1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd May 22, 2024 26.Dt RC.CONF 5 27.Os 28.Sh NAME 29.Nm rc.conf 30.Nd system configuration information 31.Sh DESCRIPTION 32The file 33.Nm 34contains descriptive information about the local host name, configuration 35details for any potential network interfaces and which services should be 36started up at system initial boot time. 37In new installations, the 38.Nm 39file is generally initialized by the system installation utility. 40.Pp 41The purpose of 42.Nm 43is not to run commands or perform system startup actions 44directly. 45Instead, it is included by the 46various generic startup scripts in 47.Pa /etc 48which conditionalize their 49internal actions according to the settings found there. 50.Pp 51The 52.Pa /etc/rc.conf 53file is included from the file 54.Pa /etc/defaults/rc.conf , 55which specifies the default settings for all the available options. 56Options need only be specified in 57.Pa /etc/rc.conf 58when the system administrator wishes to override these defaults. 59The file 60.Pa /etc/defaults/vendor.conf 61allows vendors to override 62.Fx 63defaults. 64The file 65.Pa /etc/rc.conf.local 66is used to override settings in 67.Pa /etc/rc.conf 68for historical reasons. 69.Pp 70The sysrc(8) command provides a scripting interface to modify system 71config files. 72.Pp 73In addition to 74.Pa /etc/rc.conf.local 75you can also place smaller configuration files for each 76.Xr rc 8 77script in the 78.Pa /etc/rc.conf.d 79directory or 80.Ao Ar dir Ac Ns Pa /rc.conf.d 81directories (where 82.Ao Ar dir Ac 83is each entry specified in 84.Va local_startup , 85but with any trailing 86.Pa /rc.d 87stripped), 88which will be included by the 89.Va load_rc_config 90function. 91For jail configurations you could use the file 92.Pa /etc/rc.conf.d/jail 93to store jail-specific configuration options. 94If 95.Va local_startup 96contains 97.Pa /usr/local/etc/rc.d 98and 99.Pa /opt/conf , 100.Pa /usr/local/etc/rc.conf.d/jail 101and 102.Pa /opt/conf/rc.conf.d/jail 103will be loaded. 104If 105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 106is a directory, 107all of the files in the directory will be loaded. 108Also see the 109.Va rc_conf_files 110variable below. 111.Pp 112Options are set with 113.Dq Ar name Ns Li = Ns Ar value 114assignments that use 115.Xr sh 1 116syntax. 117The following list provides a name and short description for each 118variable that can be set in the 119.Nm 120file: 121.Bl -tag -width indent-two 122.It Va rc_debug 123.Pq Vt bool 124If set to 125.Dq Li YES , 126enable output of debug messages from rc scripts. 127This variable can be helpful in diagnosing mistakes when 128editing or integrating new scripts. 129Beware that this produces copious output to the terminal and 130.Xr syslog 3 . 131.It Va rc_info 132.Pq Vt bool 133If set to 134.Dq Li NO , 135disable informational messages from the rc scripts. 136Informational messages are displayed when 137a condition that is not serious enough to warrant a warning or 138an error occurs. 139.It Va rc_startmsgs 140.Pq Vt bool 141If set to 142.Dq Li YES , 143show 144.Dq Starting foo: 145when faststart is used (e.g., at boot time). 146.It Va early_late_divider 147.Pq Vt str 148The name of the script that should be used as the 149delimiter between the 150.Dq early 151and 152.Dq late 153stages of the boot process. 154The early stage should contain all the services needed to 155get the disks (local or remote) mounted so that the late 156stage can include scripts contained in the directories 157listed in the 158.Va local_startup 159variable (see below). 160Thus, the two likely candidates for this value are 161.Pa mountcritlocal 162for the typical system, and 163.Pa mountcritremote 164if the system needs remote file 165systems mounted to get access to the 166.Va local_startup 167directories; for example when 168.Pa /usr/local 169is NFS mounted. 170For 171.Pa rc.conf 172within a 173.Xr jail 8 174.Pa NETWORKING 175is likely to be an appropriate value. 176Extreme care should be taken when changing this value, 177and before changing it one should ensure that there are 178adequate provisions to recover from a failed boot 179(such as physical contact with the machine, 180or reliable remote console access). 181.It Va always_force_depends 182.Pq Vt bool 183Various 184.Pa rc.d 185scripts use the force_depend function to check whether required 186services are already running, and to start them if necessary. 187By default during boot time this check is bypassed if the 188required service is enabled in 189.Pa /etc/rc.conf[.local] . 190Setting this option will bypass that check at boot time and 191always test whether or not the service is actually running. 192Enabling this option is likely to increase your boot time if 193services are enabled that utilize the force_depend check. 194.It Ao Ar name Ac Ns Va _chroot 195.Pq Vt str 196.Xr chroot 8 197to this directory before running the service. 198.It Ao Ar name Ac Ns Va _cpuset 199.Pq Vt str 200A list of CPUs to run the service on. 201Passed to 202.Xr cpuset 1 203using the 204.Fl l 205flag. 206.It Ao Ar name Ac Ns Va _fib 207.Pq Vt int 208The 209.Xr setfib 1 210value to run the service under. 211.It Ao Ar name Ac Ns Va _group 212.Pq Vt str 213Run the chrooted service under this system group. 214Unlike the 215.Ao Ar name Ac Ns Va _user 216setting, this setting has no effect if the service is not chrooted. 217.It Ao Ar name Ac Ns Va _limits 218.Pq Vt str 219Resource limits to apply to the service using 220.Xr limits 1 . 221By default, resource limits are based on the login class defined in 222.Ao Ar name Ac Ns Va _login_class . 223.It Ao Ar name Ac Ns Va _login_class 224.Pq Vt str 225Login class to be used with 226.Ao Ar name Ac Ns Va _limits . 227Defaults to 228.Dq Li daemon . 229.It Ao Ar name Ac Ns Va _nice 230.Pq Vt int 231The 232.Xr nice 1 233value to run the service under. 234.It Ao Ar name Ac Ns Va _oomprotect 235.Pq Vt str 236Use 237.Xr protect 1 238to prevent the service from being killed when swap space 239is exhausted. 240Use 241.Dq Li YES 242to protect only the service itself, and 243.Dq Li ALL 244to protect the service and all its child processes. 245.Pp 246Please note that rc scripts which redefine 247.Dl ${argument}_cmd 248.Pq see Xr rc.subr 8 249such as PostgreSQL will not inherit the OOM killer protection. 250.Pp 251This variable has no effect on services running within a 252.Xr jail 8 . 253.It Ao Ar name Ac Ns Va _setup 254.Pq Vt str 255Run the specified setup script right before starting the actual service 256command. 257Useful for automatic configuration file generation. 258.It Ao Ar name Ac Ns Va _umask 259.Pq Vt int 260Run the service using this 261.Xr umask 1 262value. 263.It Ao Ar name Ac Ns Va _user 264.Pq Vt str 265Run the service under this user account. 266.It Ao Ar name Ac Ns Va _svcj 267.Pq Vt bool 268If set to 269.Dq Li YES , 270auto-jail the service with inherited filesystem and other 271jail properties depending on 272.Ao Ar name Ac Ns Va _svcj_options . 273.It Ao Ar name Ac Ns Va _svcj_options 274.Pq Vt str 275A list of jail properties for the service. 276See 277.Sx SERVICE JAILS 278for a list of valid properties. 279.It Va apm_enable 280.Pq Vt bool 281If set to 282.Dq Li YES , 283enable support for Automatic Power Management with 284the 285.Xr apm 8 286command. 287.It Va apmd_enable 288.Pq Vt bool 289Run 290.Xr apmd 8 291to handle APM event from userland. 292This also enables support for APM. 293.It Va apmd_flags 294.Pq Vt str 295If 296.Va apmd_enable 297is set to 298.Dq Li YES , 299these are the flags to pass to the 300.Xr apmd 8 301daemon. 302.It Va devd_enable 303.Pq Vt bool 304Run 305.Xr devd 8 306to handle device added, removed or unknown events from the kernel. 307.It Va ddb_enable 308.Pq Vt bool 309Run 310.Xr ddb 8 311to install 312.Xr ddb 4 313scripts at boot time. 314.It Va ddb_config 315.Pq Vt str 316Configuration file for 317.Xr ddb 8 . 318Default 319.Pa /etc/ddb.conf . 320.It Va devmatch_enable 321.Pq Vt bool 322If set to 323.Dq Li NO , 324disable auto-loading of kernel modules with 325.Xr devmatch 8 . 326.It Va devmatch_blocklist 327.Pq Vt str 328A whitespace-separated list of kernel modules to be ignored by 329.Xr devmatch 8 . 330In addition, the 331.Xr kenv 1 332.Va devmatch_blocklist 333is appended to this variable to allow disabling of 334.Xr devmatch 8 335loaded modules from the boot loader. 336.It Va devmatch_blacklist 337.Pq Vt str 338This variable is deprecated. 339Use 340.Va devmatch_blocklist 341instead. 342A whitespace-separated list of kernel modules to be ignored by 343.Xr devmatch 8 . 344.It Va kld_list 345.Pq Vt str 346A whitespace-separated list of kernel modules to load right after 347the local disks are mounted, without any 348.Pa .ko 349extension or path. 350.It Va kldxref_enable 351.Pq Vt bool 352Set to 353.Dq Li NO 354by default. 355Set to 356.Dq Li YES 357to automatically rebuild 358.Pa linker.hints 359files with 360.Xr kldxref 8 361at boot time. 362.It Va kldxref_clobber 363.Pq Vt bool 364Set to 365.Dq Li NO 366by default. 367If 368.Va kldxref_enable 369is true, 370setting to 371.Dq Li YES 372will overwrite existing 373.Pa linker.hints 374files at boot time. 375Otherwise, 376only missing 377.Pa linker.hints 378files are generated. 379.It Va kldxref_module_path 380.Pq Vt str 381Empty by default. 382A semi-colon 383.Pq Ql \&; 384delimited list of paths containing 385.Xr kld 4 386modules. 387If empty, 388the contents of the 389.Va kern.module_path 390.Xr sysctl 8 391are used. 392.It Va powerd_enable 393.Pq Vt bool 394If set to 395.Dq Li YES , 396enable the system power control facility with the 397.Xr powerd 8 398daemon. 399.It Va powerd_flags 400.Pq Vt str 401If 402.Va powerd_enable 403is set to 404.Dq Li YES , 405these are the flags to pass to the 406.Xr powerd 8 407daemon. 408.It Va svcj_all_enable 409Enable auto-jailing of all services which are not explicitly 410excluded. 411See 412.Sx SERVICE JAILS 413for more info. 414.It Va tmpmfs 415Controls the creation of a 416.Pa /tmp 417memory file system. 418Always happens if set to 419.Dq Li YES 420and never happens if set to 421.Dq Li NO . 422If set to anything else, a memory file system is created if 423.Pa /tmp 424is not writable. 425.It Va tmpsize 426Controls the size of a created 427.Pa /tmp 428memory file system. 429.It Va tmpmfs_flags 430Extra options passed to the 431.Xr mdmfs 8 432utility when the memory file system for 433.Pa /tmp 434is created. 435The default is 436.Dq Li "-S" , 437which inhibits the use of softupdates on 438.Pa /tmp 439so that file system space is freed without delay 440after file truncation or deletion. 441See 442.Xr mdmfs 8 443for other options you can use in 444.Va tmpmfs_flags . 445.It Va varmfs 446Controls the creation of a 447.Pa /var 448memory file system. 449Always happens if set to 450.Dq Li YES 451and never happens if set to 452.Dq Li NO . 453If set to anything else, a memory file system is created if 454.Pa /var 455is not writable. 456.It Va varsize 457Controls the size of a created 458.Pa /var 459memory file system. 460.It Va varmfs_flags 461Extra options passed to the 462.Xr mdmfs 8 463utility when the memory file system for 464.Pa /var 465is created. 466The default is 467.Dq Li "-S" , 468which inhibits the use of softupdates on 469.Pa /var 470so that file system space is freed without delay 471after file truncation or deletion. 472See 473.Xr mdmfs 8 474for other options you can use in 475.Va varmfs_flags . 476.It Va populate_var 477Controls the automatic population of the 478.Pa /var 479file system. 480Always happens if set to 481.Dq Li YES 482and never happens if set to 483.Dq Li NO . 484If set to anything else, a memory file system is created if 485.Pa /var 486is not writable. 487Note that this process requires access to certain commands in 488.Pa /usr 489before 490.Pa /usr 491is mounted on normal systems. 492.It Va cleanvar_enable 493.Pq Vt bool 494Clean the 495.Pa /var 496directory. 497.It Va var_run_enable 498.Pq Vt bool 499Set to "YES" to enable saving of the 500.Pa /var/run 501directory structure into an mtree file at shutdown and the reload of the 502.Pa /var/run 503directory structure at boot. 504.It Va var_run_autosave 505.Pq Vt bool 506In some cases it may be undesirable to save 507.Pa /var/run 508at shutdown. 509When set to "NO" 510.Pa /var/run 511is loaded at reboot but not saved at shutdown. 512Typically in this scenario 513.Ql service var_run save 514would be performed to save a copy of the 515.Pa /var/run 516directory structure once, to be reloaded during all subsequent reboots. 517.It Va var_run_mtree 518.Pq Vt str 519Where to save the 520.Pa /var/run 521mtree. 522The default location is 523.Pa /var/db/mtree/BSD.var-run.mtree . 524.It Va local_startup 525.Pq Vt str 526List of directories to search for startup script files. 527.It Va script_name_sep 528.Pq Vt str 529The field separator to use for breaking down the list of startup script files 530into individual filenames. 531The default is a space. 532It is not necessary to change this unless there are startup scripts with names 533containing spaces. 534.It Va hostapd_enable 535.Pq Vt bool 536Set to 537.Dq Li YES 538to start 539.Xr hostapd 8 540at system boot time. 541.It Va hostname 542.Pq Vt str 543The fully qualified domain name (FQDN) of this host on the network. 544This should almost certainly be set to something meaningful, even if 545there is no network connection. 546If 547.Xr dhclient 8 548is used to set the hostname via DHCP, 549this variable should be set to an empty string. 550Within a 551.Xr jail 8 552the hostname is generally already set and this variable may be absent. 553If this value remains unset when the system is done booting 554your console login will display the default hostname of 555.Dq Amnesiac . 556.It Va nisdomainname 557.Pq Vt str 558The NIS domain name of this host, or 559.Dq Li NO 560if NIS is not used. 561.It Va hostid_enable 562.Pq Vt bool 563If set to 564.Dq Li NO , 565disable the generation or saving of the 566.Pa hostid 567and 568.Pa machine-id 569files at system boot and shutdown. 570.It Va hostid_file 571.Pq Vt str 572Path to the 573.Pa hostid 574file, default 575.Pa /etc/hostid . 576.It Va hostid_uuidgen_flags 577.Pq Vt str 578Flags passed to 579.Xr uuidgen 1 580when generating a software host UUID. 581This is used only if the system cannot determine a hardware UUID. 582Set to 583.Dq Li -r 584by default. 585.It Va machine_id_file 586.Pq Vt str 587Path to the 588.Pa machine-id 589file, default 590.Pa /etc/machine-id . 591.It Va dhclient_program 592.Pq Vt str 593Path to the DHCP client program, defaulting to 594.Pa /sbin/dhclient . 595.It Va dhclient_flags 596.Pq Vt str 597Additional flags to pass to the DHCP client program. 598See the 599.Xr dhclient 8 600manpage for a description of the command line options available. 601.It Va dhclient_flags_ Ns Aq Ar iface 602Additional flags to pass to the DHCP client program running on 603.Ar iface 604only. 605When specified, this variable overrides 606.Va dhclient_flags . 607.It Va background_dhclient 608.Pq Vt bool 609Set to 610.Dq Li YES 611to start the DHCP client in background. 612This can cause trouble with applications depending on 613a working network, but it will provide a faster startup 614in many cases. 615.It Va background_dhclient_ Ns Aq Ar iface 616When specified, this variable overrides the 617.Va background_dhclient 618variable for interface 619.Ar iface 620only. 621.It Va synchronous_dhclient 622.Pq Vt bool 623Set to 624.Dq Li YES 625to start 626.Xr dhclient 8 627synchronously at startup. 628This behavior can be overridden on a per-interface basis by replacing 629the 630.Dq Li DHCP 631keyword in the 632.Va ifconfig_ Ns Aq Ar interface 633variable with 634.Dq Li SYNCDHCP 635or 636.Dq Li NOSYNCDHCP . 637.It Va defaultroute_delay 638.Pq Vt int 639When set to a positive value, wait up to this long after configuring 640DHCP interfaces at startup to give the interfaces time to receive a lease. 641.It Va firewall_enable 642.Pq Vt bool 643Set to 644.Dq Li YES 645to load firewall rules at startup. 646If the kernel was not built with 647.Cd "options IPFIREWALL" , 648the 649.Pa ipfw.ko 650kernel module will be loaded. 651See also 652.Va ipfilter_enable . 653.It Va firewall_script 654.Pq Vt str 655This variable specifies the full path to the firewall script to run. 656The default is 657.Pa /etc/rc.firewall . 658.It Va firewall_type 659.Pq Vt str 660Names the firewall type from the selection in 661.Pa /etc/rc.firewall , 662or the file which contains the local firewall ruleset. 663Valid selections from 664.Pa /etc/rc.firewall 665are: 666.Pp 667.Bl -tag -width ".Li workstation" -compact 668.It Li open 669unrestricted IP access 670.It Li closed 671all IP services disabled, except via 672.Dq Li lo0 673.It Li client 674basic protection for a workstation 675.It Li workstation 676basic protection for a workstation using stateful firewalling 677.It Li simple 678basic protection for a LAN. 679.El 680.Pp 681If a filename is specified, the full path 682must be given. 683.Pp 684Most of the predefined rulesets define additional configuration variables. 685These are documented in 686.Pa /etc/rc.firewall . 687.It Va firewall_quiet 688.Pq Vt bool 689Set to 690.Dq Li YES 691to disable the display of firewall rules on the console during boot. 692.It Va firewall_logging 693.Pq Vt bool 694Set to 695.Dq Li YES 696to enable firewall event logging. 697This is equivalent to the 698.Dv IPFIREWALL_VERBOSE 699kernel option. 700.It Va firewall_logif 701.Pq Vt bool 702Set to 703.Dq Li YES 704to create pseudo interface 705.Li ipfw0 706for logging. 707For more details, see 708.Xr ipfw 8 709manual page. 710.It Va firewall_flags 711.Pq Vt str 712Flags passed to 713.Xr ipfw 8 714if 715.Va firewall_type 716specifies a filename. 717.It Va firewall_coscripts 718.Pq Vt str 719List of executables and/or rc scripts to run after firewall starts/stops. 720Default is empty. 721.\" ----- firewall_nat_enable setting -------------------------------- 722.It Va firewall_nat_enable 723.Pq Vt bool 724The 725.Xr ipfw 8 726equivalent of 727.Va natd_enable . 728Setting this to 729.Dq Li YES 730will automatically load the 731.Xr ipfw 8 732NAT kernel module if 733.Va firewall_enable 734is also set to 735.Dq Li YES . 736.It Va firewall_nat_interface 737.Pq Vt str 738The 739.Xr ipfw 8 740equivalent of 741.Va natd_interface . 742This is the name of the public interface or IP address on which 743kernel NAT should run. 744.It Va firewall_nat_flags 745.Pq Vt str 746Additional configuration parameters for kernel NAT should be placed here. 747.It Va firewall_nat64_enable 748.Pq Vt bool 749Setting this to 750.Dq Li YES 751will automatically load the 752.Xr ipfw 8 753NAT64 kernel module if 754.Va firewall_enable 755is also set to 756.Dq Li YES . 757.It Va firewall_nptv6_enable 758.Pq Vt bool 759Setting this to 760.Dq Li YES 761will automatically load the 762.Xr ipfw 8 763NPTv6 kernel module if 764.Va firewall_enable 765is also set to 766.Dq Li YES . 767.It Va firewall_pmod_enable 768.Pq Vt bool 769Setting this to 770.Dq Li YES 771will automatically load the 772.Xr ipfw 8 773pmod kernel module if 774.Va firewall_enable 775is also set to 776.Dq Li YES . 777.It Va dummynet_enable 778.Pq Vt bool 779Setting this to 780.Dq Li YES 781will automatically load the 782.Xr dummynet 4 783module if 784.Va firewall_enable 785is also set to 786.Dq Li YES . 787.\" ------------------------------------------------------------------- 788.It Va ipfw_netflow_enable 789.Pq Vt bool 790Setting this to 791.Dq Li YES 792will enable netflow logging via 793.Xr ng_netflow 4 . 794.Pp 795By default a ipfw rule is inserted and all packets are duplicated with 796the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 797port using protocol version 5. 798.It Va ipfw_netflow_hook 799.Pq Vt int 800netflow hook name, must be numerical 801(default 802.Pa 9995 ) . 803.It Va ipfw_netflow_rule 804.Pq Vt int 805ipfw rule number 806(default 807.Pa 1000 ) . 808.It Va ipfw_netflow_ip 809.Pq Vt str 810Destination server ip for receiving netflow data 811(default 812.Pa 127.0.0.1 ) . 813.It Va ipfw_netflow_port 814.Pq Vt int 815Destination server port for receiving netflow data 816(default 817.Pa 9995 ) . 818.It Va ipfw_netflow_version 819.Pq Vt int 820Do not set for using version 5 of the netflow protocol, set it to 9 for using 821version 9. 822.It Va ipfw_netflow_fib 823.Pq Vt int 824Only match packet in FIB 825.Pa ipfw_netflow_fib 826(default is undefined meaning all FIBs). 827.It Va natd_program 828.Pq Vt str 829Path to 830.Xr natd 8 . 831.It Va natd_enable 832.Pq Vt bool 833Set to 834.Dq Li YES 835to enable 836.Xr natd 8 . 837.Va firewall_enable 838must also be set to 839.Dq Li YES , 840and 841.Xr divert 4 842sockets must be enabled in the kernel. 843If the kernel was not built with 844.Cd "options IPDIVERT" , 845the 846.Pa ipdivert.ko 847kernel module will be loaded. 848.It Va natd_interface 849.Pq Vt str 850This is the name of the public interface on which 851.Xr natd 8 852should run. 853The interface may be given as an interface name or as an IP address. 854.It Va natd_flags 855.Pq Vt str 856Additional 857.Xr natd 8 858flags should be placed here. 859The 860.Fl n 861or 862.Fl a 863flag is automatically added with the above 864.Va natd_interface 865as an argument. 866.\" ----- ipfilter_enable setting -------------------------------- 867.It Va ipfilter_enable 868.Pq Vt bool 869Set to 870.Dq Li NO 871by default. 872Setting this to 873.Dq Li YES 874enables 875.Xr ipf 8 876packet filtering. 877.Pp 878Typical usage will require putting 879.Bd -literal 880ipfilter_enable="YES" 881ipnat_enable="YES" 882ipmon_enable="YES" 883ipfs_enable="YES" 884.Ed 885.Pp 886into 887.Pa /etc/rc.conf 888and editing 889.Pa /etc/ipf.rules 890and 891.Pa /etc/ipnat.rules 892appropriately. 893.Pp 894Note that 895.Va ipfilter_enable 896and 897.Va ipnat_enable 898can be enabled independently. 899.Va ipmon_enable 900and 901.Va ipfs_enable 902both require at least one of 903.Va ipfilter_enable 904and 905.Va ipnat_enable 906to be enabled. 907.Pp 908Having 909.Bd -literal 910options IPFILTER 911options IPFILTER_LOG 912options IPFILTER_DEFAULT_BLOCK 913.Ed 914.Pp 915in the kernel configuration file is a good idea, too. 916.\" ----- ipfilter_program setting ------------------------------ 917.It Va ipfilter_program 918.Pq Vt str 919Path to 920.Xr ipf 8 921(default 922.Pa /sbin/ipf ) . 923.\" ----- ipfilter_rules setting -------------------------------- 924.It Va ipfilter_rules 925.Pq Vt str 926Set to 927.Pa /etc/ipf.rules 928by default. 929This variable contains the name of the filter rule definition file. 930The file is expected to be readable for the 931.Xr ipf 8 932command to execute. 933.\" ----- ipfilter_flags setting -------------------------------- 934.It Va ipfilter_flags 935.Pq Vt str 936Empty by default. 937This variable contains flags passed to the 938.Xr ipf 8 939program. 940.\" ----- ipnat_enable setting ---------------------------------- 941.It Va ipnat_enable 942.Pq Vt bool 943Set to 944.Dq Li NO 945by default. 946Set it to 947.Dq Li YES 948to enable 949.Xr ipnat 8 950network address translation. 951See 952.Va ipfilter_enable 953for a detailed discussion. 954.\" ----- ipnat_program setting --------------------------------- 955.It Va ipnat_program 956.Pq Vt str 957Path to 958.Xr ipnat 8 959(default 960.Pa /sbin/ipnat ) . 961.\" ----- ipnat_rules setting ----------------------------------- 962.It Va ipnat_rules 963.Pq Vt str 964Set to 965.Pa /etc/ipnat.rules 966by default. 967This variable contains the name of the file 968holding the network address translation definition. 969This file is expected to be readable for the 970.Xr ipnat 8 971command to execute. 972.\" ----- ipnat_flags setting ----------------------------------- 973.It Va ipnat_flags 974.Pq Vt str 975Empty by default. 976This variable contains flags passed to the 977.Xr ipnat 8 978program. 979.\" ----- ipmon_enable setting ---------------------------------- 980.It Va ipmon_enable 981.Pq Vt bool 982Set to 983.Dq Li NO 984by default. 985Set it to 986.Dq Li YES 987to enable 988.Xr ipmon 8 989monitoring (logging 990.Xr ipf 8 991and 992.Xr ipnat 8 993events). 994Setting this variable needs setting 995.Va ipfilter_enable 996or 997.Va ipnat_enable 998too. 999See 1000.Va ipfilter_enable 1001for a detailed discussion. 1002.\" ----- ipmon_program setting --------------------------------- 1003.It Va ipmon_program 1004.Pq Vt str 1005Path to 1006.Xr ipmon 8 1007(default 1008.Pa /sbin/ipmon ) . 1009.\" ----- ipmon_flags setting ----------------------------------- 1010.It Va ipmon_flags 1011.Pq Vt str 1012Set to 1013.Dq Li -Ds 1014by default. 1015This variable contains flags passed to the 1016.Xr ipmon 8 1017program. 1018Another typical example would be 1019.Dq Fl D Pa /var/log/ipflog 1020to have 1021.Xr ipmon 8 1022log directly to a file bypassing 1023.Xr syslogd 8 . 1024Make sure to adjust 1025.Pa /etc/newsyslog.conf 1026in such case like this: 1027.Bd -literal 1028/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1029.Ed 1030.\" ----- ipfs_enable setting ----------------------------------- 1031.It Va ipfs_enable 1032.Pq Vt bool 1033Set to 1034.Dq Li NO 1035by default. 1036Set it to 1037.Dq Li YES 1038to enable 1039.Xr ipfs 8 1040saving the filter and NAT state tables during shutdown 1041and reloading them during startup again. 1042Setting this variable needs setting 1043.Va ipfilter_enable 1044or 1045.Va ipnat_enable 1046to 1047.Dq Li YES 1048too. 1049See 1050.Va ipfilter_enable 1051for a detailed discussion. 1052Note that if 1053.Va kern_securelevel 1054is set to 3, 1055.Va ipfs_enable 1056cannot be used 1057because the raised securelevel will prevent 1058.Xr ipfs 8 1059from saving the state tables at shutdown time. 1060.\" ----- ipfs_program setting ---------------------------------- 1061.It Va ipfs_program 1062.Pq Vt str 1063Path to 1064.Xr ipfs 8 1065(default 1066.Pa /sbin/ipfs ) . 1067.\" ----- ipfs_flags setting ------------------------------------ 1068.It Va ipfs_flags 1069.Pq Vt str 1070Empty by default. 1071This variable contains flags passed to the 1072.Xr ipfs 8 1073program. 1074.\" ----- end of added ipf hook --------------------------------- 1075.It Va pf_enable 1076.Pq Vt bool 1077Set to 1078.Dq Li NO 1079by default. 1080Setting this to 1081.Dq Li YES 1082enables 1083.Xr pf 4 1084packet filtering. 1085.Pp 1086Typical usage will require putting 1087.Pp 1088.Dl pf_enable="YES" 1089.Pp 1090into 1091.Pa /etc/rc.conf 1092and editing 1093.Pa /etc/pf.conf 1094appropriately. 1095Adding 1096.Pp 1097.Dl "device pf" 1098.Pp 1099builds support for 1100.Xr pf 4 1101into the kernel, otherwise the 1102kernel module will be loaded. 1103.It Va pf_rules 1104.Pq Vt str 1105Path to 1106.Xr pf 4 1107ruleset configuration file 1108(default 1109.Pa /etc/pf.conf ) . 1110.It Va pf_program 1111.Pq Vt str 1112Path to 1113.Xr pfctl 8 1114(default 1115.Pa /sbin/pfctl ) . 1116.It Va pf_flags 1117.Pq Vt str 1118If 1119.Va pf_enable 1120is set to 1121.Dq Li YES , 1122these flags are passed to the 1123.Xr pfctl 8 1124program when loading the ruleset. 1125.It Va pf_fallback_rules_enable 1126.Pq Vt bool 1127Set to 1128.Dq Li NO 1129by default. 1130Setting this to 1131.Dq Li YES 1132enables loading 1133.Va pf_fallback_rules_file 1134or 1135.Va pf_fallback_rules 1136in case of a problem when loading the ruleset in 1137.Va pf_rules . 1138.It Va pf_fallback_rules_file 1139.Pq Vt str 1140Path to a pf ruleset to load in case of failure when loading the 1141ruleset in 1142.Va pf_rules 1143(default 1144.Pa /etc/pf-fallback.conf ) . 1145.It Va pf_fallback_rules 1146.Pq Vt str 1147A pf ruleset to load in case of failure when loading the ruleset in 1148.Va pf_rules 1149and 1150.Va pf_fallback_rules_file 1151is not found. 1152Multiple rules can be set as follows: 1153.Bd -literal 1154pf_fallback_rules="\\ 1155 block drop log all\\ 1156 pass in quick on em0" 1157.Pp 1158.Ed 1159The default fallback rule is 1160.Dq block drop log all 1161.It Va pflog_enable 1162.Pq Vt bool 1163Set to 1164.Dq Li NO 1165by default. 1166Setting this to 1167.Dq Li YES 1168enables 1169.Xr pflogd 8 1170which logs packets from the 1171.Xr pf 4 1172packet filter. 1173.It Va pflog_logfile 1174.Pq Vt str 1175If 1176.Va pflog_enable 1177is set to 1178.Dq Li YES 1179this controls where 1180.Xr pflogd 8 1181stores the logfile 1182(default 1183.Pa /var/log/pflog ) . 1184Check 1185.Pa /etc/newsyslog.conf 1186to adjust logfile rotation for this. 1187.It Va pflog_program 1188.Pq Vt str 1189Path to 1190.Xr pflogd 8 1191(default 1192.Pa /sbin/pflogd ) . 1193.It Va pflog_flags 1194.Pq Vt str 1195Empty by default. 1196This variable contains additional flags passed to the 1197.Xr pflogd 8 1198program. 1199.It Va pflog_instances 1200.Pq Vt str 1201If logging to more than one 1202.Xr pflog 4 1203interface is desired, 1204.Va pflog_instances 1205is set to the list of 1206.Xr pflogd 8 1207instances that should be started at system boot time. 1208If 1209.Va pflog_instances 1210is set, for each whitespace-separated 1211.Ar element 1212in the list, 1213.Ao Ar element Ac Ns Va _dev 1214and 1215.Ao Ar element Ac Ns Va _logfile 1216elements are assumed to exist. 1217.Ao Ar element Ac Ns Va _dev 1218must contain the 1219.Xr pflog 4 1220interface to be watched by the named 1221.Xr pflogd 8 1222instance. 1223.Ao Ar element Ac Ns Va _logfile 1224must contain the name of the logfile that will be used by the 1225.Xr pflogd 8 1226instance. 1227.It Va ftpproxy_enable 1228.Pq Vt bool 1229Set to 1230.Dq Li NO 1231by default. 1232Setting this to 1233.Dq Li YES 1234enables 1235.Xr ftp-proxy 8 1236which supports the 1237.Xr pf 4 1238packet filter in translating ftp connections. 1239.It Va ftpproxy_flags 1240.Pq Vt str 1241Empty by default. 1242This variable contains additional flags passed to the 1243.Xr ftp-proxy 8 1244program. 1245.It Va ftpproxy_instances 1246.Pq Vt str 1247Empty by default. 1248If multiple instances of 1249.Xr ftp-proxy 8 1250are desired at boot time, 1251.Va ftpproxy_instances 1252should contain a whitespace-separated list of instance names. 1253For each 1254.Ar element 1255in the list, a variable named 1256.Ao Ar element Ac Ns Va _flags 1257should be defined, containing the command-line flags to be passed to the 1258.Xr ftp-proxy 8 1259instance. 1260.It Va pfsync_enable 1261.Pq Vt bool 1262Set to 1263.Dq Li NO 1264by default. 1265Setting this to 1266.Dq Li YES 1267enables exposing 1268.Xr pf 4 1269state changes to other hosts over the network by means of 1270.Xr pfsync 4 . 1271The 1272.Va pfsync_syncdev 1273variable 1274must also be set then. 1275.It Va pfsync_syncdev 1276.Pq Vt str 1277Empty by default. 1278This variable specifies the name of the network interface 1279.Xr pfsync 4 1280should operate through. 1281It must be set accordingly if 1282.Va pfsync_enable 1283is set to 1284.Dq Li YES . 1285.It Va pfsync_syncpeer 1286.Pq Vt str 1287Empty by default. 1288This variable is optional. 1289By default, state change messages are sent out on the synchronisation 1290interface using IP multicast packets. 1291The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1292224.0.0.240. 1293When a peer address is specified using the 1294.Va pfsync_syncpeer 1295option, the peer address is used as a destination for the pfsync 1296traffic, and the traffic can then be protected using 1297.Xr ipsec 4 . 1298See the 1299.Xr pfsync 4 1300manpage for more details about using 1301.Xr ipsec 4 1302with 1303.Xr pfsync 4 1304interfaces. 1305.It Va pfsync_ifconfig 1306.Pq Vt str 1307Empty by default. 1308This variable can contain additional options to be passed to the 1309.Xr ifconfig 8 1310command used to set up 1311.Xr pfsync 4 . 1312.It Va tcp_extensions 1313.Pq Vt bool 1314Set to 1315.Dq Li YES 1316by default. 1317Setting this to 1318.Dq Li NO 1319disables certain TCP options as described by 1320.Rs 1321.%T "RFC 1323" 1322.Re 1323Setting this to 1324.Dq Li NO 1325might help remedy such problems with connections as randomly hanging 1326or other weird behavior. 1327Some network devices are known 1328to be broken with respect to these options. 1329.It Va log_in_vain 1330.Pq Vt int 1331Set to 0 by default. 1332The 1333.Xr sysctl 8 1334variables, 1335.Va net.inet.tcp.log_in_vain 1336and 1337.Va net.inet.udp.log_in_vain , 1338as described in 1339.Xr tcp 4 1340and 1341.Xr udp 4 , 1342are set to the given value. 1343.It Va tcp_keepalive 1344.Pq Vt bool 1345Set to 1346.Dq Li YES 1347by default. 1348Setting to 1349.Dq Li NO 1350will disable probing idle TCP connections to verify that the 1351peer is still up and reachable. 1352.It Va tcp_drop_synfin 1353.Pq Vt bool 1354Set to 1355.Dq Li NO 1356by default. 1357Setting to 1358.Dq Li YES 1359will cause the kernel to ignore TCP frames that have both 1360the SYN and FIN flags set. 1361This prevents OS fingerprinting, but may 1362break some legitimate applications. 1363.It Va icmp_drop_redirect 1364.Pq Vt bool 1365Set to 1366.Dq Li AUTO 1367by default. 1368This setting will be identical to 1369.Dq Li YES , 1370if a dynamic routing daemon is enabled, because redirect processing may 1371cause performance issues for large routing tables. 1372If no such service is enabled, this setting behaves like a 1373.Dq Li NO . 1374Setting to 1375.Dq Li YES 1376will cause the kernel to ignore ICMP REDIRECT packets. 1377Setting to 1378.Dq Li NO 1379will cause the kernel to process ICMP REDIRECT packets. 1380Refer to 1381.Xr icmp 4 1382for more information. 1383.It Va icmp_log_redirect 1384.Pq Vt bool 1385Set to 1386.Dq Li NO 1387by default. 1388Setting to 1389.Dq Li YES 1390will cause the kernel to log ICMP REDIRECT packets. 1391Note that 1392the log messages are not rate-limited, so this option should only be used 1393for troubleshooting networks. 1394Refer to 1395.Xr icmp 4 1396for more information. 1397.It Va icmp_bmcastecho 1398.Pq Vt bool 1399Set to 1400.Dq Li YES 1401to respond to broadcast or multicast ICMP ping packets. 1402Refer to 1403.Xr icmp 4 1404for more information. 1405.It Va ip_portrange_first 1406.Pq Vt int 1407If not set to 1408.Dq Li NO , 1409this is the first port in the default portrange. 1410Refer to 1411.Xr ip 4 1412for more information. 1413.It Va ip_portrange_last 1414.Pq Vt int 1415If not set to 1416.Dq Li NO , 1417this is the last port in the default portrange. 1418Refer to 1419.Xr ip 4 1420for more information. 1421.It Va network_interfaces 1422.Pq Vt str 1423Set to the list of network interfaces to configure on this host or 1424.Dq Li AUTO 1425(the default) for all current interfaces. 1426Setting the 1427.Va network_interfaces 1428variable to anything other than the default is deprecated. 1429Interfaces that the administrator wishes to store configuration for, 1430but not start at boot should be configured with the 1431.Dq Li NOAUTO 1432keyword in their 1433.Va ifconfig_ Ns Aq Ar interface 1434variables as described below. 1435.Pp 1436An 1437.Va ifconfig_ Ns Aq Ar interface 1438variable is assumed to exist for each value of 1439.Ar interface . 1440When an interface name contains any of the characters 1441.Dq Li .-/+ 1442they are translated to 1443.Dq Li _ 1444before lookup. 1445For example, the interface 1446.Va em0.102 1447would be configured using the variable 1448.Va ifconfig_em0_102 . 1449.Pp 1450The variable can contain arguments to 1451.Xr ifconfig 8 , 1452as well as special case-insensitive keywords described below. 1453Such keywords are removed before passing the value to 1454.Xr ifconfig 8 1455while the order of the other arguments is preserved. 1456.Pp 1457For example, to assign the IPv4 address 192.0.2.1/24 to the interface em0: 1458.Bd -literal 1459ifconfig_em0="inet 192.0.2.1/24 up" 1460.Ed 1461.Pp 1462If the variable 1463.Va ifconfig_ Ns Ao Ar interface Ac Ns Pa _ipv6 1464is set, then 1465.Va ifconfig_ Ns Aq Ar interface 1466does not need to be set unless an IPv4 address should also be assigned to 1467the interface. 1468.Pp 1469It is possible to add IP alias entries using 1470.Xr ifconfig 8 1471syntax with the address family keyword such as 1472.Li inet . 1473Assuming that the interface in question was 1474.Li em0 , 1475it might look something like this: 1476.Bd -literal 1477ifconfig_em0_alias0="inet 127.0.0.253/32" 1478ifconfig_em0_alias1="inet 127.0.0.254/32" 1479.Ed 1480.Pp 1481It also possible to configure multiple IP addresses in Classless 1482Inter-Domain Routing 1483.Pq CIDR 1484address notation, 1485whose each address component can be a range like 1486.Li inet 192.0.2.5-23/24 1487or 1488.Li inet6 2001:db8:1-f::1/64 . 1489This notation allows address and prefix length part only, 1490not the other address modifiers. 1491Note that the maximum number of the generated addresses from a range 1492specification is limited to an integer value specified in 1493.Va netif_ipexpand_max 1494in 1495.Nm 1496because a small typo can unexpectedly generate a large number of addresses. 1497The default value is 1498.Li 2048 . 1499It can be increased by adding the following line into 1500.Nm : 1501.Bd -literal 1502netif_ipexpand_max="4096" 1503.Ed 1504.Pp 1505In the case of 1506.Li 192.0.2.5-23/24 , 1507the address 192.0.2.5 will be configured with the prefix length /24 and the 1508addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting prefix length /32 as 1509explained in the 1510.Xr ifconfig 8 1511alias section. 1512Note that this special CIDR handling is only for 1513.Li inet , 1514not for the other address families such as 1515.Li inet6 . 1516.Pp 1517With the interface in question being 1518.Li em0 , 1519an example could look like: 1520.Bd -literal 1521ifconfig_em0_alias2="inet 192.0.2.129/27" 1522ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1523.Ed 1524.Pp 1525and so on. 1526.Pp 1527Note that deprecated 1528.Va ipv4_addrs_ Ns Aq Ar interface 1529variable was supported for IPv4 CIDR address notation. 1530The 1531.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1532variable replaces it, though 1533.Va ipv4_addrs_ Ns Aq Ar interface 1534is still supported for backward compatibility. 1535.Pp 1536For each 1537.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1538entry with an address family keyword, 1539its contents are passed to 1540.Xr ifconfig 8 . 1541Execution stops at the first unsuccessful access, so if 1542something like this is present: 1543.Bd -literal 1544ifconfig_em0_alias0="inet 127.0.0.251/32" 1545ifconfig_em0_alias1="inet 127.0.0.252/32" 1546ifconfig_em0_alias2="inet 127.0.0.253/32" 1547ifconfig_em0_alias4="inet 127.0.0.254/32" 1548.Ed 1549.Pp 1550Then note that alias4 would 1551.Em not 1552be added since the search would 1553stop with the missing 1554.Dq Li alias3 1555entry. 1556Because of this difficult to manage behavior, 1557there is 1558.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1559variable, which has the same functionality as 1560.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1561and can have all of the entries in a variable like the following: 1562.Bd -literal 1563ifconfig_em0_aliases="\\ 1564 inet 127.0.0.251/32 \\ 1565 inet 127.0.0.252/32 \\ 1566 inet 127.0.0.253/32 \\ 1567 inet 127.0.0.254/32" 1568.Ed 1569.Pp 1570It also supports netmask notation for backward compatibility. 1571.Pp 1572If the 1573.Pa /etc/start_if . Ns Aq Ar interface 1574file is present, it is read and executed by the 1575.Xr sh 1 1576interpreter 1577before configuring the interface as specified in the 1578.Va ifconfig_ Ns Aq Ar interface 1579and 1580.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1581variables. 1582.Pp 1583If a 1584.Va vlans_ Ns Aq Ar interface 1585variable is set, 1586a 1587.Xr vlan 4 1588interface will be created for each item in the list with the 1589.Ar vlandev 1590argument set to 1591.Ar interface . 1592If a vlan interface's name is a number, 1593then that number is used as the vlan tag and the new vlan interface is 1594named 1595.Ar interface . Ns Ar tag . 1596Otherwise, 1597the vlan tag must be specified via a 1598.Va vlan 1599parameter in the 1600.Va create_args_ Ns Aq Ar interface 1601variable. 1602.Pp 1603To create a vlan device named 1604.Li em0.101 1605on 1606.Li em0 1607with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1608.Bd -literal 1609vlans_em0="101" 1610ifconfig_em0_101="inet 192.0.2.1/24" 1611.Ed 1612.Pp 1613To create a vlan device named 1614.Li myvlan 1615on 1616.Li em0 1617with the vlan tag 102: 1618.Bd -literal 1619vlans_em0="myvlan" 1620create_args_myvlan="vlan 102" 1621.Ed 1622.Pp 1623If a 1624.Va wlans_ Ns Aq Ar interface 1625variable is set, 1626an 1627.Xr wlan 4 1628interface will be created for each item in the list with the 1629.Ar wlandev 1630argument set to 1631.Ar interface . 1632Further wlan cloning arguments may be passed to the 1633.Xr ifconfig 8 1634.Cm create 1635command by setting the 1636.Va create_args_ Ns Aq Ar interface 1637variable. 1638One or more 1639.Xr wlan 4 1640devices must be created for each wireless device as of 1641.Fx 8.0 . 1642Debugging flags for 1643.Xr wlan 4 1644devices as set by 1645.Xr wlandebug 8 1646may be specified with an 1647.Va wlandebug_ Ns Aq Ar interface 1648variable. 1649The contents of this variable will be passed directly to 1650.Xr wlandebug 8 . 1651.Pp 1652If the 1653.Va ifconfig_ Ns Aq Ar interface 1654contains the keyword 1655.Dq Li NOAUTO 1656then the interface will not be configured 1657at boot or by 1658.Pa /etc/pccard_ether 1659when 1660.Va network_interfaces 1661is set to 1662.Dq Li AUTO . 1663.Pp 1664It is possible to bring up an interface with DHCP by adding 1665.Dq Li DHCP 1666to the 1667.Va ifconfig_ Ns Aq Ar interface 1668variable. 1669For instance, to initialize the 1670.Li em0 1671device via DHCP, 1672it is possible to use something like: 1673.Bd -literal 1674ifconfig_em0="DHCP" 1675.Ed 1676.Pp 1677If you want to configure your wireless interface with 1678.Xr wpa_supplicant 8 1679for use with WPA, EAP/LEAP or WEP, you need to add 1680.Dq Li WPA 1681to the 1682.Va ifconfig_ Ns Aq Ar interface 1683variable. 1684.Pp 1685On the other hand, if you want to configure your wireless interface with 1686.Xr hostapd 8 , 1687you need to add 1688.Dq Li HOSTAP 1689to the 1690.Va ifconfig_ Ns Aq Ar interface 1691variable. 1692.Xr hostapd 8 1693will use the settings from 1694.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1695.Pp 1696Finally, you can add 1697.Xr ifconfig 8 1698options in this variable, in addition to the 1699.Pa /etc/start_if . Ns Aq Ar interface 1700file. 1701For instance, to configure an 1702.Xr ath 4 1703wireless device in station mode with an address obtained 1704via DHCP, using WPA authentication and 802.11b mode, it is 1705possible to use something like: 1706.Bd -literal 1707wlans_ath0="wlan0" 1708ifconfig_wlan0="DHCP WPA mode 11b" 1709.Ed 1710.Pp 1711In addition to the 1712.Va ifconfig_ Ns Aq Ar interface 1713form, a fallback variable 1714.Va ifconfig_DEFAULT 1715may be configured. 1716It will be used for all interfaces with no 1717.Va ifconfig_ Ns Aq Ar interface 1718variable. 1719.Pp 1720It is also possible to rename an interface by doing: 1721.Bd -literal 1722ifconfig_em0_name="net0" 1723ifconfig_net0="inet 192.0.2.1/24" 1724.Ed 1725.It Va ipv6_enable 1726.Pq Vt bool 1727This variable is deprecated. 1728Use 1729.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1730and 1731.Va ipv6_activate_all_interfaces 1732if necessary. 1733.Pp 1734If the variable is 1735.Dq Li YES , 1736.Dq Li inet6 accept_rtadv 1737is added to all of 1738.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1739and the 1740.Va ipv6_activate_all_interfaces 1741is defined as 1742.Dq Li YES . 1743.It Va ipv6_prefer 1744.Pq Vt bool 1745This variable is deprecated. 1746Use 1747.Va ip6addrctl_policy 1748instead. 1749.Pp 1750If the variable is 1751.Dq Li YES , 1752the default address selection policy table set by 1753.Xr ip6addrctl 8 1754will be IPv6-preferred. 1755.Pp 1756If the variable is 1757.Dq Li NO , 1758the default address selection policy table set by 1759.Xr ip6addrctl 8 1760will be IPv4-preferred. 1761.It Va ipv6_activate_all_interfaces 1762.Pq Vt bool 1763This controls initial configuration on IPv6-capable 1764interfaces with no corresponding 1765.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1766variable. 1767Note that it is not always necessary to set this variable to 1768.Dq YES 1769to use IPv6 functionality on 1770.Fx . 1771In most cases, just configuring 1772.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1773variables works. 1774.Pp 1775If the variable is 1776.Dq Li NO , 1777all interfaces which do not have a corresponding 1778.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1779variable will be marked as 1780.Dq Li IFDISABLED 1781at creation. 1782This means that all IPv6 functionality on that interface 1783is completely disabled to enforce a security policy. 1784If the variable is set to 1785.Dq YES , 1786the flag will be cleared on all of the interfaces. 1787.Pp 1788In most cases, just defining an 1789.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1790for an IPv6-capable interface should be sufficient. 1791However, if an interface is added dynamically 1792.Pq by some tunneling protocols such as PPP, for example , 1793it is often difficult to define the variable in advance. 1794In such a case, configuring the 1795.Dq Li IFDISABLED 1796flag can be disabled by setting this variable to 1797.Dq YES . 1798.Pp 1799For more details of the 1800.Dq Li IFDISABLED 1801flag and keywords 1802.Dq Li inet6 ifdisabled , 1803see 1804.Xr ifconfig 8 . 1805.Pp 1806Default is 1807.Dq Li NO . 1808.It Va ipv6_privacy 1809.Pq Vt bool 1810If the variable is 1811.Dq Li YES 1812privacy addresses will be generated for each IPv6 1813interface as described in RFC 4941. 1814.It Va ipv6_network_interfaces 1815.Pq Vt str 1816This is the IPv6 equivalent of 1817.Va network_interfaces . 1818Normally manual configuration of this variable is not needed. 1819.It Va ipv6_cpe_wanif 1820.Pq Vt str 1821If the variable is set to an interface name, 1822the 1823.Xr ifconfig 8 1824options 1825.Dq inet6 -no_radr accept_rtadv 1826will be added to the specified interface automatically before evaluating 1827.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1828and two 1829.Xr sysctl 8 1830variables 1831.Va net.inet6.ip6.rfc6204w3 1832and 1833.Va net.inet6.ip6.no_radr 1834will be set to 1. 1835.Pp 1836This means the specified interface will accept ICMPv6 Router 1837Advertisement messages on that link and add the discovered 1838routers into the Default Router List. 1839While the other interfaces can still accept RA messages if the 1840.Dq inet6 accept_rtadv 1841option is specified, adding 1842routes into the Default Router List will be disabled by 1843.Dq inet6 no_radr 1844option by default. 1845See 1846.Xr ifconfig 8 1847for more details. 1848.Pp 1849Note that ICMPv6 Router Advertisement messages will be 1850accepted even when 1851.Va net.inet6.ip6.forwarding 1852is 1 1853.Pq packet forwarding is enabled 1854when 1855.Va net.inet6.ip6.rfc6204w3 1856is set to 1. 1857.Pp 1858Default is 1859.Dq Li NO . 1860.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1861.Pq Vt str 1862This assigns arbitrary description to an interface. 1863The 1864.Xr sysctl 8 1865variable 1866.Va net.ifdescr_maxlen 1867limits its length. 1868This static setting may be overridden by commands 1869started with dynamic interface configuration utilities 1870like 1871.Xr dhclient 8 1872hooks. 1873The description can be seen with 1874.Xr ifconfig 8 1875command and it may be exported with 1876.Xr bsnmpd 1 1877daemon using its MIB-2 module. 1878.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1879.Pq Vt str 1880IPv6 functionality on an interface should be configured by 1881.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1882instead of setting ifconfig parameters in 1883.Va ifconfig_ Ns Aq Ar interface . 1884If this variable is empty, all IPv6 configurations on the 1885specified interface by other variables such as 1886.Va ipv6_prefix_ Ns Ao Ar interface Ac 1887will be ignored. 1888.Pp 1889Aliases should be set by 1890.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1891with 1892.Dq Li inet6 1893keyword. 1894For example: 1895.Bd -literal 1896ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1897ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1898.Ed 1899.Pp 1900Interfaces that have an 1901.Dq Li inet6 accept_rtadv 1902keyword in 1903.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1904setting will be automatically configured by SLAAC 1905.Pq StateLess Address AutoConfiguration 1906described in 1907.Rs 1908.%T "RFC 4862" 1909.Re 1910.Pp 1911Note that a link-local address will be automatically configured in 1912addition to the configured global-scope addresses because the IPv6 1913specifications require it on each link. 1914The address is calculated from the MAC address by using an algorithm 1915defined in 1916.Rs 1917.%T "RFC 4862" 1918.%O "Section 5.3" 1919.Re 1920.Pp 1921If only a link-local address is needed on the interface, 1922the following configuration can be used: 1923.Bd -literal 1924ifconfig_em0_ipv6="inet6 auto_linklocal" 1925.Ed 1926.Pp 1927A link-local address can also be configured manually. 1928This is useful for the default router address of an IPv6 router 1929so that it does not change when the network interface 1930card is replaced. 1931For example: 1932.Bd -literal 1933ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1934.Ed 1935.It Va ipv6_prefix_ Ns Aq Ar interface 1936.Pq Vt str 1937If one or more prefixes are defined in 1938.Va ipv6_prefix_ Ns Aq Ar interface 1939addresses based on each prefix and the EUI-64 interface index will be 1940configured on that interface. 1941Note that this variable will be ignored when 1942.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1943is empty. 1944.Pp 1945For example, the following configuration 1946.Bd -literal 1947ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1948.Ed 1949.Pp 1950is equivalent to the following: 1951.Bd -literal 1952ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1953ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1954ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1955ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1956.Ed 1957.Pp 1958These Subnet-Router anycast addresses will be added only when 1959.Va ipv6_gateway_enable 1960is YES. 1961.It Va ipv6_default_interface 1962.Pq Vt str 1963If not set to 1964.Dq Li NO , 1965this is the default output interface for scoped addresses. 1966This works only with ipv6_gateway_enable="NO". 1967.It Va ip6addrctl_enable 1968.Pq Vt bool 1969This variable is to enable configuring default address selection policy table 1970.Pq RFC 3484 . 1971The table can be specified in another variable 1972.Va ip6addrctl_policy . 1973For 1974.Va ip6addrctl_policy 1975the following keywords can be specified: 1976.Dq Li ipv4_prefer , 1977.Dq Li ipv6_prefer , 1978or 1979.Dq Li AUTO . 1980.Pp 1981If 1982.Dq Li ipv4_prefer 1983or 1984.Dq Li ipv6_prefer 1985is specified, 1986.Xr ip6addrctl 8 1987installs a pre-defined policy table described in Section 10.3 1988.Pq IPv4-preferred 1989or 2.1 1990.Pq IPv6-preferred 1991of RFC 3484. 1992.Pp 1993If 1994.Dq Li AUTO 1995is specified, it attempts to read a file 1996.Pa /etc/ip6addrctl.conf 1997first. 1998If this file is found, 1999.Xr ip6addrctl 8 2000reads and installs it. 2001If not found, a policy is automatically set 2002according to 2003.Va ipv6_activate_all_interfaces 2004variable; if the variable is set to 2005.Dq Li YES 2006the IPv6-preferred one is used. 2007Otherwise IPv4-preferred. 2008.Pp 2009The default value of 2010.Va ip6addrctl_enable 2011and 2012.Va ip6addrctl_policy 2013are 2014.Dq Li YES 2015and 2016.Dq Li AUTO , 2017respectively. 2018.It Va cloned_interfaces 2019.Pq Vt str 2020Set to the list of clonable network interfaces to create on this host. 2021Further cloning arguments may be passed to the 2022.Xr ifconfig 8 2023.Cm create 2024command for each interface by setting the 2025.Va create_args_ Ns Aq Ar interface 2026variable. 2027If an interface name is specified with 2028.Dq :sticky 2029keyword, 2030the interface will not be destroyed even when 2031.Pa rc.d/netif 2032script is invoked with 2033.Dq stop 2034argument. 2035This is useful when reconfiguring the interface without destroying it. 2036Entries in 2037.Va cloned_interfaces 2038are automatically appended to 2039.Va network_interfaces 2040for configuration. 2041.It Va cloned_interfaces_sticky 2042.Pq Vt bool 2043This variable is to globally enable functionality of 2044.Dq :sticky 2045keyword in 2046.Va cloned_interfaces 2047for all interfaces. 2048The default value is 2049.Dq NO . 2050Even if this variable is specified to 2051.Dq YES , 2052.Dq :nosticky 2053keyword can be used to override it on per interface basis. 2054.It Va gif_interfaces 2055Set to the list of 2056.Xr gif 4 2057tunnel interfaces to configure on this host. 2058A 2059.Va gifconfig_ Ns Aq Ar interface 2060variable is assumed to exist for each value of 2061.Ar interface . 2062The value of this variable is used to configure the link layer of the 2063tunnel using the 2064.Cm tunnel 2065option to 2066.Xr ifconfig 8 . 2067Additionally, this option ensures that each listed interface is created 2068via the 2069.Cm create 2070option to 2071.Xr ifconfig 8 2072before attempting to configure it. 2073.Pp 2074For example, configure two 2075.Xr gif 4 2076interfaces with: 2077.Bd -literal 2078gif_interfaces="gif0 gif1" 2079gifconfig_gif0="100.64.0.1 100.64.0.2" 2080ifconfig_gif0="inet 10.0.0.1/30 10.0.0.2" 2081gifconfig_gif1="inet6 2a00::1 2a01::1" 2082ifconfig_gif1="inet 10.1.0.1/30 10.1.0.2" 2083.Ed 2084.It Va ppp_enable 2085.Pq Vt bool 2086If set to 2087.Dq Li YES , 2088run the 2089.Xr ppp 8 2090daemon. 2091.It Va ppp_profile 2092.Pq Vt str 2093The name of the profile to use from 2094.Pa /etc/ppp/ppp.conf . 2095Also used for per-profile overrides of 2096.Va ppp_mode 2097and 2098.Va ppp_nat , 2099and 2100.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2101When the profile name contains any of the characters 2102.Dq Li .-/+ 2103they are translated to 2104.Dq Li _ 2105for the proposes of the override variable names. 2106.It Va ppp_mode 2107.Pq Vt str 2108Mode in which to run the 2109.Xr ppp 8 2110daemon. 2111.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2112.Pq Vt str 2113Overrides the global 2114.Va ppp_mode 2115for 2116.Ar profile . 2117Accepted modes are 2118.Dq Li auto , 2119.Dq Li ddial , 2120.Dq Li direct 2121and 2122.Dq Li dedicated . 2123See the manual for a full description. 2124.It Va ppp_nat 2125.Pq Vt bool 2126If set to 2127.Dq Li YES , 2128enables network address translation. 2129Used in conjunction with 2130.Va gateway_enable 2131allows hosts on private network addresses access to the Internet using 2132this host as a network address translating router. 2133Default is 2134.Dq Li YES . 2135.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2136.Pq Vt str 2137Overrides the global 2138.Va ppp_nat 2139for 2140.Ar profile . 2141.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2142.Pq Vt int 2143Set the unit number to be used for this profile. 2144See the manual description of 2145.Fl unit Ns Ar N 2146for details. 2147.It Va ppp_user 2148.Pq Vt str 2149The name of the user under which 2150.Xr ppp 8 2151should be started. 2152By 2153default, 2154.Xr ppp 8 2155is started as 2156.Dq Li root . 2157.It Va rc_conf_files 2158.Pq Vt str 2159This option is used to specify a list of files that will override 2160the settings in 2161.Pa /etc/defaults/rc.conf . 2162The files will be read in the order in which they are specified and should 2163include the full path to the file. 2164By default, the files specified are 2165.Pa /etc/rc.conf 2166and 2167.Pa /etc/rc.conf.local . 2168.It Va zfs_enable 2169.Pq Vt bool 2170If set to 2171.Dq Li YES , 2172.Pa /etc/rc.d/zfs 2173will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2174(ZVOLs). 2175.It Va zpool_reguid 2176.Pq Vt str 2177A space-separated list of ZFS pool names for which new pool GUIDs should be 2178assigned upon first boot. 2179This is useful when using a ZFS pool copied from a template, such as a virtual 2180machine image. 2181.It Va zpool_upgrade 2182.Pq Vt str 2183A space-separated list of ZFS pool names for which the version should be 2184upgraded upon first boot. 2185This is useful when using a ZFS pool generated by the 2186.Xr makefs 8 2187utility. 2188.It Va gptboot_enable 2189.Pq Vt bool 2190If set to 2191.Dq Li YES , 2192.Pa /etc/rc.d/gptboot 2193will log if the system successfully (or not) booted from a GPT partition, 2194which had the 2195.Ar bootonce 2196attribute set using 2197.Xr gpart 8 2198utility. 2199.It Va geli_devices 2200.Pq Vt str 2201List of devices to automatically attach on boot. 2202Note that .eli devices from 2203.Pa /etc/fstab 2204are automatically appended to this list. 2205.It Va geli_groups 2206.Pq Vt str 2207List of groups containing devices to automatically attach on boot with the same 2208keyfiles and passphrase. 2209This must be accompanied with a corresponding 2210.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2211variable. 2212.It Va geli_tries 2213.Pq Vt int 2214Number of times user is asked for the pass-phrase. 2215If empty, it will be taken from 2216.Va kern.geom.eli.tries 2217sysctl variable. 2218.It Va geli_default_flags 2219.Pq Vt str 2220Default flags to use by 2221.Xr geli 8 2222when configuring disk encryption. 2223Flags can be configured for every device separately by defining the 2224.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2225variable, and for every group separately by defining the 2226.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2227variable. 2228.It Va geli_autodetach 2229.Pq Vt str 2230Specifies if GELI devices should be marked for detach on last close after 2231file systems are mounted. 2232Default is 2233.Dq Li YES . 2234This can be changed for every device separately by defining the 2235.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2236variable. 2237.It Va root_rw_mount 2238.Pq Vt bool 2239Set to 2240.Dq Li YES 2241by default. 2242After the file systems are checked at boot time, the root file system 2243is remounted as read-write if this is set to 2244.Dq Li YES . 2245Diskless systems that mount their root file system from a read-only remote 2246NFS share should set this to 2247.Dq Li NO 2248in their 2249.Pa rc.conf . 2250.It Va fsck_y_enable 2251.Pq Vt bool 2252If set to 2253.Dq Li YES , 2254.Xr fsck 8 2255will be run with the 2256.Fl y 2257flag if the initial preen 2258of the file systems fails. 2259.It Va background_fsck 2260.Pq Vt bool 2261If set to 2262.Dq Li NO , 2263the system will not attempt to run 2264.Xr fsck 8 2265in the background where possible. 2266.It Va background_fsck_delay 2267.Pq Vt int 2268The amount of time in seconds to sleep before starting a background 2269.Xr fsck 8 . 2270It defaults to sixty seconds to allow large applications such as 2271the X server to start before disk I/O bandwidth is monopolized by 2272.Xr fsck 8 . 2273If set to a negative number, the background file system check will be 2274delayed indefinitely to allow the administrator to run it at a more 2275convenient time. 2276For example it may be run from 2277.Xr cron 8 2278by adding a line like 2279.Pp 2280.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2281.Pp 2282to 2283.Pa /etc/crontab . 2284.It Va netfs_types 2285.Pq Vt str 2286List of file system types that are network-based. 2287This list should generally not be modified by end users. 2288Use 2289.Va extra_netfs_types 2290instead. 2291.It Va extra_netfs_types 2292.Pq Vt str 2293If set to something other than 2294.Dq Li NO 2295(the default), 2296this variable extends the list of file system types 2297for which automatic mounting at startup by 2298.Xr rc 8 2299should be delayed until the network is initialized. 2300It should contain 2301a whitespace-separated list of network file system descriptor pairs, 2302each consisting of a file system type as passed to 2303.Xr mount 8 2304and a human-readable, one-word description, 2305joined with a colon 2306.Pq Ql \&: . 2307Extending the default list in this way is only necessary 2308when third party file system types are used. 2309.It Va syslogd_enable 2310.Pq Vt bool 2311If set to 2312.Dq Li YES , 2313run the 2314.Xr syslogd 8 2315daemon. 2316Note, the 2317.Va syslogd_oomprotect 2318variable is set to 2319.Dq Li YES 2320by default in 2321.Pa /etc/defaults/rc.conf . 2322.It Va syslogd_program 2323.Pq Vt str 2324Path to 2325.Xr syslogd 8 2326(default 2327.Pa /usr/sbin/syslogd ) . 2328.It Va syslogd_flags 2329.Pq Vt str 2330If 2331.Va syslogd_enable 2332is set to 2333.Dq Li YES , 2334these are the flags to pass to 2335.Xr syslogd 8 . 2336.It Va inetd_enable 2337.Pq Vt bool 2338If set to 2339.Dq Li YES , 2340run the 2341.Xr inetd 8 2342daemon. 2343.It Va inetd_program 2344.Pq Vt str 2345Path to 2346.Xr inetd 8 2347(default 2348.Pa /usr/sbin/inetd ) . 2349.It Va inetd_flags 2350.Pq Vt str 2351If 2352.Va inetd_enable 2353is set to 2354.Dq Li YES , 2355these are the flags to pass to 2356.Xr inetd 8 . 2357.It Va hastd_enable 2358.Pq Vt bool 2359If set to 2360.Dq Li YES , 2361run the 2362.Xr hastd 8 2363daemon. 2364.It Va hastd_program 2365.Pq Vt str 2366Path to 2367.Xr hastd 8 2368(default 2369.Pa /sbin/hastd ) . 2370.It Va hastd_flags 2371.Pq Vt str 2372If 2373.Va hastd_enable 2374is set to 2375.Dq Li YES , 2376these are the flags to pass to 2377.Xr hastd 8 . 2378.It Va local_unbound_enable 2379.Pq Vt bool 2380If set to 2381.Dq Li YES , 2382run the 2383.Xr unbound 8 2384daemon as a local caching DNS resolver. 2385Note, the 2386.Va local_unbound_oomprotect 2387variable is set to 2388.Dq Li YES 2389by default in 2390.Pa /etc/defaults/rc.conf . 2391.It Va nscd_enable 2392.Pq Vt bool 2393Set to 2394.Dq Li YES 2395to start the 2396.Xr nscd 8 2397caching daemon for the 2398.Nm nsswitch 2399subsystem. 2400.It Va nscd_flags 2401.Pq Vt str 2402If 2403.Va nscd_enable 2404is set to 2405.Dq Li YES , 2406these flags are passed to 2407.Xr nscd 8 . 2408.It Va kdc_enable 2409.Pq Vt bool 2410Set to 2411.Dq Li YES 2412to start a Kerberos 5 authentication server 2413at boot time. 2414.It Va kdc_program 2415.Pq Vt str 2416If 2417.Va kdc_enable 2418is set to 2419.Dq Li YES 2420this is the path to Kerberos 5 Authentication Server. 2421.It Va kdc_flags 2422.Pq Vt str 2423Empty by default. 2424This variable contains additional flags to be passed to the Kerberos 5 2425authentication server. 2426.It Va kadmind_enable 2427.Pq Vt bool 2428Set to 2429.Dq Li YES 2430to start 2431.Xr kadmind 8 , 2432the Kerberos 5 Administration Daemon; set to 2433.Dq Li NO 2434on a slave server. 2435.It Va kadmind_program 2436.Pq Vt str 2437If 2438.Va kadmind_enable 2439is set to 2440.Dq Li YES 2441this is the path to Kerberos 5 Administration Daemon. 2442.It Va kpasswdd_enable 2443.Pq Vt bool 2444Set to 2445.Dq Li YES 2446to start 2447.Xr kpasswdd 8 , 2448the Kerberos 5 Password-Changing Daemon; set to 2449.Dq Li NO 2450on a slave server. 2451.It Va kpasswdd_program 2452.Pq Vt str 2453If 2454.Va kpasswdd_enable 2455is set to 2456.Dq Li YES 2457this is the path to Kerberos 5 Password-Changing Daemon. 2458.It Va kfd_enable 2459.Pq Vt bool 2460Set to 2461.Dq Li YES 2462to start 2463.Xr kfd 8 , 2464the Kerberos 5 ticket forwarding daemon, at the boot time. 2465.It Va kfd_program 2466.Pq Vt str 2467Path to 2468.Xr kfd 8 2469(default 2470.Pa /usr/libexec/kfd ) . 2471.It Va rwhod_enable 2472.Pq Vt bool 2473If set to 2474.Dq Li YES , 2475run the 2476.Xr rwhod 8 2477daemon at boot time. 2478.It Va rwhod_flags 2479.Pq Vt str 2480If 2481.Va rwhod_enable 2482is set to 2483.Dq Li YES , 2484these are the flags to pass to it. 2485.It Va update_motd 2486.Pq Vt bool 2487If set to 2488.Dq Li YES , 2489.Pa /var/run/motd 2490will be updated at boot time to reflect the kernel release 2491being run. 2492If set to 2493.Dq Li NO , 2494.Pa /var/run/motd 2495will not be updated. 2496.It Va nfs_client_enable 2497.Pq Vt bool 2498If set to 2499.Dq Li YES , 2500run the NFS client daemons at boot time. 2501.It Va nfs_access_cache 2502.Pq Vt int 2503If 2504.Va nfs_client_enable 2505is set to 2506.Dq Li YES , 2507this can be set to 2508.Dq Li 0 2509to disable NFS ACCESS RPC caching, or to the number of seconds for which 2510NFS ACCESS 2511results should be cached. 2512A value of 2-10 seconds will substantially reduce network 2513traffic for many NFS operations. 2514.It Va nfs_server_enable 2515.Pq Vt bool 2516If set to 2517.Dq Li YES , 2518run the NFS server daemons at boot time. 2519.It Va nfs_server_flags 2520.Pq Vt str 2521If 2522.Va nfs_server_enable 2523is set to 2524.Dq Li YES , 2525these are the flags to pass to the 2526.Xr nfsd 8 2527daemon. 2528.It Va nfsv4_server_enable 2529.Pq Vt bool 2530If 2531.Va nfs_server_enable 2532is set to 2533.Dq Li YES 2534and 2535.Va nfsv4_server_enable 2536is set to 2537.Dq Li YES , 2538enable the server for NFSv4 as well as NFSv2 and NFSv3. 2539.It Va nfsv4_server_only 2540.Pq Vt bool 2541If 2542.Va nfs_server_enable 2543is set to 2544.Dq Li YES 2545and 2546.Va nfsv4_server_only 2547is set to 2548.Dq Li YES , 2549enable the NFS server for NFSv4 only. 2550.It Va nfs_server_maxio 2551.Pq Vt int 2552value to set vfs.nfsd.srvmaxio to, which is the 2553maximum I/O size for the NFS server. 2554.It Va tlsclntd_enable 2555.Pq Vt bool 2556If set to 2557.Dq Li YES , 2558run the 2559.Xr rpc.tlsclntd 8 2560daemon, which is needed for NFS-over-TLS NFS mounts. 2561.It Va tlsservd_enable 2562.Pq Vt bool 2563If set to 2564.Dq Li YES , 2565run the 2566.Xr rpc.tlsservd 8 2567daemon, which is needed for the 2568.Xr nfsd 8 2569to support NFS-over-TLS NFS mounts. 2570.It Va nfsuserd_enable 2571.Pq Vt bool 2572If 2573.Va nfsuserd_enable 2574is set to 2575.Dq Li YES , 2576run the nfsuserd daemon, which is needed for NFSv4 in order 2577to map between user/group names vs uid/gid numbers. 2578If 2579.Va nfsv4_server_enable 2580is set to 2581.Dq Li YES , 2582this will be forced enabled. 2583.It Va nfsuserd_flags 2584.Pq Vt str 2585If 2586.Va nfsuserd_enable 2587is set to 2588.Dq Li YES , 2589these are the flags to pass to the 2590.Xr nfsuserd 8 2591daemon. 2592.It Va nfscbd_enable 2593.Pq Vt bool 2594If 2595.Va nfscbd_enable 2596is set to 2597.Dq Li YES , 2598run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2599.It Va nfscbd_flags 2600.Pq Vt str 2601If 2602.Va nfscbd_enable 2603is set to 2604.Dq Li YES , 2605these are the flags to pass to the 2606.Xr nfscbd 8 2607daemon. 2608.It Va mountd_enable 2609.Pq Vt bool 2610If set to 2611.Dq Li YES , 2612and no 2613.Va nfs_server_enable 2614is set, start 2615.Xr mountd 8 , 2616but not 2617.Xr nfsd 8 2618daemon. 2619It is commonly needed to run CFS without real NFS used. 2620.It Va mountd_flags 2621.Pq Vt str 2622If 2623.Va mountd_enable 2624is set to 2625.Dq Li YES , 2626these are the flags to pass to the 2627.Xr mountd 8 2628daemon. 2629.It Va weak_mountd_authentication 2630.Pq Vt bool 2631If set to 2632.Dq Li YES , 2633allow services like PCNFSD to make non-privileged mount 2634requests. 2635.It Va nfs_reserved_port_only 2636.Pq Vt bool 2637If set to 2638.Dq Li YES , 2639provide NFS services only on a secure port. 2640.It Va nfs_bufpackets 2641.Pq Vt int 2642If set to a number, indicates the number of packets worth of 2643socket buffer space to reserve on an NFS client. 2644The kernel default is typically 4. 2645Using a higher number may be 2646useful on gigabit networks to improve performance. 2647The minimum value is 26482 and the maximum is 64. 2649.It Va rpc_lockd_enable 2650.Pq Vt bool 2651If set to 2652.Dq Li YES 2653and also an NFS server or client, run 2654.Xr rpc.lockd 8 2655at boot time. 2656.It Va rpc_lockd_flags 2657.Pq Vt str 2658If 2659.Va rpc_lockd_enable 2660is set to 2661.Dq Li YES , 2662these are the flags to pass to the 2663.Xr rpc.lockd 8 2664daemon. 2665.It Va rpc_statd_enable 2666.Pq Vt bool 2667If set to 2668.Dq Li YES 2669and also an NFS server or client, run 2670.Xr rpc.statd 8 2671at boot time. 2672.It Va rpc_statd_flags 2673.Pq Vt str 2674If 2675.Va rpc_statd_enable 2676is set to 2677.Dq Li YES , 2678these are the flags to pass to the 2679.Xr rpc.statd 8 2680daemon. 2681.It Va rpcbind_program 2682.Pq Vt str 2683Path to 2684.Xr rpcbind 8 2685(default 2686.Pa /usr/sbin/rpcbind ) . 2687.It Va rpcbind_enable 2688.Pq Vt bool 2689If set to 2690.Dq Li YES , 2691run the 2692.Xr rpcbind 8 2693service at boot time. 2694.It Va rpcbind_flags 2695.Pq Vt str 2696If 2697.Va rpcbind_enable 2698is set to 2699.Dq Li YES , 2700these are the flags to pass to the 2701.Xr rpcbind 8 2702daemon. 2703.It Va keyserv_enable 2704.Pq Vt bool 2705If set to 2706.Dq Li YES , 2707run the 2708.Xr keyserv 8 2709daemon on boot for running Secure RPC. 2710.It Va keyserv_flags 2711.Pq Vt str 2712If 2713.Va keyserv_enable 2714is set to 2715.Dq Li YES , 2716these are the flags to pass to 2717.Xr keyserv 8 2718daemon. 2719.It Va pppoed_enable 2720.Pq Vt bool 2721If set to 2722.Dq Li YES , 2723run the 2724.Xr pppoed 8 2725daemon at boot time to provide PPP over Ethernet services. 2726.It Va pppoed_ Ns Aq Ar provider 2727.Pq Vt str 2728.Xr pppoed 8 2729listens to requests to this 2730.Ar provider 2731and ultimately runs 2732.Xr ppp 8 2733with a 2734.Ar system 2735argument of the same name. 2736.It Va pppoed_flags 2737.Pq Vt str 2738Additional flags to pass to 2739.Xr pppoed 8 . 2740.It Va pppoed_interface 2741.Pq Vt str 2742The network interface to run 2743.Xr pppoed 8 2744on. 2745This is mandatory when 2746.Va pppoed_enable 2747is set to 2748.Dq Li YES . 2749.It Va ntpdate_enable 2750.Pq Vt bool 2751If set to 2752.Dq Li YES , 2753run 2754.Xr ntpdate 8 2755at system startup. 2756This command is intended to 2757synchronize the system clock only 2758.Em once 2759from some standard reference. 2760.Pp 2761Note that the use of the 2762.Va ntpd_sync_on_start 2763variable is a preferred alternative to the 2764.Xr ntpdate 8 2765utility as 2766.Xr ntpdate 8 2767is to be retired from the NTP distribution. 2768.It Va ntpdate_config 2769.Pq Vt str 2770Configuration file for 2771.Xr ntpdate 8 . 2772Default 2773.Pa /etc/ntp.conf . 2774.It Va ntpdate_hosts 2775.Pq Vt str 2776A whitespace-separated list of NTP servers to synchronize with at startup. 2777The default is to use the servers listed in 2778.Va ntpdate_config , 2779if that file exists. 2780.It Va ntpdate_program 2781.Pq Vt str 2782Path to 2783.Xr ntpdate 8 2784(default 2785.Pa /usr/sbin/ntpdate ) . 2786.It Va ntpdate_flags 2787.Pq Vt str 2788If 2789.Va ntpdate_enable 2790is set to 2791.Dq Li YES , 2792these are the flags to pass to the 2793.Xr ntpdate 8 2794command (typically a hostname). 2795.It Va ntpd_enable 2796.Pq Vt bool 2797If set to 2798.Dq Li YES , 2799run the 2800.Xr ntpd 8 2801command at boot time. 2802.It Va ntpd_program 2803.Pq Vt str 2804Path to 2805.Xr ntpd 8 2806(default 2807.Pa /usr/sbin/ntpd ) . 2808.It Va ntpd_config 2809.Pq Vt str 2810Path to 2811.Xr ntpd 8 2812configuration file. 2813Default 2814.Pa /etc/ntp.conf . 2815.It Va ntpd_flags 2816.Pq Vt str 2817If 2818.Va ntpd_enable 2819is set to 2820.Dq Li YES , 2821these are the flags to pass to the 2822.Xr ntpd 8 2823daemon. 2824.It Va ntpd_sync_on_start 2825.Pq Vt bool 2826If set to 2827.Dq Li YES , 2828.Xr ntpd 8 2829is run with the 2830.Fl g 2831flag, which syncs the system's clock on startup. 2832See 2833.Xr ntpd 8 2834for more information regarding the 2835.Fl g 2836option. 2837This is a preferred alternative to using 2838.Xr ntpdate 8 2839or specifying the 2840.Va ntpdate_enable 2841variable. 2842.It Va nis_client_enable 2843.Pq Vt bool 2844If set to 2845.Dq Li YES , 2846run the 2847.Xr ypbind 8 2848service at system boot time. 2849.It Va nis_client_flags 2850.Pq Vt str 2851If 2852.Va nis_client_enable 2853is set to 2854.Dq Li YES , 2855these are the flags to pass to the 2856.Xr ypbind 8 2857service. 2858.It Va nis_ypldap_enable 2859.Pq Vt bool 2860If set to 2861.Dq Li YES , 2862run the 2863.Xr ypldap 8 2864daemon at system boot time. 2865.It Va nis_ypldap_flags 2866.Pq Vt str 2867If 2868.Va nis.ypldap_enable 2869is set to 2870.Dq Li YES , 2871these are the flags to pass to the 2872.Xr ypldap 8 2873daemon. 2874.It Va nis_ypset_enable 2875.Pq Vt bool 2876If set to 2877.Dq Li YES , 2878run the 2879.Xr ypset 8 2880daemon at system boot time. 2881.It Va nis_ypset_flags 2882.Pq Vt str 2883If 2884.Va nis_ypset_enable 2885is set to 2886.Dq Li YES , 2887these are the flags to pass to the 2888.Xr ypset 8 2889daemon. 2890.It Va nis_server_enable 2891.Pq Vt bool 2892If set to 2893.Dq Li YES , 2894run the 2895.Xr ypserv 8 2896daemon at system boot time. 2897.It Va nis_server_flags 2898.Pq Vt str 2899If 2900.Va nis_server_enable 2901is set to 2902.Dq Li YES , 2903these are the flags to pass to the 2904.Xr ypserv 8 2905daemon. 2906.It Va nis_ypxfrd_enable 2907.Pq Vt bool 2908If set to 2909.Dq Li YES , 2910run the 2911.Xr rpc.ypxfrd 8 2912daemon at system boot time. 2913.It Va nis_ypxfrd_flags 2914.Pq Vt str 2915If 2916.Va nis_ypxfrd_enable 2917is set to 2918.Dq Li YES , 2919these are the flags to pass to the 2920.Xr rpc.ypxfrd 8 2921daemon. 2922.It Va nis_yppasswdd_enable 2923.Pq Vt bool 2924If set to 2925.Dq Li YES , 2926run the 2927.Xr rpc.yppasswdd 8 2928daemon at system boot time. 2929.It Va nis_yppasswdd_flags 2930.Pq Vt str 2931If 2932.Va nis_yppasswdd_enable 2933is set to 2934.Dq Li YES , 2935these are the flags to pass to the 2936.Xr rpc.yppasswdd 8 2937daemon. 2938.It Va rpc_ypupdated_enable 2939.Pq Vt bool 2940If set to 2941.Dq Li YES , 2942run the 2943.Nm rpc.ypupdated 2944daemon at system boot time. 2945.It Va bsnmpd_enable 2946.Pq Vt bool 2947If set to 2948.Dq Li YES , 2949run the 2950.Xr bsnmpd 1 2951daemon at system boot time. 2952Be sure to understand the security implications of running an SNMP daemon 2953on your host. 2954.It Va bsnmpd_flags 2955.Pq Vt str 2956If 2957.Va bsnmpd_enable 2958is set to 2959.Dq Li YES , 2960these are the flags to pass to the 2961.Xr bsnmpd 1 2962daemon. 2963.It Va defaultrouter 2964.Pq Vt str 2965If not set to 2966.Dq Li NO , 2967create a default route to this host name or IP address 2968(use an IP address if this router is also required to get to the 2969name server!). 2970.It Va defaultrouter_fibN 2971.Pq Vt str 2972If not set to 2973.Dq Li NO , 2974create a default route in FIB N to this host name or IP address. 2975.It Va ipv6_defaultrouter 2976.Pq Vt str 2977The IPv6 equivalent of 2978.Va defaultrouter . 2979.It Va ipv6_defaultrouter_fibN 2980.Pq Vt str 2981The IPv6 equivalent of 2982.Va defaultrouter_fibN . 2983.It Va static_arp_pairs 2984.Pq Vt str 2985Set to the list of static ARP pairs that are to be added at system 2986boot time. 2987For each whitespace separated 2988.Ar element 2989in the value, a 2990.Va static_arp_ Ns Aq Ar element 2991variable is assumed to exist whose contents will later be passed to a 2992.Dq Nm arp Cm -S 2993operation. 2994For example 2995.Bd -literal 2996static_arp_pairs="gw" 2997static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2998.Ed 2999.It Va static_ndp_pairs 3000.Pq Vt str 3001Set to the list of static NDP pairs that are to be added at system 3002boot time. 3003For each whitespace separated 3004.Ar element 3005in the value, a 3006.Va static_ndp_ Ns Aq Ar element 3007variable is assumed to exist whose contents will later be passed to a 3008.Dq Nm ndp Cm -s 3009operation. 3010For example 3011.Bd -literal 3012static_ndp_pairs="gw" 3013static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 3014.Ed 3015.It Va static_routes 3016.Pq Vt str 3017Set to the list of static routes that are to be added at system 3018boot time. 3019If not set to 3020.Dq Li NO 3021then for each whitespace separated 3022.Ar element 3023in the value, a 3024.Va route_ Ns Aq Ar element 3025variable is assumed to exist 3026whose contents will later be passed to a 3027.Dq Nm route Cm add 3028operation. 3029For example: 3030.Bd -literal 3031static_routes="ext mcast:gif0 gif0local:gif0" 3032route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3033route_mcast="-net 224.0.0.0/4 -iface gif0" 3034route_gif0local="-host 169.254.1.1 -iface lo0" 3035.Ed 3036.Pp 3037When an 3038.Ar element 3039is in the form of 3040.Li name:ifname , 3041the route is specific to the interface 3042.Li ifname . 3043.It Va ipv6_static_routes 3044.Pq Vt str 3045The IPv6 equivalent of 3046.Va static_routes . 3047If not set to 3048.Dq Li NO 3049then for each whitespace separated 3050.Ar element 3051in the value, a 3052.Va ipv6_route_ Ns Aq Ar element 3053variable is assumed to exist 3054whose contents will later be passed to a 3055.Dq Nm route Cm add Fl inet6 3056operation. 3057.It Va gateway_enable 3058.Pq Vt bool 3059If set to 3060.Dq Li YES , 3061configure host to act as an IP router, e.g.\& to forward packets 3062between interfaces. 3063.It Va ipv6_gateway_enable 3064.Pq Vt bool 3065The IPv6 equivalent of 3066.Va gateway_enable . 3067.It Va routed_enable 3068.Pq Vt bool 3069If set to 3070.Dq Li YES , 3071run a routing daemon of some sort, based on the 3072settings of 3073.Va routed_program 3074and 3075.Va routed_flags . 3076.It Va route6d_enable 3077.Pq Vt bool 3078The IPv6 equivalent of 3079.Va routed_enable . 3080If set to 3081.Dq Li YES , 3082run a routing daemon of some sort, based on the 3083settings of 3084.Va route6d_program 3085and 3086.Va route6d_flags . 3087.It Va routed_program 3088.Pq Vt str 3089If 3090.Va routed_enable 3091is set to 3092.Dq Li YES , 3093this is the name of the routing daemon to use. 3094The default is 3095.Xr routed 8 . 3096.It Va route6d_program 3097.Pq Vt str 3098The IPv6 equivalent of 3099.Va routed_program . 3100The default is 3101.Xr route6d 8 . 3102.It Va routed_flags 3103.Pq Vt str 3104If 3105.Va routed_enable 3106is set to 3107.Dq Li YES , 3108these are the flags to pass to the routing daemon. 3109.It Va route6d_flags 3110.Pq Vt str 3111The IPv6 equivalent of 3112.Va routed_flags . 3113.It Va rtadvd_enable 3114.Pq Vt bool 3115If set to 3116.Dq Li YES , 3117run the 3118.Xr rtadvd 8 3119daemon at boot time. 3120The 3121.Xr rtadvd 8 3122utility sends ICMPv6 Router Advertisement messages to 3123the interfaces specified in 3124.Va rtadvd_interfaces . 3125This should only be enabled with great care. 3126You may want to fine-tune 3127.Xr rtadvd.conf 5 . 3128.It Va rtadvd_interfaces 3129.Pq Vt str 3130If 3131.Va rtadvd_enable 3132is set to 3133.Dq Li YES 3134this is the list of interfaces to use. 3135.It Va arpproxy_all 3136.Pq Vt bool 3137If set to 3138.Dq Li YES , 3139enable global proxy ARP. 3140.It Va forward_sourceroute 3141.Pq Vt bool 3142If set to 3143.Dq Li YES 3144and 3145.Va gateway_enable 3146is also set to 3147.Dq Li YES , 3148source-routed packets are forwarded. 3149.It Va accept_sourceroute 3150.Pq Vt bool 3151If set to 3152.Dq Li YES , 3153the system will accept source-routed packets directed at it. 3154.It Va rarpd_enable 3155.Pq Vt bool 3156If set to 3157.Dq Li YES , 3158run the 3159.Xr rarpd 8 3160daemon at system boot time. 3161.It Va rarpd_flags 3162.Pq Vt str 3163If 3164.Va rarpd_enable 3165is set to 3166.Dq Li YES , 3167these are the flags to pass to the 3168.Xr rarpd 8 3169daemon. 3170.It Va bootparamd_enable 3171.Pq Vt bool 3172If set to 3173.Dq Li YES , 3174run the 3175.Xr bootparamd 8 3176daemon at system boot time. 3177.It Va bootparamd_flags 3178.Pq Vt str 3179If 3180.Va bootparamd_enable 3181is set to 3182.Dq Li YES , 3183these are the flags to pass to the 3184.Xr bootparamd 8 3185daemon. 3186.It Va stf_interface_ipv4addr 3187.Pq Vt str 3188If not set to 3189.Dq Li NO , 3190this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3191interface). 3192Specify this entry to enable the 6to4 interface. 3193.It Va stf_interface_ipv4plen 3194.Pq Vt int 3195Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3196An effective value is 0-31. 3197.It Va stf_interface_ipv6_ifid 3198.Pq Vt str 3199IPv6 interface ID for 3200.Xr stf 4 . 3201This can be set to 3202.Dq Li AUTO . 3203.It Va stf_interface_ipv6_slaid 3204.Pq Vt str 3205IPv6 Site Level Aggregator for 3206.Xr stf 4 . 3207.It Va ipv6_ipv4mapping 3208.Pq Vt bool 3209If set to 3210.Dq Li YES 3211this enables IPv4 mapped IPv6 address communication (like 3212.Li ::ffff:a.b.c.d ) . 3213.It Va rtsold_enable 3214.Pq Vt bool 3215Set to 3216.Dq Li YES 3217to enable the 3218.Xr rtsold 8 3219daemon to send ICMPv6 Router Solicitation messages. 3220.It Va rtsold_flags 3221.Pq Vt str 3222If 3223.Va rtsold_enable 3224is set to 3225.Dq Li YES , 3226these are the flags to pass to 3227.Xr rtsold 8 . 3228.It Va rtsol_flags 3229.Pq Vt str 3230For interfaces configured with the 3231.Dq Li inet6 accept_rtadv 3232keyword, these are the flags to pass to 3233.Xr rtsol 8 . 3234.Pp 3235Note that 3236.Va rtsold_enable 3237is mutually exclusive to 3238.Va rtsol_flags ; 3239.Va rtsold_enable 3240takes precedence. 3241.It Va keybell 3242.Pq Vt str 3243The keyboard bell sound. 3244Set to 3245.Dq Li normal , 3246.Dq Li visual , 3247.Dq Li off , 3248or 3249.Dq Li NO 3250if the default behavior is desired. 3251For details, refer to the 3252.Xr kbdcontrol 1 3253manpage. 3254.It Va keyboard 3255.Pq Vt str 3256If set to a non-null string, the virtual console's keyboard input is 3257set to this device. 3258.It Va keymap 3259.Pq Vt str 3260If set to 3261.Dq Li NO , 3262no keymap is installed, otherwise the value is used to install 3263the keymap file found in 3264.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3265(if using 3266.Xr syscons 4 ) or 3267.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3268(if using 3269.Xr vt 4 ) . 3270.It Va keyrate 3271.Pq Vt str 3272The keyboard repeat speed. 3273Set to 3274.Dq Li slow , 3275.Dq Li normal , 3276.Dq Li fast , 3277or 3278.Dq Li NO 3279if the default behavior is desired. 3280.It Va keychange 3281.Pq Vt str 3282If not set to 3283.Dq Li NO , 3284attempt to program the function keys with the value. 3285The value should 3286be a single string of the form: 3287.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3288.It Va cursor 3289.Pq Vt str 3290Can be set to the value of 3291.Dq Li normal , 3292.Dq Li blink , 3293.Dq Li destructive , 3294or 3295.Dq Li NO 3296to set the cursor behavior explicitly or choose the default behavior. 3297.It Va scrnmap 3298.Pq Vt str 3299If set to 3300.Dq Li NO , 3301no screen map is installed, otherwise the value is used to install 3302the screen map file in 3303.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3304This parameter is ignored when using 3305.Xr vt 4 3306as the console driver. 3307.It Va font8x16 3308.Pq Vt str 3309If set to 3310.Dq Li NO , 3311the default 8x16 font value is used for screen size requests, otherwise 3312the value in 3313.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3314or 3315.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3316is used (depending on the console driver being used). 3317.It Va font8x14 3318.Pq Vt str 3319If set to 3320.Dq Li NO , 3321the default 8x14 font value is used for screen size requests, otherwise 3322the value in 3323.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3324or 3325.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3326is used (depending on the console driver being used). 3327.It Va font8x8 3328.Pq Vt str 3329If set to 3330.Dq Li NO , 3331the default 8x8 font value is used for screen size requests, otherwise 3332the value in 3333.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3334or 3335.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3336is used (depending on the console driver being used). 3337.It Va blanktime 3338.Pq Vt int 3339If set to 3340.Dq Li NO , 3341the default screen blanking interval is used, otherwise it is set 3342to 3343.Ar value 3344seconds. 3345.It Va saver 3346.Pq Vt str 3347If not set to 3348.Dq Li NO , 3349this is the actual screen saver to use 3350.Li ( blank , snake , daemon , 3351etc). 3352.It Va moused_nondefault_enable 3353.Pq Vt str 3354If set to 3355.Dq Li NO , 3356the mouse device specified on 3357the command line is not automatically treated as enabled by the 3358.Pa /etc/rc.d/moused 3359script. 3360Having this variable set to 3361.Dq Li YES 3362allows a 3363.Xr usb 4 3364mouse, 3365for example, 3366to be enabled as soon as it is plugged in. 3367.It Va moused_enable 3368.Pq Vt str 3369If set to 3370.Dq Li YES , 3371the 3372.Xr moused 8 3373daemon is started for doing cut/paste selection on the console. 3374.It Va moused_type 3375.Pq Vt str 3376This is the protocol type of the mouse connected to this host. 3377This variable must be set if 3378.Va moused_enable 3379is set to 3380.Dq Li YES , 3381but defaults to 3382.Dq Li auto 3383as the 3384.Xr moused 8 3385daemon 3386is able to detect the appropriate mouse type automatically in many cases. 3387Set this variable to 3388one from the following list if the automatic detection fails. 3389.Pp 3390If the mouse is attached to the PS/2 mouse port, choose 3391.Dq Li auto 3392or 3393.Dq Li ps/2 , 3394regardless of the brand and model of the mouse. 3395Likewise, if the 3396mouse is attached to the bus mouse port, choose 3397.Dq Li auto 3398or 3399.Dq Li busmouse . 3400All other protocols are for serial mice and will not work with 3401the PS/2 and bus mice. 3402If this is a USB mouse, 3403.Dq Li auto 3404is the only protocol type which will work. 3405.Pp 3406.Bl -tag -width ".Li x10mouseremote" -compact 3407.It Li microsoft 3408Microsoft mouse (serial) 3409.It Li intellimouse 3410Microsoft IntelliMouse (serial) 3411.It Li mousesystems 3412Mouse systems Corp.\& mouse (serial) 3413.It Li mmseries 3414MM Series mouse (serial) 3415.It Li logitech 3416Logitech mouse (serial) 3417.It Li busmouse 3418A bus mouse 3419.It Li mouseman 3420Logitech MouseMan and TrackMan (serial) 3421.It Li glidepoint 3422ALPS GlidePoint (serial) 3423.It Li thinkingmouse 3424Kensington ThinkingMouse (serial) 3425.It Li ps/2 3426PS/2 mouse 3427.It Li mmhittab 3428MM HitTablet (serial) 3429.It Li x10mouseremote 3430X10 MouseRemote (serial) 3431.It Li versapad 3432Interlink VersaPad (serial) 3433.El 3434.Pp 3435Even if the mouse is not in the above list, it may be compatible 3436with one in the list. 3437Refer to the manual page for 3438.Xr moused 8 3439for compatibility information. 3440.Pp 3441It should also be noted that while this is enabled, any 3442other client of the mouse (such as an X server) should access 3443the mouse through the virtual mouse device, 3444.Pa /dev/sysmouse , 3445and configure it as a 3446.Dq Li sysmouse 3447type mouse, since all 3448mouse data is converted to this single canonical format when 3449using 3450.Xr moused 8 . 3451If the client program does not support the 3452.Dq Li sysmouse 3453type, 3454specify the 3455.Dq Li mousesystems 3456type. 3457It is the second preferred type. 3458.It Va moused_port 3459.Pq Vt str 3460If 3461.Va moused_enable 3462is set to 3463.Dq Li YES , 3464this is the actual port the mouse is on. 3465It might be 3466.Pa /dev/cuau0 3467for a COM1 serial mouse, or 3468.Pa /dev/psm0 3469for a PS/2 mouse, for example. 3470.It Va moused_flags 3471.Pq Vt str 3472If 3473.Va moused_flags 3474is set, its value is used as an additional set of flags to pass to the 3475.Xr moused 8 3476daemon. 3477.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3478When 3479.Va moused_nondefault_enable 3480is enabled, and a 3481.Xr moused 8 3482daemon is started for a non-default port, the 3483.Va "moused_" Ns Ar XXX Ns Va "_flags" 3484set of options has precedence over and replaces the default 3485.Va moused_flags 3486(where 3487.Ar XXX 3488is the name of the non-default port, i.e.,\& 3489.Ar ums0 ) . 3490By setting 3491.Va "moused_" Ns Ar XXX Ns Va "_flags" 3492it is possible to set up a different set of default flags for each 3493.Xr moused 8 3494instance. 3495For example, you can use 3496.Dq Li "-3" 3497for the default 3498.Va moused_flags 3499to make your laptop's touchpad more comfortable to use, 3500but an empty set of options for 3501.Va moused_ums0_flags 3502when your 3503.Xr usb 4 3504mouse has three or more buttons. 3505.It Va mousechar_start 3506.Pq Vt int 3507If set to 3508.Dq Li NO , 3509the default mouse cursor character range 3510.Li 0xd0 Ns - Ns Li 0xd3 3511is used, 3512otherwise the range start is set 3513to 3514.Ar value 3515character, see 3516.Xr vidcontrol 1 . 3517Use if the default range is occupied in the language code table. 3518.It Va allscreens_flags 3519.Pq Vt str 3520If set, 3521.Xr vidcontrol 1 3522is run with these options for each of the virtual terminals 3523.Pq Pa /dev/ttyv* . 3524For example, 3525.Dq Fl m Cm on 3526will enable the mouse pointer on all virtual terminals 3527if 3528.Va moused_enable 3529is set to 3530.Dq Li YES . 3531.It Va allscreens_kbdflags 3532.Pq Vt str 3533If set, 3534.Xr kbdcontrol 1 3535is run with these options for each of the virtual terminals 3536.Pq Pa /dev/ttyv* . 3537For example, 3538.Dq Fl h Li 200 3539will set the 3540.Xr syscons 4 3541or 3542.Xr vt 4 3543scrollback (history) buffer to 200 lines. 3544.It Va cron_enable 3545.Pq Vt bool 3546If set to 3547.Dq Li YES , 3548run the 3549.Xr cron 8 3550daemon at system boot time. 3551.It Va cron_program 3552.Pq Vt str 3553Path to 3554.Xr cron 8 3555(default 3556.Pa /usr/sbin/cron ) . 3557.It Va cron_flags 3558.Pq Vt str 3559If 3560.Va cron_enable 3561is set to 3562.Dq Li YES , 3563these are the flags to pass to 3564.Xr cron 8 . 3565.It Va cron_dst 3566.Pq Vt bool 3567If set to 3568.Dq Li YES , 3569enable the special handling of transitions to and from the 3570Daylight Saving Time in 3571.Xr cron 8 3572(equivalent to using the flag 3573.Fl s ) . 3574.It Va lpd_program 3575.Pq Vt str 3576Path to 3577.Xr lpd 8 3578(default 3579.Pa /usr/sbin/lpd ) . 3580.It Va lpd_enable 3581.Pq Vt bool 3582If set to 3583.Dq Li YES , 3584run the 3585.Xr lpd 8 3586daemon at system boot time. 3587.It Va lpd_flags 3588.Pq Vt str 3589If 3590.Va lpd_enable 3591is set to 3592.Dq Li YES , 3593these are the flags to pass to the 3594.Xr lpd 8 3595daemon. 3596.It Va chkprintcap_enable 3597.Pq Vt bool 3598If set to 3599.Dq Li YES , 3600run the 3601.Xr chkprintcap 8 3602command before starting the 3603.Xr lpd 8 3604daemon. 3605.It Va chkprintcap_flags 3606.Pq Vt str 3607If 3608.Va lpd_enable 3609and 3610.Va chkprintcap_enable 3611are set to 3612.Dq Li YES , 3613these are the flags to pass to the 3614.Xr chkprintcap 8 3615program. 3616The default is 3617.Dq Li -d , 3618which causes missing directories to be created. 3619.It Va dumpdev 3620.Pq Vt str 3621Indicates the device (usually a swap partition) to which a crash dump 3622should be written in the event of a system crash. 3623If the value of this variable is 3624.Dq Li AUTO , 3625the first suitable swap device listed in 3626.Pa /etc/fstab 3627will be used as dump device. 3628Otherwise, the value of this variable is passed as the argument to 3629.Xr dumpon 8 3630and 3631.Xr savecore 8 . 3632To disable crash dumps, set this variable to 3633.Dq Li NO . 3634.It Va dumpon_flags 3635.Pq Vt str 3636Flags to pass to 3637.Xr dumpon 8 3638when configuring 3639.Va dumpdev 3640as the system dump device. 3641.It Va dumpdir 3642.Pq Vt str 3643When the system reboots after a crash and a crash dump is found on the 3644device specified by the 3645.Va dumpdev 3646variable, 3647.Xr savecore 8 3648will save that crash dump and a copy of the kernel to the directory 3649specified by the 3650.Va dumpdir 3651variable. 3652The default value is 3653.Pa /var/crash . 3654Set to 3655.Dq Li NO 3656to not run 3657.Xr savecore 8 3658at boot time when 3659.Va dumpdir 3660is set. 3661.It Va savecore_enable 3662.Pq Vt bool 3663If set to 3664.Dq Li NO , 3665disable automatic extraction of the crash dump from the 3666.Va dumpdev . 3667.It Va savecore_flags 3668.Pq Vt str 3669If crash dumps are enabled, these are the flags to pass to the 3670.Xr savecore 8 3671utility. 3672.It Va quota_enable 3673.Pq Vt bool 3674Set to 3675.Dq Li YES 3676to turn on user and group disk quotas on system startup via the 3677.Xr quotaon 8 3678command for all file systems marked as having quotas enabled in 3679.Pa /etc/fstab . 3680The kernel must be built with 3681.Cd "options QUOTA" 3682for disk quotas to function. 3683.It Va check_quotas 3684.Pq Vt bool 3685Set to 3686.Dq Li YES 3687to enable user and group disk quota checking via the 3688.Xr quotacheck 8 3689command. 3690.It Va quotacheck_flags 3691.Pq Vt str 3692If 3693.Va quota_enable 3694is set to 3695.Dq Li YES , 3696and 3697.Va check_quotas 3698is set to 3699.Dq Li YES , 3700these are the flags to pass to the 3701.Xr quotacheck 8 3702utility. 3703The default is 3704.Dq Li "-a" , 3705which checks quotas for all file systems with quotas enabled in 3706.Pa /etc/fstab . 3707.It Va quotaon_flags 3708.Pq Vt str 3709If 3710.Va quota_enable 3711is set to 3712.Dq Li YES , 3713these are the flags to pass to the 3714.Xr quotaon 8 3715utility. 3716The default is 3717.Dq Li "-a" , 3718which enables quotas for all file systems with quotas enabled in 3719.Pa /etc/fstab . 3720.It Va quotaoff_flags 3721.Pq Vt str 3722If 3723.Va quota_enable 3724is set to 3725.Dq Li YES , 3726these are the flags to pass to the 3727.Xr quotaoff 8 3728utility when shutting down the quota system. 3729The default is 3730.Dq Li "-a" , 3731which disables quotas for all file systems with quotas enabled in 3732.Pa /etc/fstab . 3733.It Va accounting_enable 3734.Pq Vt bool 3735Set to 3736.Dq Li YES 3737to enable system accounting through the 3738.Xr accton 8 3739facility. 3740.It Va firstboot_sentinel 3741.Pq Vt str 3742This variable specifies the full path to a 3743.Dq first boot 3744sentinel file. 3745If a file exists with this path, 3746.Pa rc.d 3747scripts with the 3748.Dq firstboot 3749keyword will be run on startup and the sentinel file will be deleted 3750after the boot process completes. 3751The sentinel file must be located on a writable file system which is 3752mounted no later than 3753.Va early_late_divider 3754to function properly. 3755The default is 3756.Pa /firstboot . 3757.It Va linux_enable 3758.Pq Vt bool 3759Set to 3760.Dq Li YES 3761to enable Linux/ELF binary emulation at system initial 3762boot time. 3763.It Va sysvipc_enable 3764.Pq Vt bool 3765If set to 3766.Dq Li YES , 3767load System V IPC primitives at boot time. 3768.It Va clear_tmp_enable 3769.Pq Vt bool 3770Set to 3771.Dq Li YES 3772to have 3773.Pa /tmp 3774cleaned at startup. 3775.It Va clear_tmp_X 3776.Pq Vt bool 3777Set to 3778.Dq Li NO 3779to disable removing of X11 lock files, 3780and the removal and (secure) recreation 3781of the various socket directories for X11 3782related programs. 3783.It Va ldconfig_paths 3784.Pq Vt str 3785Set to the list of shared library paths to use with 3786.Xr ldconfig 8 . 3787NOTE: 3788.Pa /lib 3789and 3790.Pa /usr/lib 3791will always be added first, so they need not appear in this list. 3792.It Va ldconfig32_paths 3793.Pq Vt str 3794Set to the list of 32-bit compatibility shared library paths to 3795use with 3796.Xr ldconfig 8 . 3797.It Va ldconfig_insecure 3798.Pq Vt bool 3799The 3800.Xr ldconfig 8 3801utility normally refuses to use directories 3802which are writable by anyone except root. 3803Set this variable to 3804.Dq Li YES 3805to disable that security check during system startup. 3806.It Va ldconfig_local_dirs 3807.Pq Vt str 3808Set to the list of local 3809.Xr ldconfig 8 3810directories. 3811The names of all files in the directories listed will be 3812passed as arguments to 3813.Xr ldconfig 8 . 3814.It Va ldconfig_local32_dirs 3815.Pq Vt str 3816Set to the list of local 32-bit compatibility 3817.Xr ldconfig 8 3818directories. 3819The names of all files in the directories listed will be 3820passed as arguments to 3821.Dq Nm ldconfig Fl 32 . 3822.It Va kern_securelevel_enable 3823.Pq Vt bool 3824Set to 3825.Dq Li YES 3826to set the kernel security level at system startup. 3827.It Va kern_securelevel 3828.Pq Vt int 3829The kernel security level to set at startup. 3830The allowed range of 3831.Ar value 3832ranges from \-1 (the compile time default) to 3 (the 3833most secure). 3834See 3835.Xr security 7 3836for the list of possible security levels and their effect 3837on system operation. 3838.It Va sshd_program 3839.Pq Vt str 3840Path to the SSH server program 3841.Pa ( /usr/sbin/sshd 3842is the default). 3843.It Va sshd_enable 3844.Pq Vt bool 3845Set to 3846.Dq Li YES 3847to start 3848.Xr sshd 8 3849at system boot time. 3850Note, the 3851.Va sshd_oomprotect 3852variable is set to 3853.Dq Li YES 3854by default in 3855.Pa /etc/defaults/rc.conf . 3856.It Va sshd_flags 3857.Pq Vt str 3858If 3859.Va sshd_enable 3860is set to 3861.Dq Li YES , 3862these are the flags to pass to the 3863.Xr sshd 8 3864daemon. 3865.It Va ftpd_program 3866.Pq Vt str 3867Path to the FTP server program 3868.Pa ( /usr/libexec/ftpd 3869is the default). 3870.It Va ftpd_enable 3871.Pq Vt bool 3872Set to 3873.Dq Li YES 3874to start 3875.Xr ftpd 8 3876as a stand-alone daemon at system boot time. 3877.It Va ftpd_flags 3878.Pq Vt str 3879If 3880.Va ftpd_enable 3881is set to 3882.Dq Li YES , 3883these are the additional flags to pass to the 3884.Xr ftpd 8 3885daemon. 3886.It Va watchdogd_enable 3887.Pq Vt bool 3888If set to 3889.Dq Li YES , 3890start the 3891.Xr watchdogd 8 3892daemon at boot time. 3893This requires that the kernel have been compiled with a 3894.Xr watchdog 4 3895compatible device. 3896.It Va watchdogd_flags 3897.Pq Vt str 3898If 3899.Va watchdogd_enable 3900is set to 3901.Dq Li YES , 3902these are the flags passed to the 3903.Xr watchdogd 8 3904daemon. 3905.It Va watchdogd_timeout 3906.Pq Vt int 3907If 3908.Va watchdogd_enable 3909is set to 3910.Dq Li YES , 3911this is a timeout that will be used by the 3912.Xr watchdogd 8 3913daemon. 3914If this option is set, it overrides 3915.Fl t 3916in 3917.Va watchdogd_flags . 3918.It Va watchdogd_shutdown_timeout 3919.Pq Vt int 3920If 3921.Va watchdogd_enable 3922is set to 3923.Dq Li YES , 3924this is a timeout that will be set by the 3925.Xr watchdogd 8 3926daemon when it exits during the system shutdown. 3927This timeout will not be set when returning to the single-user mode 3928or when the watchdogd service is stopped individually using the 3929.Xr service 8 3930command or the rc.d script. 3931Note that the timeout will be applied if 3932.Xr watchdogd 8 3933is stopped outside of 3934.Xr rc 8 3935framework. 3936If this option is set, it overrides 3937.Fl x 3938in 3939.Va watchdogd_flags . 3940.It Va devfs_rulesets 3941.Pq Vt str 3942List of files containing sets of rules for 3943.Xr devfs 8 . 3944.It Va devfs_system_ruleset 3945.Pq Vt str 3946Rule name(s) to apply to the system 3947.Pa /dev 3948itself. 3949.It Va devfs_set_rulesets 3950.Pq Vt str 3951Pairs of already-mounted 3952.Pa dev 3953directories and rulesets that should be applied to them. 3954For example: /mount/dev=ruleset_name 3955.It Va devfs_load_rulesets 3956.Pq Vt bool 3957If set, always load the default rulesets listed in 3958.Va devfs_rulesets . 3959.It Va performance_cx_lowest 3960.Pq Vt str 3961CPU idle state to use while on AC power. 3962The string 3963.Dq Li LOW 3964indicates that 3965.Xr acpi 4 3966should use the lowest power state available while 3967.Dq Li HIGH 3968indicates that the lowest latency state (less power savings) should be used. 3969.It Va performance_cpu_freq 3970.Pq Vt str 3971CPU clock frequency to use while on AC power. 3972The string 3973.Dq Li LOW 3974indicates that 3975.Xr cpufreq 4 3976should use the lowest frequency available while 3977.Dq Li HIGH 3978indicates that the highest frequency (less power savings) should be used. 3979.It Va economy_cx_lowest 3980.Pq Vt str 3981CPU idle state to use when off AC power. 3982The string 3983.Dq Li LOW 3984indicates that 3985.Xr acpi 4 3986should use the lowest power state available while 3987.Dq Li HIGH 3988indicates that the lowest latency state (less power savings) should be used. 3989.It Va economy_cpu_freq 3990.Pq Vt str 3991CPU clock frequency to use when off AC power. 3992The string 3993.Dq Li LOW 3994indicates that 3995.Xr cpufreq 4 3996should use the lowest frequency available while 3997.Dq Li HIGH 3998indicates that the highest frequency (less power savings) should be used. 3999.It Va jail_enable 4000.Pq Vt bool 4001If set to 4002.Dq Li NO , 4003any configured jails will not be started. 4004.It Va jail_conf 4005.Pq Vt str 4006The configuration filename used by 4007.Xr jail 8 4008utility. 4009The default value is 4010.Pa /etc/jail.conf . 4011.Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf 4012and 4013.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 4014will also be used if 4015.Ao Va jname Ac 4016is set in 4017.Va jail_list . 4018.It Va jail_parallel_start 4019.Pq Vt bool 4020If set to 4021.Dq Li YES , 4022all configured jails will be started in the background (in parallel). 4023.It Va jail_flags 4024.Pq Vt str 4025Unset by default. 4026When set, use as default value for 4027.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4028for every jail in 4029.Va jail_list . 4030.It Va jail_list 4031.Pq Vt str 4032A space-delimited list of jail names. 4033When left empty, all of the 4034.Xr jail 8 4035instances defined in the configuration file are started. 4036The names specified in this list control the jail startup order. 4037.Xr jail 8 4038instances missing from 4039.Va jail_list 4040must be started manually. 4041Note that a jail's 4042.Va depend 4043parameter in the configuration file may override this list. 4044.It Va jail_reverse_stop 4045.Pq Vt bool 4046When set to 4047.Dq Li YES , 4048all configured jails in 4049.Va jail_list 4050are stopped in reverse order. 4051.It Va jail_ Ns * variables 4052Note that older releases supported per-jail configuration via 4053.Nm 4054variables. 4055For example, 4056hostname of a jail named 4057.Li vjail 4058was able to be set by 4059.Li jail_vjail_hostname . 4060These per-jail configuration variables are now obsolete in favor of 4061.Xr jail 8 4062configuration file. 4063For backward compatibility, 4064when per-jail configuration variables are defined, 4065.Xr jail 8 4066configuration files are created as 4067.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4068and used. 4069.Pp 4070The following per-jail parameters are handled by 4071.Pa rc.d/jail 4072script out of their corresponding 4073.Nm 4074variables. 4075In addition to them, parameters in 4076.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4077will be added to the configuration file. 4078They must be a semi-colon 4079.Pq Ql \&; 4080delimited list of 4081.Dq key=value . 4082For more details, 4083see 4084.Xr jail 8 4085manual page. 4086.Bl -tag -width "host.hostname" -offset indent 4087.It Li path 4088set from 4089.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4090.It Li host.hostname 4091set from 4092.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4093.It Li exec.consolelog 4094set from 4095.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4096The default value is 4097.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4098.It Li interface 4099set from 4100.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4101.It Li vnet.interface 4102set from 4103.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4104This implies 4105.Li vnet 4106parameter will be enabled and cannot be specified with 4107.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4108.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4109and/or 4110.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4111at the same time. 4112.It Li fstab 4113set from 4114.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4115.It Li mount 4116set from 4117.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4118.It Li exec.fib 4119set from 4120.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4121.It Li exec.start 4122set from 4123.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4124The parameter name was 4125.Li command 4126in some older releases. 4127.It Li exec.prestart 4128set from 4129.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4130.It Li exec.poststart 4131set from 4132.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4133.It Li exec.stop 4134set from 4135.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4136.It Li exec.prestop 4137set from 4138.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4139.It Li exec.poststop 4140set from 4141.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4142.It Li ip4.addr 4143set if 4144.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4145or 4146.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4147contain IPv4 addresses 4148.It Li ip6.addr 4149set if 4150.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4151or 4152.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4153contain IPv6 addresses 4154.It Li allow.mount 4155set from 4156.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4157.It Li mount.devfs 4158set from 4159.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4160.It Li devfs_ruleset 4161set from 4162.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4163This must be an integer, 4164not a string. 4165.It Li mount.fdescfs 4166set from 4167.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4168.It Li allow.set_hostname 4169set from 4170.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4171.It Li allow.rawsocket 4172set from 4173.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4174.It Li allow.sysvipc 4175set from 4176.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4177.El 4178.\" ----------------------------------------------------- 4179.It Va harvest_mask 4180.Pq Vt int 4181Set to a bit-mask 4182representing the entropy sources 4183you wish to harvest. 4184Refer to 4185.Xr random 4 4186for more information. 4187.It Va entropy_dir 4188.Pq Vt str 4189Set to 4190.Dq Li NO 4191to disable caching entropy via 4192.Xr cron 8 . 4193Otherwise set to the directory 4194in which the entropy files are stored. 4195To be useful, 4196there must be 4197a system cron job 4198that regularly writes and rotates 4199files here. 4200All files found 4201will be used at boot time. 4202The default is 4203.Pa /var/db/entropy . 4204.It Va entropy_file 4205.Pq Vt str 4206Set to 4207.Dq Li NO 4208to disable caching entropy through reboots. 4209Otherwise set to the name 4210of a file used to store cached entropy. 4211This file should be located 4212on a file system that is readable 4213before all the volumes specified in 4214.Xr fstab 5 4215are mounted. 4216By default, 4217.Pa /entropy 4218is used, 4219but if 4220.Pa /var/db/entropy-file 4221is found it will also be used. 4222This will be of some use to 4223.Xr bsdinstall 8 . 4224.It Va entropy_boot_file 4225.Pq Vt str 4226Set to 4227.Dq Li NO 4228to disable 4229very early caching entropy 4230through reboots. 4231Otherwise set to the filename 4232used to read 4233very early reboot cached entropy. 4234This file should be located where 4235.Xr loader 8 4236can read it. 4237See also 4238.Xr loader.conf 5 . 4239The default location is 4240.Pa /boot/entropy . 4241.It Va entropy_save_sz 4242.Pq Vt int 4243Size of the entropy cache files saved by 4244.Nm save-entropy 4245periodically. 4246.It Va entropy_save_num 4247.Pq Vt int 4248Number of entropy cache files to save by 4249.Nm save-entropy 4250periodically. 4251.It Va ipsec_enable 4252.Pq Vt bool 4253Set to 4254.Dq Li YES 4255to run 4256.Xr setkey 8 4257on 4258.Va ipsec_file 4259at boot time. 4260.It Va ipsec_file 4261.Pq Vt str 4262Configuration file for 4263.Xr setkey 8 . 4264.It Va dmesg_enable 4265.Pq Vt bool 4266Set to 4267.Dq Li YES 4268to save 4269.Xr dmesg 8 4270to 4271.Pa /var/run/dmesg.boot 4272on boot. 4273.It Va rcshutdown_timeout 4274.Pq Vt int 4275If set, start a watchdog timer in the background which will terminate 4276.Pa rc.shutdown 4277if 4278.Xr shutdown 8 4279has not completed within the specified time (in seconds). 4280Notice that in addition to this soft timeout, 4281.Xr init 8 4282also applies a hard timeout for the execution of 4283.Pa rc.shutdown . 4284This is configured via 4285.Xr sysctl 8 4286variable 4287.Va kern.init_shutdown_timeout 4288and defaults to 120 seconds. 4289Setting the value of 4290.Va rcshutdown_timeout 4291to more than 120 seconds will have no effect until the 4292.Xr sysctl 8 4293variable 4294.Va kern.init_shutdown_timeout 4295is also increased. 4296.It Va virecover_enable 4297.Pq Vt bool 4298Set to 4299.Dq Li NO 4300to prevent the system from trying to 4301recover prematurely terminated 4302.Xr vi 1 4303sessions. 4304.It Va ugidfw_enable 4305.Pq Vt bool 4306Set to 4307.Dq Li YES 4308to load the 4309.Xr mac_bsdextended 4 4310module upon system initialization and load a default 4311ruleset file. 4312.It Va bsdextended_script 4313.Pq Vt str 4314The default 4315.Xr mac_bsdextended 4 4316ruleset file to load. 4317The default value of this variable is 4318.Pa /etc/rc.bsdextended . 4319.It Va newsyslog_enable 4320.Pq Vt bool 4321If set to 4322.Dq Li YES , 4323run 4324.Xr newsyslog 8 4325command at startup. 4326.It Va newsyslog_flags 4327.Pq Vt str 4328If 4329.Va newsyslog_enable 4330is set to 4331.Dq Li YES , 4332these are the flags to pass to the 4333.Xr newsyslog 8 4334program. 4335The default is 4336.Dq Li -CN , 4337which causes log files flagged with a 4338.Cm C 4339to be created. 4340.It Va mdconfig_md Ns Aq Ar X 4341.Pq Vt str 4342Arguments to 4343.Xr mdconfig 8 4344for 4345.Xr md 4 4346device 4347.Ar X . 4348At minimum a 4349.Fl t Ar type 4350must be specified and either a 4351.Fl s Ar size 4352for malloc or swap backed 4353.Xr md 4 4354devices or a 4355.Fl f Ar file 4356for vnode backed 4357.Xr md 4 4358devices. 4359Note that 4360.Va mdconfig_md Ns Aq Ar X 4361variables are evaluated until one variable is unset or null. 4362.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4363.Pq Vt str 4364Optional arguments passed to 4365.Xr newfs 8 4366to initialize 4367.Xr md 4 4368device 4369.Ar X . 4370.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4371.Pq Vt str 4372An ownership specification passed to 4373.Xr chown 8 4374after the specified 4375.Xr md 4 4376device 4377.Ar X 4378has been mounted. 4379Both the 4380.Xr md 4 4381device and the mount point will be changed. 4382.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4383.Pq Vt str 4384A mode string passed to 4385.Xr chmod 1 4386after the specified 4387.Xr md 4 4388device 4389.Ar X 4390has been mounted. 4391Both the 4392.Xr md 4 4393device and the mount point will be changed. 4394.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4395.Pq Vt str 4396Files to be copied to the mount point of the 4397.Xr md 4 4398device 4399.Ar X 4400after it has been mounted. 4401.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4402.Pq Vt str 4403Command to execute after the specified 4404.Xr md 4 4405device 4406.Ar X 4407has been mounted. 4408Note that the command is passed to 4409.Ic eval 4410and that both 4411.Va _dev 4412and 4413.Va _mp 4414variables can be used to reference respectively the 4415.Xr md 4 4416device and the mount point. 4417Assuming that the 4418.Xr md 4 4419device is 4420.Li md0 , 4421one could set the following: 4422.Bd -literal 4423mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4424.Ed 4425.It Va autobridge_interfaces 4426.Pq Vt str 4427Set to the list of bridge interfaces that will have newly arriving interfaces 4428checked against to be automatically added. 4429If not set to 4430.Dq Li NO 4431then for each whitespace separated 4432.Ar element 4433in the value, a 4434.Va autobridge_ Ns Aq Ar element 4435variable is assumed to exist which has a whitespace separated list of interface 4436names to match, these names can use wildcards. 4437For example: 4438.Bd -literal 4439autobridge_interfaces="bridge0" 4440autobridge_bridge0="tap* dc0 vlan[345]" 4441.Ed 4442.It Va mixer_enable 4443.Pq Vt bool 4444If set to 4445.Dq Li YES , 4446enable support for sound mixer. 4447.It Va hcsecd_enable 4448.Pq Vt bool 4449If set to 4450.Dq Li YES , 4451enable Bluetooth security daemon. 4452.It Va hcsecd_config 4453.Pq Vt str 4454Configuration file for 4455.Xr hcsecd 8 . 4456Default 4457.Pa /etc/bluetooth/hcsecd.conf . 4458.It Va sdpd_enable 4459.Pq Vt bool 4460If set to 4461.Dq Li YES , 4462enable Bluetooth Service Discovery Protocol daemon. 4463.It Va sdpd_control 4464.Pq Vt str 4465Path to 4466.Xr sdpd 8 4467control socket. 4468Default 4469.Pa /var/run/sdp . 4470.It Va sdpd_groupname 4471.Pq Vt str 4472Sets 4473.Xr sdpd 8 4474group to run as after it initializes. 4475Default 4476.Dq Li nobody . 4477.It Va sdpd_username 4478.Pq Vt str 4479Sets 4480.Xr sdpd 8 4481user to run as after it initializes. 4482Default 4483.Dq Li nobody . 4484.It Va bthidd_enable 4485.Pq Vt bool 4486If set to 4487.Dq Li YES , 4488enable Bluetooth Human Interface Device daemon. 4489.It Va bthidd_config 4490.Pq Vt str 4491Configuration file for 4492.Xr bthidd 8 . 4493Default 4494.Pa /etc/bluetooth/bthidd.conf . 4495.It Va bthidd_hids 4496.Pq Vt str 4497Path to a file, where 4498.Xr bthidd 8 4499will store information about known HID devices. 4500Default 4501.Pa /var/db/bthidd.hids . 4502.It Va rfcomm_pppd_server_enable 4503.Pq Vt bool 4504If set to 4505.Dq Li YES , 4506enable Bluetooth RFCOMM PPP wrapper daemon. 4507.It Va rfcomm_pppd_server_profile 4508.Pq Vt str 4509The name of the profile to use from 4510.Pa /etc/ppp/ppp.conf . 4511Multiple profiles can be specified here. 4512Also used to specify per-profile overrides. 4513When the profile name contains any of the characters 4514.Dq Li .-/+ 4515they are translated to 4516.Dq Li _ 4517for the proposes of the override variable names. 4518.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4519.Pq Vt str 4520Overrides local address to listen on. 4521By default 4522.Xr rfcomm_pppd 8 4523will listen on 4524.Dq Li ANY 4525address. 4526The address can be specified as BD_ADDR or name. 4527.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4528.Pq Vt str 4529Overrides local RFCOMM channel to listen on. 4530By default 4531.Xr rfcomm_pppd 8 4532will listen on RFCOMM channel 1. 4533Must set properly if multiple profiles used in the same time. 4534.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4535.Pq Vt bool 4536Tells 4537.Xr rfcomm_pppd 8 4538if it should register Serial Port service on the specified RFCOMM channel. 4539Default 4540.Dq Li NO . 4541.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4542.Pq Vt bool 4543Tells 4544.Xr rfcomm_pppd 8 4545if it should register Dial-Up Networking service on the specified 4546RFCOMM channel. 4547Default 4548.Dq Li NO . 4549.It Va ubthidhci_enable 4550.Pq Vt bool 4551If set to 4552.Dq Li YES , 4553change the USB Bluetooth controller from HID mode to HCI mode. 4554You also need to specify the location of USB Bluetooth controller with the 4555.Va ubthidhci_busnum 4556and 4557.Va ubthidhci_addr 4558variables. 4559.It Va ubthidhci_busnum 4560Bus number where the USB Bluetooth controller is located. 4561Check the output of 4562.Xr usbconfig 8 4563on your system to find this information. 4564.It Va ubthidhci_addr 4565Bus address of the USB Bluetooth controller. 4566Check the output of 4567.Xr usbconfig 8 4568on your system to find this information. 4569.It Va utx_enable 4570.Pq Vt bool 4571Set to 4572.Dq Li YES 4573to enable user accounting through the 4574.Xr utx 8 4575facility. 4576.It Va netwait_enable 4577.Pq Vt bool 4578If set to 4579.Dq Li YES , 4580delays the start of network-reliant services until 4581.Va netwait_if 4582is up and ICMP packets to a destination defined in 4583.Va netwait_ip 4584are flowing. 4585Link state is examined first, followed by 4586.Dq Li pinging 4587an IP address to verify network usability. 4588If no destination can be reached or timeouts are exceeded, 4589network services are started anyway with no guarantee that 4590the network is usable. 4591Use of this variable requires both 4592.Va netwait_ip 4593and 4594.Va netwait_if 4595to be set. 4596.It Va netwait_ip 4597.Pq Vt str 4598Empty by default. 4599This variable contains a space-delimited list of IP addresses to 4600.Xr ping 8 . 4601DNS hostnames should not be used as resolution is not guaranteed 4602to be functional at this point. 4603If multiple IP addresses are specified, 4604each will be tried until one is successful or the list is exhausted. 4605.It Va netwait_timeout 4606.Pq Vt int 4607Indicates the total number of seconds to perform a 4608.Dq Li ping 4609against each IP address in 4610.Va netwait_ip , 4611at a rate of one ping per second. 4612If any of the pings are successful, 4613full network connectivity is considered reliable. 4614The default is 60. 4615.It Va netwait_if 4616.Pq Vt str 4617Empty by default. 4618Defines the name of the network interface on which watch for link. 4619.Xr ifconfig 8 4620is used to monitor the interface, looking for 4621.Dq Li status: no carrier . 4622Once gone, the link is considered up. 4623This can be a 4624.Xr vlan 4 4625interface if desired. 4626.It Va netwait_if_timeout 4627.Pq Vt int 4628Defines the total number of seconds to wait for link to become usable, 4629polled at a 1-second interval. 4630The default is 30. 4631.It Va rctl_enable 4632.Pq Vt bool 4633If set to 4634.Dq Li YES , 4635load 4636.Xr rctl 8 4637rules from the defined ruleset. 4638The kernel must be built with 4639.Cd "options RACCT" 4640and 4641.Cd "options RCTL" . 4642.It Va rctl_rules 4643.Pq Vt str 4644Set to 4645.Pa /etc/rctl.conf 4646by default. 4647This variables contains the 4648.Xr rctl.conf 5 4649ruleset to load for 4650.Xr rctl 8 . 4651.It Va iovctl_files 4652.Pq Vt str 4653A space-separated list of configuration files used by 4654.Xr iovctl 8 . 4655The default value is an empty string. 4656.It Va autofs_enable 4657.Pq Vt bool 4658If set to 4659.Dq Li YES , 4660start the 4661.Xr automount 8 4662utility and the 4663.Xr automountd 8 4664and 4665.Xr autounmountd 8 4666daemons at boot time. 4667.It Va automount_flags 4668.Pq Vt str 4669If 4670.Va autofs_enable 4671is set to 4672.Dq Li YES , 4673these are the flags to pass to the 4674.Xr automount 8 4675program. 4676By default no flags are passed. 4677.It Va automountd_flags 4678.Pq Vt str 4679If 4680.Va autofs_enable 4681is set to 4682.Dq Li YES , 4683these are the flags to pass to the 4684.Xr automountd 8 4685daemon. 4686By default no flags are passed. 4687.It Va autounmountd_flags 4688.Pq Vt str 4689If 4690.Va autofs_enable 4691is set to 4692.Dq Li YES , 4693these are the flags to pass to the 4694.Xr autounmountd 8 4695daemon. 4696By default no flags are passed. 4697.It Va ctld_enable 4698.Pq Vt bool 4699If set to 4700.Dq Li YES , 4701start the 4702.Xr ctld 8 4703daemon at boot time. 4704.It Va iscsid_enable 4705.Pq Vt bool 4706If set to 4707.Dq Li YES , 4708start the 4709.Xr iscsid 8 4710daemon at boot time. 4711.It Va iscsictl_enable 4712.Pq Vt bool 4713If set to 4714.Dq Li YES , 4715start the 4716.Xr iscsictl 8 4717utility at boot time. 4718.It Va iscsictl_flags 4719.Pq Vt str 4720If 4721.Va iscsictl_enable 4722is set to 4723.Dq Li YES , 4724these are the flags to pass to the 4725.Xr iscsictl 8 4726program. 4727The default is 4728.Dq Li -Aa , 4729which configures sessions based on the 4730.Pa /etc/iscsi.conf 4731configuration file. 4732.It Va cfumass_enable 4733.Pq Vt bool 4734If set to 4735.Dq Li YES , 4736create and export an USB LUN using 4737.Xr cfumass 4 4738at boot time. 4739.It Va cfumass_dir 4740.Pq Vt str 4741The directory where the files exported by USB LUN are located. 4742The default directory is 4743.Pa /var/cfumass . 4744.It Va service_delete_empty 4745.Pq Vt bool 4746If set to 4747.Dq Li YES , 4748.Ql Li service delete 4749removes empty 4750.Dq Li rc.conf.d 4751files. 4752.It Va zfs_bootonce_activate 4753.Pq Vt bool 4754If set to 4755.Dq Li YES , 4756and a boot environment marked bootonce is successfully booted, 4757it will be made permanently active. 4758.It Va zfskeys_enable 4759.Pq Vt bool 4760If set to 4761.Dq Li YES , 4762enable auto-loading of encryption keys for encrypted ZFS datasets. 4763For every dataset the script will first load the appropriate encryption key 4764and then attempt to unlock the dataset. 4765.Pp 4766The script operates only on datasets which are encrypted with 4767ZFS native encryption 4768and have a ZFS 4769.Dq Li keylocation 4770dataset property beginning with 4771.Dq Li file:// . 4772.It Va zfskeys_datasets 4773.Pq Vt str 4774A whitespace-separated list of ZFS datasets to unlock. 4775The list is empty by default, 4776which means that the script will attempt to unlock all datasets. 4777.It Va zfskeys_timeout 4778.Pq Vt int 4779Define the total number of seconds to wait for the zfskeys script 4780to unlock an encrypted dataset. 4781The default is 10. 4782.It Va sendmail_enable 4783.Pq Vt str 4784If set to 4785.Dq Li YES , 4786run the 4787.Xr sendmail 8 4788daemon at system boot time. 4789If set to 4790.Dq Li NO , 4791do not run a 4792.Xr sendmail 8 4793daemon to listen for incoming network mail. 4794This does not preclude a 4795.Xr sendmail 8 4796daemon listening on the SMTP port of the loopback interface. 4797The 4798.Dq Li NONE 4799option sets each 4800.Va sendmail_enable , 4801.Va sendmail_submit_enable , 4802.Va sendmail_outbound_enable , 4803.Va sendmail_msp_queue_enable 4804to 4805.Dq Li NO . 4806.It Va sendmail_cert_create 4807.Pq Vt str 4808If 4809.Va sendmail_enable 4810is set to 4811.Dq Li YES , 4812create a signed certificate 4813.Pa /etc/mail/certs/host.cert 4814representing 4815.Pa /etc/mail/certs/host.key 4816by the CA certificate in 4817.Pa /etc/mail/certs/cacert.pem . 4818This will enable connecting hosts to negotiate STARTTLS allowing incoming 4819email to be encrypted in transit. 4820.Xr sendmail 8 4821needs to be configured to use these generated files. 4822The default configuration in 4823.Pa /etc/mail/freebsd.mc 4824has the required options in it. 4825.It Va sendmail_cert_cn 4826.Pq Vt str 4827If 4828.Va sendmail_enable 4829is set to 4830.Dq Li YES 4831and 4832.Va sendmail_cert_create 4833is set to 4834.Dq Li YES , 4835this is the Common Name (CN) of the certificate that will be created. 4836If 4837.Va sendmail_cert_cn 4838is not set, the system's hostname will be used. 4839If there is no hostname set, 4840.Dq Li amnesiac 4841will be used. 4842.It Va sendmail_flags 4843.Pq Vt str 4844If 4845.Va sendmail_enable 4846is set to 4847.Dq Li YES , 4848these are the flags to pass to the 4849.Xr sendmail 8 4850daemon. 4851.It Va sendmail_submit_enable 4852.Pq Vt bool 4853If set to 4854.Dq Li YES 4855and 4856.Va sendmail_enable 4857is set to 4858.Dq Li NO , 4859run 4860.Xr sendmail 8 4861using 4862.Va sendmail_submit_flags 4863instead of 4864.Va sendmail_flags . 4865This is intended to allow local mail submission via 4866a localhost-only listening SMTP service required for running 4867.Xr sendmail 8 4868as a non-set-user-ID binary. 4869Note that this does not work inside 4870.Xr jail 2 4871systems, as jails do not allow binding to just the localhost interface. 4872.It Va sendmail_submit_flags 4873.Pq Vt str 4874If 4875.Va sendmail_enable 4876is set to 4877.Dq Li NO 4878and 4879.Va sendmail_submit_enable 4880is set to 4881.Dq Li YES , 4882these are the flags to pass to the 4883.Xr sendmail 8 4884daemon. 4885.It Va sendmail_outbound_enable 4886.Pq Vt bool 4887If set to 4888.Dq Li YES 4889and both 4890.Va sendmail_enable 4891and 4892.Va sendmail_submit_enable 4893are set to 4894.Dq Li NO , 4895run 4896.Xr sendmail 8 4897using 4898.Va sendmail_outbound_flags 4899instead of 4900.Va sendmail_flags . 4901This is intended to allow local mail queue management 4902for systems that do not offer a listening SMTP service. 4903.It Va sendmail_outbound_flags 4904.Pq Vt str 4905If both 4906.Va sendmail_enable 4907and 4908.Va sendmail_submit_enable 4909are set to 4910.Dq Li NO 4911and 4912.Va sendmail_outbound_enable 4913is set to 4914.Dq Li YES , 4915these are the flags to pass to the 4916.Xr sendmail 8 4917daemon. 4918.It Va sendmail_msp_queue_enable 4919.Pq Vt bool 4920If set to 4921.Dq Li YES , 4922start a client (MSP) queue runner 4923.Xr sendmail 8 4924daemon at system boot time. 4925As of sendmail 8.12, a separate queue is used for command line 4926submissions. 4927The client queue runner ensures that nothing is 4928left behind in the submission queue. 4929.It Va sendmail_msp_queue_flags 4930.Pq Vt str 4931If 4932.Va sendmail_msp_queue_enable 4933is set to 4934daemon. 4935.Dq Li YES , 4936these are the flags to pass to the 4937.Xr sendmail 8 4938.El 4939.Sh SERVICE JAILS 4940The service jails part of the rc system automatically puts a service 4941into a jail. 4942This jail inherits the filesystem and various other parts of the 4943parent (if you allow child-jails in your jails, service jails 4944can be used in jails) depending on the content of the 4945.Ao Ar name Ac Ns Va _svcj_options 4946variable. 4947Typically this variable is set inside rc scripts, but it can be 4948overriden in the rc config. 4949Valid options for 4950.Ao Ar name Ac Ns Va _svcj_options 4951are: 4952.Bl -tag -width indent-two 4953.It mlock 4954Allows to lock memory pages into the physical memory. 4955.It netv4 4956Inherit the IPv4 address and allows to open reserved ports. 4957This can not be combined with 4958.Pa netv6 . 4959.It netv6 4960Inherit the IPv6 address and allows to open reserved ports. 4961This can not be combined with 4962.Pa netv4 . 4963.It net_basic 4964Inherits the IPv4 and IPv6 addresses and allows to open 4965reserved ports. 4966.It net_raw 4967Allow to open raw sockets. 4968This option can be combined with 4969.Pa netv4 , 4970.Pa netv6 , 4971.Pa net_basic . 4972.It net_all 4973Inherits the IPv4 and IPv6 addresses, allows to open reserved 4974ports, allows to open raw sockets, and allows to open sockets 4975of protocol stacks that have not had jail functionality added 4976to them. 4977.It nfsd 4978Allows to run nfsd and affiliated daemons. 4979.It sysvipc 4980Inherits the SysV semaphores, SysV shared memory and 4981SysV messages from the host or the parent jail. 4982.It sysvipcnew 4983Creates a new namespace for SysV semaphores, SysV shared memory 4984and SysV messages for this particular service jail. 4985.It vmm 4986Allows access to 4987.Xr vmm 4 . 4988This option is only available when 4989.Xr vmm 4 4990is enabled in the kernel. 4991.El 4992 4993All non-network options can be combined with all other options. 4994From the SysV options only one option can be specified. 4995 4996If the 4997.Ao Ar name Ac Ns Va _svcj 4998variable is set to 4999.Dq Li YES , 5000this particular service is started in a 5001service jail named 5002.Va svcj- Ns Ar name Ac . 5003 5004The 5005.Va svcj_all_enable 5006variable allows to enable service jails for all services of the 5007system at once. 5008Services which have 5009.Ao Ar name Ac Ns Va _svcj 5010set to 5011.Dq Li NO 5012are excluded. 5013Some services may set 5014.Ao Ar name Ac Ns Va _svcj 5015to 5016.Dq Li NO 5017in the script to either prevent service jails for this 5018service at all, or may set it to 5019.Dq Li NO 5020if it is not set in the 5021rc config, to exclude it from 5022.Va svcj_all_enable 5023but allow to explicitely enable it. 5024The sshd service for example would not see other jails, if 5025it would run as a service jail. 5026This may or may not be what is needed, and as such it is 5027excluded from 5028.Va svcj_all_enable 5029but can be enabled via setting 5030.Va sshd_svcj 5031to 5032.Dq Li YES . 5033.El 5034.Sh FILES 5035.Bl -tag -width "/etc/defaults/rc.conf" -compact 5036.It Pa /etc/defaults/rc.conf 5037.It Pa /etc/defaults/vendor.conf 5038.It Pa /etc/rc.conf 5039.It Pa /etc/rc.conf.local 5040.It Pa /etc/rc.conf.d/ 5041.El 5042.Sh SEE ALSO 5043.Xr chmod 1 , 5044.Xr cpuset 1 , 5045.Xr gdb 1 Pq Pa ports/devel/gdb , 5046.Xr kbdcontrol 1 , 5047.Xr limits 1 , 5048.Xr protect 1 , 5049.Xr sh 1 , 5050.Xr umask 1 , 5051.Xr uuidgen 1 , 5052.Xr vi 1 , 5053.Xr vidcontrol 1 , 5054.Xr bridge 4 , 5055.Xr dummynet 4 , 5056.Xr ip 4 , 5057.Xr ipf 4 , 5058.Xr ipfw 4 , 5059.Xr ipnat 4 , 5060.Xr kld 4 , 5061.Xr pf 4 , 5062.Xr pflog 4 , 5063.Xr pfsync 4 , 5064.Xr tcp 4 , 5065.Xr udp 4 , 5066.Xr exports 5 , 5067.Xr fstab 5 , 5068.Xr ipf 5 , 5069.Xr ipnat 5 , 5070.Xr jail.conf 5 , 5071.Xr loader.conf 5 , 5072.Xr login.conf 5 , 5073.Xr motd 5 , 5074.Xr newsyslog.conf 5 , 5075.Xr pf.conf 5 , 5076.Xr firewall 7 , 5077.Xr growfs 7 , 5078.Xr security 7 , 5079.Xr tuning 7 , 5080.Xr accton 8 , 5081.Xr apm 8 , 5082.Xr bsdinstall 8 , 5083.Xr bthidd 8 , 5084.Xr chkprintcap 8 , 5085.Xr chown 8 , 5086.Xr cron 8 , 5087.Xr devfs 8 , 5088.Xr dhclient 8 , 5089.Xr ftpd 8 , 5090.Xr geli 8 , 5091.Xr hcsecd 8 , 5092.Xr ifconfig 8 , 5093.Xr inetd 8 , 5094.Xr iovctl 8 , 5095.Xr ipf 8 , 5096.Xr ipfw 8 , 5097.Xr ipnat 8 , 5098.Xr jail 8 , 5099.Xr kldxref 8 , 5100.Xr loader 8 , 5101.Xr lpd 8 , 5102.Xr makewhatis 8 , 5103.Xr mdconfig 8 , 5104.Xr mdmfs 8 , 5105.Xr mixer 8 , 5106.Xr mountd 8 , 5107.Xr moused 8 , 5108.Xr newfs 8 , 5109.Xr newsyslog 8 , 5110.Xr nfsd 8 , 5111.Xr ntpd 8 , 5112.Xr ntpdate 8 , 5113.Xr pfctl 8 , 5114.Xr pflogd 8 , 5115.Xr ping 8 , 5116.Xr powerd 8 , 5117.Xr quotacheck 8 , 5118.Xr quotaon 8 , 5119.Xr rc 8 , 5120.Xr rc.subr 8 , 5121.Xr rcorder 8 , 5122.Xr rfcomm_pppd 8 , 5123.Xr route 8 , 5124.Xr route6d 8 , 5125.Xr routed 8 , 5126.Xr rpc.lockd 8 , 5127.Xr rpc.statd 8 , 5128.Xr rpc.tlsclntd 8 , 5129.Xr rpc.tlsservd 8 , 5130.Xr rpcbind 8 , 5131.Xr rwhod 8 , 5132.Xr savecore 8 , 5133.Xr sdpd 8 , 5134.Xr sendmail 8 , 5135.Xr service 8 , 5136.Xr sshd 8 , 5137.Xr swapon 8 , 5138.Xr sysctl 8 , 5139.Xr syslogd 8 , 5140.Xr sysrc 8 , 5141.Xr unbound 8 , 5142.Xr usbconfig 8 , 5143.Xr utx 8 , 5144.Xr wlandebug 8 , 5145.Xr yp 8 , 5146.Xr ypbind 8 , 5147.Xr ypserv 8 , 5148.Xr ypset 8 5149.Sh HISTORY 5150The 5151.Nm 5152file appeared in 5153.Fx 2.2.2 . 5154.Sh AUTHORS 5155.An Jordan K. Hubbard . 5156