1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd February 15, 2014 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Ao Ar name Ac Ns Va _chroot 165.Pq Vt str 166.Xr chroot 167to this directory before running the service. 168.It Ao Ar name Ac Ns Va _user 169.Pq Vt str 170Run the service under this user account. 171.It Ao Ar name Ac Ns Va _group 172.Pq Vt str 173Run the chrooted service under this system group. Unlike the _user 174setting, this setting has no effect if the service is not chrooted. 175.It Ao Ar name Ac Ns Va _fib 176.Pq Vt int 177The 178.Xr setfib 1 179value to run the service under. 180.It Ao Ar name Ac Ns Va _nice 181.Pq Vt int 182The 183.Xr nice 1 184value to run the service under. 185.It Va apm_enable 186.Pq Vt bool 187If set to 188.Dq Li YES , 189enable support for Automatic Power Management with 190the 191.Xr apm 8 192command. 193.It Va apmd_enable 194.Pq Vt bool 195Run 196.Xr apmd 8 197to handle APM event from userland. 198This also enables support for APM. 199.It Va apmd_flags 200.Pq Vt str 201If 202.Va apmd_enable 203is set to 204.Dq Li YES , 205these are the flags to pass to the 206.Xr apmd 8 207daemon. 208.It Va devd_enable 209.Pq Vt bool 210Run 211.Xr devd 8 212to handle device added, removed or unknown events from the kernel. 213.It Va ddb_enable 214.Pq Vt bool 215Run 216.Xr ddb 8 217to install 218.Xr ddb 4 219scripts at boot time. 220.It Va ddb_config 221.Pq Vt str 222Configuration file for 223.Xr ddb 8 . 224Default 225.Pa /etc/ddb.conf . 226.It Va kld_list 227.Pq Vt str 228A list of kernel modules to load right after the local 229disks are mounted. 230Loading modules at this point in the boot process is 231much faster than doing it via 232.Pa /boot/loader.conf 233for those modules not necessary for mounting local disk. 234.It Va kldxref_enable 235.Pq Vt bool 236Set to 237.Dq Li NO 238by default. 239Set to 240.Dq Li YES 241to automatically rebuild 242.Pa linker.hints 243files with 244.Xr kldxref 8 245at boot time. 246.It Va kldxref_clobber 247.Pq Vt bool 248Set to 249.Dq Li NO 250by default. 251If 252.Va kldxref_enable 253is true, 254setting to 255.Dq Li YES 256will overwrite existing 257.Pa linker.hints 258files at boot time. 259Otherwise, 260only missing 261.Pa linker.hints 262files are generated. 263.It Va kldxref_module_path 264.Pq Vt str 265Empty by default. 266A semi-colon 267.Pq Ql \&; 268delimited list of paths containing 269.Xr kld 4 270modules. 271If empty, 272the contents of the 273.Va kern.module_path 274.Xr sysctl 8 275are used. 276.It Va powerd_enable 277.Pq Vt bool 278If set to 279.Dq Li YES , 280enable the system power control facility with the 281.Xr powerd 8 282daemon. 283.It Va powerd_flags 284.Pq Vt str 285If 286.Va powerd_enable 287is set to 288.Dq Li YES , 289these are the flags to pass to the 290.Xr powerd 8 291daemon. 292.It Va tmpmfs 293Controls the creation of a 294.Pa /tmp 295memory file system. 296Always happens if set to 297.Dq Li YES 298and never happens if set to 299.Dq Li NO . 300If set to anything else, a memory file system is created if 301.Pa /tmp 302is not writable. 303.It Va tmpsize 304Controls the size of a created 305.Pa /tmp 306memory file system. 307.It Va tmpmfs_flags 308Extra options passed to the 309.Xr mdmfs 8 310utility when the memory file system for 311.Pa /tmp 312is created. 313The default is 314.Dq Li "-S" , 315which inhibits the use of softupdates on 316.Pa /tmp 317so that file system space is freed without delay 318after file truncation or deletion. 319See 320.Xr mdmfs 8 321for other options you can use in 322.Va tmpmfs_flags . 323.It Va varmfs 324Controls the creation of a 325.Pa /var 326memory file system. 327Always happens if set to 328.Dq Li YES 329and never happens if set to 330.Dq Li NO . 331If set to anything else, a memory file system is created if 332.Pa /var 333is not writable. 334.It Va varsize 335Controls the size of a created 336.Pa /var 337memory file system. 338.It Va varmfs_flags 339Extra options passed to the 340.Xr mdmfs 8 341utility when the memory file system for 342.Pa /var 343is created. 344The default is 345.Dq Li "-S" , 346which inhibits the use of softupdates on 347.Pa /var 348so that file system space is freed without delay 349after file truncation or deletion. 350See 351.Xr mdmfs 8 352for other options you can use in 353.Va varmfs_flags . 354.It Va populate_var 355Controls the automatic population of the 356.Pa /var 357file system. 358Always happens if set to 359.Dq Li YES 360and never happens if set to 361.Dq Li NO . 362If set to anything else, a memory file system is created if 363.Pa /var 364is not writable. 365Note that this process requires access to certain commands in 366.Pa /usr 367before 368.Pa /usr 369is mounted on normal systems. 370.It Va cleanvar_enable 371.Pq Vt bool 372Clean the 373.Pa /var 374directory. 375.It Va local_startup 376.Pq Vt str 377List of directories to search for startup script files. 378.It Va script_name_sep 379.Pq Vt str 380The field separator to use for breaking down the list of startup script files 381into individual filenames. 382The default is a space. 383It is not necessary to change this unless there are startup scripts with names 384containing spaces. 385.It Va hostapd_enable 386.Pq Vt bool 387Set to 388.Dq Li YES 389to start 390.Xr hostapd 8 391at system boot time. 392.It Va hostname 393.Pq Vt str 394The fully qualified domain name (FQDN) of this host on the network. 395This should almost certainly be set to something meaningful, even if 396there is no network connection. 397If 398.Xr dhclient 8 399is used to set the hostname via DHCP, 400this variable should be set to an empty string. 401If this value remains unset when the system is done booting 402your console login will display the default hostname of 403.Dq Amnesiac . 404.It Va nisdomainname 405.Pq Vt str 406The NIS domain name of this host, or 407.Dq Li NO 408if NIS is not used. 409.It Va dhclient_program 410.Pq Vt str 411Path to the DHCP client program 412.Pa ( /sbin/dhclient , 413the 414.Ox 415DHCP client, 416is the default). 417.It Va dhclient_flags 418.Pq Vt str 419Additional flags to pass to the DHCP client program. 420For the 421.Ox 422DHCP client, see the 423.Xr dhclient 8 424manpage for a description of the command line options available. 425.It Va dhclient_flags_ Ns Aq Ar iface 426Additional flags to pass to the DHCP client program running on 427.Ar iface 428only. 429When specified, this variable overrides 430.Va dhclient_flags . 431.It Va background_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start the DHCP client in background. 436This can cause trouble with applications depending on 437a working network, but it will provide a faster startup 438in many cases. 439.It Va background_dhclient_ Ns Aq Ar iface 440When specified, this variable overrides the 441.Va background_dhclient 442variable for interface 443.Ar iface 444only. 445.It Va synchronous_dhclient 446.Pq Vt bool 447Set to 448.Dq Li YES 449to start 450.Xr dhclient 8 451synchronously at startup. 452This behavior can be overridden on a per-interface basis by replacing 453the 454.Dq Li DHCP 455keyword in the 456.Va ifconfig_ Ns Aq Ar interface 457variable with 458.Dq Li SYNCDHCP 459or 460.Dq Li NOSYNCDHCP . 461.It Va defaultroute_delay 462.Pq Vt int 463When set to a positive value, wait up to this long after configuring 464DHCP interfaces at startup to give the interfaces time to receive a lease. 465.It Va firewall_enable 466.Pq Vt bool 467Set to 468.Dq Li YES 469to load firewall rules at startup. 470If the kernel was not built with 471.Cd "options IPFIREWALL" , 472the 473.Pa ipfw.ko 474kernel module will be loaded. 475See also 476.Va ipfilter_enable . 477.It Va firewall_script 478.Pq Vt str 479This variable specifies the full path to the firewall script to run. 480The default is 481.Pa /etc/rc.firewall . 482.It Va firewall_type 483.Pq Vt str 484Names the firewall type from the selection in 485.Pa /etc/rc.firewall , 486or the file which contains the local firewall ruleset. 487Valid selections from 488.Pa /etc/rc.firewall 489are: 490.Pp 491.Bl -tag -width ".Li simple" -compact 492.It Li open 493unrestricted IP access 494.It Li closed 495all IP services disabled, except via 496.Dq Li lo0 497.It Li client 498basic protection for a workstation 499.It Li simple 500basic protection for a LAN. 501.El 502.Pp 503If a filename is specified, the full path 504must be given. 505.It Va firewall_quiet 506.Pq Vt bool 507Set to 508.Dq Li YES 509to disable the display of firewall rules on the console during boot. 510.It Va firewall_logging 511.Pq Vt bool 512Set to 513.Dq Li YES 514to enable firewall event logging. 515This is equivalent to the 516.Dv IPFIREWALL_VERBOSE 517kernel option. 518.It Va firewall_logif 519.Pq Vt bool 520Set to 521.Dq Li YES 522to create pseudo interface 523.Li ipfw0 524for logging. 525For more details, see 526.Xr ipfw 8 527manual page. 528.It Va firewall_flags 529.Pq Vt str 530Flags passed to 531.Xr ipfw 8 532if 533.Va firewall_type 534specifies a filename. 535.It Va firewall_coscripts 536.Pq Vt str 537List of executables and/or rc scripts to run after firewall starts/stops. 538Default is empty. 539.\" ----- firewall_nat_enable setting -------------------------------- 540.It Va firewall_nat_enable 541.Pq Vt bool 542The 543.Xr ipfw 8 544equivalent of 545.Va natd_enable . 546Setting this to 547.Dq Li YES 548enables kernel NAT. 549.Va firewall_enable 550must also be set to 551.Dq Li YES . 552.It Va firewall_nat_interface 553.Pq Vt str 554The 555.Xr ipfw 8 556equivalent of 557.Va natd_interface . 558This is the name of the public interface or IP address on which 559kernel NAT should run. 560.It Va firewall_nat_flags 561.Pq Vt str 562Additional configuration parameters for kernel NAT should be placed here. 563.It Va dummynet_enable 564.Pq Vt bool 565Setting this to 566.Dq Li YES 567will automatically load the 568.Xr dummynet 4 569module if 570.Va firewall_enable 571is also set to 572.Dq Li YES . 573.\" ------------------------------------------------------------------- 574.It Va natd_program 575.Pq Vt str 576Path to 577.Xr natd 8 . 578.It Va natd_enable 579.Pq Vt bool 580Set to 581.Dq Li YES 582to enable 583.Xr natd 8 . 584.Va firewall_enable 585must also be set to 586.Dq Li YES , 587and 588.Xr divert 4 589sockets must be enabled in the kernel. 590If the kernel was not built with 591.Cd "options IPDIVERT" , 592the 593.Pa ipdivert.ko 594kernel module will be loaded. 595.It Va natd_interface 596.Pq Vt str 597This is the name of the public interface on which 598.Xr natd 8 599should run. 600The interface may be given as an interface name or as an IP address. 601.It Va natd_flags 602.Pq Vt str 603Additional 604.Xr natd 8 605flags should be placed here. 606The 607.Fl n 608or 609.Fl a 610flag is automatically added with the above 611.Va natd_interface 612as an argument. 613.\" ----- ipfilter_enable setting -------------------------------- 614.It Va ipfilter_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Setting this to 620.Dq Li YES 621enables 622.Xr ipf 8 623packet filtering. 624.Pp 625Typical usage will require putting 626.Bd -literal 627ipfilter_enable="YES" 628ipnat_enable="YES" 629ipmon_enable="YES" 630ipfs_enable="YES" 631.Ed 632.Pp 633into 634.Pa /etc/rc.conf 635and editing 636.Pa /etc/ipf.rules 637and 638.Pa /etc/ipnat.rules 639appropriately. 640.Pp 641Note that 642.Va ipfilter_enable 643and 644.Va ipnat_enable 645can be enabled independently. 646.Va ipmon_enable 647and 648.Va ipfs_enable 649both require at least one of 650.Va ipfilter_enable 651and 652.Va ipnat_enable 653to be enabled. 654.Pp 655Having 656.Bd -literal 657options IPFILTER 658options IPFILTER_LOG 659options IPFILTER_DEFAULT_BLOCK 660.Ed 661.Pp 662in the kernel configuration file is a good idea, too. 663.\" ----- ipfilter_program setting ------------------------------ 664.It Va ipfilter_program 665.Pq Vt str 666Path to 667.Xr ipf 8 668(default 669.Pa /sbin/ipf ) . 670.\" ----- ipfilter_rules setting -------------------------------- 671.It Va ipfilter_rules 672.Pq Vt str 673Set to 674.Pa /etc/ipf.rules 675by default. 676This variable contains the name of the filter rule definition file. 677The file is expected to be readable for the 678.Xr ipf 8 679command to execute. 680.\" ----- ipv6_ipfilter_rules setting --------------------------- 681.It Va ipv6_ipfilter_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipf6.rules 685by default. 686This variable contains the IPv6 filter rule definition file. 687The file is expected to be readable for the 688.Xr ipf 8 689command to execute. 690.\" ----- ipfilter_flags setting -------------------------------- 691.It Va ipfilter_flags 692.Pq Vt str 693Empty by default. 694This variable contains flags passed to the 695.Xr ipf 8 696program. 697.\" ----- ipnat_enable setting ---------------------------------- 698.It Va ipnat_enable 699.Pq Vt bool 700Set to 701.Dq Li NO 702by default. 703Set it to 704.Dq Li YES 705to enable 706.Xr ipnat 8 707network address translation. 708See 709.Va ipfilter_enable 710for a detailed discussion. 711.\" ----- ipnat_program setting --------------------------------- 712.It Va ipnat_program 713.Pq Vt str 714Path to 715.Xr ipnat 8 716(default 717.Pa /sbin/ipnat ) . 718.\" ----- ipnat_rules setting ----------------------------------- 719.It Va ipnat_rules 720.Pq Vt str 721Set to 722.Pa /etc/ipnat.rules 723by default. 724This variable contains the name of the file 725holding the network address translation definition. 726This file is expected to be readable for the 727.Xr ipnat 8 728command to execute. 729.\" ----- ipnat_flags setting ----------------------------------- 730.It Va ipnat_flags 731.Pq Vt str 732Empty by default. 733This variable contains flags passed to the 734.Xr ipnat 8 735program. 736.\" ----- ipmon_enable setting ---------------------------------- 737.It Va ipmon_enable 738.Pq Vt bool 739Set to 740.Dq Li NO 741by default. 742Set it to 743.Dq Li YES 744to enable 745.Xr ipmon 8 746monitoring (logging 747.Xr ipf 8 748and 749.Xr ipnat 8 750events). 751Setting this variable needs setting 752.Va ipfilter_enable 753or 754.Va ipnat_enable 755too. 756See 757.Va ipfilter_enable 758for a detailed discussion. 759.\" ----- ipmon_program setting --------------------------------- 760.It Va ipmon_program 761.Pq Vt str 762Path to 763.Xr ipmon 8 764(default 765.Pa /sbin/ipmon ) . 766.\" ----- ipmon_flags setting ----------------------------------- 767.It Va ipmon_flags 768.Pq Vt str 769Set to 770.Dq Li -Ds 771by default. 772This variable contains flags passed to the 773.Xr ipmon 8 774program. 775Another typical example would be 776.Dq Fl D Pa /var/log/ipflog 777to have 778.Xr ipmon 8 779log directly to a file bypassing 780.Xr syslogd 8 . 781Make sure to adjust 782.Pa /etc/newsyslog.conf 783in such case like this: 784.Bd -literal 785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 786.Ed 787.\" ----- ipfs_enable setting ----------------------------------- 788.It Va ipfs_enable 789.Pq Vt bool 790Set to 791.Dq Li NO 792by default. 793Set it to 794.Dq Li YES 795to enable 796.Xr ipfs 8 797saving the filter and NAT state tables during shutdown 798and reloading them during startup again. 799Setting this variable needs setting 800.Va ipfilter_enable 801or 802.Va ipnat_enable 803to 804.Dq Li YES 805too. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809Note that if 810.Va kern_securelevel 811is set to 3, 812.Va ipfs_enable 813cannot be used 814because the raised securelevel will prevent 815.Xr ipfs 8 816from saving the state tables at shutdown time. 817.\" ----- ipfs_program setting ---------------------------------- 818.It Va ipfs_program 819.Pq Vt str 820Path to 821.Xr ipfs 8 822(default 823.Pa /sbin/ipfs ) . 824.\" ----- ipfs_flags setting ------------------------------------ 825.It Va ipfs_flags 826.Pq Vt str 827Empty by default. 828This variable contains flags passed to the 829.Xr ipfs 8 830program. 831.\" ----- end of added ipf hook --------------------------------- 832.It Va pf_enable 833.Pq Vt bool 834Set to 835.Dq Li NO 836by default. 837Setting this to 838.Dq Li YES 839enables 840.Xr pf 4 841packet filtering. 842.Pp 843Typical usage will require putting 844.Pp 845.Dl pf_enable="YES" 846.Pp 847into 848.Pa /etc/rc.conf 849and editing 850.Pa /etc/pf.conf 851appropriately. 852Adding 853.Pp 854.Dl "device pf" 855.Pp 856builds support for 857.Xr pf 4 858into the kernel, otherwise the 859kernel module will be loaded. 860.It Va pf_rules 861.Pq Vt str 862Path to 863.Xr pf 4 864ruleset configuration file 865(default 866.Pa /etc/pf.conf ) . 867.It Va pf_program 868.Pq Vt str 869Path to 870.Xr pfctl 8 871(default 872.Pa /sbin/pfctl ) . 873.It Va pf_flags 874.Pq Vt str 875If 876.Va pf_enable 877is set to 878.Dq Li YES , 879these flags are passed to the 880.Xr pfctl 8 881program when loading the ruleset. 882.It Va pflog_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr pflogd 8 891which logs packets from the 892.Xr pf 4 893packet filter. 894.It Va pflog_logfile 895.Pq Vt str 896If 897.Va pflog_enable 898is set to 899.Dq Li YES 900this controls where 901.Xr pflogd 8 902stores the logfile 903(default 904.Pa /var/log/pflog ) . 905Check 906.Pa /etc/newsyslog.conf 907to adjust logfile rotation for this. 908.It Va pflog_program 909.Pq Vt str 910Path to 911.Xr pflogd 8 912(default 913.Pa /sbin/pflogd ) . 914.It Va pflog_flags 915.Pq Vt str 916Empty by default. 917This variable contains additional flags passed to the 918.Xr pflogd 8 919program. 920.It Va pflog_instances 921.Pq Vt str 922If logging to more than one 923.Xr pflog 4 924interface is desired, 925.Va pflog_instances 926is set to the list of 927.Xr pflogd 8 928instances that should be started at system boot time. If 929.Va pflog_instances 930is set, for each whitespace-seperated 931.Ar element 932in the list, 933.Ao Ar element Ac Ns Va _dev 934and 935.Ao Ar element Ac Ns Va _logfile 936elements are assumed to exist. 937.Ao Ar element Ac Ns Va _dev 938must contain the 939.Xr pflog 4 940interface to be watched by the named 941.Xr pflogd 8 942instance. 943.Ao Ar element Ac Ns Va _logfile 944must contain the name of the logfile that will be used by the 945.Xr pflogd 8 946instance. 947.It Va ftpproxy_enable 948.Pq Vt bool 949Set to 950.Dq Li NO 951by default. 952Setting this to 953.Dq Li YES 954enables 955.Xr ftp-proxy 8 956which supports the 957.Xr pf 4 958packet filter in translating ftp connections. 959.It Va ftpproxy_flags 960.Pq Vt str 961Empty by default. 962This variable contains additional flags passed to the 963.Xr ftp-proxy 8 964program. 965.It Va ftpproxy_instances 966.Pq Vt str 967Empty by default. If multiple instances of 968.Xr ftp-proxy 8 969are desired at boot time, 970.Va ftpproxy_instances 971should contain a whitespace-seperated list of instance names. For each 972.Ar element 973in the list, a variable named 974.Ao Ar element Ac Ns Va _flags 975should be defined, containing the command-line flags to be passed to the 976.Xr ftp-proxy 8 977instance. 978.It Va pfsync_enable 979.Pq Vt bool 980Set to 981.Dq Li NO 982by default. 983Setting this to 984.Dq Li YES 985enables exposing 986.Xr pf 4 987state changes to other hosts over the network by means of 988.Xr pfsync 4 . 989The 990.Va pfsync_syncdev 991variable 992must also be set then. 993.It Va pfsync_syncdev 994.Pq Vt str 995Empty by default. 996This variable specifies the name of the network interface 997.Xr pfsync 4 998should operate through. 999It must be set accordingly if 1000.Va pfsync_enable 1001is set to 1002.Dq Li YES . 1003.It Va pfsync_syncpeer 1004.Pq Vt str 1005Empty by default. 1006This variable is optional. 1007By default, state change messages are sent out on the synchronisation 1008interface using IP multicast packets. 1009The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1010224.0.0.240. 1011When a peer address is specified using the 1012.Va pfsync_syncpeer 1013option, the peer address is used as a destination for the pfsync 1014traffic, and the traffic can then be protected using 1015.Xr ipsec 4 . 1016See the 1017.Xr pfsync 4 1018manpage for more details about using 1019.Xr ipsec 4 1020with 1021.Xr pfsync 4 1022interfaces. 1023.It Va pfsync_ifconfig 1024.Pq Vt str 1025Empty by default. 1026This variable can contain additional options to be passed to the 1027.Xr ifconfig 8 1028command used to set up 1029.Xr pfsync 4 . 1030.It Va tcp_extensions 1031.Pq Vt bool 1032Set to 1033.Dq Li YES 1034by default. 1035Setting this to 1036.Dq Li NO 1037disables certain TCP options as described by 1038.Rs 1039.%T "RFC 1323" 1040.Re 1041Setting this to 1042.Dq Li NO 1043might help remedy such problems with connections as randomly hanging 1044or other weird behavior. 1045Some network devices are known 1046to be broken with respect to these options. 1047.It Va log_in_vain 1048.Pq Vt int 1049Set to 0 by default. 1050The 1051.Xr sysctl 8 1052variables, 1053.Va net.inet.tcp.log_in_vain 1054and 1055.Va net.inet.udp.log_in_vain , 1056as described in 1057.Xr tcp 4 1058and 1059.Xr udp 4 , 1060are set to the given value. 1061.It Va tcp_keepalive 1062.Pq Vt bool 1063Set to 1064.Dq Li YES 1065by default. 1066Setting to 1067.Dq Li NO 1068will disable probing idle TCP connections to verify that the 1069peer is still up and reachable. 1070.It Va tcp_drop_synfin 1071.Pq Vt bool 1072Set to 1073.Dq Li NO 1074by default. 1075Setting to 1076.Dq Li YES 1077will cause the kernel to ignore TCP frames that have both 1078the SYN and FIN flags set. 1079This prevents OS fingerprinting, but may 1080break some legitimate applications. 1081.It Va icmp_drop_redirect 1082.Pq Vt bool 1083Set to 1084.Dq Li NO 1085by default. 1086Setting to 1087.Dq Li YES 1088will cause the kernel to ignore ICMP REDIRECT packets. 1089Refer to 1090.Xr icmp 4 1091for more information. 1092.It Va icmp_log_redirect 1093.Pq Vt bool 1094Set to 1095.Dq Li NO 1096by default. 1097Setting to 1098.Dq Li YES 1099will cause the kernel to log ICMP REDIRECT packets. 1100Note that 1101the log messages are not rate-limited, so this option should only be used 1102for troubleshooting networks. 1103Refer to 1104.Xr icmp 4 1105for more information. 1106.It Va icmp_bmcastecho 1107.Pq Vt bool 1108Set to 1109.Dq Li YES 1110to respond to broadcast or multicast ICMP ping packets. 1111Refer to 1112.Xr icmp 4 1113for more information. 1114.It Va ip_portrange_first 1115.Pq Vt int 1116If not set to 1117.Dq Li NO , 1118this is the first port in the default portrange. 1119Refer to 1120.Xr ip 4 1121for more information. 1122.It Va ip_portrange_last 1123.Pq Vt int 1124If not set to 1125.Dq Li NO , 1126this is the last port in the default portrange. 1127Refer to 1128.Xr ip 4 1129for more information. 1130.It Va network_interfaces 1131.Pq Vt str 1132Set to the list of network interfaces to configure on this host or 1133.Dq Li AUTO 1134(the default) for all current interfaces. 1135Setting the 1136.Va network_interfaces 1137variable to anything other than the default is deprecated. 1138Interfaces that the administrator wishes to store configuration for, 1139but not start at boot should be configured with the 1140.Dq Li NOAUTO 1141keyword in their 1142.Va ifconfig_ Ns Aq Ar interface 1143variables as described below. 1144.Pp 1145An 1146.Va ifconfig_ Ns Aq Ar interface 1147variable is also assumed to exist for each value of 1148.Ar interface . 1149When an interface name contains any of the characters 1150.Dq Li .-/+ 1151they are translated to 1152.Dq Li _ 1153before lookup. 1154The variable can contain arguments to 1155.Xr ifconfig 8 , 1156as well as special case-insensitive keywords described below. 1157Such keywords are removed before passing the value to 1158.Xr ifconfig 8 1159while the order of the other arguments is preserved. 1160.Pp 1161It is possible to add IP alias entries using 1162.Xr ifconfig 8 1163syntax with the address family keyword such as 1164.Li inet . 1165Assuming that the interface in question was 1166.Li ed0 , 1167it might look something like this: 1168.Bd -literal 1169ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1170ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1171.Ed 1172.Pp 1173It also possible to configure multiple IP addresses in Classless 1174Inter-Domain Routing 1175.Pq CIDR 1176address notation, 1177whose each address component can be a range like 1178.Li inet 192.0.2.5-23/24 1179or 1180.Li inet6 2001:db8:1-f::1/64 . 1181This notation allows address and prefix length part only, 1182not the other address modifiers. 1183.Pp 1184In the case of 1185.Li 192.0.2.5-23/24 , 1186the address 192.0.2.5 will be configured with the 1187netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1188the non-conflicting netmask /32 as explained in the 1189.Xr ifconfig 8 1190alias section. 1191Note that this special netmask handling is only for 1192.Li inet , 1193not for the other address families such as 1194.Li inet6 . 1195.Pp 1196With the interface in question being 1197.Li ed0 , 1198an example could look like: 1199.Bd -literal 1200ifconfig_ed0_alias2="inet 192.0.2.129/27" 1201ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1202.Ed 1203.Pp 1204and so on. 1205.Pp 1206Note that 1207.Va ipv4_addrs_ Ns Aq Ar interface 1208variable was supported for IPv4 CIDR address notation. 1209It is now deprecated because the functionality was integrated into 1210.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1211though 1212.Va ipv4_addrs_ Ns Aq Ar interface 1213is still supported for backward compatibility. 1214.Pp 1215For each 1216.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1217entry with an address family keyword, 1218its contents are passed to 1219.Xr ifconfig 8 . 1220Execution stops at the first unsuccessful access, so if 1221something like this is present: 1222.Bd -literal 1223ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1224ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1225ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1226ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1227.Ed 1228.Pp 1229Then note that alias4 would 1230.Em not 1231be added since the search would 1232stop with the missing 1233.Dq Li alias3 1234entry. 1235Because of this difficult to manage behavior, 1236there is 1237.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1238variable, which has the same functionality as 1239.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1240and can have all of entries in a variable like the following: 1241.Bd -literal 1242ifconfig_ed0_aliases="\\ 1243 inet 127.0.0.251 netmask 0xffffffff \\ 1244 inet 127.0.0.252 netmask 0xffffffff \\ 1245 inet 127.0.0.253 netmask 0xffffffff \\ 1246 inet 127.0.0.254 netmask 0xffffffff" 1247.Ed 1248.Pp 1249It also supports CIDR notation. 1250.Pp 1251If the 1252.Pa /etc/start_if. Ns Aq Ar interface 1253file is present, it is read and executed by the 1254.Xr sh 1 1255interpreter 1256before configuring the interface as specified in the 1257.Va ifconfig_ Ns Aq Ar interface 1258and 1259.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1260variables. 1261.Pp 1262If a 1263.Va vlans_ Ns Aq Ar interface 1264variable is set, 1265a 1266.Xr vlan 4 1267interface will be created for each item in the list with the 1268.Ar vlandev 1269argument set to 1270.Ar interface . 1271If a vlan interface's name is a number, 1272then that number is used as the vlan tag and the new vlan interface is 1273named 1274.Ar interface . Ns Ar tag . 1275Otherwise, 1276the vlan tag must be specified via a 1277.Va vlan 1278parameter in the 1279.Va create_args_ Ns Aq Ar interface 1280variable. 1281.Pp 1282To create a vlan device named 1283.Li em0.101 1284on 1285.Li em0 1286with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1287.Bd -literal 1288vlans_em0="101" 1289ifconfig_em0_101="inet 192.0.2.1/24" 1290.Ed 1291.Pp 1292To create a vlan device named 1293.Li myvlan 1294on 1295.Li em0 1296with the vlan tag 102: 1297.Bd -literal 1298vlans_em0="myvlan" 1299create_args_myvlan="vlan 102" 1300.Ed 1301.Pp 1302If a 1303.Va wlans_ Ns Aq Ar interface 1304variable is set, 1305an 1306.Xr wlan 4 1307interface will be created for each item in the list with the 1308.Ar wlandev 1309argument set to 1310.Ar interface . 1311Further wlan cloning arguments may be passed to the 1312.Xr ifconfig 8 1313.Cm create 1314command by setting the 1315.Va create_args_ Ns Aq Ar interface 1316variable. 1317One or more 1318.Xr wlan 4 1319devices must be created for each wireless devices as of 1320.Fx 8.0 . 1321Debugging flags for 1322.Xr wlan 4 1323devices as set by 1324.Xr wlandebug 8 1325may be specified with an 1326.Va wlandebug_ Ns Aq Ar interface 1327variable. 1328The contents of this variable will be passed directly to 1329.Xr wlandebug 8 . 1330.Pp 1331If the 1332.Va ifconfig_ Ns Aq Ar interface 1333contains the keyword 1334.Dq Li NOAUTO 1335then the interface will not be configured 1336at boot or by 1337.Pa /etc/pccard_ether 1338when 1339.Va network_interfaces 1340is set to 1341.Dq Li AUTO . 1342.Pp 1343It is possible to bring up an interface with DHCP by adding 1344.Dq Li DHCP 1345to the 1346.Va ifconfig_ Ns Aq Ar interface 1347variable. 1348For instance, to initialize the 1349.Li ed0 1350device via DHCP, 1351it is possible to use something like: 1352.Bd -literal 1353ifconfig_ed0="DHCP" 1354.Ed 1355.Pp 1356If you want to configure your wireless interface with 1357.Xr wpa_supplicant 8 1358for use with WPA, EAP/LEAP or WEP, you need to add 1359.Dq Li WPA 1360to the 1361.Va ifconfig_ Ns Aq Ar interface 1362variable. 1363.Pp 1364On the other hand, if you want to configure your wireless interface with 1365.Xr hostapd 8 , 1366you need to add 1367.Dq Li HOSTAP 1368to the 1369.Va ifconfig_ Ns Aq Ar interface 1370variable. 1371.Xr hostapd 8 1372will use the settings from 1373.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1374.Pp 1375Finally, you can add 1376.Xr ifconfig 8 1377options in this variable, in addition to the 1378.Pa /etc/start_if. Ns Aq Ar interface 1379file. 1380For instance, to configure an 1381.Xr ath 4 1382wireless device in station mode with an address obtained 1383via DHCP, using WPA authentication and 802.11b mode, it is 1384possible to use something like: 1385.Bd -literal 1386wlans_ath0="wlan0" 1387ifconfig_wlan0="DHCP WPA mode 11b" 1388.Ed 1389.Pp 1390In addition to the 1391.Va ifconfig_ Ns Aq Ar interface 1392form, a fallback variable 1393.Va ifconfig_DEFAULT 1394may be configured. 1395It will be used for all interfaces with no 1396.Va ifconfig_ Ns Aq Ar interface 1397variable. 1398This is intended to replace the no longer supported 1399.Va pccard_ifconfig 1400variable. 1401.Pp 1402It is also possible to rename an interface by doing: 1403.Bd -literal 1404ifconfig_ed0_name="net0" 1405ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1406.Ed 1407.It Va ipv6_enable 1408.Pq Vt bool 1409This variable is deprecated. 1410Use 1411.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1412and 1413.Va ipv6_activate_all_interfaces 1414if necessary. 1415.Pp 1416If the variable is 1417.Dq Li YES , 1418.Dq Li inet6 accept_rtadv 1419is added to all of 1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1421and the 1422.Va ipv6_activate_all_interfaces 1423is defined as 1424.Dq Li YES . 1425.It Va ipv6_prefer 1426.Pq Vt bool 1427This variable is deprecated. 1428Use 1429.Va ip6addrctl_policy 1430instead. 1431.Pp 1432If the variable is 1433.Dq Li YES , 1434the default address selection policy table set by 1435.Xr ip6addrctl 8 1436will be IPv6-preferred. 1437.Pp 1438If the variable is 1439.Dq Li NO , 1440the default address selection policy table set by 1441.Xr ip6addrctl 8 1442will be IPv4-preferred. 1443.It Va ipv6_activate_all_interfaces 1444.Pq Vt bool 1445This controls initial configuration on IPv6-capable 1446interfaces with no corresponding 1447.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1448variable. 1449Note that it is not always necessary to set this variable to 1450.Dq YES 1451to use IPv6 functionality on 1452.Fx . 1453In most cases, just configuring 1454.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1455variables works. 1456.Pp 1457If the variable is 1458.Dq Li NO , 1459all interfaces which do not have a corresponding 1460.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1461variable will be marked as 1462.Dq Li IFDISABLED 1463at creation. 1464This means that all of IPv6 functionality on that interface 1465is completely disabled to enforce a security policy. 1466If the variable is set to 1467.Dq YES , 1468the flag will be cleared on all of the interfaces. 1469.Pp 1470In most cases, just defining an 1471.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1472for an IPv6-capable interface should be sufficient. 1473However, if an interface is added dynamically 1474.Pq by some tunneling protocols such as PPP, for example , 1475it is often difficult to define the variable in advance. 1476In such a case, configuring the 1477.Dq Li IFDISABLED 1478flag can be disabled by setting this variable to 1479.Dq YES . 1480.Pp 1481For more details of the 1482.Dq Li IFDISABLED 1483flag and keywords 1484.Dq Li inet6 ifdisabled , 1485see 1486.Xr ifconfig 8 . 1487.Pp 1488Default is 1489.Dq Li NO . 1490.It Va ipv6_privacy 1491.Pq Vt bool 1492If the variable is 1493.Dq Li YES 1494privacy addresses will be generated for each IPv6 1495interface as described in RFC 4941. 1496.It Va ipv6_network_interfaces 1497.Pq Vt str 1498This is the IPv6 equivalent of 1499.Va network_interfaces . 1500Normally manual configuration of this variable is not needed. 1501.Pp 1502.It Va ipv6_cpe_wanif 1503.Pq Vt str 1504If the variable is set to an interface name, 1505the 1506.Xr ifconfig 8 1507options 1508.Dq inet6 -no_radr accept_rtadv 1509will be added to the specified interface automatically before evaluating 1510.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1511and two 1512.Xr sysctl 8 1513variables 1514.Va net.inet6.ip6.rfc6204w3 1515and 1516.Va net.inet6.ip6.no_radr 1517will be set to 1. 1518.Pp 1519This means the specified interface will accept ICMPv6 Router 1520Advertisement messages on that link and add the discovered 1521routers into the Default Router List. 1522While the other interfaces can still accept RA messages if the 1523.Dq inet6 accept_rtadv 1524option is specified, adding 1525routes into the Default Router List will be disabled by 1526.Dq inet6 no_radr 1527option by default. 1528See 1529.Xr ifconfig 8 1530for more details. 1531.Pp 1532Note that ICMPv6 Router Advertisement messages will be 1533accepted even when 1534.Va net.inet6.ip6.forwarding 1535is 1 1536.Pq packet forwarding is enabled 1537when 1538.Va net.inet6.ip6.rfc6204w3 1539is set to 1. 1540.Pp 1541Default is 1542.Dq Li NO . 1543.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1544.Pq Vt str 1545IPv6 functionality on an interface should be configured by 1546.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1547instead of setting ifconfig parameters in 1548.Va ifconfig_ Ns Aq Ar interface . 1549If this variable is empty, all of IPv6 configurations on the 1550specified interface by other variables such as 1551.Va ipv6_prefix_ Ns Ao Ar interface Ac 1552will be ignored. 1553.Pp 1554Aliases should be set by 1555.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1556with 1557.Dq Li inet6 1558keyword. 1559For example: 1560.Bd -literal 1561ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1562ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1563.Ed 1564.Pp 1565Interfaces that have an 1566.Dq Li inet6 accept_rtadv 1567keyword in 1568.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1569setting will be automatically configured by SLAAC 1570.Pq StateLess Address AutoConfiguration 1571described in 1572.Rs 1573.%T "RFC 4862" 1574.Re 1575.Pp 1576Note that a link-local address will be automatically configured in 1577addition to the configured global-scope addresses because the IPv6 1578specifications require it on each link. 1579The address is calculated from the MAC address by using an algorithm 1580defined in 1581.Rs 1582.%T "RFC 4862" 1583.%O "Section 5.3" 1584.Re 1585.Pp 1586If only a link-local address is needed on the interface, 1587the following configuration can be used: 1588.Bd -literal 1589ifconfig_ed0_ipv6="inet6 auto_linklocal" 1590.Ed 1591.Pp 1592A link-local address can also be configured manually. 1593This is useful for the default router address of an IPv6 router 1594so that it does not change when the network interface 1595card is replaced. 1596For example: 1597.Bd -literal 1598ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1599.Ed 1600.It Va ipv6_prefix_ Ns Aq Ar interface 1601.Pq Vt str 1602If one or more prefixes are defined in 1603.Va ipv6_prefix_ Ns Aq Ar interface 1604addresses based on each prefix and the EUI-64 interface index will be 1605configured on that interface. 1606Note that this variable will be ignored when 1607.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1608is empty. 1609.Pp 1610For example, the following configuration 1611.Bd -literal 1612ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1613.Ed 1614.Pp 1615is equivalent to the following: 1616.Bd -literal 1617ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1618ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1619ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1620ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1621.Ed 1622.Pp 1623These Subnet-Router anycast addresses will be added only when 1624.Va ipv6_gateway_enable 1625is YES. 1626.It Va ipv6_default_interface 1627.Pq Vt str 1628If not set to 1629.Dq Li NO , 1630this is the default output interface for scoped addresses. 1631This works only with ipv6_gateway_enable="NO". 1632.It Va ip6addrctl_enable 1633.Pq Vt bool 1634This variable is to enable configuring default address selection policy table 1635.Pq RFC 3484 . 1636The table can be specified in another variable 1637.Va ip6addrctl_policy . 1638For 1639.Va ip6addrctl_policy 1640the following keywords can be specified: 1641.Dq Li ipv4_prefer , 1642.Dq Li ipv6_prefer , 1643or 1644.Dq Li AUTO . 1645.Pp 1646If 1647.Dq Li ipv4_prefer 1648or 1649.Dq Li ipv6_prefer 1650is specified, 1651.Xr ip6addrctl 8 1652installs a pre-defined policy table described in Section 2.1 1653.Pq IPv6-preferred 1654or 10.3 1655.Pq IPv4-preferred 1656of RFC 3484. 1657.Pp 1658If 1659.Dq Li AUTO 1660is specified, it attempts to read a file 1661.Pa /etc/ip6addrctl.conf 1662first. 1663If this file is found, 1664.Xr ip6addrctl 8 1665reads and installs it. 1666If not found, a policy is automatically set 1667according to 1668.Va ipv6_activate_all_interfaces 1669variable; if the variable is set to 1670.Dq Li YES 1671the IPv6-preferred one is used. 1672Otherwise IPv4-preferred. 1673.Pp 1674The default value of 1675.Va ip6addrctl_enable 1676and 1677.Va ip6addrctl_policy 1678are 1679.Dq Li YES 1680and 1681.Dq Li AUTO , 1682respectively. 1683.It Va cloned_interfaces 1684.Pq Vt str 1685Set to the list of clonable network interfaces to create on this host. 1686Further cloning arguments may be passed to the 1687.Xr ifconfig 8 1688.Cm create 1689command for each interface by setting the 1690.Va create_args_ Ns Aq Ar interface 1691variable. 1692If an interface name is specified with 1693.Dq :sticky 1694keyword, 1695the interface will not be destroyed even when 1696.Pa rc.d/netif 1697script is invoked with 1698.Dq stop 1699argument. 1700This is useful when reconfiguring the interface without destroying it. 1701Entries in 1702.Va cloned_interfaces 1703are automatically appended to 1704.Va network_interfaces 1705for configuration. 1706.It Va cloned_interfaces_sticky 1707.Pq Vt bool 1708This variable is to globally enable functionality of 1709.Dq :sticky 1710keyword in 1711.Va cloned_interfaces 1712for all interfaces. 1713The default value is 1714.Dq NO . 1715Even if this variable is specified to 1716.Dq YES , 1717.Dq :nosticky 1718keyword can be used to override it on per interface basis. 1719.It Va gif_interfaces 1720.Pq Vt str 1721This variable is deprecated in favor of 1722.Va cloned_interfaces . 1723Set to the list of 1724.Xr gif 4 1725tunnel interfaces to configure on this host. 1726A 1727.Va gifconfig_ Ns Aq Ar interface 1728variable is assumed to exist for each value of 1729.Ar interface . 1730The value of this variable is used to configure the link layer of the 1731tunnel according to the syntax of the 1732.Cm tunnel 1733option to 1734.Xr ifconfig 8 . 1735Additionally, this option ensures that each listed interface is created 1736via the 1737.Cm create 1738option to 1739.Xr ifconfig 8 1740before attempting to configure it. 1741.It Va sppp_interfaces 1742.Pq Vt str 1743Set to the list of 1744.Xr sppp 4 1745interfaces to configure on this host. 1746A 1747.Va spppconfig_ Ns Aq Ar interface 1748variable is assumed to exist for each value of 1749.Ar interface . 1750Each interface should also be configured by a general 1751.Va ifconfig_ Ns Aq Ar interface 1752setting. 1753Refer to 1754.Xr spppcontrol 8 1755for more information about available options. 1756.It Va ppp_enable 1757.Pq Vt bool 1758If set to 1759.Dq Li YES , 1760run the 1761.Xr ppp 8 1762daemon. 1763.It Va ppp_profile 1764.Pq Vt str 1765The name of the profile to use from 1766.Pa /etc/ppp/ppp.conf . 1767Also used for per-profile overrides of 1768.Va ppp_mode 1769and 1770.Va ppp_nat , 1771and 1772.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1773When the profile name contains any of the characters 1774.Dq Li .-/+ 1775they are translated to 1776.Dq Li _ 1777for the proposes of the override variable names. 1778.It Va ppp_mode 1779.Pq Vt str 1780Mode in which to run the 1781.Xr ppp 8 1782daemon. 1783.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1784.Pq Vt str 1785Overrides the global 1786.Va ppp_mode 1787for 1788.Ar profile . 1789Accepted modes are 1790.Dq Li auto , 1791.Dq Li ddial , 1792.Dq Li direct 1793and 1794.Dq Li dedicated . 1795See the manual for a full description. 1796.It Va ppp_nat 1797.Pq Vt bool 1798If set to 1799.Dq Li YES , 1800enables network address translation. 1801Used in conjunction with 1802.Va gateway_enable 1803allows hosts on private network addresses access to the Internet using 1804this host as a network address translating router. 1805.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1806.Pq Vt str 1807Overrides the global 1808.Va ppp_nat 1809for 1810.Ar profile . 1811.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1812.Pq Vt int 1813Set the unit number to be used for this profile. 1814See the manual description of 1815.Fl unit Ns Ar N 1816for details. 1817.It Va ppp_user 1818.Pq Vt str 1819The name of the user under which 1820.Xr ppp 8 1821should be started. 1822By 1823default, 1824.Xr ppp 8 1825is started as 1826.Dq Li root . 1827.It Va rc_conf_files 1828.Pq Vt str 1829This option is used to specify a list of files that will override 1830the settings in 1831.Pa /etc/defaults/rc.conf . 1832The files will be read in the order in which they are specified and should 1833include the full path to the file. 1834By default, the files specified are 1835.Pa /etc/rc.conf 1836and 1837.Pa /etc/rc.conf.local 1838.It Va zfs_enable 1839.Pq Vt bool 1840If set to 1841.Dq Li YES , 1842.Pa /etc/rc.d/zfs 1843will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1844(ZVOLs). 1845.It Va gptboot_enable 1846.Pq Vt bool 1847If set to 1848.Dq Li YES , 1849.Pa /etc/rc.d/gptboot 1850will log if the system successfully (or not) booted from a GPT partition, 1851which had the 1852.Ar bootonce 1853attribute set using 1854.Xr gpart 8 1855utility. 1856.It Va gbde_autoattach_all 1857.Pq Vt bool 1858If set to 1859.Dq Li YES , 1860.Pa /etc/rc.d/gbde 1861will attempt to automatically initialize your .bde devices in 1862.Pa /etc/fstab . 1863.It Va gbde_devices 1864.Pq Vt str 1865List the devices that the script should try to attach, 1866or 1867.Dq Li AUTO . 1868.It Va gbde_lockdir 1869.Pq Vt str 1870The directory where the 1871.Xr gbde 4 1872lockfiles are located. 1873The default lockfile directory is 1874.Pa /etc . 1875.Pp 1876The lockfile for each individual 1877.Xr gbde 4 1878device can be overridden by setting the variable 1879.Va gbde_lock_ Ns Aq Ar device , 1880where 1881.Ar device 1882is the encrypted device without the 1883.Dq Pa /dev/ 1884and 1885.Dq Pa .bde 1886parts. 1887.It Va gbde_attach_attempts 1888.Pq Vt int 1889Number of times to attempt attaching to a 1890.Xr gbde 4 1891device, i.e., how many times the user is asked for the pass-phrase. 1892Default is 3. 1893.It Va geli_devices 1894.Pq Vt str 1895List of devices to automatically attach on boot. 1896Note that .eli devices from 1897.Pa /etc/fstab 1898are automatically appended to this list. 1899.It Va geli_tries 1900.Pq Vt int 1901Number of times user is asked for the pass-phrase. 1902If empty, it will be taken from 1903.Va kern.geom.eli.tries 1904sysctl variable. 1905.It Va geli_default_flags 1906.Pq Vt str 1907Default flags to use by 1908.Xr geli 8 1909when configuring disk encryption. 1910Flags can be configured for every device separately by defining 1911.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1912variable. 1913.It Va geli_autodetach 1914.Pq Vt str 1915Specifies if GELI devices should be marked for detach on last close after 1916file systems are mounted. 1917Default is 1918.Dq Li YES . 1919This can be changed for every device separately by defining 1920.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1921variable. 1922.It Va root_rw_mount 1923.Pq Vt bool 1924Set to 1925.Dq Li YES 1926by default. 1927After the file systems are checked at boot time, the root file system 1928is remounted as read-write if this is set to 1929.Dq Li YES . 1930Diskless systems that mount their root file system from a read-only remote 1931NFS share should set this to 1932.Dq Li NO 1933in their 1934.Pa rc.conf . 1935.It Va fsck_y_enable 1936.Pq Vt bool 1937If set to 1938.Dq Li YES , 1939.Xr fsck 8 1940will be run with the 1941.Fl y 1942flag if the initial preen 1943of the file systems fails. 1944.It Va background_fsck 1945.Pq Vt bool 1946If set to 1947.Dq Li YES , 1948the system will attempt to run 1949.Xr fsck 8 1950in the background where possible. 1951.It Va background_fsck_delay 1952.Pq Vt int 1953The amount of time in seconds to sleep before starting a background 1954.Xr fsck 8 . 1955It defaults to sixty seconds to allow large applications such as 1956the X server to start before disk I/O bandwidth is monopolized by 1957.Xr fsck 8 . 1958If set to a negative number, the background file system check will be 1959delayed indefinitely to allow the administrator to run it at a more 1960convenient time. 1961For example it may be run from 1962.Xr cron 8 1963by adding a line like 1964.Pp 1965.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1966.Pp 1967to 1968.Pa /etc/crontab . 1969.It Va netfs_types 1970.Pq Vt str 1971List of file system types that are network-based. 1972This list should generally not be modified by end users. 1973Use 1974.Va extra_netfs_types 1975instead. 1976.It Va extra_netfs_types 1977.Pq Vt str 1978If set to something other than 1979.Dq Li NO 1980(the default), 1981this variable extends the list of file system types 1982for which automatic mounting at startup by 1983.Xr rc 8 1984should be delayed until the network is initialized. 1985It should contain 1986a whitespace-separated list of network file system descriptor pairs, 1987each consisting of a file system type as passed to 1988.Xr mount 8 1989and a human-readable, one-word description, 1990joined with a colon 1991.Pq Ql \&: . 1992Extending the default list in this way is only necessary 1993when third party file system types are used. 1994.It Va syslogd_enable 1995.Pq Vt bool 1996If set to 1997.Dq Li YES , 1998run the 1999.Xr syslogd 8 2000daemon. 2001.It Va syslogd_program 2002.Pq Vt str 2003Path to 2004.Xr syslogd 8 2005(default 2006.Pa /usr/sbin/syslogd ) . 2007.It Va syslogd_flags 2008.Pq Vt str 2009If 2010.Va syslogd_enable 2011is set to 2012.Dq Li YES , 2013these are the flags to pass to 2014.Xr syslogd 8 . 2015.It Va inetd_enable 2016.Pq Vt bool 2017If set to 2018.Dq Li YES , 2019run the 2020.Xr inetd 8 2021daemon. 2022.It Va inetd_program 2023.Pq Vt str 2024Path to 2025.Xr inetd 8 2026(default 2027.Pa /usr/sbin/inetd ) . 2028.It Va inetd_flags 2029.Pq Vt str 2030If 2031.Va inetd_enable 2032is set to 2033.Dq Li YES , 2034these are the flags to pass to 2035.Xr inetd 8 . 2036.It Va hastd_enable 2037.Pq Vt bool 2038If set to 2039.Dq Li YES , 2040run the 2041.Xr hastd 8 2042daemon. 2043.It Va hastd_program 2044.Pq Vt str 2045Path to 2046.Xr hastd 8 2047(default 2048.Pa /sbin/hastd ) . 2049.It Va hastd_flags 2050.Pq Vt str 2051If 2052.Va hastd_enable 2053is set to 2054.Dq Li YES , 2055these are the flags to pass to 2056.Xr hastd 8 . 2057.It Va local_unbound_enable 2058.Pq Vt bool 2059If set to 2060.Dq Li YES , 2061run the 2062.Xr unbound 8 2063daemon as a local caching resolver. 2064.It Va kerberos5_server_enable 2065.Pq Vt bool 2066Set to 2067.Dq Li YES 2068to start a Kerberos 5 authentication server 2069at boot time. 2070.It Va kerberos5_server 2071.Pq Vt str 2072If 2073.Va kerberos5_server_enable 2074is set to 2075.Dq Li YES 2076this is the path to Kerberos 5 Authentication Server. 2077.It Va kerberos5_server_flags 2078.Pq Vt str 2079Empty by default. 2080This variable contains additional flags to be passed to the Kerberos 5 2081authentication server. 2082.It Va kadmind5_server_enable 2083.Pq Vt bool 2084Set to 2085.Dq Li YES 2086to start 2087.Xr kadmind 8 , 2088the Kerberos 5 Administration Daemon; set to 2089.Dq Li NO 2090on a slave server. 2091.It Va kadmind5_server 2092.Pq Vt str 2093If 2094.Va kadmind5_server_enable 2095is set to 2096.Dq Li YES 2097this is the path to Kerberos 5 Administration Daemon. 2098.It Va kpasswdd_server_enable 2099.Pq Vt bool 2100Set to 2101.Dq Li YES 2102to start 2103.Xr kpasswdd 8 , 2104the Kerberos 5 Password-Changing Daemon; set to 2105.Dq Li NO 2106on a slave server. 2107.It Va kpasswdd_server 2108.Pq Vt str 2109If 2110.Va kpasswdd_server_enable 2111is set to 2112.Dq Li YES 2113this is the path to Kerberos 5 Password-Changing Daemon. 2114.It Va kfd_enable 2115.Pq Vt bool 2116Set to 2117.Dq Li YES 2118to start 2119.Xr kfd 8 , 2120the Kerberos 5 ticket forwarding daemon, at the boot time. 2121.It Va kfd_program 2122.Pq Vt str 2123Path to 2124.Xr kfd 8 2125(default 2126.Pa /usr/libexec/kfd ) . 2127.It Va rwhod_enable 2128.Pq Vt bool 2129If set to 2130.Dq Li YES , 2131run the 2132.Xr rwhod 8 2133daemon at boot time. 2134.It Va rwhod_flags 2135.Pq Vt str 2136If 2137.Va rwhod_enable 2138is set to 2139.Dq Li YES , 2140these are the flags to pass to it. 2141.It Va amd_enable 2142.Pq Vt bool 2143If set to 2144.Dq Li YES , 2145run the 2146.Xr amd 8 2147daemon at boot time. 2148.It Va amd_flags 2149.Pq Vt str 2150If 2151.Va amd_enable 2152is set to 2153.Dq Li YES , 2154these are the flags to pass to it. 2155See the 2156.Xr amd 8 2157manpage for more information. 2158.It Va amd_map_program 2159.Pq Vt str 2160If set, 2161the specified program is run to get the list of 2162.Xr amd 8 2163maps. 2164For example, if the 2165.Xr amd 8 2166maps are stored in NIS, one can set this to 2167run 2168.Xr ypcat 1 2169to get a list of 2170.Xr amd 8 2171maps from the 2172.Pa amd.master 2173NIS map. 2174.It Va update_motd 2175.Pq Vt bool 2176If set to 2177.Dq Li YES , 2178.Pa /etc/motd 2179will be updated at boot time to reflect the kernel release 2180being run. 2181If set to 2182.Dq Li NO , 2183.Pa /etc/motd 2184will not be updated. 2185.It Va nfs_client_enable 2186.Pq Vt bool 2187If set to 2188.Dq Li YES , 2189run the NFS client daemons at boot time. 2190.It Va nfs_access_cache 2191.Pq Vt int 2192If 2193.Va nfs_client_enable 2194is set to 2195.Dq Li YES , 2196this can be set to 2197.Dq Li 0 2198to disable NFS ACCESS RPC caching, or to the number of seconds for which 2199NFS ACCESS 2200results should be cached. 2201A value of 2-10 seconds will substantially reduce network 2202traffic for many NFS operations. 2203.It Va nfs_server_enable 2204.Pq Vt bool 2205If set to 2206.Dq Li YES , 2207run the NFS server daemons at boot time. 2208.It Va nfs_server_flags 2209.Pq Vt str 2210If 2211.Va nfs_server_enable 2212is set to 2213.Dq Li YES , 2214these are the flags to pass to the 2215.Xr nfsd 8 2216daemon. 2217.It Va nfsv4_server_enable 2218.Pq Vt bool 2219If 2220.Va nfs_server_enable 2221is set to 2222.Dq Li YES 2223and 2224.Va nfsv4_server_enable 2225are set to 2226.Dq Li YES , 2227enable the server for NFSv4 as well as NFSv2 and NFSv3. 2228.It Va nfsuserd_enable 2229.Pq Vt bool 2230If 2231.Va nfsuserd_enable 2232is set to 2233.Dq Li YES , 2234run the nfsuserd daemon, which is needed for NFSv4 in order 2235to map between user/group names vs uid/gid numbers. 2236If 2237.Va nfsv4_server_enable 2238is set to 2239.Dq Li YES , 2240this will be forced enabled. 2241.It Va nfsuserd_flags 2242.Pq Vt str 2243If 2244.Va nfsuserd_enable 2245is set to 2246.Dq Li YES , 2247these are the flags to pass to the 2248.Xr nfsuserd 8 2249daemon. 2250.It Va nfscbd_enable 2251.Pq Vt bool 2252If 2253.Va nfscbd_enable 2254is set to 2255.Dq Li YES , 2256run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2257.It Va nfscbd_flags 2258.Pq Vt str 2259If 2260.Va nfscbd_enable 2261is set to 2262.Dq Li YES , 2263these are the flags to pass to the 2264.Xr nfscbd 8 2265daemon. 2266.It Va oldnfs_server_enable 2267.Pq Vt bool 2268If 2269.Va oldnfs_server_enable 2270is set to 2271.Dq Li YES , 2272force the NFS server daemons to run the old NFS server code 2273that does not support NFSv4. 2274.It Va mountd_enable 2275.Pq Vt bool 2276If set to 2277.Dq Li YES , 2278and no 2279.Va nfs_server_enable 2280is set, start 2281.Xr mountd 8 , 2282but not 2283.Xr nfsd 8 2284daemon. 2285It is commonly needed to run CFS without real NFS used. 2286.It Va mountd_flags 2287.Pq Vt str 2288If 2289.Va mountd_enable 2290is set to 2291.Dq Li YES , 2292these are the flags to pass to the 2293.Xr mountd 8 2294daemon. 2295.It Va weak_mountd_authentication 2296.Pq Vt bool 2297If set to 2298.Dq Li YES , 2299allow services like PCNFSD to make non-privileged mount 2300requests. 2301.It Va nfs_reserved_port_only 2302.Pq Vt bool 2303If set to 2304.Dq Li YES , 2305provide NFS services only on a secure port. 2306.It Va nfs_bufpackets 2307.Pq Vt int 2308If set to a number, indicates the number of packets worth of 2309socket buffer space to reserve on an NFS client. 2310The kernel default is typically 4. 2311Using a higher number may be 2312useful on gigabit networks to improve performance. 2313The minimum value is 23142 and the maximum is 64. 2315.It Va rpc_lockd_enable 2316.Pq Vt bool 2317If set to 2318.Dq Li YES 2319and also an NFS server or client, run 2320.Xr rpc.lockd 8 2321at boot time. 2322.It Va rpc_lockd_flags 2323.Pq Vt str 2324If 2325.Va rpc_lockd_enable 2326is set to 2327.Dq Li YES , 2328these are the flags to pass to the 2329.Xr rpc.lockd 8 2330daemon. 2331.It Va rpc_statd_enable 2332.Pq Vt bool 2333If set to 2334.Dq Li YES 2335and also an NFS server or client, run 2336.Xr rpc.statd 8 2337at boot time. 2338.It Va rpc_statd_flags 2339.Pq Vt str 2340If 2341.Va rpc_statd_enable 2342is set to 2343.Dq Li YES , 2344these are the flags to pass to the 2345.Xr rpc.statd 8 2346daemon. 2347.It Va rpcbind_program 2348.Pq Vt str 2349Path to 2350.Xr rpcbind 8 2351(default 2352.Pa /usr/sbin/rpcbind ) . 2353.It Va rpcbind_enable 2354.Pq Vt bool 2355If set to 2356.Dq Li YES , 2357run the 2358.Xr rpcbind 8 2359service at boot time. 2360.It Va rpcbind_flags 2361.Pq Vt str 2362If 2363.Va rpcbind_enable 2364is set to 2365.Dq Li YES , 2366these are the flags to pass to the 2367.Xr rpcbind 8 2368daemon. 2369.It Va keyserv_enable 2370.Pq Vt bool 2371If set to 2372.Dq Li YES , 2373run the 2374.Xr keyserv 8 2375daemon on boot for running Secure RPC. 2376.It Va keyserv_flags 2377.Pq Vt str 2378If 2379.Va keyserv_enable 2380is set to 2381.Dq Li YES , 2382these are the flags to pass to 2383.Xr keyserv 8 2384daemon. 2385.It Va pppoed_enable 2386.Pq Vt bool 2387If set to 2388.Dq Li YES , 2389run the 2390.Xr pppoed 8 2391daemon at boot time to provide PPP over Ethernet services. 2392.It Va pppoed_ Ns Aq Ar provider 2393.Pq Vt str 2394.Xr pppoed 8 2395listens to requests to this 2396.Ar provider 2397and ultimately runs 2398.Xr ppp 8 2399with a 2400.Ar system 2401argument of the same name. 2402.It Va pppoed_flags 2403.Pq Vt str 2404Additional flags to pass to 2405.Xr pppoed 8 . 2406.It Va pppoed_interface 2407.Pq Vt str 2408The network interface to run 2409.Xr pppoed 8 2410on. 2411This is mandatory when 2412.Va pppoed_enable 2413is set to 2414.Dq Li YES . 2415.It Va timed_enable 2416.Pq Vt bool 2417If set to 2418.Dq Li YES , 2419run the 2420.Xr timed 8 2421service at boot time. 2422This command is intended for networks of 2423machines where a consistent 2424.Dq "network time" 2425for all hosts must be established. 2426This is often useful in large NFS 2427environments where time stamps on files are expected to be consistent 2428network-wide. 2429.It Va timed_flags 2430.Pq Vt str 2431If 2432.Va timed_enable 2433is set to 2434.Dq Li YES , 2435these are the flags to pass to the 2436.Xr timed 8 2437service. 2438.It Va ntpdate_enable 2439.Pq Vt bool 2440If set to 2441.Dq Li YES , 2442run 2443.Xr ntpdate 8 2444at system startup. 2445This command is intended to 2446synchronize the system clock only 2447.Em once 2448from some standard reference. 2449.It Va ntpdate_config 2450.Pq Vt str 2451Configuration file for 2452.Xr ntpdate 8 . 2453Default 2454.Pa /etc/ntp.conf . 2455.It Va ntpdate_hosts 2456.Pq Vt str 2457A whitespace-separated list of NTP servers to synchronize with at startup. 2458The default is to use the servers listed in 2459.Va ntpdate_config , 2460if that file exists. 2461.It Va ntpdate_program 2462.Pq Vt str 2463Path to 2464.Xr ntpdate 8 2465(default 2466.Pa /usr/sbin/ntpdate ) . 2467.It Va ntpdate_flags 2468.Pq Vt str 2469If 2470.Va ntpdate_enable 2471is set to 2472.Dq Li YES , 2473these are the flags to pass to the 2474.Xr ntpdate 8 2475command (typically a hostname). 2476.It Va ntpd_enable 2477.Pq Vt bool 2478If set to 2479.Dq Li YES , 2480run the 2481.Xr ntpd 8 2482command at boot time. 2483.It Va ntpd_program 2484.Pq Vt str 2485Path to 2486.Xr ntpd 8 2487(default 2488.Pa /usr/sbin/ntpd ) . 2489.It Va ntpd_config 2490.Pq Vt str 2491Path to 2492.Xr ntpd 8 2493configuration file. 2494Default 2495.Pa /etc/ntp.conf . 2496.It Va ntpd_flags 2497.Pq Vt str 2498If 2499.Va ntpd_enable 2500is set to 2501.Dq Li YES , 2502these are the flags to pass to the 2503.Xr ntpd 8 2504daemon. 2505.It Va ntpd_sync_on_start 2506.Pq Vt bool 2507If set to 2508.Dq Li YES , 2509.Xr ntpd 8 2510is run with the 2511.Fl g 2512flag, which syncs the system's clock on startup. 2513See 2514.Xr ntpd 8 2515for more information regarding the 2516.Fl g 2517option. 2518This is a preferred alternative to using 2519.Xr ntpdate 8 2520or specifying the 2521.Va ntpdate_enable 2522variable. 2523.It Va nis_client_enable 2524.Pq Vt bool 2525If set to 2526.Dq Li YES , 2527run the 2528.Xr ypbind 8 2529service at system boot time. 2530.It Va nis_client_flags 2531.Pq Vt str 2532If 2533.Va nis_client_enable 2534is set to 2535.Dq Li YES , 2536these are the flags to pass to the 2537.Xr ypbind 8 2538service. 2539.It Va nis_ypset_enable 2540.Pq Vt bool 2541If set to 2542.Dq Li YES , 2543run the 2544.Xr ypset 8 2545daemon at system boot time. 2546.It Va nis_ypset_flags 2547.Pq Vt str 2548If 2549.Va nis_ypset_enable 2550is set to 2551.Dq Li YES , 2552these are the flags to pass to the 2553.Xr ypset 8 2554daemon. 2555.It Va nis_server_enable 2556.Pq Vt bool 2557If set to 2558.Dq Li YES , 2559run the 2560.Xr ypserv 8 2561daemon at system boot time. 2562.It Va nis_server_flags 2563.Pq Vt str 2564If 2565.Va nis_server_enable 2566is set to 2567.Dq Li YES , 2568these are the flags to pass to the 2569.Xr ypserv 8 2570daemon. 2571.It Va nis_ypxfrd_enable 2572.Pq Vt bool 2573If set to 2574.Dq Li YES , 2575run the 2576.Xr rpc.ypxfrd 8 2577daemon at system boot time. 2578.It Va nis_ypxfrd_flags 2579.Pq Vt str 2580If 2581.Va nis_ypxfrd_enable 2582is set to 2583.Dq Li YES , 2584these are the flags to pass to the 2585.Xr rpc.ypxfrd 8 2586daemon. 2587.It Va nis_yppasswdd_enable 2588.Pq Vt bool 2589If set to 2590.Dq Li YES , 2591run the 2592.Xr rpc.yppasswdd 8 2593daemon at system boot time. 2594.It Va nis_yppasswdd_flags 2595.Pq Vt str 2596If 2597.Va nis_yppasswdd_enable 2598is set to 2599.Dq Li YES , 2600these are the flags to pass to the 2601.Xr rpc.yppasswdd 8 2602daemon. 2603.It Va rpc_ypupdated_enable 2604.Pq Vt bool 2605If set to 2606.Dq Li YES , 2607run the 2608.Nm rpc.ypupdated 2609daemon at system boot time. 2610.It Va bsnmpd_enable 2611.Pq Vt bool 2612If set to 2613.Dq Li YES , 2614run the 2615.Xr bsnmpd 1 2616daemon at system boot time. 2617Be sure to understand the security implications of running SNMP daemon 2618on your host. 2619.It Va bsnmpd_flags 2620.Pq Vt str 2621If 2622.Va bsnmpd_enable 2623is set to 2624.Dq Li YES , 2625these are the flags to pass to the 2626.Xr bsnmpd 1 2627daemon. 2628.It Va defaultrouter 2629.Pq Vt str 2630If not set to 2631.Dq Li NO , 2632create a default route to this host name or IP address 2633(use an IP address if this router is also required to get to the 2634name server!). 2635.It Va ipv6_defaultrouter 2636.Pq Vt str 2637The IPv6 equivalent of 2638.Va defaultrouter . 2639.It Va static_arp_pairs 2640.Pq Vt str 2641Set to the list of static ARP pairs that are to be added at system 2642boot time. 2643For each whitespace separated 2644.Ar element 2645in the value, a 2646.Va static_arp_ Ns Aq Ar element 2647variable is assumed to exist whose contents will later be passed to a 2648.Dq Nm arp Cm -S 2649operation. 2650For example 2651.Bd -literal 2652static_arp_pairs="gw" 2653static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2654.Ed 2655.It Va static_ndp_pairs 2656.Pq Vt str 2657Set to the list of static NDP pairs that are to be added at system 2658boot time. 2659For each whitespace separated 2660.Ar element 2661in the value, a 2662.Va static_ndp_ Ns Aq Ar element 2663variable is assumed to exist whose contents will later be passed to a 2664.Dq Nm ndp Cm -s 2665operation. 2666For example 2667.Bd -literal 2668static_ndp_pairs="gw" 2669static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2670.Ed 2671.It Va static_routes 2672.Pq Vt str 2673Set to the list of static routes that are to be added at system 2674boot time. 2675If not set to 2676.Dq Li NO 2677then for each whitespace separated 2678.Ar element 2679in the value, a 2680.Va route_ Ns Aq Ar element 2681variable is assumed to exist 2682whose contents will later be passed to a 2683.Dq Nm route Cm add 2684operation. 2685For example: 2686.Bd -literal 2687static_routes="ext mcast:gif0 gif0local:gif0" 2688route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2689route_mcast="-net 224.0.0.0/4 -iface gif0" 2690route_gif0local="-host 169.254.1.1 -iface lo0" 2691.Ed 2692.Pp 2693When an 2694.Ar element 2695is in the form of 2696.Li name:ifname , 2697the route is specific to the interface 2698.Li ifname . 2699.It Va ipv6_static_routes 2700.Pq Vt str 2701The IPv6 equivalent of 2702.Va static_routes . 2703If not set to 2704.Dq Li NO 2705then for each whitespace separated 2706.Ar element 2707in the value, a 2708.Va ipv6_route_ Ns Aq Ar element 2709variable is assumed to exist 2710whose contents will later be passed to a 2711.Dq Nm route Cm add Fl inet6 2712operation. 2713.It Va natm_static_routes 2714.Pq Vt str 2715The 2716.Xr natmip 4 2717equivalent of 2718.Va static_routes . 2719If not empty then for each whitespace separated 2720.Ar element 2721in the value, a 2722.Va route_ Ns Aq Ar element 2723variable is assumed to exist whose contents will later be passed to a 2724.Dq Nm atmconfig Cm natm Cm add 2725operation. 2726.It Va gateway_enable 2727.Pq Vt bool 2728If set to 2729.Dq Li YES , 2730configure host to act as an IP router, e.g.\& to forward packets 2731between interfaces. 2732.It Va ipv6_gateway_enable 2733.Pq Vt bool 2734The IPv6 equivalent of 2735.Va gateway_enable . 2736.It Va routed_enable 2737.Pq Vt bool 2738If set to 2739.Dq Li YES , 2740run a routing daemon of some sort, based on the 2741settings of 2742.Va routed_program 2743and 2744.Va routed_flags . 2745.It Va route6d_enable 2746.Pq Vt bool 2747The IPv6 equivalent of 2748.Va routed_enable . 2749If set to 2750.Dq Li YES , 2751run a routing daemon of some sort, based on the 2752settings of 2753.Va route6d_program 2754and 2755.Va route6d_flags . 2756.It Va routed_program 2757.Pq Vt str 2758If 2759.Va routed_enable 2760is set to 2761.Dq Li YES , 2762this is the name of the routing daemon to use. 2763.It Va route6d_program 2764.Pq Vt str 2765The IPv6 equivalent of 2766.Va routed_program . 2767.It Va routed_flags 2768.Pq Vt str 2769If 2770.Va routed_enable 2771is set to 2772.Dq Li YES , 2773these are the flags to pass to the routing daemon. 2774.It Va route6d_flags 2775.Pq Vt str 2776The IPv6 equivalent of 2777.Va routed_flags . 2778.It Va mrouted_enable 2779.Pq Vt bool 2780If set to 2781.Dq Li YES , 2782run the multicast routing daemon, 2783.Xr mrouted 8 . 2784.It Va mroute6d_enable 2785.Pq Vt bool 2786The IPv6 equivalent of 2787.Va mrouted_enable . 2788If set to 2789.Dq Li YES , 2790run the IPv6 multicast routing daemon. 2791.Pp 2792Note that multicast routing daemons are no longer included in the 2793.Fx 2794base system, however, both 2795.Xr mrouted 8 2796and 2797.Xr pim6dd 8 2798may be installed from the 2799.Fx 2800Ports Collection. 2801.It Va mrouted_flags 2802.Pq Vt str 2803If 2804.Va mrouted_enable 2805is set to 2806.Dq Li YES , 2807these are the flags to pass to the 2808.Xr mrouted 8 2809daemon. 2810.It Va mroute6d_flags 2811.Pq Vt str 2812The IPv6 equivalent of 2813.Va mrouted_flags . 2814If 2815.Va mroute6d_enable 2816is set to 2817.Dq Li YES , 2818these are the flags passed to the IPv6 multicast routing daemon. 2819.It Va mroute6d_program 2820.Pq Vt str 2821If 2822.Va mroute6d_enable 2823is set to 2824.Dq Li YES , 2825this is the path to the IPv6 multicast routing daemon. 2826.It Va rtadvd_enable 2827.Pq Vt bool 2828If set to 2829.Dq Li YES , 2830run the 2831.Xr rtadvd 8 2832daemon at boot time. 2833The 2834.Xr rtadvd 8 2835utility sends ICMPv6 Router Advertisement messages to 2836the interfaces specified in 2837.Va rtadvd_interfaces . 2838This should only be enabled with great care. 2839You may want to fine-tune 2840.Xr rtadvd.conf 5 . 2841.It Va rtadvd_interfaces 2842.Pq Vt str 2843If 2844.Va rtadvd_enable 2845is set to 2846.Dq Li YES 2847this is the list of interfaces to use. 2848.It Va arpproxy_all 2849.Pq Vt bool 2850If set to 2851.Dq Li YES , 2852enable global proxy ARP. 2853.It Va forward_sourceroute 2854.Pq Vt bool 2855If set to 2856.Dq Li YES 2857and 2858.Va gateway_enable 2859is also set to 2860.Dq Li YES , 2861source-routed packets are forwarded. 2862.It Va accept_sourceroute 2863.Pq Vt bool 2864If set to 2865.Dq Li YES , 2866the system will accept source-routed packets directed at it. 2867.It Va rarpd_enable 2868.Pq Vt bool 2869If set to 2870.Dq Li YES , 2871run the 2872.Xr rarpd 8 2873daemon at system boot time. 2874.It Va rarpd_flags 2875.Pq Vt str 2876If 2877.Va rarpd_enable 2878is set to 2879.Dq Li YES , 2880these are the flags to pass to the 2881.Xr rarpd 8 2882daemon. 2883.It Va bootparamd_enable 2884.Pq Vt bool 2885If set to 2886.Dq Li YES , 2887run the 2888.Xr bootparamd 8 2889daemon at system boot time. 2890.It Va bootparamd_flags 2891.Pq Vt str 2892If 2893.Va bootparamd_enable 2894is set to 2895.Dq Li YES , 2896these are the flags to pass to the 2897.Xr bootparamd 8 2898daemon. 2899.It Va stf_interface_ipv4addr 2900.Pq Vt str 2901If not set to 2902.Dq Li NO , 2903this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2904interface). 2905Specify this entry to enable the 6to4 interface. 2906.It Va stf_interface_ipv4plen 2907.Pq Vt int 2908Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2909An effective value is 0-31. 2910.It Va stf_interface_ipv6_ifid 2911.Pq Vt str 2912IPv6 interface ID for 2913.Xr stf 4 . 2914This can be set to 2915.Dq Li AUTO . 2916.It Va stf_interface_ipv6_slaid 2917.Pq Vt str 2918IPv6 Site Level Aggregator for 2919.Xr stf 4 . 2920.It Va ipv6_faith_prefix 2921.Pq Vt str 2922If not set to 2923.Dq Li NO , 2924this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2925translator. 2926You also need 2927.Xr faithd 8 2928setup. 2929.It Va ipv6_ipv4mapping 2930.Pq Vt bool 2931If set to 2932.Dq Li YES 2933this enables IPv4 mapped IPv6 address communication (like 2934.Li ::ffff:a.b.c.d ) . 2935.It Va rtsold_enable 2936.Pq Vt bool 2937Set to 2938.Dq Li YES 2939to enable the 2940.Xr rtsold 8 2941daemon to send ICMPv6 Router Solicitation messages. 2942.It Va rtsold_flags 2943.Pq Vt str 2944If 2945.Va rtsold_enable 2946is set to 2947.Dq Li YES , 2948these are the flags to pass to 2949.Xr rtsold 8 . 2950.It Va rtsol_flags 2951.Pq Vt str 2952For interfaces configured with the 2953.Dq Li inet6 accept_rtadv 2954keyword, these are the flags to pass to 2955.Xr rtsol 8 . 2956.Pp 2957Note that 2958.Va rtsold_enable 2959is mutually exclusive to 2960.Va rtsol_flags ; 2961.Va rtsold_enable 2962takes precedence. 2963.It Va atm_enable 2964.Pq Vt bool 2965Set to 2966.Dq Li YES 2967to enable the configuration of ATM interfaces at system boot time. 2968For all of the ATM variables described below, please refer to the 2969.Xr atm 8 2970manual page for further details on the available command parameters. 2971Also refer to the files in 2972.Pa /usr/share/examples/atm 2973for more detailed configuration information. 2974.It Va atm_load 2975.Pq Vt str 2976This is a list of physical ATM interface drivers to load. 2977Typical values are 2978.Dq Li hfa_pci 2979and/or 2980.Dq Li hea_pci . 2981.It Va atm_netif_ Ns Aq Ar intf 2982.Pq Vt str 2983For the ATM physical interface 2984.Ar intf , 2985this variable defines the name prefix and count for the ATM network 2986interfaces to be created. 2987The value will be passed as the parameters of an 2988.Dq Nm atm Cm "set netif" Ar intf 2989command. 2990.It Va atm_sigmgr_ Ns Aq Ar intf 2991.Pq Vt str 2992For the ATM physical interface 2993.Ar intf , 2994this variable defines the ATM signalling manager to be used. 2995The value will be passed as the parameters of an 2996.Dq Nm atm Cm attach Ar intf 2997command. 2998.It Va atm_prefix_ Ns Aq Ar intf 2999.Pq Vt str 3000For the ATM physical interface 3001.Ar intf , 3002this variable defines the NSAP prefix for interfaces using a UNI signalling 3003manager. 3004If set to 3005.Dq Li ILMI , 3006the prefix will automatically be set via the 3007.Xr ilmid 8 3008daemon. 3009Otherwise, the value will be passed as the parameters of an 3010.Dq Nm atm Cm "set prefix" Ar intf 3011command. 3012.It Va atm_macaddr_ Ns Aq Ar intf 3013.Pq Vt str 3014For the ATM physical interface 3015.Ar intf , 3016this variable defines the MAC address for interfaces using a UNI signalling 3017manager. 3018If set to 3019.Dq Li NO , 3020the hardware MAC address contained in the ATM interface card will be used. 3021Otherwise, the value will be passed as the parameters of an 3022.Dq Nm atm Cm "set mac" Ar intf 3023command. 3024.It Va atm_arpserver_ Ns Aq Ar netif 3025.Pq Vt str 3026For the ATM network interface 3027.Ar netif , 3028this variable defines the ATM address for a host which is to provide ATMARP 3029service. 3030This variable is only applicable to interfaces using a UNI signalling 3031manager. 3032If set to 3033.Dq Li local , 3034this host will become an ATMARP server. 3035The value will be passed as the parameters of an 3036.Dq Nm atm Cm "set arpserver" Ar netif 3037command. 3038.It Va atm_scsparp_ Ns Aq Ar netif 3039.Pq Vt bool 3040If set to 3041.Dq Li YES , 3042SCSP/ATMARP service for the network interface 3043.Ar netif 3044will be initiated using the 3045.Xr scspd 8 3046and 3047.Xr atmarpd 8 3048daemons. 3049This variable is only applicable if 3050.Va atm_arpserver_ Ns Aq Ar netif 3051is set to 3052.Dq Li local . 3053.It Va atm_pvcs 3054.Pq Vt str 3055Set to the list of ATM PVCs to be added at system 3056boot time. 3057For each whitespace separated 3058.Ar element 3059in the value, an 3060.Va atm_pvc_ Ns Aq Ar element 3061variable is assumed to exist. 3062The value of each of these variables 3063will be passed as the parameters of an 3064.Dq Nm atm Cm "add pvc" 3065command. 3066.It Va atm_arps 3067.Pq Vt str 3068Set to the list of permanent ATM ARP entries to be added 3069at system boot time. 3070For each whitespace separated 3071.Ar element 3072in the value, an 3073.Va atm_arp_ Ns Aq Ar element 3074variable is assumed to exist. 3075The value of each of these variables 3076will be passed as the parameters of an 3077.Dq Nm atm Cm "add arp" 3078command. 3079.It Va natm_interfaces 3080.Pq Vt str 3081Set to the list of 3082.Xr natm 4 3083interfaces that will also be used for HARP through 3084.Xr harp 4 . 3085If this list is not empty all interfaces in the list will be brought up 3086with 3087.Xr ifconfig 8 3088and 3089.Xr harp 4 3090will be loaded. 3091For this to work the interface drivers must be either compiled into the 3092kernel or must reside on the root partition. 3093.It Va keybell 3094.Pq Vt str 3095The keyboard bell sound. 3096Set to 3097.Dq Li normal , 3098.Dq Li visual , 3099.Dq Li off , 3100or 3101.Dq Li NO 3102if the default behavior is desired. 3103For details, refer to the 3104.Xr kbdcontrol 1 3105manpage. 3106.It Va keyboard 3107.Pq Vt str 3108If set to a non-null string, the virtual console's keyboard input is 3109set to this device. 3110.It Va keymap 3111.Pq Vt str 3112If set to 3113.Dq Li NO , 3114no keymap is installed, otherwise the value is used to install 3115the keymap file in 3116.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3117.It Va keyrate 3118.Pq Vt str 3119The keyboard repeat speed. 3120Set to 3121.Dq Li slow , 3122.Dq Li normal , 3123.Dq Li fast , 3124or 3125.Dq Li NO 3126if the default behavior is desired. 3127.It Va keychange 3128.Pq Vt str 3129If not set to 3130.Dq Li NO , 3131attempt to program the function keys with the value. 3132The value should 3133be a single string of the form: 3134.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3135.It Va cursor 3136.Pq Vt str 3137Can be set to the value of 3138.Dq Li normal , 3139.Dq Li blink , 3140.Dq Li destructive , 3141or 3142.Dq Li NO 3143to set the cursor behavior explicitly or choose the default behavior. 3144.It Va scrnmap 3145.Pq Vt str 3146If set to 3147.Dq Li NO , 3148no screen map is installed, otherwise the value is used to install 3149the screen map file in 3150.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3151.It Va font8x16 3152.Pq Vt str 3153If set to 3154.Dq Li NO , 3155the default 8x16 font value is used for screen size requests, otherwise 3156the value in 3157.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3158is used. 3159.It Va font8x14 3160.Pq Vt str 3161If set to 3162.Dq Li NO , 3163the default 8x14 font value is used for screen size requests, otherwise 3164the value in 3165.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3166is used. 3167.It Va font8x8 3168.Pq Vt str 3169If set to 3170.Dq Li NO , 3171the default 8x8 font value is used for screen size requests, otherwise 3172the value in 3173.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3174is used. 3175.It Va blanktime 3176.Pq Vt int 3177If set to 3178.Dq Li NO , 3179the default screen blanking interval is used, otherwise it is set 3180to 3181.Ar value 3182seconds. 3183.It Va saver 3184.Pq Vt str 3185If not set to 3186.Dq Li NO , 3187this is the actual screen saver to use 3188.Li ( blank , snake , daemon , 3189etc). 3190.It Va moused_nondefault_enable 3191.Pq Vt str 3192If set to 3193.Dq Li NO , 3194the mouse device specified on 3195the command line is not automatically treated as enabled by the 3196.Pa /etc/rc.d/moused 3197script. 3198Having this variable set to 3199.Dq Li YES 3200allows a 3201.Xr usb 4 3202mouse, 3203for example, 3204to be enabled as soon as it is plugged in. 3205.It Va moused_enable 3206.Pq Vt str 3207If set to 3208.Dq Li YES , 3209the 3210.Xr moused 8 3211daemon is started for doing cut/paste selection on the console. 3212.It Va moused_type 3213.Pq Vt str 3214This is the protocol type of the mouse connected to this host. 3215This variable must be set if 3216.Va moused_enable 3217is set to 3218.Dq Li YES . 3219The 3220.Xr moused 8 3221daemon 3222is able to detect the appropriate mouse type automatically in many cases. 3223Set this variable to 3224.Dq Li auto 3225to let the daemon detect it, or 3226select one from the following list if the automatic detection fails. 3227.Pp 3228If the mouse is attached to the PS/2 mouse port, choose 3229.Dq Li auto 3230or 3231.Dq Li ps/2 , 3232regardless of the brand and model of the mouse. 3233Likewise, if the 3234mouse is attached to the bus mouse port, choose 3235.Dq Li auto 3236or 3237.Dq Li busmouse . 3238All other protocols are for serial mice and will not work with 3239the PS/2 and bus mice. 3240If this is a USB mouse, 3241.Dq Li auto 3242is the only protocol type which will work. 3243.Pp 3244.Bl -tag -width ".Li x10mouseremote" -compact 3245.It Li microsoft 3246Microsoft mouse (serial) 3247.It Li intellimouse 3248Microsoft IntelliMouse (serial) 3249.It Li mousesystems 3250Mouse systems Corp.\& mouse (serial) 3251.It Li mmseries 3252MM Series mouse (serial) 3253.It Li logitech 3254Logitech mouse (serial) 3255.It Li busmouse 3256A bus mouse 3257.It Li mouseman 3258Logitech MouseMan and TrackMan (serial) 3259.It Li glidepoint 3260ALPS GlidePoint (serial) 3261.It Li thinkingmouse 3262Kensington ThinkingMouse (serial) 3263.It Li ps/2 3264PS/2 mouse 3265.It Li mmhittab 3266MM HitTablet (serial) 3267.It Li x10mouseremote 3268X10 MouseRemote (serial) 3269.It Li versapad 3270Interlink VersaPad (serial) 3271.El 3272.Pp 3273Even if the mouse is not in the above list, it may be compatible 3274with one in the list. 3275Refer to the manual page for 3276.Xr moused 8 3277for compatibility information. 3278.Pp 3279It should also be noted that while this is enabled, any 3280other client of the mouse (such as an X server) should access 3281the mouse through the virtual mouse device, 3282.Pa /dev/sysmouse , 3283and configure it as a 3284.Dq Li sysmouse 3285type mouse, since all 3286mouse data is converted to this single canonical format when 3287using 3288.Xr moused 8 . 3289If the client program does not support the 3290.Dq Li sysmouse 3291type, 3292specify the 3293.Dq Li mousesystems 3294type. 3295It is the second preferred type. 3296.It Va moused_port 3297.Pq Vt str 3298If 3299.Va moused_enable 3300is set to 3301.Dq Li YES , 3302this is the actual port the mouse is on. 3303It might be 3304.Pa /dev/cuau0 3305for a COM1 serial mouse, 3306.Pa /dev/psm0 3307for a PS/2 mouse or 3308.Pa /dev/mse0 3309for a bus mouse, for example. 3310.It Va moused_flags 3311.Pq Vt str 3312If 3313.Va moused_flags 3314is set, its value is used as an additional set of flags to pass to the 3315.Xr moused 8 3316daemon. 3317.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3318When 3319.Va moused_nondefault_enable 3320is enabled, and a 3321.Xr moused 8 3322daemon is started for a non-default port, the 3323.Va "moused_" Ns Ar XXX Ns Va "_flags" 3324set of options has precedence over and replaces the default 3325.Va moused_flags 3326(where 3327.Ar XXX 3328is the name of the non-default port, i.e.,\& 3329.Ar ums0 ) . 3330By setting 3331.Va "moused_" Ns Ar XXX Ns Va "_flags" 3332it is possible to set up a different set of default flags for each 3333.Xr moused 8 3334instance. 3335For example, you can use 3336.Dq Li "-3" 3337for the default 3338.Va moused_flags 3339to make your laptop's touchpad more comfortable to use, 3340but an empty set of options for 3341.Va moused_ums0_flags 3342when your 3343.Xr usb 4 3344mouse has three or more buttons. 3345.It Va mousechar_start 3346.Pq Vt int 3347If set to 3348.Dq Li NO , 3349the default mouse cursor character range 3350.Li 0xd0 Ns - Ns Li 0xd3 3351is used, 3352otherwise the range start is set 3353to 3354.Ar value 3355character, see 3356.Xr vidcontrol 1 . 3357Use if the default range is occupied in the language code table. 3358.It Va allscreens_flags 3359.Pq Vt str 3360If set, 3361.Xr vidcontrol 1 3362is run with these options for each of the virtual terminals 3363.Pq Pa /dev/ttyv* . 3364For example, 3365.Dq Fl m Cm on 3366will enable the mouse pointer on all virtual terminals 3367if 3368.Va moused_enable 3369is set to 3370.Dq Li YES . 3371.It Va allscreens_kbdflags 3372.Pq Vt str 3373If set, 3374.Xr kbdcontrol 1 3375is run with these options for each of the virtual terminals 3376.Pq Pa /dev/ttyv* . 3377For example, 3378.Dq Fl h Li 200 3379will set the 3380.Xr syscons 4 3381scrollback (history) buffer to 200 lines. 3382.It Va cron_enable 3383.Pq Vt bool 3384If set to 3385.Dq Li YES , 3386run the 3387.Xr cron 8 3388daemon at system boot time. 3389.It Va cron_program 3390.Pq Vt str 3391Path to 3392.Xr cron 8 3393(default 3394.Pa /usr/sbin/cron ) . 3395.It Va cron_flags 3396.Pq Vt str 3397If 3398.Va cron_enable 3399is set to 3400.Dq Li YES , 3401these are the flags to pass to 3402.Xr cron 8 . 3403.It Va cron_dst 3404.Pq Vt bool 3405If set to 3406.Dq Li YES , 3407enable the special handling of transitions to and from the 3408Daylight Saving Time in 3409.Xr cron 8 3410(equivalent to using the flag 3411.Fl s ) . 3412.It Va lpd_program 3413.Pq Vt str 3414Path to 3415.Xr lpd 8 3416(default 3417.Pa /usr/sbin/lpd ) . 3418.It Va lpd_enable 3419.Pq Vt bool 3420If set to 3421.Dq Li YES , 3422run the 3423.Xr lpd 8 3424daemon at system boot time. 3425.It Va lpd_flags 3426.Pq Vt str 3427If 3428.Va lpd_enable 3429is set to 3430.Dq Li YES , 3431these are the flags to pass to the 3432.Xr lpd 8 3433daemon. 3434.It Va chkprintcap_enable 3435.Pq Vt bool 3436If set to 3437.Dq Li YES , 3438run the 3439.Xr chkprintcap 8 3440command before starting the 3441.Xr lpd 8 3442daemon. 3443.It Va chkprintcap_flags 3444.Pq Vt str 3445If 3446.Va lpd_enable 3447and 3448.Va chkprintcap_enable 3449are set to 3450.Dq Li YES , 3451these are the flags to pass to the 3452.Xr chkprintcap 8 3453program. 3454The default is 3455.Dq Li -d , 3456which causes missing directories to be created. 3457.It Va mta_start_script 3458.Pq Vt str 3459This variable specifies the full path to the script to run to start 3460a mail transfer agent. 3461The default is 3462.Pa /etc/rc.sendmail . 3463The 3464.Va sendmail_* 3465variables which 3466.Pa /etc/rc.sendmail 3467uses are documented in the 3468.Xr rc.sendmail 8 3469manual page. 3470.It Va dumpdev 3471.Pq Vt str 3472Indicates the device (usually a swap partition) to which a crash dump 3473should be written in the event of a system crash. 3474If the value of this variable is 3475.Dq Li AUTO , 3476the first suitable swap device listed in 3477.Pa /etc/fstab 3478will be used as dump device. 3479Otherwise, the value of this variable is passed as the argument to 3480.Xr dumpon 8 . 3481To disable crash dumps, set this variable to 3482.Dq Li NO . 3483.It Va dumpdir 3484.Pq Vt str 3485When the system reboots after a crash and a crash dump is found on the 3486device specified by the 3487.Va dumpdev 3488variable, 3489.Xr savecore 8 3490will save that crash dump and a copy of the kernel to the directory 3491specified by the 3492.Va dumpdir 3493variable. 3494The default value is 3495.Pa /var/crash . 3496Set to 3497.Dq Li NO 3498to not run 3499.Xr savecore 8 3500at boot time when 3501.Va dumpdir 3502is set. 3503.It Va savecore_flags 3504.Pq Vt str 3505If crash dumps are enabled, these are the flags to pass to the 3506.Xr savecore 8 3507utility. 3508.It Va quota_enable 3509.Pq Vt bool 3510Set to 3511.Dq Li YES 3512to turn on user and group disk quotas on system startup via the 3513.Xr quotaon 8 3514command for all file systems marked as having quotas enabled in 3515.Pa /etc/fstab . 3516The kernel must be built with 3517.Cd "options QUOTA" 3518for disk quotas to function. 3519.It Va check_quotas 3520.Pq Vt bool 3521Set to 3522.Dq Li YES 3523to enable user and group disk quota checking via the 3524.Xr quotacheck 8 3525command. 3526.It Va quotacheck_flags 3527.Pq Vt str 3528If 3529.Va quota_enable 3530is set to 3531.Dq Li YES , 3532and 3533.Va check_quotas 3534is set to 3535.Dq Li YES , 3536these are the flags to pass to the 3537.Xr quotacheck 8 3538utility. 3539The default is 3540.Dq Li "-a" , 3541which checks quotas for all file systems with quotas enabled in 3542.Pa /etc/fstab . 3543.It Va quotaon_flags 3544.Pq Vt str 3545If 3546.Va quota_enable 3547is set to 3548.Dq Li YES , 3549these are the flags to pass to the 3550.Xr quotaon 8 3551utility. 3552The default is 3553.Dq Li "-a" , 3554which enables quotas for all file systems with quotas enabled in 3555.Pa /etc/fstab . 3556.It Va quotaoff_flags 3557.Pq Vt str 3558If 3559.Va quota_enable 3560is set to 3561.Dq Li YES , 3562these are the flags to pass to the 3563.Xr quotaoff 8 3564utility when shutting down the quota system. 3565The default is 3566.Dq Li "-a" , 3567which disables quotas for all file systems with quotas enabled in 3568.Pa /etc/fstab . 3569.It Va accounting_enable 3570.Pq Vt bool 3571Set to 3572.Dq Li YES 3573to enable system accounting through the 3574.Xr accton 8 3575facility. 3576.It Va ibcs2_enable 3577.Pq Vt bool 3578Set to 3579.Dq Li YES 3580to enable iBCS2 (SCO) binary emulation at system initial boot 3581time. 3582.It Va ibcs2_loaders 3583.Pq Vt str 3584If not set to 3585.Dq Li NO 3586and if 3587.Va ibcs2_enable 3588is set to 3589.Dq Li YES , 3590this specifies a list of additional iBCS2 loaders to enable. 3591.It Va firstboot_sentinel 3592.Pq Vt str 3593This variable specifies the full path to a 3594.Dq first boot 3595sentinel file. 3596If a file exists with this path, 3597.Pa rc.d 3598scripts with the 3599.Dq firstboot 3600keyword will be run on startup and the sentinel file will be deleted 3601after the boot process completes. 3602The sentinel file must be located on a writable file system which is 3603mounted no later than 3604.Va early_late_divider 3605to function properly. 3606The default is 3607.Pa /firstboot . 3608.It Va linux_enable 3609.Pq Vt bool 3610Set to 3611.Dq Li YES 3612to enable Linux/ELF binary emulation at system initial 3613boot time. 3614.It Va svr4_enable 3615.Pq Vt bool 3616If set to 3617.Dq Li YES , 3618enable SysVR4 emulation at boot time. 3619.It Va sysvipc_enable 3620.Pq Vt bool 3621If set to 3622.Dq Li YES , 3623load System V IPC primitives at boot time. 3624.It Va clear_tmp_enable 3625.Pq Vt bool 3626Set to 3627.Dq Li YES 3628to have 3629.Pa /tmp 3630cleaned at startup. 3631.It Va clear_tmp_X 3632.Pq Vt bool 3633Set to 3634.Dq Li NO 3635to disable removing of X11 lock files, 3636and the removal and (secure) recreation 3637of the various socket directories for X11 3638related programs. 3639.It Va ldconfig_paths 3640.Pq Vt str 3641Set to the list of shared library paths to use with 3642.Xr ldconfig 8 . 3643NOTE: 3644.Pa /usr/lib 3645will always be added first, so it need not appear in this list. 3646.It Va ldconfig32_paths 3647.Pq Vt str 3648Set to the list of 32-bit compatibility shared library paths to 3649use with 3650.Xr ldconfig 8 . 3651.It Va ldconfig_paths_aout 3652.Pq Vt str 3653Set to the list of shared library paths to use with 3654.Xr ldconfig 8 3655legacy 3656.Xr a.out 5 3657support. 3658.It Va ldconfig_insecure 3659.Pq Vt bool 3660The 3661.Xr ldconfig 8 3662utility normally refuses to use directories 3663which are writable by anyone except root. 3664Set this variable to 3665.Dq Li YES 3666to disable that security check during system startup. 3667.It Va ldconfig_local_dirs 3668.Pq Vt str 3669Set to the list of local 3670.Xr ldconfig 8 3671directories. 3672The names of all files in the directories listed will be 3673passed as arguments to 3674.Xr ldconfig 8 . 3675.It Va ldconfig_local32_dirs 3676.Pq Vt str 3677Set to the list of local 32-bit compatibility 3678.Xr ldconfig 8 3679directories. 3680The names of all files in the directories listed will be 3681passed as arguments to 3682.Dq Nm ldconfig Fl 32 . 3683.It Va kern_securelevel_enable 3684.Pq Vt bool 3685Set to 3686.Dq Li YES 3687to set the kernel security level at system startup. 3688.It Va kern_securelevel 3689.Pq Vt int 3690The kernel security level to set at startup. 3691The allowed range of 3692.Ar value 3693ranges from \-1 (the compile time default) to 3 (the 3694most secure). 3695See 3696.Xr security 7 3697for the list of possible security levels and their effect 3698on system operation. 3699.It Va sshd_program 3700.Pq Vt str 3701Path to the SSH server program 3702.Pa ( /usr/sbin/sshd 3703is the default). 3704.It Va sshd_enable 3705.Pq Vt bool 3706Set to 3707.Dq Li YES 3708to start 3709.Xr sshd 8 3710at system boot time. 3711.It Va sshd_flags 3712.Pq Vt str 3713If 3714.Va sshd_enable 3715is set to 3716.Dq Li YES , 3717these are the flags to pass to the 3718.Xr sshd 8 3719daemon. 3720.It Va ftpd_program 3721.Pq Vt str 3722Path to the FTP server program 3723.Pa ( /usr/libexec/ftpd 3724is the default). 3725.It Va ftpd_enable 3726.Pq Vt bool 3727Set to 3728.Dq Li YES 3729to start 3730.Xr ftpd 8 3731as a stand-alone daemon at system boot time. 3732.It Va ftpd_flags 3733.Pq Vt str 3734If 3735.Va ftpd_enable 3736is set to 3737.Dq Li YES , 3738these are the additional flags to pass to the 3739.Xr ftpd 8 3740daemon. 3741.It Va watchdogd_enable 3742.Pq Vt bool 3743If set to 3744.Dq Li YES , 3745start the 3746.Xr watchdogd 8 3747daemon at boot time. 3748This requires that the kernel have been compiled with a 3749.Xr watchdog 4 3750compatible device. 3751.It Va watchdogd_flags 3752.Pq Vt str 3753If 3754.Va watchdogd_enable 3755is set to 3756.Dq Li YES , 3757these are the flags passed to the 3758.Xr watchdogd 8 3759daemon. 3760.It Va devfs_rulesets 3761.Pq Vt str 3762List of files containing sets of rules for 3763.Xr devfs 8 . 3764.It Va devfs_system_ruleset 3765.Pq Vt str 3766Rule name(s) to apply to the system 3767.Pa /dev 3768itself. 3769.It Va devfs_set_rulesets 3770.Pq Vt str 3771Pairs of already-mounted 3772.Pa dev 3773directories and rulesets that should be applied to them. 3774For example: /mount/dev=ruleset_name 3775.It Va devfs_load_rulesets 3776.Pq Vt bool 3777If set, always load the default rulesets listed in 3778.Va devfs_rulesets . 3779.It Va performance_cx_lowest 3780.Pq Vt str 3781CPU idle state to use while on AC power. 3782The string 3783.Dq Li LOW 3784indicates that 3785.Xr acpi 4 3786should use the lowest power state available while 3787.Dq Li HIGH 3788indicates that the lowest latency state (less power savings) should be used. 3789.It Va performance_cpu_freq 3790.Pq Vt str 3791CPU clock frequency to use while on AC power. 3792The string 3793.Dq Li LOW 3794indicates that 3795.Xr cpufreq 4 3796should use the lowest frequency available while 3797.Dq Li HIGH 3798indicates that the highest frequency (less power savings) should be used. 3799.It Va economy_cx_lowest 3800.Pq Vt str 3801CPU idle state to use when off AC power. 3802The string 3803.Dq Li LOW 3804indicates that 3805.Xr acpi 4 3806should use the lowest power state available while 3807.Dq Li HIGH 3808indicates that the lowest latency state (less power savings) should be used. 3809.It Va economy_cpu_freq 3810.Pq Vt str 3811CPU clock frequency to use when off AC power. 3812The string 3813.Dq Li LOW 3814indicates that 3815.Xr cpufreq 4 3816should use the lowest frequency available while 3817.Dq Li HIGH 3818indicates that the highest frequency (less power savings) should be used. 3819.It Va jail_enable 3820.Pq Vt bool 3821If set to 3822.Dq Li NO , 3823any configured jails will not be started. 3824.It Va jail_conf 3825.Pq Vt str 3826The configuration filename used by 3827.Xr jail 8 3828utility. 3829The default value is 3830.Pa /etc/jail.conf . 3831.It Va jail_parallel_start 3832.Pq Vt bool 3833If set to 3834.Dq Li YES , 3835all configured jails will be started in the background (in parallel). 3836.It Va jail_flags 3837.Pq Vt str 3838Unset by default. 3839When set, use as default value for 3840.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3841for every jail in 3842.Va jail_list . 3843.It Va jail_list 3844.Pq Vt str 3845A space separated list of names for jails. 3846If this variable is empty, 3847all of 3848.Xr jail 8 3849instances in the configuration file will be configured. 3850This is purely a configuration aid to help identify and 3851configure multiple jails. 3852The names specified in this list will be used to 3853identify settings common to an instance of a jail, 3854and should contain alphanumeric characters only. 3855The literal jail name of 3856.Dq Li 0 3857.Pq zero 3858is not allowed. 3859.It Va jail_* variables 3860Note that older releases supported per-jail configuration via 3861.Xr rc.conf 5 3862variables. 3863For example, 3864hostname of a jail named 3865.Li vjail 3866was able to be set by 3867.Li jail_vjail_hostname . 3868These per-jail configuration variables are now obsolete in favor of 3869.Xr jail 8 3870configuration file. 3871For backward compatibility, 3872when per-jail configuration variables are defined, 3873.Xr jail 8 3874configuration files are created as 3875.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3876and used. 3877.Pp 3878The following per-jail parameters are handled by 3879.Pa rc.d/jail 3880script out of their corresponding 3881.Nm 3882variables. 3883In addition to them, parameters in 3884.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3885will be added to the configuration file. 3886They must be a semi-colon 3887.Pq Ql \&; 3888delimited list of 3889.Dq key=value . 3890For more details, 3891see 3892.Xr jail 8 3893manual page. 3894.Bl -tag -width "host.hostname" -offset indent 3895.It Li path 3896set from 3897.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3898.It Li host.hostname 3899set from 3900.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3901.It Li exec.consolelog 3902set from 3903.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3904The default value is 3905.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3906.It Li interface 3907set from 3908.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3909.It Li vnet.interface 3910set from 3911.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3912This implies 3913.Li vnet 3914parameter will be enabled and cannot be specified with 3915.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3916.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3917and/or 3918.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3919at the same time. 3920.It Li fstab 3921set from 3922.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3923.It Li mount 3924set from 3925.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3926.It Li exec.fib 3927set from 3928.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3929.It Li exec.start 3930set from 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3932The parameter name was 3933.Li command 3934in some older releases. 3935.It Li exec.prestart 3936set from 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3938.It Li exec.poststart 3939set from 3940.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3941.It Li exec.stop 3942set from 3943.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3944.It Li exec.prestop 3945set from 3946.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3947.It Li exec.poststop 3948set from 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3950.It Li ip4.addr 3951set if 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3953or 3954.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3955contain IPv4 addresses 3956.It Li ip6.addr 3957set if 3958.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3959or 3960.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3961contain IPv6 addresses 3962.It Li allow.mount 3963set from 3964.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3965.It Li mount.devfs 3966set from 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3968.It Li devfs_ruleset 3969set from 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3971This must be an integer, 3972not a string. 3973.It Li mount.fdescfs 3974set from 3975.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3976.It Li allow.set_hostname 3977set from 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3979.It Li allow.rawsocket 3980set from 3981.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3982.It Li allow.sysvipc 3983set from 3984.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3985.El 3986.\" ----------------------------------------------------- 3987.It Va harvest_interrupt 3988.Pq Vt bool 3989Set to 3990.Dq Li YES 3991to use hardware interrupts as an entropy source. 3992Refer to 3993.Xr random 4 3994for more information. 3995.It Va harvest_ethernet 3996.Pq Vt bool 3997Set to 3998.Dq Li YES 3999to use LAN traffic as an entropy source. 4000Refer to 4001.Xr random 4 4002for more information. 4003.It Va harvest_p_to_p 4004.Pq Vt bool 4005Set to 4006.Dq Li YES 4007to use serial line traffic as an entropy source. 4008Refer to 4009.Xr random 4 4010for more information. 4011.It Va entropy_dir 4012.Pq Vt str 4013Set to 4014.Dq Li NO 4015to disable caching entropy via 4016.Xr cron 8 . 4017Otherwise set to the directory used to store entropy files in. 4018.It Va entropy_file 4019.Pq Vt str 4020Set to 4021.Dq Li NO 4022to disable caching entropy through reboots. 4023Otherwise set to the filename used to store cached entropy through 4024reboots. 4025This file should be located on the root file system to seed the 4026.Xr random 4 4027device as early as possible in the boot process. 4028.It Va entropy_save_sz 4029.Pq Vt int 4030Size of the entropy cache files saved by 4031.Nm save-entropy 4032periodically. 4033.It Va entropy_save_num 4034.Pq Vt int 4035Number of entropy cache files to save by 4036.Nm save-entropy 4037periodically. 4038.It Va ipsec_enable 4039.Pq Vt bool 4040Set to 4041.Dq Li YES 4042to run 4043.Xr setkey 8 4044on 4045.Va ipsec_file 4046at boot time. 4047.It Va ipsec_file 4048.Pq Vt str 4049Configuration file for 4050.Xr setkey 8 . 4051.It Va dmesg_enable 4052.Pq Vt bool 4053Set to 4054.Dq Li YES 4055to save 4056.Xr dmesg 8 4057to 4058.Pa /var/run/dmesg.boot 4059on boot. 4060.It Va rcshutdown_timeout 4061.Pq Vt int 4062If set, start a watchdog timer in the background which will terminate 4063.Pa rc.shutdown 4064if 4065.Xr shutdown 8 4066has not completed within the specified time (in seconds). 4067Notice that in addition to this soft timeout, 4068.Xr init 8 4069also applies a hard timeout for the execution of 4070.Pa rc.shutdown . 4071This is configured via 4072.Xr sysctl 8 4073variable 4074.Va kern.init_shutdown_timeout 4075and defaults to 120 seconds. 4076Setting the value of 4077.Va rcshutdown_timeout 4078to more than 120 seconds will have no effect until the 4079.Xr sysctl 8 4080variable 4081.Va kern.init_shutdown_timeout 4082is also increased. 4083.It Va virecover_enable 4084.Pq Vt bool 4085Set to 4086.Dq Li NO 4087to prevent the system from trying to 4088recover pre-maturely terminated 4089.Xr vi 1 4090sessions. 4091.It Va ugidfw_enable 4092.Pq Vt bool 4093Set to 4094.Dq Li YES 4095to load the 4096.Xr mac_bsdextended 4 4097module upon system initialization and load a default 4098ruleset file. 4099.It Va bsdextended_script 4100.Pq Vt str 4101The default 4102.Xr mac_bsdextended 4 4103ruleset file to load. 4104The default value of this variable is 4105.Pa /etc/rc.bsdextended . 4106.It Va newsyslog_enable 4107.Pq Vt bool 4108If set to 4109.Dq Li YES , 4110run 4111.Xr newsyslog 8 4112command at startup. 4113.It Va newsyslog_flags 4114.Pq Vt str 4115If 4116.Va newsyslog_enable 4117is set to 4118.Dq Li YES , 4119these are the flags to pass to the 4120.Xr newsyslog 8 4121program. 4122The default is 4123.Dq Li -CN , 4124which causes log files flagged with a 4125.Cm C 4126to be created. 4127.It Va mdconfig_md Ns Aq Ar X 4128.Pq Vt str 4129Arguments to 4130.Xr mdconfig 8 4131for 4132.Xr md 4 4133device 4134.Ar X . 4135At minimum a 4136.Fl t Ar type 4137must be specified and either a 4138.Fl s Ar size 4139for malloc or swap backed 4140.Xr md 4 4141devices or a 4142.Fl f Ar file 4143for vnode backed 4144.Xr md 4 4145devices. 4146Note that 4147.Va mdconfig_md Ns Aq Ar X 4148variables are evaluated until one variable is unset or null. 4149.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4150.Pq Vt str 4151Optional arguments passed to 4152.Xr newfs 8 4153to initialize 4154.Xr md 4 4155device 4156.Ar X . 4157.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4158.Pq Vt str 4159An ownership specification passed to 4160.Xr chown 8 4161after the specified 4162.Xr md 4 4163device 4164.Ar X 4165has been mounted. 4166Both the 4167.Xr md 4 4168device and the mount point will be changed. 4169.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4170.Pq Vt str 4171A mode string passed to 4172.Xr chmod 1 4173after the specified 4174.Xr md 4 4175device 4176.Ar X 4177has been mounted. 4178Both the 4179.Xr md 4 4180device and the mount point will be changed. 4181.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4182.Pq Vt str 4183Files to be copied to the mount point of the 4184.Xr md 4 4185device 4186.Ar X 4187after it has been mounted. 4188.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4189.Pq Vt str 4190Command to execute after the specified 4191.Xr md 4 4192device 4193.Ar X 4194has been mounted. 4195Note that the command is passed to 4196.Ic eval 4197and that both 4198.Va _dev 4199and 4200.Va _mp 4201variables can be used to reference respectively the 4202.Xr md 4 4203device and the mount point. 4204Assuming that the 4205.Xr md 4 4206device is 4207.Li md0 , 4208one could set the following: 4209.Bd -literal 4210mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4211.Ed 4212.It Va autobridge_interfaces 4213.Pq Vt str 4214Set to the list of bridge interfaces that will have newly arriving interfaces 4215checked against to be automatically added. 4216If not set to 4217.Dq Li NO 4218then for each whitespace separated 4219.Ar element 4220in the value, a 4221.Va autobridge_ Ns Aq Ar element 4222variable is assumed to exist which has a whitespace separated list of interface 4223names to match, these names can use wildcards. 4224For example: 4225.Bd -literal 4226autobridge_interfaces="bridge0" 4227autobridge_bridge0="tap* dc0 vlan[345]" 4228.Ed 4229.It Va mixer_enable 4230.Pq Vt bool 4231If set to 4232.Dq Li YES , 4233enable support for sound mixer. 4234.It Va hcsecd_enable 4235.Pq Vt bool 4236If set to 4237.Dq Li YES , 4238enable Bluetooth security daemon. 4239.It Va hcsecd_config 4240.Pq Vt str 4241Configuration file for 4242.Xr hcsecd 8 . 4243Default 4244.Pa /etc/bluetooth/hcsecd.conf . 4245.It Va sdpd_enable 4246.Pq Vt bool 4247If set to 4248.Dq Li YES , 4249enable Bluetooth Service Discovery Protocol daemon. 4250.It Va sdpd_control 4251.Pq Vt str 4252Path to 4253.Xr sdpd 8 4254control socket. 4255Default 4256.Pa /var/run/sdp . 4257.It Va sdpd_groupname 4258.Pq Vt str 4259Sets 4260.Xr sdpd 8 4261group to run as after it initializes. 4262Default 4263.Dq Li nobody . 4264.It Va sdpd_username 4265.Pq Vt str 4266Sets 4267.Xr sdpd 8 4268user to run as after it initializes. 4269Default 4270.Dq Li nobody . 4271.It Va bthidd_enable 4272.Pq Vt bool 4273If set to 4274.Dq Li YES , 4275enable Bluetooth Human Interface Device daemon. 4276.It Va bthidd_config 4277.Pq Vt str 4278Configuration file for 4279.Xr bthidd 8 . 4280Default 4281.Pa /etc/bluetooth/bthidd.conf . 4282.It Va bthidd_hids 4283.Pq Vt str 4284Path to a file, where 4285.Xr bthidd 8 4286will store information about known HID devices. 4287Default 4288.Pa /var/db/bthidd.hids . 4289.It Va rfcomm_pppd_server_enable 4290.Pq Vt bool 4291If set to 4292.Dq Li YES , 4293enable Bluetooth RFCOMM PPP wrapper daemon. 4294.It Va rfcomm_pppd_server_profile 4295.Pq Vt str 4296The name of the profile to use from 4297.Pa /etc/ppp/ppp.conf . 4298Multiple profiles can be specified here. 4299Also used to specify per-profile overrides. 4300When the profile name contains any of the characters 4301.Dq Li .-/+ 4302they are translated to 4303.Dq Li _ 4304for the proposes of the override variable names. 4305.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4306.Pq Vt str 4307Overrides local address to listen on. 4308By default 4309.Xr rfcomm_pppd 8 4310will listen on 4311.Dq Li ANY 4312address. 4313The address can be specified as BD_ADDR or name. 4314.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4315.Pq Vt str 4316Overrides local RFCOMM channel to listen on. 4317By default 4318.Xr rfcomm_pppd 8 4319will listen on RFCOMM channel 1. 4320Must set properly if multiple profiles used in the same time. 4321.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4322.Pq Vt bool 4323Tells 4324.Xr rfcomm_pppd 8 4325if it should register Serial Port service on the specified RFCOMM channel. 4326Default 4327.Dq Li NO . 4328.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4329.Pq Vt bool 4330Tells 4331.Xr rfcomm_pppd 8 4332if it should register Dial-Up Networking service on the specified 4333RFCOMM channel. 4334Default 4335.Dq Li NO . 4336.It Va ubthidhci_enable 4337.Pq Vt bool 4338If set to 4339.Dq Li YES , 4340change the USB Bluetooth controller from HID mode to HCI mode. 4341You also need to specify the location of USB Bluetooth controller with the 4342.Va ubthidhci_busnum 4343and 4344.Va ubthidhci_addr 4345variables. 4346.It Va ubthidhci_busnum 4347Bus number where the USB Bluetooth controller is located. 4348Check the output of 4349.Xr usbconfig 8 4350on your system to find this information. 4351.It Va ubthidhci_addr 4352Bus address of the USB Bluetooth controller. 4353Check the output of 4354.Xr usbconfig 8 4355on your system to find this information. 4356.It Va netwait_enable 4357.Pq Vt bool 4358If set to 4359.Dq Li YES , 4360delays the start of network-reliant services until 4361.Va netwait_if 4362is up and ICMP packets to a destination defined in 4363.Va netwait_ip 4364are flowing. 4365Link state is examined first, followed by 4366.Dq Li pinging 4367an IP address to verify network usability. 4368If no destination can be reached or timeouts are exceeded, 4369network services are started anyway with no guarantee that 4370the network is usable. 4371Use of this variable requires both 4372.Va netwait_ip 4373and 4374.Va netwait_if 4375to be set. 4376.It Va netwait_ip 4377.Pq Vt str 4378Empty by default. 4379This variable contains a space-delimited list of IP addresses to 4380.Xr ping 8 . 4381DNS hostnames should not be used as resolution is not guaranteed 4382to be functional at this point. 4383If multiple IP addresses are specified, 4384each will be tried until one is successful or the list is exhausted. 4385.It Va netwait_timeout 4386.Pq Vt int 4387Indicates the total number of seconds to perform a 4388.Dq Li ping 4389against each IP address in 4390.Va netwait_ip , 4391at a rate of one ping per second. 4392If any of the pings are successful, 4393full network connectivity is considered reliable. 4394The default is 60. 4395.It Va netwait_if 4396.Pq Vt str 4397Empty by default. 4398Defines the name of the network interface on which watch for link. 4399.Xr ifconfig 8 4400is used to monitor the interface, looking for 4401.Dq Li status: no carrier . 4402Once gone, the link is considered up. 4403This can be a 4404.Xr vlan 4 4405interface if desired. 4406.It Va netwait_if_timeout 4407.Pq Vt int 4408Defines the total number of seconds to wait for link to become usable, 4409polled at a 1-second interval. 4410The default is 30. 4411.It Va rctl_enable 4412.Pq Vt bool 4413Set to 4414.Dq Li YES 4415to load 4416.Xr rctl 8 4417rules from the defined ruleset. 4418The kernel must be built with 4419.Cd "options RACCT" 4420and 4421.Cd "options RCTL" . 4422.It Va rctl_rules 4423.Pq Vt str 4424Set to 4425.Pa /etc/rctl.conf 4426by default. 4427This variables contains the 4428.Xr rctl.conf 5 4429ruleset to load for 4430.Xr rctl 8 . 4431.El 4432.Sh FILES 4433.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4434.It Pa /etc/defaults/rc.conf 4435.It Pa /etc/rc.conf 4436.It Pa /etc/rc.conf.local 4437.El 4438.Sh SEE ALSO 4439.Xr catman 1 , 4440.Xr chmod 1 , 4441.Xr gdb 1 , 4442.Xr info 1 , 4443.Xr kbdcontrol 1 , 4444.Xr makewhatis 1 , 4445.Xr sh 1 , 4446.Xr vi 1 , 4447.Xr vidcontrol 1 , 4448.Xr bridge 4 , 4449.Xr dummynet 4 , 4450.Xr ip 4 , 4451.Xr ipf 4 , 4452.Xr ipfw 4 , 4453.Xr ipnat 4 , 4454.Xr kld 4 , 4455.Xr pf 4 , 4456.Xr pflog 4 , 4457.Xr pfsync 4 , 4458.Xr tcp 4 , 4459.Xr udp 4 , 4460.Xr exports 5 , 4461.Xr fstab 5 , 4462.Xr ipf 5 , 4463.Xr ipnat 5 , 4464.Xr jail.conf 5 , 4465.Xr motd 5 , 4466.Xr newsyslog.conf 5 , 4467.Xr pf.conf 5 , 4468.Xr security 7 , 4469.Xr accton 8 , 4470.Xr amd 8 , 4471.Xr apm 8 , 4472.Xr atm 8 , 4473.Xr bthidd 8 , 4474.Xr chkprintcap 8 , 4475.Xr chown 8 , 4476.Xr cron 8 , 4477.Xr devfs 8 , 4478.Xr dhclient 8 , 4479.Xr ftpd 8 , 4480.Xr geli 8 , 4481.Xr hcsecd 8 , 4482.Xr ifconfig 8 , 4483.Xr inetd 8 , 4484.Xr ipf 8 , 4485.Xr ipfw 8 , 4486.Xr ipnat 8 , 4487.Xr jail 8 , 4488.Xr kldxref 8 , 4489.Xr lpd 8 , 4490.Xr mdconfig 8 , 4491.Xr mdmfs 8 , 4492.Xr mixer 8 , 4493.Xr mountd 8 , 4494.Xr moused 8 , 4495.Xr mrouted 8 , 4496.Xr newfs 8 , 4497.Xr newsyslog 8 , 4498.Xr nfsd 8 , 4499.Xr ntpd 8 , 4500.Xr ntpdate 8 , 4501.Xr pfctl 8 , 4502.Xr pflogd 8 , 4503.Xr ping 8 , 4504.Xr powerd 8 , 4505.Xr quotacheck 8 , 4506.Xr quotaon 8 , 4507.Xr rc 8 , 4508.Xr rc.sendmail 8 , 4509.Xr rfcomm_pppd 8 , 4510.Xr route 8 , 4511.Xr routed 8 , 4512.Xr rpcbind 8 , 4513.Xr rpc.lockd 8 , 4514.Xr rpc.statd 8 , 4515.Xr rwhod 8 , 4516.Xr savecore 8 , 4517.Xr sdpd 8 , 4518.Xr sshd 8 , 4519.Xr swapon 8 , 4520.Xr sysctl 8 , 4521.Xr syslogd 8 , 4522.Xr timed 8 , 4523.Xr unbound 8 , 4524.Xr usbconfig 8 , 4525.Xr wlandebug 8 , 4526.Xr yp 8 , 4527.Xr ypbind 8 , 4528.Xr ypserv 8 , 4529.Xr ypset 8 4530.Sh HISTORY 4531The 4532.Nm 4533file appeared in 4534.Fx 2.2.2 . 4535.Sh AUTHORS 4536.An Jordan K. Hubbard . 4537