1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd June 27, 2018 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67The sysrc(8) command provides a scripting interface to modify system 68config files. 69.Pp 70In addition to 71.Pa /etc/rc.conf.local 72you can also place smaller configuration files for each 73.Xr rc 8 74script in the 75.Pa /etc/rc.conf.d 76directory or 77.Ao Ar dir Ac Ns Pa /rc.conf.d 78directories specified in 79.Va local_startup , 80which will be included by the 81.Va load_rc_config 82function. 83For jail configurations you could use the file 84.Pa /etc/rc.conf.d/jail 85to store jail specific configuration options. 86If 87.Va local_startup 88contains 89.Pa /usr/local/etc/rc.d 90and 91.Pa /opt/conf , 92.Pa /usr/local/rc.conf.d/jail 93and 94.Pa /opt/conf/rc.conf.d/jail 95will be loaded. 96If 97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 98is a directory, 99all of files in the directory will be loaded. 100Also see the 101.Va rc_conf_files 102variable below. 103.Pp 104Options are set with 105.Dq Ar name Ns Li = Ns Ar value 106assignments that use 107.Xr sh 1 108syntax. 109The following list provides a name and short description for each 110variable that can be set in the 111.Nm 112file: 113.Bl -tag -width indent-two 114.It Va rc_debug 115.Pq Vt bool 116If set to 117.Dq Li YES , 118enable output of debug messages from rc scripts. 119This variable can be helpful in diagnosing mistakes when 120editing or integrating new scripts. 121Beware that this produces copious output to the terminal and 122.Xr syslog 3 . 123.It Va rc_info 124.Pq Vt bool 125If set to 126.Dq Li NO , 127disable informational messages from the rc scripts. 128Informational messages are displayed when 129a condition that is not serious enough to warrant a warning or 130an error occurs. 131.It Va rc_startmsgs 132.Pq Vt bool 133If set to 134.Dq Li YES , 135show 136.Dq Starting foo: 137when faststart is used (e.g., at boot time). 138.It Va early_late_divider 139.Pq Vt str 140The name of the script that should be used as the 141delimiter between the 142.Dq early 143and 144.Dq late 145stages of the boot process. 146The early stage should contain all the services needed to 147get the disks (local or remote) mounted so that the late 148stage can include scripts contained in the directories 149listed in the 150.Va local_startup 151variable (see below). 152Thus, the two likely candidates for this value are 153.Pa mountcritlocal 154for the typical system, and 155.Pa mountcritremote 156if the system needs remote file 157systems mounted to get access to the 158.Va local_startup 159directories; for example when 160.Pa /usr/local 161is NFS mounted. 162For 163.Pa rc.conf 164within a 165.Xr jail 8 166.Pa NETWORKING 167is likely to be an appropriate value. 168Extreme care should be taken when changing this value, 169and before changing it one should ensure that there are 170adequate provisions to recover from a failed boot 171(such as physical contact with the machine, 172or reliable remote console access). 173.It Va always_force_depends 174.Pq Vt bool 175Various 176.Pa rc.d 177scripts use the force_depend function to check whether required 178services are already running, and to start them if necessary. 179By default during boot time this check is bypassed if the 180required service is enabled in 181.Pa /etc/rc.conf[.local] . 182Setting this option will bypass that check at boot time and 183always test whether or not the service is actually running. 184Enabling this option is likely to increase your boot time if 185services are enabled that utilize the force_depend check. 186.It Ao Ar name Ac Ns Va _chroot 187.Pq Vt str 188.Xr chroot 8 189to this directory before running the service. 190.It Ao Ar name Ac Ns Va _user 191.Pq Vt str 192Run the service under this user account. 193.It Ao Ar name Ac Ns Va _group 194.Pq Vt str 195Run the chrooted service under this system group. 196Unlike the _user 197setting, this setting has no effect if the service is not chrooted. 198.It Ao Ar name Ac Ns Va _fib 199.Pq Vt int 200The 201.Xr setfib 1 202value to run the service under. 203.It Ao Ar name Ac Ns Va _nice 204.Pq Vt int 205The 206.Xr nice 1 207value to run the service under. 208.It Va apm_enable 209.Pq Vt bool 210If set to 211.Dq Li YES , 212enable support for Automatic Power Management with 213the 214.Xr apm 8 215command. 216.It Va apmd_enable 217.Pq Vt bool 218Run 219.Xr apmd 8 220to handle APM event from userland. 221This also enables support for APM. 222.It Va apmd_flags 223.Pq Vt str 224If 225.Va apmd_enable 226is set to 227.Dq Li YES , 228these are the flags to pass to the 229.Xr apmd 8 230daemon. 231.It Va devd_enable 232.Pq Vt bool 233Run 234.Xr devd 8 235to handle device added, removed or unknown events from the kernel. 236.It Va ddb_enable 237.Pq Vt bool 238Run 239.Xr ddb 8 240to install 241.Xr ddb 4 242scripts at boot time. 243.It Va ddb_config 244.Pq Vt str 245Configuration file for 246.Xr ddb 8 . 247Default 248.Pa /etc/ddb.conf . 249.It Va kld_list 250.Pq Vt str 251A list of kernel modules to load right after the local 252disks are mounted. 253Loading modules at this point in the boot process is 254much faster than doing it via 255.Pa /boot/loader.conf 256for those modules not necessary for mounting local disk. 257.It Va kldxref_enable 258.Pq Vt bool 259Set to 260.Dq Li NO 261by default. 262Set to 263.Dq Li YES 264to automatically rebuild 265.Pa linker.hints 266files with 267.Xr kldxref 8 268at boot time. 269.It Va kldxref_clobber 270.Pq Vt bool 271Set to 272.Dq Li NO 273by default. 274If 275.Va kldxref_enable 276is true, 277setting to 278.Dq Li YES 279will overwrite existing 280.Pa linker.hints 281files at boot time. 282Otherwise, 283only missing 284.Pa linker.hints 285files are generated. 286.It Va kldxref_module_path 287.Pq Vt str 288Empty by default. 289A semi-colon 290.Pq Ql \&; 291delimited list of paths containing 292.Xr kld 4 293modules. 294If empty, 295the contents of the 296.Va kern.module_path 297.Xr sysctl 8 298are used. 299.It Va powerd_enable 300.Pq Vt bool 301If set to 302.Dq Li YES , 303enable the system power control facility with the 304.Xr powerd 8 305daemon. 306.It Va powerd_flags 307.Pq Vt str 308If 309.Va powerd_enable 310is set to 311.Dq Li YES , 312these are the flags to pass to the 313.Xr powerd 8 314daemon. 315.It Va tmpmfs 316Controls the creation of a 317.Pa /tmp 318memory file system. 319Always happens if set to 320.Dq Li YES 321and never happens if set to 322.Dq Li NO . 323If set to anything else, a memory file system is created if 324.Pa /tmp 325is not writable. 326.It Va tmpsize 327Controls the size of a created 328.Pa /tmp 329memory file system. 330.It Va tmpmfs_flags 331Extra options passed to the 332.Xr mdmfs 8 333utility when the memory file system for 334.Pa /tmp 335is created. 336The default is 337.Dq Li "-S" , 338which inhibits the use of softupdates on 339.Pa /tmp 340so that file system space is freed without delay 341after file truncation or deletion. 342See 343.Xr mdmfs 8 344for other options you can use in 345.Va tmpmfs_flags . 346.It Va varmfs 347Controls the creation of a 348.Pa /var 349memory file system. 350Always happens if set to 351.Dq Li YES 352and never happens if set to 353.Dq Li NO . 354If set to anything else, a memory file system is created if 355.Pa /var 356is not writable. 357.It Va varsize 358Controls the size of a created 359.Pa /var 360memory file system. 361.It Va varmfs_flags 362Extra options passed to the 363.Xr mdmfs 8 364utility when the memory file system for 365.Pa /var 366is created. 367The default is 368.Dq Li "-S" , 369which inhibits the use of softupdates on 370.Pa /var 371so that file system space is freed without delay 372after file truncation or deletion. 373See 374.Xr mdmfs 8 375for other options you can use in 376.Va varmfs_flags . 377.It Va populate_var 378Controls the automatic population of the 379.Pa /var 380file system. 381Always happens if set to 382.Dq Li YES 383and never happens if set to 384.Dq Li NO . 385If set to anything else, a memory file system is created if 386.Pa /var 387is not writable. 388Note that this process requires access to certain commands in 389.Pa /usr 390before 391.Pa /usr 392is mounted on normal systems. 393.It Va cleanvar_enable 394.Pq Vt bool 395Clean the 396.Pa /var 397directory. 398.It Va local_startup 399.Pq Vt str 400List of directories to search for startup script files. 401.It Va script_name_sep 402.Pq Vt str 403The field separator to use for breaking down the list of startup script files 404into individual filenames. 405The default is a space. 406It is not necessary to change this unless there are startup scripts with names 407containing spaces. 408.It Va hostapd_enable 409.Pq Vt bool 410Set to 411.Dq Li YES 412to start 413.Xr hostapd 8 414at system boot time. 415.It Va hostname 416.Pq Vt str 417The fully qualified domain name (FQDN) of this host on the network. 418This should almost certainly be set to something meaningful, even if 419there is no network connection. 420If 421.Xr dhclient 8 422is used to set the hostname via DHCP, 423this variable should be set to an empty string. 424Within a 425.Xr jail 8 426the hostname is generally already set and this variable may absent. 427If this value remains unset when the system is done booting 428your console login will display the default hostname of 429.Dq Amnesiac . 430.It Va nisdomainname 431.Pq Vt str 432The NIS domain name of this host, or 433.Dq Li NO 434if NIS is not used. 435.It Va dhclient_program 436.Pq Vt str 437Path to the DHCP client program 438.Pa ( /sbin/dhclient , 439the 440.Ox 441DHCP client, 442is the default). 443.It Va dhclient_flags 444.Pq Vt str 445Additional flags to pass to the DHCP client program. 446For the 447.Ox 448DHCP client, see the 449.Xr dhclient 8 450manpage for a description of the command line options available. 451.It Va dhclient_flags_ Ns Aq Ar iface 452Additional flags to pass to the DHCP client program running on 453.Ar iface 454only. 455When specified, this variable overrides 456.Va dhclient_flags . 457.It Va background_dhclient 458.Pq Vt bool 459Set to 460.Dq Li YES 461to start the DHCP client in background. 462This can cause trouble with applications depending on 463a working network, but it will provide a faster startup 464in many cases. 465.It Va background_dhclient_ Ns Aq Ar iface 466When specified, this variable overrides the 467.Va background_dhclient 468variable for interface 469.Ar iface 470only. 471.It Va synchronous_dhclient 472.Pq Vt bool 473Set to 474.Dq Li YES 475to start 476.Xr dhclient 8 477synchronously at startup. 478This behavior can be overridden on a per-interface basis by replacing 479the 480.Dq Li DHCP 481keyword in the 482.Va ifconfig_ Ns Aq Ar interface 483variable with 484.Dq Li SYNCDHCP 485or 486.Dq Li NOSYNCDHCP . 487.It Va defaultroute_delay 488.Pq Vt int 489When set to a positive value, wait up to this long after configuring 490DHCP interfaces at startup to give the interfaces time to receive a lease. 491.It Va firewall_enable 492.Pq Vt bool 493Set to 494.Dq Li YES 495to load firewall rules at startup. 496If the kernel was not built with 497.Cd "options IPFIREWALL" , 498the 499.Pa ipfw.ko 500kernel module will be loaded. 501See also 502.Va ipfilter_enable . 503.It Va firewall_script 504.Pq Vt str 505This variable specifies the full path to the firewall script to run. 506The default is 507.Pa /etc/rc.firewall . 508.It Va firewall_type 509.Pq Vt str 510Names the firewall type from the selection in 511.Pa /etc/rc.firewall , 512or the file which contains the local firewall ruleset. 513Valid selections from 514.Pa /etc/rc.firewall 515are: 516.Pp 517.Bl -tag -width ".Li simple" -compact 518.It Li open 519unrestricted IP access 520.It Li closed 521all IP services disabled, except via 522.Dq Li lo0 523.It Li client 524basic protection for a workstation 525.It Li simple 526basic protection for a LAN. 527.El 528.Pp 529If a filename is specified, the full path 530must be given. 531.It Va firewall_quiet 532.Pq Vt bool 533Set to 534.Dq Li YES 535to disable the display of firewall rules on the console during boot. 536.It Va firewall_logging 537.Pq Vt bool 538Set to 539.Dq Li YES 540to enable firewall event logging. 541This is equivalent to the 542.Dv IPFIREWALL_VERBOSE 543kernel option. 544.It Va firewall_logif 545.Pq Vt bool 546Set to 547.Dq Li YES 548to create pseudo interface 549.Li ipfw0 550for logging. 551For more details, see 552.Xr ipfw 8 553manual page. 554.It Va firewall_flags 555.Pq Vt str 556Flags passed to 557.Xr ipfw 8 558if 559.Va firewall_type 560specifies a filename. 561.It Va firewall_coscripts 562.Pq Vt str 563List of executables and/or rc scripts to run after firewall starts/stops. 564Default is empty. 565.\" ----- firewall_nat_enable setting -------------------------------- 566.It Va firewall_nat_enable 567.Pq Vt bool 568The 569.Xr ipfw 8 570equivalent of 571.Va natd_enable . 572Setting this to 573.Dq Li YES 574enables kernel NAT. 575.Va firewall_enable 576must also be set to 577.Dq Li YES . 578.It Va firewall_nat_interface 579.Pq Vt str 580The 581.Xr ipfw 8 582equivalent of 583.Va natd_interface . 584This is the name of the public interface or IP address on which 585kernel NAT should run. 586.It Va firewall_nat_flags 587.Pq Vt str 588Additional configuration parameters for kernel NAT should be placed here. 589.It Va dummynet_enable 590.Pq Vt bool 591Setting this to 592.Dq Li YES 593will automatically load the 594.Xr dummynet 4 595module if 596.Va firewall_enable 597is also set to 598.Dq Li YES . 599.\" ------------------------------------------------------------------- 600.It Va ipfw_netflow_enable 601.Pq Vt bool 602Setting this to 603.Dq Li YES 604will enable netflow logging via 605.Xr ng_netflow 4 606.Pp 607By default a ipfw rule is inserted and all packets are duplicated with 608the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 609port using protocol version 5. 610.It Va ipfw_netflow_hook 611.Pq Vt int 612netflow hook name, must be numerical 613(default 614.Pa 9995 ) . 615.It Va ipfw_netflow_rule 616.Pq Vt int 617ipfw rule number 618(default 619.Pa 1000 ) . 620.It Va ipfw_netflow_ip 621.Pq Vt str 622Destination server ip for receiving netflow data 623(default 624.Pa 127.0.0.1 ) . 625.It Va ipfw_netflow_port 626.Pq Vt int 627Destination server port for receiving netflow data 628(default 629.Pa 9995 ) . 630.It Va ipfw_netflow_version 631.Pq Vt int 632Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 633.It Va ipfw_netflow_fib 634.Pq Vt int 635Only match packet in FIB 636.Pa ipfw_netflow_fib 637(default is undefined meaning all FIBs). 638.It Va natd_program 639.Pq Vt str 640Path to 641.Xr natd 8 . 642.It Va natd_enable 643.Pq Vt bool 644Set to 645.Dq Li YES 646to enable 647.Xr natd 8 . 648.Va firewall_enable 649must also be set to 650.Dq Li YES , 651and 652.Xr divert 4 653sockets must be enabled in the kernel. 654If the kernel was not built with 655.Cd "options IPDIVERT" , 656the 657.Pa ipdivert.ko 658kernel module will be loaded. 659.It Va natd_interface 660.Pq Vt str 661This is the name of the public interface on which 662.Xr natd 8 663should run. 664The interface may be given as an interface name or as an IP address. 665.It Va natd_flags 666.Pq Vt str 667Additional 668.Xr natd 8 669flags should be placed here. 670The 671.Fl n 672or 673.Fl a 674flag is automatically added with the above 675.Va natd_interface 676as an argument. 677.\" ----- ipfilter_enable setting -------------------------------- 678.It Va ipfilter_enable 679.Pq Vt bool 680Set to 681.Dq Li NO 682by default. 683Setting this to 684.Dq Li YES 685enables 686.Xr ipf 8 687packet filtering. 688.Pp 689Typical usage will require putting 690.Bd -literal 691ipfilter_enable="YES" 692ipnat_enable="YES" 693ipmon_enable="YES" 694ipfs_enable="YES" 695.Ed 696.Pp 697into 698.Pa /etc/rc.conf 699and editing 700.Pa /etc/ipf.rules 701and 702.Pa /etc/ipnat.rules 703appropriately. 704.Pp 705Note that 706.Va ipfilter_enable 707and 708.Va ipnat_enable 709can be enabled independently. 710.Va ipmon_enable 711and 712.Va ipfs_enable 713both require at least one of 714.Va ipfilter_enable 715and 716.Va ipnat_enable 717to be enabled. 718.Pp 719Having 720.Bd -literal 721options IPFILTER 722options IPFILTER_LOG 723options IPFILTER_DEFAULT_BLOCK 724.Ed 725.Pp 726in the kernel configuration file is a good idea, too. 727.\" ----- ipfilter_program setting ------------------------------ 728.It Va ipfilter_program 729.Pq Vt str 730Path to 731.Xr ipf 8 732(default 733.Pa /sbin/ipf ) . 734.\" ----- ipfilter_rules setting -------------------------------- 735.It Va ipfilter_rules 736.Pq Vt str 737Set to 738.Pa /etc/ipf.rules 739by default. 740This variable contains the name of the filter rule definition file. 741The file is expected to be readable for the 742.Xr ipf 8 743command to execute. 744.\" ----- ipv6_ipfilter_rules setting --------------------------- 745.It Va ipv6_ipfilter_rules 746.Pq Vt str 747Set to 748.Pa /etc/ipf6.rules 749by default. 750This variable contains the IPv6 filter rule definition file. 751The file is expected to be readable for the 752.Xr ipf 8 753command to execute. 754.\" ----- ipfilter_flags setting -------------------------------- 755.It Va ipfilter_flags 756.Pq Vt str 757Empty by default. 758This variable contains flags passed to the 759.Xr ipf 8 760program. 761.\" ----- ipnat_enable setting ---------------------------------- 762.It Va ipnat_enable 763.Pq Vt bool 764Set to 765.Dq Li NO 766by default. 767Set it to 768.Dq Li YES 769to enable 770.Xr ipnat 8 771network address translation. 772See 773.Va ipfilter_enable 774for a detailed discussion. 775.\" ----- ipnat_program setting --------------------------------- 776.It Va ipnat_program 777.Pq Vt str 778Path to 779.Xr ipnat 8 780(default 781.Pa /sbin/ipnat ) . 782.\" ----- ipnat_rules setting ----------------------------------- 783.It Va ipnat_rules 784.Pq Vt str 785Set to 786.Pa /etc/ipnat.rules 787by default. 788This variable contains the name of the file 789holding the network address translation definition. 790This file is expected to be readable for the 791.Xr ipnat 8 792command to execute. 793.\" ----- ipnat_flags setting ----------------------------------- 794.It Va ipnat_flags 795.Pq Vt str 796Empty by default. 797This variable contains flags passed to the 798.Xr ipnat 8 799program. 800.\" ----- ipmon_enable setting ---------------------------------- 801.It Va ipmon_enable 802.Pq Vt bool 803Set to 804.Dq Li NO 805by default. 806Set it to 807.Dq Li YES 808to enable 809.Xr ipmon 8 810monitoring (logging 811.Xr ipf 8 812and 813.Xr ipnat 8 814events). 815Setting this variable needs setting 816.Va ipfilter_enable 817or 818.Va ipnat_enable 819too. 820See 821.Va ipfilter_enable 822for a detailed discussion. 823.\" ----- ipmon_program setting --------------------------------- 824.It Va ipmon_program 825.Pq Vt str 826Path to 827.Xr ipmon 8 828(default 829.Pa /sbin/ipmon ) . 830.\" ----- ipmon_flags setting ----------------------------------- 831.It Va ipmon_flags 832.Pq Vt str 833Set to 834.Dq Li -Ds 835by default. 836This variable contains flags passed to the 837.Xr ipmon 8 838program. 839Another typical example would be 840.Dq Fl D Pa /var/log/ipflog 841to have 842.Xr ipmon 8 843log directly to a file bypassing 844.Xr syslogd 8 . 845Make sure to adjust 846.Pa /etc/newsyslog.conf 847in such case like this: 848.Bd -literal 849/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 850.Ed 851.\" ----- ipfs_enable setting ----------------------------------- 852.It Va ipfs_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Set it to 858.Dq Li YES 859to enable 860.Xr ipfs 8 861saving the filter and NAT state tables during shutdown 862and reloading them during startup again. 863Setting this variable needs setting 864.Va ipfilter_enable 865or 866.Va ipnat_enable 867to 868.Dq Li YES 869too. 870See 871.Va ipfilter_enable 872for a detailed discussion. 873Note that if 874.Va kern_securelevel 875is set to 3, 876.Va ipfs_enable 877cannot be used 878because the raised securelevel will prevent 879.Xr ipfs 8 880from saving the state tables at shutdown time. 881.\" ----- ipfs_program setting ---------------------------------- 882.It Va ipfs_program 883.Pq Vt str 884Path to 885.Xr ipfs 8 886(default 887.Pa /sbin/ipfs ) . 888.\" ----- ipfs_flags setting ------------------------------------ 889.It Va ipfs_flags 890.Pq Vt str 891Empty by default. 892This variable contains flags passed to the 893.Xr ipfs 8 894program. 895.\" ----- end of added ipf hook --------------------------------- 896.It Va pf_enable 897.Pq Vt bool 898Set to 899.Dq Li NO 900by default. 901Setting this to 902.Dq Li YES 903enables 904.Xr pf 4 905packet filtering. 906.Pp 907Typical usage will require putting 908.Pp 909.Dl pf_enable="YES" 910.Pp 911into 912.Pa /etc/rc.conf 913and editing 914.Pa /etc/pf.conf 915appropriately. 916Adding 917.Pp 918.Dl "device pf" 919.Pp 920builds support for 921.Xr pf 4 922into the kernel, otherwise the 923kernel module will be loaded. 924.It Va pf_rules 925.Pq Vt str 926Path to 927.Xr pf 4 928ruleset configuration file 929(default 930.Pa /etc/pf.conf ) . 931.It Va pf_program 932.Pq Vt str 933Path to 934.Xr pfctl 8 935(default 936.Pa /sbin/pfctl ) . 937.It Va pf_flags 938.Pq Vt str 939If 940.Va pf_enable 941is set to 942.Dq Li YES , 943these flags are passed to the 944.Xr pfctl 8 945program when loading the ruleset. 946.It Va pflog_enable 947.Pq Vt bool 948Set to 949.Dq Li NO 950by default. 951Setting this to 952.Dq Li YES 953enables 954.Xr pflogd 8 955which logs packets from the 956.Xr pf 4 957packet filter. 958.It Va pflog_logfile 959.Pq Vt str 960If 961.Va pflog_enable 962is set to 963.Dq Li YES 964this controls where 965.Xr pflogd 8 966stores the logfile 967(default 968.Pa /var/log/pflog ) . 969Check 970.Pa /etc/newsyslog.conf 971to adjust logfile rotation for this. 972.It Va pflog_program 973.Pq Vt str 974Path to 975.Xr pflogd 8 976(default 977.Pa /sbin/pflogd ) . 978.It Va pflog_flags 979.Pq Vt str 980Empty by default. 981This variable contains additional flags passed to the 982.Xr pflogd 8 983program. 984.It Va pflog_instances 985.Pq Vt str 986If logging to more than one 987.Xr pflog 4 988interface is desired, 989.Va pflog_instances 990is set to the list of 991.Xr pflogd 8 992instances that should be started at system boot time. 993If 994.Va pflog_instances 995is set, for each whitespace-separated 996.Ar element 997in the list, 998.Ao Ar element Ac Ns Va _dev 999and 1000.Ao Ar element Ac Ns Va _logfile 1001elements are assumed to exist. 1002.Ao Ar element Ac Ns Va _dev 1003must contain the 1004.Xr pflog 4 1005interface to be watched by the named 1006.Xr pflogd 8 1007instance. 1008.Ao Ar element Ac Ns Va _logfile 1009must contain the name of the logfile that will be used by the 1010.Xr pflogd 8 1011instance. 1012.It Va ftpproxy_enable 1013.Pq Vt bool 1014Set to 1015.Dq Li NO 1016by default. 1017Setting this to 1018.Dq Li YES 1019enables 1020.Xr ftp-proxy 8 1021which supports the 1022.Xr pf 4 1023packet filter in translating ftp connections. 1024.It Va ftpproxy_flags 1025.Pq Vt str 1026Empty by default. 1027This variable contains additional flags passed to the 1028.Xr ftp-proxy 8 1029program. 1030.It Va ftpproxy_instances 1031.Pq Vt str 1032Empty by default. 1033If multiple instances of 1034.Xr ftp-proxy 8 1035are desired at boot time, 1036.Va ftpproxy_instances 1037should contain a whitespace-separated list of instance names. 1038For each 1039.Ar element 1040in the list, a variable named 1041.Ao Ar element Ac Ns Va _flags 1042should be defined, containing the command-line flags to be passed to the 1043.Xr ftp-proxy 8 1044instance. 1045.It Va pfsync_enable 1046.Pq Vt bool 1047Set to 1048.Dq Li NO 1049by default. 1050Setting this to 1051.Dq Li YES 1052enables exposing 1053.Xr pf 4 1054state changes to other hosts over the network by means of 1055.Xr pfsync 4 . 1056The 1057.Va pfsync_syncdev 1058variable 1059must also be set then. 1060.It Va pfsync_syncdev 1061.Pq Vt str 1062Empty by default. 1063This variable specifies the name of the network interface 1064.Xr pfsync 4 1065should operate through. 1066It must be set accordingly if 1067.Va pfsync_enable 1068is set to 1069.Dq Li YES . 1070.It Va pfsync_syncpeer 1071.Pq Vt str 1072Empty by default. 1073This variable is optional. 1074By default, state change messages are sent out on the synchronisation 1075interface using IP multicast packets. 1076The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1077224.0.0.240. 1078When a peer address is specified using the 1079.Va pfsync_syncpeer 1080option, the peer address is used as a destination for the pfsync 1081traffic, and the traffic can then be protected using 1082.Xr ipsec 4 . 1083See the 1084.Xr pfsync 4 1085manpage for more details about using 1086.Xr ipsec 4 1087with 1088.Xr pfsync 4 1089interfaces. 1090.It Va pfsync_ifconfig 1091.Pq Vt str 1092Empty by default. 1093This variable can contain additional options to be passed to the 1094.Xr ifconfig 8 1095command used to set up 1096.Xr pfsync 4 . 1097.It Va tcp_extensions 1098.Pq Vt bool 1099Set to 1100.Dq Li YES 1101by default. 1102Setting this to 1103.Dq Li NO 1104disables certain TCP options as described by 1105.Rs 1106.%T "RFC 1323" 1107.Re 1108Setting this to 1109.Dq Li NO 1110might help remedy such problems with connections as randomly hanging 1111or other weird behavior. 1112Some network devices are known 1113to be broken with respect to these options. 1114.It Va log_in_vain 1115.Pq Vt int 1116Set to 0 by default. 1117The 1118.Xr sysctl 8 1119variables, 1120.Va net.inet.tcp.log_in_vain 1121and 1122.Va net.inet.udp.log_in_vain , 1123as described in 1124.Xr tcp 4 1125and 1126.Xr udp 4 , 1127are set to the given value. 1128.It Va tcp_keepalive 1129.Pq Vt bool 1130Set to 1131.Dq Li YES 1132by default. 1133Setting to 1134.Dq Li NO 1135will disable probing idle TCP connections to verify that the 1136peer is still up and reachable. 1137.It Va tcp_drop_synfin 1138.Pq Vt bool 1139Set to 1140.Dq Li NO 1141by default. 1142Setting to 1143.Dq Li YES 1144will cause the kernel to ignore TCP frames that have both 1145the SYN and FIN flags set. 1146This prevents OS fingerprinting, but may 1147break some legitimate applications. 1148.It Va icmp_drop_redirect 1149.Pq Vt bool 1150Set to 1151.Dq Li NO 1152by default. 1153Setting to 1154.Dq Li YES 1155will cause the kernel to ignore ICMP REDIRECT packets. 1156Refer to 1157.Xr icmp 4 1158for more information. 1159.It Va icmp_log_redirect 1160.Pq Vt bool 1161Set to 1162.Dq Li NO 1163by default. 1164Setting to 1165.Dq Li YES 1166will cause the kernel to log ICMP REDIRECT packets. 1167Note that 1168the log messages are not rate-limited, so this option should only be used 1169for troubleshooting networks. 1170Refer to 1171.Xr icmp 4 1172for more information. 1173.It Va icmp_bmcastecho 1174.Pq Vt bool 1175Set to 1176.Dq Li YES 1177to respond to broadcast or multicast ICMP ping packets. 1178Refer to 1179.Xr icmp 4 1180for more information. 1181.It Va ip_portrange_first 1182.Pq Vt int 1183If not set to 1184.Dq Li NO , 1185this is the first port in the default portrange. 1186Refer to 1187.Xr ip 4 1188for more information. 1189.It Va ip_portrange_last 1190.Pq Vt int 1191If not set to 1192.Dq Li NO , 1193this is the last port in the default portrange. 1194Refer to 1195.Xr ip 4 1196for more information. 1197.It Va network_interfaces 1198.Pq Vt str 1199Set to the list of network interfaces to configure on this host or 1200.Dq Li AUTO 1201(the default) for all current interfaces. 1202Setting the 1203.Va network_interfaces 1204variable to anything other than the default is deprecated. 1205Interfaces that the administrator wishes to store configuration for, 1206but not start at boot should be configured with the 1207.Dq Li NOAUTO 1208keyword in their 1209.Va ifconfig_ Ns Aq Ar interface 1210variables as described below. 1211.Pp 1212An 1213.Va ifconfig_ Ns Aq Ar interface 1214variable is also assumed to exist for each value of 1215.Ar interface . 1216When an interface name contains any of the characters 1217.Dq Li .-/+ 1218they are translated to 1219.Dq Li _ 1220before lookup. 1221The variable can contain arguments to 1222.Xr ifconfig 8 , 1223as well as special case-insensitive keywords described below. 1224Such keywords are removed before passing the value to 1225.Xr ifconfig 8 1226while the order of the other arguments is preserved. 1227.Pp 1228It is possible to add IP alias entries using 1229.Xr ifconfig 8 1230syntax with the address family keyword such as 1231.Li inet . 1232Assuming that the interface in question was 1233.Li ed0 , 1234it might look something like this: 1235.Bd -literal 1236ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1237ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1238.Ed 1239.Pp 1240It also possible to configure multiple IP addresses in Classless 1241Inter-Domain Routing 1242.Pq CIDR 1243address notation, 1244whose each address component can be a range like 1245.Li inet 192.0.2.5-23/24 1246or 1247.Li inet6 2001:db8:1-f::1/64 . 1248This notation allows address and prefix length part only, 1249not the other address modifiers. 1250Note that the maximum number of the generated addresses from a range 1251specification is limited to an integer value specified in 1252.Va netif_ipexpand_max 1253in 1254.Nm 1255because a small typo can unexpectedly generate a large number of addresses. 1256The default value is 1257.Li 2048 . 1258It can be increased by adding the following line into 1259.Nm : 1260.Bd -literal 1261netif_ipexpand_max="4096" 1262.Ed 1263.Pp 1264In the case of 1265.Li 192.0.2.5-23/24 , 1266the address 192.0.2.5 will be configured with the 1267netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1268the non-conflicting netmask /32 as explained in the 1269.Xr ifconfig 8 1270alias section. 1271Note that this special netmask handling is only for 1272.Li inet , 1273not for the other address families such as 1274.Li inet6 . 1275.Pp 1276With the interface in question being 1277.Li ed0 , 1278an example could look like: 1279.Bd -literal 1280ifconfig_ed0_alias2="inet 192.0.2.129/27" 1281ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1282.Ed 1283.Pp 1284and so on. 1285.Pp 1286Note that 1287.Va ipv4_addrs_ Ns Aq Ar interface 1288variable was supported for IPv4 CIDR address notation. 1289It is now deprecated because the functionality was integrated into 1290.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1291though 1292.Va ipv4_addrs_ Ns Aq Ar interface 1293is still supported for backward compatibility. 1294.Pp 1295For each 1296.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1297entry with an address family keyword, 1298its contents are passed to 1299.Xr ifconfig 8 . 1300Execution stops at the first unsuccessful access, so if 1301something like this is present: 1302.Bd -literal 1303ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1304ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1305ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1306ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1307.Ed 1308.Pp 1309Then note that alias4 would 1310.Em not 1311be added since the search would 1312stop with the missing 1313.Dq Li alias3 1314entry. 1315Because of this difficult to manage behavior, 1316there is 1317.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1318variable, which has the same functionality as 1319.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1320and can have all of entries in a variable like the following: 1321.Bd -literal 1322ifconfig_ed0_aliases="\\ 1323 inet 127.0.0.251 netmask 0xffffffff \\ 1324 inet 127.0.0.252 netmask 0xffffffff \\ 1325 inet 127.0.0.253 netmask 0xffffffff \\ 1326 inet 127.0.0.254 netmask 0xffffffff" 1327.Ed 1328.Pp 1329It also supports CIDR notation. 1330.Pp 1331If the 1332.Pa /etc/start_if. Ns Aq Ar interface 1333file is present, it is read and executed by the 1334.Xr sh 1 1335interpreter 1336before configuring the interface as specified in the 1337.Va ifconfig_ Ns Aq Ar interface 1338and 1339.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1340variables. 1341.Pp 1342If a 1343.Va vlans_ Ns Aq Ar interface 1344variable is set, 1345a 1346.Xr vlan 4 1347interface will be created for each item in the list with the 1348.Ar vlandev 1349argument set to 1350.Ar interface . 1351If a vlan interface's name is a number, 1352then that number is used as the vlan tag and the new vlan interface is 1353named 1354.Ar interface . Ns Ar tag . 1355Otherwise, 1356the vlan tag must be specified via a 1357.Va vlan 1358parameter in the 1359.Va create_args_ Ns Aq Ar interface 1360variable. 1361.Pp 1362To create a vlan device named 1363.Li em0.101 1364on 1365.Li em0 1366with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1367.Bd -literal 1368vlans_em0="101" 1369ifconfig_em0_101="inet 192.0.2.1/24" 1370.Ed 1371.Pp 1372To create a vlan device named 1373.Li myvlan 1374on 1375.Li em0 1376with the vlan tag 102: 1377.Bd -literal 1378vlans_em0="myvlan" 1379create_args_myvlan="vlan 102" 1380.Ed 1381.Pp 1382If a 1383.Va wlans_ Ns Aq Ar interface 1384variable is set, 1385an 1386.Xr wlan 4 1387interface will be created for each item in the list with the 1388.Ar wlandev 1389argument set to 1390.Ar interface . 1391Further wlan cloning arguments may be passed to the 1392.Xr ifconfig 8 1393.Cm create 1394command by setting the 1395.Va create_args_ Ns Aq Ar interface 1396variable. 1397One or more 1398.Xr wlan 4 1399devices must be created for each wireless devices as of 1400.Fx 8.0 . 1401Debugging flags for 1402.Xr wlan 4 1403devices as set by 1404.Xr wlandebug 8 1405may be specified with an 1406.Va wlandebug_ Ns Aq Ar interface 1407variable. 1408The contents of this variable will be passed directly to 1409.Xr wlandebug 8 . 1410.Pp 1411If the 1412.Va ifconfig_ Ns Aq Ar interface 1413contains the keyword 1414.Dq Li NOAUTO 1415then the interface will not be configured 1416at boot or by 1417.Pa /etc/pccard_ether 1418when 1419.Va network_interfaces 1420is set to 1421.Dq Li AUTO . 1422.Pp 1423It is possible to bring up an interface with DHCP by adding 1424.Dq Li DHCP 1425to the 1426.Va ifconfig_ Ns Aq Ar interface 1427variable. 1428For instance, to initialize the 1429.Li ed0 1430device via DHCP, 1431it is possible to use something like: 1432.Bd -literal 1433ifconfig_ed0="DHCP" 1434.Ed 1435.Pp 1436If you want to configure your wireless interface with 1437.Xr wpa_supplicant 8 1438for use with WPA, EAP/LEAP or WEP, you need to add 1439.Dq Li WPA 1440to the 1441.Va ifconfig_ Ns Aq Ar interface 1442variable. 1443.Pp 1444On the other hand, if you want to configure your wireless interface with 1445.Xr hostapd 8 , 1446you need to add 1447.Dq Li HOSTAP 1448to the 1449.Va ifconfig_ Ns Aq Ar interface 1450variable. 1451.Xr hostapd 8 1452will use the settings from 1453.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1454.Pp 1455Finally, you can add 1456.Xr ifconfig 8 1457options in this variable, in addition to the 1458.Pa /etc/start_if. Ns Aq Ar interface 1459file. 1460For instance, to configure an 1461.Xr ath 4 1462wireless device in station mode with an address obtained 1463via DHCP, using WPA authentication and 802.11b mode, it is 1464possible to use something like: 1465.Bd -literal 1466wlans_ath0="wlan0" 1467ifconfig_wlan0="DHCP WPA mode 11b" 1468.Ed 1469.Pp 1470In addition to the 1471.Va ifconfig_ Ns Aq Ar interface 1472form, a fallback variable 1473.Va ifconfig_DEFAULT 1474may be configured. 1475It will be used for all interfaces with no 1476.Va ifconfig_ Ns Aq Ar interface 1477variable. 1478This is intended to replace the no longer supported 1479.Va pccard_ifconfig 1480variable. 1481.Pp 1482It is also possible to rename an interface by doing: 1483.Bd -literal 1484ifconfig_ed0_name="net0" 1485ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1486.Ed 1487.It Va ipv6_enable 1488.Pq Vt bool 1489This variable is deprecated. 1490Use 1491.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1492and 1493.Va ipv6_activate_all_interfaces 1494if necessary. 1495.Pp 1496If the variable is 1497.Dq Li YES , 1498.Dq Li inet6 accept_rtadv 1499is added to all of 1500.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1501and the 1502.Va ipv6_activate_all_interfaces 1503is defined as 1504.Dq Li YES . 1505.It Va ipv6_prefer 1506.Pq Vt bool 1507This variable is deprecated. 1508Use 1509.Va ip6addrctl_policy 1510instead. 1511.Pp 1512If the variable is 1513.Dq Li YES , 1514the default address selection policy table set by 1515.Xr ip6addrctl 8 1516will be IPv6-preferred. 1517.Pp 1518If the variable is 1519.Dq Li NO , 1520the default address selection policy table set by 1521.Xr ip6addrctl 8 1522will be IPv4-preferred. 1523.It Va ipv6_activate_all_interfaces 1524.Pq Vt bool 1525This controls initial configuration on IPv6-capable 1526interfaces with no corresponding 1527.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1528variable. 1529Note that it is not always necessary to set this variable to 1530.Dq YES 1531to use IPv6 functionality on 1532.Fx . 1533In most cases, just configuring 1534.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1535variables works. 1536.Pp 1537If the variable is 1538.Dq Li NO , 1539all interfaces which do not have a corresponding 1540.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1541variable will be marked as 1542.Dq Li IFDISABLED 1543at creation. 1544This means that all of IPv6 functionality on that interface 1545is completely disabled to enforce a security policy. 1546If the variable is set to 1547.Dq YES , 1548the flag will be cleared on all of the interfaces. 1549.Pp 1550In most cases, just defining an 1551.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1552for an IPv6-capable interface should be sufficient. 1553However, if an interface is added dynamically 1554.Pq by some tunneling protocols such as PPP, for example , 1555it is often difficult to define the variable in advance. 1556In such a case, configuring the 1557.Dq Li IFDISABLED 1558flag can be disabled by setting this variable to 1559.Dq YES . 1560.Pp 1561For more details of the 1562.Dq Li IFDISABLED 1563flag and keywords 1564.Dq Li inet6 ifdisabled , 1565see 1566.Xr ifconfig 8 . 1567.Pp 1568Default is 1569.Dq Li NO . 1570.It Va ipv6_privacy 1571.Pq Vt bool 1572If the variable is 1573.Dq Li YES 1574privacy addresses will be generated for each IPv6 1575interface as described in RFC 4941. 1576.It Va ipv6_network_interfaces 1577.Pq Vt str 1578This is the IPv6 equivalent of 1579.Va network_interfaces . 1580Normally manual configuration of this variable is not needed. 1581.It Va ipv6_cpe_wanif 1582.Pq Vt str 1583If the variable is set to an interface name, 1584the 1585.Xr ifconfig 8 1586options 1587.Dq inet6 -no_radr accept_rtadv 1588will be added to the specified interface automatically before evaluating 1589.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1590and two 1591.Xr sysctl 8 1592variables 1593.Va net.inet6.ip6.rfc6204w3 1594and 1595.Va net.inet6.ip6.no_radr 1596will be set to 1. 1597.Pp 1598This means the specified interface will accept ICMPv6 Router 1599Advertisement messages on that link and add the discovered 1600routers into the Default Router List. 1601While the other interfaces can still accept RA messages if the 1602.Dq inet6 accept_rtadv 1603option is specified, adding 1604routes into the Default Router List will be disabled by 1605.Dq inet6 no_radr 1606option by default. 1607See 1608.Xr ifconfig 8 1609for more details. 1610.Pp 1611Note that ICMPv6 Router Advertisement messages will be 1612accepted even when 1613.Va net.inet6.ip6.forwarding 1614is 1 1615.Pq packet forwarding is enabled 1616when 1617.Va net.inet6.ip6.rfc6204w3 1618is set to 1. 1619.Pp 1620Default is 1621.Dq Li NO . 1622.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1623.Pq Vt str 1624This assigns arbitrary description to an interface. 1625The 1626.Xr sysctl 8 1627variable 1628.Va net.ifdescr_maxlen 1629limits its length. 1630This static setting may be overridden by commands 1631started with dynamic interface configuration utilities 1632like 1633.Xr dhclient 8 1634hooks. The description can be seen with 1635.Xr ifconfig 8 1636command and it may be exported with 1637.Xr bsnmpd 1 1638daemon using its MIB-2 module. 1639.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1640.Pq Vt str 1641IPv6 functionality on an interface should be configured by 1642.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1643instead of setting ifconfig parameters in 1644.Va ifconfig_ Ns Aq Ar interface . 1645If this variable is empty, all of IPv6 configurations on the 1646specified interface by other variables such as 1647.Va ipv6_prefix_ Ns Ao Ar interface Ac 1648will be ignored. 1649.Pp 1650Aliases should be set by 1651.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1652with 1653.Dq Li inet6 1654keyword. 1655For example: 1656.Bd -literal 1657ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1658ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1659.Ed 1660.Pp 1661Interfaces that have an 1662.Dq Li inet6 accept_rtadv 1663keyword in 1664.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1665setting will be automatically configured by SLAAC 1666.Pq StateLess Address AutoConfiguration 1667described in 1668.Rs 1669.%T "RFC 4862" 1670.Re 1671.Pp 1672Note that a link-local address will be automatically configured in 1673addition to the configured global-scope addresses because the IPv6 1674specifications require it on each link. 1675The address is calculated from the MAC address by using an algorithm 1676defined in 1677.Rs 1678.%T "RFC 4862" 1679.%O "Section 5.3" 1680.Re 1681.Pp 1682If only a link-local address is needed on the interface, 1683the following configuration can be used: 1684.Bd -literal 1685ifconfig_ed0_ipv6="inet6 auto_linklocal" 1686.Ed 1687.Pp 1688A link-local address can also be configured manually. 1689This is useful for the default router address of an IPv6 router 1690so that it does not change when the network interface 1691card is replaced. 1692For example: 1693.Bd -literal 1694ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1695.Ed 1696.It Va ipv6_prefix_ Ns Aq Ar interface 1697.Pq Vt str 1698If one or more prefixes are defined in 1699.Va ipv6_prefix_ Ns Aq Ar interface 1700addresses based on each prefix and the EUI-64 interface index will be 1701configured on that interface. 1702Note that this variable will be ignored when 1703.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1704is empty. 1705.Pp 1706For example, the following configuration 1707.Bd -literal 1708ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1709.Ed 1710.Pp 1711is equivalent to the following: 1712.Bd -literal 1713ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1714ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1715ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1716ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1717.Ed 1718.Pp 1719These Subnet-Router anycast addresses will be added only when 1720.Va ipv6_gateway_enable 1721is YES. 1722.It Va ipv6_default_interface 1723.Pq Vt str 1724If not set to 1725.Dq Li NO , 1726this is the default output interface for scoped addresses. 1727This works only with ipv6_gateway_enable="NO". 1728.It Va ip6addrctl_enable 1729.Pq Vt bool 1730This variable is to enable configuring default address selection policy table 1731.Pq RFC 3484 . 1732The table can be specified in another variable 1733.Va ip6addrctl_policy . 1734For 1735.Va ip6addrctl_policy 1736the following keywords can be specified: 1737.Dq Li ipv4_prefer , 1738.Dq Li ipv6_prefer , 1739or 1740.Dq Li AUTO . 1741.Pp 1742If 1743.Dq Li ipv4_prefer 1744or 1745.Dq Li ipv6_prefer 1746is specified, 1747.Xr ip6addrctl 8 1748installs a pre-defined policy table described in Section 2.1 1749.Pq IPv6-preferred 1750or 10.3 1751.Pq IPv4-preferred 1752of RFC 3484. 1753.Pp 1754If 1755.Dq Li AUTO 1756is specified, it attempts to read a file 1757.Pa /etc/ip6addrctl.conf 1758first. 1759If this file is found, 1760.Xr ip6addrctl 8 1761reads and installs it. 1762If not found, a policy is automatically set 1763according to 1764.Va ipv6_activate_all_interfaces 1765variable; if the variable is set to 1766.Dq Li YES 1767the IPv6-preferred one is used. 1768Otherwise IPv4-preferred. 1769.Pp 1770The default value of 1771.Va ip6addrctl_enable 1772and 1773.Va ip6addrctl_policy 1774are 1775.Dq Li YES 1776and 1777.Dq Li AUTO , 1778respectively. 1779.It Va cloned_interfaces 1780.Pq Vt str 1781Set to the list of clonable network interfaces to create on this host. 1782Further cloning arguments may be passed to the 1783.Xr ifconfig 8 1784.Cm create 1785command for each interface by setting the 1786.Va create_args_ Ns Aq Ar interface 1787variable. 1788If an interface name is specified with 1789.Dq :sticky 1790keyword, 1791the interface will not be destroyed even when 1792.Pa rc.d/netif 1793script is invoked with 1794.Dq stop 1795argument. 1796This is useful when reconfiguring the interface without destroying it. 1797Entries in 1798.Va cloned_interfaces 1799are automatically appended to 1800.Va network_interfaces 1801for configuration. 1802.It Va cloned_interfaces_sticky 1803.Pq Vt bool 1804This variable is to globally enable functionality of 1805.Dq :sticky 1806keyword in 1807.Va cloned_interfaces 1808for all interfaces. 1809The default value is 1810.Dq NO . 1811Even if this variable is specified to 1812.Dq YES , 1813.Dq :nosticky 1814keyword can be used to override it on per interface basis. 1815.It Va gif_interfaces 1816.Pq Vt str 1817This variable is deprecated in favor of 1818.Va cloned_interfaces . 1819Set to the list of 1820.Xr gif 4 1821tunnel interfaces to configure on this host. 1822For each 1823.Xr gif 1824tunnel interface, set a variable named 1825.Va ifconfig_ Ns Aq Ar interface 1826with the parameters for the 1827.Xr ifconfig 8 1828command to configure the link level for 1829.Ar interface 1830with the 1831.Cm tunnel 1832option. 1833The value of this variable is used to configure the link layer of the 1834tunnel using the 1835.Cm tunnel 1836option to 1837.Xr ifconfig . 1838For example, configure two 1839.Xr gif 1840interfaces with: 1841.Bd -literal -offset indent 1842gif_interfaces="gif0 gif1" 1843ifconfig_gif0="tunnel src_addr0 dst_addr0" 1844ifconfig_gif1="tunnel src_addr1 dst_addr1" 1845.Ed 1846.Pp 1847Additionally, this option ensures that each listed interface is created 1848via the 1849.Cm create 1850option to 1851.Xr ifconfig . 1852This example also works with 1853.Va cloned_interfaces 1854instead of 1855.Va gif_interfaces . 1856.It Va sppp_interfaces 1857.Pq Vt str 1858Set to the list of 1859.Xr sppp 4 1860interfaces to configure on this host. 1861A 1862.Va spppconfig_ Ns Aq Ar interface 1863variable is assumed to exist for each value of 1864.Ar interface . 1865Each interface should also be configured by a general 1866.Va ifconfig_ Ns Aq Ar interface 1867setting. 1868Refer to 1869.Xr spppcontrol 8 1870for more information about available options. 1871.It Va ppp_enable 1872.Pq Vt bool 1873If set to 1874.Dq Li YES , 1875run the 1876.Xr ppp 8 1877daemon. 1878.It Va ppp_profile 1879.Pq Vt str 1880The name of the profile to use from 1881.Pa /etc/ppp/ppp.conf . 1882Also used for per-profile overrides of 1883.Va ppp_mode 1884and 1885.Va ppp_nat , 1886and 1887.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1888When the profile name contains any of the characters 1889.Dq Li .-/+ 1890they are translated to 1891.Dq Li _ 1892for the proposes of the override variable names. 1893.It Va ppp_mode 1894.Pq Vt str 1895Mode in which to run the 1896.Xr ppp 8 1897daemon. 1898.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1899.Pq Vt str 1900Overrides the global 1901.Va ppp_mode 1902for 1903.Ar profile . 1904Accepted modes are 1905.Dq Li auto , 1906.Dq Li ddial , 1907.Dq Li direct 1908and 1909.Dq Li dedicated . 1910See the manual for a full description. 1911.It Va ppp_nat 1912.Pq Vt bool 1913If set to 1914.Dq Li YES , 1915enables network address translation. 1916Used in conjunction with 1917.Va gateway_enable 1918allows hosts on private network addresses access to the Internet using 1919this host as a network address translating router. 1920.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1921.Pq Vt str 1922Overrides the global 1923.Va ppp_nat 1924for 1925.Ar profile . 1926.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1927.Pq Vt int 1928Set the unit number to be used for this profile. 1929See the manual description of 1930.Fl unit Ns Ar N 1931for details. 1932.It Va ppp_user 1933.Pq Vt str 1934The name of the user under which 1935.Xr ppp 8 1936should be started. 1937By 1938default, 1939.Xr ppp 8 1940is started as 1941.Dq Li root . 1942.It Va rc_conf_files 1943.Pq Vt str 1944This option is used to specify a list of files that will override 1945the settings in 1946.Pa /etc/defaults/rc.conf . 1947The files will be read in the order in which they are specified and should 1948include the full path to the file. 1949By default, the files specified are 1950.Pa /etc/rc.conf 1951and 1952.Pa /etc/rc.conf.local 1953.It Va zfs_enable 1954.Pq Vt bool 1955If set to 1956.Dq Li YES , 1957.Pa /etc/rc.d/zfs 1958will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1959(ZVOLs). 1960.It Va gptboot_enable 1961.Pq Vt bool 1962If set to 1963.Dq Li YES , 1964.Pa /etc/rc.d/gptboot 1965will log if the system successfully (or not) booted from a GPT partition, 1966which had the 1967.Ar bootonce 1968attribute set using 1969.Xr gpart 8 1970utility. 1971.It Va gbde_autoattach_all 1972.Pq Vt bool 1973If set to 1974.Dq Li YES , 1975.Pa /etc/rc.d/gbde 1976will attempt to automatically initialize your .bde devices in 1977.Pa /etc/fstab . 1978.It Va gbde_devices 1979.Pq Vt str 1980List the devices that the script should try to attach, 1981or 1982.Dq Li AUTO . 1983.It Va gbde_lockdir 1984.Pq Vt str 1985The directory where the 1986.Xr gbde 4 1987lockfiles are located. 1988The default lockfile directory is 1989.Pa /etc . 1990.Pp 1991The lockfile for each individual 1992.Xr gbde 4 1993device can be overridden by setting the variable 1994.Va gbde_lock_ Ns Aq Ar device , 1995where 1996.Ar device 1997is the encrypted device without the 1998.Dq Pa /dev/ 1999and 2000.Dq Pa .bde 2001parts. 2002.It Va gbde_attach_attempts 2003.Pq Vt int 2004Number of times to attempt attaching to a 2005.Xr gbde 4 2006device, i.e., how many times the user is asked for the pass-phrase. 2007Default is 3. 2008.It Va geli_devices 2009.Pq Vt str 2010List of devices to automatically attach on boot. 2011Note that .eli devices from 2012.Pa /etc/fstab 2013are automatically appended to this list. 2014.It Va geli_groups 2015.Pq Vt str 2016List of groups containing devices to automatically attach on boot with the same 2017keyfiles and passphrase. 2018This must be accompanied with a corresponding 2019.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2020variable. 2021.It Va geli_tries 2022.Pq Vt int 2023Number of times user is asked for the pass-phrase. 2024If empty, it will be taken from 2025.Va kern.geom.eli.tries 2026sysctl variable. 2027.It Va geli_default_flags 2028.Pq Vt str 2029Default flags to use by 2030.Xr geli 8 2031when configuring disk encryption. 2032Flags can be configured for every device separately by defining the 2033.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2034variable, and for every group separately by defining the 2035.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2036variable. 2037.It Va geli_autodetach 2038.Pq Vt str 2039Specifies if GELI devices should be marked for detach on last close after 2040file systems are mounted. 2041Default is 2042.Dq Li YES . 2043This can be changed for every device separately by defining the 2044.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2045variable. 2046.It Va root_rw_mount 2047.Pq Vt bool 2048Set to 2049.Dq Li YES 2050by default. 2051After the file systems are checked at boot time, the root file system 2052is remounted as read-write if this is set to 2053.Dq Li YES . 2054Diskless systems that mount their root file system from a read-only remote 2055NFS share should set this to 2056.Dq Li NO 2057in their 2058.Pa rc.conf . 2059.It Va fsck_y_enable 2060.Pq Vt bool 2061If set to 2062.Dq Li YES , 2063.Xr fsck 8 2064will be run with the 2065.Fl y 2066flag if the initial preen 2067of the file systems fails. 2068.It Va background_fsck 2069.Pq Vt bool 2070If set to 2071.Dq Li NO , 2072the system will not attempt to run 2073.Xr fsck 8 2074in the background where possible. 2075.It Va background_fsck_delay 2076.Pq Vt int 2077The amount of time in seconds to sleep before starting a background 2078.Xr fsck 8 . 2079It defaults to sixty seconds to allow large applications such as 2080the X server to start before disk I/O bandwidth is monopolized by 2081.Xr fsck 8 . 2082If set to a negative number, the background file system check will be 2083delayed indefinitely to allow the administrator to run it at a more 2084convenient time. 2085For example it may be run from 2086.Xr cron 8 2087by adding a line like 2088.Pp 2089.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2090.Pp 2091to 2092.Pa /etc/crontab . 2093.It Va netfs_types 2094.Pq Vt str 2095List of file system types that are network-based. 2096This list should generally not be modified by end users. 2097Use 2098.Va extra_netfs_types 2099instead. 2100.It Va extra_netfs_types 2101.Pq Vt str 2102If set to something other than 2103.Dq Li NO 2104(the default), 2105this variable extends the list of file system types 2106for which automatic mounting at startup by 2107.Xr rc 8 2108should be delayed until the network is initialized. 2109It should contain 2110a whitespace-separated list of network file system descriptor pairs, 2111each consisting of a file system type as passed to 2112.Xr mount 8 2113and a human-readable, one-word description, 2114joined with a colon 2115.Pq Ql \&: . 2116Extending the default list in this way is only necessary 2117when third party file system types are used. 2118.It Va syslogd_enable 2119.Pq Vt bool 2120If set to 2121.Dq Li YES , 2122run the 2123.Xr syslogd 8 2124daemon. 2125.It Va syslogd_program 2126.Pq Vt str 2127Path to 2128.Xr syslogd 8 2129(default 2130.Pa /usr/sbin/syslogd ) . 2131.It Va syslogd_flags 2132.Pq Vt str 2133If 2134.Va syslogd_enable 2135is set to 2136.Dq Li YES , 2137these are the flags to pass to 2138.Xr syslogd 8 . 2139.It Va inetd_enable 2140.Pq Vt bool 2141If set to 2142.Dq Li YES , 2143run the 2144.Xr inetd 8 2145daemon. 2146.It Va inetd_program 2147.Pq Vt str 2148Path to 2149.Xr inetd 8 2150(default 2151.Pa /usr/sbin/inetd ) . 2152.It Va inetd_flags 2153.Pq Vt str 2154If 2155.Va inetd_enable 2156is set to 2157.Dq Li YES , 2158these are the flags to pass to 2159.Xr inetd 8 . 2160.It Va hastd_enable 2161.Pq Vt bool 2162If set to 2163.Dq Li YES , 2164run the 2165.Xr hastd 8 2166daemon. 2167.It Va hastd_program 2168.Pq Vt str 2169Path to 2170.Xr hastd 8 2171(default 2172.Pa /sbin/hastd ) . 2173.It Va hastd_flags 2174.Pq Vt str 2175If 2176.Va hastd_enable 2177is set to 2178.Dq Li YES , 2179these are the flags to pass to 2180.Xr hastd 8 . 2181.It Va local_unbound_enable 2182.Pq Vt bool 2183If set to 2184.Dq Li YES , 2185run the 2186.Xr unbound 8 2187daemon as a local caching resolver. 2188.It Va kdc_enable 2189.Pq Vt bool 2190Set to 2191.Dq Li YES 2192to start a Kerberos 5 authentication server 2193at boot time. 2194.It Va kdc_program 2195.Pq Vt str 2196If 2197.Va kdc_enable 2198is set to 2199.Dq Li YES 2200this is the path to Kerberos 5 Authentication Server. 2201.It Va kdc_flags 2202.Pq Vt str 2203Empty by default. 2204This variable contains additional flags to be passed to the Kerberos 5 2205authentication server. 2206.It Va kadmind_enable 2207.Pq Vt bool 2208Set to 2209.Dq Li YES 2210to start 2211.Xr kadmind 8 , 2212the Kerberos 5 Administration Daemon; set to 2213.Dq Li NO 2214on a slave server. 2215.It Va kadmind_program 2216.Pq Vt str 2217If 2218.Va kadmind_enable 2219is set to 2220.Dq Li YES 2221this is the path to Kerberos 5 Administration Daemon. 2222.It Va kpasswdd_enable 2223.Pq Vt bool 2224Set to 2225.Dq Li YES 2226to start 2227.Xr kpasswdd 8 , 2228the Kerberos 5 Password-Changing Daemon; set to 2229.Dq Li NO 2230on a slave server. 2231.It Va kpasswdd_program 2232.Pq Vt str 2233If 2234.Va kpasswdd_enable 2235is set to 2236.Dq Li YES 2237this is the path to Kerberos 5 Password-Changing Daemon. 2238.It Va kfd_enable 2239.Pq Vt bool 2240Set to 2241.Dq Li YES 2242to start 2243.Xr kfd 8 , 2244the Kerberos 5 ticket forwarding daemon, at the boot time. 2245.It Va kfd_program 2246.Pq Vt str 2247Path to 2248.Xr kfd 8 2249(default 2250.Pa /usr/libexec/kfd ) . 2251.It Va rwhod_enable 2252.Pq Vt bool 2253If set to 2254.Dq Li YES , 2255run the 2256.Xr rwhod 8 2257daemon at boot time. 2258.It Va rwhod_flags 2259.Pq Vt str 2260If 2261.Va rwhod_enable 2262is set to 2263.Dq Li YES , 2264these are the flags to pass to it. 2265.It Va amd_enable 2266.Pq Vt bool 2267If set to 2268.Dq Li YES , 2269run the 2270.Xr amd 8 2271daemon at boot time. 2272.It Va amd_flags 2273.Pq Vt str 2274If 2275.Va amd_enable 2276is set to 2277.Dq Li YES , 2278these are the flags to pass to it. 2279See the 2280.Xr amd 8 2281manpage for more information. 2282.It Va amd_map_program 2283.Pq Vt str 2284If set, 2285the specified program is run to get the list of 2286.Xr amd 8 2287maps. 2288For example, if the 2289.Xr amd 8 2290maps are stored in NIS, one can set this to 2291run 2292.Xr ypcat 1 2293to get a list of 2294.Xr amd 8 2295maps from the 2296.Pa amd.master 2297NIS map. 2298.It Va update_motd 2299.Pq Vt bool 2300If set to 2301.Dq Li YES , 2302.Pa /etc/motd 2303will be updated at boot time to reflect the kernel release 2304being run. 2305If set to 2306.Dq Li NO , 2307.Pa /etc/motd 2308will not be updated. 2309.It Va nfs_client_enable 2310.Pq Vt bool 2311If set to 2312.Dq Li YES , 2313run the NFS client daemons at boot time. 2314.It Va nfs_access_cache 2315.Pq Vt int 2316If 2317.Va nfs_client_enable 2318is set to 2319.Dq Li YES , 2320this can be set to 2321.Dq Li 0 2322to disable NFS ACCESS RPC caching, or to the number of seconds for which 2323NFS ACCESS 2324results should be cached. 2325A value of 2-10 seconds will substantially reduce network 2326traffic for many NFS operations. 2327.It Va nfs_server_enable 2328.Pq Vt bool 2329If set to 2330.Dq Li YES , 2331run the NFS server daemons at boot time. 2332.It Va nfs_server_flags 2333.Pq Vt str 2334If 2335.Va nfs_server_enable 2336is set to 2337.Dq Li YES , 2338these are the flags to pass to the 2339.Xr nfsd 8 2340daemon. 2341.It Va nfsv4_server_enable 2342.Pq Vt bool 2343If 2344.Va nfs_server_enable 2345is set to 2346.Dq Li YES 2347and 2348.Va nfsv4_server_enable 2349are set to 2350.Dq Li YES , 2351enable the server for NFSv4 as well as NFSv2 and NFSv3. 2352.It Va nfsuserd_enable 2353.Pq Vt bool 2354If 2355.Va nfsuserd_enable 2356is set to 2357.Dq Li YES , 2358run the nfsuserd daemon, which is needed for NFSv4 in order 2359to map between user/group names vs uid/gid numbers. 2360If 2361.Va nfsv4_server_enable 2362is set to 2363.Dq Li YES , 2364this will be forced enabled. 2365.It Va nfsuserd_flags 2366.Pq Vt str 2367If 2368.Va nfsuserd_enable 2369is set to 2370.Dq Li YES , 2371these are the flags to pass to the 2372.Xr nfsuserd 8 2373daemon. 2374.It Va nfscbd_enable 2375.Pq Vt bool 2376If 2377.Va nfscbd_enable 2378is set to 2379.Dq Li YES , 2380run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2381.It Va nfscbd_flags 2382.Pq Vt str 2383If 2384.Va nfscbd_enable 2385is set to 2386.Dq Li YES , 2387these are the flags to pass to the 2388.Xr nfscbd 8 2389daemon. 2390.It Va mountd_enable 2391.Pq Vt bool 2392If set to 2393.Dq Li YES , 2394and no 2395.Va nfs_server_enable 2396is set, start 2397.Xr mountd 8 , 2398but not 2399.Xr nfsd 8 2400daemon. 2401It is commonly needed to run CFS without real NFS used. 2402.It Va mountd_flags 2403.Pq Vt str 2404If 2405.Va mountd_enable 2406is set to 2407.Dq Li YES , 2408these are the flags to pass to the 2409.Xr mountd 8 2410daemon. 2411.It Va weak_mountd_authentication 2412.Pq Vt bool 2413If set to 2414.Dq Li YES , 2415allow services like PCNFSD to make non-privileged mount 2416requests. 2417.It Va nfs_reserved_port_only 2418.Pq Vt bool 2419If set to 2420.Dq Li YES , 2421provide NFS services only on a secure port. 2422.It Va nfs_bufpackets 2423.Pq Vt int 2424If set to a number, indicates the number of packets worth of 2425socket buffer space to reserve on an NFS client. 2426The kernel default is typically 4. 2427Using a higher number may be 2428useful on gigabit networks to improve performance. 2429The minimum value is 24302 and the maximum is 64. 2431.It Va rpc_lockd_enable 2432.Pq Vt bool 2433If set to 2434.Dq Li YES 2435and also an NFS server or client, run 2436.Xr rpc.lockd 8 2437at boot time. 2438.It Va rpc_lockd_flags 2439.Pq Vt str 2440If 2441.Va rpc_lockd_enable 2442is set to 2443.Dq Li YES , 2444these are the flags to pass to the 2445.Xr rpc.lockd 8 2446daemon. 2447.It Va rpc_statd_enable 2448.Pq Vt bool 2449If set to 2450.Dq Li YES 2451and also an NFS server or client, run 2452.Xr rpc.statd 8 2453at boot time. 2454.It Va rpc_statd_flags 2455.Pq Vt str 2456If 2457.Va rpc_statd_enable 2458is set to 2459.Dq Li YES , 2460these are the flags to pass to the 2461.Xr rpc.statd 8 2462daemon. 2463.It Va rpcbind_program 2464.Pq Vt str 2465Path to 2466.Xr rpcbind 8 2467(default 2468.Pa /usr/sbin/rpcbind ) . 2469.It Va rpcbind_enable 2470.Pq Vt bool 2471If set to 2472.Dq Li YES , 2473run the 2474.Xr rpcbind 8 2475service at boot time. 2476.It Va rpcbind_flags 2477.Pq Vt str 2478If 2479.Va rpcbind_enable 2480is set to 2481.Dq Li YES , 2482these are the flags to pass to the 2483.Xr rpcbind 8 2484daemon. 2485.It Va keyserv_enable 2486.Pq Vt bool 2487If set to 2488.Dq Li YES , 2489run the 2490.Xr keyserv 8 2491daemon on boot for running Secure RPC. 2492.It Va keyserv_flags 2493.Pq Vt str 2494If 2495.Va keyserv_enable 2496is set to 2497.Dq Li YES , 2498these are the flags to pass to 2499.Xr keyserv 8 2500daemon. 2501.It Va pppoed_enable 2502.Pq Vt bool 2503If set to 2504.Dq Li YES , 2505run the 2506.Xr pppoed 8 2507daemon at boot time to provide PPP over Ethernet services. 2508.It Va pppoed_ Ns Aq Ar provider 2509.Pq Vt str 2510.Xr pppoed 8 2511listens to requests to this 2512.Ar provider 2513and ultimately runs 2514.Xr ppp 8 2515with a 2516.Ar system 2517argument of the same name. 2518.It Va pppoed_flags 2519.Pq Vt str 2520Additional flags to pass to 2521.Xr pppoed 8 . 2522.It Va pppoed_interface 2523.Pq Vt str 2524The network interface to run 2525.Xr pppoed 8 2526on. 2527This is mandatory when 2528.Va pppoed_enable 2529is set to 2530.Dq Li YES . 2531.It Va timed_enable 2532.Pq Vt bool 2533If set to 2534.Dq Li YES , 2535run the 2536.Xr timed 8 2537service at boot time. 2538This command is intended for networks of 2539machines where a consistent 2540.Dq "network time" 2541for all hosts must be established. 2542This is often useful in large NFS 2543environments where time stamps on files are expected to be consistent 2544network-wide. 2545.It Va timed_flags 2546.Pq Vt str 2547If 2548.Va timed_enable 2549is set to 2550.Dq Li YES , 2551these are the flags to pass to the 2552.Xr timed 8 2553service. 2554.It Va ntpdate_enable 2555.Pq Vt bool 2556If set to 2557.Dq Li YES , 2558run 2559.Xr ntpdate 8 2560at system startup. 2561This command is intended to 2562synchronize the system clock only 2563.Em once 2564from some standard reference. 2565.It Va ntpdate_config 2566.Pq Vt str 2567Configuration file for 2568.Xr ntpdate 8 . 2569Default 2570.Pa /etc/ntp.conf . 2571.It Va ntpdate_hosts 2572.Pq Vt str 2573A whitespace-separated list of NTP servers to synchronize with at startup. 2574The default is to use the servers listed in 2575.Va ntpdate_config , 2576if that file exists. 2577.It Va ntpdate_program 2578.Pq Vt str 2579Path to 2580.Xr ntpdate 8 2581(default 2582.Pa /usr/sbin/ntpdate ) . 2583.It Va ntpdate_flags 2584.Pq Vt str 2585If 2586.Va ntpdate_enable 2587is set to 2588.Dq Li YES , 2589these are the flags to pass to the 2590.Xr ntpdate 8 2591command (typically a hostname). 2592.It Va ntpd_enable 2593.Pq Vt bool 2594If set to 2595.Dq Li YES , 2596run the 2597.Xr ntpd 8 2598command at boot time. 2599.It Va ntpd_program 2600.Pq Vt str 2601Path to 2602.Xr ntpd 8 2603(default 2604.Pa /usr/sbin/ntpd ) . 2605.It Va ntpd_config 2606.Pq Vt str 2607Path to 2608.Xr ntpd 8 2609configuration file. 2610Default 2611.Pa /etc/ntp.conf . 2612.It Va ntpd_flags 2613.Pq Vt str 2614If 2615.Va ntpd_enable 2616is set to 2617.Dq Li YES , 2618these are the flags to pass to the 2619.Xr ntpd 8 2620daemon. 2621.It Va ntpd_sync_on_start 2622.Pq Vt bool 2623If set to 2624.Dq Li YES , 2625.Xr ntpd 8 2626is run with the 2627.Fl g 2628flag, which syncs the system's clock on startup. 2629See 2630.Xr ntpd 8 2631for more information regarding the 2632.Fl g 2633option. 2634This is a preferred alternative to using 2635.Xr ntpdate 8 2636or specifying the 2637.Va ntpdate_enable 2638variable. 2639.It Va nis_client_enable 2640.Pq Vt bool 2641If set to 2642.Dq Li YES , 2643run the 2644.Xr ypbind 8 2645service at system boot time. 2646.It Va nis_client_flags 2647.Pq Vt str 2648If 2649.Va nis_client_enable 2650is set to 2651.Dq Li YES , 2652these are the flags to pass to the 2653.Xr ypbind 8 2654service. 2655.It Va nis_ypldap_enable 2656.Pq Vt bool 2657If set to 2658.Dq Li YES , 2659run the 2660.Xr ypldap 8 2661daemon at system boot time. 2662.It Va nis_ypldap_flags 2663.Pq Vt str 2664If 2665.Va nis.ypldap_enable 2666is set to 2667.Dq Li YES , 2668these are the flags to pass to the 2669.Xr ypldap 8 2670daemon. 2671.It Va nis_ypset_enable 2672.Pq Vt bool 2673If set to 2674.Dq Li YES , 2675run the 2676.Xr ypset 8 2677daemon at system boot time. 2678.It Va nis_ypset_flags 2679.Pq Vt str 2680If 2681.Va nis_ypset_enable 2682is set to 2683.Dq Li YES , 2684these are the flags to pass to the 2685.Xr ypset 8 2686daemon. 2687.It Va nis_server_enable 2688.Pq Vt bool 2689If set to 2690.Dq Li YES , 2691run the 2692.Xr ypserv 8 2693daemon at system boot time. 2694.It Va nis_server_flags 2695.Pq Vt str 2696If 2697.Va nis_server_enable 2698is set to 2699.Dq Li YES , 2700these are the flags to pass to the 2701.Xr ypserv 8 2702daemon. 2703.It Va nis_ypxfrd_enable 2704.Pq Vt bool 2705If set to 2706.Dq Li YES , 2707run the 2708.Xr rpc.ypxfrd 8 2709daemon at system boot time. 2710.It Va nis_ypxfrd_flags 2711.Pq Vt str 2712If 2713.Va nis_ypxfrd_enable 2714is set to 2715.Dq Li YES , 2716these are the flags to pass to the 2717.Xr rpc.ypxfrd 8 2718daemon. 2719.It Va nis_yppasswdd_enable 2720.Pq Vt bool 2721If set to 2722.Dq Li YES , 2723run the 2724.Xr rpc.yppasswdd 8 2725daemon at system boot time. 2726.It Va nis_yppasswdd_flags 2727.Pq Vt str 2728If 2729.Va nis_yppasswdd_enable 2730is set to 2731.Dq Li YES , 2732these are the flags to pass to the 2733.Xr rpc.yppasswdd 8 2734daemon. 2735.It Va rpc_ypupdated_enable 2736.Pq Vt bool 2737If set to 2738.Dq Li YES , 2739run the 2740.Nm rpc.ypupdated 2741daemon at system boot time. 2742.It Va bsnmpd_enable 2743.Pq Vt bool 2744If set to 2745.Dq Li YES , 2746run the 2747.Xr bsnmpd 1 2748daemon at system boot time. 2749Be sure to understand the security implications of running SNMP daemon 2750on your host. 2751.It Va bsnmpd_flags 2752.Pq Vt str 2753If 2754.Va bsnmpd_enable 2755is set to 2756.Dq Li YES , 2757these are the flags to pass to the 2758.Xr bsnmpd 1 2759daemon. 2760.It Va defaultrouter 2761.Pq Vt str 2762If not set to 2763.Dq Li NO , 2764create a default route to this host name or IP address 2765(use an IP address if this router is also required to get to the 2766name server!). 2767.It Va ipv6_defaultrouter 2768.Pq Vt str 2769The IPv6 equivalent of 2770.Va defaultrouter . 2771.It Va static_arp_pairs 2772.Pq Vt str 2773Set to the list of static ARP pairs that are to be added at system 2774boot time. 2775For each whitespace separated 2776.Ar element 2777in the value, a 2778.Va static_arp_ Ns Aq Ar element 2779variable is assumed to exist whose contents will later be passed to a 2780.Dq Nm arp Cm -S 2781operation. 2782For example 2783.Bd -literal 2784static_arp_pairs="gw" 2785static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2786.Ed 2787.It Va static_ndp_pairs 2788.Pq Vt str 2789Set to the list of static NDP pairs that are to be added at system 2790boot time. 2791For each whitespace separated 2792.Ar element 2793in the value, a 2794.Va static_ndp_ Ns Aq Ar element 2795variable is assumed to exist whose contents will later be passed to a 2796.Dq Nm ndp Cm -s 2797operation. 2798For example 2799.Bd -literal 2800static_ndp_pairs="gw" 2801static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2802.Ed 2803.It Va static_routes 2804.Pq Vt str 2805Set to the list of static routes that are to be added at system 2806boot time. 2807If not set to 2808.Dq Li NO 2809then for each whitespace separated 2810.Ar element 2811in the value, a 2812.Va route_ Ns Aq Ar element 2813variable is assumed to exist 2814whose contents will later be passed to a 2815.Dq Nm route Cm add 2816operation. 2817For example: 2818.Bd -literal 2819static_routes="ext mcast:gif0 gif0local:gif0" 2820route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2821route_mcast="-net 224.0.0.0/4 -iface gif0" 2822route_gif0local="-host 169.254.1.1 -iface lo0" 2823.Ed 2824.Pp 2825When an 2826.Ar element 2827is in the form of 2828.Li name:ifname , 2829the route is specific to the interface 2830.Li ifname . 2831.It Va ipv6_static_routes 2832.Pq Vt str 2833The IPv6 equivalent of 2834.Va static_routes . 2835If not set to 2836.Dq Li NO 2837then for each whitespace separated 2838.Ar element 2839in the value, a 2840.Va ipv6_route_ Ns Aq Ar element 2841variable is assumed to exist 2842whose contents will later be passed to a 2843.Dq Nm route Cm add Fl inet6 2844operation. 2845.It Va gateway_enable 2846.Pq Vt bool 2847If set to 2848.Dq Li YES , 2849configure host to act as an IP router, e.g.\& to forward packets 2850between interfaces. 2851.It Va ipv6_gateway_enable 2852.Pq Vt bool 2853The IPv6 equivalent of 2854.Va gateway_enable . 2855.It Va routed_enable 2856.Pq Vt bool 2857If set to 2858.Dq Li YES , 2859run a routing daemon of some sort, based on the 2860settings of 2861.Va routed_program 2862and 2863.Va routed_flags . 2864.It Va route6d_enable 2865.Pq Vt bool 2866The IPv6 equivalent of 2867.Va routed_enable . 2868If set to 2869.Dq Li YES , 2870run a routing daemon of some sort, based on the 2871settings of 2872.Va route6d_program 2873and 2874.Va route6d_flags . 2875.It Va routed_program 2876.Pq Vt str 2877If 2878.Va routed_enable 2879is set to 2880.Dq Li YES , 2881this is the name of the routing daemon to use. 2882.It Va route6d_program 2883.Pq Vt str 2884The IPv6 equivalent of 2885.Va routed_program . 2886.It Va routed_flags 2887.Pq Vt str 2888If 2889.Va routed_enable 2890is set to 2891.Dq Li YES , 2892these are the flags to pass to the routing daemon. 2893.It Va route6d_flags 2894.Pq Vt str 2895The IPv6 equivalent of 2896.Va routed_flags . 2897.It Va rtadvd_enable 2898.Pq Vt bool 2899If set to 2900.Dq Li YES , 2901run the 2902.Xr rtadvd 8 2903daemon at boot time. 2904The 2905.Xr rtadvd 8 2906utility sends ICMPv6 Router Advertisement messages to 2907the interfaces specified in 2908.Va rtadvd_interfaces . 2909This should only be enabled with great care. 2910You may want to fine-tune 2911.Xr rtadvd.conf 5 . 2912.It Va rtadvd_interfaces 2913.Pq Vt str 2914If 2915.Va rtadvd_enable 2916is set to 2917.Dq Li YES 2918this is the list of interfaces to use. 2919.It Va arpproxy_all 2920.Pq Vt bool 2921If set to 2922.Dq Li YES , 2923enable global proxy ARP. 2924.It Va forward_sourceroute 2925.Pq Vt bool 2926If set to 2927.Dq Li YES 2928and 2929.Va gateway_enable 2930is also set to 2931.Dq Li YES , 2932source-routed packets are forwarded. 2933.It Va accept_sourceroute 2934.Pq Vt bool 2935If set to 2936.Dq Li YES , 2937the system will accept source-routed packets directed at it. 2938.It Va rarpd_enable 2939.Pq Vt bool 2940If set to 2941.Dq Li YES , 2942run the 2943.Xr rarpd 8 2944daemon at system boot time. 2945.It Va rarpd_flags 2946.Pq Vt str 2947If 2948.Va rarpd_enable 2949is set to 2950.Dq Li YES , 2951these are the flags to pass to the 2952.Xr rarpd 8 2953daemon. 2954.It Va bootparamd_enable 2955.Pq Vt bool 2956If set to 2957.Dq Li YES , 2958run the 2959.Xr bootparamd 8 2960daemon at system boot time. 2961.It Va bootparamd_flags 2962.Pq Vt str 2963If 2964.Va bootparamd_enable 2965is set to 2966.Dq Li YES , 2967these are the flags to pass to the 2968.Xr bootparamd 8 2969daemon. 2970.It Va stf_interface_ipv4addr 2971.Pq Vt str 2972If not set to 2973.Dq Li NO , 2974this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2975interface). 2976Specify this entry to enable the 6to4 interface. 2977.It Va stf_interface_ipv4plen 2978.Pq Vt int 2979Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2980An effective value is 0-31. 2981.It Va stf_interface_ipv6_ifid 2982.Pq Vt str 2983IPv6 interface ID for 2984.Xr stf 4 . 2985This can be set to 2986.Dq Li AUTO . 2987.It Va stf_interface_ipv6_slaid 2988.Pq Vt str 2989IPv6 Site Level Aggregator for 2990.Xr stf 4 . 2991.It Va ipv6_ipv4mapping 2992.Pq Vt bool 2993If set to 2994.Dq Li YES 2995this enables IPv4 mapped IPv6 address communication (like 2996.Li ::ffff:a.b.c.d ) . 2997.It Va rtsold_enable 2998.Pq Vt bool 2999Set to 3000.Dq Li YES 3001to enable the 3002.Xr rtsold 8 3003daemon to send ICMPv6 Router Solicitation messages. 3004.It Va rtsold_flags 3005.Pq Vt str 3006If 3007.Va rtsold_enable 3008is set to 3009.Dq Li YES , 3010these are the flags to pass to 3011.Xr rtsold 8 . 3012.It Va rtsol_flags 3013.Pq Vt str 3014For interfaces configured with the 3015.Dq Li inet6 accept_rtadv 3016keyword, these are the flags to pass to 3017.Xr rtsol 8 . 3018.Pp 3019Note that 3020.Va rtsold_enable 3021is mutually exclusive to 3022.Va rtsol_flags ; 3023.Va rtsold_enable 3024takes precedence. 3025.It Va keybell 3026.Pq Vt str 3027The keyboard bell sound. 3028Set to 3029.Dq Li normal , 3030.Dq Li visual , 3031.Dq Li off , 3032or 3033.Dq Li NO 3034if the default behavior is desired. 3035For details, refer to the 3036.Xr kbdcontrol 1 3037manpage. 3038.It Va keyboard 3039.Pq Vt str 3040If set to a non-null string, the virtual console's keyboard input is 3041set to this device. 3042.It Va keymap 3043.Pq Vt str 3044If set to 3045.Dq Li NO , 3046no keymap is installed, otherwise the value is used to install 3047the keymap file found in 3048.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3049(if using 3050.Xr syscons 4 ) or 3051.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3052(if using 3053.Xr vt 4 ) . 3054.It Va keyrate 3055.Pq Vt str 3056The keyboard repeat speed. 3057Set to 3058.Dq Li slow , 3059.Dq Li normal , 3060.Dq Li fast , 3061or 3062.Dq Li NO 3063if the default behavior is desired. 3064.It Va keychange 3065.Pq Vt str 3066If not set to 3067.Dq Li NO , 3068attempt to program the function keys with the value. 3069The value should 3070be a single string of the form: 3071.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3072.It Va cursor 3073.Pq Vt str 3074Can be set to the value of 3075.Dq Li normal , 3076.Dq Li blink , 3077.Dq Li destructive , 3078or 3079.Dq Li NO 3080to set the cursor behavior explicitly or choose the default behavior. 3081.It Va scrnmap 3082.Pq Vt str 3083If set to 3084.Dq Li NO , 3085no screen map is installed, otherwise the value is used to install 3086the screen map file in 3087.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3088This parameter is ignored when using 3089.Xr vt 4 3090as the console driver. 3091.It Va font8x16 3092.Pq Vt str 3093If set to 3094.Dq Li NO , 3095the default 8x16 font value is used for screen size requests, otherwise 3096the value in 3097.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3098or 3099.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3100is used (depending on the console driver being used). 3101.It Va font8x14 3102.Pq Vt str 3103If set to 3104.Dq Li NO , 3105the default 8x14 font value is used for screen size requests, otherwise 3106the value in 3107.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3108or 3109.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3110is used (depending on the console driver being used). 3111.It Va font8x8 3112.Pq Vt str 3113If set to 3114.Dq Li NO , 3115the default 8x8 font value is used for screen size requests, otherwise 3116the value in 3117.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3118or 3119.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3120is used (depending on the console driver being used). 3121.It Va blanktime 3122.Pq Vt int 3123If set to 3124.Dq Li NO , 3125the default screen blanking interval is used, otherwise it is set 3126to 3127.Ar value 3128seconds. 3129.It Va saver 3130.Pq Vt str 3131If not set to 3132.Dq Li NO , 3133this is the actual screen saver to use 3134.Li ( blank , snake , daemon , 3135etc). 3136.It Va moused_nondefault_enable 3137.Pq Vt str 3138If set to 3139.Dq Li NO , 3140the mouse device specified on 3141the command line is not automatically treated as enabled by the 3142.Pa /etc/rc.d/moused 3143script. 3144Having this variable set to 3145.Dq Li YES 3146allows a 3147.Xr usb 4 3148mouse, 3149for example, 3150to be enabled as soon as it is plugged in. 3151.It Va moused_enable 3152.Pq Vt str 3153If set to 3154.Dq Li YES , 3155the 3156.Xr moused 8 3157daemon is started for doing cut/paste selection on the console. 3158.It Va moused_type 3159.Pq Vt str 3160This is the protocol type of the mouse connected to this host. 3161This variable must be set if 3162.Va moused_enable 3163is set to 3164.Dq Li YES . 3165The 3166.Xr moused 8 3167daemon 3168is able to detect the appropriate mouse type automatically in many cases. 3169Set this variable to 3170.Dq Li auto 3171to let the daemon detect it, or 3172select one from the following list if the automatic detection fails. 3173.Pp 3174If the mouse is attached to the PS/2 mouse port, choose 3175.Dq Li auto 3176or 3177.Dq Li ps/2 , 3178regardless of the brand and model of the mouse. 3179Likewise, if the 3180mouse is attached to the bus mouse port, choose 3181.Dq Li auto 3182or 3183.Dq Li busmouse . 3184All other protocols are for serial mice and will not work with 3185the PS/2 and bus mice. 3186If this is a USB mouse, 3187.Dq Li auto 3188is the only protocol type which will work. 3189.Pp 3190.Bl -tag -width ".Li x10mouseremote" -compact 3191.It Li microsoft 3192Microsoft mouse (serial) 3193.It Li intellimouse 3194Microsoft IntelliMouse (serial) 3195.It Li mousesystems 3196Mouse systems Corp.\& mouse (serial) 3197.It Li mmseries 3198MM Series mouse (serial) 3199.It Li logitech 3200Logitech mouse (serial) 3201.It Li busmouse 3202A bus mouse 3203.It Li mouseman 3204Logitech MouseMan and TrackMan (serial) 3205.It Li glidepoint 3206ALPS GlidePoint (serial) 3207.It Li thinkingmouse 3208Kensington ThinkingMouse (serial) 3209.It Li ps/2 3210PS/2 mouse 3211.It Li mmhittab 3212MM HitTablet (serial) 3213.It Li x10mouseremote 3214X10 MouseRemote (serial) 3215.It Li versapad 3216Interlink VersaPad (serial) 3217.El 3218.Pp 3219Even if the mouse is not in the above list, it may be compatible 3220with one in the list. 3221Refer to the manual page for 3222.Xr moused 8 3223for compatibility information. 3224.Pp 3225It should also be noted that while this is enabled, any 3226other client of the mouse (such as an X server) should access 3227the mouse through the virtual mouse device, 3228.Pa /dev/sysmouse , 3229and configure it as a 3230.Dq Li sysmouse 3231type mouse, since all 3232mouse data is converted to this single canonical format when 3233using 3234.Xr moused 8 . 3235If the client program does not support the 3236.Dq Li sysmouse 3237type, 3238specify the 3239.Dq Li mousesystems 3240type. 3241It is the second preferred type. 3242.It Va moused_port 3243.Pq Vt str 3244If 3245.Va moused_enable 3246is set to 3247.Dq Li YES , 3248this is the actual port the mouse is on. 3249It might be 3250.Pa /dev/cuau0 3251for a COM1 serial mouse, 3252.Pa /dev/psm0 3253for a PS/2 mouse or 3254.Pa /dev/mse0 3255for a bus mouse, for example. 3256.It Va moused_flags 3257.Pq Vt str 3258If 3259.Va moused_flags 3260is set, its value is used as an additional set of flags to pass to the 3261.Xr moused 8 3262daemon. 3263.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3264When 3265.Va moused_nondefault_enable 3266is enabled, and a 3267.Xr moused 8 3268daemon is started for a non-default port, the 3269.Va "moused_" Ns Ar XXX Ns Va "_flags" 3270set of options has precedence over and replaces the default 3271.Va moused_flags 3272(where 3273.Ar XXX 3274is the name of the non-default port, i.e.,\& 3275.Ar ums0 ) . 3276By setting 3277.Va "moused_" Ns Ar XXX Ns Va "_flags" 3278it is possible to set up a different set of default flags for each 3279.Xr moused 8 3280instance. 3281For example, you can use 3282.Dq Li "-3" 3283for the default 3284.Va moused_flags 3285to make your laptop's touchpad more comfortable to use, 3286but an empty set of options for 3287.Va moused_ums0_flags 3288when your 3289.Xr usb 4 3290mouse has three or more buttons. 3291.It Va mousechar_start 3292.Pq Vt int 3293If set to 3294.Dq Li NO , 3295the default mouse cursor character range 3296.Li 0xd0 Ns - Ns Li 0xd3 3297is used, 3298otherwise the range start is set 3299to 3300.Ar value 3301character, see 3302.Xr vidcontrol 1 . 3303Use if the default range is occupied in the language code table. 3304.It Va allscreens_flags 3305.Pq Vt str 3306If set, 3307.Xr vidcontrol 1 3308is run with these options for each of the virtual terminals 3309.Pq Pa /dev/ttyv* . 3310For example, 3311.Dq Fl m Cm on 3312will enable the mouse pointer on all virtual terminals 3313if 3314.Va moused_enable 3315is set to 3316.Dq Li YES . 3317.It Va allscreens_kbdflags 3318.Pq Vt str 3319If set, 3320.Xr kbdcontrol 1 3321is run with these options for each of the virtual terminals 3322.Pq Pa /dev/ttyv* . 3323For example, 3324.Dq Fl h Li 200 3325will set the 3326.Xr syscons 4 3327or 3328.Xr vt 4 3329scrollback (history) buffer to 200 lines. 3330.It Va cron_enable 3331.Pq Vt bool 3332If set to 3333.Dq Li YES , 3334run the 3335.Xr cron 8 3336daemon at system boot time. 3337.It Va cron_program 3338.Pq Vt str 3339Path to 3340.Xr cron 8 3341(default 3342.Pa /usr/sbin/cron ) . 3343.It Va cron_flags 3344.Pq Vt str 3345If 3346.Va cron_enable 3347is set to 3348.Dq Li YES , 3349these are the flags to pass to 3350.Xr cron 8 . 3351.It Va cron_dst 3352.Pq Vt bool 3353If set to 3354.Dq Li YES , 3355enable the special handling of transitions to and from the 3356Daylight Saving Time in 3357.Xr cron 8 3358(equivalent to using the flag 3359.Fl s ) . 3360.It Va lpd_program 3361.Pq Vt str 3362Path to 3363.Xr lpd 8 3364(default 3365.Pa /usr/sbin/lpd ) . 3366.It Va lpd_enable 3367.Pq Vt bool 3368If set to 3369.Dq Li YES , 3370run the 3371.Xr lpd 8 3372daemon at system boot time. 3373.It Va lpd_flags 3374.Pq Vt str 3375If 3376.Va lpd_enable 3377is set to 3378.Dq Li YES , 3379these are the flags to pass to the 3380.Xr lpd 8 3381daemon. 3382.It Va chkprintcap_enable 3383.Pq Vt bool 3384If set to 3385.Dq Li YES , 3386run the 3387.Xr chkprintcap 8 3388command before starting the 3389.Xr lpd 8 3390daemon. 3391.It Va chkprintcap_flags 3392.Pq Vt str 3393If 3394.Va lpd_enable 3395and 3396.Va chkprintcap_enable 3397are set to 3398.Dq Li YES , 3399these are the flags to pass to the 3400.Xr chkprintcap 8 3401program. 3402The default is 3403.Dq Li -d , 3404which causes missing directories to be created. 3405.It Va mta_start_script 3406.Pq Vt str 3407This variable specifies the full path to the script to run to start 3408a mail transfer agent. 3409The default is 3410.Pa /etc/rc.sendmail . 3411The 3412.Va sendmail_* 3413variables which 3414.Pa /etc/rc.sendmail 3415uses are documented in the 3416.Xr rc.sendmail 8 3417manual page. 3418.It Va dumpdev 3419.Pq Vt str 3420Indicates the device (usually a swap partition) to which a crash dump 3421should be written in the event of a system crash. 3422If the value of this variable is 3423.Dq Li AUTO , 3424the first suitable swap device listed in 3425.Pa /etc/fstab 3426will be used as dump device. 3427Otherwise, the value of this variable is passed as the argument to 3428.Xr dumpon 8 . 3429To disable crash dumps, set this variable to 3430.Dq Li NO . 3431.It Va dumpon_flags 3432.Pq Vt str 3433Flags to pass to 3434.Xr dumpon 8 3435when configuring 3436.Va dumpdev 3437as the system dump device. 3438.It Va dumpdir 3439.Pq Vt str 3440When the system reboots after a crash and a crash dump is found on the 3441device specified by the 3442.Va dumpdev 3443variable, 3444.Xr savecore 8 3445will save that crash dump and a copy of the kernel to the directory 3446specified by the 3447.Va dumpdir 3448variable. 3449The default value is 3450.Pa /var/crash . 3451Set to 3452.Dq Li NO 3453to not run 3454.Xr savecore 8 3455at boot time when 3456.Va dumpdir 3457is set. 3458.It Va savecore_enable 3459.Pq Vt bool 3460If set to 3461.Dq Li NO , 3462disable automatic extraction of the crash dump from the 3463.Va dumpdev . 3464.It Va savecore_flags 3465.Pq Vt str 3466If crash dumps are enabled, these are the flags to pass to the 3467.Xr savecore 8 3468utility. 3469.It Va quota_enable 3470.Pq Vt bool 3471Set to 3472.Dq Li YES 3473to turn on user and group disk quotas on system startup via the 3474.Xr quotaon 8 3475command for all file systems marked as having quotas enabled in 3476.Pa /etc/fstab . 3477The kernel must be built with 3478.Cd "options QUOTA" 3479for disk quotas to function. 3480.It Va check_quotas 3481.Pq Vt bool 3482Set to 3483.Dq Li YES 3484to enable user and group disk quota checking via the 3485.Xr quotacheck 8 3486command. 3487.It Va quotacheck_flags 3488.Pq Vt str 3489If 3490.Va quota_enable 3491is set to 3492.Dq Li YES , 3493and 3494.Va check_quotas 3495is set to 3496.Dq Li YES , 3497these are the flags to pass to the 3498.Xr quotacheck 8 3499utility. 3500The default is 3501.Dq Li "-a" , 3502which checks quotas for all file systems with quotas enabled in 3503.Pa /etc/fstab . 3504.It Va quotaon_flags 3505.Pq Vt str 3506If 3507.Va quota_enable 3508is set to 3509.Dq Li YES , 3510these are the flags to pass to the 3511.Xr quotaon 8 3512utility. 3513The default is 3514.Dq Li "-a" , 3515which enables quotas for all file systems with quotas enabled in 3516.Pa /etc/fstab . 3517.It Va quotaoff_flags 3518.Pq Vt str 3519If 3520.Va quota_enable 3521is set to 3522.Dq Li YES , 3523these are the flags to pass to the 3524.Xr quotaoff 8 3525utility when shutting down the quota system. 3526The default is 3527.Dq Li "-a" , 3528which disables quotas for all file systems with quotas enabled in 3529.Pa /etc/fstab . 3530.It Va accounting_enable 3531.Pq Vt bool 3532Set to 3533.Dq Li YES 3534to enable system accounting through the 3535.Xr accton 8 3536facility. 3537.It Va ibcs2_enable 3538.Pq Vt bool 3539Set to 3540.Dq Li YES 3541to enable iBCS2 (SCO) binary emulation at system initial boot 3542time. 3543.It Va ibcs2_loaders 3544.Pq Vt str 3545If not set to 3546.Dq Li NO 3547and if 3548.Va ibcs2_enable 3549is set to 3550.Dq Li YES , 3551this specifies a list of additional iBCS2 loaders to enable. 3552.It Va firstboot_sentinel 3553.Pq Vt str 3554This variable specifies the full path to a 3555.Dq first boot 3556sentinel file. 3557If a file exists with this path, 3558.Pa rc.d 3559scripts with the 3560.Dq firstboot 3561keyword will be run on startup and the sentinel file will be deleted 3562after the boot process completes. 3563The sentinel file must be located on a writable file system which is 3564mounted no later than 3565.Va early_late_divider 3566to function properly. 3567The default is 3568.Pa /firstboot . 3569.It Va linux_enable 3570.Pq Vt bool 3571Set to 3572.Dq Li YES 3573to enable Linux/ELF binary emulation at system initial 3574boot time. 3575.It Va sysvipc_enable 3576.Pq Vt bool 3577If set to 3578.Dq Li YES , 3579load System V IPC primitives at boot time. 3580.It Va clear_tmp_enable 3581.Pq Vt bool 3582Set to 3583.Dq Li YES 3584to have 3585.Pa /tmp 3586cleaned at startup. 3587.It Va clear_tmp_X 3588.Pq Vt bool 3589Set to 3590.Dq Li NO 3591to disable removing of X11 lock files, 3592and the removal and (secure) recreation 3593of the various socket directories for X11 3594related programs. 3595.It Va ldconfig_paths 3596.Pq Vt str 3597Set to the list of shared library paths to use with 3598.Xr ldconfig 8 . 3599NOTE: 3600.Pa /usr/lib 3601will always be added first, so it need not appear in this list. 3602.It Va ldconfig32_paths 3603.Pq Vt str 3604Set to the list of 32-bit compatibility shared library paths to 3605use with 3606.Xr ldconfig 8 . 3607.It Va ldconfig_paths_aout 3608.Pq Vt str 3609Set to the list of shared library paths to use with 3610.Xr ldconfig 8 3611legacy 3612.Xr a.out 5 3613support. 3614.It Va ldconfig_insecure 3615.Pq Vt bool 3616The 3617.Xr ldconfig 8 3618utility normally refuses to use directories 3619which are writable by anyone except root. 3620Set this variable to 3621.Dq Li YES 3622to disable that security check during system startup. 3623.It Va ldconfig_local_dirs 3624.Pq Vt str 3625Set to the list of local 3626.Xr ldconfig 8 3627directories. 3628The names of all files in the directories listed will be 3629passed as arguments to 3630.Xr ldconfig 8 . 3631.It Va ldconfig_local32_dirs 3632.Pq Vt str 3633Set to the list of local 32-bit compatibility 3634.Xr ldconfig 8 3635directories. 3636The names of all files in the directories listed will be 3637passed as arguments to 3638.Dq Nm ldconfig Fl 32 . 3639.It Va kern_securelevel_enable 3640.Pq Vt bool 3641Set to 3642.Dq Li YES 3643to set the kernel security level at system startup. 3644.It Va kern_securelevel 3645.Pq Vt int 3646The kernel security level to set at startup. 3647The allowed range of 3648.Ar value 3649ranges from \-1 (the compile time default) to 3 (the 3650most secure). 3651See 3652.Xr security 7 3653for the list of possible security levels and their effect 3654on system operation. 3655.It Va sshd_program 3656.Pq Vt str 3657Path to the SSH server program 3658.Pa ( /usr/sbin/sshd 3659is the default). 3660.It Va sshd_enable 3661.Pq Vt bool 3662Set to 3663.Dq Li YES 3664to start 3665.Xr sshd 8 3666at system boot time. 3667.It Va sshd_flags 3668.Pq Vt str 3669If 3670.Va sshd_enable 3671is set to 3672.Dq Li YES , 3673these are the flags to pass to the 3674.Xr sshd 8 3675daemon. 3676.It Va ftpd_program 3677.Pq Vt str 3678Path to the FTP server program 3679.Pa ( /usr/libexec/ftpd 3680is the default). 3681.It Va ftpd_enable 3682.Pq Vt bool 3683Set to 3684.Dq Li YES 3685to start 3686.Xr ftpd 8 3687as a stand-alone daemon at system boot time. 3688.It Va ftpd_flags 3689.Pq Vt str 3690If 3691.Va ftpd_enable 3692is set to 3693.Dq Li YES , 3694these are the additional flags to pass to the 3695.Xr ftpd 8 3696daemon. 3697.It Va watchdogd_enable 3698.Pq Vt bool 3699If set to 3700.Dq Li YES , 3701start the 3702.Xr watchdogd 8 3703daemon at boot time. 3704This requires that the kernel have been compiled with a 3705.Xr watchdog 4 3706compatible device. 3707.It Va watchdogd_flags 3708.Pq Vt str 3709If 3710.Va watchdogd_enable 3711is set to 3712.Dq Li YES , 3713these are the flags passed to the 3714.Xr watchdogd 8 3715daemon. 3716.It Va devfs_rulesets 3717.Pq Vt str 3718List of files containing sets of rules for 3719.Xr devfs 8 . 3720.It Va devfs_system_ruleset 3721.Pq Vt str 3722Rule name(s) to apply to the system 3723.Pa /dev 3724itself. 3725.It Va devfs_set_rulesets 3726.Pq Vt str 3727Pairs of already-mounted 3728.Pa dev 3729directories and rulesets that should be applied to them. 3730For example: /mount/dev=ruleset_name 3731.It Va devfs_load_rulesets 3732.Pq Vt bool 3733If set, always load the default rulesets listed in 3734.Va devfs_rulesets . 3735.It Va performance_cx_lowest 3736.Pq Vt str 3737CPU idle state to use while on AC power. 3738The string 3739.Dq Li LOW 3740indicates that 3741.Xr acpi 4 3742should use the lowest power state available while 3743.Dq Li HIGH 3744indicates that the lowest latency state (less power savings) should be used. 3745.It Va performance_cpu_freq 3746.Pq Vt str 3747CPU clock frequency to use while on AC power. 3748The string 3749.Dq Li LOW 3750indicates that 3751.Xr cpufreq 4 3752should use the lowest frequency available while 3753.Dq Li HIGH 3754indicates that the highest frequency (less power savings) should be used. 3755.It Va economy_cx_lowest 3756.Pq Vt str 3757CPU idle state to use when off AC power. 3758The string 3759.Dq Li LOW 3760indicates that 3761.Xr acpi 4 3762should use the lowest power state available while 3763.Dq Li HIGH 3764indicates that the lowest latency state (less power savings) should be used. 3765.It Va economy_cpu_freq 3766.Pq Vt str 3767CPU clock frequency to use when off AC power. 3768The string 3769.Dq Li LOW 3770indicates that 3771.Xr cpufreq 4 3772should use the lowest frequency available while 3773.Dq Li HIGH 3774indicates that the highest frequency (less power savings) should be used. 3775.It Va jail_enable 3776.Pq Vt bool 3777If set to 3778.Dq Li NO , 3779any configured jails will not be started. 3780.It Va jail_conf 3781.Pq Vt str 3782The configuration filename used by 3783.Xr jail 8 3784utility. 3785The default value is 3786.Pa /etc/jail.conf . 3787.It Va jail_parallel_start 3788.Pq Vt bool 3789If set to 3790.Dq Li YES , 3791all configured jails will be started in the background (in parallel). 3792.It Va jail_flags 3793.Pq Vt str 3794Unset by default. 3795When set, use as default value for 3796.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3797for every jail in 3798.Va jail_list . 3799.It Va jail_list 3800.Pq Vt str 3801A space-delimited list of jail names. 3802When left empty, all of the 3803.Xr jail 8 3804instances defined in the configuration file are started. 3805The names specified in this list control the jail startup order. 3806.Xr jail 8 3807instances missing from 3808.Va jail_list 3809must be started manually. 3810Note that a jail's 3811.Va depend 3812parameter in the configuration file may override this list. 3813.It Va jail_reverse_stop 3814.Pq Vt bool 3815When set to 3816.Dq Li YES , 3817all configured jails in 3818.Va jail_list 3819are stopped in reverse order. 3820.It Va jail_* variables 3821Note that older releases supported per-jail configuration via 3822.Nm 3823variables. 3824For example, 3825hostname of a jail named 3826.Li vjail 3827was able to be set by 3828.Li jail_vjail_hostname . 3829These per-jail configuration variables are now obsolete in favor of 3830.Xr jail 8 3831configuration file. 3832For backward compatibility, 3833when per-jail configuration variables are defined, 3834.Xr jail 8 3835configuration files are created as 3836.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3837and used. 3838.Pp 3839The following per-jail parameters are handled by 3840.Pa rc.d/jail 3841script out of their corresponding 3842.Nm 3843variables. 3844In addition to them, parameters in 3845.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3846will be added to the configuration file. 3847They must be a semi-colon 3848.Pq Ql \&; 3849delimited list of 3850.Dq key=value . 3851For more details, 3852see 3853.Xr jail 8 3854manual page. 3855.Bl -tag -width "host.hostname" -offset indent 3856.It Li path 3857set from 3858.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3859.It Li host.hostname 3860set from 3861.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3862.It Li exec.consolelog 3863set from 3864.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3865The default value is 3866.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3867.It Li interface 3868set from 3869.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3870.It Li vnet.interface 3871set from 3872.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3873This implies 3874.Li vnet 3875parameter will be enabled and cannot be specified with 3876.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3877.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3878and/or 3879.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3880at the same time. 3881.It Li fstab 3882set from 3883.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3884.It Li mount 3885set from 3886.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3887.It Li exec.fib 3888set from 3889.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3890.It Li exec.start 3891set from 3892.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3893The parameter name was 3894.Li command 3895in some older releases. 3896.It Li exec.prestart 3897set from 3898.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3899.It Li exec.poststart 3900set from 3901.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3902.It Li exec.stop 3903set from 3904.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3905.It Li exec.prestop 3906set from 3907.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3908.It Li exec.poststop 3909set from 3910.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3911.It Li ip4.addr 3912set if 3913.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3914or 3915.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3916contain IPv4 addresses 3917.It Li ip6.addr 3918set if 3919.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3920or 3921.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3922contain IPv6 addresses 3923.It Li allow.mount 3924set from 3925.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3926.It Li mount.devfs 3927set from 3928.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3929.It Li devfs_ruleset 3930set from 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3932This must be an integer, 3933not a string. 3934.It Li mount.fdescfs 3935set from 3936.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3937.It Li allow.set_hostname 3938set from 3939.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3940.It Li allow.rawsocket 3941set from 3942.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3943.It Li allow.sysvipc 3944set from 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3946.El 3947.\" ----------------------------------------------------- 3948.It Va harvest_mask 3949.Pq Vt int 3950Set to a bit-mask 3951representing the entropy sources 3952you wish to harvest. 3953Refer to 3954.Xr random 4 3955for more information. 3956.It Va entropy_dir 3957.Pq Vt str 3958Set to 3959.Dq Li NO 3960to disable caching entropy via 3961.Xr cron 8 . 3962Otherwise set to the directory 3963in which the entropy files are stored. 3964To be useful, 3965there must be 3966a system cron job 3967that regularly writes and rotates 3968files here. 3969All files found 3970will be used at boot time. 3971The default is 3972.Pa /var/db/entropy . 3973.It Va entropy_file 3974.Pq Vt str 3975Set to 3976.Dq Li NO 3977to disable caching entropy through reboots. 3978Otherwise set to the name 3979of a file used to store cached entropy. 3980This file should be located 3981on a file system that is readable 3982before all the volumes specified in 3983.Xr fstab 5 3984are mounted. 3985By default, 3986.Pa /entropy 3987is used, 3988but if 3989.Pa /var/db/entropy-file 3990is found it will also be used. 3991This will be of some use to 3992.Xr bsdinstall 8 . 3993.It Va entropy_boot_file 3994.Pq Vt str 3995Set to 3996.Dq Li NO 3997to disable 3998very early caching entropy 3999through reboots. 4000Otherwise set to the filename 4001used to read 4002very early reboot cached entropy. 4003This file should be located where 4004.Xr loader 8 4005can read it. 4006See also 4007.Xr loader.conf 5 . 4008The default location is 4009.Pa /boot/entropy . 4010.It Va entropy_save_sz 4011.Pq Vt int 4012Size of the entropy cache files saved by 4013.Nm save-entropy 4014periodically. 4015.It Va entropy_save_num 4016.Pq Vt int 4017Number of entropy cache files to save by 4018.Nm save-entropy 4019periodically. 4020.It Va ipsec_enable 4021.Pq Vt bool 4022Set to 4023.Dq Li YES 4024to run 4025.Xr setkey 8 4026on 4027.Va ipsec_file 4028at boot time. 4029.It Va ipsec_file 4030.Pq Vt str 4031Configuration file for 4032.Xr setkey 8 . 4033.It Va dmesg_enable 4034.Pq Vt bool 4035Set to 4036.Dq Li YES 4037to save 4038.Xr dmesg 8 4039to 4040.Pa /var/run/dmesg.boot 4041on boot. 4042.It Va rcshutdown_timeout 4043.Pq Vt int 4044If set, start a watchdog timer in the background which will terminate 4045.Pa rc.shutdown 4046if 4047.Xr shutdown 8 4048has not completed within the specified time (in seconds). 4049Notice that in addition to this soft timeout, 4050.Xr init 8 4051also applies a hard timeout for the execution of 4052.Pa rc.shutdown . 4053This is configured via 4054.Xr sysctl 8 4055variable 4056.Va kern.init_shutdown_timeout 4057and defaults to 120 seconds. 4058Setting the value of 4059.Va rcshutdown_timeout 4060to more than 120 seconds will have no effect until the 4061.Xr sysctl 8 4062variable 4063.Va kern.init_shutdown_timeout 4064is also increased. 4065.It Va virecover_enable 4066.Pq Vt bool 4067Set to 4068.Dq Li NO 4069to prevent the system from trying to 4070recover pre-maturely terminated 4071.Xr vi 1 4072sessions. 4073.It Va ugidfw_enable 4074.Pq Vt bool 4075Set to 4076.Dq Li YES 4077to load the 4078.Xr mac_bsdextended 4 4079module upon system initialization and load a default 4080ruleset file. 4081.It Va bsdextended_script 4082.Pq Vt str 4083The default 4084.Xr mac_bsdextended 4 4085ruleset file to load. 4086The default value of this variable is 4087.Pa /etc/rc.bsdextended . 4088.It Va newsyslog_enable 4089.Pq Vt bool 4090If set to 4091.Dq Li YES , 4092run 4093.Xr newsyslog 8 4094command at startup. 4095.It Va newsyslog_flags 4096.Pq Vt str 4097If 4098.Va newsyslog_enable 4099is set to 4100.Dq Li YES , 4101these are the flags to pass to the 4102.Xr newsyslog 8 4103program. 4104The default is 4105.Dq Li -CN , 4106which causes log files flagged with a 4107.Cm C 4108to be created. 4109.It Va mdconfig_md Ns Aq Ar X 4110.Pq Vt str 4111Arguments to 4112.Xr mdconfig 8 4113for 4114.Xr md 4 4115device 4116.Ar X . 4117At minimum a 4118.Fl t Ar type 4119must be specified and either a 4120.Fl s Ar size 4121for malloc or swap backed 4122.Xr md 4 4123devices or a 4124.Fl f Ar file 4125for vnode backed 4126.Xr md 4 4127devices. 4128Note that 4129.Va mdconfig_md Ns Aq Ar X 4130variables are evaluated until one variable is unset or null. 4131.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4132.Pq Vt str 4133Optional arguments passed to 4134.Xr newfs 8 4135to initialize 4136.Xr md 4 4137device 4138.Ar X . 4139.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4140.Pq Vt str 4141An ownership specification passed to 4142.Xr chown 8 4143after the specified 4144.Xr md 4 4145device 4146.Ar X 4147has been mounted. 4148Both the 4149.Xr md 4 4150device and the mount point will be changed. 4151.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4152.Pq Vt str 4153A mode string passed to 4154.Xr chmod 1 4155after the specified 4156.Xr md 4 4157device 4158.Ar X 4159has been mounted. 4160Both the 4161.Xr md 4 4162device and the mount point will be changed. 4163.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4164.Pq Vt str 4165Files to be copied to the mount point of the 4166.Xr md 4 4167device 4168.Ar X 4169after it has been mounted. 4170.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4171.Pq Vt str 4172Command to execute after the specified 4173.Xr md 4 4174device 4175.Ar X 4176has been mounted. 4177Note that the command is passed to 4178.Ic eval 4179and that both 4180.Va _dev 4181and 4182.Va _mp 4183variables can be used to reference respectively the 4184.Xr md 4 4185device and the mount point. 4186Assuming that the 4187.Xr md 4 4188device is 4189.Li md0 , 4190one could set the following: 4191.Bd -literal 4192mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4193.Ed 4194.It Va autobridge_interfaces 4195.Pq Vt str 4196Set to the list of bridge interfaces that will have newly arriving interfaces 4197checked against to be automatically added. 4198If not set to 4199.Dq Li NO 4200then for each whitespace separated 4201.Ar element 4202in the value, a 4203.Va autobridge_ Ns Aq Ar element 4204variable is assumed to exist which has a whitespace separated list of interface 4205names to match, these names can use wildcards. 4206For example: 4207.Bd -literal 4208autobridge_interfaces="bridge0" 4209autobridge_bridge0="tap* dc0 vlan[345]" 4210.Ed 4211.It Va mixer_enable 4212.Pq Vt bool 4213If set to 4214.Dq Li YES , 4215enable support for sound mixer. 4216.It Va hcsecd_enable 4217.Pq Vt bool 4218If set to 4219.Dq Li YES , 4220enable Bluetooth security daemon. 4221.It Va hcsecd_config 4222.Pq Vt str 4223Configuration file for 4224.Xr hcsecd 8 . 4225Default 4226.Pa /etc/bluetooth/hcsecd.conf . 4227.It Va sdpd_enable 4228.Pq Vt bool 4229If set to 4230.Dq Li YES , 4231enable Bluetooth Service Discovery Protocol daemon. 4232.It Va sdpd_control 4233.Pq Vt str 4234Path to 4235.Xr sdpd 8 4236control socket. 4237Default 4238.Pa /var/run/sdp . 4239.It Va sdpd_groupname 4240.Pq Vt str 4241Sets 4242.Xr sdpd 8 4243group to run as after it initializes. 4244Default 4245.Dq Li nobody . 4246.It Va sdpd_username 4247.Pq Vt str 4248Sets 4249.Xr sdpd 8 4250user to run as after it initializes. 4251Default 4252.Dq Li nobody . 4253.It Va bthidd_enable 4254.Pq Vt bool 4255If set to 4256.Dq Li YES , 4257enable Bluetooth Human Interface Device daemon. 4258.It Va bthidd_config 4259.Pq Vt str 4260Configuration file for 4261.Xr bthidd 8 . 4262Default 4263.Pa /etc/bluetooth/bthidd.conf . 4264.It Va bthidd_hids 4265.Pq Vt str 4266Path to a file, where 4267.Xr bthidd 8 4268will store information about known HID devices. 4269Default 4270.Pa /var/db/bthidd.hids . 4271.It Va rfcomm_pppd_server_enable 4272.Pq Vt bool 4273If set to 4274.Dq Li YES , 4275enable Bluetooth RFCOMM PPP wrapper daemon. 4276.It Va rfcomm_pppd_server_profile 4277.Pq Vt str 4278The name of the profile to use from 4279.Pa /etc/ppp/ppp.conf . 4280Multiple profiles can be specified here. 4281Also used to specify per-profile overrides. 4282When the profile name contains any of the characters 4283.Dq Li .-/+ 4284they are translated to 4285.Dq Li _ 4286for the proposes of the override variable names. 4287.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4288.Pq Vt str 4289Overrides local address to listen on. 4290By default 4291.Xr rfcomm_pppd 8 4292will listen on 4293.Dq Li ANY 4294address. 4295The address can be specified as BD_ADDR or name. 4296.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4297.Pq Vt str 4298Overrides local RFCOMM channel to listen on. 4299By default 4300.Xr rfcomm_pppd 8 4301will listen on RFCOMM channel 1. 4302Must set properly if multiple profiles used in the same time. 4303.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4304.Pq Vt bool 4305Tells 4306.Xr rfcomm_pppd 8 4307if it should register Serial Port service on the specified RFCOMM channel. 4308Default 4309.Dq Li NO . 4310.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4311.Pq Vt bool 4312Tells 4313.Xr rfcomm_pppd 8 4314if it should register Dial-Up Networking service on the specified 4315RFCOMM channel. 4316Default 4317.Dq Li NO . 4318.It Va ubthidhci_enable 4319.Pq Vt bool 4320If set to 4321.Dq Li YES , 4322change the USB Bluetooth controller from HID mode to HCI mode. 4323You also need to specify the location of USB Bluetooth controller with the 4324.Va ubthidhci_busnum 4325and 4326.Va ubthidhci_addr 4327variables. 4328.It Va ubthidhci_busnum 4329Bus number where the USB Bluetooth controller is located. 4330Check the output of 4331.Xr usbconfig 8 4332on your system to find this information. 4333.It Va ubthidhci_addr 4334Bus address of the USB Bluetooth controller. 4335Check the output of 4336.Xr usbconfig 8 4337on your system to find this information. 4338.It Va netwait_enable 4339.Pq Vt bool 4340If set to 4341.Dq Li YES , 4342delays the start of network-reliant services until 4343.Va netwait_if 4344is up and ICMP packets to a destination defined in 4345.Va netwait_ip 4346are flowing. 4347Link state is examined first, followed by 4348.Dq Li pinging 4349an IP address to verify network usability. 4350If no destination can be reached or timeouts are exceeded, 4351network services are started anyway with no guarantee that 4352the network is usable. 4353Use of this variable requires both 4354.Va netwait_ip 4355and 4356.Va netwait_if 4357to be set. 4358.It Va netwait_ip 4359.Pq Vt str 4360Empty by default. 4361This variable contains a space-delimited list of IP addresses to 4362.Xr ping 8 . 4363DNS hostnames should not be used as resolution is not guaranteed 4364to be functional at this point. 4365If multiple IP addresses are specified, 4366each will be tried until one is successful or the list is exhausted. 4367.It Va netwait_timeout 4368.Pq Vt int 4369Indicates the total number of seconds to perform a 4370.Dq Li ping 4371against each IP address in 4372.Va netwait_ip , 4373at a rate of one ping per second. 4374If any of the pings are successful, 4375full network connectivity is considered reliable. 4376The default is 60. 4377.It Va netwait_if 4378.Pq Vt str 4379Empty by default. 4380Defines the name of the network interface on which watch for link. 4381.Xr ifconfig 8 4382is used to monitor the interface, looking for 4383.Dq Li status: no carrier . 4384Once gone, the link is considered up. 4385This can be a 4386.Xr vlan 4 4387interface if desired. 4388.It Va netwait_if_timeout 4389.Pq Vt int 4390Defines the total number of seconds to wait for link to become usable, 4391polled at a 1-second interval. 4392The default is 30. 4393.It Va rctl_enable 4394.Pq Vt bool 4395If set to 4396.Dq Li YES , 4397load 4398.Xr rctl 8 4399rules from the defined ruleset. 4400The kernel must be built with 4401.Cd "options RACCT" 4402and 4403.Cd "options RCTL" . 4404.It Va rctl_rules 4405.Pq Vt str 4406Set to 4407.Pa /etc/rctl.conf 4408by default. 4409This variables contains the 4410.Xr rctl.conf 5 4411ruleset to load for 4412.Xr rctl 8 . 4413.It Va iovctl_files 4414.Pq Vt str 4415A space-separated list of configuration files used by 4416.Xr iovctl 8 . 4417The default value is an empty string. 4418.It Va autofs_enable 4419.Pq Vt bool 4420If set to 4421.Dq Li YES , 4422start the 4423.Xr automount 8 4424utility and the 4425.Xr automountd 8 4426and 4427.Xr autounmountd 8 4428daemons at boot time. 4429.It Va automount_flags 4430.Pq Vt str 4431If 4432.Va autofs_enable 4433is set to 4434.Dq Li YES , 4435these are the flags to pass to the 4436.Xr automount 8 4437program. 4438By default no flags are passed. 4439.It Va automountd_flags 4440.Pq Vt str 4441If 4442.Va autofs_enable 4443is set to 4444.Dq Li YES , 4445these are the flags to pass to the 4446.Xr automountd 8 4447daemon. 4448By default no flags are passed. 4449.It Va autounmountd_flags 4450.Pq Vt str 4451If 4452.Va autofs_enable 4453is set to 4454.Dq Li YES , 4455these are the flags to pass to the 4456.Xr autounmountd 8 4457daemon. 4458By default no flags are passed. 4459.It Va ctld_enable 4460.Pq Vt bool 4461If set to 4462.Dq Li YES , 4463start the 4464.Xr ctld 8 4465daemon at boot time. 4466.It Va iscsid_enable 4467.Pq Vt bool 4468If set to 4469.Dq Li YES , 4470start the 4471.Xr iscsid 8 4472daemon at boot time. 4473.It Va iscsictl_enable 4474.Pq Vt bool 4475If set to 4476.Dq Li YES , 4477start the 4478.Xr iscsictl 8 4479utility at boot time. 4480.It Va iscsictl_flags 4481.Pq Vt str 4482If 4483.Va iscsictl_enable 4484is set to 4485.Dq Li YES , 4486these are the flags to pass to the 4487.Xr iscsictl 8 4488program. 4489The default is 4490.Dq Li -Aa , 4491which configures sessions based on the 4492.Pa /etc/iscsi.conf 4493configuration file. 4494.It Va cfumass_enable 4495.Pq Vt bool 4496If set to 4497.Dq Li YES , 4498create and export an USB LUN using 4499.Xr cfumass 4 4500at boot time. 4501.It Va cfumass_dir 4502.Pq Vt str 4503The directory where the files exported by USB LUN are located. 4504The default directory is 4505.Pa /var/cfumass . 4506.El 4507.Sh FILES 4508.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4509.It Pa /etc/defaults/rc.conf 4510.It Pa /etc/rc.conf 4511.It Pa /etc/rc.conf.local 4512.El 4513.Sh SEE ALSO 4514.Xr chmod 1 , 4515.Xr gdb 1 , 4516.Xr info 1 , 4517.Xr kbdcontrol 1 , 4518.Xr makewhatis 1 , 4519.Xr sh 1 , 4520.Xr vi 1 , 4521.Xr vidcontrol 1 , 4522.Xr bridge 4 , 4523.Xr dummynet 4 , 4524.Xr ip 4 , 4525.Xr ipf 4 , 4526.Xr ipfw 4 , 4527.Xr ipnat 4 , 4528.Xr kld 4 , 4529.Xr pf 4 , 4530.Xr pflog 4 , 4531.Xr pfsync 4 , 4532.Xr tcp 4 , 4533.Xr udp 4 , 4534.Xr exports 5 , 4535.Xr fstab 5 , 4536.Xr ipf 5 , 4537.Xr ipnat 5 , 4538.Xr jail.conf 5 , 4539.Xr loader.conf 5 , 4540.Xr motd 5 , 4541.Xr newsyslog.conf 5 , 4542.Xr pf.conf 5 , 4543.Xr security 7 , 4544.Xr accton 8 , 4545.Xr amd 8 , 4546.Xr apm 8 , 4547.Xr bsdinstall 8 , 4548.Xr bthidd 8 , 4549.Xr chkprintcap 8 , 4550.Xr chown 8 , 4551.Xr cron 8 , 4552.Xr devfs 8 , 4553.Xr dhclient 8 , 4554.Xr ftpd 8 , 4555.Xr geli 8 , 4556.Xr hcsecd 8 , 4557.Xr ifconfig 8 , 4558.Xr inetd 8 , 4559.Xr iovctl 8 , 4560.Xr ipf 8 , 4561.Xr ipfw 8 , 4562.Xr ipnat 8 , 4563.Xr jail 8 , 4564.Xr kldxref 8 , 4565.Xr loader 8 , 4566.Xr lpd 8 , 4567.Xr mdconfig 8 , 4568.Xr mdmfs 8 , 4569.Xr mixer 8 , 4570.Xr mountd 8 , 4571.Xr moused 8 , 4572.Xr newfs 8 , 4573.Xr newsyslog 8 , 4574.Xr nfsd 8 , 4575.Xr ntpd 8 , 4576.Xr ntpdate 8 , 4577.Xr pfctl 8 , 4578.Xr pflogd 8 , 4579.Xr ping 8 , 4580.Xr powerd 8 , 4581.Xr quotacheck 8 , 4582.Xr quotaon 8 , 4583.Xr rc 8 , 4584.Xr rc.sendmail 8 , 4585.Xr rfcomm_pppd 8 , 4586.Xr route 8 , 4587.Xr routed 8 , 4588.Xr rpc.lockd 8 , 4589.Xr rpc.statd 8 , 4590.Xr rpcbind 8 , 4591.Xr rwhod 8 , 4592.Xr savecore 8 , 4593.Xr sdpd 8 , 4594.Xr sshd 8 , 4595.Xr swapon 8 , 4596.Xr sysctl 8 , 4597.Xr syslogd 8 , 4598.Xr sysrc 8 , 4599.Xr timed 8 , 4600.Xr unbound 8 , 4601.Xr usbconfig 8 , 4602.Xr wlandebug 8 , 4603.Xr yp 8 , 4604.Xr ypbind 8 , 4605.Xr ypserv 8 , 4606.Xr ypset 8 4607.Sh HISTORY 4608The 4609.Nm 4610file appeared in 4611.Fx 2.2.2 . 4612.Sh AUTHORS 4613.An Jordan K. Hubbard . 4614