xref: /freebsd/share/man/man5/rc.conf.5 (revision 3ff01b231dfa83d518854c63e7c9cd1debd1139e)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd May 13, 2021
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/defaults/vendor.conf
63allows vendors to override
64.Fx
65defaults.
66The file
67.Pa /etc/rc.conf.local
68is used to override settings in
69.Pa /etc/rc.conf
70for historical reasons.
71.Pp
72The sysrc(8) command provides a scripting interface to modify system
73config files.
74.Pp
75In addition to
76.Pa /etc/rc.conf.local
77you can also place smaller configuration files for each
78.Xr rc 8
79script in the
80.Pa /etc/rc.conf.d
81directory or
82.Ao Ar dir Ac Ns Pa /rc.conf.d
83directories specified in
84.Va local_startup ,
85which will be included by the
86.Va load_rc_config
87function.
88For jail configurations you could use the file
89.Pa /etc/rc.conf.d/jail
90to store jail specific configuration options.
91If
92.Va local_startup
93contains
94.Pa /usr/local/etc/rc.d
95and
96.Pa /opt/conf ,
97.Pa /usr/local/rc.conf.d/jail
98and
99.Pa /opt/conf/rc.conf.d/jail
100will be loaded.
101If
102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
103is a directory,
104all of files in the directory will be loaded.
105Also see the
106.Va rc_conf_files
107variable below.
108.Pp
109Options are set with
110.Dq Ar name Ns Li = Ns Ar value
111assignments that use
112.Xr sh 1
113syntax.
114The following list provides a name and short description for each
115variable that can be set in the
116.Nm
117file:
118.Bl -tag -width indent-two
119.It Va rc_debug
120.Pq Vt bool
121If set to
122.Dq Li YES ,
123enable output of debug messages from rc scripts.
124This variable can be helpful in diagnosing mistakes when
125editing or integrating new scripts.
126Beware that this produces copious output to the terminal and
127.Xr syslog 3 .
128.It Va rc_info
129.Pq Vt bool
130If set to
131.Dq Li NO ,
132disable informational messages from the rc scripts.
133Informational messages are displayed when
134a condition that is not serious enough to warrant a warning or
135an error occurs.
136.It Va rc_startmsgs
137.Pq Vt bool
138If set to
139.Dq Li YES ,
140show
141.Dq Starting foo:
142when faststart is used (e.g., at boot time).
143.It Va early_late_divider
144.Pq Vt str
145The name of the script that should be used as the
146delimiter between the
147.Dq early
148and
149.Dq late
150stages of the boot process.
151The early stage should contain all the services needed to
152get the disks (local or remote) mounted so that the late
153stage can include scripts contained in the directories
154listed in the
155.Va local_startup
156variable (see below).
157Thus, the two likely candidates for this value are
158.Pa mountcritlocal
159for the typical system, and
160.Pa mountcritremote
161if the system needs remote file
162systems mounted to get access to the
163.Va local_startup
164directories; for example when
165.Pa /usr/local
166is NFS mounted.
167For
168.Pa rc.conf
169within a
170.Xr jail 8
171.Pa NETWORKING
172is likely to be an appropriate value.
173Extreme care should be taken when changing this value,
174and before changing it one should ensure that there are
175adequate provisions to recover from a failed boot
176(such as physical contact with the machine,
177or reliable remote console access).
178.It Va always_force_depends
179.Pq Vt bool
180Various
181.Pa rc.d
182scripts use the force_depend function to check whether required
183services are already running, and to start them if necessary.
184By default during boot time this check is bypassed if the
185required service is enabled in
186.Pa /etc/rc.conf[.local] .
187Setting this option will bypass that check at boot time and
188always test whether or not the service is actually running.
189Enabling this option is likely to increase your boot time if
190services are enabled that utilize the force_depend check.
191.It Ao Ar name Ac Ns Va _chroot
192.Pq Vt str
193.Xr chroot 8
194to this directory before running the service.
195.It Ao Ar name Ac Ns Va _user
196.Pq Vt str
197Run the service under this user account.
198.It Ao Ar name Ac Ns Va _group
199.Pq Vt str
200Run the chrooted service under this system group.
201Unlike the _user
202setting, this setting has no effect if the service is not chrooted.
203.It Ao Ar name Ac Ns Va _fib
204.Pq Vt int
205The
206.Xr setfib 1
207value to run the service under.
208.It Ao Ar name Ac Ns Va _nice
209.Pq Vt int
210The
211.Xr nice 1
212value to run the service under.
213.It Va apm_enable
214.Pq Vt bool
215If set to
216.Dq Li YES ,
217enable support for Automatic Power Management with
218the
219.Xr apm 8
220command.
221.It Va apmd_enable
222.Pq Vt bool
223Run
224.Xr apmd 8
225to handle APM event from userland.
226This also enables support for APM.
227.It Va apmd_flags
228.Pq Vt str
229If
230.Va apmd_enable
231is set to
232.Dq Li YES ,
233these are the flags to pass to the
234.Xr apmd 8
235daemon.
236.It Va devd_enable
237.Pq Vt bool
238Run
239.Xr devd 8
240to handle device added, removed or unknown events from the kernel.
241.It Va ddb_enable
242.Pq Vt bool
243Run
244.Xr ddb 8
245to install
246.Xr ddb 4
247scripts at boot time.
248.It Va ddb_config
249.Pq Vt str
250Configuration file for
251.Xr ddb 8 .
252Default
253.Pa /etc/ddb.conf .
254.It Va devmatch_enable
255.Pq Vt bool
256If set to
257.Dq Li NO ,
258disable auto-loading of kernel modules with
259.Xr devmatch 8 .
260.It Va devmatch_blacklist
261.Pq Vt str
262A whitespace-separated list of kernel modules to be ignored by
263.Xr devmatch 8 .
264.It Va kld_list
265.Pq Vt str
266A whitespace-separated list of kernel modules to load right after
267the local disks are mounted, without any
268.Pa .ko
269extension or path.
270Loading modules at this point in the boot process is
271much faster than doing it via
272.Pa /boot/loader.conf
273for those modules not necessary for mounting local disks.
274.It Va kldxref_enable
275.Pq Vt bool
276Set to
277.Dq Li NO
278by default.
279Set to
280.Dq Li YES
281to automatically rebuild
282.Pa linker.hints
283files with
284.Xr kldxref 8
285at boot time.
286.It Va kldxref_clobber
287.Pq Vt bool
288Set to
289.Dq Li NO
290by default.
291If
292.Va kldxref_enable
293is true,
294setting to
295.Dq Li YES
296will overwrite existing
297.Pa linker.hints
298files at boot time.
299Otherwise,
300only missing
301.Pa linker.hints
302files are generated.
303.It Va kldxref_module_path
304.Pq Vt str
305Empty by default.
306A semi-colon
307.Pq Ql \&;
308delimited list of paths containing
309.Xr kld 4
310modules.
311If empty,
312the contents of the
313.Va kern.module_path
314.Xr sysctl 8
315are used.
316.It Va powerd_enable
317.Pq Vt bool
318If set to
319.Dq Li YES ,
320enable the system power control facility with the
321.Xr powerd 8
322daemon.
323.It Va powerd_flags
324.Pq Vt str
325If
326.Va powerd_enable
327is set to
328.Dq Li YES ,
329these are the flags to pass to the
330.Xr powerd 8
331daemon.
332.It Va tmpmfs
333Controls the creation of a
334.Pa /tmp
335memory file system.
336Always happens if set to
337.Dq Li YES
338and never happens if set to
339.Dq Li NO .
340If set to anything else, a memory file system is created if
341.Pa /tmp
342is not writable.
343.It Va tmpsize
344Controls the size of a created
345.Pa /tmp
346memory file system.
347.It Va tmpmfs_flags
348Extra options passed to the
349.Xr mdmfs 8
350utility when the memory file system for
351.Pa /tmp
352is created.
353The default is
354.Dq Li "-S" ,
355which inhibits the use of softupdates on
356.Pa /tmp
357so that file system space is freed without delay
358after file truncation or deletion.
359See
360.Xr mdmfs 8
361for other options you can use in
362.Va tmpmfs_flags .
363.It Va varmfs
364Controls the creation of a
365.Pa /var
366memory file system.
367Always happens if set to
368.Dq Li YES
369and never happens if set to
370.Dq Li NO .
371If set to anything else, a memory file system is created if
372.Pa /var
373is not writable.
374.It Va varsize
375Controls the size of a created
376.Pa /var
377memory file system.
378.It Va varmfs_flags
379Extra options passed to the
380.Xr mdmfs 8
381utility when the memory file system for
382.Pa /var
383is created.
384The default is
385.Dq Li "-S" ,
386which inhibits the use of softupdates on
387.Pa /var
388so that file system space is freed without delay
389after file truncation or deletion.
390See
391.Xr mdmfs 8
392for other options you can use in
393.Va varmfs_flags .
394.It Va populate_var
395Controls the automatic population of the
396.Pa /var
397file system.
398Always happens if set to
399.Dq Li YES
400and never happens if set to
401.Dq Li NO .
402If set to anything else, a memory file system is created if
403.Pa /var
404is not writable.
405Note that this process requires access to certain commands in
406.Pa /usr
407before
408.Pa /usr
409is mounted on normal systems.
410.It Va cleanvar_enable
411.Pq Vt bool
412Clean the
413.Pa /var
414directory.
415.It Va local_startup
416.Pq Vt str
417List of directories to search for startup script files.
418.It Va script_name_sep
419.Pq Vt str
420The field separator to use for breaking down the list of startup script files
421into individual filenames.
422The default is a space.
423It is not necessary to change this unless there are startup scripts with names
424containing spaces.
425.It Va hostapd_enable
426.Pq Vt bool
427Set to
428.Dq Li YES
429to start
430.Xr hostapd 8
431at system boot time.
432.It Va hostname
433.Pq Vt str
434The fully qualified domain name (FQDN) of this host on the network.
435This should almost certainly be set to something meaningful, even if
436there is no network connection.
437If
438.Xr dhclient 8
439is used to set the hostname via DHCP,
440this variable should be set to an empty string.
441Within a
442.Xr jail 8
443the hostname is generally already set and this variable may be absent.
444If this value remains unset when the system is done booting
445your console login will display the default hostname of
446.Dq Amnesiac .
447.It Va nisdomainname
448.Pq Vt str
449The NIS domain name of this host, or
450.Dq Li NO
451if NIS is not used.
452.It Va dhclient_program
453.Pq Vt str
454Path to the DHCP client program
455.Pa ( /sbin/dhclient ,
456the
457.Ox
458DHCP client,
459is the default).
460.It Va dhclient_flags
461.Pq Vt str
462Additional flags to pass to the DHCP client program.
463For the
464.Ox
465DHCP client, see the
466.Xr dhclient 8
467manpage for a description of the command line options available.
468.It Va dhclient_flags_ Ns Aq Ar iface
469Additional flags to pass to the DHCP client program running on
470.Ar iface
471only.
472When specified, this variable overrides
473.Va dhclient_flags .
474.It Va background_dhclient
475.Pq Vt bool
476Set to
477.Dq Li YES
478to start the DHCP client in background.
479This can cause trouble with applications depending on
480a working network, but it will provide a faster startup
481in many cases.
482.It Va background_dhclient_ Ns Aq Ar iface
483When specified, this variable overrides the
484.Va background_dhclient
485variable for interface
486.Ar iface
487only.
488.It Va synchronous_dhclient
489.Pq Vt bool
490Set to
491.Dq Li YES
492to start
493.Xr dhclient 8
494synchronously at startup.
495This behavior can be overridden on a per-interface basis by replacing
496the
497.Dq Li DHCP
498keyword in the
499.Va ifconfig_ Ns Aq Ar interface
500variable with
501.Dq Li SYNCDHCP
502or
503.Dq Li NOSYNCDHCP .
504.It Va defaultroute_delay
505.Pq Vt int
506When set to a positive value, wait up to this long after configuring
507DHCP interfaces at startup to give the interfaces time to receive a lease.
508.It Va firewall_enable
509.Pq Vt bool
510Set to
511.Dq Li YES
512to load firewall rules at startup.
513If the kernel was not built with
514.Cd "options IPFIREWALL" ,
515the
516.Pa ipfw.ko
517kernel module will be loaded.
518See also
519.Va ipfilter_enable .
520.It Va firewall_script
521.Pq Vt str
522This variable specifies the full path to the firewall script to run.
523The default is
524.Pa /etc/rc.firewall .
525.It Va firewall_type
526.Pq Vt str
527Names the firewall type from the selection in
528.Pa /etc/rc.firewall ,
529or the file which contains the local firewall ruleset.
530Valid selections from
531.Pa /etc/rc.firewall
532are:
533.Pp
534.Bl -tag -width ".Li workstation" -compact
535.It Li open
536unrestricted IP access
537.It Li closed
538all IP services disabled, except via
539.Dq Li lo0
540.It Li client
541basic protection for a workstation
542.It Li workstation
543basic protection for a workstation using stateful firewalling
544.It Li simple
545basic protection for a LAN.
546.El
547.Pp
548If a filename is specified, the full path
549must be given.
550.Pp
551Most of the predefined rulesets define additional configuration variables.
552These are documented in
553.Pa /etc/rc.firewall .
554.It Va firewall_quiet
555.Pq Vt bool
556Set to
557.Dq Li YES
558to disable the display of firewall rules on the console during boot.
559.It Va firewall_logging
560.Pq Vt bool
561Set to
562.Dq Li YES
563to enable firewall event logging.
564This is equivalent to the
565.Dv IPFIREWALL_VERBOSE
566kernel option.
567.It Va firewall_logif
568.Pq Vt bool
569Set to
570.Dq Li YES
571to create pseudo interface
572.Li ipfw0
573for logging.
574For more details, see
575.Xr ipfw 8
576manual page.
577.It Va firewall_flags
578.Pq Vt str
579Flags passed to
580.Xr ipfw 8
581if
582.Va firewall_type
583specifies a filename.
584.It Va firewall_coscripts
585.Pq Vt str
586List of executables and/or rc scripts to run after firewall starts/stops.
587Default is empty.
588.\" ----- firewall_nat_enable setting --------------------------------
589.It Va firewall_nat_enable
590.Pq Vt bool
591The
592.Xr ipfw 8
593equivalent of
594.Va natd_enable .
595Setting this to
596.Dq Li YES
597will automatically load the
598.Xr ipfw 8
599NAT kernel module if
600.Va firewall_enable
601is also set to
602.Dq Li YES .
603.It Va firewall_nat_interface
604.Pq Vt str
605The
606.Xr ipfw 8
607equivalent of
608.Va natd_interface .
609This is the name of the public interface or IP address on which
610kernel NAT should run.
611.It Va firewall_nat_flags
612.Pq Vt str
613Additional configuration parameters for kernel NAT should be placed here.
614.It Va firewall_nat64_enable
615.Pq Vt bool
616Setting this to
617.Dq Li YES
618will automatically load the
619.Xr ipfw 8
620NAT64 kernel module if
621.Va firewall_enable
622is also set to
623.Dq Li YES .
624.It Va firewall_nptv6_enable
625.Pq Vt bool
626Setting this to
627.Dq Li YES
628will automatically load the
629.Xr ipfw 8
630NPTv6 kernel module if
631.Va firewall_enable
632is also set to
633.Dq Li YES .
634.It Va firewall_pmod_enable
635.Pq Vt bool
636Setting this to
637.Dq Li YES
638will automatically load the
639.Xr ipfw 8
640pmod kernel module if
641.Va firewall_enable
642is also set to
643.Dq Li YES .
644.It Va dummynet_enable
645.Pq Vt bool
646Setting this to
647.Dq Li YES
648will automatically load the
649.Xr dummynet 4
650module if
651.Va firewall_enable
652is also set to
653.Dq Li YES .
654.\" -------------------------------------------------------------------
655.It Va ipfw_netflow_enable
656.Pq Vt bool
657Setting this to
658.Dq Li YES
659will enable netflow logging via
660.Xr ng_netflow 4
661.Pp
662By default a ipfw rule is inserted and all packets are duplicated with
663the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
664port using protocol version 5.
665.It Va ipfw_netflow_hook
666.Pq Vt int
667netflow hook name, must be numerical
668(default
669.Pa 9995 ) .
670.It Va ipfw_netflow_rule
671.Pq Vt int
672ipfw rule number
673(default
674.Pa 1000 ) .
675.It Va ipfw_netflow_ip
676.Pq Vt str
677Destination server ip for receiving netflow data
678(default
679.Pa 127.0.0.1 ) .
680.It Va ipfw_netflow_port
681.Pq Vt int
682Destination server port for receiving netflow data
683(default
684.Pa 9995 ) .
685.It Va ipfw_netflow_version
686.Pq Vt int
687Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
688.It Va ipfw_netflow_fib
689.Pq Vt int
690Only match packet in FIB
691.Pa ipfw_netflow_fib
692(default is undefined meaning all FIBs).
693.It Va natd_program
694.Pq Vt str
695Path to
696.Xr natd 8 .
697.It Va natd_enable
698.Pq Vt bool
699Set to
700.Dq Li YES
701to enable
702.Xr natd 8 .
703.Va firewall_enable
704must also be set to
705.Dq Li YES ,
706and
707.Xr divert 4
708sockets must be enabled in the kernel.
709If the kernel was not built with
710.Cd "options IPDIVERT" ,
711the
712.Pa ipdivert.ko
713kernel module will be loaded.
714.It Va natd_interface
715.Pq Vt str
716This is the name of the public interface on which
717.Xr natd 8
718should run.
719The interface may be given as an interface name or as an IP address.
720.It Va natd_flags
721.Pq Vt str
722Additional
723.Xr natd 8
724flags should be placed here.
725The
726.Fl n
727or
728.Fl a
729flag is automatically added with the above
730.Va natd_interface
731as an argument.
732.\" ----- ipfilter_enable setting --------------------------------
733.It Va ipfilter_enable
734.Pq Vt bool
735Set to
736.Dq Li NO
737by default.
738Setting this to
739.Dq Li YES
740enables
741.Xr ipf 8
742packet filtering.
743.Pp
744Typical usage will require putting
745.Bd -literal
746ipfilter_enable="YES"
747ipnat_enable="YES"
748ipmon_enable="YES"
749ipfs_enable="YES"
750.Ed
751.Pp
752into
753.Pa /etc/rc.conf
754and editing
755.Pa /etc/ipf.rules
756and
757.Pa /etc/ipnat.rules
758appropriately.
759.Pp
760Note that
761.Va ipfilter_enable
762and
763.Va ipnat_enable
764can be enabled independently.
765.Va ipmon_enable
766and
767.Va ipfs_enable
768both require at least one of
769.Va ipfilter_enable
770and
771.Va ipnat_enable
772to be enabled.
773.Pp
774Having
775.Bd -literal
776options IPFILTER
777options IPFILTER_LOG
778options IPFILTER_DEFAULT_BLOCK
779.Ed
780.Pp
781in the kernel configuration file is a good idea, too.
782.\" ----- ipfilter_program setting ------------------------------
783.It Va ipfilter_program
784.Pq Vt str
785Path to
786.Xr ipf 8
787(default
788.Pa /sbin/ipf ) .
789.\" ----- ipfilter_rules setting --------------------------------
790.It Va ipfilter_rules
791.Pq Vt str
792Set to
793.Pa /etc/ipf.rules
794by default.
795This variable contains the name of the filter rule definition file.
796The file is expected to be readable for the
797.Xr ipf 8
798command to execute.
799.\" ----- ipfilter_flags setting --------------------------------
800.It Va ipfilter_flags
801.Pq Vt str
802Empty by default.
803This variable contains flags passed to the
804.Xr ipf 8
805program.
806.\" ----- ipnat_enable setting ----------------------------------
807.It Va ipnat_enable
808.Pq Vt bool
809Set to
810.Dq Li NO
811by default.
812Set it to
813.Dq Li YES
814to enable
815.Xr ipnat 8
816network address translation.
817See
818.Va ipfilter_enable
819for a detailed discussion.
820.\" ----- ipnat_program setting ---------------------------------
821.It Va ipnat_program
822.Pq Vt str
823Path to
824.Xr ipnat 8
825(default
826.Pa /sbin/ipnat ) .
827.\" ----- ipnat_rules setting -----------------------------------
828.It Va ipnat_rules
829.Pq Vt str
830Set to
831.Pa /etc/ipnat.rules
832by default.
833This variable contains the name of the file
834holding the network address translation definition.
835This file is expected to be readable for the
836.Xr ipnat 8
837command to execute.
838.\" ----- ipnat_flags setting -----------------------------------
839.It Va ipnat_flags
840.Pq Vt str
841Empty by default.
842This variable contains flags passed to the
843.Xr ipnat 8
844program.
845.\" ----- ipmon_enable setting ----------------------------------
846.It Va ipmon_enable
847.Pq Vt bool
848Set to
849.Dq Li NO
850by default.
851Set it to
852.Dq Li YES
853to enable
854.Xr ipmon 8
855monitoring (logging
856.Xr ipf 8
857and
858.Xr ipnat 8
859events).
860Setting this variable needs setting
861.Va ipfilter_enable
862or
863.Va ipnat_enable
864too.
865See
866.Va ipfilter_enable
867for a detailed discussion.
868.\" ----- ipmon_program setting ---------------------------------
869.It Va ipmon_program
870.Pq Vt str
871Path to
872.Xr ipmon 8
873(default
874.Pa /sbin/ipmon ) .
875.\" ----- ipmon_flags setting -----------------------------------
876.It Va ipmon_flags
877.Pq Vt str
878Set to
879.Dq Li -Ds
880by default.
881This variable contains flags passed to the
882.Xr ipmon 8
883program.
884Another typical example would be
885.Dq Fl D Pa /var/log/ipflog
886to have
887.Xr ipmon 8
888log directly to a file bypassing
889.Xr syslogd 8 .
890Make sure to adjust
891.Pa /etc/newsyslog.conf
892in such case like this:
893.Bd -literal
894/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
895.Ed
896.\" ----- ipfs_enable setting -----------------------------------
897.It Va ipfs_enable
898.Pq Vt bool
899Set to
900.Dq Li NO
901by default.
902Set it to
903.Dq Li YES
904to enable
905.Xr ipfs 8
906saving the filter and NAT state tables during shutdown
907and reloading them during startup again.
908Setting this variable needs setting
909.Va ipfilter_enable
910or
911.Va ipnat_enable
912to
913.Dq Li YES
914too.
915See
916.Va ipfilter_enable
917for a detailed discussion.
918Note that if
919.Va kern_securelevel
920is set to 3,
921.Va ipfs_enable
922cannot be used
923because the raised securelevel will prevent
924.Xr ipfs 8
925from saving the state tables at shutdown time.
926.\" ----- ipfs_program setting ----------------------------------
927.It Va ipfs_program
928.Pq Vt str
929Path to
930.Xr ipfs 8
931(default
932.Pa /sbin/ipfs ) .
933.\" ----- ipfs_flags setting ------------------------------------
934.It Va ipfs_flags
935.Pq Vt str
936Empty by default.
937This variable contains flags passed to the
938.Xr ipfs 8
939program.
940.\" ----- end of added ipf hook ---------------------------------
941.It Va pf_enable
942.Pq Vt bool
943Set to
944.Dq Li NO
945by default.
946Setting this to
947.Dq Li YES
948enables
949.Xr pf 4
950packet filtering.
951.Pp
952Typical usage will require putting
953.Pp
954.Dl pf_enable="YES"
955.Pp
956into
957.Pa /etc/rc.conf
958and editing
959.Pa /etc/pf.conf
960appropriately.
961Adding
962.Pp
963.Dl "device pf"
964.Pp
965builds support for
966.Xr pf 4
967into the kernel, otherwise the
968kernel module will be loaded.
969.It Va pf_rules
970.Pq Vt str
971Path to
972.Xr pf 4
973ruleset configuration file
974(default
975.Pa /etc/pf.conf ) .
976.It Va pf_program
977.Pq Vt str
978Path to
979.Xr pfctl 8
980(default
981.Pa /sbin/pfctl ) .
982.It Va pf_flags
983.Pq Vt str
984If
985.Va pf_enable
986is set to
987.Dq Li YES ,
988these flags are passed to the
989.Xr pfctl 8
990program when loading the ruleset.
991.It Va pflog_enable
992.Pq Vt bool
993Set to
994.Dq Li NO
995by default.
996Setting this to
997.Dq Li YES
998enables
999.Xr pflogd 8
1000which logs packets from the
1001.Xr pf 4
1002packet filter.
1003.It Va pflog_logfile
1004.Pq Vt str
1005If
1006.Va pflog_enable
1007is set to
1008.Dq Li YES
1009this controls where
1010.Xr pflogd 8
1011stores the logfile
1012(default
1013.Pa /var/log/pflog ) .
1014Check
1015.Pa /etc/newsyslog.conf
1016to adjust logfile rotation for this.
1017.It Va pflog_program
1018.Pq Vt str
1019Path to
1020.Xr pflogd 8
1021(default
1022.Pa /sbin/pflogd ) .
1023.It Va pflog_flags
1024.Pq Vt str
1025Empty by default.
1026This variable contains additional flags passed to the
1027.Xr pflogd 8
1028program.
1029.It Va pflog_instances
1030.Pq Vt str
1031If logging to more than one
1032.Xr pflog 4
1033interface is desired,
1034.Va pflog_instances
1035is set to the list of
1036.Xr pflogd 8
1037instances that should be started at system boot time.
1038If
1039.Va pflog_instances
1040is set, for each whitespace-separated
1041.Ar element
1042in the list,
1043.Ao Ar element Ac Ns Va _dev
1044and
1045.Ao Ar element Ac Ns Va _logfile
1046elements are assumed to exist.
1047.Ao Ar element Ac Ns Va _dev
1048must contain the
1049.Xr pflog 4
1050interface to be watched by the named
1051.Xr pflogd 8
1052instance.
1053.Ao Ar element Ac Ns Va _logfile
1054must contain the name of the logfile that will be used by the
1055.Xr pflogd 8
1056instance.
1057.It Va ftpproxy_enable
1058.Pq Vt bool
1059Set to
1060.Dq Li NO
1061by default.
1062Setting this to
1063.Dq Li YES
1064enables
1065.Xr ftp-proxy 8
1066which supports the
1067.Xr pf 4
1068packet filter in translating ftp connections.
1069.It Va ftpproxy_flags
1070.Pq Vt str
1071Empty by default.
1072This variable contains additional flags passed to the
1073.Xr ftp-proxy 8
1074program.
1075.It Va ftpproxy_instances
1076.Pq Vt str
1077Empty by default.
1078If multiple instances of
1079.Xr ftp-proxy 8
1080are desired at boot time,
1081.Va ftpproxy_instances
1082should contain a whitespace-separated list of instance names.
1083For each
1084.Ar element
1085in the list, a variable named
1086.Ao Ar element Ac Ns Va _flags
1087should be defined, containing the command-line flags to be passed to the
1088.Xr ftp-proxy 8
1089instance.
1090.It Va pfsync_enable
1091.Pq Vt bool
1092Set to
1093.Dq Li NO
1094by default.
1095Setting this to
1096.Dq Li YES
1097enables exposing
1098.Xr pf 4
1099state changes to other hosts over the network by means of
1100.Xr pfsync 4 .
1101The
1102.Va pfsync_syncdev
1103variable
1104must also be set then.
1105.It Va pfsync_syncdev
1106.Pq Vt str
1107Empty by default.
1108This variable specifies the name of the network interface
1109.Xr pfsync 4
1110should operate through.
1111It must be set accordingly if
1112.Va pfsync_enable
1113is set to
1114.Dq Li YES .
1115.It Va pfsync_syncpeer
1116.Pq Vt str
1117Empty by default.
1118This variable is optional.
1119By default, state change messages are sent out on the synchronisation
1120interface using IP multicast packets.
1121The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1122224.0.0.240.
1123When a peer address is specified using the
1124.Va pfsync_syncpeer
1125option, the peer address is used as a destination for the pfsync
1126traffic, and the traffic can then be protected using
1127.Xr ipsec 4 .
1128See the
1129.Xr pfsync 4
1130manpage for more details about using
1131.Xr ipsec 4
1132with
1133.Xr pfsync 4
1134interfaces.
1135.It Va pfsync_ifconfig
1136.Pq Vt str
1137Empty by default.
1138This variable can contain additional options to be passed to the
1139.Xr ifconfig 8
1140command used to set up
1141.Xr pfsync 4 .
1142.It Va tcp_extensions
1143.Pq Vt bool
1144Set to
1145.Dq Li YES
1146by default.
1147Setting this to
1148.Dq Li NO
1149disables certain TCP options as described by
1150.Rs
1151.%T "RFC 1323"
1152.Re
1153Setting this to
1154.Dq Li NO
1155might help remedy such problems with connections as randomly hanging
1156or other weird behavior.
1157Some network devices are known
1158to be broken with respect to these options.
1159.It Va log_in_vain
1160.Pq Vt int
1161Set to 0 by default.
1162The
1163.Xr sysctl 8
1164variables,
1165.Va net.inet.tcp.log_in_vain
1166and
1167.Va net.inet.udp.log_in_vain ,
1168as described in
1169.Xr tcp 4
1170and
1171.Xr udp 4 ,
1172are set to the given value.
1173.It Va tcp_keepalive
1174.Pq Vt bool
1175Set to
1176.Dq Li YES
1177by default.
1178Setting to
1179.Dq Li NO
1180will disable probing idle TCP connections to verify that the
1181peer is still up and reachable.
1182.It Va tcp_drop_synfin
1183.Pq Vt bool
1184Set to
1185.Dq Li NO
1186by default.
1187Setting to
1188.Dq Li YES
1189will cause the kernel to ignore TCP frames that have both
1190the SYN and FIN flags set.
1191This prevents OS fingerprinting, but may
1192break some legitimate applications.
1193.It Va icmp_drop_redirect
1194.Pq Vt bool
1195Set to
1196.Dq Li AUTO
1197by default.
1198This setting will be identical to
1199.Dq Li YES ,
1200if a dynamicrouting daemon is enabled, because redirect processing may
1201cause performance issues for large routing tables.
1202If no such service is enabled, this setting behaves like a
1203.Dq Li NO .
1204Setting to
1205.Dq Li YES
1206will cause the kernel to ignore ICMP REDIRECT packets.
1207Setting to
1208.Dq Li NO
1209will cause the kernel to process ICMP REDIRECT packets.
1210Refer to
1211.Xr icmp 4
1212for more information.
1213.It Va icmp_log_redirect
1214.Pq Vt bool
1215Set to
1216.Dq Li NO
1217by default.
1218Setting to
1219.Dq Li YES
1220will cause the kernel to log ICMP REDIRECT packets.
1221Note that
1222the log messages are not rate-limited, so this option should only be used
1223for troubleshooting networks.
1224Refer to
1225.Xr icmp 4
1226for more information.
1227.It Va icmp_bmcastecho
1228.Pq Vt bool
1229Set to
1230.Dq Li YES
1231to respond to broadcast or multicast ICMP ping packets.
1232Refer to
1233.Xr icmp 4
1234for more information.
1235.It Va ip_portrange_first
1236.Pq Vt int
1237If not set to
1238.Dq Li NO ,
1239this is the first port in the default portrange.
1240Refer to
1241.Xr ip 4
1242for more information.
1243.It Va ip_portrange_last
1244.Pq Vt int
1245If not set to
1246.Dq Li NO ,
1247this is the last port in the default portrange.
1248Refer to
1249.Xr ip 4
1250for more information.
1251.It Va network_interfaces
1252.Pq Vt str
1253Set to the list of network interfaces to configure on this host or
1254.Dq Li AUTO
1255(the default) for all current interfaces.
1256Setting the
1257.Va network_interfaces
1258variable to anything other than the default is deprecated.
1259Interfaces that the administrator wishes to store configuration for,
1260but not start at boot should be configured with the
1261.Dq Li NOAUTO
1262keyword in their
1263.Va ifconfig_ Ns Aq Ar interface
1264variables as described below.
1265.Pp
1266An
1267.Va ifconfig_ Ns Aq Ar interface
1268variable is also assumed to exist for each value of
1269.Ar interface .
1270When an interface name contains any of the characters
1271.Dq Li .-/+
1272they are translated to
1273.Dq Li _
1274before lookup.
1275The variable can contain arguments to
1276.Xr ifconfig 8 ,
1277as well as special case-insensitive keywords described below.
1278Such keywords are removed before passing the value to
1279.Xr ifconfig 8
1280while the order of the other arguments is preserved.
1281.Pp
1282It is possible to add IP alias entries using
1283.Xr ifconfig 8
1284syntax with the address family keyword such as
1285.Li inet .
1286Assuming that the interface in question was
1287.Li em0 ,
1288it might look something like this:
1289.Bd -literal
1290ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1291ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1292.Ed
1293.Pp
1294It also possible to configure multiple IP addresses in Classless
1295Inter-Domain Routing
1296.Pq CIDR
1297address notation,
1298whose each address component can be a range like
1299.Li inet 192.0.2.5-23/24
1300or
1301.Li inet6 2001:db8:1-f::1/64 .
1302This notation allows address and prefix length part only,
1303not the other address modifiers.
1304Note that the maximum number of the generated addresses from a range
1305specification is limited to an integer value specified in
1306.Va netif_ipexpand_max
1307in
1308.Nm
1309because a small typo can unexpectedly generate a large number of addresses.
1310The default value is
1311.Li 2048 .
1312It can be increased by adding the following line into
1313.Nm :
1314.Bd -literal
1315netif_ipexpand_max="4096"
1316.Ed
1317.Pp
1318In the case of
1319.Li 192.0.2.5-23/24 ,
1320the address 192.0.2.5 will be configured with the
1321netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1322the non-conflicting netmask /32 as explained in the
1323.Xr ifconfig 8
1324alias section.
1325Note that this special netmask handling is only for
1326.Li inet ,
1327not for the other address families such as
1328.Li inet6 .
1329.Pp
1330With the interface in question being
1331.Li em0 ,
1332an example could look like:
1333.Bd -literal
1334ifconfig_em0_alias2="inet 192.0.2.129/27"
1335ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1336.Ed
1337.Pp
1338and so on.
1339.Pp
1340Note that deprecated
1341.Va ipv4_addrs_ Ns Aq Ar interface
1342variable was supported for IPv4 CIDR address notation.
1343The
1344.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1345variable replaces it, though
1346.Va ipv4_addrs_ Ns Aq Ar interface
1347is still supported for backward compatibility.
1348.Pp
1349For each
1350.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1351entry with an address family keyword,
1352its contents are passed to
1353.Xr ifconfig 8 .
1354Execution stops at the first unsuccessful access, so if
1355something like this is present:
1356.Bd -literal
1357ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1358ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1359ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1360ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1361.Ed
1362.Pp
1363Then note that alias4 would
1364.Em not
1365be added since the search would
1366stop with the missing
1367.Dq Li alias3
1368entry.
1369Because of this difficult to manage behavior,
1370there is
1371.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1372variable, which has the same functionality as
1373.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1374and can have all of entries in a variable like the following:
1375.Bd -literal
1376ifconfig_em0_aliases="\\
1377	inet 127.0.0.251 netmask 0xffffffff \\
1378	inet 127.0.0.252 netmask 0xffffffff \\
1379	inet 127.0.0.253 netmask 0xffffffff \\
1380	inet 127.0.0.254 netmask 0xffffffff"
1381.Ed
1382.Pp
1383It also supports CIDR notation.
1384.Pp
1385If the
1386.Pa /etc/start_if. Ns Aq Ar interface
1387file is present, it is read and executed by the
1388.Xr sh 1
1389interpreter
1390before configuring the interface as specified in the
1391.Va ifconfig_ Ns Aq Ar interface
1392and
1393.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1394variables.
1395.Pp
1396If a
1397.Va vlans_ Ns Aq Ar interface
1398variable is set,
1399a
1400.Xr vlan 4
1401interface will be created for each item in the list with the
1402.Ar vlandev
1403argument set to
1404.Ar interface .
1405If a vlan interface's name is a number,
1406then that number is used as the vlan tag and the new vlan interface is
1407named
1408.Ar interface . Ns Ar tag .
1409Otherwise,
1410the vlan tag must be specified via a
1411.Va vlan
1412parameter in the
1413.Va create_args_ Ns Aq Ar interface
1414variable.
1415.Pp
1416To create a vlan device named
1417.Li em0.101
1418on
1419.Li em0
1420with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1421.Bd -literal
1422vlans_em0="101"
1423ifconfig_em0_101="inet 192.0.2.1/24"
1424.Ed
1425.Pp
1426To create a vlan device named
1427.Li myvlan
1428on
1429.Li em0
1430with the vlan tag 102:
1431.Bd -literal
1432vlans_em0="myvlan"
1433create_args_myvlan="vlan 102"
1434.Ed
1435.Pp
1436If a
1437.Va wlans_ Ns Aq Ar interface
1438variable is set,
1439an
1440.Xr wlan 4
1441interface will be created for each item in the list with the
1442.Ar wlandev
1443argument set to
1444.Ar interface .
1445Further wlan cloning arguments may be passed to the
1446.Xr ifconfig 8
1447.Cm create
1448command by setting the
1449.Va create_args_ Ns Aq Ar interface
1450variable.
1451One or more
1452.Xr wlan 4
1453devices must be created for each wireless devices as of
1454.Fx 8.0 .
1455Debugging flags for
1456.Xr wlan 4
1457devices as set by
1458.Xr wlandebug 8
1459may be specified with an
1460.Va wlandebug_ Ns Aq Ar interface
1461variable.
1462The contents of this variable will be passed directly to
1463.Xr wlandebug 8 .
1464.Pp
1465If the
1466.Va ifconfig_ Ns Aq Ar interface
1467contains the keyword
1468.Dq Li NOAUTO
1469then the interface will not be configured
1470at boot or by
1471.Pa /etc/pccard_ether
1472when
1473.Va network_interfaces
1474is set to
1475.Dq Li AUTO .
1476.Pp
1477It is possible to bring up an interface with DHCP by adding
1478.Dq Li DHCP
1479to the
1480.Va ifconfig_ Ns Aq Ar interface
1481variable.
1482For instance, to initialize the
1483.Li em0
1484device via DHCP,
1485it is possible to use something like:
1486.Bd -literal
1487ifconfig_em0="DHCP"
1488.Ed
1489.Pp
1490If you want to configure your wireless interface with
1491.Xr wpa_supplicant 8
1492for use with WPA, EAP/LEAP or WEP, you need to add
1493.Dq Li WPA
1494to the
1495.Va ifconfig_ Ns Aq Ar interface
1496variable.
1497.Pp
1498On the other hand, if you want to configure your wireless interface with
1499.Xr hostapd 8 ,
1500you need to add
1501.Dq Li HOSTAP
1502to the
1503.Va ifconfig_ Ns Aq Ar interface
1504variable.
1505.Xr hostapd 8
1506will use the settings from
1507.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1508.Pp
1509Finally, you can add
1510.Xr ifconfig 8
1511options in this variable, in addition to the
1512.Pa /etc/start_if. Ns Aq Ar interface
1513file.
1514For instance, to configure an
1515.Xr ath 4
1516wireless device in station mode with an address obtained
1517via DHCP, using WPA authentication and 802.11b mode, it is
1518possible to use something like:
1519.Bd -literal
1520wlans_ath0="wlan0"
1521ifconfig_wlan0="DHCP WPA mode 11b"
1522.Ed
1523.Pp
1524In addition to the
1525.Va ifconfig_ Ns Aq Ar interface
1526form, a fallback variable
1527.Va ifconfig_DEFAULT
1528may be configured.
1529It will be used for all interfaces with no
1530.Va ifconfig_ Ns Aq Ar interface
1531variable.
1532This is intended to replace the no longer supported
1533.Va pccard_ifconfig
1534variable.
1535.Pp
1536It is also possible to rename an interface by doing:
1537.Bd -literal
1538ifconfig_em0_name="net0"
1539ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1540.Ed
1541.It Va ipv6_enable
1542.Pq Vt bool
1543This variable is deprecated.
1544Use
1545.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1546and
1547.Va ipv6_activate_all_interfaces
1548if necessary.
1549.Pp
1550If the variable is
1551.Dq Li YES ,
1552.Dq Li inet6 accept_rtadv
1553is added to all of
1554.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1555and the
1556.Va ipv6_activate_all_interfaces
1557is defined as
1558.Dq Li YES .
1559.It Va ipv6_prefer
1560.Pq Vt bool
1561This variable is deprecated.
1562Use
1563.Va ip6addrctl_policy
1564instead.
1565.Pp
1566If the variable is
1567.Dq Li YES ,
1568the default address selection policy table set by
1569.Xr ip6addrctl 8
1570will be IPv6-preferred.
1571.Pp
1572If the variable is
1573.Dq Li NO ,
1574the default address selection policy table set by
1575.Xr ip6addrctl 8
1576will be IPv4-preferred.
1577.It Va ipv6_activate_all_interfaces
1578.Pq Vt bool
1579This controls initial configuration on IPv6-capable
1580interfaces with no corresponding
1581.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1582variable.
1583Note that it is not always necessary to set this variable to
1584.Dq YES
1585to use IPv6 functionality on
1586.Fx .
1587In most cases, just configuring
1588.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1589variables works.
1590.Pp
1591If the variable is
1592.Dq Li NO ,
1593all interfaces which do not have a corresponding
1594.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1595variable will be marked as
1596.Dq Li IFDISABLED
1597at creation.
1598This means that all of IPv6 functionality on that interface
1599is completely disabled to enforce a security policy.
1600If the variable is set to
1601.Dq YES ,
1602the flag will be cleared on all of the interfaces.
1603.Pp
1604In most cases, just defining an
1605.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1606for an IPv6-capable interface should be sufficient.
1607However, if an interface is added dynamically
1608.Pq by some tunneling protocols such as PPP, for example ,
1609it is often difficult to define the variable in advance.
1610In such a case, configuring the
1611.Dq Li IFDISABLED
1612flag can be disabled by setting this variable to
1613.Dq YES .
1614.Pp
1615For more details of the
1616.Dq Li IFDISABLED
1617flag and keywords
1618.Dq Li inet6 ifdisabled ,
1619see
1620.Xr ifconfig 8 .
1621.Pp
1622Default is
1623.Dq Li NO .
1624.It Va ipv6_privacy
1625.Pq Vt bool
1626If the variable is
1627.Dq Li YES
1628privacy addresses will be generated for each IPv6
1629interface as described in RFC 4941.
1630.It Va ipv6_network_interfaces
1631.Pq Vt str
1632This is the IPv6 equivalent of
1633.Va network_interfaces .
1634Normally manual configuration of this variable is not needed.
1635.It Va ipv6_cpe_wanif
1636.Pq Vt str
1637If the variable is set to an interface name,
1638the
1639.Xr ifconfig 8
1640options
1641.Dq inet6 -no_radr accept_rtadv
1642will be added to the specified interface automatically before evaluating
1643.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1644and two
1645.Xr sysctl 8
1646variables
1647.Va net.inet6.ip6.rfc6204w3
1648and
1649.Va net.inet6.ip6.no_radr
1650will be set to 1.
1651.Pp
1652This means the specified interface will accept ICMPv6 Router
1653Advertisement messages on that link and add the discovered
1654routers into the Default Router List.
1655While the other interfaces can still accept RA messages if the
1656.Dq inet6 accept_rtadv
1657option is specified, adding
1658routes into the Default Router List will be disabled by
1659.Dq inet6 no_radr
1660option by default.
1661See
1662.Xr ifconfig 8
1663for more details.
1664.Pp
1665Note that ICMPv6 Router Advertisement messages will be
1666accepted even when
1667.Va net.inet6.ip6.forwarding
1668is 1
1669.Pq packet forwarding is enabled
1670when
1671.Va net.inet6.ip6.rfc6204w3
1672is set to 1.
1673.Pp
1674Default is
1675.Dq Li NO .
1676.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1677.Pq Vt str
1678This assigns arbitrary description to an interface.
1679The
1680.Xr sysctl 8
1681variable
1682.Va net.ifdescr_maxlen
1683limits its length.
1684This static setting may be overridden by commands
1685started with dynamic interface configuration utilities
1686like
1687.Xr dhclient 8
1688hooks.
1689The description can be seen with
1690.Xr ifconfig 8
1691command and it may be exported with
1692.Xr bsnmpd 1
1693daemon using its MIB-2 module.
1694.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1695.Pq Vt str
1696IPv6 functionality on an interface should be configured by
1697.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1698instead of setting ifconfig parameters in
1699.Va ifconfig_ Ns Aq Ar interface .
1700If this variable is empty, all of IPv6 configurations on the
1701specified interface by other variables such as
1702.Va ipv6_prefix_ Ns Ao Ar interface Ac
1703will be ignored.
1704.Pp
1705Aliases should be set by
1706.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1707with
1708.Dq Li inet6
1709keyword.
1710For example:
1711.Bd -literal
1712ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1713ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1714.Ed
1715.Pp
1716Interfaces that have an
1717.Dq Li inet6 accept_rtadv
1718keyword in
1719.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1720setting will be automatically configured by SLAAC
1721.Pq StateLess Address AutoConfiguration
1722described in
1723.Rs
1724.%T "RFC 4862"
1725.Re
1726.Pp
1727Note that a link-local address will be automatically configured in
1728addition to the configured global-scope addresses because the IPv6
1729specifications require it on each link.
1730The address is calculated from the MAC address by using an algorithm
1731defined in
1732.Rs
1733.%T "RFC 4862"
1734.%O "Section 5.3"
1735.Re
1736.Pp
1737If only a link-local address is needed on the interface,
1738the following configuration can be used:
1739.Bd -literal
1740ifconfig_em0_ipv6="inet6 auto_linklocal"
1741.Ed
1742.Pp
1743A link-local address can also be configured manually.
1744This is useful for the default router address of an IPv6 router
1745so that it does not change when the network interface
1746card is replaced.
1747For example:
1748.Bd -literal
1749ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1750.Ed
1751.It Va ipv6_prefix_ Ns Aq Ar interface
1752.Pq Vt str
1753If one or more prefixes are defined in
1754.Va ipv6_prefix_ Ns Aq Ar interface
1755addresses based on each prefix and the EUI-64 interface index will be
1756configured on that interface.
1757Note that this variable will be ignored when
1758.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1759is empty.
1760.Pp
1761For example, the following configuration
1762.Bd -literal
1763ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1764.Ed
1765.Pp
1766is equivalent to the following:
1767.Bd -literal
1768ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1769ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1770ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1771ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1772.Ed
1773.Pp
1774These Subnet-Router anycast addresses will be added only when
1775.Va ipv6_gateway_enable
1776is YES.
1777.It Va ipv6_default_interface
1778.Pq Vt str
1779If not set to
1780.Dq Li NO ,
1781this is the default output interface for scoped addresses.
1782This works only with ipv6_gateway_enable="NO".
1783.It Va ip6addrctl_enable
1784.Pq Vt bool
1785This variable is to enable configuring default address selection policy table
1786.Pq RFC 3484 .
1787The table can be specified in another variable
1788.Va ip6addrctl_policy .
1789For
1790.Va ip6addrctl_policy
1791the following keywords can be specified:
1792.Dq Li ipv4_prefer ,
1793.Dq Li ipv6_prefer ,
1794or
1795.Dq Li AUTO .
1796.Pp
1797If
1798.Dq Li ipv4_prefer
1799or
1800.Dq Li ipv6_prefer
1801is specified,
1802.Xr ip6addrctl 8
1803installs a pre-defined policy table described in Section 10.3
1804.Pq IPv4-preferred
1805or 2.1
1806.Pq IPv6-preferred
1807of RFC 3484.
1808.Pp
1809If
1810.Dq Li AUTO
1811is specified, it attempts to read a file
1812.Pa /etc/ip6addrctl.conf
1813first.
1814If this file is found,
1815.Xr ip6addrctl 8
1816reads and installs it.
1817If not found, a policy is automatically set
1818according to
1819.Va ipv6_activate_all_interfaces
1820variable; if the variable is set to
1821.Dq Li YES
1822the IPv6-preferred one is used.
1823Otherwise IPv4-preferred.
1824.Pp
1825The default value of
1826.Va ip6addrctl_enable
1827and
1828.Va ip6addrctl_policy
1829are
1830.Dq Li YES
1831and
1832.Dq Li AUTO ,
1833respectively.
1834.It Va cloned_interfaces
1835.Pq Vt str
1836Set to the list of clonable network interfaces to create on this host.
1837Further cloning arguments may be passed to the
1838.Xr ifconfig 8
1839.Cm create
1840command for each interface by setting the
1841.Va create_args_ Ns Aq Ar interface
1842variable.
1843If an interface name is specified with
1844.Dq :sticky
1845keyword,
1846the interface will not be destroyed even when
1847.Pa rc.d/netif
1848script is invoked with
1849.Dq stop
1850argument.
1851This is useful when reconfiguring the interface without destroying it.
1852Entries in
1853.Va cloned_interfaces
1854are automatically appended to
1855.Va network_interfaces
1856for configuration.
1857.It Va cloned_interfaces_sticky
1858.Pq Vt bool
1859This variable is to globally enable functionality of
1860.Dq :sticky
1861keyword in
1862.Va cloned_interfaces
1863for all interfaces.
1864The default value is
1865.Dq NO .
1866Even if this variable is specified to
1867.Dq YES ,
1868.Dq :nosticky
1869keyword can be used to override it on per interface basis.
1870.It Va gif_interfaces
1871Set to the list of
1872.Xr gif 4
1873tunnel interfaces to configure on this host.
1874A
1875.Va gifconfig_ Ns Aq Ar interface
1876variable is assumed to exist for each value of
1877.Ar interface .
1878The value of this variable is used to configure the link layer of the
1879tunnel using the
1880.Cm tunnel
1881option to
1882.Xr ifconfig .
1883Additionally, this option ensures that each listed interface is created
1884via the
1885.Cm create
1886option to
1887.Xr ifconfig
1888before attempting to configure it.
1889.Pp
1890For example, configure two
1891.Xr gif
1892interfaces with:
1893.Bd -literal
1894gif_interfaces="gif0 gif1"
1895gifconfig_gif0="100.64.0.1 100.64.0.2"
1896ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
1897gifconfig_gif1="inet6 2a00::1 2a01::1"
1898ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
1899.Ed
1900.It Va sppp_interfaces
1901.Pq Vt str
1902Set to the list of
1903.Xr sppp 4
1904interfaces to configure on this host.
1905A
1906.Va spppconfig_ Ns Aq Ar interface
1907variable is assumed to exist for each value of
1908.Ar interface .
1909Each interface should also be configured by a general
1910.Va ifconfig_ Ns Aq Ar interface
1911setting.
1912Refer to
1913.Xr spppcontrol 8
1914for more information about available options.
1915.It Va ppp_enable
1916.Pq Vt bool
1917If set to
1918.Dq Li YES ,
1919run the
1920.Xr ppp 8
1921daemon.
1922.It Va ppp_profile
1923.Pq Vt str
1924The name of the profile to use from
1925.Pa /etc/ppp/ppp.conf .
1926Also used for per-profile overrides of
1927.Va ppp_mode
1928and
1929.Va ppp_nat ,
1930and
1931.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1932When the profile name contains any of the characters
1933.Dq Li .-/+
1934they are translated to
1935.Dq Li _
1936for the proposes of the override variable names.
1937.It Va ppp_mode
1938.Pq Vt str
1939Mode in which to run the
1940.Xr ppp 8
1941daemon.
1942.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1943.Pq Vt str
1944Overrides the global
1945.Va ppp_mode
1946for
1947.Ar profile .
1948Accepted modes are
1949.Dq Li auto ,
1950.Dq Li ddial ,
1951.Dq Li direct
1952and
1953.Dq Li dedicated .
1954See the manual for a full description.
1955.It Va ppp_nat
1956.Pq Vt bool
1957If set to
1958.Dq Li YES ,
1959enables network address translation.
1960Used in conjunction with
1961.Va gateway_enable
1962allows hosts on private network addresses access to the Internet using
1963this host as a network address translating router.
1964Default is
1965.Dq Li YES .
1966.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1967.Pq Vt str
1968Overrides the global
1969.Va ppp_nat
1970for
1971.Ar profile .
1972.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1973.Pq Vt int
1974Set the unit number to be used for this profile.
1975See the manual description of
1976.Fl unit Ns Ar N
1977for details.
1978.It Va ppp_user
1979.Pq Vt str
1980The name of the user under which
1981.Xr ppp 8
1982should be started.
1983By
1984default,
1985.Xr ppp 8
1986is started as
1987.Dq Li root .
1988.It Va rc_conf_files
1989.Pq Vt str
1990This option is used to specify a list of files that will override
1991the settings in
1992.Pa /etc/defaults/rc.conf .
1993The files will be read in the order in which they are specified and should
1994include the full path to the file.
1995By default, the files specified are
1996.Pa /etc/rc.conf
1997and
1998.Pa /etc/rc.conf.local
1999.It Va zfs_enable
2000.Pq Vt bool
2001If set to
2002.Dq Li YES ,
2003.Pa /etc/rc.d/zfs
2004will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2005(ZVOLs).
2006.It Va gptboot_enable
2007.Pq Vt bool
2008If set to
2009.Dq Li YES ,
2010.Pa /etc/rc.d/gptboot
2011will log if the system successfully (or not) booted from a GPT partition,
2012which had the
2013.Ar bootonce
2014attribute set using
2015.Xr gpart 8
2016utility.
2017.It Va gbde_autoattach_all
2018.Pq Vt bool
2019If set to
2020.Dq Li YES ,
2021.Pa /etc/rc.d/gbde
2022will attempt to automatically initialize your .bde devices in
2023.Pa /etc/fstab .
2024.It Va gbde_devices
2025.Pq Vt str
2026List the devices that the script should try to attach,
2027or
2028.Dq Li AUTO .
2029.It Va gbde_lockdir
2030.Pq Vt str
2031The directory where the
2032.Xr gbde 4
2033lockfiles are located.
2034The default lockfile directory is
2035.Pa /etc .
2036.Pp
2037The lockfile for each individual
2038.Xr gbde 4
2039device can be overridden by setting the variable
2040.Va gbde_lock_ Ns Aq Ar device ,
2041where
2042.Ar device
2043is the encrypted device without the
2044.Dq Pa /dev/
2045and
2046.Dq Pa .bde
2047parts.
2048.It Va gbde_attach_attempts
2049.Pq Vt int
2050Number of times to attempt attaching to a
2051.Xr gbde 4
2052device, i.e., how many times the user is asked for the pass-phrase.
2053Default is 3.
2054.It Va geli_devices
2055.Pq Vt str
2056List of devices to automatically attach on boot.
2057Note that .eli devices from
2058.Pa /etc/fstab
2059are automatically appended to this list.
2060.It Va geli_groups
2061.Pq Vt str
2062List of groups containing devices to automatically attach on boot with the same
2063keyfiles and passphrase.
2064This must be accompanied with a corresponding
2065.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2066variable.
2067.It Va geli_tries
2068.Pq Vt int
2069Number of times user is asked for the pass-phrase.
2070If empty, it will be taken from
2071.Va kern.geom.eli.tries
2072sysctl variable.
2073.It Va geli_default_flags
2074.Pq Vt str
2075Default flags to use by
2076.Xr geli 8
2077when configuring disk encryption.
2078Flags can be configured for every device separately by defining the
2079.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2080variable, and for every group separately by defining the
2081.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2082variable.
2083.It Va geli_autodetach
2084.Pq Vt str
2085Specifies if GELI devices should be marked for detach on last close after
2086file systems are mounted.
2087Default is
2088.Dq Li YES .
2089This can be changed for every device separately by defining the
2090.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2091variable.
2092.It Va root_rw_mount
2093.Pq Vt bool
2094Set to
2095.Dq Li YES
2096by default.
2097After the file systems are checked at boot time, the root file system
2098is remounted as read-write if this is set to
2099.Dq Li YES .
2100Diskless systems that mount their root file system from a read-only remote
2101NFS share should set this to
2102.Dq Li NO
2103in their
2104.Pa rc.conf .
2105.It Va fsck_y_enable
2106.Pq Vt bool
2107If set to
2108.Dq Li YES ,
2109.Xr fsck 8
2110will be run with the
2111.Fl y
2112flag if the initial preen
2113of the file systems fails.
2114.It Va background_fsck
2115.Pq Vt bool
2116If set to
2117.Dq Li NO ,
2118the system will not attempt to run
2119.Xr fsck 8
2120in the background where possible.
2121.It Va background_fsck_delay
2122.Pq Vt int
2123The amount of time in seconds to sleep before starting a background
2124.Xr fsck 8 .
2125It defaults to sixty seconds to allow large applications such as
2126the X server to start before disk I/O bandwidth is monopolized by
2127.Xr fsck 8 .
2128If set to a negative number, the background file system check will be
2129delayed indefinitely to allow the administrator to run it at a more
2130convenient time.
2131For example it may be run from
2132.Xr cron 8
2133by adding a line like
2134.Pp
2135.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2136.Pp
2137to
2138.Pa /etc/crontab .
2139.It Va netfs_types
2140.Pq Vt str
2141List of file system types that are network-based.
2142This list should generally not be modified by end users.
2143Use
2144.Va extra_netfs_types
2145instead.
2146.It Va extra_netfs_types
2147.Pq Vt str
2148If set to something other than
2149.Dq Li NO
2150(the default),
2151this variable extends the list of file system types
2152for which automatic mounting at startup by
2153.Xr rc 8
2154should be delayed until the network is initialized.
2155It should contain
2156a whitespace-separated list of network file system descriptor pairs,
2157each consisting of a file system type as passed to
2158.Xr mount 8
2159and a human-readable, one-word description,
2160joined with a colon
2161.Pq Ql \&: .
2162Extending the default list in this way is only necessary
2163when third party file system types are used.
2164.It Va syslogd_enable
2165.Pq Vt bool
2166If set to
2167.Dq Li YES ,
2168run the
2169.Xr syslogd 8
2170daemon.
2171.It Va syslogd_program
2172.Pq Vt str
2173Path to
2174.Xr syslogd 8
2175(default
2176.Pa /usr/sbin/syslogd ) .
2177.It Va syslogd_flags
2178.Pq Vt str
2179If
2180.Va syslogd_enable
2181is set to
2182.Dq Li YES ,
2183these are the flags to pass to
2184.Xr syslogd 8 .
2185.It Va inetd_enable
2186.Pq Vt bool
2187If set to
2188.Dq Li YES ,
2189run the
2190.Xr inetd 8
2191daemon.
2192.It Va inetd_program
2193.Pq Vt str
2194Path to
2195.Xr inetd 8
2196(default
2197.Pa /usr/sbin/inetd ) .
2198.It Va inetd_flags
2199.Pq Vt str
2200If
2201.Va inetd_enable
2202is set to
2203.Dq Li YES ,
2204these are the flags to pass to
2205.Xr inetd 8 .
2206.It Va hastd_enable
2207.Pq Vt bool
2208If set to
2209.Dq Li YES ,
2210run the
2211.Xr hastd 8
2212daemon.
2213.It Va hastd_program
2214.Pq Vt str
2215Path to
2216.Xr hastd 8
2217(default
2218.Pa /sbin/hastd ) .
2219.It Va hastd_flags
2220.Pq Vt str
2221If
2222.Va hastd_enable
2223is set to
2224.Dq Li YES ,
2225these are the flags to pass to
2226.Xr hastd 8 .
2227.It Va local_unbound_enable
2228.Pq Vt bool
2229If set to
2230.Dq Li YES ,
2231run the
2232.Xr unbound 8
2233daemon as a local caching resolver.
2234.It Va kdc_enable
2235.Pq Vt bool
2236Set to
2237.Dq Li YES
2238to start a Kerberos 5 authentication server
2239at boot time.
2240.It Va kdc_program
2241.Pq Vt str
2242If
2243.Va kdc_enable
2244is set to
2245.Dq Li YES
2246this is the path to Kerberos 5 Authentication Server.
2247.It Va kdc_flags
2248.Pq Vt str
2249Empty by default.
2250This variable contains additional flags to be passed to the Kerberos 5
2251authentication server.
2252.It Va kadmind_enable
2253.Pq Vt bool
2254Set to
2255.Dq Li YES
2256to start
2257.Xr kadmind 8 ,
2258the Kerberos 5 Administration Daemon; set to
2259.Dq Li NO
2260on a slave server.
2261.It Va kadmind_program
2262.Pq Vt str
2263If
2264.Va kadmind_enable
2265is set to
2266.Dq Li YES
2267this is the path to Kerberos 5 Administration Daemon.
2268.It Va kpasswdd_enable
2269.Pq Vt bool
2270Set to
2271.Dq Li YES
2272to start
2273.Xr kpasswdd 8 ,
2274the Kerberos 5 Password-Changing Daemon; set to
2275.Dq Li NO
2276on a slave server.
2277.It Va kpasswdd_program
2278.Pq Vt str
2279If
2280.Va kpasswdd_enable
2281is set to
2282.Dq Li YES
2283this is the path to Kerberos 5 Password-Changing Daemon.
2284.It Va kfd_enable
2285.Pq Vt bool
2286Set to
2287.Dq Li YES
2288to start
2289.Xr kfd 8 ,
2290the Kerberos 5 ticket forwarding daemon, at the boot time.
2291.It Va kfd_program
2292.Pq Vt str
2293Path to
2294.Xr kfd 8
2295(default
2296.Pa /usr/libexec/kfd ) .
2297.It Va rwhod_enable
2298.Pq Vt bool
2299If set to
2300.Dq Li YES ,
2301run the
2302.Xr rwhod 8
2303daemon at boot time.
2304.It Va rwhod_flags
2305.Pq Vt str
2306If
2307.Va rwhod_enable
2308is set to
2309.Dq Li YES ,
2310these are the flags to pass to it.
2311.It Va amd_enable
2312.Pq Vt bool
2313If set to
2314.Dq Li YES ,
2315run the
2316.Xr amd 8
2317daemon at boot time.
2318.It Va amd_flags
2319.Pq Vt str
2320If
2321.Va amd_enable
2322is set to
2323.Dq Li YES ,
2324these are the flags to pass to it.
2325See the
2326.Xr amd 8
2327manpage for more information.
2328.It Va amd_map_program
2329.Pq Vt str
2330If set,
2331the specified program is run to get the list of
2332.Xr amd 8
2333maps.
2334For example, if the
2335.Xr amd 8
2336maps are stored in NIS, one can set this to
2337run
2338.Xr ypcat 1
2339to get a list of
2340.Xr amd 8
2341maps from the
2342.Pa amd.master
2343NIS map.
2344.It Va update_motd
2345.Pq Vt bool
2346If set to
2347.Dq Li YES ,
2348.Pa /etc/motd
2349will be updated at boot time to reflect the kernel release
2350being run.
2351If set to
2352.Dq Li NO ,
2353.Pa /etc/motd
2354will not be updated.
2355.It Va nfs_client_enable
2356.Pq Vt bool
2357If set to
2358.Dq Li YES ,
2359run the NFS client daemons at boot time.
2360.It Va nfs_access_cache
2361.Pq Vt int
2362If
2363.Va nfs_client_enable
2364is set to
2365.Dq Li YES ,
2366this can be set to
2367.Dq Li 0
2368to disable NFS ACCESS RPC caching, or to the number of seconds for which
2369NFS ACCESS
2370results should be cached.
2371A value of 2-10 seconds will substantially reduce network
2372traffic for many NFS operations.
2373.It Va nfs_server_enable
2374.Pq Vt bool
2375If set to
2376.Dq Li YES ,
2377run the NFS server daemons at boot time.
2378.It Va nfs_server_flags
2379.Pq Vt str
2380If
2381.Va nfs_server_enable
2382is set to
2383.Dq Li YES ,
2384these are the flags to pass to the
2385.Xr nfsd 8
2386daemon.
2387.It Va nfsv4_server_enable
2388.Pq Vt bool
2389If
2390.Va nfs_server_enable
2391is set to
2392.Dq Li YES
2393and
2394.Va nfsv4_server_enable
2395are set to
2396.Dq Li YES ,
2397enable the server for NFSv4 as well as NFSv2 and NFSv3.
2398.It Va nfsuserd_enable
2399.Pq Vt bool
2400If
2401.Va nfsuserd_enable
2402is set to
2403.Dq Li YES ,
2404run the nfsuserd daemon, which is needed for NFSv4 in order
2405to map between user/group names vs uid/gid numbers.
2406If
2407.Va nfsv4_server_enable
2408is set to
2409.Dq Li YES ,
2410this will be forced enabled.
2411.It Va nfsuserd_flags
2412.Pq Vt str
2413If
2414.Va nfsuserd_enable
2415is set to
2416.Dq Li YES ,
2417these are the flags to pass to the
2418.Xr nfsuserd 8
2419daemon.
2420.It Va nfscbd_enable
2421.Pq Vt bool
2422If
2423.Va nfscbd_enable
2424is set to
2425.Dq Li YES ,
2426run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2427.It Va nfscbd_flags
2428.Pq Vt str
2429If
2430.Va nfscbd_enable
2431is set to
2432.Dq Li YES ,
2433these are the flags to pass to the
2434.Xr nfscbd 8
2435daemon.
2436.It Va mountd_enable
2437.Pq Vt bool
2438If set to
2439.Dq Li YES ,
2440and no
2441.Va nfs_server_enable
2442is set, start
2443.Xr mountd 8 ,
2444but not
2445.Xr nfsd 8
2446daemon.
2447It is commonly needed to run CFS without real NFS used.
2448.It Va mountd_flags
2449.Pq Vt str
2450If
2451.Va mountd_enable
2452is set to
2453.Dq Li YES ,
2454these are the flags to pass to the
2455.Xr mountd 8
2456daemon.
2457.It Va weak_mountd_authentication
2458.Pq Vt bool
2459If set to
2460.Dq Li YES ,
2461allow services like PCNFSD to make non-privileged mount
2462requests.
2463.It Va nfs_reserved_port_only
2464.Pq Vt bool
2465If set to
2466.Dq Li YES ,
2467provide NFS services only on a secure port.
2468.It Va nfs_bufpackets
2469.Pq Vt int
2470If set to a number, indicates the number of packets worth of
2471socket buffer space to reserve on an NFS client.
2472The kernel default is typically 4.
2473Using a higher number may be
2474useful on gigabit networks to improve performance.
2475The minimum value is
24762 and the maximum is 64.
2477.It Va rpc_lockd_enable
2478.Pq Vt bool
2479If set to
2480.Dq Li YES
2481and also an NFS server or client, run
2482.Xr rpc.lockd 8
2483at boot time.
2484.It Va rpc_lockd_flags
2485.Pq Vt str
2486If
2487.Va rpc_lockd_enable
2488is set to
2489.Dq Li YES ,
2490these are the flags to pass to the
2491.Xr rpc.lockd 8
2492daemon.
2493.It Va rpc_statd_enable
2494.Pq Vt bool
2495If set to
2496.Dq Li YES
2497and also an NFS server or client, run
2498.Xr rpc.statd 8
2499at boot time.
2500.It Va rpc_statd_flags
2501.Pq Vt str
2502If
2503.Va rpc_statd_enable
2504is set to
2505.Dq Li YES ,
2506these are the flags to pass to the
2507.Xr rpc.statd 8
2508daemon.
2509.It Va rpcbind_program
2510.Pq Vt str
2511Path to
2512.Xr rpcbind 8
2513(default
2514.Pa /usr/sbin/rpcbind ) .
2515.It Va rpcbind_enable
2516.Pq Vt bool
2517If set to
2518.Dq Li YES ,
2519run the
2520.Xr rpcbind 8
2521service at boot time.
2522.It Va rpcbind_flags
2523.Pq Vt str
2524If
2525.Va rpcbind_enable
2526is set to
2527.Dq Li YES ,
2528these are the flags to pass to the
2529.Xr rpcbind 8
2530daemon.
2531.It Va keyserv_enable
2532.Pq Vt bool
2533If set to
2534.Dq Li YES ,
2535run the
2536.Xr keyserv 8
2537daemon on boot for running Secure RPC.
2538.It Va keyserv_flags
2539.Pq Vt str
2540If
2541.Va keyserv_enable
2542is set to
2543.Dq Li YES ,
2544these are the flags to pass to
2545.Xr keyserv 8
2546daemon.
2547.It Va pppoed_enable
2548.Pq Vt bool
2549If set to
2550.Dq Li YES ,
2551run the
2552.Xr pppoed 8
2553daemon at boot time to provide PPP over Ethernet services.
2554.It Va pppoed_ Ns Aq Ar provider
2555.Pq Vt str
2556.Xr pppoed 8
2557listens to requests to this
2558.Ar provider
2559and ultimately runs
2560.Xr ppp 8
2561with a
2562.Ar system
2563argument of the same name.
2564.It Va pppoed_flags
2565.Pq Vt str
2566Additional flags to pass to
2567.Xr pppoed 8 .
2568.It Va pppoed_interface
2569.Pq Vt str
2570The network interface to run
2571.Xr pppoed 8
2572on.
2573This is mandatory when
2574.Va pppoed_enable
2575is set to
2576.Dq Li YES .
2577.It Va ntpdate_enable
2578.Pq Vt bool
2579If set to
2580.Dq Li YES ,
2581run
2582.Xr ntpdate 8
2583at system startup.
2584This command is intended to
2585synchronize the system clock only
2586.Em once
2587from some standard reference.
2588.Pp
2589Note that the use of the
2590.Va ntpd_sync_on_start
2591variable is a preferred alternative to the
2592.Xr ntpdate 8
2593utility as
2594.Xr ntpdate 8
2595is to be retired from the NTP distribution.
2596.It Va ntpdate_config
2597.Pq Vt str
2598Configuration file for
2599.Xr ntpdate 8 .
2600Default
2601.Pa /etc/ntp.conf .
2602.It Va ntpdate_hosts
2603.Pq Vt str
2604A whitespace-separated list of NTP servers to synchronize with at startup.
2605The default is to use the servers listed in
2606.Va ntpdate_config ,
2607if that file exists.
2608.It Va ntpdate_program
2609.Pq Vt str
2610Path to
2611.Xr ntpdate 8
2612(default
2613.Pa /usr/sbin/ntpdate ) .
2614.It Va ntpdate_flags
2615.Pq Vt str
2616If
2617.Va ntpdate_enable
2618is set to
2619.Dq Li YES ,
2620these are the flags to pass to the
2621.Xr ntpdate 8
2622command (typically a hostname).
2623.It Va ntpd_enable
2624.Pq Vt bool
2625If set to
2626.Dq Li YES ,
2627run the
2628.Xr ntpd 8
2629command at boot time.
2630.It Va ntpd_program
2631.Pq Vt str
2632Path to
2633.Xr ntpd 8
2634(default
2635.Pa /usr/sbin/ntpd ) .
2636.It Va ntpd_config
2637.Pq Vt str
2638Path to
2639.Xr ntpd 8
2640configuration file.
2641Default
2642.Pa /etc/ntp.conf .
2643.It Va ntpd_flags
2644.Pq Vt str
2645If
2646.Va ntpd_enable
2647is set to
2648.Dq Li YES ,
2649these are the flags to pass to the
2650.Xr ntpd 8
2651daemon.
2652.It Va ntpd_sync_on_start
2653.Pq Vt bool
2654If set to
2655.Dq Li YES ,
2656.Xr ntpd 8
2657is run with the
2658.Fl g
2659flag, which syncs the system's clock on startup.
2660See
2661.Xr ntpd 8
2662for more information regarding the
2663.Fl g
2664option.
2665This is a preferred alternative to using
2666.Xr ntpdate 8
2667or specifying the
2668.Va ntpdate_enable
2669variable.
2670.It Va nis_client_enable
2671.Pq Vt bool
2672If set to
2673.Dq Li YES ,
2674run the
2675.Xr ypbind 8
2676service at system boot time.
2677.It Va nis_client_flags
2678.Pq Vt str
2679If
2680.Va nis_client_enable
2681is set to
2682.Dq Li YES ,
2683these are the flags to pass to the
2684.Xr ypbind 8
2685service.
2686.It Va nis_ypldap_enable
2687.Pq Vt bool
2688If set to
2689.Dq Li YES ,
2690run the
2691.Xr ypldap 8
2692daemon at system boot time.
2693.It Va nis_ypldap_flags
2694.Pq Vt str
2695If
2696.Va nis.ypldap_enable
2697is set to
2698.Dq Li YES ,
2699these are the flags to pass to the
2700.Xr ypldap 8
2701daemon.
2702.It Va nis_ypset_enable
2703.Pq Vt bool
2704If set to
2705.Dq Li YES ,
2706run the
2707.Xr ypset 8
2708daemon at system boot time.
2709.It Va nis_ypset_flags
2710.Pq Vt str
2711If
2712.Va nis_ypset_enable
2713is set to
2714.Dq Li YES ,
2715these are the flags to pass to the
2716.Xr ypset 8
2717daemon.
2718.It Va nis_server_enable
2719.Pq Vt bool
2720If set to
2721.Dq Li YES ,
2722run the
2723.Xr ypserv 8
2724daemon at system boot time.
2725.It Va nis_server_flags
2726.Pq Vt str
2727If
2728.Va nis_server_enable
2729is set to
2730.Dq Li YES ,
2731these are the flags to pass to the
2732.Xr ypserv 8
2733daemon.
2734.It Va nis_ypxfrd_enable
2735.Pq Vt bool
2736If set to
2737.Dq Li YES ,
2738run the
2739.Xr rpc.ypxfrd 8
2740daemon at system boot time.
2741.It Va nis_ypxfrd_flags
2742.Pq Vt str
2743If
2744.Va nis_ypxfrd_enable
2745is set to
2746.Dq Li YES ,
2747these are the flags to pass to the
2748.Xr rpc.ypxfrd 8
2749daemon.
2750.It Va nis_yppasswdd_enable
2751.Pq Vt bool
2752If set to
2753.Dq Li YES ,
2754run the
2755.Xr rpc.yppasswdd 8
2756daemon at system boot time.
2757.It Va nis_yppasswdd_flags
2758.Pq Vt str
2759If
2760.Va nis_yppasswdd_enable
2761is set to
2762.Dq Li YES ,
2763these are the flags to pass to the
2764.Xr rpc.yppasswdd 8
2765daemon.
2766.It Va rpc_ypupdated_enable
2767.Pq Vt bool
2768If set to
2769.Dq Li YES ,
2770run the
2771.Nm rpc.ypupdated
2772daemon at system boot time.
2773.It Va bsnmpd_enable
2774.Pq Vt bool
2775If set to
2776.Dq Li YES ,
2777run the
2778.Xr bsnmpd 1
2779daemon at system boot time.
2780Be sure to understand the security implications of running SNMP daemon
2781on your host.
2782.It Va bsnmpd_flags
2783.Pq Vt str
2784If
2785.Va bsnmpd_enable
2786is set to
2787.Dq Li YES ,
2788these are the flags to pass to the
2789.Xr bsnmpd 1
2790daemon.
2791.It Va defaultrouter
2792.Pq Vt str
2793If not set to
2794.Dq Li NO ,
2795create a default route to this host name or IP address
2796(use an IP address if this router is also required to get to the
2797name server!).
2798.It Va defaultrouter_fibN
2799.Pq Vt str
2800If not set to
2801.Dq Li NO ,
2802create a default route in FIB N to this host name or IP address.
2803.It Va ipv6_defaultrouter
2804.Pq Vt str
2805The IPv6 equivalent of
2806.Va defaultrouter .
2807.It Va ipv6_defaultrouter_fibN
2808.Pq Vt str
2809The IPv6 equivalent of
2810.Va defaultrouter_fibN .
2811.It Va static_arp_pairs
2812.Pq Vt str
2813Set to the list of static ARP pairs that are to be added at system
2814boot time.
2815For each whitespace separated
2816.Ar element
2817in the value, a
2818.Va static_arp_ Ns Aq Ar element
2819variable is assumed to exist whose contents will later be passed to a
2820.Dq Nm arp Cm -S
2821operation.
2822For example
2823.Bd -literal
2824static_arp_pairs="gw"
2825static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2826.Ed
2827.It Va static_ndp_pairs
2828.Pq Vt str
2829Set to the list of static NDP pairs that are to be added at system
2830boot time.
2831For each whitespace separated
2832.Ar element
2833in the value, a
2834.Va static_ndp_ Ns Aq Ar element
2835variable is assumed to exist whose contents will later be passed to a
2836.Dq Nm ndp Cm -s
2837operation.
2838For example
2839.Bd -literal
2840static_ndp_pairs="gw"
2841static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2842.Ed
2843.It Va static_routes
2844.Pq Vt str
2845Set to the list of static routes that are to be added at system
2846boot time.
2847If not set to
2848.Dq Li NO
2849then for each whitespace separated
2850.Ar element
2851in the value, a
2852.Va route_ Ns Aq Ar element
2853variable is assumed to exist
2854whose contents will later be passed to a
2855.Dq Nm route Cm add
2856operation.
2857For example:
2858.Bd -literal
2859static_routes="ext mcast:gif0 gif0local:gif0"
2860route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2861route_mcast="-net 224.0.0.0/4 -iface gif0"
2862route_gif0local="-host 169.254.1.1 -iface lo0"
2863.Ed
2864.Pp
2865When an
2866.Ar element
2867is in the form of
2868.Li name:ifname ,
2869the route is specific to the interface
2870.Li ifname .
2871.It Va ipv6_static_routes
2872.Pq Vt str
2873The IPv6 equivalent of
2874.Va static_routes .
2875If not set to
2876.Dq Li NO
2877then for each whitespace separated
2878.Ar element
2879in the value, a
2880.Va ipv6_route_ Ns Aq Ar element
2881variable is assumed to exist
2882whose contents will later be passed to a
2883.Dq Nm route Cm add Fl inet6
2884operation.
2885.It Va gateway_enable
2886.Pq Vt bool
2887If set to
2888.Dq Li YES ,
2889configure host to act as an IP router, e.g.\& to forward packets
2890between interfaces.
2891.It Va ipv6_gateway_enable
2892.Pq Vt bool
2893The IPv6 equivalent of
2894.Va gateway_enable .
2895.It Va routed_enable
2896.Pq Vt bool
2897If set to
2898.Dq Li YES ,
2899run a routing daemon of some sort, based on the
2900settings of
2901.Va routed_program
2902and
2903.Va routed_flags .
2904.It Va route6d_enable
2905.Pq Vt bool
2906The IPv6 equivalent of
2907.Va routed_enable .
2908If set to
2909.Dq Li YES ,
2910run a routing daemon of some sort, based on the
2911settings of
2912.Va route6d_program
2913and
2914.Va route6d_flags .
2915.It Va routed_program
2916.Pq Vt str
2917If
2918.Va routed_enable
2919is set to
2920.Dq Li YES ,
2921this is the name of the routing daemon to use.
2922.It Va route6d_program
2923.Pq Vt str
2924The IPv6 equivalent of
2925.Va routed_program .
2926.It Va routed_flags
2927.Pq Vt str
2928If
2929.Va routed_enable
2930is set to
2931.Dq Li YES ,
2932these are the flags to pass to the routing daemon.
2933.It Va route6d_flags
2934.Pq Vt str
2935The IPv6 equivalent of
2936.Va routed_flags .
2937.It Va rtadvd_enable
2938.Pq Vt bool
2939If set to
2940.Dq Li YES ,
2941run the
2942.Xr rtadvd 8
2943daemon at boot time.
2944The
2945.Xr rtadvd 8
2946utility sends ICMPv6 Router Advertisement messages to
2947the interfaces specified in
2948.Va rtadvd_interfaces .
2949This should only be enabled with great care.
2950You may want to fine-tune
2951.Xr rtadvd.conf 5 .
2952.It Va rtadvd_interfaces
2953.Pq Vt str
2954If
2955.Va rtadvd_enable
2956is set to
2957.Dq Li YES
2958this is the list of interfaces to use.
2959.It Va arpproxy_all
2960.Pq Vt bool
2961If set to
2962.Dq Li YES ,
2963enable global proxy ARP.
2964.It Va forward_sourceroute
2965.Pq Vt bool
2966If set to
2967.Dq Li YES
2968and
2969.Va gateway_enable
2970is also set to
2971.Dq Li YES ,
2972source-routed packets are forwarded.
2973.It Va accept_sourceroute
2974.Pq Vt bool
2975If set to
2976.Dq Li YES ,
2977the system will accept source-routed packets directed at it.
2978.It Va rarpd_enable
2979.Pq Vt bool
2980If set to
2981.Dq Li YES ,
2982run the
2983.Xr rarpd 8
2984daemon at system boot time.
2985.It Va rarpd_flags
2986.Pq Vt str
2987If
2988.Va rarpd_enable
2989is set to
2990.Dq Li YES ,
2991these are the flags to pass to the
2992.Xr rarpd 8
2993daemon.
2994.It Va bootparamd_enable
2995.Pq Vt bool
2996If set to
2997.Dq Li YES ,
2998run the
2999.Xr bootparamd 8
3000daemon at system boot time.
3001.It Va bootparamd_flags
3002.Pq Vt str
3003If
3004.Va bootparamd_enable
3005is set to
3006.Dq Li YES ,
3007these are the flags to pass to the
3008.Xr bootparamd 8
3009daemon.
3010.It Va stf_interface_ipv4addr
3011.Pq Vt str
3012If not set to
3013.Dq Li NO ,
3014this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3015interface).
3016Specify this entry to enable the 6to4 interface.
3017.It Va stf_interface_ipv4plen
3018.Pq Vt int
3019Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3020An effective value is 0-31.
3021.It Va stf_interface_ipv6_ifid
3022.Pq Vt str
3023IPv6 interface ID for
3024.Xr stf 4 .
3025This can be set to
3026.Dq Li AUTO .
3027.It Va stf_interface_ipv6_slaid
3028.Pq Vt str
3029IPv6 Site Level Aggregator for
3030.Xr stf 4 .
3031.It Va ipv6_ipv4mapping
3032.Pq Vt bool
3033If set to
3034.Dq Li YES
3035this enables IPv4 mapped IPv6 address communication (like
3036.Li ::ffff:a.b.c.d ) .
3037.It Va rtsold_enable
3038.Pq Vt bool
3039Set to
3040.Dq Li YES
3041to enable the
3042.Xr rtsold 8
3043daemon to send ICMPv6 Router Solicitation messages.
3044.It Va rtsold_flags
3045.Pq Vt str
3046If
3047.Va rtsold_enable
3048is set to
3049.Dq Li YES ,
3050these are the flags to pass to
3051.Xr rtsold 8 .
3052.It Va rtsol_flags
3053.Pq Vt str
3054For interfaces configured with the
3055.Dq Li inet6 accept_rtadv
3056keyword, these are the flags to pass to
3057.Xr rtsol 8 .
3058.Pp
3059Note that
3060.Va rtsold_enable
3061is mutually exclusive to
3062.Va rtsol_flags ;
3063.Va rtsold_enable
3064takes precedence.
3065.It Va keybell
3066.Pq Vt str
3067The keyboard bell sound.
3068Set to
3069.Dq Li normal ,
3070.Dq Li visual ,
3071.Dq Li off ,
3072or
3073.Dq Li NO
3074if the default behavior is desired.
3075For details, refer to the
3076.Xr kbdcontrol 1
3077manpage.
3078.It Va keyboard
3079.Pq Vt str
3080If set to a non-null string, the virtual console's keyboard input is
3081set to this device.
3082.It Va keymap
3083.Pq Vt str
3084If set to
3085.Dq Li NO ,
3086no keymap is installed, otherwise the value is used to install
3087the keymap file found in
3088.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3089(if using
3090.Xr syscons 4 ) or
3091.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3092(if using
3093.Xr vt 4 ) .
3094.It Va keyrate
3095.Pq Vt str
3096The keyboard repeat speed.
3097Set to
3098.Dq Li slow ,
3099.Dq Li normal ,
3100.Dq Li fast ,
3101or
3102.Dq Li NO
3103if the default behavior is desired.
3104.It Va keychange
3105.Pq Vt str
3106If not set to
3107.Dq Li NO ,
3108attempt to program the function keys with the value.
3109The value should
3110be a single string of the form:
3111.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3112.It Va cursor
3113.Pq Vt str
3114Can be set to the value of
3115.Dq Li normal ,
3116.Dq Li blink ,
3117.Dq Li destructive ,
3118or
3119.Dq Li NO
3120to set the cursor behavior explicitly or choose the default behavior.
3121.It Va scrnmap
3122.Pq Vt str
3123If set to
3124.Dq Li NO ,
3125no screen map is installed, otherwise the value is used to install
3126the screen map file in
3127.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3128This parameter is ignored when using
3129.Xr vt 4
3130as the console driver.
3131.It Va font8x16
3132.Pq Vt str
3133If set to
3134.Dq Li NO ,
3135the default 8x16 font value is used for screen size requests, otherwise
3136the value in
3137.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3138or
3139.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3140is used (depending on the console driver being used).
3141.It Va font8x14
3142.Pq Vt str
3143If set to
3144.Dq Li NO ,
3145the default 8x14 font value is used for screen size requests, otherwise
3146the value in
3147.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3148or
3149.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3150is used (depending on the console driver being used).
3151.It Va font8x8
3152.Pq Vt str
3153If set to
3154.Dq Li NO ,
3155the default 8x8 font value is used for screen size requests, otherwise
3156the value in
3157.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3158or
3159.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3160is used (depending on the console driver being used).
3161.It Va blanktime
3162.Pq Vt int
3163If set to
3164.Dq Li NO ,
3165the default screen blanking interval is used, otherwise it is set
3166to
3167.Ar value
3168seconds.
3169.It Va saver
3170.Pq Vt str
3171If not set to
3172.Dq Li NO ,
3173this is the actual screen saver to use
3174.Li ( blank , snake , daemon ,
3175etc).
3176.It Va moused_nondefault_enable
3177.Pq Vt str
3178If set to
3179.Dq Li NO ,
3180the mouse device specified on
3181the command line is not automatically treated as enabled by the
3182.Pa /etc/rc.d/moused
3183script.
3184Having this variable set to
3185.Dq Li YES
3186allows a
3187.Xr usb 4
3188mouse,
3189for example,
3190to be enabled as soon as it is plugged in.
3191.It Va moused_enable
3192.Pq Vt str
3193If set to
3194.Dq Li YES ,
3195the
3196.Xr moused 8
3197daemon is started for doing cut/paste selection on the console.
3198.It Va moused_type
3199.Pq Vt str
3200This is the protocol type of the mouse connected to this host.
3201This variable must be set if
3202.Va moused_enable
3203is set to
3204.Dq Li YES .
3205The
3206.Xr moused 8
3207daemon
3208is able to detect the appropriate mouse type automatically in many cases.
3209Set this variable to
3210.Dq Li auto
3211to let the daemon detect it, or
3212select one from the following list if the automatic detection fails.
3213.Pp
3214If the mouse is attached to the PS/2 mouse port, choose
3215.Dq Li auto
3216or
3217.Dq Li ps/2 ,
3218regardless of the brand and model of the mouse.
3219Likewise, if the
3220mouse is attached to the bus mouse port, choose
3221.Dq Li auto
3222or
3223.Dq Li busmouse .
3224All other protocols are for serial mice and will not work with
3225the PS/2 and bus mice.
3226If this is a USB mouse,
3227.Dq Li auto
3228is the only protocol type which will work.
3229.Pp
3230.Bl -tag -width ".Li x10mouseremote" -compact
3231.It Li microsoft
3232Microsoft mouse (serial)
3233.It Li intellimouse
3234Microsoft IntelliMouse (serial)
3235.It Li mousesystems
3236Mouse systems Corp.\& mouse (serial)
3237.It Li mmseries
3238MM Series mouse (serial)
3239.It Li logitech
3240Logitech mouse (serial)
3241.It Li busmouse
3242A bus mouse
3243.It Li mouseman
3244Logitech MouseMan and TrackMan (serial)
3245.It Li glidepoint
3246ALPS GlidePoint (serial)
3247.It Li thinkingmouse
3248Kensington ThinkingMouse (serial)
3249.It Li ps/2
3250PS/2 mouse
3251.It Li mmhittab
3252MM HitTablet (serial)
3253.It Li x10mouseremote
3254X10 MouseRemote (serial)
3255.It Li versapad
3256Interlink VersaPad (serial)
3257.El
3258.Pp
3259Even if the mouse is not in the above list, it may be compatible
3260with one in the list.
3261Refer to the manual page for
3262.Xr moused 8
3263for compatibility information.
3264.Pp
3265It should also be noted that while this is enabled, any
3266other client of the mouse (such as an X server) should access
3267the mouse through the virtual mouse device,
3268.Pa /dev/sysmouse ,
3269and configure it as a
3270.Dq Li sysmouse
3271type mouse, since all
3272mouse data is converted to this single canonical format when
3273using
3274.Xr moused 8 .
3275If the client program does not support the
3276.Dq Li sysmouse
3277type,
3278specify the
3279.Dq Li mousesystems
3280type.
3281It is the second preferred type.
3282.It Va moused_port
3283.Pq Vt str
3284If
3285.Va moused_enable
3286is set to
3287.Dq Li YES ,
3288this is the actual port the mouse is on.
3289It might be
3290.Pa /dev/cuau0
3291for a COM1 serial mouse, or
3292.Pa /dev/psm0
3293for a PS/2 mouse, for example.
3294.It Va moused_flags
3295.Pq Vt str
3296If
3297.Va moused_flags
3298is set, its value is used as an additional set of flags to pass to the
3299.Xr moused 8
3300daemon.
3301.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3302When
3303.Va moused_nondefault_enable
3304is enabled, and a
3305.Xr moused 8
3306daemon is started for a non-default port, the
3307.Va "moused_" Ns Ar XXX Ns Va "_flags"
3308set of options has precedence over and replaces the default
3309.Va moused_flags
3310(where
3311.Ar XXX
3312is the name of the non-default port, i.e.,\&
3313.Ar ums0 ) .
3314By setting
3315.Va "moused_" Ns Ar XXX Ns Va "_flags"
3316it is possible to set up a different set of default flags for each
3317.Xr moused 8
3318instance.
3319For example, you can use
3320.Dq Li "-3"
3321for the default
3322.Va moused_flags
3323to make your laptop's touchpad more comfortable to use,
3324but an empty set of options for
3325.Va moused_ums0_flags
3326when your
3327.Xr usb 4
3328mouse has three or more buttons.
3329.It Va mousechar_start
3330.Pq Vt int
3331If set to
3332.Dq Li NO ,
3333the default mouse cursor character range
3334.Li 0xd0 Ns - Ns Li 0xd3
3335is used,
3336otherwise the range start is set
3337to
3338.Ar value
3339character, see
3340.Xr vidcontrol 1 .
3341Use if the default range is occupied in the language code table.
3342.It Va allscreens_flags
3343.Pq Vt str
3344If set,
3345.Xr vidcontrol 1
3346is run with these options for each of the virtual terminals
3347.Pq Pa /dev/ttyv* .
3348For example,
3349.Dq Fl m Cm on
3350will enable the mouse pointer on all virtual terminals
3351if
3352.Va moused_enable
3353is set to
3354.Dq Li YES .
3355.It Va allscreens_kbdflags
3356.Pq Vt str
3357If set,
3358.Xr kbdcontrol 1
3359is run with these options for each of the virtual terminals
3360.Pq Pa /dev/ttyv* .
3361For example,
3362.Dq Fl h Li 200
3363will set the
3364.Xr syscons 4
3365or
3366.Xr vt 4
3367scrollback (history) buffer to 200 lines.
3368.It Va cron_enable
3369.Pq Vt bool
3370If set to
3371.Dq Li YES ,
3372run the
3373.Xr cron 8
3374daemon at system boot time.
3375.It Va cron_program
3376.Pq Vt str
3377Path to
3378.Xr cron 8
3379(default
3380.Pa /usr/sbin/cron ) .
3381.It Va cron_flags
3382.Pq Vt str
3383If
3384.Va cron_enable
3385is set to
3386.Dq Li YES ,
3387these are the flags to pass to
3388.Xr cron 8 .
3389.It Va cron_dst
3390.Pq Vt bool
3391If set to
3392.Dq Li YES ,
3393enable the special handling of transitions to and from the
3394Daylight Saving Time in
3395.Xr cron 8
3396(equivalent to using the flag
3397.Fl s ) .
3398.It Va lpd_program
3399.Pq Vt str
3400Path to
3401.Xr lpd 8
3402(default
3403.Pa /usr/sbin/lpd ) .
3404.It Va lpd_enable
3405.Pq Vt bool
3406If set to
3407.Dq Li YES ,
3408run the
3409.Xr lpd 8
3410daemon at system boot time.
3411.It Va lpd_flags
3412.Pq Vt str
3413If
3414.Va lpd_enable
3415is set to
3416.Dq Li YES ,
3417these are the flags to pass to the
3418.Xr lpd 8
3419daemon.
3420.It Va chkprintcap_enable
3421.Pq Vt bool
3422If set to
3423.Dq Li YES ,
3424run the
3425.Xr chkprintcap 8
3426command before starting the
3427.Xr lpd 8
3428daemon.
3429.It Va chkprintcap_flags
3430.Pq Vt str
3431If
3432.Va lpd_enable
3433and
3434.Va chkprintcap_enable
3435are set to
3436.Dq Li YES ,
3437these are the flags to pass to the
3438.Xr chkprintcap 8
3439program.
3440The default is
3441.Dq Li -d ,
3442which causes missing directories to be created.
3443.It Va mta_start_script
3444.Pq Vt str
3445This variable specifies the full path to the script to run to start
3446a mail transfer agent.
3447The default is
3448.Pa /etc/rc.sendmail .
3449The
3450.Va sendmail_*
3451variables which
3452.Pa /etc/rc.sendmail
3453uses are documented in the
3454.Xr rc.sendmail 8
3455manual page.
3456.It Va dumpdev
3457.Pq Vt str
3458Indicates the device (usually a swap partition) to which a crash dump
3459should be written in the event of a system crash.
3460If the value of this variable is
3461.Dq Li AUTO ,
3462the first suitable swap device listed in
3463.Pa /etc/fstab
3464will be used as dump device.
3465Otherwise, the value of this variable is passed as the argument to
3466.Xr dumpon 8
3467and
3468.Xr savecore 8 .
3469To disable crash dumps, set this variable to
3470.Dq Li NO .
3471.It Va dumpon_flags
3472.Pq Vt str
3473Flags to pass to
3474.Xr dumpon 8
3475when configuring
3476.Va dumpdev
3477as the system dump device.
3478.It Va dumpdir
3479.Pq Vt str
3480When the system reboots after a crash and a crash dump is found on the
3481device specified by the
3482.Va dumpdev
3483variable,
3484.Xr savecore 8
3485will save that crash dump and a copy of the kernel to the directory
3486specified by the
3487.Va dumpdir
3488variable.
3489The default value is
3490.Pa /var/crash .
3491Set to
3492.Dq Li NO
3493to not run
3494.Xr savecore 8
3495at boot time when
3496.Va dumpdir
3497is set.
3498.It Va savecore_enable
3499.Pq Vt bool
3500If set to
3501.Dq Li NO ,
3502disable automatic extraction of the crash dump from the
3503.Va dumpdev .
3504.It Va savecore_flags
3505.Pq Vt str
3506If crash dumps are enabled, these are the flags to pass to the
3507.Xr savecore 8
3508utility.
3509.It Va quota_enable
3510.Pq Vt bool
3511Set to
3512.Dq Li YES
3513to turn on user and group disk quotas on system startup via the
3514.Xr quotaon 8
3515command for all file systems marked as having quotas enabled in
3516.Pa /etc/fstab .
3517The kernel must be built with
3518.Cd "options QUOTA"
3519for disk quotas to function.
3520.It Va check_quotas
3521.Pq Vt bool
3522Set to
3523.Dq Li YES
3524to enable user and group disk quota checking via the
3525.Xr quotacheck 8
3526command.
3527.It Va quotacheck_flags
3528.Pq Vt str
3529If
3530.Va quota_enable
3531is set to
3532.Dq Li YES ,
3533and
3534.Va check_quotas
3535is set to
3536.Dq Li YES ,
3537these are the flags to pass to the
3538.Xr quotacheck 8
3539utility.
3540The default is
3541.Dq Li "-a" ,
3542which checks quotas for all file systems with quotas enabled in
3543.Pa /etc/fstab .
3544.It Va quotaon_flags
3545.Pq Vt str
3546If
3547.Va quota_enable
3548is set to
3549.Dq Li YES ,
3550these are the flags to pass to the
3551.Xr quotaon 8
3552utility.
3553The default is
3554.Dq Li "-a" ,
3555which enables quotas for all file systems with quotas enabled in
3556.Pa /etc/fstab .
3557.It Va quotaoff_flags
3558.Pq Vt str
3559If
3560.Va quota_enable
3561is set to
3562.Dq Li YES ,
3563these are the flags to pass to the
3564.Xr quotaoff 8
3565utility when shutting down the quota system.
3566The default is
3567.Dq Li "-a" ,
3568which disables quotas for all file systems with quotas enabled in
3569.Pa /etc/fstab .
3570.It Va accounting_enable
3571.Pq Vt bool
3572Set to
3573.Dq Li YES
3574to enable system accounting through the
3575.Xr accton 8
3576facility.
3577.It Va firstboot_sentinel
3578.Pq Vt str
3579This variable specifies the full path to a
3580.Dq first boot
3581sentinel file.
3582If a file exists with this path,
3583.Pa rc.d
3584scripts with the
3585.Dq firstboot
3586keyword will be run on startup and the sentinel file will be deleted
3587after the boot process completes.
3588The sentinel file must be located on a writable file system which is
3589mounted no later than
3590.Va early_late_divider
3591to function properly.
3592The default is
3593.Pa /firstboot .
3594.It Va linux_enable
3595.Pq Vt bool
3596Set to
3597.Dq Li YES
3598to enable Linux/ELF binary emulation at system initial
3599boot time.
3600.It Va sysvipc_enable
3601.Pq Vt bool
3602If set to
3603.Dq Li YES ,
3604load System V IPC primitives at boot time.
3605.It Va clear_tmp_enable
3606.Pq Vt bool
3607Set to
3608.Dq Li YES
3609to have
3610.Pa /tmp
3611cleaned at startup.
3612.It Va clear_tmp_X
3613.Pq Vt bool
3614Set to
3615.Dq Li NO
3616to disable removing of X11 lock files,
3617and the removal and (secure) recreation
3618of the various socket directories for X11
3619related programs.
3620.It Va ldconfig_paths
3621.Pq Vt str
3622Set to the list of shared library paths to use with
3623.Xr ldconfig 8 .
3624NOTE:
3625.Pa /lib
3626and
3627.Pa /usr/lib
3628will always be added first, so they need not appear in this list.
3629.It Va ldconfig32_paths
3630.Pq Vt str
3631Set to the list of 32-bit compatibility shared library paths to
3632use with
3633.Xr ldconfig 8 .
3634.It Va ldconfig_insecure
3635.Pq Vt bool
3636The
3637.Xr ldconfig 8
3638utility normally refuses to use directories
3639which are writable by anyone except root.
3640Set this variable to
3641.Dq Li YES
3642to disable that security check during system startup.
3643.It Va ldconfig_local_dirs
3644.Pq Vt str
3645Set to the list of local
3646.Xr ldconfig 8
3647directories.
3648The names of all files in the directories listed will be
3649passed as arguments to
3650.Xr ldconfig 8 .
3651.It Va ldconfig_local32_dirs
3652.Pq Vt str
3653Set to the list of local 32-bit compatibility
3654.Xr ldconfig 8
3655directories.
3656The names of all files in the directories listed will be
3657passed as arguments to
3658.Dq Nm ldconfig Fl 32 .
3659.It Va kern_securelevel_enable
3660.Pq Vt bool
3661Set to
3662.Dq Li YES
3663to set the kernel security level at system startup.
3664.It Va kern_securelevel
3665.Pq Vt int
3666The kernel security level to set at startup.
3667The allowed range of
3668.Ar value
3669ranges from \-1 (the compile time default) to 3 (the
3670most secure).
3671See
3672.Xr security 7
3673for the list of possible security levels and their effect
3674on system operation.
3675.It Va sshd_program
3676.Pq Vt str
3677Path to the SSH server program
3678.Pa ( /usr/sbin/sshd
3679is the default).
3680.It Va sshd_enable
3681.Pq Vt bool
3682Set to
3683.Dq Li YES
3684to start
3685.Xr sshd 8
3686at system boot time.
3687.It Va sshd_flags
3688.Pq Vt str
3689If
3690.Va sshd_enable
3691is set to
3692.Dq Li YES ,
3693these are the flags to pass to the
3694.Xr sshd 8
3695daemon.
3696.It Va ftpd_program
3697.Pq Vt str
3698Path to the FTP server program
3699.Pa ( /usr/libexec/ftpd
3700is the default).
3701.It Va ftpd_enable
3702.Pq Vt bool
3703Set to
3704.Dq Li YES
3705to start
3706.Xr ftpd 8
3707as a stand-alone daemon at system boot time.
3708.It Va ftpd_flags
3709.Pq Vt str
3710If
3711.Va ftpd_enable
3712is set to
3713.Dq Li YES ,
3714these are the additional flags to pass to the
3715.Xr ftpd 8
3716daemon.
3717.It Va watchdogd_enable
3718.Pq Vt bool
3719If set to
3720.Dq Li YES ,
3721start the
3722.Xr watchdogd 8
3723daemon at boot time.
3724This requires that the kernel have been compiled with a
3725.Xr watchdog 4
3726compatible device.
3727.It Va watchdogd_flags
3728.Pq Vt str
3729If
3730.Va watchdogd_enable
3731is set to
3732.Dq Li YES ,
3733these are the flags passed to the
3734.Xr watchdogd 8
3735daemon.
3736.It Va watchdogd_timeout
3737.Pq Vt int
3738If
3739.Va watchdogd_enable
3740is set to
3741.Dq Li YES ,
3742this is a timeout that will be used by the
3743.Xr watchdogd 8
3744daemon.
3745If this option is set, it overrides
3746.Fl t
3747in
3748.Va watchdogd_flags .
3749.It Va watchdogd_shutdown_timeout
3750.Pq Vt int
3751If
3752.Va watchdogd_enable
3753is set to
3754.Dq Li YES ,
3755this is a timeout that will be set by the
3756.Xr watchdogd 8
3757daemon when it exits during the system shutdown.
3758This timeout will not be set when returning to the single-user mode
3759or when the watchdogd service is stopped individually using the
3760.Xr service 8
3761command or the rc.d script.
3762Note that the timeout will be applied if
3763.Xr watchdogd 8
3764is stopped outside of
3765.Xr rc 8
3766framework.
3767If this option is set, it overrides
3768.Fl x
3769in
3770.Va watchdogd_flags .
3771.It Va devfs_rulesets
3772.Pq Vt str
3773List of files containing sets of rules for
3774.Xr devfs 8 .
3775.It Va devfs_system_ruleset
3776.Pq Vt str
3777Rule name(s) to apply to the system
3778.Pa /dev
3779itself.
3780.It Va devfs_set_rulesets
3781.Pq Vt str
3782Pairs of already-mounted
3783.Pa dev
3784directories and rulesets that should be applied to them.
3785For example: /mount/dev=ruleset_name
3786.It Va devfs_load_rulesets
3787.Pq Vt bool
3788If set, always load the default rulesets listed in
3789.Va devfs_rulesets .
3790.It Va performance_cx_lowest
3791.Pq Vt str
3792CPU idle state to use while on AC power.
3793The string
3794.Dq Li LOW
3795indicates that
3796.Xr acpi 4
3797should use the lowest power state available while
3798.Dq Li HIGH
3799indicates that the lowest latency state (less power savings) should be used.
3800.It Va performance_cpu_freq
3801.Pq Vt str
3802CPU clock frequency to use while on AC power.
3803The string
3804.Dq Li LOW
3805indicates that
3806.Xr cpufreq 4
3807should use the lowest frequency available while
3808.Dq Li HIGH
3809indicates that the highest frequency (less power savings) should be used.
3810.It Va economy_cx_lowest
3811.Pq Vt str
3812CPU idle state to use when off AC power.
3813The string
3814.Dq Li LOW
3815indicates that
3816.Xr acpi 4
3817should use the lowest power state available while
3818.Dq Li HIGH
3819indicates that the lowest latency state (less power savings) should be used.
3820.It Va economy_cpu_freq
3821.Pq Vt str
3822CPU clock frequency to use when off AC power.
3823The string
3824.Dq Li LOW
3825indicates that
3826.Xr cpufreq 4
3827should use the lowest frequency available while
3828.Dq Li HIGH
3829indicates that the highest frequency (less power savings) should be used.
3830.It Va jail_enable
3831.Pq Vt bool
3832If set to
3833.Dq Li NO ,
3834any configured jails will not be started.
3835.It Va jail_conf
3836.Pq Vt str
3837The configuration filename used by
3838.Xr jail 8
3839utility.
3840The default value is
3841.Pa /etc/jail.conf .
3842.It Va jail_parallel_start
3843.Pq Vt bool
3844If set to
3845.Dq Li YES ,
3846all configured jails will be started in the background (in parallel).
3847.It Va jail_flags
3848.Pq Vt str
3849Unset by default.
3850When set, use as default value for
3851.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3852for every jail in
3853.Va jail_list .
3854.It Va jail_list
3855.Pq Vt str
3856A space-delimited list of jail names.
3857When left empty, all of the
3858.Xr jail 8
3859instances defined in the configuration file are started.
3860The names specified in this list control the jail startup order.
3861.Xr jail 8
3862instances missing from
3863.Va jail_list
3864must be started manually.
3865Note that a jail's
3866.Va depend
3867parameter in the configuration file may override this list.
3868.It Va jail_reverse_stop
3869.Pq Vt bool
3870When set to
3871.Dq Li YES ,
3872all configured jails in
3873.Va jail_list
3874are stopped in reverse order.
3875.It Va jail_ Ns * variables
3876Note that older releases supported per-jail configuration via
3877.Nm
3878variables.
3879For example,
3880hostname of a jail named
3881.Li vjail
3882was able to be set by
3883.Li jail_vjail_hostname .
3884These per-jail configuration variables are now obsolete in favor of
3885.Xr jail 8
3886configuration file.
3887For backward compatibility,
3888when per-jail configuration variables are defined,
3889.Xr jail 8
3890configuration files are created as
3891.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3892and used.
3893.Pp
3894The following per-jail parameters are handled by
3895.Pa rc.d/jail
3896script out of their corresponding
3897.Nm
3898variables.
3899In addition to them, parameters in
3900.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3901will be added to the configuration file.
3902They must be a semi-colon
3903.Pq Ql \&;
3904delimited list of
3905.Dq key=value .
3906For more details,
3907see
3908.Xr jail 8
3909manual page.
3910.Bl  -tag -width "host.hostname" -offset indent
3911.It Li path
3912set from
3913.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3914.It Li host.hostname
3915set from
3916.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3917.It Li exec.consolelog
3918set from
3919.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3920The default value is
3921.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3922.It Li interface
3923set from
3924.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3925.It Li vnet.interface
3926set from
3927.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3928This implies
3929.Li vnet
3930parameter will be enabled and cannot be specified with
3931.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3932.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3933and/or
3934.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3935at the same time.
3936.It Li fstab
3937set from
3938.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3939.It Li mount
3940set from
3941.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3942.It Li exec.fib
3943set from
3944.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3945.It Li exec.start
3946set from
3947.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3948The parameter name was
3949.Li command
3950in some older releases.
3951.It Li exec.prestart
3952set from
3953.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3954.It Li exec.poststart
3955set from
3956.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3957.It Li exec.stop
3958set from
3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3960.It Li exec.prestop
3961set from
3962.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3963.It Li exec.poststop
3964set from
3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3966.It Li ip4.addr
3967set if
3968.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3969or
3970.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3971contain IPv4 addresses
3972.It Li ip6.addr
3973set if
3974.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3975or
3976.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3977contain IPv6 addresses
3978.It Li allow.mount
3979set from
3980.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3981.It Li mount.devfs
3982set from
3983.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3984.It Li devfs_ruleset
3985set from
3986.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3987This must be an integer,
3988not a string.
3989.It Li mount.fdescfs
3990set from
3991.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3992.It Li allow.set_hostname
3993set from
3994.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
3995.It Li allow.rawsocket
3996set from
3997.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
3998.It Li allow.sysvipc
3999set from
4000.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4001.El
4002.\" -----------------------------------------------------
4003.It Va harvest_mask
4004.Pq Vt int
4005Set to a bit-mask
4006representing the entropy sources
4007you wish to harvest.
4008Refer to
4009.Xr random 4
4010for more information.
4011.It Va entropy_dir
4012.Pq Vt str
4013Set to
4014.Dq Li NO
4015to disable caching entropy via
4016.Xr cron 8 .
4017Otherwise set to the directory
4018in which the entropy files are stored.
4019To be useful,
4020there must be
4021a system cron job
4022that regularly writes and rotates
4023files here.
4024All files found
4025will be used at boot time.
4026The default is
4027.Pa /var/db/entropy .
4028.It Va entropy_file
4029.Pq Vt str
4030Set to
4031.Dq Li NO
4032to disable caching entropy through reboots.
4033Otherwise set to the name
4034of a file used to store cached entropy.
4035This file should be located
4036on a file system that is readable
4037before all the volumes specified in
4038.Xr fstab 5
4039are mounted.
4040By default,
4041.Pa /entropy
4042is used,
4043but if
4044.Pa /var/db/entropy-file
4045is found it will also be used.
4046This will be of some use to
4047.Xr bsdinstall 8 .
4048.It Va entropy_boot_file
4049.Pq Vt str
4050Set to
4051.Dq Li NO
4052to disable
4053very early caching entropy
4054through reboots.
4055Otherwise set to the filename
4056used to read
4057very early reboot cached entropy.
4058This file should be located where
4059.Xr loader 8
4060can read it.
4061See also
4062.Xr loader.conf 5 .
4063The default location is
4064.Pa /boot/entropy .
4065.It Va entropy_save_sz
4066.Pq Vt int
4067Size of the entropy cache files saved by
4068.Nm save-entropy
4069periodically.
4070.It Va entropy_save_num
4071.Pq Vt int
4072Number of entropy cache files to save by
4073.Nm save-entropy
4074periodically.
4075.It Va ipsec_enable
4076.Pq Vt bool
4077Set to
4078.Dq Li YES
4079to run
4080.Xr setkey 8
4081on
4082.Va ipsec_file
4083at boot time.
4084.It Va ipsec_file
4085.Pq Vt str
4086Configuration file for
4087.Xr setkey 8 .
4088.It Va dmesg_enable
4089.Pq Vt bool
4090Set to
4091.Dq Li YES
4092to save
4093.Xr dmesg 8
4094to
4095.Pa /var/run/dmesg.boot
4096on boot.
4097.It Va rcshutdown_timeout
4098.Pq Vt int
4099If set, start a watchdog timer in the background which will terminate
4100.Pa rc.shutdown
4101if
4102.Xr shutdown 8
4103has not completed within the specified time (in seconds).
4104Notice that in addition to this soft timeout,
4105.Xr init 8
4106also applies a hard timeout for the execution of
4107.Pa rc.shutdown .
4108This is configured via
4109.Xr sysctl 8
4110variable
4111.Va kern.init_shutdown_timeout
4112and defaults to 120 seconds.
4113Setting the value of
4114.Va rcshutdown_timeout
4115to more than 120 seconds will have no effect until the
4116.Xr sysctl 8
4117variable
4118.Va kern.init_shutdown_timeout
4119is also increased.
4120.It Va virecover_enable
4121.Pq Vt bool
4122Set to
4123.Dq Li NO
4124to prevent the system from trying to
4125recover pre-maturely terminated
4126.Xr vi 1
4127sessions.
4128.It Va ugidfw_enable
4129.Pq Vt bool
4130Set to
4131.Dq Li YES
4132to load the
4133.Xr mac_bsdextended 4
4134module upon system initialization and load a default
4135ruleset file.
4136.It Va bsdextended_script
4137.Pq Vt str
4138The default
4139.Xr mac_bsdextended 4
4140ruleset file to load.
4141The default value of this variable is
4142.Pa /etc/rc.bsdextended .
4143.It Va newsyslog_enable
4144.Pq Vt bool
4145If set to
4146.Dq Li YES ,
4147run
4148.Xr newsyslog 8
4149command at startup.
4150.It Va newsyslog_flags
4151.Pq Vt str
4152If
4153.Va newsyslog_enable
4154is set to
4155.Dq Li YES ,
4156these are the flags to pass to the
4157.Xr newsyslog 8
4158program.
4159The default is
4160.Dq Li -CN ,
4161which causes log files flagged with a
4162.Cm C
4163to be created.
4164.It Va mdconfig_md Ns Aq Ar X
4165.Pq Vt str
4166Arguments to
4167.Xr mdconfig 8
4168for
4169.Xr md 4
4170device
4171.Ar X .
4172At minimum a
4173.Fl t Ar type
4174must be specified and either a
4175.Fl s Ar size
4176for malloc or swap backed
4177.Xr md 4
4178devices or a
4179.Fl f Ar file
4180for vnode backed
4181.Xr md 4
4182devices.
4183Note that
4184.Va mdconfig_md Ns Aq Ar X
4185variables are evaluated until one variable is unset or null.
4186.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4187.Pq Vt str
4188Optional arguments passed to
4189.Xr newfs 8
4190to initialize
4191.Xr md 4
4192device
4193.Ar X .
4194.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4195.Pq Vt str
4196An ownership specification passed to
4197.Xr chown 8
4198after the specified
4199.Xr md 4
4200device
4201.Ar X
4202has been mounted.
4203Both the
4204.Xr md 4
4205device and the mount point will be changed.
4206.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4207.Pq Vt str
4208A mode string passed to
4209.Xr chmod 1
4210after the specified
4211.Xr md 4
4212device
4213.Ar X
4214has been mounted.
4215Both the
4216.Xr md 4
4217device and the mount point will be changed.
4218.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4219.Pq Vt str
4220Files to be copied to the mount point of the
4221.Xr md 4
4222device
4223.Ar X
4224after it has been mounted.
4225.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4226.Pq Vt str
4227Command to execute after the specified
4228.Xr md 4
4229device
4230.Ar X
4231has been mounted.
4232Note that the command is passed to
4233.Ic eval
4234and that both
4235.Va _dev
4236and
4237.Va _mp
4238variables can be used to reference respectively the
4239.Xr md 4
4240device and the mount point.
4241Assuming that the
4242.Xr md 4
4243device is
4244.Li md0 ,
4245one could set the following:
4246.Bd -literal
4247mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4248.Ed
4249.It Va autobridge_interfaces
4250.Pq Vt str
4251Set to the list of bridge interfaces that will have newly arriving interfaces
4252checked against to be automatically added.
4253If not set to
4254.Dq Li NO
4255then for each whitespace separated
4256.Ar element
4257in the value, a
4258.Va autobridge_ Ns Aq Ar element
4259variable is assumed to exist which has a whitespace separated list of interface
4260names to match, these names can use wildcards.
4261For example:
4262.Bd -literal
4263autobridge_interfaces="bridge0"
4264autobridge_bridge0="tap* dc0 vlan[345]"
4265.Ed
4266.It Va mixer_enable
4267.Pq Vt bool
4268If set to
4269.Dq Li YES ,
4270enable support for sound mixer.
4271.It Va hcsecd_enable
4272.Pq Vt bool
4273If set to
4274.Dq Li YES ,
4275enable Bluetooth security daemon.
4276.It Va hcsecd_config
4277.Pq Vt str
4278Configuration file for
4279.Xr hcsecd 8 .
4280Default
4281.Pa /etc/bluetooth/hcsecd.conf .
4282.It Va sdpd_enable
4283.Pq Vt bool
4284If set to
4285.Dq Li YES ,
4286enable Bluetooth Service Discovery Protocol daemon.
4287.It Va sdpd_control
4288.Pq Vt str
4289Path to
4290.Xr sdpd 8
4291control socket.
4292Default
4293.Pa /var/run/sdp .
4294.It Va sdpd_groupname
4295.Pq Vt str
4296Sets
4297.Xr sdpd 8
4298group to run as after it initializes.
4299Default
4300.Dq Li nobody .
4301.It Va sdpd_username
4302.Pq Vt str
4303Sets
4304.Xr sdpd 8
4305user to run as after it initializes.
4306Default
4307.Dq Li nobody .
4308.It Va bthidd_enable
4309.Pq Vt bool
4310If set to
4311.Dq Li YES ,
4312enable Bluetooth Human Interface Device daemon.
4313.It Va bthidd_config
4314.Pq Vt str
4315Configuration file for
4316.Xr bthidd 8 .
4317Default
4318.Pa /etc/bluetooth/bthidd.conf .
4319.It Va bthidd_hids
4320.Pq Vt str
4321Path to a file, where
4322.Xr bthidd 8
4323will store information about known HID devices.
4324Default
4325.Pa /var/db/bthidd.hids .
4326.It Va rfcomm_pppd_server_enable
4327.Pq Vt bool
4328If set to
4329.Dq Li YES ,
4330enable Bluetooth RFCOMM PPP wrapper daemon.
4331.It Va rfcomm_pppd_server_profile
4332.Pq Vt str
4333The name of the profile to use from
4334.Pa /etc/ppp/ppp.conf .
4335Multiple profiles can be specified here.
4336Also used to specify per-profile overrides.
4337When the profile name contains any of the characters
4338.Dq Li .-/+
4339they are translated to
4340.Dq Li _
4341for the proposes of the override variable names.
4342.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4343.Pq Vt str
4344Overrides local address to listen on.
4345By default
4346.Xr rfcomm_pppd 8
4347will listen on
4348.Dq Li ANY
4349address.
4350The address can be specified as BD_ADDR or name.
4351.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4352.Pq Vt str
4353Overrides local RFCOMM channel to listen on.
4354By default
4355.Xr rfcomm_pppd 8
4356will listen on RFCOMM channel 1.
4357Must set properly if multiple profiles used in the same time.
4358.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4359.Pq Vt bool
4360Tells
4361.Xr rfcomm_pppd 8
4362if it should register Serial Port service on the specified RFCOMM channel.
4363Default
4364.Dq Li NO .
4365.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4366.Pq Vt bool
4367Tells
4368.Xr rfcomm_pppd 8
4369if it should register Dial-Up Networking service on the specified
4370RFCOMM channel.
4371Default
4372.Dq Li NO .
4373.It Va ubthidhci_enable
4374.Pq Vt bool
4375If set to
4376.Dq Li YES ,
4377change the USB Bluetooth controller from HID mode to HCI mode.
4378You also need to specify the location of USB Bluetooth controller with the
4379.Va ubthidhci_busnum
4380and
4381.Va ubthidhci_addr
4382variables.
4383.It Va ubthidhci_busnum
4384Bus number where the USB Bluetooth controller is located.
4385Check the output of
4386.Xr usbconfig 8
4387on your system to find this information.
4388.It Va ubthidhci_addr
4389Bus address of the USB Bluetooth controller.
4390Check the output of
4391.Xr usbconfig 8
4392on your system to find this information.
4393.It Va netwait_enable
4394.Pq Vt bool
4395If set to
4396.Dq Li YES ,
4397delays the start of network-reliant services until
4398.Va netwait_if
4399is up and ICMP packets to a destination defined in
4400.Va netwait_ip
4401are flowing.
4402Link state is examined first, followed by
4403.Dq Li pinging
4404an IP address to verify network usability.
4405If no destination can be reached or timeouts are exceeded,
4406network services are started anyway with no guarantee that
4407the network is usable.
4408Use of this variable requires both
4409.Va netwait_ip
4410and
4411.Va netwait_if
4412to be set.
4413.It Va netwait_ip
4414.Pq Vt str
4415Empty by default.
4416This variable contains a space-delimited list of IP addresses to
4417.Xr ping 8 .
4418DNS hostnames should not be used as resolution is not guaranteed
4419to be functional at this point.
4420If multiple IP addresses are specified,
4421each will be tried until one is successful or the list is exhausted.
4422.It Va netwait_timeout
4423.Pq Vt int
4424Indicates the total number of seconds to perform a
4425.Dq Li ping
4426against each IP address in
4427.Va netwait_ip ,
4428at a rate of one ping per second.
4429If any of the pings are successful,
4430full network connectivity is considered reliable.
4431The default is 60.
4432.It Va netwait_if
4433.Pq Vt str
4434Empty by default.
4435Defines the name of the network interface on which watch for link.
4436.Xr ifconfig 8
4437is used to monitor the interface, looking for
4438.Dq Li status: no carrier .
4439Once gone, the link is considered up.
4440This can be a
4441.Xr vlan 4
4442interface if desired.
4443.It Va netwait_if_timeout
4444.Pq Vt int
4445Defines the total number of seconds to wait for link to become usable,
4446polled at a 1-second interval.
4447The default is 30.
4448.It Va rctl_enable
4449.Pq Vt bool
4450If set to
4451.Dq Li YES ,
4452load
4453.Xr rctl 8
4454rules from the defined ruleset.
4455The kernel must be built with
4456.Cd "options RACCT"
4457and
4458.Cd "options RCTL" .
4459.It Va rctl_rules
4460.Pq Vt str
4461Set to
4462.Pa /etc/rctl.conf
4463by default.
4464This variables contains the
4465.Xr rctl.conf 5
4466ruleset to load for
4467.Xr rctl 8 .
4468.It Va iovctl_files
4469.Pq Vt str
4470A space-separated list of configuration files used by
4471.Xr iovctl 8 .
4472The default value is an empty string.
4473.It Va autofs_enable
4474.Pq Vt bool
4475If set to
4476.Dq Li YES ,
4477start the
4478.Xr automount 8
4479utility and the
4480.Xr automountd 8
4481and
4482.Xr autounmountd 8
4483daemons at boot time.
4484.It Va automount_flags
4485.Pq Vt str
4486If
4487.Va autofs_enable
4488is set to
4489.Dq Li YES ,
4490these are the flags to pass to the
4491.Xr automount 8
4492program.
4493By default no flags are passed.
4494.It Va automountd_flags
4495.Pq Vt str
4496If
4497.Va autofs_enable
4498is set to
4499.Dq Li YES ,
4500these are the flags to pass to the
4501.Xr automountd 8
4502daemon.
4503By default no flags are passed.
4504.It Va autounmountd_flags
4505.Pq Vt str
4506If
4507.Va autofs_enable
4508is set to
4509.Dq Li YES ,
4510these are the flags to pass to the
4511.Xr autounmountd 8
4512daemon.
4513By default no flags are passed.
4514.It Va ctld_enable
4515.Pq Vt bool
4516If set to
4517.Dq Li YES ,
4518start the
4519.Xr ctld 8
4520daemon at boot time.
4521.It Va iscsid_enable
4522.Pq Vt bool
4523If set to
4524.Dq Li YES ,
4525start the
4526.Xr iscsid 8
4527daemon at boot time.
4528.It Va iscsictl_enable
4529.Pq Vt bool
4530If set to
4531.Dq Li YES ,
4532start the
4533.Xr iscsictl 8
4534utility at boot time.
4535.It Va iscsictl_flags
4536.Pq Vt str
4537If
4538.Va iscsictl_enable
4539is set to
4540.Dq Li YES ,
4541these are the flags to pass to the
4542.Xr iscsictl 8
4543program.
4544The default is
4545.Dq Li -Aa ,
4546which configures sessions based on the
4547.Pa /etc/iscsi.conf
4548configuration file.
4549.It Va cfumass_enable
4550.Pq Vt bool
4551If set to
4552.Dq Li YES ,
4553create and export an USB LUN using
4554.Xr cfumass 4
4555at boot time.
4556.It Va cfumass_dir
4557.Pq Vt str
4558The directory where the files exported by USB LUN are located.
4559The default directory is
4560.Pa /var/cfumass .
4561.It Va service_delete_empty
4562.Pq Vt bool
4563If set to
4564.Dq Li YES ,
4565.Ql Li service delete
4566removes empty
4567.Dq Li rc.conf.d
4568files.
4569.It Va zfs_bootonce_activate
4570.Pq Vt bool
4571If set to
4572.Dq Li YES ,
4573and a boot environment marked bootonce is successfully booted,
4574it will be made permanently active.
4575.El
4576.Sh FILES
4577.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4578.It Pa /etc/defaults/rc.conf
4579.It Pa /etc/defaults/vendor.conf
4580.It Pa /etc/rc.conf
4581.It Pa /etc/rc.conf.local
4582.El
4583.Sh SEE ALSO
4584.Xr chmod 1 ,
4585.Xr gdb 1 ,
4586.Xr info 1 ,
4587.Xr kbdcontrol 1 ,
4588.Xr makewhatis 1 ,
4589.Xr sh 1 ,
4590.Xr vi 1 ,
4591.Xr vidcontrol 1 ,
4592.Xr bridge 4 ,
4593.Xr dummynet 4 ,
4594.Xr ip 4 ,
4595.Xr ipf 4 ,
4596.Xr ipfw 4 ,
4597.Xr ipnat 4 ,
4598.Xr kld 4 ,
4599.Xr pf 4 ,
4600.Xr pflog 4 ,
4601.Xr pfsync 4 ,
4602.Xr tcp 4 ,
4603.Xr udp 4 ,
4604.Xr exports 5 ,
4605.Xr fstab 5 ,
4606.Xr ipf 5 ,
4607.Xr ipnat 5 ,
4608.Xr jail.conf 5 ,
4609.Xr loader.conf 5 ,
4610.Xr motd 5 ,
4611.Xr newsyslog.conf 5 ,
4612.Xr pf.conf 5 ,
4613.Xr security 7 ,
4614.Xr accton 8 ,
4615.Xr amd 8 ,
4616.Xr apm 8 ,
4617.Xr bsdinstall 8 ,
4618.Xr bthidd 8 ,
4619.Xr chkprintcap 8 ,
4620.Xr chown 8 ,
4621.Xr cron 8 ,
4622.Xr devfs 8 ,
4623.Xr dhclient 8 ,
4624.Xr ftpd 8 ,
4625.Xr geli 8 ,
4626.Xr hcsecd 8 ,
4627.Xr ifconfig 8 ,
4628.Xr inetd 8 ,
4629.Xr iovctl 8 ,
4630.Xr ipf 8 ,
4631.Xr ipfw 8 ,
4632.Xr ipnat 8 ,
4633.Xr jail 8 ,
4634.Xr kldxref 8 ,
4635.Xr loader 8 ,
4636.Xr lpd 8 ,
4637.Xr mdconfig 8 ,
4638.Xr mdmfs 8 ,
4639.Xr mixer 8 ,
4640.Xr mountd 8 ,
4641.Xr moused 8 ,
4642.Xr newfs 8 ,
4643.Xr newsyslog 8 ,
4644.Xr nfsd 8 ,
4645.Xr ntpd 8 ,
4646.Xr ntpdate 8 ,
4647.Xr pfctl 8 ,
4648.Xr pflogd 8 ,
4649.Xr ping 8 ,
4650.Xr powerd 8 ,
4651.Xr quotacheck 8 ,
4652.Xr quotaon 8 ,
4653.Xr rc 8 ,
4654.Xr rc.sendmail 8 ,
4655.Xr rcorder 8 ,
4656.Xr rfcomm_pppd 8 ,
4657.Xr route 8 ,
4658.Xr routed 8 ,
4659.Xr rpc.lockd 8 ,
4660.Xr rpc.statd 8 ,
4661.Xr rpcbind 8 ,
4662.Xr rwhod 8 ,
4663.Xr savecore 8 ,
4664.Xr sdpd 8 ,
4665.Xr service 8 ,
4666.Xr sshd 8 ,
4667.Xr swapon 8 ,
4668.Xr sysctl 8 ,
4669.Xr syslogd 8 ,
4670.Xr sysrc 8 ,
4671.Xr unbound 8 ,
4672.Xr usbconfig 8 ,
4673.Xr wlandebug 8 ,
4674.Xr yp 8 ,
4675.Xr ypbind 8 ,
4676.Xr ypserv 8 ,
4677.Xr ypset 8
4678.Sh HISTORY
4679The
4680.Nm
4681file appeared in
4682.Fx 2.2.2 .
4683.Sh AUTHORS
4684.An Jordan K. Hubbard .
4685