1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd February 27, 2012 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory, which will be included by the 74.Va load_rc_config 75function. 76For jail configurations you could use the file 77.Pa /etc/rc.conf.d/jail 78to store jail specific configuration options. 79Also see the 80.Va rc_conf_files 81variable below. 82.Pp 83Options are set with 84.Dq Ar name Ns Li = Ns Ar value 85assignments that use 86.Xr sh 1 87syntax. 88The following list provides a name and short description for each 89variable that can be set in the 90.Nm 91file: 92.Bl -tag -width indent-two 93.It Va rc_debug 94.Pq Vt bool 95If set to 96.Dq Li YES , 97enable output of debug messages from rc scripts. 98This variable can be helpful in diagnosing mistakes when 99editing or integrating new scripts. 100Beware that this produces copious output to the terminal and 101.Xr syslog 3 . 102.It Va rc_info 103.Pq Vt bool 104If set to 105.Dq Li NO , 106disable informational messages from the rc scripts. 107Informational messages are displayed when 108a condition that is not serious enough to warrant a warning or 109an error occurs. 110.It Va rc_startmsgs 111.Pq Vt bool 112If set to 113.Dq Li YES , 114show 115.Dq Starting foo: 116when faststart is used (e.g., at boot time). 117.It Va early_late_divider 118.Pq Vt str 119The name of the script that should be used as the 120delimiter between the 121.Dq early 122and 123.Dq late 124stages of the boot process. 125The early stage should contain all the services needed to 126get the disks (local or remote) mounted so that the late 127stage can include scripts contained in the directories 128listed in the 129.Va local_startup 130variable (see below). 131Thus, the two likely candidates for this value are 132.Pa mountcritlocal 133for the typical system, and 134.Pa mountcritremote 135if the system needs remote file 136systems mounted to get access to the 137.Va local_startup 138directories; for example when 139.Pa /usr/local 140is NFS mounted. 141For 142.Pa rc.conf 143within a 144.Xr jail 8 145.Pa NETWORKING 146is likely to be an appropriate value. 147Extreme care should be taken when changing this value, 148and before changing it one should ensure that there are 149adequate provisions to recover from a failed boot 150(such as physical contact with the machine, 151or reliable remote console access). 152.It Va always_force_depends 153.Pq Vt bool 154Various 155.Pa rc.d 156scripts use the force_depend function to check whether required 157services are already running, and to start them if necessary. 158By default during boot time this check is bypassed if the 159required service is enabled in 160.Pa /etc/rc.conf[.local] . 161Setting this option will bypass that check at boot time and 162always test whether or not the service is actually running. 163Enabling this option is likely to increase your boot time if 164services are enabled that utilize the force_depend check. 165.It Va swapfile 166.Pq Vt str 167If set to 168.Dq Li NO , 169no swapfile is installed, otherwise the value is used as the full 170pathname to a file to use for additional swap space. 171.It Va apm_enable 172.Pq Vt bool 173If set to 174.Dq Li YES , 175enable support for Automatic Power Management with 176the 177.Xr apm 8 178command. 179.It Va apmd_enable 180.Pq Vt bool 181Run 182.Xr apmd 8 183to handle APM event from userland. 184This also enables support for APM. 185.It Va apmd_flags 186.Pq Vt str 187If 188.Va apmd_enable 189is set to 190.Dq Li YES , 191these are the flags to pass to the 192.Xr apmd 8 193daemon. 194.It Va devd_enable 195.Pq Vt bool 196Run 197.Xr devd 8 198to handle device added, removed or unknown events from the kernel. 199.It Va ddb_enable 200.Pq Vt bool 201Run 202.Xr ddb 8 203to install 204.Xr ddb 4 205scripts at boot time. 206.It Va ddb_config 207.Pq Vt str 208Configuration file for 209.Xr ddb 8 . 210Default 211.Pa /etc/ddb.conf . 212.It Va kld_list 213.Pq Vt str 214A list of kernel modules to load right after the local 215disks are mounted. 216Loading modules at this point in the boot process is 217much faster than doing it via 218.Pa /boot/loader.conf 219for those modules not necessary for mounting local disk. 220.It Va kldxref_enable 221.Pq Vt bool 222Set to 223.Dq Li NO 224by default. 225Set to 226.Dq Li YES 227to automatically rebuild 228.Pa linker.hints 229files with 230.Xr kldxref 8 231at boot time. 232.It Va kldxref_clobber 233.Pq Vt bool 234Set to 235.Dq Li NO 236by default. 237If 238.Va kldxref_enable 239is true, 240setting to 241.Dq Li YES 242will overwrite existing 243.Pa linker.hints 244files at boot time. 245Otherwise, 246only missing 247.Pa linker.hints 248files are generated. 249.It Va kldxref_module_path 250.Pq Vt str 251Empty by default. 252A semi-colon 253.Pq Ql \&; 254delimited list of paths containing 255.Xr kld 4 256modules. 257If empty, 258the contents of the 259.Va kern.module_path 260.Xr sysctl 8 261are used. 262.It Va powerd_enable 263.Pq Vt bool 264If set to 265.Dq Li YES , 266enable the system power control facility with the 267.Xr powerd 8 268daemon. 269.It Va powerd_flags 270.Pq Vt str 271If 272.Va powerd_enable 273is set to 274.Dq Li YES , 275these are the flags to pass to the 276.Xr powerd 8 277daemon. 278.It Va tmpmfs 279Controls the creation of a 280.Pa /tmp 281memory file system. 282Always happens if set to 283.Dq Li YES 284and never happens if set to 285.Dq Li NO . 286If set to anything else, a memory file system is created if 287.Pa /tmp 288is not writable. 289.It Va tmpsize 290Controls the size of a created 291.Pa /tmp 292memory file system. 293.It Va tmpmfs_flags 294Extra options passed to the 295.Xr mdmfs 8 296utility when the memory file system for 297.Pa /tmp 298is created. 299The default is 300.Dq Li "-S" , 301which inhibits the use of softupdates on 302.Pa /tmp 303so that file system space is freed without delay 304after file truncation or deletion. 305See 306.Xr mdmfs 8 307for other options you can use in 308.Va tmpmfs_flags . 309.It Va varmfs 310Controls the creation of a 311.Pa /var 312memory file system. 313Always happens if set to 314.Dq Li YES 315and never happens if set to 316.Dq Li NO . 317If set to anything else, a memory file system is created if 318.Pa /var 319is not writable. 320.It Va varsize 321Controls the size of a created 322.Pa /var 323memory file system. 324.It Va varmfs_flags 325Extra options passed to the 326.Xr mdmfs 8 327utility when the memory file system for 328.Pa /var 329is created. 330The default is 331.Dq Li "-S" , 332which inhibits the use of softupdates on 333.Pa /var 334so that file system space is freed without delay 335after file truncation or deletion. 336See 337.Xr mdmfs 8 338for other options you can use in 339.Va varmfs_flags . 340.It Va populate_var 341Controls the automatic population of the 342.Pa /var 343file system. 344Always happens if set to 345.Dq Li YES 346and never happens if set to 347.Dq Li NO . 348If set to anything else, a memory file system is created if 349.Pa /var 350is not writable. 351Note that this process requires access to certain commands in 352.Pa /usr 353before 354.Pa /usr 355is mounted on normal systems. 356.It Va cleanvar_enable 357.Pq Vt bool 358Clean the 359.Pa /var 360directory. 361.It Va local_startup 362.Pq Vt str 363List of directories to search for startup script files. 364.It Va script_name_sep 365.Pq Vt str 366The field separator to use for breaking down the list of startup script files 367into individual filenames. 368The default is a space. 369It is not necessary to change this unless there are startup scripts with names 370containing spaces. 371.It Va hostapd_enable 372.Pq Vt bool 373Set to 374.Dq Li YES 375to start 376.Xr hostapd 8 377at system boot time. 378.It Va hostname 379.Pq Vt str 380The fully qualified domain name (FQDN) of this host on the network. 381This should almost certainly be set to something meaningful, even if 382there is no network connection. 383If 384.Xr dhclient 8 385is used to set the hostname via DHCP, 386this variable should be set to an empty string. 387If this value remains unset when the system is done booting 388your console login will display the default hostname of 389.Dq Amnesiac. 390.It Va nisdomainname 391.Pq Vt str 392The NIS domain name of this host, or 393.Dq Li NO 394if NIS is not used. 395.It Va dhclient_program 396.Pq Vt str 397Path to the DHCP client program 398.Pa ( /sbin/dhclient , 399the 400.Ox 401DHCP client, 402is the default). 403.It Va dhclient_flags 404.Pq Vt str 405Additional flags to pass to the DHCP client program. 406For the 407.Ox 408DHCP client, see the 409.Xr dhclient 8 410manpage for a description of the command line options available. 411.It Va dhclient_flags_ Ns Aq Ar iface 412Additional flags to pass to the DHCP client program running on 413.Ar iface 414only. 415When specified, this variable overrides 416.Va dhclient_flags . 417.It Va background_dhclient 418.Pq Vt bool 419Set to 420.Dq Li YES 421to start the DHCP client in background. 422This can cause trouble with applications depending on 423a working network, but it will provide a faster startup 424in many cases. 425.It Va background_dhclient_ Ns Aq Ar iface 426When specified, this variable overrides the 427.Va background_dhclient 428variable for interface 429.Ar iface 430only. 431.It Va synchronous_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start 436.Xr dhclient 8 437synchronously at startup. 438This behavior can be overridden on a per-interface basis by replacing 439the 440.Dq Li DHCP 441keyword in the 442.Va ifconfig_ Ns Aq Ar interface 443variable with 444.Dq Li SYNCDHCP 445or 446.Dq Li NOSYNCDHCP . 447.It Va defaultroute_delay 448.Pq Vt int 449When set to a positive value, wait up to this long after configuring 450DHCP interfaces at startup to give the interfaces time to receive a lease. 451.It Va firewall_enable 452.Pq Vt bool 453Set to 454.Dq Li YES 455to load firewall rules at startup. 456If the kernel was not built with 457.Cd "options IPFIREWALL" , 458the 459.Pa ipfw.ko 460kernel module will be loaded. 461See also 462.Va ipfilter_enable . 463.It Va firewall_script 464.Pq Vt str 465This variable specifies the full path to the firewall script to run. 466The default is 467.Pa /etc/rc.firewall . 468.It Va firewall_type 469.Pq Vt str 470Names the firewall type from the selection in 471.Pa /etc/rc.firewall , 472or the file which contains the local firewall ruleset. 473Valid selections from 474.Pa /etc/rc.firewall 475are: 476.Pp 477.Bl -tag -width ".Li simple" -compact 478.It Li open 479unrestricted IP access 480.It Li closed 481all IP services disabled, except via 482.Dq Li lo0 483.It Li client 484basic protection for a workstation 485.It Li simple 486basic protection for a LAN. 487.El 488.Pp 489If a filename is specified, the full path 490must be given. 491.It Va firewall_quiet 492.Pq Vt bool 493Set to 494.Dq Li YES 495to disable the display of firewall rules on the console during boot. 496.It Va firewall_logging 497.Pq Vt bool 498Set to 499.Dq Li YES 500to enable firewall event logging. 501This is equivalent to the 502.Dv IPFIREWALL_VERBOSE 503kernel option. 504.It Va firewall_flags 505.Pq Vt str 506Flags passed to 507.Xr ipfw 8 508if 509.Va firewall_type 510specifies a filename. 511.It Va firewall_coscripts 512.Pq Vt str 513List of executables and/or rc scripts to run after firewall starts/stops. 514Default is empty. 515.\" ----- firewall_nat_enable setting -------------------------------- 516.It Va firewall_nat_enable 517.Pq Vt bool 518The 519.Xr ipfw 8 520equivalent of 521.Va natd_enable . 522Setting this to 523.Dq Li YES 524enables kernel NAT. 525.Va firewall_enable 526must also be set to 527.Dq Li YES . 528.It Va firewall_nat_interface 529.Pq Vt str 530The 531.Xr ipfw 8 532equivalent of 533.Va natd_interface . 534This is the name of the public interface or IP address on which 535kernel NAT should run. 536.It Va firewall_nat_flags 537.Pq Vt str 538Additional configuration parameters for kernel NAT should be placed here. 539.It Va dummynet_enable 540.Pq Vt bool 541Setting this to 542.Dq Li YES 543will automatically load the 544.Xr dummynet 4 545module if 546.Va firewall_enable 547is also set to 548.Dq Li YES . 549.\" ------------------------------------------------------------------- 550.It Va natd_program 551.Pq Vt str 552Path to 553.Xr natd 8 . 554.It Va natd_enable 555.Pq Vt bool 556Set to 557.Dq Li YES 558to enable 559.Xr natd 8 . 560.Va firewall_enable 561must also be set to 562.Dq Li YES , 563and 564.Xr divert 4 565sockets must be enabled in the kernel. 566If the kernel was not built with 567.Cd "options IPDIVERT" , 568the 569.Pa ipdivert.ko 570kernel module will be loaded. 571.It Va natd_interface 572.Pq Vt str 573This is the name of the public interface on which 574.Xr natd 8 575should run. 576The interface may be given as an interface name or as an IP address. 577.It Va natd_flags 578.Pq Vt str 579Additional 580.Xr natd 8 581flags should be placed here. 582The 583.Fl n 584or 585.Fl a 586flag is automatically added with the above 587.Va natd_interface 588as an argument. 589.\" ----- ipfilter_enable setting -------------------------------- 590.It Va ipfilter_enable 591.Pq Vt bool 592Set to 593.Dq Li NO 594by default. 595Setting this to 596.Dq Li YES 597enables 598.Xr ipf 8 599packet filtering. 600.Pp 601Typical usage will require putting 602.Bd -literal 603ipfilter_enable="YES" 604ipnat_enable="YES" 605ipmon_enable="YES" 606ipfs_enable="YES" 607.Ed 608.Pp 609into 610.Pa /etc/rc.conf 611and editing 612.Pa /etc/ipf.rules 613and 614.Pa /etc/ipnat.rules 615appropriately. 616.Pp 617Note that 618.Va ipfilter_enable 619and 620.Va ipnat_enable 621can be enabled independently. 622.Va ipmon_enable 623and 624.Va ipfs_enable 625both require at least one of 626.Va ipfilter_enable 627and 628.Va ipnat_enable 629to be enabled. 630.Pp 631Having 632.Bd -literal 633options IPFILTER 634options IPFILTER_LOG 635options IPFILTER_DEFAULT_BLOCK 636.Ed 637.Pp 638in the kernel configuration file is a good idea, too. 639.\" ----- ipfilter_program setting ------------------------------ 640.It Va ipfilter_program 641.Pq Vt str 642Path to 643.Xr ipf 8 644(default 645.Pa /sbin/ipf ) . 646.\" ----- ipfilter_rules setting -------------------------------- 647.It Va ipfilter_rules 648.Pq Vt str 649Set to 650.Pa /etc/ipf.rules 651by default. 652This variable contains the name of the filter rule definition file. 653The file is expected to be readable for the 654.Xr ipf 8 655command to execute. 656.\" ----- ipv6_ipfilter_rules setting --------------------------- 657.It Va ipv6_ipfilter_rules 658.Pq Vt str 659Set to 660.Pa /etc/ipf6.rules 661by default. 662This variable contains the IPv6 filter rule definition file. 663The file is expected to be readable for the 664.Xr ipf 8 665command to execute. 666.\" ----- ipfilter_flags setting -------------------------------- 667.It Va ipfilter_flags 668.Pq Vt str 669Empty by default. 670This variable contains flags passed to the 671.Xr ipf 8 672program. 673.\" ----- ipnat_enable setting ---------------------------------- 674.It Va ipnat_enable 675.Pq Vt bool 676Set to 677.Dq Li NO 678by default. 679Set it to 680.Dq Li YES 681to enable 682.Xr ipnat 8 683network address translation. 684See 685.Va ipfilter_enable 686for a detailed discussion. 687.\" ----- ipnat_program setting --------------------------------- 688.It Va ipnat_program 689.Pq Vt str 690Path to 691.Xr ipnat 8 692(default 693.Pa /sbin/ipnat ) . 694.\" ----- ipnat_rules setting ----------------------------------- 695.It Va ipnat_rules 696.Pq Vt str 697Set to 698.Pa /etc/ipnat.rules 699by default. 700This variable contains the name of the file 701holding the network address translation definition. 702This file is expected to be readable for the 703.Xr ipnat 8 704command to execute. 705.\" ----- ipnat_flags setting ----------------------------------- 706.It Va ipnat_flags 707.Pq Vt str 708Empty by default. 709This variable contains flags passed to the 710.Xr ipnat 8 711program. 712.\" ----- ipmon_enable setting ---------------------------------- 713.It Va ipmon_enable 714.Pq Vt bool 715Set to 716.Dq Li NO 717by default. 718Set it to 719.Dq Li YES 720to enable 721.Xr ipmon 8 722monitoring (logging 723.Xr ipf 8 724and 725.Xr ipnat 8 726events). 727Setting this variable needs setting 728.Va ipfilter_enable 729or 730.Va ipnat_enable 731too. 732See 733.Va ipfilter_enable 734for a detailed discussion. 735.\" ----- ipmon_program setting --------------------------------- 736.It Va ipmon_program 737.Pq Vt str 738Path to 739.Xr ipmon 8 740(default 741.Pa /sbin/ipmon ) . 742.\" ----- ipmon_flags setting ----------------------------------- 743.It Va ipmon_flags 744.Pq Vt str 745Set to 746.Dq Li -Ds 747by default. 748This variable contains flags passed to the 749.Xr ipmon 8 750program. 751Another typical example would be 752.Dq Fl D Pa /var/log/ipflog 753to have 754.Xr ipmon 8 755log directly to a file bypassing 756.Xr syslogd 8 . 757Make sure to adjust 758.Pa /etc/newsyslog.conf 759in such case like this: 760.Bd -literal 761/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 762.Ed 763.\" ----- ipfs_enable setting ----------------------------------- 764.It Va ipfs_enable 765.Pq Vt bool 766Set to 767.Dq Li NO 768by default. 769Set it to 770.Dq Li YES 771to enable 772.Xr ipfs 8 773saving the filter and NAT state tables during shutdown 774and reloading them during startup again. 775Setting this variable needs setting 776.Va ipfilter_enable 777or 778.Va ipnat_enable 779to 780.Dq Li YES 781too. 782See 783.Va ipfilter_enable 784for a detailed discussion. 785Note that if 786.Va kern_securelevel 787is set to 3, 788.Va ipfs_enable 789cannot be used 790because the raised securelevel will prevent 791.Xr ipfs 8 792from saving the state tables at shutdown time. 793.\" ----- ipfs_program setting ---------------------------------- 794.It Va ipfs_program 795.Pq Vt str 796Path to 797.Xr ipfs 8 798(default 799.Pa /sbin/ipfs ) . 800.\" ----- ipfs_flags setting ------------------------------------ 801.It Va ipfs_flags 802.Pq Vt str 803Empty by default. 804This variable contains flags passed to the 805.Xr ipfs 8 806program. 807.\" ----- end of added ipf hook --------------------------------- 808.It Va pf_enable 809.Pq Vt bool 810Set to 811.Dq Li NO 812by default. 813Setting this to 814.Dq Li YES 815enables 816.Xr pf 4 817packet filtering. 818.Pp 819Typical usage will require putting 820.Pp 821.Dl pf_enable="YES" 822.Pp 823into 824.Pa /etc/rc.conf 825and editing 826.Pa /etc/pf.conf 827appropriately. 828Adding 829.Pp 830.Dl "device pf" 831.Pp 832builds support for 833.Xr pf 4 834into the kernel, otherwise the 835kernel module will be loaded. 836.It Va pf_rules 837.Pq Vt str 838Path to 839.Xr pf 4 840ruleset configuration file 841(default 842.Pa /etc/pf.conf ) . 843.It Va pf_program 844.Pq Vt str 845Path to 846.Xr pfctl 8 847(default 848.Pa /sbin/pfctl ) . 849.It Va pf_flags 850.Pq Vt str 851If 852.Va pf_enable 853is set to 854.Dq Li YES , 855these flags are passed to the 856.Xr pfctl 8 857program when loading the ruleset. 858.It Va pflog_enable 859.Pq Vt bool 860Set to 861.Dq Li NO 862by default. 863Setting this to 864.Dq Li YES 865enables 866.Xr pflogd 8 867which logs packets from the 868.Xr pf 4 869packet filter. 870.It Va pflog_logfile 871.Pq Vt str 872If 873.Va pflog_enable 874is set to 875.Dq Li YES 876this controls where 877.Xr pflogd 8 878stores the logfile 879(default 880.Pa /var/log/pflog ) . 881Check 882.Pa /etc/newsyslog.conf 883to adjust logfile rotation for this. 884.It Va pflog_program 885.Pq Vt str 886Path to 887.Xr pflogd 8 888(default 889.Pa /sbin/pflogd ) . 890.It Va pflog_flags 891.Pq Vt str 892Empty by default. 893This variable contains additional flags passed to the 894.Xr pflogd 8 895program. 896.It Va ftpproxy_enable 897.Pq Vt bool 898Set to 899.Dq Li NO 900by default. 901Setting this to 902.Dq Li YES 903enables 904.Xr ftp-proxy 8 905which supports the 906.Xr pf 4 907packet filter in translating ftp connections. 908.It Va ftpproxy_flags 909.Pq Vt str 910Empty by default. 911This variable contains additional flags passed to the 912.Xr ftp-proxy 8 913program. 914.It Va pfsync_enable 915.Pq Vt bool 916Set to 917.Dq Li NO 918by default. 919Setting this to 920.Dq Li YES 921enables exposing 922.Xr pf 4 923state changes to other hosts over the network by means of 924.Xr pfsync 4 . 925The 926.Va pfsync_syncdev 927variable 928must also be set then. 929.It Va pfsync_syncdev 930.Pq Vt str 931Empty by default. 932This variable specifies the name of the network interface 933.Xr pfsync 4 934should operate through. 935It must be set accordingly if 936.Va pfsync_enable 937is set to 938.Dq Li YES . 939.It Va pfsync_syncpeer 940.Pq Vt str 941Empty by default. 942This variable is optional. 943By default, state change messages are sent out on the synchronisation 944interface using IP multicast packets. 945The protocol is IP protocol 240, PFSYNC, and the multicast group used is 946224.0.0.240. 947When a peer address is specified using the 948.Va pfsync_syncpeer 949option, the peer address is used as a destination for the pfsync 950traffic, and the traffic can then be protected using 951.Xr ipsec 4 . 952See the 953.Xr pfsync 4 954manpage for more details about using 955.Xr ipsec 4 956with 957.Xr pfsync 4 958interfaces. 959.It Va pfsync_ifconfig 960.Pq Vt str 961Empty by default. 962This variable can contain additional options to be passed to the 963.Xr ifconfig 8 964command used to set up 965.Xr pfsync 4 . 966.It Va tcp_extensions 967.Pq Vt bool 968Set to 969.Dq Li YES 970by default. 971Setting this to 972.Dq Li NO 973disables certain TCP options as described by 974.Rs 975.%T "RFC 1323" 976.Re 977Setting this to 978.Dq Li NO 979might help remedy such problems with connections as randomly hanging 980or other weird behavior. 981Some network devices are known 982to be broken with respect to these options. 983.It Va log_in_vain 984.Pq Vt int 985Set to 0 by default. 986The 987.Xr sysctl 8 988variables, 989.Va net.inet.tcp.log_in_vain 990and 991.Va net.inet.udp.log_in_vain , 992as described in 993.Xr tcp 4 994and 995.Xr udp 4 , 996are set to the given value. 997.It Va tcp_keepalive 998.Pq Vt bool 999Set to 1000.Dq Li YES 1001by default. 1002Setting to 1003.Dq Li NO 1004will disable probing idle TCP connections to verify that the 1005peer is still up and reachable. 1006.It Va tcp_drop_synfin 1007.Pq Vt bool 1008Set to 1009.Dq Li NO 1010by default. 1011Setting to 1012.Dq Li YES 1013will cause the kernel to ignore TCP frames that have both 1014the SYN and FIN flags set. 1015This prevents OS fingerprinting, but may 1016break some legitimate applications. 1017.It Va icmp_drop_redirect 1018.Pq Vt bool 1019Set to 1020.Dq Li NO 1021by default. 1022Setting to 1023.Dq Li YES 1024will cause the kernel to ignore ICMP REDIRECT packets. 1025Refer to 1026.Xr icmp 4 1027for more information. 1028.It Va icmp_log_redirect 1029.Pq Vt bool 1030Set to 1031.Dq Li NO 1032by default. 1033Setting to 1034.Dq Li YES 1035will cause the kernel to log ICMP REDIRECT packets. 1036Note that 1037the log messages are not rate-limited, so this option should only be used 1038for troubleshooting networks. 1039Refer to 1040.Xr icmp 4 1041for more information. 1042.It Va icmp_bmcastecho 1043.Pq Vt bool 1044Set to 1045.Dq Li YES 1046to respond to broadcast or multicast ICMP ping packets. 1047Refer to 1048.Xr icmp 4 1049for more information. 1050.It Va ip_portrange_first 1051.Pq Vt int 1052If not set to 1053.Dq Li NO , 1054this is the first port in the default portrange. 1055Refer to 1056.Xr ip 4 1057for more information. 1058.It Va ip_portrange_last 1059.Pq Vt int 1060If not set to 1061.Dq Li NO , 1062this is the last port in the default portrange. 1063Refer to 1064.Xr ip 4 1065for more information. 1066.It Va network_interfaces 1067.Pq Vt str 1068Set to the list of network interfaces to configure on this host or 1069.Dq Li AUTO 1070(the default) for all current interfaces. 1071Setting the 1072.Va network_interfaces 1073variable to anything other than the default is deprecated. 1074Interfaces that the administrator wishes to store configuration for, 1075but not start at boot should be configured with the 1076.Dq Li NOAUTO 1077keyword in their 1078.Va ifconfig_ Ns Aq Ar interface 1079variables as described below. 1080.Pp 1081An 1082.Va ifconfig_ Ns Aq Ar interface 1083variable is also assumed to exist for each value of 1084.Ar interface . 1085When an interface name contains any of the characters 1086.Dq Li .-/+ 1087they are translated to 1088.Dq Li _ 1089before lookup. 1090The variable can contain arguments to 1091.Xr ifconfig 8 , 1092as well as special case-insensitive keywords described below. 1093Such keywords are removed before passing the value to 1094.Xr ifconfig 8 1095while the order of the other arguments is preserved. 1096.Pp 1097One can configure more than one IPv4 address with the 1098.Va ipv4_addrs_ Ns Aq Ar interface 1099variable. 1100One or more IP addresses must be provided in Classless Inter-Domain 1101Routing (CIDR) address notation, whose last byte can be a range like 1102192.0.2.5-23/24. 1103In this case the address 192.0.2.5 will be configured with the 1104netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1105the non-conflicting netmask /32 as explained in the 1106.Xr ifconfig 8 1107alias section. 1108With the interface in question being 1109.Li ed0 , 1110an example could look like: 1111.Bd -literal 1112ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1113.Ed 1114.Pp 1115It is also possible to add IP alias entries using 1116.Xr ifconfig 8 1117syntax with the 1118.Dq Li inet 1119keyword. 1120Assuming that the interface in question was 1121.Li ed0 , 1122it might look 1123something like this: 1124.Bd -literal 1125ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1126ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1127.Ed 1128.Pp 1129And so on. 1130For each 1131.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1132entry with the 1133.Dq Li inet 1134keyword that is found, 1135its contents are passed to 1136.Xr ifconfig 8 . 1137Execution stops at the first unsuccessful access, so if 1138something like this is present: 1139.Bd -literal 1140ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1141ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1142ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1143ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1144.Ed 1145.Pp 1146Then note that alias4 would 1147.Em not 1148be added since the search would 1149stop with the missing 1150.Dq Li alias3 1151entry. 1152Due to this difficult to manage behavior, the 1153.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1154form is deprecated. 1155.Pp 1156If the 1157.Pa /etc/start_if. Ns Aq Ar interface 1158file is present, it is read and executed by the 1159.Xr sh 1 1160interpreter 1161before configuring the interface as specified in the 1162.Va ifconfig_ Ns Aq Ar interface 1163and 1164.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1165variables. 1166.Pp 1167If a 1168.Va vlans_ Ns Aq Ar interface 1169variable is set, 1170a 1171.Xr vlan 4 1172interface will be created for each item in the list with the 1173.Ar vlandev 1174argument set to 1175.Ar interface . 1176If a vlan interface's name is a number, 1177then that number is used as the vlan tag and the new vlan interface is 1178named 1179.Ar interface . Ns Ar tag . 1180Otherwise, 1181the vlan tag must be specified via a 1182.Va vlan 1183parameter in the 1184.Va create_args_ Ns Aq Ar interface 1185variable. 1186.Pp 1187To create a vlan device named 1188.Li em0.101 1189on 1190.Li em0 1191with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1192.Bd -literal 1193vlans_em0="101" 1194ifconfig_em0_101="inet 192.0.2.1/24" 1195.Ed 1196.Pp 1197To create a vlan device named 1198.Li myvlan 1199on 1200.Li em0 1201with the vlan tag 102: 1202.Bd -literal 1203vlans_em0="myvlan" 1204create_args_myvlan="vlan 102" 1205.Ed 1206.Pp 1207If a 1208.Va wlans_ Ns Aq Ar interface 1209variable is set, 1210an 1211.Xr wlan 4 1212interface will be created for each item in the list with the 1213.Ar wlandev 1214argument set to 1215.Ar interface . 1216Further wlan cloning arguments may be passed to the 1217.Xr ifconfig 8 1218.Cm create 1219command by setting the 1220.Va create_args_ Ns Aq Ar interface 1221variable. 1222One or more 1223.Xr wlan 4 1224devices must be created for each wireless devices as of 1225.Fx 8.0 . 1226Debugging flags for 1227.Xr wlan 4 1228devices as set by 1229.Xr wlandebug 8 1230may be specified with an 1231.Va wlandebug_ Ns Aq Ar interface 1232variable. 1233The contents of this variable will be passed directly to 1234.Xr wlandebug 8 . 1235.Pp 1236If the 1237.Va ifconfig_ Ns Aq Ar interface 1238contains the keyword 1239.Dq Li NOAUTO 1240then the interface will not be configured 1241at boot or by 1242.Pa /etc/pccard_ether 1243when 1244.Va network_interfaces 1245is set to 1246.Dq Li AUTO . 1247.Pp 1248It is possible to bring up an interface with DHCP by adding 1249.Dq Li DHCP 1250to the 1251.Va ifconfig_ Ns Aq Ar interface 1252variable. 1253For instance, to initialize the 1254.Li ed0 1255device via DHCP, 1256it is possible to use something like: 1257.Bd -literal 1258ifconfig_ed0="DHCP" 1259.Ed 1260.Pp 1261Also, if you want to configure your wireless interface with 1262.Xr wpa_supplicant 8 1263for use with WPA, EAP/LEAP or WEP, you need to add 1264.Dq Li WPA 1265to the 1266.Va ifconfig_ Ns Aq Ar interface 1267variable. 1268.Pp 1269Finally, you can add 1270.Xr ifconfig 8 1271options in this variable, in addition to the 1272.Pa /etc/start_if. Ns Aq Ar interface 1273file. 1274For instance, to configure an 1275.Xr ath 4 1276wireless device in station mode with an address obtained 1277via DHCP, using WPA authentication and 802.11b mode, it is 1278possible to use something like: 1279.Bd -literal 1280wlans_ath0="wlan0" 1281ifconfig_wlan0="DHCP WPA mode 11b" 1282.Ed 1283.Pp 1284In addition to the 1285.Va ifconfig_ Ns Aq Ar interface 1286form, a fallback variable 1287.Va ifconfig_DEFAULT 1288may be configured. 1289It will be used for all interfaces with no 1290.Va ifconfig_ Ns Aq Ar interface 1291variable. 1292This is intended to replace the no longer supported 1293.Va pccard_ifconfig 1294variable. 1295.Pp 1296It is also possible to rename an interface by doing: 1297.Bd -literal 1298ifconfig_ed0_name="net0" 1299ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1300.Ed 1301.It Va ipv6_enable 1302This variable is deprecated. 1303Use 1304.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1305and 1306.Va ipv6_activate_all_interfaces 1307if necessary. 1308.Pp 1309.Pq Vt bool 1310If the variable is 1311.Dq Li YES , 1312.Dq Li inet6 accept_rtadv 1313is added to all of 1314.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1315and the 1316.Va ipv6_activate_all_interfaces 1317is defined as 1318.Dq Li YES . 1319.It Va ipv6_prefer 1320This variable is deprecated. 1321Use 1322.Va ip6addrctl_policy 1323instead. 1324.Pp 1325.Pq Vt bool 1326If the variable is 1327.Dq Li YES , 1328the default address selection policy table set by 1329.Xr ip6addrctl 8 1330will be IPv6-preferred. 1331.Pp 1332If the variable is 1333.Dq Li NO , 1334the default address selection policy table set by 1335.Xr ip6addrctl 8 1336will be IPv4-preferred. 1337.It Va ipv6_activate_all_interfaces 1338.Pq Vt bool 1339This controls initial configuration on IPv6-capable 1340interfaces with no corresponding 1341.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1342variable. 1343Note that it is not always necessary to set this variable to 1344.Dq YES 1345to use IPv6 functionality on 1346.Fx . 1347In most cases, just configuring 1348.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1349variables works. 1350.Pp 1351If the variable is 1352.Dq Li NO , 1353all interfaces which do not have a corresponding 1354.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1355variable will be marked as 1356.Dq Li IFDISABLED 1357at creation. 1358This means that all of IPv6 functionality on that interface 1359is completely disabled to enforce a security policy. 1360If the variable is set to 1361.Dq YES , 1362the flag will be cleared on all of the interfaces. 1363.Pp 1364In most cases, just defining an 1365.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1366for an IPv6-capable interface should be sufficient. 1367However, if an interface is added dynamically 1368.Pq by some tunneling protocols such as PPP, for example , 1369it is often difficult to define the variable in advance. 1370In such a case, configuring the 1371.Dq Li IFDISABLED 1372flag can be disabled by setting this variable to 1373.Dq YES . 1374.Pp 1375For more details of the 1376.Dq Li IFDISABLED 1377flag and keywords 1378.Dq Li inet6 ifdisabled , 1379see 1380.Xr ifconfig 8 . 1381.Pp 1382Default is 1383.Dq Li NO . 1384.It Va ipv6_privacy 1385.Pq Vt bool 1386If the variable is 1387.Dq Li YES 1388privacy addresses will be generated for each IPv6 1389interface as described in RFC 4941. 1390.It Va ipv6_network_interfaces 1391.Pq Vt str 1392This is the IPv6 equivalent of 1393.Va network_interfaces . 1394Normally manual configuration of this variable is not needed. 1395.Pp 1396.It Va ipv6_cpe_wanif 1397.Pq Vt str 1398If the variable is set to an interface name, 1399the 1400.Xr ifconfig 8 1401options 1402.Dq inet6 -no_radr accept_rtadv 1403will be added to the specified interface automatically before evaluating 1404.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1405and two 1406.Xr sysctl 8 1407variables 1408.Va net.inet6.ip6.rfc6204w3 1409and 1410.Va net.inet6.ip6.no_radr 1411will be set to 1. 1412.Pp 1413This means the specified interface will accept ICMPv6 Router 1414Advertisement messages on that link and add the discovered 1415routers into the Default Router List. 1416While the other interfaces can still accept RA messages if the 1417.Dq inet6 accept_rtadv 1418option is specified, adding 1419routes into the Default Router List will be disabled by 1420.Dq inet6 no_radr 1421option by default. 1422See 1423.Xr ifconfig 8 1424for more details. 1425.Pp 1426Note that ICMPv6 Router Advertisement messages will be 1427accepted even when 1428.Va net.inet6.ip6.forwarding 1429is 1 1430.Pq packet forwarding is enabled 1431when 1432.Va net.inet6.ip6.rfc6204w3 1433is set to 1. 1434.Pp 1435Default is 1436.Dq Li NO . 1437.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1438.Pq Vt str 1439IPv6 functionality on an interface should be configured by 1440.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1441instead of setting ifconfig parameters in 1442.Va ifconfig_ Ns Aq Ar interface . 1443If this variable is empty, all of IPv6 configurations on the 1444specified interface by other variables such as 1445.Va ipv6_prefix_ Ns Ao Ar interface Ac 1446will be ignored. 1447.Pp 1448Aliases should be set by 1449.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1450with 1451.Dq Li inet6 1452keyword. 1453For example: 1454.Bd -literal 1455ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1456ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1457.Ed 1458.Pp 1459Interfaces that have an 1460.Dq Li inet6 accept_rtadv 1461keyword in 1462.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1463setting will be automatically configured by SLAAC 1464.Pq StateLess Address AutoConfiguration 1465described in 1466.Rs 1467.%T "RFC 4862" 1468.Re 1469.Pp 1470Note that a link-local address will be automatically configured in 1471addition to the configured global-scope addresses because the IPv6 1472specifications require it on each link. 1473The address is calculated from the MAC address by using an algorithm 1474defined in 1475.Rs 1476.%T "RFC 4862" 1477.%O "Section 5.3" 1478.Re 1479.Pp 1480If only a link-local address is needed on the interface, 1481the following configuration can be used: 1482.Bd -literal 1483ifconfig_ed0_ipv6="inet6 auto_linklocal" 1484.Ed 1485.Pp 1486A link-local address can also be configured manually. 1487This is useful for the default router address of an IPv6 router 1488so that it does not change when the network interface 1489card is replaced. 1490For example: 1491.Bd -literal 1492ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1493.Ed 1494.It Va ipv6_prefix_ Ns Aq Ar interface 1495.Pq Vt str 1496If one or more prefixes are defined in 1497.Va ipv6_prefix_ Ns Aq Ar interface 1498addresses based on each prefix and the EUI-64 interface index will be 1499configured on that interface. 1500Note that this variable will be ignored when 1501.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1502is empty. 1503.Pp 1504For example, the following configuration 1505.Bd -literal 1506ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1507.Ed 1508.Pp 1509is equivalent to the following: 1510.Bd -literal 1511ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1512ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1513ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1514ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1515.Ed 1516.Pp 1517These Subnet-Router anycast addresses will be added only when 1518.Va ipv6_gateway_enable 1519is YES. 1520.It Va ipv6_default_interface 1521.Pq Vt str 1522If not set to 1523.Dq Li NO , 1524this is the default output interface for scoped addresses. 1525This works only with ipv6_gateway_enable="NO". 1526.It Va ip6addrctl_enable 1527.Pq Vt bool 1528This variable is to enable configuring default address selection policy table 1529.Pq RFC 3484 . 1530The table can be specified in another variable 1531.Va ip6addrctl_policy . 1532For 1533.Va ip6addrctl_policy 1534the following keywords can be specified: 1535.Dq Li ipv4_prefer , 1536.Dq Li ipv6_prefer , 1537or 1538.Dq Li AUTO . 1539.Pp 1540If 1541.Dq Li ipv4_prefer 1542or 1543.Dq Li ipv6_prefer 1544is specified, 1545.Xr ip6addrctl 8 1546installs a pre-defined policy table described in Section 2.1 1547.Pq IPv6-preferred 1548or 10.3 1549.Pq IPv4-preferred 1550of RFC 3484. 1551.Pp 1552If 1553.Dq Li AUTO 1554is specified, it attempts to read a file 1555.Pa /etc/ip6addrctl.conf 1556first. 1557If this file is found, 1558.Xr ip6addrctl 8 1559reads and installs it. 1560If not found, a policy is automatically set 1561according to 1562.Va ipv6_activate_all_interfaces 1563variable; if the variable is set to 1564.Dq Li YES 1565the IPv6-preferred one is used. 1566Otherwise IPv4-preferred. 1567.Pp 1568The default value of 1569.Va ip6addrctl_enable 1570and 1571.Va ip6addrctl_policy 1572are 1573.Dq Li YES 1574and 1575.Dq Li AUTO , 1576respectively. 1577.It Va cloned_interfaces 1578.Pq Vt str 1579Set to the list of clonable network interfaces to create on this host. 1580Further cloning arguments may be passed to the 1581.Xr ifconfig 8 1582.Cm create 1583command for each interface by setting the 1584.Va create_args_ Ns Aq Ar interface 1585variable. 1586Entries in 1587.Va cloned_interfaces 1588are automatically appended to 1589.Va network_interfaces 1590for configuration. 1591.It Va fec_interfaces 1592.Pq Vt str 1593Set to the list of 1594.Xr ng_fec 4 1595Fast EtherChannel interfaces to configure on this host. 1596A 1597.Va fecconfig_ Ns Aq Ar interface 1598variable is assumed to exist for each value of 1599.Ar interface . 1600The value of this variable is used to configure link aggregated interfaces 1601according to the syntax of the 1602.Cm NGM_FEC_ADD_IFACE 1603to 1604.Xr ngctl 8 1605msg. 1606Additionally, this option ensures that each listed interface is created 1607via the 1608.Cm mkpeer 1609command to 1610.Xr ngctl 8 1611before attempting to configure it. 1612For example: 1613.Bd -literal 1614fec_interfaces="fec0" 1615fecconfig_fec0="em0 em1" 1616ifconfig_fec0="DHCP" 1617.Ed 1618.It Va gif_interfaces 1619.Pq Vt str 1620Set to the list of 1621.Xr gif 4 1622tunnel interfaces to configure on this host. 1623A 1624.Va gifconfig_ Ns Aq Ar interface 1625variable is assumed to exist for each value of 1626.Ar interface . 1627The value of this variable is used to configure the link layer of the 1628tunnel according to the syntax of the 1629.Cm tunnel 1630option to 1631.Xr ifconfig 8 . 1632Additionally, this option ensures that each listed interface is created 1633via the 1634.Cm create 1635option to 1636.Xr ifconfig 8 1637before attempting to configure it. 1638.It Va sppp_interfaces 1639.Pq Vt str 1640Set to the list of 1641.Xr sppp 4 1642interfaces to configure on this host. 1643A 1644.Va spppconfig_ Ns Aq Ar interface 1645variable is assumed to exist for each value of 1646.Ar interface . 1647Each interface should also be configured by a general 1648.Va ifconfig_ Ns Aq Ar interface 1649setting. 1650Refer to 1651.Xr spppcontrol 8 1652for more information about available options. 1653.It Va ppp_enable 1654.Pq Vt bool 1655If set to 1656.Dq Li YES , 1657run the 1658.Xr ppp 8 1659daemon. 1660.It Va ppp_profile 1661.Pq Vt str 1662The name of the profile to use from 1663.Pa /etc/ppp/ppp.conf . 1664Also used for per-profile overrides of 1665.Va ppp_mode 1666and 1667.Va ppp_nat , 1668and 1669.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1670When the profile name contains any of the characters 1671.Dq Li .-/+ 1672they are translated to 1673.Dq Li _ 1674for the proposes of the override variable names. 1675.It Va ppp_mode 1676.Pq Vt str 1677Mode in which to run the 1678.Xr ppp 8 1679daemon. 1680.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1681.Pq Vt str 1682Overrides the global 1683.Va ppp_mode 1684for 1685.Ar profile . 1686Accepted modes are 1687.Dq Li auto , 1688.Dq Li ddial , 1689.Dq Li direct 1690and 1691.Dq Li dedicated . 1692See the manual for a full description. 1693.It Va ppp_nat 1694.Pq Vt bool 1695If set to 1696.Dq Li YES , 1697enables network address translation. 1698Used in conjunction with 1699.Va gateway_enable 1700allows hosts on private network addresses access to the Internet using 1701this host as a network address translating router. 1702.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1703.Pq Vt str 1704Overrides the global 1705.Va ppp_nat 1706for 1707.Ar profile . 1708.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1709.Pq Vt int 1710Set the unit number to be used for this profile. 1711See the manual description of 1712.Fl unit Ns Ar N 1713for details. 1714.It Va ppp_user 1715.Pq Vt str 1716The name of the user under which 1717.Xr ppp 8 1718should be started. 1719By 1720default, 1721.Xr ppp 8 1722is started as 1723.Dq Li root . 1724.It Va rc_conf_files 1725.Pq Vt str 1726This option is used to specify a list of files that will override 1727the settings in 1728.Pa /etc/defaults/rc.conf . 1729The files will be read in the order in which they are specified and should 1730include the full path to the file. 1731By default, the files specified are 1732.Pa /etc/rc.conf 1733and 1734.Pa /etc/rc.conf.local 1735.It Va zfs_enable 1736.Pq Vt bool 1737If set to 1738.Dq Li YES , 1739.Pa /etc/rc.d/zfs 1740will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1741(ZVOLs). 1742.It Va gptboot_enable 1743.Pq Vt bool 1744If set to 1745.Dq Li YES , 1746.Pa /etc/rc.d/gptboot 1747will log if the system successfully (or not) booted from a GPT partition, 1748which had the 1749.Ar bootonce 1750attribute set using 1751.Xr gpart 8 1752utility. 1753.It Va gbde_autoattach_all 1754.Pq Vt bool 1755If set to 1756.Dq Li YES , 1757.Pa /etc/rc.d/gbde 1758will attempt to automatically initialize your .bde devices in 1759.Pa /etc/fstab . 1760.It Va gbde_devices 1761.Pq Vt str 1762List the devices that the script should try to attach, 1763or 1764.Dq Li AUTO . 1765.It Va gbde_lockdir 1766.Pq Vt str 1767The directory where the 1768.Xr gbde 4 1769lockfiles are located. 1770The default lockfile directory is 1771.Pa /etc . 1772.Pp 1773The lockfile for each individual 1774.Xr gbde 4 1775device can be overridden by setting the variable 1776.Va gbde_lock_ Ns Aq Ar device , 1777where 1778.Ar device 1779is the encrypted device without the 1780.Dq Pa /dev/ 1781and 1782.Dq Pa .bde 1783parts. 1784.It Va gbde_attach_attempts 1785.Pq Vt int 1786Number of times to attempt attaching to a 1787.Xr gbde 4 1788device, i.e., how many times the user is asked for the pass-phrase. 1789Default is 3. 1790.It Va geli_devices 1791.Pq Vt str 1792List of devices to automatically attach on boot. 1793Note that .eli devices from 1794.Pa /etc/fstab 1795are automatically appended to this list. 1796.It Va geli_tries 1797.Pq Vt int 1798Number of times user is asked for the pass-phrase. 1799If empty, it will be taken from 1800.Va kern.geom.eli.tries 1801sysctl variable. 1802.It Va geli_default_flags 1803.Pq Vt str 1804Default flags to use by 1805.Xr geli 8 1806when configuring disk encryption. 1807Flags can be configured for every device separately by defining 1808.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1809variable. 1810.It Va geli_autodetach 1811.Pq Vt str 1812Specifies if GELI devices should be marked for detach on last close after 1813file systems are mounted. 1814Default is 1815.Dq Li YES . 1816This can be changed for every device separately by defining 1817.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1818variable. 1819.It Va geli_swap_flags 1820Options passed to the 1821.Xr geli 8 1822utility when encrypted GEOM providers for swap partitions are created. 1823The default is 1824.Dq Li "-e aes -l 256 -s 4096 -d" . 1825.It Va root_rw_mount 1826.Pq Vt bool 1827Set to 1828.Dq Li YES 1829by default. 1830After the file systems are checked at boot time, the root file system 1831is remounted as read-write if this is set to 1832.Dq Li YES . 1833Diskless systems that mount their root file system from a read-only remote 1834NFS share should set this to 1835.Dq Li NO 1836in their 1837.Pa rc.conf . 1838.It Va fsck_y_enable 1839.Pq Vt bool 1840If set to 1841.Dq Li YES , 1842.Xr fsck 8 1843will be run with the 1844.Fl y 1845flag if the initial preen 1846of the file systems fails. 1847.It Va background_fsck 1848.Pq Vt bool 1849If set to 1850.Dq Li YES , 1851the system will attempt to run 1852.Xr fsck 8 1853in the background where possible. 1854.It Va background_fsck_delay 1855.Pq Vt int 1856The amount of time in seconds to sleep before starting a background 1857.Xr fsck 8 . 1858It defaults to sixty seconds to allow large applications such as 1859the X server to start before disk I/O bandwidth is monopolized by 1860.Xr fsck 8 . 1861If set to a negative number, the background file system check will be 1862delayed indefinitely to allow the administrator to run it at a more 1863convenient time. 1864For example it may be run from 1865.Xr cron 8 1866by adding a line like 1867.Pp 1868.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1869.Pp 1870to 1871.Pa /etc/crontab . 1872.It Va netfs_types 1873.Pq Vt str 1874List of file system types that are network-based. 1875This list should generally not be modified by end users. 1876Use 1877.Va extra_netfs_types 1878instead. 1879.It Va extra_netfs_types 1880.Pq Vt str 1881If set to something other than 1882.Dq Li NO 1883(the default), 1884this variable extends the list of file system types 1885for which automatic mounting at startup by 1886.Xr rc 8 1887should be delayed until the network is initialized. 1888It should contain 1889a whitespace-separated list of network file system descriptor pairs, 1890each consisting of a file system type as passed to 1891.Xr mount 8 1892and a human-readable, one-word description, 1893joined with a colon 1894.Pq Ql \&: . 1895Extending the default list in this way is only necessary 1896when third party file system types are used. 1897.It Va syslogd_enable 1898.Pq Vt bool 1899If set to 1900.Dq Li YES , 1901run the 1902.Xr syslogd 8 1903daemon. 1904.It Va syslogd_program 1905.Pq Vt str 1906Path to 1907.Xr syslogd 8 1908(default 1909.Pa /usr/sbin/syslogd ) . 1910.It Va syslogd_flags 1911.Pq Vt str 1912If 1913.Va syslogd_enable 1914is set to 1915.Dq Li YES , 1916these are the flags to pass to 1917.Xr syslogd 8 . 1918.It Va inetd_enable 1919.Pq Vt bool 1920If set to 1921.Dq Li YES , 1922run the 1923.Xr inetd 8 1924daemon. 1925.It Va inetd_program 1926.Pq Vt str 1927Path to 1928.Xr inetd 8 1929(default 1930.Pa /usr/sbin/inetd ) . 1931.It Va inetd_flags 1932.Pq Vt str 1933If 1934.Va inetd_enable 1935is set to 1936.Dq Li YES , 1937these are the flags to pass to 1938.Xr inetd 8 . 1939.It Va hastd_enable 1940.Pq Vt bool 1941If set to 1942.Dq Li YES , 1943run the 1944.Xr hastd 8 1945daemon. 1946.It Va hastd_program 1947.Pq Vt str 1948Path to 1949.Xr hastd 8 1950(default 1951.Pa /sbin/hastd ) . 1952.It Va hastd_flags 1953.Pq Vt str 1954If 1955.Va hastd_enable 1956is set to 1957.Dq Li YES , 1958these are the flags to pass to 1959.Xr hastd 8 . 1960.It Va named_enable 1961.Pq Vt bool 1962If set to 1963.Dq Li YES , 1964run the 1965.Xr named 8 1966daemon. 1967.It Va named_program 1968.Pq Vt str 1969Path to 1970.Xr named 8 1971(default 1972.Pa /usr/sbin/named ) . 1973.It Va named_conf 1974.Pq Vt str 1975Path to 1976.Xr named 8 1977configuration file, (default 1978.Pa /etc/namedb/named.conf ) . 1979.It Va named_flags 1980.Pq Vt str 1981If 1982.Va named_enable 1983is set to 1984.Dq Li YES , 1985these are the flags to pass to 1986.Xr named 8 . 1987.It Va named_uid 1988.Pq Vt str 1989The user that the 1990.Xr named 8 1991process should be run as. 1992.It Va named_chrootdir 1993.Pq Vt str 1994The root directory for a name server run in a 1995.Xr chroot 8 1996environment (default 1997.Pa /var/named ) . 1998If left empty 1999.Xr named 8 2000will not be run in a 2001.Xr chroot 8 2002environment. 2003.It Va named_chroot_autoupdate 2004.Pq Vt bool 2005Set to 2006.Dq Li NO 2007to disable automatic update of the 2008.Xr chroot 8 2009environment. 2010.It Va named_symlink_enable 2011.Pq Vt bool 2012Set to 2013.Dq Li NO 2014to disable symlinking of 2015daemon's PID file 2016into the 2017.Xr chroot 8 2018environment. 2019.It Va named_wait 2020.Pq Vt bool 2021Set to have 2022.Pa /etc/rc.d/named 2023loop until working name service is established. 2024.It Va named_wait_host 2025.Pq Vt str 2026Name of host to lookup for the named_wait option. 2027(Default localhost) 2028.It Va named_auto_forward 2029.Pq Vt bool 2030Set to enable automatic creation of a forwarder 2031configuration file derived from 2032.Pa /etc/resolv.conf . 2033.It Va named_auto_forward_only 2034.Pq Vt bool 2035Set to change the default forwarder configuration from 2036.Dq forward first 2037to 2038.Dq forward only . 2039.It Va kerberos5_server_enable 2040.Pq Vt bool 2041Set to 2042.Dq Li YES 2043to start a Kerberos 5 authentication server 2044at boot time. 2045.It Va kerberos5_server 2046.Pq Vt str 2047If 2048.Va kerberos5_server_enable 2049is set to 2050.Dq Li YES 2051this is the path to Kerberos 5 Authentication Server. 2052.It Va kerberos5_server_flags 2053.Pq Vt str 2054Empty by default. 2055This variable contains additional flags to be passed to the Kerberos 5 2056authentication server. 2057.It Va kadmind5_server_enable 2058.Pq Vt bool 2059Set to 2060.Dq Li YES 2061to start 2062.Xr kadmind 8 , 2063the Kerberos 5 Administration Daemon; set to 2064.Dq Li NO 2065on a slave server. 2066.It Va kadmind5_server 2067.Pq Vt str 2068If 2069.Va kadmind5_server_enable 2070is set to 2071.Dq Li YES 2072this is the path to Kerberos 5 Administration Daemon. 2073.It Va kpasswdd_server_enable 2074.Pq Vt bool 2075Set to 2076.Dq Li YES 2077to start 2078.Xr kpasswdd 8 , 2079the Kerberos 5 Password-Changing Daemon; set to 2080.Dq Li NO 2081on a slave server. 2082.It Va kpasswdd_server 2083.Pq Vt str 2084If 2085.Va kpasswdd_server_enable 2086is set to 2087.Dq Li YES 2088this is the path to Kerberos 5 Password-Changing Daemon. 2089.It Va rwhod_enable 2090.Pq Vt bool 2091If set to 2092.Dq Li YES , 2093run the 2094.Xr rwhod 8 2095daemon at boot time. 2096.It Va rwhod_flags 2097.Pq Vt str 2098If 2099.Va rwhod_enable 2100is set to 2101.Dq Li YES , 2102these are the flags to pass to it. 2103.It Va amd_enable 2104.Pq Vt bool 2105If set to 2106.Dq Li YES , 2107run the 2108.Xr amd 8 2109daemon at boot time. 2110.It Va amd_flags 2111.Pq Vt str 2112If 2113.Va amd_enable 2114is set to 2115.Dq Li YES , 2116these are the flags to pass to it. 2117See the 2118.Xr amd 8 2119manpage for more information. 2120.It Va amd_map_program 2121.Pq Vt str 2122If set, 2123the specified program is run to get the list of 2124.Xr amd 8 2125maps. 2126For example, if the 2127.Xr amd 8 2128maps are stored in NIS, one can set this to 2129run 2130.Xr ypcat 1 2131to get a list of 2132.Xr amd 8 2133maps from the 2134.Pa amd.master 2135NIS map. 2136.It Va update_motd 2137.Pq Vt bool 2138If set to 2139.Dq Li YES , 2140.Pa /etc/motd 2141will be updated at boot time to reflect the kernel release 2142being run. 2143If set to 2144.Dq Li NO , 2145.Pa /etc/motd 2146will not be updated. 2147.It Va nfs_client_enable 2148.Pq Vt bool 2149If set to 2150.Dq Li YES , 2151run the NFS client daemons at boot time. 2152.It Va nfs_access_cache 2153.Pq Vt int 2154If 2155.Va nfs_client_enable 2156is set to 2157.Dq Li YES , 2158this can be set to 2159.Dq Li 0 2160to disable NFS ACCESS RPC caching, or to the number of seconds for which 2161NFS ACCESS 2162results should be cached. 2163A value of 2-10 seconds will substantially reduce network 2164traffic for many NFS operations. 2165.It Va nfs_server_enable 2166.Pq Vt bool 2167If set to 2168.Dq Li YES , 2169run the NFS server daemons at boot time. 2170.It Va nfs_server_flags 2171.Pq Vt str 2172If 2173.Va nfs_server_enable 2174is set to 2175.Dq Li YES , 2176these are the flags to pass to the 2177.Xr nfsd 8 2178daemon. 2179.It Va nfsv4_server_enable 2180.Pq Vt bool 2181If 2182.Va nfs_server_enable 2183is set to 2184.Dq Li YES 2185and 2186.Va nfsv4_server_enable 2187are set to 2188.Dq Li YES , 2189enable the server for NFSv4 as well as NFSv2 and NFSv3. 2190.It Va nfsuserd_enable 2191.Pq Vt bool 2192If 2193.Va nfsuserd_enable 2194is set to 2195.Dq Li YES , 2196run the nfsuserd daemon, which is needed for NFSv4 in order 2197to map between user/group names vs uid/gid numbers. 2198If 2199.Va nfsv4_server_enable 2200is set to 2201.Dq Li YES , 2202this will be forced enabled. 2203.It Va nfsuserd_flags 2204.Pq Vt str 2205If 2206.Va nfsuserd_enable 2207is set to 2208.Dq Li YES , 2209these are the flags to pass to the 2210.Xr nfsuserd 8 2211daemon. 2212.It Va nfscbd_enable 2213.Pq Vt bool 2214If 2215.Va nfscbd_enable 2216is set to 2217.Dq Li YES , 2218run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2219.It Va nfscbd_flags 2220.Pq Vt str 2221If 2222.Va nfscbd_enable 2223is set to 2224.Dq Li YES , 2225these are the flags to pass to the 2226.Xr nfscbd 8 2227daemon. 2228.It Va oldnfs_server_enable 2229.Pq Vt bool 2230If 2231.Va oldnfs_server_enable 2232is set to 2233.Dq Li YES , 2234force the NFS server daemons to run the old NFS server code 2235that does not support NFSv4. 2236.It Va mountd_enable 2237.Pq Vt bool 2238If set to 2239.Dq Li YES , 2240and no 2241.Va nfs_server_enable 2242is set, start 2243.Xr mountd 8 , 2244but not 2245.Xr nfsd 8 2246daemon. 2247It is commonly needed to run CFS without real NFS used. 2248.It Va mountd_flags 2249.Pq Vt str 2250If 2251.Va mountd_enable 2252is set to 2253.Dq Li YES , 2254these are the flags to pass to the 2255.Xr mountd 8 2256daemon. 2257.It Va weak_mountd_authentication 2258.Pq Vt bool 2259If set to 2260.Dq Li YES , 2261allow services like PCNFSD to make non-privileged mount 2262requests. 2263.It Va nfs_reserved_port_only 2264.Pq Vt bool 2265If set to 2266.Dq Li YES , 2267provide NFS services only on a secure port. 2268.It Va nfs_bufpackets 2269.Pq Vt int 2270If set to a number, indicates the number of packets worth of 2271socket buffer space to reserve on an NFS client. 2272The kernel default is typically 4. 2273Using a higher number may be 2274useful on gigabit networks to improve performance. 2275The minimum value is 22762 and the maximum is 64. 2277.It Va rpc_lockd_enable 2278.Pq Vt bool 2279If set to 2280.Dq Li YES 2281and also an NFS server or client, run 2282.Xr rpc.lockd 8 2283at boot time. 2284.It Va rpc_lockd_flags 2285.Pq Vt str 2286If 2287.Va rpc_lockd_enable 2288is set to 2289.Dq Li YES , 2290these are the flags to pass to the 2291.Xr rpc.lockd 8 2292daemon. 2293.It Va rpc_statd_enable 2294.Pq Vt bool 2295If set to 2296.Dq Li YES 2297and also an NFS server or client, run 2298.Xr rpc.statd 8 2299at boot time. 2300.It Va rpc_statd_flags 2301.Pq Vt str 2302If 2303.Va rpc_statd_enable 2304is set to 2305.Dq Li YES , 2306these are the flags to pass to the 2307.Xr rpc.statd 8 2308daemon. 2309.It Va rpcbind_program 2310.Pq Vt str 2311Path to 2312.Xr rpcbind 8 2313(default 2314.Pa /usr/sbin/rpcbind ) . 2315.It Va rpcbind_enable 2316.Pq Vt bool 2317If set to 2318.Dq Li YES , 2319run the 2320.Xr rpcbind 8 2321service at boot time. 2322.It Va rpcbind_flags 2323.Pq Vt str 2324If 2325.Va rpcbind_enable 2326is set to 2327.Dq Li YES , 2328these are the flags to pass to the 2329.Xr rpcbind 8 2330daemon. 2331.It Va keyserv_enable 2332.Pq Vt bool 2333If set to 2334.Dq Li YES , 2335run the 2336.Xr keyserv 8 2337daemon on boot for running Secure RPC. 2338.It Va keyserv_flags 2339.Pq Vt str 2340If 2341.Va keyserv_enable 2342is set to 2343.Dq Li YES , 2344these are the flags to pass to 2345.Xr keyserv 8 2346daemon. 2347.It Va pppoed_enable 2348.Pq Vt bool 2349If set to 2350.Dq Li YES , 2351run the 2352.Xr pppoed 8 2353daemon at boot time to provide PPP over Ethernet services. 2354.It Va pppoed_ Ns Aq Ar provider 2355.Pq Vt str 2356.Xr pppoed 8 2357listens to requests to this 2358.Ar provider 2359and ultimately runs 2360.Xr ppp 8 2361with a 2362.Ar system 2363argument of the same name. 2364.It Va pppoed_flags 2365.Pq Vt str 2366Additional flags to pass to 2367.Xr pppoed 8 . 2368.It Va pppoed_interface 2369.Pq Vt str 2370The network interface to run 2371.Xr pppoed 8 2372on. 2373This is mandatory when 2374.Va pppoed_enable 2375is set to 2376.Dq Li YES . 2377.It Va timed_enable 2378.Pq Vt bool 2379If set to 2380.Dq Li YES , 2381run the 2382.Xr timed 8 2383service at boot time. 2384This command is intended for networks of 2385machines where a consistent 2386.Dq "network time" 2387for all hosts must be established. 2388This is often useful in large NFS 2389environments where time stamps on files are expected to be consistent 2390network-wide. 2391.It Va timed_flags 2392.Pq Vt str 2393If 2394.Va timed_enable 2395is set to 2396.Dq Li YES , 2397these are the flags to pass to the 2398.Xr timed 8 2399service. 2400.It Va ntpdate_enable 2401.Pq Vt bool 2402If set to 2403.Dq Li YES , 2404run 2405.Xr ntpdate 8 2406at system startup. 2407This command is intended to 2408synchronize the system clock only 2409.Em once 2410from some standard reference. 2411An option to set this up initially 2412(from a list of known servers) is also provided by the 2413.Xr sysinstall 8 2414program when the system is first installed. 2415.It Va ntpdate_config 2416.Pq Vt str 2417Configuration file for 2418.Xr ntpdate 8 . 2419Default 2420.Pa /etc/ntp.conf . 2421.It Va ntpdate_hosts 2422.Pq Vt str 2423A whitespace-separated list of NTP servers to synchronize with at startup. 2424The default is to use the servers listed in 2425.Va ntpdate_config , 2426if that file exists. 2427.It Va ntpdate_program 2428.Pq Vt str 2429Path to 2430.Xr ntpdate 8 2431(default 2432.Pa /usr/sbin/ntpdate ) . 2433.It Va ntpdate_flags 2434.Pq Vt str 2435If 2436.Va ntpdate_enable 2437is set to 2438.Dq Li YES , 2439these are the flags to pass to the 2440.Xr ntpdate 8 2441command (typically a hostname). 2442.It Va ntpd_enable 2443.Pq Vt bool 2444If set to 2445.Dq Li YES , 2446run the 2447.Xr ntpd 8 2448command at boot time. 2449.It Va ntpd_program 2450.Pq Vt str 2451Path to 2452.Xr ntpd 8 2453(default 2454.Pa /usr/sbin/ntpd ) . 2455.It Va ntpd_config 2456.Pq Vt str 2457Path to 2458.Xr ntpd 8 2459configuration file. 2460Default 2461.Pa /etc/ntp.conf . 2462.It Va ntpd_flags 2463.Pq Vt str 2464If 2465.Va ntpd_enable 2466is set to 2467.Dq Li YES , 2468these are the flags to pass to the 2469.Xr ntpd 8 2470daemon. 2471.It Va ntpd_sync_on_start 2472.Pq Vt bool 2473If set to 2474.Dq Li YES , 2475.Xr ntpd 8 2476is run with the 2477.Fl g 2478flag, which syncs the system's clock on startup. 2479See 2480.Xr ntpd 8 2481for more information regarding the 2482.Fl g 2483option. 2484This is a preferred alternative to using 2485.Xr ntpdate 8 2486or specifying the 2487.Va ntpdate_enable 2488variable. 2489.It Va nis_client_enable 2490.Pq Vt bool 2491If set to 2492.Dq Li YES , 2493run the 2494.Xr ypbind 8 2495service at system boot time. 2496.It Va nis_client_flags 2497.Pq Vt str 2498If 2499.Va nis_client_enable 2500is set to 2501.Dq Li YES , 2502these are the flags to pass to the 2503.Xr ypbind 8 2504service. 2505.It Va nis_ypset_enable 2506.Pq Vt bool 2507If set to 2508.Dq Li YES , 2509run the 2510.Xr ypset 8 2511daemon at system boot time. 2512.It Va nis_ypset_flags 2513.Pq Vt str 2514If 2515.Va nis_ypset_enable 2516is set to 2517.Dq Li YES , 2518these are the flags to pass to the 2519.Xr ypset 8 2520daemon. 2521.It Va nis_server_enable 2522.Pq Vt bool 2523If set to 2524.Dq Li YES , 2525run the 2526.Xr ypserv 8 2527daemon at system boot time. 2528.It Va nis_server_flags 2529.Pq Vt str 2530If 2531.Va nis_server_enable 2532is set to 2533.Dq Li YES , 2534these are the flags to pass to the 2535.Xr ypserv 8 2536daemon. 2537.It Va nis_ypxfrd_enable 2538.Pq Vt bool 2539If set to 2540.Dq Li YES , 2541run the 2542.Xr rpc.ypxfrd 8 2543daemon at system boot time. 2544.It Va nis_ypxfrd_flags 2545.Pq Vt str 2546If 2547.Va nis_ypxfrd_enable 2548is set to 2549.Dq Li YES , 2550these are the flags to pass to the 2551.Xr rpc.ypxfrd 8 2552daemon. 2553.It Va nis_yppasswdd_enable 2554.Pq Vt bool 2555If set to 2556.Dq Li YES , 2557run the 2558.Xr rpc.yppasswdd 8 2559daemon at system boot time. 2560.It Va nis_yppasswdd_flags 2561.Pq Vt str 2562If 2563.Va nis_yppasswdd_enable 2564is set to 2565.Dq Li YES , 2566these are the flags to pass to the 2567.Xr rpc.yppasswdd 8 2568daemon. 2569.It Va rpc_ypupdated_enable 2570.Pq Vt bool 2571If set to 2572.Dq Li YES , 2573run the 2574.Nm rpc.ypupdated 2575daemon at system boot time. 2576.It Va bsnmpd_enable 2577.Pq Vt bool 2578If set to 2579.Dq Li YES , 2580run the 2581.Xr bsnmpd 1 2582daemon at system boot time. 2583Be sure to understand the security implications of running SNMP daemon 2584on your host. 2585.It Va bsnmpd_flags 2586.Pq Vt str 2587If 2588.Va bsnmpd_enable 2589is set to 2590.Dq Li YES , 2591these are the flags to pass to the 2592.Xr bsnmpd 1 2593daemon. 2594.It Va defaultrouter 2595.Pq Vt str 2596If not set to 2597.Dq Li NO , 2598create a default route to this host name or IP address 2599(use an IP address if this router is also required to get to the 2600name server!). 2601.It Va ipv6_defaultrouter 2602.Pq Vt str 2603The IPv6 equivalent of 2604.Va defaultrouter . 2605.It Va static_arp_pairs 2606.Pq Vt str 2607Set to the list of static ARP pairs that are to be added at system 2608boot time. 2609For each whitespace separated 2610.Ar element 2611in the value, a 2612.Va static_arp_ Ns Aq Ar element 2613variable is assumed to exist whose contents will later be passed to a 2614.Dq Nm arp Cm -S 2615operation. 2616For example 2617.Bd -literal 2618static_arp_pairs="gw" 2619static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2620.Ed 2621.It Va static_ndp_pairs 2622.Pq Vt str 2623Set to the list of static NDP pairs that are to be added at system 2624boot time. 2625For each whitespace separated 2626.Ar element 2627in the value, a 2628.Va static_ndp_ Ns Aq Ar element 2629variable is assumed to exist whose contents will later be passed to a 2630.Dq Nm ndp Cm -s 2631operation. 2632For example 2633.Bd -literal 2634static_ndp_pairs="gw" 2635static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2636.Ed 2637.It Va static_routes 2638.Pq Vt str 2639Set to the list of static routes that are to be added at system 2640boot time. 2641If not set to 2642.Dq Li NO 2643then for each whitespace separated 2644.Ar element 2645in the value, a 2646.Va route_ Ns Aq Ar element 2647variable is assumed to exist 2648whose contents will later be passed to a 2649.Dq Nm route Cm add 2650operation. 2651For example: 2652.Bd -literal 2653static_routes="mcast gif0local" 2654route_mcast="-net 224.0.0.0/4 -iface gif0" 2655route_gif0local="-host 169.254.1.1 -iface lo0" 2656.Ed 2657.It Va ipv6_static_routes 2658.Pq Vt str 2659The IPv6 equivalent of 2660.Va static_routes . 2661If not set to 2662.Dq Li NO 2663then for each whitespace separated 2664.Ar element 2665in the value, a 2666.Va ipv6_route_ Ns Aq Ar element 2667variable is assumed to exist 2668whose contents will later be passed to a 2669.Dq Nm route Cm add Fl inet6 2670operation. 2671.It Va natm_static_routes 2672.Pq Vt str 2673The 2674.Xr natmip 4 2675equivalent of 2676.Va static_routes . 2677If not empty then for each whitespace separated 2678.Ar element 2679in the value, a 2680.Va route_ Ns Aq Ar element 2681variable is assumed to exist whose contents will later be passed to a 2682.Dq Nm atmconfig Cm natm Cm add 2683operation. 2684.It Va gateway_enable 2685.Pq Vt bool 2686If set to 2687.Dq Li YES , 2688configure host to act as an IP router, e.g.\& to forward packets 2689between interfaces. 2690.It Va ipv6_gateway_enable 2691.Pq Vt bool 2692The IPv6 equivalent of 2693.Va gateway_enable . 2694.It Va routed_enable 2695.Pq Vt bool 2696If set to 2697.Dq Li YES , 2698run a routing daemon of some sort, based on the 2699settings of 2700.Va routed_program 2701and 2702.Va routed_flags . 2703.It Va route6d_enable 2704.Pq Vt bool 2705The IPv6 equivalent of 2706.Va routed_enable . 2707If set to 2708.Dq Li YES , 2709run a routing daemon of some sort, based on the 2710settings of 2711.Va route6d_program 2712and 2713.Va route6d_flags . 2714.It Va routed_program 2715.Pq Vt str 2716If 2717.Va routed_enable 2718is set to 2719.Dq Li YES , 2720this is the name of the routing daemon to use. 2721.It Va route6d_program 2722.Pq Vt str 2723The IPv6 equivalent of 2724.Va routed_program . 2725.It Va routed_flags 2726.Pq Vt str 2727If 2728.Va routed_enable 2729is set to 2730.Dq Li YES , 2731these are the flags to pass to the routing daemon. 2732.It Va route6d_flags 2733.Pq Vt str 2734The IPv6 equivalent of 2735.Va routed_flags . 2736.It Va mrouted_enable 2737.Pq Vt bool 2738If set to 2739.Dq Li YES , 2740run the multicast routing daemon, 2741.Xr mrouted 8 . 2742.It Va mroute6d_enable 2743.Pq Vt bool 2744The IPv6 equivalent of 2745.Va mrouted_enable . 2746If set to 2747.Dq Li YES , 2748run the IPv6 multicast routing daemon. 2749.Pp 2750Note that multicast routing daemons are no longer included in the 2751.Fx 2752base system, however, both 2753.Xr mrouted 8 2754and 2755.Xr pim6dd 8 2756may be installed from the 2757.Fx 2758Ports Collection. 2759.It Va mrouted_flags 2760.Pq Vt str 2761If 2762.Va mrouted_enable 2763is set to 2764.Dq Li YES , 2765these are the flags to pass to the 2766.Xr mrouted 8 2767daemon. 2768.It Va mroute6d_flags 2769.Pq Vt str 2770The IPv6 equivalent of 2771.Va mrouted_flags . 2772If 2773.Va mroute6d_enable 2774is set to 2775.Dq Li YES , 2776these are the flags passed to the IPv6 multicast routing daemon. 2777.It Va mroute6d_program 2778.Pq Vt str 2779If 2780.Va mroute6d_enable 2781is set to 2782.Dq Li YES , 2783this is the path to the IPv6 multicast routing daemon. 2784.It Va rtadvd_enable 2785.Pq Vt bool 2786If set to 2787.Dq Li YES , 2788run the 2789.Xr rtadvd 8 2790daemon at boot time. 2791The 2792.Xr rtadvd 8 2793utility sends ICMPv6 Router Advertisement messages to 2794the interfaces specified in 2795.Va rtadvd_interfaces . 2796This should only be enabled with great care. 2797You may want to fine-tune 2798.Xr rtadvd.conf 5 . 2799.It Va rtadvd_interfaces 2800.Pq Vt str 2801If 2802.Va rtadvd_enable 2803is set to 2804.Dq Li YES 2805this is the list of interfaces to use. 2806.It Va ipxgateway_enable 2807.Pq Vt bool 2808If set to 2809.Dq Li YES , 2810enable the routing of IPX traffic. 2811.It Va ipxrouted_enable 2812.Pq Vt bool 2813If set to 2814.Dq Li YES , 2815run the 2816.Xr IPXrouted 8 2817daemon at system boot time. 2818.It Va ipxrouted_flags 2819.Pq Vt str 2820If 2821.Va ipxrouted_enable 2822is set to 2823.Dq Li YES , 2824these are the flags to pass to the 2825.Xr IPXrouted 8 2826daemon. 2827.It Va arpproxy_all 2828.Pq Vt bool 2829If set to 2830.Dq Li YES , 2831enable global proxy ARP. 2832.It Va forward_sourceroute 2833.Pq Vt bool 2834If set to 2835.Dq Li YES 2836and 2837.Va gateway_enable 2838is also set to 2839.Dq Li YES , 2840source-routed packets are forwarded. 2841.It Va accept_sourceroute 2842.Pq Vt bool 2843If set to 2844.Dq Li YES , 2845the system will accept source-routed packets directed at it. 2846.It Va rarpd_enable 2847.Pq Vt bool 2848If set to 2849.Dq Li YES , 2850run the 2851.Xr rarpd 8 2852daemon at system boot time. 2853.It Va rarpd_flags 2854.Pq Vt str 2855If 2856.Va rarpd_enable 2857is set to 2858.Dq Li YES , 2859these are the flags to pass to the 2860.Xr rarpd 8 2861daemon. 2862.It Va bootparamd_enable 2863.Pq Vt bool 2864If set to 2865.Dq Li YES , 2866run the 2867.Xr bootparamd 8 2868daemon at system boot time. 2869.It Va bootparamd_flags 2870.Pq Vt str 2871If 2872.Va bootparamd_enable 2873is set to 2874.Dq Li YES , 2875these are the flags to pass to the 2876.Xr bootparamd 8 2877daemon. 2878.It Va stf_interface_ipv4addr 2879.Pq Vt str 2880If not set to 2881.Dq Li NO , 2882this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2883interface). 2884Specify this entry to enable the 6to4 interface. 2885.It Va stf_interface_ipv4plen 2886.Pq Vt int 2887Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2888An effective value is 0-31. 2889.It Va stf_interface_ipv6_ifid 2890.Pq Vt str 2891IPv6 interface ID for 2892.Xr stf 4 . 2893This can be set to 2894.Dq Li AUTO . 2895.It Va stf_interface_ipv6_slaid 2896.Pq Vt str 2897IPv6 Site Level Aggregator for 2898.Xr stf 4 . 2899.It Va ipv6_faith_prefix 2900.Pq Vt str 2901If not set to 2902.Dq Li NO , 2903this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2904translator. 2905You also need 2906.Xr faithd 8 2907setup. 2908.It Va ipv6_ipv4mapping 2909.Pq Vt bool 2910If set to 2911.Dq Li YES 2912this enables IPv4 mapped IPv6 address communication (like 2913.Li ::ffff:a.b.c.d ) . 2914.It Va atm_enable 2915.Pq Vt bool 2916Set to 2917.Dq Li YES 2918to enable the configuration of ATM interfaces at system boot time. 2919For all of the ATM variables described below, please refer to the 2920.Xr atm 8 2921manual page for further details on the available command parameters. 2922Also refer to the files in 2923.Pa /usr/share/examples/atm 2924for more detailed configuration information. 2925.It Va atm_load 2926.Pq Vt str 2927This is a list of physical ATM interface drivers to load. 2928Typical values are 2929.Dq Li hfa_pci 2930and/or 2931.Dq Li hea_pci . 2932.It Va atm_netif_ Ns Aq Ar intf 2933.Pq Vt str 2934For the ATM physical interface 2935.Ar intf , 2936this variable defines the name prefix and count for the ATM network 2937interfaces to be created. 2938The value will be passed as the parameters of an 2939.Dq Nm atm Cm "set netif" Ar intf 2940command. 2941.It Va atm_sigmgr_ Ns Aq Ar intf 2942.Pq Vt str 2943For the ATM physical interface 2944.Ar intf , 2945this variable defines the ATM signalling manager to be used. 2946The value will be passed as the parameters of an 2947.Dq Nm atm Cm attach Ar intf 2948command. 2949.It Va atm_prefix_ Ns Aq Ar intf 2950.Pq Vt str 2951For the ATM physical interface 2952.Ar intf , 2953this variable defines the NSAP prefix for interfaces using a UNI signalling 2954manager. 2955If set to 2956.Dq Li ILMI , 2957the prefix will automatically be set via the 2958.Xr ilmid 8 2959daemon. 2960Otherwise, the value will be passed as the parameters of an 2961.Dq Nm atm Cm "set prefix" Ar intf 2962command. 2963.It Va atm_macaddr_ Ns Aq Ar intf 2964.Pq Vt str 2965For the ATM physical interface 2966.Ar intf , 2967this variable defines the MAC address for interfaces using a UNI signalling 2968manager. 2969If set to 2970.Dq Li NO , 2971the hardware MAC address contained in the ATM interface card will be used. 2972Otherwise, the value will be passed as the parameters of an 2973.Dq Nm atm Cm "set mac" Ar intf 2974command. 2975.It Va atm_arpserver_ Ns Aq Ar netif 2976.Pq Vt str 2977For the ATM network interface 2978.Ar netif , 2979this variable defines the ATM address for a host which is to provide ATMARP 2980service. 2981This variable is only applicable to interfaces using a UNI signalling 2982manager. 2983If set to 2984.Dq Li local , 2985this host will become an ATMARP server. 2986The value will be passed as the parameters of an 2987.Dq Nm atm Cm "set arpserver" Ar netif 2988command. 2989.It Va atm_scsparp_ Ns Aq Ar netif 2990.Pq Vt bool 2991If set to 2992.Dq Li YES , 2993SCSP/ATMARP service for the network interface 2994.Ar netif 2995will be initiated using the 2996.Xr scspd 8 2997and 2998.Xr atmarpd 8 2999daemons. 3000This variable is only applicable if 3001.Va atm_arpserver_ Ns Aq Ar netif 3002is set to 3003.Dq Li local . 3004.It Va atm_pvcs 3005.Pq Vt str 3006Set to the list of ATM PVCs to be added at system 3007boot time. 3008For each whitespace separated 3009.Ar element 3010in the value, an 3011.Va atm_pvc_ Ns Aq Ar element 3012variable is assumed to exist. 3013The value of each of these variables 3014will be passed as the parameters of an 3015.Dq Nm atm Cm "add pvc" 3016command. 3017.It Va atm_arps 3018.Pq Vt str 3019Set to the list of permanent ATM ARP entries to be added 3020at system boot time. 3021For each whitespace separated 3022.Ar element 3023in the value, an 3024.Va atm_arp_ Ns Aq Ar element 3025variable is assumed to exist. 3026The value of each of these variables 3027will be passed as the parameters of an 3028.Dq Nm atm Cm "add arp" 3029command. 3030.It Va natm_interfaces 3031.Pq Vt str 3032Set to the list of 3033.Xr natm 4 3034interfaces that will also be used for HARP through 3035.Xr harp 4 . 3036If this list is not empty all interfaces in the list will be brought up 3037with 3038.Xr ifconfig 8 3039and 3040.Xr harp 4 3041will be loaded. 3042For this to work the interface drivers must be either compiled into the 3043kernel or must reside on the root partition. 3044.It Va keybell 3045.Pq Vt str 3046The keyboard bell sound. 3047Set to 3048.Dq Li normal , 3049.Dq Li visual , 3050.Dq Li off , 3051or 3052.Dq Li NO 3053if the default behavior is desired. 3054For details, refer to the 3055.Xr kbdcontrol 1 3056manpage. 3057.It Va keyboard 3058.Pq Vt str 3059If set to a non-null string, the virtual console's keyboard input is 3060set to this device. 3061.It Va keymap 3062.Pq Vt str 3063If set to 3064.Dq Li NO , 3065no keymap is installed, otherwise the value is used to install 3066the keymap file in 3067.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3068.It Va keyrate 3069.Pq Vt str 3070The keyboard repeat speed. 3071Set to 3072.Dq Li slow , 3073.Dq Li normal , 3074.Dq Li fast , 3075or 3076.Dq Li NO 3077if the default behavior is desired. 3078.It Va keychange 3079.Pq Vt str 3080If not set to 3081.Dq Li NO , 3082attempt to program the function keys with the value. 3083The value should 3084be a single string of the form: 3085.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3086.It Va cursor 3087.Pq Vt str 3088Can be set to the value of 3089.Dq Li normal , 3090.Dq Li blink , 3091.Dq Li destructive , 3092or 3093.Dq Li NO 3094to set the cursor behavior explicitly or choose the default behavior. 3095.It Va scrnmap 3096.Pq Vt str 3097If set to 3098.Dq Li NO , 3099no screen map is installed, otherwise the value is used to install 3100the screen map file in 3101.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3102.It Va font8x16 3103.Pq Vt str 3104If set to 3105.Dq Li NO , 3106the default 8x16 font value is used for screen size requests, otherwise 3107the value in 3108.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3109is used. 3110.It Va font8x14 3111.Pq Vt str 3112If set to 3113.Dq Li NO , 3114the default 8x14 font value is used for screen size requests, otherwise 3115the value in 3116.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3117is used. 3118.It Va font8x8 3119.Pq Vt str 3120If set to 3121.Dq Li NO , 3122the default 8x8 font value is used for screen size requests, otherwise 3123the value in 3124.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3125is used. 3126.It Va blanktime 3127.Pq Vt int 3128If set to 3129.Dq Li NO , 3130the default screen blanking interval is used, otherwise it is set 3131to 3132.Ar value 3133seconds. 3134.It Va saver 3135.Pq Vt str 3136If not set to 3137.Dq Li NO , 3138this is the actual screen saver to use 3139.Li ( blank , snake , daemon , 3140etc). 3141.It Va moused_nondefault_enable 3142.Pq Vt str 3143If set to 3144.Dq Li NO , 3145the mouse device specified on 3146the command line is not automatically treated as enabled by the 3147.Pa /etc/rc.d/moused 3148script. 3149Having this variable set to 3150.Dq Li YES 3151allows a 3152.Xr usb 4 3153mouse, 3154for example, 3155to be enabled as soon as it is plugged in. 3156.It Va moused_enable 3157.Pq Vt str 3158If set to 3159.Dq Li YES , 3160the 3161.Xr moused 8 3162daemon is started for doing cut/paste selection on the console. 3163.It Va moused_type 3164.Pq Vt str 3165This is the protocol type of the mouse connected to this host. 3166This variable must be set if 3167.Va moused_enable 3168is set to 3169.Dq Li YES . 3170The 3171.Xr moused 8 3172daemon 3173is able to detect the appropriate mouse type automatically in many cases. 3174Set this variable to 3175.Dq Li auto 3176to let the daemon detect it, or 3177select one from the following list if the automatic detection fails. 3178.Pp 3179If the mouse is attached to the PS/2 mouse port, choose 3180.Dq Li auto 3181or 3182.Dq Li ps/2 , 3183regardless of the brand and model of the mouse. 3184Likewise, if the 3185mouse is attached to the bus mouse port, choose 3186.Dq Li auto 3187or 3188.Dq Li busmouse . 3189All other protocols are for serial mice and will not work with 3190the PS/2 and bus mice. 3191If this is a USB mouse, 3192.Dq Li auto 3193is the only protocol type which will work. 3194.Pp 3195.Bl -tag -width ".Li x10mouseremote" -compact 3196.It Li microsoft 3197Microsoft mouse (serial) 3198.It Li intellimouse 3199Microsoft IntelliMouse (serial) 3200.It Li mousesystems 3201Mouse systems Corp.\& mouse (serial) 3202.It Li mmseries 3203MM Series mouse (serial) 3204.It Li logitech 3205Logitech mouse (serial) 3206.It Li busmouse 3207A bus mouse 3208.It Li mouseman 3209Logitech MouseMan and TrackMan (serial) 3210.It Li glidepoint 3211ALPS GlidePoint (serial) 3212.It Li thinkingmouse 3213Kensington ThinkingMouse (serial) 3214.It Li ps/2 3215PS/2 mouse 3216.It Li mmhittab 3217MM HitTablet (serial) 3218.It Li x10mouseremote 3219X10 MouseRemote (serial) 3220.It Li versapad 3221Interlink VersaPad (serial) 3222.El 3223.Pp 3224Even if the mouse is not in the above list, it may be compatible 3225with one in the list. 3226Refer to the manual page for 3227.Xr moused 8 3228for compatibility information. 3229.Pp 3230It should also be noted that while this is enabled, any 3231other client of the mouse (such as an X server) should access 3232the mouse through the virtual mouse device, 3233.Pa /dev/sysmouse , 3234and configure it as a 3235.Dq Li sysmouse 3236type mouse, since all 3237mouse data is converted to this single canonical format when 3238using 3239.Xr moused 8 . 3240If the client program does not support the 3241.Dq Li sysmouse 3242type, 3243specify the 3244.Dq Li mousesystems 3245type. 3246It is the second preferred type. 3247.It Va moused_port 3248.Pq Vt str 3249If 3250.Va moused_enable 3251is set to 3252.Dq Li YES , 3253this is the actual port the mouse is on. 3254It might be 3255.Pa /dev/cuad0 3256for a COM1 serial mouse, 3257.Pa /dev/psm0 3258for a PS/2 mouse or 3259.Pa /dev/mse0 3260for a bus mouse, for example. 3261.It Va moused_flags 3262.Pq Vt str 3263If 3264.Va moused_flags 3265is set, its value is used as an additional set of flags to pass to the 3266.Xr moused 8 3267daemon. 3268.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3269When 3270.Va moused_nondefault_enable 3271is enabled, and a 3272.Xr moused 8 3273daemon is started for a non-default port, the 3274.Va "moused_" Ns Ar XXX Ns Va "_flags" 3275set of options has precedence over and replaces the default 3276.Va moused_flags (where 3277.Ar XXX 3278is the name of the non-default port, i.e.\& 3279.Ar ums0 ) . 3280By setting 3281.Va "moused_" Ns Ar XXX Ns Va "_flags" 3282it is possible to set up a different set of default flags for each 3283.Xr moused 8 3284instance. 3285For example, you can use 3286.Dq Li "-3" 3287for the default 3288.Va moused_flags 3289to make your laptop's touchpad more comfortable to use, 3290but an empty set of options for 3291.Va moused_ums0_flags 3292when your 3293.Xr usb 4 3294mouse has three or more buttons. 3295.It Va mousechar_start 3296.Pq Vt int 3297If set to 3298.Dq Li NO , 3299the default mouse cursor character range 3300.Li 0xd0 Ns - Ns Li 0xd3 3301is used, 3302otherwise the range start is set 3303to 3304.Ar value 3305character, see 3306.Xr vidcontrol 1 . 3307Use if the default range is occupied in the language code table. 3308.It Va allscreens_flags 3309.Pq Vt str 3310If set, 3311.Xr vidcontrol 1 3312is run with these options for each of the virtual terminals 3313.Pq Pa /dev/ttyv* . 3314For example, 3315.Dq Fl m Cm on 3316will enable the mouse pointer on all virtual terminals 3317if 3318.Va moused_enable 3319is set to 3320.Dq Li YES . 3321.It Va allscreens_kbdflags 3322.Pq Vt str 3323If set, 3324.Xr kbdcontrol 1 3325is run with these options for each of the virtual terminals 3326.Pq Pa /dev/ttyv* . 3327For example, 3328.Dq Fl h Li 200 3329will set the 3330.Xr syscons 4 3331scrollback (history) buffer to 200 lines. 3332.It Va cron_enable 3333.Pq Vt bool 3334If set to 3335.Dq Li YES , 3336run the 3337.Xr cron 8 3338daemon at system boot time. 3339.It Va cron_program 3340.Pq Vt str 3341Path to 3342.Xr cron 8 3343(default 3344.Pa /usr/sbin/cron ) . 3345.It Va cron_flags 3346.Pq Vt str 3347If 3348.Va cron_enable 3349is set to 3350.Dq Li YES , 3351these are the flags to pass to 3352.Xr cron 8 . 3353.It Va cron_dst 3354.Pq Vt bool 3355If set to 3356.Dq Li YES , 3357enable the special handling of transitions to and from the 3358Daylight Saving Time in 3359.Xr cron 8 3360(equivalent to using the flag 3361.Fl s ) . 3362.It Va lpd_program 3363.Pq Vt str 3364Path to 3365.Xr lpd 8 3366(default 3367.Pa /usr/sbin/lpd ) . 3368.It Va lpd_enable 3369.Pq Vt bool 3370If set to 3371.Dq Li YES , 3372run the 3373.Xr lpd 8 3374daemon at system boot time. 3375.It Va lpd_flags 3376.Pq Vt str 3377If 3378.Va lpd_enable 3379is set to 3380.Dq Li YES , 3381these are the flags to pass to the 3382.Xr lpd 8 3383daemon. 3384.It Va chkprintcap_enable 3385.Pq Vt bool 3386If set to 3387.Dq Li YES , 3388run the 3389.Xr chkprintcap 8 3390command before starting the 3391.Xr lpd 8 3392daemon. 3393.It Va chkprintcap_flags 3394.Pq Vt str 3395If 3396.Va lpd_enable 3397and 3398.Va chkprintcap_enable 3399are set to 3400.Dq Li YES , 3401these are the flags to pass to the 3402.Xr chkprintcap 8 3403program. 3404The default is 3405.Dq Li -d , 3406which causes missing directories to be created. 3407.It Va mta_start_script 3408.Pq Vt str 3409This variable specifies the full path to the script to run to start 3410a mail transfer agent. 3411The default is 3412.Pa /etc/rc.sendmail . 3413The 3414.Va sendmail_* 3415variables which 3416.Pa /etc/rc.sendmail 3417uses are documented in the 3418.Xr rc.sendmail 8 3419manual page. 3420.It Va dumpdev 3421.Pq Vt str 3422Indicates the device (usually a swap partition) to which a crash dump 3423should be written in the event of a system crash. 3424If the value of this variable is 3425.Dq Li AUTO , 3426the first suitable swap device listed in 3427.Pa /etc/fstab 3428will be used as dump device. 3429Otherwise, the value of this variable is passed as the argument to 3430.Xr dumpon 8 . 3431To disable crash dumps, set this variable to 3432.Dq Li NO . 3433.It Va dumpdir 3434.Pq Vt str 3435When the system reboots after a crash and a crash dump is found on the 3436device specified by the 3437.Va dumpdev 3438variable, 3439.Xr savecore 8 3440will save that crash dump and a copy of the kernel to the directory 3441specified by the 3442.Va dumpdir 3443variable. 3444The default value is 3445.Pa /var/crash . 3446Set to 3447.Dq Li NO 3448to not run 3449.Xr savecore 8 3450at boot time when 3451.Va dumpdir 3452is set. 3453.It Va savecore_flags 3454.Pq Vt str 3455If crash dumps are enabled, these are the flags to pass to the 3456.Xr savecore 8 3457utility. 3458.It Va quota_enable 3459.Pq Vt bool 3460Set to 3461.Dq Li YES 3462to turn on user and group disk quotas on system startup via the 3463.Xr quotaon 8 3464command for all file systems marked as having quotas enabled in 3465.Pa /etc/fstab . 3466The kernel must be built with 3467.Cd "options QUOTA" 3468for disk quotas to function. 3469.It Va check_quotas 3470.Pq Vt bool 3471Set to 3472.Dq Li YES 3473to enable user and group disk quota checking via the 3474.Xr quotacheck 8 3475command. 3476.It Va quotacheck_flags 3477.Pq Vt str 3478If 3479.Va quota_enable 3480is set to 3481.Dq Li YES , 3482and 3483.Va check_quotas 3484is set to 3485.Dq Li YES , 3486these are the flags to pass to the 3487.Xr quotacheck 8 3488utility. 3489The default is 3490.Dq Li "-a" , 3491which checks quotas for all file systems with quotas enabled in 3492.Pa /etc/fstab . 3493.It Va quotaon_flags 3494.Pq Vt str 3495If 3496.Va quota_enable 3497is set to 3498.Dq Li YES , 3499these are the flags to pass to the 3500.Xr quotaon 8 3501utility. 3502The default is 3503.Dq Li "-a" , 3504which enables quotas for all file systems with quotas enabled in 3505.Pa /etc/fstab . 3506.It Va quotaoff_flags 3507.Pq Vt str 3508If 3509.Va quota_enable 3510is set to 3511.Dq Li YES , 3512these are the flags to pass to the 3513.Xr quotaoff 8 3514utility when shutting down the quota system. 3515The default is 3516.Dq Li "-a" , 3517which disables quotas for all file systems with quotas enabled in 3518.Pa /etc/fstab . 3519.It Va accounting_enable 3520.Pq Vt bool 3521Set to 3522.Dq Li YES 3523to enable system accounting through the 3524.Xr accton 8 3525facility. 3526.It Va ibcs2_enable 3527.Pq Vt bool 3528Set to 3529.Dq Li YES 3530to enable iBCS2 (SCO) binary emulation at system initial boot 3531time. 3532.It Va ibcs2_loaders 3533.Pq Vt str 3534If not set to 3535.Dq Li NO 3536and if 3537.Va ibcs2_enable 3538is set to 3539.Dq Li YES , 3540this specifies a list of additional iBCS2 loaders to enable. 3541.It Va linux_enable 3542.Pq Vt bool 3543Set to 3544.Dq Li YES 3545to enable Linux/ELF binary emulation at system initial 3546boot time. 3547.It Va svr4_enable 3548.Pq Vt bool 3549If set to 3550.Dq Li YES , 3551enable SysVR4 emulation at boot time. 3552.It Va sysvipc_enable 3553.Pq Vt bool 3554If set to 3555.Dq Li YES , 3556load System V IPC primitives at boot time. 3557.It Va clear_tmp_enable 3558.Pq Vt bool 3559Set to 3560.Dq Li YES 3561to have 3562.Pa /tmp 3563cleaned at startup. 3564.It Va clear_tmp_X 3565.Pq Vt bool 3566Set to 3567.Dq Li NO 3568to disable removing of X11 lock files, 3569and the removal and (secure) recreation 3570of the various socket directories for X11 3571related programs. 3572.It Va ldconfig_paths 3573.Pq Vt str 3574Set to the list of shared library paths to use with 3575.Xr ldconfig 8 . 3576NOTE: 3577.Pa /usr/lib 3578will always be added first, so it need not appear in this list. 3579.It Va ldconfig32_paths 3580.Pq Vt str 3581Set to the list of 32-bit compatibility shared library paths to 3582use with 3583.Xr ldconfig 8 . 3584.It Va ldconfig_paths_aout 3585.Pq Vt str 3586Set to the list of shared library paths to use with 3587.Xr ldconfig 8 3588legacy 3589.Xr a.out 5 3590support. 3591.It Va ldconfig_insecure 3592.Pq Vt bool 3593The 3594.Xr ldconfig 8 3595utility normally refuses to use directories 3596which are writable by anyone except root. 3597Set this variable to 3598.Dq Li YES 3599to disable that security check during system startup. 3600.It Va ldconfig_local_dirs 3601.Pq Vt str 3602Set to the list of local 3603.Xr ldconfig 8 3604directories. 3605The names of all files in the directories listed will be 3606passed as arguments to 3607.Xr ldconfig 8 . 3608.It Va ldconfig_local32_dirs 3609.Pq Vt str 3610Set to the list of local 32-bit compatibility 3611.Xr ldconfig 8 3612directories. 3613The names of all files in the directories listed will be 3614passed as arguments to 3615.Dq Nm ldconfig Fl 32 . 3616.It Va kern_securelevel_enable 3617.Pq Vt bool 3618Set to 3619.Dq Li YES 3620to set the kernel security level at system startup. 3621.It Va kern_securelevel 3622.Pq Vt int 3623The kernel security level to set at startup. 3624The allowed range of 3625.Ar value 3626ranges from \-1 (the compile time default) to 3 (the 3627most secure). 3628See 3629.Xr security 7 3630for the list of possible security levels and their effect 3631on system operation. 3632.It Va sshd_program 3633.Pq Vt str 3634Path to the SSH server program 3635.Pa ( /usr/sbin/sshd 3636is the default). 3637.It Va sshd_enable 3638.Pq Vt bool 3639Set to 3640.Dq Li YES 3641to start 3642.Xr sshd 8 3643at system boot time. 3644.It Va sshd_flags 3645.Pq Vt str 3646If 3647.Va sshd_enable 3648is set to 3649.Dq Li YES , 3650these are the flags to pass to the 3651.Xr sshd 8 3652daemon. 3653.It Va ftpd_program 3654.Pq Vt str 3655Path to the FTP server program 3656.Pa ( /usr/libexec/ftpd 3657is the default). 3658.It Va ftpd_enable 3659.Pq Vt bool 3660Set to 3661.Dq Li YES 3662to start 3663.Xr ftpd 8 3664as a stand-alone daemon at system boot time. 3665.It Va ftpd_flags 3666.Pq Vt str 3667If 3668.Va ftpd_enable 3669is set to 3670.Dq Li YES , 3671these are the additional flags to pass to the 3672.Xr ftpd 8 3673daemon. 3674.It Va watchdogd_enable 3675.Pq Vt bool 3676If set to 3677.Dq Li YES , 3678start the 3679.Xr watchdogd 8 3680daemon at boot time. 3681This requires that the kernel have been compiled with a 3682.Xr watchdog 4 3683compatible device. 3684.It Va watchdogd_flags 3685.Pq Vt str 3686If 3687.Va watchdogd_enable 3688is set to 3689.Dq Li YES , 3690these are the flags passed to the 3691.Xr watchdogd 8 3692daemon. 3693.It Va devfs_rulesets 3694.Pq Vt str 3695List of files containing sets of rules for 3696.Xr devfs 8 . 3697.It Va devfs_system_ruleset 3698.Pq Vt str 3699Rule name(s) to apply to the system 3700.Pa /dev 3701itself. 3702.It Va devfs_set_rulesets 3703.Pq Vt str 3704Pairs of already-mounted 3705.Pa dev 3706directories and rulesets that should be applied to them. 3707For example: /mount/dev=ruleset_name 3708.It Va devfs_load_rulesets 3709.Pq Vt bool 3710If set, always load the default rulesets listed in 3711.Va devfs_rulesets . 3712.It Va performance_cx_lowest 3713.Pq Vt str 3714CPU idle state to use while on AC power. 3715The string 3716.Dq Li LOW 3717indicates that 3718.Xr acpi 4 3719should use the lowest power state available while 3720.Dq Li HIGH 3721indicates that the lowest latency state (less power savings) should be used. 3722.It Va performance_cpu_freq 3723.Pq Vt str 3724CPU clock frequency to use while on AC power. 3725The string 3726.Dq Li LOW 3727indicates that 3728.Xr cpufreq 4 3729should use the lowest frequency available while 3730.Dq Li HIGH 3731indicates that the highest frequency (less power savings) should be used. 3732.It Va economy_cx_lowest 3733.Pq Vt str 3734CPU idle state to use when off AC power. 3735The string 3736.Dq Li LOW 3737indicates that 3738.Xr acpi 4 3739should use the lowest power state available while 3740.Dq Li HIGH 3741indicates that the lowest latency state (less power savings) should be used. 3742.It Va economy_cpu_freq 3743.Pq Vt str 3744CPU clock frequency to use when off AC power. 3745The string 3746.Dq Li LOW 3747indicates that 3748.Xr cpufreq 4 3749should use the lowest frequency available while 3750.Dq Li HIGH 3751indicates that the highest frequency (less power savings) should be used. 3752.It Va jail_enable 3753.Pq Vt bool 3754If set to 3755.Dq Li NO , 3756any configured jails will not be started. 3757.It Va jail_parallel_start 3758.Pq Vt bool 3759If set to 3760.Dq Li YES , 3761all configured jails will be started in the background (in parallel). 3762.It Va jail_list 3763.Pq Vt str 3764A space separated list of names for jails. 3765This is purely a configuration aid to help identify and 3766configure multiple jails. 3767The names specified in this list will be used to 3768identify settings common to an instance of a jail, 3769and should contain alphanumeric characters only. 3770Assuming that the jail in question was named 3771.Li vjail , 3772you would have the following dependent variables: 3773.Bd -literal 3774jail_vjail_hostname="jail.example.com" 3775jail_vjail_ip="192.0.2.100" 3776jail_vjail_rootdir="/var/jails/vjail/root" 3777.Ed 3778.Pp 3779.It Va jail_flags 3780.Pq Vt str 3781Unset by default. 3782When set, use as default value for 3783.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3784for every jail in 3785.Va jail_list . 3786.It Va jail_interface 3787.Pq Vt str 3788Unset by default. 3789When set, use as default value for 3790.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3791for every jail in 3792.Va jail_list . 3793.It Va jail_fstab 3794.Pq Vt str 3795Unset by default. 3796When set, use as default value for 3797.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3798for every jail in 3799.Va jail_list . 3800.It Va jail_mount_enable 3801.Pq Vt bool 3802Set to 3803.Dq Li NO 3804by default. 3805When set to 3806.Dq Li YES , 3807sets 3808.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3809to 3810.Dq Li YES 3811by default for every jail in 3812.Va jail_list . 3813.It Va jail_devfs_ruleset 3814.Pq Vt str 3815Unset by default. 3816When set, sets 3817.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3818to given value for every jail in 3819.Va jail_list . 3820.It Va jail_devfs_enable 3821.Pq Vt bool 3822Set to 3823.Dq Li NO 3824by default. 3825When set to 3826.Dq Li YES , 3827sets 3828.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3829to 3830.Dq Li YES 3831by default for every jail in 3832.Va jail_list . 3833.It Va jail_fdescfs_enable 3834.Pq Vt bool 3835Set to 3836.Dq Li NO 3837by default. 3838When set to 3839.Dq Li YES , 3840sets 3841.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3842to 3843.Dq Li YES 3844by default for every jail in 3845.Va jail_list . 3846.It Va jail_procfs_enable 3847.Pq Vt bool 3848Set to 3849.Dq Li NO 3850by default. 3851When set to 3852.Dq Li YES , 3853sets 3854.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3855to 3856.Dq Li YES 3857by default for every jail in 3858.Va jail_list . 3859.It Va jail_exec_prestart Ns Aq Ar N 3860.Pq Vt str 3861Unset by default. 3862When set, use as default value for 3863.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3864for every jail in 3865.Va jail_list . 3866.It Va jail_exec_start 3867.Pq Vt str 3868Unset by default. 3869When set, use as default value for 3870.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3871for every jail in 3872.Va jail_list . 3873.It Va jail_exec_afterstart Ns Aq Ar N 3874.Pq Vt str 3875Unset by default. 3876When set, use as default value for 3877.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3878for every jail in 3879.Va jail_list . 3880.It Va jail_exec_poststart Ns Aq Ar N 3881.Pq Vt str 3882Unset by default. 3883When set, use as default value for 3884.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3885for every jail in 3886.Va jail_list . 3887.It Va jail_exec_prestop Ns Aq Ar N 3888.Pq Vt str 3889Unset by default. 3890When set, use as default value for 3891.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3892for every jail in 3893.Va jail_list . 3894.It Va jail_exec_stop 3895Unset by default. 3896When set, use as default value for 3897.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3898for every jail in 3899.Va jail_list . 3900.It Va jail_exec_poststop Ns Aq Ar N 3901.Pq Vt str 3902Unset by default. 3903When set, use as default value for 3904.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3905for every jail in 3906.Va jail_list . 3907.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3908.Pq Vt str 3909Unset by default. 3910Set to the root directory used by jail 3911.Va jname . 3912.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3913.Pq Vt str 3914Unset by default. 3915Set to the fully qualified domain name (FQDN) assigned to jail 3916.Va jname . 3917.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3918.Pq Vt str 3919Unset by default. 3920Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 3921The argument can be a sole address or a comma separated list of addresses. 3922Additionally each address can be prefixed by the name of an interface 3923followed by a pipe to overwrite 3924.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3925or 3926.Va jail_interface 3927and/or suffixed by a netmask, prefixlen or prefix. 3928In case no netmask, prefixlen or prefix is given, 3929.Sq /32 3930will be used for IPv4 and 3931.Sq /128 3932will be used for an IPv6 address. 3933If no address is given for the jail then the jail will be started with 3934no networking support. 3935.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3936.Pq Vt str 3937Unset by default. 3938Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 3939The sequence starts with 3940.Dq Li _multi0 3941and the numbers have to be strictly ascending. 3942These entries follow the same syntax as their primary 3943.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3944entry. 3945The order of the entries can be important as the first address for 3946each address family found will be the primary address of the jail. 3947See 3948.Va ip-addresses 3949option in 3950.Xr jail 8 3951for more details. 3952.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3953.Pq Vt str 3954Set to 3955.Dq Li -l -U root 3956by default. 3957These are flags to pass to 3958.Xr jail 8 . 3959.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3960.Pq Vt str 3961Unset by default. 3962When set, sets the interface to use when setting IP address alias. 3963Note that the alias is created at jail startup and removed at jail shutdown. 3964.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3965.Pq Vt str 3966Unset by default. 3967When set, the jail is started with the specified forwarding table (sometimes 3968referred to as a routing table) via 3969.Xr setfib 1 . 3970.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3971.Pq Vt str 3972Set to 3973.Pa /etc/fstab. Ns Aq Ar jname 3974by default. 3975This is the file system information file to use for jail 3976.Va jname . 3977.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3978.Pq Vt bool 3979Set to 3980.Dq Li NO 3981by default. 3982When set to 3983.Dq Li YES , 3984mount all file systems from 3985.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3986at jail startup. 3987.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3988.Pq Vt str 3989Unset by default. 3990When set, defines the device file system ruleset file to use for jail 3991.Va jname . 3992.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3993.Pq Vt bool 3994Set to 3995.Dq Li NO 3996by default. 3997When set to 3998.Dq Li YES , 3999mount the device file system inside jail 4000.Ar jname 4001at jail startup. 4002.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4003.Pq Vt bool 4004Set to 4005.Dq Li NO 4006by default. 4007When set to 4008.Dq Li YES , 4009mount the file-descriptor file system inside jail 4010.Ar jname 4011at jail startup. 4012.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4013.Pq Vt bool 4014Set to 4015.Dq Li NO 4016by default. 4017When set to 4018.Dq Li YES , 4019mount the process file system inside jail 4020.Ar jname 4021at jail startup. 4022.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4023.Pq Vt str 4024Unset by default. 4025This is the command run as 4026.Ar N Ns 4027th command 4028before jail startup, where 4029.Ar N 4030is 0, 1, and so on. 4031It is run outside the jail. 4032.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4033.Pq Vt str 4034Set to 4035.Dq Li /bin/sh /etc/rc 4036by default. 4037This is the command executed in a jail at jail startup. 4038.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4039.Pq Vt str 4040Unset by default. 4041This is the command run as 4042.Ar N Ns 4043th command 4044in a jail 4045after jail startup, where 4046.Ar N 4047is 1, 2, and so on. 4048.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4049.Pq Vt str 4050Unset by default. 4051This is the command run as 4052.Ar N Ns 4053th command 4054after jail startup, where 4055.Ar N 4056is 0, 1, and so on. 4057It is run outside the jail. 4058.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4059.Pq Vt str 4060Unset by default. 4061This is the command run as 4062.Ar N Ns 4063th command 4064before jail shutdown, where 4065.Ar N 4066is 0, 1, and so on. 4067It is run outside the jail. 4068.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4069.Pq Vt str 4070Set to 4071.Dq Li /bin/sh /etc/rc.shutdown 4072by default. 4073This is the command executed in a jail at jail shutdown. 4074.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4075.Pq Vt str 4076Unset by default. 4077This is the command run as 4078.Ar N Ns 4079th command 4080after jail shutdown, where 4081.Ar N 4082is 0, 1, and so on. 4083It is run outside the jail. 4084.It Va jail_set_hostname_allow 4085.Pq Vt bool 4086If set to 4087.Dq Li NO , 4088do not allow the root user in a jail to set its hostname. 4089.It Va jail_socket_unixiproute_only 4090.Pq Vt bool 4091If set to 4092.Dq Li YES , 4093do not allow any sockets, 4094besides UNIX/IP/route sockets, 4095to be used within a jail. 4096.It Va jail_sysvipc_allow 4097.Pq Vt bool 4098If set to 4099.Dq Li YES , 4100allow applications within a jail to use System V IPC. 4101.\" ----------------------------------------------------- 4102.It Va harvest_interrupt 4103.Pq Vt bool 4104Set to 4105.Dq Li YES 4106to use hardware interrupts as an entropy source. 4107Refer to 4108.Xr random 4 4109for more information. 4110.It Va harvest_ethernet 4111.Pq Vt bool 4112Set to 4113.Dq Li YES 4114to use LAN traffic as an entropy source. 4115Refer to 4116.Xr random 4 4117for more information. 4118.It Va harvest_p_to_p 4119.Pq Vt bool 4120Set to 4121.Dq Li YES 4122to use serial line traffic as an entropy source. 4123Refer to 4124.Xr random 4 4125for more information. 4126.It Va entropy_dir 4127.Pq Vt str 4128Set to 4129.Dq Li NO 4130to disable caching entropy via 4131.Xr cron 8 . 4132Otherwise set to the directory used to store entropy files in. 4133.It Va entropy_file 4134.Pq Vt str 4135Set to 4136.Dq Li NO 4137to disable caching entropy through reboots. 4138Otherwise set to the filename used to store cached entropy through 4139reboots. 4140This file should be located on the root file system to seed the 4141.Xr random 4 4142device as early as possible in the boot process. 4143.It Va entropy_save_sz 4144.Pq Vt int 4145Size of the entropy cache files saved by 4146.Nm save-entropy 4147periodically. 4148.It Va entropy_save_num 4149.Pq Vt int 4150Number of entropy cache files to save by 4151.Nm save-entropy 4152periodically. 4153.It Va ipsec_enable 4154.Pq Vt bool 4155Set to 4156.Dq Li YES 4157to run 4158.Xr setkey 8 4159on 4160.Va ipsec_file 4161at boot time. 4162.It Va ipsec_file 4163.Pq Vt str 4164Configuration file for 4165.Xr setkey 8 . 4166.It Va dmesg_enable 4167.Pq Vt bool 4168Set to 4169.Dq Li YES 4170to save 4171.Xr dmesg 8 4172to 4173.Pa /var/run/dmesg.boot 4174on boot. 4175.It Va rcshutdown_timeout 4176.Pq Vt int 4177If set, start a watchdog timer in the background which will terminate 4178.Pa rc.shutdown 4179if 4180.Xr shutdown 8 4181has not completed within the specified time (in seconds). 4182Notice that in addition to this soft timeout, 4183.Xr init 8 4184also applies a hard timeout for the execution of 4185.Pa rc.shutdown . 4186This is configured via 4187.Xr sysctl 8 4188variable 4189.Va kern.init_shutdown_timeout 4190and defaults to 120 seconds. 4191Setting the value of 4192.Va rcshutdown_timeout 4193to more than 120 seconds will have no effect until the 4194.Xr sysctl 8 4195variable 4196.Va kern.init_shutdown_timeout 4197is also increased. 4198.It Va virecover_enable 4199.Pq Vt bool 4200Set to 4201.Dq Li NO 4202to prevent the system from trying to 4203recover pre-maturely terminated 4204.Xr vi 1 4205sessions. 4206.It Va ugidfw_enable 4207.Pq Vt bool 4208Set to 4209.Dq Li YES 4210to load the 4211.Xr mac_bsdextended 4 4212module upon system initialization and load a default 4213ruleset file. 4214.It Va bsdextended_script 4215.Pq Vt str 4216The default 4217.Xr mac_bsdextended 4 4218ruleset file to load. 4219The default value of this variable is 4220.Pa /etc/rc.bsdextended . 4221.It Va newsyslog_enable 4222.Pq Vt bool 4223If set to 4224.Dq Li YES , 4225run 4226.Xr newsyslog 8 4227command at startup. 4228.It Va newsyslog_flags 4229.Pq Vt str 4230If 4231.Va newsyslog_enable 4232is set to 4233.Dq Li YES , 4234these are the flags to pass to the 4235.Xr newsyslog 8 4236program. 4237The default is 4238.Dq Li -CN , 4239which causes log files flagged with a 4240.Cm C 4241to be created. 4242.It Va mdconfig_md Ns Aq Ar X 4243.Pq Vt str 4244Arguments to 4245.Xr mdconfig 8 4246for 4247.Xr md 4 4248device 4249.Ar X . 4250At minimum a 4251.Fl t Ar type 4252must be specified and either a 4253.Fl s Ar size 4254for malloc or swap backed 4255.Xr md 4 4256devices or a 4257.Fl f Ar file 4258for vnode backed 4259.Xr md 4 4260devices. 4261Note that 4262.Va mdconfig_md Ns Aq Ar X 4263variables are evaluated until one variable is unset or null. 4264.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4265.Pq Vt str 4266Optional arguments passed to 4267.Xr newfs 8 4268to initialize 4269.Xr md 4 4270device 4271.Ar X . 4272.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4273.Pq Vt str 4274An ownership specification passed to 4275.Xr chown 8 4276after the specified 4277.Xr md 4 4278device 4279.Ar X 4280has been mounted. 4281Both the 4282.Xr md 4 4283device and the mount point will be changed. 4284.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4285.Pq Vt str 4286A mode string passed to 4287.Xr chmod 1 4288after the specified 4289.Xr md 4 4290device 4291.Ar X 4292has been mounted. 4293Both the 4294.Xr md 4 4295device and the mount point will be changed. 4296.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4297.Pq Vt str 4298Files to be copied to the mount point of the 4299.Xr md 4 4300device 4301.Ar X 4302after it has been mounted. 4303.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4304.Pq Vt str 4305Command to execute after the specified 4306.Xr md 4 4307device 4308.Ar X 4309has been mounted. 4310Note that the command is passed to 4311.Ic eval 4312and that both 4313.Va _dev 4314and 4315.Va _mp 4316variables can be used to reference respectively the 4317.Xr md 4 4318device and the mount point. 4319Assuming that the 4320.Xr md 4 4321device is 4322.Li md0 , 4323one could set the following: 4324.Bd -literal 4325mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4326.Ed 4327.It Va autobridge_interfaces 4328.Pq Vt str 4329Set to the list of bridge interfaces that will have newly arriving interfaces 4330checked against to be automatically added. 4331If not set to 4332.Dq Li NO 4333then for each whitespace separated 4334.Ar element 4335in the value, a 4336.Va autobridge_ Ns Aq Ar element 4337variable is assumed to exist which has a whitespace separated list of interface 4338names to match, these names can use wildcards. 4339For example: 4340.Bd -literal 4341autobridge_interfaces="bridge0" 4342autobridge_bridge0="tap* dc0 vlan[345]" 4343.Ed 4344.It Va mixer_enable 4345.Pq Vt bool 4346If set to 4347.Dq Li YES , 4348enable support for sound mixer. 4349.It Va hcsecd_enable 4350.Pq Vt bool 4351If set to 4352.Dq Li YES , 4353enable Bluetooth security daemon. 4354.It Va hcsecd_config 4355.Pq Vt str 4356Configuration file for 4357.Xr hcsecd 8 . 4358Default 4359.Pa /etc/bluetooth/hcsecd.conf . 4360.It Va sdpd_enable 4361.Pq Vt bool 4362If set to 4363.Dq Li YES , 4364enable Bluetooth Service Discovery Protocol daemon. 4365.It Va sdpd_control 4366.Pq Vt str 4367Path to 4368.Xr sdpd 8 4369control socket. 4370Default 4371.Pa /var/run/sdp . 4372.It Va sdpd_groupname 4373.Pq Vt str 4374Sets 4375.Xr sdpd 8 4376group to run as after it initializes. 4377Default 4378.Dq Li nobody . 4379.It Va sdpd_username 4380.Pq Vt str 4381Sets 4382.Xr sdpd 8 4383user to run as after it initializes. 4384Default 4385.Dq Li nobody . 4386.It Va bthidd_enable 4387.Pq Vt bool 4388If set to 4389.Dq Li YES , 4390enable Bluetooth Human Interface Device daemon. 4391.It Va bthidd_config 4392.Pq Vt str 4393Configuration file for 4394.Xr bthidd 8 . 4395Default 4396.Pa /etc/bluetooth/bthidd.conf . 4397.It Va bthidd_hids 4398.Pq Vt str 4399Path to a file, where 4400.Xr bthidd 8 4401will store information about known HID devices. 4402Default 4403.Pa /var/db/bthidd.hids . 4404.It Va rfcomm_pppd_server_enable 4405.Pq Vt bool 4406If set to 4407.Dq Li YES , 4408enable Bluetooth RFCOMM PPP wrapper daemon. 4409.It Va rfcomm_pppd_server_profile 4410.Pq Vt str 4411The name of the profile to use from 4412.Pa /etc/ppp/ppp.conf . 4413Multiple profiles can be specified here. 4414Also used to specify per-profile overrides. 4415When the profile name contains any of the characters 4416.Dq Li .-/+ 4417they are translated to 4418.Dq Li _ 4419for the proposes of the override variable names. 4420.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4421.Pq Vt str 4422Overrides local address to listen on. 4423By default 4424.Xr rfcomm_pppd 8 4425will listen on 4426.Dq Li ANY 4427address. 4428The address can be specified as BD_ADDR or name. 4429.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4430.Pq Vt str 4431Overrides local RFCOMM channel to listen on. 4432By default 4433.Xr rfcomm_pppd 8 4434will listen on RFCOMM channel 1. 4435Must set properly if multiple profiles used in the same time. 4436.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4437.Pq Vt bool 4438Tells 4439.Xr rfcomm_pppd 8 4440if it should register Serial Port service on the specified RFCOMM channel. 4441Default 4442.Dq Li NO . 4443.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4444.Pq Vt bool 4445Tells 4446.Xr rfcomm_pppd 8 4447if it should register Dial-Up Networking service on the specified 4448RFCOMM channel. 4449Default 4450.Dq Li NO . 4451.It Va ubthidhci_enable 4452.Pq Vt bool 4453If set to 4454.Dq Li YES , 4455change the USB Bluetooth controller from HID mode to HCI mode. 4456You also need to specify the location of USB Bluetooth controller with the 4457.Va ubthidhci_busnum 4458and 4459.Va ubthidhci_addr 4460variables. 4461.It Va ubthidhci_busnum 4462Bus number where the USB Bluetooth controller is located. 4463Check the output of 4464.Xr usbconfig 8 4465on your system to find this information. 4466.It Va ubthidhci_addr 4467Bus address of the USB Bluetooth controller. 4468Check the output of 4469.Xr usbconfig 8 4470on your system to find this information. 4471.It Va netwait_enable 4472.Pq Vt bool 4473If set to 4474.Dq Li YES , 4475delays the start of network-reliant services until 4476.Va netwait_if 4477is up and ICMP packets to a destination defined in 4478.Va netwait_ip 4479are flowing. 4480Link state is examined first, followed by 4481.Dq Li pinging 4482an IP address to verify network usability. 4483If no destination can be reached or timeouts are exceeded, 4484network services are started anyway with no guarantee that 4485the network is usable. 4486Use of this variable requires both 4487.Va netwait_ip 4488and 4489.Va netwait_if 4490to be set. 4491.It Va netwait_ip 4492.Pq Vt str 4493Empty by default. 4494This variable contains a space-delimited list of IP addresses to 4495.Xr ping 8 . 4496DNS hostnames should not be used as resolution is not guaranteed 4497to be functional at this point. 4498If multiple IP addresses are specified, 4499each will be tried until one is successful or the list is exhausted. 4500.It Va netwait_timeout 4501.Pq Vt int 4502Indicates the total number of seconds to perform a 4503.Dq Li ping 4504against each IP address in 4505.Va netwait_ip , 4506at a rate of one ping per second. 4507If any of the pings are successful, 4508full network connectivity is considered reliable. 4509The default is 60. 4510.It Va netwait_if 4511.Pq Vt str 4512Empty by default. 4513Defines the name of the network interface on which watch for link. 4514.Xr ifconfig 8 4515is used to monitor the interface, looking for 4516.Dq Li status: no carrier . 4517Once gone, the link is considered up. 4518This can be a 4519.Xr vlan 4 4520interface if desired. 4521.It Va netwait_if_timeout 4522.Pq Vt int 4523Defines the total number of seconds to wait for link to become usable, 4524polled at a 1-second interval. 4525The default is 30. 4526.El 4527.Sh FILES 4528.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4529.It Pa /etc/defaults/rc.conf 4530.It Pa /etc/rc.conf 4531.It Pa /etc/rc.conf.local 4532.El 4533.Sh SEE ALSO 4534.Xr catman 1 , 4535.Xr chmod 1 , 4536.Xr gdb 1 , 4537.Xr info 1 , 4538.Xr kbdcontrol 1 , 4539.Xr makewhatis 1 , 4540.Xr sh 1 , 4541.Xr vi 1 , 4542.Xr vidcontrol 1 , 4543.Xr bridge 4 , 4544.Xr dummynet 4 , 4545.Xr ip 4 , 4546.Xr ipf 4 , 4547.Xr ipfw 4 , 4548.Xr ipnat 4 , 4549.Xr kld 4 , 4550.Xr pf 4 , 4551.Xr pflog 4 , 4552.Xr pfsync 4 , 4553.Xr tcp 4 , 4554.Xr udp 4 , 4555.Xr exports 5 , 4556.Xr fstab 5 , 4557.Xr ipf 5 , 4558.Xr ipnat 5 , 4559.Xr motd 5 , 4560.Xr newsyslog.conf 5 , 4561.Xr pf.conf 5 , 4562.Xr security 7 , 4563.Xr accton 8 , 4564.Xr amd 8 , 4565.Xr apm 8 , 4566.Xr atm 8 , 4567.Xr bthidd 8 , 4568.Xr chkprintcap 8 , 4569.Xr chown 8 , 4570.Xr cron 8 , 4571.Xr devfs 8 , 4572.Xr dhclient 8 , 4573.Xr ftpd 8 , 4574.Xr geli 8 , 4575.Xr hcsecd 8 , 4576.Xr ifconfig 8 , 4577.Xr inetd 8 , 4578.Xr ipf 8 , 4579.Xr ipfw 8 , 4580.Xr ipnat 8 , 4581.Xr jail 8 , 4582.Xr kldxref 8 , 4583.Xr lpd 8 , 4584.Xr mdconfig 8 , 4585.Xr mdmfs 8 , 4586.Xr mixer 8 , 4587.Xr mountd 8 , 4588.Xr moused 8 , 4589.Xr mrouted 8 , 4590.Xr named 8 , 4591.Xr newfs 8 , 4592.Xr newsyslog 8 , 4593.Xr nfsd 8 , 4594.Xr ntpd 8 , 4595.Xr ntpdate 8 , 4596.Xr pfctl 8 , 4597.Xr pflogd 8 , 4598.Xr ping 8 , 4599.Xr powerd 8 , 4600.Xr quotacheck 8 , 4601.Xr quotaon 8 , 4602.Xr rc 8 , 4603.Xr rc.sendmail 8 , 4604.Xr rfcomm_pppd 8 , 4605.Xr route 8 , 4606.Xr routed 8 , 4607.Xr rpcbind 8 , 4608.Xr rpc.lockd 8 , 4609.Xr rpc.statd 8 , 4610.Xr rwhod 8 , 4611.Xr savecore 8 , 4612.Xr sdpd 8 , 4613.Xr sshd 8 , 4614.Xr swapon 8 , 4615.Xr sysctl 8 , 4616.Xr syslogd 8 , 4617.Xr timed 8 , 4618.Xr usbconfig 8 , 4619.Xr wlandebug 8 , 4620.Xr yp 8 , 4621.Xr ypbind 8 , 4622.Xr ypserv 8 , 4623.Xr ypset 8 4624.Sh HISTORY 4625The 4626.Nm 4627file appeared in 4628.Fx 2.2.2 . 4629.Sh AUTHORS 4630.An Jordan K. Hubbard . 4631