1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd May 6, 2012 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory, which will be included by the 74.Va load_rc_config 75function. 76For jail configurations you could use the file 77.Pa /etc/rc.conf.d/jail 78to store jail specific configuration options. 79Also see the 80.Va rc_conf_files 81variable below. 82.Pp 83Options are set with 84.Dq Ar name Ns Li = Ns Ar value 85assignments that use 86.Xr sh 1 87syntax. 88The following list provides a name and short description for each 89variable that can be set in the 90.Nm 91file: 92.Bl -tag -width indent-two 93.It Va rc_debug 94.Pq Vt bool 95If set to 96.Dq Li YES , 97enable output of debug messages from rc scripts. 98This variable can be helpful in diagnosing mistakes when 99editing or integrating new scripts. 100Beware that this produces copious output to the terminal and 101.Xr syslog 3 . 102.It Va rc_info 103.Pq Vt bool 104If set to 105.Dq Li NO , 106disable informational messages from the rc scripts. 107Informational messages are displayed when 108a condition that is not serious enough to warrant a warning or 109an error occurs. 110.It Va rc_startmsgs 111.Pq Vt bool 112If set to 113.Dq Li YES , 114show 115.Dq Starting foo: 116when faststart is used (e.g., at boot time). 117.It Va early_late_divider 118.Pq Vt str 119The name of the script that should be used as the 120delimiter between the 121.Dq early 122and 123.Dq late 124stages of the boot process. 125The early stage should contain all the services needed to 126get the disks (local or remote) mounted so that the late 127stage can include scripts contained in the directories 128listed in the 129.Va local_startup 130variable (see below). 131Thus, the two likely candidates for this value are 132.Pa mountcritlocal 133for the typical system, and 134.Pa mountcritremote 135if the system needs remote file 136systems mounted to get access to the 137.Va local_startup 138directories; for example when 139.Pa /usr/local 140is NFS mounted. 141For 142.Pa rc.conf 143within a 144.Xr jail 8 145.Pa NETWORKING 146is likely to be an appropriate value. 147Extreme care should be taken when changing this value, 148and before changing it one should ensure that there are 149adequate provisions to recover from a failed boot 150(such as physical contact with the machine, 151or reliable remote console access). 152.It Va always_force_depends 153.Pq Vt bool 154Various 155.Pa rc.d 156scripts use the force_depend function to check whether required 157services are already running, and to start them if necessary. 158By default during boot time this check is bypassed if the 159required service is enabled in 160.Pa /etc/rc.conf[.local] . 161Setting this option will bypass that check at boot time and 162always test whether or not the service is actually running. 163Enabling this option is likely to increase your boot time if 164services are enabled that utilize the force_depend check. 165.It Va swapfile 166.Pq Vt str 167If set to 168.Dq Li NO , 169no swapfile is installed, otherwise the value is used as the full 170pathname to a file to use for additional swap space. 171.It Va apm_enable 172.Pq Vt bool 173If set to 174.Dq Li YES , 175enable support for Automatic Power Management with 176the 177.Xr apm 8 178command. 179.It Va apmd_enable 180.Pq Vt bool 181Run 182.Xr apmd 8 183to handle APM event from userland. 184This also enables support for APM. 185.It Va apmd_flags 186.Pq Vt str 187If 188.Va apmd_enable 189is set to 190.Dq Li YES , 191these are the flags to pass to the 192.Xr apmd 8 193daemon. 194.It Va devd_enable 195.Pq Vt bool 196Run 197.Xr devd 8 198to handle device added, removed or unknown events from the kernel. 199.It Va ddb_enable 200.Pq Vt bool 201Run 202.Xr ddb 8 203to install 204.Xr ddb 4 205scripts at boot time. 206.It Va ddb_config 207.Pq Vt str 208Configuration file for 209.Xr ddb 8 . 210Default 211.Pa /etc/ddb.conf . 212.It Va kld_list 213.Pq Vt str 214A list of kernel modules to load right after the local 215disks are mounted. 216Loading modules at this point in the boot process is 217much faster than doing it via 218.Pa /boot/loader.conf 219for those modules not necessary for mounting local disk. 220.It Va kldxref_enable 221.Pq Vt bool 222Set to 223.Dq Li NO 224by default. 225Set to 226.Dq Li YES 227to automatically rebuild 228.Pa linker.hints 229files with 230.Xr kldxref 8 231at boot time. 232.It Va kldxref_clobber 233.Pq Vt bool 234Set to 235.Dq Li NO 236by default. 237If 238.Va kldxref_enable 239is true, 240setting to 241.Dq Li YES 242will overwrite existing 243.Pa linker.hints 244files at boot time. 245Otherwise, 246only missing 247.Pa linker.hints 248files are generated. 249.It Va kldxref_module_path 250.Pq Vt str 251Empty by default. 252A semi-colon 253.Pq Ql \&; 254delimited list of paths containing 255.Xr kld 4 256modules. 257If empty, 258the contents of the 259.Va kern.module_path 260.Xr sysctl 8 261are used. 262.It Va powerd_enable 263.Pq Vt bool 264If set to 265.Dq Li YES , 266enable the system power control facility with the 267.Xr powerd 8 268daemon. 269.It Va powerd_flags 270.Pq Vt str 271If 272.Va powerd_enable 273is set to 274.Dq Li YES , 275these are the flags to pass to the 276.Xr powerd 8 277daemon. 278.It Va tmpmfs 279Controls the creation of a 280.Pa /tmp 281memory file system. 282Always happens if set to 283.Dq Li YES 284and never happens if set to 285.Dq Li NO . 286If set to anything else, a memory file system is created if 287.Pa /tmp 288is not writable. 289.It Va tmpsize 290Controls the size of a created 291.Pa /tmp 292memory file system. 293.It Va tmpmfs_flags 294Extra options passed to the 295.Xr mdmfs 8 296utility when the memory file system for 297.Pa /tmp 298is created. 299The default is 300.Dq Li "-S" , 301which inhibits the use of softupdates on 302.Pa /tmp 303so that file system space is freed without delay 304after file truncation or deletion. 305See 306.Xr mdmfs 8 307for other options you can use in 308.Va tmpmfs_flags . 309.It Va varmfs 310Controls the creation of a 311.Pa /var 312memory file system. 313Always happens if set to 314.Dq Li YES 315and never happens if set to 316.Dq Li NO . 317If set to anything else, a memory file system is created if 318.Pa /var 319is not writable. 320.It Va varsize 321Controls the size of a created 322.Pa /var 323memory file system. 324.It Va varmfs_flags 325Extra options passed to the 326.Xr mdmfs 8 327utility when the memory file system for 328.Pa /var 329is created. 330The default is 331.Dq Li "-S" , 332which inhibits the use of softupdates on 333.Pa /var 334so that file system space is freed without delay 335after file truncation or deletion. 336See 337.Xr mdmfs 8 338for other options you can use in 339.Va varmfs_flags . 340.It Va populate_var 341Controls the automatic population of the 342.Pa /var 343file system. 344Always happens if set to 345.Dq Li YES 346and never happens if set to 347.Dq Li NO . 348If set to anything else, a memory file system is created if 349.Pa /var 350is not writable. 351Note that this process requires access to certain commands in 352.Pa /usr 353before 354.Pa /usr 355is mounted on normal systems. 356.It Va cleanvar_enable 357.Pq Vt bool 358Clean the 359.Pa /var 360directory. 361.It Va local_startup 362.Pq Vt str 363List of directories to search for startup script files. 364.It Va script_name_sep 365.Pq Vt str 366The field separator to use for breaking down the list of startup script files 367into individual filenames. 368The default is a space. 369It is not necessary to change this unless there are startup scripts with names 370containing spaces. 371.It Va hostapd_enable 372.Pq Vt bool 373Set to 374.Dq Li YES 375to start 376.Xr hostapd 8 377at system boot time. 378.It Va hostname 379.Pq Vt str 380The fully qualified domain name (FQDN) of this host on the network. 381This should almost certainly be set to something meaningful, even if 382there is no network connection. 383If 384.Xr dhclient 8 385is used to set the hostname via DHCP, 386this variable should be set to an empty string. 387If this value remains unset when the system is done booting 388your console login will display the default hostname of 389.Dq Amnesiac . 390.It Va nisdomainname 391.Pq Vt str 392The NIS domain name of this host, or 393.Dq Li NO 394if NIS is not used. 395.It Va dhclient_program 396.Pq Vt str 397Path to the DHCP client program 398.Pa ( /sbin/dhclient , 399the 400.Ox 401DHCP client, 402is the default). 403.It Va dhclient_flags 404.Pq Vt str 405Additional flags to pass to the DHCP client program. 406For the 407.Ox 408DHCP client, see the 409.Xr dhclient 8 410manpage for a description of the command line options available. 411.It Va dhclient_flags_ Ns Aq Ar iface 412Additional flags to pass to the DHCP client program running on 413.Ar iface 414only. 415When specified, this variable overrides 416.Va dhclient_flags . 417.It Va background_dhclient 418.Pq Vt bool 419Set to 420.Dq Li YES 421to start the DHCP client in background. 422This can cause trouble with applications depending on 423a working network, but it will provide a faster startup 424in many cases. 425.It Va background_dhclient_ Ns Aq Ar iface 426When specified, this variable overrides the 427.Va background_dhclient 428variable for interface 429.Ar iface 430only. 431.It Va synchronous_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start 436.Xr dhclient 8 437synchronously at startup. 438This behavior can be overridden on a per-interface basis by replacing 439the 440.Dq Li DHCP 441keyword in the 442.Va ifconfig_ Ns Aq Ar interface 443variable with 444.Dq Li SYNCDHCP 445or 446.Dq Li NOSYNCDHCP . 447.It Va defaultroute_delay 448.Pq Vt int 449When set to a positive value, wait up to this long after configuring 450DHCP interfaces at startup to give the interfaces time to receive a lease. 451.It Va firewall_enable 452.Pq Vt bool 453Set to 454.Dq Li YES 455to load firewall rules at startup. 456If the kernel was not built with 457.Cd "options IPFIREWALL" , 458the 459.Pa ipfw.ko 460kernel module will be loaded. 461See also 462.Va ipfilter_enable . 463.It Va firewall_script 464.Pq Vt str 465This variable specifies the full path to the firewall script to run. 466The default is 467.Pa /etc/rc.firewall . 468.It Va firewall_type 469.Pq Vt str 470Names the firewall type from the selection in 471.Pa /etc/rc.firewall , 472or the file which contains the local firewall ruleset. 473Valid selections from 474.Pa /etc/rc.firewall 475are: 476.Pp 477.Bl -tag -width ".Li simple" -compact 478.It Li open 479unrestricted IP access 480.It Li closed 481all IP services disabled, except via 482.Dq Li lo0 483.It Li client 484basic protection for a workstation 485.It Li simple 486basic protection for a LAN. 487.El 488.Pp 489If a filename is specified, the full path 490must be given. 491.It Va firewall_quiet 492.Pq Vt bool 493Set to 494.Dq Li YES 495to disable the display of firewall rules on the console during boot. 496.It Va firewall_logging 497.Pq Vt bool 498Set to 499.Dq Li YES 500to enable firewall event logging. 501This is equivalent to the 502.Dv IPFIREWALL_VERBOSE 503kernel option. 504.It Va firewall_flags 505.Pq Vt str 506Flags passed to 507.Xr ipfw 8 508if 509.Va firewall_type 510specifies a filename. 511.It Va firewall_coscripts 512.Pq Vt str 513List of executables and/or rc scripts to run after firewall starts/stops. 514Default is empty. 515.\" ----- firewall_nat_enable setting -------------------------------- 516.It Va firewall_nat_enable 517.Pq Vt bool 518The 519.Xr ipfw 8 520equivalent of 521.Va natd_enable . 522Setting this to 523.Dq Li YES 524enables kernel NAT. 525.Va firewall_enable 526must also be set to 527.Dq Li YES . 528.It Va firewall_nat_interface 529.Pq Vt str 530The 531.Xr ipfw 8 532equivalent of 533.Va natd_interface . 534This is the name of the public interface or IP address on which 535kernel NAT should run. 536.It Va firewall_nat_flags 537.Pq Vt str 538Additional configuration parameters for kernel NAT should be placed here. 539.It Va dummynet_enable 540.Pq Vt bool 541Setting this to 542.Dq Li YES 543will automatically load the 544.Xr dummynet 4 545module if 546.Va firewall_enable 547is also set to 548.Dq Li YES . 549.\" ------------------------------------------------------------------- 550.It Va natd_program 551.Pq Vt str 552Path to 553.Xr natd 8 . 554.It Va natd_enable 555.Pq Vt bool 556Set to 557.Dq Li YES 558to enable 559.Xr natd 8 . 560.Va firewall_enable 561must also be set to 562.Dq Li YES , 563and 564.Xr divert 4 565sockets must be enabled in the kernel. 566If the kernel was not built with 567.Cd "options IPDIVERT" , 568the 569.Pa ipdivert.ko 570kernel module will be loaded. 571.It Va natd_interface 572.Pq Vt str 573This is the name of the public interface on which 574.Xr natd 8 575should run. 576The interface may be given as an interface name or as an IP address. 577.It Va natd_flags 578.Pq Vt str 579Additional 580.Xr natd 8 581flags should be placed here. 582The 583.Fl n 584or 585.Fl a 586flag is automatically added with the above 587.Va natd_interface 588as an argument. 589.\" ----- ipfilter_enable setting -------------------------------- 590.It Va ipfilter_enable 591.Pq Vt bool 592Set to 593.Dq Li NO 594by default. 595Setting this to 596.Dq Li YES 597enables 598.Xr ipf 8 599packet filtering. 600.Pp 601Typical usage will require putting 602.Bd -literal 603ipfilter_enable="YES" 604ipnat_enable="YES" 605ipmon_enable="YES" 606ipfs_enable="YES" 607.Ed 608.Pp 609into 610.Pa /etc/rc.conf 611and editing 612.Pa /etc/ipf.rules 613and 614.Pa /etc/ipnat.rules 615appropriately. 616.Pp 617Note that 618.Va ipfilter_enable 619and 620.Va ipnat_enable 621can be enabled independently. 622.Va ipmon_enable 623and 624.Va ipfs_enable 625both require at least one of 626.Va ipfilter_enable 627and 628.Va ipnat_enable 629to be enabled. 630.Pp 631Having 632.Bd -literal 633options IPFILTER 634options IPFILTER_LOG 635options IPFILTER_DEFAULT_BLOCK 636.Ed 637.Pp 638in the kernel configuration file is a good idea, too. 639.\" ----- ipfilter_program setting ------------------------------ 640.It Va ipfilter_program 641.Pq Vt str 642Path to 643.Xr ipf 8 644(default 645.Pa /sbin/ipf ) . 646.\" ----- ipfilter_rules setting -------------------------------- 647.It Va ipfilter_rules 648.Pq Vt str 649Set to 650.Pa /etc/ipf.rules 651by default. 652This variable contains the name of the filter rule definition file. 653The file is expected to be readable for the 654.Xr ipf 8 655command to execute. 656.\" ----- ipv6_ipfilter_rules setting --------------------------- 657.It Va ipv6_ipfilter_rules 658.Pq Vt str 659Set to 660.Pa /etc/ipf6.rules 661by default. 662This variable contains the IPv6 filter rule definition file. 663The file is expected to be readable for the 664.Xr ipf 8 665command to execute. 666.\" ----- ipfilter_flags setting -------------------------------- 667.It Va ipfilter_flags 668.Pq Vt str 669Empty by default. 670This variable contains flags passed to the 671.Xr ipf 8 672program. 673.\" ----- ipnat_enable setting ---------------------------------- 674.It Va ipnat_enable 675.Pq Vt bool 676Set to 677.Dq Li NO 678by default. 679Set it to 680.Dq Li YES 681to enable 682.Xr ipnat 8 683network address translation. 684See 685.Va ipfilter_enable 686for a detailed discussion. 687.\" ----- ipnat_program setting --------------------------------- 688.It Va ipnat_program 689.Pq Vt str 690Path to 691.Xr ipnat 8 692(default 693.Pa /sbin/ipnat ) . 694.\" ----- ipnat_rules setting ----------------------------------- 695.It Va ipnat_rules 696.Pq Vt str 697Set to 698.Pa /etc/ipnat.rules 699by default. 700This variable contains the name of the file 701holding the network address translation definition. 702This file is expected to be readable for the 703.Xr ipnat 8 704command to execute. 705.\" ----- ipnat_flags setting ----------------------------------- 706.It Va ipnat_flags 707.Pq Vt str 708Empty by default. 709This variable contains flags passed to the 710.Xr ipnat 8 711program. 712.\" ----- ipmon_enable setting ---------------------------------- 713.It Va ipmon_enable 714.Pq Vt bool 715Set to 716.Dq Li NO 717by default. 718Set it to 719.Dq Li YES 720to enable 721.Xr ipmon 8 722monitoring (logging 723.Xr ipf 8 724and 725.Xr ipnat 8 726events). 727Setting this variable needs setting 728.Va ipfilter_enable 729or 730.Va ipnat_enable 731too. 732See 733.Va ipfilter_enable 734for a detailed discussion. 735.\" ----- ipmon_program setting --------------------------------- 736.It Va ipmon_program 737.Pq Vt str 738Path to 739.Xr ipmon 8 740(default 741.Pa /sbin/ipmon ) . 742.\" ----- ipmon_flags setting ----------------------------------- 743.It Va ipmon_flags 744.Pq Vt str 745Set to 746.Dq Li -Ds 747by default. 748This variable contains flags passed to the 749.Xr ipmon 8 750program. 751Another typical example would be 752.Dq Fl D Pa /var/log/ipflog 753to have 754.Xr ipmon 8 755log directly to a file bypassing 756.Xr syslogd 8 . 757Make sure to adjust 758.Pa /etc/newsyslog.conf 759in such case like this: 760.Bd -literal 761/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 762.Ed 763.\" ----- ipfs_enable setting ----------------------------------- 764.It Va ipfs_enable 765.Pq Vt bool 766Set to 767.Dq Li NO 768by default. 769Set it to 770.Dq Li YES 771to enable 772.Xr ipfs 8 773saving the filter and NAT state tables during shutdown 774and reloading them during startup again. 775Setting this variable needs setting 776.Va ipfilter_enable 777or 778.Va ipnat_enable 779to 780.Dq Li YES 781too. 782See 783.Va ipfilter_enable 784for a detailed discussion. 785Note that if 786.Va kern_securelevel 787is set to 3, 788.Va ipfs_enable 789cannot be used 790because the raised securelevel will prevent 791.Xr ipfs 8 792from saving the state tables at shutdown time. 793.\" ----- ipfs_program setting ---------------------------------- 794.It Va ipfs_program 795.Pq Vt str 796Path to 797.Xr ipfs 8 798(default 799.Pa /sbin/ipfs ) . 800.\" ----- ipfs_flags setting ------------------------------------ 801.It Va ipfs_flags 802.Pq Vt str 803Empty by default. 804This variable contains flags passed to the 805.Xr ipfs 8 806program. 807.\" ----- end of added ipf hook --------------------------------- 808.It Va pf_enable 809.Pq Vt bool 810Set to 811.Dq Li NO 812by default. 813Setting this to 814.Dq Li YES 815enables 816.Xr pf 4 817packet filtering. 818.Pp 819Typical usage will require putting 820.Pp 821.Dl pf_enable="YES" 822.Pp 823into 824.Pa /etc/rc.conf 825and editing 826.Pa /etc/pf.conf 827appropriately. 828Adding 829.Pp 830.Dl "device pf" 831.Pp 832builds support for 833.Xr pf 4 834into the kernel, otherwise the 835kernel module will be loaded. 836.It Va pf_rules 837.Pq Vt str 838Path to 839.Xr pf 4 840ruleset configuration file 841(default 842.Pa /etc/pf.conf ) . 843.It Va pf_program 844.Pq Vt str 845Path to 846.Xr pfctl 8 847(default 848.Pa /sbin/pfctl ) . 849.It Va pf_flags 850.Pq Vt str 851If 852.Va pf_enable 853is set to 854.Dq Li YES , 855these flags are passed to the 856.Xr pfctl 8 857program when loading the ruleset. 858.It Va pflog_enable 859.Pq Vt bool 860Set to 861.Dq Li NO 862by default. 863Setting this to 864.Dq Li YES 865enables 866.Xr pflogd 8 867which logs packets from the 868.Xr pf 4 869packet filter. 870.It Va pflog_logfile 871.Pq Vt str 872If 873.Va pflog_enable 874is set to 875.Dq Li YES 876this controls where 877.Xr pflogd 8 878stores the logfile 879(default 880.Pa /var/log/pflog ) . 881Check 882.Pa /etc/newsyslog.conf 883to adjust logfile rotation for this. 884.It Va pflog_program 885.Pq Vt str 886Path to 887.Xr pflogd 8 888(default 889.Pa /sbin/pflogd ) . 890.It Va pflog_flags 891.Pq Vt str 892Empty by default. 893This variable contains additional flags passed to the 894.Xr pflogd 8 895program. 896.It Va ftpproxy_enable 897.Pq Vt bool 898Set to 899.Dq Li NO 900by default. 901Setting this to 902.Dq Li YES 903enables 904.Xr ftp-proxy 8 905which supports the 906.Xr pf 4 907packet filter in translating ftp connections. 908.It Va ftpproxy_flags 909.Pq Vt str 910Empty by default. 911This variable contains additional flags passed to the 912.Xr ftp-proxy 8 913program. 914.It Va pfsync_enable 915.Pq Vt bool 916Set to 917.Dq Li NO 918by default. 919Setting this to 920.Dq Li YES 921enables exposing 922.Xr pf 4 923state changes to other hosts over the network by means of 924.Xr pfsync 4 . 925The 926.Va pfsync_syncdev 927variable 928must also be set then. 929.It Va pfsync_syncdev 930.Pq Vt str 931Empty by default. 932This variable specifies the name of the network interface 933.Xr pfsync 4 934should operate through. 935It must be set accordingly if 936.Va pfsync_enable 937is set to 938.Dq Li YES . 939.It Va pfsync_syncpeer 940.Pq Vt str 941Empty by default. 942This variable is optional. 943By default, state change messages are sent out on the synchronisation 944interface using IP multicast packets. 945The protocol is IP protocol 240, PFSYNC, and the multicast group used is 946224.0.0.240. 947When a peer address is specified using the 948.Va pfsync_syncpeer 949option, the peer address is used as a destination for the pfsync 950traffic, and the traffic can then be protected using 951.Xr ipsec 4 . 952See the 953.Xr pfsync 4 954manpage for more details about using 955.Xr ipsec 4 956with 957.Xr pfsync 4 958interfaces. 959.It Va pfsync_ifconfig 960.Pq Vt str 961Empty by default. 962This variable can contain additional options to be passed to the 963.Xr ifconfig 8 964command used to set up 965.Xr pfsync 4 . 966.It Va tcp_extensions 967.Pq Vt bool 968Set to 969.Dq Li YES 970by default. 971Setting this to 972.Dq Li NO 973disables certain TCP options as described by 974.Rs 975.%T "RFC 1323" 976.Re 977Setting this to 978.Dq Li NO 979might help remedy such problems with connections as randomly hanging 980or other weird behavior. 981Some network devices are known 982to be broken with respect to these options. 983.It Va log_in_vain 984.Pq Vt int 985Set to 0 by default. 986The 987.Xr sysctl 8 988variables, 989.Va net.inet.tcp.log_in_vain 990and 991.Va net.inet.udp.log_in_vain , 992as described in 993.Xr tcp 4 994and 995.Xr udp 4 , 996are set to the given value. 997.It Va tcp_keepalive 998.Pq Vt bool 999Set to 1000.Dq Li YES 1001by default. 1002Setting to 1003.Dq Li NO 1004will disable probing idle TCP connections to verify that the 1005peer is still up and reachable. 1006.It Va tcp_drop_synfin 1007.Pq Vt bool 1008Set to 1009.Dq Li NO 1010by default. 1011Setting to 1012.Dq Li YES 1013will cause the kernel to ignore TCP frames that have both 1014the SYN and FIN flags set. 1015This prevents OS fingerprinting, but may 1016break some legitimate applications. 1017.It Va icmp_drop_redirect 1018.Pq Vt bool 1019Set to 1020.Dq Li NO 1021by default. 1022Setting to 1023.Dq Li YES 1024will cause the kernel to ignore ICMP REDIRECT packets. 1025Refer to 1026.Xr icmp 4 1027for more information. 1028.It Va icmp_log_redirect 1029.Pq Vt bool 1030Set to 1031.Dq Li NO 1032by default. 1033Setting to 1034.Dq Li YES 1035will cause the kernel to log ICMP REDIRECT packets. 1036Note that 1037the log messages are not rate-limited, so this option should only be used 1038for troubleshooting networks. 1039Refer to 1040.Xr icmp 4 1041for more information. 1042.It Va icmp_bmcastecho 1043.Pq Vt bool 1044Set to 1045.Dq Li YES 1046to respond to broadcast or multicast ICMP ping packets. 1047Refer to 1048.Xr icmp 4 1049for more information. 1050.It Va ip_portrange_first 1051.Pq Vt int 1052If not set to 1053.Dq Li NO , 1054this is the first port in the default portrange. 1055Refer to 1056.Xr ip 4 1057for more information. 1058.It Va ip_portrange_last 1059.Pq Vt int 1060If not set to 1061.Dq Li NO , 1062this is the last port in the default portrange. 1063Refer to 1064.Xr ip 4 1065for more information. 1066.It Va network_interfaces 1067.Pq Vt str 1068Set to the list of network interfaces to configure on this host or 1069.Dq Li AUTO 1070(the default) for all current interfaces. 1071Setting the 1072.Va network_interfaces 1073variable to anything other than the default is deprecated. 1074Interfaces that the administrator wishes to store configuration for, 1075but not start at boot should be configured with the 1076.Dq Li NOAUTO 1077keyword in their 1078.Va ifconfig_ Ns Aq Ar interface 1079variables as described below. 1080.Pp 1081An 1082.Va ifconfig_ Ns Aq Ar interface 1083variable is also assumed to exist for each value of 1084.Ar interface . 1085When an interface name contains any of the characters 1086.Dq Li .-/+ 1087they are translated to 1088.Dq Li _ 1089before lookup. 1090The variable can contain arguments to 1091.Xr ifconfig 8 , 1092as well as special case-insensitive keywords described below. 1093Such keywords are removed before passing the value to 1094.Xr ifconfig 8 1095while the order of the other arguments is preserved. 1096.Pp 1097One can configure more than one IPv4 address with the 1098.Va ipv4_addrs_ Ns Aq Ar interface 1099variable. 1100One or more IP addresses must be provided in Classless Inter-Domain 1101Routing (CIDR) address notation, whose last byte can be a range like 1102192.0.2.5-23/24. 1103In this case the address 192.0.2.5 will be configured with the 1104netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1105the non-conflicting netmask /32 as explained in the 1106.Xr ifconfig 8 1107alias section. 1108With the interface in question being 1109.Li ed0 , 1110an example could look like: 1111.Bd -literal 1112ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1113.Ed 1114.Pp 1115It is also possible to add IP alias entries using 1116.Xr ifconfig 8 1117syntax with the 1118.Dq Li inet 1119keyword. 1120Assuming that the interface in question was 1121.Li ed0 , 1122it might look 1123something like this: 1124.Bd -literal 1125ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1126ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1127.Ed 1128.Pp 1129And so on. 1130For each 1131.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1132entry with the 1133.Dq Li inet 1134keyword that is found, 1135its contents are passed to 1136.Xr ifconfig 8 . 1137Execution stops at the first unsuccessful access, so if 1138something like this is present: 1139.Bd -literal 1140ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1141ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1142ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1143ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1144.Ed 1145.Pp 1146Then note that alias4 would 1147.Em not 1148be added since the search would 1149stop with the missing 1150.Dq Li alias3 1151entry. 1152Due to this difficult to manage behavior, the 1153.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1154form is deprecated. 1155.Pp 1156If the 1157.Pa /etc/start_if. Ns Aq Ar interface 1158file is present, it is read and executed by the 1159.Xr sh 1 1160interpreter 1161before configuring the interface as specified in the 1162.Va ifconfig_ Ns Aq Ar interface 1163and 1164.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1165variables. 1166.Pp 1167If a 1168.Va vlans_ Ns Aq Ar interface 1169variable is set, 1170a 1171.Xr vlan 4 1172interface will be created for each item in the list with the 1173.Ar vlandev 1174argument set to 1175.Ar interface . 1176If a vlan interface's name is a number, 1177then that number is used as the vlan tag and the new vlan interface is 1178named 1179.Ar interface . Ns Ar tag . 1180Otherwise, 1181the vlan tag must be specified via a 1182.Va vlan 1183parameter in the 1184.Va create_args_ Ns Aq Ar interface 1185variable. 1186.Pp 1187To create a vlan device named 1188.Li em0.101 1189on 1190.Li em0 1191with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1192.Bd -literal 1193vlans_em0="101" 1194ifconfig_em0_101="inet 192.0.2.1/24" 1195.Ed 1196.Pp 1197To create a vlan device named 1198.Li myvlan 1199on 1200.Li em0 1201with the vlan tag 102: 1202.Bd -literal 1203vlans_em0="myvlan" 1204create_args_myvlan="vlan 102" 1205.Ed 1206.Pp 1207If a 1208.Va wlans_ Ns Aq Ar interface 1209variable is set, 1210an 1211.Xr wlan 4 1212interface will be created for each item in the list with the 1213.Ar wlandev 1214argument set to 1215.Ar interface . 1216Further wlan cloning arguments may be passed to the 1217.Xr ifconfig 8 1218.Cm create 1219command by setting the 1220.Va create_args_ Ns Aq Ar interface 1221variable. 1222One or more 1223.Xr wlan 4 1224devices must be created for each wireless devices as of 1225.Fx 8.0 . 1226Debugging flags for 1227.Xr wlan 4 1228devices as set by 1229.Xr wlandebug 8 1230may be specified with an 1231.Va wlandebug_ Ns Aq Ar interface 1232variable. 1233The contents of this variable will be passed directly to 1234.Xr wlandebug 8 . 1235.Pp 1236If the 1237.Va ifconfig_ Ns Aq Ar interface 1238contains the keyword 1239.Dq Li NOAUTO 1240then the interface will not be configured 1241at boot or by 1242.Pa /etc/pccard_ether 1243when 1244.Va network_interfaces 1245is set to 1246.Dq Li AUTO . 1247.Pp 1248It is possible to bring up an interface with DHCP by adding 1249.Dq Li DHCP 1250to the 1251.Va ifconfig_ Ns Aq Ar interface 1252variable. 1253For instance, to initialize the 1254.Li ed0 1255device via DHCP, 1256it is possible to use something like: 1257.Bd -literal 1258ifconfig_ed0="DHCP" 1259.Ed 1260.Pp 1261Also, if you want to configure your wireless interface with 1262.Xr wpa_supplicant 8 1263for use with WPA, EAP/LEAP or WEP, you need to add 1264.Dq Li WPA 1265to the 1266.Va ifconfig_ Ns Aq Ar interface 1267variable. 1268.Pp 1269Finally, you can add 1270.Xr ifconfig 8 1271options in this variable, in addition to the 1272.Pa /etc/start_if. Ns Aq Ar interface 1273file. 1274For instance, to configure an 1275.Xr ath 4 1276wireless device in station mode with an address obtained 1277via DHCP, using WPA authentication and 802.11b mode, it is 1278possible to use something like: 1279.Bd -literal 1280wlans_ath0="wlan0" 1281ifconfig_wlan0="DHCP WPA mode 11b" 1282.Ed 1283.Pp 1284In addition to the 1285.Va ifconfig_ Ns Aq Ar interface 1286form, a fallback variable 1287.Va ifconfig_DEFAULT 1288may be configured. 1289It will be used for all interfaces with no 1290.Va ifconfig_ Ns Aq Ar interface 1291variable. 1292This is intended to replace the no longer supported 1293.Va pccard_ifconfig 1294variable. 1295.Pp 1296It is also possible to rename an interface by doing: 1297.Bd -literal 1298ifconfig_ed0_name="net0" 1299ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1300.Ed 1301.It Va ipv6_enable 1302.Pq Vt bool 1303This variable is deprecated. 1304Use 1305.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1306and 1307.Va ipv6_activate_all_interfaces 1308if necessary. 1309.Pp 1310If the variable is 1311.Dq Li YES , 1312.Dq Li inet6 accept_rtadv 1313is added to all of 1314.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1315and the 1316.Va ipv6_activate_all_interfaces 1317is defined as 1318.Dq Li YES . 1319.It Va ipv6_prefer 1320.Pq Vt bool 1321This variable is deprecated. 1322Use 1323.Va ip6addrctl_policy 1324instead. 1325.Pp 1326If the variable is 1327.Dq Li YES , 1328the default address selection policy table set by 1329.Xr ip6addrctl 8 1330will be IPv6-preferred. 1331.Pp 1332If the variable is 1333.Dq Li NO , 1334the default address selection policy table set by 1335.Xr ip6addrctl 8 1336will be IPv4-preferred. 1337.It Va ipv6_activate_all_interfaces 1338.Pq Vt bool 1339This controls initial configuration on IPv6-capable 1340interfaces with no corresponding 1341.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1342variable. 1343Note that it is not always necessary to set this variable to 1344.Dq YES 1345to use IPv6 functionality on 1346.Fx . 1347In most cases, just configuring 1348.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1349variables works. 1350.Pp 1351If the variable is 1352.Dq Li NO , 1353all interfaces which do not have a corresponding 1354.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1355variable will be marked as 1356.Dq Li IFDISABLED 1357at creation. 1358This means that all of IPv6 functionality on that interface 1359is completely disabled to enforce a security policy. 1360If the variable is set to 1361.Dq YES , 1362the flag will be cleared on all of the interfaces. 1363.Pp 1364In most cases, just defining an 1365.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1366for an IPv6-capable interface should be sufficient. 1367However, if an interface is added dynamically 1368.Pq by some tunneling protocols such as PPP, for example , 1369it is often difficult to define the variable in advance. 1370In such a case, configuring the 1371.Dq Li IFDISABLED 1372flag can be disabled by setting this variable to 1373.Dq YES . 1374.Pp 1375For more details of the 1376.Dq Li IFDISABLED 1377flag and keywords 1378.Dq Li inet6 ifdisabled , 1379see 1380.Xr ifconfig 8 . 1381.Pp 1382Default is 1383.Dq Li NO . 1384.It Va ipv6_privacy 1385.Pq Vt bool 1386If the variable is 1387.Dq Li YES 1388privacy addresses will be generated for each IPv6 1389interface as described in RFC 4941. 1390.It Va ipv6_network_interfaces 1391.Pq Vt str 1392This is the IPv6 equivalent of 1393.Va network_interfaces . 1394Normally manual configuration of this variable is not needed. 1395.Pp 1396.It Va ipv6_cpe_wanif 1397.Pq Vt str 1398If the variable is set to an interface name, 1399the 1400.Xr ifconfig 8 1401options 1402.Dq inet6 -no_radr accept_rtadv 1403will be added to the specified interface automatically before evaluating 1404.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1405and two 1406.Xr sysctl 8 1407variables 1408.Va net.inet6.ip6.rfc6204w3 1409and 1410.Va net.inet6.ip6.no_radr 1411will be set to 1. 1412.Pp 1413This means the specified interface will accept ICMPv6 Router 1414Advertisement messages on that link and add the discovered 1415routers into the Default Router List. 1416While the other interfaces can still accept RA messages if the 1417.Dq inet6 accept_rtadv 1418option is specified, adding 1419routes into the Default Router List will be disabled by 1420.Dq inet6 no_radr 1421option by default. 1422See 1423.Xr ifconfig 8 1424for more details. 1425.Pp 1426Note that ICMPv6 Router Advertisement messages will be 1427accepted even when 1428.Va net.inet6.ip6.forwarding 1429is 1 1430.Pq packet forwarding is enabled 1431when 1432.Va net.inet6.ip6.rfc6204w3 1433is set to 1. 1434.Pp 1435Default is 1436.Dq Li NO . 1437.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1438.Pq Vt str 1439IPv6 functionality on an interface should be configured by 1440.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1441instead of setting ifconfig parameters in 1442.Va ifconfig_ Ns Aq Ar interface . 1443If this variable is empty, all of IPv6 configurations on the 1444specified interface by other variables such as 1445.Va ipv6_prefix_ Ns Ao Ar interface Ac 1446will be ignored. 1447.Pp 1448Aliases should be set by 1449.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1450with 1451.Dq Li inet6 1452keyword. 1453For example: 1454.Bd -literal 1455ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1456ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1457.Ed 1458.Pp 1459Interfaces that have an 1460.Dq Li inet6 accept_rtadv 1461keyword in 1462.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1463setting will be automatically configured by SLAAC 1464.Pq StateLess Address AutoConfiguration 1465described in 1466.Rs 1467.%T "RFC 4862" 1468.Re 1469.Pp 1470Note that a link-local address will be automatically configured in 1471addition to the configured global-scope addresses because the IPv6 1472specifications require it on each link. 1473The address is calculated from the MAC address by using an algorithm 1474defined in 1475.Rs 1476.%T "RFC 4862" 1477.%O "Section 5.3" 1478.Re 1479.Pp 1480If only a link-local address is needed on the interface, 1481the following configuration can be used: 1482.Bd -literal 1483ifconfig_ed0_ipv6="inet6 auto_linklocal" 1484.Ed 1485.Pp 1486A link-local address can also be configured manually. 1487This is useful for the default router address of an IPv6 router 1488so that it does not change when the network interface 1489card is replaced. 1490For example: 1491.Bd -literal 1492ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1493.Ed 1494.It Va ipv6_prefix_ Ns Aq Ar interface 1495.Pq Vt str 1496If one or more prefixes are defined in 1497.Va ipv6_prefix_ Ns Aq Ar interface 1498addresses based on each prefix and the EUI-64 interface index will be 1499configured on that interface. 1500Note that this variable will be ignored when 1501.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1502is empty. 1503.Pp 1504For example, the following configuration 1505.Bd -literal 1506ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1507.Ed 1508.Pp 1509is equivalent to the following: 1510.Bd -literal 1511ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1512ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1513ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1514ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1515.Ed 1516.Pp 1517These Subnet-Router anycast addresses will be added only when 1518.Va ipv6_gateway_enable 1519is YES. 1520.It Va ipv6_default_interface 1521.Pq Vt str 1522If not set to 1523.Dq Li NO , 1524this is the default output interface for scoped addresses. 1525This works only with ipv6_gateway_enable="NO". 1526.It Va ip6addrctl_enable 1527.Pq Vt bool 1528This variable is to enable configuring default address selection policy table 1529.Pq RFC 3484 . 1530The table can be specified in another variable 1531.Va ip6addrctl_policy . 1532For 1533.Va ip6addrctl_policy 1534the following keywords can be specified: 1535.Dq Li ipv4_prefer , 1536.Dq Li ipv6_prefer , 1537or 1538.Dq Li AUTO . 1539.Pp 1540If 1541.Dq Li ipv4_prefer 1542or 1543.Dq Li ipv6_prefer 1544is specified, 1545.Xr ip6addrctl 8 1546installs a pre-defined policy table described in Section 2.1 1547.Pq IPv6-preferred 1548or 10.3 1549.Pq IPv4-preferred 1550of RFC 3484. 1551.Pp 1552If 1553.Dq Li AUTO 1554is specified, it attempts to read a file 1555.Pa /etc/ip6addrctl.conf 1556first. 1557If this file is found, 1558.Xr ip6addrctl 8 1559reads and installs it. 1560If not found, a policy is automatically set 1561according to 1562.Va ipv6_activate_all_interfaces 1563variable; if the variable is set to 1564.Dq Li YES 1565the IPv6-preferred one is used. 1566Otherwise IPv4-preferred. 1567.Pp 1568The default value of 1569.Va ip6addrctl_enable 1570and 1571.Va ip6addrctl_policy 1572are 1573.Dq Li YES 1574and 1575.Dq Li AUTO , 1576respectively. 1577.It Va cloned_interfaces 1578.Pq Vt str 1579Set to the list of clonable network interfaces to create on this host. 1580Further cloning arguments may be passed to the 1581.Xr ifconfig 8 1582.Cm create 1583command for each interface by setting the 1584.Va create_args_ Ns Aq Ar interface 1585variable. 1586Entries in 1587.Va cloned_interfaces 1588are automatically appended to 1589.Va network_interfaces 1590for configuration. 1591.It Va fec_interfaces 1592.Pq Vt str 1593Set to the list of 1594.Xr ng_fec 4 1595Fast EtherChannel interfaces to configure on this host. 1596A 1597.Va fecconfig_ Ns Aq Ar interface 1598variable is assumed to exist for each value of 1599.Ar interface . 1600The value of this variable is used to configure link aggregated interfaces 1601according to the syntax of the 1602.Cm NGM_FEC_ADD_IFACE 1603to 1604.Xr ngctl 8 1605msg. 1606Additionally, this option ensures that each listed interface is created 1607via the 1608.Cm mkpeer 1609command to 1610.Xr ngctl 8 1611before attempting to configure it. 1612For example: 1613.Bd -literal 1614fec_interfaces="fec0" 1615fecconfig_fec0="em0 em1" 1616ifconfig_fec0="DHCP" 1617.Ed 1618.It Va gif_interfaces 1619.Pq Vt str 1620Set to the list of 1621.Xr gif 4 1622tunnel interfaces to configure on this host. 1623A 1624.Va gifconfig_ Ns Aq Ar interface 1625variable is assumed to exist for each value of 1626.Ar interface . 1627The value of this variable is used to configure the link layer of the 1628tunnel according to the syntax of the 1629.Cm tunnel 1630option to 1631.Xr ifconfig 8 . 1632Additionally, this option ensures that each listed interface is created 1633via the 1634.Cm create 1635option to 1636.Xr ifconfig 8 1637before attempting to configure it. 1638.It Va sppp_interfaces 1639.Pq Vt str 1640Set to the list of 1641.Xr sppp 4 1642interfaces to configure on this host. 1643A 1644.Va spppconfig_ Ns Aq Ar interface 1645variable is assumed to exist for each value of 1646.Ar interface . 1647Each interface should also be configured by a general 1648.Va ifconfig_ Ns Aq Ar interface 1649setting. 1650Refer to 1651.Xr spppcontrol 8 1652for more information about available options. 1653.It Va ppp_enable 1654.Pq Vt bool 1655If set to 1656.Dq Li YES , 1657run the 1658.Xr ppp 8 1659daemon. 1660.It Va ppp_profile 1661.Pq Vt str 1662The name of the profile to use from 1663.Pa /etc/ppp/ppp.conf . 1664Also used for per-profile overrides of 1665.Va ppp_mode 1666and 1667.Va ppp_nat , 1668and 1669.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1670When the profile name contains any of the characters 1671.Dq Li .-/+ 1672they are translated to 1673.Dq Li _ 1674for the proposes of the override variable names. 1675.It Va ppp_mode 1676.Pq Vt str 1677Mode in which to run the 1678.Xr ppp 8 1679daemon. 1680.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1681.Pq Vt str 1682Overrides the global 1683.Va ppp_mode 1684for 1685.Ar profile . 1686Accepted modes are 1687.Dq Li auto , 1688.Dq Li ddial , 1689.Dq Li direct 1690and 1691.Dq Li dedicated . 1692See the manual for a full description. 1693.It Va ppp_nat 1694.Pq Vt bool 1695If set to 1696.Dq Li YES , 1697enables network address translation. 1698Used in conjunction with 1699.Va gateway_enable 1700allows hosts on private network addresses access to the Internet using 1701this host as a network address translating router. 1702.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1703.Pq Vt str 1704Overrides the global 1705.Va ppp_nat 1706for 1707.Ar profile . 1708.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1709.Pq Vt int 1710Set the unit number to be used for this profile. 1711See the manual description of 1712.Fl unit Ns Ar N 1713for details. 1714.It Va ppp_user 1715.Pq Vt str 1716The name of the user under which 1717.Xr ppp 8 1718should be started. 1719By 1720default, 1721.Xr ppp 8 1722is started as 1723.Dq Li root . 1724.It Va rc_conf_files 1725.Pq Vt str 1726This option is used to specify a list of files that will override 1727the settings in 1728.Pa /etc/defaults/rc.conf . 1729The files will be read in the order in which they are specified and should 1730include the full path to the file. 1731By default, the files specified are 1732.Pa /etc/rc.conf 1733and 1734.Pa /etc/rc.conf.local 1735.It Va zfs_enable 1736.Pq Vt bool 1737If set to 1738.Dq Li YES , 1739.Pa /etc/rc.d/zfs 1740will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1741(ZVOLs). 1742.It Va gptboot_enable 1743.Pq Vt bool 1744If set to 1745.Dq Li YES , 1746.Pa /etc/rc.d/gptboot 1747will log if the system successfully (or not) booted from a GPT partition, 1748which had the 1749.Ar bootonce 1750attribute set using 1751.Xr gpart 8 1752utility. 1753.It Va gbde_autoattach_all 1754.Pq Vt bool 1755If set to 1756.Dq Li YES , 1757.Pa /etc/rc.d/gbde 1758will attempt to automatically initialize your .bde devices in 1759.Pa /etc/fstab . 1760.It Va gbde_devices 1761.Pq Vt str 1762List the devices that the script should try to attach, 1763or 1764.Dq Li AUTO . 1765.It Va gbde_lockdir 1766.Pq Vt str 1767The directory where the 1768.Xr gbde 4 1769lockfiles are located. 1770The default lockfile directory is 1771.Pa /etc . 1772.Pp 1773The lockfile for each individual 1774.Xr gbde 4 1775device can be overridden by setting the variable 1776.Va gbde_lock_ Ns Aq Ar device , 1777where 1778.Ar device 1779is the encrypted device without the 1780.Dq Pa /dev/ 1781and 1782.Dq Pa .bde 1783parts. 1784.It Va gbde_attach_attempts 1785.Pq Vt int 1786Number of times to attempt attaching to a 1787.Xr gbde 4 1788device, i.e., how many times the user is asked for the pass-phrase. 1789Default is 3. 1790.It Va geli_devices 1791.Pq Vt str 1792List of devices to automatically attach on boot. 1793Note that .eli devices from 1794.Pa /etc/fstab 1795are automatically appended to this list. 1796.It Va geli_tries 1797.Pq Vt int 1798Number of times user is asked for the pass-phrase. 1799If empty, it will be taken from 1800.Va kern.geom.eli.tries 1801sysctl variable. 1802.It Va geli_default_flags 1803.Pq Vt str 1804Default flags to use by 1805.Xr geli 8 1806when configuring disk encryption. 1807Flags can be configured for every device separately by defining 1808.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1809variable. 1810.It Va geli_autodetach 1811.Pq Vt str 1812Specifies if GELI devices should be marked for detach on last close after 1813file systems are mounted. 1814Default is 1815.Dq Li YES . 1816This can be changed for every device separately by defining 1817.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1818variable. 1819.It Va geli_swap_flags 1820Options passed to the 1821.Xr geli 8 1822utility when encrypted GEOM providers for swap partitions are created. 1823The default is 1824.Dq Li "-e aes -l 256 -s 4096 -d" . 1825.It Va root_rw_mount 1826.Pq Vt bool 1827Set to 1828.Dq Li YES 1829by default. 1830After the file systems are checked at boot time, the root file system 1831is remounted as read-write if this is set to 1832.Dq Li YES . 1833Diskless systems that mount their root file system from a read-only remote 1834NFS share should set this to 1835.Dq Li NO 1836in their 1837.Pa rc.conf . 1838.It Va fsck_y_enable 1839.Pq Vt bool 1840If set to 1841.Dq Li YES , 1842.Xr fsck 8 1843will be run with the 1844.Fl y 1845flag if the initial preen 1846of the file systems fails. 1847.It Va background_fsck 1848.Pq Vt bool 1849If set to 1850.Dq Li YES , 1851the system will attempt to run 1852.Xr fsck 8 1853in the background where possible. 1854.It Va background_fsck_delay 1855.Pq Vt int 1856The amount of time in seconds to sleep before starting a background 1857.Xr fsck 8 . 1858It defaults to sixty seconds to allow large applications such as 1859the X server to start before disk I/O bandwidth is monopolized by 1860.Xr fsck 8 . 1861If set to a negative number, the background file system check will be 1862delayed indefinitely to allow the administrator to run it at a more 1863convenient time. 1864For example it may be run from 1865.Xr cron 8 1866by adding a line like 1867.Pp 1868.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1869.Pp 1870to 1871.Pa /etc/crontab . 1872.It Va netfs_types 1873.Pq Vt str 1874List of file system types that are network-based. 1875This list should generally not be modified by end users. 1876Use 1877.Va extra_netfs_types 1878instead. 1879.It Va extra_netfs_types 1880.Pq Vt str 1881If set to something other than 1882.Dq Li NO 1883(the default), 1884this variable extends the list of file system types 1885for which automatic mounting at startup by 1886.Xr rc 8 1887should be delayed until the network is initialized. 1888It should contain 1889a whitespace-separated list of network file system descriptor pairs, 1890each consisting of a file system type as passed to 1891.Xr mount 8 1892and a human-readable, one-word description, 1893joined with a colon 1894.Pq Ql \&: . 1895Extending the default list in this way is only necessary 1896when third party file system types are used. 1897.It Va syslogd_enable 1898.Pq Vt bool 1899If set to 1900.Dq Li YES , 1901run the 1902.Xr syslogd 8 1903daemon. 1904.It Va syslogd_program 1905.Pq Vt str 1906Path to 1907.Xr syslogd 8 1908(default 1909.Pa /usr/sbin/syslogd ) . 1910.It Va syslogd_flags 1911.Pq Vt str 1912If 1913.Va syslogd_enable 1914is set to 1915.Dq Li YES , 1916these are the flags to pass to 1917.Xr syslogd 8 . 1918.It Va inetd_enable 1919.Pq Vt bool 1920If set to 1921.Dq Li YES , 1922run the 1923.Xr inetd 8 1924daemon. 1925.It Va inetd_program 1926.Pq Vt str 1927Path to 1928.Xr inetd 8 1929(default 1930.Pa /usr/sbin/inetd ) . 1931.It Va inetd_flags 1932.Pq Vt str 1933If 1934.Va inetd_enable 1935is set to 1936.Dq Li YES , 1937these are the flags to pass to 1938.Xr inetd 8 . 1939.It Va hastd_enable 1940.Pq Vt bool 1941If set to 1942.Dq Li YES , 1943run the 1944.Xr hastd 8 1945daemon. 1946.It Va hastd_program 1947.Pq Vt str 1948Path to 1949.Xr hastd 8 1950(default 1951.Pa /sbin/hastd ) . 1952.It Va hastd_flags 1953.Pq Vt str 1954If 1955.Va hastd_enable 1956is set to 1957.Dq Li YES , 1958these are the flags to pass to 1959.Xr hastd 8 . 1960.It Va named_enable 1961.Pq Vt bool 1962If set to 1963.Dq Li YES , 1964run the 1965.Xr named 8 1966daemon. 1967.It Va named_program 1968.Pq Vt str 1969Path to 1970.Xr named 8 1971(default 1972.Pa /usr/sbin/named ) . 1973.It Va named_conf 1974.Pq Vt str 1975Path to 1976.Xr named 8 1977configuration file, (default 1978.Pa /etc/namedb/named.conf ) . 1979.It Va named_flags 1980.Pq Vt str 1981If 1982.Va named_enable 1983is set to 1984.Dq Li YES , 1985these are the flags to pass to 1986.Xr named 8 . 1987.It Va named_uid 1988.Pq Vt str 1989The user that the 1990.Xr named 8 1991process should be run as. 1992.It Va named_chrootdir 1993.Pq Vt str 1994The root directory for a name server run in a 1995.Xr chroot 8 1996environment (default 1997.Pa /var/named ) . 1998If left empty 1999.Xr named 8 2000will not be run in a 2001.Xr chroot 8 2002environment. 2003.It Va named_chroot_autoupdate 2004.Pq Vt bool 2005Set to 2006.Dq Li NO 2007to disable automatic update of the 2008.Xr chroot 8 2009environment. 2010.It Va named_symlink_enable 2011.Pq Vt bool 2012Set to 2013.Dq Li NO 2014to disable symlinking of 2015daemon's PID file 2016into the 2017.Xr chroot 8 2018environment. 2019.It Va named_wait 2020.Pq Vt bool 2021Set to have 2022.Pa /etc/rc.d/named 2023loop until working name service is established. 2024.It Va named_wait_host 2025.Pq Vt str 2026Name of host to lookup for the named_wait option. 2027(Default localhost) 2028.It Va named_auto_forward 2029.Pq Vt bool 2030Set to enable automatic creation of a forwarder 2031configuration file derived from 2032.Pa /etc/resolv.conf . 2033.It Va named_auto_forward_only 2034.Pq Vt bool 2035Set to change the default forwarder configuration from 2036.Dq forward first 2037to 2038.Dq forward only . 2039.It Va kerberos5_server_enable 2040.Pq Vt bool 2041Set to 2042.Dq Li YES 2043to start a Kerberos 5 authentication server 2044at boot time. 2045.It Va kerberos5_server 2046.Pq Vt str 2047If 2048.Va kerberos5_server_enable 2049is set to 2050.Dq Li YES 2051this is the path to Kerberos 5 Authentication Server. 2052.It Va kerberos5_server_flags 2053.Pq Vt str 2054Empty by default. 2055This variable contains additional flags to be passed to the Kerberos 5 2056authentication server. 2057.It Va kadmind5_server_enable 2058.Pq Vt bool 2059Set to 2060.Dq Li YES 2061to start 2062.Xr kadmind 8 , 2063the Kerberos 5 Administration Daemon; set to 2064.Dq Li NO 2065on a slave server. 2066.It Va kadmind5_server 2067.Pq Vt str 2068If 2069.Va kadmind5_server_enable 2070is set to 2071.Dq Li YES 2072this is the path to Kerberos 5 Administration Daemon. 2073.It Va kpasswdd_server_enable 2074.Pq Vt bool 2075Set to 2076.Dq Li YES 2077to start 2078.Xr kpasswdd 8 , 2079the Kerberos 5 Password-Changing Daemon; set to 2080.Dq Li NO 2081on a slave server. 2082.It Va kpasswdd_server 2083.Pq Vt str 2084If 2085.Va kpasswdd_server_enable 2086is set to 2087.Dq Li YES 2088this is the path to Kerberos 5 Password-Changing Daemon. 2089.It Va kfd_enable 2090.Pq Vt bool 2091Set to 2092.Dq Li YES 2093to start 2094.Xr kfd 8 , 2095the Kerberos 5 ticket forwarding daemon, at the boot time. 2096.It Va kfd_program 2097.Pq Vt str 2098Path to 2099.Xr kfd 8 2100(default 2101.Pa /usr/libexec/kfd ) . 2102.It Va rwhod_enable 2103.Pq Vt bool 2104If set to 2105.Dq Li YES , 2106run the 2107.Xr rwhod 8 2108daemon at boot time. 2109.It Va rwhod_flags 2110.Pq Vt str 2111If 2112.Va rwhod_enable 2113is set to 2114.Dq Li YES , 2115these are the flags to pass to it. 2116.It Va amd_enable 2117.Pq Vt bool 2118If set to 2119.Dq Li YES , 2120run the 2121.Xr amd 8 2122daemon at boot time. 2123.It Va amd_flags 2124.Pq Vt str 2125If 2126.Va amd_enable 2127is set to 2128.Dq Li YES , 2129these are the flags to pass to it. 2130See the 2131.Xr amd 8 2132manpage for more information. 2133.It Va amd_map_program 2134.Pq Vt str 2135If set, 2136the specified program is run to get the list of 2137.Xr amd 8 2138maps. 2139For example, if the 2140.Xr amd 8 2141maps are stored in NIS, one can set this to 2142run 2143.Xr ypcat 1 2144to get a list of 2145.Xr amd 8 2146maps from the 2147.Pa amd.master 2148NIS map. 2149.It Va update_motd 2150.Pq Vt bool 2151If set to 2152.Dq Li YES , 2153.Pa /etc/motd 2154will be updated at boot time to reflect the kernel release 2155being run. 2156If set to 2157.Dq Li NO , 2158.Pa /etc/motd 2159will not be updated. 2160.It Va nfs_client_enable 2161.Pq Vt bool 2162If set to 2163.Dq Li YES , 2164run the NFS client daemons at boot time. 2165.It Va nfs_access_cache 2166.Pq Vt int 2167If 2168.Va nfs_client_enable 2169is set to 2170.Dq Li YES , 2171this can be set to 2172.Dq Li 0 2173to disable NFS ACCESS RPC caching, or to the number of seconds for which 2174NFS ACCESS 2175results should be cached. 2176A value of 2-10 seconds will substantially reduce network 2177traffic for many NFS operations. 2178.It Va nfs_server_enable 2179.Pq Vt bool 2180If set to 2181.Dq Li YES , 2182run the NFS server daemons at boot time. 2183.It Va nfs_server_flags 2184.Pq Vt str 2185If 2186.Va nfs_server_enable 2187is set to 2188.Dq Li YES , 2189these are the flags to pass to the 2190.Xr nfsd 8 2191daemon. 2192.It Va nfsv4_server_enable 2193.Pq Vt bool 2194If 2195.Va nfs_server_enable 2196is set to 2197.Dq Li YES 2198and 2199.Va nfsv4_server_enable 2200are set to 2201.Dq Li YES , 2202enable the server for NFSv4 as well as NFSv2 and NFSv3. 2203.It Va nfsuserd_enable 2204.Pq Vt bool 2205If 2206.Va nfsuserd_enable 2207is set to 2208.Dq Li YES , 2209run the nfsuserd daemon, which is needed for NFSv4 in order 2210to map between user/group names vs uid/gid numbers. 2211If 2212.Va nfsv4_server_enable 2213is set to 2214.Dq Li YES , 2215this will be forced enabled. 2216.It Va nfsuserd_flags 2217.Pq Vt str 2218If 2219.Va nfsuserd_enable 2220is set to 2221.Dq Li YES , 2222these are the flags to pass to the 2223.Xr nfsuserd 8 2224daemon. 2225.It Va nfscbd_enable 2226.Pq Vt bool 2227If 2228.Va nfscbd_enable 2229is set to 2230.Dq Li YES , 2231run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2232.It Va nfscbd_flags 2233.Pq Vt str 2234If 2235.Va nfscbd_enable 2236is set to 2237.Dq Li YES , 2238these are the flags to pass to the 2239.Xr nfscbd 8 2240daemon. 2241.It Va oldnfs_server_enable 2242.Pq Vt bool 2243If 2244.Va oldnfs_server_enable 2245is set to 2246.Dq Li YES , 2247force the NFS server daemons to run the old NFS server code 2248that does not support NFSv4. 2249.It Va mountd_enable 2250.Pq Vt bool 2251If set to 2252.Dq Li YES , 2253and no 2254.Va nfs_server_enable 2255is set, start 2256.Xr mountd 8 , 2257but not 2258.Xr nfsd 8 2259daemon. 2260It is commonly needed to run CFS without real NFS used. 2261.It Va mountd_flags 2262.Pq Vt str 2263If 2264.Va mountd_enable 2265is set to 2266.Dq Li YES , 2267these are the flags to pass to the 2268.Xr mountd 8 2269daemon. 2270.It Va weak_mountd_authentication 2271.Pq Vt bool 2272If set to 2273.Dq Li YES , 2274allow services like PCNFSD to make non-privileged mount 2275requests. 2276.It Va nfs_reserved_port_only 2277.Pq Vt bool 2278If set to 2279.Dq Li YES , 2280provide NFS services only on a secure port. 2281.It Va nfs_bufpackets 2282.Pq Vt int 2283If set to a number, indicates the number of packets worth of 2284socket buffer space to reserve on an NFS client. 2285The kernel default is typically 4. 2286Using a higher number may be 2287useful on gigabit networks to improve performance. 2288The minimum value is 22892 and the maximum is 64. 2290.It Va rpc_lockd_enable 2291.Pq Vt bool 2292If set to 2293.Dq Li YES 2294and also an NFS server or client, run 2295.Xr rpc.lockd 8 2296at boot time. 2297.It Va rpc_lockd_flags 2298.Pq Vt str 2299If 2300.Va rpc_lockd_enable 2301is set to 2302.Dq Li YES , 2303these are the flags to pass to the 2304.Xr rpc.lockd 8 2305daemon. 2306.It Va rpc_statd_enable 2307.Pq Vt bool 2308If set to 2309.Dq Li YES 2310and also an NFS server or client, run 2311.Xr rpc.statd 8 2312at boot time. 2313.It Va rpc_statd_flags 2314.Pq Vt str 2315If 2316.Va rpc_statd_enable 2317is set to 2318.Dq Li YES , 2319these are the flags to pass to the 2320.Xr rpc.statd 8 2321daemon. 2322.It Va rpcbind_program 2323.Pq Vt str 2324Path to 2325.Xr rpcbind 8 2326(default 2327.Pa /usr/sbin/rpcbind ) . 2328.It Va rpcbind_enable 2329.Pq Vt bool 2330If set to 2331.Dq Li YES , 2332run the 2333.Xr rpcbind 8 2334service at boot time. 2335.It Va rpcbind_flags 2336.Pq Vt str 2337If 2338.Va rpcbind_enable 2339is set to 2340.Dq Li YES , 2341these are the flags to pass to the 2342.Xr rpcbind 8 2343daemon. 2344.It Va keyserv_enable 2345.Pq Vt bool 2346If set to 2347.Dq Li YES , 2348run the 2349.Xr keyserv 8 2350daemon on boot for running Secure RPC. 2351.It Va keyserv_flags 2352.Pq Vt str 2353If 2354.Va keyserv_enable 2355is set to 2356.Dq Li YES , 2357these are the flags to pass to 2358.Xr keyserv 8 2359daemon. 2360.It Va pppoed_enable 2361.Pq Vt bool 2362If set to 2363.Dq Li YES , 2364run the 2365.Xr pppoed 8 2366daemon at boot time to provide PPP over Ethernet services. 2367.It Va pppoed_ Ns Aq Ar provider 2368.Pq Vt str 2369.Xr pppoed 8 2370listens to requests to this 2371.Ar provider 2372and ultimately runs 2373.Xr ppp 8 2374with a 2375.Ar system 2376argument of the same name. 2377.It Va pppoed_flags 2378.Pq Vt str 2379Additional flags to pass to 2380.Xr pppoed 8 . 2381.It Va pppoed_interface 2382.Pq Vt str 2383The network interface to run 2384.Xr pppoed 8 2385on. 2386This is mandatory when 2387.Va pppoed_enable 2388is set to 2389.Dq Li YES . 2390.It Va timed_enable 2391.Pq Vt bool 2392If set to 2393.Dq Li YES , 2394run the 2395.Xr timed 8 2396service at boot time. 2397This command is intended for networks of 2398machines where a consistent 2399.Dq "network time" 2400for all hosts must be established. 2401This is often useful in large NFS 2402environments where time stamps on files are expected to be consistent 2403network-wide. 2404.It Va timed_flags 2405.Pq Vt str 2406If 2407.Va timed_enable 2408is set to 2409.Dq Li YES , 2410these are the flags to pass to the 2411.Xr timed 8 2412service. 2413.It Va ntpdate_enable 2414.Pq Vt bool 2415If set to 2416.Dq Li YES , 2417run 2418.Xr ntpdate 8 2419at system startup. 2420This command is intended to 2421synchronize the system clock only 2422.Em once 2423from some standard reference. 2424An option to set this up initially 2425(from a list of known servers) is also provided by the 2426.Xr sysinstall 8 2427program when the system is first installed. 2428.It Va ntpdate_config 2429.Pq Vt str 2430Configuration file for 2431.Xr ntpdate 8 . 2432Default 2433.Pa /etc/ntp.conf . 2434.It Va ntpdate_hosts 2435.Pq Vt str 2436A whitespace-separated list of NTP servers to synchronize with at startup. 2437The default is to use the servers listed in 2438.Va ntpdate_config , 2439if that file exists. 2440.It Va ntpdate_program 2441.Pq Vt str 2442Path to 2443.Xr ntpdate 8 2444(default 2445.Pa /usr/sbin/ntpdate ) . 2446.It Va ntpdate_flags 2447.Pq Vt str 2448If 2449.Va ntpdate_enable 2450is set to 2451.Dq Li YES , 2452these are the flags to pass to the 2453.Xr ntpdate 8 2454command (typically a hostname). 2455.It Va ntpd_enable 2456.Pq Vt bool 2457If set to 2458.Dq Li YES , 2459run the 2460.Xr ntpd 8 2461command at boot time. 2462.It Va ntpd_program 2463.Pq Vt str 2464Path to 2465.Xr ntpd 8 2466(default 2467.Pa /usr/sbin/ntpd ) . 2468.It Va ntpd_config 2469.Pq Vt str 2470Path to 2471.Xr ntpd 8 2472configuration file. 2473Default 2474.Pa /etc/ntp.conf . 2475.It Va ntpd_flags 2476.Pq Vt str 2477If 2478.Va ntpd_enable 2479is set to 2480.Dq Li YES , 2481these are the flags to pass to the 2482.Xr ntpd 8 2483daemon. 2484.It Va ntpd_sync_on_start 2485.Pq Vt bool 2486If set to 2487.Dq Li YES , 2488.Xr ntpd 8 2489is run with the 2490.Fl g 2491flag, which syncs the system's clock on startup. 2492See 2493.Xr ntpd 8 2494for more information regarding the 2495.Fl g 2496option. 2497This is a preferred alternative to using 2498.Xr ntpdate 8 2499or specifying the 2500.Va ntpdate_enable 2501variable. 2502.It Va nis_client_enable 2503.Pq Vt bool 2504If set to 2505.Dq Li YES , 2506run the 2507.Xr ypbind 8 2508service at system boot time. 2509.It Va nis_client_flags 2510.Pq Vt str 2511If 2512.Va nis_client_enable 2513is set to 2514.Dq Li YES , 2515these are the flags to pass to the 2516.Xr ypbind 8 2517service. 2518.It Va nis_ypset_enable 2519.Pq Vt bool 2520If set to 2521.Dq Li YES , 2522run the 2523.Xr ypset 8 2524daemon at system boot time. 2525.It Va nis_ypset_flags 2526.Pq Vt str 2527If 2528.Va nis_ypset_enable 2529is set to 2530.Dq Li YES , 2531these are the flags to pass to the 2532.Xr ypset 8 2533daemon. 2534.It Va nis_server_enable 2535.Pq Vt bool 2536If set to 2537.Dq Li YES , 2538run the 2539.Xr ypserv 8 2540daemon at system boot time. 2541.It Va nis_server_flags 2542.Pq Vt str 2543If 2544.Va nis_server_enable 2545is set to 2546.Dq Li YES , 2547these are the flags to pass to the 2548.Xr ypserv 8 2549daemon. 2550.It Va nis_ypxfrd_enable 2551.Pq Vt bool 2552If set to 2553.Dq Li YES , 2554run the 2555.Xr rpc.ypxfrd 8 2556daemon at system boot time. 2557.It Va nis_ypxfrd_flags 2558.Pq Vt str 2559If 2560.Va nis_ypxfrd_enable 2561is set to 2562.Dq Li YES , 2563these are the flags to pass to the 2564.Xr rpc.ypxfrd 8 2565daemon. 2566.It Va nis_yppasswdd_enable 2567.Pq Vt bool 2568If set to 2569.Dq Li YES , 2570run the 2571.Xr rpc.yppasswdd 8 2572daemon at system boot time. 2573.It Va nis_yppasswdd_flags 2574.Pq Vt str 2575If 2576.Va nis_yppasswdd_enable 2577is set to 2578.Dq Li YES , 2579these are the flags to pass to the 2580.Xr rpc.yppasswdd 8 2581daemon. 2582.It Va rpc_ypupdated_enable 2583.Pq Vt bool 2584If set to 2585.Dq Li YES , 2586run the 2587.Nm rpc.ypupdated 2588daemon at system boot time. 2589.It Va bsnmpd_enable 2590.Pq Vt bool 2591If set to 2592.Dq Li YES , 2593run the 2594.Xr bsnmpd 1 2595daemon at system boot time. 2596Be sure to understand the security implications of running SNMP daemon 2597on your host. 2598.It Va bsnmpd_flags 2599.Pq Vt str 2600If 2601.Va bsnmpd_enable 2602is set to 2603.Dq Li YES , 2604these are the flags to pass to the 2605.Xr bsnmpd 1 2606daemon. 2607.It Va defaultrouter 2608.Pq Vt str 2609If not set to 2610.Dq Li NO , 2611create a default route to this host name or IP address 2612(use an IP address if this router is also required to get to the 2613name server!). 2614.It Va ipv6_defaultrouter 2615.Pq Vt str 2616The IPv6 equivalent of 2617.Va defaultrouter . 2618.It Va static_arp_pairs 2619.Pq Vt str 2620Set to the list of static ARP pairs that are to be added at system 2621boot time. 2622For each whitespace separated 2623.Ar element 2624in the value, a 2625.Va static_arp_ Ns Aq Ar element 2626variable is assumed to exist whose contents will later be passed to a 2627.Dq Nm arp Cm -S 2628operation. 2629For example 2630.Bd -literal 2631static_arp_pairs="gw" 2632static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2633.Ed 2634.It Va static_ndp_pairs 2635.Pq Vt str 2636Set to the list of static NDP pairs that are to be added at system 2637boot time. 2638For each whitespace separated 2639.Ar element 2640in the value, a 2641.Va static_ndp_ Ns Aq Ar element 2642variable is assumed to exist whose contents will later be passed to a 2643.Dq Nm ndp Cm -s 2644operation. 2645For example 2646.Bd -literal 2647static_ndp_pairs="gw" 2648static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2649.Ed 2650.It Va static_routes 2651.Pq Vt str 2652Set to the list of static routes that are to be added at system 2653boot time. 2654If not set to 2655.Dq Li NO 2656then for each whitespace separated 2657.Ar element 2658in the value, a 2659.Va route_ Ns Aq Ar element 2660variable is assumed to exist 2661whose contents will later be passed to a 2662.Dq Nm route Cm add 2663operation. 2664For example: 2665.Bd -literal 2666static_routes="mcast gif0local" 2667route_mcast="-net 224.0.0.0/4 -iface gif0" 2668route_gif0local="-host 169.254.1.1 -iface lo0" 2669.Ed 2670.It Va ipv6_static_routes 2671.Pq Vt str 2672The IPv6 equivalent of 2673.Va static_routes . 2674If not set to 2675.Dq Li NO 2676then for each whitespace separated 2677.Ar element 2678in the value, a 2679.Va ipv6_route_ Ns Aq Ar element 2680variable is assumed to exist 2681whose contents will later be passed to a 2682.Dq Nm route Cm add Fl inet6 2683operation. 2684.It Va natm_static_routes 2685.Pq Vt str 2686The 2687.Xr natmip 4 2688equivalent of 2689.Va static_routes . 2690If not empty then for each whitespace separated 2691.Ar element 2692in the value, a 2693.Va route_ Ns Aq Ar element 2694variable is assumed to exist whose contents will later be passed to a 2695.Dq Nm atmconfig Cm natm Cm add 2696operation. 2697.It Va gateway_enable 2698.Pq Vt bool 2699If set to 2700.Dq Li YES , 2701configure host to act as an IP router, e.g.\& to forward packets 2702between interfaces. 2703.It Va ipv6_gateway_enable 2704.Pq Vt bool 2705The IPv6 equivalent of 2706.Va gateway_enable . 2707.It Va routed_enable 2708.Pq Vt bool 2709If set to 2710.Dq Li YES , 2711run a routing daemon of some sort, based on the 2712settings of 2713.Va routed_program 2714and 2715.Va routed_flags . 2716.It Va route6d_enable 2717.Pq Vt bool 2718The IPv6 equivalent of 2719.Va routed_enable . 2720If set to 2721.Dq Li YES , 2722run a routing daemon of some sort, based on the 2723settings of 2724.Va route6d_program 2725and 2726.Va route6d_flags . 2727.It Va routed_program 2728.Pq Vt str 2729If 2730.Va routed_enable 2731is set to 2732.Dq Li YES , 2733this is the name of the routing daemon to use. 2734.It Va route6d_program 2735.Pq Vt str 2736The IPv6 equivalent of 2737.Va routed_program . 2738.It Va routed_flags 2739.Pq Vt str 2740If 2741.Va routed_enable 2742is set to 2743.Dq Li YES , 2744these are the flags to pass to the routing daemon. 2745.It Va route6d_flags 2746.Pq Vt str 2747The IPv6 equivalent of 2748.Va routed_flags . 2749.It Va mrouted_enable 2750.Pq Vt bool 2751If set to 2752.Dq Li YES , 2753run the multicast routing daemon, 2754.Xr mrouted 8 . 2755.It Va mroute6d_enable 2756.Pq Vt bool 2757The IPv6 equivalent of 2758.Va mrouted_enable . 2759If set to 2760.Dq Li YES , 2761run the IPv6 multicast routing daemon. 2762.Pp 2763Note that multicast routing daemons are no longer included in the 2764.Fx 2765base system, however, both 2766.Xr mrouted 8 2767and 2768.Xr pim6dd 8 2769may be installed from the 2770.Fx 2771Ports Collection. 2772.It Va mrouted_flags 2773.Pq Vt str 2774If 2775.Va mrouted_enable 2776is set to 2777.Dq Li YES , 2778these are the flags to pass to the 2779.Xr mrouted 8 2780daemon. 2781.It Va mroute6d_flags 2782.Pq Vt str 2783The IPv6 equivalent of 2784.Va mrouted_flags . 2785If 2786.Va mroute6d_enable 2787is set to 2788.Dq Li YES , 2789these are the flags passed to the IPv6 multicast routing daemon. 2790.It Va mroute6d_program 2791.Pq Vt str 2792If 2793.Va mroute6d_enable 2794is set to 2795.Dq Li YES , 2796this is the path to the IPv6 multicast routing daemon. 2797.It Va rtadvd_enable 2798.Pq Vt bool 2799If set to 2800.Dq Li YES , 2801run the 2802.Xr rtadvd 8 2803daemon at boot time. 2804The 2805.Xr rtadvd 8 2806utility sends ICMPv6 Router Advertisement messages to 2807the interfaces specified in 2808.Va rtadvd_interfaces . 2809This should only be enabled with great care. 2810You may want to fine-tune 2811.Xr rtadvd.conf 5 . 2812.It Va rtadvd_interfaces 2813.Pq Vt str 2814If 2815.Va rtadvd_enable 2816is set to 2817.Dq Li YES 2818this is the list of interfaces to use. 2819.It Va ipxgateway_enable 2820.Pq Vt bool 2821If set to 2822.Dq Li YES , 2823enable the routing of IPX traffic. 2824.It Va ipxrouted_enable 2825.Pq Vt bool 2826If set to 2827.Dq Li YES , 2828run the 2829.Xr IPXrouted 8 2830daemon at system boot time. 2831.It Va ipxrouted_flags 2832.Pq Vt str 2833If 2834.Va ipxrouted_enable 2835is set to 2836.Dq Li YES , 2837these are the flags to pass to the 2838.Xr IPXrouted 8 2839daemon. 2840.It Va arpproxy_all 2841.Pq Vt bool 2842If set to 2843.Dq Li YES , 2844enable global proxy ARP. 2845.It Va forward_sourceroute 2846.Pq Vt bool 2847If set to 2848.Dq Li YES 2849and 2850.Va gateway_enable 2851is also set to 2852.Dq Li YES , 2853source-routed packets are forwarded. 2854.It Va accept_sourceroute 2855.Pq Vt bool 2856If set to 2857.Dq Li YES , 2858the system will accept source-routed packets directed at it. 2859.It Va rarpd_enable 2860.Pq Vt bool 2861If set to 2862.Dq Li YES , 2863run the 2864.Xr rarpd 8 2865daemon at system boot time. 2866.It Va rarpd_flags 2867.Pq Vt str 2868If 2869.Va rarpd_enable 2870is set to 2871.Dq Li YES , 2872these are the flags to pass to the 2873.Xr rarpd 8 2874daemon. 2875.It Va bootparamd_enable 2876.Pq Vt bool 2877If set to 2878.Dq Li YES , 2879run the 2880.Xr bootparamd 8 2881daemon at system boot time. 2882.It Va bootparamd_flags 2883.Pq Vt str 2884If 2885.Va bootparamd_enable 2886is set to 2887.Dq Li YES , 2888these are the flags to pass to the 2889.Xr bootparamd 8 2890daemon. 2891.It Va stf_interface_ipv4addr 2892.Pq Vt str 2893If not set to 2894.Dq Li NO , 2895this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2896interface). 2897Specify this entry to enable the 6to4 interface. 2898.It Va stf_interface_ipv4plen 2899.Pq Vt int 2900Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2901An effective value is 0-31. 2902.It Va stf_interface_ipv6_ifid 2903.Pq Vt str 2904IPv6 interface ID for 2905.Xr stf 4 . 2906This can be set to 2907.Dq Li AUTO . 2908.It Va stf_interface_ipv6_slaid 2909.Pq Vt str 2910IPv6 Site Level Aggregator for 2911.Xr stf 4 . 2912.It Va ipv6_faith_prefix 2913.Pq Vt str 2914If not set to 2915.Dq Li NO , 2916this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2917translator. 2918You also need 2919.Xr faithd 8 2920setup. 2921.It Va ipv6_ipv4mapping 2922.Pq Vt bool 2923If set to 2924.Dq Li YES 2925this enables IPv4 mapped IPv6 address communication (like 2926.Li ::ffff:a.b.c.d ) . 2927.It Va atm_enable 2928.Pq Vt bool 2929Set to 2930.Dq Li YES 2931to enable the configuration of ATM interfaces at system boot time. 2932For all of the ATM variables described below, please refer to the 2933.Xr atm 8 2934manual page for further details on the available command parameters. 2935Also refer to the files in 2936.Pa /usr/share/examples/atm 2937for more detailed configuration information. 2938.It Va atm_load 2939.Pq Vt str 2940This is a list of physical ATM interface drivers to load. 2941Typical values are 2942.Dq Li hfa_pci 2943and/or 2944.Dq Li hea_pci . 2945.It Va atm_netif_ Ns Aq Ar intf 2946.Pq Vt str 2947For the ATM physical interface 2948.Ar intf , 2949this variable defines the name prefix and count for the ATM network 2950interfaces to be created. 2951The value will be passed as the parameters of an 2952.Dq Nm atm Cm "set netif" Ar intf 2953command. 2954.It Va atm_sigmgr_ Ns Aq Ar intf 2955.Pq Vt str 2956For the ATM physical interface 2957.Ar intf , 2958this variable defines the ATM signalling manager to be used. 2959The value will be passed as the parameters of an 2960.Dq Nm atm Cm attach Ar intf 2961command. 2962.It Va atm_prefix_ Ns Aq Ar intf 2963.Pq Vt str 2964For the ATM physical interface 2965.Ar intf , 2966this variable defines the NSAP prefix for interfaces using a UNI signalling 2967manager. 2968If set to 2969.Dq Li ILMI , 2970the prefix will automatically be set via the 2971.Xr ilmid 8 2972daemon. 2973Otherwise, the value will be passed as the parameters of an 2974.Dq Nm atm Cm "set prefix" Ar intf 2975command. 2976.It Va atm_macaddr_ Ns Aq Ar intf 2977.Pq Vt str 2978For the ATM physical interface 2979.Ar intf , 2980this variable defines the MAC address for interfaces using a UNI signalling 2981manager. 2982If set to 2983.Dq Li NO , 2984the hardware MAC address contained in the ATM interface card will be used. 2985Otherwise, the value will be passed as the parameters of an 2986.Dq Nm atm Cm "set mac" Ar intf 2987command. 2988.It Va atm_arpserver_ Ns Aq Ar netif 2989.Pq Vt str 2990For the ATM network interface 2991.Ar netif , 2992this variable defines the ATM address for a host which is to provide ATMARP 2993service. 2994This variable is only applicable to interfaces using a UNI signalling 2995manager. 2996If set to 2997.Dq Li local , 2998this host will become an ATMARP server. 2999The value will be passed as the parameters of an 3000.Dq Nm atm Cm "set arpserver" Ar netif 3001command. 3002.It Va atm_scsparp_ Ns Aq Ar netif 3003.Pq Vt bool 3004If set to 3005.Dq Li YES , 3006SCSP/ATMARP service for the network interface 3007.Ar netif 3008will be initiated using the 3009.Xr scspd 8 3010and 3011.Xr atmarpd 8 3012daemons. 3013This variable is only applicable if 3014.Va atm_arpserver_ Ns Aq Ar netif 3015is set to 3016.Dq Li local . 3017.It Va atm_pvcs 3018.Pq Vt str 3019Set to the list of ATM PVCs to be added at system 3020boot time. 3021For each whitespace separated 3022.Ar element 3023in the value, an 3024.Va atm_pvc_ Ns Aq Ar element 3025variable is assumed to exist. 3026The value of each of these variables 3027will be passed as the parameters of an 3028.Dq Nm atm Cm "add pvc" 3029command. 3030.It Va atm_arps 3031.Pq Vt str 3032Set to the list of permanent ATM ARP entries to be added 3033at system boot time. 3034For each whitespace separated 3035.Ar element 3036in the value, an 3037.Va atm_arp_ Ns Aq Ar element 3038variable is assumed to exist. 3039The value of each of these variables 3040will be passed as the parameters of an 3041.Dq Nm atm Cm "add arp" 3042command. 3043.It Va natm_interfaces 3044.Pq Vt str 3045Set to the list of 3046.Xr natm 4 3047interfaces that will also be used for HARP through 3048.Xr harp 4 . 3049If this list is not empty all interfaces in the list will be brought up 3050with 3051.Xr ifconfig 8 3052and 3053.Xr harp 4 3054will be loaded. 3055For this to work the interface drivers must be either compiled into the 3056kernel or must reside on the root partition. 3057.It Va keybell 3058.Pq Vt str 3059The keyboard bell sound. 3060Set to 3061.Dq Li normal , 3062.Dq Li visual , 3063.Dq Li off , 3064or 3065.Dq Li NO 3066if the default behavior is desired. 3067For details, refer to the 3068.Xr kbdcontrol 1 3069manpage. 3070.It Va keyboard 3071.Pq Vt str 3072If set to a non-null string, the virtual console's keyboard input is 3073set to this device. 3074.It Va keymap 3075.Pq Vt str 3076If set to 3077.Dq Li NO , 3078no keymap is installed, otherwise the value is used to install 3079the keymap file in 3080.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3081.It Va keyrate 3082.Pq Vt str 3083The keyboard repeat speed. 3084Set to 3085.Dq Li slow , 3086.Dq Li normal , 3087.Dq Li fast , 3088or 3089.Dq Li NO 3090if the default behavior is desired. 3091.It Va keychange 3092.Pq Vt str 3093If not set to 3094.Dq Li NO , 3095attempt to program the function keys with the value. 3096The value should 3097be a single string of the form: 3098.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3099.It Va cursor 3100.Pq Vt str 3101Can be set to the value of 3102.Dq Li normal , 3103.Dq Li blink , 3104.Dq Li destructive , 3105or 3106.Dq Li NO 3107to set the cursor behavior explicitly or choose the default behavior. 3108.It Va scrnmap 3109.Pq Vt str 3110If set to 3111.Dq Li NO , 3112no screen map is installed, otherwise the value is used to install 3113the screen map file in 3114.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3115.It Va font8x16 3116.Pq Vt str 3117If set to 3118.Dq Li NO , 3119the default 8x16 font value is used for screen size requests, otherwise 3120the value in 3121.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3122is used. 3123.It Va font8x14 3124.Pq Vt str 3125If set to 3126.Dq Li NO , 3127the default 8x14 font value is used for screen size requests, otherwise 3128the value in 3129.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3130is used. 3131.It Va font8x8 3132.Pq Vt str 3133If set to 3134.Dq Li NO , 3135the default 8x8 font value is used for screen size requests, otherwise 3136the value in 3137.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3138is used. 3139.It Va blanktime 3140.Pq Vt int 3141If set to 3142.Dq Li NO , 3143the default screen blanking interval is used, otherwise it is set 3144to 3145.Ar value 3146seconds. 3147.It Va saver 3148.Pq Vt str 3149If not set to 3150.Dq Li NO , 3151this is the actual screen saver to use 3152.Li ( blank , snake , daemon , 3153etc). 3154.It Va moused_nondefault_enable 3155.Pq Vt str 3156If set to 3157.Dq Li NO , 3158the mouse device specified on 3159the command line is not automatically treated as enabled by the 3160.Pa /etc/rc.d/moused 3161script. 3162Having this variable set to 3163.Dq Li YES 3164allows a 3165.Xr usb 4 3166mouse, 3167for example, 3168to be enabled as soon as it is plugged in. 3169.It Va moused_enable 3170.Pq Vt str 3171If set to 3172.Dq Li YES , 3173the 3174.Xr moused 8 3175daemon is started for doing cut/paste selection on the console. 3176.It Va moused_type 3177.Pq Vt str 3178This is the protocol type of the mouse connected to this host. 3179This variable must be set if 3180.Va moused_enable 3181is set to 3182.Dq Li YES . 3183The 3184.Xr moused 8 3185daemon 3186is able to detect the appropriate mouse type automatically in many cases. 3187Set this variable to 3188.Dq Li auto 3189to let the daemon detect it, or 3190select one from the following list if the automatic detection fails. 3191.Pp 3192If the mouse is attached to the PS/2 mouse port, choose 3193.Dq Li auto 3194or 3195.Dq Li ps/2 , 3196regardless of the brand and model of the mouse. 3197Likewise, if the 3198mouse is attached to the bus mouse port, choose 3199.Dq Li auto 3200or 3201.Dq Li busmouse . 3202All other protocols are for serial mice and will not work with 3203the PS/2 and bus mice. 3204If this is a USB mouse, 3205.Dq Li auto 3206is the only protocol type which will work. 3207.Pp 3208.Bl -tag -width ".Li x10mouseremote" -compact 3209.It Li microsoft 3210Microsoft mouse (serial) 3211.It Li intellimouse 3212Microsoft IntelliMouse (serial) 3213.It Li mousesystems 3214Mouse systems Corp.\& mouse (serial) 3215.It Li mmseries 3216MM Series mouse (serial) 3217.It Li logitech 3218Logitech mouse (serial) 3219.It Li busmouse 3220A bus mouse 3221.It Li mouseman 3222Logitech MouseMan and TrackMan (serial) 3223.It Li glidepoint 3224ALPS GlidePoint (serial) 3225.It Li thinkingmouse 3226Kensington ThinkingMouse (serial) 3227.It Li ps/2 3228PS/2 mouse 3229.It Li mmhittab 3230MM HitTablet (serial) 3231.It Li x10mouseremote 3232X10 MouseRemote (serial) 3233.It Li versapad 3234Interlink VersaPad (serial) 3235.El 3236.Pp 3237Even if the mouse is not in the above list, it may be compatible 3238with one in the list. 3239Refer to the manual page for 3240.Xr moused 8 3241for compatibility information. 3242.Pp 3243It should also be noted that while this is enabled, any 3244other client of the mouse (such as an X server) should access 3245the mouse through the virtual mouse device, 3246.Pa /dev/sysmouse , 3247and configure it as a 3248.Dq Li sysmouse 3249type mouse, since all 3250mouse data is converted to this single canonical format when 3251using 3252.Xr moused 8 . 3253If the client program does not support the 3254.Dq Li sysmouse 3255type, 3256specify the 3257.Dq Li mousesystems 3258type. 3259It is the second preferred type. 3260.It Va moused_port 3261.Pq Vt str 3262If 3263.Va moused_enable 3264is set to 3265.Dq Li YES , 3266this is the actual port the mouse is on. 3267It might be 3268.Pa /dev/cuad0 3269for a COM1 serial mouse, 3270.Pa /dev/psm0 3271for a PS/2 mouse or 3272.Pa /dev/mse0 3273for a bus mouse, for example. 3274.It Va moused_flags 3275.Pq Vt str 3276If 3277.Va moused_flags 3278is set, its value is used as an additional set of flags to pass to the 3279.Xr moused 8 3280daemon. 3281.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3282When 3283.Va moused_nondefault_enable 3284is enabled, and a 3285.Xr moused 8 3286daemon is started for a non-default port, the 3287.Va "moused_" Ns Ar XXX Ns Va "_flags" 3288set of options has precedence over and replaces the default 3289.Va moused_flags 3290(where 3291.Ar XXX 3292is the name of the non-default port, i.e.,\& 3293.Ar ums0 ) . 3294By setting 3295.Va "moused_" Ns Ar XXX Ns Va "_flags" 3296it is possible to set up a different set of default flags for each 3297.Xr moused 8 3298instance. 3299For example, you can use 3300.Dq Li "-3" 3301for the default 3302.Va moused_flags 3303to make your laptop's touchpad more comfortable to use, 3304but an empty set of options for 3305.Va moused_ums0_flags 3306when your 3307.Xr usb 4 3308mouse has three or more buttons. 3309.It Va mousechar_start 3310.Pq Vt int 3311If set to 3312.Dq Li NO , 3313the default mouse cursor character range 3314.Li 0xd0 Ns - Ns Li 0xd3 3315is used, 3316otherwise the range start is set 3317to 3318.Ar value 3319character, see 3320.Xr vidcontrol 1 . 3321Use if the default range is occupied in the language code table. 3322.It Va allscreens_flags 3323.Pq Vt str 3324If set, 3325.Xr vidcontrol 1 3326is run with these options for each of the virtual terminals 3327.Pq Pa /dev/ttyv* . 3328For example, 3329.Dq Fl m Cm on 3330will enable the mouse pointer on all virtual terminals 3331if 3332.Va moused_enable 3333is set to 3334.Dq Li YES . 3335.It Va allscreens_kbdflags 3336.Pq Vt str 3337If set, 3338.Xr kbdcontrol 1 3339is run with these options for each of the virtual terminals 3340.Pq Pa /dev/ttyv* . 3341For example, 3342.Dq Fl h Li 200 3343will set the 3344.Xr syscons 4 3345scrollback (history) buffer to 200 lines. 3346.It Va cron_enable 3347.Pq Vt bool 3348If set to 3349.Dq Li YES , 3350run the 3351.Xr cron 8 3352daemon at system boot time. 3353.It Va cron_program 3354.Pq Vt str 3355Path to 3356.Xr cron 8 3357(default 3358.Pa /usr/sbin/cron ) . 3359.It Va cron_flags 3360.Pq Vt str 3361If 3362.Va cron_enable 3363is set to 3364.Dq Li YES , 3365these are the flags to pass to 3366.Xr cron 8 . 3367.It Va cron_dst 3368.Pq Vt bool 3369If set to 3370.Dq Li YES , 3371enable the special handling of transitions to and from the 3372Daylight Saving Time in 3373.Xr cron 8 3374(equivalent to using the flag 3375.Fl s ) . 3376.It Va lpd_program 3377.Pq Vt str 3378Path to 3379.Xr lpd 8 3380(default 3381.Pa /usr/sbin/lpd ) . 3382.It Va lpd_enable 3383.Pq Vt bool 3384If set to 3385.Dq Li YES , 3386run the 3387.Xr lpd 8 3388daemon at system boot time. 3389.It Va lpd_flags 3390.Pq Vt str 3391If 3392.Va lpd_enable 3393is set to 3394.Dq Li YES , 3395these are the flags to pass to the 3396.Xr lpd 8 3397daemon. 3398.It Va chkprintcap_enable 3399.Pq Vt bool 3400If set to 3401.Dq Li YES , 3402run the 3403.Xr chkprintcap 8 3404command before starting the 3405.Xr lpd 8 3406daemon. 3407.It Va chkprintcap_flags 3408.Pq Vt str 3409If 3410.Va lpd_enable 3411and 3412.Va chkprintcap_enable 3413are set to 3414.Dq Li YES , 3415these are the flags to pass to the 3416.Xr chkprintcap 8 3417program. 3418The default is 3419.Dq Li -d , 3420which causes missing directories to be created. 3421.It Va mta_start_script 3422.Pq Vt str 3423This variable specifies the full path to the script to run to start 3424a mail transfer agent. 3425The default is 3426.Pa /etc/rc.sendmail . 3427The 3428.Va sendmail_* 3429variables which 3430.Pa /etc/rc.sendmail 3431uses are documented in the 3432.Xr rc.sendmail 8 3433manual page. 3434.It Va dumpdev 3435.Pq Vt str 3436Indicates the device (usually a swap partition) to which a crash dump 3437should be written in the event of a system crash. 3438If the value of this variable is 3439.Dq Li AUTO , 3440the first suitable swap device listed in 3441.Pa /etc/fstab 3442will be used as dump device. 3443Otherwise, the value of this variable is passed as the argument to 3444.Xr dumpon 8 . 3445To disable crash dumps, set this variable to 3446.Dq Li NO . 3447.It Va dumpdir 3448.Pq Vt str 3449When the system reboots after a crash and a crash dump is found on the 3450device specified by the 3451.Va dumpdev 3452variable, 3453.Xr savecore 8 3454will save that crash dump and a copy of the kernel to the directory 3455specified by the 3456.Va dumpdir 3457variable. 3458The default value is 3459.Pa /var/crash . 3460Set to 3461.Dq Li NO 3462to not run 3463.Xr savecore 8 3464at boot time when 3465.Va dumpdir 3466is set. 3467.It Va savecore_flags 3468.Pq Vt str 3469If crash dumps are enabled, these are the flags to pass to the 3470.Xr savecore 8 3471utility. 3472.It Va quota_enable 3473.Pq Vt bool 3474Set to 3475.Dq Li YES 3476to turn on user and group disk quotas on system startup via the 3477.Xr quotaon 8 3478command for all file systems marked as having quotas enabled in 3479.Pa /etc/fstab . 3480The kernel must be built with 3481.Cd "options QUOTA" 3482for disk quotas to function. 3483.It Va check_quotas 3484.Pq Vt bool 3485Set to 3486.Dq Li YES 3487to enable user and group disk quota checking via the 3488.Xr quotacheck 8 3489command. 3490.It Va quotacheck_flags 3491.Pq Vt str 3492If 3493.Va quota_enable 3494is set to 3495.Dq Li YES , 3496and 3497.Va check_quotas 3498is set to 3499.Dq Li YES , 3500these are the flags to pass to the 3501.Xr quotacheck 8 3502utility. 3503The default is 3504.Dq Li "-a" , 3505which checks quotas for all file systems with quotas enabled in 3506.Pa /etc/fstab . 3507.It Va quotaon_flags 3508.Pq Vt str 3509If 3510.Va quota_enable 3511is set to 3512.Dq Li YES , 3513these are the flags to pass to the 3514.Xr quotaon 8 3515utility. 3516The default is 3517.Dq Li "-a" , 3518which enables quotas for all file systems with quotas enabled in 3519.Pa /etc/fstab . 3520.It Va quotaoff_flags 3521.Pq Vt str 3522If 3523.Va quota_enable 3524is set to 3525.Dq Li YES , 3526these are the flags to pass to the 3527.Xr quotaoff 8 3528utility when shutting down the quota system. 3529The default is 3530.Dq Li "-a" , 3531which disables quotas for all file systems with quotas enabled in 3532.Pa /etc/fstab . 3533.It Va accounting_enable 3534.Pq Vt bool 3535Set to 3536.Dq Li YES 3537to enable system accounting through the 3538.Xr accton 8 3539facility. 3540.It Va ibcs2_enable 3541.Pq Vt bool 3542Set to 3543.Dq Li YES 3544to enable iBCS2 (SCO) binary emulation at system initial boot 3545time. 3546.It Va ibcs2_loaders 3547.Pq Vt str 3548If not set to 3549.Dq Li NO 3550and if 3551.Va ibcs2_enable 3552is set to 3553.Dq Li YES , 3554this specifies a list of additional iBCS2 loaders to enable. 3555.It Va linux_enable 3556.Pq Vt bool 3557Set to 3558.Dq Li YES 3559to enable Linux/ELF binary emulation at system initial 3560boot time. 3561.It Va svr4_enable 3562.Pq Vt bool 3563If set to 3564.Dq Li YES , 3565enable SysVR4 emulation at boot time. 3566.It Va sysvipc_enable 3567.Pq Vt bool 3568If set to 3569.Dq Li YES , 3570load System V IPC primitives at boot time. 3571.It Va clear_tmp_enable 3572.Pq Vt bool 3573Set to 3574.Dq Li YES 3575to have 3576.Pa /tmp 3577cleaned at startup. 3578.It Va clear_tmp_X 3579.Pq Vt bool 3580Set to 3581.Dq Li NO 3582to disable removing of X11 lock files, 3583and the removal and (secure) recreation 3584of the various socket directories for X11 3585related programs. 3586.It Va ldconfig_paths 3587.Pq Vt str 3588Set to the list of shared library paths to use with 3589.Xr ldconfig 8 . 3590NOTE: 3591.Pa /usr/lib 3592will always be added first, so it need not appear in this list. 3593.It Va ldconfig32_paths 3594.Pq Vt str 3595Set to the list of 32-bit compatibility shared library paths to 3596use with 3597.Xr ldconfig 8 . 3598.It Va ldconfig_paths_aout 3599.Pq Vt str 3600Set to the list of shared library paths to use with 3601.Xr ldconfig 8 3602legacy 3603.Xr a.out 5 3604support. 3605.It Va ldconfig_insecure 3606.Pq Vt bool 3607The 3608.Xr ldconfig 8 3609utility normally refuses to use directories 3610which are writable by anyone except root. 3611Set this variable to 3612.Dq Li YES 3613to disable that security check during system startup. 3614.It Va ldconfig_local_dirs 3615.Pq Vt str 3616Set to the list of local 3617.Xr ldconfig 8 3618directories. 3619The names of all files in the directories listed will be 3620passed as arguments to 3621.Xr ldconfig 8 . 3622.It Va ldconfig_local32_dirs 3623.Pq Vt str 3624Set to the list of local 32-bit compatibility 3625.Xr ldconfig 8 3626directories. 3627The names of all files in the directories listed will be 3628passed as arguments to 3629.Dq Nm ldconfig Fl 32 . 3630.It Va kern_securelevel_enable 3631.Pq Vt bool 3632Set to 3633.Dq Li YES 3634to set the kernel security level at system startup. 3635.It Va kern_securelevel 3636.Pq Vt int 3637The kernel security level to set at startup. 3638The allowed range of 3639.Ar value 3640ranges from \-1 (the compile time default) to 3 (the 3641most secure). 3642See 3643.Xr security 7 3644for the list of possible security levels and their effect 3645on system operation. 3646.It Va sshd_program 3647.Pq Vt str 3648Path to the SSH server program 3649.Pa ( /usr/sbin/sshd 3650is the default). 3651.It Va sshd_enable 3652.Pq Vt bool 3653Set to 3654.Dq Li YES 3655to start 3656.Xr sshd 8 3657at system boot time. 3658.It Va sshd_flags 3659.Pq Vt str 3660If 3661.Va sshd_enable 3662is set to 3663.Dq Li YES , 3664these are the flags to pass to the 3665.Xr sshd 8 3666daemon. 3667.It Va ftpd_program 3668.Pq Vt str 3669Path to the FTP server program 3670.Pa ( /usr/libexec/ftpd 3671is the default). 3672.It Va ftpd_enable 3673.Pq Vt bool 3674Set to 3675.Dq Li YES 3676to start 3677.Xr ftpd 8 3678as a stand-alone daemon at system boot time. 3679.It Va ftpd_flags 3680.Pq Vt str 3681If 3682.Va ftpd_enable 3683is set to 3684.Dq Li YES , 3685these are the additional flags to pass to the 3686.Xr ftpd 8 3687daemon. 3688.It Va watchdogd_enable 3689.Pq Vt bool 3690If set to 3691.Dq Li YES , 3692start the 3693.Xr watchdogd 8 3694daemon at boot time. 3695This requires that the kernel have been compiled with a 3696.Xr watchdog 4 3697compatible device. 3698.It Va watchdogd_flags 3699.Pq Vt str 3700If 3701.Va watchdogd_enable 3702is set to 3703.Dq Li YES , 3704these are the flags passed to the 3705.Xr watchdogd 8 3706daemon. 3707.It Va devfs_rulesets 3708.Pq Vt str 3709List of files containing sets of rules for 3710.Xr devfs 8 . 3711.It Va devfs_system_ruleset 3712.Pq Vt str 3713Rule name(s) to apply to the system 3714.Pa /dev 3715itself. 3716.It Va devfs_set_rulesets 3717.Pq Vt str 3718Pairs of already-mounted 3719.Pa dev 3720directories and rulesets that should be applied to them. 3721For example: /mount/dev=ruleset_name 3722.It Va devfs_load_rulesets 3723.Pq Vt bool 3724If set, always load the default rulesets listed in 3725.Va devfs_rulesets . 3726.It Va performance_cx_lowest 3727.Pq Vt str 3728CPU idle state to use while on AC power. 3729The string 3730.Dq Li LOW 3731indicates that 3732.Xr acpi 4 3733should use the lowest power state available while 3734.Dq Li HIGH 3735indicates that the lowest latency state (less power savings) should be used. 3736.It Va performance_cpu_freq 3737.Pq Vt str 3738CPU clock frequency to use while on AC power. 3739The string 3740.Dq Li LOW 3741indicates that 3742.Xr cpufreq 4 3743should use the lowest frequency available while 3744.Dq Li HIGH 3745indicates that the highest frequency (less power savings) should be used. 3746.It Va economy_cx_lowest 3747.Pq Vt str 3748CPU idle state to use when off AC power. 3749The string 3750.Dq Li LOW 3751indicates that 3752.Xr acpi 4 3753should use the lowest power state available while 3754.Dq Li HIGH 3755indicates that the lowest latency state (less power savings) should be used. 3756.It Va economy_cpu_freq 3757.Pq Vt str 3758CPU clock frequency to use when off AC power. 3759The string 3760.Dq Li LOW 3761indicates that 3762.Xr cpufreq 4 3763should use the lowest frequency available while 3764.Dq Li HIGH 3765indicates that the highest frequency (less power savings) should be used. 3766.It Va jail_enable 3767.Pq Vt bool 3768If set to 3769.Dq Li NO , 3770any configured jails will not be started. 3771.It Va jail_parallel_start 3772.Pq Vt bool 3773If set to 3774.Dq Li YES , 3775all configured jails will be started in the background (in parallel). 3776.It Va jail_list 3777.Pq Vt str 3778A space separated list of names for jails. 3779This is purely a configuration aid to help identify and 3780configure multiple jails. 3781The names specified in this list will be used to 3782identify settings common to an instance of a jail, 3783and should contain alphanumeric characters only. 3784Assuming that the jail in question was named 3785.Li vjail , 3786you would have the following dependent variables: 3787.Bd -literal 3788jail_vjail_hostname="jail.example.com" 3789jail_vjail_ip="192.0.2.100" 3790jail_vjail_rootdir="/var/jails/vjail/root" 3791.Ed 3792.Pp 3793.It Va jail_flags 3794.Pq Vt str 3795Unset by default. 3796When set, use as default value for 3797.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3798for every jail in 3799.Va jail_list . 3800.It Va jail_interface 3801.Pq Vt str 3802Unset by default. 3803When set, use as default value for 3804.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3805for every jail in 3806.Va jail_list . 3807.It Va jail_fstab 3808.Pq Vt str 3809Unset by default. 3810When set, use as default value for 3811.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3812for every jail in 3813.Va jail_list . 3814.It Va jail_mount_enable 3815.Pq Vt bool 3816Set to 3817.Dq Li NO 3818by default. 3819When set to 3820.Dq Li YES , 3821sets 3822.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3823to 3824.Dq Li YES 3825by default for every jail in 3826.Va jail_list . 3827.It Va jail_devfs_ruleset 3828.Pq Vt str 3829Unset by default. 3830When set, sets 3831.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3832to given value for every jail in 3833.Va jail_list . 3834.It Va jail_devfs_enable 3835.Pq Vt bool 3836Set to 3837.Dq Li NO 3838by default. 3839When set to 3840.Dq Li YES , 3841sets 3842.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3843to 3844.Dq Li YES 3845by default for every jail in 3846.Va jail_list . 3847.It Va jail_fdescfs_enable 3848.Pq Vt bool 3849Set to 3850.Dq Li NO 3851by default. 3852When set to 3853.Dq Li YES , 3854sets 3855.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3856to 3857.Dq Li YES 3858by default for every jail in 3859.Va jail_list . 3860.It Va jail_procfs_enable 3861.Pq Vt bool 3862Set to 3863.Dq Li NO 3864by default. 3865When set to 3866.Dq Li YES , 3867sets 3868.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3869to 3870.Dq Li YES 3871by default for every jail in 3872.Va jail_list . 3873.It Va jail_exec_prestart Ns Aq Ar N 3874.Pq Vt str 3875Unset by default. 3876When set, use as default value for 3877.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3878for every jail in 3879.Va jail_list . 3880.It Va jail_exec_start 3881.Pq Vt str 3882Unset by default. 3883When set, use as default value for 3884.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3885for every jail in 3886.Va jail_list . 3887.It Va jail_exec_afterstart Ns Aq Ar N 3888.Pq Vt str 3889Unset by default. 3890When set, use as default value for 3891.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3892for every jail in 3893.Va jail_list . 3894.It Va jail_exec_poststart Ns Aq Ar N 3895.Pq Vt str 3896Unset by default. 3897When set, use as default value for 3898.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3899for every jail in 3900.Va jail_list . 3901.It Va jail_exec_prestop Ns Aq Ar N 3902.Pq Vt str 3903Unset by default. 3904When set, use as default value for 3905.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3906for every jail in 3907.Va jail_list . 3908.It Va jail_exec_stop 3909Unset by default. 3910When set, use as default value for 3911.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3912for every jail in 3913.Va jail_list . 3914.It Va jail_exec_poststop Ns Aq Ar N 3915.Pq Vt str 3916Unset by default. 3917When set, use as default value for 3918.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3919for every jail in 3920.Va jail_list . 3921.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3922.Pq Vt str 3923Unset by default. 3924Set to the root directory used by jail 3925.Va jname . 3926.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3927.Pq Vt str 3928Unset by default. 3929Set to the fully qualified domain name (FQDN) assigned to jail 3930.Va jname . 3931.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3932.Pq Vt str 3933Unset by default. 3934Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 3935The argument can be a sole address or a comma separated list of addresses. 3936Additionally each address can be prefixed by the name of an interface 3937followed by a pipe to overwrite 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3939or 3940.Va jail_interface 3941and/or suffixed by a netmask, prefixlen or prefix. 3942In case no netmask, prefixlen or prefix is given, 3943.Sq /32 3944will be used for IPv4 and 3945.Sq /128 3946will be used for an IPv6 address. 3947If no address is given for the jail then the jail will be started with 3948no networking support. 3949.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3950.Pq Vt str 3951Unset by default. 3952Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 3953The sequence starts with 3954.Dq Li _multi0 3955and the numbers have to be strictly ascending. 3956These entries follow the same syntax as their primary 3957.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3958entry. 3959The order of the entries can be important as the first address for 3960each address family found will be the primary address of the jail. 3961See 3962.Va ip-addresses 3963option in 3964.Xr jail 8 3965for more details. 3966.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3967.Pq Vt str 3968Set to 3969.Dq Li -l -U root 3970by default. 3971These are flags to pass to 3972.Xr jail 8 . 3973.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3974.Pq Vt str 3975Unset by default. 3976When set, sets the interface to use when setting IP address alias. 3977Note that the alias is created at jail startup and removed at jail shutdown. 3978.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3979.Pq Vt str 3980Unset by default. 3981When set, the jail is started with the specified forwarding table (sometimes 3982referred to as a routing table) via 3983.Xr setfib 1 . 3984.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3985.Pq Vt str 3986Set to 3987.Pa /etc/fstab. Ns Aq Ar jname 3988by default. 3989This is the file system information file to use for jail 3990.Va jname . 3991.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3992.Pq Vt bool 3993Set to 3994.Dq Li NO 3995by default. 3996When set to 3997.Dq Li YES , 3998mount all file systems from 3999.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4000at jail startup. 4001.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 4002.Pq Vt str 4003Unset by default. 4004When set, defines the device file system ruleset file to use for jail 4005.Va jname . 4006.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4007.Pq Vt bool 4008Set to 4009.Dq Li NO 4010by default. 4011When set to 4012.Dq Li YES , 4013mount the device file system inside jail 4014.Ar jname 4015at jail startup. 4016.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4017.Pq Vt bool 4018Set to 4019.Dq Li NO 4020by default. 4021When set to 4022.Dq Li YES , 4023mount the file-descriptor file system inside jail 4024.Ar jname 4025at jail startup. 4026.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4027.Pq Vt bool 4028Set to 4029.Dq Li NO 4030by default. 4031When set to 4032.Dq Li YES , 4033mount the process file system inside jail 4034.Ar jname 4035at jail startup. 4036.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4037.Pq Vt str 4038Unset by default. 4039This is the command run as 4040.Ar N Ns 4041th command 4042before jail startup, where 4043.Ar N 4044is 0, 1, and so on. 4045It is run outside the jail. 4046.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4047.Pq Vt str 4048Set to 4049.Dq Li /bin/sh /etc/rc 4050by default. 4051This is the command executed in a jail at jail startup. 4052.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4053.Pq Vt str 4054Unset by default. 4055This is the command run as 4056.Ar N Ns 4057th command 4058in a jail 4059after jail startup, where 4060.Ar N 4061is 1, 2, and so on. 4062.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4063.Pq Vt str 4064Unset by default. 4065This is the command run as 4066.Ar N Ns 4067th command 4068after jail startup, where 4069.Ar N 4070is 0, 1, and so on. 4071It is run outside the jail. 4072.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4073.Pq Vt str 4074Unset by default. 4075This is the command run as 4076.Ar N Ns 4077th command 4078before jail shutdown, where 4079.Ar N 4080is 0, 1, and so on. 4081It is run outside the jail. 4082.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4083.Pq Vt str 4084Set to 4085.Dq Li /bin/sh /etc/rc.shutdown 4086by default. 4087This is the command executed in a jail at jail shutdown. 4088.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4089.Pq Vt str 4090Unset by default. 4091This is the command run as 4092.Ar N Ns 4093th command 4094after jail shutdown, where 4095.Ar N 4096is 0, 1, and so on. 4097It is run outside the jail. 4098.It Va jail_set_hostname_allow 4099.Pq Vt bool 4100If set to 4101.Dq Li NO , 4102do not allow the root user in a jail to set its hostname. 4103.It Va jail_socket_unixiproute_only 4104.Pq Vt bool 4105If set to 4106.Dq Li YES , 4107do not allow any sockets, 4108besides UNIX/IP/route sockets, 4109to be used within a jail. 4110.It Va jail_sysvipc_allow 4111.Pq Vt bool 4112If set to 4113.Dq Li YES , 4114allow applications within a jail to use System V IPC. 4115.\" ----------------------------------------------------- 4116.It Va harvest_interrupt 4117.Pq Vt bool 4118Set to 4119.Dq Li YES 4120to use hardware interrupts as an entropy source. 4121Refer to 4122.Xr random 4 4123for more information. 4124.It Va harvest_ethernet 4125.Pq Vt bool 4126Set to 4127.Dq Li YES 4128to use LAN traffic as an entropy source. 4129Refer to 4130.Xr random 4 4131for more information. 4132.It Va harvest_p_to_p 4133.Pq Vt bool 4134Set to 4135.Dq Li YES 4136to use serial line traffic as an entropy source. 4137Refer to 4138.Xr random 4 4139for more information. 4140.It Va entropy_dir 4141.Pq Vt str 4142Set to 4143.Dq Li NO 4144to disable caching entropy via 4145.Xr cron 8 . 4146Otherwise set to the directory used to store entropy files in. 4147.It Va entropy_file 4148.Pq Vt str 4149Set to 4150.Dq Li NO 4151to disable caching entropy through reboots. 4152Otherwise set to the filename used to store cached entropy through 4153reboots. 4154This file should be located on the root file system to seed the 4155.Xr random 4 4156device as early as possible in the boot process. 4157.It Va entropy_save_sz 4158.Pq Vt int 4159Size of the entropy cache files saved by 4160.Nm save-entropy 4161periodically. 4162.It Va entropy_save_num 4163.Pq Vt int 4164Number of entropy cache files to save by 4165.Nm save-entropy 4166periodically. 4167.It Va ipsec_enable 4168.Pq Vt bool 4169Set to 4170.Dq Li YES 4171to run 4172.Xr setkey 8 4173on 4174.Va ipsec_file 4175at boot time. 4176.It Va ipsec_file 4177.Pq Vt str 4178Configuration file for 4179.Xr setkey 8 . 4180.It Va dmesg_enable 4181.Pq Vt bool 4182Set to 4183.Dq Li YES 4184to save 4185.Xr dmesg 8 4186to 4187.Pa /var/run/dmesg.boot 4188on boot. 4189.It Va rcshutdown_timeout 4190.Pq Vt int 4191If set, start a watchdog timer in the background which will terminate 4192.Pa rc.shutdown 4193if 4194.Xr shutdown 8 4195has not completed within the specified time (in seconds). 4196Notice that in addition to this soft timeout, 4197.Xr init 8 4198also applies a hard timeout for the execution of 4199.Pa rc.shutdown . 4200This is configured via 4201.Xr sysctl 8 4202variable 4203.Va kern.init_shutdown_timeout 4204and defaults to 120 seconds. 4205Setting the value of 4206.Va rcshutdown_timeout 4207to more than 120 seconds will have no effect until the 4208.Xr sysctl 8 4209variable 4210.Va kern.init_shutdown_timeout 4211is also increased. 4212.It Va virecover_enable 4213.Pq Vt bool 4214Set to 4215.Dq Li NO 4216to prevent the system from trying to 4217recover pre-maturely terminated 4218.Xr vi 1 4219sessions. 4220.It Va ugidfw_enable 4221.Pq Vt bool 4222Set to 4223.Dq Li YES 4224to load the 4225.Xr mac_bsdextended 4 4226module upon system initialization and load a default 4227ruleset file. 4228.It Va bsdextended_script 4229.Pq Vt str 4230The default 4231.Xr mac_bsdextended 4 4232ruleset file to load. 4233The default value of this variable is 4234.Pa /etc/rc.bsdextended . 4235.It Va newsyslog_enable 4236.Pq Vt bool 4237If set to 4238.Dq Li YES , 4239run 4240.Xr newsyslog 8 4241command at startup. 4242.It Va newsyslog_flags 4243.Pq Vt str 4244If 4245.Va newsyslog_enable 4246is set to 4247.Dq Li YES , 4248these are the flags to pass to the 4249.Xr newsyslog 8 4250program. 4251The default is 4252.Dq Li -CN , 4253which causes log files flagged with a 4254.Cm C 4255to be created. 4256.It Va mdconfig_md Ns Aq Ar X 4257.Pq Vt str 4258Arguments to 4259.Xr mdconfig 8 4260for 4261.Xr md 4 4262device 4263.Ar X . 4264At minimum a 4265.Fl t Ar type 4266must be specified and either a 4267.Fl s Ar size 4268for malloc or swap backed 4269.Xr md 4 4270devices or a 4271.Fl f Ar file 4272for vnode backed 4273.Xr md 4 4274devices. 4275Note that 4276.Va mdconfig_md Ns Aq Ar X 4277variables are evaluated until one variable is unset or null. 4278.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4279.Pq Vt str 4280Optional arguments passed to 4281.Xr newfs 8 4282to initialize 4283.Xr md 4 4284device 4285.Ar X . 4286.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4287.Pq Vt str 4288An ownership specification passed to 4289.Xr chown 8 4290after the specified 4291.Xr md 4 4292device 4293.Ar X 4294has been mounted. 4295Both the 4296.Xr md 4 4297device and the mount point will be changed. 4298.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4299.Pq Vt str 4300A mode string passed to 4301.Xr chmod 1 4302after the specified 4303.Xr md 4 4304device 4305.Ar X 4306has been mounted. 4307Both the 4308.Xr md 4 4309device and the mount point will be changed. 4310.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4311.Pq Vt str 4312Files to be copied to the mount point of the 4313.Xr md 4 4314device 4315.Ar X 4316after it has been mounted. 4317.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4318.Pq Vt str 4319Command to execute after the specified 4320.Xr md 4 4321device 4322.Ar X 4323has been mounted. 4324Note that the command is passed to 4325.Ic eval 4326and that both 4327.Va _dev 4328and 4329.Va _mp 4330variables can be used to reference respectively the 4331.Xr md 4 4332device and the mount point. 4333Assuming that the 4334.Xr md 4 4335device is 4336.Li md0 , 4337one could set the following: 4338.Bd -literal 4339mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4340.Ed 4341.It Va autobridge_interfaces 4342.Pq Vt str 4343Set to the list of bridge interfaces that will have newly arriving interfaces 4344checked against to be automatically added. 4345If not set to 4346.Dq Li NO 4347then for each whitespace separated 4348.Ar element 4349in the value, a 4350.Va autobridge_ Ns Aq Ar element 4351variable is assumed to exist which has a whitespace separated list of interface 4352names to match, these names can use wildcards. 4353For example: 4354.Bd -literal 4355autobridge_interfaces="bridge0" 4356autobridge_bridge0="tap* dc0 vlan[345]" 4357.Ed 4358.It Va mixer_enable 4359.Pq Vt bool 4360If set to 4361.Dq Li YES , 4362enable support for sound mixer. 4363.It Va hcsecd_enable 4364.Pq Vt bool 4365If set to 4366.Dq Li YES , 4367enable Bluetooth security daemon. 4368.It Va hcsecd_config 4369.Pq Vt str 4370Configuration file for 4371.Xr hcsecd 8 . 4372Default 4373.Pa /etc/bluetooth/hcsecd.conf . 4374.It Va sdpd_enable 4375.Pq Vt bool 4376If set to 4377.Dq Li YES , 4378enable Bluetooth Service Discovery Protocol daemon. 4379.It Va sdpd_control 4380.Pq Vt str 4381Path to 4382.Xr sdpd 8 4383control socket. 4384Default 4385.Pa /var/run/sdp . 4386.It Va sdpd_groupname 4387.Pq Vt str 4388Sets 4389.Xr sdpd 8 4390group to run as after it initializes. 4391Default 4392.Dq Li nobody . 4393.It Va sdpd_username 4394.Pq Vt str 4395Sets 4396.Xr sdpd 8 4397user to run as after it initializes. 4398Default 4399.Dq Li nobody . 4400.It Va bthidd_enable 4401.Pq Vt bool 4402If set to 4403.Dq Li YES , 4404enable Bluetooth Human Interface Device daemon. 4405.It Va bthidd_config 4406.Pq Vt str 4407Configuration file for 4408.Xr bthidd 8 . 4409Default 4410.Pa /etc/bluetooth/bthidd.conf . 4411.It Va bthidd_hids 4412.Pq Vt str 4413Path to a file, where 4414.Xr bthidd 8 4415will store information about known HID devices. 4416Default 4417.Pa /var/db/bthidd.hids . 4418.It Va rfcomm_pppd_server_enable 4419.Pq Vt bool 4420If set to 4421.Dq Li YES , 4422enable Bluetooth RFCOMM PPP wrapper daemon. 4423.It Va rfcomm_pppd_server_profile 4424.Pq Vt str 4425The name of the profile to use from 4426.Pa /etc/ppp/ppp.conf . 4427Multiple profiles can be specified here. 4428Also used to specify per-profile overrides. 4429When the profile name contains any of the characters 4430.Dq Li .-/+ 4431they are translated to 4432.Dq Li _ 4433for the proposes of the override variable names. 4434.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4435.Pq Vt str 4436Overrides local address to listen on. 4437By default 4438.Xr rfcomm_pppd 8 4439will listen on 4440.Dq Li ANY 4441address. 4442The address can be specified as BD_ADDR or name. 4443.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4444.Pq Vt str 4445Overrides local RFCOMM channel to listen on. 4446By default 4447.Xr rfcomm_pppd 8 4448will listen on RFCOMM channel 1. 4449Must set properly if multiple profiles used in the same time. 4450.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4451.Pq Vt bool 4452Tells 4453.Xr rfcomm_pppd 8 4454if it should register Serial Port service on the specified RFCOMM channel. 4455Default 4456.Dq Li NO . 4457.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4458.Pq Vt bool 4459Tells 4460.Xr rfcomm_pppd 8 4461if it should register Dial-Up Networking service on the specified 4462RFCOMM channel. 4463Default 4464.Dq Li NO . 4465.It Va ubthidhci_enable 4466.Pq Vt bool 4467If set to 4468.Dq Li YES , 4469change the USB Bluetooth controller from HID mode to HCI mode. 4470You also need to specify the location of USB Bluetooth controller with the 4471.Va ubthidhci_busnum 4472and 4473.Va ubthidhci_addr 4474variables. 4475.It Va ubthidhci_busnum 4476Bus number where the USB Bluetooth controller is located. 4477Check the output of 4478.Xr usbconfig 8 4479on your system to find this information. 4480.It Va ubthidhci_addr 4481Bus address of the USB Bluetooth controller. 4482Check the output of 4483.Xr usbconfig 8 4484on your system to find this information. 4485.It Va netwait_enable 4486.Pq Vt bool 4487If set to 4488.Dq Li YES , 4489delays the start of network-reliant services until 4490.Va netwait_if 4491is up and ICMP packets to a destination defined in 4492.Va netwait_ip 4493are flowing. 4494Link state is examined first, followed by 4495.Dq Li pinging 4496an IP address to verify network usability. 4497If no destination can be reached or timeouts are exceeded, 4498network services are started anyway with no guarantee that 4499the network is usable. 4500Use of this variable requires both 4501.Va netwait_ip 4502and 4503.Va netwait_if 4504to be set. 4505.It Va netwait_ip 4506.Pq Vt str 4507Empty by default. 4508This variable contains a space-delimited list of IP addresses to 4509.Xr ping 8 . 4510DNS hostnames should not be used as resolution is not guaranteed 4511to be functional at this point. 4512If multiple IP addresses are specified, 4513each will be tried until one is successful or the list is exhausted. 4514.It Va netwait_timeout 4515.Pq Vt int 4516Indicates the total number of seconds to perform a 4517.Dq Li ping 4518against each IP address in 4519.Va netwait_ip , 4520at a rate of one ping per second. 4521If any of the pings are successful, 4522full network connectivity is considered reliable. 4523The default is 60. 4524.It Va netwait_if 4525.Pq Vt str 4526Empty by default. 4527Defines the name of the network interface on which watch for link. 4528.Xr ifconfig 8 4529is used to monitor the interface, looking for 4530.Dq Li status: no carrier . 4531Once gone, the link is considered up. 4532This can be a 4533.Xr vlan 4 4534interface if desired. 4535.It Va netwait_if_timeout 4536.Pq Vt int 4537Defines the total number of seconds to wait for link to become usable, 4538polled at a 1-second interval. 4539The default is 30. 4540.El 4541.Sh FILES 4542.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4543.It Pa /etc/defaults/rc.conf 4544.It Pa /etc/rc.conf 4545.It Pa /etc/rc.conf.local 4546.El 4547.Sh SEE ALSO 4548.Xr catman 1 , 4549.Xr chmod 1 , 4550.Xr gdb 1 , 4551.Xr info 1 , 4552.Xr kbdcontrol 1 , 4553.Xr makewhatis 1 , 4554.Xr sh 1 , 4555.Xr vi 1 , 4556.Xr vidcontrol 1 , 4557.Xr bridge 4 , 4558.Xr dummynet 4 , 4559.Xr ip 4 , 4560.Xr ipf 4 , 4561.Xr ipfw 4 , 4562.Xr ipnat 4 , 4563.Xr kld 4 , 4564.Xr pf 4 , 4565.Xr pflog 4 , 4566.Xr pfsync 4 , 4567.Xr tcp 4 , 4568.Xr udp 4 , 4569.Xr exports 5 , 4570.Xr fstab 5 , 4571.Xr ipf 5 , 4572.Xr ipnat 5 , 4573.Xr motd 5 , 4574.Xr newsyslog.conf 5 , 4575.Xr pf.conf 5 , 4576.Xr security 7 , 4577.Xr accton 8 , 4578.Xr amd 8 , 4579.Xr apm 8 , 4580.Xr atm 8 , 4581.Xr bthidd 8 , 4582.Xr chkprintcap 8 , 4583.Xr chown 8 , 4584.Xr cron 8 , 4585.Xr devfs 8 , 4586.Xr dhclient 8 , 4587.Xr ftpd 8 , 4588.Xr geli 8 , 4589.Xr hcsecd 8 , 4590.Xr ifconfig 8 , 4591.Xr inetd 8 , 4592.Xr ipf 8 , 4593.Xr ipfw 8 , 4594.Xr ipnat 8 , 4595.Xr jail 8 , 4596.Xr kldxref 8 , 4597.Xr lpd 8 , 4598.Xr mdconfig 8 , 4599.Xr mdmfs 8 , 4600.Xr mixer 8 , 4601.Xr mountd 8 , 4602.Xr moused 8 , 4603.Xr mrouted 8 , 4604.Xr named 8 , 4605.Xr newfs 8 , 4606.Xr newsyslog 8 , 4607.Xr nfsd 8 , 4608.Xr ntpd 8 , 4609.Xr ntpdate 8 , 4610.Xr pfctl 8 , 4611.Xr pflogd 8 , 4612.Xr ping 8 , 4613.Xr powerd 8 , 4614.Xr quotacheck 8 , 4615.Xr quotaon 8 , 4616.Xr rc 8 , 4617.Xr rc.sendmail 8 , 4618.Xr rfcomm_pppd 8 , 4619.Xr route 8 , 4620.Xr routed 8 , 4621.Xr rpcbind 8 , 4622.Xr rpc.lockd 8 , 4623.Xr rpc.statd 8 , 4624.Xr rwhod 8 , 4625.Xr savecore 8 , 4626.Xr sdpd 8 , 4627.Xr sshd 8 , 4628.Xr swapon 8 , 4629.Xr sysctl 8 , 4630.Xr syslogd 8 , 4631.Xr timed 8 , 4632.Xr usbconfig 8 , 4633.Xr wlandebug 8 , 4634.Xr yp 8 , 4635.Xr ypbind 8 , 4636.Xr ypserv 8 , 4637.Xr ypset 8 4638.Sh HISTORY 4639The 4640.Nm 4641file appeared in 4642.Fx 2.2.2 . 4643.Sh AUTHORS 4644.An Jordan K. Hubbard . 4645