1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd January 27, 2009 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67See the 68.Va rc_conf_files 69variable below. 70.Pp 71Options are set with 72.Dq Ar name Ns Li = Ns Ar value 73assignments that use 74.Xr sh 1 75syntax. 76The following list provides a name and short description for each 77variable that can be set in the 78.Nm 79file: 80.Bl -tag -width indent-two 81.It Va rc_debug 82.Pq Vt bool 83If set to 84.Dq Li YES , 85enable output of debug messages from rc scripts. 86This variable can be helpful in diagnosing mistakes when 87editing or integrating new scripts. 88Beware that this produces copious output to the terminal and 89.Xr syslog 3 . 90.It Va rc_info 91.Pq Vt bool 92If set to 93.Dq Li NO , 94disable informational messages from the rc scripts. 95Informational messages are displayed when 96a condition that is not serious enough to warrant a warning or 97an error occurs. 98.It Va early_late_divider 99.Pq Vt str 100The name of the script that should be used as the 101delimiter between the 102.Dq early 103and 104.Dq late 105stages of the boot process. 106The early stage should contain all the services needed to 107get the disks (local or remote) mounted so that the late 108stage can include scripts contained in the directories 109listed in the 110.Va local_startup 111variable (see below). 112Thus, the two likely candidates for this value are 113.Pa mountcritlocal 114for the typical system, and 115.Pa mountcritremote 116if the system needs remote file 117systems mounted to get access to the 118.Va local_startup 119directories; for example when 120.Pa /usr/local 121is NFS mounted. 122For 123.Pa rc.conf 124within a 125.Xr jail 8 126.Pa NETWORKING 127is likely to be an appropriate value. 128Extreme care should be taken when changing this value, 129and before changing it one should ensure that there are 130adequate provisions to recover from a failed boot 131(such as physical contact with the machine, 132or reliable remote console access). 133.It Va swapfile 134.Pq Vt str 135If set to 136.Dq Li NO , 137no swapfile is installed, otherwise the value is used as the full 138pathname to a file to use for additional swap space. 139.It Va apm_enable 140.Pq Vt bool 141If set to 142.Dq Li YES , 143enable support for Automatic Power Management with 144the 145.Xr apm 8 146command. 147.It Va apmd_enable 148.Pq Vt bool 149Run 150.Xr apmd 8 151to handle APM event from userland. 152This also enables support for APM. 153.It Va apmd_flags 154.Pq Vt str 155If 156.Va apmd_enable 157is set to 158.Dq Li YES , 159these are the flags to pass to the 160.Xr apmd 8 161daemon. 162.It Va devd_enable 163.Pq Vt bool 164Run 165.Xr devd 8 166to handle device added, removed or unknown events from the kernel. 167.It Va ddb_enable 168.Pq Vt bool 169Run 170.Xr ddb 8 171to install 172.Xr ddb 4 173scripts at boot time. 174.It Va ddb_config 175.Pq Vt str 176Configuration file for 177.Xr ddb 8 . 178Default 179.Pa /etc/ddb.conf . 180.It Va kldxref_enable 181.Pq Vt bool 182Set to 183.Dq Li NO 184by default. 185Set to 186.Dq Li YES 187to automatically rebuild 188.Pa linker.hints 189files with 190.Xr kldxref 8 191at boot time. 192.It Va kldxref_clobber 193.Pq Vt bool 194Set to 195.Dq Li NO 196by default. 197If 198.Va kldxref_enable 199is true, 200setting to 201.Dq Li YES 202will overwrite existing 203.Pa linker.hints 204files at boot time. 205Otherwise, 206only missing 207.Pa linker.hints 208files are generated. 209.It Va kldxref_module_path 210.Pq Vt str 211Empty by default. 212A semi-colon 213.Pq Ql \&; 214delimited list of paths containing 215.Xr kld 4 216modules. 217If empty, 218the contents of the 219.Va kern.module_path 220.Xr sysctl 8 221are used. 222.It Va powerd_enable 223.Pq Vt bool 224If set to 225.Dq Li YES , 226enable the system power control facility with the 227.Xr powerd 8 228daemon. 229.It Va powerd_flags 230.Pq Vt str 231If 232.Va powerd_enable 233is set to 234.Dq Li YES , 235these are the flags to pass to the 236.Xr powerd 8 237daemon. 238.It Va tmpmfs 239Controls the creation of a 240.Pa /tmp 241memory file system. 242Always happens if set to 243.Dq Li YES 244and never happens if set to 245.Dq Li NO . 246If set to anything else, a memory file system is created if 247.Pa /tmp 248is not writable. 249.It Va tmpsize 250Controls the size of a created 251.Pa /tmp 252memory file system. 253.It Va tmpmfs_flags 254Extra options passed to the 255.Xr mdmfs 8 256utility when the memory file system for 257.Pa /tmp 258is created. 259The default is 260.Dq Li "-S" , 261which inhibits the use of softupdates on 262.Pa /tmp 263so that file system space is freed without delay 264after file truncation or deletion. 265See 266.Xr mdmfs 8 267for other options you can use in 268.Va tmpmfs_flags . 269.It Va varmfs 270Controls the creation of a 271.Pa /var 272memory file system. 273Always happens if set to 274.Dq Li YES 275and never happens if set to 276.Dq Li NO . 277If set to anything else, a memory file system is created if 278.Pa /var 279is not writable. 280.It Va varsize 281Controls the size of a created 282.Pa /var 283memory file system. 284.It Va varmfs_flags 285Extra options passed to the 286.Xr mdmfs 8 287utility when the memory file system for 288.Pa /var 289is created. 290The default is 291.Dq Li "-S" , 292which inhibits the use of softupdates on 293.Pa /var 294so that file system space is freed without delay 295after file truncation or deletion. 296See 297.Xr mdmfs 8 298for other options you can use in 299.Va varmfs_flags . 300.It Va populate_var 301Controls the automatic population of the 302.Pa /var 303file system. 304Always happens if set to 305.Dq Li YES 306and never happens if set to 307.Dq Li NO . 308If set to anything else, a memory file system is created if 309.Pa /var 310is not writable. 311Note that this process requires access to certain commands in 312.Pa /usr 313before 314.Pa /usr 315is mounted on normal systems. 316.It Va cleanvar_enable 317.Pq Vt bool 318Clean the 319.Pa /var 320directory. 321.It Va local_startup 322.Pq Vt str 323List of directories to search for startup script files. 324.It Va script_name_sep 325.Pq Vt str 326The field separator to use for breaking down the list of startup script files 327into individual filenames. 328The default is a space. 329It is not necessary to change this unless there are startup scripts with names 330containing spaces. 331.It Va hostapd_enable 332.Pq Vt bool 333Set to 334.Dq Li YES 335to start 336.Xr hostapd 8 337at system boot time. 338.It Va hostname 339.Pq Vt str 340The fully qualified domain name (FQDN) of this host on the network. 341This should almost certainly be set to something meaningful, even if 342there is no network connection. 343If 344.Xr dhclient 8 345is used to set the hostname via DHCP, 346this variable should be set to an empty string. 347.It Va ipv6_enable 348.Pq Vt bool 349Enable support for IPv6 networking. 350Note that this requires that the kernel has been compiled with 351.Cd "options INET6" . 352.It Va nisdomainname 353.Pq Vt str 354The NIS domain name of this host, or 355.Dq Li NO 356if NIS is not used. 357.It Va dhclient_program 358.Pq Vt str 359Path to the DHCP client program 360.Pa ( /sbin/dhclient , 361the 362.Ox 363DHCP client, 364is the default). 365.It Va dhclient_flags 366.Pq Vt str 367Additional flags to pass to the DHCP client program. 368For the 369.Ox 370DHCP client, see the 371.Xr dhclient 8 372manpage for a description of the command line options available. 373.It Va dhclient_flags_ Ns Aq Ar iface 374Additional flags to pass to the DHCP client program running on 375.Ar iface 376only. 377When specified, this variable overrides 378.Va dhclient_flags . 379.It Va background_dhclient 380.Pq Vt bool 381Set to 382.Dq Li YES 383to start the DHCP client in background. 384This can cause trouble with applications depending on 385a working network, but it will provide a faster startup 386in many cases. 387.It Va background_dhclient_ Ns Aq Ar iface 388When specified, this variable overrides the 389.Va background_dhclient 390variable for interface 391.Ar iface 392only. 393.It Va synchronous_dhclient 394.Pq Bt bool 395Set to 396.Dq Li YES 397to start 398.Xr dhclient 8 399synchronously at startup. 400This behavior can be overridden on a per-interface basis by replacing 401the 402.Dq Li DHCP 403keyword in the 404.Va ifconfig_ Ns Aq Ar interface 405variable with 406.Dq Li SYNCDHCP 407or 408.Dq Li NOSYNCDHCP . 409.It Va defaultroute_delay 410.Pq Vt int 411When set to a positive value, wait up to this long after configuring 412DHCP interfaces at startup to give the interfaces time to receive a lease. 413.It Va firewall_enable 414.Pq Vt bool 415Set to 416.Dq Li YES 417to load firewall rules at startup. 418If the kernel was not built with 419.Cd "options IPFIREWALL" , 420the 421.Pa ipfw.ko 422kernel module will be loaded. 423See also 424.Va ipfilter_enable . 425.It Va ipv6_firewall_enable 426.Pq Vt bool 427The IPv6 equivalent of 428.Va firewall_enable . 429Set to 430.Dq Li YES 431to load IPv6 firewall rules at startup. 432If the kernel was not built with 433.Cd "options IPV6FIREWALL" , 434the 435.Pa ipfw.ko 436kernel module will be loaded. 437.It Va firewall_script 438.Pq Vt str 439This variable specifies the full path to the firewall script to run. 440The default is 441.Pa /etc/rc.firewall . 442.It Va ipv6_firewall_script 443.Pq Vt str 444The IPv6 equivalent of 445.Va firewall_script . 446.It Va firewall_type 447.Pq Vt str 448Names the firewall type from the selection in 449.Pa /etc/rc.firewall , 450or the file which contains the local firewall ruleset. 451Valid selections from 452.Pa /etc/rc.firewall 453are: 454.Pp 455.Bl -tag -width ".Li simple" -compact 456.It Li open 457unrestricted IP access 458.It Li closed 459all IP services disabled, except via 460.Dq Li lo0 461.It Li client 462basic protection for a workstation 463.It Li simple 464basic protection for a LAN. 465.El 466.Pp 467If a filename is specified, the full path 468must be given. 469.It Va ipv6_firewall_type 470.Pq Vt str 471The IPv6 equivalent of 472.Va firewall_type . 473.It Va firewall_quiet 474.Pq Vt bool 475Set to 476.Dq Li YES 477to disable the display of firewall rules on the console during boot. 478.It Va ipv6_firewall_quiet 479.Pq Vt bool 480The IPv6 equivalent of 481.Va firewall_quiet . 482.It Va firewall_logging 483.Pq Vt bool 484Set to 485.Dq Li YES 486to enable firewall event logging. 487This is equivalent to the 488.Dv IPFIREWALL_VERBOSE 489kernel option. 490.It Va ipv6_firewall_logging 491.Pq Vt bool 492The IPv6 equivalent of 493.Va firewall_logging . 494.It Va firewall_flags 495.Pq Vt str 496Flags passed to 497.Xr ipfw 8 498if 499.Va firewall_type 500specifies a filename. 501.It Va ipv6_firewall_flags 502.Pq Vt str 503The IPv6 equivalent of 504.Va firewall_flags . 505.\" ----- firewall_nat_enable setting -------------------------------- 506.It Va firewall_nat_enable 507.Pq Vt bool 508The 509.Xr ipfw 8 510equivalent of 511.Va natd_enable . 512Setting this to 513.Dq Li YES 514enables kernel NAT. 515.Va firewall_enable 516must also be set to 517.Dq Li YES . 518.It Va firewall_nat_interface 519.Pq Vt str 520The 521.Xr ipfw 8 522equivalent of 523.Va natd_interface . 524This is the name of the public interface or IP address on which 525kernel NAT should run. 526.It Va firewall_nat_flags 527.Pq Vt str 528Additional configuration parameters for kernel NAT should be placed here. 529.It Va dummynet_enable 530.Pq Vt bool 531Setting this to 532.Dq Li YES 533will automatically load the 534.Xr dummynet 4 535module if 536.Va firewall_enable 537is also set to 538.Dq Li YES . 539.\" ------------------------------------------------------------------- 540.It Va natd_program 541.Pq Vt str 542Path to 543.Xr natd 8 . 544.It Va natd_enable 545.Pq Vt bool 546Set to 547.Dq Li YES 548to enable 549.Xr natd 8 . 550.Va firewall_enable 551must also be set to 552.Dq Li YES , 553and 554.Xr divert 4 555sockets must be enabled in the kernel. 556If the kernel was not built with 557.Cd "options IPDIVERT" , 558the 559.Pa ipdivert.ko 560kernel module will be loaded. 561.It Va natd_interface 562.Pq Vt str 563This is the name of the public interface on which 564.Xr natd 8 565should run. 566The interface may be given as an interface name or as an IP address. 567.It Va natd_flags 568.Pq Vt str 569Additional 570.Xr natd 8 571flags should be placed here. 572The 573.Fl n 574or 575.Fl a 576flag is automatically added with the above 577.Va natd_interface 578as an argument. 579.\" ----- ipfilter_enable setting -------------------------------- 580.It Va ipfilter_enable 581.Pq Vt bool 582Set to 583.Dq Li NO 584by default. 585Setting this to 586.Dq Li YES 587enables 588.Xr ipf 8 589packet filtering. 590.Pp 591Typical usage will require putting 592.Bd -literal 593ipfilter_enable="YES" 594ipnat_enable="YES" 595ipmon_enable="YES" 596ipfs_enable="YES" 597.Ed 598.Pp 599into 600.Pa /etc/rc.conf 601and editing 602.Pa /etc/ipf.rules 603and 604.Pa /etc/ipnat.rules 605appropriately. 606.Pp 607Note that 608.Va ipfilter_enable 609and 610.Va ipnat_enable 611can be enabled independently. 612.Va ipmon_enable 613and 614.Va ipfs_enable 615both require at least one of 616.Va ipfilter_enable 617and 618.Va ipnat_enable 619to be enabled. 620.Pp 621Having 622.Bd -literal 623options IPFILTER 624options IPFILTER_LOG 625options IPFILTER_DEFAULT_BLOCK 626.Ed 627.Pp 628in the kernel configuration file is a good idea, too. 629.\" ----- ipfilter_program setting ------------------------------ 630.It Va ipfilter_program 631.Pq Vt str 632Path to 633.Xr ipf 8 634(default 635.Pa /sbin/ipf ) . 636.\" ----- ipfilter_rules setting -------------------------------- 637.It Va ipfilter_rules 638.Pq Vt str 639Set to 640.Pa /etc/ipf.rules 641by default. 642This variable contains the name of the filter rule definition file. 643The file is expected to be readable for the 644.Xr ipf 8 645command to execute. 646.\" ----- ipv6_ipfilter_rules setting --------------------------- 647.It Va ipv6_ipfilter_rules 648.Pq Vt str 649Set to 650.Pa /etc/ipf6.rules 651by default. 652This variable contains the IPv6 filter rule definition file. 653The file is expected to be readable for the 654.Xr ipf 8 655command to execute. 656.\" ----- ipfilter_flags setting -------------------------------- 657.It Va ipfilter_flags 658.Pq Vt str 659Empty by default. 660This variable contains flags passed to the 661.Xr ipf 8 662program. 663.\" ----- ipnat_enable setting ---------------------------------- 664.It Va ipnat_enable 665.Pq Vt bool 666Set to 667.Dq Li NO 668by default. 669Set it to 670.Dq Li YES 671to enable 672.Xr ipnat 8 673network address translation. 674See 675.Va ipfilter_enable 676for a detailed discussion. 677.\" ----- ipnat_program setting --------------------------------- 678.It Va ipnat_program 679.Pq Vt str 680Path to 681.Xr ipnat 8 682(default 683.Pa /sbin/ipnat ) . 684.\" ----- ipnat_rules setting ----------------------------------- 685.It Va ipnat_rules 686.Pq Vt str 687Set to 688.Pa /etc/ipnat.rules 689by default. 690This variable contains the name of the file 691holding the network address translation definition. 692This file is expected to be readable for the 693.Xr ipnat 8 694command to execute. 695.\" ----- ipnat_flags setting ----------------------------------- 696.It Va ipnat_flags 697.Pq Vt str 698Empty by default. 699This variable contains flags passed to the 700.Xr ipnat 8 701program. 702.\" ----- ipmon_enable setting ---------------------------------- 703.It Va ipmon_enable 704.Pq Vt bool 705Set to 706.Dq Li NO 707by default. 708Set it to 709.Dq Li YES 710to enable 711.Xr ipmon 8 712monitoring (logging 713.Xr ipf 8 714and 715.Xr ipnat 8 716events). 717Setting this variable needs setting 718.Va ipfilter_enable 719or 720.Va ipnat_enable 721too. 722See 723.Va ipfilter_enable 724for a detailed discussion. 725.\" ----- ipmon_program setting --------------------------------- 726.It Va ipmon_program 727.Pq Vt str 728Path to 729.Xr ipmon 8 730(default 731.Pa /sbin/ipmon ) . 732.\" ----- ipmon_flags setting ----------------------------------- 733.It Va ipmon_flags 734.Pq Vt str 735Set to 736.Dq Li -Ds 737by default. 738This variable contains flags passed to the 739.Xr ipmon 8 740program. 741Another typical example would be 742.Dq Fl D Pa /var/log/ipflog 743to have 744.Xr ipmon 8 745log directly to a file bypassing 746.Xr syslogd 8 . 747Make sure to adjust 748.Pa /etc/newsyslog.conf 749in such case like this: 750.Bd -literal 751/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 752.Ed 753.\" ----- ipfs_enable setting ----------------------------------- 754.It Va ipfs_enable 755.Pq Vt bool 756Set to 757.Dq Li NO 758by default. 759Set it to 760.Dq Li YES 761to enable 762.Xr ipfs 8 763saving the filter and NAT state tables during shutdown 764and reloading them during startup again. 765Setting this variable needs setting 766.Va ipfilter_enable 767or 768.Va ipnat_enable 769to 770.Dq Li YES 771too. 772See 773.Va ipfilter_enable 774for a detailed discussion. 775Note that if 776.Va kern_securelevel 777is set to 3, 778.Va ipfs_enable 779cannot be used 780because the raised securelevel will prevent 781.Xr ipfs 8 782from saving the state tables at shutdown time. 783.\" ----- ipfs_program setting ---------------------------------- 784.It Va ipfs_program 785.Pq Vt str 786Path to 787.Xr ipfs 8 788(default 789.Pa /sbin/ipfs ) . 790.\" ----- ipfs_flags setting ------------------------------------ 791.It Va ipfs_flags 792.Pq Vt str 793Empty by default. 794This variable contains flags passed to the 795.Xr ipfs 8 796program. 797.\" ----- end of added ipf hook --------------------------------- 798.It Va pf_enable 799.Pq Vt bool 800Set to 801.Dq Li NO 802by default. 803Setting this to 804.Dq Li YES 805enables 806.Xr pf 4 807packet filtering. 808.Pp 809Typical usage will require putting 810.Pp 811.Dl pf_enable="YES" 812.Pp 813into 814.Pa /etc/rc.conf 815and editing 816.Pa /etc/pf.conf 817appropriately. 818Adding 819.Pp 820.Dl "device pf" 821.Pp 822builds support for 823.Xr pf 4 824into the kernel, otherwise the 825kernel module will be loaded. 826.It Va pf_rules 827.Pq Vt str 828Path to 829.Xr pf 4 830ruleset configuration file 831(default 832.Pa /etc/pf.conf ) . 833.It Va pf_program 834.Pq Vt str 835Path to 836.Xr pfctl 8 837(default 838.Pa /sbin/pfctl ) . 839.It Va pf_flags 840.Pq Vt str 841If 842.Va pf_enable 843is set to 844.Dq Li YES , 845these flags are passed to the 846.Xr pfctl 8 847program when loading the ruleset. 848.It Va pflog_enable 849.Pq Vt bool 850Set to 851.Dq Li NO 852by default. 853Setting this to 854.Dq Li YES 855enables 856.Xr pflogd 8 857which logs packets from the 858.Xr pf 4 859packet filter. 860.It Va pflog_logfile 861.Pq Vt str 862If 863.Va pflog_enable 864is set to 865.Dq Li YES 866this controls where 867.Xr pflogd 8 868stores the logfile 869(default 870.Pa /var/log/pflog ) . 871Check 872.Pa /etc/newsyslog.conf 873to adjust logfile rotation for this. 874.It Va pflog_program 875.Pq Vt str 876Path to 877.Xr pflogd 8 878(default 879.Pa /sbin/pflogd ) . 880.It Va pflog_flags 881.Pq Vt str 882Empty by default. 883This variable contains additional flags passed to the 884.Xr pflogd 8 885program. 886.It Va ftpproxy_enable 887.Pq Vt bool 888Set to 889.Dq Li NO 890by default. 891Setting this to 892.Dq Li YES 893enables 894.Xr ftp-proxy 8 895which supports the 896.Xr pf 4 897packet filter in translating ftp connections. 898.It Va ftpproxy_flags 899.Pq Vt str 900Empty by default. 901This variable contains additional flags passed to the 902.Xr ftp-proxy 8 903program. 904.It Va pfsync_enable 905.Pq Vt bool 906Set to 907.Dq Li NO 908by default. 909Setting this to 910.Dq Li YES 911enables exposing 912.Xr pf 4 913state changes to other hosts over the network by means of 914.Xr pfsync 4 . 915The 916.Va pfsync_syncdev 917variable 918must also be set then. 919.It Va pfsync_syncdev 920.Pq Vt str 921Empty by default. 922This variable specifies the name of the network interface 923.Xr pfsync 4 924should operate through. 925It must be set accordingly if 926.Va pfsync_enable 927is set to 928.Dq Li YES . 929.It Va pfsync_syncpeer 930.Pq Vt str 931Empty by default. 932This variable is optional. 933By default, state change messages are sent out on the synchronisation 934interface using IP multicast packets. 935The protocol is IP protocol 240, PFSYNC, and the multicast group used is 936224.0.0.240. 937When a peer address is specified using the 938.Va pfsync_syncpeer 939option, the peer address is used as a destination for the pfsync 940traffic, and the traffic can then be protected using 941.Xr ipsec 4 . 942See the 943.Xr pfsync 4 944manpage for more details about using 945.Xr ipsec 4 946with 947.Xr pfsync 4 948interfaces. 949.It Va pfsync_ifconfig 950.Pq Vt str 951Empty by default. 952This variable can contain additional options to be passed to the 953.Xr ifconfig 8 954command used to set up 955.Xr pfsync 4 . 956.It Va tcp_extensions 957.Pq Vt bool 958Set to 959.Dq Li YES 960by default. 961Setting this to 962.Dq Li NO 963disables certain TCP options as described by 964.Rs 965.%T "RFC 1323" 966.Re 967Setting this to 968.Dq Li NO 969might help remedy such problems with connections as randomly hanging 970or other weird behavior. 971Some network devices are known 972to be broken with respect to these options. 973.It Va log_in_vain 974.Pq Vt int 975Set to 0 by default. 976The 977.Xr sysctl 8 978variables, 979.Va net.inet.tcp.log_in_vain 980and 981.Va net.inet.udp.log_in_vain , 982as described in 983.Xr tcp 4 984and 985.Xr udp 4 , 986are set to the given value. 987.It Va tcp_keepalive 988.Pq Vt bool 989Set to 990.Dq Li YES 991by default. 992Setting to 993.Dq Li NO 994will disable probing idle TCP connections to verify that the 995peer is still up and reachable. 996.It Va tcp_drop_synfin 997.Pq Vt bool 998Set to 999.Dq Li NO 1000by default. 1001Setting to 1002.Dq Li YES 1003will cause the kernel to ignore TCP frames that have both 1004the SYN and FIN flags set. 1005This prevents OS fingerprinting, but may 1006break some legitimate applications. 1007.It Va icmp_drop_redirect 1008.Pq Vt bool 1009Set to 1010.Dq Li NO 1011by default. 1012Setting to 1013.Dq Li YES 1014will cause the kernel to ignore ICMP REDIRECT packets. 1015Refer to 1016.Xr icmp 4 1017for more information. 1018.It Va icmp_log_redirect 1019.Pq Vt bool 1020Set to 1021.Dq Li NO 1022by default. 1023Setting to 1024.Dq Li YES 1025will cause the kernel to log ICMP REDIRECT packets. 1026Note that 1027the log messages are not rate-limited, so this option should only be used 1028for troubleshooting networks. 1029Refer to 1030.Xr icmp 4 1031for more information. 1032.It Va icmp_bmcastecho 1033.Pq Vt bool 1034Set to 1035.Dq Li YES 1036to respond to broadcast or multicast ICMP ping packets. 1037Refer to 1038.Xr icmp 4 1039for more information. 1040.It Va ip_portrange_first 1041.Pq Vt int 1042If not set to 1043.Dq Li NO , 1044this is the first port in the default portrange. 1045Refer to 1046.Xr ip 4 1047for more information. 1048.It Va ip_portrange_last 1049.Pq Vt int 1050If not set to 1051.Dq Li NO , 1052this is the last port in the default portrange. 1053Refer to 1054.Xr ip 4 1055for more information. 1056.It Va network_interfaces 1057.Pq Vt str 1058Set to the list of network interfaces to configure on this host or 1059.Dq Li AUTO 1060(the default) for all current interfaces. 1061Setting the 1062.Va network_interfaces 1063variable to anything other than the default is deprecated. 1064Interfaces that the administrator wishes to store configuration for, 1065but not start at boot should be configured with the 1066.Dq Li NOAUTO 1067keyword in their 1068.Va ifconfig_ Ns Aq Ar interface 1069variables as described below. 1070.Pp 1071An 1072.Va ifconfig_ Ns Aq Ar interface 1073variable is also assumed to exist for each value of 1074.Ar interface . 1075When an interface name contains any of the characters 1076.Dq Li .-/+ 1077they are translated to 1078.Dq Li _ 1079before lookup. 1080The variable can contain arguments to 1081.Xr ifconfig 8 , 1082as well as special case-insensitive keywords described below. 1083Such keywords are removed before passing the value to 1084.Xr ifconfig 8 1085while the order of the other arguments is preserved. 1086.Pp 1087One can configure more than one IPv4 address with the 1088.Va ipv4_addrs_ Ns Aq Ar interface 1089variable. 1090One or more IP addresses must be provided in Classless Inter-Domain 1091Routing (CIDR) address notation, whose last byte can be a range like 1092192.0.2.5-23/24. 1093In this case the address 192.0.2.5 will be configured with the 1094netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1095the non-conflicting netmask /32 as explained in the 1096.Xr ifconfig 8 1097alias section. 1098With the interface in question being 1099.Li ed0 , 1100an example could look like: 1101.Bd -literal 1102ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1103.Ed 1104.Pp 1105It is also possible to add IP alias entries using 1106.Xr ifconfig 8 1107syntax. 1108Assuming that the interface in question was 1109.Li ed0 , 1110it might look 1111something like this: 1112.Bd -literal 1113ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1114ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1115.Ed 1116.Pp 1117And so on. 1118For each 1119.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1120entry that is found, 1121its contents are passed to 1122.Xr ifconfig 8 . 1123Execution stops at the first unsuccessful access, so if 1124something like this is present: 1125.Bd -literal 1126ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1127ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1128ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1129ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1130.Ed 1131.Pp 1132Then note that alias4 would 1133.Em not 1134be added since the search would 1135stop with the missing 1136.Dq Li alias3 1137entry. 1138Due to this difficult to manage behavior, the 1139.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1140form is deprecated. 1141.Pp 1142If the 1143.Pa /etc/start_if. Ns Aq Ar interface 1144file is present, it is read and executed by the 1145.Xr sh 1 1146interpreter 1147before configuring the interface as specified in the 1148.Va ifconfig_ Ns Aq Ar interface 1149and 1150.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1151variables. 1152.Pp 1153If a 1154.Va wlans_ Ns Aq Ar interface 1155variable is set, 1156an 1157.Xr wlan 4 1158interface will be created for each item in the list with the 1159.Ar wlandev 1160argument set to 1161.Ar interface . 1162Further wlan cloning arguments may be passed to the 1163.Xr ifconfig 8 1164.Cm create 1165command by setting the 1166.Va create_args_ Ns Aq Ar interface 1167variable. 1168One or more 1169.Xr wlan 4 1170devices must be created for each wireless devices as of 1171.Fx 8.0 . 1172.Pp 1173If the 1174.Va ifconfig_ Ns Aq Ar interface 1175contains the keyword 1176.Dq Li NOAUTO 1177then the interface will not be configured 1178at boot or by 1179.Pa /etc/pccard_ether 1180when 1181.Va network_interfaces 1182is set to 1183.Dq Li AUTO . 1184.Pp 1185It is possible to bring up an interface with DHCP by adding 1186.Dq Li DHCP 1187to the 1188.Va ifconfig_ Ns Aq Ar interface 1189variable. 1190For instance, to initialize the 1191.Li ed0 1192device via DHCP, 1193it is possible to use something like: 1194.Bd -literal 1195ifconfig_ed0="DHCP" 1196.Ed 1197.Pp 1198Also, if you want to configure your wireless interface with 1199.Xr wpa_supplicant 8 1200for use with WPA, EAP/LEAP or WEP, you need to add 1201.Dq Li WPA 1202to the 1203.Va ifconfig_ Ns Aq Ar interface 1204variable. 1205.Pp 1206Finally, you can add 1207.Xr ifconfig 8 1208options in this variable, in addition to the 1209.Pa /etc/start_if. Ns Aq Ar interface 1210file. 1211For instance, configure an 1212.Xr ath 4 1213wireless device in station mode with an address obtained 1214via DHCP, using WPA authentication and 802.11b mode, it is 1215possible to use something like: 1216.Bd -literal 1217wlans_ath0="wlan0" 1218ifconfig_wlan0="DHCP WPA mode 11b" 1219.Ed 1220.Pp 1221In addition to the 1222.Va ifconfig_ Ns Aq Ar interface 1223form, a fallback variable 1224.Va ifconfig_DEFAULT 1225may be configured. 1226It will be used for all interfaces with no 1227.Va ifconfig_ Ns Aq Ar interface 1228variable. 1229This is intended to replace the no longer supported 1230.Va pccard_ifconfig 1231variable. 1232.Pp 1233It is also possible to rename interface by doing: 1234.Bd -literal 1235ifconfig_ed0_name="net0" 1236ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1237.Ed 1238.It Va ipv6_network_interfaces 1239.Pq Vt str 1240This is the IPv6 equivalent of 1241.Va network_interfaces . 1242Instead of setting the ifconfig variables as 1243.Va ifconfig_ Ns Aq Ar interface 1244they should be set as 1245.Va ipv6_ifconfig_ Ns Aq Ar interface . 1246Aliases should be set as 1247.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . 1248.Va ipv6_prefix_ Ns Aq Ar interface 1249does something. 1250Interfaces that do not have a 1251.Va ipv6_ifconfig_ Ns Aq Ar interface 1252setting will be auto configured by 1253.Xr rtsol 8 1254if the 1255.Va ipv6_gateway_enable 1256is set to 1257.Dq Li NO . 1258Note that the IPv6 networking code does not support the 1259.Pa /etc/start_if. Ns Aq Ar interface 1260files. 1261.It Va ipv6_default_interface 1262.Pq Vt str 1263If not set to 1264.Dq Li NO , 1265this is the default output interface for scoped addresses. 1266Now this works only for IPv6 link local multicast addresses. 1267.It Va cloned_interfaces 1268.Pq Vt str 1269Set to the list of clonable network interfaces to create on this host. 1270Entries in 1271.Va cloned_interfaces 1272are automatically appended to 1273.Va network_interfaces 1274for configuration. 1275.It Va fec_interfaces 1276.Pq Vt str 1277Set to the list of 1278.Xr ng_fec 4 1279Fast EtherChannel interfaces to configure on this host. 1280A 1281.Va fecconfig_ Ns Aq Ar interface 1282variable is assumed to exist for each value of 1283.Ar interface . 1284The value of this variable is used to configure link aggregated interfaces 1285according to the syntax of the 1286.Cm NGM_FEC_ADD_IFACE 1287to 1288.Xr ngctl 8 1289msg. 1290Additionally, this option ensures that each listed interface is created 1291via the 1292.Cm mkpeer 1293command to 1294.Xr ngctl 8 1295before attempting to configure it. 1296For example: 1297.Bd -literal 1298fec_interfaces="fec0" 1299fecconfig_fec0="em0 em1" 1300ifconfig_fec0="DHCP" 1301.Ed 1302.It Va gif_interfaces 1303.Pq Vt str 1304Set to the list of 1305.Xr gif 4 1306tunnel interfaces to configure on this host. 1307A 1308.Va gifconfig_ Ns Aq Ar interface 1309variable is assumed to exist for each value of 1310.Ar interface . 1311The value of this variable is used to configure the link layer of the 1312tunnel according to the syntax of the 1313.Cm tunnel 1314option to 1315.Xr ifconfig 8 . 1316Additionally, this option ensures that each listed interface is created 1317via the 1318.Cm create 1319option to 1320.Xr ifconfig 8 1321before attempting to configure it. 1322.It Va sppp_interfaces 1323.Pq Vt str 1324Set to the list of 1325.Xr sppp 4 1326interfaces to configure on this host. 1327A 1328.Va spppconfig_ Ns Aq Ar interface 1329variable is assumed to exist for each value of 1330.Ar interface . 1331Each interface should also be configured by a general 1332.Va ifconfig_ Ns Aq Ar interface 1333setting. 1334Refer to 1335.Xr spppcontrol 8 1336for more information about available options. 1337.It Va ppp_enable 1338.Pq Vt bool 1339If set to 1340.Dq Li YES , 1341run the 1342.Xr ppp 8 1343daemon. 1344.It Va ppp_profile 1345.Pq Vt str 1346The name of the profile to use from 1347.Pa /etc/ppp/ppp.conf . 1348Also used for per-profile overrides of 1349.Va ppp_mode 1350and 1351.Va ppp_nat , 1352and 1353.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1354When the profile name contains any of the characters 1355.Dq Li .-/+ 1356they are translated to 1357.Dq Li _ 1358for the proposes of the override variable names. 1359.It Va ppp_mode 1360.Pq Vt str 1361Mode in which to run the 1362.Xr ppp 8 1363daemon. 1364.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1365.Pq Vt str 1366Overrides the global 1367.Va ppp_mode 1368for 1369.Ar profile . 1370Accepted modes are 1371.Dq Li auto , 1372.Dq Li ddial , 1373.Dq Li direct 1374and 1375.Dq Li dedicated . 1376See the manual for a full description. 1377.It Va ppp_nat 1378.Pq Vt bool 1379If set to 1380.Dq Li YES , 1381enables network address translation. 1382Used in conjunction with 1383.Va gateway_enable 1384allows hosts on private network addresses access to the Internet using 1385this host as a network address translating router. 1386.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1387.Pq Vt str 1388Overrides the global 1389.Va ppp_nat 1390for 1391.Ar profile . 1392.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1393.Pq Vt int 1394Set the unit number to be used for this profile. 1395See the manual description of 1396.Fl unit Ns Ar N 1397for details. 1398.It Va ppp_user 1399.Pq Vt str 1400The name of the user under which 1401.Xr ppp 8 1402should be started. 1403By 1404default, 1405.Xr ppp 8 1406is started as 1407.Dq Li root . 1408.It Va rc_conf_files 1409.Pq Vt str 1410This option is used to specify a list of files that will override 1411the settings in 1412.Pa /etc/defaults/rc.conf . 1413The files will be read in the order in which they are specified and should 1414include the full path to the file. 1415By default, the files specified are 1416.Pa /etc/rc.conf 1417and 1418.Pa /etc/rc.conf.local 1419.It Va zfs_enable 1420.Pq Vt bool 1421If set to 1422.Dq Li YES , 1423.Pa /etc/rc.d/zfs 1424will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1425(ZVOLs). 1426.It Va gbde_autoattach_all 1427.Pq Vt bool 1428If set to 1429.Dq Li YES , 1430.Pa /etc/rc.d/gbde 1431will attempt to automatically initialize your .bde devices in 1432.Pa /etc/fstab . 1433.It Va gbde_devices 1434.Pq Vt str 1435List the devices that the script should try to attach, 1436or 1437.Dq Li AUTO . 1438.It Va gbde_lockdir 1439.Pq Vt str 1440The directory where the 1441.Xr gbde 4 1442lockfiles are located. 1443The default lockfile directory is 1444.Pa /etc . 1445.Pp 1446The lockfile for each individual 1447.Xr gbde 4 1448device can be overridden by setting the variable 1449.Va gbde_lock_ Ns Aq Ar device , 1450where 1451.Ar device 1452is the encrypted device without the 1453.Dq Pa /dev/ 1454and 1455.Dq Pa .bde 1456parts. 1457.It Va gbde_attach_attempts 1458.Pq Vt int 1459Number of times to attempt attaching to a 1460.Xr gbde 4 1461device, i.e., how many times the user is asked for the pass-phrase. 1462Default is 3. 1463.It Va geli_devices 1464.Pq Vt str 1465List of devices to automatically attach on boot. 1466Note that .eli devices from 1467.Pa /etc/fstab 1468are automatically appended to this list. 1469.It Va geli_tries 1470.Pq Vt int 1471Number of times user is asked for the pass-phrase. 1472If empty, it will be taken from 1473.Va kern.geom.eli.tries 1474sysctl variable. 1475.It Va geli_default_flags 1476.Pq Vt str 1477Default flags to use by 1478.Xr geli 8 1479when configuring disk encryption. 1480Flags can be configured for every device separately by defining 1481.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1482variable. 1483.It Va geli_autodetach 1484.Pq Vt str 1485Specifies if GELI devices should be marked for detach on last close after 1486file systems are mounted. 1487Default is 1488.Dq Li YES . 1489This can be changed for every device separately by defining 1490.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1491variable. 1492.It Va geli_swap_flags 1493Options passed to the 1494.Xr geli 8 1495utility when encrypted GEOM providers for swap partitions are created. 1496The default is 1497.Dq Li "-a aes -l 256 -s 4096 -d" . 1498.It Va root_rw_mount 1499.Pq Vt bool 1500Set to 1501.Dq Li YES 1502by default. 1503After the file systems are checked at boot time, the root file system 1504is remounted as read-write if this is set to 1505.Dq Li YES . 1506Diskless systems that mount their root file system from a read-only remote 1507NFS share should set this to 1508.Dq Li NO 1509in their 1510.Pa rc.conf . 1511.It Va fsck_y_enable 1512.Pq Vt bool 1513If set to 1514.Dq Li YES , 1515.Xr fsck 8 1516will be run with the 1517.Fl y 1518flag if the initial preen 1519of the file systems fails. 1520.It Va background_fsck 1521.Pq Vt bool 1522If set to 1523.Dq Li YES , 1524the system will attempt to run 1525.Xr fsck 8 1526in the background where possible. 1527.It Va background_fsck_delay 1528.Pq Vt int 1529The amount of time in seconds to sleep before starting a background 1530.Xr fsck 8 . 1531It defaults to sixty seconds to allow large applications such as 1532the X server to start before disk I/O bandwidth is monopolized by 1533.Xr fsck 8 . 1534If set to a negative number, the background file system check will be 1535delayed indefinitely to allow the administrator to run it at a more 1536convenient time. 1537For example it may be run from 1538.Xr cron 8 1539by adding a line like 1540.Pp 1541.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1542.Pp 1543to 1544.Pa /etc/crontab . 1545.It Va netfs_types 1546.Pq Vt str 1547List of file system types that are network-based. 1548This list should generally not be modified by end users. 1549Use 1550.Va extra_netfs_types 1551instead. 1552.It Va extra_netfs_types 1553.Pq Vt str 1554If set to something other than 1555.Dq Li NO 1556(the default), 1557this variable extends the list of file system types 1558for which automatic mounting at startup by 1559.Xr rc 8 1560should be delayed until the network is initialized. 1561It should contain 1562a whitespace-separated list of network file system descriptor pairs, 1563each consisting of a file system type as passed to 1564.Xr mount 8 1565and a human-readable, one-word description, 1566joined with a colon 1567.Pq Ql \&: . 1568Extending the default list in this way is only necessary 1569when third party file system types are used. 1570.It Va syslogd_enable 1571.Pq Vt bool 1572If set to 1573.Dq Li YES , 1574run the 1575.Xr syslogd 8 1576daemon. 1577.It Va syslogd_program 1578.Pq Vt str 1579Path to 1580.Xr syslogd 8 1581(default 1582.Pa /usr/sbin/syslogd ) . 1583.It Va syslogd_flags 1584.Pq Vt str 1585If 1586.Va syslogd_enable 1587is set to 1588.Dq Li YES , 1589these are the flags to pass to 1590.Xr syslogd 8 . 1591.It Va inetd_enable 1592.Pq Vt bool 1593If set to 1594.Dq Li YES , 1595run the 1596.Xr inetd 8 1597daemon. 1598.It Va inetd_program 1599.Pq Vt str 1600Path to 1601.Xr inetd 8 1602(default 1603.Pa /usr/sbin/inetd ) . 1604.It Va inetd_flags 1605.Pq Vt str 1606If 1607.Va inetd_enable 1608is set to 1609.Dq Li YES , 1610these are the flags to pass to 1611.Xr inetd 8 . 1612.It Va named_enable 1613.Pq Vt bool 1614If set to 1615.Dq Li YES , 1616run the 1617.Xr named 8 1618daemon. 1619.It Va named_program 1620.Pq Vt str 1621Path to 1622.Xr named 8 1623(default 1624.Pa /usr/sbin/named ) . 1625.It Va named_flags 1626.Pq Vt str 1627If 1628.Va named_enable 1629is set to 1630.Dq Li YES , 1631these are the flags to pass to 1632.Xr named 8 . 1633.It Va named_pidfile 1634.Pq Vt str 1635This is the default path to the 1636.Xr named 8 1637daemon's PID file. 1638This must match the location in 1639.Xr named.conf 5 . 1640.It Va named_uid 1641.Pq Vt str 1642The user that the 1643.Xr named 8 1644process should be run as. 1645.It Va named_chrootdir 1646.Pq Vt str 1647The root directory for a name server run in a 1648.Xr chroot 8 1649environment (default 1650.Pa /var/named ) . 1651If left empty 1652.Xr named 8 1653will not be run in a 1654.Xr chroot 8 1655environment. 1656.It Va named_chroot_autoupdate 1657.Pq Vt bool 1658Set to 1659.Dq Li NO 1660to disable automatic update of the 1661.Xr chroot 8 1662environment. 1663.It Va named_symlink_enable 1664.Pq Vt bool 1665Set to 1666.Dq Li NO 1667to disable symlinking of 1668daemon's PID file 1669into the 1670.Xr chroot 8 1671environment. 1672.It Va kerberos5_server_enable 1673.Pq Vt bool 1674Set to 1675.Dq Li YES 1676to start a Kerberos 5 authentication server 1677at boot time. 1678.It Va kerberos5_server 1679.Pq Vt str 1680If 1681.Va kerberos5_server_enable 1682is set to 1683.Dq Li YES 1684this is the path to Kerberos 5 Authentication Server. 1685.It Va kerberos5_server_flags 1686.Pq Vt str 1687Empty by default. 1688This variable contains additional flags to be passed to the Kerberos 5 1689authentication server. 1690.It Va kadmind5_server_enable 1691.Pq Vt bool 1692Set to 1693.Dq Li YES 1694to start 1695.Xr kadmind 8 , 1696the Kerberos 5 Administration Daemon; set to 1697.Dq Li NO 1698on a slave server. 1699.It Va kadmind5_server 1700.Pq Vt str 1701If 1702.Va kadmind5_server_enable 1703is set to 1704.Dq Li YES 1705this is the path to Kerberos 5 Administration Daemon. 1706.It Va kpasswdd_server_enable 1707.Pq Vt bool 1708Set to 1709.Dq Li YES 1710to start 1711.Xr kpasswdd 8 , 1712the Kerberos 5 Password-Changing Daemon; set to 1713.Dq Li NO 1714on a slave server. 1715.It Va kpasswdd_server 1716.Pq Vt str 1717If 1718.Va kpasswdd_server_enable 1719is set to 1720.Dq Li YES 1721this is the path to Kerberos 5 Password-Changing Daemon. 1722.It Va rwhod_enable 1723.Pq Vt bool 1724If set to 1725.Dq Li YES , 1726run the 1727.Xr rwhod 8 1728daemon at boot time. 1729.It Va rwhod_flags 1730.Pq Vt str 1731If 1732.Va rwhod_enable 1733is set to 1734.Dq Li YES , 1735these are the flags to pass to it. 1736.It Va amd_enable 1737.Pq Vt bool 1738If set to 1739.Dq Li YES , 1740run the 1741.Xr amd 8 1742daemon at boot time. 1743.It Va amd_flags 1744.Pq Vt str 1745If 1746.Va amd_enable 1747is set to 1748.Dq Li YES , 1749these are the flags to pass to it. 1750See the 1751.Xr amd 8 1752manpage for more information. 1753.It Va amd_map_program 1754.Pq Vt str 1755If set, 1756the specified program is run to get the list of 1757.Xr amd 8 1758maps. 1759For example, if the 1760.Xr amd 8 1761maps are stored in NIS, one can set this to 1762run 1763.Xr ypcat 1 1764to get a list of 1765.Xr amd 8 1766maps from the 1767.Pa amd.master 1768NIS map. 1769.It Va update_motd 1770.Pq Vt bool 1771If set to 1772.Dq Li YES , 1773.Pa /etc/motd 1774will be updated at boot time to reflect the kernel release 1775being run. 1776If set to 1777.Dq Li NO , 1778.Pa /etc/motd 1779will not be updated. 1780.It Va nfs_client_enable 1781.Pq Vt bool 1782If set to 1783.Dq Li YES , 1784run the NFS client daemons at boot time. 1785.It Va nfs_access_cache 1786.Pq Vt int 1787If 1788.Va nfs_client_enable 1789is set to 1790.Dq Li YES , 1791this can be set to 1792.Dq Li 0 1793to disable NFS ACCESS RPC caching, or to the number of seconds for which 1794NFS ACCESS 1795results should be cached. 1796A value of 2-10 seconds will substantially reduce network 1797traffic for many NFS operations. 1798.It Va nfs_server_enable 1799.Pq Vt bool 1800If set to 1801.Dq Li YES , 1802run the NFS server daemons at boot time. 1803.It Va nfs_server_flags 1804.Pq Vt str 1805If 1806.Va nfs_server_enable 1807is set to 1808.Dq Li YES , 1809these are the flags to pass to the 1810.Xr nfsd 8 1811daemon. 1812.It Va idmapd_enable 1813.Pq Vt bool 1814If set to 1815.Dq Li YES , 1816run the ID mapping daemon for NFS version 4. 1817.It Va idmapd_flags 1818.Pq Vt str 1819If 1820.Va idmapd_enable 1821is set to 1822.Dq Li YES , 1823these are the flags to pass to the 1824.Xr idmapd 8 1825daemon. 1826.It Va mountd_enable 1827.Pq Vt bool 1828If set to 1829.Dq Li YES , 1830and no 1831.Va nfs_server_enable 1832is set, start 1833.Xr mountd 8 , 1834but not 1835.Xr nfsd 8 1836daemon. 1837It is commonly needed to run CFS without real NFS used. 1838.It Va mountd_flags 1839.Pq Vt str 1840If 1841.Va mountd_enable 1842is set to 1843.Dq Li YES , 1844these are the flags to pass to the 1845.Xr mountd 8 1846daemon. 1847.It Va weak_mountd_authentication 1848.Pq Vt bool 1849If set to 1850.Dq Li YES , 1851allow services like PCNFSD to make non-privileged mount 1852requests. 1853.It Va nfs_reserved_port_only 1854.Pq Vt bool 1855If set to 1856.Dq Li YES , 1857provide NFS services only on a secure port. 1858.It Va nfs_bufpackets 1859.Pq Vt int 1860If set to a number, indicates the number of packets worth of 1861socket buffer space to reserve on an NFS client. 1862The kernel default is typically 4. 1863Using a higher number may be 1864useful on gigabit networks to improve performance. 1865The minimum value is 18662 and the maximum is 64. 1867.It Va rpc_lockd_enable 1868.Pq Vt bool 1869If set to 1870.Dq Li YES 1871and also an NFS server or client, run 1872.Xr rpc.lockd 8 1873at boot time. 1874.It Va rpc_lockd_flags 1875.Pq Vt str 1876If 1877.Va rpc_lockd_enable 1878is set to 1879.Dq Li YES , 1880these are the flags to pass to the 1881.Xr rpc.lockd 8 1882daemon. 1883.It Va rpc_statd_enable 1884.Pq Vt bool 1885If set to 1886.Dq Li YES 1887and also an NFS server or client, run 1888.Xr rpc.statd 8 1889at boot time. 1890.It Va rpc_statd_flags 1891.Pq Vt str 1892If 1893.Va rpc_statd_enable 1894is set to 1895.Dq Li YES , 1896these are the flags to pass to the 1897.Xr rpc.statd 8 1898daemon. 1899.It Va rpcbind_program 1900.Pq Vt str 1901Path to 1902.Xr rpcbind 8 1903(default 1904.Pa /usr/sbin/rpcbind ) . 1905.It Va rpcbind_enable 1906.Pq Vt bool 1907If set to 1908.Dq Li YES , 1909run the 1910.Xr rpcbind 8 1911service at boot time. 1912.It Va rpcbind_flags 1913.Pq Vt str 1914If 1915.Va rpcbind_enable 1916is set to 1917.Dq Li YES , 1918these are the flags to pass to the 1919.Xr rpcbind 8 1920daemon. 1921.It Va keyserv_enable 1922.Pq Vt bool 1923If set to 1924.Dq Li YES , 1925run the 1926.Xr keyserv 8 1927daemon on boot for running Secure RPC. 1928.It Va keyserv_flags 1929.Pq Vt str 1930If 1931.Va keyserv_enable 1932is set to 1933.Dq Li YES , 1934these are the flags to pass to 1935.Xr keyserv 8 1936daemon. 1937.It Va pppoed_enable 1938.Pq Vt bool 1939If set to 1940.Dq Li YES , 1941run the 1942.Xr pppoed 8 1943daemon at boot time to provide PPP over Ethernet services. 1944.It Va pppoed_ Ns Aq Ar provider 1945.Pq Vt str 1946.Xr pppoed 8 1947listens to requests to this 1948.Ar provider 1949and ultimately runs 1950.Xr ppp 8 1951with a 1952.Ar system 1953argument of the same name. 1954.It Va pppoed_flags 1955.Pq Vt str 1956Additional flags to pass to 1957.Xr pppoed 8 . 1958.It Va pppoed_interface 1959.Pq Vt str 1960The network interface to run 1961.Xr pppoed 8 1962on. 1963This is mandatory when 1964.Va pppoed_enable 1965is set to 1966.Dq Li YES . 1967.It Va timed_enable 1968.Pq Vt bool 1969If set to 1970.Dq Li YES , 1971run the 1972.Xr timed 8 1973service at boot time. 1974This command is intended for networks of 1975machines where a consistent 1976.Dq "network time" 1977for all hosts must be established. 1978This is often useful in large NFS 1979environments where time stamps on files are expected to be consistent 1980network-wide. 1981.It Va timed_flags 1982.Pq Vt str 1983If 1984.Va timed_enable 1985is set to 1986.Dq Li YES , 1987these are the flags to pass to the 1988.Xr timed 8 1989service. 1990.It Va ntpdate_enable 1991.Pq Vt bool 1992If set to 1993.Dq Li YES , 1994run 1995.Xr ntpdate 8 1996at system startup. 1997This command is intended to 1998synchronize the system clock only 1999.Em once 2000from some standard reference. 2001An option to set this up initially 2002(from a list of known servers) is also provided by the 2003.Xr sysinstall 8 2004program when the system is first installed. 2005.It Va ntpdate_config 2006.Pq Vt str 2007Configuration file for 2008.Xr ntpdate 8 . 2009Default 2010.Pa /etc/ntp.conf . 2011.It Va ntpdate_hosts 2012.Pq Vt str 2013A whitespace-separated list of NTP servers to synchronize with at startup. 2014The default is to use the servers listed in 2015.Va ntpdate_config , 2016if that file exists. 2017.It Va ntpdate_program 2018.Pq Vt str 2019Path to 2020.Xr ntpdate 8 2021(default 2022.Pa /usr/sbin/ntpdate ) . 2023.It Va ntpdate_flags 2024.Pq Vt str 2025If 2026.Va ntpdate_enable 2027is set to 2028.Dq Li YES , 2029these are the flags to pass to the 2030.Xr ntpdate 8 2031command (typically a hostname). 2032.It Va ntpd_enable 2033.Pq Vt bool 2034If set to 2035.Dq Li YES , 2036run the 2037.Xr ntpd 8 2038command at boot time. 2039.It Va ntpd_program 2040.Pq Vt str 2041Path to 2042.Xr ntpd 8 2043(default 2044.Pa /usr/sbin/ntpd ) . 2045.It Va ntpd_config 2046.Pq Vt str 2047Path to 2048.Xr ntpd 8 2049configuration file. 2050Default 2051.Pa /etc/ntp.conf . 2052.It Va ntpd_flags 2053.Pq Vt str 2054If 2055.Va ntpd_enable 2056is set to 2057.Dq Li YES , 2058these are the flags to pass to the 2059.Xr ntpd 8 2060daemon. 2061.It Va ntpd_sync_on_start 2062.Pq Vt bool 2063If set to 2064.Dq Li YES , 2065.Xr ntpd 8 2066is run with the 2067.Fl g 2068flag, which syncs the system's clock on startup. 2069See 2070.Xr ntpd 8 2071for more information regarding the 2072.Fl g 2073option. 2074This is a preferred alternative to using 2075.Xr ntpdate 8 2076or specifying the 2077.Va ntpdate_enable 2078variable. 2079.It Va nis_client_enable 2080.Pq Vt bool 2081If set to 2082.Dq Li YES , 2083run the 2084.Xr ypbind 8 2085service at system boot time. 2086.It Va nis_client_flags 2087.Pq Vt str 2088If 2089.Va nis_client_enable 2090is set to 2091.Dq Li YES , 2092these are the flags to pass to the 2093.Xr ypbind 8 2094service. 2095.It Va nis_ypset_enable 2096.Pq Vt bool 2097If set to 2098.Dq Li YES , 2099run the 2100.Xr ypset 8 2101daemon at system boot time. 2102.It Va nis_ypset_flags 2103.Pq Vt str 2104If 2105.Va nis_ypset_enable 2106is set to 2107.Dq Li YES , 2108these are the flags to pass to the 2109.Xr ypset 8 2110daemon. 2111.It Va nis_server_enable 2112.Pq Vt bool 2113If set to 2114.Dq Li YES , 2115run the 2116.Xr ypserv 8 2117daemon at system boot time. 2118.It Va nis_server_flags 2119.Pq Vt str 2120If 2121.Va nis_server_enable 2122is set to 2123.Dq Li YES , 2124these are the flags to pass to the 2125.Xr ypserv 8 2126daemon. 2127.It Va nis_ypxfrd_enable 2128.Pq Vt bool 2129If set to 2130.Dq Li YES , 2131run the 2132.Xr rpc.ypxfrd 8 2133daemon at system boot time. 2134.It Va nis_ypxfrd_flags 2135.Pq Vt str 2136If 2137.Va nis_ypxfrd_enable 2138is set to 2139.Dq Li YES , 2140these are the flags to pass to the 2141.Xr rpc.ypxfrd 8 2142daemon. 2143.It Va nis_yppasswdd_enable 2144.Pq Vt bool 2145If set to 2146.Dq Li YES , 2147run the 2148.Xr rpc.yppasswdd 8 2149daemon at system boot time. 2150.It Va nis_yppasswdd_flags 2151.Pq Vt str 2152If 2153.Va nis_yppasswdd_enable 2154is set to 2155.Dq Li YES , 2156these are the flags to pass to the 2157.Xr rpc.yppasswdd 8 2158daemon. 2159.It Va rpc_ypupdated_enable 2160.Pq Vt bool 2161If set to 2162.Dq Li YES , 2163run the 2164.Nm rpc.ypupdated 2165daemon at system boot time. 2166.It Va bsnmpd_enable 2167.Pq Vt bool 2168If set to 2169.Dq Li YES , 2170run the 2171.Xr bsnmpd 1 2172daemon at system boot time. 2173Be sure to understand the security implications of running SNMP daemon 2174on your host. 2175.It Va bsnmpd_flags 2176.Pq Vt str 2177If 2178.Va bsnmpd_enable 2179is set to 2180.Dq Li YES , 2181these are the flags to pass to the 2182.Xr bsnmpd 1 2183daemon. 2184.It Va defaultrouter 2185.Pq Vt str 2186If not set to 2187.Dq Li NO , 2188create a default route to this host name or IP address 2189(use an IP address if this router is also required to get to the 2190name server!). 2191.It Va ipv6_defaultrouter 2192.Pq Vt str 2193The IPv6 equivalent of 2194.Va defaultrouter . 2195.It Va static_routes 2196.Pq Vt str 2197Set to the list of static routes that are to be added at system 2198boot time. 2199If not set to 2200.Dq Li NO 2201then for each whitespace separated 2202.Ar element 2203in the value, a 2204.Va route_ Ns Aq Ar element 2205variable is assumed to exist 2206whose contents will later be passed to a 2207.Dq Nm route Cm add 2208operation. 2209For example: 2210.Bd -literal 2211static_routes="mcast gif0local" 2212route_mcast="-net 224.0.0.0/4 -iface gif0" 2213route_gif0local="-host 169.254.1.1 -iface lo0" 2214.Ed 2215.It Va ipv6_static_routes 2216.Pq Vt str 2217The IPv6 equivalent of 2218.Va static_routes . 2219If not set to 2220.Dq Li NO 2221then for each whitespace separated 2222.Ar element 2223in the value, a 2224.Va ipv6_route_ Ns Aq Ar element 2225variable is assumed to exist 2226whose contents will later be passed to a 2227.Dq Nm route Cm add Fl inet6 2228operation. 2229.It Va natm_static_routes 2230.Pq Vt str 2231The 2232.Xr natmip 4 2233equivalent of 2234.Va static_routes . 2235If not empty then for each whitespace separated 2236.Ar element 2237in the value, a 2238.Va route_ Ns Aq Ar element 2239variable is assumed to exist whose contents will later be passed to a 2240.Dq Nm atmconfig Cm natm Cm add 2241operation. 2242.It Va gateway_enable 2243.Pq Vt bool 2244If set to 2245.Dq Li YES , 2246configure host to act as an IP router, e.g.\& to forward packets 2247between interfaces. 2248.It Va ipv6_gateway_enable 2249.Pq Vt bool 2250The IPv6 equivalent of 2251.Va gateway_enable . 2252.It Va router_enable 2253.Pq Vt bool 2254If set to 2255.Dq Li YES , 2256run a routing daemon of some sort, based on the 2257settings of 2258.Va router 2259and 2260.Va router_flags . 2261.It Va ipv6_router_enable 2262.Pq Vt bool 2263The IPv6 equivalent of 2264.Va router_enable . 2265If set to 2266.Dq Li YES , 2267run a routing daemon of some sort, based on the 2268settings of 2269.Va ipv6_router 2270and 2271.Va ipv6_router_flags . 2272.It Va router 2273.Pq Vt str 2274If 2275.Va router_enable 2276is set to 2277.Dq Li YES , 2278this is the name of the routing daemon to use. 2279.It Va ipv6_router 2280.Pq Vt str 2281The IPv6 equivalent of 2282.Va router . 2283.It Va router_flags 2284.Pq Vt str 2285If 2286.Va router_enable 2287is set to 2288.Dq Li YES , 2289these are the flags to pass to the routing daemon. 2290.It Va ipv6_router_flags 2291.Pq Vt str 2292The IPv6 equivalent of 2293.Va router_flags . 2294.It Va mrouted_enable 2295.Pq Vt bool 2296If set to 2297.Dq Li YES , 2298run the multicast routing daemon, 2299.Xr mrouted 8 . 2300.It Va mroute6d_enable 2301.Pq Vt bool 2302The IPv6 equivalent of 2303.Va mrouted_enable . 2304If set to 2305.Dq Li YES , 2306run the IPv6 multicast routing daemon. 2307.Pp 2308Note that multicast routing daemons are no longer included in the 2309.Fx 2310base system, however, both 2311.Xr mrouted 8 2312and 2313.Xr pim6dd 8 2314may be installed from the 2315.Fx 2316Ports Collection. 2317.It Va mrouted_flags 2318.Pq Vt str 2319If 2320.Va mrouted_enable 2321is set to 2322.Dq Li YES , 2323these are the flags to pass to the 2324.Xr mrouted 8 2325daemon. 2326.It Va mroute6d_flags 2327.Pq Vt str 2328The IPv6 equivalent of 2329.Va mrouted_flags . 2330If 2331.Va mroute6d_enable 2332is set to 2333.Dq Li YES , 2334these are the flags passed to the IPv6 multicast routing daemon. 2335.It Va mroute6d_program 2336.Pq Vt str 2337If 2338.Va mroute6d_enable 2339is set to 2340.Dq Li YES , 2341this is the path to the IPv6 multicast routing daemon. 2342.It Va rtadvd_enable 2343.Pq Vt bool 2344If set to 2345.Dq Li YES , 2346run the 2347.Xr rtadvd 8 2348daemon at boot time. 2349.Xr rtadvd 8 2350will only run if 2351.Va ipv6_gateway_enable 2352is also set to 2353.Dq Li YES . 2354The 2355.Xr rtadvd 8 2356utility sends router advertisement packets to the interfaces specified in 2357.Va rtadvd_interfaces 2358and should only be enabled with great care. 2359You may want to fine-tune 2360.Xr rtadvd.conf 5 . 2361.It Va rtadvd_interfaces 2362.Pq Vt str 2363If 2364.Va rtadvd_enable 2365is set to 2366.Dq Li YES 2367this is the list of interfaces to use. 2368.It Va ipxgateway_enable 2369.Pq Vt bool 2370If set to 2371.Dq Li YES , 2372enable the routing of IPX traffic. 2373.It Va ipxrouted_enable 2374.Pq Vt bool 2375If set to 2376.Dq Li YES , 2377run the 2378.Xr IPXrouted 8 2379daemon at system boot time. 2380.It Va ipxrouted_flags 2381.Pq Vt str 2382If 2383.Va ipxrouted_enable 2384is set to 2385.Dq Li YES , 2386these are the flags to pass to the 2387.Xr IPXrouted 8 2388daemon. 2389.It Va arpproxy_all 2390.Pq Vt bool 2391If set to 2392.Dq Li YES , 2393enable global proxy ARP. 2394.It Va forward_sourceroute 2395.Pq Vt bool 2396If set to 2397.Dq Li YES 2398and 2399.Va gateway_enable 2400is also set to 2401.Dq Li YES , 2402source-routed packets are forwarded. 2403.It Va accept_sourceroute 2404.Pq Vt bool 2405If set to 2406.Dq Li YES , 2407the system will accept source-routed packets directed at it. 2408.It Va rarpd_enable 2409.Pq Vt bool 2410If set to 2411.Dq Li YES , 2412run the 2413.Xr rarpd 8 2414daemon at system boot time. 2415.It Va rarpd_flags 2416.Pq Vt str 2417If 2418.Va rarpd_enable 2419is set to 2420.Dq Li YES , 2421these are the flags to pass to the 2422.Xr rarpd 8 2423daemon. 2424.It Va bootparamd_enable 2425.Pq Vt bool 2426If set to 2427.Dq Li YES , 2428run the 2429.Xr bootparamd 8 2430daemon at system boot time. 2431.It Va bootparamd_flags 2432.Pq Vt str 2433If 2434.Va bootparamd_enable 2435is set to 2436.Dq Li YES , 2437these are the flags to pass to the 2438.Xr bootparamd 8 2439daemon. 2440.It Va stf_interface_ipv4addr 2441.Pq Vt str 2442If not set to 2443.Dq Li NO , 2444this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2445interface). 2446Specify this entry to enable the 6to4 interface. 2447.It Va stf_interface_ipv4plen 2448.Pq Vt int 2449Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2450An effective value is 0-31. 2451.It Va stf_interface_ipv6_ifid 2452.Pq Vt str 2453IPv6 interface ID for 2454.Xr stf 4 . 2455This can be set to 2456.Dq Li AUTO . 2457.It Va stf_interface_ipv6_slaid 2458.Pq Vt str 2459IPv6 Site Level Aggregator for 2460.Xr stf 4 . 2461.It Va ipv6_faith_prefix 2462.Pq Vt str 2463If not set to 2464.Dq Li NO , 2465this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2466translator. 2467You also need 2468.Xr faithd 8 2469setup. 2470.It Va ipv6_ipv4mapping 2471.Pq Vt bool 2472If set to 2473.Dq Li YES 2474this enables IPv4 mapped IPv6 address communication (like 2475.Li ::ffff:a.b.c.d ) . 2476.It Va atm_enable 2477.Pq Vt bool 2478Set to 2479.Dq Li YES 2480to enable the configuration of ATM interfaces at system boot time. 2481For all of the ATM variables described below, please refer to the 2482.Xr atm 8 2483manual page for further details on the available command parameters. 2484Also refer to the files in 2485.Pa /usr/share/examples/atm 2486for more detailed configuration information. 2487.It Va atm_load 2488.Pq Vt str 2489This is a list of physical ATM interface drivers to load. 2490Typical values are 2491.Dq Li hfa_pci 2492and/or 2493.Dq Li hea_pci . 2494.It Va atm_netif_ Ns Aq Ar intf 2495.Pq Vt str 2496For the ATM physical interface 2497.Ar intf , 2498this variable defines the name prefix and count for the ATM network 2499interfaces to be created. 2500The value will be passed as the parameters of an 2501.Dq Nm atm Cm "set netif" Ar intf 2502command. 2503.It Va atm_sigmgr_ Ns Aq Ar intf 2504.Pq Vt str 2505For the ATM physical interface 2506.Ar intf , 2507this variable defines the ATM signalling manager to be used. 2508The value will be passed as the parameters of an 2509.Dq Nm atm Cm attach Ar intf 2510command. 2511.It Va atm_prefix_ Ns Aq Ar intf 2512.Pq Vt str 2513For the ATM physical interface 2514.Ar intf , 2515this variable defines the NSAP prefix for interfaces using a UNI signalling 2516manager. 2517If set to 2518.Dq Li ILMI , 2519the prefix will automatically be set via the 2520.Xr ilmid 8 2521daemon. 2522Otherwise, the value will be passed as the parameters of an 2523.Dq Nm atm Cm "set prefix" Ar intf 2524command. 2525.It Va atm_macaddr_ Ns Aq Ar intf 2526.Pq Vt str 2527For the ATM physical interface 2528.Ar intf , 2529this variable defines the MAC address for interfaces using a UNI signalling 2530manager. 2531If set to 2532.Dq Li NO , 2533the hardware MAC address contained in the ATM interface card will be used. 2534Otherwise, the value will be passed as the parameters of an 2535.Dq Nm atm Cm "set mac" Ar intf 2536command. 2537.It Va atm_arpserver_ Ns Aq Ar netif 2538.Pq Vt str 2539For the ATM network interface 2540.Ar netif , 2541this variable defines the ATM address for a host which is to provide ATMARP 2542service. 2543This variable is only applicable to interfaces using a UNI signalling 2544manager. 2545If set to 2546.Dq Li local , 2547this host will become an ATMARP server. 2548The value will be passed as the parameters of an 2549.Dq Nm atm Cm "set arpserver" Ar netif 2550command. 2551.It Va atm_scsparp_ Ns Aq Ar netif 2552.Pq Vt bool 2553If set to 2554.Dq Li YES , 2555SCSP/ATMARP service for the network interface 2556.Ar netif 2557will be initiated using the 2558.Xr scspd 8 2559and 2560.Xr atmarpd 8 2561daemons. 2562This variable is only applicable if 2563.Va atm_arpserver_ Ns Aq Ar netif 2564is set to 2565.Dq Li local . 2566.It Va atm_pvcs 2567.Pq Vt str 2568Set to the list of ATM PVCs to be added at system 2569boot time. 2570For each whitespace separated 2571.Ar element 2572in the value, an 2573.Va atm_pvc_ Ns Aq Ar element 2574variable is assumed to exist. 2575The value of each of these variables 2576will be passed as the parameters of an 2577.Dq Nm atm Cm "add pvc" 2578command. 2579.It Va atm_arps 2580.Pq Vt str 2581Set to the list of permanent ATM ARP entries to be added 2582at system boot time. 2583For each whitespace separated 2584.Ar element 2585in the value, an 2586.Va atm_arp_ Ns Aq Ar element 2587variable is assumed to exist. 2588The value of each of these variables 2589will be passed as the parameters of an 2590.Dq Nm atm Cm "add arp" 2591command. 2592.It Va natm_interfaces 2593.Pq Vt str 2594Set to the list of 2595.Xr natm 4 2596interfaces that will also be used for HARP through 2597.Xr harp 4 . 2598If this list is not empty all interfaces in the list will be brought up 2599with 2600.Xr ifconfig 8 2601and 2602.Xr harp 4 2603will be loaded. 2604For this to work the interface drivers must be either compiled into the 2605kernel or must reside on the root partition. 2606.It Va keybell 2607.Pq Vt str 2608The keyboard bell sound. 2609Set to 2610.Dq Li normal , 2611.Dq Li visual , 2612.Dq Li off , 2613or 2614.Dq Li NO 2615if the default behavior is desired. 2616For details, refer to the 2617.Xr kbdcontrol 1 2618manpage. 2619.It Va keyboard 2620.Pq Vt str 2621If set to a non-null string, the virtual console's keyboard input is 2622set to this device. 2623.It Va keymap 2624.Pq Vt str 2625If set to 2626.Dq Li NO , 2627no keymap is installed, otherwise the value is used to install 2628the keymap file in 2629.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 2630.It Va keyrate 2631.Pq Vt str 2632The keyboard repeat speed. 2633Set to 2634.Dq Li slow , 2635.Dq Li normal , 2636.Dq Li fast , 2637or 2638.Dq Li NO 2639if the default behavior is desired. 2640.It Va keychange 2641.Pq Vt str 2642If not set to 2643.Dq Li NO , 2644attempt to program the function keys with the value. 2645The value should 2646be a single string of the form: 2647.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 2648.It Va cursor 2649.Pq Vt str 2650Can be set to the value of 2651.Dq Li normal , 2652.Dq Li blink , 2653.Dq Li destructive , 2654or 2655.Dq Li NO 2656to set the cursor behavior explicitly or choose the default behavior. 2657.It Va scrnmap 2658.Pq Vt str 2659If set to 2660.Dq Li NO , 2661no screen map is installed, otherwise the value is used to install 2662the screen map file in 2663.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 2664.It Va font8x16 2665.Pq Vt str 2666If set to 2667.Dq Li NO , 2668the default 8x16 font value is used for screen size requests, otherwise 2669the value in 2670.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2671is used. 2672.It Va font8x14 2673.Pq Vt str 2674If set to 2675.Dq Li NO , 2676the default 8x14 font value is used for screen size requests, otherwise 2677the value in 2678.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2679is used. 2680.It Va font8x8 2681.Pq Vt str 2682If set to 2683.Dq Li NO , 2684the default 8x8 font value is used for screen size requests, otherwise 2685the value in 2686.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 2687is used. 2688.It Va blanktime 2689.Pq Vt int 2690If set to 2691.Dq Li NO , 2692the default screen blanking interval is used, otherwise it is set 2693to 2694.Ar value 2695seconds. 2696.It Va saver 2697.Pq Vt str 2698If not set to 2699.Dq Li NO , 2700this is the actual screen saver to use 2701.Li ( blank , snake , daemon , 2702etc). 2703.It Va moused_nondefault_enable 2704.Pq Vt str 2705If set to 2706.Dq Li NO , 2707the mouse device specified on 2708the command line is not automatically treated as enabled by the 2709.Pa /etc/rc.d/moused 2710script. 2711Having this variable set to 2712.Dq Li YES 2713allows a 2714.Xr usb 4 2715mouse, 2716for example, 2717to be enabled as soon as it is plugged in. 2718.It Va moused_enable 2719.Pq Vt str 2720If set to 2721.Dq Li YES , 2722the 2723.Xr moused 8 2724daemon is started for doing cut/paste selection on the console. 2725.It Va moused_type 2726.Pq Vt str 2727This is the protocol type of the mouse connected to this host. 2728This variable must be set if 2729.Va moused_enable 2730is set to 2731.Dq Li YES . 2732The 2733.Xr moused 8 2734daemon 2735is able to detect the appropriate mouse type automatically in many cases. 2736Set this variable to 2737.Dq Li auto 2738to let the daemon detect it, or 2739select one from the following list if the automatic detection fails. 2740.Pp 2741If the mouse is attached to the PS/2 mouse port, choose 2742.Dq Li auto 2743or 2744.Dq Li ps/2 , 2745regardless of the brand and model of the mouse. 2746Likewise, if the 2747mouse is attached to the bus mouse port, choose 2748.Dq Li auto 2749or 2750.Dq Li busmouse . 2751All other protocols are for serial mice and will not work with 2752the PS/2 and bus mice. 2753If this is a USB mouse, 2754.Dq Li auto 2755is the only protocol type which will work. 2756.Pp 2757.Bl -tag -width ".Li x10mouseremote" -compact 2758.It Li microsoft 2759Microsoft mouse (serial) 2760.It Li intellimouse 2761Microsoft IntelliMouse (serial) 2762.It Li mousesystems 2763Mouse systems Corp.\& mouse (serial) 2764.It Li mmseries 2765MM Series mouse (serial) 2766.It Li logitech 2767Logitech mouse (serial) 2768.It Li busmouse 2769A bus mouse 2770.It Li mouseman 2771Logitech MouseMan and TrackMan (serial) 2772.It Li glidepoint 2773ALPS GlidePoint (serial) 2774.It Li thinkingmouse 2775Kensington ThinkingMouse (serial) 2776.It Li ps/2 2777PS/2 mouse 2778.It Li mmhittab 2779MM HitTablet (serial) 2780.It Li x10mouseremote 2781X10 MouseRemote (serial) 2782.It Li versapad 2783Interlink VersaPad (serial) 2784.El 2785.Pp 2786Even if the mouse is not in the above list, it may be compatible 2787with one in the list. 2788Refer to the manual page for 2789.Xr moused 8 2790for compatibility information. 2791.Pp 2792It should also be noted that while this is enabled, any 2793other client of the mouse (such as an X server) should access 2794the mouse through the virtual mouse device, 2795.Pa /dev/sysmouse , 2796and configure it as a 2797.Dq Li sysmouse 2798type mouse, since all 2799mouse data is converted to this single canonical format when 2800using 2801.Xr moused 8 . 2802If the client program does not support the 2803.Dq Li sysmouse 2804type, 2805specify the 2806.Dq Li mousesystems 2807type. 2808It is the second preferred type. 2809.It Va moused_port 2810.Pq Vt str 2811If 2812.Va moused_enable 2813is set to 2814.Dq Li YES , 2815this is the actual port the mouse is on. 2816It might be 2817.Pa /dev/cuad0 2818for a COM1 serial mouse, 2819.Pa /dev/psm0 2820for a PS/2 mouse or 2821.Pa /dev/mse0 2822for a bus mouse, for example. 2823.It Va moused_flags 2824.Pq Vt str 2825If 2826.Va moused_flags 2827is set, its value is used as an additional set of flags to pass to the 2828.Xr moused 8 2829daemon. 2830.It Va "moused_" Ns Ar XXX Ns Va "_flags" 2831When 2832.Va moused_nondefault_enable 2833is enabled, and a 2834.Xr moused 8 2835daemon is started for a non-default port, the 2836.Va "moused_" Ns Ar XXX Ns Va "_flags" 2837set of options has precedence over and replaces the default 2838.Va moused_flags (where 2839.Ar XXX 2840is the name of the non-default port, i.e.\& 2841.Ar ums0 ) . 2842By setting 2843.Va "moused_" Ns Ar XXX Ns Va "_flags" 2844it is possible to set up a different set of default flags for each 2845.Xr moused 8 2846instance. 2847For example, you can use 2848.Dq Li "-3" 2849for the default 2850.Va moused_flags 2851to make your laptop's touchpad more comfortable to use, 2852but an empty set of options for 2853.Va moused_ums0_flags 2854when your 2855.Xr usb 4 2856mouse has three or more buttons. 2857.It Va mousechar_start 2858.Pq Vt int 2859If set to 2860.Dq Li NO , 2861the default mouse cursor character range 2862.Li 0xd0 Ns - Ns Li 0xd3 2863is used, 2864otherwise the range start is set 2865to 2866.Ar value 2867character, see 2868.Xr vidcontrol 1 . 2869Use if the default range is occupied in the language code table. 2870.It Va allscreens_flags 2871.Pq Vt str 2872If set, 2873.Xr vidcontrol 1 2874is run with these options for each of the virtual terminals 2875.Pq Pa /dev/ttyv* . 2876For example, 2877.Dq Fl m Cm on 2878will enable the mouse pointer on all virtual terminals 2879if 2880.Va moused_enable 2881is set to 2882.Dq Li YES . 2883.It Va allscreens_kbdflags 2884.Pq Vt str 2885If set, 2886.Xr kbdcontrol 1 2887is run with these options for each of the virtual terminals 2888.Pq Pa /dev/ttyv* . 2889For example, 2890.Dq Fl h Li 200 2891will set the 2892.Xr syscons 4 2893scrollback (history) buffer to 200 lines. 2894.It Va cron_enable 2895.Pq Vt bool 2896If set to 2897.Dq Li YES , 2898run the 2899.Xr cron 8 2900daemon at system boot time. 2901.It Va cron_program 2902.Pq Vt str 2903Path to 2904.Xr cron 8 2905(default 2906.Pa /usr/sbin/cron ) . 2907.It Va cron_flags 2908.Pq Vt str 2909If 2910.Va cron_enable 2911is set to 2912.Dq Li YES , 2913these are the flags to pass to 2914.Xr cron 8 . 2915.It Va cron_dst 2916.Pq Vt bool 2917If set to 2918.Dq Li YES , 2919enable the special handling of transitions to and from the 2920Daylight Saving Time in 2921.Xr cron 8 2922(equivalent to using the flag 2923.Fl s ) . 2924.It Va lpd_program 2925.Pq Vt str 2926Path to 2927.Xr lpd 8 2928(default 2929.Pa /usr/sbin/lpd ) . 2930.It Va lpd_enable 2931.Pq Vt bool 2932If set to 2933.Dq Li YES , 2934run the 2935.Xr lpd 8 2936daemon at system boot time. 2937.It Va lpd_flags 2938.Pq Vt str 2939If 2940.Va lpd_enable 2941is set to 2942.Dq Li YES , 2943these are the flags to pass to the 2944.Xr lpd 8 2945daemon. 2946.It Va chkprintcap_enable 2947.Pq Vt bool 2948If set to 2949.Dq Li YES , 2950run the 2951.Xr chkprintcap 8 2952command before starting the 2953.Xr lpd 8 2954daemon. 2955.It Va chkprintcap_flags 2956.Pq Vt str 2957If 2958.Va lpd_enable 2959and 2960.Va chkprintcap_enable 2961are set to 2962.Dq Li YES , 2963these are the flags to pass to the 2964.Xr chkprintcap 8 2965program. 2966The default is 2967.Dq Li -d , 2968which causes missing directories to be created. 2969.It Va mta_start_script 2970.Pq Vt str 2971This variable specifies the full path to the script to run to start 2972a mail transfer agent. 2973The default is 2974.Pa /etc/rc.sendmail . 2975The 2976.Va sendmail_* 2977variables which 2978.Pa /etc/rc.sendmail 2979uses are documented in the 2980.Xr rc.sendmail 8 2981manual page. 2982.It Va dumpdev 2983.Pq Vt str 2984Indicates the device (usually a swap partition) to which a crash dump 2985should be written in the event of a system crash. 2986If the value of this variable is 2987.Dq Li AUTO , 2988the first suitable swap device listed in 2989.Pa /etc/fstab 2990will be used as dump device. 2991Otherwise, the value of this variable is passed as the argument to 2992.Xr dumpon 8 . 2993To disable crash dumps, set this variable to 2994.Dq Li NO . 2995.It Va dumpdir 2996.Pq Vt str 2997When the system reboots after a crash and a crash dump is found on the 2998device specified by the 2999.Va dumpdev 3000variable, 3001.Xr savecore 8 3002will save that crash dump and a copy of the kernel to the directory 3003specified by the 3004.Va dumpdir 3005variable. 3006The default value is 3007.Pa /var/crash . 3008Set to 3009.Dq Li NO 3010to not run 3011.Xr savecore 8 3012at boot time when 3013.Va dumpdir 3014is set. 3015.It Va savecore_flags 3016.Pq Vt str 3017If crash dumps are enabled, these are the flags to pass to the 3018.Xr savecore 8 3019utility. 3020.It Va quota_enable 3021.Pq Vt bool 3022Set to 3023.Dq Li YES 3024to turn on user and group disk quotas on system startup via the 3025.Xr quotaon 8 3026command for all file systems marked as having quotas enabled in 3027.Pa /etc/fstab . 3028The kernel must be built with 3029.Cd "options QUOTA" 3030for disk quotas to function. 3031.It Va check_quotas 3032.Pq Vt bool 3033Set to 3034.Dq Li YES 3035to enable user and group disk quota checking via the 3036.Xr quotacheck 8 3037command. 3038.It Va quotacheck_flags 3039.Pq Vt str 3040If 3041.Va quota_enable 3042is set to 3043.Dq Li YES , 3044and 3045.Va check_quotas 3046is set to 3047.Dq Li YES , 3048these are the flags to pass to the 3049.Xr quotacheck 8 3050utility. 3051The default is 3052.Dq Li "-a" , 3053which checks quotas for all file systems with quotas enabled in 3054.Pa /etc/fstab . 3055.It Va quotaon_flags 3056.Pq Vt str 3057If 3058.Va quota_enable 3059is set to 3060.Dq Li YES , 3061these are the flags to pass to the 3062.Xr quotaon 8 3063utility. 3064The default is 3065.Dq Li "-a" , 3066which enables quotas for all file systems with quotas enabled in 3067.Pa /etc/fstab . 3068.It Va quotaoff_flags 3069.Pq Vt str 3070If 3071.Va quota_enable 3072is set to 3073.Dq Li YES , 3074these are the flags to pass to the 3075.Xr quotaoff 8 3076utility when shutting down the quota system. 3077The default is 3078.Dq Li "-a" , 3079which disables quotas for all file systems with quotas enabled in 3080.Pa /etc/fstab . 3081.It Va accounting_enable 3082.Pq Vt bool 3083Set to 3084.Dq Li YES 3085to enable system accounting through the 3086.Xr accton 8 3087facility. 3088.It Va ibcs2_enable 3089.Pq Vt bool 3090Set to 3091.Dq Li YES 3092to enable iBCS2 (SCO) binary emulation at system initial boot 3093time. 3094.It Va ibcs2_loaders 3095.Pq Vt str 3096If not set to 3097.Dq Li NO 3098and if 3099.Va ibcs2_enable 3100is set to 3101.Dq Li YES , 3102this specifies a list of additional iBCS2 loaders to enable. 3103.It Va linux_enable 3104.Pq Vt bool 3105Set to 3106.Dq Li YES 3107to enable Linux/ELF binary emulation at system initial 3108boot time. 3109.It Va svr4_enable 3110.Pq Vt bool 3111If set to 3112.Dq Li YES , 3113enable SysVR4 emulation at boot time. 3114.It Va sysvipc_enable 3115.Pq Vt bool 3116If set to 3117.Dq Li YES , 3118load System V IPC primitives at boot time. 3119.It Va clear_tmp_enable 3120.Pq Vt bool 3121Set to 3122.Dq Li YES 3123to have 3124.Pa /tmp 3125cleaned at startup. 3126.It Va clear_tmp_X 3127.Pq Vt bool 3128Set to 3129.Dq Li NO 3130to disable removing of X11 lock files, 3131and the removal and (secure) recreation 3132of the various socket directories for X11 3133related programs. 3134.It Va ldconfig_paths 3135.Pq Vt str 3136Set to the list of shared library paths to use with 3137.Xr ldconfig 8 . 3138NOTE: 3139.Pa /usr/lib 3140will always be added first, so it need not appear in this list. 3141.It Va ldconfig32_paths 3142.Pq Vt str 3143Set to the list of 32-bit compatibility shared library paths to 3144use with 3145.Xr ldconfig 8 . 3146.It Va ldconfig_paths_aout 3147.Pq Vt str 3148Set to the list of shared library paths to use with 3149.Xr ldconfig 8 3150legacy 3151.Xr a.out 5 3152support. 3153.It Va ldconfig_insecure 3154.Pq Vt bool 3155The 3156.Xr ldconfig 8 3157utility normally refuses to use directories 3158which are writable by anyone except root. 3159Set this variable to 3160.Dq Li YES 3161to disable that security check during system startup. 3162.It Va ldconfig_local_dirs 3163.Pq Vt str 3164Set to the list of local 3165.Xr ldconfig 8 3166directories. 3167The names of all files in the directories listed will be 3168passed as arguments to 3169.Xr ldconfig 8 . 3170.It Va ldconfig_local32_dirs 3171.Pq Vt str 3172Set to the list of local 32-bit compatibility 3173.Xr ldconfig 8 3174directories. 3175The names of all files in the directories listed will be 3176passed as arguments to 3177.Dq Nm ldconfig Fl 32 . 3178.It Va kern_securelevel_enable 3179.Pq Vt bool 3180Set to 3181.Dq Li YES 3182to set the kernel security level at system startup. 3183.It Va kern_securelevel 3184.Pq Vt int 3185The kernel security level to set at startup. 3186The allowed range of 3187.Ar value 3188ranges from \-1 (the compile time default) to 3 (the 3189most secure). 3190See 3191.Xr security 7 3192for the list of possible security levels and their effect 3193on system operation. 3194.It Va sshd_program 3195.Pq Vt str 3196Path to the SSH server program 3197.Pa ( /usr/sbin/sshd 3198is the default). 3199.It Va sshd_enable 3200.Pq Vt bool 3201Set to 3202.Dq Li YES 3203to start 3204.Xr sshd 8 3205at system boot time. 3206.It Va sshd_flags 3207.Pq Vt str 3208If 3209.Va sshd_enable 3210is set to 3211.Dq Li YES , 3212these are the flags to pass to the 3213.Xr sshd 8 3214daemon. 3215.It Va ftpd_program 3216.Pq Vt str 3217Path to the FTP server program 3218.Pa ( /usr/libexec/ftpd 3219is the default). 3220.It Va ftpd_enable 3221.Pq Vt bool 3222Set to 3223.Dq Li YES 3224to start 3225.Xr ftpd 8 3226as a stand-alone daemon at system boot time. 3227.It Va ftpd_flags 3228.Pq Vt str 3229If 3230.Va ftpd_enable 3231is set to 3232.Dq Li YES , 3233these are the additional flags to pass to the 3234.Xr ftpd 8 3235daemon. 3236.It Va watchdogd_enable 3237.Pq Vt bool 3238If set to 3239.Dq Li YES , 3240start the 3241.Xr watchdogd 8 3242daemon at boot time. 3243This requires that the kernel have been compiled with a 3244.Xr watchdog 4 3245compatible device. 3246.It Va watchdogd_flags 3247.Pq Vt str 3248If 3249.Va watchdogd_enable 3250is set to 3251.Dq Li YES , 3252these are the flags passed to the 3253.Xr watchdogd 8 3254daemon. 3255.It Va performance_cx_lowest 3256.Pq Vt str 3257CPU idle state to use while on AC power. 3258The string 3259.Dq Li LOW 3260indicates that 3261.Xr acpi 4 3262should use the lowest power state available while 3263.Dq Li HIGH 3264indicates that the lowest latency state (less power savings) should be used. 3265.It Va performance_cpu_freq 3266.Pq Vt str 3267CPU clock frequency to use while on AC power. 3268The string 3269.Dq Li LOW 3270indicates that 3271.Xr cpufreq 4 3272should use the lowest frequency available while 3273.Dq Li HIGH 3274indicates that the highest frequency (less power savings) should be used. 3275.It Va economy_cx_lowest 3276.Pq Vt str 3277CPU idle state to use when off AC power. 3278The string 3279.Dq Li LOW 3280indicates that 3281.Xr acpi 4 3282should use the lowest power state available while 3283.Dq Li HIGH 3284indicates that the lowest latency state (less power savings) should be used. 3285.It Va economy_cpu_freq 3286.Pq Vt str 3287CPU clock frequency to use when off AC power. 3288The string 3289.Dq Li LOW 3290indicates that 3291.Xr cpufreq 4 3292should use the lowest frequency available while 3293.Dq Li HIGH 3294indicates that the highest frequency (less power savings) should be used. 3295.It Va jail_enable 3296.Pq Vt bool 3297If set to 3298.Dq Li NO , 3299any configured jails will not be started. 3300.It Va jail_list 3301.Pq Vt str 3302A space separated list of names for jails. 3303This is purely a configuration aid to help identify and 3304configure multiple jails. 3305The names specified in this list will be used to 3306identify settings common to an instance of a jail. 3307Assuming that the jail in question was named 3308.Li vjail , 3309you would have the following dependent variables: 3310.Bd -literal 3311jail_vjail_hostname="jail.example.com" 3312jail_vjail_ip="192.0.2.100" 3313jail_vjail_rootdir="/var/jails/vjail/root" 3314.Ed 3315.Pp 3316.It Va jail_flags 3317.Pq Vt str 3318Unset by default. 3319When set, use as default value for 3320.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3321for every jail in 3322.Va jail_list . 3323.It Va jail_interface 3324.Pq Vt str 3325Unset by default. 3326When set, use as default value for 3327.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3328for every jail in 3329.Va jail_list . 3330.It Va jail_fstab 3331.Pq Vt str 3332Unset by default. 3333When set, use as default value for 3334.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3335for every jail in 3336.Va jail_list . 3337.It Va jail_mount_enable 3338.Pq Vt bool 3339Set to 3340.Dq Li NO 3341by default. 3342When set to 3343.Dq Li YES , 3344sets 3345.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3346to 3347.Dq Li YES 3348by default for every jail in 3349.Va jail_list . 3350.It Va jail_devfs_ruleset 3351.Pq Vt str 3352Unset by default. 3353When set, sets 3354.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3355to given value for every jail in 3356.Va jail_list . 3357.It Va jail_devfs_enable 3358.Pq Vt bool 3359Set to 3360.Dq Li NO 3361by default. 3362When set to 3363.Dq Li YES , 3364sets 3365.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3366to 3367.Dq Li YES 3368by default for every jail in 3369.Va jail_list . 3370.It Va jail_fdescfs_enable 3371.Pq Vt bool 3372Set to 3373.Dq Li NO 3374by default. 3375When set to 3376.Dq Li YES , 3377sets 3378.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3379to 3380.Dq Li YES 3381by default for every jail in 3382.Va jail_list . 3383.It Va jail_procfs_enable 3384.Pq Vt bool 3385Set to 3386.Dq Li NO 3387by default. 3388When set to 3389.Dq Li YES , 3390sets 3391.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3392to 3393.Dq Li YES 3394by default for every jail in 3395.Va jail_list . 3396.It Va jail_exec_start 3397.Pq Vt str 3398Unset by default. 3399When set, use as default value for 3400.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3401for every jail in 3402.Va jail_list . 3403.It Va jail_exec_afterstart Ns Aq Ar N 3404.Pq Vt str 3405Unset by default. 3406When set, use as default value for 3407.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3408for every jail in 3409.Va jail_list . 3410.It Va jail_exec_stop 3411Unset by default. 3412When set, use as default value for 3413.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3414for every jail in 3415.Va jail_list . 3416.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3417.Pq Vt str 3418Unset by default. 3419Set to the root directory used by jail 3420.Va jname . 3421.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3422.Pq Vt str 3423Unset by default. 3424Set to the fully qualified domain name (FQDN) assigned to jail 3425.Va jname . 3426.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3427.Pq Vt str 3428Unset by default. 3429Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 3430The argument can be a sole address or a comma separated list of addresses. 3431Additionally each address can be prefixed by the name of an interface 3432followed by a pipe to overwrite 3433.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3434or 3435.Va jail_interface 3436and/or suffixed by a netmask, prefixlen or prefix. 3437In case no netmask, prefixlen or prefix is given, 3438.Sq /32 3439will be used for IPv4 and 3440.Sq /128 3441will be used for an IPv6 address. 3442If no address is given for the jail then the jail will be started with 3443no networking support. 3444.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3445.Pq Vt str 3446Unset by default. 3447Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 3448The sequence starts with 3449.Dq Li _multi0 3450and the numbers have to be strictly ascending. 3451These entries follow the same syntax as their primary 3452.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3453entry. 3454The order of the entries can be important as the first address for 3455each address family found will be the primary address of the jail. 3456See 3457.Va ip-addresses 3458option in 3459.Xr jail 8 3460for more details. 3461.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3462.Pq Vt str 3463Set to 3464.Dq Li -l -U root 3465by default. 3466These are flags to pass to 3467.Xr jail . 3468.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3469.Pq Vt str 3470Unset by default. 3471When set, sets the interface to use when setting IP address alias. 3472Note that the alias is created at jail startup and removed at jail shutdown. 3473.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3474.Pq Vt str 3475Unset by default. 3476When set, the jail is started with the specified forwarding table (sometimes 3477referred to as a routing table) via 3478.Xr setfib 1 . 3479.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3480.Pq Vt str 3481Set to 3482.Pa /etc/fstab. Ns Aq Ar jname 3483by default. 3484This is the file system information file to use for jail 3485.Va jname . 3486.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3487.Pq Vt bool 3488Set to 3489.Dq Li NO 3490by default. 3491When set to 3492.Dq Li YES , 3493mount all file systems from 3494.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3495at jail startup. 3496.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3497.Pq Vt str 3498Unset by default. 3499When set, defines the device file system ruleset file to use for jail 3500.Va jname . 3501.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3502.Pq Vt bool 3503Set to 3504.Dq Li NO 3505by default. 3506When set to 3507.Dq Li YES , 3508mount the device file system inside jail 3509.Ar jname 3510at jail startup. 3511.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3512.Pq Vt bool 3513Set to 3514.Dq Li NO 3515by default. 3516When set to 3517.Dq Li YES , 3518mount the file-descriptor file system inside jail 3519.Ar jname 3520at jail startup. 3521.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3522.Pq Vt bool 3523Set to 3524.Dq Li NO 3525by default. 3526When set to 3527.Dq Li YES , 3528mount the process file system inside jail 3529.Ar jname 3530at jail startup. 3531.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3532.Pq Vt str 3533Set to 3534.Dq Li /bin/sh /etc/rc 3535by default. 3536This is the command executed at jail startup. 3537.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3538.Pq Vt str 3539Unset by default. 3540This is the command run as 3541.Ar N Ns 3542th command 3543after jail startup, where 3544.Ar N 3545is 1, 2, and so on. 3546.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3547.Pq Vt str 3548Set to 3549.Dq Li /bin/sh /etc/rc.shutdown 3550by default. 3551This is the command executed at jail shutdown. 3552.It Va jail_set_hostname_allow 3553.Pq Vt bool 3554If set to 3555.Dq Li NO , 3556do not allow the root user in a jail to set its hostname. 3557.It Va jail_socket_unixiproute_only 3558.Pq Vt bool 3559If set to 3560.Dq Li YES , 3561do not allow any sockets, 3562besides UNIX/IP/route sockets, 3563to be used within a jail. 3564.It Va jail_sysvipc_allow 3565.Pq Vt bool 3566If set to 3567.Dq Li YES , 3568allow applications within a jail to use System V IPC. 3569.\" ----------------------------------------------------- 3570.It Va harvest_interrupt 3571.Pq Vt bool 3572Set to 3573.Dq Li YES 3574to use hardware interrupts as an entropy source. 3575Refer to 3576.Xr random 4 3577for more information. 3578.It Va harvest_ethernet 3579.Pq Vt bool 3580Set to 3581.Dq Li YES 3582to use LAN traffic as an entropy source. 3583Refer to 3584.Xr random 4 3585for more information. 3586.It Va harvest_p_to_p 3587.Pq Vt bool 3588Set to 3589.Dq Li YES 3590to use serial line traffic as an entropy source. 3591Refer to 3592.Xr random 4 3593for more information. 3594.It Va entropy_dir 3595.Pq Vt str 3596Set to 3597.Dq Li NO 3598to disable caching entropy via 3599.Xr cron 8 . 3600Otherwise set to the directory used to store entropy files in. 3601.It Va entropy_file 3602.Pq Vt str 3603Set to 3604.Dq Li NO 3605to disable caching entropy through reboots. 3606Otherwise set to the filename used to store cached entropy through 3607reboots. 3608This file should be located on the root file system to seed the 3609.Xr random 4 3610device as early as possible in the boot process. 3611.It Va entropy_save_sz 3612.Pq Vt int 3613Size of the entropy cache files saved by 3614.Nm save-entropy 3615periodically. 3616.It Va entropy_save_num 3617.Pq Vt int 3618Number of entropy cache files to save by 3619.Nm save-entropy 3620periodically. 3621.It Va ipsec_enable 3622.Pq Vt bool 3623Set to 3624.Dq Li YES 3625to run 3626.Xr setkey 8 3627on 3628.Va ipsec_file 3629at boot time. 3630.It Va ipsec_file 3631.Pq Vt str 3632Configuration file for 3633.Xr setkey 8 . 3634.It Va dmesg_enable 3635.Pq Vt bool 3636Set to 3637.Dq Li YES 3638to save 3639.Xr dmesg 8 3640to 3641.Pa /var/run/dmesg.boot 3642on boot. 3643.It Va rcshutdown_timeout 3644.Pq Vt int 3645If set, start a watchdog timer in the background which will terminate 3646.Pa rc.shutdown 3647if 3648.Xr shutdown 8 3649has not completed within the specified time (in seconds). 3650Notice that in addition to this soft timeout, 3651.Xr init 8 3652also applies a hard timeout for the execution of 3653.Pa rc.shutdown . 3654This is configured via 3655.Xr sysctl 8 3656variable 3657.Va kern.init_shutdown_timeout 3658and defaults to 120 seconds. 3659Setting the value of 3660.Va rcshutdown_timeout 3661to more than 120 seconds will have no effect until the 3662.Xr sysctl 8 3663variable 3664.Va kern.init_shutdown_timeout 3665is also increased. 3666.It Va virecover_enable 3667.Pq Vt bool 3668Set to 3669.Dq Li NO 3670to prevent the system from trying to 3671recover pre-maturely terminated 3672.Xr vi 1 3673sessions. 3674.It Va ugidfw_enable 3675.Pq Vt bool 3676Set to 3677.Dq Li YES 3678to load the 3679.Xr mac_bsdextended 4 3680module upon system initialization and load a default 3681ruleset file. 3682.It Va bsdextended_script 3683.Pq Vt str 3684The default 3685.Xr mac_bsdextended 4 3686ruleset file to load. 3687The default value of this variable is 3688.Pa /etc/rc.bsdextended . 3689.It Va newsyslog_enable 3690.Pq Vt bool 3691If set to 3692.Dq Li YES , 3693run 3694.Xr newsyslog 8 3695command at startup. 3696.It Va newsyslog_flags 3697.Pq Vt str 3698If 3699.Va newsyslog_enable 3700is set to 3701.Dq Li YES , 3702these are the flags to pass to the 3703.Xr newsyslog 8 3704program. 3705The default is 3706.Dq Li -CN , 3707which causes log files flagged with a 3708.Cm C 3709to be created. 3710.It Va mdconfig_md Ns Aq Ar X 3711.Pq Vt str 3712Arguments to 3713.Xr mdconfig 8 3714for 3715.Xr md 4 3716device 3717.Ar X . 3718At minimum a 3719.Fl t Ar type 3720must be specified and either a 3721.Fl s Ar size 3722for malloc or swap backed 3723.Xr md 4 3724devices or a 3725.Fl f Ar file 3726for vnode backed 3727.Xr md 4 3728devices. 3729Note that 3730.Va mdconfig_md Ns Aq Ar X 3731variables are evaluated until one variable is unset or null. 3732.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 3733.Pq Vt str 3734Optional arguments passed to 3735.Xr newfs 8 3736to initialize 3737.Xr md 4 3738device 3739.Ar X . 3740.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 3741.Pq Vt str 3742An ownership specification passed to 3743.Xr chown 8 3744after the specified 3745.Xr md 4 3746device 3747.Ar X 3748has been mounted. 3749Both the 3750.Xr md 4 3751device and the mount point will be changed. 3752.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 3753.Pq Vt str 3754A mode string passed to 3755.Xr chmod 1 3756after the specified 3757.Xr md 4 3758device 3759.Ar X 3760has been mounted. 3761Both the 3762.Xr md 4 3763device and the mount point will be changed. 3764.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 3765.Pq Vt str 3766Files to be copied to the mount point of the 3767.Xr md 4 3768device 3769.Ar X 3770after it has been mounted. 3771.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 3772.Pq Vt str 3773Command to execute after the specified 3774.Xr md 4 3775device 3776.Ar X 3777has been mounted. 3778Note that the command is passed to 3779.Ic eval 3780and that both 3781.Va _dev 3782and 3783.Va _mp 3784variables can be used to reference respectively the 3785.Xr md 4 3786device and the mount point. 3787Assuming that the 3788.Xr md 4 3789device is 3790.Li md0 , 3791one could set the following: 3792.Bd -literal 3793mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 3794.Ed 3795.It Va ramdisk_units 3796.Pq Vt str 3797A list of one or more ramdisk units to configure with 3798.Xr mdconfig 8 3799and 3800.Xr newfs 8 3801in time to be mounted from 3802.Xr fstab 5 . 3803Each listed unit 3804.Ar X 3805must specify at least a 3806.Ar type 3807in a 3808.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3809variable. 3810Note that this way to configure ramdisks has been deprecated 3811in favor of new 3812.Va mdconfig_md* 3813variables (see above). 3814.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config 3815.Pq Vt str 3816Arguments to 3817.Xr mdconfig 8 3818for ramdisk 3819.Ar X . 3820At minimum a 3821.Fl t Ar type 3822must be specified, where 3823.Ar type 3824must be one of 3825.Cm malloc 3826or 3827.Cm swap . 3828.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs 3829.Pq Vt str 3830Optional arguments passed to 3831.Xr newfs 8 3832to initialize ramdisk 3833.Ar X . 3834.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner 3835.Pq Vt str 3836An ownership specification passed to 3837.Xr chown 8 3838after the specified ramdisk unit 3839.Ar X 3840has been mounted. 3841Both the 3842.Xr md 4 3843device and the mount point will be changed. 3844.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms 3845.Pq Vt str 3846A mode string passed to 3847.Xr chmod 1 3848after the specified ramdisk unit 3849.Ar X 3850has been mounted. 3851Both the 3852.Xr md 4 3853device and the mount point will be changed. 3854.It Va autobridge_interfaces 3855.Pq Vt str 3856Set to the list of bridge interfaces that will have newly arriving interfaces 3857checked against to be automatically added. 3858If not set to 3859.Dq Li NO 3860then for each whitespace separated 3861.Ar element 3862in the value, a 3863.Va autobridge_ Ns Aq Ar element 3864variable is assumed to exist which has a whitespace separated list of interface 3865names to match, these names can use wildcards. 3866For example: 3867.Bd -literal 3868autobridge_interfaces="bridge0" 3869autobridge_bridge0="tap* dc0 vlan[345]" 3870.Ed 3871.It Va mixer_enable 3872.Pq Vt bool 3873If set to 3874.Dq Li YES , 3875enable support for sound mixer. 3876.It Va hcsecd_enable 3877.Pq Vt bool 3878If set to 3879.Dq Li YES , 3880enable Bluetooth security daemon. 3881.It Va hcsecd_config 3882.Pq Vt str 3883Configuration file for 3884.Xr hcsecd 8 . 3885Default 3886.Pa /etc/bluetooth/hcsecd.conf . 3887.It Va sdpd_enable 3888.Pq Vt bool 3889If set to 3890.Dq Li YES , 3891enable Bluetooth Service Discovery Protocol daemon. 3892.It Va sdpd_control 3893.Pq Vt str 3894Path to 3895.Xr sdpd 8 3896control socket. 3897Default 3898.Pa /var/run/sdp . 3899.It Va sdpd_groupname 3900.Pq Vt str 3901Sets 3902.Xr sdpd 8 3903group to run as after it initializes. 3904Default 3905.Dq Li nobody . 3906.It Va sdpd_username 3907.Pq Vt str 3908Sets 3909.Xr sdpd 8 3910user to run as after it initializes. 3911Default 3912.Dq Li nobody . 3913.It Va bthidd_enable 3914.Pq Vt bool 3915If set to 3916.Dq Li YES , 3917enable Bluetooth Human Interface Device daemon. 3918.It Va bthidd_config 3919.Pq Vt str 3920Configuration file for 3921.Xr bthidd 8 . 3922Default 3923.Pa /etc/bluetooth/bthidd.conf . 3924.It Va bthidd_hids 3925.Pq Vt str 3926Path to a file, where 3927.Xr bthidd 8 3928will store information about known HID devices. 3929Default 3930.Pa /var/db/bthidd.hids . 3931.It Va rfcomm_pppd_server_enable 3932.Pq Vt bool 3933If set to 3934.Dq Li YES , 3935enable Bluetooth RFCOMM PPP wrapper daemon. 3936.It Va rfcomm_pppd_server_profile 3937.Pq Vt str 3938The name of the profile to use from 3939.Pa /etc/ppp/ppp.conf . 3940Multiple profiles can be specified here. 3941Also used to specify per-profile overrides. 3942When the profile name contains any of the characters 3943.Dq Li .-/+ 3944they are translated to 3945.Dq Li _ 3946for the proposes of the override variable names. 3947.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 3948.Pq Vt str 3949Overrides local address to listen on. 3950By default 3951.Xr rfcomm_pppd 8 3952will listen on 3953.Dq Li ANY 3954address. 3955The address can be specified as BD_ADDR or name. 3956.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 3957.Pq Vt str 3958Overrides local RFCOMM channel to listen on. 3959By default 3960.Xr rfcomm_pppd 8 3961will listen on RFCOMM channel 1. 3962Must set properly if multiple profiles used in the same time. 3963.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 3964.Pq Vt bool 3965Tells 3966.Xr rfcomm_pppd 8 3967if it should register Serial Port service on the speficied RFCOMM channel. 3968Default 3969.Dq Li NO . 3970.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 3971.Pq Vt bool 3972Tells 3973.Xr rfcomm_pppd 8 3974if it should register Dial-Up Networking service on the speficied 3975RFCOMM channel. 3976Default 3977.Dq Li NO . 3978.El 3979.Sh FILES 3980.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 3981.It Pa /etc/defaults/rc.conf 3982.It Pa /etc/rc.conf 3983.It Pa /etc/rc.conf.local 3984.El 3985.Sh SEE ALSO 3986.Xr catman 1 , 3987.Xr chmod 1 , 3988.Xr gdb 1 , 3989.Xr info 1 , 3990.Xr kbdcontrol 1 , 3991.Xr makewhatis 1 , 3992.Xr sh 1 , 3993.Xr vi 1 , 3994.Xr vidcontrol 1 , 3995.Xr bridge 4 , 3996.Xr dummynet 4 , 3997.Xr ip 4 , 3998.Xr ipf 4 , 3999.Xr ipfw 4 , 4000.Xr ipnat 4 , 4001.Xr kld 4 , 4002.Xr pf 4 , 4003.Xr pflog 4 , 4004.Xr pfsync 4 , 4005.Xr tcp 4 , 4006.Xr udp 4 , 4007.Xr exports 5 , 4008.Xr fstab 5 , 4009.Xr ipf 5 , 4010.Xr ipnat 5 , 4011.Xr motd 5 , 4012.Xr newsyslog.conf 5 , 4013.Xr pf.conf 5 , 4014.Xr security 7 , 4015.Xr accton 8 , 4016.Xr amd 8 , 4017.Xr apm 8 , 4018.Xr atm 8 , 4019.Xr bthidd 8 , 4020.Xr chkprintcap 8 , 4021.Xr chown 8 , 4022.Xr cron 8 , 4023.Xr dhclient 8 , 4024.Xr ftpd 8 , 4025.Xr geli 8 , 4026.Xr hcsecd 8 , 4027.Xr ifconfig 8 , 4028.Xr inetd 8 , 4029.Xr ipf 8 , 4030.Xr ipfw 8 , 4031.Xr ipnat 8 , 4032.Xr jail 8 , 4033.Xr kldxref 8 , 4034.Xr lpd 8 , 4035.Xr mdconfig 8 , 4036.Xr mdmfs 8 , 4037.Xr mixer 8 , 4038.Xr mountd 8 , 4039.Xr moused 8 , 4040.Xr mrouted 8 , 4041.Xr named 8 , 4042.Xr newfs 8 , 4043.Xr newsyslog 8 , 4044.Xr nfsd 8 , 4045.Xr ntpd 8 , 4046.Xr ntpdate 8 , 4047.Xr pfctl 8 , 4048.Xr pflogd 8 , 4049.Xr powerd 8 , 4050.Xr quotacheck 8 , 4051.Xr quotaon 8 , 4052.Xr rc 8 , 4053.Xr rc.sendmail 8 , 4054.Xr rfcomm_pppd 8 , 4055.Xr route 8 , 4056.Xr routed 8 , 4057.Xr rpcbind 8 , 4058.Xr rpc.lockd 8 , 4059.Xr rpc.statd 8 , 4060.Xr rwhod 8 , 4061.Xr savecore 8 , 4062.Xr sdpd 8 , 4063.Xr sshd 8 , 4064.Xr swapon 8 , 4065.Xr sysctl 8 , 4066.Xr syslogd 8 , 4067.Xr timed 8 , 4068.Xr yp 8 , 4069.Xr ypbind 8 , 4070.Xr ypserv 8 , 4071.Xr ypset 8 4072.Sh HISTORY 4073The 4074.Nm 4075file appeared in 4076.Fx 2.2.2 . 4077.Sh AUTHORS 4078.An Jordan K. Hubbard . 4079