1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd March 11, 2023 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories (where 84.Ao Ar dir Ac 85is each entry specified in 86.Va local_startup , 87but with any trailing 88.Pa /rc.d 89stripped), 90which will be included by the 91.Va load_rc_config 92function. 93For jail configurations you could use the file 94.Pa /etc/rc.conf.d/jail 95to store jail-specific configuration options. 96If 97.Va local_startup 98contains 99.Pa /usr/local/etc/rc.d 100and 101.Pa /opt/conf , 102.Pa /usr/local/etc/rc.conf.d/jail 103and 104.Pa /opt/conf/rc.conf.d/jail 105will be loaded. 106If 107.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 108is a directory, 109all of the files in the directory will be loaded. 110Also see the 111.Va rc_conf_files 112variable below. 113.Pp 114Options are set with 115.Dq Ar name Ns Li = Ns Ar value 116assignments that use 117.Xr sh 1 118syntax. 119The following list provides a name and short description for each 120variable that can be set in the 121.Nm 122file: 123.Bl -tag -width indent-two 124.It Va rc_debug 125.Pq Vt bool 126If set to 127.Dq Li YES , 128enable output of debug messages from rc scripts. 129This variable can be helpful in diagnosing mistakes when 130editing or integrating new scripts. 131Beware that this produces copious output to the terminal and 132.Xr syslog 3 . 133.It Va rc_info 134.Pq Vt bool 135If set to 136.Dq Li NO , 137disable informational messages from the rc scripts. 138Informational messages are displayed when 139a condition that is not serious enough to warrant a warning or 140an error occurs. 141.It Va rc_startmsgs 142.Pq Vt bool 143If set to 144.Dq Li YES , 145show 146.Dq Starting foo: 147when faststart is used (e.g., at boot time). 148.It Va early_late_divider 149.Pq Vt str 150The name of the script that should be used as the 151delimiter between the 152.Dq early 153and 154.Dq late 155stages of the boot process. 156The early stage should contain all the services needed to 157get the disks (local or remote) mounted so that the late 158stage can include scripts contained in the directories 159listed in the 160.Va local_startup 161variable (see below). 162Thus, the two likely candidates for this value are 163.Pa mountcritlocal 164for the typical system, and 165.Pa mountcritremote 166if the system needs remote file 167systems mounted to get access to the 168.Va local_startup 169directories; for example when 170.Pa /usr/local 171is NFS mounted. 172For 173.Pa rc.conf 174within a 175.Xr jail 8 176.Pa NETWORKING 177is likely to be an appropriate value. 178Extreme care should be taken when changing this value, 179and before changing it one should ensure that there are 180adequate provisions to recover from a failed boot 181(such as physical contact with the machine, 182or reliable remote console access). 183.It Va always_force_depends 184.Pq Vt bool 185Various 186.Pa rc.d 187scripts use the force_depend function to check whether required 188services are already running, and to start them if necessary. 189By default during boot time this check is bypassed if the 190required service is enabled in 191.Pa /etc/rc.conf[.local] . 192Setting this option will bypass that check at boot time and 193always test whether or not the service is actually running. 194Enabling this option is likely to increase your boot time if 195services are enabled that utilize the force_depend check. 196.It Ao Ar name Ac Ns Va _chroot 197.Pq Vt str 198.Xr chroot 8 199to this directory before running the service. 200.It Ao Ar name Ac Ns Va _fib 201.Pq Vt int 202The 203.Xr setfib 1 204value to run the service under. 205.It Ao Ar name Ac Ns Va _group 206.Pq Vt str 207Run the chrooted service under this system group. 208Unlike the 209.Ao Ar name Ac Ns Va _user 210setting, this setting has no effect if the service is not chrooted. 211.It Ao Ar name Ac Ns Va _limits 212.Pq Vt str 213Resource limits to apply to the service using 214.Xr limits 1 . 215By default, resource limits are based on the login class defined in 216.Ao Ar name Ac Ns Va _login_class . 217.It Ao Ar name Ac Ns Va _login_class 218.Pq Vt str 219Login class to be used with 220.Ao Ar name Ac Ns Va _limits . 221Defaults to 222.Dq Li daemon . 223.It Ao Ar name Ac Ns Va _nice 224.Pq Vt int 225The 226.Xr nice 1 227value to run the service under. 228.It Ao Ar name Ac Ns Va _oomprotect 229.Pq Vt str 230Use 231.Xr protect 1 232to prevent the service from being killed when swap space 233is exhausted. 234Use 235.Dq Li YES 236to protect only the service itself, and 237.Dq Li ALL 238to protect the service and all its child processes. 239.Pp 240Please note that rc scripts which redefine 241.Dl ${argument}_cmd 242.Pq see Xr rc.subr 8 243such as PostgreSQL will not inherit the OOM killer protection. 244.Pp 245This variable has no effect on services running within a 246.Xr jail 8 . 247.It Ao Ar name Ac Ns Va _umask 248.Pq Vt int 249Run the service using this 250.Xr umask 1 251value. 252.It Ao Ar name Ac Ns Va _user 253.Pq Vt str 254Run the service under this user account. 255.It Va apm_enable 256.Pq Vt bool 257If set to 258.Dq Li YES , 259enable support for Automatic Power Management with 260the 261.Xr apm 8 262command. 263.It Va apmd_enable 264.Pq Vt bool 265Run 266.Xr apmd 8 267to handle APM event from userland. 268This also enables support for APM. 269.It Va apmd_flags 270.Pq Vt str 271If 272.Va apmd_enable 273is set to 274.Dq Li YES , 275these are the flags to pass to the 276.Xr apmd 8 277daemon. 278.It Va devd_enable 279.Pq Vt bool 280Run 281.Xr devd 8 282to handle device added, removed or unknown events from the kernel. 283.It Va ddb_enable 284.Pq Vt bool 285Run 286.Xr ddb 8 287to install 288.Xr ddb 4 289scripts at boot time. 290.It Va ddb_config 291.Pq Vt str 292Configuration file for 293.Xr ddb 8 . 294Default 295.Pa /etc/ddb.conf . 296.It Va devmatch_enable 297.Pq Vt bool 298If set to 299.Dq Li NO , 300disable auto-loading of kernel modules with 301.Xr devmatch 8 . 302.It Va devmatch_blocklist 303.Pq Vt str 304A whitespace-separated list of kernel modules to be ignored by 305.Xr devmatch 8 . 306In addition, the 307.Xr kenv 1 308.Va devmatch_blocklist 309is appended to this variable to allow disabling of 310.Xr devmatch 8 311loaded modules from the boot loader. 312.It Va devmatch_blacklist 313.Pq Vt str 314This variable is deprecated. 315Use 316.Va devmatch_blocklist 317instead. 318A whitespace-separated list of kernel modules to be ignored by 319.Xr devmatch 8 . 320.It Va kld_list 321.Pq Vt str 322A whitespace-separated list of kernel modules to load right after 323the local disks are mounted, without any 324.Pa .ko 325extension or path. 326Loading modules at this point in the boot process is 327much faster than doing it via 328.Pa /boot/loader.conf 329for those modules not necessary for mounting local disks. 330.It Va kldxref_enable 331.Pq Vt bool 332Set to 333.Dq Li NO 334by default. 335Set to 336.Dq Li YES 337to automatically rebuild 338.Pa linker.hints 339files with 340.Xr kldxref 8 341at boot time. 342.It Va kldxref_clobber 343.Pq Vt bool 344Set to 345.Dq Li NO 346by default. 347If 348.Va kldxref_enable 349is true, 350setting to 351.Dq Li YES 352will overwrite existing 353.Pa linker.hints 354files at boot time. 355Otherwise, 356only missing 357.Pa linker.hints 358files are generated. 359.It Va kldxref_module_path 360.Pq Vt str 361Empty by default. 362A semi-colon 363.Pq Ql \&; 364delimited list of paths containing 365.Xr kld 4 366modules. 367If empty, 368the contents of the 369.Va kern.module_path 370.Xr sysctl 8 371are used. 372.It Va powerd_enable 373.Pq Vt bool 374If set to 375.Dq Li YES , 376enable the system power control facility with the 377.Xr powerd 8 378daemon. 379.It Va powerd_flags 380.Pq Vt str 381If 382.Va powerd_enable 383is set to 384.Dq Li YES , 385these are the flags to pass to the 386.Xr powerd 8 387daemon. 388.It Va tmpmfs 389Controls the creation of a 390.Pa /tmp 391memory file system. 392Always happens if set to 393.Dq Li YES 394and never happens if set to 395.Dq Li NO . 396If set to anything else, a memory file system is created if 397.Pa /tmp 398is not writable. 399.It Va tmpsize 400Controls the size of a created 401.Pa /tmp 402memory file system. 403.It Va tmpmfs_flags 404Extra options passed to the 405.Xr mdmfs 8 406utility when the memory file system for 407.Pa /tmp 408is created. 409The default is 410.Dq Li "-S" , 411which inhibits the use of softupdates on 412.Pa /tmp 413so that file system space is freed without delay 414after file truncation or deletion. 415See 416.Xr mdmfs 8 417for other options you can use in 418.Va tmpmfs_flags . 419.It Va varmfs 420Controls the creation of a 421.Pa /var 422memory file system. 423Always happens if set to 424.Dq Li YES 425and never happens if set to 426.Dq Li NO . 427If set to anything else, a memory file system is created if 428.Pa /var 429is not writable. 430.It Va varsize 431Controls the size of a created 432.Pa /var 433memory file system. 434.It Va varmfs_flags 435Extra options passed to the 436.Xr mdmfs 8 437utility when the memory file system for 438.Pa /var 439is created. 440The default is 441.Dq Li "-S" , 442which inhibits the use of softupdates on 443.Pa /var 444so that file system space is freed without delay 445after file truncation or deletion. 446See 447.Xr mdmfs 8 448for other options you can use in 449.Va varmfs_flags . 450.It Va populate_var 451Controls the automatic population of the 452.Pa /var 453file system. 454Always happens if set to 455.Dq Li YES 456and never happens if set to 457.Dq Li NO . 458If set to anything else, a memory file system is created if 459.Pa /var 460is not writable. 461Note that this process requires access to certain commands in 462.Pa /usr 463before 464.Pa /usr 465is mounted on normal systems. 466.It Va cleanvar_enable 467.Pq Vt bool 468Clean the 469.Pa /var 470directory. 471.It Va var_run_enable 472.Pq Vt bool 473Set to "YES" to enable saving of the 474.Pa /var/run 475directory structure into an mtree file at shutdown and the reload of the 476.Pa /var/run 477directory structure at boot. 478.It Va var_run_autosave 479.Pq Vt bool 480In some cases it may be undesirable to save 481.Pa /var/run 482at shutdown. 483When set to "NO" 484.Pa /var/run 485is loaded at reboot but not saved at shutdown. 486Typically in this scenario 487.Ql service var_run save 488would be performed to save a copy of the 489.Pa /var/run 490directory structure once, to be reloaded during all subsequent reboots. 491.It Va var_run_mtree 492.Pq Vt str 493Where to save the 494.Pa /var/run 495mtree. 496The default location is 497.Pa /var/db/mtree/BSD.var-run.mtree . 498.It Va local_startup 499.Pq Vt str 500List of directories to search for startup script files. 501.It Va script_name_sep 502.Pq Vt str 503The field separator to use for breaking down the list of startup script files 504into individual filenames. 505The default is a space. 506It is not necessary to change this unless there are startup scripts with names 507containing spaces. 508.It Va hostapd_enable 509.Pq Vt bool 510Set to 511.Dq Li YES 512to start 513.Xr hostapd 8 514at system boot time. 515.It Va hostname 516.Pq Vt str 517The fully qualified domain name (FQDN) of this host on the network. 518This should almost certainly be set to something meaningful, even if 519there is no network connection. 520If 521.Xr dhclient 8 522is used to set the hostname via DHCP, 523this variable should be set to an empty string. 524Within a 525.Xr jail 8 526the hostname is generally already set and this variable may be absent. 527If this value remains unset when the system is done booting 528your console login will display the default hostname of 529.Dq Amnesiac . 530.It Va nisdomainname 531.Pq Vt str 532The NIS domain name of this host, or 533.Dq Li NO 534if NIS is not used. 535.It Va hostid_enable 536.Pq Vt bool 537If set to 538.Dq Li NO , 539disable the generation or saving of the 540.Pa hostid 541and 542.Pa machine-id 543files at system boot and shutdown. 544.It Va hostid_file 545.Pq Vt str 546Path to the 547.Pa hostid 548file, default 549.Pa /etc/hostid . 550.It Va hostid_uuidgen_flags 551.Pq Vt str 552Flags passed to 553.Xr uuidgen 1 554when generating a software host UUID. 555This is used only if the system cannot determine a hardware UUID. 556Set to 557.Dq Li -r 558by default. 559.It Va machine_id_file 560.Pq Vt str 561Path to the 562.Pa machine-id 563file, default 564.Pa /etc/machine-id . 565.It Va dhclient_program 566.Pq Vt str 567Path to the DHCP client program, defaulting to 568.Pa /sbin/dhclient . 569.It Va dhclient_flags 570.Pq Vt str 571Additional flags to pass to the DHCP client program. 572See the 573.Xr dhclient 8 574manpage for a description of the command line options available. 575.It Va dhclient_flags_ Ns Aq Ar iface 576Additional flags to pass to the DHCP client program running on 577.Ar iface 578only. 579When specified, this variable overrides 580.Va dhclient_flags . 581.It Va background_dhclient 582.Pq Vt bool 583Set to 584.Dq Li YES 585to start the DHCP client in background. 586This can cause trouble with applications depending on 587a working network, but it will provide a faster startup 588in many cases. 589.It Va background_dhclient_ Ns Aq Ar iface 590When specified, this variable overrides the 591.Va background_dhclient 592variable for interface 593.Ar iface 594only. 595.It Va synchronous_dhclient 596.Pq Vt bool 597Set to 598.Dq Li YES 599to start 600.Xr dhclient 8 601synchronously at startup. 602This behavior can be overridden on a per-interface basis by replacing 603the 604.Dq Li DHCP 605keyword in the 606.Va ifconfig_ Ns Aq Ar interface 607variable with 608.Dq Li SYNCDHCP 609or 610.Dq Li NOSYNCDHCP . 611.It Va defaultroute_delay 612.Pq Vt int 613When set to a positive value, wait up to this long after configuring 614DHCP interfaces at startup to give the interfaces time to receive a lease. 615.It Va firewall_enable 616.Pq Vt bool 617Set to 618.Dq Li YES 619to load firewall rules at startup. 620If the kernel was not built with 621.Cd "options IPFIREWALL" , 622the 623.Pa ipfw.ko 624kernel module will be loaded. 625See also 626.Va ipfilter_enable . 627.It Va firewall_script 628.Pq Vt str 629This variable specifies the full path to the firewall script to run. 630The default is 631.Pa /etc/rc.firewall . 632.It Va firewall_type 633.Pq Vt str 634Names the firewall type from the selection in 635.Pa /etc/rc.firewall , 636or the file which contains the local firewall ruleset. 637Valid selections from 638.Pa /etc/rc.firewall 639are: 640.Pp 641.Bl -tag -width ".Li workstation" -compact 642.It Li open 643unrestricted IP access 644.It Li closed 645all IP services disabled, except via 646.Dq Li lo0 647.It Li client 648basic protection for a workstation 649.It Li workstation 650basic protection for a workstation using stateful firewalling 651.It Li simple 652basic protection for a LAN. 653.El 654.Pp 655If a filename is specified, the full path 656must be given. 657.Pp 658Most of the predefined rulesets define additional configuration variables. 659These are documented in 660.Pa /etc/rc.firewall . 661.It Va firewall_quiet 662.Pq Vt bool 663Set to 664.Dq Li YES 665to disable the display of firewall rules on the console during boot. 666.It Va firewall_logging 667.Pq Vt bool 668Set to 669.Dq Li YES 670to enable firewall event logging. 671This is equivalent to the 672.Dv IPFIREWALL_VERBOSE 673kernel option. 674.It Va firewall_logif 675.Pq Vt bool 676Set to 677.Dq Li YES 678to create pseudo interface 679.Li ipfw0 680for logging. 681For more details, see 682.Xr ipfw 8 683manual page. 684.It Va firewall_flags 685.Pq Vt str 686Flags passed to 687.Xr ipfw 8 688if 689.Va firewall_type 690specifies a filename. 691.It Va firewall_coscripts 692.Pq Vt str 693List of executables and/or rc scripts to run after firewall starts/stops. 694Default is empty. 695.\" ----- firewall_nat_enable setting -------------------------------- 696.It Va firewall_nat_enable 697.Pq Vt bool 698The 699.Xr ipfw 8 700equivalent of 701.Va natd_enable . 702Setting this to 703.Dq Li YES 704will automatically load the 705.Xr ipfw 8 706NAT kernel module if 707.Va firewall_enable 708is also set to 709.Dq Li YES . 710.It Va firewall_nat_interface 711.Pq Vt str 712The 713.Xr ipfw 8 714equivalent of 715.Va natd_interface . 716This is the name of the public interface or IP address on which 717kernel NAT should run. 718.It Va firewall_nat_flags 719.Pq Vt str 720Additional configuration parameters for kernel NAT should be placed here. 721.It Va firewall_nat64_enable 722.Pq Vt bool 723Setting this to 724.Dq Li YES 725will automatically load the 726.Xr ipfw 8 727NAT64 kernel module if 728.Va firewall_enable 729is also set to 730.Dq Li YES . 731.It Va firewall_nptv6_enable 732.Pq Vt bool 733Setting this to 734.Dq Li YES 735will automatically load the 736.Xr ipfw 8 737NPTv6 kernel module if 738.Va firewall_enable 739is also set to 740.Dq Li YES . 741.It Va firewall_pmod_enable 742.Pq Vt bool 743Setting this to 744.Dq Li YES 745will automatically load the 746.Xr ipfw 8 747pmod kernel module if 748.Va firewall_enable 749is also set to 750.Dq Li YES . 751.It Va dummynet_enable 752.Pq Vt bool 753Setting this to 754.Dq Li YES 755will automatically load the 756.Xr dummynet 4 757module if 758.Va firewall_enable 759is also set to 760.Dq Li YES . 761.\" ------------------------------------------------------------------- 762.It Va ipfw_netflow_enable 763.Pq Vt bool 764Setting this to 765.Dq Li YES 766will enable netflow logging via 767.Xr ng_netflow 4 . 768.Pp 769By default a ipfw rule is inserted and all packets are duplicated with 770the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 771port using protocol version 5. 772.It Va ipfw_netflow_hook 773.Pq Vt int 774netflow hook name, must be numerical 775(default 776.Pa 9995 ) . 777.It Va ipfw_netflow_rule 778.Pq Vt int 779ipfw rule number 780(default 781.Pa 1000 ) . 782.It Va ipfw_netflow_ip 783.Pq Vt str 784Destination server ip for receiving netflow data 785(default 786.Pa 127.0.0.1 ) . 787.It Va ipfw_netflow_port 788.Pq Vt int 789Destination server port for receiving netflow data 790(default 791.Pa 9995 ) . 792.It Va ipfw_netflow_version 793.Pq Vt int 794Do not set for using version 5 of the netflow protocol, set it to 9 for using 795version 9. 796.It Va ipfw_netflow_fib 797.Pq Vt int 798Only match packet in FIB 799.Pa ipfw_netflow_fib 800(default is undefined meaning all FIBs). 801.It Va natd_program 802.Pq Vt str 803Path to 804.Xr natd 8 . 805.It Va natd_enable 806.Pq Vt bool 807Set to 808.Dq Li YES 809to enable 810.Xr natd 8 . 811.Va firewall_enable 812must also be set to 813.Dq Li YES , 814and 815.Xr divert 4 816sockets must be enabled in the kernel. 817If the kernel was not built with 818.Cd "options IPDIVERT" , 819the 820.Pa ipdivert.ko 821kernel module will be loaded. 822.It Va natd_interface 823.Pq Vt str 824This is the name of the public interface on which 825.Xr natd 8 826should run. 827The interface may be given as an interface name or as an IP address. 828.It Va natd_flags 829.Pq Vt str 830Additional 831.Xr natd 8 832flags should be placed here. 833The 834.Fl n 835or 836.Fl a 837flag is automatically added with the above 838.Va natd_interface 839as an argument. 840.\" ----- ipfilter_enable setting -------------------------------- 841.It Va ipfilter_enable 842.Pq Vt bool 843Set to 844.Dq Li NO 845by default. 846Setting this to 847.Dq Li YES 848enables 849.Xr ipf 8 850packet filtering. 851.Pp 852Typical usage will require putting 853.Bd -literal 854ipfilter_enable="YES" 855ipnat_enable="YES" 856ipmon_enable="YES" 857ipfs_enable="YES" 858.Ed 859.Pp 860into 861.Pa /etc/rc.conf 862and editing 863.Pa /etc/ipf.rules 864and 865.Pa /etc/ipnat.rules 866appropriately. 867.Pp 868Note that 869.Va ipfilter_enable 870and 871.Va ipnat_enable 872can be enabled independently. 873.Va ipmon_enable 874and 875.Va ipfs_enable 876both require at least one of 877.Va ipfilter_enable 878and 879.Va ipnat_enable 880to be enabled. 881.Pp 882Having 883.Bd -literal 884options IPFILTER 885options IPFILTER_LOG 886options IPFILTER_DEFAULT_BLOCK 887.Ed 888.Pp 889in the kernel configuration file is a good idea, too. 890.\" ----- ipfilter_program setting ------------------------------ 891.It Va ipfilter_program 892.Pq Vt str 893Path to 894.Xr ipf 8 895(default 896.Pa /sbin/ipf ) . 897.\" ----- ipfilter_rules setting -------------------------------- 898.It Va ipfilter_rules 899.Pq Vt str 900Set to 901.Pa /etc/ipf.rules 902by default. 903This variable contains the name of the filter rule definition file. 904The file is expected to be readable for the 905.Xr ipf 8 906command to execute. 907.\" ----- ipfilter_flags setting -------------------------------- 908.It Va ipfilter_flags 909.Pq Vt str 910Empty by default. 911This variable contains flags passed to the 912.Xr ipf 8 913program. 914.\" ----- ipnat_enable setting ---------------------------------- 915.It Va ipnat_enable 916.Pq Vt bool 917Set to 918.Dq Li NO 919by default. 920Set it to 921.Dq Li YES 922to enable 923.Xr ipnat 8 924network address translation. 925See 926.Va ipfilter_enable 927for a detailed discussion. 928.\" ----- ipnat_program setting --------------------------------- 929.It Va ipnat_program 930.Pq Vt str 931Path to 932.Xr ipnat 8 933(default 934.Pa /sbin/ipnat ) . 935.\" ----- ipnat_rules setting ----------------------------------- 936.It Va ipnat_rules 937.Pq Vt str 938Set to 939.Pa /etc/ipnat.rules 940by default. 941This variable contains the name of the file 942holding the network address translation definition. 943This file is expected to be readable for the 944.Xr ipnat 8 945command to execute. 946.\" ----- ipnat_flags setting ----------------------------------- 947.It Va ipnat_flags 948.Pq Vt str 949Empty by default. 950This variable contains flags passed to the 951.Xr ipnat 8 952program. 953.\" ----- ipmon_enable setting ---------------------------------- 954.It Va ipmon_enable 955.Pq Vt bool 956Set to 957.Dq Li NO 958by default. 959Set it to 960.Dq Li YES 961to enable 962.Xr ipmon 8 963monitoring (logging 964.Xr ipf 8 965and 966.Xr ipnat 8 967events). 968Setting this variable needs setting 969.Va ipfilter_enable 970or 971.Va ipnat_enable 972too. 973See 974.Va ipfilter_enable 975for a detailed discussion. 976.\" ----- ipmon_program setting --------------------------------- 977.It Va ipmon_program 978.Pq Vt str 979Path to 980.Xr ipmon 8 981(default 982.Pa /sbin/ipmon ) . 983.\" ----- ipmon_flags setting ----------------------------------- 984.It Va ipmon_flags 985.Pq Vt str 986Set to 987.Dq Li -Ds 988by default. 989This variable contains flags passed to the 990.Xr ipmon 8 991program. 992Another typical example would be 993.Dq Fl D Pa /var/log/ipflog 994to have 995.Xr ipmon 8 996log directly to a file bypassing 997.Xr syslogd 8 . 998Make sure to adjust 999.Pa /etc/newsyslog.conf 1000in such case like this: 1001.Bd -literal 1002/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1003.Ed 1004.\" ----- ipfs_enable setting ----------------------------------- 1005.It Va ipfs_enable 1006.Pq Vt bool 1007Set to 1008.Dq Li NO 1009by default. 1010Set it to 1011.Dq Li YES 1012to enable 1013.Xr ipfs 8 1014saving the filter and NAT state tables during shutdown 1015and reloading them during startup again. 1016Setting this variable needs setting 1017.Va ipfilter_enable 1018or 1019.Va ipnat_enable 1020to 1021.Dq Li YES 1022too. 1023See 1024.Va ipfilter_enable 1025for a detailed discussion. 1026Note that if 1027.Va kern_securelevel 1028is set to 3, 1029.Va ipfs_enable 1030cannot be used 1031because the raised securelevel will prevent 1032.Xr ipfs 8 1033from saving the state tables at shutdown time. 1034.\" ----- ipfs_program setting ---------------------------------- 1035.It Va ipfs_program 1036.Pq Vt str 1037Path to 1038.Xr ipfs 8 1039(default 1040.Pa /sbin/ipfs ) . 1041.\" ----- ipfs_flags setting ------------------------------------ 1042.It Va ipfs_flags 1043.Pq Vt str 1044Empty by default. 1045This variable contains flags passed to the 1046.Xr ipfs 8 1047program. 1048.\" ----- end of added ipf hook --------------------------------- 1049.It Va pf_enable 1050.Pq Vt bool 1051Set to 1052.Dq Li NO 1053by default. 1054Setting this to 1055.Dq Li YES 1056enables 1057.Xr pf 4 1058packet filtering. 1059.Pp 1060Typical usage will require putting 1061.Pp 1062.Dl pf_enable="YES" 1063.Pp 1064into 1065.Pa /etc/rc.conf 1066and editing 1067.Pa /etc/pf.conf 1068appropriately. 1069Adding 1070.Pp 1071.Dl "device pf" 1072.Pp 1073builds support for 1074.Xr pf 4 1075into the kernel, otherwise the 1076kernel module will be loaded. 1077.It Va pf_rules 1078.Pq Vt str 1079Path to 1080.Xr pf 4 1081ruleset configuration file 1082(default 1083.Pa /etc/pf.conf ) . 1084.It Va pf_program 1085.Pq Vt str 1086Path to 1087.Xr pfctl 8 1088(default 1089.Pa /sbin/pfctl ) . 1090.It Va pf_flags 1091.Pq Vt str 1092If 1093.Va pf_enable 1094is set to 1095.Dq Li YES , 1096these flags are passed to the 1097.Xr pfctl 8 1098program when loading the ruleset. 1099.It Va pf_fallback_rules_enable 1100.Pq Vt bool 1101Set to 1102.Dq Li NO 1103by default. 1104Setting this to 1105.Dq Li YES 1106enables loading 1107.Va pf_fallback_rules_file 1108or 1109.Va pf_fallback_rules 1110in case of a problem when loading the ruleset in 1111.Va pf_rules . 1112.It Va pf_fallback_rules_file 1113.Pq Vt str 1114Path to a pf ruleset to load in case of failure when loading the 1115ruleset in 1116.Va pf_rules 1117(default 1118.Pa /etc/pf-fallback.conf ) . 1119.It Va pf_fallback_rules 1120.Pq Vt str 1121A pf ruleset to load in case of failure when loading the ruleset in 1122.Va pf_rules 1123and 1124.Va pf_fallback_rules_file 1125is not found. 1126Multiple rules can be set as follows: 1127.Bd -literal 1128pf_fallback_rules="\\ 1129 block drop log all\\ 1130 pass in quick on em0" 1131.Pp 1132.Ed 1133The default fallback rule is 1134.Dq block drop log all 1135.It Va pflog_enable 1136.Pq Vt bool 1137Set to 1138.Dq Li NO 1139by default. 1140Setting this to 1141.Dq Li YES 1142enables 1143.Xr pflogd 8 1144which logs packets from the 1145.Xr pf 4 1146packet filter. 1147.It Va pflog_logfile 1148.Pq Vt str 1149If 1150.Va pflog_enable 1151is set to 1152.Dq Li YES 1153this controls where 1154.Xr pflogd 8 1155stores the logfile 1156(default 1157.Pa /var/log/pflog ) . 1158Check 1159.Pa /etc/newsyslog.conf 1160to adjust logfile rotation for this. 1161.It Va pflog_program 1162.Pq Vt str 1163Path to 1164.Xr pflogd 8 1165(default 1166.Pa /sbin/pflogd ) . 1167.It Va pflog_flags 1168.Pq Vt str 1169Empty by default. 1170This variable contains additional flags passed to the 1171.Xr pflogd 8 1172program. 1173.It Va pflog_instances 1174.Pq Vt str 1175If logging to more than one 1176.Xr pflog 4 1177interface is desired, 1178.Va pflog_instances 1179is set to the list of 1180.Xr pflogd 8 1181instances that should be started at system boot time. 1182If 1183.Va pflog_instances 1184is set, for each whitespace-separated 1185.Ar element 1186in the list, 1187.Ao Ar element Ac Ns Va _dev 1188and 1189.Ao Ar element Ac Ns Va _logfile 1190elements are assumed to exist. 1191.Ao Ar element Ac Ns Va _dev 1192must contain the 1193.Xr pflog 4 1194interface to be watched by the named 1195.Xr pflogd 8 1196instance. 1197.Ao Ar element Ac Ns Va _logfile 1198must contain the name of the logfile that will be used by the 1199.Xr pflogd 8 1200instance. 1201.It Va ftpproxy_enable 1202.Pq Vt bool 1203Set to 1204.Dq Li NO 1205by default. 1206Setting this to 1207.Dq Li YES 1208enables 1209.Xr ftp-proxy 8 1210which supports the 1211.Xr pf 4 1212packet filter in translating ftp connections. 1213.It Va ftpproxy_flags 1214.Pq Vt str 1215Empty by default. 1216This variable contains additional flags passed to the 1217.Xr ftp-proxy 8 1218program. 1219.It Va ftpproxy_instances 1220.Pq Vt str 1221Empty by default. 1222If multiple instances of 1223.Xr ftp-proxy 8 1224are desired at boot time, 1225.Va ftpproxy_instances 1226should contain a whitespace-separated list of instance names. 1227For each 1228.Ar element 1229in the list, a variable named 1230.Ao Ar element Ac Ns Va _flags 1231should be defined, containing the command-line flags to be passed to the 1232.Xr ftp-proxy 8 1233instance. 1234.It Va pfsync_enable 1235.Pq Vt bool 1236Set to 1237.Dq Li NO 1238by default. 1239Setting this to 1240.Dq Li YES 1241enables exposing 1242.Xr pf 4 1243state changes to other hosts over the network by means of 1244.Xr pfsync 4 . 1245The 1246.Va pfsync_syncdev 1247variable 1248must also be set then. 1249.It Va pfsync_syncdev 1250.Pq Vt str 1251Empty by default. 1252This variable specifies the name of the network interface 1253.Xr pfsync 4 1254should operate through. 1255It must be set accordingly if 1256.Va pfsync_enable 1257is set to 1258.Dq Li YES . 1259.It Va pfsync_syncpeer 1260.Pq Vt str 1261Empty by default. 1262This variable is optional. 1263By default, state change messages are sent out on the synchronisation 1264interface using IP multicast packets. 1265The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1266224.0.0.240. 1267When a peer address is specified using the 1268.Va pfsync_syncpeer 1269option, the peer address is used as a destination for the pfsync 1270traffic, and the traffic can then be protected using 1271.Xr ipsec 4 . 1272See the 1273.Xr pfsync 4 1274manpage for more details about using 1275.Xr ipsec 4 1276with 1277.Xr pfsync 4 1278interfaces. 1279.It Va pfsync_ifconfig 1280.Pq Vt str 1281Empty by default. 1282This variable can contain additional options to be passed to the 1283.Xr ifconfig 8 1284command used to set up 1285.Xr pfsync 4 . 1286.It Va tcp_extensions 1287.Pq Vt bool 1288Set to 1289.Dq Li YES 1290by default. 1291Setting this to 1292.Dq Li NO 1293disables certain TCP options as described by 1294.Rs 1295.%T "RFC 1323" 1296.Re 1297Setting this to 1298.Dq Li NO 1299might help remedy such problems with connections as randomly hanging 1300or other weird behavior. 1301Some network devices are known 1302to be broken with respect to these options. 1303.It Va log_in_vain 1304.Pq Vt int 1305Set to 0 by default. 1306The 1307.Xr sysctl 8 1308variables, 1309.Va net.inet.tcp.log_in_vain 1310and 1311.Va net.inet.udp.log_in_vain , 1312as described in 1313.Xr tcp 4 1314and 1315.Xr udp 4 , 1316are set to the given value. 1317.It Va tcp_keepalive 1318.Pq Vt bool 1319Set to 1320.Dq Li YES 1321by default. 1322Setting to 1323.Dq Li NO 1324will disable probing idle TCP connections to verify that the 1325peer is still up and reachable. 1326.It Va tcp_drop_synfin 1327.Pq Vt bool 1328Set to 1329.Dq Li NO 1330by default. 1331Setting to 1332.Dq Li YES 1333will cause the kernel to ignore TCP frames that have both 1334the SYN and FIN flags set. 1335This prevents OS fingerprinting, but may 1336break some legitimate applications. 1337.It Va icmp_drop_redirect 1338.Pq Vt bool 1339Set to 1340.Dq Li AUTO 1341by default. 1342This setting will be identical to 1343.Dq Li YES , 1344if a dynamic routing daemon is enabled, because redirect processing may 1345cause performance issues for large routing tables. 1346If no such service is enabled, this setting behaves like a 1347.Dq Li NO . 1348Setting to 1349.Dq Li YES 1350will cause the kernel to ignore ICMP REDIRECT packets. 1351Setting to 1352.Dq Li NO 1353will cause the kernel to process ICMP REDIRECT packets. 1354Refer to 1355.Xr icmp 4 1356for more information. 1357.It Va icmp_log_redirect 1358.Pq Vt bool 1359Set to 1360.Dq Li NO 1361by default. 1362Setting to 1363.Dq Li YES 1364will cause the kernel to log ICMP REDIRECT packets. 1365Note that 1366the log messages are not rate-limited, so this option should only be used 1367for troubleshooting networks. 1368Refer to 1369.Xr icmp 4 1370for more information. 1371.It Va icmp_bmcastecho 1372.Pq Vt bool 1373Set to 1374.Dq Li YES 1375to respond to broadcast or multicast ICMP ping packets. 1376Refer to 1377.Xr icmp 4 1378for more information. 1379.It Va ip_portrange_first 1380.Pq Vt int 1381If not set to 1382.Dq Li NO , 1383this is the first port in the default portrange. 1384Refer to 1385.Xr ip 4 1386for more information. 1387.It Va ip_portrange_last 1388.Pq Vt int 1389If not set to 1390.Dq Li NO , 1391this is the last port in the default portrange. 1392Refer to 1393.Xr ip 4 1394for more information. 1395.It Va network_interfaces 1396.Pq Vt str 1397Set to the list of network interfaces to configure on this host or 1398.Dq Li AUTO 1399(the default) for all current interfaces. 1400Setting the 1401.Va network_interfaces 1402variable to anything other than the default is deprecated. 1403Interfaces that the administrator wishes to store configuration for, 1404but not start at boot should be configured with the 1405.Dq Li NOAUTO 1406keyword in their 1407.Va ifconfig_ Ns Aq Ar interface 1408variables as described below. 1409.Pp 1410An 1411.Va ifconfig_ Ns Aq Ar interface 1412variable is also assumed to exist for each value of 1413.Ar interface . 1414When an interface name contains any of the characters 1415.Dq Li .-/+ 1416they are translated to 1417.Dq Li _ 1418before lookup. 1419The variable can contain arguments to 1420.Xr ifconfig 8 , 1421as well as special case-insensitive keywords described below. 1422Such keywords are removed before passing the value to 1423.Xr ifconfig 8 1424while the order of the other arguments is preserved. 1425.Pp 1426It is possible to add IP alias entries using 1427.Xr ifconfig 8 1428syntax with the address family keyword such as 1429.Li inet . 1430Assuming that the interface in question was 1431.Li em0 , 1432it might look something like this: 1433.Bd -literal 1434ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1435ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1436.Ed 1437.Pp 1438It also possible to configure multiple IP addresses in Classless 1439Inter-Domain Routing 1440.Pq CIDR 1441address notation, 1442whose each address component can be a range like 1443.Li inet 192.0.2.5-23/24 1444or 1445.Li inet6 2001:db8:1-f::1/64 . 1446This notation allows address and prefix length part only, 1447not the other address modifiers. 1448Note that the maximum number of the generated addresses from a range 1449specification is limited to an integer value specified in 1450.Va netif_ipexpand_max 1451in 1452.Nm 1453because a small typo can unexpectedly generate a large number of addresses. 1454The default value is 1455.Li 2048 . 1456It can be increased by adding the following line into 1457.Nm : 1458.Bd -literal 1459netif_ipexpand_max="4096" 1460.Ed 1461.Pp 1462In the case of 1463.Li 192.0.2.5-23/24 , 1464the address 192.0.2.5 will be configured with the 1465netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1466the non-conflicting netmask /32 as explained in the 1467.Xr ifconfig 8 1468alias section. 1469Note that this special netmask handling is only for 1470.Li inet , 1471not for the other address families such as 1472.Li inet6 . 1473.Pp 1474With the interface in question being 1475.Li em0 , 1476an example could look like: 1477.Bd -literal 1478ifconfig_em0_alias2="inet 192.0.2.129/27" 1479ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1480.Ed 1481.Pp 1482and so on. 1483.Pp 1484Note that deprecated 1485.Va ipv4_addrs_ Ns Aq Ar interface 1486variable was supported for IPv4 CIDR address notation. 1487The 1488.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1489variable replaces it, though 1490.Va ipv4_addrs_ Ns Aq Ar interface 1491is still supported for backward compatibility. 1492.Pp 1493For each 1494.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1495entry with an address family keyword, 1496its contents are passed to 1497.Xr ifconfig 8 . 1498Execution stops at the first unsuccessful access, so if 1499something like this is present: 1500.Bd -literal 1501ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1502ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1503ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1504ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1505.Ed 1506.Pp 1507Then note that alias4 would 1508.Em not 1509be added since the search would 1510stop with the missing 1511.Dq Li alias3 1512entry. 1513Because of this difficult to manage behavior, 1514there is 1515.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1516variable, which has the same functionality as 1517.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1518and can have all of the entries in a variable like the following: 1519.Bd -literal 1520ifconfig_em0_aliases="\\ 1521 inet 127.0.0.251 netmask 0xffffffff \\ 1522 inet 127.0.0.252 netmask 0xffffffff \\ 1523 inet 127.0.0.253 netmask 0xffffffff \\ 1524 inet 127.0.0.254 netmask 0xffffffff" 1525.Ed 1526.Pp 1527It also supports CIDR notation. 1528.Pp 1529If the 1530.Pa /etc/start_if . Ns Aq Ar interface 1531file is present, it is read and executed by the 1532.Xr sh 1 1533interpreter 1534before configuring the interface as specified in the 1535.Va ifconfig_ Ns Aq Ar interface 1536and 1537.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1538variables. 1539.Pp 1540If a 1541.Va vlans_ Ns Aq Ar interface 1542variable is set, 1543a 1544.Xr vlan 4 1545interface will be created for each item in the list with the 1546.Ar vlandev 1547argument set to 1548.Ar interface . 1549If a vlan interface's name is a number, 1550then that number is used as the vlan tag and the new vlan interface is 1551named 1552.Ar interface . Ns Ar tag . 1553Otherwise, 1554the vlan tag must be specified via a 1555.Va vlan 1556parameter in the 1557.Va create_args_ Ns Aq Ar interface 1558variable. 1559.Pp 1560To create a vlan device named 1561.Li em0.101 1562on 1563.Li em0 1564with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1565.Bd -literal 1566vlans_em0="101" 1567ifconfig_em0_101="inet 192.0.2.1/24" 1568.Ed 1569.Pp 1570To create a vlan device named 1571.Li myvlan 1572on 1573.Li em0 1574with the vlan tag 102: 1575.Bd -literal 1576vlans_em0="myvlan" 1577create_args_myvlan="vlan 102" 1578.Ed 1579.Pp 1580If a 1581.Va wlans_ Ns Aq Ar interface 1582variable is set, 1583an 1584.Xr wlan 4 1585interface will be created for each item in the list with the 1586.Ar wlandev 1587argument set to 1588.Ar interface . 1589Further wlan cloning arguments may be passed to the 1590.Xr ifconfig 8 1591.Cm create 1592command by setting the 1593.Va create_args_ Ns Aq Ar interface 1594variable. 1595One or more 1596.Xr wlan 4 1597devices must be created for each wireless device as of 1598.Fx 8.0 . 1599Debugging flags for 1600.Xr wlan 4 1601devices as set by 1602.Xr wlandebug 8 1603may be specified with an 1604.Va wlandebug_ Ns Aq Ar interface 1605variable. 1606The contents of this variable will be passed directly to 1607.Xr wlandebug 8 . 1608.Pp 1609If the 1610.Va ifconfig_ Ns Aq Ar interface 1611contains the keyword 1612.Dq Li NOAUTO 1613then the interface will not be configured 1614at boot or by 1615.Pa /etc/pccard_ether 1616when 1617.Va network_interfaces 1618is set to 1619.Dq Li AUTO . 1620.Pp 1621It is possible to bring up an interface with DHCP by adding 1622.Dq Li DHCP 1623to the 1624.Va ifconfig_ Ns Aq Ar interface 1625variable. 1626For instance, to initialize the 1627.Li em0 1628device via DHCP, 1629it is possible to use something like: 1630.Bd -literal 1631ifconfig_em0="DHCP" 1632.Ed 1633.Pp 1634If you want to configure your wireless interface with 1635.Xr wpa_supplicant 8 1636for use with WPA, EAP/LEAP or WEP, you need to add 1637.Dq Li WPA 1638to the 1639.Va ifconfig_ Ns Aq Ar interface 1640variable. 1641.Pp 1642On the other hand, if you want to configure your wireless interface with 1643.Xr hostapd 8 , 1644you need to add 1645.Dq Li HOSTAP 1646to the 1647.Va ifconfig_ Ns Aq Ar interface 1648variable. 1649.Xr hostapd 8 1650will use the settings from 1651.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1652.Pp 1653Finally, you can add 1654.Xr ifconfig 8 1655options in this variable, in addition to the 1656.Pa /etc/start_if . Ns Aq Ar interface 1657file. 1658For instance, to configure an 1659.Xr ath 4 1660wireless device in station mode with an address obtained 1661via DHCP, using WPA authentication and 802.11b mode, it is 1662possible to use something like: 1663.Bd -literal 1664wlans_ath0="wlan0" 1665ifconfig_wlan0="DHCP WPA mode 11b" 1666.Ed 1667.Pp 1668In addition to the 1669.Va ifconfig_ Ns Aq Ar interface 1670form, a fallback variable 1671.Va ifconfig_DEFAULT 1672may be configured. 1673It will be used for all interfaces with no 1674.Va ifconfig_ Ns Aq Ar interface 1675variable. 1676.Pp 1677It is also possible to rename an interface by doing: 1678.Bd -literal 1679ifconfig_em0_name="net0" 1680ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1681.Ed 1682.It Va ipv6_enable 1683.Pq Vt bool 1684This variable is deprecated. 1685Use 1686.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1687and 1688.Va ipv6_activate_all_interfaces 1689if necessary. 1690.Pp 1691If the variable is 1692.Dq Li YES , 1693.Dq Li inet6 accept_rtadv 1694is added to all of 1695.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1696and the 1697.Va ipv6_activate_all_interfaces 1698is defined as 1699.Dq Li YES . 1700.It Va ipv6_prefer 1701.Pq Vt bool 1702This variable is deprecated. 1703Use 1704.Va ip6addrctl_policy 1705instead. 1706.Pp 1707If the variable is 1708.Dq Li YES , 1709the default address selection policy table set by 1710.Xr ip6addrctl 8 1711will be IPv6-preferred. 1712.Pp 1713If the variable is 1714.Dq Li NO , 1715the default address selection policy table set by 1716.Xr ip6addrctl 8 1717will be IPv4-preferred. 1718.It Va ipv6_activate_all_interfaces 1719.Pq Vt bool 1720This controls initial configuration on IPv6-capable 1721interfaces with no corresponding 1722.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1723variable. 1724Note that it is not always necessary to set this variable to 1725.Dq YES 1726to use IPv6 functionality on 1727.Fx . 1728In most cases, just configuring 1729.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1730variables works. 1731.Pp 1732If the variable is 1733.Dq Li NO , 1734all interfaces which do not have a corresponding 1735.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1736variable will be marked as 1737.Dq Li IFDISABLED 1738at creation. 1739This means that all IPv6 functionality on that interface 1740is completely disabled to enforce a security policy. 1741If the variable is set to 1742.Dq YES , 1743the flag will be cleared on all of the interfaces. 1744.Pp 1745In most cases, just defining an 1746.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1747for an IPv6-capable interface should be sufficient. 1748However, if an interface is added dynamically 1749.Pq by some tunneling protocols such as PPP, for example , 1750it is often difficult to define the variable in advance. 1751In such a case, configuring the 1752.Dq Li IFDISABLED 1753flag can be disabled by setting this variable to 1754.Dq YES . 1755.Pp 1756For more details of the 1757.Dq Li IFDISABLED 1758flag and keywords 1759.Dq Li inet6 ifdisabled , 1760see 1761.Xr ifconfig 8 . 1762.Pp 1763Default is 1764.Dq Li NO . 1765.It Va ipv6_privacy 1766.Pq Vt bool 1767If the variable is 1768.Dq Li YES 1769privacy addresses will be generated for each IPv6 1770interface as described in RFC 4941. 1771.It Va ipv6_network_interfaces 1772.Pq Vt str 1773This is the IPv6 equivalent of 1774.Va network_interfaces . 1775Normally manual configuration of this variable is not needed. 1776.It Va ipv6_cpe_wanif 1777.Pq Vt str 1778If the variable is set to an interface name, 1779the 1780.Xr ifconfig 8 1781options 1782.Dq inet6 -no_radr accept_rtadv 1783will be added to the specified interface automatically before evaluating 1784.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1785and two 1786.Xr sysctl 8 1787variables 1788.Va net.inet6.ip6.rfc6204w3 1789and 1790.Va net.inet6.ip6.no_radr 1791will be set to 1. 1792.Pp 1793This means the specified interface will accept ICMPv6 Router 1794Advertisement messages on that link and add the discovered 1795routers into the Default Router List. 1796While the other interfaces can still accept RA messages if the 1797.Dq inet6 accept_rtadv 1798option is specified, adding 1799routes into the Default Router List will be disabled by 1800.Dq inet6 no_radr 1801option by default. 1802See 1803.Xr ifconfig 8 1804for more details. 1805.Pp 1806Note that ICMPv6 Router Advertisement messages will be 1807accepted even when 1808.Va net.inet6.ip6.forwarding 1809is 1 1810.Pq packet forwarding is enabled 1811when 1812.Va net.inet6.ip6.rfc6204w3 1813is set to 1. 1814.Pp 1815Default is 1816.Dq Li NO . 1817.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1818.Pq Vt str 1819This assigns arbitrary description to an interface. 1820The 1821.Xr sysctl 8 1822variable 1823.Va net.ifdescr_maxlen 1824limits its length. 1825This static setting may be overridden by commands 1826started with dynamic interface configuration utilities 1827like 1828.Xr dhclient 8 1829hooks. 1830The description can be seen with 1831.Xr ifconfig 8 1832command and it may be exported with 1833.Xr bsnmpd 1 1834daemon using its MIB-2 module. 1835.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1836.Pq Vt str 1837IPv6 functionality on an interface should be configured by 1838.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1839instead of setting ifconfig parameters in 1840.Va ifconfig_ Ns Aq Ar interface . 1841If this variable is empty, all IPv6 configurations on the 1842specified interface by other variables such as 1843.Va ipv6_prefix_ Ns Ao Ar interface Ac 1844will be ignored. 1845.Pp 1846Aliases should be set by 1847.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1848with 1849.Dq Li inet6 1850keyword. 1851For example: 1852.Bd -literal 1853ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1854ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1855.Ed 1856.Pp 1857Interfaces that have an 1858.Dq Li inet6 accept_rtadv 1859keyword in 1860.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1861setting will be automatically configured by SLAAC 1862.Pq StateLess Address AutoConfiguration 1863described in 1864.Rs 1865.%T "RFC 4862" 1866.Re 1867.Pp 1868Note that a link-local address will be automatically configured in 1869addition to the configured global-scope addresses because the IPv6 1870specifications require it on each link. 1871The address is calculated from the MAC address by using an algorithm 1872defined in 1873.Rs 1874.%T "RFC 4862" 1875.%O "Section 5.3" 1876.Re 1877.Pp 1878If only a link-local address is needed on the interface, 1879the following configuration can be used: 1880.Bd -literal 1881ifconfig_em0_ipv6="inet6 auto_linklocal" 1882.Ed 1883.Pp 1884A link-local address can also be configured manually. 1885This is useful for the default router address of an IPv6 router 1886so that it does not change when the network interface 1887card is replaced. 1888For example: 1889.Bd -literal 1890ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1891.Ed 1892.It Va ipv6_prefix_ Ns Aq Ar interface 1893.Pq Vt str 1894If one or more prefixes are defined in 1895.Va ipv6_prefix_ Ns Aq Ar interface 1896addresses based on each prefix and the EUI-64 interface index will be 1897configured on that interface. 1898Note that this variable will be ignored when 1899.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1900is empty. 1901.Pp 1902For example, the following configuration 1903.Bd -literal 1904ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1905.Ed 1906.Pp 1907is equivalent to the following: 1908.Bd -literal 1909ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1910ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1911ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1912ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1913.Ed 1914.Pp 1915These Subnet-Router anycast addresses will be added only when 1916.Va ipv6_gateway_enable 1917is YES. 1918.It Va ipv6_default_interface 1919.Pq Vt str 1920If not set to 1921.Dq Li NO , 1922this is the default output interface for scoped addresses. 1923This works only with ipv6_gateway_enable="NO". 1924.It Va ip6addrctl_enable 1925.Pq Vt bool 1926This variable is to enable configuring default address selection policy table 1927.Pq RFC 3484 . 1928The table can be specified in another variable 1929.Va ip6addrctl_policy . 1930For 1931.Va ip6addrctl_policy 1932the following keywords can be specified: 1933.Dq Li ipv4_prefer , 1934.Dq Li ipv6_prefer , 1935or 1936.Dq Li AUTO . 1937.Pp 1938If 1939.Dq Li ipv4_prefer 1940or 1941.Dq Li ipv6_prefer 1942is specified, 1943.Xr ip6addrctl 8 1944installs a pre-defined policy table described in Section 10.3 1945.Pq IPv4-preferred 1946or 2.1 1947.Pq IPv6-preferred 1948of RFC 3484. 1949.Pp 1950If 1951.Dq Li AUTO 1952is specified, it attempts to read a file 1953.Pa /etc/ip6addrctl.conf 1954first. 1955If this file is found, 1956.Xr ip6addrctl 8 1957reads and installs it. 1958If not found, a policy is automatically set 1959according to 1960.Va ipv6_activate_all_interfaces 1961variable; if the variable is set to 1962.Dq Li YES 1963the IPv6-preferred one is used. 1964Otherwise IPv4-preferred. 1965.Pp 1966The default value of 1967.Va ip6addrctl_enable 1968and 1969.Va ip6addrctl_policy 1970are 1971.Dq Li YES 1972and 1973.Dq Li AUTO , 1974respectively. 1975.It Va cloned_interfaces 1976.Pq Vt str 1977Set to the list of clonable network interfaces to create on this host. 1978Further cloning arguments may be passed to the 1979.Xr ifconfig 8 1980.Cm create 1981command for each interface by setting the 1982.Va create_args_ Ns Aq Ar interface 1983variable. 1984If an interface name is specified with 1985.Dq :sticky 1986keyword, 1987the interface will not be destroyed even when 1988.Pa rc.d/netif 1989script is invoked with 1990.Dq stop 1991argument. 1992This is useful when reconfiguring the interface without destroying it. 1993Entries in 1994.Va cloned_interfaces 1995are automatically appended to 1996.Va network_interfaces 1997for configuration. 1998.It Va cloned_interfaces_sticky 1999.Pq Vt bool 2000This variable is to globally enable functionality of 2001.Dq :sticky 2002keyword in 2003.Va cloned_interfaces 2004for all interfaces. 2005The default value is 2006.Dq NO . 2007Even if this variable is specified to 2008.Dq YES , 2009.Dq :nosticky 2010keyword can be used to override it on per interface basis. 2011.It Va gif_interfaces 2012Set to the list of 2013.Xr gif 4 2014tunnel interfaces to configure on this host. 2015A 2016.Va gifconfig_ Ns Aq Ar interface 2017variable is assumed to exist for each value of 2018.Ar interface . 2019The value of this variable is used to configure the link layer of the 2020tunnel using the 2021.Cm tunnel 2022option to 2023.Xr ifconfig 8 . 2024Additionally, this option ensures that each listed interface is created 2025via the 2026.Cm create 2027option to 2028.Xr ifconfig 8 2029before attempting to configure it. 2030.Pp 2031For example, configure two 2032.Xr gif 4 2033interfaces with: 2034.Bd -literal 2035gif_interfaces="gif0 gif1" 2036gifconfig_gif0="100.64.0.1 100.64.0.2" 2037ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 2038gifconfig_gif1="inet6 2a00::1 2a01::1" 2039ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 2040.Ed 2041.It Va ppp_enable 2042.Pq Vt bool 2043If set to 2044.Dq Li YES , 2045run the 2046.Xr ppp 8 2047daemon. 2048.It Va ppp_profile 2049.Pq Vt str 2050The name of the profile to use from 2051.Pa /etc/ppp/ppp.conf . 2052Also used for per-profile overrides of 2053.Va ppp_mode 2054and 2055.Va ppp_nat , 2056and 2057.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2058When the profile name contains any of the characters 2059.Dq Li .-/+ 2060they are translated to 2061.Dq Li _ 2062for the proposes of the override variable names. 2063.It Va ppp_mode 2064.Pq Vt str 2065Mode in which to run the 2066.Xr ppp 8 2067daemon. 2068.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2069.Pq Vt str 2070Overrides the global 2071.Va ppp_mode 2072for 2073.Ar profile . 2074Accepted modes are 2075.Dq Li auto , 2076.Dq Li ddial , 2077.Dq Li direct 2078and 2079.Dq Li dedicated . 2080See the manual for a full description. 2081.It Va ppp_nat 2082.Pq Vt bool 2083If set to 2084.Dq Li YES , 2085enables network address translation. 2086Used in conjunction with 2087.Va gateway_enable 2088allows hosts on private network addresses access to the Internet using 2089this host as a network address translating router. 2090Default is 2091.Dq Li YES . 2092.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2093.Pq Vt str 2094Overrides the global 2095.Va ppp_nat 2096for 2097.Ar profile . 2098.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2099.Pq Vt int 2100Set the unit number to be used for this profile. 2101See the manual description of 2102.Fl unit Ns Ar N 2103for details. 2104.It Va ppp_user 2105.Pq Vt str 2106The name of the user under which 2107.Xr ppp 8 2108should be started. 2109By 2110default, 2111.Xr ppp 8 2112is started as 2113.Dq Li root . 2114.It Va rc_conf_files 2115.Pq Vt str 2116This option is used to specify a list of files that will override 2117the settings in 2118.Pa /etc/defaults/rc.conf . 2119The files will be read in the order in which they are specified and should 2120include the full path to the file. 2121By default, the files specified are 2122.Pa /etc/rc.conf 2123and 2124.Pa /etc/rc.conf.local . 2125.It Va zfs_enable 2126.Pq Vt bool 2127If set to 2128.Dq Li YES , 2129.Pa /etc/rc.d/zfs 2130will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2131(ZVOLs). 2132.It Va zpool_reguid 2133.Pq Vt str 2134A space-separated list of ZFS pool names for which new pool GUIDs should be 2135assigned upon first boot. 2136This is useful when using a ZFS pool copied from a template, such as a virtual 2137machine image. 2138.It Va zpool_upgrade 2139.Pq Vt str 2140A space-separated list of ZFS pool names for which the version should be 2141upgraded upon first boot. 2142This is useful when using a ZFS pool generated by the 2143.Xr makefs 8 2144utility. 2145.It Va gptboot_enable 2146.Pq Vt bool 2147If set to 2148.Dq Li YES , 2149.Pa /etc/rc.d/gptboot 2150will log if the system successfully (or not) booted from a GPT partition, 2151which had the 2152.Ar bootonce 2153attribute set using 2154.Xr gpart 8 2155utility. 2156.It Va gbde_autoattach_all 2157.Pq Vt bool 2158If set to 2159.Dq Li YES , 2160.Pa /etc/rc.d/gbde 2161will attempt to automatically initialize the .bde devices specified in 2162.Pa /etc/fstab . 2163.It Va gbde_devices 2164.Pq Vt str 2165List the devices that the script should try to attach, 2166or 2167.Dq Li AUTO . 2168.It Va gbde_lockdir 2169.Pq Vt str 2170The directory where the 2171.Xr gbde 4 2172lockfiles are located. 2173The default lockfile directory is 2174.Pa /etc . 2175.Pp 2176The lockfile for each individual 2177.Xr gbde 4 2178device can be overridden by setting the variable 2179.Va gbde_lock_ Ns Aq Ar device , 2180where 2181.Ar device 2182is the encrypted device without the 2183.Dq Pa /dev/ 2184and 2185.Dq Pa .bde 2186parts. 2187.It Va gbde_attach_attempts 2188.Pq Vt int 2189Number of times to attempt attaching to a 2190.Xr gbde 4 2191device, i.e., how many times the user is asked for the pass-phrase. 2192Default is 3. 2193.It Va geli_devices 2194.Pq Vt str 2195List of devices to automatically attach on boot. 2196Note that .eli devices from 2197.Pa /etc/fstab 2198are automatically appended to this list. 2199.It Va geli_groups 2200.Pq Vt str 2201List of groups containing devices to automatically attach on boot with the same 2202keyfiles and passphrase. 2203This must be accompanied with a corresponding 2204.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2205variable. 2206.It Va geli_tries 2207.Pq Vt int 2208Number of times user is asked for the pass-phrase. 2209If empty, it will be taken from 2210.Va kern.geom.eli.tries 2211sysctl variable. 2212.It Va geli_default_flags 2213.Pq Vt str 2214Default flags to use by 2215.Xr geli 8 2216when configuring disk encryption. 2217Flags can be configured for every device separately by defining the 2218.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2219variable, and for every group separately by defining the 2220.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2221variable. 2222.It Va geli_autodetach 2223.Pq Vt str 2224Specifies if GELI devices should be marked for detach on last close after 2225file systems are mounted. 2226Default is 2227.Dq Li YES . 2228This can be changed for every device separately by defining the 2229.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2230variable. 2231.It Va root_rw_mount 2232.Pq Vt bool 2233Set to 2234.Dq Li YES 2235by default. 2236After the file systems are checked at boot time, the root file system 2237is remounted as read-write if this is set to 2238.Dq Li YES . 2239Diskless systems that mount their root file system from a read-only remote 2240NFS share should set this to 2241.Dq Li NO 2242in their 2243.Pa rc.conf . 2244.It Va fsck_y_enable 2245.Pq Vt bool 2246If set to 2247.Dq Li YES , 2248.Xr fsck 8 2249will be run with the 2250.Fl y 2251flag if the initial preen 2252of the file systems fails. 2253.It Va background_fsck 2254.Pq Vt bool 2255If set to 2256.Dq Li NO , 2257the system will not attempt to run 2258.Xr fsck 8 2259in the background where possible. 2260.It Va background_fsck_delay 2261.Pq Vt int 2262The amount of time in seconds to sleep before starting a background 2263.Xr fsck 8 . 2264It defaults to sixty seconds to allow large applications such as 2265the X server to start before disk I/O bandwidth is monopolized by 2266.Xr fsck 8 . 2267If set to a negative number, the background file system check will be 2268delayed indefinitely to allow the administrator to run it at a more 2269convenient time. 2270For example it may be run from 2271.Xr cron 8 2272by adding a line like 2273.Pp 2274.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2275.Pp 2276to 2277.Pa /etc/crontab . 2278.It Va netfs_types 2279.Pq Vt str 2280List of file system types that are network-based. 2281This list should generally not be modified by end users. 2282Use 2283.Va extra_netfs_types 2284instead. 2285.It Va extra_netfs_types 2286.Pq Vt str 2287If set to something other than 2288.Dq Li NO 2289(the default), 2290this variable extends the list of file system types 2291for which automatic mounting at startup by 2292.Xr rc 8 2293should be delayed until the network is initialized. 2294It should contain 2295a whitespace-separated list of network file system descriptor pairs, 2296each consisting of a file system type as passed to 2297.Xr mount 8 2298and a human-readable, one-word description, 2299joined with a colon 2300.Pq Ql \&: . 2301Extending the default list in this way is only necessary 2302when third party file system types are used. 2303.It Va syslogd_enable 2304.Pq Vt bool 2305If set to 2306.Dq Li YES , 2307run the 2308.Xr syslogd 8 2309daemon. 2310.It Va syslogd_program 2311.Pq Vt str 2312Path to 2313.Xr syslogd 8 2314(default 2315.Pa /usr/sbin/syslogd ) . 2316.It Va syslogd_flags 2317.Pq Vt str 2318If 2319.Va syslogd_enable 2320is set to 2321.Dq Li YES , 2322these are the flags to pass to 2323.Xr syslogd 8 . 2324.It Va inetd_enable 2325.Pq Vt bool 2326If set to 2327.Dq Li YES , 2328run the 2329.Xr inetd 8 2330daemon. 2331.It Va inetd_program 2332.Pq Vt str 2333Path to 2334.Xr inetd 8 2335(default 2336.Pa /usr/sbin/inetd ) . 2337.It Va inetd_flags 2338.Pq Vt str 2339If 2340.Va inetd_enable 2341is set to 2342.Dq Li YES , 2343these are the flags to pass to 2344.Xr inetd 8 . 2345.It Va hastd_enable 2346.Pq Vt bool 2347If set to 2348.Dq Li YES , 2349run the 2350.Xr hastd 8 2351daemon. 2352.It Va hastd_program 2353.Pq Vt str 2354Path to 2355.Xr hastd 8 2356(default 2357.Pa /sbin/hastd ) . 2358.It Va hastd_flags 2359.Pq Vt str 2360If 2361.Va hastd_enable 2362is set to 2363.Dq Li YES , 2364these are the flags to pass to 2365.Xr hastd 8 . 2366.It Va local_unbound_enable 2367.Pq Vt bool 2368If set to 2369.Dq Li YES , 2370run the 2371.Xr unbound 8 2372daemon as a local caching DNS resolver. 2373.It Va nscd_enable 2374.Pq Vt bool 2375Set to 2376.Dq Li YES 2377to start the 2378.Xr nscd 8 2379caching daemon for the 2380.Nm nsswitch 2381subsystem. 2382.It Va nscd_flags 2383.Pq Vt str 2384If 2385.Va nscd_enable 2386is set to 2387.Dq Li YES , 2388these flags are passed to 2389.Xr nscd 8 . 2390.It Va kdc_enable 2391.Pq Vt bool 2392Set to 2393.Dq Li YES 2394to start a Kerberos 5 authentication server 2395at boot time. 2396.It Va kdc_program 2397.Pq Vt str 2398If 2399.Va kdc_enable 2400is set to 2401.Dq Li YES 2402this is the path to Kerberos 5 Authentication Server. 2403.It Va kdc_flags 2404.Pq Vt str 2405Empty by default. 2406This variable contains additional flags to be passed to the Kerberos 5 2407authentication server. 2408.It Va kadmind_enable 2409.Pq Vt bool 2410Set to 2411.Dq Li YES 2412to start 2413.Xr kadmind 8 , 2414the Kerberos 5 Administration Daemon; set to 2415.Dq Li NO 2416on a slave server. 2417.It Va kadmind_program 2418.Pq Vt str 2419If 2420.Va kadmind_enable 2421is set to 2422.Dq Li YES 2423this is the path to Kerberos 5 Administration Daemon. 2424.It Va kpasswdd_enable 2425.Pq Vt bool 2426Set to 2427.Dq Li YES 2428to start 2429.Xr kpasswdd 8 , 2430the Kerberos 5 Password-Changing Daemon; set to 2431.Dq Li NO 2432on a slave server. 2433.It Va kpasswdd_program 2434.Pq Vt str 2435If 2436.Va kpasswdd_enable 2437is set to 2438.Dq Li YES 2439this is the path to Kerberos 5 Password-Changing Daemon. 2440.It Va kfd_enable 2441.Pq Vt bool 2442Set to 2443.Dq Li YES 2444to start 2445.Xr kfd 8 , 2446the Kerberos 5 ticket forwarding daemon, at the boot time. 2447.It Va kfd_program 2448.Pq Vt str 2449Path to 2450.Xr kfd 8 2451(default 2452.Pa /usr/libexec/kfd ) . 2453.It Va rwhod_enable 2454.Pq Vt bool 2455If set to 2456.Dq Li YES , 2457run the 2458.Xr rwhod 8 2459daemon at boot time. 2460.It Va rwhod_flags 2461.Pq Vt str 2462If 2463.Va rwhod_enable 2464is set to 2465.Dq Li YES , 2466these are the flags to pass to it. 2467.It Va update_motd 2468.Pq Vt bool 2469If set to 2470.Dq Li YES , 2471.Pa /var/run/motd 2472will be updated at boot time to reflect the kernel release 2473being run. 2474If set to 2475.Dq Li NO , 2476.Pa /var/run/motd 2477will not be updated. 2478.It Va nfs_client_enable 2479.Pq Vt bool 2480If set to 2481.Dq Li YES , 2482run the NFS client daemons at boot time. 2483.It Va nfs_access_cache 2484.Pq Vt int 2485If 2486.Va nfs_client_enable 2487is set to 2488.Dq Li YES , 2489this can be set to 2490.Dq Li 0 2491to disable NFS ACCESS RPC caching, or to the number of seconds for which 2492NFS ACCESS 2493results should be cached. 2494A value of 2-10 seconds will substantially reduce network 2495traffic for many NFS operations. 2496.It Va nfs_server_enable 2497.Pq Vt bool 2498If set to 2499.Dq Li YES , 2500run the NFS server daemons at boot time. 2501.It Va nfs_server_flags 2502.Pq Vt str 2503If 2504.Va nfs_server_enable 2505is set to 2506.Dq Li YES , 2507these are the flags to pass to the 2508.Xr nfsd 8 2509daemon. 2510.It Va nfsv4_server_enable 2511.Pq Vt bool 2512If 2513.Va nfs_server_enable 2514is set to 2515.Dq Li YES 2516and 2517.Va nfsv4_server_enable 2518is set to 2519.Dq Li YES , 2520enable the server for NFSv4 as well as NFSv2 and NFSv3. 2521.It Va nfsv4_server_only 2522.Pq Vt bool 2523If 2524.Va nfs_server_enable 2525is set to 2526.Dq Li YES 2527and 2528.Va nfsv4_server_only 2529is set to 2530.Dq Li YES , 2531enable the NFS server for NFSv4 only. 2532.It Va nfs_server_maxio 2533.Pq Vt int 2534value to set vfs.nfsd.srvmaxio to, which is the 2535maximum I/O size for the NFS server. 2536.It Va tlsclntd_enable 2537.Pq Vt bool 2538If set to 2539.Dq Li YES , 2540run the 2541.Xr rpc.tlsclntd 8 2542daemon, which is needed for NFS-over-TLS NFS mounts. 2543.It Va tlsservd_enable 2544.Pq Vt bool 2545If set to 2546.Dq Li YES , 2547run the 2548.Xr rpc.tlsservd 8 2549daemon, which is needed for the 2550.Xr nfsd 8 2551to support NFS-over-TLS NFS mounts. 2552.It Va nfsuserd_enable 2553.Pq Vt bool 2554If 2555.Va nfsuserd_enable 2556is set to 2557.Dq Li YES , 2558run the nfsuserd daemon, which is needed for NFSv4 in order 2559to map between user/group names vs uid/gid numbers. 2560If 2561.Va nfsv4_server_enable 2562is set to 2563.Dq Li YES , 2564this will be forced enabled. 2565.It Va nfsuserd_flags 2566.Pq Vt str 2567If 2568.Va nfsuserd_enable 2569is set to 2570.Dq Li YES , 2571these are the flags to pass to the 2572.Xr nfsuserd 8 2573daemon. 2574.It Va nfscbd_enable 2575.Pq Vt bool 2576If 2577.Va nfscbd_enable 2578is set to 2579.Dq Li YES , 2580run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2581.It Va nfscbd_flags 2582.Pq Vt str 2583If 2584.Va nfscbd_enable 2585is set to 2586.Dq Li YES , 2587these are the flags to pass to the 2588.Xr nfscbd 8 2589daemon. 2590.It Va mountd_enable 2591.Pq Vt bool 2592If set to 2593.Dq Li YES , 2594and no 2595.Va nfs_server_enable 2596is set, start 2597.Xr mountd 8 , 2598but not 2599.Xr nfsd 8 2600daemon. 2601It is commonly needed to run CFS without real NFS used. 2602.It Va mountd_flags 2603.Pq Vt str 2604If 2605.Va mountd_enable 2606is set to 2607.Dq Li YES , 2608these are the flags to pass to the 2609.Xr mountd 8 2610daemon. 2611.It Va weak_mountd_authentication 2612.Pq Vt bool 2613If set to 2614.Dq Li YES , 2615allow services like PCNFSD to make non-privileged mount 2616requests. 2617.It Va nfs_reserved_port_only 2618.Pq Vt bool 2619If set to 2620.Dq Li YES , 2621provide NFS services only on a secure port. 2622.It Va nfs_bufpackets 2623.Pq Vt int 2624If set to a number, indicates the number of packets worth of 2625socket buffer space to reserve on an NFS client. 2626The kernel default is typically 4. 2627Using a higher number may be 2628useful on gigabit networks to improve performance. 2629The minimum value is 26302 and the maximum is 64. 2631.It Va rpc_lockd_enable 2632.Pq Vt bool 2633If set to 2634.Dq Li YES 2635and also an NFS server or client, run 2636.Xr rpc.lockd 8 2637at boot time. 2638.It Va rpc_lockd_flags 2639.Pq Vt str 2640If 2641.Va rpc_lockd_enable 2642is set to 2643.Dq Li YES , 2644these are the flags to pass to the 2645.Xr rpc.lockd 8 2646daemon. 2647.It Va rpc_statd_enable 2648.Pq Vt bool 2649If set to 2650.Dq Li YES 2651and also an NFS server or client, run 2652.Xr rpc.statd 8 2653at boot time. 2654.It Va rpc_statd_flags 2655.Pq Vt str 2656If 2657.Va rpc_statd_enable 2658is set to 2659.Dq Li YES , 2660these are the flags to pass to the 2661.Xr rpc.statd 8 2662daemon. 2663.It Va rpcbind_program 2664.Pq Vt str 2665Path to 2666.Xr rpcbind 8 2667(default 2668.Pa /usr/sbin/rpcbind ) . 2669.It Va rpcbind_enable 2670.Pq Vt bool 2671If set to 2672.Dq Li YES , 2673run the 2674.Xr rpcbind 8 2675service at boot time. 2676.It Va rpcbind_flags 2677.Pq Vt str 2678If 2679.Va rpcbind_enable 2680is set to 2681.Dq Li YES , 2682these are the flags to pass to the 2683.Xr rpcbind 8 2684daemon. 2685.It Va keyserv_enable 2686.Pq Vt bool 2687If set to 2688.Dq Li YES , 2689run the 2690.Xr keyserv 8 2691daemon on boot for running Secure RPC. 2692.It Va keyserv_flags 2693.Pq Vt str 2694If 2695.Va keyserv_enable 2696is set to 2697.Dq Li YES , 2698these are the flags to pass to 2699.Xr keyserv 8 2700daemon. 2701.It Va pppoed_enable 2702.Pq Vt bool 2703If set to 2704.Dq Li YES , 2705run the 2706.Xr pppoed 8 2707daemon at boot time to provide PPP over Ethernet services. 2708.It Va pppoed_ Ns Aq Ar provider 2709.Pq Vt str 2710.Xr pppoed 8 2711listens to requests to this 2712.Ar provider 2713and ultimately runs 2714.Xr ppp 8 2715with a 2716.Ar system 2717argument of the same name. 2718.It Va pppoed_flags 2719.Pq Vt str 2720Additional flags to pass to 2721.Xr pppoed 8 . 2722.It Va pppoed_interface 2723.Pq Vt str 2724The network interface to run 2725.Xr pppoed 8 2726on. 2727This is mandatory when 2728.Va pppoed_enable 2729is set to 2730.Dq Li YES . 2731.It Va ntpdate_enable 2732.Pq Vt bool 2733If set to 2734.Dq Li YES , 2735run 2736.Xr ntpdate 8 2737at system startup. 2738This command is intended to 2739synchronize the system clock only 2740.Em once 2741from some standard reference. 2742.Pp 2743Note that the use of the 2744.Va ntpd_sync_on_start 2745variable is a preferred alternative to the 2746.Xr ntpdate 8 2747utility as 2748.Xr ntpdate 8 2749is to be retired from the NTP distribution. 2750.It Va ntpdate_config 2751.Pq Vt str 2752Configuration file for 2753.Xr ntpdate 8 . 2754Default 2755.Pa /etc/ntp.conf . 2756.It Va ntpdate_hosts 2757.Pq Vt str 2758A whitespace-separated list of NTP servers to synchronize with at startup. 2759The default is to use the servers listed in 2760.Va ntpdate_config , 2761if that file exists. 2762.It Va ntpdate_program 2763.Pq Vt str 2764Path to 2765.Xr ntpdate 8 2766(default 2767.Pa /usr/sbin/ntpdate ) . 2768.It Va ntpdate_flags 2769.Pq Vt str 2770If 2771.Va ntpdate_enable 2772is set to 2773.Dq Li YES , 2774these are the flags to pass to the 2775.Xr ntpdate 8 2776command (typically a hostname). 2777.It Va ntpd_enable 2778.Pq Vt bool 2779If set to 2780.Dq Li YES , 2781run the 2782.Xr ntpd 8 2783command at boot time. 2784.It Va ntpd_program 2785.Pq Vt str 2786Path to 2787.Xr ntpd 8 2788(default 2789.Pa /usr/sbin/ntpd ) . 2790.It Va ntpd_config 2791.Pq Vt str 2792Path to 2793.Xr ntpd 8 2794configuration file. 2795Default 2796.Pa /etc/ntp.conf . 2797.It Va ntpd_flags 2798.Pq Vt str 2799If 2800.Va ntpd_enable 2801is set to 2802.Dq Li YES , 2803these are the flags to pass to the 2804.Xr ntpd 8 2805daemon. 2806.It Va ntpd_sync_on_start 2807.Pq Vt bool 2808If set to 2809.Dq Li YES , 2810.Xr ntpd 8 2811is run with the 2812.Fl g 2813flag, which syncs the system's clock on startup. 2814See 2815.Xr ntpd 8 2816for more information regarding the 2817.Fl g 2818option. 2819This is a preferred alternative to using 2820.Xr ntpdate 8 2821or specifying the 2822.Va ntpdate_enable 2823variable. 2824.It Va nis_client_enable 2825.Pq Vt bool 2826If set to 2827.Dq Li YES , 2828run the 2829.Xr ypbind 8 2830service at system boot time. 2831.It Va nis_client_flags 2832.Pq Vt str 2833If 2834.Va nis_client_enable 2835is set to 2836.Dq Li YES , 2837these are the flags to pass to the 2838.Xr ypbind 8 2839service. 2840.It Va nis_ypldap_enable 2841.Pq Vt bool 2842If set to 2843.Dq Li YES , 2844run the 2845.Xr ypldap 8 2846daemon at system boot time. 2847.It Va nis_ypldap_flags 2848.Pq Vt str 2849If 2850.Va nis.ypldap_enable 2851is set to 2852.Dq Li YES , 2853these are the flags to pass to the 2854.Xr ypldap 8 2855daemon. 2856.It Va nis_ypset_enable 2857.Pq Vt bool 2858If set to 2859.Dq Li YES , 2860run the 2861.Xr ypset 8 2862daemon at system boot time. 2863.It Va nis_ypset_flags 2864.Pq Vt str 2865If 2866.Va nis_ypset_enable 2867is set to 2868.Dq Li YES , 2869these are the flags to pass to the 2870.Xr ypset 8 2871daemon. 2872.It Va nis_server_enable 2873.Pq Vt bool 2874If set to 2875.Dq Li YES , 2876run the 2877.Xr ypserv 8 2878daemon at system boot time. 2879.It Va nis_server_flags 2880.Pq Vt str 2881If 2882.Va nis_server_enable 2883is set to 2884.Dq Li YES , 2885these are the flags to pass to the 2886.Xr ypserv 8 2887daemon. 2888.It Va nis_ypxfrd_enable 2889.Pq Vt bool 2890If set to 2891.Dq Li YES , 2892run the 2893.Xr rpc.ypxfrd 8 2894daemon at system boot time. 2895.It Va nis_ypxfrd_flags 2896.Pq Vt str 2897If 2898.Va nis_ypxfrd_enable 2899is set to 2900.Dq Li YES , 2901these are the flags to pass to the 2902.Xr rpc.ypxfrd 8 2903daemon. 2904.It Va nis_yppasswdd_enable 2905.Pq Vt bool 2906If set to 2907.Dq Li YES , 2908run the 2909.Xr rpc.yppasswdd 8 2910daemon at system boot time. 2911.It Va nis_yppasswdd_flags 2912.Pq Vt str 2913If 2914.Va nis_yppasswdd_enable 2915is set to 2916.Dq Li YES , 2917these are the flags to pass to the 2918.Xr rpc.yppasswdd 8 2919daemon. 2920.It Va rpc_ypupdated_enable 2921.Pq Vt bool 2922If set to 2923.Dq Li YES , 2924run the 2925.Nm rpc.ypupdated 2926daemon at system boot time. 2927.It Va bsnmpd_enable 2928.Pq Vt bool 2929If set to 2930.Dq Li YES , 2931run the 2932.Xr bsnmpd 1 2933daemon at system boot time. 2934Be sure to understand the security implications of running an SNMP daemon 2935on your host. 2936.It Va bsnmpd_flags 2937.Pq Vt str 2938If 2939.Va bsnmpd_enable 2940is set to 2941.Dq Li YES , 2942these are the flags to pass to the 2943.Xr bsnmpd 1 2944daemon. 2945.It Va defaultrouter 2946.Pq Vt str 2947If not set to 2948.Dq Li NO , 2949create a default route to this host name or IP address 2950(use an IP address if this router is also required to get to the 2951name server!). 2952.It Va defaultrouter_fibN 2953.Pq Vt str 2954If not set to 2955.Dq Li NO , 2956create a default route in FIB N to this host name or IP address. 2957.It Va ipv6_defaultrouter 2958.Pq Vt str 2959The IPv6 equivalent of 2960.Va defaultrouter . 2961.It Va ipv6_defaultrouter_fibN 2962.Pq Vt str 2963The IPv6 equivalent of 2964.Va defaultrouter_fibN . 2965.It Va static_arp_pairs 2966.Pq Vt str 2967Set to the list of static ARP pairs that are to be added at system 2968boot time. 2969For each whitespace separated 2970.Ar element 2971in the value, a 2972.Va static_arp_ Ns Aq Ar element 2973variable is assumed to exist whose contents will later be passed to a 2974.Dq Nm arp Cm -S 2975operation. 2976For example 2977.Bd -literal 2978static_arp_pairs="gw" 2979static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2980.Ed 2981.It Va static_ndp_pairs 2982.Pq Vt str 2983Set to the list of static NDP pairs that are to be added at system 2984boot time. 2985For each whitespace separated 2986.Ar element 2987in the value, a 2988.Va static_ndp_ Ns Aq Ar element 2989variable is assumed to exist whose contents will later be passed to a 2990.Dq Nm ndp Cm -s 2991operation. 2992For example 2993.Bd -literal 2994static_ndp_pairs="gw" 2995static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2996.Ed 2997.It Va static_routes 2998.Pq Vt str 2999Set to the list of static routes that are to be added at system 3000boot time. 3001If not set to 3002.Dq Li NO 3003then for each whitespace separated 3004.Ar element 3005in the value, a 3006.Va route_ Ns Aq Ar element 3007variable is assumed to exist 3008whose contents will later be passed to a 3009.Dq Nm route Cm add 3010operation. 3011For example: 3012.Bd -literal 3013static_routes="ext mcast:gif0 gif0local:gif0" 3014route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3015route_mcast="-net 224.0.0.0/4 -iface gif0" 3016route_gif0local="-host 169.254.1.1 -iface lo0" 3017.Ed 3018.Pp 3019When an 3020.Ar element 3021is in the form of 3022.Li name:ifname , 3023the route is specific to the interface 3024.Li ifname . 3025.It Va ipv6_static_routes 3026.Pq Vt str 3027The IPv6 equivalent of 3028.Va static_routes . 3029If not set to 3030.Dq Li NO 3031then for each whitespace separated 3032.Ar element 3033in the value, a 3034.Va ipv6_route_ Ns Aq Ar element 3035variable is assumed to exist 3036whose contents will later be passed to a 3037.Dq Nm route Cm add Fl inet6 3038operation. 3039.It Va gateway_enable 3040.Pq Vt bool 3041If set to 3042.Dq Li YES , 3043configure host to act as an IP router, e.g.\& to forward packets 3044between interfaces. 3045.It Va ipv6_gateway_enable 3046.Pq Vt bool 3047The IPv6 equivalent of 3048.Va gateway_enable . 3049.It Va routed_enable 3050.Pq Vt bool 3051If set to 3052.Dq Li YES , 3053run a routing daemon of some sort, based on the 3054settings of 3055.Va routed_program 3056and 3057.Va routed_flags . 3058.It Va route6d_enable 3059.Pq Vt bool 3060The IPv6 equivalent of 3061.Va routed_enable . 3062If set to 3063.Dq Li YES , 3064run a routing daemon of some sort, based on the 3065settings of 3066.Va route6d_program 3067and 3068.Va route6d_flags . 3069.It Va routed_program 3070.Pq Vt str 3071If 3072.Va routed_enable 3073is set to 3074.Dq Li YES , 3075this is the name of the routing daemon to use. 3076The default is 3077.Xr routed 8 . 3078.It Va route6d_program 3079.Pq Vt str 3080The IPv6 equivalent of 3081.Va routed_program . 3082The default is 3083.Xr route6d 8 . 3084.It Va routed_flags 3085.Pq Vt str 3086If 3087.Va routed_enable 3088is set to 3089.Dq Li YES , 3090these are the flags to pass to the routing daemon. 3091.It Va route6d_flags 3092.Pq Vt str 3093The IPv6 equivalent of 3094.Va routed_flags . 3095.It Va rtadvd_enable 3096.Pq Vt bool 3097If set to 3098.Dq Li YES , 3099run the 3100.Xr rtadvd 8 3101daemon at boot time. 3102The 3103.Xr rtadvd 8 3104utility sends ICMPv6 Router Advertisement messages to 3105the interfaces specified in 3106.Va rtadvd_interfaces . 3107This should only be enabled with great care. 3108You may want to fine-tune 3109.Xr rtadvd.conf 5 . 3110.It Va rtadvd_interfaces 3111.Pq Vt str 3112If 3113.Va rtadvd_enable 3114is set to 3115.Dq Li YES 3116this is the list of interfaces to use. 3117.It Va arpproxy_all 3118.Pq Vt bool 3119If set to 3120.Dq Li YES , 3121enable global proxy ARP. 3122.It Va forward_sourceroute 3123.Pq Vt bool 3124If set to 3125.Dq Li YES 3126and 3127.Va gateway_enable 3128is also set to 3129.Dq Li YES , 3130source-routed packets are forwarded. 3131.It Va accept_sourceroute 3132.Pq Vt bool 3133If set to 3134.Dq Li YES , 3135the system will accept source-routed packets directed at it. 3136.It Va rarpd_enable 3137.Pq Vt bool 3138If set to 3139.Dq Li YES , 3140run the 3141.Xr rarpd 8 3142daemon at system boot time. 3143.It Va rarpd_flags 3144.Pq Vt str 3145If 3146.Va rarpd_enable 3147is set to 3148.Dq Li YES , 3149these are the flags to pass to the 3150.Xr rarpd 8 3151daemon. 3152.It Va bootparamd_enable 3153.Pq Vt bool 3154If set to 3155.Dq Li YES , 3156run the 3157.Xr bootparamd 8 3158daemon at system boot time. 3159.It Va bootparamd_flags 3160.Pq Vt str 3161If 3162.Va bootparamd_enable 3163is set to 3164.Dq Li YES , 3165these are the flags to pass to the 3166.Xr bootparamd 8 3167daemon. 3168.It Va stf_interface_ipv4addr 3169.Pq Vt str 3170If not set to 3171.Dq Li NO , 3172this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3173interface). 3174Specify this entry to enable the 6to4 interface. 3175.It Va stf_interface_ipv4plen 3176.Pq Vt int 3177Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3178An effective value is 0-31. 3179.It Va stf_interface_ipv6_ifid 3180.Pq Vt str 3181IPv6 interface ID for 3182.Xr stf 4 . 3183This can be set to 3184.Dq Li AUTO . 3185.It Va stf_interface_ipv6_slaid 3186.Pq Vt str 3187IPv6 Site Level Aggregator for 3188.Xr stf 4 . 3189.It Va ipv6_ipv4mapping 3190.Pq Vt bool 3191If set to 3192.Dq Li YES 3193this enables IPv4 mapped IPv6 address communication (like 3194.Li ::ffff:a.b.c.d ) . 3195.It Va rtsold_enable 3196.Pq Vt bool 3197Set to 3198.Dq Li YES 3199to enable the 3200.Xr rtsold 8 3201daemon to send ICMPv6 Router Solicitation messages. 3202.It Va rtsold_flags 3203.Pq Vt str 3204If 3205.Va rtsold_enable 3206is set to 3207.Dq Li YES , 3208these are the flags to pass to 3209.Xr rtsold 8 . 3210.It Va rtsol_flags 3211.Pq Vt str 3212For interfaces configured with the 3213.Dq Li inet6 accept_rtadv 3214keyword, these are the flags to pass to 3215.Xr rtsol 8 . 3216.Pp 3217Note that 3218.Va rtsold_enable 3219is mutually exclusive to 3220.Va rtsol_flags ; 3221.Va rtsold_enable 3222takes precedence. 3223.It Va keybell 3224.Pq Vt str 3225The keyboard bell sound. 3226Set to 3227.Dq Li normal , 3228.Dq Li visual , 3229.Dq Li off , 3230or 3231.Dq Li NO 3232if the default behavior is desired. 3233For details, refer to the 3234.Xr kbdcontrol 1 3235manpage. 3236.It Va keyboard 3237.Pq Vt str 3238If set to a non-null string, the virtual console's keyboard input is 3239set to this device. 3240.It Va keymap 3241.Pq Vt str 3242If set to 3243.Dq Li NO , 3244no keymap is installed, otherwise the value is used to install 3245the keymap file found in 3246.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3247(if using 3248.Xr syscons 4 ) or 3249.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3250(if using 3251.Xr vt 4 ) . 3252.It Va keyrate 3253.Pq Vt str 3254The keyboard repeat speed. 3255Set to 3256.Dq Li slow , 3257.Dq Li normal , 3258.Dq Li fast , 3259or 3260.Dq Li NO 3261if the default behavior is desired. 3262.It Va keychange 3263.Pq Vt str 3264If not set to 3265.Dq Li NO , 3266attempt to program the function keys with the value. 3267The value should 3268be a single string of the form: 3269.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3270.It Va cursor 3271.Pq Vt str 3272Can be set to the value of 3273.Dq Li normal , 3274.Dq Li blink , 3275.Dq Li destructive , 3276or 3277.Dq Li NO 3278to set the cursor behavior explicitly or choose the default behavior. 3279.It Va scrnmap 3280.Pq Vt str 3281If set to 3282.Dq Li NO , 3283no screen map is installed, otherwise the value is used to install 3284the screen map file in 3285.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3286This parameter is ignored when using 3287.Xr vt 4 3288as the console driver. 3289.It Va font8x16 3290.Pq Vt str 3291If set to 3292.Dq Li NO , 3293the default 8x16 font value is used for screen size requests, otherwise 3294the value in 3295.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3296or 3297.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3298is used (depending on the console driver being used). 3299.It Va font8x14 3300.Pq Vt str 3301If set to 3302.Dq Li NO , 3303the default 8x14 font value is used for screen size requests, otherwise 3304the value in 3305.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3306or 3307.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3308is used (depending on the console driver being used). 3309.It Va font8x8 3310.Pq Vt str 3311If set to 3312.Dq Li NO , 3313the default 8x8 font value is used for screen size requests, otherwise 3314the value in 3315.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3316or 3317.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3318is used (depending on the console driver being used). 3319.It Va blanktime 3320.Pq Vt int 3321If set to 3322.Dq Li NO , 3323the default screen blanking interval is used, otherwise it is set 3324to 3325.Ar value 3326seconds. 3327.It Va saver 3328.Pq Vt str 3329If not set to 3330.Dq Li NO , 3331this is the actual screen saver to use 3332.Li ( blank , snake , daemon , 3333etc). 3334.It Va moused_nondefault_enable 3335.Pq Vt str 3336If set to 3337.Dq Li NO , 3338the mouse device specified on 3339the command line is not automatically treated as enabled by the 3340.Pa /etc/rc.d/moused 3341script. 3342Having this variable set to 3343.Dq Li YES 3344allows a 3345.Xr usb 4 3346mouse, 3347for example, 3348to be enabled as soon as it is plugged in. 3349.It Va moused_enable 3350.Pq Vt str 3351If set to 3352.Dq Li YES , 3353the 3354.Xr moused 8 3355daemon is started for doing cut/paste selection on the console. 3356.It Va moused_type 3357.Pq Vt str 3358This is the protocol type of the mouse connected to this host. 3359This variable must be set if 3360.Va moused_enable 3361is set to 3362.Dq Li YES , 3363but defaults to 3364.Dq Li auto 3365as the 3366.Xr moused 8 3367daemon 3368is able to detect the appropriate mouse type automatically in many cases. 3369Set this variable to 3370one from the following list if the automatic detection fails. 3371.Pp 3372If the mouse is attached to the PS/2 mouse port, choose 3373.Dq Li auto 3374or 3375.Dq Li ps/2 , 3376regardless of the brand and model of the mouse. 3377Likewise, if the 3378mouse is attached to the bus mouse port, choose 3379.Dq Li auto 3380or 3381.Dq Li busmouse . 3382All other protocols are for serial mice and will not work with 3383the PS/2 and bus mice. 3384If this is a USB mouse, 3385.Dq Li auto 3386is the only protocol type which will work. 3387.Pp 3388.Bl -tag -width ".Li x10mouseremote" -compact 3389.It Li microsoft 3390Microsoft mouse (serial) 3391.It Li intellimouse 3392Microsoft IntelliMouse (serial) 3393.It Li mousesystems 3394Mouse systems Corp.\& mouse (serial) 3395.It Li mmseries 3396MM Series mouse (serial) 3397.It Li logitech 3398Logitech mouse (serial) 3399.It Li busmouse 3400A bus mouse 3401.It Li mouseman 3402Logitech MouseMan and TrackMan (serial) 3403.It Li glidepoint 3404ALPS GlidePoint (serial) 3405.It Li thinkingmouse 3406Kensington ThinkingMouse (serial) 3407.It Li ps/2 3408PS/2 mouse 3409.It Li mmhittab 3410MM HitTablet (serial) 3411.It Li x10mouseremote 3412X10 MouseRemote (serial) 3413.It Li versapad 3414Interlink VersaPad (serial) 3415.El 3416.Pp 3417Even if the mouse is not in the above list, it may be compatible 3418with one in the list. 3419Refer to the manual page for 3420.Xr moused 8 3421for compatibility information. 3422.Pp 3423It should also be noted that while this is enabled, any 3424other client of the mouse (such as an X server) should access 3425the mouse through the virtual mouse device, 3426.Pa /dev/sysmouse , 3427and configure it as a 3428.Dq Li sysmouse 3429type mouse, since all 3430mouse data is converted to this single canonical format when 3431using 3432.Xr moused 8 . 3433If the client program does not support the 3434.Dq Li sysmouse 3435type, 3436specify the 3437.Dq Li mousesystems 3438type. 3439It is the second preferred type. 3440.It Va moused_port 3441.Pq Vt str 3442If 3443.Va moused_enable 3444is set to 3445.Dq Li YES , 3446this is the actual port the mouse is on. 3447It might be 3448.Pa /dev/cuau0 3449for a COM1 serial mouse, or 3450.Pa /dev/psm0 3451for a PS/2 mouse, for example. 3452.It Va moused_flags 3453.Pq Vt str 3454If 3455.Va moused_flags 3456is set, its value is used as an additional set of flags to pass to the 3457.Xr moused 8 3458daemon. 3459.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3460When 3461.Va moused_nondefault_enable 3462is enabled, and a 3463.Xr moused 8 3464daemon is started for a non-default port, the 3465.Va "moused_" Ns Ar XXX Ns Va "_flags" 3466set of options has precedence over and replaces the default 3467.Va moused_flags 3468(where 3469.Ar XXX 3470is the name of the non-default port, i.e.,\& 3471.Ar ums0 ) . 3472By setting 3473.Va "moused_" Ns Ar XXX Ns Va "_flags" 3474it is possible to set up a different set of default flags for each 3475.Xr moused 8 3476instance. 3477For example, you can use 3478.Dq Li "-3" 3479for the default 3480.Va moused_flags 3481to make your laptop's touchpad more comfortable to use, 3482but an empty set of options for 3483.Va moused_ums0_flags 3484when your 3485.Xr usb 4 3486mouse has three or more buttons. 3487.It Va mousechar_start 3488.Pq Vt int 3489If set to 3490.Dq Li NO , 3491the default mouse cursor character range 3492.Li 0xd0 Ns - Ns Li 0xd3 3493is used, 3494otherwise the range start is set 3495to 3496.Ar value 3497character, see 3498.Xr vidcontrol 1 . 3499Use if the default range is occupied in the language code table. 3500.It Va allscreens_flags 3501.Pq Vt str 3502If set, 3503.Xr vidcontrol 1 3504is run with these options for each of the virtual terminals 3505.Pq Pa /dev/ttyv* . 3506For example, 3507.Dq Fl m Cm on 3508will enable the mouse pointer on all virtual terminals 3509if 3510.Va moused_enable 3511is set to 3512.Dq Li YES . 3513.It Va allscreens_kbdflags 3514.Pq Vt str 3515If set, 3516.Xr kbdcontrol 1 3517is run with these options for each of the virtual terminals 3518.Pq Pa /dev/ttyv* . 3519For example, 3520.Dq Fl h Li 200 3521will set the 3522.Xr syscons 4 3523or 3524.Xr vt 4 3525scrollback (history) buffer to 200 lines. 3526.It Va cron_enable 3527.Pq Vt bool 3528If set to 3529.Dq Li YES , 3530run the 3531.Xr cron 8 3532daemon at system boot time. 3533.It Va cron_program 3534.Pq Vt str 3535Path to 3536.Xr cron 8 3537(default 3538.Pa /usr/sbin/cron ) . 3539.It Va cron_flags 3540.Pq Vt str 3541If 3542.Va cron_enable 3543is set to 3544.Dq Li YES , 3545these are the flags to pass to 3546.Xr cron 8 . 3547.It Va cron_dst 3548.Pq Vt bool 3549If set to 3550.Dq Li YES , 3551enable the special handling of transitions to and from the 3552Daylight Saving Time in 3553.Xr cron 8 3554(equivalent to using the flag 3555.Fl s ) . 3556.It Va lpd_program 3557.Pq Vt str 3558Path to 3559.Xr lpd 8 3560(default 3561.Pa /usr/sbin/lpd ) . 3562.It Va lpd_enable 3563.Pq Vt bool 3564If set to 3565.Dq Li YES , 3566run the 3567.Xr lpd 8 3568daemon at system boot time. 3569.It Va lpd_flags 3570.Pq Vt str 3571If 3572.Va lpd_enable 3573is set to 3574.Dq Li YES , 3575these are the flags to pass to the 3576.Xr lpd 8 3577daemon. 3578.It Va chkprintcap_enable 3579.Pq Vt bool 3580If set to 3581.Dq Li YES , 3582run the 3583.Xr chkprintcap 8 3584command before starting the 3585.Xr lpd 8 3586daemon. 3587.It Va chkprintcap_flags 3588.Pq Vt str 3589If 3590.Va lpd_enable 3591and 3592.Va chkprintcap_enable 3593are set to 3594.Dq Li YES , 3595these are the flags to pass to the 3596.Xr chkprintcap 8 3597program. 3598The default is 3599.Dq Li -d , 3600which causes missing directories to be created. 3601.It Va dumpdev 3602.Pq Vt str 3603Indicates the device (usually a swap partition) to which a crash dump 3604should be written in the event of a system crash. 3605If the value of this variable is 3606.Dq Li AUTO , 3607the first suitable swap device listed in 3608.Pa /etc/fstab 3609will be used as dump device. 3610Otherwise, the value of this variable is passed as the argument to 3611.Xr dumpon 8 3612and 3613.Xr savecore 8 . 3614To disable crash dumps, set this variable to 3615.Dq Li NO . 3616.It Va dumpon_flags 3617.Pq Vt str 3618Flags to pass to 3619.Xr dumpon 8 3620when configuring 3621.Va dumpdev 3622as the system dump device. 3623.It Va dumpdir 3624.Pq Vt str 3625When the system reboots after a crash and a crash dump is found on the 3626device specified by the 3627.Va dumpdev 3628variable, 3629.Xr savecore 8 3630will save that crash dump and a copy of the kernel to the directory 3631specified by the 3632.Va dumpdir 3633variable. 3634The default value is 3635.Pa /var/crash . 3636Set to 3637.Dq Li NO 3638to not run 3639.Xr savecore 8 3640at boot time when 3641.Va dumpdir 3642is set. 3643.It Va savecore_enable 3644.Pq Vt bool 3645If set to 3646.Dq Li NO , 3647disable automatic extraction of the crash dump from the 3648.Va dumpdev . 3649.It Va savecore_flags 3650.Pq Vt str 3651If crash dumps are enabled, these are the flags to pass to the 3652.Xr savecore 8 3653utility. 3654.It Va quota_enable 3655.Pq Vt bool 3656Set to 3657.Dq Li YES 3658to turn on user and group disk quotas on system startup via the 3659.Xr quotaon 8 3660command for all file systems marked as having quotas enabled in 3661.Pa /etc/fstab . 3662The kernel must be built with 3663.Cd "options QUOTA" 3664for disk quotas to function. 3665.It Va check_quotas 3666.Pq Vt bool 3667Set to 3668.Dq Li YES 3669to enable user and group disk quota checking via the 3670.Xr quotacheck 8 3671command. 3672.It Va quotacheck_flags 3673.Pq Vt str 3674If 3675.Va quota_enable 3676is set to 3677.Dq Li YES , 3678and 3679.Va check_quotas 3680is set to 3681.Dq Li YES , 3682these are the flags to pass to the 3683.Xr quotacheck 8 3684utility. 3685The default is 3686.Dq Li "-a" , 3687which checks quotas for all file systems with quotas enabled in 3688.Pa /etc/fstab . 3689.It Va quotaon_flags 3690.Pq Vt str 3691If 3692.Va quota_enable 3693is set to 3694.Dq Li YES , 3695these are the flags to pass to the 3696.Xr quotaon 8 3697utility. 3698The default is 3699.Dq Li "-a" , 3700which enables quotas for all file systems with quotas enabled in 3701.Pa /etc/fstab . 3702.It Va quotaoff_flags 3703.Pq Vt str 3704If 3705.Va quota_enable 3706is set to 3707.Dq Li YES , 3708these are the flags to pass to the 3709.Xr quotaoff 8 3710utility when shutting down the quota system. 3711The default is 3712.Dq Li "-a" , 3713which disables quotas for all file systems with quotas enabled in 3714.Pa /etc/fstab . 3715.It Va accounting_enable 3716.Pq Vt bool 3717Set to 3718.Dq Li YES 3719to enable system accounting through the 3720.Xr accton 8 3721facility. 3722.It Va firstboot_sentinel 3723.Pq Vt str 3724This variable specifies the full path to a 3725.Dq first boot 3726sentinel file. 3727If a file exists with this path, 3728.Pa rc.d 3729scripts with the 3730.Dq firstboot 3731keyword will be run on startup and the sentinel file will be deleted 3732after the boot process completes. 3733The sentinel file must be located on a writable file system which is 3734mounted no later than 3735.Va early_late_divider 3736to function properly. 3737The default is 3738.Pa /firstboot . 3739.It Va linux_enable 3740.Pq Vt bool 3741Set to 3742.Dq Li YES 3743to enable Linux/ELF binary emulation at system initial 3744boot time. 3745.It Va sysvipc_enable 3746.Pq Vt bool 3747If set to 3748.Dq Li YES , 3749load System V IPC primitives at boot time. 3750.It Va clear_tmp_enable 3751.Pq Vt bool 3752Set to 3753.Dq Li YES 3754to have 3755.Pa /tmp 3756cleaned at startup. 3757.It Va clear_tmp_X 3758.Pq Vt bool 3759Set to 3760.Dq Li NO 3761to disable removing of X11 lock files, 3762and the removal and (secure) recreation 3763of the various socket directories for X11 3764related programs. 3765.It Va ldconfig_paths 3766.Pq Vt str 3767Set to the list of shared library paths to use with 3768.Xr ldconfig 8 . 3769NOTE: 3770.Pa /lib 3771and 3772.Pa /usr/lib 3773will always be added first, so they need not appear in this list. 3774.It Va ldconfig32_paths 3775.Pq Vt str 3776Set to the list of 32-bit compatibility shared library paths to 3777use with 3778.Xr ldconfig 8 . 3779.It Va ldconfig_insecure 3780.Pq Vt bool 3781The 3782.Xr ldconfig 8 3783utility normally refuses to use directories 3784which are writable by anyone except root. 3785Set this variable to 3786.Dq Li YES 3787to disable that security check during system startup. 3788.It Va ldconfig_local_dirs 3789.Pq Vt str 3790Set to the list of local 3791.Xr ldconfig 8 3792directories. 3793The names of all files in the directories listed will be 3794passed as arguments to 3795.Xr ldconfig 8 . 3796.It Va ldconfig_local32_dirs 3797.Pq Vt str 3798Set to the list of local 32-bit compatibility 3799.Xr ldconfig 8 3800directories. 3801The names of all files in the directories listed will be 3802passed as arguments to 3803.Dq Nm ldconfig Fl 32 . 3804.It Va kern_securelevel_enable 3805.Pq Vt bool 3806Set to 3807.Dq Li YES 3808to set the kernel security level at system startup. 3809.It Va kern_securelevel 3810.Pq Vt int 3811The kernel security level to set at startup. 3812The allowed range of 3813.Ar value 3814ranges from \-1 (the compile time default) to 3 (the 3815most secure). 3816See 3817.Xr security 7 3818for the list of possible security levels and their effect 3819on system operation. 3820.It Va sshd_program 3821.Pq Vt str 3822Path to the SSH server program 3823.Pa ( /usr/sbin/sshd 3824is the default). 3825.It Va sshd_enable 3826.Pq Vt bool 3827Set to 3828.Dq Li YES 3829to start 3830.Xr sshd 8 3831at system boot time. 3832.It Va sshd_flags 3833.Pq Vt str 3834If 3835.Va sshd_enable 3836is set to 3837.Dq Li YES , 3838these are the flags to pass to the 3839.Xr sshd 8 3840daemon. 3841.It Va ftpd_program 3842.Pq Vt str 3843Path to the FTP server program 3844.Pa ( /usr/libexec/ftpd 3845is the default). 3846.It Va ftpd_enable 3847.Pq Vt bool 3848Set to 3849.Dq Li YES 3850to start 3851.Xr ftpd 8 3852as a stand-alone daemon at system boot time. 3853.It Va ftpd_flags 3854.Pq Vt str 3855If 3856.Va ftpd_enable 3857is set to 3858.Dq Li YES , 3859these are the additional flags to pass to the 3860.Xr ftpd 8 3861daemon. 3862.It Va watchdogd_enable 3863.Pq Vt bool 3864If set to 3865.Dq Li YES , 3866start the 3867.Xr watchdogd 8 3868daemon at boot time. 3869This requires that the kernel have been compiled with a 3870.Xr watchdog 4 3871compatible device. 3872.It Va watchdogd_flags 3873.Pq Vt str 3874If 3875.Va watchdogd_enable 3876is set to 3877.Dq Li YES , 3878these are the flags passed to the 3879.Xr watchdogd 8 3880daemon. 3881.It Va watchdogd_timeout 3882.Pq Vt int 3883If 3884.Va watchdogd_enable 3885is set to 3886.Dq Li YES , 3887this is a timeout that will be used by the 3888.Xr watchdogd 8 3889daemon. 3890If this option is set, it overrides 3891.Fl t 3892in 3893.Va watchdogd_flags . 3894.It Va watchdogd_shutdown_timeout 3895.Pq Vt int 3896If 3897.Va watchdogd_enable 3898is set to 3899.Dq Li YES , 3900this is a timeout that will be set by the 3901.Xr watchdogd 8 3902daemon when it exits during the system shutdown. 3903This timeout will not be set when returning to the single-user mode 3904or when the watchdogd service is stopped individually using the 3905.Xr service 8 3906command or the rc.d script. 3907Note that the timeout will be applied if 3908.Xr watchdogd 8 3909is stopped outside of 3910.Xr rc 8 3911framework. 3912If this option is set, it overrides 3913.Fl x 3914in 3915.Va watchdogd_flags . 3916.It Va devfs_rulesets 3917.Pq Vt str 3918List of files containing sets of rules for 3919.Xr devfs 8 . 3920.It Va devfs_system_ruleset 3921.Pq Vt str 3922Rule name(s) to apply to the system 3923.Pa /dev 3924itself. 3925.It Va devfs_set_rulesets 3926.Pq Vt str 3927Pairs of already-mounted 3928.Pa dev 3929directories and rulesets that should be applied to them. 3930For example: /mount/dev=ruleset_name 3931.It Va devfs_load_rulesets 3932.Pq Vt bool 3933If set, always load the default rulesets listed in 3934.Va devfs_rulesets . 3935.It Va performance_cx_lowest 3936.Pq Vt str 3937CPU idle state to use while on AC power. 3938The string 3939.Dq Li LOW 3940indicates that 3941.Xr acpi 4 3942should use the lowest power state available while 3943.Dq Li HIGH 3944indicates that the lowest latency state (less power savings) should be used. 3945.It Va performance_cpu_freq 3946.Pq Vt str 3947CPU clock frequency to use while on AC power. 3948The string 3949.Dq Li LOW 3950indicates that 3951.Xr cpufreq 4 3952should use the lowest frequency available while 3953.Dq Li HIGH 3954indicates that the highest frequency (less power savings) should be used. 3955.It Va economy_cx_lowest 3956.Pq Vt str 3957CPU idle state to use when off AC power. 3958The string 3959.Dq Li LOW 3960indicates that 3961.Xr acpi 4 3962should use the lowest power state available while 3963.Dq Li HIGH 3964indicates that the lowest latency state (less power savings) should be used. 3965.It Va economy_cpu_freq 3966.Pq Vt str 3967CPU clock frequency to use when off AC power. 3968The string 3969.Dq Li LOW 3970indicates that 3971.Xr cpufreq 4 3972should use the lowest frequency available while 3973.Dq Li HIGH 3974indicates that the highest frequency (less power savings) should be used. 3975.It Va jail_enable 3976.Pq Vt bool 3977If set to 3978.Dq Li NO , 3979any configured jails will not be started. 3980.It Va jail_conf 3981.Pq Vt str 3982The configuration filename used by 3983.Xr jail 8 3984utility. 3985The default value is 3986.Pa /etc/jail.conf . 3987.Pa /etc/jail. Ns Ao Va jname Ac Ns Pa .conf 3988and 3989.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 3990will also be used if 3991.Ao Va jname Ac 3992is set in 3993.Va jail_list . 3994.It Va jail_parallel_start 3995.Pq Vt bool 3996If set to 3997.Dq Li YES , 3998all configured jails will be started in the background (in parallel). 3999.It Va jail_flags 4000.Pq Vt str 4001Unset by default. 4002When set, use as default value for 4003.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4004for every jail in 4005.Va jail_list . 4006.It Va jail_list 4007.Pq Vt str 4008A space-delimited list of jail names. 4009When left empty, all of the 4010.Xr jail 8 4011instances defined in the configuration file are started. 4012The names specified in this list control the jail startup order. 4013.Xr jail 8 4014instances missing from 4015.Va jail_list 4016must be started manually. 4017Note that a jail's 4018.Va depend 4019parameter in the configuration file may override this list. 4020.It Va jail_reverse_stop 4021.Pq Vt bool 4022When set to 4023.Dq Li YES , 4024all configured jails in 4025.Va jail_list 4026are stopped in reverse order. 4027.It Va jail_ Ns * variables 4028Note that older releases supported per-jail configuration via 4029.Nm 4030variables. 4031For example, 4032hostname of a jail named 4033.Li vjail 4034was able to be set by 4035.Li jail_vjail_hostname . 4036These per-jail configuration variables are now obsolete in favor of 4037.Xr jail 8 4038configuration file. 4039For backward compatibility, 4040when per-jail configuration variables are defined, 4041.Xr jail 8 4042configuration files are created as 4043.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4044and used. 4045.Pp 4046The following per-jail parameters are handled by 4047.Pa rc.d/jail 4048script out of their corresponding 4049.Nm 4050variables. 4051In addition to them, parameters in 4052.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4053will be added to the configuration file. 4054They must be a semi-colon 4055.Pq Ql \&; 4056delimited list of 4057.Dq key=value . 4058For more details, 4059see 4060.Xr jail 8 4061manual page. 4062.Bl -tag -width "host.hostname" -offset indent 4063.It Li path 4064set from 4065.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4066.It Li host.hostname 4067set from 4068.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4069.It Li exec.consolelog 4070set from 4071.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4072The default value is 4073.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4074.It Li interface 4075set from 4076.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4077.It Li vnet.interface 4078set from 4079.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4080This implies 4081.Li vnet 4082parameter will be enabled and cannot be specified with 4083.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4084.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4085and/or 4086.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4087at the same time. 4088.It Li fstab 4089set from 4090.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4091.It Li mount 4092set from 4093.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4094.It Li exec.fib 4095set from 4096.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4097.It Li exec.start 4098set from 4099.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4100The parameter name was 4101.Li command 4102in some older releases. 4103.It Li exec.prestart 4104set from 4105.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4106.It Li exec.poststart 4107set from 4108.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4109.It Li exec.stop 4110set from 4111.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4112.It Li exec.prestop 4113set from 4114.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4115.It Li exec.poststop 4116set from 4117.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4118.It Li ip4.addr 4119set if 4120.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4121or 4122.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4123contain IPv4 addresses 4124.It Li ip6.addr 4125set if 4126.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4127or 4128.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4129contain IPv6 addresses 4130.It Li allow.mount 4131set from 4132.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4133.It Li mount.devfs 4134set from 4135.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4136.It Li devfs_ruleset 4137set from 4138.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4139This must be an integer, 4140not a string. 4141.It Li mount.fdescfs 4142set from 4143.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4144.It Li allow.set_hostname 4145set from 4146.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4147.It Li allow.rawsocket 4148set from 4149.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4150.It Li allow.sysvipc 4151set from 4152.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4153.El 4154.\" ----------------------------------------------------- 4155.It Va harvest_mask 4156.Pq Vt int 4157Set to a bit-mask 4158representing the entropy sources 4159you wish to harvest. 4160Refer to 4161.Xr random 4 4162for more information. 4163.It Va entropy_dir 4164.Pq Vt str 4165Set to 4166.Dq Li NO 4167to disable caching entropy via 4168.Xr cron 8 . 4169Otherwise set to the directory 4170in which the entropy files are stored. 4171To be useful, 4172there must be 4173a system cron job 4174that regularly writes and rotates 4175files here. 4176All files found 4177will be used at boot time. 4178The default is 4179.Pa /var/db/entropy . 4180.It Va entropy_file 4181.Pq Vt str 4182Set to 4183.Dq Li NO 4184to disable caching entropy through reboots. 4185Otherwise set to the name 4186of a file used to store cached entropy. 4187This file should be located 4188on a file system that is readable 4189before all the volumes specified in 4190.Xr fstab 5 4191are mounted. 4192By default, 4193.Pa /entropy 4194is used, 4195but if 4196.Pa /var/db/entropy-file 4197is found it will also be used. 4198This will be of some use to 4199.Xr bsdinstall 8 . 4200.It Va entropy_boot_file 4201.Pq Vt str 4202Set to 4203.Dq Li NO 4204to disable 4205very early caching entropy 4206through reboots. 4207Otherwise set to the filename 4208used to read 4209very early reboot cached entropy. 4210This file should be located where 4211.Xr loader 8 4212can read it. 4213See also 4214.Xr loader.conf 5 . 4215The default location is 4216.Pa /boot/entropy . 4217.It Va entropy_save_sz 4218.Pq Vt int 4219Size of the entropy cache files saved by 4220.Nm save-entropy 4221periodically. 4222.It Va entropy_save_num 4223.Pq Vt int 4224Number of entropy cache files to save by 4225.Nm save-entropy 4226periodically. 4227.It Va ipsec_enable 4228.Pq Vt bool 4229Set to 4230.Dq Li YES 4231to run 4232.Xr setkey 8 4233on 4234.Va ipsec_file 4235at boot time. 4236.It Va ipsec_file 4237.Pq Vt str 4238Configuration file for 4239.Xr setkey 8 . 4240.It Va dmesg_enable 4241.Pq Vt bool 4242Set to 4243.Dq Li YES 4244to save 4245.Xr dmesg 8 4246to 4247.Pa /var/run/dmesg.boot 4248on boot. 4249.It Va rcshutdown_timeout 4250.Pq Vt int 4251If set, start a watchdog timer in the background which will terminate 4252.Pa rc.shutdown 4253if 4254.Xr shutdown 8 4255has not completed within the specified time (in seconds). 4256Notice that in addition to this soft timeout, 4257.Xr init 8 4258also applies a hard timeout for the execution of 4259.Pa rc.shutdown . 4260This is configured via 4261.Xr sysctl 8 4262variable 4263.Va kern.init_shutdown_timeout 4264and defaults to 120 seconds. 4265Setting the value of 4266.Va rcshutdown_timeout 4267to more than 120 seconds will have no effect until the 4268.Xr sysctl 8 4269variable 4270.Va kern.init_shutdown_timeout 4271is also increased. 4272.It Va virecover_enable 4273.Pq Vt bool 4274Set to 4275.Dq Li NO 4276to prevent the system from trying to 4277recover prematurely terminated 4278.Xr vi 1 4279sessions. 4280.It Va ugidfw_enable 4281.Pq Vt bool 4282Set to 4283.Dq Li YES 4284to load the 4285.Xr mac_bsdextended 4 4286module upon system initialization and load a default 4287ruleset file. 4288.It Va bsdextended_script 4289.Pq Vt str 4290The default 4291.Xr mac_bsdextended 4 4292ruleset file to load. 4293The default value of this variable is 4294.Pa /etc/rc.bsdextended . 4295.It Va newsyslog_enable 4296.Pq Vt bool 4297If set to 4298.Dq Li YES , 4299run 4300.Xr newsyslog 8 4301command at startup. 4302.It Va newsyslog_flags 4303.Pq Vt str 4304If 4305.Va newsyslog_enable 4306is set to 4307.Dq Li YES , 4308these are the flags to pass to the 4309.Xr newsyslog 8 4310program. 4311The default is 4312.Dq Li -CN , 4313which causes log files flagged with a 4314.Cm C 4315to be created. 4316.It Va mdconfig_md Ns Aq Ar X 4317.Pq Vt str 4318Arguments to 4319.Xr mdconfig 8 4320for 4321.Xr md 4 4322device 4323.Ar X . 4324At minimum a 4325.Fl t Ar type 4326must be specified and either a 4327.Fl s Ar size 4328for malloc or swap backed 4329.Xr md 4 4330devices or a 4331.Fl f Ar file 4332for vnode backed 4333.Xr md 4 4334devices. 4335Note that 4336.Va mdconfig_md Ns Aq Ar X 4337variables are evaluated until one variable is unset or null. 4338.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4339.Pq Vt str 4340Optional arguments passed to 4341.Xr newfs 8 4342to initialize 4343.Xr md 4 4344device 4345.Ar X . 4346.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4347.Pq Vt str 4348An ownership specification passed to 4349.Xr chown 8 4350after the specified 4351.Xr md 4 4352device 4353.Ar X 4354has been mounted. 4355Both the 4356.Xr md 4 4357device and the mount point will be changed. 4358.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4359.Pq Vt str 4360A mode string passed to 4361.Xr chmod 1 4362after the specified 4363.Xr md 4 4364device 4365.Ar X 4366has been mounted. 4367Both the 4368.Xr md 4 4369device and the mount point will be changed. 4370.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4371.Pq Vt str 4372Files to be copied to the mount point of the 4373.Xr md 4 4374device 4375.Ar X 4376after it has been mounted. 4377.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4378.Pq Vt str 4379Command to execute after the specified 4380.Xr md 4 4381device 4382.Ar X 4383has been mounted. 4384Note that the command is passed to 4385.Ic eval 4386and that both 4387.Va _dev 4388and 4389.Va _mp 4390variables can be used to reference respectively the 4391.Xr md 4 4392device and the mount point. 4393Assuming that the 4394.Xr md 4 4395device is 4396.Li md0 , 4397one could set the following: 4398.Bd -literal 4399mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4400.Ed 4401.It Va autobridge_interfaces 4402.Pq Vt str 4403Set to the list of bridge interfaces that will have newly arriving interfaces 4404checked against to be automatically added. 4405If not set to 4406.Dq Li NO 4407then for each whitespace separated 4408.Ar element 4409in the value, a 4410.Va autobridge_ Ns Aq Ar element 4411variable is assumed to exist which has a whitespace separated list of interface 4412names to match, these names can use wildcards. 4413For example: 4414.Bd -literal 4415autobridge_interfaces="bridge0" 4416autobridge_bridge0="tap* dc0 vlan[345]" 4417.Ed 4418.It Va mixer_enable 4419.Pq Vt bool 4420If set to 4421.Dq Li YES , 4422enable support for sound mixer. 4423.It Va hcsecd_enable 4424.Pq Vt bool 4425If set to 4426.Dq Li YES , 4427enable Bluetooth security daemon. 4428.It Va hcsecd_config 4429.Pq Vt str 4430Configuration file for 4431.Xr hcsecd 8 . 4432Default 4433.Pa /etc/bluetooth/hcsecd.conf . 4434.It Va sdpd_enable 4435.Pq Vt bool 4436If set to 4437.Dq Li YES , 4438enable Bluetooth Service Discovery Protocol daemon. 4439.It Va sdpd_control 4440.Pq Vt str 4441Path to 4442.Xr sdpd 8 4443control socket. 4444Default 4445.Pa /var/run/sdp . 4446.It Va sdpd_groupname 4447.Pq Vt str 4448Sets 4449.Xr sdpd 8 4450group to run as after it initializes. 4451Default 4452.Dq Li nobody . 4453.It Va sdpd_username 4454.Pq Vt str 4455Sets 4456.Xr sdpd 8 4457user to run as after it initializes. 4458Default 4459.Dq Li nobody . 4460.It Va bthidd_enable 4461.Pq Vt bool 4462If set to 4463.Dq Li YES , 4464enable Bluetooth Human Interface Device daemon. 4465.It Va bthidd_config 4466.Pq Vt str 4467Configuration file for 4468.Xr bthidd 8 . 4469Default 4470.Pa /etc/bluetooth/bthidd.conf . 4471.It Va bthidd_hids 4472.Pq Vt str 4473Path to a file, where 4474.Xr bthidd 8 4475will store information about known HID devices. 4476Default 4477.Pa /var/db/bthidd.hids . 4478.It Va rfcomm_pppd_server_enable 4479.Pq Vt bool 4480If set to 4481.Dq Li YES , 4482enable Bluetooth RFCOMM PPP wrapper daemon. 4483.It Va rfcomm_pppd_server_profile 4484.Pq Vt str 4485The name of the profile to use from 4486.Pa /etc/ppp/ppp.conf . 4487Multiple profiles can be specified here. 4488Also used to specify per-profile overrides. 4489When the profile name contains any of the characters 4490.Dq Li .-/+ 4491they are translated to 4492.Dq Li _ 4493for the proposes of the override variable names. 4494.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4495.Pq Vt str 4496Overrides local address to listen on. 4497By default 4498.Xr rfcomm_pppd 8 4499will listen on 4500.Dq Li ANY 4501address. 4502The address can be specified as BD_ADDR or name. 4503.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4504.Pq Vt str 4505Overrides local RFCOMM channel to listen on. 4506By default 4507.Xr rfcomm_pppd 8 4508will listen on RFCOMM channel 1. 4509Must set properly if multiple profiles used in the same time. 4510.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4511.Pq Vt bool 4512Tells 4513.Xr rfcomm_pppd 8 4514if it should register Serial Port service on the specified RFCOMM channel. 4515Default 4516.Dq Li NO . 4517.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4518.Pq Vt bool 4519Tells 4520.Xr rfcomm_pppd 8 4521if it should register Dial-Up Networking service on the specified 4522RFCOMM channel. 4523Default 4524.Dq Li NO . 4525.It Va ubthidhci_enable 4526.Pq Vt bool 4527If set to 4528.Dq Li YES , 4529change the USB Bluetooth controller from HID mode to HCI mode. 4530You also need to specify the location of USB Bluetooth controller with the 4531.Va ubthidhci_busnum 4532and 4533.Va ubthidhci_addr 4534variables. 4535.It Va ubthidhci_busnum 4536Bus number where the USB Bluetooth controller is located. 4537Check the output of 4538.Xr usbconfig 8 4539on your system to find this information. 4540.It Va ubthidhci_addr 4541Bus address of the USB Bluetooth controller. 4542Check the output of 4543.Xr usbconfig 8 4544on your system to find this information. 4545.It Va utx_enable 4546.Pq Vt bool 4547Set to 4548.Dq Li YES 4549to enable user accounting through the 4550.Xr utx 8 4551facility. 4552.It Va netwait_enable 4553.Pq Vt bool 4554If set to 4555.Dq Li YES , 4556delays the start of network-reliant services until 4557.Va netwait_if 4558is up and ICMP packets to a destination defined in 4559.Va netwait_ip 4560are flowing. 4561Link state is examined first, followed by 4562.Dq Li pinging 4563an IP address to verify network usability. 4564If no destination can be reached or timeouts are exceeded, 4565network services are started anyway with no guarantee that 4566the network is usable. 4567Use of this variable requires both 4568.Va netwait_ip 4569and 4570.Va netwait_if 4571to be set. 4572.It Va netwait_ip 4573.Pq Vt str 4574Empty by default. 4575This variable contains a space-delimited list of IP addresses to 4576.Xr ping 8 . 4577DNS hostnames should not be used as resolution is not guaranteed 4578to be functional at this point. 4579If multiple IP addresses are specified, 4580each will be tried until one is successful or the list is exhausted. 4581.It Va netwait_timeout 4582.Pq Vt int 4583Indicates the total number of seconds to perform a 4584.Dq Li ping 4585against each IP address in 4586.Va netwait_ip , 4587at a rate of one ping per second. 4588If any of the pings are successful, 4589full network connectivity is considered reliable. 4590The default is 60. 4591.It Va netwait_if 4592.Pq Vt str 4593Empty by default. 4594Defines the name of the network interface on which watch for link. 4595.Xr ifconfig 8 4596is used to monitor the interface, looking for 4597.Dq Li status: no carrier . 4598Once gone, the link is considered up. 4599This can be a 4600.Xr vlan 4 4601interface if desired. 4602.It Va netwait_if_timeout 4603.Pq Vt int 4604Defines the total number of seconds to wait for link to become usable, 4605polled at a 1-second interval. 4606The default is 30. 4607.It Va rctl_enable 4608.Pq Vt bool 4609If set to 4610.Dq Li YES , 4611load 4612.Xr rctl 8 4613rules from the defined ruleset. 4614The kernel must be built with 4615.Cd "options RACCT" 4616and 4617.Cd "options RCTL" . 4618.It Va rctl_rules 4619.Pq Vt str 4620Set to 4621.Pa /etc/rctl.conf 4622by default. 4623This variables contains the 4624.Xr rctl.conf 5 4625ruleset to load for 4626.Xr rctl 8 . 4627.It Va iovctl_files 4628.Pq Vt str 4629A space-separated list of configuration files used by 4630.Xr iovctl 8 . 4631The default value is an empty string. 4632.It Va autofs_enable 4633.Pq Vt bool 4634If set to 4635.Dq Li YES , 4636start the 4637.Xr automount 8 4638utility and the 4639.Xr automountd 8 4640and 4641.Xr autounmountd 8 4642daemons at boot time. 4643.It Va automount_flags 4644.Pq Vt str 4645If 4646.Va autofs_enable 4647is set to 4648.Dq Li YES , 4649these are the flags to pass to the 4650.Xr automount 8 4651program. 4652By default no flags are passed. 4653.It Va automountd_flags 4654.Pq Vt str 4655If 4656.Va autofs_enable 4657is set to 4658.Dq Li YES , 4659these are the flags to pass to the 4660.Xr automountd 8 4661daemon. 4662By default no flags are passed. 4663.It Va autounmountd_flags 4664.Pq Vt str 4665If 4666.Va autofs_enable 4667is set to 4668.Dq Li YES , 4669these are the flags to pass to the 4670.Xr autounmountd 8 4671daemon. 4672By default no flags are passed. 4673.It Va ctld_enable 4674.Pq Vt bool 4675If set to 4676.Dq Li YES , 4677start the 4678.Xr ctld 8 4679daemon at boot time. 4680.It Va iscsid_enable 4681.Pq Vt bool 4682If set to 4683.Dq Li YES , 4684start the 4685.Xr iscsid 8 4686daemon at boot time. 4687.It Va iscsictl_enable 4688.Pq Vt bool 4689If set to 4690.Dq Li YES , 4691start the 4692.Xr iscsictl 8 4693utility at boot time. 4694.It Va iscsictl_flags 4695.Pq Vt str 4696If 4697.Va iscsictl_enable 4698is set to 4699.Dq Li YES , 4700these are the flags to pass to the 4701.Xr iscsictl 8 4702program. 4703The default is 4704.Dq Li -Aa , 4705which configures sessions based on the 4706.Pa /etc/iscsi.conf 4707configuration file. 4708.It Va cfumass_enable 4709.Pq Vt bool 4710If set to 4711.Dq Li YES , 4712create and export an USB LUN using 4713.Xr cfumass 4 4714at boot time. 4715.It Va cfumass_dir 4716.Pq Vt str 4717The directory where the files exported by USB LUN are located. 4718The default directory is 4719.Pa /var/cfumass . 4720.It Va service_delete_empty 4721.Pq Vt bool 4722If set to 4723.Dq Li YES , 4724.Ql Li service delete 4725removes empty 4726.Dq Li rc.conf.d 4727files. 4728.It Va zfs_bootonce_activate 4729.Pq Vt bool 4730If set to 4731.Dq Li YES , 4732and a boot environment marked bootonce is successfully booted, 4733it will be made permanently active. 4734.It Va zfskeys_enable 4735.Pq Vt bool 4736If set to 4737.Dq Li YES , 4738enable auto-loading of encryption keys for encrypted ZFS datasets. 4739For every dataset the script will first load the appropriate encryption key 4740and then attempt to unlock the dataset. 4741.Pp 4742The script operates only on datasets which are encrypted with 4743ZFS native encryption 4744and have a ZFS 4745.Dq Li keylocation 4746dataset property beginning with 4747.Dq Li file:// . 4748.It Va zfskeys_datasets 4749.Pq Vt str 4750A whitespace-separated list of ZFS datasets to unlock. 4751The list is empty by default, 4752which means that the script will attempt to unlock all datasets. 4753.It Va zfskeys_timeout 4754.Pq Vt int 4755Define the total number of seconds to wait for the zfskeys script 4756to unlock an encrypted dataset. 4757The default is 10. 4758.It Va sendmail_enable 4759.Pq Vt str 4760If set to 4761.Dq Li YES , 4762run the 4763.Xr sendmail 8 4764daemon at system boot time. 4765If set to 4766.Dq Li NO , 4767do not run a 4768.Xr sendmail 8 4769daemon to listen for incoming network mail. 4770This does not preclude a 4771.Xr sendmail 8 4772daemon listening on the SMTP port of the loopback interface. 4773The 4774.Dq Li NONE 4775option sets each 4776.Va sendmail_enable , 4777.Va sendmail_submit_enable , 4778.Va sendmail_outbound_enable , 4779.Va sendmail_msp_queue_enable 4780to 4781.Dq Li NO . 4782.It Va sendmail_cert_create 4783.Pq Vt str 4784If 4785.Va sendmail_enable 4786is set to 4787.Dq Li YES , 4788create a signed certificate 4789.Pa /etc/mail/certs/host.cert 4790representing 4791.Pa /etc/mail/certs/host.key 4792by the CA certificate in 4793.Pa /etc/mail/certs/cacert.pem . 4794This will enable connecting hosts to negotiate STARTTLS allowing incoming 4795email to be encrypted in transit. 4796.Xr sendmail 8 4797needs to be configured to use these generated files. 4798The default configuration in 4799.Pa /etc/mail/freebsd.mc 4800has the required options in it. 4801.It Va sendmail_cert_cn 4802.Pq Vt str 4803If 4804.Va sendmail_enable 4805is set to 4806.Dq Li YES 4807and 4808.Va sendmail_cert_create 4809is set to 4810.Dq Li YES , 4811this is the Common Name (CN) of the certificate that will be created. 4812If 4813.Va sendmail_cert_cn 4814is not set, the system's hostname will be used. 4815If there is no hostname set, 4816.Dq Li amnesiac 4817will be used. 4818.It Va sendmail_flags 4819.Pq Vt str 4820If 4821.Va sendmail_enable 4822is set to 4823.Dq Li YES , 4824these are the flags to pass to the 4825.Xr sendmail 8 4826daemon. 4827.It Va sendmail_submit_enable 4828.Pq Vt bool 4829If set to 4830.Dq Li YES 4831and 4832.Va sendmail_enable 4833is set to 4834.Dq Li NO , 4835run 4836.Xr sendmail 8 4837using 4838.Va sendmail_submit_flags 4839instead of 4840.Va sendmail_flags . 4841This is intended to allow local mail submission via 4842a localhost-only listening SMTP service required for running 4843.Xr sendmail 8 4844as a non-set-user-ID binary. 4845Note that this does not work inside 4846.Xr jail 2 4847systems, as jails do not allow binding to just the localhost interface. 4848.It Va sendmail_submit_flags 4849.Pq Vt str 4850If 4851.Va sendmail_enable 4852is set to 4853.Dq Li NO 4854and 4855.Va sendmail_submit_enable 4856is set to 4857.Dq Li YES , 4858these are the flags to pass to the 4859.Xr sendmail 8 4860daemon. 4861.It Va sendmail_outbound_enable 4862.Pq Vt bool 4863If set to 4864.Dq Li YES 4865and both 4866.Va sendmail_enable 4867and 4868.Va sendmail_submit_enable 4869are set to 4870.Dq Li NO , 4871run 4872.Xr sendmail 8 4873using 4874.Va sendmail_outbound_flags 4875instead of 4876.Va sendmail_flags . 4877This is intended to allow local mail queue management 4878for systems that do not offer a listening SMTP service. 4879.It Va sendmail_outbound_flags 4880.Pq Vt str 4881If both 4882.Va sendmail_enable 4883and 4884.Va sendmail_submit_enable 4885are set to 4886.Dq Li NO 4887and 4888.Va sendmail_outbound_enable 4889is set to 4890.Dq Li YES , 4891these are the flags to pass to the 4892.Xr sendmail 8 4893daemon. 4894.It Va sendmail_msp_queue_enable 4895.Pq Vt bool 4896If set to 4897.Dq Li YES , 4898start a client (MSP) queue runner 4899.Xr sendmail 8 4900daemon at system boot time. 4901As of sendmail 8.12, a separate queue is used for command line 4902submissions. 4903The client queue runner ensures that nothing is 4904left behind in the submission queue. 4905.It Va sendmail_msp_queue_flags 4906.Pq Vt str 4907If 4908.Va sendmail_msp_queue_enable 4909is set to 4910daemon. 4911.Dq Li YES , 4912these are the flags to pass to the 4913.Xr sendmail 8 4914.El 4915.Sh FILES 4916.Bl -tag -width "/etc/defaults/rc.conf" -compact 4917.It Pa /etc/defaults/rc.conf 4918.It Pa /etc/defaults/vendor.conf 4919.It Pa /etc/rc.conf 4920.It Pa /etc/rc.conf.local 4921.It Pa /etc/rc.conf.d/ 4922.El 4923.Sh SEE ALSO 4924.Xr chmod 1 , 4925.Xr gdb 1 Pq Pa ports/devel/gdb , 4926.Xr kbdcontrol 1 , 4927.Xr limits 1 , 4928.Xr protect 1 , 4929.Xr sh 1 , 4930.Xr umask 1 , 4931.Xr uuidgen 1 , 4932.Xr vi 1 , 4933.Xr vidcontrol 1 , 4934.Xr bridge 4 , 4935.Xr dummynet 4 , 4936.Xr ip 4 , 4937.Xr ipf 4 , 4938.Xr ipfw 4 , 4939.Xr ipnat 4 , 4940.Xr kld 4 , 4941.Xr pf 4 , 4942.Xr pflog 4 , 4943.Xr pfsync 4 , 4944.Xr tcp 4 , 4945.Xr udp 4 , 4946.Xr exports 5 , 4947.Xr fstab 5 , 4948.Xr ipf 5 , 4949.Xr ipnat 5 , 4950.Xr jail.conf 5 , 4951.Xr loader.conf 5 , 4952.Xr login.conf 5 , 4953.Xr motd 5 , 4954.Xr newsyslog.conf 5 , 4955.Xr pf.conf 5 , 4956.Xr firewall 7 , 4957.Xr growfs 7 , 4958.Xr security 7 , 4959.Xr tuning 7 , 4960.Xr accton 8 , 4961.Xr apm 8 , 4962.Xr bsdinstall 8 , 4963.Xr bthidd 8 , 4964.Xr chkprintcap 8 , 4965.Xr chown 8 , 4966.Xr cron 8 , 4967.Xr devfs 8 , 4968.Xr dhclient 8 , 4969.Xr ftpd 8 , 4970.Xr geli 8 , 4971.Xr hcsecd 8 , 4972.Xr ifconfig 8 , 4973.Xr inetd 8 , 4974.Xr iovctl 8 , 4975.Xr ipf 8 , 4976.Xr ipfw 8 , 4977.Xr ipnat 8 , 4978.Xr jail 8 , 4979.Xr kldxref 8 , 4980.Xr loader 8 , 4981.Xr lpd 8 , 4982.Xr makewhatis 8 , 4983.Xr mdconfig 8 , 4984.Xr mdmfs 8 , 4985.Xr mixer 8 , 4986.Xr mountd 8 , 4987.Xr moused 8 , 4988.Xr newfs 8 , 4989.Xr newsyslog 8 , 4990.Xr nfsd 8 , 4991.Xr ntpd 8 , 4992.Xr ntpdate 8 , 4993.Xr pfctl 8 , 4994.Xr pflogd 8 , 4995.Xr ping 8 , 4996.Xr powerd 8 , 4997.Xr quotacheck 8 , 4998.Xr quotaon 8 , 4999.Xr rc 8 , 5000.Xr rc.subr 8 , 5001.Xr rcorder 8 , 5002.Xr rfcomm_pppd 8 , 5003.Xr route 8 , 5004.Xr route6d 8 , 5005.Xr routed 8 , 5006.Xr rpc.lockd 8 , 5007.Xr rpc.statd 8 , 5008.Xr rpc.tlsclntd 8 , 5009.Xr rpc.tlsservd 8 , 5010.Xr rpcbind 8 , 5011.Xr rwhod 8 , 5012.Xr savecore 8 , 5013.Xr sdpd 8 , 5014.Xr sendmail 8 , 5015.Xr service 8 , 5016.Xr sshd 8 , 5017.Xr swapon 8 , 5018.Xr sysctl 8 , 5019.Xr syslogd 8 , 5020.Xr sysrc 8 , 5021.Xr unbound 8 , 5022.Xr usbconfig 8 , 5023.Xr utx 8 , 5024.Xr wlandebug 8 , 5025.Xr yp 8 , 5026.Xr ypbind 8 , 5027.Xr ypserv 8 , 5028.Xr ypset 8 5029.Sh HISTORY 5030The 5031.Nm 5032file appeared in 5033.Fx 2.2.2 . 5034.Sh AUTHORS 5035.An Jordan K. Hubbard . 5036