1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd May 13, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va devmatch_enable 255.Pq Vt bool 256If set to 257.Dq Li NO , 258disable auto-loading of kernel modules with 259.Xr devmatch 8 . 260.It Va devmatch_blacklist 261.Pq Vt str 262A whitespace-separated list of kernel modules to be ignored by 263.Xr devmatch 8 . 264.It Va kld_list 265.Pq Vt str 266A whitespace-separated list of kernel modules to load right after 267the local disks are mounted, without any 268.Pa .ko 269extension or path. 270Loading modules at this point in the boot process is 271much faster than doing it via 272.Pa /boot/loader.conf 273for those modules not necessary for mounting local disks. 274.It Va kldxref_enable 275.Pq Vt bool 276Set to 277.Dq Li NO 278by default. 279Set to 280.Dq Li YES 281to automatically rebuild 282.Pa linker.hints 283files with 284.Xr kldxref 8 285at boot time. 286.It Va kldxref_clobber 287.Pq Vt bool 288Set to 289.Dq Li NO 290by default. 291If 292.Va kldxref_enable 293is true, 294setting to 295.Dq Li YES 296will overwrite existing 297.Pa linker.hints 298files at boot time. 299Otherwise, 300only missing 301.Pa linker.hints 302files are generated. 303.It Va kldxref_module_path 304.Pq Vt str 305Empty by default. 306A semi-colon 307.Pq Ql \&; 308delimited list of paths containing 309.Xr kld 4 310modules. 311If empty, 312the contents of the 313.Va kern.module_path 314.Xr sysctl 8 315are used. 316.It Va powerd_enable 317.Pq Vt bool 318If set to 319.Dq Li YES , 320enable the system power control facility with the 321.Xr powerd 8 322daemon. 323.It Va powerd_flags 324.Pq Vt str 325If 326.Va powerd_enable 327is set to 328.Dq Li YES , 329these are the flags to pass to the 330.Xr powerd 8 331daemon. 332.It Va tmpmfs 333Controls the creation of a 334.Pa /tmp 335memory file system. 336Always happens if set to 337.Dq Li YES 338and never happens if set to 339.Dq Li NO . 340If set to anything else, a memory file system is created if 341.Pa /tmp 342is not writable. 343.It Va tmpsize 344Controls the size of a created 345.Pa /tmp 346memory file system. 347.It Va tmpmfs_flags 348Extra options passed to the 349.Xr mdmfs 8 350utility when the memory file system for 351.Pa /tmp 352is created. 353The default is 354.Dq Li "-S" , 355which inhibits the use of softupdates on 356.Pa /tmp 357so that file system space is freed without delay 358after file truncation or deletion. 359See 360.Xr mdmfs 8 361for other options you can use in 362.Va tmpmfs_flags . 363.It Va varmfs 364Controls the creation of a 365.Pa /var 366memory file system. 367Always happens if set to 368.Dq Li YES 369and never happens if set to 370.Dq Li NO . 371If set to anything else, a memory file system is created if 372.Pa /var 373is not writable. 374.It Va varsize 375Controls the size of a created 376.Pa /var 377memory file system. 378.It Va varmfs_flags 379Extra options passed to the 380.Xr mdmfs 8 381utility when the memory file system for 382.Pa /var 383is created. 384The default is 385.Dq Li "-S" , 386which inhibits the use of softupdates on 387.Pa /var 388so that file system space is freed without delay 389after file truncation or deletion. 390See 391.Xr mdmfs 8 392for other options you can use in 393.Va varmfs_flags . 394.It Va populate_var 395Controls the automatic population of the 396.Pa /var 397file system. 398Always happens if set to 399.Dq Li YES 400and never happens if set to 401.Dq Li NO . 402If set to anything else, a memory file system is created if 403.Pa /var 404is not writable. 405Note that this process requires access to certain commands in 406.Pa /usr 407before 408.Pa /usr 409is mounted on normal systems. 410.It Va cleanvar_enable 411.Pq Vt bool 412Clean the 413.Pa /var 414directory. 415.It Va local_startup 416.Pq Vt str 417List of directories to search for startup script files. 418.It Va script_name_sep 419.Pq Vt str 420The field separator to use for breaking down the list of startup script files 421into individual filenames. 422The default is a space. 423It is not necessary to change this unless there are startup scripts with names 424containing spaces. 425.It Va hostapd_enable 426.Pq Vt bool 427Set to 428.Dq Li YES 429to start 430.Xr hostapd 8 431at system boot time. 432.It Va hostname 433.Pq Vt str 434The fully qualified domain name (FQDN) of this host on the network. 435This should almost certainly be set to something meaningful, even if 436there is no network connection. 437If 438.Xr dhclient 8 439is used to set the hostname via DHCP, 440this variable should be set to an empty string. 441Within a 442.Xr jail 8 443the hostname is generally already set and this variable may be absent. 444If this value remains unset when the system is done booting 445your console login will display the default hostname of 446.Dq Amnesiac . 447.It Va nisdomainname 448.Pq Vt str 449The NIS domain name of this host, or 450.Dq Li NO 451if NIS is not used. 452.It Va dhclient_program 453.Pq Vt str 454Path to the DHCP client program 455.Pa ( /sbin/dhclient , 456the 457.Ox 458DHCP client, 459is the default). 460.It Va dhclient_flags 461.Pq Vt str 462Additional flags to pass to the DHCP client program. 463For the 464.Ox 465DHCP client, see the 466.Xr dhclient 8 467manpage for a description of the command line options available. 468.It Va dhclient_flags_ Ns Aq Ar iface 469Additional flags to pass to the DHCP client program running on 470.Ar iface 471only. 472When specified, this variable overrides 473.Va dhclient_flags . 474.It Va background_dhclient 475.Pq Vt bool 476Set to 477.Dq Li YES 478to start the DHCP client in background. 479This can cause trouble with applications depending on 480a working network, but it will provide a faster startup 481in many cases. 482.It Va background_dhclient_ Ns Aq Ar iface 483When specified, this variable overrides the 484.Va background_dhclient 485variable for interface 486.Ar iface 487only. 488.It Va synchronous_dhclient 489.Pq Vt bool 490Set to 491.Dq Li YES 492to start 493.Xr dhclient 8 494synchronously at startup. 495This behavior can be overridden on a per-interface basis by replacing 496the 497.Dq Li DHCP 498keyword in the 499.Va ifconfig_ Ns Aq Ar interface 500variable with 501.Dq Li SYNCDHCP 502or 503.Dq Li NOSYNCDHCP . 504.It Va defaultroute_delay 505.Pq Vt int 506When set to a positive value, wait up to this long after configuring 507DHCP interfaces at startup to give the interfaces time to receive a lease. 508.It Va firewall_enable 509.Pq Vt bool 510Set to 511.Dq Li YES 512to load firewall rules at startup. 513If the kernel was not built with 514.Cd "options IPFIREWALL" , 515the 516.Pa ipfw.ko 517kernel module will be loaded. 518See also 519.Va ipfilter_enable . 520.It Va firewall_script 521.Pq Vt str 522This variable specifies the full path to the firewall script to run. 523The default is 524.Pa /etc/rc.firewall . 525.It Va firewall_type 526.Pq Vt str 527Names the firewall type from the selection in 528.Pa /etc/rc.firewall , 529or the file which contains the local firewall ruleset. 530Valid selections from 531.Pa /etc/rc.firewall 532are: 533.Pp 534.Bl -tag -width ".Li workstation" -compact 535.It Li open 536unrestricted IP access 537.It Li closed 538all IP services disabled, except via 539.Dq Li lo0 540.It Li client 541basic protection for a workstation 542.It Li workstation 543basic protection for a workstation using stateful firewalling 544.It Li simple 545basic protection for a LAN. 546.El 547.Pp 548If a filename is specified, the full path 549must be given. 550.Pp 551Most of the predefined rulesets define additional configuration variables. 552These are documented in 553.Pa /etc/rc.firewall . 554.It Va firewall_quiet 555.Pq Vt bool 556Set to 557.Dq Li YES 558to disable the display of firewall rules on the console during boot. 559.It Va firewall_logging 560.Pq Vt bool 561Set to 562.Dq Li YES 563to enable firewall event logging. 564This is equivalent to the 565.Dv IPFIREWALL_VERBOSE 566kernel option. 567.It Va firewall_logif 568.Pq Vt bool 569Set to 570.Dq Li YES 571to create pseudo interface 572.Li ipfw0 573for logging. 574For more details, see 575.Xr ipfw 8 576manual page. 577.It Va firewall_flags 578.Pq Vt str 579Flags passed to 580.Xr ipfw 8 581if 582.Va firewall_type 583specifies a filename. 584.It Va firewall_coscripts 585.Pq Vt str 586List of executables and/or rc scripts to run after firewall starts/stops. 587Default is empty. 588.\" ----- firewall_nat_enable setting -------------------------------- 589.It Va firewall_nat_enable 590.Pq Vt bool 591The 592.Xr ipfw 8 593equivalent of 594.Va natd_enable . 595Setting this to 596.Dq Li YES 597will automatically load the 598.Xr ipfw 8 599NAT kernel module if 600.Va firewall_enable 601is also set to 602.Dq Li YES . 603.It Va firewall_nat_interface 604.Pq Vt str 605The 606.Xr ipfw 8 607equivalent of 608.Va natd_interface . 609This is the name of the public interface or IP address on which 610kernel NAT should run. 611.It Va firewall_nat_flags 612.Pq Vt str 613Additional configuration parameters for kernel NAT should be placed here. 614.It Va firewall_nat64_enable 615.Pq Vt bool 616Setting this to 617.Dq Li YES 618will automatically load the 619.Xr ipfw 8 620NAT64 kernel module if 621.Va firewall_enable 622is also set to 623.Dq Li YES . 624.It Va firewall_nptv6_enable 625.Pq Vt bool 626Setting this to 627.Dq Li YES 628will automatically load the 629.Xr ipfw 8 630NPTv6 kernel module if 631.Va firewall_enable 632is also set to 633.Dq Li YES . 634.It Va firewall_pmod_enable 635.Pq Vt bool 636Setting this to 637.Dq Li YES 638will automatically load the 639.Xr ipfw 8 640pmod kernel module if 641.Va firewall_enable 642is also set to 643.Dq Li YES . 644.It Va dummynet_enable 645.Pq Vt bool 646Setting this to 647.Dq Li YES 648will automatically load the 649.Xr dummynet 4 650module if 651.Va firewall_enable 652is also set to 653.Dq Li YES . 654.\" ------------------------------------------------------------------- 655.It Va ipfw_netflow_enable 656.Pq Vt bool 657Setting this to 658.Dq Li YES 659will enable netflow logging via 660.Xr ng_netflow 4 661.Pp 662By default a ipfw rule is inserted and all packets are duplicated with 663the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 664port using protocol version 5. 665.It Va ipfw_netflow_hook 666.Pq Vt int 667netflow hook name, must be numerical 668(default 669.Pa 9995 ) . 670.It Va ipfw_netflow_rule 671.Pq Vt int 672ipfw rule number 673(default 674.Pa 1000 ) . 675.It Va ipfw_netflow_ip 676.Pq Vt str 677Destination server ip for receiving netflow data 678(default 679.Pa 127.0.0.1 ) . 680.It Va ipfw_netflow_port 681.Pq Vt int 682Destination server port for receiving netflow data 683(default 684.Pa 9995 ) . 685.It Va ipfw_netflow_version 686.Pq Vt int 687Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 688.It Va ipfw_netflow_fib 689.Pq Vt int 690Only match packet in FIB 691.Pa ipfw_netflow_fib 692(default is undefined meaning all FIBs). 693.It Va natd_program 694.Pq Vt str 695Path to 696.Xr natd 8 . 697.It Va natd_enable 698.Pq Vt bool 699Set to 700.Dq Li YES 701to enable 702.Xr natd 8 . 703.Va firewall_enable 704must also be set to 705.Dq Li YES , 706and 707.Xr divert 4 708sockets must be enabled in the kernel. 709If the kernel was not built with 710.Cd "options IPDIVERT" , 711the 712.Pa ipdivert.ko 713kernel module will be loaded. 714.It Va natd_interface 715.Pq Vt str 716This is the name of the public interface on which 717.Xr natd 8 718should run. 719The interface may be given as an interface name or as an IP address. 720.It Va natd_flags 721.Pq Vt str 722Additional 723.Xr natd 8 724flags should be placed here. 725The 726.Fl n 727or 728.Fl a 729flag is automatically added with the above 730.Va natd_interface 731as an argument. 732.\" ----- ipfilter_enable setting -------------------------------- 733.It Va ipfilter_enable 734.Pq Vt bool 735Set to 736.Dq Li NO 737by default. 738Setting this to 739.Dq Li YES 740enables 741.Xr ipf 8 742packet filtering. 743.Pp 744Typical usage will require putting 745.Bd -literal 746ipfilter_enable="YES" 747ipnat_enable="YES" 748ipmon_enable="YES" 749ipfs_enable="YES" 750.Ed 751.Pp 752into 753.Pa /etc/rc.conf 754and editing 755.Pa /etc/ipf.rules 756and 757.Pa /etc/ipnat.rules 758appropriately. 759.Pp 760Note that 761.Va ipfilter_enable 762and 763.Va ipnat_enable 764can be enabled independently. 765.Va ipmon_enable 766and 767.Va ipfs_enable 768both require at least one of 769.Va ipfilter_enable 770and 771.Va ipnat_enable 772to be enabled. 773.Pp 774Having 775.Bd -literal 776options IPFILTER 777options IPFILTER_LOG 778options IPFILTER_DEFAULT_BLOCK 779.Ed 780.Pp 781in the kernel configuration file is a good idea, too. 782.\" ----- ipfilter_program setting ------------------------------ 783.It Va ipfilter_program 784.Pq Vt str 785Path to 786.Xr ipf 8 787(default 788.Pa /sbin/ipf ) . 789.\" ----- ipfilter_rules setting -------------------------------- 790.It Va ipfilter_rules 791.Pq Vt str 792Set to 793.Pa /etc/ipf.rules 794by default. 795This variable contains the name of the filter rule definition file. 796The file is expected to be readable for the 797.Xr ipf 8 798command to execute. 799.\" ----- ipfilter_flags setting -------------------------------- 800.It Va ipfilter_flags 801.Pq Vt str 802Empty by default. 803This variable contains flags passed to the 804.Xr ipf 8 805program. 806.\" ----- ipnat_enable setting ---------------------------------- 807.It Va ipnat_enable 808.Pq Vt bool 809Set to 810.Dq Li NO 811by default. 812Set it to 813.Dq Li YES 814to enable 815.Xr ipnat 8 816network address translation. 817See 818.Va ipfilter_enable 819for a detailed discussion. 820.\" ----- ipnat_program setting --------------------------------- 821.It Va ipnat_program 822.Pq Vt str 823Path to 824.Xr ipnat 8 825(default 826.Pa /sbin/ipnat ) . 827.\" ----- ipnat_rules setting ----------------------------------- 828.It Va ipnat_rules 829.Pq Vt str 830Set to 831.Pa /etc/ipnat.rules 832by default. 833This variable contains the name of the file 834holding the network address translation definition. 835This file is expected to be readable for the 836.Xr ipnat 8 837command to execute. 838.\" ----- ipnat_flags setting ----------------------------------- 839.It Va ipnat_flags 840.Pq Vt str 841Empty by default. 842This variable contains flags passed to the 843.Xr ipnat 8 844program. 845.\" ----- ipmon_enable setting ---------------------------------- 846.It Va ipmon_enable 847.Pq Vt bool 848Set to 849.Dq Li NO 850by default. 851Set it to 852.Dq Li YES 853to enable 854.Xr ipmon 8 855monitoring (logging 856.Xr ipf 8 857and 858.Xr ipnat 8 859events). 860Setting this variable needs setting 861.Va ipfilter_enable 862or 863.Va ipnat_enable 864too. 865See 866.Va ipfilter_enable 867for a detailed discussion. 868.\" ----- ipmon_program setting --------------------------------- 869.It Va ipmon_program 870.Pq Vt str 871Path to 872.Xr ipmon 8 873(default 874.Pa /sbin/ipmon ) . 875.\" ----- ipmon_flags setting ----------------------------------- 876.It Va ipmon_flags 877.Pq Vt str 878Set to 879.Dq Li -Ds 880by default. 881This variable contains flags passed to the 882.Xr ipmon 8 883program. 884Another typical example would be 885.Dq Fl D Pa /var/log/ipflog 886to have 887.Xr ipmon 8 888log directly to a file bypassing 889.Xr syslogd 8 . 890Make sure to adjust 891.Pa /etc/newsyslog.conf 892in such case like this: 893.Bd -literal 894/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 895.Ed 896.\" ----- ipfs_enable setting ----------------------------------- 897.It Va ipfs_enable 898.Pq Vt bool 899Set to 900.Dq Li NO 901by default. 902Set it to 903.Dq Li YES 904to enable 905.Xr ipfs 8 906saving the filter and NAT state tables during shutdown 907and reloading them during startup again. 908Setting this variable needs setting 909.Va ipfilter_enable 910or 911.Va ipnat_enable 912to 913.Dq Li YES 914too. 915See 916.Va ipfilter_enable 917for a detailed discussion. 918Note that if 919.Va kern_securelevel 920is set to 3, 921.Va ipfs_enable 922cannot be used 923because the raised securelevel will prevent 924.Xr ipfs 8 925from saving the state tables at shutdown time. 926.\" ----- ipfs_program setting ---------------------------------- 927.It Va ipfs_program 928.Pq Vt str 929Path to 930.Xr ipfs 8 931(default 932.Pa /sbin/ipfs ) . 933.\" ----- ipfs_flags setting ------------------------------------ 934.It Va ipfs_flags 935.Pq Vt str 936Empty by default. 937This variable contains flags passed to the 938.Xr ipfs 8 939program. 940.\" ----- end of added ipf hook --------------------------------- 941.It Va pf_enable 942.Pq Vt bool 943Set to 944.Dq Li NO 945by default. 946Setting this to 947.Dq Li YES 948enables 949.Xr pf 4 950packet filtering. 951.Pp 952Typical usage will require putting 953.Pp 954.Dl pf_enable="YES" 955.Pp 956into 957.Pa /etc/rc.conf 958and editing 959.Pa /etc/pf.conf 960appropriately. 961Adding 962.Pp 963.Dl "device pf" 964.Pp 965builds support for 966.Xr pf 4 967into the kernel, otherwise the 968kernel module will be loaded. 969.It Va pf_rules 970.Pq Vt str 971Path to 972.Xr pf 4 973ruleset configuration file 974(default 975.Pa /etc/pf.conf ) . 976.It Va pf_program 977.Pq Vt str 978Path to 979.Xr pfctl 8 980(default 981.Pa /sbin/pfctl ) . 982.It Va pf_flags 983.Pq Vt str 984If 985.Va pf_enable 986is set to 987.Dq Li YES , 988these flags are passed to the 989.Xr pfctl 8 990program when loading the ruleset. 991.It Va pflog_enable 992.Pq Vt bool 993Set to 994.Dq Li NO 995by default. 996Setting this to 997.Dq Li YES 998enables 999.Xr pflogd 8 1000which logs packets from the 1001.Xr pf 4 1002packet filter. 1003.It Va pflog_logfile 1004.Pq Vt str 1005If 1006.Va pflog_enable 1007is set to 1008.Dq Li YES 1009this controls where 1010.Xr pflogd 8 1011stores the logfile 1012(default 1013.Pa /var/log/pflog ) . 1014Check 1015.Pa /etc/newsyslog.conf 1016to adjust logfile rotation for this. 1017.It Va pflog_program 1018.Pq Vt str 1019Path to 1020.Xr pflogd 8 1021(default 1022.Pa /sbin/pflogd ) . 1023.It Va pflog_flags 1024.Pq Vt str 1025Empty by default. 1026This variable contains additional flags passed to the 1027.Xr pflogd 8 1028program. 1029.It Va pflog_instances 1030.Pq Vt str 1031If logging to more than one 1032.Xr pflog 4 1033interface is desired, 1034.Va pflog_instances 1035is set to the list of 1036.Xr pflogd 8 1037instances that should be started at system boot time. 1038If 1039.Va pflog_instances 1040is set, for each whitespace-separated 1041.Ar element 1042in the list, 1043.Ao Ar element Ac Ns Va _dev 1044and 1045.Ao Ar element Ac Ns Va _logfile 1046elements are assumed to exist. 1047.Ao Ar element Ac Ns Va _dev 1048must contain the 1049.Xr pflog 4 1050interface to be watched by the named 1051.Xr pflogd 8 1052instance. 1053.Ao Ar element Ac Ns Va _logfile 1054must contain the name of the logfile that will be used by the 1055.Xr pflogd 8 1056instance. 1057.It Va ftpproxy_enable 1058.Pq Vt bool 1059Set to 1060.Dq Li NO 1061by default. 1062Setting this to 1063.Dq Li YES 1064enables 1065.Xr ftp-proxy 8 1066which supports the 1067.Xr pf 4 1068packet filter in translating ftp connections. 1069.It Va ftpproxy_flags 1070.Pq Vt str 1071Empty by default. 1072This variable contains additional flags passed to the 1073.Xr ftp-proxy 8 1074program. 1075.It Va ftpproxy_instances 1076.Pq Vt str 1077Empty by default. 1078If multiple instances of 1079.Xr ftp-proxy 8 1080are desired at boot time, 1081.Va ftpproxy_instances 1082should contain a whitespace-separated list of instance names. 1083For each 1084.Ar element 1085in the list, a variable named 1086.Ao Ar element Ac Ns Va _flags 1087should be defined, containing the command-line flags to be passed to the 1088.Xr ftp-proxy 8 1089instance. 1090.It Va pfsync_enable 1091.Pq Vt bool 1092Set to 1093.Dq Li NO 1094by default. 1095Setting this to 1096.Dq Li YES 1097enables exposing 1098.Xr pf 4 1099state changes to other hosts over the network by means of 1100.Xr pfsync 4 . 1101The 1102.Va pfsync_syncdev 1103variable 1104must also be set then. 1105.It Va pfsync_syncdev 1106.Pq Vt str 1107Empty by default. 1108This variable specifies the name of the network interface 1109.Xr pfsync 4 1110should operate through. 1111It must be set accordingly if 1112.Va pfsync_enable 1113is set to 1114.Dq Li YES . 1115.It Va pfsync_syncpeer 1116.Pq Vt str 1117Empty by default. 1118This variable is optional. 1119By default, state change messages are sent out on the synchronisation 1120interface using IP multicast packets. 1121The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1122224.0.0.240. 1123When a peer address is specified using the 1124.Va pfsync_syncpeer 1125option, the peer address is used as a destination for the pfsync 1126traffic, and the traffic can then be protected using 1127.Xr ipsec 4 . 1128See the 1129.Xr pfsync 4 1130manpage for more details about using 1131.Xr ipsec 4 1132with 1133.Xr pfsync 4 1134interfaces. 1135.It Va pfsync_ifconfig 1136.Pq Vt str 1137Empty by default. 1138This variable can contain additional options to be passed to the 1139.Xr ifconfig 8 1140command used to set up 1141.Xr pfsync 4 . 1142.It Va tcp_extensions 1143.Pq Vt bool 1144Set to 1145.Dq Li YES 1146by default. 1147Setting this to 1148.Dq Li NO 1149disables certain TCP options as described by 1150.Rs 1151.%T "RFC 1323" 1152.Re 1153Setting this to 1154.Dq Li NO 1155might help remedy such problems with connections as randomly hanging 1156or other weird behavior. 1157Some network devices are known 1158to be broken with respect to these options. 1159.It Va log_in_vain 1160.Pq Vt int 1161Set to 0 by default. 1162The 1163.Xr sysctl 8 1164variables, 1165.Va net.inet.tcp.log_in_vain 1166and 1167.Va net.inet.udp.log_in_vain , 1168as described in 1169.Xr tcp 4 1170and 1171.Xr udp 4 , 1172are set to the given value. 1173.It Va tcp_keepalive 1174.Pq Vt bool 1175Set to 1176.Dq Li YES 1177by default. 1178Setting to 1179.Dq Li NO 1180will disable probing idle TCP connections to verify that the 1181peer is still up and reachable. 1182.It Va tcp_drop_synfin 1183.Pq Vt bool 1184Set to 1185.Dq Li NO 1186by default. 1187Setting to 1188.Dq Li YES 1189will cause the kernel to ignore TCP frames that have both 1190the SYN and FIN flags set. 1191This prevents OS fingerprinting, but may 1192break some legitimate applications. 1193.It Va icmp_drop_redirect 1194.Pq Vt bool 1195Set to 1196.Dq Li AUTO 1197by default. 1198This setting will be identical to 1199.Dq Li YES , 1200if a dynamicrouting daemon is enabled, because redirect processing may 1201cause performance issues for large routing tables. 1202If no such service is enabled, this setting behaves like a 1203.Dq Li NO . 1204Setting to 1205.Dq Li YES 1206will cause the kernel to ignore ICMP REDIRECT packets. 1207Setting to 1208.Dq Li NO 1209will cause the kernel to process ICMP REDIRECT packets. 1210Refer to 1211.Xr icmp 4 1212for more information. 1213.It Va icmp_log_redirect 1214.Pq Vt bool 1215Set to 1216.Dq Li NO 1217by default. 1218Setting to 1219.Dq Li YES 1220will cause the kernel to log ICMP REDIRECT packets. 1221Note that 1222the log messages are not rate-limited, so this option should only be used 1223for troubleshooting networks. 1224Refer to 1225.Xr icmp 4 1226for more information. 1227.It Va icmp_bmcastecho 1228.Pq Vt bool 1229Set to 1230.Dq Li YES 1231to respond to broadcast or multicast ICMP ping packets. 1232Refer to 1233.Xr icmp 4 1234for more information. 1235.It Va ip_portrange_first 1236.Pq Vt int 1237If not set to 1238.Dq Li NO , 1239this is the first port in the default portrange. 1240Refer to 1241.Xr ip 4 1242for more information. 1243.It Va ip_portrange_last 1244.Pq Vt int 1245If not set to 1246.Dq Li NO , 1247this is the last port in the default portrange. 1248Refer to 1249.Xr ip 4 1250for more information. 1251.It Va network_interfaces 1252.Pq Vt str 1253Set to the list of network interfaces to configure on this host or 1254.Dq Li AUTO 1255(the default) for all current interfaces. 1256Setting the 1257.Va network_interfaces 1258variable to anything other than the default is deprecated. 1259Interfaces that the administrator wishes to store configuration for, 1260but not start at boot should be configured with the 1261.Dq Li NOAUTO 1262keyword in their 1263.Va ifconfig_ Ns Aq Ar interface 1264variables as described below. 1265.Pp 1266An 1267.Va ifconfig_ Ns Aq Ar interface 1268variable is also assumed to exist for each value of 1269.Ar interface . 1270When an interface name contains any of the characters 1271.Dq Li .-/+ 1272they are translated to 1273.Dq Li _ 1274before lookup. 1275The variable can contain arguments to 1276.Xr ifconfig 8 , 1277as well as special case-insensitive keywords described below. 1278Such keywords are removed before passing the value to 1279.Xr ifconfig 8 1280while the order of the other arguments is preserved. 1281.Pp 1282It is possible to add IP alias entries using 1283.Xr ifconfig 8 1284syntax with the address family keyword such as 1285.Li inet . 1286Assuming that the interface in question was 1287.Li em0 , 1288it might look something like this: 1289.Bd -literal 1290ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1291ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1292.Ed 1293.Pp 1294It also possible to configure multiple IP addresses in Classless 1295Inter-Domain Routing 1296.Pq CIDR 1297address notation, 1298whose each address component can be a range like 1299.Li inet 192.0.2.5-23/24 1300or 1301.Li inet6 2001:db8:1-f::1/64 . 1302This notation allows address and prefix length part only, 1303not the other address modifiers. 1304Note that the maximum number of the generated addresses from a range 1305specification is limited to an integer value specified in 1306.Va netif_ipexpand_max 1307in 1308.Nm 1309because a small typo can unexpectedly generate a large number of addresses. 1310The default value is 1311.Li 2048 . 1312It can be increased by adding the following line into 1313.Nm : 1314.Bd -literal 1315netif_ipexpand_max="4096" 1316.Ed 1317.Pp 1318In the case of 1319.Li 192.0.2.5-23/24 , 1320the address 192.0.2.5 will be configured with the 1321netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1322the non-conflicting netmask /32 as explained in the 1323.Xr ifconfig 8 1324alias section. 1325Note that this special netmask handling is only for 1326.Li inet , 1327not for the other address families such as 1328.Li inet6 . 1329.Pp 1330With the interface in question being 1331.Li em0 , 1332an example could look like: 1333.Bd -literal 1334ifconfig_em0_alias2="inet 192.0.2.129/27" 1335ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1336.Ed 1337.Pp 1338and so on. 1339.Pp 1340Note that deprecated 1341.Va ipv4_addrs_ Ns Aq Ar interface 1342variable was supported for IPv4 CIDR address notation. 1343The 1344.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1345variable replaces it, though 1346.Va ipv4_addrs_ Ns Aq Ar interface 1347is still supported for backward compatibility. 1348.Pp 1349For each 1350.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1351entry with an address family keyword, 1352its contents are passed to 1353.Xr ifconfig 8 . 1354Execution stops at the first unsuccessful access, so if 1355something like this is present: 1356.Bd -literal 1357ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1358ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1359ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1360ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1361.Ed 1362.Pp 1363Then note that alias4 would 1364.Em not 1365be added since the search would 1366stop with the missing 1367.Dq Li alias3 1368entry. 1369Because of this difficult to manage behavior, 1370there is 1371.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1372variable, which has the same functionality as 1373.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1374and can have all of entries in a variable like the following: 1375.Bd -literal 1376ifconfig_em0_aliases="\\ 1377 inet 127.0.0.251 netmask 0xffffffff \\ 1378 inet 127.0.0.252 netmask 0xffffffff \\ 1379 inet 127.0.0.253 netmask 0xffffffff \\ 1380 inet 127.0.0.254 netmask 0xffffffff" 1381.Ed 1382.Pp 1383It also supports CIDR notation. 1384.Pp 1385If the 1386.Pa /etc/start_if. Ns Aq Ar interface 1387file is present, it is read and executed by the 1388.Xr sh 1 1389interpreter 1390before configuring the interface as specified in the 1391.Va ifconfig_ Ns Aq Ar interface 1392and 1393.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1394variables. 1395.Pp 1396If a 1397.Va vlans_ Ns Aq Ar interface 1398variable is set, 1399a 1400.Xr vlan 4 1401interface will be created for each item in the list with the 1402.Ar vlandev 1403argument set to 1404.Ar interface . 1405If a vlan interface's name is a number, 1406then that number is used as the vlan tag and the new vlan interface is 1407named 1408.Ar interface . Ns Ar tag . 1409Otherwise, 1410the vlan tag must be specified via a 1411.Va vlan 1412parameter in the 1413.Va create_args_ Ns Aq Ar interface 1414variable. 1415.Pp 1416To create a vlan device named 1417.Li em0.101 1418on 1419.Li em0 1420with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1421.Bd -literal 1422vlans_em0="101" 1423ifconfig_em0_101="inet 192.0.2.1/24" 1424.Ed 1425.Pp 1426To create a vlan device named 1427.Li myvlan 1428on 1429.Li em0 1430with the vlan tag 102: 1431.Bd -literal 1432vlans_em0="myvlan" 1433create_args_myvlan="vlan 102" 1434.Ed 1435.Pp 1436If a 1437.Va wlans_ Ns Aq Ar interface 1438variable is set, 1439an 1440.Xr wlan 4 1441interface will be created for each item in the list with the 1442.Ar wlandev 1443argument set to 1444.Ar interface . 1445Further wlan cloning arguments may be passed to the 1446.Xr ifconfig 8 1447.Cm create 1448command by setting the 1449.Va create_args_ Ns Aq Ar interface 1450variable. 1451One or more 1452.Xr wlan 4 1453devices must be created for each wireless devices as of 1454.Fx 8.0 . 1455Debugging flags for 1456.Xr wlan 4 1457devices as set by 1458.Xr wlandebug 8 1459may be specified with an 1460.Va wlandebug_ Ns Aq Ar interface 1461variable. 1462The contents of this variable will be passed directly to 1463.Xr wlandebug 8 . 1464.Pp 1465If the 1466.Va ifconfig_ Ns Aq Ar interface 1467contains the keyword 1468.Dq Li NOAUTO 1469then the interface will not be configured 1470at boot or by 1471.Pa /etc/pccard_ether 1472when 1473.Va network_interfaces 1474is set to 1475.Dq Li AUTO . 1476.Pp 1477It is possible to bring up an interface with DHCP by adding 1478.Dq Li DHCP 1479to the 1480.Va ifconfig_ Ns Aq Ar interface 1481variable. 1482For instance, to initialize the 1483.Li em0 1484device via DHCP, 1485it is possible to use something like: 1486.Bd -literal 1487ifconfig_em0="DHCP" 1488.Ed 1489.Pp 1490If you want to configure your wireless interface with 1491.Xr wpa_supplicant 8 1492for use with WPA, EAP/LEAP or WEP, you need to add 1493.Dq Li WPA 1494to the 1495.Va ifconfig_ Ns Aq Ar interface 1496variable. 1497.Pp 1498On the other hand, if you want to configure your wireless interface with 1499.Xr hostapd 8 , 1500you need to add 1501.Dq Li HOSTAP 1502to the 1503.Va ifconfig_ Ns Aq Ar interface 1504variable. 1505.Xr hostapd 8 1506will use the settings from 1507.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1508.Pp 1509Finally, you can add 1510.Xr ifconfig 8 1511options in this variable, in addition to the 1512.Pa /etc/start_if. Ns Aq Ar interface 1513file. 1514For instance, to configure an 1515.Xr ath 4 1516wireless device in station mode with an address obtained 1517via DHCP, using WPA authentication and 802.11b mode, it is 1518possible to use something like: 1519.Bd -literal 1520wlans_ath0="wlan0" 1521ifconfig_wlan0="DHCP WPA mode 11b" 1522.Ed 1523.Pp 1524In addition to the 1525.Va ifconfig_ Ns Aq Ar interface 1526form, a fallback variable 1527.Va ifconfig_DEFAULT 1528may be configured. 1529It will be used for all interfaces with no 1530.Va ifconfig_ Ns Aq Ar interface 1531variable. 1532This is intended to replace the no longer supported 1533.Va pccard_ifconfig 1534variable. 1535.Pp 1536It is also possible to rename an interface by doing: 1537.Bd -literal 1538ifconfig_em0_name="net0" 1539ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1540.Ed 1541.It Va ipv6_enable 1542.Pq Vt bool 1543This variable is deprecated. 1544Use 1545.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1546and 1547.Va ipv6_activate_all_interfaces 1548if necessary. 1549.Pp 1550If the variable is 1551.Dq Li YES , 1552.Dq Li inet6 accept_rtadv 1553is added to all of 1554.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1555and the 1556.Va ipv6_activate_all_interfaces 1557is defined as 1558.Dq Li YES . 1559.It Va ipv6_prefer 1560.Pq Vt bool 1561This variable is deprecated. 1562Use 1563.Va ip6addrctl_policy 1564instead. 1565.Pp 1566If the variable is 1567.Dq Li YES , 1568the default address selection policy table set by 1569.Xr ip6addrctl 8 1570will be IPv6-preferred. 1571.Pp 1572If the variable is 1573.Dq Li NO , 1574the default address selection policy table set by 1575.Xr ip6addrctl 8 1576will be IPv4-preferred. 1577.It Va ipv6_activate_all_interfaces 1578.Pq Vt bool 1579This controls initial configuration on IPv6-capable 1580interfaces with no corresponding 1581.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1582variable. 1583Note that it is not always necessary to set this variable to 1584.Dq YES 1585to use IPv6 functionality on 1586.Fx . 1587In most cases, just configuring 1588.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1589variables works. 1590.Pp 1591If the variable is 1592.Dq Li NO , 1593all interfaces which do not have a corresponding 1594.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1595variable will be marked as 1596.Dq Li IFDISABLED 1597at creation. 1598This means that all of IPv6 functionality on that interface 1599is completely disabled to enforce a security policy. 1600If the variable is set to 1601.Dq YES , 1602the flag will be cleared on all of the interfaces. 1603.Pp 1604In most cases, just defining an 1605.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1606for an IPv6-capable interface should be sufficient. 1607However, if an interface is added dynamically 1608.Pq by some tunneling protocols such as PPP, for example , 1609it is often difficult to define the variable in advance. 1610In such a case, configuring the 1611.Dq Li IFDISABLED 1612flag can be disabled by setting this variable to 1613.Dq YES . 1614.Pp 1615For more details of the 1616.Dq Li IFDISABLED 1617flag and keywords 1618.Dq Li inet6 ifdisabled , 1619see 1620.Xr ifconfig 8 . 1621.Pp 1622Default is 1623.Dq Li NO . 1624.It Va ipv6_privacy 1625.Pq Vt bool 1626If the variable is 1627.Dq Li YES 1628privacy addresses will be generated for each IPv6 1629interface as described in RFC 4941. 1630.It Va ipv6_network_interfaces 1631.Pq Vt str 1632This is the IPv6 equivalent of 1633.Va network_interfaces . 1634Normally manual configuration of this variable is not needed. 1635.It Va ipv6_cpe_wanif 1636.Pq Vt str 1637If the variable is set to an interface name, 1638the 1639.Xr ifconfig 8 1640options 1641.Dq inet6 -no_radr accept_rtadv 1642will be added to the specified interface automatically before evaluating 1643.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1644and two 1645.Xr sysctl 8 1646variables 1647.Va net.inet6.ip6.rfc6204w3 1648and 1649.Va net.inet6.ip6.no_radr 1650will be set to 1. 1651.Pp 1652This means the specified interface will accept ICMPv6 Router 1653Advertisement messages on that link and add the discovered 1654routers into the Default Router List. 1655While the other interfaces can still accept RA messages if the 1656.Dq inet6 accept_rtadv 1657option is specified, adding 1658routes into the Default Router List will be disabled by 1659.Dq inet6 no_radr 1660option by default. 1661See 1662.Xr ifconfig 8 1663for more details. 1664.Pp 1665Note that ICMPv6 Router Advertisement messages will be 1666accepted even when 1667.Va net.inet6.ip6.forwarding 1668is 1 1669.Pq packet forwarding is enabled 1670when 1671.Va net.inet6.ip6.rfc6204w3 1672is set to 1. 1673.Pp 1674Default is 1675.Dq Li NO . 1676.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1677.Pq Vt str 1678This assigns arbitrary description to an interface. 1679The 1680.Xr sysctl 8 1681variable 1682.Va net.ifdescr_maxlen 1683limits its length. 1684This static setting may be overridden by commands 1685started with dynamic interface configuration utilities 1686like 1687.Xr dhclient 8 1688hooks. 1689The description can be seen with 1690.Xr ifconfig 8 1691command and it may be exported with 1692.Xr bsnmpd 1 1693daemon using its MIB-2 module. 1694.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1695.Pq Vt str 1696IPv6 functionality on an interface should be configured by 1697.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1698instead of setting ifconfig parameters in 1699.Va ifconfig_ Ns Aq Ar interface . 1700If this variable is empty, all of IPv6 configurations on the 1701specified interface by other variables such as 1702.Va ipv6_prefix_ Ns Ao Ar interface Ac 1703will be ignored. 1704.Pp 1705Aliases should be set by 1706.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1707with 1708.Dq Li inet6 1709keyword. 1710For example: 1711.Bd -literal 1712ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1713ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1714.Ed 1715.Pp 1716Interfaces that have an 1717.Dq Li inet6 accept_rtadv 1718keyword in 1719.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1720setting will be automatically configured by SLAAC 1721.Pq StateLess Address AutoConfiguration 1722described in 1723.Rs 1724.%T "RFC 4862" 1725.Re 1726.Pp 1727Note that a link-local address will be automatically configured in 1728addition to the configured global-scope addresses because the IPv6 1729specifications require it on each link. 1730The address is calculated from the MAC address by using an algorithm 1731defined in 1732.Rs 1733.%T "RFC 4862" 1734.%O "Section 5.3" 1735.Re 1736.Pp 1737If only a link-local address is needed on the interface, 1738the following configuration can be used: 1739.Bd -literal 1740ifconfig_em0_ipv6="inet6 auto_linklocal" 1741.Ed 1742.Pp 1743A link-local address can also be configured manually. 1744This is useful for the default router address of an IPv6 router 1745so that it does not change when the network interface 1746card is replaced. 1747For example: 1748.Bd -literal 1749ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1750.Ed 1751.It Va ipv6_prefix_ Ns Aq Ar interface 1752.Pq Vt str 1753If one or more prefixes are defined in 1754.Va ipv6_prefix_ Ns Aq Ar interface 1755addresses based on each prefix and the EUI-64 interface index will be 1756configured on that interface. 1757Note that this variable will be ignored when 1758.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1759is empty. 1760.Pp 1761For example, the following configuration 1762.Bd -literal 1763ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1764.Ed 1765.Pp 1766is equivalent to the following: 1767.Bd -literal 1768ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1769ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1770ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1771ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1772.Ed 1773.Pp 1774These Subnet-Router anycast addresses will be added only when 1775.Va ipv6_gateway_enable 1776is YES. 1777.It Va ipv6_default_interface 1778.Pq Vt str 1779If not set to 1780.Dq Li NO , 1781this is the default output interface for scoped addresses. 1782This works only with ipv6_gateway_enable="NO". 1783.It Va ip6addrctl_enable 1784.Pq Vt bool 1785This variable is to enable configuring default address selection policy table 1786.Pq RFC 3484 . 1787The table can be specified in another variable 1788.Va ip6addrctl_policy . 1789For 1790.Va ip6addrctl_policy 1791the following keywords can be specified: 1792.Dq Li ipv4_prefer , 1793.Dq Li ipv6_prefer , 1794or 1795.Dq Li AUTO . 1796.Pp 1797If 1798.Dq Li ipv4_prefer 1799or 1800.Dq Li ipv6_prefer 1801is specified, 1802.Xr ip6addrctl 8 1803installs a pre-defined policy table described in Section 10.3 1804.Pq IPv4-preferred 1805or 2.1 1806.Pq IPv6-preferred 1807of RFC 3484. 1808.Pp 1809If 1810.Dq Li AUTO 1811is specified, it attempts to read a file 1812.Pa /etc/ip6addrctl.conf 1813first. 1814If this file is found, 1815.Xr ip6addrctl 8 1816reads and installs it. 1817If not found, a policy is automatically set 1818according to 1819.Va ipv6_activate_all_interfaces 1820variable; if the variable is set to 1821.Dq Li YES 1822the IPv6-preferred one is used. 1823Otherwise IPv4-preferred. 1824.Pp 1825The default value of 1826.Va ip6addrctl_enable 1827and 1828.Va ip6addrctl_policy 1829are 1830.Dq Li YES 1831and 1832.Dq Li AUTO , 1833respectively. 1834.It Va cloned_interfaces 1835.Pq Vt str 1836Set to the list of clonable network interfaces to create on this host. 1837Further cloning arguments may be passed to the 1838.Xr ifconfig 8 1839.Cm create 1840command for each interface by setting the 1841.Va create_args_ Ns Aq Ar interface 1842variable. 1843If an interface name is specified with 1844.Dq :sticky 1845keyword, 1846the interface will not be destroyed even when 1847.Pa rc.d/netif 1848script is invoked with 1849.Dq stop 1850argument. 1851This is useful when reconfiguring the interface without destroying it. 1852Entries in 1853.Va cloned_interfaces 1854are automatically appended to 1855.Va network_interfaces 1856for configuration. 1857.It Va cloned_interfaces_sticky 1858.Pq Vt bool 1859This variable is to globally enable functionality of 1860.Dq :sticky 1861keyword in 1862.Va cloned_interfaces 1863for all interfaces. 1864The default value is 1865.Dq NO . 1866Even if this variable is specified to 1867.Dq YES , 1868.Dq :nosticky 1869keyword can be used to override it on per interface basis. 1870.It Va gif_interfaces 1871Set to the list of 1872.Xr gif 4 1873tunnel interfaces to configure on this host. 1874A 1875.Va gifconfig_ Ns Aq Ar interface 1876variable is assumed to exist for each value of 1877.Ar interface . 1878The value of this variable is used to configure the link layer of the 1879tunnel using the 1880.Cm tunnel 1881option to 1882.Xr ifconfig . 1883Additionally, this option ensures that each listed interface is created 1884via the 1885.Cm create 1886option to 1887.Xr ifconfig 1888before attempting to configure it. 1889.Pp 1890For example, configure two 1891.Xr gif 1892interfaces with: 1893.Bd -literal 1894gif_interfaces="gif0 gif1" 1895gifconfig_gif0="100.64.0.1 100.64.0.2" 1896ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1897gifconfig_gif1="inet6 2a00::1 2a01::1" 1898ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1899.Ed 1900.It Va sppp_interfaces 1901.Pq Vt str 1902Set to the list of 1903.Xr sppp 4 1904interfaces to configure on this host. 1905A 1906.Va spppconfig_ Ns Aq Ar interface 1907variable is assumed to exist for each value of 1908.Ar interface . 1909Each interface should also be configured by a general 1910.Va ifconfig_ Ns Aq Ar interface 1911setting. 1912Refer to 1913.Xr spppcontrol 8 1914for more information about available options. 1915.It Va ppp_enable 1916.Pq Vt bool 1917If set to 1918.Dq Li YES , 1919run the 1920.Xr ppp 8 1921daemon. 1922.It Va ppp_profile 1923.Pq Vt str 1924The name of the profile to use from 1925.Pa /etc/ppp/ppp.conf . 1926Also used for per-profile overrides of 1927.Va ppp_mode 1928and 1929.Va ppp_nat , 1930and 1931.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1932When the profile name contains any of the characters 1933.Dq Li .-/+ 1934they are translated to 1935.Dq Li _ 1936for the proposes of the override variable names. 1937.It Va ppp_mode 1938.Pq Vt str 1939Mode in which to run the 1940.Xr ppp 8 1941daemon. 1942.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1943.Pq Vt str 1944Overrides the global 1945.Va ppp_mode 1946for 1947.Ar profile . 1948Accepted modes are 1949.Dq Li auto , 1950.Dq Li ddial , 1951.Dq Li direct 1952and 1953.Dq Li dedicated . 1954See the manual for a full description. 1955.It Va ppp_nat 1956.Pq Vt bool 1957If set to 1958.Dq Li YES , 1959enables network address translation. 1960Used in conjunction with 1961.Va gateway_enable 1962allows hosts on private network addresses access to the Internet using 1963this host as a network address translating router. 1964Default is 1965.Dq Li YES . 1966.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1967.Pq Vt str 1968Overrides the global 1969.Va ppp_nat 1970for 1971.Ar profile . 1972.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1973.Pq Vt int 1974Set the unit number to be used for this profile. 1975See the manual description of 1976.Fl unit Ns Ar N 1977for details. 1978.It Va ppp_user 1979.Pq Vt str 1980The name of the user under which 1981.Xr ppp 8 1982should be started. 1983By 1984default, 1985.Xr ppp 8 1986is started as 1987.Dq Li root . 1988.It Va rc_conf_files 1989.Pq Vt str 1990This option is used to specify a list of files that will override 1991the settings in 1992.Pa /etc/defaults/rc.conf . 1993The files will be read in the order in which they are specified and should 1994include the full path to the file. 1995By default, the files specified are 1996.Pa /etc/rc.conf 1997and 1998.Pa /etc/rc.conf.local 1999.It Va zfs_enable 2000.Pq Vt bool 2001If set to 2002.Dq Li YES , 2003.Pa /etc/rc.d/zfs 2004will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2005(ZVOLs). 2006.It Va gptboot_enable 2007.Pq Vt bool 2008If set to 2009.Dq Li YES , 2010.Pa /etc/rc.d/gptboot 2011will log if the system successfully (or not) booted from a GPT partition, 2012which had the 2013.Ar bootonce 2014attribute set using 2015.Xr gpart 8 2016utility. 2017.It Va gbde_autoattach_all 2018.Pq Vt bool 2019If set to 2020.Dq Li YES , 2021.Pa /etc/rc.d/gbde 2022will attempt to automatically initialize your .bde devices in 2023.Pa /etc/fstab . 2024.It Va gbde_devices 2025.Pq Vt str 2026List the devices that the script should try to attach, 2027or 2028.Dq Li AUTO . 2029.It Va gbde_lockdir 2030.Pq Vt str 2031The directory where the 2032.Xr gbde 4 2033lockfiles are located. 2034The default lockfile directory is 2035.Pa /etc . 2036.Pp 2037The lockfile for each individual 2038.Xr gbde 4 2039device can be overridden by setting the variable 2040.Va gbde_lock_ Ns Aq Ar device , 2041where 2042.Ar device 2043is the encrypted device without the 2044.Dq Pa /dev/ 2045and 2046.Dq Pa .bde 2047parts. 2048.It Va gbde_attach_attempts 2049.Pq Vt int 2050Number of times to attempt attaching to a 2051.Xr gbde 4 2052device, i.e., how many times the user is asked for the pass-phrase. 2053Default is 3. 2054.It Va geli_devices 2055.Pq Vt str 2056List of devices to automatically attach on boot. 2057Note that .eli devices from 2058.Pa /etc/fstab 2059are automatically appended to this list. 2060.It Va geli_groups 2061.Pq Vt str 2062List of groups containing devices to automatically attach on boot with the same 2063keyfiles and passphrase. 2064This must be accompanied with a corresponding 2065.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2066variable. 2067.It Va geli_tries 2068.Pq Vt int 2069Number of times user is asked for the pass-phrase. 2070If empty, it will be taken from 2071.Va kern.geom.eli.tries 2072sysctl variable. 2073.It Va geli_default_flags 2074.Pq Vt str 2075Default flags to use by 2076.Xr geli 8 2077when configuring disk encryption. 2078Flags can be configured for every device separately by defining the 2079.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2080variable, and for every group separately by defining the 2081.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2082variable. 2083.It Va geli_autodetach 2084.Pq Vt str 2085Specifies if GELI devices should be marked for detach on last close after 2086file systems are mounted. 2087Default is 2088.Dq Li YES . 2089This can be changed for every device separately by defining the 2090.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2091variable. 2092.It Va root_rw_mount 2093.Pq Vt bool 2094Set to 2095.Dq Li YES 2096by default. 2097After the file systems are checked at boot time, the root file system 2098is remounted as read-write if this is set to 2099.Dq Li YES . 2100Diskless systems that mount their root file system from a read-only remote 2101NFS share should set this to 2102.Dq Li NO 2103in their 2104.Pa rc.conf . 2105.It Va fsck_y_enable 2106.Pq Vt bool 2107If set to 2108.Dq Li YES , 2109.Xr fsck 8 2110will be run with the 2111.Fl y 2112flag if the initial preen 2113of the file systems fails. 2114.It Va background_fsck 2115.Pq Vt bool 2116If set to 2117.Dq Li NO , 2118the system will not attempt to run 2119.Xr fsck 8 2120in the background where possible. 2121.It Va background_fsck_delay 2122.Pq Vt int 2123The amount of time in seconds to sleep before starting a background 2124.Xr fsck 8 . 2125It defaults to sixty seconds to allow large applications such as 2126the X server to start before disk I/O bandwidth is monopolized by 2127.Xr fsck 8 . 2128If set to a negative number, the background file system check will be 2129delayed indefinitely to allow the administrator to run it at a more 2130convenient time. 2131For example it may be run from 2132.Xr cron 8 2133by adding a line like 2134.Pp 2135.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2136.Pp 2137to 2138.Pa /etc/crontab . 2139.It Va netfs_types 2140.Pq Vt str 2141List of file system types that are network-based. 2142This list should generally not be modified by end users. 2143Use 2144.Va extra_netfs_types 2145instead. 2146.It Va extra_netfs_types 2147.Pq Vt str 2148If set to something other than 2149.Dq Li NO 2150(the default), 2151this variable extends the list of file system types 2152for which automatic mounting at startup by 2153.Xr rc 8 2154should be delayed until the network is initialized. 2155It should contain 2156a whitespace-separated list of network file system descriptor pairs, 2157each consisting of a file system type as passed to 2158.Xr mount 8 2159and a human-readable, one-word description, 2160joined with a colon 2161.Pq Ql \&: . 2162Extending the default list in this way is only necessary 2163when third party file system types are used. 2164.It Va syslogd_enable 2165.Pq Vt bool 2166If set to 2167.Dq Li YES , 2168run the 2169.Xr syslogd 8 2170daemon. 2171.It Va syslogd_program 2172.Pq Vt str 2173Path to 2174.Xr syslogd 8 2175(default 2176.Pa /usr/sbin/syslogd ) . 2177.It Va syslogd_flags 2178.Pq Vt str 2179If 2180.Va syslogd_enable 2181is set to 2182.Dq Li YES , 2183these are the flags to pass to 2184.Xr syslogd 8 . 2185.It Va inetd_enable 2186.Pq Vt bool 2187If set to 2188.Dq Li YES , 2189run the 2190.Xr inetd 8 2191daemon. 2192.It Va inetd_program 2193.Pq Vt str 2194Path to 2195.Xr inetd 8 2196(default 2197.Pa /usr/sbin/inetd ) . 2198.It Va inetd_flags 2199.Pq Vt str 2200If 2201.Va inetd_enable 2202is set to 2203.Dq Li YES , 2204these are the flags to pass to 2205.Xr inetd 8 . 2206.It Va hastd_enable 2207.Pq Vt bool 2208If set to 2209.Dq Li YES , 2210run the 2211.Xr hastd 8 2212daemon. 2213.It Va hastd_program 2214.Pq Vt str 2215Path to 2216.Xr hastd 8 2217(default 2218.Pa /sbin/hastd ) . 2219.It Va hastd_flags 2220.Pq Vt str 2221If 2222.Va hastd_enable 2223is set to 2224.Dq Li YES , 2225these are the flags to pass to 2226.Xr hastd 8 . 2227.It Va local_unbound_enable 2228.Pq Vt bool 2229If set to 2230.Dq Li YES , 2231run the 2232.Xr unbound 8 2233daemon as a local caching resolver. 2234.It Va kdc_enable 2235.Pq Vt bool 2236Set to 2237.Dq Li YES 2238to start a Kerberos 5 authentication server 2239at boot time. 2240.It Va kdc_program 2241.Pq Vt str 2242If 2243.Va kdc_enable 2244is set to 2245.Dq Li YES 2246this is the path to Kerberos 5 Authentication Server. 2247.It Va kdc_flags 2248.Pq Vt str 2249Empty by default. 2250This variable contains additional flags to be passed to the Kerberos 5 2251authentication server. 2252.It Va kadmind_enable 2253.Pq Vt bool 2254Set to 2255.Dq Li YES 2256to start 2257.Xr kadmind 8 , 2258the Kerberos 5 Administration Daemon; set to 2259.Dq Li NO 2260on a slave server. 2261.It Va kadmind_program 2262.Pq Vt str 2263If 2264.Va kadmind_enable 2265is set to 2266.Dq Li YES 2267this is the path to Kerberos 5 Administration Daemon. 2268.It Va kpasswdd_enable 2269.Pq Vt bool 2270Set to 2271.Dq Li YES 2272to start 2273.Xr kpasswdd 8 , 2274the Kerberos 5 Password-Changing Daemon; set to 2275.Dq Li NO 2276on a slave server. 2277.It Va kpasswdd_program 2278.Pq Vt str 2279If 2280.Va kpasswdd_enable 2281is set to 2282.Dq Li YES 2283this is the path to Kerberos 5 Password-Changing Daemon. 2284.It Va kfd_enable 2285.Pq Vt bool 2286Set to 2287.Dq Li YES 2288to start 2289.Xr kfd 8 , 2290the Kerberos 5 ticket forwarding daemon, at the boot time. 2291.It Va kfd_program 2292.Pq Vt str 2293Path to 2294.Xr kfd 8 2295(default 2296.Pa /usr/libexec/kfd ) . 2297.It Va rwhod_enable 2298.Pq Vt bool 2299If set to 2300.Dq Li YES , 2301run the 2302.Xr rwhod 8 2303daemon at boot time. 2304.It Va rwhod_flags 2305.Pq Vt str 2306If 2307.Va rwhod_enable 2308is set to 2309.Dq Li YES , 2310these are the flags to pass to it. 2311.It Va amd_enable 2312.Pq Vt bool 2313If set to 2314.Dq Li YES , 2315run the 2316.Xr amd 8 2317daemon at boot time. 2318.It Va amd_flags 2319.Pq Vt str 2320If 2321.Va amd_enable 2322is set to 2323.Dq Li YES , 2324these are the flags to pass to it. 2325See the 2326.Xr amd 8 2327manpage for more information. 2328.It Va amd_map_program 2329.Pq Vt str 2330If set, 2331the specified program is run to get the list of 2332.Xr amd 8 2333maps. 2334For example, if the 2335.Xr amd 8 2336maps are stored in NIS, one can set this to 2337run 2338.Xr ypcat 1 2339to get a list of 2340.Xr amd 8 2341maps from the 2342.Pa amd.master 2343NIS map. 2344.It Va update_motd 2345.Pq Vt bool 2346If set to 2347.Dq Li YES , 2348.Pa /etc/motd 2349will be updated at boot time to reflect the kernel release 2350being run. 2351If set to 2352.Dq Li NO , 2353.Pa /etc/motd 2354will not be updated. 2355.It Va nfs_client_enable 2356.Pq Vt bool 2357If set to 2358.Dq Li YES , 2359run the NFS client daemons at boot time. 2360.It Va nfs_access_cache 2361.Pq Vt int 2362If 2363.Va nfs_client_enable 2364is set to 2365.Dq Li YES , 2366this can be set to 2367.Dq Li 0 2368to disable NFS ACCESS RPC caching, or to the number of seconds for which 2369NFS ACCESS 2370results should be cached. 2371A value of 2-10 seconds will substantially reduce network 2372traffic for many NFS operations. 2373.It Va nfs_server_enable 2374.Pq Vt bool 2375If set to 2376.Dq Li YES , 2377run the NFS server daemons at boot time. 2378.It Va nfs_server_flags 2379.Pq Vt str 2380If 2381.Va nfs_server_enable 2382is set to 2383.Dq Li YES , 2384these are the flags to pass to the 2385.Xr nfsd 8 2386daemon. 2387.It Va nfsv4_server_enable 2388.Pq Vt bool 2389If 2390.Va nfs_server_enable 2391is set to 2392.Dq Li YES 2393and 2394.Va nfsv4_server_enable 2395are set to 2396.Dq Li YES , 2397enable the server for NFSv4 as well as NFSv2 and NFSv3. 2398.It Va nfsuserd_enable 2399.Pq Vt bool 2400If 2401.Va nfsuserd_enable 2402is set to 2403.Dq Li YES , 2404run the nfsuserd daemon, which is needed for NFSv4 in order 2405to map between user/group names vs uid/gid numbers. 2406If 2407.Va nfsv4_server_enable 2408is set to 2409.Dq Li YES , 2410this will be forced enabled. 2411.It Va nfsuserd_flags 2412.Pq Vt str 2413If 2414.Va nfsuserd_enable 2415is set to 2416.Dq Li YES , 2417these are the flags to pass to the 2418.Xr nfsuserd 8 2419daemon. 2420.It Va nfscbd_enable 2421.Pq Vt bool 2422If 2423.Va nfscbd_enable 2424is set to 2425.Dq Li YES , 2426run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2427.It Va nfscbd_flags 2428.Pq Vt str 2429If 2430.Va nfscbd_enable 2431is set to 2432.Dq Li YES , 2433these are the flags to pass to the 2434.Xr nfscbd 8 2435daemon. 2436.It Va mountd_enable 2437.Pq Vt bool 2438If set to 2439.Dq Li YES , 2440and no 2441.Va nfs_server_enable 2442is set, start 2443.Xr mountd 8 , 2444but not 2445.Xr nfsd 8 2446daemon. 2447It is commonly needed to run CFS without real NFS used. 2448.It Va mountd_flags 2449.Pq Vt str 2450If 2451.Va mountd_enable 2452is set to 2453.Dq Li YES , 2454these are the flags to pass to the 2455.Xr mountd 8 2456daemon. 2457.It Va weak_mountd_authentication 2458.Pq Vt bool 2459If set to 2460.Dq Li YES , 2461allow services like PCNFSD to make non-privileged mount 2462requests. 2463.It Va nfs_reserved_port_only 2464.Pq Vt bool 2465If set to 2466.Dq Li YES , 2467provide NFS services only on a secure port. 2468.It Va nfs_bufpackets 2469.Pq Vt int 2470If set to a number, indicates the number of packets worth of 2471socket buffer space to reserve on an NFS client. 2472The kernel default is typically 4. 2473Using a higher number may be 2474useful on gigabit networks to improve performance. 2475The minimum value is 24762 and the maximum is 64. 2477.It Va rpc_lockd_enable 2478.Pq Vt bool 2479If set to 2480.Dq Li YES 2481and also an NFS server or client, run 2482.Xr rpc.lockd 8 2483at boot time. 2484.It Va rpc_lockd_flags 2485.Pq Vt str 2486If 2487.Va rpc_lockd_enable 2488is set to 2489.Dq Li YES , 2490these are the flags to pass to the 2491.Xr rpc.lockd 8 2492daemon. 2493.It Va rpc_statd_enable 2494.Pq Vt bool 2495If set to 2496.Dq Li YES 2497and also an NFS server or client, run 2498.Xr rpc.statd 8 2499at boot time. 2500.It Va rpc_statd_flags 2501.Pq Vt str 2502If 2503.Va rpc_statd_enable 2504is set to 2505.Dq Li YES , 2506these are the flags to pass to the 2507.Xr rpc.statd 8 2508daemon. 2509.It Va rpcbind_program 2510.Pq Vt str 2511Path to 2512.Xr rpcbind 8 2513(default 2514.Pa /usr/sbin/rpcbind ) . 2515.It Va rpcbind_enable 2516.Pq Vt bool 2517If set to 2518.Dq Li YES , 2519run the 2520.Xr rpcbind 8 2521service at boot time. 2522.It Va rpcbind_flags 2523.Pq Vt str 2524If 2525.Va rpcbind_enable 2526is set to 2527.Dq Li YES , 2528these are the flags to pass to the 2529.Xr rpcbind 8 2530daemon. 2531.It Va keyserv_enable 2532.Pq Vt bool 2533If set to 2534.Dq Li YES , 2535run the 2536.Xr keyserv 8 2537daemon on boot for running Secure RPC. 2538.It Va keyserv_flags 2539.Pq Vt str 2540If 2541.Va keyserv_enable 2542is set to 2543.Dq Li YES , 2544these are the flags to pass to 2545.Xr keyserv 8 2546daemon. 2547.It Va pppoed_enable 2548.Pq Vt bool 2549If set to 2550.Dq Li YES , 2551run the 2552.Xr pppoed 8 2553daemon at boot time to provide PPP over Ethernet services. 2554.It Va pppoed_ Ns Aq Ar provider 2555.Pq Vt str 2556.Xr pppoed 8 2557listens to requests to this 2558.Ar provider 2559and ultimately runs 2560.Xr ppp 8 2561with a 2562.Ar system 2563argument of the same name. 2564.It Va pppoed_flags 2565.Pq Vt str 2566Additional flags to pass to 2567.Xr pppoed 8 . 2568.It Va pppoed_interface 2569.Pq Vt str 2570The network interface to run 2571.Xr pppoed 8 2572on. 2573This is mandatory when 2574.Va pppoed_enable 2575is set to 2576.Dq Li YES . 2577.It Va ntpdate_enable 2578.Pq Vt bool 2579If set to 2580.Dq Li YES , 2581run 2582.Xr ntpdate 8 2583at system startup. 2584This command is intended to 2585synchronize the system clock only 2586.Em once 2587from some standard reference. 2588.Pp 2589Note that the use of the 2590.Va ntpd_sync_on_start 2591variable is a preferred alternative to the 2592.Xr ntpdate 8 2593utility as 2594.Xr ntpdate 8 2595is to be retired from the NTP distribution. 2596.It Va ntpdate_config 2597.Pq Vt str 2598Configuration file for 2599.Xr ntpdate 8 . 2600Default 2601.Pa /etc/ntp.conf . 2602.It Va ntpdate_hosts 2603.Pq Vt str 2604A whitespace-separated list of NTP servers to synchronize with at startup. 2605The default is to use the servers listed in 2606.Va ntpdate_config , 2607if that file exists. 2608.It Va ntpdate_program 2609.Pq Vt str 2610Path to 2611.Xr ntpdate 8 2612(default 2613.Pa /usr/sbin/ntpdate ) . 2614.It Va ntpdate_flags 2615.Pq Vt str 2616If 2617.Va ntpdate_enable 2618is set to 2619.Dq Li YES , 2620these are the flags to pass to the 2621.Xr ntpdate 8 2622command (typically a hostname). 2623.It Va ntpd_enable 2624.Pq Vt bool 2625If set to 2626.Dq Li YES , 2627run the 2628.Xr ntpd 8 2629command at boot time. 2630.It Va ntpd_program 2631.Pq Vt str 2632Path to 2633.Xr ntpd 8 2634(default 2635.Pa /usr/sbin/ntpd ) . 2636.It Va ntpd_config 2637.Pq Vt str 2638Path to 2639.Xr ntpd 8 2640configuration file. 2641Default 2642.Pa /etc/ntp.conf . 2643.It Va ntpd_flags 2644.Pq Vt str 2645If 2646.Va ntpd_enable 2647is set to 2648.Dq Li YES , 2649these are the flags to pass to the 2650.Xr ntpd 8 2651daemon. 2652.It Va ntpd_sync_on_start 2653.Pq Vt bool 2654If set to 2655.Dq Li YES , 2656.Xr ntpd 8 2657is run with the 2658.Fl g 2659flag, which syncs the system's clock on startup. 2660See 2661.Xr ntpd 8 2662for more information regarding the 2663.Fl g 2664option. 2665This is a preferred alternative to using 2666.Xr ntpdate 8 2667or specifying the 2668.Va ntpdate_enable 2669variable. 2670.It Va nis_client_enable 2671.Pq Vt bool 2672If set to 2673.Dq Li YES , 2674run the 2675.Xr ypbind 8 2676service at system boot time. 2677.It Va nis_client_flags 2678.Pq Vt str 2679If 2680.Va nis_client_enable 2681is set to 2682.Dq Li YES , 2683these are the flags to pass to the 2684.Xr ypbind 8 2685service. 2686.It Va nis_ypldap_enable 2687.Pq Vt bool 2688If set to 2689.Dq Li YES , 2690run the 2691.Xr ypldap 8 2692daemon at system boot time. 2693.It Va nis_ypldap_flags 2694.Pq Vt str 2695If 2696.Va nis.ypldap_enable 2697is set to 2698.Dq Li YES , 2699these are the flags to pass to the 2700.Xr ypldap 8 2701daemon. 2702.It Va nis_ypset_enable 2703.Pq Vt bool 2704If set to 2705.Dq Li YES , 2706run the 2707.Xr ypset 8 2708daemon at system boot time. 2709.It Va nis_ypset_flags 2710.Pq Vt str 2711If 2712.Va nis_ypset_enable 2713is set to 2714.Dq Li YES , 2715these are the flags to pass to the 2716.Xr ypset 8 2717daemon. 2718.It Va nis_server_enable 2719.Pq Vt bool 2720If set to 2721.Dq Li YES , 2722run the 2723.Xr ypserv 8 2724daemon at system boot time. 2725.It Va nis_server_flags 2726.Pq Vt str 2727If 2728.Va nis_server_enable 2729is set to 2730.Dq Li YES , 2731these are the flags to pass to the 2732.Xr ypserv 8 2733daemon. 2734.It Va nis_ypxfrd_enable 2735.Pq Vt bool 2736If set to 2737.Dq Li YES , 2738run the 2739.Xr rpc.ypxfrd 8 2740daemon at system boot time. 2741.It Va nis_ypxfrd_flags 2742.Pq Vt str 2743If 2744.Va nis_ypxfrd_enable 2745is set to 2746.Dq Li YES , 2747these are the flags to pass to the 2748.Xr rpc.ypxfrd 8 2749daemon. 2750.It Va nis_yppasswdd_enable 2751.Pq Vt bool 2752If set to 2753.Dq Li YES , 2754run the 2755.Xr rpc.yppasswdd 8 2756daemon at system boot time. 2757.It Va nis_yppasswdd_flags 2758.Pq Vt str 2759If 2760.Va nis_yppasswdd_enable 2761is set to 2762.Dq Li YES , 2763these are the flags to pass to the 2764.Xr rpc.yppasswdd 8 2765daemon. 2766.It Va rpc_ypupdated_enable 2767.Pq Vt bool 2768If set to 2769.Dq Li YES , 2770run the 2771.Nm rpc.ypupdated 2772daemon at system boot time. 2773.It Va bsnmpd_enable 2774.Pq Vt bool 2775If set to 2776.Dq Li YES , 2777run the 2778.Xr bsnmpd 1 2779daemon at system boot time. 2780Be sure to understand the security implications of running SNMP daemon 2781on your host. 2782.It Va bsnmpd_flags 2783.Pq Vt str 2784If 2785.Va bsnmpd_enable 2786is set to 2787.Dq Li YES , 2788these are the flags to pass to the 2789.Xr bsnmpd 1 2790daemon. 2791.It Va defaultrouter 2792.Pq Vt str 2793If not set to 2794.Dq Li NO , 2795create a default route to this host name or IP address 2796(use an IP address if this router is also required to get to the 2797name server!). 2798.It Va defaultrouter_fibN 2799.Pq Vt str 2800If not set to 2801.Dq Li NO , 2802create a default route in FIB N to this host name or IP address. 2803.It Va ipv6_defaultrouter 2804.Pq Vt str 2805The IPv6 equivalent of 2806.Va defaultrouter . 2807.It Va ipv6_defaultrouter_fibN 2808.Pq Vt str 2809The IPv6 equivalent of 2810.Va defaultrouter_fibN . 2811.It Va static_arp_pairs 2812.Pq Vt str 2813Set to the list of static ARP pairs that are to be added at system 2814boot time. 2815For each whitespace separated 2816.Ar element 2817in the value, a 2818.Va static_arp_ Ns Aq Ar element 2819variable is assumed to exist whose contents will later be passed to a 2820.Dq Nm arp Cm -S 2821operation. 2822For example 2823.Bd -literal 2824static_arp_pairs="gw" 2825static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2826.Ed 2827.It Va static_ndp_pairs 2828.Pq Vt str 2829Set to the list of static NDP pairs that are to be added at system 2830boot time. 2831For each whitespace separated 2832.Ar element 2833in the value, a 2834.Va static_ndp_ Ns Aq Ar element 2835variable is assumed to exist whose contents will later be passed to a 2836.Dq Nm ndp Cm -s 2837operation. 2838For example 2839.Bd -literal 2840static_ndp_pairs="gw" 2841static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2842.Ed 2843.It Va static_routes 2844.Pq Vt str 2845Set to the list of static routes that are to be added at system 2846boot time. 2847If not set to 2848.Dq Li NO 2849then for each whitespace separated 2850.Ar element 2851in the value, a 2852.Va route_ Ns Aq Ar element 2853variable is assumed to exist 2854whose contents will later be passed to a 2855.Dq Nm route Cm add 2856operation. 2857For example: 2858.Bd -literal 2859static_routes="ext mcast:gif0 gif0local:gif0" 2860route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2861route_mcast="-net 224.0.0.0/4 -iface gif0" 2862route_gif0local="-host 169.254.1.1 -iface lo0" 2863.Ed 2864.Pp 2865When an 2866.Ar element 2867is in the form of 2868.Li name:ifname , 2869the route is specific to the interface 2870.Li ifname . 2871.It Va ipv6_static_routes 2872.Pq Vt str 2873The IPv6 equivalent of 2874.Va static_routes . 2875If not set to 2876.Dq Li NO 2877then for each whitespace separated 2878.Ar element 2879in the value, a 2880.Va ipv6_route_ Ns Aq Ar element 2881variable is assumed to exist 2882whose contents will later be passed to a 2883.Dq Nm route Cm add Fl inet6 2884operation. 2885.It Va gateway_enable 2886.Pq Vt bool 2887If set to 2888.Dq Li YES , 2889configure host to act as an IP router, e.g.\& to forward packets 2890between interfaces. 2891.It Va ipv6_gateway_enable 2892.Pq Vt bool 2893The IPv6 equivalent of 2894.Va gateway_enable . 2895.It Va routed_enable 2896.Pq Vt bool 2897If set to 2898.Dq Li YES , 2899run a routing daemon of some sort, based on the 2900settings of 2901.Va routed_program 2902and 2903.Va routed_flags . 2904.It Va route6d_enable 2905.Pq Vt bool 2906The IPv6 equivalent of 2907.Va routed_enable . 2908If set to 2909.Dq Li YES , 2910run a routing daemon of some sort, based on the 2911settings of 2912.Va route6d_program 2913and 2914.Va route6d_flags . 2915.It Va routed_program 2916.Pq Vt str 2917If 2918.Va routed_enable 2919is set to 2920.Dq Li YES , 2921this is the name of the routing daemon to use. 2922.It Va route6d_program 2923.Pq Vt str 2924The IPv6 equivalent of 2925.Va routed_program . 2926.It Va routed_flags 2927.Pq Vt str 2928If 2929.Va routed_enable 2930is set to 2931.Dq Li YES , 2932these are the flags to pass to the routing daemon. 2933.It Va route6d_flags 2934.Pq Vt str 2935The IPv6 equivalent of 2936.Va routed_flags . 2937.It Va rtadvd_enable 2938.Pq Vt bool 2939If set to 2940.Dq Li YES , 2941run the 2942.Xr rtadvd 8 2943daemon at boot time. 2944The 2945.Xr rtadvd 8 2946utility sends ICMPv6 Router Advertisement messages to 2947the interfaces specified in 2948.Va rtadvd_interfaces . 2949This should only be enabled with great care. 2950You may want to fine-tune 2951.Xr rtadvd.conf 5 . 2952.It Va rtadvd_interfaces 2953.Pq Vt str 2954If 2955.Va rtadvd_enable 2956is set to 2957.Dq Li YES 2958this is the list of interfaces to use. 2959.It Va arpproxy_all 2960.Pq Vt bool 2961If set to 2962.Dq Li YES , 2963enable global proxy ARP. 2964.It Va forward_sourceroute 2965.Pq Vt bool 2966If set to 2967.Dq Li YES 2968and 2969.Va gateway_enable 2970is also set to 2971.Dq Li YES , 2972source-routed packets are forwarded. 2973.It Va accept_sourceroute 2974.Pq Vt bool 2975If set to 2976.Dq Li YES , 2977the system will accept source-routed packets directed at it. 2978.It Va rarpd_enable 2979.Pq Vt bool 2980If set to 2981.Dq Li YES , 2982run the 2983.Xr rarpd 8 2984daemon at system boot time. 2985.It Va rarpd_flags 2986.Pq Vt str 2987If 2988.Va rarpd_enable 2989is set to 2990.Dq Li YES , 2991these are the flags to pass to the 2992.Xr rarpd 8 2993daemon. 2994.It Va bootparamd_enable 2995.Pq Vt bool 2996If set to 2997.Dq Li YES , 2998run the 2999.Xr bootparamd 8 3000daemon at system boot time. 3001.It Va bootparamd_flags 3002.Pq Vt str 3003If 3004.Va bootparamd_enable 3005is set to 3006.Dq Li YES , 3007these are the flags to pass to the 3008.Xr bootparamd 8 3009daemon. 3010.It Va stf_interface_ipv4addr 3011.Pq Vt str 3012If not set to 3013.Dq Li NO , 3014this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3015interface). 3016Specify this entry to enable the 6to4 interface. 3017.It Va stf_interface_ipv4plen 3018.Pq Vt int 3019Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3020An effective value is 0-31. 3021.It Va stf_interface_ipv6_ifid 3022.Pq Vt str 3023IPv6 interface ID for 3024.Xr stf 4 . 3025This can be set to 3026.Dq Li AUTO . 3027.It Va stf_interface_ipv6_slaid 3028.Pq Vt str 3029IPv6 Site Level Aggregator for 3030.Xr stf 4 . 3031.It Va ipv6_ipv4mapping 3032.Pq Vt bool 3033If set to 3034.Dq Li YES 3035this enables IPv4 mapped IPv6 address communication (like 3036.Li ::ffff:a.b.c.d ) . 3037.It Va rtsold_enable 3038.Pq Vt bool 3039Set to 3040.Dq Li YES 3041to enable the 3042.Xr rtsold 8 3043daemon to send ICMPv6 Router Solicitation messages. 3044.It Va rtsold_flags 3045.Pq Vt str 3046If 3047.Va rtsold_enable 3048is set to 3049.Dq Li YES , 3050these are the flags to pass to 3051.Xr rtsold 8 . 3052.It Va rtsol_flags 3053.Pq Vt str 3054For interfaces configured with the 3055.Dq Li inet6 accept_rtadv 3056keyword, these are the flags to pass to 3057.Xr rtsol 8 . 3058.Pp 3059Note that 3060.Va rtsold_enable 3061is mutually exclusive to 3062.Va rtsol_flags ; 3063.Va rtsold_enable 3064takes precedence. 3065.It Va keybell 3066.Pq Vt str 3067The keyboard bell sound. 3068Set to 3069.Dq Li normal , 3070.Dq Li visual , 3071.Dq Li off , 3072or 3073.Dq Li NO 3074if the default behavior is desired. 3075For details, refer to the 3076.Xr kbdcontrol 1 3077manpage. 3078.It Va keyboard 3079.Pq Vt str 3080If set to a non-null string, the virtual console's keyboard input is 3081set to this device. 3082.It Va keymap 3083.Pq Vt str 3084If set to 3085.Dq Li NO , 3086no keymap is installed, otherwise the value is used to install 3087the keymap file found in 3088.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3089(if using 3090.Xr syscons 4 ) or 3091.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3092(if using 3093.Xr vt 4 ) . 3094.It Va keyrate 3095.Pq Vt str 3096The keyboard repeat speed. 3097Set to 3098.Dq Li slow , 3099.Dq Li normal , 3100.Dq Li fast , 3101or 3102.Dq Li NO 3103if the default behavior is desired. 3104.It Va keychange 3105.Pq Vt str 3106If not set to 3107.Dq Li NO , 3108attempt to program the function keys with the value. 3109The value should 3110be a single string of the form: 3111.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3112.It Va cursor 3113.Pq Vt str 3114Can be set to the value of 3115.Dq Li normal , 3116.Dq Li blink , 3117.Dq Li destructive , 3118or 3119.Dq Li NO 3120to set the cursor behavior explicitly or choose the default behavior. 3121.It Va scrnmap 3122.Pq Vt str 3123If set to 3124.Dq Li NO , 3125no screen map is installed, otherwise the value is used to install 3126the screen map file in 3127.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3128This parameter is ignored when using 3129.Xr vt 4 3130as the console driver. 3131.It Va font8x16 3132.Pq Vt str 3133If set to 3134.Dq Li NO , 3135the default 8x16 font value is used for screen size requests, otherwise 3136the value in 3137.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3138or 3139.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3140is used (depending on the console driver being used). 3141.It Va font8x14 3142.Pq Vt str 3143If set to 3144.Dq Li NO , 3145the default 8x14 font value is used for screen size requests, otherwise 3146the value in 3147.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3148or 3149.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3150is used (depending on the console driver being used). 3151.It Va font8x8 3152.Pq Vt str 3153If set to 3154.Dq Li NO , 3155the default 8x8 font value is used for screen size requests, otherwise 3156the value in 3157.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3158or 3159.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3160is used (depending on the console driver being used). 3161.It Va blanktime 3162.Pq Vt int 3163If set to 3164.Dq Li NO , 3165the default screen blanking interval is used, otherwise it is set 3166to 3167.Ar value 3168seconds. 3169.It Va saver 3170.Pq Vt str 3171If not set to 3172.Dq Li NO , 3173this is the actual screen saver to use 3174.Li ( blank , snake , daemon , 3175etc). 3176.It Va moused_nondefault_enable 3177.Pq Vt str 3178If set to 3179.Dq Li NO , 3180the mouse device specified on 3181the command line is not automatically treated as enabled by the 3182.Pa /etc/rc.d/moused 3183script. 3184Having this variable set to 3185.Dq Li YES 3186allows a 3187.Xr usb 4 3188mouse, 3189for example, 3190to be enabled as soon as it is plugged in. 3191.It Va moused_enable 3192.Pq Vt str 3193If set to 3194.Dq Li YES , 3195the 3196.Xr moused 8 3197daemon is started for doing cut/paste selection on the console. 3198.It Va moused_type 3199.Pq Vt str 3200This is the protocol type of the mouse connected to this host. 3201This variable must be set if 3202.Va moused_enable 3203is set to 3204.Dq Li YES . 3205The 3206.Xr moused 8 3207daemon 3208is able to detect the appropriate mouse type automatically in many cases. 3209Set this variable to 3210.Dq Li auto 3211to let the daemon detect it, or 3212select one from the following list if the automatic detection fails. 3213.Pp 3214If the mouse is attached to the PS/2 mouse port, choose 3215.Dq Li auto 3216or 3217.Dq Li ps/2 , 3218regardless of the brand and model of the mouse. 3219Likewise, if the 3220mouse is attached to the bus mouse port, choose 3221.Dq Li auto 3222or 3223.Dq Li busmouse . 3224All other protocols are for serial mice and will not work with 3225the PS/2 and bus mice. 3226If this is a USB mouse, 3227.Dq Li auto 3228is the only protocol type which will work. 3229.Pp 3230.Bl -tag -width ".Li x10mouseremote" -compact 3231.It Li microsoft 3232Microsoft mouse (serial) 3233.It Li intellimouse 3234Microsoft IntelliMouse (serial) 3235.It Li mousesystems 3236Mouse systems Corp.\& mouse (serial) 3237.It Li mmseries 3238MM Series mouse (serial) 3239.It Li logitech 3240Logitech mouse (serial) 3241.It Li busmouse 3242A bus mouse 3243.It Li mouseman 3244Logitech MouseMan and TrackMan (serial) 3245.It Li glidepoint 3246ALPS GlidePoint (serial) 3247.It Li thinkingmouse 3248Kensington ThinkingMouse (serial) 3249.It Li ps/2 3250PS/2 mouse 3251.It Li mmhittab 3252MM HitTablet (serial) 3253.It Li x10mouseremote 3254X10 MouseRemote (serial) 3255.It Li versapad 3256Interlink VersaPad (serial) 3257.El 3258.Pp 3259Even if the mouse is not in the above list, it may be compatible 3260with one in the list. 3261Refer to the manual page for 3262.Xr moused 8 3263for compatibility information. 3264.Pp 3265It should also be noted that while this is enabled, any 3266other client of the mouse (such as an X server) should access 3267the mouse through the virtual mouse device, 3268.Pa /dev/sysmouse , 3269and configure it as a 3270.Dq Li sysmouse 3271type mouse, since all 3272mouse data is converted to this single canonical format when 3273using 3274.Xr moused 8 . 3275If the client program does not support the 3276.Dq Li sysmouse 3277type, 3278specify the 3279.Dq Li mousesystems 3280type. 3281It is the second preferred type. 3282.It Va moused_port 3283.Pq Vt str 3284If 3285.Va moused_enable 3286is set to 3287.Dq Li YES , 3288this is the actual port the mouse is on. 3289It might be 3290.Pa /dev/cuau0 3291for a COM1 serial mouse, or 3292.Pa /dev/psm0 3293for a PS/2 mouse, for example. 3294.It Va moused_flags 3295.Pq Vt str 3296If 3297.Va moused_flags 3298is set, its value is used as an additional set of flags to pass to the 3299.Xr moused 8 3300daemon. 3301.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3302When 3303.Va moused_nondefault_enable 3304is enabled, and a 3305.Xr moused 8 3306daemon is started for a non-default port, the 3307.Va "moused_" Ns Ar XXX Ns Va "_flags" 3308set of options has precedence over and replaces the default 3309.Va moused_flags 3310(where 3311.Ar XXX 3312is the name of the non-default port, i.e.,\& 3313.Ar ums0 ) . 3314By setting 3315.Va "moused_" Ns Ar XXX Ns Va "_flags" 3316it is possible to set up a different set of default flags for each 3317.Xr moused 8 3318instance. 3319For example, you can use 3320.Dq Li "-3" 3321for the default 3322.Va moused_flags 3323to make your laptop's touchpad more comfortable to use, 3324but an empty set of options for 3325.Va moused_ums0_flags 3326when your 3327.Xr usb 4 3328mouse has three or more buttons. 3329.It Va mousechar_start 3330.Pq Vt int 3331If set to 3332.Dq Li NO , 3333the default mouse cursor character range 3334.Li 0xd0 Ns - Ns Li 0xd3 3335is used, 3336otherwise the range start is set 3337to 3338.Ar value 3339character, see 3340.Xr vidcontrol 1 . 3341Use if the default range is occupied in the language code table. 3342.It Va allscreens_flags 3343.Pq Vt str 3344If set, 3345.Xr vidcontrol 1 3346is run with these options for each of the virtual terminals 3347.Pq Pa /dev/ttyv* . 3348For example, 3349.Dq Fl m Cm on 3350will enable the mouse pointer on all virtual terminals 3351if 3352.Va moused_enable 3353is set to 3354.Dq Li YES . 3355.It Va allscreens_kbdflags 3356.Pq Vt str 3357If set, 3358.Xr kbdcontrol 1 3359is run with these options for each of the virtual terminals 3360.Pq Pa /dev/ttyv* . 3361For example, 3362.Dq Fl h Li 200 3363will set the 3364.Xr syscons 4 3365or 3366.Xr vt 4 3367scrollback (history) buffer to 200 lines. 3368.It Va cron_enable 3369.Pq Vt bool 3370If set to 3371.Dq Li YES , 3372run the 3373.Xr cron 8 3374daemon at system boot time. 3375.It Va cron_program 3376.Pq Vt str 3377Path to 3378.Xr cron 8 3379(default 3380.Pa /usr/sbin/cron ) . 3381.It Va cron_flags 3382.Pq Vt str 3383If 3384.Va cron_enable 3385is set to 3386.Dq Li YES , 3387these are the flags to pass to 3388.Xr cron 8 . 3389.It Va cron_dst 3390.Pq Vt bool 3391If set to 3392.Dq Li YES , 3393enable the special handling of transitions to and from the 3394Daylight Saving Time in 3395.Xr cron 8 3396(equivalent to using the flag 3397.Fl s ) . 3398.It Va lpd_program 3399.Pq Vt str 3400Path to 3401.Xr lpd 8 3402(default 3403.Pa /usr/sbin/lpd ) . 3404.It Va lpd_enable 3405.Pq Vt bool 3406If set to 3407.Dq Li YES , 3408run the 3409.Xr lpd 8 3410daemon at system boot time. 3411.It Va lpd_flags 3412.Pq Vt str 3413If 3414.Va lpd_enable 3415is set to 3416.Dq Li YES , 3417these are the flags to pass to the 3418.Xr lpd 8 3419daemon. 3420.It Va chkprintcap_enable 3421.Pq Vt bool 3422If set to 3423.Dq Li YES , 3424run the 3425.Xr chkprintcap 8 3426command before starting the 3427.Xr lpd 8 3428daemon. 3429.It Va chkprintcap_flags 3430.Pq Vt str 3431If 3432.Va lpd_enable 3433and 3434.Va chkprintcap_enable 3435are set to 3436.Dq Li YES , 3437these are the flags to pass to the 3438.Xr chkprintcap 8 3439program. 3440The default is 3441.Dq Li -d , 3442which causes missing directories to be created. 3443.It Va mta_start_script 3444.Pq Vt str 3445This variable specifies the full path to the script to run to start 3446a mail transfer agent. 3447The default is 3448.Pa /etc/rc.sendmail . 3449The 3450.Va sendmail_* 3451variables which 3452.Pa /etc/rc.sendmail 3453uses are documented in the 3454.Xr rc.sendmail 8 3455manual page. 3456.It Va dumpdev 3457.Pq Vt str 3458Indicates the device (usually a swap partition) to which a crash dump 3459should be written in the event of a system crash. 3460If the value of this variable is 3461.Dq Li AUTO , 3462the first suitable swap device listed in 3463.Pa /etc/fstab 3464will be used as dump device. 3465Otherwise, the value of this variable is passed as the argument to 3466.Xr dumpon 8 3467and 3468.Xr savecore 8 . 3469To disable crash dumps, set this variable to 3470.Dq Li NO . 3471.It Va dumpon_flags 3472.Pq Vt str 3473Flags to pass to 3474.Xr dumpon 8 3475when configuring 3476.Va dumpdev 3477as the system dump device. 3478.It Va dumpdir 3479.Pq Vt str 3480When the system reboots after a crash and a crash dump is found on the 3481device specified by the 3482.Va dumpdev 3483variable, 3484.Xr savecore 8 3485will save that crash dump and a copy of the kernel to the directory 3486specified by the 3487.Va dumpdir 3488variable. 3489The default value is 3490.Pa /var/crash . 3491Set to 3492.Dq Li NO 3493to not run 3494.Xr savecore 8 3495at boot time when 3496.Va dumpdir 3497is set. 3498.It Va savecore_enable 3499.Pq Vt bool 3500If set to 3501.Dq Li NO , 3502disable automatic extraction of the crash dump from the 3503.Va dumpdev . 3504.It Va savecore_flags 3505.Pq Vt str 3506If crash dumps are enabled, these are the flags to pass to the 3507.Xr savecore 8 3508utility. 3509.It Va quota_enable 3510.Pq Vt bool 3511Set to 3512.Dq Li YES 3513to turn on user and group disk quotas on system startup via the 3514.Xr quotaon 8 3515command for all file systems marked as having quotas enabled in 3516.Pa /etc/fstab . 3517The kernel must be built with 3518.Cd "options QUOTA" 3519for disk quotas to function. 3520.It Va check_quotas 3521.Pq Vt bool 3522Set to 3523.Dq Li YES 3524to enable user and group disk quota checking via the 3525.Xr quotacheck 8 3526command. 3527.It Va quotacheck_flags 3528.Pq Vt str 3529If 3530.Va quota_enable 3531is set to 3532.Dq Li YES , 3533and 3534.Va check_quotas 3535is set to 3536.Dq Li YES , 3537these are the flags to pass to the 3538.Xr quotacheck 8 3539utility. 3540The default is 3541.Dq Li "-a" , 3542which checks quotas for all file systems with quotas enabled in 3543.Pa /etc/fstab . 3544.It Va quotaon_flags 3545.Pq Vt str 3546If 3547.Va quota_enable 3548is set to 3549.Dq Li YES , 3550these are the flags to pass to the 3551.Xr quotaon 8 3552utility. 3553The default is 3554.Dq Li "-a" , 3555which enables quotas for all file systems with quotas enabled in 3556.Pa /etc/fstab . 3557.It Va quotaoff_flags 3558.Pq Vt str 3559If 3560.Va quota_enable 3561is set to 3562.Dq Li YES , 3563these are the flags to pass to the 3564.Xr quotaoff 8 3565utility when shutting down the quota system. 3566The default is 3567.Dq Li "-a" , 3568which disables quotas for all file systems with quotas enabled in 3569.Pa /etc/fstab . 3570.It Va accounting_enable 3571.Pq Vt bool 3572Set to 3573.Dq Li YES 3574to enable system accounting through the 3575.Xr accton 8 3576facility. 3577.It Va firstboot_sentinel 3578.Pq Vt str 3579This variable specifies the full path to a 3580.Dq first boot 3581sentinel file. 3582If a file exists with this path, 3583.Pa rc.d 3584scripts with the 3585.Dq firstboot 3586keyword will be run on startup and the sentinel file will be deleted 3587after the boot process completes. 3588The sentinel file must be located on a writable file system which is 3589mounted no later than 3590.Va early_late_divider 3591to function properly. 3592The default is 3593.Pa /firstboot . 3594.It Va linux_enable 3595.Pq Vt bool 3596Set to 3597.Dq Li YES 3598to enable Linux/ELF binary emulation at system initial 3599boot time. 3600.It Va sysvipc_enable 3601.Pq Vt bool 3602If set to 3603.Dq Li YES , 3604load System V IPC primitives at boot time. 3605.It Va clear_tmp_enable 3606.Pq Vt bool 3607Set to 3608.Dq Li YES 3609to have 3610.Pa /tmp 3611cleaned at startup. 3612.It Va clear_tmp_X 3613.Pq Vt bool 3614Set to 3615.Dq Li NO 3616to disable removing of X11 lock files, 3617and the removal and (secure) recreation 3618of the various socket directories for X11 3619related programs. 3620.It Va ldconfig_paths 3621.Pq Vt str 3622Set to the list of shared library paths to use with 3623.Xr ldconfig 8 . 3624NOTE: 3625.Pa /lib 3626and 3627.Pa /usr/lib 3628will always be added first, so they need not appear in this list. 3629.It Va ldconfig32_paths 3630.Pq Vt str 3631Set to the list of 32-bit compatibility shared library paths to 3632use with 3633.Xr ldconfig 8 . 3634.It Va ldconfig_insecure 3635.Pq Vt bool 3636The 3637.Xr ldconfig 8 3638utility normally refuses to use directories 3639which are writable by anyone except root. 3640Set this variable to 3641.Dq Li YES 3642to disable that security check during system startup. 3643.It Va ldconfig_local_dirs 3644.Pq Vt str 3645Set to the list of local 3646.Xr ldconfig 8 3647directories. 3648The names of all files in the directories listed will be 3649passed as arguments to 3650.Xr ldconfig 8 . 3651.It Va ldconfig_local32_dirs 3652.Pq Vt str 3653Set to the list of local 32-bit compatibility 3654.Xr ldconfig 8 3655directories. 3656The names of all files in the directories listed will be 3657passed as arguments to 3658.Dq Nm ldconfig Fl 32 . 3659.It Va kern_securelevel_enable 3660.Pq Vt bool 3661Set to 3662.Dq Li YES 3663to set the kernel security level at system startup. 3664.It Va kern_securelevel 3665.Pq Vt int 3666The kernel security level to set at startup. 3667The allowed range of 3668.Ar value 3669ranges from \-1 (the compile time default) to 3 (the 3670most secure). 3671See 3672.Xr security 7 3673for the list of possible security levels and their effect 3674on system operation. 3675.It Va sshd_program 3676.Pq Vt str 3677Path to the SSH server program 3678.Pa ( /usr/sbin/sshd 3679is the default). 3680.It Va sshd_enable 3681.Pq Vt bool 3682Set to 3683.Dq Li YES 3684to start 3685.Xr sshd 8 3686at system boot time. 3687.It Va sshd_flags 3688.Pq Vt str 3689If 3690.Va sshd_enable 3691is set to 3692.Dq Li YES , 3693these are the flags to pass to the 3694.Xr sshd 8 3695daemon. 3696.It Va ftpd_program 3697.Pq Vt str 3698Path to the FTP server program 3699.Pa ( /usr/libexec/ftpd 3700is the default). 3701.It Va ftpd_enable 3702.Pq Vt bool 3703Set to 3704.Dq Li YES 3705to start 3706.Xr ftpd 8 3707as a stand-alone daemon at system boot time. 3708.It Va ftpd_flags 3709.Pq Vt str 3710If 3711.Va ftpd_enable 3712is set to 3713.Dq Li YES , 3714these are the additional flags to pass to the 3715.Xr ftpd 8 3716daemon. 3717.It Va watchdogd_enable 3718.Pq Vt bool 3719If set to 3720.Dq Li YES , 3721start the 3722.Xr watchdogd 8 3723daemon at boot time. 3724This requires that the kernel have been compiled with a 3725.Xr watchdog 4 3726compatible device. 3727.It Va watchdogd_flags 3728.Pq Vt str 3729If 3730.Va watchdogd_enable 3731is set to 3732.Dq Li YES , 3733these are the flags passed to the 3734.Xr watchdogd 8 3735daemon. 3736.It Va watchdogd_timeout 3737.Pq Vt int 3738If 3739.Va watchdogd_enable 3740is set to 3741.Dq Li YES , 3742this is a timeout that will be used by the 3743.Xr watchdogd 8 3744daemon. 3745If this option is set, it overrides 3746.Fl t 3747in 3748.Va watchdogd_flags . 3749.It Va watchdogd_shutdown_timeout 3750.Pq Vt int 3751If 3752.Va watchdogd_enable 3753is set to 3754.Dq Li YES , 3755this is a timeout that will be set by the 3756.Xr watchdogd 8 3757daemon when it exits during the system shutdown. 3758This timeout will not be set when returning to the single-user mode 3759or when the watchdogd service is stopped individually using the 3760.Xr service 8 3761command or the rc.d script. 3762Note that the timeout will be applied if 3763.Xr watchdogd 8 3764is stopped outside of 3765.Xr rc 8 3766framework. 3767If this option is set, it overrides 3768.Fl x 3769in 3770.Va watchdogd_flags . 3771.It Va devfs_rulesets 3772.Pq Vt str 3773List of files containing sets of rules for 3774.Xr devfs 8 . 3775.It Va devfs_system_ruleset 3776.Pq Vt str 3777Rule name(s) to apply to the system 3778.Pa /dev 3779itself. 3780.It Va devfs_set_rulesets 3781.Pq Vt str 3782Pairs of already-mounted 3783.Pa dev 3784directories and rulesets that should be applied to them. 3785For example: /mount/dev=ruleset_name 3786.It Va devfs_load_rulesets 3787.Pq Vt bool 3788If set, always load the default rulesets listed in 3789.Va devfs_rulesets . 3790.It Va performance_cx_lowest 3791.Pq Vt str 3792CPU idle state to use while on AC power. 3793The string 3794.Dq Li LOW 3795indicates that 3796.Xr acpi 4 3797should use the lowest power state available while 3798.Dq Li HIGH 3799indicates that the lowest latency state (less power savings) should be used. 3800.It Va performance_cpu_freq 3801.Pq Vt str 3802CPU clock frequency to use while on AC power. 3803The string 3804.Dq Li LOW 3805indicates that 3806.Xr cpufreq 4 3807should use the lowest frequency available while 3808.Dq Li HIGH 3809indicates that the highest frequency (less power savings) should be used. 3810.It Va economy_cx_lowest 3811.Pq Vt str 3812CPU idle state to use when off AC power. 3813The string 3814.Dq Li LOW 3815indicates that 3816.Xr acpi 4 3817should use the lowest power state available while 3818.Dq Li HIGH 3819indicates that the lowest latency state (less power savings) should be used. 3820.It Va economy_cpu_freq 3821.Pq Vt str 3822CPU clock frequency to use when off AC power. 3823The string 3824.Dq Li LOW 3825indicates that 3826.Xr cpufreq 4 3827should use the lowest frequency available while 3828.Dq Li HIGH 3829indicates that the highest frequency (less power savings) should be used. 3830.It Va jail_enable 3831.Pq Vt bool 3832If set to 3833.Dq Li NO , 3834any configured jails will not be started. 3835.It Va jail_conf 3836.Pq Vt str 3837The configuration filename used by 3838.Xr jail 8 3839utility. 3840The default value is 3841.Pa /etc/jail.conf . 3842.It Va jail_parallel_start 3843.Pq Vt bool 3844If set to 3845.Dq Li YES , 3846all configured jails will be started in the background (in parallel). 3847.It Va jail_flags 3848.Pq Vt str 3849Unset by default. 3850When set, use as default value for 3851.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3852for every jail in 3853.Va jail_list . 3854.It Va jail_list 3855.Pq Vt str 3856A space-delimited list of jail names. 3857When left empty, all of the 3858.Xr jail 8 3859instances defined in the configuration file are started. 3860The names specified in this list control the jail startup order. 3861.Xr jail 8 3862instances missing from 3863.Va jail_list 3864must be started manually. 3865Note that a jail's 3866.Va depend 3867parameter in the configuration file may override this list. 3868.It Va jail_reverse_stop 3869.Pq Vt bool 3870When set to 3871.Dq Li YES , 3872all configured jails in 3873.Va jail_list 3874are stopped in reverse order. 3875.It Va jail_ Ns * variables 3876Note that older releases supported per-jail configuration via 3877.Nm 3878variables. 3879For example, 3880hostname of a jail named 3881.Li vjail 3882was able to be set by 3883.Li jail_vjail_hostname . 3884These per-jail configuration variables are now obsolete in favor of 3885.Xr jail 8 3886configuration file. 3887For backward compatibility, 3888when per-jail configuration variables are defined, 3889.Xr jail 8 3890configuration files are created as 3891.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3892and used. 3893.Pp 3894The following per-jail parameters are handled by 3895.Pa rc.d/jail 3896script out of their corresponding 3897.Nm 3898variables. 3899In addition to them, parameters in 3900.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3901will be added to the configuration file. 3902They must be a semi-colon 3903.Pq Ql \&; 3904delimited list of 3905.Dq key=value . 3906For more details, 3907see 3908.Xr jail 8 3909manual page. 3910.Bl -tag -width "host.hostname" -offset indent 3911.It Li path 3912set from 3913.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3914.It Li host.hostname 3915set from 3916.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3917.It Li exec.consolelog 3918set from 3919.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3920The default value is 3921.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3922.It Li interface 3923set from 3924.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3925.It Li vnet.interface 3926set from 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3928This implies 3929.Li vnet 3930parameter will be enabled and cannot be specified with 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3932.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3933and/or 3934.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3935at the same time. 3936.It Li fstab 3937set from 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3939.It Li mount 3940set from 3941.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3942.It Li exec.fib 3943set from 3944.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3945.It Li exec.start 3946set from 3947.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3948The parameter name was 3949.Li command 3950in some older releases. 3951.It Li exec.prestart 3952set from 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3954.It Li exec.poststart 3955set from 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3957.It Li exec.stop 3958set from 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3960.It Li exec.prestop 3961set from 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3963.It Li exec.poststop 3964set from 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3966.It Li ip4.addr 3967set if 3968.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3969or 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3971contain IPv4 addresses 3972.It Li ip6.addr 3973set if 3974.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3975or 3976.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3977contain IPv6 addresses 3978.It Li allow.mount 3979set from 3980.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3981.It Li mount.devfs 3982set from 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3984.It Li devfs_ruleset 3985set from 3986.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3987This must be an integer, 3988not a string. 3989.It Li mount.fdescfs 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3992.It Li allow.set_hostname 3993set from 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3995.It Li allow.rawsocket 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3998.It Li allow.sysvipc 3999set from 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4001.El 4002.\" ----------------------------------------------------- 4003.It Va harvest_mask 4004.Pq Vt int 4005Set to a bit-mask 4006representing the entropy sources 4007you wish to harvest. 4008Refer to 4009.Xr random 4 4010for more information. 4011.It Va entropy_dir 4012.Pq Vt str 4013Set to 4014.Dq Li NO 4015to disable caching entropy via 4016.Xr cron 8 . 4017Otherwise set to the directory 4018in which the entropy files are stored. 4019To be useful, 4020there must be 4021a system cron job 4022that regularly writes and rotates 4023files here. 4024All files found 4025will be used at boot time. 4026The default is 4027.Pa /var/db/entropy . 4028.It Va entropy_file 4029.Pq Vt str 4030Set to 4031.Dq Li NO 4032to disable caching entropy through reboots. 4033Otherwise set to the name 4034of a file used to store cached entropy. 4035This file should be located 4036on a file system that is readable 4037before all the volumes specified in 4038.Xr fstab 5 4039are mounted. 4040By default, 4041.Pa /entropy 4042is used, 4043but if 4044.Pa /var/db/entropy-file 4045is found it will also be used. 4046This will be of some use to 4047.Xr bsdinstall 8 . 4048.It Va entropy_boot_file 4049.Pq Vt str 4050Set to 4051.Dq Li NO 4052to disable 4053very early caching entropy 4054through reboots. 4055Otherwise set to the filename 4056used to read 4057very early reboot cached entropy. 4058This file should be located where 4059.Xr loader 8 4060can read it. 4061See also 4062.Xr loader.conf 5 . 4063The default location is 4064.Pa /boot/entropy . 4065.It Va entropy_save_sz 4066.Pq Vt int 4067Size of the entropy cache files saved by 4068.Nm save-entropy 4069periodically. 4070.It Va entropy_save_num 4071.Pq Vt int 4072Number of entropy cache files to save by 4073.Nm save-entropy 4074periodically. 4075.It Va ipsec_enable 4076.Pq Vt bool 4077Set to 4078.Dq Li YES 4079to run 4080.Xr setkey 8 4081on 4082.Va ipsec_file 4083at boot time. 4084.It Va ipsec_file 4085.Pq Vt str 4086Configuration file for 4087.Xr setkey 8 . 4088.It Va dmesg_enable 4089.Pq Vt bool 4090Set to 4091.Dq Li YES 4092to save 4093.Xr dmesg 8 4094to 4095.Pa /var/run/dmesg.boot 4096on boot. 4097.It Va rcshutdown_timeout 4098.Pq Vt int 4099If set, start a watchdog timer in the background which will terminate 4100.Pa rc.shutdown 4101if 4102.Xr shutdown 8 4103has not completed within the specified time (in seconds). 4104Notice that in addition to this soft timeout, 4105.Xr init 8 4106also applies a hard timeout for the execution of 4107.Pa rc.shutdown . 4108This is configured via 4109.Xr sysctl 8 4110variable 4111.Va kern.init_shutdown_timeout 4112and defaults to 120 seconds. 4113Setting the value of 4114.Va rcshutdown_timeout 4115to more than 120 seconds will have no effect until the 4116.Xr sysctl 8 4117variable 4118.Va kern.init_shutdown_timeout 4119is also increased. 4120.It Va virecover_enable 4121.Pq Vt bool 4122Set to 4123.Dq Li NO 4124to prevent the system from trying to 4125recover pre-maturely terminated 4126.Xr vi 1 4127sessions. 4128.It Va ugidfw_enable 4129.Pq Vt bool 4130Set to 4131.Dq Li YES 4132to load the 4133.Xr mac_bsdextended 4 4134module upon system initialization and load a default 4135ruleset file. 4136.It Va bsdextended_script 4137.Pq Vt str 4138The default 4139.Xr mac_bsdextended 4 4140ruleset file to load. 4141The default value of this variable is 4142.Pa /etc/rc.bsdextended . 4143.It Va newsyslog_enable 4144.Pq Vt bool 4145If set to 4146.Dq Li YES , 4147run 4148.Xr newsyslog 8 4149command at startup. 4150.It Va newsyslog_flags 4151.Pq Vt str 4152If 4153.Va newsyslog_enable 4154is set to 4155.Dq Li YES , 4156these are the flags to pass to the 4157.Xr newsyslog 8 4158program. 4159The default is 4160.Dq Li -CN , 4161which causes log files flagged with a 4162.Cm C 4163to be created. 4164.It Va mdconfig_md Ns Aq Ar X 4165.Pq Vt str 4166Arguments to 4167.Xr mdconfig 8 4168for 4169.Xr md 4 4170device 4171.Ar X . 4172At minimum a 4173.Fl t Ar type 4174must be specified and either a 4175.Fl s Ar size 4176for malloc or swap backed 4177.Xr md 4 4178devices or a 4179.Fl f Ar file 4180for vnode backed 4181.Xr md 4 4182devices. 4183Note that 4184.Va mdconfig_md Ns Aq Ar X 4185variables are evaluated until one variable is unset or null. 4186.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4187.Pq Vt str 4188Optional arguments passed to 4189.Xr newfs 8 4190to initialize 4191.Xr md 4 4192device 4193.Ar X . 4194.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4195.Pq Vt str 4196An ownership specification passed to 4197.Xr chown 8 4198after the specified 4199.Xr md 4 4200device 4201.Ar X 4202has been mounted. 4203Both the 4204.Xr md 4 4205device and the mount point will be changed. 4206.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4207.Pq Vt str 4208A mode string passed to 4209.Xr chmod 1 4210after the specified 4211.Xr md 4 4212device 4213.Ar X 4214has been mounted. 4215Both the 4216.Xr md 4 4217device and the mount point will be changed. 4218.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4219.Pq Vt str 4220Files to be copied to the mount point of the 4221.Xr md 4 4222device 4223.Ar X 4224after it has been mounted. 4225.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4226.Pq Vt str 4227Command to execute after the specified 4228.Xr md 4 4229device 4230.Ar X 4231has been mounted. 4232Note that the command is passed to 4233.Ic eval 4234and that both 4235.Va _dev 4236and 4237.Va _mp 4238variables can be used to reference respectively the 4239.Xr md 4 4240device and the mount point. 4241Assuming that the 4242.Xr md 4 4243device is 4244.Li md0 , 4245one could set the following: 4246.Bd -literal 4247mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4248.Ed 4249.It Va autobridge_interfaces 4250.Pq Vt str 4251Set to the list of bridge interfaces that will have newly arriving interfaces 4252checked against to be automatically added. 4253If not set to 4254.Dq Li NO 4255then for each whitespace separated 4256.Ar element 4257in the value, a 4258.Va autobridge_ Ns Aq Ar element 4259variable is assumed to exist which has a whitespace separated list of interface 4260names to match, these names can use wildcards. 4261For example: 4262.Bd -literal 4263autobridge_interfaces="bridge0" 4264autobridge_bridge0="tap* dc0 vlan[345]" 4265.Ed 4266.It Va mixer_enable 4267.Pq Vt bool 4268If set to 4269.Dq Li YES , 4270enable support for sound mixer. 4271.It Va hcsecd_enable 4272.Pq Vt bool 4273If set to 4274.Dq Li YES , 4275enable Bluetooth security daemon. 4276.It Va hcsecd_config 4277.Pq Vt str 4278Configuration file for 4279.Xr hcsecd 8 . 4280Default 4281.Pa /etc/bluetooth/hcsecd.conf . 4282.It Va sdpd_enable 4283.Pq Vt bool 4284If set to 4285.Dq Li YES , 4286enable Bluetooth Service Discovery Protocol daemon. 4287.It Va sdpd_control 4288.Pq Vt str 4289Path to 4290.Xr sdpd 8 4291control socket. 4292Default 4293.Pa /var/run/sdp . 4294.It Va sdpd_groupname 4295.Pq Vt str 4296Sets 4297.Xr sdpd 8 4298group to run as after it initializes. 4299Default 4300.Dq Li nobody . 4301.It Va sdpd_username 4302.Pq Vt str 4303Sets 4304.Xr sdpd 8 4305user to run as after it initializes. 4306Default 4307.Dq Li nobody . 4308.It Va bthidd_enable 4309.Pq Vt bool 4310If set to 4311.Dq Li YES , 4312enable Bluetooth Human Interface Device daemon. 4313.It Va bthidd_config 4314.Pq Vt str 4315Configuration file for 4316.Xr bthidd 8 . 4317Default 4318.Pa /etc/bluetooth/bthidd.conf . 4319.It Va bthidd_hids 4320.Pq Vt str 4321Path to a file, where 4322.Xr bthidd 8 4323will store information about known HID devices. 4324Default 4325.Pa /var/db/bthidd.hids . 4326.It Va rfcomm_pppd_server_enable 4327.Pq Vt bool 4328If set to 4329.Dq Li YES , 4330enable Bluetooth RFCOMM PPP wrapper daemon. 4331.It Va rfcomm_pppd_server_profile 4332.Pq Vt str 4333The name of the profile to use from 4334.Pa /etc/ppp/ppp.conf . 4335Multiple profiles can be specified here. 4336Also used to specify per-profile overrides. 4337When the profile name contains any of the characters 4338.Dq Li .-/+ 4339they are translated to 4340.Dq Li _ 4341for the proposes of the override variable names. 4342.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4343.Pq Vt str 4344Overrides local address to listen on. 4345By default 4346.Xr rfcomm_pppd 8 4347will listen on 4348.Dq Li ANY 4349address. 4350The address can be specified as BD_ADDR or name. 4351.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4352.Pq Vt str 4353Overrides local RFCOMM channel to listen on. 4354By default 4355.Xr rfcomm_pppd 8 4356will listen on RFCOMM channel 1. 4357Must set properly if multiple profiles used in the same time. 4358.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4359.Pq Vt bool 4360Tells 4361.Xr rfcomm_pppd 8 4362if it should register Serial Port service on the specified RFCOMM channel. 4363Default 4364.Dq Li NO . 4365.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4366.Pq Vt bool 4367Tells 4368.Xr rfcomm_pppd 8 4369if it should register Dial-Up Networking service on the specified 4370RFCOMM channel. 4371Default 4372.Dq Li NO . 4373.It Va ubthidhci_enable 4374.Pq Vt bool 4375If set to 4376.Dq Li YES , 4377change the USB Bluetooth controller from HID mode to HCI mode. 4378You also need to specify the location of USB Bluetooth controller with the 4379.Va ubthidhci_busnum 4380and 4381.Va ubthidhci_addr 4382variables. 4383.It Va ubthidhci_busnum 4384Bus number where the USB Bluetooth controller is located. 4385Check the output of 4386.Xr usbconfig 8 4387on your system to find this information. 4388.It Va ubthidhci_addr 4389Bus address of the USB Bluetooth controller. 4390Check the output of 4391.Xr usbconfig 8 4392on your system to find this information. 4393.It Va netwait_enable 4394.Pq Vt bool 4395If set to 4396.Dq Li YES , 4397delays the start of network-reliant services until 4398.Va netwait_if 4399is up and ICMP packets to a destination defined in 4400.Va netwait_ip 4401are flowing. 4402Link state is examined first, followed by 4403.Dq Li pinging 4404an IP address to verify network usability. 4405If no destination can be reached or timeouts are exceeded, 4406network services are started anyway with no guarantee that 4407the network is usable. 4408Use of this variable requires both 4409.Va netwait_ip 4410and 4411.Va netwait_if 4412to be set. 4413.It Va netwait_ip 4414.Pq Vt str 4415Empty by default. 4416This variable contains a space-delimited list of IP addresses to 4417.Xr ping 8 . 4418DNS hostnames should not be used as resolution is not guaranteed 4419to be functional at this point. 4420If multiple IP addresses are specified, 4421each will be tried until one is successful or the list is exhausted. 4422.It Va netwait_timeout 4423.Pq Vt int 4424Indicates the total number of seconds to perform a 4425.Dq Li ping 4426against each IP address in 4427.Va netwait_ip , 4428at a rate of one ping per second. 4429If any of the pings are successful, 4430full network connectivity is considered reliable. 4431The default is 60. 4432.It Va netwait_if 4433.Pq Vt str 4434Empty by default. 4435Defines the name of the network interface on which watch for link. 4436.Xr ifconfig 8 4437is used to monitor the interface, looking for 4438.Dq Li status: no carrier . 4439Once gone, the link is considered up. 4440This can be a 4441.Xr vlan 4 4442interface if desired. 4443.It Va netwait_if_timeout 4444.Pq Vt int 4445Defines the total number of seconds to wait for link to become usable, 4446polled at a 1-second interval. 4447The default is 30. 4448.It Va rctl_enable 4449.Pq Vt bool 4450If set to 4451.Dq Li YES , 4452load 4453.Xr rctl 8 4454rules from the defined ruleset. 4455The kernel must be built with 4456.Cd "options RACCT" 4457and 4458.Cd "options RCTL" . 4459.It Va rctl_rules 4460.Pq Vt str 4461Set to 4462.Pa /etc/rctl.conf 4463by default. 4464This variables contains the 4465.Xr rctl.conf 5 4466ruleset to load for 4467.Xr rctl 8 . 4468.It Va iovctl_files 4469.Pq Vt str 4470A space-separated list of configuration files used by 4471.Xr iovctl 8 . 4472The default value is an empty string. 4473.It Va autofs_enable 4474.Pq Vt bool 4475If set to 4476.Dq Li YES , 4477start the 4478.Xr automount 8 4479utility and the 4480.Xr automountd 8 4481and 4482.Xr autounmountd 8 4483daemons at boot time. 4484.It Va automount_flags 4485.Pq Vt str 4486If 4487.Va autofs_enable 4488is set to 4489.Dq Li YES , 4490these are the flags to pass to the 4491.Xr automount 8 4492program. 4493By default no flags are passed. 4494.It Va automountd_flags 4495.Pq Vt str 4496If 4497.Va autofs_enable 4498is set to 4499.Dq Li YES , 4500these are the flags to pass to the 4501.Xr automountd 8 4502daemon. 4503By default no flags are passed. 4504.It Va autounmountd_flags 4505.Pq Vt str 4506If 4507.Va autofs_enable 4508is set to 4509.Dq Li YES , 4510these are the flags to pass to the 4511.Xr autounmountd 8 4512daemon. 4513By default no flags are passed. 4514.It Va ctld_enable 4515.Pq Vt bool 4516If set to 4517.Dq Li YES , 4518start the 4519.Xr ctld 8 4520daemon at boot time. 4521.It Va iscsid_enable 4522.Pq Vt bool 4523If set to 4524.Dq Li YES , 4525start the 4526.Xr iscsid 8 4527daemon at boot time. 4528.It Va iscsictl_enable 4529.Pq Vt bool 4530If set to 4531.Dq Li YES , 4532start the 4533.Xr iscsictl 8 4534utility at boot time. 4535.It Va iscsictl_flags 4536.Pq Vt str 4537If 4538.Va iscsictl_enable 4539is set to 4540.Dq Li YES , 4541these are the flags to pass to the 4542.Xr iscsictl 8 4543program. 4544The default is 4545.Dq Li -Aa , 4546which configures sessions based on the 4547.Pa /etc/iscsi.conf 4548configuration file. 4549.It Va cfumass_enable 4550.Pq Vt bool 4551If set to 4552.Dq Li YES , 4553create and export an USB LUN using 4554.Xr cfumass 4 4555at boot time. 4556.It Va cfumass_dir 4557.Pq Vt str 4558The directory where the files exported by USB LUN are located. 4559The default directory is 4560.Pa /var/cfumass . 4561.It Va service_delete_empty 4562.Pq Vt bool 4563If set to 4564.Dq Li YES , 4565.Ql Li service delete 4566removes empty 4567.Dq Li rc.conf.d 4568files. 4569.It Va zfs_bootonce_activate 4570.Pq Vt bool 4571If set to 4572.Dq Li YES , 4573and a boot environment marked bootonce is successfully booted, 4574it will be made permanently active. 4575.El 4576.Sh FILES 4577.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4578.It Pa /etc/defaults/rc.conf 4579.It Pa /etc/defaults/vendor.conf 4580.It Pa /etc/rc.conf 4581.It Pa /etc/rc.conf.local 4582.El 4583.Sh SEE ALSO 4584.Xr chmod 1 , 4585.Xr gdb 1 , 4586.Xr info 1 , 4587.Xr kbdcontrol 1 , 4588.Xr makewhatis 1 , 4589.Xr sh 1 , 4590.Xr vi 1 , 4591.Xr vidcontrol 1 , 4592.Xr bridge 4 , 4593.Xr dummynet 4 , 4594.Xr ip 4 , 4595.Xr ipf 4 , 4596.Xr ipfw 4 , 4597.Xr ipnat 4 , 4598.Xr kld 4 , 4599.Xr pf 4 , 4600.Xr pflog 4 , 4601.Xr pfsync 4 , 4602.Xr tcp 4 , 4603.Xr udp 4 , 4604.Xr exports 5 , 4605.Xr fstab 5 , 4606.Xr ipf 5 , 4607.Xr ipnat 5 , 4608.Xr jail.conf 5 , 4609.Xr loader.conf 5 , 4610.Xr motd 5 , 4611.Xr newsyslog.conf 5 , 4612.Xr pf.conf 5 , 4613.Xr security 7 , 4614.Xr accton 8 , 4615.Xr amd 8 , 4616.Xr apm 8 , 4617.Xr bsdinstall 8 , 4618.Xr bthidd 8 , 4619.Xr chkprintcap 8 , 4620.Xr chown 8 , 4621.Xr cron 8 , 4622.Xr devfs 8 , 4623.Xr dhclient 8 , 4624.Xr ftpd 8 , 4625.Xr geli 8 , 4626.Xr hcsecd 8 , 4627.Xr ifconfig 8 , 4628.Xr inetd 8 , 4629.Xr iovctl 8 , 4630.Xr ipf 8 , 4631.Xr ipfw 8 , 4632.Xr ipnat 8 , 4633.Xr jail 8 , 4634.Xr kldxref 8 , 4635.Xr loader 8 , 4636.Xr lpd 8 , 4637.Xr mdconfig 8 , 4638.Xr mdmfs 8 , 4639.Xr mixer 8 , 4640.Xr mountd 8 , 4641.Xr moused 8 , 4642.Xr newfs 8 , 4643.Xr newsyslog 8 , 4644.Xr nfsd 8 , 4645.Xr ntpd 8 , 4646.Xr ntpdate 8 , 4647.Xr pfctl 8 , 4648.Xr pflogd 8 , 4649.Xr ping 8 , 4650.Xr powerd 8 , 4651.Xr quotacheck 8 , 4652.Xr quotaon 8 , 4653.Xr rc 8 , 4654.Xr rc.sendmail 8 , 4655.Xr rcorder 8 , 4656.Xr rfcomm_pppd 8 , 4657.Xr route 8 , 4658.Xr routed 8 , 4659.Xr rpc.lockd 8 , 4660.Xr rpc.statd 8 , 4661.Xr rpcbind 8 , 4662.Xr rwhod 8 , 4663.Xr savecore 8 , 4664.Xr sdpd 8 , 4665.Xr service 8 , 4666.Xr sshd 8 , 4667.Xr swapon 8 , 4668.Xr sysctl 8 , 4669.Xr syslogd 8 , 4670.Xr sysrc 8 , 4671.Xr unbound 8 , 4672.Xr usbconfig 8 , 4673.Xr wlandebug 8 , 4674.Xr yp 8 , 4675.Xr ypbind 8 , 4676.Xr ypserv 8 , 4677.Xr ypset 8 4678.Sh HISTORY 4679The 4680.Nm 4681file appeared in 4682.Fx 2.2.2 . 4683.Sh AUTHORS 4684.An Jordan K. Hubbard . 4685