1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd Sep 21, 2020 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va kld_list 255.Pq Vt str 256A whitespace-separated list of kernel modules to load right after 257the local disks are mounted, without any 258.Pa .ko 259extension or path. 260Loading modules at this point in the boot process is 261much faster than doing it via 262.Pa /boot/loader.conf 263for those modules not necessary for mounting local disks. 264.It Va kldxref_enable 265.Pq Vt bool 266Set to 267.Dq Li NO 268by default. 269Set to 270.Dq Li YES 271to automatically rebuild 272.Pa linker.hints 273files with 274.Xr kldxref 8 275at boot time. 276.It Va kldxref_clobber 277.Pq Vt bool 278Set to 279.Dq Li NO 280by default. 281If 282.Va kldxref_enable 283is true, 284setting to 285.Dq Li YES 286will overwrite existing 287.Pa linker.hints 288files at boot time. 289Otherwise, 290only missing 291.Pa linker.hints 292files are generated. 293.It Va kldxref_module_path 294.Pq Vt str 295Empty by default. 296A semi-colon 297.Pq Ql \&; 298delimited list of paths containing 299.Xr kld 4 300modules. 301If empty, 302the contents of the 303.Va kern.module_path 304.Xr sysctl 8 305are used. 306.It Va powerd_enable 307.Pq Vt bool 308If set to 309.Dq Li YES , 310enable the system power control facility with the 311.Xr powerd 8 312daemon. 313.It Va powerd_flags 314.Pq Vt str 315If 316.Va powerd_enable 317is set to 318.Dq Li YES , 319these are the flags to pass to the 320.Xr powerd 8 321daemon. 322.It Va tmpmfs 323Controls the creation of a 324.Pa /tmp 325memory file system. 326Always happens if set to 327.Dq Li YES 328and never happens if set to 329.Dq Li NO . 330If set to anything else, a memory file system is created if 331.Pa /tmp 332is not writable. 333.It Va tmpsize 334Controls the size of a created 335.Pa /tmp 336memory file system. 337.It Va tmpmfs_flags 338Extra options passed to the 339.Xr mdmfs 8 340utility when the memory file system for 341.Pa /tmp 342is created. 343The default is 344.Dq Li "-S" , 345which inhibits the use of softupdates on 346.Pa /tmp 347so that file system space is freed without delay 348after file truncation or deletion. 349See 350.Xr mdmfs 8 351for other options you can use in 352.Va tmpmfs_flags . 353.It Va varmfs 354Controls the creation of a 355.Pa /var 356memory file system. 357Always happens if set to 358.Dq Li YES 359and never happens if set to 360.Dq Li NO . 361If set to anything else, a memory file system is created if 362.Pa /var 363is not writable. 364.It Va varsize 365Controls the size of a created 366.Pa /var 367memory file system. 368.It Va varmfs_flags 369Extra options passed to the 370.Xr mdmfs 8 371utility when the memory file system for 372.Pa /var 373is created. 374The default is 375.Dq Li "-S" , 376which inhibits the use of softupdates on 377.Pa /var 378so that file system space is freed without delay 379after file truncation or deletion. 380See 381.Xr mdmfs 8 382for other options you can use in 383.Va varmfs_flags . 384.It Va populate_var 385Controls the automatic population of the 386.Pa /var 387file system. 388Always happens if set to 389.Dq Li YES 390and never happens if set to 391.Dq Li NO . 392If set to anything else, a memory file system is created if 393.Pa /var 394is not writable. 395Note that this process requires access to certain commands in 396.Pa /usr 397before 398.Pa /usr 399is mounted on normal systems. 400.It Va cleanvar_enable 401.Pq Vt bool 402Clean the 403.Pa /var 404directory. 405.It Va local_startup 406.Pq Vt str 407List of directories to search for startup script files. 408.It Va script_name_sep 409.Pq Vt str 410The field separator to use for breaking down the list of startup script files 411into individual filenames. 412The default is a space. 413It is not necessary to change this unless there are startup scripts with names 414containing spaces. 415.It Va hostapd_enable 416.Pq Vt bool 417Set to 418.Dq Li YES 419to start 420.Xr hostapd 8 421at system boot time. 422.It Va hostname 423.Pq Vt str 424The fully qualified domain name (FQDN) of this host on the network. 425This should almost certainly be set to something meaningful, even if 426there is no network connection. 427If 428.Xr dhclient 8 429is used to set the hostname via DHCP, 430this variable should be set to an empty string. 431Within a 432.Xr jail 8 433the hostname is generally already set and this variable may be absent. 434If this value remains unset when the system is done booting 435your console login will display the default hostname of 436.Dq Amnesiac . 437.It Va nisdomainname 438.Pq Vt str 439The NIS domain name of this host, or 440.Dq Li NO 441if NIS is not used. 442.It Va dhclient_program 443.Pq Vt str 444Path to the DHCP client program 445.Pa ( /sbin/dhclient , 446the 447.Ox 448DHCP client, 449is the default). 450.It Va dhclient_flags 451.Pq Vt str 452Additional flags to pass to the DHCP client program. 453For the 454.Ox 455DHCP client, see the 456.Xr dhclient 8 457manpage for a description of the command line options available. 458.It Va dhclient_flags_ Ns Aq Ar iface 459Additional flags to pass to the DHCP client program running on 460.Ar iface 461only. 462When specified, this variable overrides 463.Va dhclient_flags . 464.It Va background_dhclient 465.Pq Vt bool 466Set to 467.Dq Li YES 468to start the DHCP client in background. 469This can cause trouble with applications depending on 470a working network, but it will provide a faster startup 471in many cases. 472.It Va background_dhclient_ Ns Aq Ar iface 473When specified, this variable overrides the 474.Va background_dhclient 475variable for interface 476.Ar iface 477only. 478.It Va synchronous_dhclient 479.Pq Vt bool 480Set to 481.Dq Li YES 482to start 483.Xr dhclient 8 484synchronously at startup. 485This behavior can be overridden on a per-interface basis by replacing 486the 487.Dq Li DHCP 488keyword in the 489.Va ifconfig_ Ns Aq Ar interface 490variable with 491.Dq Li SYNCDHCP 492or 493.Dq Li NOSYNCDHCP . 494.It Va defaultroute_delay 495.Pq Vt int 496When set to a positive value, wait up to this long after configuring 497DHCP interfaces at startup to give the interfaces time to receive a lease. 498.It Va firewall_enable 499.Pq Vt bool 500Set to 501.Dq Li YES 502to load firewall rules at startup. 503If the kernel was not built with 504.Cd "options IPFIREWALL" , 505the 506.Pa ipfw.ko 507kernel module will be loaded. 508See also 509.Va ipfilter_enable . 510.It Va firewall_script 511.Pq Vt str 512This variable specifies the full path to the firewall script to run. 513The default is 514.Pa /etc/rc.firewall . 515.It Va firewall_type 516.Pq Vt str 517Names the firewall type from the selection in 518.Pa /etc/rc.firewall , 519or the file which contains the local firewall ruleset. 520Valid selections from 521.Pa /etc/rc.firewall 522are: 523.Pp 524.Bl -tag -width ".Li simple" -compact 525.It Li open 526unrestricted IP access 527.It Li closed 528all IP services disabled, except via 529.Dq Li lo0 530.It Li client 531basic protection for a workstation 532.It Li simple 533basic protection for a LAN. 534.El 535.Pp 536If a filename is specified, the full path 537must be given. 538.It Va firewall_quiet 539.Pq Vt bool 540Set to 541.Dq Li YES 542to disable the display of firewall rules on the console during boot. 543.It Va firewall_logging 544.Pq Vt bool 545Set to 546.Dq Li YES 547to enable firewall event logging. 548This is equivalent to the 549.Dv IPFIREWALL_VERBOSE 550kernel option. 551.It Va firewall_logif 552.Pq Vt bool 553Set to 554.Dq Li YES 555to create pseudo interface 556.Li ipfw0 557for logging. 558For more details, see 559.Xr ipfw 8 560manual page. 561.It Va firewall_flags 562.Pq Vt str 563Flags passed to 564.Xr ipfw 8 565if 566.Va firewall_type 567specifies a filename. 568.It Va firewall_coscripts 569.Pq Vt str 570List of executables and/or rc scripts to run after firewall starts/stops. 571Default is empty. 572.\" ----- firewall_nat_enable setting -------------------------------- 573.It Va firewall_nat_enable 574.Pq Vt bool 575The 576.Xr ipfw 8 577equivalent of 578.Va natd_enable . 579Setting this to 580.Dq Li YES 581will automatically load the 582.Xr ipfw 8 583NAT kernel module if 584.Va firewall_enable 585is also set to 586.Dq Li YES . 587.It Va firewall_nat_interface 588.Pq Vt str 589The 590.Xr ipfw 8 591equivalent of 592.Va natd_interface . 593This is the name of the public interface or IP address on which 594kernel NAT should run. 595.It Va firewall_nat_flags 596.Pq Vt str 597Additional configuration parameters for kernel NAT should be placed here. 598.It Va firewall_nat64_enable 599.Pq Vt bool 600Setting this to 601.Dq Li YES 602will automatically load the 603.Xr ipfw 8 604NAT64 kernel module if 605.Va firewall_enable 606is also set to 607.Dq Li YES . 608.It Va firewall_nptv6_enable 609.Pq Vt bool 610Setting this to 611.Dq Li YES 612will automatically load the 613.Xr ipfw 8 614NPTv6 kernel module if 615.Va firewall_enable 616is also set to 617.Dq Li YES . 618.It Va firewall_pmod_enable 619.Pq Vt bool 620Setting this to 621.Dq Li YES 622will automatically load the 623.Xr ipfw 8 624pmod kernel module if 625.Va firewall_enable 626is also set to 627.Dq Li YES . 628.It Va dummynet_enable 629.Pq Vt bool 630Setting this to 631.Dq Li YES 632will automatically load the 633.Xr dummynet 4 634module if 635.Va firewall_enable 636is also set to 637.Dq Li YES . 638.\" ------------------------------------------------------------------- 639.It Va ipfw_netflow_enable 640.Pq Vt bool 641Setting this to 642.Dq Li YES 643will enable netflow logging via 644.Xr ng_netflow 4 645.Pp 646By default a ipfw rule is inserted and all packets are duplicated with 647the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 648port using protocol version 5. 649.It Va ipfw_netflow_hook 650.Pq Vt int 651netflow hook name, must be numerical 652(default 653.Pa 9995 ) . 654.It Va ipfw_netflow_rule 655.Pq Vt int 656ipfw rule number 657(default 658.Pa 1000 ) . 659.It Va ipfw_netflow_ip 660.Pq Vt str 661Destination server ip for receiving netflow data 662(default 663.Pa 127.0.0.1 ) . 664.It Va ipfw_netflow_port 665.Pq Vt int 666Destination server port for receiving netflow data 667(default 668.Pa 9995 ) . 669.It Va ipfw_netflow_version 670.Pq Vt int 671Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 672.It Va ipfw_netflow_fib 673.Pq Vt int 674Only match packet in FIB 675.Pa ipfw_netflow_fib 676(default is undefined meaning all FIBs). 677.It Va natd_program 678.Pq Vt str 679Path to 680.Xr natd 8 . 681.It Va natd_enable 682.Pq Vt bool 683Set to 684.Dq Li YES 685to enable 686.Xr natd 8 . 687.Va firewall_enable 688must also be set to 689.Dq Li YES , 690and 691.Xr divert 4 692sockets must be enabled in the kernel. 693If the kernel was not built with 694.Cd "options IPDIVERT" , 695the 696.Pa ipdivert.ko 697kernel module will be loaded. 698.It Va natd_interface 699.Pq Vt str 700This is the name of the public interface on which 701.Xr natd 8 702should run. 703The interface may be given as an interface name or as an IP address. 704.It Va natd_flags 705.Pq Vt str 706Additional 707.Xr natd 8 708flags should be placed here. 709The 710.Fl n 711or 712.Fl a 713flag is automatically added with the above 714.Va natd_interface 715as an argument. 716.\" ----- ipfilter_enable setting -------------------------------- 717.It Va ipfilter_enable 718.Pq Vt bool 719Set to 720.Dq Li NO 721by default. 722Setting this to 723.Dq Li YES 724enables 725.Xr ipf 8 726packet filtering. 727.Pp 728Typical usage will require putting 729.Bd -literal 730ipfilter_enable="YES" 731ipnat_enable="YES" 732ipmon_enable="YES" 733ipfs_enable="YES" 734.Ed 735.Pp 736into 737.Pa /etc/rc.conf 738and editing 739.Pa /etc/ipf.rules 740and 741.Pa /etc/ipnat.rules 742appropriately. 743.Pp 744Note that 745.Va ipfilter_enable 746and 747.Va ipnat_enable 748can be enabled independently. 749.Va ipmon_enable 750and 751.Va ipfs_enable 752both require at least one of 753.Va ipfilter_enable 754and 755.Va ipnat_enable 756to be enabled. 757.Pp 758Having 759.Bd -literal 760options IPFILTER 761options IPFILTER_LOG 762options IPFILTER_DEFAULT_BLOCK 763.Ed 764.Pp 765in the kernel configuration file is a good idea, too. 766.\" ----- ipfilter_program setting ------------------------------ 767.It Va ipfilter_program 768.Pq Vt str 769Path to 770.Xr ipf 8 771(default 772.Pa /sbin/ipf ) . 773.\" ----- ipfilter_rules setting -------------------------------- 774.It Va ipfilter_rules 775.Pq Vt str 776Set to 777.Pa /etc/ipf.rules 778by default. 779This variable contains the name of the filter rule definition file. 780The file is expected to be readable for the 781.Xr ipf 8 782command to execute. 783.\" ----- ipv6_ipfilter_rules setting --------------------------- 784.It Va ipv6_ipfilter_rules 785.Pq Vt str 786Set to 787.Pa /etc/ipf6.rules 788by default. 789This variable contains the IPv6 filter rule definition file. 790The file is expected to be readable for the 791.Xr ipf 8 792command to execute. 793.\" ----- ipfilter_flags setting -------------------------------- 794.It Va ipfilter_flags 795.Pq Vt str 796Empty by default. 797This variable contains flags passed to the 798.Xr ipf 8 799program. 800.\" ----- ipnat_enable setting ---------------------------------- 801.It Va ipnat_enable 802.Pq Vt bool 803Set to 804.Dq Li NO 805by default. 806Set it to 807.Dq Li YES 808to enable 809.Xr ipnat 8 810network address translation. 811See 812.Va ipfilter_enable 813for a detailed discussion. 814.\" ----- ipnat_program setting --------------------------------- 815.It Va ipnat_program 816.Pq Vt str 817Path to 818.Xr ipnat 8 819(default 820.Pa /sbin/ipnat ) . 821.\" ----- ipnat_rules setting ----------------------------------- 822.It Va ipnat_rules 823.Pq Vt str 824Set to 825.Pa /etc/ipnat.rules 826by default. 827This variable contains the name of the file 828holding the network address translation definition. 829This file is expected to be readable for the 830.Xr ipnat 8 831command to execute. 832.\" ----- ipnat_flags setting ----------------------------------- 833.It Va ipnat_flags 834.Pq Vt str 835Empty by default. 836This variable contains flags passed to the 837.Xr ipnat 8 838program. 839.\" ----- ipmon_enable setting ---------------------------------- 840.It Va ipmon_enable 841.Pq Vt bool 842Set to 843.Dq Li NO 844by default. 845Set it to 846.Dq Li YES 847to enable 848.Xr ipmon 8 849monitoring (logging 850.Xr ipf 8 851and 852.Xr ipnat 8 853events). 854Setting this variable needs setting 855.Va ipfilter_enable 856or 857.Va ipnat_enable 858too. 859See 860.Va ipfilter_enable 861for a detailed discussion. 862.\" ----- ipmon_program setting --------------------------------- 863.It Va ipmon_program 864.Pq Vt str 865Path to 866.Xr ipmon 8 867(default 868.Pa /sbin/ipmon ) . 869.\" ----- ipmon_flags setting ----------------------------------- 870.It Va ipmon_flags 871.Pq Vt str 872Set to 873.Dq Li -Ds 874by default. 875This variable contains flags passed to the 876.Xr ipmon 8 877program. 878Another typical example would be 879.Dq Fl D Pa /var/log/ipflog 880to have 881.Xr ipmon 8 882log directly to a file bypassing 883.Xr syslogd 8 . 884Make sure to adjust 885.Pa /etc/newsyslog.conf 886in such case like this: 887.Bd -literal 888/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 889.Ed 890.\" ----- ipfs_enable setting ----------------------------------- 891.It Va ipfs_enable 892.Pq Vt bool 893Set to 894.Dq Li NO 895by default. 896Set it to 897.Dq Li YES 898to enable 899.Xr ipfs 8 900saving the filter and NAT state tables during shutdown 901and reloading them during startup again. 902Setting this variable needs setting 903.Va ipfilter_enable 904or 905.Va ipnat_enable 906to 907.Dq Li YES 908too. 909See 910.Va ipfilter_enable 911for a detailed discussion. 912Note that if 913.Va kern_securelevel 914is set to 3, 915.Va ipfs_enable 916cannot be used 917because the raised securelevel will prevent 918.Xr ipfs 8 919from saving the state tables at shutdown time. 920.\" ----- ipfs_program setting ---------------------------------- 921.It Va ipfs_program 922.Pq Vt str 923Path to 924.Xr ipfs 8 925(default 926.Pa /sbin/ipfs ) . 927.\" ----- ipfs_flags setting ------------------------------------ 928.It Va ipfs_flags 929.Pq Vt str 930Empty by default. 931This variable contains flags passed to the 932.Xr ipfs 8 933program. 934.\" ----- end of added ipf hook --------------------------------- 935.It Va pf_enable 936.Pq Vt bool 937Set to 938.Dq Li NO 939by default. 940Setting this to 941.Dq Li YES 942enables 943.Xr pf 4 944packet filtering. 945.Pp 946Typical usage will require putting 947.Pp 948.Dl pf_enable="YES" 949.Pp 950into 951.Pa /etc/rc.conf 952and editing 953.Pa /etc/pf.conf 954appropriately. 955Adding 956.Pp 957.Dl "device pf" 958.Pp 959builds support for 960.Xr pf 4 961into the kernel, otherwise the 962kernel module will be loaded. 963.It Va pf_rules 964.Pq Vt str 965Path to 966.Xr pf 4 967ruleset configuration file 968(default 969.Pa /etc/pf.conf ) . 970.It Va pf_program 971.Pq Vt str 972Path to 973.Xr pfctl 8 974(default 975.Pa /sbin/pfctl ) . 976.It Va pf_flags 977.Pq Vt str 978If 979.Va pf_enable 980is set to 981.Dq Li YES , 982these flags are passed to the 983.Xr pfctl 8 984program when loading the ruleset. 985.It Va pflog_enable 986.Pq Vt bool 987Set to 988.Dq Li NO 989by default. 990Setting this to 991.Dq Li YES 992enables 993.Xr pflogd 8 994which logs packets from the 995.Xr pf 4 996packet filter. 997.It Va pflog_logfile 998.Pq Vt str 999If 1000.Va pflog_enable 1001is set to 1002.Dq Li YES 1003this controls where 1004.Xr pflogd 8 1005stores the logfile 1006(default 1007.Pa /var/log/pflog ) . 1008Check 1009.Pa /etc/newsyslog.conf 1010to adjust logfile rotation for this. 1011.It Va pflog_program 1012.Pq Vt str 1013Path to 1014.Xr pflogd 8 1015(default 1016.Pa /sbin/pflogd ) . 1017.It Va pflog_flags 1018.Pq Vt str 1019Empty by default. 1020This variable contains additional flags passed to the 1021.Xr pflogd 8 1022program. 1023.It Va pflog_instances 1024.Pq Vt str 1025If logging to more than one 1026.Xr pflog 4 1027interface is desired, 1028.Va pflog_instances 1029is set to the list of 1030.Xr pflogd 8 1031instances that should be started at system boot time. 1032If 1033.Va pflog_instances 1034is set, for each whitespace-separated 1035.Ar element 1036in the list, 1037.Ao Ar element Ac Ns Va _dev 1038and 1039.Ao Ar element Ac Ns Va _logfile 1040elements are assumed to exist. 1041.Ao Ar element Ac Ns Va _dev 1042must contain the 1043.Xr pflog 4 1044interface to be watched by the named 1045.Xr pflogd 8 1046instance. 1047.Ao Ar element Ac Ns Va _logfile 1048must contain the name of the logfile that will be used by the 1049.Xr pflogd 8 1050instance. 1051.It Va ftpproxy_enable 1052.Pq Vt bool 1053Set to 1054.Dq Li NO 1055by default. 1056Setting this to 1057.Dq Li YES 1058enables 1059.Xr ftp-proxy 8 1060which supports the 1061.Xr pf 4 1062packet filter in translating ftp connections. 1063.It Va ftpproxy_flags 1064.Pq Vt str 1065Empty by default. 1066This variable contains additional flags passed to the 1067.Xr ftp-proxy 8 1068program. 1069.It Va ftpproxy_instances 1070.Pq Vt str 1071Empty by default. 1072If multiple instances of 1073.Xr ftp-proxy 8 1074are desired at boot time, 1075.Va ftpproxy_instances 1076should contain a whitespace-separated list of instance names. 1077For each 1078.Ar element 1079in the list, a variable named 1080.Ao Ar element Ac Ns Va _flags 1081should be defined, containing the command-line flags to be passed to the 1082.Xr ftp-proxy 8 1083instance. 1084.It Va pfsync_enable 1085.Pq Vt bool 1086Set to 1087.Dq Li NO 1088by default. 1089Setting this to 1090.Dq Li YES 1091enables exposing 1092.Xr pf 4 1093state changes to other hosts over the network by means of 1094.Xr pfsync 4 . 1095The 1096.Va pfsync_syncdev 1097variable 1098must also be set then. 1099.It Va pfsync_syncdev 1100.Pq Vt str 1101Empty by default. 1102This variable specifies the name of the network interface 1103.Xr pfsync 4 1104should operate through. 1105It must be set accordingly if 1106.Va pfsync_enable 1107is set to 1108.Dq Li YES . 1109.It Va pfsync_syncpeer 1110.Pq Vt str 1111Empty by default. 1112This variable is optional. 1113By default, state change messages are sent out on the synchronisation 1114interface using IP multicast packets. 1115The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1116224.0.0.240. 1117When a peer address is specified using the 1118.Va pfsync_syncpeer 1119option, the peer address is used as a destination for the pfsync 1120traffic, and the traffic can then be protected using 1121.Xr ipsec 4 . 1122See the 1123.Xr pfsync 4 1124manpage for more details about using 1125.Xr ipsec 4 1126with 1127.Xr pfsync 4 1128interfaces. 1129.It Va pfsync_ifconfig 1130.Pq Vt str 1131Empty by default. 1132This variable can contain additional options to be passed to the 1133.Xr ifconfig 8 1134command used to set up 1135.Xr pfsync 4 . 1136.It Va tcp_extensions 1137.Pq Vt bool 1138Set to 1139.Dq Li YES 1140by default. 1141Setting this to 1142.Dq Li NO 1143disables certain TCP options as described by 1144.Rs 1145.%T "RFC 1323" 1146.Re 1147Setting this to 1148.Dq Li NO 1149might help remedy such problems with connections as randomly hanging 1150or other weird behavior. 1151Some network devices are known 1152to be broken with respect to these options. 1153.It Va log_in_vain 1154.Pq Vt int 1155Set to 0 by default. 1156The 1157.Xr sysctl 8 1158variables, 1159.Va net.inet.tcp.log_in_vain 1160and 1161.Va net.inet.udp.log_in_vain , 1162as described in 1163.Xr tcp 4 1164and 1165.Xr udp 4 , 1166are set to the given value. 1167.It Va tcp_keepalive 1168.Pq Vt bool 1169Set to 1170.Dq Li YES 1171by default. 1172Setting to 1173.Dq Li NO 1174will disable probing idle TCP connections to verify that the 1175peer is still up and reachable. 1176.It Va tcp_drop_synfin 1177.Pq Vt bool 1178Set to 1179.Dq Li NO 1180by default. 1181Setting to 1182.Dq Li YES 1183will cause the kernel to ignore TCP frames that have both 1184the SYN and FIN flags set. 1185This prevents OS fingerprinting, but may 1186break some legitimate applications. 1187.It Va icmp_drop_redirect 1188.Pq Vt bool 1189Set to 1190.Dq Li AUTO 1191by default. 1192This setting will be identical to 1193.Dq Li YES , 1194if a dynamicrouting daemon is enabled, because redirect processing may 1195cause performance issues for large routing tables. 1196If no such service is enabled, this setting behaves like a 1197.Dq Li NO . 1198Setting to 1199.Dq Li YES 1200will cause the kernel to ignore ICMP REDIRECT packets. 1201Setting to 1202.Dq Li NO 1203will cause the kernel to process ICMP REDIRECT packets. 1204Refer to 1205.Xr icmp 4 1206for more information. 1207.It Va icmp_log_redirect 1208.Pq Vt bool 1209Set to 1210.Dq Li NO 1211by default. 1212Setting to 1213.Dq Li YES 1214will cause the kernel to log ICMP REDIRECT packets. 1215Note that 1216the log messages are not rate-limited, so this option should only be used 1217for troubleshooting networks. 1218Refer to 1219.Xr icmp 4 1220for more information. 1221.It Va icmp_bmcastecho 1222.Pq Vt bool 1223Set to 1224.Dq Li YES 1225to respond to broadcast or multicast ICMP ping packets. 1226Refer to 1227.Xr icmp 4 1228for more information. 1229.It Va ip_portrange_first 1230.Pq Vt int 1231If not set to 1232.Dq Li NO , 1233this is the first port in the default portrange. 1234Refer to 1235.Xr ip 4 1236for more information. 1237.It Va ip_portrange_last 1238.Pq Vt int 1239If not set to 1240.Dq Li NO , 1241this is the last port in the default portrange. 1242Refer to 1243.Xr ip 4 1244for more information. 1245.It Va network_interfaces 1246.Pq Vt str 1247Set to the list of network interfaces to configure on this host or 1248.Dq Li AUTO 1249(the default) for all current interfaces. 1250Setting the 1251.Va network_interfaces 1252variable to anything other than the default is deprecated. 1253Interfaces that the administrator wishes to store configuration for, 1254but not start at boot should be configured with the 1255.Dq Li NOAUTO 1256keyword in their 1257.Va ifconfig_ Ns Aq Ar interface 1258variables as described below. 1259.Pp 1260An 1261.Va ifconfig_ Ns Aq Ar interface 1262variable is also assumed to exist for each value of 1263.Ar interface . 1264When an interface name contains any of the characters 1265.Dq Li .-/+ 1266they are translated to 1267.Dq Li _ 1268before lookup. 1269The variable can contain arguments to 1270.Xr ifconfig 8 , 1271as well as special case-insensitive keywords described below. 1272Such keywords are removed before passing the value to 1273.Xr ifconfig 8 1274while the order of the other arguments is preserved. 1275.Pp 1276It is possible to add IP alias entries using 1277.Xr ifconfig 8 1278syntax with the address family keyword such as 1279.Li inet . 1280Assuming that the interface in question was 1281.Li em0 , 1282it might look something like this: 1283.Bd -literal 1284ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1285ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1286.Ed 1287.Pp 1288It also possible to configure multiple IP addresses in Classless 1289Inter-Domain Routing 1290.Pq CIDR 1291address notation, 1292whose each address component can be a range like 1293.Li inet 192.0.2.5-23/24 1294or 1295.Li inet6 2001:db8:1-f::1/64 . 1296This notation allows address and prefix length part only, 1297not the other address modifiers. 1298Note that the maximum number of the generated addresses from a range 1299specification is limited to an integer value specified in 1300.Va netif_ipexpand_max 1301in 1302.Nm 1303because a small typo can unexpectedly generate a large number of addresses. 1304The default value is 1305.Li 2048 . 1306It can be increased by adding the following line into 1307.Nm : 1308.Bd -literal 1309netif_ipexpand_max="4096" 1310.Ed 1311.Pp 1312In the case of 1313.Li 192.0.2.5-23/24 , 1314the address 192.0.2.5 will be configured with the 1315netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1316the non-conflicting netmask /32 as explained in the 1317.Xr ifconfig 8 1318alias section. 1319Note that this special netmask handling is only for 1320.Li inet , 1321not for the other address families such as 1322.Li inet6 . 1323.Pp 1324With the interface in question being 1325.Li em0 , 1326an example could look like: 1327.Bd -literal 1328ifconfig_em0_alias2="inet 192.0.2.129/27" 1329ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1330.Ed 1331.Pp 1332and so on. 1333.Pp 1334Note that deprecated 1335.Va ipv4_addrs_ Ns Aq Ar interface 1336variable was supported for IPv4 CIDR address notation. 1337The 1338.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1339variable replaces it, though 1340.Va ipv4_addrs_ Ns Aq Ar interface 1341is still supported for backward compatibility. 1342.Pp 1343For each 1344.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1345entry with an address family keyword, 1346its contents are passed to 1347.Xr ifconfig 8 . 1348Execution stops at the first unsuccessful access, so if 1349something like this is present: 1350.Bd -literal 1351ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1352ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1353ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1354ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1355.Ed 1356.Pp 1357Then note that alias4 would 1358.Em not 1359be added since the search would 1360stop with the missing 1361.Dq Li alias3 1362entry. 1363Because of this difficult to manage behavior, 1364there is 1365.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1366variable, which has the same functionality as 1367.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1368and can have all of entries in a variable like the following: 1369.Bd -literal 1370ifconfig_em0_aliases="\\ 1371 inet 127.0.0.251 netmask 0xffffffff \\ 1372 inet 127.0.0.252 netmask 0xffffffff \\ 1373 inet 127.0.0.253 netmask 0xffffffff \\ 1374 inet 127.0.0.254 netmask 0xffffffff" 1375.Ed 1376.Pp 1377It also supports CIDR notation. 1378.Pp 1379If the 1380.Pa /etc/start_if. Ns Aq Ar interface 1381file is present, it is read and executed by the 1382.Xr sh 1 1383interpreter 1384before configuring the interface as specified in the 1385.Va ifconfig_ Ns Aq Ar interface 1386and 1387.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1388variables. 1389.Pp 1390If a 1391.Va vlans_ Ns Aq Ar interface 1392variable is set, 1393a 1394.Xr vlan 4 1395interface will be created for each item in the list with the 1396.Ar vlandev 1397argument set to 1398.Ar interface . 1399If a vlan interface's name is a number, 1400then that number is used as the vlan tag and the new vlan interface is 1401named 1402.Ar interface . Ns Ar tag . 1403Otherwise, 1404the vlan tag must be specified via a 1405.Va vlan 1406parameter in the 1407.Va create_args_ Ns Aq Ar interface 1408variable. 1409.Pp 1410To create a vlan device named 1411.Li em0.101 1412on 1413.Li em0 1414with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1415.Bd -literal 1416vlans_em0="101" 1417ifconfig_em0_101="inet 192.0.2.1/24" 1418.Ed 1419.Pp 1420To create a vlan device named 1421.Li myvlan 1422on 1423.Li em0 1424with the vlan tag 102: 1425.Bd -literal 1426vlans_em0="myvlan" 1427create_args_myvlan="vlan 102" 1428.Ed 1429.Pp 1430If a 1431.Va wlans_ Ns Aq Ar interface 1432variable is set, 1433an 1434.Xr wlan 4 1435interface will be created for each item in the list with the 1436.Ar wlandev 1437argument set to 1438.Ar interface . 1439Further wlan cloning arguments may be passed to the 1440.Xr ifconfig 8 1441.Cm create 1442command by setting the 1443.Va create_args_ Ns Aq Ar interface 1444variable. 1445One or more 1446.Xr wlan 4 1447devices must be created for each wireless devices as of 1448.Fx 8.0 . 1449Debugging flags for 1450.Xr wlan 4 1451devices as set by 1452.Xr wlandebug 8 1453may be specified with an 1454.Va wlandebug_ Ns Aq Ar interface 1455variable. 1456The contents of this variable will be passed directly to 1457.Xr wlandebug 8 . 1458.Pp 1459If the 1460.Va ifconfig_ Ns Aq Ar interface 1461contains the keyword 1462.Dq Li NOAUTO 1463then the interface will not be configured 1464at boot or by 1465.Pa /etc/pccard_ether 1466when 1467.Va network_interfaces 1468is set to 1469.Dq Li AUTO . 1470.Pp 1471It is possible to bring up an interface with DHCP by adding 1472.Dq Li DHCP 1473to the 1474.Va ifconfig_ Ns Aq Ar interface 1475variable. 1476For instance, to initialize the 1477.Li em0 1478device via DHCP, 1479it is possible to use something like: 1480.Bd -literal 1481ifconfig_em0="DHCP" 1482.Ed 1483.Pp 1484If you want to configure your wireless interface with 1485.Xr wpa_supplicant 8 1486for use with WPA, EAP/LEAP or WEP, you need to add 1487.Dq Li WPA 1488to the 1489.Va ifconfig_ Ns Aq Ar interface 1490variable. 1491.Pp 1492On the other hand, if you want to configure your wireless interface with 1493.Xr hostapd 8 , 1494you need to add 1495.Dq Li HOSTAP 1496to the 1497.Va ifconfig_ Ns Aq Ar interface 1498variable. 1499.Xr hostapd 8 1500will use the settings from 1501.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1502.Pp 1503Finally, you can add 1504.Xr ifconfig 8 1505options in this variable, in addition to the 1506.Pa /etc/start_if. Ns Aq Ar interface 1507file. 1508For instance, to configure an 1509.Xr ath 4 1510wireless device in station mode with an address obtained 1511via DHCP, using WPA authentication and 802.11b mode, it is 1512possible to use something like: 1513.Bd -literal 1514wlans_ath0="wlan0" 1515ifconfig_wlan0="DHCP WPA mode 11b" 1516.Ed 1517.Pp 1518In addition to the 1519.Va ifconfig_ Ns Aq Ar interface 1520form, a fallback variable 1521.Va ifconfig_DEFAULT 1522may be configured. 1523It will be used for all interfaces with no 1524.Va ifconfig_ Ns Aq Ar interface 1525variable. 1526This is intended to replace the no longer supported 1527.Va pccard_ifconfig 1528variable. 1529.Pp 1530It is also possible to rename an interface by doing: 1531.Bd -literal 1532ifconfig_em0_name="net0" 1533ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1534.Ed 1535.It Va ipv6_enable 1536.Pq Vt bool 1537This variable is deprecated. 1538Use 1539.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1540and 1541.Va ipv6_activate_all_interfaces 1542if necessary. 1543.Pp 1544If the variable is 1545.Dq Li YES , 1546.Dq Li inet6 accept_rtadv 1547is added to all of 1548.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1549and the 1550.Va ipv6_activate_all_interfaces 1551is defined as 1552.Dq Li YES . 1553.It Va ipv6_prefer 1554.Pq Vt bool 1555This variable is deprecated. 1556Use 1557.Va ip6addrctl_policy 1558instead. 1559.Pp 1560If the variable is 1561.Dq Li YES , 1562the default address selection policy table set by 1563.Xr ip6addrctl 8 1564will be IPv6-preferred. 1565.Pp 1566If the variable is 1567.Dq Li NO , 1568the default address selection policy table set by 1569.Xr ip6addrctl 8 1570will be IPv4-preferred. 1571.It Va ipv6_activate_all_interfaces 1572.Pq Vt bool 1573This controls initial configuration on IPv6-capable 1574interfaces with no corresponding 1575.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1576variable. 1577Note that it is not always necessary to set this variable to 1578.Dq YES 1579to use IPv6 functionality on 1580.Fx . 1581In most cases, just configuring 1582.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1583variables works. 1584.Pp 1585If the variable is 1586.Dq Li NO , 1587all interfaces which do not have a corresponding 1588.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1589variable will be marked as 1590.Dq Li IFDISABLED 1591at creation. 1592This means that all of IPv6 functionality on that interface 1593is completely disabled to enforce a security policy. 1594If the variable is set to 1595.Dq YES , 1596the flag will be cleared on all of the interfaces. 1597.Pp 1598In most cases, just defining an 1599.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1600for an IPv6-capable interface should be sufficient. 1601However, if an interface is added dynamically 1602.Pq by some tunneling protocols such as PPP, for example , 1603it is often difficult to define the variable in advance. 1604In such a case, configuring the 1605.Dq Li IFDISABLED 1606flag can be disabled by setting this variable to 1607.Dq YES . 1608.Pp 1609For more details of the 1610.Dq Li IFDISABLED 1611flag and keywords 1612.Dq Li inet6 ifdisabled , 1613see 1614.Xr ifconfig 8 . 1615.Pp 1616Default is 1617.Dq Li NO . 1618.It Va ipv6_privacy 1619.Pq Vt bool 1620If the variable is 1621.Dq Li YES 1622privacy addresses will be generated for each IPv6 1623interface as described in RFC 4941. 1624.It Va ipv6_network_interfaces 1625.Pq Vt str 1626This is the IPv6 equivalent of 1627.Va network_interfaces . 1628Normally manual configuration of this variable is not needed. 1629.It Va ipv6_cpe_wanif 1630.Pq Vt str 1631If the variable is set to an interface name, 1632the 1633.Xr ifconfig 8 1634options 1635.Dq inet6 -no_radr accept_rtadv 1636will be added to the specified interface automatically before evaluating 1637.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1638and two 1639.Xr sysctl 8 1640variables 1641.Va net.inet6.ip6.rfc6204w3 1642and 1643.Va net.inet6.ip6.no_radr 1644will be set to 1. 1645.Pp 1646This means the specified interface will accept ICMPv6 Router 1647Advertisement messages on that link and add the discovered 1648routers into the Default Router List. 1649While the other interfaces can still accept RA messages if the 1650.Dq inet6 accept_rtadv 1651option is specified, adding 1652routes into the Default Router List will be disabled by 1653.Dq inet6 no_radr 1654option by default. 1655See 1656.Xr ifconfig 8 1657for more details. 1658.Pp 1659Note that ICMPv6 Router Advertisement messages will be 1660accepted even when 1661.Va net.inet6.ip6.forwarding 1662is 1 1663.Pq packet forwarding is enabled 1664when 1665.Va net.inet6.ip6.rfc6204w3 1666is set to 1. 1667.Pp 1668Default is 1669.Dq Li NO . 1670.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1671.Pq Vt str 1672This assigns arbitrary description to an interface. 1673The 1674.Xr sysctl 8 1675variable 1676.Va net.ifdescr_maxlen 1677limits its length. 1678This static setting may be overridden by commands 1679started with dynamic interface configuration utilities 1680like 1681.Xr dhclient 8 1682hooks. 1683The description can be seen with 1684.Xr ifconfig 8 1685command and it may be exported with 1686.Xr bsnmpd 1 1687daemon using its MIB-2 module. 1688.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1689.Pq Vt str 1690IPv6 functionality on an interface should be configured by 1691.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1692instead of setting ifconfig parameters in 1693.Va ifconfig_ Ns Aq Ar interface . 1694If this variable is empty, all of IPv6 configurations on the 1695specified interface by other variables such as 1696.Va ipv6_prefix_ Ns Ao Ar interface Ac 1697will be ignored. 1698.Pp 1699Aliases should be set by 1700.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1701with 1702.Dq Li inet6 1703keyword. 1704For example: 1705.Bd -literal 1706ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1707ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1708.Ed 1709.Pp 1710Interfaces that have an 1711.Dq Li inet6 accept_rtadv 1712keyword in 1713.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1714setting will be automatically configured by SLAAC 1715.Pq StateLess Address AutoConfiguration 1716described in 1717.Rs 1718.%T "RFC 4862" 1719.Re 1720.Pp 1721Note that a link-local address will be automatically configured in 1722addition to the configured global-scope addresses because the IPv6 1723specifications require it on each link. 1724The address is calculated from the MAC address by using an algorithm 1725defined in 1726.Rs 1727.%T "RFC 4862" 1728.%O "Section 5.3" 1729.Re 1730.Pp 1731If only a link-local address is needed on the interface, 1732the following configuration can be used: 1733.Bd -literal 1734ifconfig_em0_ipv6="inet6 auto_linklocal" 1735.Ed 1736.Pp 1737A link-local address can also be configured manually. 1738This is useful for the default router address of an IPv6 router 1739so that it does not change when the network interface 1740card is replaced. 1741For example: 1742.Bd -literal 1743ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1744.Ed 1745.It Va ipv6_prefix_ Ns Aq Ar interface 1746.Pq Vt str 1747If one or more prefixes are defined in 1748.Va ipv6_prefix_ Ns Aq Ar interface 1749addresses based on each prefix and the EUI-64 interface index will be 1750configured on that interface. 1751Note that this variable will be ignored when 1752.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1753is empty. 1754.Pp 1755For example, the following configuration 1756.Bd -literal 1757ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1758.Ed 1759.Pp 1760is equivalent to the following: 1761.Bd -literal 1762ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1763ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1764ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1765ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1766.Ed 1767.Pp 1768These Subnet-Router anycast addresses will be added only when 1769.Va ipv6_gateway_enable 1770is YES. 1771.It Va ipv6_default_interface 1772.Pq Vt str 1773If not set to 1774.Dq Li NO , 1775this is the default output interface for scoped addresses. 1776This works only with ipv6_gateway_enable="NO". 1777.It Va ip6addrctl_enable 1778.Pq Vt bool 1779This variable is to enable configuring default address selection policy table 1780.Pq RFC 3484 . 1781The table can be specified in another variable 1782.Va ip6addrctl_policy . 1783For 1784.Va ip6addrctl_policy 1785the following keywords can be specified: 1786.Dq Li ipv4_prefer , 1787.Dq Li ipv6_prefer , 1788or 1789.Dq Li AUTO . 1790.Pp 1791If 1792.Dq Li ipv4_prefer 1793or 1794.Dq Li ipv6_prefer 1795is specified, 1796.Xr ip6addrctl 8 1797installs a pre-defined policy table described in Section 10.3 1798.Pq IPv4-preferred 1799or 2.1 1800.Pq IPv6-preferred 1801of RFC 3484. 1802.Pp 1803If 1804.Dq Li AUTO 1805is specified, it attempts to read a file 1806.Pa /etc/ip6addrctl.conf 1807first. 1808If this file is found, 1809.Xr ip6addrctl 8 1810reads and installs it. 1811If not found, a policy is automatically set 1812according to 1813.Va ipv6_activate_all_interfaces 1814variable; if the variable is set to 1815.Dq Li YES 1816the IPv6-preferred one is used. 1817Otherwise IPv4-preferred. 1818.Pp 1819The default value of 1820.Va ip6addrctl_enable 1821and 1822.Va ip6addrctl_policy 1823are 1824.Dq Li YES 1825and 1826.Dq Li AUTO , 1827respectively. 1828.It Va cloned_interfaces 1829.Pq Vt str 1830Set to the list of clonable network interfaces to create on this host. 1831Further cloning arguments may be passed to the 1832.Xr ifconfig 8 1833.Cm create 1834command for each interface by setting the 1835.Va create_args_ Ns Aq Ar interface 1836variable. 1837If an interface name is specified with 1838.Dq :sticky 1839keyword, 1840the interface will not be destroyed even when 1841.Pa rc.d/netif 1842script is invoked with 1843.Dq stop 1844argument. 1845This is useful when reconfiguring the interface without destroying it. 1846Entries in 1847.Va cloned_interfaces 1848are automatically appended to 1849.Va network_interfaces 1850for configuration. 1851.It Va cloned_interfaces_sticky 1852.Pq Vt bool 1853This variable is to globally enable functionality of 1854.Dq :sticky 1855keyword in 1856.Va cloned_interfaces 1857for all interfaces. 1858The default value is 1859.Dq NO . 1860Even if this variable is specified to 1861.Dq YES , 1862.Dq :nosticky 1863keyword can be used to override it on per interface basis. 1864.It Va gif_interfaces 1865Set to the list of 1866.Xr gif 4 1867tunnel interfaces to configure on this host. 1868A 1869.Va gifconfig_ Ns Aq Ar interface 1870variable is assumed to exist for each value of 1871.Ar interface . 1872The value of this variable is used to configure the link layer of the 1873tunnel using the 1874.Cm tunnel 1875option to 1876.Xr ifconfig . 1877Additionally, this option ensures that each listed interface is created 1878via the 1879.Cm create 1880option to 1881.Xr ifconfig 1882before attempting to configure it. 1883.Pp 1884For example, configure two 1885.Xr gif 1886interfaces with: 1887.Bd -literal 1888gif_interfaces="gif0 gif1" 1889gifconfig_gif0="100.64.0.1 100.64.0.2" 1890ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1891gifconfig_gif1="inet6 2a00::1 2a01::1" 1892ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1893.Ed 1894.It Va sppp_interfaces 1895.Pq Vt str 1896Set to the list of 1897.Xr sppp 4 1898interfaces to configure on this host. 1899A 1900.Va spppconfig_ Ns Aq Ar interface 1901variable is assumed to exist for each value of 1902.Ar interface . 1903Each interface should also be configured by a general 1904.Va ifconfig_ Ns Aq Ar interface 1905setting. 1906Refer to 1907.Xr spppcontrol 8 1908for more information about available options. 1909.It Va ppp_enable 1910.Pq Vt bool 1911If set to 1912.Dq Li YES , 1913run the 1914.Xr ppp 8 1915daemon. 1916.It Va ppp_profile 1917.Pq Vt str 1918The name of the profile to use from 1919.Pa /etc/ppp/ppp.conf . 1920Also used for per-profile overrides of 1921.Va ppp_mode 1922and 1923.Va ppp_nat , 1924and 1925.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1926When the profile name contains any of the characters 1927.Dq Li .-/+ 1928they are translated to 1929.Dq Li _ 1930for the proposes of the override variable names. 1931.It Va ppp_mode 1932.Pq Vt str 1933Mode in which to run the 1934.Xr ppp 8 1935daemon. 1936.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1937.Pq Vt str 1938Overrides the global 1939.Va ppp_mode 1940for 1941.Ar profile . 1942Accepted modes are 1943.Dq Li auto , 1944.Dq Li ddial , 1945.Dq Li direct 1946and 1947.Dq Li dedicated . 1948See the manual for a full description. 1949.It Va ppp_nat 1950.Pq Vt bool 1951If set to 1952.Dq Li YES , 1953enables network address translation. 1954Used in conjunction with 1955.Va gateway_enable 1956allows hosts on private network addresses access to the Internet using 1957this host as a network address translating router. 1958Default is 1959.Dq Li YES . 1960.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1961.Pq Vt str 1962Overrides the global 1963.Va ppp_nat 1964for 1965.Ar profile . 1966.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1967.Pq Vt int 1968Set the unit number to be used for this profile. 1969See the manual description of 1970.Fl unit Ns Ar N 1971for details. 1972.It Va ppp_user 1973.Pq Vt str 1974The name of the user under which 1975.Xr ppp 8 1976should be started. 1977By 1978default, 1979.Xr ppp 8 1980is started as 1981.Dq Li root . 1982.It Va rc_conf_files 1983.Pq Vt str 1984This option is used to specify a list of files that will override 1985the settings in 1986.Pa /etc/defaults/rc.conf . 1987The files will be read in the order in which they are specified and should 1988include the full path to the file. 1989By default, the files specified are 1990.Pa /etc/rc.conf 1991and 1992.Pa /etc/rc.conf.local 1993.It Va zfs_enable 1994.Pq Vt bool 1995If set to 1996.Dq Li YES , 1997.Pa /etc/rc.d/zfs 1998will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1999(ZVOLs). 2000.It Va gptboot_enable 2001.Pq Vt bool 2002If set to 2003.Dq Li YES , 2004.Pa /etc/rc.d/gptboot 2005will log if the system successfully (or not) booted from a GPT partition, 2006which had the 2007.Ar bootonce 2008attribute set using 2009.Xr gpart 8 2010utility. 2011.It Va gbde_autoattach_all 2012.Pq Vt bool 2013If set to 2014.Dq Li YES , 2015.Pa /etc/rc.d/gbde 2016will attempt to automatically initialize your .bde devices in 2017.Pa /etc/fstab . 2018.It Va gbde_devices 2019.Pq Vt str 2020List the devices that the script should try to attach, 2021or 2022.Dq Li AUTO . 2023.It Va gbde_lockdir 2024.Pq Vt str 2025The directory where the 2026.Xr gbde 4 2027lockfiles are located. 2028The default lockfile directory is 2029.Pa /etc . 2030.Pp 2031The lockfile for each individual 2032.Xr gbde 4 2033device can be overridden by setting the variable 2034.Va gbde_lock_ Ns Aq Ar device , 2035where 2036.Ar device 2037is the encrypted device without the 2038.Dq Pa /dev/ 2039and 2040.Dq Pa .bde 2041parts. 2042.It Va gbde_attach_attempts 2043.Pq Vt int 2044Number of times to attempt attaching to a 2045.Xr gbde 4 2046device, i.e., how many times the user is asked for the pass-phrase. 2047Default is 3. 2048.It Va geli_devices 2049.Pq Vt str 2050List of devices to automatically attach on boot. 2051Note that .eli devices from 2052.Pa /etc/fstab 2053are automatically appended to this list. 2054.It Va geli_groups 2055.Pq Vt str 2056List of groups containing devices to automatically attach on boot with the same 2057keyfiles and passphrase. 2058This must be accompanied with a corresponding 2059.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2060variable. 2061.It Va geli_tries 2062.Pq Vt int 2063Number of times user is asked for the pass-phrase. 2064If empty, it will be taken from 2065.Va kern.geom.eli.tries 2066sysctl variable. 2067.It Va geli_default_flags 2068.Pq Vt str 2069Default flags to use by 2070.Xr geli 8 2071when configuring disk encryption. 2072Flags can be configured for every device separately by defining the 2073.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2074variable, and for every group separately by defining the 2075.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2076variable. 2077.It Va geli_autodetach 2078.Pq Vt str 2079Specifies if GELI devices should be marked for detach on last close after 2080file systems are mounted. 2081Default is 2082.Dq Li YES . 2083This can be changed for every device separately by defining the 2084.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2085variable. 2086.It Va root_rw_mount 2087.Pq Vt bool 2088Set to 2089.Dq Li YES 2090by default. 2091After the file systems are checked at boot time, the root file system 2092is remounted as read-write if this is set to 2093.Dq Li YES . 2094Diskless systems that mount their root file system from a read-only remote 2095NFS share should set this to 2096.Dq Li NO 2097in their 2098.Pa rc.conf . 2099.It Va fsck_y_enable 2100.Pq Vt bool 2101If set to 2102.Dq Li YES , 2103.Xr fsck 8 2104will be run with the 2105.Fl y 2106flag if the initial preen 2107of the file systems fails. 2108.It Va background_fsck 2109.Pq Vt bool 2110If set to 2111.Dq Li NO , 2112the system will not attempt to run 2113.Xr fsck 8 2114in the background where possible. 2115.It Va background_fsck_delay 2116.Pq Vt int 2117The amount of time in seconds to sleep before starting a background 2118.Xr fsck 8 . 2119It defaults to sixty seconds to allow large applications such as 2120the X server to start before disk I/O bandwidth is monopolized by 2121.Xr fsck 8 . 2122If set to a negative number, the background file system check will be 2123delayed indefinitely to allow the administrator to run it at a more 2124convenient time. 2125For example it may be run from 2126.Xr cron 8 2127by adding a line like 2128.Pp 2129.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2130.Pp 2131to 2132.Pa /etc/crontab . 2133.It Va netfs_types 2134.Pq Vt str 2135List of file system types that are network-based. 2136This list should generally not be modified by end users. 2137Use 2138.Va extra_netfs_types 2139instead. 2140.It Va extra_netfs_types 2141.Pq Vt str 2142If set to something other than 2143.Dq Li NO 2144(the default), 2145this variable extends the list of file system types 2146for which automatic mounting at startup by 2147.Xr rc 8 2148should be delayed until the network is initialized. 2149It should contain 2150a whitespace-separated list of network file system descriptor pairs, 2151each consisting of a file system type as passed to 2152.Xr mount 8 2153and a human-readable, one-word description, 2154joined with a colon 2155.Pq Ql \&: . 2156Extending the default list in this way is only necessary 2157when third party file system types are used. 2158.It Va syslogd_enable 2159.Pq Vt bool 2160If set to 2161.Dq Li YES , 2162run the 2163.Xr syslogd 8 2164daemon. 2165.It Va syslogd_program 2166.Pq Vt str 2167Path to 2168.Xr syslogd 8 2169(default 2170.Pa /usr/sbin/syslogd ) . 2171.It Va syslogd_flags 2172.Pq Vt str 2173If 2174.Va syslogd_enable 2175is set to 2176.Dq Li YES , 2177these are the flags to pass to 2178.Xr syslogd 8 . 2179.It Va inetd_enable 2180.Pq Vt bool 2181If set to 2182.Dq Li YES , 2183run the 2184.Xr inetd 8 2185daemon. 2186.It Va inetd_program 2187.Pq Vt str 2188Path to 2189.Xr inetd 8 2190(default 2191.Pa /usr/sbin/inetd ) . 2192.It Va inetd_flags 2193.Pq Vt str 2194If 2195.Va inetd_enable 2196is set to 2197.Dq Li YES , 2198these are the flags to pass to 2199.Xr inetd 8 . 2200.It Va hastd_enable 2201.Pq Vt bool 2202If set to 2203.Dq Li YES , 2204run the 2205.Xr hastd 8 2206daemon. 2207.It Va hastd_program 2208.Pq Vt str 2209Path to 2210.Xr hastd 8 2211(default 2212.Pa /sbin/hastd ) . 2213.It Va hastd_flags 2214.Pq Vt str 2215If 2216.Va hastd_enable 2217is set to 2218.Dq Li YES , 2219these are the flags to pass to 2220.Xr hastd 8 . 2221.It Va local_unbound_enable 2222.Pq Vt bool 2223If set to 2224.Dq Li YES , 2225run the 2226.Xr unbound 8 2227daemon as a local caching resolver. 2228.It Va kdc_enable 2229.Pq Vt bool 2230Set to 2231.Dq Li YES 2232to start a Kerberos 5 authentication server 2233at boot time. 2234.It Va kdc_program 2235.Pq Vt str 2236If 2237.Va kdc_enable 2238is set to 2239.Dq Li YES 2240this is the path to Kerberos 5 Authentication Server. 2241.It Va kdc_flags 2242.Pq Vt str 2243Empty by default. 2244This variable contains additional flags to be passed to the Kerberos 5 2245authentication server. 2246.It Va kadmind_enable 2247.Pq Vt bool 2248Set to 2249.Dq Li YES 2250to start 2251.Xr kadmind 8 , 2252the Kerberos 5 Administration Daemon; set to 2253.Dq Li NO 2254on a slave server. 2255.It Va kadmind_program 2256.Pq Vt str 2257If 2258.Va kadmind_enable 2259is set to 2260.Dq Li YES 2261this is the path to Kerberos 5 Administration Daemon. 2262.It Va kpasswdd_enable 2263.Pq Vt bool 2264Set to 2265.Dq Li YES 2266to start 2267.Xr kpasswdd 8 , 2268the Kerberos 5 Password-Changing Daemon; set to 2269.Dq Li NO 2270on a slave server. 2271.It Va kpasswdd_program 2272.Pq Vt str 2273If 2274.Va kpasswdd_enable 2275is set to 2276.Dq Li YES 2277this is the path to Kerberos 5 Password-Changing Daemon. 2278.It Va kfd_enable 2279.Pq Vt bool 2280Set to 2281.Dq Li YES 2282to start 2283.Xr kfd 8 , 2284the Kerberos 5 ticket forwarding daemon, at the boot time. 2285.It Va kfd_program 2286.Pq Vt str 2287Path to 2288.Xr kfd 8 2289(default 2290.Pa /usr/libexec/kfd ) . 2291.It Va rwhod_enable 2292.Pq Vt bool 2293If set to 2294.Dq Li YES , 2295run the 2296.Xr rwhod 8 2297daemon at boot time. 2298.It Va rwhod_flags 2299.Pq Vt str 2300If 2301.Va rwhod_enable 2302is set to 2303.Dq Li YES , 2304these are the flags to pass to it. 2305.It Va amd_enable 2306.Pq Vt bool 2307If set to 2308.Dq Li YES , 2309run the 2310.Xr amd 8 2311daemon at boot time. 2312.It Va amd_flags 2313.Pq Vt str 2314If 2315.Va amd_enable 2316is set to 2317.Dq Li YES , 2318these are the flags to pass to it. 2319See the 2320.Xr amd 8 2321manpage for more information. 2322.It Va amd_map_program 2323.Pq Vt str 2324If set, 2325the specified program is run to get the list of 2326.Xr amd 8 2327maps. 2328For example, if the 2329.Xr amd 8 2330maps are stored in NIS, one can set this to 2331run 2332.Xr ypcat 1 2333to get a list of 2334.Xr amd 8 2335maps from the 2336.Pa amd.master 2337NIS map. 2338.It Va update_motd 2339.Pq Vt bool 2340If set to 2341.Dq Li YES , 2342.Pa /etc/motd 2343will be updated at boot time to reflect the kernel release 2344being run. 2345If set to 2346.Dq Li NO , 2347.Pa /etc/motd 2348will not be updated. 2349.It Va nfs_client_enable 2350.Pq Vt bool 2351If set to 2352.Dq Li YES , 2353run the NFS client daemons at boot time. 2354.It Va nfs_access_cache 2355.Pq Vt int 2356If 2357.Va nfs_client_enable 2358is set to 2359.Dq Li YES , 2360this can be set to 2361.Dq Li 0 2362to disable NFS ACCESS RPC caching, or to the number of seconds for which 2363NFS ACCESS 2364results should be cached. 2365A value of 2-10 seconds will substantially reduce network 2366traffic for many NFS operations. 2367.It Va nfs_server_enable 2368.Pq Vt bool 2369If set to 2370.Dq Li YES , 2371run the NFS server daemons at boot time. 2372.It Va nfs_server_flags 2373.Pq Vt str 2374If 2375.Va nfs_server_enable 2376is set to 2377.Dq Li YES , 2378these are the flags to pass to the 2379.Xr nfsd 8 2380daemon. 2381.It Va nfsv4_server_enable 2382.Pq Vt bool 2383If 2384.Va nfs_server_enable 2385is set to 2386.Dq Li YES 2387and 2388.Va nfsv4_server_enable 2389are set to 2390.Dq Li YES , 2391enable the server for NFSv4 as well as NFSv2 and NFSv3. 2392.It Va nfsuserd_enable 2393.Pq Vt bool 2394If 2395.Va nfsuserd_enable 2396is set to 2397.Dq Li YES , 2398run the nfsuserd daemon, which is needed for NFSv4 in order 2399to map between user/group names vs uid/gid numbers. 2400If 2401.Va nfsv4_server_enable 2402is set to 2403.Dq Li YES , 2404this will be forced enabled. 2405.It Va nfsuserd_flags 2406.Pq Vt str 2407If 2408.Va nfsuserd_enable 2409is set to 2410.Dq Li YES , 2411these are the flags to pass to the 2412.Xr nfsuserd 8 2413daemon. 2414.It Va nfscbd_enable 2415.Pq Vt bool 2416If 2417.Va nfscbd_enable 2418is set to 2419.Dq Li YES , 2420run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2421.It Va nfscbd_flags 2422.Pq Vt str 2423If 2424.Va nfscbd_enable 2425is set to 2426.Dq Li YES , 2427these are the flags to pass to the 2428.Xr nfscbd 8 2429daemon. 2430.It Va mountd_enable 2431.Pq Vt bool 2432If set to 2433.Dq Li YES , 2434and no 2435.Va nfs_server_enable 2436is set, start 2437.Xr mountd 8 , 2438but not 2439.Xr nfsd 8 2440daemon. 2441It is commonly needed to run CFS without real NFS used. 2442.It Va mountd_flags 2443.Pq Vt str 2444If 2445.Va mountd_enable 2446is set to 2447.Dq Li YES , 2448these are the flags to pass to the 2449.Xr mountd 8 2450daemon. 2451.It Va weak_mountd_authentication 2452.Pq Vt bool 2453If set to 2454.Dq Li YES , 2455allow services like PCNFSD to make non-privileged mount 2456requests. 2457.It Va nfs_reserved_port_only 2458.Pq Vt bool 2459If set to 2460.Dq Li YES , 2461provide NFS services only on a secure port. 2462.It Va nfs_bufpackets 2463.Pq Vt int 2464If set to a number, indicates the number of packets worth of 2465socket buffer space to reserve on an NFS client. 2466The kernel default is typically 4. 2467Using a higher number may be 2468useful on gigabit networks to improve performance. 2469The minimum value is 24702 and the maximum is 64. 2471.It Va rpc_lockd_enable 2472.Pq Vt bool 2473If set to 2474.Dq Li YES 2475and also an NFS server or client, run 2476.Xr rpc.lockd 8 2477at boot time. 2478.It Va rpc_lockd_flags 2479.Pq Vt str 2480If 2481.Va rpc_lockd_enable 2482is set to 2483.Dq Li YES , 2484these are the flags to pass to the 2485.Xr rpc.lockd 8 2486daemon. 2487.It Va rpc_statd_enable 2488.Pq Vt bool 2489If set to 2490.Dq Li YES 2491and also an NFS server or client, run 2492.Xr rpc.statd 8 2493at boot time. 2494.It Va rpc_statd_flags 2495.Pq Vt str 2496If 2497.Va rpc_statd_enable 2498is set to 2499.Dq Li YES , 2500these are the flags to pass to the 2501.Xr rpc.statd 8 2502daemon. 2503.It Va rpcbind_program 2504.Pq Vt str 2505Path to 2506.Xr rpcbind 8 2507(default 2508.Pa /usr/sbin/rpcbind ) . 2509.It Va rpcbind_enable 2510.Pq Vt bool 2511If set to 2512.Dq Li YES , 2513run the 2514.Xr rpcbind 8 2515service at boot time. 2516.It Va rpcbind_flags 2517.Pq Vt str 2518If 2519.Va rpcbind_enable 2520is set to 2521.Dq Li YES , 2522these are the flags to pass to the 2523.Xr rpcbind 8 2524daemon. 2525.It Va keyserv_enable 2526.Pq Vt bool 2527If set to 2528.Dq Li YES , 2529run the 2530.Xr keyserv 8 2531daemon on boot for running Secure RPC. 2532.It Va keyserv_flags 2533.Pq Vt str 2534If 2535.Va keyserv_enable 2536is set to 2537.Dq Li YES , 2538these are the flags to pass to 2539.Xr keyserv 8 2540daemon. 2541.It Va pppoed_enable 2542.Pq Vt bool 2543If set to 2544.Dq Li YES , 2545run the 2546.Xr pppoed 8 2547daemon at boot time to provide PPP over Ethernet services. 2548.It Va pppoed_ Ns Aq Ar provider 2549.Pq Vt str 2550.Xr pppoed 8 2551listens to requests to this 2552.Ar provider 2553and ultimately runs 2554.Xr ppp 8 2555with a 2556.Ar system 2557argument of the same name. 2558.It Va pppoed_flags 2559.Pq Vt str 2560Additional flags to pass to 2561.Xr pppoed 8 . 2562.It Va pppoed_interface 2563.Pq Vt str 2564The network interface to run 2565.Xr pppoed 8 2566on. 2567This is mandatory when 2568.Va pppoed_enable 2569is set to 2570.Dq Li YES . 2571.It Va timed_enable 2572.Pq Vt bool 2573If set to 2574.Dq Li YES , 2575run the 2576.Xr timed 8 2577service at boot time. 2578This command is intended for networks of 2579machines where a consistent 2580.Dq "network time" 2581for all hosts must be established. 2582This is often useful in large NFS 2583environments where time stamps on files are expected to be consistent 2584network-wide. 2585.It Va timed_flags 2586.Pq Vt str 2587If 2588.Va timed_enable 2589is set to 2590.Dq Li YES , 2591these are the flags to pass to the 2592.Xr timed 8 2593service. 2594.It Va ntpdate_enable 2595.Pq Vt bool 2596If set to 2597.Dq Li YES , 2598run 2599.Xr ntpdate 8 2600at system startup. 2601This command is intended to 2602synchronize the system clock only 2603.Em once 2604from some standard reference. 2605.Pp 2606Note that the use of the 2607.Va ntpd_sync_on_start 2608variable is a preferred alternative to the 2609.Xr ntpdate 8 2610utility as 2611.Xr ntpdate 8 2612is to be retired from the NTP distribution. 2613.It Va ntpdate_config 2614.Pq Vt str 2615Configuration file for 2616.Xr ntpdate 8 . 2617Default 2618.Pa /etc/ntp.conf . 2619.It Va ntpdate_hosts 2620.Pq Vt str 2621A whitespace-separated list of NTP servers to synchronize with at startup. 2622The default is to use the servers listed in 2623.Va ntpdate_config , 2624if that file exists. 2625.It Va ntpdate_program 2626.Pq Vt str 2627Path to 2628.Xr ntpdate 8 2629(default 2630.Pa /usr/sbin/ntpdate ) . 2631.It Va ntpdate_flags 2632.Pq Vt str 2633If 2634.Va ntpdate_enable 2635is set to 2636.Dq Li YES , 2637these are the flags to pass to the 2638.Xr ntpdate 8 2639command (typically a hostname). 2640.It Va ntpd_enable 2641.Pq Vt bool 2642If set to 2643.Dq Li YES , 2644run the 2645.Xr ntpd 8 2646command at boot time. 2647.It Va ntpd_program 2648.Pq Vt str 2649Path to 2650.Xr ntpd 8 2651(default 2652.Pa /usr/sbin/ntpd ) . 2653.It Va ntpd_config 2654.Pq Vt str 2655Path to 2656.Xr ntpd 8 2657configuration file. 2658Default 2659.Pa /etc/ntp.conf . 2660.It Va ntpd_flags 2661.Pq Vt str 2662If 2663.Va ntpd_enable 2664is set to 2665.Dq Li YES , 2666these are the flags to pass to the 2667.Xr ntpd 8 2668daemon. 2669.It Va ntpd_sync_on_start 2670.Pq Vt bool 2671If set to 2672.Dq Li YES , 2673.Xr ntpd 8 2674is run with the 2675.Fl g 2676flag, which syncs the system's clock on startup. 2677See 2678.Xr ntpd 8 2679for more information regarding the 2680.Fl g 2681option. 2682This is a preferred alternative to using 2683.Xr ntpdate 8 2684or specifying the 2685.Va ntpdate_enable 2686variable. 2687.It Va nis_client_enable 2688.Pq Vt bool 2689If set to 2690.Dq Li YES , 2691run the 2692.Xr ypbind 8 2693service at system boot time. 2694.It Va nis_client_flags 2695.Pq Vt str 2696If 2697.Va nis_client_enable 2698is set to 2699.Dq Li YES , 2700these are the flags to pass to the 2701.Xr ypbind 8 2702service. 2703.It Va nis_ypldap_enable 2704.Pq Vt bool 2705If set to 2706.Dq Li YES , 2707run the 2708.Xr ypldap 8 2709daemon at system boot time. 2710.It Va nis_ypldap_flags 2711.Pq Vt str 2712If 2713.Va nis.ypldap_enable 2714is set to 2715.Dq Li YES , 2716these are the flags to pass to the 2717.Xr ypldap 8 2718daemon. 2719.It Va nis_ypset_enable 2720.Pq Vt bool 2721If set to 2722.Dq Li YES , 2723run the 2724.Xr ypset 8 2725daemon at system boot time. 2726.It Va nis_ypset_flags 2727.Pq Vt str 2728If 2729.Va nis_ypset_enable 2730is set to 2731.Dq Li YES , 2732these are the flags to pass to the 2733.Xr ypset 8 2734daemon. 2735.It Va nis_server_enable 2736.Pq Vt bool 2737If set to 2738.Dq Li YES , 2739run the 2740.Xr ypserv 8 2741daemon at system boot time. 2742.It Va nis_server_flags 2743.Pq Vt str 2744If 2745.Va nis_server_enable 2746is set to 2747.Dq Li YES , 2748these are the flags to pass to the 2749.Xr ypserv 8 2750daemon. 2751.It Va nis_ypxfrd_enable 2752.Pq Vt bool 2753If set to 2754.Dq Li YES , 2755run the 2756.Xr rpc.ypxfrd 8 2757daemon at system boot time. 2758.It Va nis_ypxfrd_flags 2759.Pq Vt str 2760If 2761.Va nis_ypxfrd_enable 2762is set to 2763.Dq Li YES , 2764these are the flags to pass to the 2765.Xr rpc.ypxfrd 8 2766daemon. 2767.It Va nis_yppasswdd_enable 2768.Pq Vt bool 2769If set to 2770.Dq Li YES , 2771run the 2772.Xr rpc.yppasswdd 8 2773daemon at system boot time. 2774.It Va nis_yppasswdd_flags 2775.Pq Vt str 2776If 2777.Va nis_yppasswdd_enable 2778is set to 2779.Dq Li YES , 2780these are the flags to pass to the 2781.Xr rpc.yppasswdd 8 2782daemon. 2783.It Va rpc_ypupdated_enable 2784.Pq Vt bool 2785If set to 2786.Dq Li YES , 2787run the 2788.Nm rpc.ypupdated 2789daemon at system boot time. 2790.It Va bsnmpd_enable 2791.Pq Vt bool 2792If set to 2793.Dq Li YES , 2794run the 2795.Xr bsnmpd 1 2796daemon at system boot time. 2797Be sure to understand the security implications of running SNMP daemon 2798on your host. 2799.It Va bsnmpd_flags 2800.Pq Vt str 2801If 2802.Va bsnmpd_enable 2803is set to 2804.Dq Li YES , 2805these are the flags to pass to the 2806.Xr bsnmpd 1 2807daemon. 2808.It Va defaultrouter 2809.Pq Vt str 2810If not set to 2811.Dq Li NO , 2812create a default route to this host name or IP address 2813(use an IP address if this router is also required to get to the 2814name server!). 2815.It Va ipv6_defaultrouter 2816.Pq Vt str 2817The IPv6 equivalent of 2818.Va defaultrouter . 2819.It Va static_arp_pairs 2820.Pq Vt str 2821Set to the list of static ARP pairs that are to be added at system 2822boot time. 2823For each whitespace separated 2824.Ar element 2825in the value, a 2826.Va static_arp_ Ns Aq Ar element 2827variable is assumed to exist whose contents will later be passed to a 2828.Dq Nm arp Cm -S 2829operation. 2830For example 2831.Bd -literal 2832static_arp_pairs="gw" 2833static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2834.Ed 2835.It Va static_ndp_pairs 2836.Pq Vt str 2837Set to the list of static NDP pairs that are to be added at system 2838boot time. 2839For each whitespace separated 2840.Ar element 2841in the value, a 2842.Va static_ndp_ Ns Aq Ar element 2843variable is assumed to exist whose contents will later be passed to a 2844.Dq Nm ndp Cm -s 2845operation. 2846For example 2847.Bd -literal 2848static_ndp_pairs="gw" 2849static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2850.Ed 2851.It Va static_routes 2852.Pq Vt str 2853Set to the list of static routes that are to be added at system 2854boot time. 2855If not set to 2856.Dq Li NO 2857then for each whitespace separated 2858.Ar element 2859in the value, a 2860.Va route_ Ns Aq Ar element 2861variable is assumed to exist 2862whose contents will later be passed to a 2863.Dq Nm route Cm add 2864operation. 2865For example: 2866.Bd -literal 2867static_routes="ext mcast:gif0 gif0local:gif0" 2868route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2869route_mcast="-net 224.0.0.0/4 -iface gif0" 2870route_gif0local="-host 169.254.1.1 -iface lo0" 2871.Ed 2872.Pp 2873When an 2874.Ar element 2875is in the form of 2876.Li name:ifname , 2877the route is specific to the interface 2878.Li ifname . 2879.It Va ipv6_static_routes 2880.Pq Vt str 2881The IPv6 equivalent of 2882.Va static_routes . 2883If not set to 2884.Dq Li NO 2885then for each whitespace separated 2886.Ar element 2887in the value, a 2888.Va ipv6_route_ Ns Aq Ar element 2889variable is assumed to exist 2890whose contents will later be passed to a 2891.Dq Nm route Cm add Fl inet6 2892operation. 2893.It Va gateway_enable 2894.Pq Vt bool 2895If set to 2896.Dq Li YES , 2897configure host to act as an IP router, e.g.\& to forward packets 2898between interfaces. 2899.It Va ipv6_gateway_enable 2900.Pq Vt bool 2901The IPv6 equivalent of 2902.Va gateway_enable . 2903.It Va routed_enable 2904.Pq Vt bool 2905If set to 2906.Dq Li YES , 2907run a routing daemon of some sort, based on the 2908settings of 2909.Va routed_program 2910and 2911.Va routed_flags . 2912.It Va route6d_enable 2913.Pq Vt bool 2914The IPv6 equivalent of 2915.Va routed_enable . 2916If set to 2917.Dq Li YES , 2918run a routing daemon of some sort, based on the 2919settings of 2920.Va route6d_program 2921and 2922.Va route6d_flags . 2923.It Va routed_program 2924.Pq Vt str 2925If 2926.Va routed_enable 2927is set to 2928.Dq Li YES , 2929this is the name of the routing daemon to use. 2930.It Va route6d_program 2931.Pq Vt str 2932The IPv6 equivalent of 2933.Va routed_program . 2934.It Va routed_flags 2935.Pq Vt str 2936If 2937.Va routed_enable 2938is set to 2939.Dq Li YES , 2940these are the flags to pass to the routing daemon. 2941.It Va route6d_flags 2942.Pq Vt str 2943The IPv6 equivalent of 2944.Va routed_flags . 2945.It Va rtadvd_enable 2946.Pq Vt bool 2947If set to 2948.Dq Li YES , 2949run the 2950.Xr rtadvd 8 2951daemon at boot time. 2952The 2953.Xr rtadvd 8 2954utility sends ICMPv6 Router Advertisement messages to 2955the interfaces specified in 2956.Va rtadvd_interfaces . 2957This should only be enabled with great care. 2958You may want to fine-tune 2959.Xr rtadvd.conf 5 . 2960.It Va rtadvd_interfaces 2961.Pq Vt str 2962If 2963.Va rtadvd_enable 2964is set to 2965.Dq Li YES 2966this is the list of interfaces to use. 2967.It Va arpproxy_all 2968.Pq Vt bool 2969If set to 2970.Dq Li YES , 2971enable global proxy ARP. 2972.It Va forward_sourceroute 2973.Pq Vt bool 2974If set to 2975.Dq Li YES 2976and 2977.Va gateway_enable 2978is also set to 2979.Dq Li YES , 2980source-routed packets are forwarded. 2981.It Va accept_sourceroute 2982.Pq Vt bool 2983If set to 2984.Dq Li YES , 2985the system will accept source-routed packets directed at it. 2986.It Va rarpd_enable 2987.Pq Vt bool 2988If set to 2989.Dq Li YES , 2990run the 2991.Xr rarpd 8 2992daemon at system boot time. 2993.It Va rarpd_flags 2994.Pq Vt str 2995If 2996.Va rarpd_enable 2997is set to 2998.Dq Li YES , 2999these are the flags to pass to the 3000.Xr rarpd 8 3001daemon. 3002.It Va bootparamd_enable 3003.Pq Vt bool 3004If set to 3005.Dq Li YES , 3006run the 3007.Xr bootparamd 8 3008daemon at system boot time. 3009.It Va bootparamd_flags 3010.Pq Vt str 3011If 3012.Va bootparamd_enable 3013is set to 3014.Dq Li YES , 3015these are the flags to pass to the 3016.Xr bootparamd 8 3017daemon. 3018.It Va stf_interface_ipv4addr 3019.Pq Vt str 3020If not set to 3021.Dq Li NO , 3022this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3023interface). 3024Specify this entry to enable the 6to4 interface. 3025.It Va stf_interface_ipv4plen 3026.Pq Vt int 3027Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3028An effective value is 0-31. 3029.It Va stf_interface_ipv6_ifid 3030.Pq Vt str 3031IPv6 interface ID for 3032.Xr stf 4 . 3033This can be set to 3034.Dq Li AUTO . 3035.It Va stf_interface_ipv6_slaid 3036.Pq Vt str 3037IPv6 Site Level Aggregator for 3038.Xr stf 4 . 3039.It Va ipv6_ipv4mapping 3040.Pq Vt bool 3041If set to 3042.Dq Li YES 3043this enables IPv4 mapped IPv6 address communication (like 3044.Li ::ffff:a.b.c.d ) . 3045.It Va rtsold_enable 3046.Pq Vt bool 3047Set to 3048.Dq Li YES 3049to enable the 3050.Xr rtsold 8 3051daemon to send ICMPv6 Router Solicitation messages. 3052.It Va rtsold_flags 3053.Pq Vt str 3054If 3055.Va rtsold_enable 3056is set to 3057.Dq Li YES , 3058these are the flags to pass to 3059.Xr rtsold 8 . 3060.It Va rtsol_flags 3061.Pq Vt str 3062For interfaces configured with the 3063.Dq Li inet6 accept_rtadv 3064keyword, these are the flags to pass to 3065.Xr rtsol 8 . 3066.Pp 3067Note that 3068.Va rtsold_enable 3069is mutually exclusive to 3070.Va rtsol_flags ; 3071.Va rtsold_enable 3072takes precedence. 3073.It Va keybell 3074.Pq Vt str 3075The keyboard bell sound. 3076Set to 3077.Dq Li normal , 3078.Dq Li visual , 3079.Dq Li off , 3080or 3081.Dq Li NO 3082if the default behavior is desired. 3083For details, refer to the 3084.Xr kbdcontrol 1 3085manpage. 3086.It Va keyboard 3087.Pq Vt str 3088If set to a non-null string, the virtual console's keyboard input is 3089set to this device. 3090.It Va keymap 3091.Pq Vt str 3092If set to 3093.Dq Li NO , 3094no keymap is installed, otherwise the value is used to install 3095the keymap file found in 3096.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3097(if using 3098.Xr syscons 4 ) or 3099.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3100(if using 3101.Xr vt 4 ) . 3102.It Va keyrate 3103.Pq Vt str 3104The keyboard repeat speed. 3105Set to 3106.Dq Li slow , 3107.Dq Li normal , 3108.Dq Li fast , 3109or 3110.Dq Li NO 3111if the default behavior is desired. 3112.It Va keychange 3113.Pq Vt str 3114If not set to 3115.Dq Li NO , 3116attempt to program the function keys with the value. 3117The value should 3118be a single string of the form: 3119.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3120.It Va cursor 3121.Pq Vt str 3122Can be set to the value of 3123.Dq Li normal , 3124.Dq Li blink , 3125.Dq Li destructive , 3126or 3127.Dq Li NO 3128to set the cursor behavior explicitly or choose the default behavior. 3129.It Va scrnmap 3130.Pq Vt str 3131If set to 3132.Dq Li NO , 3133no screen map is installed, otherwise the value is used to install 3134the screen map file in 3135.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3136This parameter is ignored when using 3137.Xr vt 4 3138as the console driver. 3139.It Va font8x16 3140.Pq Vt str 3141If set to 3142.Dq Li NO , 3143the default 8x16 font value is used for screen size requests, otherwise 3144the value in 3145.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3146or 3147.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3148is used (depending on the console driver being used). 3149.It Va font8x14 3150.Pq Vt str 3151If set to 3152.Dq Li NO , 3153the default 8x14 font value is used for screen size requests, otherwise 3154the value in 3155.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3156or 3157.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3158is used (depending on the console driver being used). 3159.It Va font8x8 3160.Pq Vt str 3161If set to 3162.Dq Li NO , 3163the default 8x8 font value is used for screen size requests, otherwise 3164the value in 3165.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3166or 3167.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3168is used (depending on the console driver being used). 3169.It Va blanktime 3170.Pq Vt int 3171If set to 3172.Dq Li NO , 3173the default screen blanking interval is used, otherwise it is set 3174to 3175.Ar value 3176seconds. 3177.It Va saver 3178.Pq Vt str 3179If not set to 3180.Dq Li NO , 3181this is the actual screen saver to use 3182.Li ( blank , snake , daemon , 3183etc). 3184.It Va moused_nondefault_enable 3185.Pq Vt str 3186If set to 3187.Dq Li NO , 3188the mouse device specified on 3189the command line is not automatically treated as enabled by the 3190.Pa /etc/rc.d/moused 3191script. 3192Having this variable set to 3193.Dq Li YES 3194allows a 3195.Xr usb 4 3196mouse, 3197for example, 3198to be enabled as soon as it is plugged in. 3199.It Va moused_enable 3200.Pq Vt str 3201If set to 3202.Dq Li YES , 3203the 3204.Xr moused 8 3205daemon is started for doing cut/paste selection on the console. 3206.It Va moused_type 3207.Pq Vt str 3208This is the protocol type of the mouse connected to this host. 3209This variable must be set if 3210.Va moused_enable 3211is set to 3212.Dq Li YES . 3213The 3214.Xr moused 8 3215daemon 3216is able to detect the appropriate mouse type automatically in many cases. 3217Set this variable to 3218.Dq Li auto 3219to let the daemon detect it, or 3220select one from the following list if the automatic detection fails. 3221.Pp 3222If the mouse is attached to the PS/2 mouse port, choose 3223.Dq Li auto 3224or 3225.Dq Li ps/2 , 3226regardless of the brand and model of the mouse. 3227Likewise, if the 3228mouse is attached to the bus mouse port, choose 3229.Dq Li auto 3230or 3231.Dq Li busmouse . 3232All other protocols are for serial mice and will not work with 3233the PS/2 and bus mice. 3234If this is a USB mouse, 3235.Dq Li auto 3236is the only protocol type which will work. 3237.Pp 3238.Bl -tag -width ".Li x10mouseremote" -compact 3239.It Li microsoft 3240Microsoft mouse (serial) 3241.It Li intellimouse 3242Microsoft IntelliMouse (serial) 3243.It Li mousesystems 3244Mouse systems Corp.\& mouse (serial) 3245.It Li mmseries 3246MM Series mouse (serial) 3247.It Li logitech 3248Logitech mouse (serial) 3249.It Li busmouse 3250A bus mouse 3251.It Li mouseman 3252Logitech MouseMan and TrackMan (serial) 3253.It Li glidepoint 3254ALPS GlidePoint (serial) 3255.It Li thinkingmouse 3256Kensington ThinkingMouse (serial) 3257.It Li ps/2 3258PS/2 mouse 3259.It Li mmhittab 3260MM HitTablet (serial) 3261.It Li x10mouseremote 3262X10 MouseRemote (serial) 3263.It Li versapad 3264Interlink VersaPad (serial) 3265.El 3266.Pp 3267Even if the mouse is not in the above list, it may be compatible 3268with one in the list. 3269Refer to the manual page for 3270.Xr moused 8 3271for compatibility information. 3272.Pp 3273It should also be noted that while this is enabled, any 3274other client of the mouse (such as an X server) should access 3275the mouse through the virtual mouse device, 3276.Pa /dev/sysmouse , 3277and configure it as a 3278.Dq Li sysmouse 3279type mouse, since all 3280mouse data is converted to this single canonical format when 3281using 3282.Xr moused 8 . 3283If the client program does not support the 3284.Dq Li sysmouse 3285type, 3286specify the 3287.Dq Li mousesystems 3288type. 3289It is the second preferred type. 3290.It Va moused_port 3291.Pq Vt str 3292If 3293.Va moused_enable 3294is set to 3295.Dq Li YES , 3296this is the actual port the mouse is on. 3297It might be 3298.Pa /dev/cuau0 3299for a COM1 serial mouse, or 3300.Pa /dev/psm0 3301for a PS/2 mouse, for example. 3302.It Va moused_flags 3303.Pq Vt str 3304If 3305.Va moused_flags 3306is set, its value is used as an additional set of flags to pass to the 3307.Xr moused 8 3308daemon. 3309.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3310When 3311.Va moused_nondefault_enable 3312is enabled, and a 3313.Xr moused 8 3314daemon is started for a non-default port, the 3315.Va "moused_" Ns Ar XXX Ns Va "_flags" 3316set of options has precedence over and replaces the default 3317.Va moused_flags 3318(where 3319.Ar XXX 3320is the name of the non-default port, i.e.,\& 3321.Ar ums0 ) . 3322By setting 3323.Va "moused_" Ns Ar XXX Ns Va "_flags" 3324it is possible to set up a different set of default flags for each 3325.Xr moused 8 3326instance. 3327For example, you can use 3328.Dq Li "-3" 3329for the default 3330.Va moused_flags 3331to make your laptop's touchpad more comfortable to use, 3332but an empty set of options for 3333.Va moused_ums0_flags 3334when your 3335.Xr usb 4 3336mouse has three or more buttons. 3337.It Va mousechar_start 3338.Pq Vt int 3339If set to 3340.Dq Li NO , 3341the default mouse cursor character range 3342.Li 0xd0 Ns - Ns Li 0xd3 3343is used, 3344otherwise the range start is set 3345to 3346.Ar value 3347character, see 3348.Xr vidcontrol 1 . 3349Use if the default range is occupied in the language code table. 3350.It Va allscreens_flags 3351.Pq Vt str 3352If set, 3353.Xr vidcontrol 1 3354is run with these options for each of the virtual terminals 3355.Pq Pa /dev/ttyv* . 3356For example, 3357.Dq Fl m Cm on 3358will enable the mouse pointer on all virtual terminals 3359if 3360.Va moused_enable 3361is set to 3362.Dq Li YES . 3363.It Va allscreens_kbdflags 3364.Pq Vt str 3365If set, 3366.Xr kbdcontrol 1 3367is run with these options for each of the virtual terminals 3368.Pq Pa /dev/ttyv* . 3369For example, 3370.Dq Fl h Li 200 3371will set the 3372.Xr syscons 4 3373or 3374.Xr vt 4 3375scrollback (history) buffer to 200 lines. 3376.It Va cron_enable 3377.Pq Vt bool 3378If set to 3379.Dq Li YES , 3380run the 3381.Xr cron 8 3382daemon at system boot time. 3383.It Va cron_program 3384.Pq Vt str 3385Path to 3386.Xr cron 8 3387(default 3388.Pa /usr/sbin/cron ) . 3389.It Va cron_flags 3390.Pq Vt str 3391If 3392.Va cron_enable 3393is set to 3394.Dq Li YES , 3395these are the flags to pass to 3396.Xr cron 8 . 3397.It Va cron_dst 3398.Pq Vt bool 3399If set to 3400.Dq Li YES , 3401enable the special handling of transitions to and from the 3402Daylight Saving Time in 3403.Xr cron 8 3404(equivalent to using the flag 3405.Fl s ) . 3406.It Va lpd_program 3407.Pq Vt str 3408Path to 3409.Xr lpd 8 3410(default 3411.Pa /usr/sbin/lpd ) . 3412.It Va lpd_enable 3413.Pq Vt bool 3414If set to 3415.Dq Li YES , 3416run the 3417.Xr lpd 8 3418daemon at system boot time. 3419.It Va lpd_flags 3420.Pq Vt str 3421If 3422.Va lpd_enable 3423is set to 3424.Dq Li YES , 3425these are the flags to pass to the 3426.Xr lpd 8 3427daemon. 3428.It Va chkprintcap_enable 3429.Pq Vt bool 3430If set to 3431.Dq Li YES , 3432run the 3433.Xr chkprintcap 8 3434command before starting the 3435.Xr lpd 8 3436daemon. 3437.It Va chkprintcap_flags 3438.Pq Vt str 3439If 3440.Va lpd_enable 3441and 3442.Va chkprintcap_enable 3443are set to 3444.Dq Li YES , 3445these are the flags to pass to the 3446.Xr chkprintcap 8 3447program. 3448The default is 3449.Dq Li -d , 3450which causes missing directories to be created. 3451.It Va mta_start_script 3452.Pq Vt str 3453This variable specifies the full path to the script to run to start 3454a mail transfer agent. 3455The default is 3456.Pa /etc/rc.sendmail . 3457The 3458.Va sendmail_* 3459variables which 3460.Pa /etc/rc.sendmail 3461uses are documented in the 3462.Xr rc.sendmail 8 3463manual page. 3464.It Va dumpdev 3465.Pq Vt str 3466Indicates the device (usually a swap partition) to which a crash dump 3467should be written in the event of a system crash. 3468If the value of this variable is 3469.Dq Li AUTO , 3470the first suitable swap device listed in 3471.Pa /etc/fstab 3472will be used as dump device. 3473Otherwise, the value of this variable is passed as the argument to 3474.Xr dumpon 8 3475and 3476.Xr savecore 8 . 3477To disable crash dumps, set this variable to 3478.Dq Li NO . 3479.It Va dumpon_flags 3480.Pq Vt str 3481Flags to pass to 3482.Xr dumpon 8 3483when configuring 3484.Va dumpdev 3485as the system dump device. 3486.It Va dumpdir 3487.Pq Vt str 3488When the system reboots after a crash and a crash dump is found on the 3489device specified by the 3490.Va dumpdev 3491variable, 3492.Xr savecore 8 3493will save that crash dump and a copy of the kernel to the directory 3494specified by the 3495.Va dumpdir 3496variable. 3497The default value is 3498.Pa /var/crash . 3499Set to 3500.Dq Li NO 3501to not run 3502.Xr savecore 8 3503at boot time when 3504.Va dumpdir 3505is set. 3506.It Va savecore_enable 3507.Pq Vt bool 3508If set to 3509.Dq Li NO , 3510disable automatic extraction of the crash dump from the 3511.Va dumpdev . 3512.It Va savecore_flags 3513.Pq Vt str 3514If crash dumps are enabled, these are the flags to pass to the 3515.Xr savecore 8 3516utility. 3517.It Va quota_enable 3518.Pq Vt bool 3519Set to 3520.Dq Li YES 3521to turn on user and group disk quotas on system startup via the 3522.Xr quotaon 8 3523command for all file systems marked as having quotas enabled in 3524.Pa /etc/fstab . 3525The kernel must be built with 3526.Cd "options QUOTA" 3527for disk quotas to function. 3528.It Va check_quotas 3529.Pq Vt bool 3530Set to 3531.Dq Li YES 3532to enable user and group disk quota checking via the 3533.Xr quotacheck 8 3534command. 3535.It Va quotacheck_flags 3536.Pq Vt str 3537If 3538.Va quota_enable 3539is set to 3540.Dq Li YES , 3541and 3542.Va check_quotas 3543is set to 3544.Dq Li YES , 3545these are the flags to pass to the 3546.Xr quotacheck 8 3547utility. 3548The default is 3549.Dq Li "-a" , 3550which checks quotas for all file systems with quotas enabled in 3551.Pa /etc/fstab . 3552.It Va quotaon_flags 3553.Pq Vt str 3554If 3555.Va quota_enable 3556is set to 3557.Dq Li YES , 3558these are the flags to pass to the 3559.Xr quotaon 8 3560utility. 3561The default is 3562.Dq Li "-a" , 3563which enables quotas for all file systems with quotas enabled in 3564.Pa /etc/fstab . 3565.It Va quotaoff_flags 3566.Pq Vt str 3567If 3568.Va quota_enable 3569is set to 3570.Dq Li YES , 3571these are the flags to pass to the 3572.Xr quotaoff 8 3573utility when shutting down the quota system. 3574The default is 3575.Dq Li "-a" , 3576which disables quotas for all file systems with quotas enabled in 3577.Pa /etc/fstab . 3578.It Va accounting_enable 3579.Pq Vt bool 3580Set to 3581.Dq Li YES 3582to enable system accounting through the 3583.Xr accton 8 3584facility. 3585.It Va firstboot_sentinel 3586.Pq Vt str 3587This variable specifies the full path to a 3588.Dq first boot 3589sentinel file. 3590If a file exists with this path, 3591.Pa rc.d 3592scripts with the 3593.Dq firstboot 3594keyword will be run on startup and the sentinel file will be deleted 3595after the boot process completes. 3596The sentinel file must be located on a writable file system which is 3597mounted no later than 3598.Va early_late_divider 3599to function properly. 3600The default is 3601.Pa /firstboot . 3602.It Va linux_enable 3603.Pq Vt bool 3604Set to 3605.Dq Li YES 3606to enable Linux/ELF binary emulation at system initial 3607boot time. 3608.It Va sysvipc_enable 3609.Pq Vt bool 3610If set to 3611.Dq Li YES , 3612load System V IPC primitives at boot time. 3613.It Va clear_tmp_enable 3614.Pq Vt bool 3615Set to 3616.Dq Li YES 3617to have 3618.Pa /tmp 3619cleaned at startup. 3620.It Va clear_tmp_X 3621.Pq Vt bool 3622Set to 3623.Dq Li NO 3624to disable removing of X11 lock files, 3625and the removal and (secure) recreation 3626of the various socket directories for X11 3627related programs. 3628.It Va ldconfig_paths 3629.Pq Vt str 3630Set to the list of shared library paths to use with 3631.Xr ldconfig 8 . 3632NOTE: 3633.Pa /lib 3634and 3635.Pa /usr/lib 3636will always be added first, so they need not appear in this list. 3637.It Va ldconfig32_paths 3638.Pq Vt str 3639Set to the list of 32-bit compatibility shared library paths to 3640use with 3641.Xr ldconfig 8 . 3642.It Va ldconfig_insecure 3643.Pq Vt bool 3644The 3645.Xr ldconfig 8 3646utility normally refuses to use directories 3647which are writable by anyone except root. 3648Set this variable to 3649.Dq Li YES 3650to disable that security check during system startup. 3651.It Va ldconfig_local_dirs 3652.Pq Vt str 3653Set to the list of local 3654.Xr ldconfig 8 3655directories. 3656The names of all files in the directories listed will be 3657passed as arguments to 3658.Xr ldconfig 8 . 3659.It Va ldconfig_local32_dirs 3660.Pq Vt str 3661Set to the list of local 32-bit compatibility 3662.Xr ldconfig 8 3663directories. 3664The names of all files in the directories listed will be 3665passed as arguments to 3666.Dq Nm ldconfig Fl 32 . 3667.It Va kern_securelevel_enable 3668.Pq Vt bool 3669Set to 3670.Dq Li YES 3671to set the kernel security level at system startup. 3672.It Va kern_securelevel 3673.Pq Vt int 3674The kernel security level to set at startup. 3675The allowed range of 3676.Ar value 3677ranges from \-1 (the compile time default) to 3 (the 3678most secure). 3679See 3680.Xr security 7 3681for the list of possible security levels and their effect 3682on system operation. 3683.It Va sshd_program 3684.Pq Vt str 3685Path to the SSH server program 3686.Pa ( /usr/sbin/sshd 3687is the default). 3688.It Va sshd_enable 3689.Pq Vt bool 3690Set to 3691.Dq Li YES 3692to start 3693.Xr sshd 8 3694at system boot time. 3695.It Va sshd_flags 3696.Pq Vt str 3697If 3698.Va sshd_enable 3699is set to 3700.Dq Li YES , 3701these are the flags to pass to the 3702.Xr sshd 8 3703daemon. 3704.It Va ftpd_program 3705.Pq Vt str 3706Path to the FTP server program 3707.Pa ( /usr/libexec/ftpd 3708is the default). 3709.It Va ftpd_enable 3710.Pq Vt bool 3711Set to 3712.Dq Li YES 3713to start 3714.Xr ftpd 8 3715as a stand-alone daemon at system boot time. 3716.It Va ftpd_flags 3717.Pq Vt str 3718If 3719.Va ftpd_enable 3720is set to 3721.Dq Li YES , 3722these are the additional flags to pass to the 3723.Xr ftpd 8 3724daemon. 3725.It Va watchdogd_enable 3726.Pq Vt bool 3727If set to 3728.Dq Li YES , 3729start the 3730.Xr watchdogd 8 3731daemon at boot time. 3732This requires that the kernel have been compiled with a 3733.Xr watchdog 4 3734compatible device. 3735.It Va watchdogd_flags 3736.Pq Vt str 3737If 3738.Va watchdogd_enable 3739is set to 3740.Dq Li YES , 3741these are the flags passed to the 3742.Xr watchdogd 8 3743daemon. 3744.It Va watchdogd_timeout 3745.Pq Vt int 3746If 3747.Va watchdogd_enable 3748is set to 3749.Dq Li YES , 3750this is a timeout that will be used by the 3751.Xr watchdogd 8 3752daemon. 3753If this option is set, it overrides 3754.Fl t 3755in 3756.Va watchdogd_flags . 3757.It Va watchdogd_shutdown_timeout 3758.Pq Vt int 3759If 3760.Va watchdogd_enable 3761is set to 3762.Dq Li YES , 3763this is a timeout that will be set by the 3764.Xr watchdogd 8 3765daemon when it exits during the system shutdown. 3766This timeout will not be set when returning to the single-user mode 3767or when the watchdogd service is stopped individually using the 3768.Xr service 8 3769command or the rc.d script. 3770Note that the timeout will be applied if 3771.Xr watchdogd 8 3772is stopped outside of 3773.Xr rc 8 3774framework. 3775If this option is set, it overrides 3776.Fl x 3777in 3778.Va watchdogd_flags . 3779.It Va devfs_rulesets 3780.Pq Vt str 3781List of files containing sets of rules for 3782.Xr devfs 8 . 3783.It Va devfs_system_ruleset 3784.Pq Vt str 3785Rule name(s) to apply to the system 3786.Pa /dev 3787itself. 3788.It Va devfs_set_rulesets 3789.Pq Vt str 3790Pairs of already-mounted 3791.Pa dev 3792directories and rulesets that should be applied to them. 3793For example: /mount/dev=ruleset_name 3794.It Va devfs_load_rulesets 3795.Pq Vt bool 3796If set, always load the default rulesets listed in 3797.Va devfs_rulesets . 3798.It Va performance_cx_lowest 3799.Pq Vt str 3800CPU idle state to use while on AC power. 3801The string 3802.Dq Li LOW 3803indicates that 3804.Xr acpi 4 3805should use the lowest power state available while 3806.Dq Li HIGH 3807indicates that the lowest latency state (less power savings) should be used. 3808.It Va performance_cpu_freq 3809.Pq Vt str 3810CPU clock frequency to use while on AC power. 3811The string 3812.Dq Li LOW 3813indicates that 3814.Xr cpufreq 4 3815should use the lowest frequency available while 3816.Dq Li HIGH 3817indicates that the highest frequency (less power savings) should be used. 3818.It Va economy_cx_lowest 3819.Pq Vt str 3820CPU idle state to use when off AC power. 3821The string 3822.Dq Li LOW 3823indicates that 3824.Xr acpi 4 3825should use the lowest power state available while 3826.Dq Li HIGH 3827indicates that the lowest latency state (less power savings) should be used. 3828.It Va economy_cpu_freq 3829.Pq Vt str 3830CPU clock frequency to use when off AC power. 3831The string 3832.Dq Li LOW 3833indicates that 3834.Xr cpufreq 4 3835should use the lowest frequency available while 3836.Dq Li HIGH 3837indicates that the highest frequency (less power savings) should be used. 3838.It Va jail_enable 3839.Pq Vt bool 3840If set to 3841.Dq Li NO , 3842any configured jails will not be started. 3843.It Va jail_conf 3844.Pq Vt str 3845The configuration filename used by 3846.Xr jail 8 3847utility. 3848The default value is 3849.Pa /etc/jail.conf . 3850.It Va jail_parallel_start 3851.Pq Vt bool 3852If set to 3853.Dq Li YES , 3854all configured jails will be started in the background (in parallel). 3855.It Va jail_flags 3856.Pq Vt str 3857Unset by default. 3858When set, use as default value for 3859.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3860for every jail in 3861.Va jail_list . 3862.It Va jail_list 3863.Pq Vt str 3864A space-delimited list of jail names. 3865When left empty, all of the 3866.Xr jail 8 3867instances defined in the configuration file are started. 3868The names specified in this list control the jail startup order. 3869.Xr jail 8 3870instances missing from 3871.Va jail_list 3872must be started manually. 3873Note that a jail's 3874.Va depend 3875parameter in the configuration file may override this list. 3876.It Va jail_reverse_stop 3877.Pq Vt bool 3878When set to 3879.Dq Li YES , 3880all configured jails in 3881.Va jail_list 3882are stopped in reverse order. 3883.It Va jail_ Ns * variables 3884Note that older releases supported per-jail configuration via 3885.Nm 3886variables. 3887For example, 3888hostname of a jail named 3889.Li vjail 3890was able to be set by 3891.Li jail_vjail_hostname . 3892These per-jail configuration variables are now obsolete in favor of 3893.Xr jail 8 3894configuration file. 3895For backward compatibility, 3896when per-jail configuration variables are defined, 3897.Xr jail 8 3898configuration files are created as 3899.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3900and used. 3901.Pp 3902The following per-jail parameters are handled by 3903.Pa rc.d/jail 3904script out of their corresponding 3905.Nm 3906variables. 3907In addition to them, parameters in 3908.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3909will be added to the configuration file. 3910They must be a semi-colon 3911.Pq Ql \&; 3912delimited list of 3913.Dq key=value . 3914For more details, 3915see 3916.Xr jail 8 3917manual page. 3918.Bl -tag -width "host.hostname" -offset indent 3919.It Li path 3920set from 3921.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3922.It Li host.hostname 3923set from 3924.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3925.It Li exec.consolelog 3926set from 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3928The default value is 3929.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3930.It Li interface 3931set from 3932.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3933.It Li vnet.interface 3934set from 3935.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3936This implies 3937.Li vnet 3938parameter will be enabled and cannot be specified with 3939.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3940.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3941and/or 3942.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3943at the same time. 3944.It Li fstab 3945set from 3946.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3947.It Li mount 3948set from 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3950.It Li exec.fib 3951set from 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3953.It Li exec.start 3954set from 3955.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3956The parameter name was 3957.Li command 3958in some older releases. 3959.It Li exec.prestart 3960set from 3961.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3962.It Li exec.poststart 3963set from 3964.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3965.It Li exec.stop 3966set from 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3968.It Li exec.prestop 3969set from 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3971.It Li exec.poststop 3972set from 3973.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3974.It Li ip4.addr 3975set if 3976.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3977or 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3979contain IPv4 addresses 3980.It Li ip6.addr 3981set if 3982.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3983or 3984.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3985contain IPv6 addresses 3986.It Li allow.mount 3987set from 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3989.It Li mount.devfs 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3992.It Li devfs_ruleset 3993set from 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3995This must be an integer, 3996not a string. 3997.It Li mount.fdescfs 3998set from 3999.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4000.It Li allow.set_hostname 4001set from 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4003.It Li allow.rawsocket 4004set from 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4006.It Li allow.sysvipc 4007set from 4008.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4009.El 4010.\" ----------------------------------------------------- 4011.It Va harvest_mask 4012.Pq Vt int 4013Set to a bit-mask 4014representing the entropy sources 4015you wish to harvest. 4016Refer to 4017.Xr random 4 4018for more information. 4019.It Va entropy_dir 4020.Pq Vt str 4021Set to 4022.Dq Li NO 4023to disable caching entropy via 4024.Xr cron 8 . 4025Otherwise set to the directory 4026in which the entropy files are stored. 4027To be useful, 4028there must be 4029a system cron job 4030that regularly writes and rotates 4031files here. 4032All files found 4033will be used at boot time. 4034The default is 4035.Pa /var/db/entropy . 4036.It Va entropy_file 4037.Pq Vt str 4038Set to 4039.Dq Li NO 4040to disable caching entropy through reboots. 4041Otherwise set to the name 4042of a file used to store cached entropy. 4043This file should be located 4044on a file system that is readable 4045before all the volumes specified in 4046.Xr fstab 5 4047are mounted. 4048By default, 4049.Pa /entropy 4050is used, 4051but if 4052.Pa /var/db/entropy-file 4053is found it will also be used. 4054This will be of some use to 4055.Xr bsdinstall 8 . 4056.It Va entropy_boot_file 4057.Pq Vt str 4058Set to 4059.Dq Li NO 4060to disable 4061very early caching entropy 4062through reboots. 4063Otherwise set to the filename 4064used to read 4065very early reboot cached entropy. 4066This file should be located where 4067.Xr loader 8 4068can read it. 4069See also 4070.Xr loader.conf 5 . 4071The default location is 4072.Pa /boot/entropy . 4073.It Va entropy_save_sz 4074.Pq Vt int 4075Size of the entropy cache files saved by 4076.Nm save-entropy 4077periodically. 4078.It Va entropy_save_num 4079.Pq Vt int 4080Number of entropy cache files to save by 4081.Nm save-entropy 4082periodically. 4083.It Va ipsec_enable 4084.Pq Vt bool 4085Set to 4086.Dq Li YES 4087to run 4088.Xr setkey 8 4089on 4090.Va ipsec_file 4091at boot time. 4092.It Va ipsec_file 4093.Pq Vt str 4094Configuration file for 4095.Xr setkey 8 . 4096.It Va dmesg_enable 4097.Pq Vt bool 4098Set to 4099.Dq Li YES 4100to save 4101.Xr dmesg 8 4102to 4103.Pa /var/run/dmesg.boot 4104on boot. 4105.It Va rcshutdown_timeout 4106.Pq Vt int 4107If set, start a watchdog timer in the background which will terminate 4108.Pa rc.shutdown 4109if 4110.Xr shutdown 8 4111has not completed within the specified time (in seconds). 4112Notice that in addition to this soft timeout, 4113.Xr init 8 4114also applies a hard timeout for the execution of 4115.Pa rc.shutdown . 4116This is configured via 4117.Xr sysctl 8 4118variable 4119.Va kern.init_shutdown_timeout 4120and defaults to 120 seconds. 4121Setting the value of 4122.Va rcshutdown_timeout 4123to more than 120 seconds will have no effect until the 4124.Xr sysctl 8 4125variable 4126.Va kern.init_shutdown_timeout 4127is also increased. 4128.It Va virecover_enable 4129.Pq Vt bool 4130Set to 4131.Dq Li NO 4132to prevent the system from trying to 4133recover pre-maturely terminated 4134.Xr vi 1 4135sessions. 4136.It Va ugidfw_enable 4137.Pq Vt bool 4138Set to 4139.Dq Li YES 4140to load the 4141.Xr mac_bsdextended 4 4142module upon system initialization and load a default 4143ruleset file. 4144.It Va bsdextended_script 4145.Pq Vt str 4146The default 4147.Xr mac_bsdextended 4 4148ruleset file to load. 4149The default value of this variable is 4150.Pa /etc/rc.bsdextended . 4151.It Va newsyslog_enable 4152.Pq Vt bool 4153If set to 4154.Dq Li YES , 4155run 4156.Xr newsyslog 8 4157command at startup. 4158.It Va newsyslog_flags 4159.Pq Vt str 4160If 4161.Va newsyslog_enable 4162is set to 4163.Dq Li YES , 4164these are the flags to pass to the 4165.Xr newsyslog 8 4166program. 4167The default is 4168.Dq Li -CN , 4169which causes log files flagged with a 4170.Cm C 4171to be created. 4172.It Va mdconfig_md Ns Aq Ar X 4173.Pq Vt str 4174Arguments to 4175.Xr mdconfig 8 4176for 4177.Xr md 4 4178device 4179.Ar X . 4180At minimum a 4181.Fl t Ar type 4182must be specified and either a 4183.Fl s Ar size 4184for malloc or swap backed 4185.Xr md 4 4186devices or a 4187.Fl f Ar file 4188for vnode backed 4189.Xr md 4 4190devices. 4191Note that 4192.Va mdconfig_md Ns Aq Ar X 4193variables are evaluated until one variable is unset or null. 4194.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4195.Pq Vt str 4196Optional arguments passed to 4197.Xr newfs 8 4198to initialize 4199.Xr md 4 4200device 4201.Ar X . 4202.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4203.Pq Vt str 4204An ownership specification passed to 4205.Xr chown 8 4206after the specified 4207.Xr md 4 4208device 4209.Ar X 4210has been mounted. 4211Both the 4212.Xr md 4 4213device and the mount point will be changed. 4214.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4215.Pq Vt str 4216A mode string passed to 4217.Xr chmod 1 4218after the specified 4219.Xr md 4 4220device 4221.Ar X 4222has been mounted. 4223Both the 4224.Xr md 4 4225device and the mount point will be changed. 4226.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4227.Pq Vt str 4228Files to be copied to the mount point of the 4229.Xr md 4 4230device 4231.Ar X 4232after it has been mounted. 4233.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4234.Pq Vt str 4235Command to execute after the specified 4236.Xr md 4 4237device 4238.Ar X 4239has been mounted. 4240Note that the command is passed to 4241.Ic eval 4242and that both 4243.Va _dev 4244and 4245.Va _mp 4246variables can be used to reference respectively the 4247.Xr md 4 4248device and the mount point. 4249Assuming that the 4250.Xr md 4 4251device is 4252.Li md0 , 4253one could set the following: 4254.Bd -literal 4255mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4256.Ed 4257.It Va autobridge_interfaces 4258.Pq Vt str 4259Set to the list of bridge interfaces that will have newly arriving interfaces 4260checked against to be automatically added. 4261If not set to 4262.Dq Li NO 4263then for each whitespace separated 4264.Ar element 4265in the value, a 4266.Va autobridge_ Ns Aq Ar element 4267variable is assumed to exist which has a whitespace separated list of interface 4268names to match, these names can use wildcards. 4269For example: 4270.Bd -literal 4271autobridge_interfaces="bridge0" 4272autobridge_bridge0="tap* dc0 vlan[345]" 4273.Ed 4274.It Va mixer_enable 4275.Pq Vt bool 4276If set to 4277.Dq Li YES , 4278enable support for sound mixer. 4279.It Va hcsecd_enable 4280.Pq Vt bool 4281If set to 4282.Dq Li YES , 4283enable Bluetooth security daemon. 4284.It Va hcsecd_config 4285.Pq Vt str 4286Configuration file for 4287.Xr hcsecd 8 . 4288Default 4289.Pa /etc/bluetooth/hcsecd.conf . 4290.It Va sdpd_enable 4291.Pq Vt bool 4292If set to 4293.Dq Li YES , 4294enable Bluetooth Service Discovery Protocol daemon. 4295.It Va sdpd_control 4296.Pq Vt str 4297Path to 4298.Xr sdpd 8 4299control socket. 4300Default 4301.Pa /var/run/sdp . 4302.It Va sdpd_groupname 4303.Pq Vt str 4304Sets 4305.Xr sdpd 8 4306group to run as after it initializes. 4307Default 4308.Dq Li nobody . 4309.It Va sdpd_username 4310.Pq Vt str 4311Sets 4312.Xr sdpd 8 4313user to run as after it initializes. 4314Default 4315.Dq Li nobody . 4316.It Va bthidd_enable 4317.Pq Vt bool 4318If set to 4319.Dq Li YES , 4320enable Bluetooth Human Interface Device daemon. 4321.It Va bthidd_config 4322.Pq Vt str 4323Configuration file for 4324.Xr bthidd 8 . 4325Default 4326.Pa /etc/bluetooth/bthidd.conf . 4327.It Va bthidd_hids 4328.Pq Vt str 4329Path to a file, where 4330.Xr bthidd 8 4331will store information about known HID devices. 4332Default 4333.Pa /var/db/bthidd.hids . 4334.It Va rfcomm_pppd_server_enable 4335.Pq Vt bool 4336If set to 4337.Dq Li YES , 4338enable Bluetooth RFCOMM PPP wrapper daemon. 4339.It Va rfcomm_pppd_server_profile 4340.Pq Vt str 4341The name of the profile to use from 4342.Pa /etc/ppp/ppp.conf . 4343Multiple profiles can be specified here. 4344Also used to specify per-profile overrides. 4345When the profile name contains any of the characters 4346.Dq Li .-/+ 4347they are translated to 4348.Dq Li _ 4349for the proposes of the override variable names. 4350.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4351.Pq Vt str 4352Overrides local address to listen on. 4353By default 4354.Xr rfcomm_pppd 8 4355will listen on 4356.Dq Li ANY 4357address. 4358The address can be specified as BD_ADDR or name. 4359.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4360.Pq Vt str 4361Overrides local RFCOMM channel to listen on. 4362By default 4363.Xr rfcomm_pppd 8 4364will listen on RFCOMM channel 1. 4365Must set properly if multiple profiles used in the same time. 4366.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4367.Pq Vt bool 4368Tells 4369.Xr rfcomm_pppd 8 4370if it should register Serial Port service on the specified RFCOMM channel. 4371Default 4372.Dq Li NO . 4373.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4374.Pq Vt bool 4375Tells 4376.Xr rfcomm_pppd 8 4377if it should register Dial-Up Networking service on the specified 4378RFCOMM channel. 4379Default 4380.Dq Li NO . 4381.It Va ubthidhci_enable 4382.Pq Vt bool 4383If set to 4384.Dq Li YES , 4385change the USB Bluetooth controller from HID mode to HCI mode. 4386You also need to specify the location of USB Bluetooth controller with the 4387.Va ubthidhci_busnum 4388and 4389.Va ubthidhci_addr 4390variables. 4391.It Va ubthidhci_busnum 4392Bus number where the USB Bluetooth controller is located. 4393Check the output of 4394.Xr usbconfig 8 4395on your system to find this information. 4396.It Va ubthidhci_addr 4397Bus address of the USB Bluetooth controller. 4398Check the output of 4399.Xr usbconfig 8 4400on your system to find this information. 4401.It Va netwait_enable 4402.Pq Vt bool 4403If set to 4404.Dq Li YES , 4405delays the start of network-reliant services until 4406.Va netwait_if 4407is up and ICMP packets to a destination defined in 4408.Va netwait_ip 4409are flowing. 4410Link state is examined first, followed by 4411.Dq Li pinging 4412an IP address to verify network usability. 4413If no destination can be reached or timeouts are exceeded, 4414network services are started anyway with no guarantee that 4415the network is usable. 4416Use of this variable requires both 4417.Va netwait_ip 4418and 4419.Va netwait_if 4420to be set. 4421.It Va netwait_ip 4422.Pq Vt str 4423Empty by default. 4424This variable contains a space-delimited list of IP addresses to 4425.Xr ping 8 . 4426DNS hostnames should not be used as resolution is not guaranteed 4427to be functional at this point. 4428If multiple IP addresses are specified, 4429each will be tried until one is successful or the list is exhausted. 4430.It Va netwait_timeout 4431.Pq Vt int 4432Indicates the total number of seconds to perform a 4433.Dq Li ping 4434against each IP address in 4435.Va netwait_ip , 4436at a rate of one ping per second. 4437If any of the pings are successful, 4438full network connectivity is considered reliable. 4439The default is 60. 4440.It Va netwait_if 4441.Pq Vt str 4442Empty by default. 4443Defines the name of the network interface on which watch for link. 4444.Xr ifconfig 8 4445is used to monitor the interface, looking for 4446.Dq Li status: no carrier . 4447Once gone, the link is considered up. 4448This can be a 4449.Xr vlan 4 4450interface if desired. 4451.It Va netwait_if_timeout 4452.Pq Vt int 4453Defines the total number of seconds to wait for link to become usable, 4454polled at a 1-second interval. 4455The default is 30. 4456.It Va rctl_enable 4457.Pq Vt bool 4458If set to 4459.Dq Li YES , 4460load 4461.Xr rctl 8 4462rules from the defined ruleset. 4463The kernel must be built with 4464.Cd "options RACCT" 4465and 4466.Cd "options RCTL" . 4467.It Va rctl_rules 4468.Pq Vt str 4469Set to 4470.Pa /etc/rctl.conf 4471by default. 4472This variables contains the 4473.Xr rctl.conf 5 4474ruleset to load for 4475.Xr rctl 8 . 4476.It Va iovctl_files 4477.Pq Vt str 4478A space-separated list of configuration files used by 4479.Xr iovctl 8 . 4480The default value is an empty string. 4481.It Va autofs_enable 4482.Pq Vt bool 4483If set to 4484.Dq Li YES , 4485start the 4486.Xr automount 8 4487utility and the 4488.Xr automountd 8 4489and 4490.Xr autounmountd 8 4491daemons at boot time. 4492.It Va automount_flags 4493.Pq Vt str 4494If 4495.Va autofs_enable 4496is set to 4497.Dq Li YES , 4498these are the flags to pass to the 4499.Xr automount 8 4500program. 4501By default no flags are passed. 4502.It Va automountd_flags 4503.Pq Vt str 4504If 4505.Va autofs_enable 4506is set to 4507.Dq Li YES , 4508these are the flags to pass to the 4509.Xr automountd 8 4510daemon. 4511By default no flags are passed. 4512.It Va autounmountd_flags 4513.Pq Vt str 4514If 4515.Va autofs_enable 4516is set to 4517.Dq Li YES , 4518these are the flags to pass to the 4519.Xr autounmountd 8 4520daemon. 4521By default no flags are passed. 4522.It Va ctld_enable 4523.Pq Vt bool 4524If set to 4525.Dq Li YES , 4526start the 4527.Xr ctld 8 4528daemon at boot time. 4529.It Va iscsid_enable 4530.Pq Vt bool 4531If set to 4532.Dq Li YES , 4533start the 4534.Xr iscsid 8 4535daemon at boot time. 4536.It Va iscsictl_enable 4537.Pq Vt bool 4538If set to 4539.Dq Li YES , 4540start the 4541.Xr iscsictl 8 4542utility at boot time. 4543.It Va iscsictl_flags 4544.Pq Vt str 4545If 4546.Va iscsictl_enable 4547is set to 4548.Dq Li YES , 4549these are the flags to pass to the 4550.Xr iscsictl 8 4551program. 4552The default is 4553.Dq Li -Aa , 4554which configures sessions based on the 4555.Pa /etc/iscsi.conf 4556configuration file. 4557.It Va cfumass_enable 4558.Pq Vt bool 4559If set to 4560.Dq Li YES , 4561create and export an USB LUN using 4562.Xr cfumass 4 4563at boot time. 4564.It Va cfumass_dir 4565.Pq Vt str 4566The directory where the files exported by USB LUN are located. 4567The default directory is 4568.Pa /var/cfumass . 4569.It Va service_delete_empty 4570.Pq Vt bool 4571If set to 4572.Dq Li YES , 4573.Ql Li service delete 4574removes empty 4575.Dq Li rc.conf.d 4576files. 4577.It Va zfs_bootonce_activate 4578.Pq Vt bool 4579If set to 4580.Dq Li YES , 4581and a boot environment marked bootonce is successfully booted, 4582it will be made permanently active. 4583.El 4584.Sh FILES 4585.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4586.It Pa /etc/defaults/rc.conf 4587.It Pa /etc/defaults/vendor.conf 4588.It Pa /etc/rc.conf 4589.It Pa /etc/rc.conf.local 4590.El 4591.Sh SEE ALSO 4592.Xr chmod 1 , 4593.Xr gdb 1 , 4594.Xr info 1 , 4595.Xr kbdcontrol 1 , 4596.Xr makewhatis 1 , 4597.Xr sh 1 , 4598.Xr vi 1 , 4599.Xr vidcontrol 1 , 4600.Xr bridge 4 , 4601.Xr dummynet 4 , 4602.Xr ip 4 , 4603.Xr ipf 4 , 4604.Xr ipfw 4 , 4605.Xr ipnat 4 , 4606.Xr kld 4 , 4607.Xr pf 4 , 4608.Xr pflog 4 , 4609.Xr pfsync 4 , 4610.Xr tcp 4 , 4611.Xr udp 4 , 4612.Xr exports 5 , 4613.Xr fstab 5 , 4614.Xr ipf 5 , 4615.Xr ipnat 5 , 4616.Xr jail.conf 5 , 4617.Xr loader.conf 5 , 4618.Xr motd 5 , 4619.Xr newsyslog.conf 5 , 4620.Xr pf.conf 5 , 4621.Xr security 7 , 4622.Xr accton 8 , 4623.Xr amd 8 , 4624.Xr apm 8 , 4625.Xr bsdinstall 8 , 4626.Xr bthidd 8 , 4627.Xr chkprintcap 8 , 4628.Xr chown 8 , 4629.Xr cron 8 , 4630.Xr devfs 8 , 4631.Xr dhclient 8 , 4632.Xr ftpd 8 , 4633.Xr geli 8 , 4634.Xr hcsecd 8 , 4635.Xr ifconfig 8 , 4636.Xr inetd 8 , 4637.Xr iovctl 8 , 4638.Xr ipf 8 , 4639.Xr ipfw 8 , 4640.Xr ipnat 8 , 4641.Xr jail 8 , 4642.Xr kldxref 8 , 4643.Xr loader 8 , 4644.Xr lpd 8 , 4645.Xr mdconfig 8 , 4646.Xr mdmfs 8 , 4647.Xr mixer 8 , 4648.Xr mountd 8 , 4649.Xr moused 8 , 4650.Xr newfs 8 , 4651.Xr newsyslog 8 , 4652.Xr nfsd 8 , 4653.Xr ntpd 8 , 4654.Xr ntpdate 8 , 4655.Xr pfctl 8 , 4656.Xr pflogd 8 , 4657.Xr ping 8 , 4658.Xr powerd 8 , 4659.Xr quotacheck 8 , 4660.Xr quotaon 8 , 4661.Xr rc 8 , 4662.Xr rc.sendmail 8 , 4663.Xr rfcomm_pppd 8 , 4664.Xr route 8 , 4665.Xr routed 8 , 4666.Xr rpc.lockd 8 , 4667.Xr rpc.statd 8 , 4668.Xr rpcbind 8 , 4669.Xr rwhod 8 , 4670.Xr savecore 8 , 4671.Xr sdpd 8 , 4672.Xr service 8 , 4673.Xr sshd 8 , 4674.Xr swapon 8 , 4675.Xr sysctl 8 , 4676.Xr syslogd 8 , 4677.Xr sysrc 8 , 4678.Xr timed 8 , 4679.Xr unbound 8 , 4680.Xr usbconfig 8 , 4681.Xr wlandebug 8 , 4682.Xr yp 8 , 4683.Xr ypbind 8 , 4684.Xr ypserv 8 , 4685.Xr ypset 8 4686.Sh HISTORY 4687The 4688.Nm 4689file appeared in 4690.Fx 2.2.2 . 4691.Sh AUTHORS 4692.An Jordan K. Hubbard . 4693