xref: /freebsd/share/man/man5/rc.conf.5 (revision 31489a9a2653e123121e8ca39b4be802013d2b50) 
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd November 9, 2004
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility,
42.Xr sysinstall 8 .
43.Pp
44The purpose of
45.Nm
46is not to run commands or perform system startup actions
47directly.
48Instead, it is included by the
49various generic startup scripts in
50.Pa /etc
51which conditionalize their
52internal actions according to the settings found there.
53.Pp
54The
55.Pa /etc/rc.conf
56file is included from the file
57.Pa /etc/defaults/rc.conf ,
58which specifies the default settings for all the available options.
59Options need only be specified in
60.Pa /etc/rc.conf
61when the system administrator wishes to override these defaults.
62The file
63.Pa /etc/rc.conf.local
64is used to override settings in
65.Pa /etc/rc.conf
66for historical reasons.
67See the
68.Va rc_conf_files
69variable below.
70.Pp
71The following list provides a name and short description for each
72variable that can be set in the
73.Nm
74file:
75.Bl -tag -width indent-two
76.It Va rc_debug
77.Pq Vt bool
78If set to
79.Dq Li YES ,
80enable output of debug messages from rc scripts.
81This variable can be helpful in diagnosing mistakes when
82editing or integrating new scripts.
83Beware that this produces copious output to the terminal and
84.Xr syslog 3 .
85.It Va rc_info
86.Pq Vt bool
87If set to
88.Dq Li NO ,
89disable informational messages from the rc scripts.
90Informational messages are displayed when
91a condition that is not serious enough to warrant a warning or
92an error occurs.
93.It Va swapfile
94.Pq Vt str
95If set to
96.Dq Li NO ,
97no swapfile is installed, otherwise the value is used as the full
98pathname to a file to use for additional swap space.
99.It Va apm_enable
100.Pq Vt bool
101If set to
102.Dq Li YES ,
103enable support for Automatic Power Management with
104the
105.Xr apm 8
106command.
107.It Va apmd_enable
108.Pq Vt bool
109Run
110.Xr apmd 8
111to handle APM event from userland.
112This also enables support for APM.
113.It Va apmd_flags
114.Pq Vt str
115If
116.Va apmd_enable
117is set to
118.Dq Li YES ,
119these are the flags to pass to the
120.Xr apmd 8
121daemon.
122.It Va devd_enable
123.Pq Vt bool
124Run
125.Xr devd 8
126to handle device added, removed or unknown events from the kernel.
127.It Va kldxref_enable
128.Pq Vt bool
129Set to
130.Dq Li NO
131by default.
132Set to
133.Dq Li YES
134to automatically rebuild
135.Pa linker.hints
136files with
137.Xr kldxref 8
138at boot time.
139.It Va kldxref_clobber
140.Pq Vt bool
141Set to
142.Dq Li NO
143by default.
144If
145.Va kldxref_enable
146is true,
147setting to
148.Dq Li YES
149will overwrite existing
150.Pa linker.hints
151files at boot time.
152Otherwise,
153only missing
154.Pa linker.hints
155files are generated.
156.It Va kldxref_module_path
157.Pq Vt str
158Empty by default.
159A semi-colon
160.Pq Ql \&;
161delimited list of paths containing
162.Xr kld 4
163modules.
164If empty,
165the contents of the
166.Va kern.module_path
167.Xr sysctl 8
168are used.
169.It Va pccard_enable
170.Pq Vt bool
171If set to
172.Dq Li YES ,
173enable PCCARD support at boot time.
174.It Va pccard_mem
175.Pq Vt str
176Set to PCCARD controller memory address or
177.Dq Li DEFAULT
178for the default value.
179.It Va pccard_ifconfig
180.Pq Vt str
181List of arguments to be passed to
182.Xr ifconfig 8
183at boot time or on
184insertion of the card (e.g.\&
185.Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
186for a fixed address or
187.Dq Li DHCP
188for a DHCP client).
189.It Va pccard_beep
190.Pq Vt int
191If 0,
192set the PCCARD controller to silent mode.
193If 1,
194set it to beep mode.
195If 2,
196set it to melody mode.
197.It Va pccard_conf
198.Pq Vt str
199Path to the configuration file for the
200.Xr pccardd 8
201daemon (e.g.\&
202.Pa /etc/pccard.conf.sample ) .
203.It Va pccardd_flags
204.Pq Vt str
205If
206.Va pccard_enable
207is set to
208.Dq Li YES ,
209these are the flags to pass to the
210.Xr pccardd 8
211daemon.
212.It Va pccard_ether_delay
213.Pq Vt str
214Set the delay before starting
215.Xr dhclient 8
216in the
217.Pa /etc/pccard_ether
218script.
219This defaults to 5 seconds to work around a bug in the
220.Xr ed 4
221driver which can lead to system hangs when using some newer
222.Xr ed 4
223based cards.
224.It Va removable_interfaces
225.Pq Vt str
226List of removable network interfaces to be supported by
227.Pa /etc/pccard_ether .
228.It Va tmpmfs
229Controls the creation of a
230.Pa /tmp
231memory file system.
232Always happens if set to
233.Dq Li YES
234and never happens if set to
235.Dq Li NO .
236If set to anything else, a memory file system is created if
237.Pa /tmp
238is not writable.
239.It Va tmpsize
240Controls the size of a created
241.Pa /tmp
242memory file system.
243.It Va tmpmfs_flags
244Extra options passed to the
245.Xr mdmfs 8
246utility when the memory file system for
247.Pa /tmp
248is created.
249The default is
250.Dq Li -S -o noexec,nosuid,nodev ,
251which inhibits the use of softupdates on
252.Pa /tmp
253to waste as little space as possible and mounts the memory file system
254.Dq Li noexec,nosuid,nodev .
255See
256.Xr mdmfs 8
257for other options you can use in
258.Li tmpmfs_flags .
259.It Va varmfs
260Controls the creation of a
261.Pa /var
262memory file system.
263Always happens if set to
264.Dq Li YES
265and never happens if set to
266.Dq Li NO .
267If set to anything else, a memory file system is created if
268.Pa /var
269is not writable.
270.It Va varsize
271Controls the size of a created
272.Pa /var
273memory file system.
274.It Va varmfs_flags
275Extra options passed to the
276.Xr mdmfs 8
277utility when the memory file system for
278.Pa /var
279is created.
280The default is
281.Dq Li -S ,
282which inhibits the use of softupdates on
283.Pa /var
284to waste as little space as possible.
285See
286.Xr mdmfs 8
287for other options you can use in
288.Li varmfs_flags .
289.It Va populate_var
290Controls the automatic population of the
291.Pa /var
292file system.
293Always happens if set to
294.Dq Li YES
295and never happens if set to
296.Dq Li NO .
297If set to anything else, a memory file system is created if
298.Pa /var
299is not writable.
300Note that this process requires access to certain commands in
301.Pa /usr
302before
303.Pa /usr
304is mounted on normal systems.
305.It Va local_startup
306.Pq Vt str
307List of directories to search for startup script files.
308.It Va script_name_sep
309.Pq Vt str
310The field separator to use for breaking down the list of startup script files
311into individual filenames.
312The default is a space.
313It is not necessary to change this unless there are startup scripts with names
314containing spaces.
315.It Va hostname
316.Pq Vt str
317The fully qualified domain name (FQDN) of this host on the network.
318This should almost certainly be set to something meaningful, even if
319there is no network connection.
320If
321.Xr dhclient 8
322is used to set the hostname via DHCP,
323this variable should be set to an empty string.
324.It Va ipv6_enable
325.Pq Vt bool
326Enable support for IPv6 networking.
327Note that this requires that the kernel have been compiled with
328.Cd "options INET6" .
329.It Va nisdomainname
330.Pq Vt str
331The NIS domain name of this host, or
332.Dq Li NO
333if NIS is not used.
334.It Va dhclient_program
335.Pq Vt str
336Path to the DHCP client program
337.Pa ( /sbin/dhclient ,
338the ISC DHCP client,
339is the default).
340.It Va dhclient_flags
341.Pq Vt str
342Additional flags to pass to the DHCP client program.
343For the ISC DHCP client, see the
344.Xr dhclient 8
345manpage for a description of the command line options available.
346.It Va background_dhclient
347.Pq Vt bool
348Set to
349.Dq Li YES
350to start the dhcp client in background.
351This can cause trouble with applications depending on
352a working network, but it will provide a faster startup
353in many cases.
354.It Va firewall_enable
355.Pq Vt bool
356Set to
357.Dq Li YES
358to load firewall rules at startup.
359If the kernel was not built with
360.Cd "options IPFIREWALL" ,
361the
362.Pa ipfw.ko
363kernel module will be loaded.
364See also
365.Va ipfilter_enable .
366.It Va ipv6_firewall_enable
367.Pq Vt bool
368The IPv6 equivalent of
369.Va firewall_enable .
370Set to
371.Dq Li YES
372to load IPv6 firewall rules at startup.
373If the kernel was not built with
374.Cd "options IPV6FIREWALL" ,
375the
376.Pa ip6fw.ko
377kernel module will be loaded.
378.It Va firewall_script
379.Pq Vt str
380This variable specifies the full path to the firewall script to run.
381The default is
382.Pa /etc/rc.firewall .
383.It Va ipv6_firewall_script
384.Pq Vt str
385The IPv6 equivalent of
386.Va firewall_script .
387.It Va firewall_type
388.Pq Vt str
389Names the firewall type from the selection in
390.Pa /etc/rc.firewall ,
391or the file which contains the local firewall ruleset.
392Valid selections from
393.Pa /etc/rc.firewall
394are:
395.Pp
396.Bl -tag -width ".Li simple" -compact
397.It Li open
398unrestricted IP access
399.It Li closed
400all IP services disabled, except via
401.Dq Li lo0
402.It Li client
403basic protection for a workstation
404.It Li simple
405basic protection for a LAN.
406.El
407.Pp
408If a filename is specified, the full path
409must be given.
410.It Va ipv6_firewall_type
411.Pq Vt str
412The IPv6 equivalent of
413.Va firewall_type .
414.It Va firewall_quiet
415.Pq Vt bool
416Set to
417.Dq Li YES
418to disable the display of firewall rules on the console during boot.
419.It Va ipv6_firewall_quiet
420.Pq Vt bool
421The IPv6 equivalent of
422.Va firewall_quiet .
423.It Va firewall_logging
424.Pq Vt bool
425Set to
426.Dq Li YES
427to enable firewall event logging.
428This is equivalent to the
429.Dv IPFIREWALL_VERBOSE
430kernel option.
431.It Va ipv6_firewall_logging
432.Pq Vt bool
433The IPv6 equivalent of
434.Va firewall_logging .
435.It Va firewall_flags
436.Pq Vt str
437Flags passed to
438.Xr ipfw 8
439if
440.Va firewall_type
441specifies a filename.
442.It Va ipv6_firewall_flags
443.Pq Vt str
444The IPv6 equivalent of
445.Va firewall_flags .
446.It Va natd_program
447.Pq Vt str
448Path to
449.Xr natd 8 .
450.It Va natd_enable
451.Pq Vt bool
452Set to
453.Dq Li YES
454to enable
455.Xr natd 8 .
456.Va firewall_enable
457must also be set to
458.Dq Li YES ,
459and
460.Xr divert 4
461sockets must be enabled in the kernel.
462If the kernel was not built with
463.Cd "options IPDIVERT" ,
464the
465.Pa ipdivert.ko
466kernel module will be loaded.
467.It Va natd_interface
468.Pq Vt str
469This is the name of the public interface on which
470.Xr natd 8
471should run.
472The interface may be given as an interface name or as an IP address.
473.It Va natd_flags
474.Pq Vt str
475Additional
476.Xr natd 8
477flags should be placed here.
478The
479.Fl n
480or
481.Fl a
482flag is automatically added with the above
483.Va natd_interface
484as an argument.
485.\" ----- ipfilter_enable setting --------------------------------
486.It Va ipfilter_enable
487.Pq Vt bool
488Set to
489.Dq Li NO
490by default.
491Setting this to
492.Dq Li YES
493enables
494.Xr ipf 8
495packet filtering.
496.Pp
497Typical usage will require putting
498.Bd -literal
499ipfilter_enable="YES"
500ipnat_enable="YES"
501ipmon_enable="YES"
502ipfs_enable="YES"
503.Ed
504.Pp
505into
506.Pa /etc/rc.conf
507and editing
508.Pa /etc/ipf.rules
509and
510.Pa /etc/ipnat.rules
511appropriately.
512.Pp
513Note that
514.Va ipfilter_enable
515and
516.Va ipnat_enable
517can be enabled independently.
518.Va ipmon_enable
519and
520.Va ipfs_enable
521both require at least one of
522.Va ipfilter_enable
523and
524.Va ipnat_enable
525to be enabled.
526.Pp
527Having
528.Bd -literal
529options IPFILTER
530options IPFILTER_LOG
531options IPFILTER_DEFAULT_BLOCK
532.Ed
533.Pp
534in the kernel configuration file is a good idea, too.
535.\" ----- ipfilter_program setting ------------------------------
536.It Va ipfilter_program
537.Pq Vt str
538Path to
539.Xr ipf 8
540(default
541.Pa /sbin/ipf ) .
542.\" ----- ipfilter_rules setting --------------------------------
543.It Va ipfilter_rules
544.Pq Vt str
545Set to
546.Pa /etc/ipf.rules
547by default.
548This variable contains the name of the filter rule definition file.
549The file is expected to be readable for the
550.Xr ipf 8
551command to execute.
552.\" ----- ipv6_ipfilter_rules setting ---------------------------
553.It Va ipv6_ipfilter_rules
554.Pq Vt str
555Set to
556.Pa /etc/ipf6.rules
557by default.
558This variable contains the IPv6 filter rule definition file.
559The file is expected to be readable for the
560.Xr ipf 8
561command to execute.
562.\" ----- ipfilter_flags setting --------------------------------
563.It Va ipfilter_flags
564.Pq Vt str
565Empty by default.
566This variable contains flags passed to the
567.Xr ipf 8
568program.
569.\" ----- ipnat_enable setting ----------------------------------
570.It Va ipnat_enable
571.Pq Vt bool
572Set to
573.Dq Li NO
574by default.
575Set it to
576.Dq Li YES
577to enable
578.Xr ipnat 1
579network address translation.
580See
581.Va ipfilter_enable
582for a detailed discussion.
583.\" ----- ipnat_program setting ---------------------------------
584.It Va ipnat_program
585.Pq Vt str
586Path to
587.Xr ipnat 1
588(default
589.Pa /sbin/ipnat ) .
590.\" ----- ipnat_rules setting -----------------------------------
591.It Va ipnat_rules
592.Pq Vt str
593Set to
594.Pa /etc/ipnat.rules
595by default.
596This variable contains the name of the file
597holding the network address translation definition.
598This file is expected to be readable for the
599.Xr ipnat 1
600command to execute.
601.\" ----- ipnat_flags setting -----------------------------------
602.It Va ipnat_flags
603.Pq Vt str
604Empty by default.
605This variable contains flags passed to the
606.Xr ipnat 1
607program.
608.\" ----- ipmon_enable setting ----------------------------------
609.It Va ipmon_enable
610.Pq Vt bool
611Set to
612.Dq Li NO
613by default.
614Set it to
615.Dq Li YES
616to enable
617.Xr ipmon 8
618monitoring (logging
619.Xr ipf 8
620and
621.Xr ipnat 1
622events).
623Setting this variable needs setting
624.Va ipfilter_enable
625or
626.Va ipnat_enable
627too.
628See
629.Va ipfilter_enable
630for a detailed discussion.
631.\" ----- ipmon_program setting ---------------------------------
632.It Va ipmon_program
633.Pq Vt str
634Path to
635.Xr ipmon 8
636(default
637.Pa /sbin/ipmon ) .
638.\" ----- ipmon_flags setting -----------------------------------
639.It Va ipmon_flags
640.Pq Vt str
641Set to
642.Dq Li -Ds
643by default.
644This variable contains flags passed to the
645.Xr ipmon 8
646program.
647Another typical example would be
648.Dq Fl D Pa /var/log/ipflog
649to have
650.Xr ipmon 8
651log directly to a file bypassing
652.Xr syslogd 8 .
653Make sure to adjust
654.Pa /etc/newsyslog.conf
655in such case like this:
656.Bd -literal
657/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
658.Ed
659.\" ----- ipfs_enable setting -----------------------------------
660.It Va ipfs_enable
661.Pq Vt bool
662Set to
663.Dq Li NO
664by default.
665Set it to
666.Dq Li YES
667to enable
668.Xr ipfs 8
669saving the filter and NAT state tables during shutdown
670and reloading them during startup again.
671Setting this variable needs setting
672.Va ipfilter_enable
673or
674.Va ipnat_enable
675to
676.Dq Li YES
677too.
678See
679.Va ipfilter_enable
680for a detailed discussion.
681Note that if
682.Va kern_securelevel
683is set to 3,
684.Va ipfs_enable
685cannot be used
686because the raised securelevel will prevent
687.Xr ipfs 8
688from saving the state tables at shutdown time.
689.\" ----- ipfs_program setting ----------------------------------
690.It Va ipfs_program
691.Pq Vt str
692Path to
693.Xr ipfs 8
694(default
695.Pa /sbin/ipfs ) .
696.\" ----- ipfs_flags setting ------------------------------------
697.It Va ipfs_flags
698.Pq Vt str
699Empty by default.
700This variable contains flags passed to the
701.Xr ipfs 8
702program.
703.\" ----- end of added ipf hook ---------------------------------
704.It Va pf_enable
705.Pq Vt bool
706Set to
707.Dq Li NO
708by default.
709Setting this to
710.Dq Li YES
711enables
712.Xr pf 4
713packet filtering.
714.Pp
715Typical usage will require putting
716.Pp
717.Dl pf_enable="YES"
718.Pp
719into
720.Pa /etc/rc.conf
721and editing
722.Pa /etc/pf.conf
723appropriately.
724.Pp
725.Dl "device pf"
726.Pp
727builds pf into the kernel.
728Otherwise it is loaded from a module.
729.It Va pf_rules
730.Pq Vt str
731Path to
732.Xr pf 4
733ruleset configuration file
734(default
735.Pa /etc/pf.conf ) .
736.It Va pf_program
737.Pq Vt str
738Path to
739.Xr pfctl 8
740(default
741.Pa /sbin/pfctl ) .
742.It Va pf_flags
743.Pq Vt str
744If
745.Va pf_enable
746is set to
747.Dq Li YES ,
748these flags are passed to the
749.Xr pfctl 8
750program when loading the ruleset.
751.It Va pflog_enable
752.Pq Vt bool
753Set to
754.Dq Li NO
755by default.
756Setting this to
757.Dq Li YES
758enables
759.Xr pflogd 8
760which logs packtes from the
761.Xr pf 4
762packet filter.
763.It Va pflog_logfile
764.Pq Vt str
765If
766.Va pflog_enable
767is set to
768.Dq Li YES
769this controls where
770.Xr pflogd 8
771stores the logfile
772(default
773.Pa /var/log/pflog ) .
774Check
775.Pa /etc/newsyslog.conf
776to adjust logfile rotation for this.
777.It Va pflog_program
778.Pq Vt str
779Path to
780.Xr pflogd 8
781(default
782.Pa /sbin/pflogd ) .
783.It Va pflog_flags
784.Pq Vt str
785Empty by default.
786This variable contains additional flags passed to the
787.Xr pflogd 8
788program.
789.It Va tcp_extensions
790.Pq Vt bool
791Set to
792.Dq Li YES
793by default.
794Setting this to
795.Dq Li NO
796disables certain TCP options as described by
797.Rs
798.%T "RFC 1323"
799.Re
800Setting this to
801.Dq Li NO
802might help remedy such problems with connections as randomly hanging
803or other weird behavior.
804Some network devices are known
805to be broken with respect to these options.
806.It Va log_in_vain
807.Pq Vt int
808Set to 0 by default.
809The
810.Xr sysctl 8
811variables,
812.Va net.inet.tcp.log_in_vain
813and
814.Va net.inet.udp.log_in_vain ,
815as described in
816.Xr tcp 4
817and
818.Xr udp 4 ,
819are set to the given value.
820.It Va tcp_keepalive
821.Pq Vt bool
822Set to
823.Dq Li YES
824by default.
825Setting to
826.Dq Li NO
827will disable probing idle TCP connections to verify that the
828peer is still up and reachable.
829.It Va tcp_drop_synfin
830.Pq Vt bool
831Set to
832.Dq Li NO
833by default.
834Setting to
835.Dq Li YES
836will cause the kernel to ignore TCP frames that have both
837the SYN and FIN flags set.
838This prevents OS fingerprinting, but may
839break some legitimate applications.
840This option is only available if the
841kernel was built with the
842.Dv TCP_DROP_SYNFIN
843option.
844.It Va icmp_drop_redirect
845.Pq Vt bool
846Set to
847.Dq Li NO
848by default.
849Setting to
850.Dq Li YES
851will cause the kernel to ignore ICMP REDIRECT packets.
852Refer to
853.Xr icmp 4
854for more information.
855.It Va icmp_log_redirect
856.Pq Vt bool
857Set to
858.Dq Li NO
859by default.
860Setting to
861.Dq Li YES
862will cause the kernel to log ICMP REDIRECT packets.
863Note that
864the log messages are not rate-limited, so this option should only be used
865for troubleshooting networks.
866Refer to
867.Xr icmp 4
868for more information.
869.It Va icmp_bmcastecho
870.Pq Vt bool
871Set to
872.Dq Li YES
873to respond to broadcast or multicast ICMP ping packets.
874Refer to
875.Xr icmp 4
876for more information.
877.It Va ip_portrange_first
878.Pq Vt int
879If not set to
880.Dq Li NO ,
881this is the first port in the default portrange.
882Refer to
883.Xr ip 4
884for more information.
885.It Va ip_portrange_last
886.Pq Vt int
887If not set to
888.Dq Li NO ,
889this is the last port in the default portrange.
890Refer to
891.Xr ip 4
892for more information.
893.It Va network_interfaces
894.Pq Vt str
895Set to the list of network interfaces to configure on this host.
896For example, if the only network devices in the system are the loopback
897device
898.Pq Li lo0
899and a NIC using the
900.Xr ed 4
901driver,
902this could be set to
903.Dq Li "lo0 ed0" .
904An
905.Va ifconfig_ Ns Aq Ar interface
906variable is also assumed to exist for each value of
907.Ar interface .
908It is also possible to add IP alias entries here in cases where
909multiple IP addresses registered against a single interface
910are desired.
911Assuming that the interface in question was
912.Li ed0 ,
913it might look
914something like this:
915.Bd -literal
916ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
917ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
918.Ed
919.Pp
920And so on.
921For each
922.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
923entry that is found,
924its contents are passed to
925.Xr ifconfig 8 .
926Execution stops at the first unsuccessful access, so if
927something like this is present:
928.Bd -literal
929ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
930ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
931ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
932ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
933.Ed
934.Pp
935Then note that alias4 would
936.Em not
937be added since the search would
938stop with the missing alias3 entry.
939.Pp
940If the
941.Pa /etc/start_if. Ns Aq Ar interface
942file is present, it is read and executed by the
943.Xr sh 1
944interpreter
945before configuring the interface as specified in the
946.Va ifconfig_ Ns Aq Ar interface
947and
948.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
949variables.
950.Pp
951It is possible to bring up an interface with DHCP by setting the
952.Va ifconfig_ Ns Aq Ar interface
953variable to
954.Dq Li DHCP .
955For instance, to initialize the
956.Li ed0
957device via DHCP,
958it is possible to use something like:
959.Bd -literal
960ifconfig_ed0="DHCP"
961.Ed
962.Pp
963It is also possible to rename interface by doing:
964.Bd -literal
965ifconfig_ed0_name="net0"
966ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
967.Ed
968.It Va ipv6_network_interfaces
969.Pq Vt str
970This is the IPv6 equivalent of
971.Va network_interfaces .
972Instead of setting the ifconfig variables as
973.Va ifconfig_ Ns Aq Ar interface
974they should be set as
975.Va ipv6_ifconfig_ Ns Aq Ar interface .
976Aliases should be set as
977.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
978.Va ipv6_prefix_ Ns Aq Ar interface
979does something.
980Interfaces that do not have a
981.Va ipv6_ifconfig_ Ns Aq Ar interface
982setting will be auto configured by
983.Xr rtsol 8
984if the
985.Va ipv6_gateway_enable
986is set to
987.Dq Li NO .
988Note that the IPv6 networking code does not support the
989.Pa /etc/start_if. Ns Aq Ar interface
990files.
991.It Va ipv6_default_interface
992.Pq Vt str
993If not set to
994.Dq Li NO ,
995this is the default output interface for scoped addresses.
996Now this works only for IPv6 link local multicast addresses.
997.It Va cloned_interfaces
998.Pq Vt str
999Set to the list of clonable network interfaces to create on this host.
1000Entries in
1001.Va cloned_interfaces
1002are automatically appended to
1003.Va network_interfaces
1004for configuration.
1005.It Va gif_interfaces
1006.Pq Vt str
1007Set to the list of
1008.Xr gif 4
1009tunnel interfaces to configure on this host.
1010A
1011.Va gifconfig_ Ns Aq Ar interface
1012variable is assumed to exist for each value of
1013.Ar interface .
1014The value of this variable is used to configure the link layer of the
1015tunnel according to the syntax of the
1016.Cm tunnel
1017option to
1018.Xr ifconfig 8 .
1019Additionally, this option ensures that each listed interface is created
1020via the
1021.Cm create
1022option to
1023.Xr ifconfig 8
1024before attempting to configure it.
1025.It Va sppp_interfaces
1026.Pq Vt str
1027Set to the list of
1028.Xr sppp 4
1029interfaces to configure on this host.
1030A
1031.Va spppconfig_ Ns Aq Ar interface
1032variable is assumed to exist for each value of
1033.Ar interface .
1034Each interface should also be configured by a general
1035.Va ifconfig_ Ns Aq Ar interface
1036setting.
1037Refer to
1038.Xr spppcontrol 8
1039for more information about available options.
1040.It Va ppp_enable
1041.Pq Vt bool
1042If set to
1043.Dq Li YES ,
1044run the
1045.Xr ppp 8
1046daemon.
1047.It Va ppp_mode
1048.Pq Vt str
1049Mode in which to run the
1050.Xr ppp 8
1051daemon.
1052Accepted modes are
1053.Dq Li auto ,
1054.Dq Li ddial ,
1055.Dq Li direct
1056and
1057.Dq Li dedicated .
1058See the manual for a full description.
1059.It Va ppp_nat
1060.Pq Vt bool
1061If set to
1062.Dq Li YES ,
1063enables network address translation.
1064Used in conjunction with
1065.Va gateway_enable
1066allows hosts on private network addresses access to the Internet using
1067this host as a network address translating router.
1068.It Va ppp_profile
1069.Pq Vt str
1070The name of the profile to use from
1071.Pa /etc/ppp/ppp.conf .
1072.It Va ppp_user
1073.Pq Vt str
1074The name of the user under which
1075.Xr ppp 8
1076should be started.
1077By
1078default,
1079.Xr ppp 8
1080is started as
1081.Dq Li root .
1082.It Va rc_conf_files
1083.Pq Vt str
1084This option is used to specify a list of files that will override
1085the settings in
1086.Pa /etc/defaults/rc.conf .
1087The files will be read in the order in which they are specified and should
1088include the full path to the file.
1089By default, the files specified are
1090.Pa /etc/rc.conf
1091and
1092.Pa /etc/rc.conf.local
1093.It Va gbde_autoattach_all
1094.Pq Vt bool
1095If set to
1096.Dq Li YES ,
1097.Pa /etc/rc.d/gbde
1098will attempt to automatically initialize your .bde devices in
1099.Pa /etc/fstab .
1100.It Va gbde_devices
1101.Pq Vt str
1102List the devices that the script should try to attach,
1103or
1104.Dq Li AUTO .
1105.It Va gbde_lockdir
1106.Pq Vt str
1107The directory where the
1108.Xr gbde 4
1109lockfiles are located.
1110The default lockfile directory is
1111.Pa /etc .
1112.Pp
1113The lockfile for each individual
1114.Xr gbde 4
1115device can be overridden by setting the variable
1116.Va gbde_lock_ Ns Aq Ar device ,
1117where
1118.Ar device
1119is the encrypted device without the
1120.Dq Pa /dev/
1121and
1122.Dq Pa .bde
1123parts.
1124.It Va gbde_attach_attempts
1125.Pq Vt int
1126Number of times to attempt attaching to a
1127.Xr gbde 4
1128device, i.e. how many times the user is asked for the pass-phrase.
1129Default is 3.
1130.It Va gbde_swap_enable
1131.Pq Vt bool
1132If set to
1133.Dq Li YES ,
1134any .bde swap devices listed in
1135.Pa /etc/fstab
1136will be initialized with a random, one-shot key.
1137Note that this makes recovery of kernel dumps impossible.
1138.It Va root_rw_mount
1139.Pq Vt bool
1140Set to
1141.Dq Li YES
1142by default.
1143After the file systems are checked at boot time, the root file system
1144is remounted as read-write if this is set to
1145.Dq Li YES .
1146Diskless systems that mount their root file system from a read-only remote
1147NFS share should set this to
1148.Dq Li NO
1149in their
1150.Pa rc.conf .
1151.It Va fsck_y_enable
1152.Pq Vt bool
1153If set to
1154.Dq Li YES ,
1155.Xr fsck 8
1156will be run with the
1157.Fl y
1158flag if the initial preen
1159of the file systems fails.
1160.It Va background_fsck
1161.Pq Vt bool
1162If set to
1163.Dq Li YES ,
1164the system will attempt to run
1165.Xr fsck 8
1166in the background where possible.
1167.It Va background_fsck_delay
1168.Pq Vt int
1169The amount of time in seconds to sleep before starting a background
1170.Xr fsck 8 .
1171It defaults to sixty seconds to allow large applications such as
1172the X server to start before disk I/O bandwidth is monopolized by
1173.Xr fsck 8 .
1174.It Va netfs_types
1175.Pq Vt str
1176List of file system types that are network-based.
1177This list should generally not be modified by end users.
1178Use
1179.Va extra_netfs_types
1180instead.
1181.It Va extra_netfs_types
1182.Pq Vt str
1183If set to something other than
1184.Dq Li NO
1185(the default),
1186this variable extends the list of file system types
1187for which automatic mounting at startup by
1188.Xr rc 8
1189should be delayed until the network is initialized.
1190It should contain
1191a whitespace-separated list of network file system descriptor pairs,
1192each consisting of a file system type as passed to
1193.Xr mount 8
1194and a human-readable, one-word description,
1195joined with a colon
1196.Pq Ql \&: .
1197Extending the default list in this way is only necessary
1198when third party file system types are used.
1199.It Va syslogd_enable
1200.Pq Vt bool
1201If set to
1202.Dq Li YES ,
1203run the
1204.Xr syslogd 8
1205daemon.
1206.It Va syslogd_program
1207.Pq Vt str
1208Path to
1209.Xr syslogd 8
1210(default
1211.Pa /usr/sbin/syslogd ) .
1212.It Va syslogd_flags
1213.Pq Vt str
1214If
1215.Va syslogd_enable
1216is set to
1217.Dq Li YES ,
1218these are the flags to pass to
1219.Xr syslogd 8 .
1220.It Va inetd_enable
1221.Pq Vt bool
1222If set to
1223.Dq Li YES ,
1224run the
1225.Xr inetd 8
1226daemon.
1227.It Va inetd_program
1228.Pq Vt str
1229Path to
1230.Xr inetd 8
1231(default
1232.Pa /usr/sbin/inetd ) .
1233.It Va inetd_flags
1234.Pq Vt str
1235If
1236.Va inetd_enable
1237is set to
1238.Dq Li YES ,
1239these are the flags to pass to
1240.Xr inetd 8 .
1241.It Va named_enable
1242.Pq Vt bool
1243If set to
1244.Dq Li YES ,
1245run the
1246.Xr named 8
1247daemon.
1248.It Va named_program
1249.Pq Vt str
1250Path to
1251.Xr named 8
1252(default
1253.Pa /usr/sbin/named ) .
1254.It Va named_flags
1255.Pq Vt str
1256If
1257.Va named_enable
1258is set to
1259.Dq Li YES ,
1260these are the flags to pass to
1261.Xr named 8 .
1262.It Va named_pidfile
1263.Pq Vt str
1264This is the default path to the
1265.Xr named 8
1266daemon's PID file.
1267Change it if you change the location in
1268.Xr named.conf 5 .
1269.It Va named_chrootdir
1270.Pq Vt str
1271The root directory for a name server run in a
1272.Xr chroot 8
1273environment (default
1274.Pa /var/named ) .
1275If left empty
1276.Xr named 8
1277will not be run in a
1278.Xr chroot 8
1279environment.
1280.It Va named_chroot_autoupdate
1281.Pq Vt bool
1282Set to
1283.Dq Li NO
1284to disable automatic update of the
1285.Xr chroot 8
1286environment.
1287.It Va named_symlink_enable
1288.Pq Vt bool
1289Set to
1290.Dq Li NO
1291to disable symlinking of
1292daemon's PID file
1293into the
1294.Xr chroot 8
1295environment.
1296.It Va kerberos5_server_enable
1297.Pq Vt bool
1298Set to
1299.Dq Li YES
1300to start a Kerberos 5 authentication server
1301at boot time.
1302.It Va kerberos5_server
1303.Pq Vt str
1304If
1305.Va kerberos5_server_enable
1306is set to
1307.Dq Li YES
1308this is the path to Kerberos 5 Authentication Server.
1309.It Va kadmind5_server_enable
1310.Pq Vt bool
1311Set to
1312.Dq Li YES
1313to start
1314.Xr kadmind 8 ,
1315the Kerberos 5 Administration Daemon; set to
1316.Dq Li NO
1317on a slave server.
1318.It Va kadmind5_server
1319.Pq Vt str
1320If
1321.Va kadmind5_server_enable
1322is set to
1323.Dq Li YES
1324this is the path to Kerberos 5 Administration Daemon.
1325.It Va kpasswdd_server_enable
1326.Pq Vt bool
1327Set to
1328.Dq Li YES
1329to start
1330.Xr kpasswdd 8 ,
1331the Kerberos 5 Password-Changing Daemon; set to
1332.Dq Li NO
1333on a slave server.
1334.It Va kpasswdd_server
1335.Pq Vt str
1336If
1337.Va kpasswdd_server_enable
1338is set to
1339.Dq Li YES
1340this is the path to Kerberos 5 Password-Changing Daemon.
1341.It Va rwhod_enable
1342.Pq Vt bool
1343If set to
1344.Dq Li YES ,
1345run the
1346.Xr rwhod 8
1347daemon at boot time.
1348.It Va rwhod_flags
1349.Pq Vt str
1350If
1351.Va rwhod_enable
1352is set to
1353.Dq Li YES ,
1354these are the flags to pass to it.
1355.It Va amd_enable
1356.Pq Vt bool
1357If set to
1358.Dq Li YES ,
1359run the
1360.Xr amd 8
1361daemon at boot time.
1362.It Va amd_flags
1363.Pq Vt str
1364If
1365.Va amd_enable
1366is set to
1367.Dq Li YES ,
1368these are the flags to pass to it.
1369See the
1370.Xr amd 8
1371manpage for more information.
1372.It Va amd_map_program
1373.Pq Vt str
1374If set,
1375the specified program is run to get the list of
1376.Xr amd 8
1377maps.
1378For example, if the
1379.Xr amd 8
1380maps are stored in NIS, one can set this to
1381run
1382.Xr ypcat 1
1383to get a list of
1384.Xr amd 8
1385maps from the
1386.Pa amd.master
1387NIS map.
1388.It Va update_motd
1389.Pq Vt bool
1390If set to
1391.Dq Li YES ,
1392.Pa /etc/motd
1393will be updated at boot time to reflect the kernel release
1394being run.
1395If set to
1396.Dq Li NO ,
1397.Pa /etc/motd
1398will not be updated.
1399.It Va nfs_client_enable
1400.Pq Vt bool
1401If set to
1402.Dq Li YES ,
1403run the NFS client daemons at boot time.
1404.It Va nfs_access_cache
1405.Pq Vt int
1406If
1407.Va nfs_client_enable
1408is set to
1409.Dq Li YES ,
1410this can be set to
1411.Dq Li 0
1412to disable NFS ACCESS RPC caching, or to the number of seconds for which
1413NFS ACCESS
1414results should be cached.
1415A value of 2-10 seconds will substantially reduce network
1416traffic for many NFS operations.
1417.It Va nfs_server_enable
1418.Pq Vt bool
1419If set to
1420.Dq Li YES ,
1421run the NFS server daemons at boot time.
1422.It Va nfs_server_flags
1423.Pq Vt str
1424If
1425.Va nfs_server_enable
1426is set to
1427.Dq Li YES ,
1428these are the flags to pass to the
1429.Xr nfsd 8
1430daemon.
1431.It Va mountd_enable
1432.Pq Vt bool
1433If set to
1434.Dq Li YES ,
1435and no
1436.Va nfs_server_enable
1437is set, start
1438.Xr mountd 8 ,
1439but not
1440.Xr nfsd 8
1441daemon.
1442It is commonly needed to run CFS without real NFS used.
1443.It Va mountd_flags
1444.Pq Vt str
1445If
1446.Va mountd_enable
1447is set to
1448.Dq Li YES ,
1449these are the flags to pass to the
1450.Xr mountd 8
1451daemon.
1452.It Va weak_mountd_authentication
1453.Pq Vt bool
1454If set to
1455.Dq Li YES ,
1456allow services like PCNFSD to make non-privileged mount
1457requests.
1458.It Va nfs_reserved_port_only
1459.Pq Vt bool
1460If set to
1461.Dq Li YES ,
1462provide NFS services only on a secure port.
1463.It Va nfs_bufpackets
1464.Pq Vt int
1465If set to a number, indicates the number of packets worth of
1466socket buffer space to reserve on an NFS client.
1467The kernel default is typically 4.
1468Using a higher number may be
1469useful on gigabit networks to improve performance.
1470The minimum value is
14712 and the maximum is 64.
1472.It Va rpc_lockd_enable
1473.Pq Vt bool
1474If set to
1475.Dq Li YES
1476and also an NFS server, run
1477.Xr rpc.lockd 8
1478at boot time.
1479.It Va rpc_statd_enable
1480.Pq Vt bool
1481If set to
1482.Dq Li YES
1483and also an NFS server, run
1484.Xr rpc.statd 8
1485at boot time.
1486.It Va rpcbind_program
1487.Pq Vt str
1488Path to
1489.Xr rpcbind 8
1490(default
1491.Pa /usr/sbin/rpcbind ) .
1492.It Va rpcbind_enable
1493.Pq Vt bool
1494If set to
1495.Dq Li YES ,
1496run the
1497.Xr rpcbind 8
1498service at boot time.
1499.It Va rpcbind_flags
1500.Pq Vt str
1501If
1502.Va rpcbind_enable
1503is set to
1504.Dq Li YES ,
1505these are the flags to pass to the
1506.Xr rpcbind 8
1507daemon.
1508.It Va keyserv_enable
1509.Pq Vt bool
1510If set to
1511.Dq Li YES ,
1512run the
1513.Xr keyserv 8
1514daemon on boot for running Secure RPC.
1515.It Va keyserv_flags
1516.Pq Vt str
1517If
1518.Va keyserv_enable
1519is set to
1520.Dq Li YES ,
1521these are the flags to pass to
1522.Xr keyserv 8
1523daemon.
1524.It Va pppoed_enable
1525.Pq Vt bool
1526If set to
1527.Dq Li YES ,
1528run the
1529.Xr pppoed 8
1530daemon at boot time to provide PPP over Ethernet services.
1531.It Va pppoed_ Ns Ar provider
1532.Pq Vt str
1533.Xr pppoed 8
1534listens to requests to this
1535.Ar provider
1536and ultimately runs
1537.Xr ppp 8
1538with a
1539.Ar system
1540argument of the same name.
1541.It Va pppoed_flags
1542.Pq Vt str
1543Additional flags to pass to
1544.Xr pppoed 8 .
1545.It Va pppoed_interface
1546.Pq Vt str
1547The network interface to run
1548.Xr pppoed 8
1549on.
1550This is mandatory when
1551.Va pppoed_enable
1552is set to
1553.Dq Li YES .
1554.It Va timed_enable
1555.Pq Vt bool
1556If set to
1557.Dq Li YES ,
1558run the
1559.Xr timed 8
1560service at boot time.
1561This command is intended for networks of
1562machines where a consistent
1563.Dq "network time"
1564for all hosts must be established.
1565This is often useful in large NFS
1566environments where time stamps on files are expected to be consistent
1567network-wide.
1568.It Va timed_flags
1569.Pq Vt str
1570If
1571.Va timed_enable
1572is set to
1573.Dq Li YES ,
1574these are the flags to pass to the
1575.Xr timed 8
1576service.
1577.It Va ntpdate_enable
1578.Pq Vt bool
1579If set to
1580.Dq Li YES ,
1581run
1582.Xr ntpdate 8
1583at system startup.
1584This command is intended to
1585synchronize the system clock only
1586.Em once
1587from some standard reference.
1588An option to set this up initially
1589(from a list of known servers) is also provided by the
1590.Xr sysinstall 8
1591program when the system is first installed.
1592.It Va ntpdate_hosts
1593.Pq Vt str
1594A whitespace-separated list of NTP servers to synchronize with at startup.
1595The default is to use the servers listed in
1596.Pa /etc/ntp.conf ,
1597if that file exists.
1598.It Va ntpdate_program
1599.Pq Vt str
1600Path to
1601.Xr ntpdate 8
1602(default
1603.Pa /usr/sbin/ntpdate ) .
1604.It Va ntpdate_flags
1605.Pq Vt str
1606If
1607.Va ntpdate_enable
1608is set to
1609.Dq Li YES ,
1610these are the flags to pass to the
1611.Xr ntpdate 8
1612command (typically a hostname).
1613.It Va ntpd_enable
1614.Pq Vt bool
1615If set to
1616.Dq Li YES ,
1617run the
1618.Xr ntpd 8
1619command at boot time.
1620.It Va ntpd_program
1621.Pq Vt str
1622Path to
1623.Xr ntpd 8
1624(default
1625.Pa /usr/sbin/ntpd ) .
1626.It Va ntpd_flags
1627.Pq Vt str
1628If
1629.Va ntpd_enable
1630is set to
1631.Dq Li YES ,
1632these are the flags to pass to the
1633.Xr ntpd 8
1634daemon.
1635.It Va ntpd_sync_on_start
1636.Pq Vt bool
1637If set to
1638.Dq Li YES ,
1639.Xr ntpd 8
1640is run with the
1641.Op Fl g
1642flag, which syncs the system's clock on startup.
1643See
1644.Xr ntpd 8
1645for more information regarding the
1646.Op Fl g
1647option.
1648This is a preferred alternative to using
1649.Xr ntpdate 1
1650or specifying the
1651.Pa /etc/rc.conf
1652tunable
1653.Op Ar ntpdate_enable .
1654.It Va nis_client_enable
1655.Pq Vt bool
1656If set to
1657.Dq Li YES ,
1658run the
1659.Xr ypbind 8
1660service at system boot time.
1661.It Va nis_client_flags
1662.Pq Vt str
1663If
1664.Va nis_client_enable
1665is set to
1666.Dq Li YES ,
1667these are the flags to pass to the
1668.Xr ypbind 8
1669service.
1670.It Va nis_ypset_enable
1671.Pq Vt bool
1672If set to
1673.Dq Li YES ,
1674run the
1675.Xr ypset 8
1676daemon at system boot time.
1677.It Va nis_ypset_flags
1678.Pq Vt str
1679If
1680.Va nis_ypset_enable
1681is set to
1682.Dq Li YES ,
1683these are the flags to pass to the
1684.Xr ypset 8
1685daemon.
1686.It Va nis_server_enable
1687.Pq Vt bool
1688If set to
1689.Dq Li YES ,
1690run the
1691.Xr ypserv 8
1692daemon at system boot time.
1693.It Va nis_server_flags
1694.Pq Vt str
1695If
1696.Va nis_server_enable
1697is set to
1698.Dq Li YES ,
1699these are the flags to pass to the
1700.Xr ypserv 8
1701daemon.
1702.It Va nis_ypxfrd_enable
1703.Pq Vt bool
1704If set to
1705.Dq Li YES ,
1706run the
1707.Xr rpc.ypxfrd 8
1708daemon at system boot time.
1709.It Va nis_ypxfrd_flags
1710.Pq Vt str
1711If
1712.Va nis_ypxfrd_enable
1713is set to
1714.Dq Li YES ,
1715these are the flags to pass to the
1716.Xr rpc.ypxfrd 8
1717daemon.
1718.It Va nis_yppasswdd_enable
1719.Pq Vt bool
1720If set to
1721.Dq Li YES ,
1722run the
1723.Xr rpc.yppasswdd 8
1724daemon at system boot time.
1725.It Va nis_yppasswdd_flags
1726.Pq Vt str
1727If
1728.Va nis_yppasswdd_enable
1729is set to
1730.Dq Li YES ,
1731these are the flags to pass to the
1732.Xr rpc.yppasswdd 8
1733daemon.
1734.It Va rpc_ypupdated_enable
1735.Pq Vt bool
1736If set to
1737.Dq Li YES ,
1738run the
1739.Nm rpc.ypupdated
1740daemon at system boot time.
1741.It Va defaultrouter
1742.Pq Vt str
1743If not set to
1744.Dq Li NO ,
1745create a default route to this host name or IP address
1746(use an IP address if this router is also required to get to the
1747name server!).
1748.It Va ipv6_defaultrouter
1749.Pq Vt str
1750The IPv6 equivalent of
1751.Va defaultrouter .
1752.It Va static_routes
1753.Pq Vt str
1754Set to the list of static routes that are to be added at system
1755boot time.
1756If not set to
1757.Dq Li NO
1758then for each whitespace separated
1759.Ar element
1760in the value, a
1761.Va route_ Ns Aq Ar element
1762variable is assumed to exist
1763whose contents will later be passed to a
1764.Dq Nm route Cm add
1765operation.
1766For example:
1767.Bd -literal
1768static_routes="mcast gif0local"
1769route_mcast="-net 224.0.0.0/4 -iface gif0"
1770route_gif0local="-host 169.254.1.1 -iface lo0"
1771.Ed
1772.It Va ipv6_static_routes
1773.Pq Vt str
1774The IPv6 equivalent of
1775.Va static_routes .
1776If not set to
1777.Dq Li NO
1778then for each whitespace separated
1779.Ar element
1780in the value, a
1781.Va ipv6_route_ Ns Aq Ar element
1782variable is assumed to exist
1783whose contents will later be passed to a
1784.Dq Nm route Cm add Fl inet6
1785operation.
1786.It Va natm_static_routes
1787.Pq Vt str
1788The
1789.Xr natmip 4
1790equivalent of
1791.Va static_routes .
1792If not empty then for each whitespace separated
1793.Ar element
1794in the value, a
1795.Va route_ Ns Aq Ar element
1796variable is assumed to exist whose contents will later be passed to a
1797.Dq Nm atmconfig Cm natm Cm add
1798operation.
1799.It Va gateway_enable
1800.Pq Vt bool
1801If set to
1802.Dq Li YES ,
1803configure host to act as an IP router, e.g.\& to forward packets
1804between interfaces.
1805.It Va ipv6_gateway_enable
1806.Pq Vt bool
1807The IPv6 equivalent of
1808.Va gateway_enable .
1809.It Va router_enable
1810.Pq Vt bool
1811If set to
1812.Dq Li YES ,
1813run a routing daemon of some sort, based on the
1814settings of
1815.Va router
1816and
1817.Va router_flags .
1818.It Va ipv6_router_enable
1819.Pq Vt bool
1820The IPv6 equivalent of
1821.Va router_enable .
1822If set to
1823.Dq Li YES ,
1824run a routing daemon of some sort, based on the
1825settings of
1826.Va ipv6_router
1827and
1828.Va ipv6_router_flags .
1829.It Va router
1830.Pq Vt str
1831If
1832.Va router_enable
1833is set to
1834.Dq Li YES ,
1835this is the name of the routing daemon to use.
1836.It Va ipv6_router
1837.Pq Vt str
1838The IPv6 equivalent of
1839.Va router .
1840.It Va router_flags
1841.Pq Vt str
1842If
1843.Va router_enable
1844is set to
1845.Dq Li YES ,
1846these are the flags to pass to the routing daemon.
1847.It Va ipv6_router_flags
1848.Pq Vt str
1849The IPv6 equivalent of
1850.Va router_flags .
1851.It Va mrouted_enable
1852.Pq Vt bool
1853If set to
1854.Dq Li YES ,
1855run the multicast routing daemon,
1856.Xr mrouted 8 .
1857.It Va mroute6d_enable
1858.Pq Vt bool
1859The IPv6 equivalent of
1860.Va mrouted_enable .
1861If set to
1862.Dq Li YES ,
1863run the IPv6 multicast routing daemon.
1864Note that no IPv6 multicast routing daemon is included in the
1865.Fx
1866base system but
1867.Xr pim6dd 8
1868can be installed from the
1869.Fx
1870Ports Collection.
1871.It Va mrouted_flags
1872.Pq Vt str
1873If
1874.Va mrouted_enable
1875is set to
1876.Dq Li YES ,
1877these are the flags to pass to the
1878.Xr mrouted 8
1879daemon.
1880.It Va mroute6d_flags
1881.Pq Vt str
1882The IPv6 equivalent of
1883.Va mrouted_flags .
1884If
1885.Va mroute6d_enable
1886is set to
1887.Dq Li YES ,
1888these are the flags passed to the IPv6 multicast routing daemon.
1889.It Va mroute6d_program
1890.Pq Vt str
1891If
1892.Va mroute6d_enable
1893is set to
1894.Dq Li YES ,
1895this is the path to the IPv6 multicast routing daemon.
1896.It Va rtadvd_enable
1897.Pq Vt bool
1898If set to
1899.Dq Li YES ,
1900run the
1901.Xr rtadvd 8
1902daemon at boot time.
1903.Xr rtadvd 8
1904will only run if
1905.Va ipv6_gateway_enable
1906is also set to
1907.Dq Li YES .
1908The
1909.Xr rtadvd 8
1910utility sends router advertisement packets to the interfaces specified in
1911.Va rtadvd_interfaces
1912and should only be enabled with great care.
1913You may want to fine-tune
1914.Xr rtadvd.conf 5 .
1915.It Va rtadvd_interfaces
1916.Pq Vt str
1917If
1918.Va rtadvd_enable
1919is set to
1920.Dq Li YES
1921this is the list of interfaces to use.
1922.It Va ipxgateway_enable
1923.Pq Vt bool
1924If set to
1925.Dq Li YES ,
1926enable the routing of IPX traffic.
1927.It Va ipxrouted_enable
1928.Pq Vt bool
1929If set to
1930.Dq Li YES ,
1931run the
1932.Xr IPXrouted 8
1933daemon at system boot time.
1934.It Va ipxrouted_flags
1935.Pq Vt str
1936If
1937.Va ipxrouted_enable
1938is set to
1939.Dq Li YES ,
1940these are the flags to pass to the
1941.Xr IPXrouted 8
1942daemon.
1943.It Va arpproxy_all
1944.Pq Vt bool
1945If set to
1946.Dq Li YES ,
1947enable global proxy ARP.
1948.It Va forward_sourceroute
1949.Pq Vt bool
1950If set to
1951.Dq Li YES
1952and
1953.Va gateway_enable
1954is also set to
1955.Dq Li YES ,
1956source-routed packets are forwarded.
1957.It Va accept_sourceroute
1958.Pq Vt bool
1959If set to
1960.Dq Li YES ,
1961the system will accept source-routed packets directed at it.
1962.It Va rarpd_enable
1963.Pq Vt bool
1964If set to
1965.Dq Li YES ,
1966run the
1967.Xr rarpd 8
1968daemon at system boot time.
1969.It Va rarpd_flags
1970.Pq Vt str
1971If
1972.Va rarpd_enable
1973is set to
1974.Dq Li YES ,
1975these are the flags to pass to the
1976.Xr rarpd 8
1977daemon.
1978.It Va bootparamd_enable
1979.Pq Vt bool
1980If set to
1981.Dq Li YES ,
1982run the
1983.Xr bootparamd 8
1984daemon at system boot time.
1985.It Va bootparamd_flags
1986.Pq Vt str
1987If
1988.Va bootparamd_enable
1989is set to
1990.Dq Li YES ,
1991these are the flags to pass to the
1992.Xr bootparamd 8
1993daemon.
1994.It Va stf_interface_ipv4addr
1995.Pq Vt str
1996If not set to
1997.Dq Li NO ,
1998this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
1999interface).
2000Specify this entry to enable the 6to4 interface.
2001.It Va stf_interface_ipv4plen
2002.Pq Vt int
2003Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2004An effective value is 0-31.
2005.It Va stf_interface_ipv6_ifid
2006.Pq Vt str
2007IPv6 interface ID for
2008.Xr stf 4 .
2009This can be set to
2010.Dq Li AUTO .
2011.It Va stf_interface_ipv6_slaid
2012.Pq Vt str
2013IPv6 Site Level Aggregator for
2014.Xr stf 4 .
2015.It Va ipv6_faith_prefix
2016.Pq Vt str
2017If not set to
2018.Dq Li NO ,
2019this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2020translator.
2021You also need
2022.Xr faithd 8
2023setup.
2024.It Va ipv6_ipv4mapping
2025.Pq Vt bool
2026If set to
2027.Dq Li YES
2028this enables IPv4 mapped IPv6 address communication (like
2029.Li ::ffff:a.b.c.d ) .
2030.It Va atm_enable
2031.Pq Vt bool
2032Set to
2033.Dq Li YES
2034to enable the configuration of ATM interfaces at system boot time.
2035For all of the ATM variables described below, please refer to the
2036.Xr atm 8
2037man page for further details on the available command parameters.
2038Also refer to the files in
2039.Pa /usr/share/examples/atm
2040for more detailed configuration information.
2041.It Va atm_load
2042.Pq Vt str
2043This is a list of physical ATM interface drivers to load.
2044Typical values are
2045.Dq Li hfa_pci
2046and/or
2047.Dq Li hea_pci .
2048.It Va atm_netif_ Ns Aq Ar intf
2049.Pq Vt str
2050For the ATM physical interface
2051.Ar intf ,
2052this variable defines the name prefix and count for the ATM network
2053interfaces to be created.
2054The value will be passed as the parameters of an
2055.Dq Nm atm Cm "set netif" Ar intf
2056command.
2057.It Va atm_sigmgr_ Ns Aq Ar intf
2058.Pq Vt str
2059For the ATM physical interface
2060.Ar intf ,
2061this variable defines the ATM signalling manager to be used.
2062The value will be passed as the parameters of an
2063.Dq Nm atm Cm attach Ar intf
2064command.
2065.It Va atm_prefix_ Ns Aq Ar intf
2066.Pq Vt str
2067For the ATM physical interface
2068.Ar intf ,
2069this variable defines the NSAP prefix for interfaces using a UNI signalling
2070manager.
2071If set to
2072.Dq Li ILMI ,
2073the prefix will automatically be set via the
2074.Xr ilmid 8
2075daemon.
2076Otherwise, the value will be passed as the parameters of an
2077.Dq Nm atm Cm "set prefix" Ar intf
2078command.
2079.It Va atm_macaddr_ Ns Aq Ar intf
2080.Pq Vt str
2081For the ATM physical interface
2082.Ar intf ,
2083this variable defines the MAC address for interfaces using a UNI signalling
2084manager.
2085If set to
2086.Dq Li NO ,
2087the hardware MAC address contained in the ATM interface card will be used.
2088Otherwise, the value will be passed as the parameters of an
2089.Dq Nm atm Cm "set mac" Ar intf
2090command.
2091.It Va atm_arpserver_ Ns Aq Ar netif
2092.Pq Vt str
2093For the ATM network interface
2094.Ar netif ,
2095this variable defines the ATM address for a host which is to provide ATMARP
2096service.
2097This variable is only applicable to interfaces using a UNI signalling
2098manager.
2099If set to
2100.Dq Li local ,
2101this host will become an ATMARP server.
2102The value will be passed as the parameters of an
2103.Dq Nm atm Cm "set arpserver" Ar netif
2104command.
2105.It Va atm_scsparp_ Ns Aq Ar netif
2106.Pq Vt bool
2107If set to
2108.Dq Li YES ,
2109SCSP/ATMARP service for the network interface
2110.Ar netif
2111will be initiated using the
2112.Xr scspd 8
2113and
2114.Xr atmarpd 8
2115daemons.
2116This variable is only applicable if
2117.Va atm_arpserver_ Ns Aq Ar netif
2118is set to
2119.Dq Li local .
2120.It Va atm_pvcs
2121.Pq Vt str
2122Set to the list of ATM PVCs to be added at system
2123boot time.
2124For each whitespace separated
2125.Ar element
2126in the value, an
2127.Va atm_pvc_ Ns Aq Ar element
2128variable is assumed to exist.
2129The value of each of these variables
2130will be passed as the parameters of an
2131.Dq Nm atm Cm "add pvc"
2132command.
2133.It Va atm_arps
2134.Pq Vt str
2135Set to the list of permanent ATM ARP entries to be added
2136at system boot time.
2137For each whitespace separated
2138.Ar element
2139in the value, an
2140.Va atm_arp_ Ns Aq Ar element
2141variable is assumed to exist.
2142The value of each of these variables
2143will be passed as the parameters of an
2144.Dq Nm atm Cm "add arp"
2145command.
2146.It Va natm_interfaces
2147.Pq Vt str
2148Set to the list of
2149.Xr natm 4
2150interfaces that will also be used for HARP through
2151.Xr harp 4 .
2152If this list is not empty all interfaces in the list will be brought up
2153with
2154.Xr ifconfig 8
2155and
2156.Xr harp 4
2157will be loaded.
2158For this to work the interface drivers must be either compiled into the
2159kernel or must reside on the root partition.
2160.It Va keybell
2161.Pq Vt str
2162The keyboard bell sound.
2163Set to
2164.Dq Li normal ,
2165.Dq Li visual ,
2166.Dq Li off ,
2167or
2168.Dq Li NO
2169if the default behavior is desired.
2170For details, refer to the
2171.Xr kbdcontrol 1
2172manpage.
2173.It Va keyboard
2174.Pq Vt str
2175If set to a non-null string, the virtual console's keyboard input is
2176set to this device.
2177.It Va keymap
2178.Pq Vt str
2179If set to
2180.Dq Li NO ,
2181no keymap is installed, otherwise the value is used to install
2182the keymap file in
2183.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2184.It Va keyrate
2185.Pq Vt str
2186The keyboard repeat speed.
2187Set to
2188.Dq Li slow ,
2189.Dq Li normal ,
2190.Dq Li fast ,
2191or
2192.Dq Li NO
2193if the default behavior is desired.
2194.It Va keychange
2195.Pq Vt str
2196If not set to
2197.Dq Li NO ,
2198attempt to program the function keys with the value.
2199The value should
2200be a single string of the form:
2201.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2202.It Va cursor
2203.Pq Vt str
2204Can be set to the value of
2205.Dq Li normal ,
2206.Dq Li blink ,
2207.Dq Li destructive ,
2208or
2209.Dq Li NO
2210to set the cursor behavior explicitly or choose the default behavior.
2211.It Va scrnmap
2212.Pq Vt str
2213If set to
2214.Dq Li NO ,
2215no screen map is installed, otherwise the value is used to install
2216the screen map file in
2217.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2218.It Va font8x16
2219.Pq Vt str
2220If set to
2221.Dq Li NO ,
2222the default 8x16 font value is used for screen size requests, otherwise
2223the value in
2224.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2225is used.
2226.It Va font8x14
2227.Pq Vt str
2228If set to
2229.Dq Li NO ,
2230the default 8x14 font value is used for screen size requests, otherwise
2231the value in
2232.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2233is used.
2234.It Va font8x8
2235.Pq Vt str
2236If set to
2237.Dq Li NO ,
2238the default 8x8 font value is used for screen size requests, otherwise
2239the value in
2240.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2241is used.
2242.It Va blanktime
2243.Pq Vt int
2244If set to
2245.Dq Li NO ,
2246the default screen blanking interval is used, otherwise it is set
2247to
2248.Ar value
2249seconds.
2250.It Va saver
2251.Pq Vt str
2252If not set to
2253.Dq Li NO ,
2254this is the actual screen saver to use
2255.Li ( blank , snake , daemon ,
2256etc).
2257.It Va moused_nondefault_enable
2258.Pq Vt str
2259If set to
2260.Dq Li NO
2261the mouse device specified on
2262the command line is not automatically treated as enabled by the
2263.Pa /etc/rc.d/moused
2264script.
2265Having this variable set to
2266.Dq Li YES
2267allows a
2268.Xr usb 4
2269mouse,
2270for example,
2271to be enabled as soon as it is plugged in.
2272.It Va moused_enable
2273.Pq Vt str
2274If set to
2275.Dq Li YES ,
2276the
2277.Xr moused 8
2278daemon is started for doing cut/paste selection on the console.
2279.It Va moused_type
2280.Pq Vt str
2281This is the protocol type of the mouse connected to this host.
2282This variable must be set if
2283.Va moused_enable
2284is set to
2285.Dq Li YES .
2286The
2287.Xr moused 8
2288daemon
2289is able to detect the appropriate mouse type automatically in many cases.
2290Set this variable to
2291.Dq Li auto
2292to let the daemon detect it, or
2293select one from the following list if the automatic detection fails.
2294.Pp
2295If the mouse is attached to the PS/2 mouse port, choose
2296.Dq Li auto
2297or
2298.Dq Li ps/2 ,
2299regardless of the brand and model of the mouse.
2300Likewise, if the
2301mouse is attached to the bus mouse port, choose
2302.Dq Li auto
2303or
2304.Dq Li busmouse .
2305All other protocols are for serial mice and will not work with
2306the PS/2 and bus mice.
2307If this is a USB mouse,
2308.Dq Li auto
2309is the only protocol type which will work.
2310.Pp
2311.Bl -tag -width ".Li x10mouseremote" -compact
2312.It Li microsoft
2313Microsoft mouse (serial)
2314.It Li intellimouse
2315Microsoft IntelliMouse (serial)
2316.It Li mousesystems
2317Mouse systems Corp.\& mouse (serial)
2318.It Li mmseries
2319MM Series mouse (serial)
2320.It Li logitech
2321Logitech mouse (serial)
2322.It Li busmouse
2323A bus mouse
2324.It Li mouseman
2325Logitech MouseMan and TrackMan (serial)
2326.It Li glidepoint
2327ALPS GlidePoint (serial)
2328.It Li thinkingmouse
2329Kensington ThinkingMouse (serial)
2330.It Li ps/2
2331PS/2 mouse
2332.It Li mmhittab
2333MM HitTablet (serial)
2334.It Li x10mouseremote
2335X10 MouseRemote (serial)
2336.It Li versapad
2337Interlink VersaPad (serial)
2338.El
2339.Pp
2340Even if the mouse is not in the above list, it may be compatible
2341with one in the list.
2342Refer to the man page for
2343.Xr moused 8
2344for compatibility information.
2345.Pp
2346It should also be noted that while this is enabled, any
2347other client of the mouse (such as an X server) should access
2348the mouse through the virtual mouse device,
2349.Pa /dev/sysmouse ,
2350and configure it as a
2351.Dq Li sysmouse
2352type mouse, since all
2353mouse data is converted to this single canonical format when
2354using
2355.Xr moused 8 .
2356If the client program does not support the
2357.Dq Li sysmouse
2358type,
2359specify the
2360.Dq Li mousesystems
2361type.
2362It is the second preferred type.
2363.It Va moused_port
2364.Pq Vt str
2365If
2366.Va moused_enable
2367is set to
2368.Dq Li YES ,
2369this is the actual port the mouse is on.
2370It might be
2371.Pa /dev/cuaa0
2372for a COM1 serial mouse,
2373.Pa /dev/psm0
2374for a PS/2 mouse or
2375.Pa /dev/mse0
2376for a bus mouse, for example.
2377.It Va moused_flags
2378.Pq Vt str
2379If
2380.Va moused_type
2381is set, these are the additional flags to pass to the
2382.Xr moused 8
2383daemon.
2384.It Va mousechar_start
2385.Pq Vt int
2386If set to
2387.Dq Li NO ,
2388the default mouse cursor character range
2389.Li 0xd0 Ns - Ns Li 0xd3
2390is used,
2391otherwise the range start is set
2392to
2393.Ar value
2394character, see
2395.Xr vidcontrol 1 .
2396Use if the default range is occupied in the language code table.
2397.It Va allscreens_flags
2398.Pq Vt str
2399If set,
2400.Xr vidcontrol 1
2401is run with these options for each of the virtual terminals
2402.Pq Pa /dev/ttyv* .
2403For example,
2404.Dq Fl m Cm on
2405will enable the mouse pointer on all virtual terminals
2406if
2407.Va moused_enable
2408is set to
2409.Dq Li YES .
2410.It Va allscreens_kbdflags
2411.Pq Vt str
2412If set,
2413.Xr kbdcontrol 1
2414is run with these options for each of the virtual terminals
2415.Pq Pa /dev/ttyv* .
2416For example,
2417.Dq Fl h Li 200
2418will set the
2419.Xr syscons 4
2420scrollback (history) buffer to 200 lines.
2421.It Va cron_enable
2422.Pq Vt bool
2423If set to
2424.Dq Li YES ,
2425run the
2426.Xr cron 8
2427daemon at system boot time.
2428.It Va cron_program
2429.Pq Vt str
2430Path to
2431.Xr cron 8
2432(default
2433.Pa /usr/sbin/cron ) .
2434.It Va cron_flags
2435.Pq Vt str
2436If
2437.Va cron_enable
2438is set to
2439.Dq Li YES ,
2440these are the flags to pass to
2441.Xr cron 8 .
2442.It Va cron_dst
2443.Pq Vt bool
2444If set to
2445.Dq Li YES ,
2446enable the special handling of transitions to and from the
2447Daylight Saving Time in
2448.Xr cron 8
2449(equivalent to using the flag
2450.Fl s ) .
2451.It Va lpd_program
2452.Pq Vt str
2453Path to
2454.Xr lpd 8
2455(default
2456.Pa /usr/sbin/lpd ) .
2457.It Va lpd_enable
2458.Pq Vt bool
2459If set to
2460.Dq Li YES ,
2461run the
2462.Xr lpd 8
2463daemon at system boot time.
2464.It Va lpd_flags
2465.Pq Vt str
2466If
2467.Va lpd_enable
2468is set to
2469.Dq Li YES ,
2470these are the flags to pass to the
2471.Xr lpd 8
2472daemon.
2473.It Va mta_start_script
2474.Pq Vt str
2475This variable specifies the full path to the script to run to start
2476a mail transfer agent.
2477The default is
2478.Pa /etc/rc.sendmail .
2479The
2480.Va sendmail_*
2481variables which
2482.Pa /etc/rc.sendmail
2483uses are documented in the
2484.Xr rc.sendmail 8
2485man page.
2486.It Va dumpdev
2487.Pq Vt str
2488Indicates the device (usually a swap partition) to which a crash dump
2489should be written in the event of a system crash.
2490If the value of this variable is
2491.Dq Li AUTO ,
2492the first suitable swap device listed in
2493.Pa /etc/fstab
2494will be used as dump device.
2495Otherwise, the value of this variable is passed as the argument to
2496.Xr dumpon 8 .
2497To disable crash dumps, set this variable to
2498.Dq Li NO .
2499.It Va dumpdir
2500.Pq Vt str
2501When the system reboots after a crash and a crash dump is found on the
2502device specified by the
2503.Va dumpdev
2504variable,
2505.Xr savecore 8
2506will save that crash dump and a copy of the kernel to the directory
2507specified by the
2508.Va dumpdir
2509variable.
2510The default value is
2511.Pa /var/crash .
2512Set to
2513.Dq Li NO
2514to not run
2515.Xr savecore 8
2516at boot time when
2517.Va dumpdir
2518is set.
2519.It Va savecore_flags
2520.Pq Vt str
2521If crash dumps are enabled, these are the flags to pass to the
2522.Xr savecore 8
2523utility.
2524.It Va enable_quotas
2525.Pq Vt bool
2526Set to
2527.Dq Li YES
2528to turn on user disk quotas on system startup via the
2529.Xr quotaon 8
2530command.
2531.It Va check_quotas
2532.Pq Vt bool
2533Set to
2534.Dq Li YES
2535to enable user disk quota checking via the
2536.Xr quotacheck 8
2537command.
2538.It Va accounting_enable
2539.Pq Vt bool
2540Set to
2541.Dq Li YES
2542to enable system accounting through the
2543.Xr accton 8
2544facility.
2545.It Va ibcs2_enable
2546.Pq Vt bool
2547Set to
2548.Dq Li YES
2549to enable iBCS2 (SCO) binary emulation at system initial boot
2550time.
2551.It Va ibcs2_loaders
2552.Pq Vt str
2553If not set to
2554.Dq Li NO
2555and if
2556.Va ibcs2_enable
2557is set to
2558.Dq Li YES ,
2559this specifies a list of additional iBCS2 loaders to enable.
2560.It Va linux_enable
2561.Pq Vt bool
2562Set to
2563.Dq Li YES
2564to enable Linux/ELF binary emulation at system initial
2565boot time.
2566.It Va osf1_enable
2567.Pq Vt bool
2568Set to
2569.Dq Li YES
2570to enable OSF/1 (Digital UNIX) binary emulation at system
2571initial boot time.
2572(alpha)
2573.It Va svr4_enable
2574.Pq Vt bool
2575If set to
2576.Dq Li YES ,
2577enable SysVR4 emulation at boot time.
2578.It Va sysvipc_enable
2579.Pq Vt bool
2580If set to
2581.Dq Li YES ,
2582load System V IPC primitives at boot time.
2583.It Va clear_tmp_enable
2584.Pq Vt bool
2585Set to
2586.Dq Li YES
2587to have
2588.Pa /tmp
2589cleaned at startup.
2590.It Va ldconfig_paths
2591.Pq Vt str
2592Set to the list of shared library paths to use with
2593.Xr ldconfig 8 .
2594NOTE:
2595.Pa /usr/lib
2596will always be added first, so it need not appear in this list.
2597.It Va ldconfig_paths_aout
2598.Pq Vt str
2599Set to the list of shared library paths to use with
2600.Xr ldconfig 8
2601legacy
2602.Xr a.out 5
2603support.
2604.It Va ldconfig_insecure
2605.Pq Vt bool
2606The
2607.Xr ldconfig 8
2608utility normally refuses to use directories
2609which are writable by anyone except root.
2610Set this variable to
2611.Dq Li YES
2612to disable that security check during system startup.
2613.It Va kern_securelevel_enable
2614.Pq Vt bool
2615Set to
2616.Dq Li YES
2617to set the kernel security level at system startup.
2618.It Va kern_securelevel
2619.Pq Vt int
2620The kernel security level to set at startup.
2621The allowed range of
2622.Ar value
2623ranges from \-1 (the compile time default) to 3 (the
2624most secure).
2625See
2626.Xr init 8
2627for the list of possible security levels and their effect
2628on system operation.
2629.It Va lomac_enable
2630.Pq Vt bool
2631Set to
2632.Dq Li YES
2633to enable Low Watermark Mandatory Access Control (LOMAC) at boot time.
2634This security model enforces integrity constraints for system processes;
2635see
2636.Xr lomac 4
2637for a complete description of the LOMAC model, as well as its impact
2638on system operation.
2639.It Va sshd_program
2640.Pq Vt str
2641Path to the SSH server program
2642.Pa ( /usr/sbin/sshd
2643is the default).
2644.It Va sshd_enable
2645.Pq Vt bool
2646Set to
2647.Dq Li YES
2648to start
2649.Xr sshd 8
2650at system boot time.
2651.It Va sshd_flags
2652.Pq Vt str
2653If
2654.Va sshd_enable
2655is set to
2656.Dq Li YES ,
2657these are the flags to pass to the
2658.Xr sshd 8
2659daemon.
2660.It Va usbd_enable
2661.Pq Vt bool
2662If set to
2663.Dq Li YES ,
2664run the
2665.Xr usbd 8
2666daemon at boot time.
2667.It Va usbd_flags
2668.Pq Vt str
2669If
2670.Va usbd_enable
2671is set to
2672.Dq Li YES ,
2673these are the flags passed to the
2674.Xr usbd 8
2675daemon.
2676.It Va watchdogd_enable
2677.Pq Vt bool
2678If set to
2679.Dq Li YES ,
2680start the
2681.Xr watchdogd 8
2682daemon at boot time.
2683This requires that the kernel have been compiled with a
2684.Xr watchdog 4
2685compatible device.
2686.It Va watchdogd_flags
2687.Pq Vt str
2688If
2689.Va watchdogd_enable
2690is set to
2691.Dq Li YES ,
2692these are the flags passed to the
2693.Xr watchdogd 8
2694daemon.
2695.It Va jail_enable
2696.Pq Vt bool
2697If set to
2698.Dq Li NO ,
2699any configured jails will not be started.
2700.It Va jail_list
2701.Pq Vt str
2702A space separated list of names for jails.
2703This is purely a configuration aid to help identify and
2704configure multiple jails.
2705The names specified in this list will be used to
2706identify settings common to an instance of a jail.
2707Assuming that the jail in question was named
2708.Li vjail ,
2709you would have the following dependant variables:
2710.Bd -literal
2711jail_vjail_hostname="jail.example.com"
2712jail_vjail_ip="192.168.1.100"
2713jail_vjail_rootdir="/var/jails/vjail/root"
2714jail_vjail_exec="/bin/sh /etc/rc"
2715.Ed
2716.Pp
2717The last one is optional.
2718It defaults to
2719.Pa /etc/rc
2720if it is not set.
2721.It Va jail_set_hostname_allow
2722.Pq Vt bool
2723If set to
2724.Dq Li NO ,
2725do not allow the root user in a jail to set its hostname.
2726.It Va jail_socket_unixiproute_only
2727.Pq Vt bool
2728If set to
2729.Dq Li NO ,
2730do not allow any protocol,
2731besides TCP/IP,
2732to be used within a jail.
2733.It Va jail_sysvipc_allow
2734.Pq Vt bool
2735If set to
2736.Dq Li YES ,
2737allow applications within a jail to use System V IPC.
2738.It Va unaligned_print
2739.Pq Vt bool
2740If set to
2741.Dq Li NO ,
2742unaligned access warnings will not be printed.
2743(alpha)
2744.\" ----- isdn settings ---------------------------------
2745.It Va isdn_enable
2746.Pq Vt bool
2747Set to
2748.Dq Li NO
2749by default.
2750When set to
2751.Dq Li YES ,
2752starts the
2753.Xr isdnd 8
2754daemon
2755at system boot time.
2756.It Va isdn_flags
2757.Pq Vt str
2758Set to
2759.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2760by default.
2761Additional flags to pass to
2762.Xr isdnd 8
2763(but see
2764.Va isdn_fsdev
2765and
2766.Va isdn_ttype
2767for certain tunable parameters).
2768.It Va isdn_ttype
2769.Pq Vt str
2770Set to
2771.Dq Li cons25
2772by default.
2773The terminal type of the output device when
2774.Xr isdnd 8
2775operates in full-screen mode.
2776.It Va isdn_screenflags
2777.Pq Vt str
2778Set to
2779.Dq Li NO
2780by default.
2781The video mode for full-screen mode (only for
2782.Xr syscons 4
2783console driver, see
2784.Xr vidcontrol 1
2785for valid modes).
2786.It Va isdn_fsdev
2787.Pq Vt str
2788Set to
2789.Dq Li NO
2790by default.
2791The output device for
2792.Xr isdnd 8
2793in full-screen mode (or
2794.Dq Li NO
2795for daemon mode).
2796.It Va isdn_trace
2797.Pq Vt bool
2798Set to
2799.Dq Li NO
2800by default.
2801When set to
2802.Dq Li YES ,
2803enables the ISDN protocol trace utility
2804.Xr isdntrace 8
2805at system boot time.
2806.It Va isdn_traceflags
2807.Pq Vt str
2808Set to
2809.Dq Fl f Pa /var/tmp/isdntrace0
2810by default.
2811Flags for
2812.Xr isdntrace 8 .
2813.\" -----------------------------------------------------
2814.It Va pcvt_verbose
2815.Pq Vt bool
2816Set to
2817.Dq Li NO
2818by default.
2819When set to
2820.Dq Li YES ,
2821verbose messages about the actions done by the start script are displayed.
2822.Em Note :
2823the
2824.Xr pcvt 4
2825driver must be compiled into the kernel before the
2826.Xr pcvt 4
2827related
2828options described here take any effect.
2829.It Va pcvt_keymap
2830.Pq Vt str
2831Set to
2832.Dq Li NO
2833by default.
2834Use this to configure a national keyboard mapping found in the
2835.Pa /usr/share/misc/keycap.pcvt
2836file of keyboard mappings.
2837(See also the manual pages
2838.Xr keycap 5
2839and
2840.Xr keycap 3
2841for usage of
2842.Xr pcvt 4 Ns 's
2843keycap database and the manual page
2844.Xr kcon 1
2845option
2846.Fl m
2847for national keyboard mapping configuration.)
2848.It Va pcvt_keydel
2849.Pq Vt int
2850Set to
2851.Dq Li NO
2852by default.
2853Used to set the keyboard key repeat delay value.
2854Valid values are
2855in the range 0..3 for delay values of 250, 500, 750 and 1000 msec.
2856(See also the
2857.Xr kcon 1
2858manual page.)
2859.It Va pcvt_keyrate
2860.Pq Vt int
2861Set to
2862.Dq Li NO
2863by default.
2864Used to set the keyboard key repetition rate value.
2865Valid values are
2866in the range 0..31 for repetition values of 2..30 characters per second.
2867.It Va pcvt_keyrepeat
2868.Pq Vt bool
2869Set to
2870.Dq Li NO
2871by default.
2872Set to
2873.Dq Li YES
2874to enable automatic keyboard key repeating.
2875.It Va pcvt_force24
2876.Pq Vt bool
2877Set to
2878.Dq Li NO
2879by default.
2880Set to
2881.Dq Li YES
2882to force
2883.Xr pcvt 4
2884to use 24 lines only (in 25 lines mode) for compatibility
2885with the original
2886.Tn VT220
2887terminal.
2888.It Va pcvt_hpext
2889.Pq Vt bool
2890Set to
2891.Dq Li NO
2892by default.
2893Set to
2894.Dq Li YES
2895to enable the display and functionality of function key labels (as found
2896on
2897.Tn Hewlett-Packard
2898terminals such as the
2899.Tn HP2392A
2900and the
2901.Tn HP700/92
2902in
2903.Tn ANSI
2904mode).
2905.It Va pcvt_lines
2906.Pq Vt int
2907Set to
2908.Dq Li NO
2909by default resulting in a value of 25.
2910Used to set the number of lines on the screen.
2911For VGA displays, valid
2912values are 25, 28, 40 and 50 lines.
2913(See also the
2914.Xr scon 1
2915manual page.)
2916.It Va pcvt_blanktime
2917.Pq Vt int
2918Set to
2919.Dq Li NO
2920by default.
2921Used to set the screen saver timeout in seconds for values greater than
2922zero.
2923.It Va pcvt_cursorh
2924.Pq Vt int
2925Set to
2926.Dq Li NO
2927by default.
2928Used to set the cursor top scanline.
2929(See also the
2930.Xr cursor 1
2931manual page.)
2932.It Va pcvt_cursorl
2933.Pq Vt int
2934Set to
2935.Dq Li NO
2936by default.
2937Used to set the cursor bottom scanline.
2938.It Va pcvt_monohigh
2939.Pq Vt bool
2940Set to
2941.Dq Li NO
2942by default.
2943Set to
2944.Dq Li YES
2945to set intensity to high on monochrome monitors.
2946(See also the
2947.Xr scon 1
2948manual page, option
2949.Fl p ,
2950for more information on changing VGA palette
2951values.)
2952.It Va harvest_interrupt
2953.Pq Vt bool
2954Set to
2955.Dq Li YES
2956to use hardware interrupts as an entropy source.
2957Refer to
2958.Xr random 4
2959for more information.
2960.It Va harvest_ethernet
2961.Pq Vt bool
2962Set to
2963.Dq Li YES
2964to use LAN traffic as an entropy source.
2965Refer to
2966.Xr random 4
2967for more information.
2968.It Va harvest_p_to_p
2969.Pq Vt bool
2970Set to
2971.Dq Li YES
2972to use serial line traffic as an entropy source.
2973Refer to
2974.Xr random 4
2975for more information.
2976.It Va entropy_dir
2977.Pq Vt str
2978Set to
2979.Dq Li NO
2980to disable caching entropy via
2981.Xr cron 8 .
2982Otherwise set to the directory used to store entropy files in.
2983.It Va entropy_file
2984.Pq Vt str
2985Set to
2986.Dq Li NO
2987to disable caching entropy through reboots.
2988Otherwise set to the filename used to store cached entropy through
2989reboots.
2990This file should be located on the root file system to seed the
2991.Xr random 4
2992device as early as possible in the boot process.
2993.It Va entropy_save_sz
2994.Pq Vt int
2995Size of the entropy cache files saved by
2996.Nm save-entropy
2997periodically.
2998.It Va entropy_save_num
2999.Pq Vt int
3000Number of entropy cache files to save by
3001.Nm save-entropy
3002periodically.
3003.It Va ipsec_enable
3004.Pq Vt bool
3005Set to
3006.Dq Li YES
3007to run
3008.Xr setkey 8
3009on
3010.Va ipsec_file
3011at boot time.
3012.It Va ipsec_file
3013.Pq Vt str
3014Configuration file for
3015.Xr setkey 8 .
3016.It Va dmesg_enable
3017.Pq Vt bool
3018Set to
3019.Dq Li YES
3020to save
3021.Xr dmesg 8
3022to
3023.Pa /var/run/dmesg.boot
3024on boot.
3025.It Va rcshutdown_timeout
3026.Pq Vt int
3027If set, start a watchdog timer in the background which will terminate
3028.Pa rc.shutdown
3029if
3030.Xr shutdown 8
3031has not completed within the specified time (in seconds).
3032.It Va virecover_enable
3033.Pq Vt bool
3034Set to
3035.Dq Li NO
3036to prevent the system from trying to
3037recover pre-maturely terminated
3038.Xr vi 1
3039sessions.
3040.It Va ugidfw_enable
3041.Dq Li NO
3042Load the
3043.Xr mac_bsdextended 4
3044module upon system initialization and load a default
3045ruleset file.
3046.It Va bsdextended_script
3047.Dq Pa /etc/rc.bsdextended
3048The default
3049.Xr mac_bsdextended 4
3050ruleset file to load.
3051.It Va ramdisk_units
3052.Pq Vt str
3053A list of one or more ramdisk units to configure with
3054.Xr mdconfig 8
3055and
3056.Xr newfs 8
3057in time to be mounted from
3058.Xr fstab 5 .
3059Each listed unit
3060.Ar X
3061must specify at least a
3062.Ar type
3063in a
3064.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3065variable.
3066.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3067.Pq Vt str
3068Arguments to
3069.Xr mdconfig 8
3070for ramdisk
3071.Ar X .
3072At minimum a
3073.Fl t Ar type
3074must be specified, where
3075.Ar type
3076must be one of
3077.Cm malloc
3078or
3079.Cm swap .
3080.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs
3081.Pq Vt str
3082Optional arguments passed to
3083.Xr newfs 8
3084to initialize ramdisk
3085.Ar X .
3086.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner
3087.Pq Vt str
3088An ownership specification passed to
3089.Xr chown 8
3090after the specified ramdisk unit
3091.Ar X
3092has been mounted.
3093Both the
3094.Xr md 4
3095device and the mount point will be changed.
3096.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms
3097.Pq Vt str
3098A mode string passed to
3099.Xr chmod 1
3100after the specified ramdisk unit
3101.Ar X
3102has been mounted.
3103Both the
3104.Xr md 4
3105device and the mount point will be changed.
3106.El
3107.Sh FILES
3108.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
3109.It Pa /etc/defaults/rc.conf
3110.It Pa /etc/rc.conf
3111.It Pa /etc/rc.conf.local
3112.El
3113.Sh SEE ALSO
3114.Xr catman 1 ,
3115.Xr chmod 1 ,
3116.Xr gdb 1 ,
3117.Xr info 1 ,
3118.Xr kbdcontrol 1 ,
3119.Xr makewhatis 1 ,
3120.Xr vi 1 ,
3121.Xr vidcontrol 1 ,
3122.Xr ip 4 ,
3123.Xr kld 4 ,
3124.Xr tcp 4 ,
3125.Xr udp 4 ,
3126.Xr exports 5 ,
3127.Xr motd 5 ,
3128.Xr newsyslog.conf 5 ,
3129.Xr accton 8 ,
3130.Xr amd 8 ,
3131.Xr apm 8 ,
3132.Xr atm 8 ,
3133.Xr chown 8 ,
3134.Xr cron 8 ,
3135.Xr dhclient 8 ,
3136.Xr ifconfig 8 ,
3137.Xr inetd 8 ,
3138.Xr isdnd 8 ,
3139.Xr isdntrace 8 ,
3140.Xr kldxref 8 ,
3141.Xr lpd 8 ,
3142.Xr mdconfig 8 ,
3143.Xr mdmfs 8 ,
3144.Xr mountd 8 ,
3145.Xr moused 8 ,
3146.Xr mrouted 8 ,
3147.Xr named 8 ,
3148.Xr newfs 8 ,
3149.Xr nfsd 8 ,
3150.Xr ntpd 8 ,
3151.Xr ntpdate 8 ,
3152.Xr pcnfsd 8 ,
3153.Xr quotacheck 8 ,
3154.Xr quotaon 8 ,
3155.Xr rc 8 ,
3156.Xr rc.sendmail 8 ,
3157.Xr route 8 ,
3158.Xr routed 8 ,
3159.Xr rpcbind 8 ,
3160.Xr rpc.lockd 8 ,
3161.Xr rpc.statd 8 ,
3162.Xr rwhod 8 ,
3163.Xr savecore 8 ,
3164.Xr sshd 8 ,
3165.Xr swapon 8 ,
3166.Xr sysctl 8 ,
3167.Xr syslogd 8 ,
3168.Xr timed 8 ,
3169.Xr usbd 8 ,
3170.Xr yp 8 ,
3171.Xr ypbind 8 ,
3172.Xr ypserv 8 ,
3173.Xr ypset 8
3174.Sh HISTORY
3175The
3176.Nm
3177file appeared in
3178.Fx 2.2.2 .
3179.Sh AUTHORS
3180.An Jordan K. Hubbard .
3181