2592.It Li logitech 2593Logitech mouse (serial) 2594.It Li busmouse 2595A bus mouse 2596.It Li mouseman 2597Logitech MouseMan and TrackMan (serial) 2598.It Li glidepoint 2599ALPS GlidePoint (serial) 2600.It Li thinkingmouse 2601Kensington ThinkingMouse (serial) 2602.It Li ps/2 2603PS/2 mouse 2604.It Li mmhittab 2605MM HitTablet (serial) 2606.It Li x10mouseremote 2607X10 MouseRemote (serial) 2608.It Li versapad 2609Interlink VersaPad (serial) 2610.El 2611.Pp 2612Even if the mouse is not in the above list, it may be compatible 2613with one in the list. 2614Refer to the manual page for 2615.Xr moused 8 2616for compatibility information. 2617.Pp 2618It should also be noted that while this is enabled, any 2619other client of the mouse (such as an X server) should access 2620the mouse through the virtual mouse device, 2621.Pa /dev/sysmouse , 2622and configure it as a 2623.Dq Li sysmouse 2624type mouse, since all 2625mouse data is converted to this single canonical format when 2626using 2627.Xr moused 8 . 2628If the client program does not support the 2629.Dq Li sysmouse 2630type, 2631specify the 2632.Dq Li mousesystems 2633type. 2634It is the second preferred type. 2635.It Va moused_port 2636.Pq Vt str 2637If 2638.Va moused_enable 2639is set to 2640.Dq Li YES , 2641this is the actual port the mouse is on. 2642It might be 2643.Pa /dev/cuad0 2644for a COM1 serial mouse, 2645.Pa /dev/psm0 2646for a PS/2 mouse or 2647.Pa /dev/mse0 2648for a bus mouse, for example. 2649.It Va moused_flags 2650.Pq Vt str 2651If 2652.Va moused_type 2653is set, these are the additional flags to pass to the 2654.Xr moused 8 2655daemon. 2656.It Va mousechar_start 2657.Pq Vt int 2658If set to 2659.Dq Li NO , 2660the default mouse cursor character range 2661.Li 0xd0 Ns - Ns Li 0xd3 2662is used, 2663otherwise the range start is set 2664to 2665.Ar value 2666character, see 2667.Xr vidcontrol 1 . 2668Use if the default range is occupied in the language code table. 2669.It Va allscreens_flags 2670.Pq Vt str 2671If set, 2672.Xr vidcontrol 1 2673is run with these options for each of the virtual terminals 2674.Pq Pa /dev/ttyv* . 2675For example, 2676.Dq Fl m Cm on 2677will enable the mouse pointer on all virtual terminals 2678if 2679.Va moused_enable 2680is set to 2681.Dq Li YES . 2682.It Va allscreens_kbdflags 2683.Pq Vt str 2684If set, 2685.Xr kbdcontrol 1 2686is run with these options for each of the virtual terminals 2687.Pq Pa /dev/ttyv* . 2688For example, 2689.Dq Fl h Li 200 2690will set the 2691.Xr syscons 4 2692scrollback (history) buffer to 200 lines. 2693.It Va cron_enable 2694.Pq Vt bool 2695If set to 2696.Dq Li YES , 2697run the 2698.Xr cron 8 2699daemon at system boot time. 2700.It Va cron_program 2701.Pq Vt str 2702Path to 2703.Xr cron 8 2704(default 2705.Pa /usr/sbin/cron ) . 2706.It Va cron_flags 2707.Pq Vt str 2708If 2709.Va cron_enable 2710is set to 2711.Dq Li YES , 2712these are the flags to pass to 2713.Xr cron 8 . 2714.It Va cron_dst 2715.Pq Vt bool 2716If set to 2717.Dq Li YES , 2718enable the special handling of transitions to and from the 2719Daylight Saving Time in 2720.Xr cron 8 2721(equivalent to using the flag 2722.Fl s ) . 2723.It Va lpd_program 2724.Pq Vt str 2725Path to 2726.Xr lpd 8 2727(default 2728.Pa /usr/sbin/lpd ) . 2729.It Va lpd_enable 2730.Pq Vt bool 2731If set to 2732.Dq Li YES , 2733run the 2734.Xr lpd 8 2735daemon at system boot time. 2736.It Va lpd_flags 2737.Pq Vt str 2738If 2739.Va lpd_enable 2740is set to 2741.Dq Li YES , 2742these are the flags to pass to the 2743.Xr lpd 8 2744daemon. 2745.It Va chkprintcap_enable 2746.Pq Vt bool 2747If set to 2748.Dq Li YES , 2749run the 2750.Xr chkprintcap 8 2751command before starting the 2752.Xr lpd 8 2753daemon. 2754.It Va chkprintcap_flags 2755.Pq Vt str 2756If 2757.Va lpd_enable 2758and 2759.Va chkprintcap_enable 2760are set to 2761.Dq Li YES , 2762these are the flags to pass to the 2763.Xr chkprintcap 8 2764program. 2765The default is 2766.Dq Li -d , 2767which causes missing directories to be created. 2768.It Va mta_start_script 2769.Pq Vt str 2770This variable specifies the full path to the script to run to start 2771a mail transfer agent. 2772The default is 2773.Pa /etc/rc.sendmail . 2774The 2775.Va sendmail_* 2776variables which 2777.Pa /etc/rc.sendmail 2778uses are documented in the 2779.Xr rc.sendmail 8 2780manual page. 2781.It Va dumpdev 2782.Pq Vt str 2783Indicates the device (usually a swap partition) to which a crash dump 2784should be written in the event of a system crash. 2785If the value of this variable is 2786.Dq Li AUTO , 2787the first suitable swap device listed in 2788.Pa /etc/fstab 2789will be used as dump device. 2790Otherwise, the value of this variable is passed as the argument to 2791.Xr dumpon 8 . 2792To disable crash dumps, set this variable to 2793.Dq Li NO . 2794.It Va dumpdir 2795.Pq Vt str 2796When the system reboots after a crash and a crash dump is found on the 2797device specified by the 2798.Va dumpdev 2799variable, 2800.Xr savecore 8 2801will save that crash dump and a copy of the kernel to the directory 2802specified by the 2803.Va dumpdir 2804variable. 2805The default value is 2806.Pa /var/crash . 2807Set to 2808.Dq Li NO 2809to not run 2810.Xr savecore 8 2811at boot time when 2812.Va dumpdir 2813is set. 2814.It Va savecore_flags 2815.Pq Vt str 2816If crash dumps are enabled, these are the flags to pass to the 2817.Xr savecore 8 2818utility. 2819.It Va enable_quotas 2820.Pq Vt bool 2821Set to 2822.Dq Li YES 2823to turn on user and group disk quotas on system startup via the 2824.Xr quotaon 8 2825command for all file systems marked as having quotas enabled in 2826.Pa /etc/fstab . 2827The kernel must be built with 2828.Cd "options QUOTA" 2829for disk quotas to function. 2830.It Va check_quotas 2831.Pq Vt bool 2832Set to 2833.Dq Li YES 2834to enable user and group disk quota checking via the 2835.Xr quotacheck 8 2836command. 2837.It Va quotacheck_flags 2838.Pq Vt str 2839If 2840.Va enable_quotas 2841is set to 2842.Dq Li YES , 2843and 2844.Va check_quotas 2845is set to 2846.Dq Li YES , 2847these are the flags to pass to the 2848.Xr quotacheck 8 2849utility. 2850The default is 2851.Dq Li "-a" , 2852which checks quotas for all file systems with quotas enabled in 2853.Pa /etc/fstab . 2854.It Va quotaon_flags 2855.Pq Vt str 2856If 2857.Va enable_quotas 2858is set to 2859.Dq Li YES , 2860these are the flags to pass to the 2861.Xr quotaon 8 2862utility. 2863The default is 2864.Dq Li "-a" , 2865which enables quotas for all file systems with quotas enabled in 2866.Pa /etc/fstab . 2867.It Va quotaoff_flags 2868.Pq Vt str 2869If 2870.Va enable_quotas 2871is set to 2872.Dq Li YES , 2873these are the flags to pass to the 2874.Xr quotaoff 8 2875utility when shutting down the quota system. 2876The default is 2877.Dq Li "-a" , 2878which disables quotas for all file systems with quotas enabled in 2879.Pa /etc/fstab . 2880.It Va accounting_enable 2881.Pq Vt bool 2882Set to 2883.Dq Li YES 2884to enable system accounting through the 2885.Xr accton 8 2886facility. 2887.It Va ibcs2_enable 2888.Pq Vt bool 2889Set to 2890.Dq Li YES 2891to enable iBCS2 (SCO) binary emulation at system initial boot 2892time. 2893.It Va ibcs2_loaders 2894.Pq Vt str 2895If not set to 2896.Dq Li NO 2897and if 2898.Va ibcs2_enable 2899is set to 2900.Dq Li YES , 2901this specifies a list of additional iBCS2 loaders to enable. 2902.It Va linux_enable 2903.Pq Vt bool 2904Set to 2905.Dq Li YES 2906to enable Linux/ELF binary emulation at system initial 2907boot time. 2908.It Va svr4_enable 2909.Pq Vt bool 2910If set to 2911.Dq Li YES , 2912enable SysVR4 emulation at boot time. 2913.It Va sysvipc_enable 2914.Pq Vt bool 2915If set to 2916.Dq Li YES , 2917load System V IPC primitives at boot time. 2918.It Va clear_tmp_enable 2919.Pq Vt bool 2920Set to 2921.Dq Li YES 2922to have 2923.Pa /tmp 2924cleaned at startup. 2925.It Va clear_tmp_X 2926.Pq Vt bool 2927Set to 2928.Dq Li NO 2929to disable removing of X11 lock files, 2930and the removal and (secure) recreation 2931of the various socket directories for X11 2932related programs. 2933.It Va ldconfig_paths 2934.Pq Vt str 2935Set to the list of shared library paths to use with 2936.Xr ldconfig 8 . 2937NOTE: 2938.Pa /usr/lib 2939will always be added first, so it need not appear in this list. 2940.It Va ldconfig32_paths 2941.Pq Vt str 2942Set to the list of 32-bit compatibility shared library paths to 2943use with 2944.Xr ldconfig 8 . 2945.It Va ldconfig_paths_aout 2946.Pq Vt str 2947Set to the list of shared library paths to use with 2948.Xr ldconfig 8 2949legacy 2950.Xr a.out 5 2951support. 2952.It Va ldconfig_insecure 2953.Pq Vt bool 2954The 2955.Xr ldconfig 8 2956utility normally refuses to use directories 2957which are writable by anyone except root. 2958Set this variable to 2959.Dq Li YES 2960to disable that security check during system startup. 2961.It Va ldconfig_local_dirs 2962.Pq Vt str 2963Set to the list of local 2964.Xr ldconfig 8 2965directories. 2966The names of all files in the directories listed will be 2967passed as arguments to 2968.Xr ldconfig 8 . 2969.It Va ldconfig_local32_dirs 2970.Pq Vt str 2971Set to the list of local 32-bit compatibility 2972.Xr ldconfig 8 2973directories. 2974The names of all files in the directories listed will be 2975passed as arguments to 2976.Dq Nm ldconfig Fl 32 . 2977.It Va kern_securelevel_enable 2978.Pq Vt bool 2979Set to 2980.Dq Li YES 2981to set the kernel security level at system startup. 2982.It Va kern_securelevel 2983.Pq Vt int 2984The kernel security level to set at startup. 2985The allowed range of 2986.Ar value 2987ranges from \-1 (the compile time default) to 3 (the 2988most secure). 2989See 2990.Xr init 8 2991for the list of possible security levels and their effect 2992on system operation. 2993.It Va sshd_program 2994.Pq Vt str 2995Path to the SSH server program 2996.Pa ( /usr/sbin/sshd 2997is the default). 2998.It Va sshd_enable 2999.Pq Vt bool 3000Set to 3001.Dq Li YES 3002to start 3003.Xr sshd 8 3004at system boot time. 3005.It Va sshd_flags 3006.Pq Vt str 3007If 3008.Va sshd_enable 3009is set to 3010.Dq Li YES , 3011these are the flags to pass to the 3012.Xr sshd 8 3013daemon. 3014.It Va ftpd_program 3015.Pq Vt str 3016Path to the FTP server program 3017.Pa ( /usr/libexec/ftpd 3018is the default). 3019.It Va ftpd_enable 3020.Pq Vt bool 3021Set to 3022.Dq Li YES 3023to start 3024.Xr ftpd 8 3025as a stand-alone daemon at system boot time. 3026.It Va ftpd_flags 3027.Pq Vt str 3028If 3029.Va ftpd_enable 3030is set to 3031.Dq Li YES , 3032these are the additional flags to pass to the 3033.Xr ftpd 8 3034daemon. 3035.It Va watchdogd_enable 3036.Pq Vt bool 3037If set to 3038.Dq Li YES , 3039start the 3040.Xr watchdogd 8 3041daemon at boot time. 3042This requires that the kernel have been compiled with a 3043.Xr watchdog 4 3044compatible device. 3045.It Va watchdogd_flags 3046.Pq Vt str 3047If 3048.Va watchdogd_enable 3049is set to 3050.Dq Li YES , 3051these are the flags passed to the 3052.Xr watchdogd 8 3053daemon. 3054.It Va performance_cx_lowest 3055.Pq Vt str 3056CPU idle state to use while on AC power. 3057The string 3058.Dq Li LOW 3059indicates that 3060.Xr acpi 4 3061should use the lowest power state available while 3062.Dq Li HIGH 3063indicates that the lowest latency state (less power savings) should be used. 3064.It Va performance_cpu_freq 3065.Pq Vt str 3066CPU clock frequency to use while on AC power. 3067The string 3068.Dq Li LOW 3069indicates that 3070.Xr cpufreq 4 3071should use the lowest frequency available while 3072.Dq Li HIGH 3073indicates that the highest frequency (less power savings) should be used. 3074.It Va economy_cx_lowest 3075.Pq Vt str 3076CPU idle state to use when off AC power. 3077The string 3078.Dq Li LOW 3079indicates that 3080.Xr acpi 4 3081should use the lowest power state available while 3082.Dq Li HIGH 3083indicates that the lowest latency state (less power savings) should be used. 3084.It Va economy_cpu_freq 3085.Pq Vt str 3086CPU clock frequency to use when off AC power. 3087The string 3088.Dq Li LOW 3089indicates that 3090.Xr cpufreq 4 3091should use the lowest frequency available while 3092.Dq Li HIGH 3093indicates that the highest frequency (less power savings) should be used. 3094.It Va jail_enable 3095.Pq Vt bool 3096If set to 3097.Dq Li NO , 3098any configured jails will not be started. 3099.It Va jail_list 3100.Pq Vt str 3101A space separated list of names for jails. 3102This is purely a configuration aid to help identify and 3103configure multiple jails. 3104The names specified in this list will be used to 3105identify settings common to an instance of a jail. 3106Assuming that the jail in question was named 3107.Li vjail , 3108you would have the following dependent variables: 3109.Bd -literal 3110jail_vjail_hostname="jail.example.com" 3111jail_vjail_ip="192.168.1.100" 3112jail_vjail_rootdir="/var/jails/vjail/root" 3113.Ed 3114.Pp 3115.It Va jail_flags 3116.Pq Vt str 3117Unset by default. 3118When set, use as default value for 3119.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3120for every jail in 3121.Va jail_list . 3122.It Va jail_interface 3123.Pq Vt str 3124Unset by default. 3125When set, use as default value for 3126.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3127for every jail in 3128.Va jail_list . 3129.It Va jail_fstab 3130.Pq Vt str 3131Unset by default. 3132When set, use as default value for 3133.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3134for every jail in 3135.Va jail_list . 3136.It Va jail_mount_enable 3137.Pq Vt bool 3138Set to 3139.Dq Li NO 3140by default. 3141When set to 3142.Dq Li YES , 3143sets 3144.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3145to 3146.Dq Li YES 3147by default for every jail in 3148.Va jail_list . 3149.It Va jail_devfs_ruleset 3150.Pq Vt str 3151Unset by default. 3152When set, sets 3153.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3154to given value for every jail in 3155.Va jail_list . 3156.It Va jail_devfs_enable 3157.Pq Vt bool 3158Set to 3159.Dq Li NO 3160by default. 3161When set to 3162.Dq Li YES , 3163sets 3164.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3165to 3166.Dq Li YES 3167by default for every jail in 3168.Va jail_list . 3169.It Va jail_fdescfs_enable 3170.Pq Vt bool 3171Set to 3172.Dq Li NO 3173by default. 3174When set to 3175.Dq Li YES , 3176sets 3177.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3178to 3179.Dq Li YES 3180by default for every jail in 3181.Va jail_list . 3182.It Va jail_procfs_enable 3183.Pq Vt bool 3184Set to 3185.Dq Li NO 3186by default. 3187When set to 3188.Dq Li YES , 3189sets 3190.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3191to 3192.Dq Li YES 3193by default for every jail in 3194.Va jail_list . 3195.It Va jail_exec_start 3196.Pq Vt str 3197Unset by default. 3198When set, use as default value for 3199.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3200for every jail in 3201.Va jail_list . 3202.It Va jail_exec_afterstart Ns Aq Ar N 3203.Pq Vt str 3204Unset by default. 3205When set, use as default value for 3206.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3207for every jail in 3208.Va jail_list . 3209.It Va jail_exec_stop 3210Unset by default. 3211When set, use as default value for 3212.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3213for every jail in 3214.Va jail_list . 3215.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3216.Pq Vt str 3217Unset by default. 3218Set to the root directory used by jail 3219.Va jname . 3220.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3221.Pq Vt str 3222Unset by default. 3223Set to the fully qualified domain name (FQDN) assigned to jail 3224.Va jname . 3225.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3226.Pq Vt str 3227Unset by default. 3228Set to the IP address assigned to jail 3229.Va jname . 3230.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3231.Pq Vt str 3232Set to 3233.Dq Li -l -U root 3234by default. 3235These are flags to pass to 3236.Xr jail . 3237.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3238.Pq Vt str 3239Unset by default. 3240When set, sets the interface to use when setting IP address alias. 3241Note that the alias is created at jail startup and removed at jail shutdown. 3242.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3243.Pq Vt str 3244Set to 3245.Pa /etc/fstab. Ns Aq Ar jname 3246by default. 3247This is the file system information file to use for jail 3248.Va jname . 3249.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3250.Pq Vt bool 3251Set to 3252.Dq Li NO 3253by default. 3254When set to 3255.Dq Li YES , 3256mount all file systems from 3257.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3258at jail startup. 3259.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3260.Pq Vt str 3261Unset by default. 3262When set, defines the device file system ruleset file to use for jail 3263.Va jname . 3264.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3265.Pq Vt bool 3266Set to 3267.Dq Li NO 3268by default. 3269When set to 3270.Dq Li YES , 3271mount the device file system inside jail 3272.Ar jname 3273at jail startup. 3274.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3275.Pq Vt bool 3276Set to 3277.Dq Li NO 3278by default. 3279When set to 3280.Dq Li YES , 3281mount the file-descriptor file system inside jail 3282.Ar jname 3283at jail startup. 3284.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3285.Pq Vt bool 3286Set to 3287.Dq Li NO 3288by default. 3289When set to 3290.Dq Li YES , 3291mount the process file system inside jail 3292.Ar jname 3293at jail startup. 3294.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3295.Pq Vt str 3296Set to 3297.Dq Li /bin/sh /etc/rc 3298by default. 3299This is the command executed at jail startup. 3300.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3301.Pq Vt str 3302Unset by default. 3303This is the command run as 3304.Ar N Ns 3305th command 3306after jail startup, where 3307.Ar N 3308is 1, 2, and so on. 3309.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3310.Pq Vt str 3311Set to 3312.Dq Li /bin/sh /etc/rc.shutdown 3313by default. 3314This is the command executed at jail shutdown. 3315.It Va jail_set_hostname_allow 3316.Pq Vt bool 3317If set to 3318.Dq Li NO , 3319do not allow the root user in a jail to set its hostname. 3320.It Va jail_socket_unixiproute_only 3321.Pq Vt bool 3322If set to 3323.Dq Li YES , 3324do not allow any sockets, 3325besides UNIX/IP/route sockets, 3326to be used within a jail. 3327.It Va jail_sysvipc_allow 3328.Pq Vt bool 3329If set to 3330.Dq Li YES , 3331allow applications within a jail to use System V IPC. 3332.\" ----- ISDN settings --------------------------------- 3333.It Va isdn_enable 3334.Pq Vt bool 3335Set to 3336.Dq Li NO 3337by default. 3338When set to 3339.Dq Li YES , 3340starts the 3341.Xr isdnd 8 3342daemon 3343at system boot time. 3344.It Va isdn_flags 3345.Pq Vt str 3346Set to 3347.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9 3348by default. 3349Additional flags to pass to 3350.Xr isdnd 8 3351(but see 3352.Va isdn_fsdev 3353and 3354.Va isdn_ttype 3355for certain tunable parameters). 3356.It Va isdn_ttype 3357.Pq Vt str 3358Set to 3359.Dq Li cons25 3360by default. 3361The terminal type of the output device when 3362.Xr isdnd 8 3363operates in full-screen mode. 3364.It Va isdn_screenflags 3365.Pq Vt str 3366Set to 3367.Dq Li NO 3368by default. 3369The video mode for full-screen mode (only for 3370.Xr syscons 4 3371console driver, see 3372.Xr vidcontrol 1 3373for valid modes). 3374.It Va isdn_fsdev 3375.Pq Vt str 3376Set to 3377.Dq Li NO 3378by default. 3379The output device for 3380.Xr isdnd 8 3381in full-screen mode (or 3382.Dq Li NO 3383for daemon mode). 3384.It Va isdn_trace 3385.Pq Vt bool 3386Set to 3387.Dq Li NO 3388by default. 3389When set to 3390.Dq Li YES , 3391enables the ISDN protocol trace utility 3392.Xr isdntrace 8 3393at system boot time. 3394.It Va isdn_traceflags 3395.Pq Vt str 3396Set to 3397.Dq Fl f Pa /var/tmp/isdntrace0 3398by default. 3399Flags for 3400.Xr isdntrace 8 . 3401.\" ----------------------------------------------------- 3402.It Va harvest_interrupt 3403.Pq Vt bool 3404Set to 3405.Dq Li YES 3406to use hardware interrupts as an entropy source. 3407Refer to 3408.Xr random 4 3409for more information. 3410.It Va harvest_ethernet 3411.Pq Vt bool 3412Set to 3413.Dq Li YES 3414to use LAN traffic as an entropy source. 3415Refer to 3416.Xr random 4 3417for more information. 3418.It Va harvest_p_to_p 3419.Pq Vt bool 3420Set to 3421.Dq Li YES 3422to use serial line traffic as an entropy source. 3423Refer to 3424.Xr random 4 3425for more information. 3426.It Va entropy_dir 3427.Pq Vt str 3428Set to 3429.Dq Li NO 3430to disable caching entropy via 3431.Xr cron 8 . 3432Otherwise set to the directory used to store entropy files in. 3433.It Va entropy_file 3434.Pq Vt str 3435Set to 3436.Dq Li NO 3437to disable caching entropy through reboots. 3438Otherwise set to the filename used to store cached entropy through 3439reboots. 3440This file should be located on the root file system to seed the 3441.Xr random 4 3442device as early as possible in the boot process. 3443.It Va entropy_save_sz 3444.Pq Vt int 3445Size of the entropy cache files saved by 3446.Nm save-entropy 3447periodically. 3448.It Va entropy_save_num 3449.Pq Vt int 3450Number of entropy cache files to save by 3451.Nm save-entropy 3452periodically. 3453.It Va ipsec_enable 3454.Pq Vt bool 3455Set to 3456.Dq Li YES 3457to run 3458.Xr setkey 8 3459on 3460.Va ipsec_file 3461at boot time. 3462.It Va ipsec_file 3463.Pq Vt str 3464Configuration file for 3465.Xr setkey 8 . 3466.It Va dmesg_enable 3467.Pq Vt bool 3468Set to 3469.Dq Li YES 3470to save 3471.Xr dmesg 8 3472to 3473.Pa /var/run/dmesg.boot 3474on boot. 3475.It Va rcshutdown_timeout 3476.Pq Vt int 3477If set, start a watchdog timer in the background which will terminate 3478.Pa rc.shutdown 3479if 3480.Xr shutdown 8 3481has not completed within the specified time (in seconds). 3482Notice that in addition to this soft timeout, 3483.Xr init 8 3484also applies a hard timeout for the execution of 3485.Pa rc.shutdown . 3486This is configured via 3487.Xr sysctl 8 3488variable 3489.Va kern.init_shutdown_timeout 3490and defaults to 120 seconds. 3491Setting the value of 3492.Va rcshutdown_timeout 3493to more than 120 seconds will have no effect until the 3494.Xr sysctl 8 3495variable 3496.Va kern.init_shutdown_timeout 3497is also increased. 3498.It Va virecover_enable 3499.Pq Vt bool 3500Set to 3501.Dq Li NO 3502to prevent the system from trying to 3503recover pre-maturely terminated 3504.Xr vi 1 3505sessions. 3506.It Va ugidfw_enable 3507.Pq Vt bool 3508Set to 3509.Dq Li YES 3510to load the 3511.Xr mac_bsdextended 4 3512module upon system initialization and load a default 3513ruleset file. 3514.It Va bsdextended_script 3515.Pq Vt str 3516The default 3517.Xr mac_bsdextended 4 3518ruleset file to load. 3519The default value of this variable is 3520.Pa /etc/rc.bsdextended . 3521.It Va newsyslog_enable 3522.Pq Vt bool 3523If set to 3524.Dq Li YES , 3525run 3526.Xr newsyslog 8 3527command at startup. 3528.It Va newsyslog_flags 3529.Pq Vt str 3530If 3531.Va newsyslog_enable 3532is set to 3533.Dq Li YES , 3534these are the flags to pass to the 3535.Xr newsyslog 8 3536program. 3537The default is 3538.Dq Li -CN , 3539which causes log files flagged with a 3540.Cm C 3541to be created. 3542.It Va mdconfig_md Ns Aq Ar X 3543.Pq Vt str 3544Arguments to 3545.Xr mdconfig 8 3546for 3547.Xr md 4 3548device 3549.Ar X . 3550At minimum a 3551.Fl t Ar type 3552must be specified and either a 3553.Fl s Ar size 3554for malloc or swap backed 3555.Xr md 4 3556devices or a 3557.Fl f Ar file 3558for vnode backed 3559.Xr md 4 3560devices. 3561Note that 3562.Va mdconfig_md Ns Aq Ar X 3563variables are evaluated until one variable is unset or null. 3564.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3565.Pq Vt str 3566Optional arguments passed to 3567.Xr newfs 8 3568to initialize 3569.Xr md 4 3570device 3571.Ar X . 3572.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3573.Pq Vt str 3574An ownership specification passed to 3575.Xr chown 8 3576after the specified 3577.Xr md 4 3578device 3579.Ar X 3580has been mounted. 3581Both the 3582.Xr md 4 3583device and the mount point will be changed. 3584.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3585.Pq Vt str 3586A mode string passed to 3587.Xr chmod 1 3588after the specified 3589.Xr md 4 3590device 3591.Ar X 3592has been mounted. 3593Both the 3594.Xr md 4 3595device and the mount point will be changed. 3596.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3597.Pq Vt str 3598Files to be copied to the mount point of the 3599.Xr md 4 3600device 3601.Ar X 3602after it has been mounted. 3603.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3604.Pq Vt str 3605Command to execute after the specified 3606.Xr md 4 3607device 3608.Ar X 3609has been mounted. 3610Note that the command is passed to 3611.Ic eval 3612and that both 3613.Va _dev 3614and 3615.Va _mp 3616variables can be used to reference respectively the 3617.Xr md 4 3618device and the mount point. 3619Assuming that the 3620.Xr md 4 3621device is 3622.Li md0 , 3623one could set the following: 3624.Bd -literal 3625mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3626.Ed 3627.It Va ramdisk_units 3628.Pq Vt str 3629A list of one or more ramdisk units to configure with 3630.Xr mdconfig 8 3631and 3632.Xr newfs 8 3633in time to be mounted from 3634.Xr fstab 5 . 3635Each listed unit 3636.Ar X 3637must specify at least a 3638.Ar type 3639in a 3640.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3641variable. 3642Note that this way to configure ramdisks has been deprecated 3643in favor of new 3644.Va mdconfig_md* 3645variables (see above). 3646.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3647.Pq Vt str 3648Arguments to 3649.Xr mdconfig 8 3650for ramdisk 3651.Ar X . 3652At minimum a 3653.Fl t Ar type 3654must be specified, where 3655.Ar type 3656must be one of 3657.Cm malloc 3658or 3659.Cm swap . 3660.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3661.Pq Vt str 3662Optional arguments passed to 3663.Xr newfs 8 3664to initialize ramdisk 3665.Ar X . 3666.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3667.Pq Vt str 3668An ownership specification passed to 3669.Xr chown 8 3670after the specified ramdisk unit 3671.Ar X 3672has been mounted. 3673Both the 3674.Xr md 4 3675device and the mount point will be changed. 3676.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3677.Pq Vt str 3678A mode string passed to 3679.Xr chmod 1 3680after the specified ramdisk unit 3681.Ar X 3682has been mounted. 3683Both the 3684.Xr md 4 3685device and the mount point will be changed. 3686.It Va autobridge_interfaces 3687.Pq Vt str 3688Set to the list of bridge interfaces that will have newly arriving interfaces 3689checked against to be automatically added. 3690If not set to 3691.Dq Li NO 3692then for each whitespace separated 3693.Ar element 3694in the value, a 3695.Va autobridge_ Ns Aq Ar element 3696variable is assumed to exist which has a whitespace separated list of interface 3697names to match, these names can use wildcards. 3698For example: 3699.Bd -literal 3700autobridge_interfaces="bridge0" 3701autobridge_bridge0="tap* dc0 vlan[345]" 3702.Ed 3703.It Va mixer_enable 3704.Pq Vt bool 3705If set to 3706.Dq Li YES , 3707enable support for sound mixer. 3708.El 3709.Sh FILES 3710.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3711.It Pa /etc/defaults/rc.conf 3712.It Pa /etc/rc.conf 3713.It Pa /etc/rc.conf.local 3714.El 3715.Sh SEE ALSO 3716.Xr catman 1 , 3717.Xr chmod 1 , 3718.Xr gdb 1 , 3719.Xr info 1 , 3720.Xr kbdcontrol 1 , 3721.Xr makewhatis 1 , 3722.Xr sh 1 , 3723.Xr vi 1 , 3724.Xr vidcontrol 1 , 3725.Xr bridge 4 , 3726.Xr ip 4 , 3727.Xr ipf 4 , 3728.Xr ipfw 4 , 3729.Xr ipnat 4 , 3730.Xr kld 4 , 3731.Xr pf 4 , 3732.Xr pflog 4 , 3733.Xr pfsync 4 , 3734.Xr tcp 4 , 3735.Xr udp 4 , 3736.Xr exports 5 , 3737.Xr fstab 5 , 3738.Xr ipf 5 , 3739.Xr ipnat 5 , 3740.Xr motd 5 , 3741.Xr newsyslog.conf 5 , 3742.Xr pf.conf 5 , 3743.Xr accton 8 , 3744.Xr amd 8 , 3745.Xr apm 8 , 3746.Xr atm 8 , 3747.Xr chkprintcap 8 , 3748.Xr chown 8 , 3749.Xr cron 8 , 3750.Xr dhclient 8 , 3751.Xr ftpd 8 , 3752.Xr geli 8 , 3753.Xr ifconfig 8 , 3754.Xr inetd 8 , 3755.Xr ipf 8 , 3756.Xr ipfw 8 , 3757.Xr ipnat 8 , 3758.Xr isdnd 8 , 3759.Xr isdntrace 8 , 3760.Xr jail 8 , 3761.Xr kldxref 8 , 3762.Xr lpd 8 , 3763.Xr mdconfig 8 , 3764.Xr mdmfs 8 , 3765.Xr mixer 8 , 3766.Xr mountd 8 , 3767.Xr moused 8 , 3768.Xr mrouted 8 , 3769.Xr named 8 , 3770.Xr newfs 8 , 3771.Xr newsyslog 8 , 3772.Xr nfsd 8 , 3773.Xr ntpd 8 , 3774.Xr ntpdate 8 , 3775.Xr pfctl 8 , 3776.Xr pflogd 8 , 3777.Xr powerd 8 , 3778.Xr quotacheck 8 , 3779.Xr quotaon 8 , 3780.Xr rc 8 , 3781.Xr rc.sendmail 8 , 3782.Xr route 8 , 3783.Xr routed 8 , 3784.Xr rpcbind 8 , 3785.Xr rpc.lockd 8 , 3786.Xr rpc.statd 8 , 3787.Xr rwhod 8 , 3788.Xr savecore 8 , 3789.Xr sshd 8 , 3790.Xr swapon 8 , 3791.Xr sysctl 8 , 3792.Xr syslogd 8 , 3793.Xr timed 8 , 3794.Xr yp 8 , 3795.Xr ypbind 8 , 3796.Xr ypserv 8 , 3797.Xr ypset 8 3798.Sh HISTORY 3799The 3800.Nm 3801file appeared in 3802.Fx 2.2.2 . 3803.Sh AUTHORS 3804.An Jordan K. Hubbard . 3805