xref: /freebsd/share/man/man5/rc.conf.5 (revision 4313cc83440a39bdf976f955b1d4d3f3c4d1552f)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd February 15, 2014
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/rc.conf.local
63is used to override settings in
64.Pa /etc/rc.conf
65for historical reasons.
66In addition to
67.Pa /etc/rc.conf.local
68you can also place smaller configuration files for each
69.Xr rc 8
70script in the
71.Pa /etc/rc.conf.d
72directory, which will be included by the
73.Va load_rc_config
74function.
75For jail configurations you could use the file
76.Pa /etc/rc.conf.d/jail
77to store jail specific configuration options.
78Also see the
79.Va rc_conf_files
80variable below.
81.Pp
82Options are set with
83.Dq Ar name Ns Li = Ns Ar value
84assignments that use
85.Xr sh 1
86syntax.
87The following list provides a name and short description for each
88variable that can be set in the
89.Nm
90file:
91.Bl -tag -width indent-two
92.It Va rc_debug
93.Pq Vt bool
94If set to
95.Dq Li YES ,
96enable output of debug messages from rc scripts.
97This variable can be helpful in diagnosing mistakes when
98editing or integrating new scripts.
99Beware that this produces copious output to the terminal and
100.Xr syslog 3 .
101.It Va rc_info
102.Pq Vt bool
103If set to
104.Dq Li NO ,
105disable informational messages from the rc scripts.
106Informational messages are displayed when
107a condition that is not serious enough to warrant a warning or
108an error occurs.
109.It Va rc_startmsgs
110.Pq Vt bool
111If set to
112.Dq Li YES ,
113show
114.Dq Starting foo:
115when faststart is used (e.g., at boot time).
116.It Va early_late_divider
117.Pq Vt str
118The name of the script that should be used as the
119delimiter between the
120.Dq early
121and
122.Dq late
123stages of the boot process.
124The early stage should contain all the services needed to
125get the disks (local or remote) mounted so that the late
126stage can include scripts contained in the directories
127listed in the
128.Va local_startup
129variable (see below).
130Thus, the two likely candidates for this value are
131.Pa mountcritlocal
132for the typical system, and
133.Pa mountcritremote
134if the system needs remote file
135systems mounted to get access to the
136.Va local_startup
137directories; for example when
138.Pa /usr/local
139is NFS mounted.
140For
141.Pa rc.conf
142within a
143.Xr jail 8
144.Pa NETWORKING
145is likely to be an appropriate value.
146Extreme care should be taken when changing this value,
147and before changing it one should ensure that there are
148adequate provisions to recover from a failed boot
149(such as physical contact with the machine,
150or reliable remote console access).
151.It Va always_force_depends
152.Pq Vt bool
153Various
154.Pa rc.d
155scripts use the force_depend function to check whether required
156services are already running, and to start them if necessary.
157By default during boot time this check is bypassed if the
158required service is enabled in
159.Pa /etc/rc.conf[.local] .
160Setting this option will bypass that check at boot time and
161always test whether or not the service is actually running.
162Enabling this option is likely to increase your boot time if
163services are enabled that utilize the force_depend check.
164.It Ao Ar name Ac Ns Va _chroot
165.Pq Vt str
166.Xr chroot
167to this directory before running the service.
168.It Ao Ar name Ac Ns Va _user
169.Pq Vt str
170Run the service under this user account.
171.It Ao Ar name Ac Ns Va _group
172.Pq Vt str
173Run the chrooted service under this system group. Unlike the _user
174setting, this setting has no effect if the service is not chrooted.
175.It Ao Ar name Ac Ns Va _fib
176.Pq Vt int
177The
178.Xr setfib 1
179value to run the service under.
180.It Ao Ar name Ac Ns Va _nice
181.Pq Vt int
182The
183.Xr nice 1
184value to run the service under.
185.It Va apm_enable
186.Pq Vt bool
187If set to
188.Dq Li YES ,
189enable support for Automatic Power Management with
190the
191.Xr apm 8
192command.
193.It Va apmd_enable
194.Pq Vt bool
195Run
196.Xr apmd 8
197to handle APM event from userland.
198This also enables support for APM.
199.It Va apmd_flags
200.Pq Vt str
201If
202.Va apmd_enable
203is set to
204.Dq Li YES ,
205these are the flags to pass to the
206.Xr apmd 8
207daemon.
208.It Va devd_enable
209.Pq Vt bool
210Run
211.Xr devd 8
212to handle device added, removed or unknown events from the kernel.
213.It Va ddb_enable
214.Pq Vt bool
215Run
216.Xr ddb 8
217to install
218.Xr ddb 4
219scripts at boot time.
220.It Va ddb_config
221.Pq Vt str
222Configuration file for
223.Xr ddb 8 .
224Default
225.Pa /etc/ddb.conf .
226.It Va kld_list
227.Pq Vt str
228A list of kernel modules to load right after the local
229disks are mounted.
230Loading modules at this point in the boot process is
231much faster than doing it via
232.Pa /boot/loader.conf
233for those modules not necessary for mounting local disk.
234.It Va kldxref_enable
235.Pq Vt bool
236Set to
237.Dq Li NO
238by default.
239Set to
240.Dq Li YES
241to automatically rebuild
242.Pa linker.hints
243files with
244.Xr kldxref 8
245at boot time.
246.It Va kldxref_clobber
247.Pq Vt bool
248Set to
249.Dq Li NO
250by default.
251If
252.Va kldxref_enable
253is true,
254setting to
255.Dq Li YES
256will overwrite existing
257.Pa linker.hints
258files at boot time.
259Otherwise,
260only missing
261.Pa linker.hints
262files are generated.
263.It Va kldxref_module_path
264.Pq Vt str
265Empty by default.
266A semi-colon
267.Pq Ql \&;
268delimited list of paths containing
269.Xr kld 4
270modules.
271If empty,
272the contents of the
273.Va kern.module_path
274.Xr sysctl 8
275are used.
276.It Va powerd_enable
277.Pq Vt bool
278If set to
279.Dq Li YES ,
280enable the system power control facility with the
281.Xr powerd 8
282daemon.
283.It Va powerd_flags
284.Pq Vt str
285If
286.Va powerd_enable
287is set to
288.Dq Li YES ,
289these are the flags to pass to the
290.Xr powerd 8
291daemon.
292.It Va tmpmfs
293Controls the creation of a
294.Pa /tmp
295memory file system.
296Always happens if set to
297.Dq Li YES
298and never happens if set to
299.Dq Li NO .
300If set to anything else, a memory file system is created if
301.Pa /tmp
302is not writable.
303.It Va tmpsize
304Controls the size of a created
305.Pa /tmp
306memory file system.
307.It Va tmpmfs_flags
308Extra options passed to the
309.Xr mdmfs 8
310utility when the memory file system for
311.Pa /tmp
312is created.
313The default is
314.Dq Li "-S" ,
315which inhibits the use of softupdates on
316.Pa /tmp
317so that file system space is freed without delay
318after file truncation or deletion.
319See
320.Xr mdmfs 8
321for other options you can use in
322.Va tmpmfs_flags .
323.It Va varmfs
324Controls the creation of a
325.Pa /var
326memory file system.
327Always happens if set to
328.Dq Li YES
329and never happens if set to
330.Dq Li NO .
331If set to anything else, a memory file system is created if
332.Pa /var
333is not writable.
334.It Va varsize
335Controls the size of a created
336.Pa /var
337memory file system.
338.It Va varmfs_flags
339Extra options passed to the
340.Xr mdmfs 8
341utility when the memory file system for
342.Pa /var
343is created.
344The default is
345.Dq Li "-S" ,
346which inhibits the use of softupdates on
347.Pa /var
348so that file system space is freed without delay
349after file truncation or deletion.
350See
351.Xr mdmfs 8
352for other options you can use in
353.Va varmfs_flags .
354.It Va populate_var
355Controls the automatic population of the
356.Pa /var
357file system.
358Always happens if set to
359.Dq Li YES
360and never happens if set to
361.Dq Li NO .
362If set to anything else, a memory file system is created if
363.Pa /var
364is not writable.
365Note that this process requires access to certain commands in
366.Pa /usr
367before
368.Pa /usr
369is mounted on normal systems.
370.It Va cleanvar_enable
371.Pq Vt bool
372Clean the
373.Pa /var
374directory.
375.It Va local_startup
376.Pq Vt str
377List of directories to search for startup script files.
378.It Va script_name_sep
379.Pq Vt str
380The field separator to use for breaking down the list of startup script files
381into individual filenames.
382The default is a space.
383It is not necessary to change this unless there are startup scripts with names
384containing spaces.
385.It Va hostapd_enable
386.Pq Vt bool
387Set to
388.Dq Li YES
389to start
390.Xr hostapd 8
391at system boot time.
392.It Va hostname
393.Pq Vt str
394The fully qualified domain name (FQDN) of this host on the network.
395This should almost certainly be set to something meaningful, even if
396there is no network connection.
397If
398.Xr dhclient 8
399is used to set the hostname via DHCP,
400this variable should be set to an empty string.
401If this value remains unset when the system is done booting
402your console login will display the default hostname of
403.Dq Amnesiac .
404.It Va nisdomainname
405.Pq Vt str
406The NIS domain name of this host, or
407.Dq Li NO
408if NIS is not used.
409.It Va dhclient_program
410.Pq Vt str
411Path to the DHCP client program
412.Pa ( /sbin/dhclient ,
413the
414.Ox
415DHCP client,
416is the default).
417.It Va dhclient_flags
418.Pq Vt str
419Additional flags to pass to the DHCP client program.
420For the
421.Ox
422DHCP client, see the
423.Xr dhclient 8
424manpage for a description of the command line options available.
425.It Va dhclient_flags_ Ns Aq Ar iface
426Additional flags to pass to the DHCP client program running on
427.Ar iface
428only.
429When specified, this variable overrides
430.Va dhclient_flags .
431.It Va background_dhclient
432.Pq Vt bool
433Set to
434.Dq Li YES
435to start the DHCP client in background.
436This can cause trouble with applications depending on
437a working network, but it will provide a faster startup
438in many cases.
439.It Va background_dhclient_ Ns Aq Ar iface
440When specified, this variable overrides the
441.Va background_dhclient
442variable for interface
443.Ar iface
444only.
445.It Va synchronous_dhclient
446.Pq Vt bool
447Set to
448.Dq Li YES
449to start
450.Xr dhclient 8
451synchronously at startup.
452This behavior can be overridden on a per-interface basis by replacing
453the
454.Dq Li DHCP
455keyword in the
456.Va ifconfig_ Ns Aq Ar interface
457variable with
458.Dq Li SYNCDHCP
459or
460.Dq Li NOSYNCDHCP .
461.It Va defaultroute_delay
462.Pq Vt int
463When set to a positive value, wait up to this long after configuring
464DHCP interfaces at startup to give the interfaces time to receive a lease.
465.It Va firewall_enable
466.Pq Vt bool
467Set to
468.Dq Li YES
469to load firewall rules at startup.
470If the kernel was not built with
471.Cd "options IPFIREWALL" ,
472the
473.Pa ipfw.ko
474kernel module will be loaded.
475See also
476.Va ipfilter_enable .
477.It Va firewall_script
478.Pq Vt str
479This variable specifies the full path to the firewall script to run.
480The default is
481.Pa /etc/rc.firewall .
482.It Va firewall_type
483.Pq Vt str
484Names the firewall type from the selection in
485.Pa /etc/rc.firewall ,
486or the file which contains the local firewall ruleset.
487Valid selections from
488.Pa /etc/rc.firewall
489are:
490.Pp
491.Bl -tag -width ".Li simple" -compact
492.It Li open
493unrestricted IP access
494.It Li closed
495all IP services disabled, except via
496.Dq Li lo0
497.It Li client
498basic protection for a workstation
499.It Li simple
500basic protection for a LAN.
501.El
502.Pp
503If a filename is specified, the full path
504must be given.
505.It Va firewall_quiet
506.Pq Vt bool
507Set to
508.Dq Li YES
509to disable the display of firewall rules on the console during boot.
510.It Va firewall_logging
511.Pq Vt bool
512Set to
513.Dq Li YES
514to enable firewall event logging.
515This is equivalent to the
516.Dv IPFIREWALL_VERBOSE
517kernel option.
518.It Va firewall_logif
519.Pq Vt bool
520Set to
521.Dq Li YES
522to create pseudo interface
523.Li ipfw0
524for logging.
525For more details, see
526.Xr ipfw 8
527manual page.
528.It Va firewall_flags
529.Pq Vt str
530Flags passed to
531.Xr ipfw 8
532if
533.Va firewall_type
534specifies a filename.
535.It Va firewall_coscripts
536.Pq Vt str
537List of executables and/or rc scripts to run after firewall starts/stops.
538Default is empty.
539.\" ----- firewall_nat_enable setting --------------------------------
540.It Va firewall_nat_enable
541.Pq Vt bool
542The
543.Xr ipfw 8
544equivalent of
545.Va natd_enable .
546Setting this to
547.Dq Li YES
548enables kernel NAT.
549.Va firewall_enable
550must also be set to
551.Dq Li YES .
552.It Va firewall_nat_interface
553.Pq Vt str
554The
555.Xr ipfw 8
556equivalent of
557.Va natd_interface .
558This is the name of the public interface or IP address on which
559kernel NAT should run.
560.It Va firewall_nat_flags
561.Pq Vt str
562Additional configuration parameters for kernel NAT should be placed here.
563.It Va dummynet_enable
564.Pq Vt bool
565Setting this to
566.Dq Li YES
567will automatically load the
568.Xr dummynet 4
569module if
570.Va firewall_enable
571is also set to
572.Dq Li YES .
573.\" -------------------------------------------------------------------
574.It Va natd_program
575.Pq Vt str
576Path to
577.Xr natd 8 .
578.It Va natd_enable
579.Pq Vt bool
580Set to
581.Dq Li YES
582to enable
583.Xr natd 8 .
584.Va firewall_enable
585must also be set to
586.Dq Li YES ,
587and
588.Xr divert 4
589sockets must be enabled in the kernel.
590If the kernel was not built with
591.Cd "options IPDIVERT" ,
592the
593.Pa ipdivert.ko
594kernel module will be loaded.
595.It Va natd_interface
596.Pq Vt str
597This is the name of the public interface on which
598.Xr natd 8
599should run.
600The interface may be given as an interface name or as an IP address.
601.It Va natd_flags
602.Pq Vt str
603Additional
604.Xr natd 8
605flags should be placed here.
606The
607.Fl n
608or
609.Fl a
610flag is automatically added with the above
611.Va natd_interface
612as an argument.
613.\" ----- ipfilter_enable setting --------------------------------
614.It Va ipfilter_enable
615.Pq Vt bool
616Set to
617.Dq Li NO
618by default.
619Setting this to
620.Dq Li YES
621enables
622.Xr ipf 8
623packet filtering.
624.Pp
625Typical usage will require putting
626.Bd -literal
627ipfilter_enable="YES"
628ipnat_enable="YES"
629ipmon_enable="YES"
630ipfs_enable="YES"
631.Ed
632.Pp
633into
634.Pa /etc/rc.conf
635and editing
636.Pa /etc/ipf.rules
637and
638.Pa /etc/ipnat.rules
639appropriately.
640.Pp
641Note that
642.Va ipfilter_enable
643and
644.Va ipnat_enable
645can be enabled independently.
646.Va ipmon_enable
647and
648.Va ipfs_enable
649both require at least one of
650.Va ipfilter_enable
651and
652.Va ipnat_enable
653to be enabled.
654.Pp
655Having
656.Bd -literal
657options IPFILTER
658options IPFILTER_LOG
659options IPFILTER_DEFAULT_BLOCK
660.Ed
661.Pp
662in the kernel configuration file is a good idea, too.
663.\" ----- ipfilter_program setting ------------------------------
664.It Va ipfilter_program
665.Pq Vt str
666Path to
667.Xr ipf 8
668(default
669.Pa /sbin/ipf ) .
670.\" ----- ipfilter_rules setting --------------------------------
671.It Va ipfilter_rules
672.Pq Vt str
673Set to
674.Pa /etc/ipf.rules
675by default.
676This variable contains the name of the filter rule definition file.
677The file is expected to be readable for the
678.Xr ipf 8
679command to execute.
680.\" ----- ipv6_ipfilter_rules setting ---------------------------
681.It Va ipv6_ipfilter_rules
682.Pq Vt str
683Set to
684.Pa /etc/ipf6.rules
685by default.
686This variable contains the IPv6 filter rule definition file.
687The file is expected to be readable for the
688.Xr ipf 8
689command to execute.
690.\" ----- ipfilter_flags setting --------------------------------
691.It Va ipfilter_flags
692.Pq Vt str
693Empty by default.
694This variable contains flags passed to the
695.Xr ipf 8
696program.
697.\" ----- ipnat_enable setting ----------------------------------
698.It Va ipnat_enable
699.Pq Vt bool
700Set to
701.Dq Li NO
702by default.
703Set it to
704.Dq Li YES
705to enable
706.Xr ipnat 8
707network address translation.
708See
709.Va ipfilter_enable
710for a detailed discussion.
711.\" ----- ipnat_program setting ---------------------------------
712.It Va ipnat_program
713.Pq Vt str
714Path to
715.Xr ipnat 8
716(default
717.Pa /sbin/ipnat ) .
718.\" ----- ipnat_rules setting -----------------------------------
719.It Va ipnat_rules
720.Pq Vt str
721Set to
722.Pa /etc/ipnat.rules
723by default.
724This variable contains the name of the file
725holding the network address translation definition.
726This file is expected to be readable for the
727.Xr ipnat 8
728command to execute.
729.\" ----- ipnat_flags setting -----------------------------------
730.It Va ipnat_flags
731.Pq Vt str
732Empty by default.
733This variable contains flags passed to the
734.Xr ipnat 8
735program.
736.\" ----- ipmon_enable setting ----------------------------------
737.It Va ipmon_enable
738.Pq Vt bool
739Set to
740.Dq Li NO
741by default.
742Set it to
743.Dq Li YES
744to enable
745.Xr ipmon 8
746monitoring (logging
747.Xr ipf 8
748and
749.Xr ipnat 8
750events).
751Setting this variable needs setting
752.Va ipfilter_enable
753or
754.Va ipnat_enable
755too.
756See
757.Va ipfilter_enable
758for a detailed discussion.
759.\" ----- ipmon_program setting ---------------------------------
760.It Va ipmon_program
761.Pq Vt str
762Path to
763.Xr ipmon 8
764(default
765.Pa /sbin/ipmon ) .
766.\" ----- ipmon_flags setting -----------------------------------
767.It Va ipmon_flags
768.Pq Vt str
769Set to
770.Dq Li -Ds
771by default.
772This variable contains flags passed to the
773.Xr ipmon 8
774program.
775Another typical example would be
776.Dq Fl D Pa /var/log/ipflog
777to have
778.Xr ipmon 8
779log directly to a file bypassing
780.Xr syslogd 8 .
781Make sure to adjust
782.Pa /etc/newsyslog.conf
783in such case like this:
784.Bd -literal
785/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
786.Ed
787.\" ----- ipfs_enable setting -----------------------------------
788.It Va ipfs_enable
789.Pq Vt bool
790Set to
791.Dq Li NO
792by default.
793Set it to
794.Dq Li YES
795to enable
796.Xr ipfs 8
797saving the filter and NAT state tables during shutdown
798and reloading them during startup again.
799Setting this variable needs setting
800.Va ipfilter_enable
801or
802.Va ipnat_enable
803to
804.Dq Li YES
805too.
806See
807.Va ipfilter_enable
808for a detailed discussion.
809Note that if
810.Va kern_securelevel
811is set to 3,
812.Va ipfs_enable
813cannot be used
814because the raised securelevel will prevent
815.Xr ipfs 8
816from saving the state tables at shutdown time.
817.\" ----- ipfs_program setting ----------------------------------
818.It Va ipfs_program
819.Pq Vt str
820Path to
821.Xr ipfs 8
822(default
823.Pa /sbin/ipfs ) .
824.\" ----- ipfs_flags setting ------------------------------------
825.It Va ipfs_flags
826.Pq Vt str
827Empty by default.
828This variable contains flags passed to the
829.Xr ipfs 8
830program.
831.\" ----- end of added ipf hook ---------------------------------
832.It Va pf_enable
833.Pq Vt bool
834Set to
835.Dq Li NO
836by default.
837Setting this to
838.Dq Li YES
839enables
840.Xr pf 4
841packet filtering.
842.Pp
843Typical usage will require putting
844.Pp
845.Dl pf_enable="YES"
846.Pp
847into
848.Pa /etc/rc.conf
849and editing
850.Pa /etc/pf.conf
851appropriately.
852Adding
853.Pp
854.Dl "device pf"
855.Pp
856builds support for
857.Xr pf 4
858into the kernel, otherwise the
859kernel module will be loaded.
860.It Va pf_rules
861.Pq Vt str
862Path to
863.Xr pf 4
864ruleset configuration file
865(default
866.Pa /etc/pf.conf ) .
867.It Va pf_program
868.Pq Vt str
869Path to
870.Xr pfctl 8
871(default
872.Pa /sbin/pfctl ) .
873.It Va pf_flags
874.Pq Vt str
875If
876.Va pf_enable
877is set to
878.Dq Li YES ,
879these flags are passed to the
880.Xr pfctl 8
881program when loading the ruleset.
882.It Va pflog_enable
883.Pq Vt bool
884Set to
885.Dq Li NO
886by default.
887Setting this to
888.Dq Li YES
889enables
890.Xr pflogd 8
891which logs packets from the
892.Xr pf 4
893packet filter.
894.It Va pflog_logfile
895.Pq Vt str
896If
897.Va pflog_enable
898is set to
899.Dq Li YES
900this controls where
901.Xr pflogd 8
902stores the logfile
903(default
904.Pa /var/log/pflog ) .
905Check
906.Pa /etc/newsyslog.conf
907to adjust logfile rotation for this.
908.It Va pflog_program
909.Pq Vt str
910Path to
911.Xr pflogd 8
912(default
913.Pa /sbin/pflogd ) .
914.It Va pflog_flags
915.Pq Vt str
916Empty by default.
917This variable contains additional flags passed to the
918.Xr pflogd 8
919program.
920.It Va pflog_instances
921.Pq Vt str
922If logging to more than one
923.Xr pflog 4
924interface is desired,
925.Va pflog_instances
926is set to the list of
927.Xr pflogd 8
928instances that should be started at system boot time. If
929.Va pflog_instances
930is set, for each whitespace-seperated
931.Ar element
932in the list,
933.Ao Ar element Ac Ns Va _dev
934and
935.Ao Ar element Ac Ns Va _logfile
936elements are assumed to exist.
937.Ao Ar element Ac Ns Va _dev
938must contain the
939.Xr pflog 4
940interface to be watched by the named
941.Xr pflogd 8
942instance.
943.Ao Ar element Ac Ns Va _logfile
944must contain the name of the logfile that will be used by the
945.Xr pflogd 8
946instance.
947.It Va ftpproxy_enable
948.Pq Vt bool
949Set to
950.Dq Li NO
951by default.
952Setting this to
953.Dq Li YES
954enables
955.Xr ftp-proxy 8
956which supports the
957.Xr pf 4
958packet filter in translating ftp connections.
959.It Va ftpproxy_flags
960.Pq Vt str
961Empty by default.
962This variable contains additional flags passed to the
963.Xr ftp-proxy 8
964program.
965.It Va ftpproxy_instances
966.Pq Vt str
967Empty by default. If multiple instances of
968.Xr ftp-proxy 8
969are desired at boot time,
970.Va ftpproxy_instances
971should contain a whitespace-seperated list of instance names. For each
972.Ar element
973in the list, a variable named
974.Ao Ar element Ac Ns Va _flags
975should be defined, containing the command-line flags to be passed to the
976.Xr ftp-proxy 8
977instance.
978.It Va pfsync_enable
979.Pq Vt bool
980Set to
981.Dq Li NO
982by default.
983Setting this to
984.Dq Li YES
985enables exposing
986.Xr pf 4
987state changes to other hosts over the network by means of
988.Xr pfsync 4 .
989The
990.Va pfsync_syncdev
991variable
992must also be set then.
993.It Va pfsync_syncdev
994.Pq Vt str
995Empty by default.
996This variable specifies the name of the network interface
997.Xr pfsync 4
998should operate through.
999It must be set accordingly if
1000.Va pfsync_enable
1001is set to
1002.Dq Li YES .
1003.It Va pfsync_syncpeer
1004.Pq Vt str
1005Empty by default.
1006This variable is optional.
1007By default, state change messages are sent out on the synchronisation
1008interface using IP multicast packets.
1009The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1010224.0.0.240.
1011When a peer address is specified using the
1012.Va pfsync_syncpeer
1013option, the peer address is used as a destination for the pfsync
1014traffic, and the traffic can then be protected using
1015.Xr ipsec 4 .
1016See the
1017.Xr pfsync 4
1018manpage for more details about using
1019.Xr ipsec 4
1020with
1021.Xr pfsync 4
1022interfaces.
1023.It Va pfsync_ifconfig
1024.Pq Vt str
1025Empty by default.
1026This variable can contain additional options to be passed to the
1027.Xr ifconfig 8
1028command used to set up
1029.Xr pfsync 4 .
1030.It Va tcp_extensions
1031.Pq Vt bool
1032Set to
1033.Dq Li YES
1034by default.
1035Setting this to
1036.Dq Li NO
1037disables certain TCP options as described by
1038.Rs
1039.%T "RFC 1323"
1040.Re
1041Setting this to
1042.Dq Li NO
1043might help remedy such problems with connections as randomly hanging
1044or other weird behavior.
1045Some network devices are known
1046to be broken with respect to these options.
1047.It Va log_in_vain
1048.Pq Vt int
1049Set to 0 by default.
1050The
1051.Xr sysctl 8
1052variables,
1053.Va net.inet.tcp.log_in_vain
1054and
1055.Va net.inet.udp.log_in_vain ,
1056as described in
1057.Xr tcp 4
1058and
1059.Xr udp 4 ,
1060are set to the given value.
1061.It Va tcp_keepalive
1062.Pq Vt bool
1063Set to
1064.Dq Li YES
1065by default.
1066Setting to
1067.Dq Li NO
1068will disable probing idle TCP connections to verify that the
1069peer is still up and reachable.
1070.It Va tcp_drop_synfin
1071.Pq Vt bool
1072Set to
1073.Dq Li NO
1074by default.
1075Setting to
1076.Dq Li YES
1077will cause the kernel to ignore TCP frames that have both
1078the SYN and FIN flags set.
1079This prevents OS fingerprinting, but may
1080break some legitimate applications.
1081.It Va icmp_drop_redirect
1082.Pq Vt bool
1083Set to
1084.Dq Li NO
1085by default.
1086Setting to
1087.Dq Li YES
1088will cause the kernel to ignore ICMP REDIRECT packets.
1089Refer to
1090.Xr icmp 4
1091for more information.
1092.It Va icmp_log_redirect
1093.Pq Vt bool
1094Set to
1095.Dq Li NO
1096by default.
1097Setting to
1098.Dq Li YES
1099will cause the kernel to log ICMP REDIRECT packets.
1100Note that
1101the log messages are not rate-limited, so this option should only be used
1102for troubleshooting networks.
1103Refer to
1104.Xr icmp 4
1105for more information.
1106.It Va icmp_bmcastecho
1107.Pq Vt bool
1108Set to
1109.Dq Li YES
1110to respond to broadcast or multicast ICMP ping packets.
1111Refer to
1112.Xr icmp 4
1113for more information.
1114.It Va ip_portrange_first
1115.Pq Vt int
1116If not set to
1117.Dq Li NO ,
1118this is the first port in the default portrange.
1119Refer to
1120.Xr ip 4
1121for more information.
1122.It Va ip_portrange_last
1123.Pq Vt int
1124If not set to
1125.Dq Li NO ,
1126this is the last port in the default portrange.
1127Refer to
1128.Xr ip 4
1129for more information.
1130.It Va network_interfaces
1131.Pq Vt str
1132Set to the list of network interfaces to configure on this host or
1133.Dq Li AUTO
1134(the default) for all current interfaces.
1135Setting the
1136.Va network_interfaces
1137variable to anything other than the default is deprecated.
1138Interfaces that the administrator wishes to store configuration for,
1139but not start at boot should be configured with the
1140.Dq Li NOAUTO
1141keyword in their
1142.Va ifconfig_ Ns Aq Ar interface
1143variables as described below.
1144.Pp
1145An
1146.Va ifconfig_ Ns Aq Ar interface
1147variable is also assumed to exist for each value of
1148.Ar interface .
1149When an interface name contains any of the characters
1150.Dq Li .-/+
1151they are translated to
1152.Dq Li _
1153before lookup.
1154The variable can contain arguments to
1155.Xr ifconfig 8 ,
1156as well as special case-insensitive keywords described below.
1157Such keywords are removed before passing the value to
1158.Xr ifconfig 8
1159while the order of the other arguments is preserved.
1160.Pp
1161It is possible to add IP alias entries using
1162.Xr ifconfig 8
1163syntax with the address family keyword such as
1164.Li inet .
1165Assuming that the interface in question was
1166.Li ed0 ,
1167it might look something like this:
1168.Bd -literal
1169ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1170ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1171.Ed
1172.Pp
1173It also possible to configure multiple IP addresses in Classless
1174Inter-Domain Routing
1175.Pq CIDR
1176address notation,
1177whose each address component can be a range like
1178.Li inet 192.0.2.5-23/24
1179or
1180.Li inet6 2001:db8:1-f::1/64 .
1181This notation allows address and prefix length part only,
1182not the other address modifiers.
1183.Pp
1184In the case of
1185.Li 192.0.2.5-23/24 ,
1186the address 192.0.2.5 will be configured with the
1187netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1188the non-conflicting netmask /32 as explained in the
1189.Xr ifconfig 8
1190alias section.
1191Note that this special netmask handling is only for
1192.Li inet ,
1193not for the other address families such as
1194.Li inet6 .
1195.Pp
1196With the interface in question being
1197.Li ed0 ,
1198an example could look like:
1199.Bd -literal
1200ifconfig_ed0_alias2="inet 192.0.2.129/27"
1201ifconfig_ed0_alias3="inet 192.0.2.1-5/28"
1202.Ed
1203.Pp
1204and so on.
1205.Pp
1206Note that
1207.Va ipv4_addrs_ Ns Aq Ar interface
1208variable was supported for IPv4 CIDR address notation.
1209It is now deprecated because the functionality was integrated into
1210.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1211though
1212.Va ipv4_addrs_ Ns Aq Ar interface
1213is still supported for backward compatibility.
1214.Pp
1215For each
1216.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1217entry with an address family keyword,
1218its contents are passed to
1219.Xr ifconfig 8 .
1220Execution stops at the first unsuccessful access, so if
1221something like this is present:
1222.Bd -literal
1223ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1224ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1225ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1226ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1227.Ed
1228.Pp
1229Then note that alias4 would
1230.Em not
1231be added since the search would
1232stop with the missing
1233.Dq Li alias3
1234entry.
1235Because of this difficult to manage behavior,
1236there is
1237.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1238variable, which has the same functionality as
1239.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1240and can have all of entries in a variable like the following:
1241.Bd -literal
1242ifconfig_ed0_aliases="\\
1243	inet 127.0.0.251 netmask 0xffffffff \\
1244	inet 127.0.0.252 netmask 0xffffffff \\
1245	inet 127.0.0.253 netmask 0xffffffff \\
1246	inet 127.0.0.254 netmask 0xffffffff"
1247.Ed
1248.Pp
1249It also supports CIDR notation.
1250.Pp
1251If the
1252.Pa /etc/start_if. Ns Aq Ar interface
1253file is present, it is read and executed by the
1254.Xr sh 1
1255interpreter
1256before configuring the interface as specified in the
1257.Va ifconfig_ Ns Aq Ar interface
1258and
1259.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1260variables.
1261.Pp
1262If a
1263.Va vlans_ Ns Aq Ar interface
1264variable is set,
1265a
1266.Xr vlan 4
1267interface will be created for each item in the list with the
1268.Ar vlandev
1269argument set to
1270.Ar interface .
1271If a vlan interface's name is a number,
1272then that number is used as the vlan tag and the new vlan interface is
1273named
1274.Ar interface . Ns Ar tag .
1275Otherwise,
1276the vlan tag must be specified via a
1277.Va vlan
1278parameter in the
1279.Va create_args_ Ns Aq Ar interface
1280variable.
1281.Pp
1282To create a vlan device named
1283.Li em0.101
1284on
1285.Li em0
1286with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1287.Bd -literal
1288vlans_em0="101"
1289ifconfig_em0_101="inet 192.0.2.1/24"
1290.Ed
1291.Pp
1292To create a vlan device named
1293.Li myvlan
1294on
1295.Li em0
1296with the vlan tag 102:
1297.Bd -literal
1298vlans_em0="myvlan"
1299create_args_myvlan="vlan 102"
1300.Ed
1301.Pp
1302If a
1303.Va wlans_ Ns Aq Ar interface
1304variable is set,
1305an
1306.Xr wlan 4
1307interface will be created for each item in the list with the
1308.Ar wlandev
1309argument set to
1310.Ar interface .
1311Further wlan cloning arguments may be passed to the
1312.Xr ifconfig 8
1313.Cm create
1314command by setting the
1315.Va create_args_ Ns Aq Ar interface
1316variable.
1317One or more
1318.Xr wlan 4
1319devices must be created for each wireless devices as of
1320.Fx 8.0 .
1321Debugging flags for
1322.Xr wlan 4
1323devices as set by
1324.Xr wlandebug 8
1325may be specified with an
1326.Va wlandebug_ Ns Aq Ar interface
1327variable.
1328The contents of this variable will be passed directly to
1329.Xr wlandebug 8 .
1330.Pp
1331If the
1332.Va ifconfig_ Ns Aq Ar interface
1333contains the keyword
1334.Dq Li NOAUTO
1335then the interface will not be configured
1336at boot or by
1337.Pa /etc/pccard_ether
1338when
1339.Va network_interfaces
1340is set to
1341.Dq Li AUTO .
1342.Pp
1343It is possible to bring up an interface with DHCP by adding
1344.Dq Li DHCP
1345to the
1346.Va ifconfig_ Ns Aq Ar interface
1347variable.
1348For instance, to initialize the
1349.Li ed0
1350device via DHCP,
1351it is possible to use something like:
1352.Bd -literal
1353ifconfig_ed0="DHCP"
1354.Ed
1355.Pp
1356If you want to configure your wireless interface with
1357.Xr wpa_supplicant 8
1358for use with WPA, EAP/LEAP or WEP, you need to add
1359.Dq Li WPA
1360to the
1361.Va ifconfig_ Ns Aq Ar interface
1362variable.
1363.Pp
1364On the other hand, if you want to configure your wireless interface with
1365.Xr hostapd 8 ,
1366you need to add
1367.Dq Li HOSTAP
1368to the
1369.Va ifconfig_ Ns Aq Ar interface
1370variable.
1371.Xr hostapd 8
1372will use the settings from
1373.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1374.Pp
1375Finally, you can add
1376.Xr ifconfig 8
1377options in this variable, in addition to the
1378.Pa /etc/start_if. Ns Aq Ar interface
1379file.
1380For instance, to configure an
1381.Xr ath 4
1382wireless device in station mode with an address obtained
1383via DHCP, using WPA authentication and 802.11b mode, it is
1384possible to use something like:
1385.Bd -literal
1386wlans_ath0="wlan0"
1387ifconfig_wlan0="DHCP WPA mode 11b"
1388.Ed
1389.Pp
1390In addition to the
1391.Va ifconfig_ Ns Aq Ar interface
1392form, a fallback variable
1393.Va ifconfig_DEFAULT
1394may be configured.
1395It will be used for all interfaces with no
1396.Va ifconfig_ Ns Aq Ar interface
1397variable.
1398This is intended to replace the no longer supported
1399.Va pccard_ifconfig
1400variable.
1401.Pp
1402It is also possible to rename an interface by doing:
1403.Bd -literal
1404ifconfig_ed0_name="net0"
1405ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1406.Ed
1407.It Va ipv6_enable
1408.Pq Vt bool
1409This variable is deprecated.
1410Use
1411.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1412and
1413.Va ipv6_activate_all_interfaces
1414if necessary.
1415.Pp
1416If the variable is
1417.Dq Li YES ,
1418.Dq Li inet6 accept_rtadv
1419is added to all of
1420.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1421and the
1422.Va ipv6_activate_all_interfaces
1423is defined as
1424.Dq Li YES .
1425.It Va ipv6_prefer
1426.Pq Vt bool
1427This variable is deprecated.
1428Use
1429.Va ip6addrctl_policy
1430instead.
1431.Pp
1432If the variable is
1433.Dq Li YES ,
1434the default address selection policy table set by
1435.Xr ip6addrctl 8
1436will be IPv6-preferred.
1437.Pp
1438If the variable is
1439.Dq Li NO ,
1440the default address selection policy table set by
1441.Xr ip6addrctl 8
1442will be IPv4-preferred.
1443.It Va ipv6_activate_all_interfaces
1444.Pq Vt bool
1445This controls initial configuration on IPv6-capable
1446interfaces with no corresponding
1447.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1448variable.
1449Note that it is not always necessary to set this variable to
1450.Dq YES
1451to use IPv6 functionality on
1452.Fx .
1453In most cases, just configuring
1454.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1455variables works.
1456.Pp
1457If the variable is
1458.Dq Li NO ,
1459all interfaces which do not have a corresponding
1460.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1461variable will be marked as
1462.Dq Li IFDISABLED
1463at creation.
1464This means that all of IPv6 functionality on that interface
1465is completely disabled to enforce a security policy.
1466If the variable is set to
1467.Dq YES ,
1468the flag will be cleared on all of the interfaces.
1469.Pp
1470In most cases, just defining an
1471.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1472for an IPv6-capable interface should be sufficient.
1473However, if an interface is added dynamically
1474.Pq by some tunneling protocols such as PPP, for example ,
1475it is often difficult to define the variable in advance.
1476In such a case, configuring the
1477.Dq Li IFDISABLED
1478flag can be disabled by setting this variable to
1479.Dq YES .
1480.Pp
1481For more details of the
1482.Dq Li IFDISABLED
1483flag and keywords
1484.Dq Li inet6 ifdisabled ,
1485see
1486.Xr ifconfig 8 .
1487.Pp
1488Default is
1489.Dq Li NO .
1490.It Va ipv6_privacy
1491.Pq Vt bool
1492If the variable is
1493.Dq Li YES
1494privacy addresses will be generated for each IPv6
1495interface as described in RFC 4941.
1496.It Va ipv6_network_interfaces
1497.Pq Vt str
1498This is the IPv6 equivalent of
1499.Va network_interfaces .
1500Normally manual configuration of this variable is not needed.
1501.Pp
1502.It Va ipv6_cpe_wanif
1503.Pq Vt str
1504If the variable is set to an interface name,
1505the
1506.Xr ifconfig 8
1507options
1508.Dq inet6 -no_radr accept_rtadv
1509will be added to the specified interface automatically before evaluating
1510.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1511and two
1512.Xr sysctl 8
1513variables
1514.Va net.inet6.ip6.rfc6204w3
1515and
1516.Va net.inet6.ip6.no_radr
1517will be set to 1.
1518.Pp
1519This means the specified interface will accept ICMPv6 Router
1520Advertisement messages on that link and add the discovered
1521routers into the Default Router List.
1522While the other interfaces can still accept RA messages if the
1523.Dq inet6 accept_rtadv
1524option is specified, adding
1525routes into the Default Router List will be disabled by
1526.Dq inet6 no_radr
1527option by default.
1528See
1529.Xr ifconfig 8
1530for more details.
1531.Pp
1532Note that ICMPv6 Router Advertisement messages will be
1533accepted even when
1534.Va net.inet6.ip6.forwarding
1535is 1
1536.Pq packet forwarding is enabled
1537when
1538.Va net.inet6.ip6.rfc6204w3
1539is set to 1.
1540.Pp
1541Default is
1542.Dq Li NO .
1543.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1544.Pq Vt str
1545IPv6 functionality on an interface should be configured by
1546.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1547instead of setting ifconfig parameters in
1548.Va ifconfig_ Ns Aq Ar interface .
1549If this variable is empty, all of IPv6 configurations on the
1550specified interface by other variables such as
1551.Va ipv6_prefix_ Ns Ao Ar interface Ac
1552will be ignored.
1553.Pp
1554Aliases should be set by
1555.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1556with
1557.Dq Li inet6
1558keyword.
1559For example:
1560.Bd -literal
1561ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1562ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1563.Ed
1564.Pp
1565Interfaces that have an
1566.Dq Li inet6 accept_rtadv
1567keyword in
1568.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1569setting will be automatically configured by SLAAC
1570.Pq StateLess Address AutoConfiguration
1571described in
1572.Rs
1573.%T "RFC 4862"
1574.Re
1575.Pp
1576Note that a link-local address will be automatically configured in
1577addition to the configured global-scope addresses because the IPv6
1578specifications require it on each link.
1579The address is calculated from the MAC address by using an algorithm
1580defined in
1581.Rs
1582.%T "RFC 4862"
1583.%O "Section 5.3"
1584.Re
1585.Pp
1586If only a link-local address is needed on the interface,
1587the following configuration can be used:
1588.Bd -literal
1589ifconfig_ed0_ipv6="inet6 auto_linklocal"
1590.Ed
1591.Pp
1592A link-local address can also be configured manually.
1593This is useful for the default router address of an IPv6 router
1594so that it does not change when the network interface
1595card is replaced.
1596For example:
1597.Bd -literal
1598ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"
1599.Ed
1600.It Va ipv6_prefix_ Ns Aq Ar interface
1601.Pq Vt str
1602If one or more prefixes are defined in
1603.Va ipv6_prefix_ Ns Aq Ar interface
1604addresses based on each prefix and the EUI-64 interface index will be
1605configured on that interface.
1606Note that this variable will be ignored when
1607.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1608is empty.
1609.Pp
1610For example, the following configuration
1611.Bd -literal
1612ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0"
1613.Ed
1614.Pp
1615is equivalent to the following:
1616.Bd -literal
1617ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1618ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1619ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1620ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1621.Ed
1622.Pp
1623These Subnet-Router anycast addresses will be added only when
1624.Va ipv6_gateway_enable
1625is YES.
1626.It Va ipv6_default_interface
1627.Pq Vt str
1628If not set to
1629.Dq Li NO ,
1630this is the default output interface for scoped addresses.
1631This works only with ipv6_gateway_enable="NO".
1632.It Va ip6addrctl_enable
1633.Pq Vt bool
1634This variable is to enable configuring default address selection policy table
1635.Pq RFC 3484 .
1636The table can be specified in another variable
1637.Va ip6addrctl_policy .
1638For
1639.Va ip6addrctl_policy
1640the following keywords can be specified:
1641.Dq Li ipv4_prefer ,
1642.Dq Li ipv6_prefer ,
1643or
1644.Dq Li AUTO .
1645.Pp
1646If
1647.Dq Li ipv4_prefer
1648or
1649.Dq Li ipv6_prefer
1650is specified,
1651.Xr ip6addrctl 8
1652installs a pre-defined policy table described in Section 2.1
1653.Pq IPv6-preferred
1654or 10.3
1655.Pq IPv4-preferred
1656of RFC 3484.
1657.Pp
1658If
1659.Dq Li AUTO
1660is specified, it attempts to read a file
1661.Pa /etc/ip6addrctl.conf
1662first.
1663If this file is found,
1664.Xr ip6addrctl 8
1665reads and installs it.
1666If not found, a policy is automatically set
1667according to
1668.Va ipv6_activate_all_interfaces
1669variable; if the variable is set to
1670.Dq Li YES
1671the IPv6-preferred one is used.
1672Otherwise IPv4-preferred.
1673.Pp
1674The default value of
1675.Va ip6addrctl_enable
1676and
1677.Va ip6addrctl_policy
1678are
1679.Dq Li YES
1680and
1681.Dq Li AUTO ,
1682respectively.
1683.It Va cloned_interfaces
1684.Pq Vt str
1685Set to the list of clonable network interfaces to create on this host.
1686Further cloning arguments may be passed to the
1687.Xr ifconfig 8
1688.Cm create
1689command for each interface by setting the
1690.Va create_args_ Ns Aq Ar interface
1691variable.
1692If an interface name is specified with
1693.Dq :sticky
1694keyword,
1695the interface will not be destroyed even when
1696.Pa rc.d/netif
1697script is invoked with
1698.Dq stop
1699argument.
1700This is useful when reconfiguring the interface without destroying it.
1701Entries in
1702.Va cloned_interfaces
1703are automatically appended to
1704.Va network_interfaces
1705for configuration.
1706.It Va cloned_interfaces_sticky
1707.Pq Vt bool
1708This variable is to globally enable functionality of
1709.Dq :sticky
1710keyword in
1711.Va cloned_interfaces
1712for all interfaces.
1713The default value is
1714.Dq NO .
1715Even if this variable is specified to
1716.Dq YES ,
1717.Dq :nosticky
1718keyword can be used to override it on per interface basis.
1719.It Va gif_interfaces
1720.Pq Vt str
1721This variable is deprecated in favor of
1722.Va cloned_interfaces .
1723Set to the list of
1724.Xr gif 4
1725tunnel interfaces to configure on this host.
1726A
1727.Va gifconfig_ Ns Aq Ar interface
1728variable is assumed to exist for each value of
1729.Ar interface .
1730The value of this variable is used to configure the link layer of the
1731tunnel according to the syntax of the
1732.Cm tunnel
1733option to
1734.Xr ifconfig 8 .
1735Additionally, this option ensures that each listed interface is created
1736via the
1737.Cm create
1738option to
1739.Xr ifconfig 8
1740before attempting to configure it.
1741.It Va sppp_interfaces
1742.Pq Vt str
1743Set to the list of
1744.Xr sppp 4
1745interfaces to configure on this host.
1746A
1747.Va spppconfig_ Ns Aq Ar interface
1748variable is assumed to exist for each value of
1749.Ar interface .
1750Each interface should also be configured by a general
1751.Va ifconfig_ Ns Aq Ar interface
1752setting.
1753Refer to
1754.Xr spppcontrol 8
1755for more information about available options.
1756.It Va ppp_enable
1757.Pq Vt bool
1758If set to
1759.Dq Li YES ,
1760run the
1761.Xr ppp 8
1762daemon.
1763.It Va ppp_profile
1764.Pq Vt str
1765The name of the profile to use from
1766.Pa /etc/ppp/ppp.conf .
1767Also used for per-profile overrides of
1768.Va ppp_mode
1769and
1770.Va ppp_nat ,
1771and
1772.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1773When the profile name contains any of the characters
1774.Dq Li .-/+
1775they are translated to
1776.Dq Li _
1777for the proposes of the override variable names.
1778.It Va ppp_mode
1779.Pq Vt str
1780Mode in which to run the
1781.Xr ppp 8
1782daemon.
1783.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1784.Pq Vt str
1785Overrides the global
1786.Va ppp_mode
1787for
1788.Ar profile .
1789Accepted modes are
1790.Dq Li auto ,
1791.Dq Li ddial ,
1792.Dq Li direct
1793and
1794.Dq Li dedicated .
1795See the manual for a full description.
1796.It Va ppp_nat
1797.Pq Vt bool
1798If set to
1799.Dq Li YES ,
1800enables network address translation.
1801Used in conjunction with
1802.Va gateway_enable
1803allows hosts on private network addresses access to the Internet using
1804this host as a network address translating router.
1805.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1806.Pq Vt str
1807Overrides the global
1808.Va ppp_nat
1809for
1810.Ar profile .
1811.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
1812.Pq Vt int
1813Set the unit number to be used for this profile.
1814See the manual description of
1815.Fl unit Ns Ar N
1816for details.
1817.It Va ppp_user
1818.Pq Vt str
1819The name of the user under which
1820.Xr ppp 8
1821should be started.
1822By
1823default,
1824.Xr ppp 8
1825is started as
1826.Dq Li root .
1827.It Va rc_conf_files
1828.Pq Vt str
1829This option is used to specify a list of files that will override
1830the settings in
1831.Pa /etc/defaults/rc.conf .
1832The files will be read in the order in which they are specified and should
1833include the full path to the file.
1834By default, the files specified are
1835.Pa /etc/rc.conf
1836and
1837.Pa /etc/rc.conf.local
1838.It Va zfs_enable
1839.Pq Vt bool
1840If set to
1841.Dq Li YES ,
1842.Pa /etc/rc.d/zfs
1843will attempt to automatically mount ZFS file systems and initialize ZFS volumes
1844(ZVOLs).
1845.It Va gptboot_enable
1846.Pq Vt bool
1847If set to
1848.Dq Li YES ,
1849.Pa /etc/rc.d/gptboot
1850will log if the system successfully (or not) booted from a GPT partition,
1851which had the
1852.Ar bootonce
1853attribute set using
1854.Xr gpart 8
1855utility.
1856.It Va gbde_autoattach_all
1857.Pq Vt bool
1858If set to
1859.Dq Li YES ,
1860.Pa /etc/rc.d/gbde
1861will attempt to automatically initialize your .bde devices in
1862.Pa /etc/fstab .
1863.It Va gbde_devices
1864.Pq Vt str
1865List the devices that the script should try to attach,
1866or
1867.Dq Li AUTO .
1868.It Va gbde_lockdir
1869.Pq Vt str
1870The directory where the
1871.Xr gbde 4
1872lockfiles are located.
1873The default lockfile directory is
1874.Pa /etc .
1875.Pp
1876The lockfile for each individual
1877.Xr gbde 4
1878device can be overridden by setting the variable
1879.Va gbde_lock_ Ns Aq Ar device ,
1880where
1881.Ar device
1882is the encrypted device without the
1883.Dq Pa /dev/
1884and
1885.Dq Pa .bde
1886parts.
1887.It Va gbde_attach_attempts
1888.Pq Vt int
1889Number of times to attempt attaching to a
1890.Xr gbde 4
1891device, i.e., how many times the user is asked for the pass-phrase.
1892Default is 3.
1893.It Va geli_devices
1894.Pq Vt str
1895List of devices to automatically attach on boot.
1896Note that .eli devices from
1897.Pa /etc/fstab
1898are automatically appended to this list.
1899.It Va geli_tries
1900.Pq Vt int
1901Number of times user is asked for the pass-phrase.
1902If empty, it will be taken from
1903.Va kern.geom.eli.tries
1904sysctl variable.
1905.It Va geli_default_flags
1906.Pq Vt str
1907Default flags to use by
1908.Xr geli 8
1909when configuring disk encryption.
1910Flags can be configured for every device separately by defining
1911.Va geli_ Ns Ao Ar device Ac Ns Va _flags
1912variable.
1913.It Va geli_autodetach
1914.Pq Vt str
1915Specifies if GELI devices should be marked for detach on last close after
1916file systems are mounted.
1917Default is
1918.Dq Li YES .
1919This can be changed for every device separately by defining
1920.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
1921variable.
1922.It Va root_rw_mount
1923.Pq Vt bool
1924Set to
1925.Dq Li YES
1926by default.
1927After the file systems are checked at boot time, the root file system
1928is remounted as read-write if this is set to
1929.Dq Li YES .
1930Diskless systems that mount their root file system from a read-only remote
1931NFS share should set this to
1932.Dq Li NO
1933in their
1934.Pa rc.conf .
1935.It Va fsck_y_enable
1936.Pq Vt bool
1937If set to
1938.Dq Li YES ,
1939.Xr fsck 8
1940will be run with the
1941.Fl y
1942flag if the initial preen
1943of the file systems fails.
1944.It Va background_fsck
1945.Pq Vt bool
1946If set to
1947.Dq Li YES ,
1948the system will attempt to run
1949.Xr fsck 8
1950in the background where possible.
1951.It Va background_fsck_delay
1952.Pq Vt int
1953The amount of time in seconds to sleep before starting a background
1954.Xr fsck 8 .
1955It defaults to sixty seconds to allow large applications such as
1956the X server to start before disk I/O bandwidth is monopolized by
1957.Xr fsck 8 .
1958If set to a negative number, the background file system check will be
1959delayed indefinitely to allow the administrator to run it at a more
1960convenient time.
1961For example it may be run from
1962.Xr cron 8
1963by adding a line like
1964.Pp
1965.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
1966.Pp
1967to
1968.Pa /etc/crontab .
1969.It Va netfs_types
1970.Pq Vt str
1971List of file system types that are network-based.
1972This list should generally not be modified by end users.
1973Use
1974.Va extra_netfs_types
1975instead.
1976.It Va extra_netfs_types
1977.Pq Vt str
1978If set to something other than
1979.Dq Li NO
1980(the default),
1981this variable extends the list of file system types
1982for which automatic mounting at startup by
1983.Xr rc 8
1984should be delayed until the network is initialized.
1985It should contain
1986a whitespace-separated list of network file system descriptor pairs,
1987each consisting of a file system type as passed to
1988.Xr mount 8
1989and a human-readable, one-word description,
1990joined with a colon
1991.Pq Ql \&: .
1992Extending the default list in this way is only necessary
1993when third party file system types are used.
1994.It Va syslogd_enable
1995.Pq Vt bool
1996If set to
1997.Dq Li YES ,
1998run the
1999.Xr syslogd 8
2000daemon.
2001.It Va syslogd_program
2002.Pq Vt str
2003Path to
2004.Xr syslogd 8
2005(default
2006.Pa /usr/sbin/syslogd ) .
2007.It Va syslogd_flags
2008.Pq Vt str
2009If
2010.Va syslogd_enable
2011is set to
2012.Dq Li YES ,
2013these are the flags to pass to
2014.Xr syslogd 8 .
2015.It Va inetd_enable
2016.Pq Vt bool
2017If set to
2018.Dq Li YES ,
2019run the
2020.Xr inetd 8
2021daemon.
2022.It Va inetd_program
2023.Pq Vt str
2024Path to
2025.Xr inetd 8
2026(default
2027.Pa /usr/sbin/inetd ) .
2028.It Va inetd_flags
2029.Pq Vt str
2030If
2031.Va inetd_enable
2032is set to
2033.Dq Li YES ,
2034these are the flags to pass to
2035.Xr inetd 8 .
2036.It Va hastd_enable
2037.Pq Vt bool
2038If set to
2039.Dq Li YES ,
2040run the
2041.Xr hastd 8
2042daemon.
2043.It Va hastd_program
2044.Pq Vt str
2045Path to
2046.Xr hastd 8
2047(default
2048.Pa /sbin/hastd ) .
2049.It Va hastd_flags
2050.Pq Vt str
2051If
2052.Va hastd_enable
2053is set to
2054.Dq Li YES ,
2055these are the flags to pass to
2056.Xr hastd 8 .
2057.It Va local_unbound_enable
2058.Pq Vt bool
2059If set to
2060.Dq Li YES ,
2061run the
2062.Xr unbound 8
2063daemon as a local caching resolver.
2064.It Va kerberos5_server_enable
2065.Pq Vt bool
2066Set to
2067.Dq Li YES
2068to start a Kerberos 5 authentication server
2069at boot time.
2070.It Va kerberos5_server
2071.Pq Vt str
2072If
2073.Va kerberos5_server_enable
2074is set to
2075.Dq Li YES
2076this is the path to Kerberos 5 Authentication Server.
2077.It Va kerberos5_server_flags
2078.Pq Vt str
2079Empty by default.
2080This variable contains additional flags to be passed to the Kerberos 5
2081authentication server.
2082.It Va kadmind5_server_enable
2083.Pq Vt bool
2084Set to
2085.Dq Li YES
2086to start
2087.Xr kadmind 8 ,
2088the Kerberos 5 Administration Daemon; set to
2089.Dq Li NO
2090on a slave server.
2091.It Va kadmind5_server
2092.Pq Vt str
2093If
2094.Va kadmind5_server_enable
2095is set to
2096.Dq Li YES
2097this is the path to Kerberos 5 Administration Daemon.
2098.It Va kpasswdd_server_enable
2099.Pq Vt bool
2100Set to
2101.Dq Li YES
2102to start
2103.Xr kpasswdd 8 ,
2104the Kerberos 5 Password-Changing Daemon; set to
2105.Dq Li NO
2106on a slave server.
2107.It Va kpasswdd_server
2108.Pq Vt str
2109If
2110.Va kpasswdd_server_enable
2111is set to
2112.Dq Li YES
2113this is the path to Kerberos 5 Password-Changing Daemon.
2114.It Va kfd_enable
2115.Pq Vt bool
2116Set to
2117.Dq Li YES
2118to start
2119.Xr kfd 8 ,
2120the Kerberos 5 ticket forwarding daemon, at the boot time.
2121.It Va kfd_program
2122.Pq Vt str
2123Path to
2124.Xr kfd 8
2125(default
2126.Pa /usr/libexec/kfd ) .
2127.It Va rwhod_enable
2128.Pq Vt bool
2129If set to
2130.Dq Li YES ,
2131run the
2132.Xr rwhod 8
2133daemon at boot time.
2134.It Va rwhod_flags
2135.Pq Vt str
2136If
2137.Va rwhod_enable
2138is set to
2139.Dq Li YES ,
2140these are the flags to pass to it.
2141.It Va amd_enable
2142.Pq Vt bool
2143If set to
2144.Dq Li YES ,
2145run the
2146.Xr amd 8
2147daemon at boot time.
2148.It Va amd_flags
2149.Pq Vt str
2150If
2151.Va amd_enable
2152is set to
2153.Dq Li YES ,
2154these are the flags to pass to it.
2155See the
2156.Xr amd 8
2157manpage for more information.
2158.It Va amd_map_program
2159.Pq Vt str
2160If set,
2161the specified program is run to get the list of
2162.Xr amd 8
2163maps.
2164For example, if the
2165.Xr amd 8
2166maps are stored in NIS, one can set this to
2167run
2168.Xr ypcat 1
2169to get a list of
2170.Xr amd 8
2171maps from the
2172.Pa amd.master
2173NIS map.
2174.It Va update_motd
2175.Pq Vt bool
2176If set to
2177.Dq Li YES ,
2178.Pa /etc/motd
2179will be updated at boot time to reflect the kernel release
2180being run.
2181If set to
2182.Dq Li NO ,
2183.Pa /etc/motd
2184will not be updated.
2185.It Va nfs_client_enable
2186.Pq Vt bool
2187If set to
2188.Dq Li YES ,
2189run the NFS client daemons at boot time.
2190.It Va nfs_access_cache
2191.Pq Vt int
2192If
2193.Va nfs_client_enable
2194is set to
2195.Dq Li YES ,
2196this can be set to
2197.Dq Li 0
2198to disable NFS ACCESS RPC caching, or to the number of seconds for which
2199NFS ACCESS
2200results should be cached.
2201A value of 2-10 seconds will substantially reduce network
2202traffic for many NFS operations.
2203.It Va nfs_server_enable
2204.Pq Vt bool
2205If set to
2206.Dq Li YES ,
2207run the NFS server daemons at boot time.
2208.It Va nfs_server_flags
2209.Pq Vt str
2210If
2211.Va nfs_server_enable
2212is set to
2213.Dq Li YES ,
2214these are the flags to pass to the
2215.Xr nfsd 8
2216daemon.
2217.It Va nfsv4_server_enable
2218.Pq Vt bool
2219If
2220.Va nfs_server_enable
2221is set to
2222.Dq Li YES
2223and
2224.Va nfsv4_server_enable
2225are set to
2226.Dq Li YES ,
2227enable the server for NFSv4 as well as NFSv2 and NFSv3.
2228.It Va nfsuserd_enable
2229.Pq Vt bool
2230If
2231.Va nfsuserd_enable
2232is set to
2233.Dq Li YES ,
2234run the nfsuserd daemon, which is needed for NFSv4 in order
2235to map between user/group names vs uid/gid numbers.
2236If
2237.Va nfsv4_server_enable
2238is set to
2239.Dq Li YES ,
2240this will be forced enabled.
2241.It Va nfsuserd_flags
2242.Pq Vt str
2243If
2244.Va nfsuserd_enable
2245is set to
2246.Dq Li YES ,
2247these are the flags to pass to the
2248.Xr nfsuserd 8
2249daemon.
2250.It Va nfscbd_enable
2251.Pq Vt bool
2252If
2253.Va nfscbd_enable
2254is set to
2255.Dq Li YES ,
2256run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2257.It Va nfscbd_flags
2258.Pq Vt str
2259If
2260.Va nfscbd_enable
2261is set to
2262.Dq Li YES ,
2263these are the flags to pass to the
2264.Xr nfscbd 8
2265daemon.
2266.It Va oldnfs_server_enable
2267.Pq Vt bool
2268If
2269.Va oldnfs_server_enable
2270is set to
2271.Dq Li YES ,
2272force the NFS server daemons to run the old NFS server code
2273that does not support NFSv4.
2274.It Va mountd_enable
2275.Pq Vt bool
2276If set to
2277.Dq Li YES ,
2278and no
2279.Va nfs_server_enable
2280is set, start
2281.Xr mountd 8 ,
2282but not
2283.Xr nfsd 8
2284daemon.
2285It is commonly needed to run CFS without real NFS used.
2286.It Va mountd_flags
2287.Pq Vt str
2288If
2289.Va mountd_enable
2290is set to
2291.Dq Li YES ,
2292these are the flags to pass to the
2293.Xr mountd 8
2294daemon.
2295.It Va weak_mountd_authentication
2296.Pq Vt bool
2297If set to
2298.Dq Li YES ,
2299allow services like PCNFSD to make non-privileged mount
2300requests.
2301.It Va nfs_reserved_port_only
2302.Pq Vt bool
2303If set to
2304.Dq Li YES ,
2305provide NFS services only on a secure port.
2306.It Va nfs_bufpackets
2307.Pq Vt int
2308If set to a number, indicates the number of packets worth of
2309socket buffer space to reserve on an NFS client.
2310The kernel default is typically 4.
2311Using a higher number may be
2312useful on gigabit networks to improve performance.
2313The minimum value is
23142 and the maximum is 64.
2315.It Va rpc_lockd_enable
2316.Pq Vt bool
2317If set to
2318.Dq Li YES
2319and also an NFS server or client, run
2320.Xr rpc.lockd 8
2321at boot time.
2322.It Va rpc_lockd_flags
2323.Pq Vt str
2324If
2325.Va rpc_lockd_enable
2326is set to
2327.Dq Li YES ,
2328these are the flags to pass to the
2329.Xr rpc.lockd 8
2330daemon.
2331.It Va rpc_statd_enable
2332.Pq Vt bool
2333If set to
2334.Dq Li YES
2335and also an NFS server or client, run
2336.Xr rpc.statd 8
2337at boot time.
2338.It Va rpc_statd_flags
2339.Pq Vt str
2340If
2341.Va rpc_statd_enable
2342is set to
2343.Dq Li YES ,
2344these are the flags to pass to the
2345.Xr rpc.statd 8
2346daemon.
2347.It Va rpcbind_program
2348.Pq Vt str
2349Path to
2350.Xr rpcbind 8
2351(default
2352.Pa /usr/sbin/rpcbind ) .
2353.It Va rpcbind_enable
2354.Pq Vt bool
2355If set to
2356.Dq Li YES ,
2357run the
2358.Xr rpcbind 8
2359service at boot time.
2360.It Va rpcbind_flags
2361.Pq Vt str
2362If
2363.Va rpcbind_enable
2364is set to
2365.Dq Li YES ,
2366these are the flags to pass to the
2367.Xr rpcbind 8
2368daemon.
2369.It Va keyserv_enable
2370.Pq Vt bool
2371If set to
2372.Dq Li YES ,
2373run the
2374.Xr keyserv 8
2375daemon on boot for running Secure RPC.
2376.It Va keyserv_flags
2377.Pq Vt str
2378If
2379.Va keyserv_enable
2380is set to
2381.Dq Li YES ,
2382these are the flags to pass to
2383.Xr keyserv 8
2384daemon.
2385.It Va pppoed_enable
2386.Pq Vt bool
2387If set to
2388.Dq Li YES ,
2389run the
2390.Xr pppoed 8
2391daemon at boot time to provide PPP over Ethernet services.
2392.It Va pppoed_ Ns Aq Ar provider
2393.Pq Vt str
2394.Xr pppoed 8
2395listens to requests to this
2396.Ar provider
2397and ultimately runs
2398.Xr ppp 8
2399with a
2400.Ar system
2401argument of the same name.
2402.It Va pppoed_flags
2403.Pq Vt str
2404Additional flags to pass to
2405.Xr pppoed 8 .
2406.It Va pppoed_interface
2407.Pq Vt str
2408The network interface to run
2409.Xr pppoed 8
2410on.
2411This is mandatory when
2412.Va pppoed_enable
2413is set to
2414.Dq Li YES .
2415.It Va timed_enable
2416.Pq Vt bool
2417If set to
2418.Dq Li YES ,
2419run the
2420.Xr timed 8
2421service at boot time.
2422This command is intended for networks of
2423machines where a consistent
2424.Dq "network time"
2425for all hosts must be established.
2426This is often useful in large NFS
2427environments where time stamps on files are expected to be consistent
2428network-wide.
2429.It Va timed_flags
2430.Pq Vt str
2431If
2432.Va timed_enable
2433is set to
2434.Dq Li YES ,
2435these are the flags to pass to the
2436.Xr timed 8
2437service.
2438.It Va ntpdate_enable
2439.Pq Vt bool
2440If set to
2441.Dq Li YES ,
2442run
2443.Xr ntpdate 8
2444at system startup.
2445This command is intended to
2446synchronize the system clock only
2447.Em once
2448from some standard reference.
2449.It Va ntpdate_config
2450.Pq Vt str
2451Configuration file for
2452.Xr ntpdate 8 .
2453Default
2454.Pa /etc/ntp.conf .
2455.It Va ntpdate_hosts
2456.Pq Vt str
2457A whitespace-separated list of NTP servers to synchronize with at startup.
2458The default is to use the servers listed in
2459.Va ntpdate_config ,
2460if that file exists.
2461.It Va ntpdate_program
2462.Pq Vt str
2463Path to
2464.Xr ntpdate 8
2465(default
2466.Pa /usr/sbin/ntpdate ) .
2467.It Va ntpdate_flags
2468.Pq Vt str
2469If
2470.Va ntpdate_enable
2471is set to
2472.Dq Li YES ,
2473these are the flags to pass to the
2474.Xr ntpdate 8
2475command (typically a hostname).
2476.It Va ntpd_enable
2477.Pq Vt bool
2478If set to
2479.Dq Li YES ,
2480run the
2481.Xr ntpd 8
2482command at boot time.
2483.It Va ntpd_program
2484.Pq Vt str
2485Path to
2486.Xr ntpd 8
2487(default
2488.Pa /usr/sbin/ntpd ) .
2489.It Va ntpd_config
2490.Pq Vt str
2491Path to
2492.Xr ntpd 8
2493configuration file.
2494Default
2495.Pa /etc/ntp.conf .
2496.It Va ntpd_flags
2497.Pq Vt str
2498If
2499.Va ntpd_enable
2500is set to
2501.Dq Li YES ,
2502these are the flags to pass to the
2503.Xr ntpd 8
2504daemon.
2505.It Va ntpd_sync_on_start
2506.Pq Vt bool
2507If set to
2508.Dq Li YES ,
2509.Xr ntpd 8
2510is run with the
2511.Fl g
2512flag, which syncs the system's clock on startup.
2513See
2514.Xr ntpd 8
2515for more information regarding the
2516.Fl g
2517option.
2518This is a preferred alternative to using
2519.Xr ntpdate 8
2520or specifying the
2521.Va ntpdate_enable
2522variable.
2523.It Va nis_client_enable
2524.Pq Vt bool
2525If set to
2526.Dq Li YES ,
2527run the
2528.Xr ypbind 8
2529service at system boot time.
2530.It Va nis_client_flags
2531.Pq Vt str
2532If
2533.Va nis_client_enable
2534is set to
2535.Dq Li YES ,
2536these are the flags to pass to the
2537.Xr ypbind 8
2538service.
2539.It Va nis_ypset_enable
2540.Pq Vt bool
2541If set to
2542.Dq Li YES ,
2543run the
2544.Xr ypset 8
2545daemon at system boot time.
2546.It Va nis_ypset_flags
2547.Pq Vt str
2548If
2549.Va nis_ypset_enable
2550is set to
2551.Dq Li YES ,
2552these are the flags to pass to the
2553.Xr ypset 8
2554daemon.
2555.It Va nis_server_enable
2556.Pq Vt bool
2557If set to
2558.Dq Li YES ,
2559run the
2560.Xr ypserv 8
2561daemon at system boot time.
2562.It Va nis_server_flags
2563.Pq Vt str
2564If
2565.Va nis_server_enable
2566is set to
2567.Dq Li YES ,
2568these are the flags to pass to the
2569.Xr ypserv 8
2570daemon.
2571.It Va nis_ypxfrd_enable
2572.Pq Vt bool
2573If set to
2574.Dq Li YES ,
2575run the
2576.Xr rpc.ypxfrd 8
2577daemon at system boot time.
2578.It Va nis_ypxfrd_flags
2579.Pq Vt str
2580If
2581.Va nis_ypxfrd_enable
2582is set to
2583.Dq Li YES ,
2584these are the flags to pass to the
2585.Xr rpc.ypxfrd 8
2586daemon.
2587.It Va nis_yppasswdd_enable
2588.Pq Vt bool
2589If set to
2590.Dq Li YES ,
2591run the
2592.Xr rpc.yppasswdd 8
2593daemon at system boot time.
2594.It Va nis_yppasswdd_flags
2595.Pq Vt str
2596If
2597.Va nis_yppasswdd_enable
2598is set to
2599.Dq Li YES ,
2600these are the flags to pass to the
2601.Xr rpc.yppasswdd 8
2602daemon.
2603.It Va rpc_ypupdated_enable
2604.Pq Vt bool
2605If set to
2606.Dq Li YES ,
2607run the
2608.Nm rpc.ypupdated
2609daemon at system boot time.
2610.It Va bsnmpd_enable
2611.Pq Vt bool
2612If set to
2613.Dq Li YES ,
2614run the
2615.Xr bsnmpd 1
2616daemon at system boot time.
2617Be sure to understand the security implications of running SNMP daemon
2618on your host.
2619.It Va bsnmpd_flags
2620.Pq Vt str
2621If
2622.Va bsnmpd_enable
2623is set to
2624.Dq Li YES ,
2625these are the flags to pass to the
2626.Xr bsnmpd 1
2627daemon.
2628.It Va defaultrouter
2629.Pq Vt str
2630If not set to
2631.Dq Li NO ,
2632create a default route to this host name or IP address
2633(use an IP address if this router is also required to get to the
2634name server!).
2635.It Va ipv6_defaultrouter
2636.Pq Vt str
2637The IPv6 equivalent of
2638.Va defaultrouter .
2639.It Va static_arp_pairs
2640.Pq Vt str
2641Set to the list of static ARP pairs that are to be added at system
2642boot time.
2643For each whitespace separated
2644.Ar element
2645in the value, a
2646.Va static_arp_ Ns Aq Ar element
2647variable is assumed to exist whose contents will later be passed to a
2648.Dq Nm arp Cm -S
2649operation.
2650For example
2651.Bd -literal
2652static_arp_pairs="gw"
2653static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2654.Ed
2655.It Va static_ndp_pairs
2656.Pq Vt str
2657Set to the list of static NDP pairs that are to be added at system
2658boot time.
2659For each whitespace separated
2660.Ar element
2661in the value, a
2662.Va static_ndp_ Ns Aq Ar element
2663variable is assumed to exist whose contents will later be passed to a
2664.Dq Nm ndp Cm -s
2665operation.
2666For example
2667.Bd -literal
2668static_ndp_pairs="gw"
2669static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2670.Ed
2671.It Va static_routes
2672.Pq Vt str
2673Set to the list of static routes that are to be added at system
2674boot time.
2675If not set to
2676.Dq Li NO
2677then for each whitespace separated
2678.Ar element
2679in the value, a
2680.Va route_ Ns Aq Ar element
2681variable is assumed to exist
2682whose contents will later be passed to a
2683.Dq Nm route Cm add
2684operation.
2685For example:
2686.Bd -literal
2687static_routes="ext mcast:gif0 gif0local:gif0"
2688route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2689route_mcast="-net 224.0.0.0/4 -iface gif0"
2690route_gif0local="-host 169.254.1.1 -iface lo0"
2691.Ed
2692.Pp
2693When an
2694.Ar element
2695is in the form of
2696.Li name:ifname ,
2697the route is specific to the interface
2698.Li ifname .
2699.It Va ipv6_static_routes
2700.Pq Vt str
2701The IPv6 equivalent of
2702.Va static_routes .
2703If not set to
2704.Dq Li NO
2705then for each whitespace separated
2706.Ar element
2707in the value, a
2708.Va ipv6_route_ Ns Aq Ar element
2709variable is assumed to exist
2710whose contents will later be passed to a
2711.Dq Nm route Cm add Fl inet6
2712operation.
2713.It Va natm_static_routes
2714.Pq Vt str
2715The
2716.Xr natmip 4
2717equivalent of
2718.Va static_routes .
2719If not empty then for each whitespace separated
2720.Ar element
2721in the value, a
2722.Va route_ Ns Aq Ar element
2723variable is assumed to exist whose contents will later be passed to a
2724.Dq Nm atmconfig Cm natm Cm add
2725operation.
2726.It Va gateway_enable
2727.Pq Vt bool
2728If set to
2729.Dq Li YES ,
2730configure host to act as an IP router, e.g.\& to forward packets
2731between interfaces.
2732.It Va ipv6_gateway_enable
2733.Pq Vt bool
2734The IPv6 equivalent of
2735.Va gateway_enable .
2736.It Va routed_enable
2737.Pq Vt bool
2738If set to
2739.Dq Li YES ,
2740run a routing daemon of some sort, based on the
2741settings of
2742.Va routed_program
2743and
2744.Va routed_flags .
2745.It Va route6d_enable
2746.Pq Vt bool
2747The IPv6 equivalent of
2748.Va routed_enable .
2749If set to
2750.Dq Li YES ,
2751run a routing daemon of some sort, based on the
2752settings of
2753.Va route6d_program
2754and
2755.Va route6d_flags .
2756.It Va routed_program
2757.Pq Vt str
2758If
2759.Va routed_enable
2760is set to
2761.Dq Li YES ,
2762this is the name of the routing daemon to use.
2763.It Va route6d_program
2764.Pq Vt str
2765The IPv6 equivalent of
2766.Va routed_program .
2767.It Va routed_flags
2768.Pq Vt str
2769If
2770.Va routed_enable
2771is set to
2772.Dq Li YES ,
2773these are the flags to pass to the routing daemon.
2774.It Va route6d_flags
2775.Pq Vt str
2776The IPv6 equivalent of
2777.Va routed_flags .
2778.It Va mrouted_enable
2779.Pq Vt bool
2780If set to
2781.Dq Li YES ,
2782run the multicast routing daemon,
2783.Xr mrouted 8 .
2784.It Va mroute6d_enable
2785.Pq Vt bool
2786The IPv6 equivalent of
2787.Va mrouted_enable .
2788If set to
2789.Dq Li YES ,
2790run the IPv6 multicast routing daemon.
2791.Pp
2792Note that multicast routing daemons are no longer included in the
2793.Fx
2794base system, however, both
2795.Xr mrouted 8
2796and
2797.Xr pim6dd 8
2798may be installed from the
2799.Fx
2800Ports Collection.
2801.It Va mrouted_flags
2802.Pq Vt str
2803If
2804.Va mrouted_enable
2805is set to
2806.Dq Li YES ,
2807these are the flags to pass to the
2808.Xr mrouted 8
2809daemon.
2810.It Va mroute6d_flags
2811.Pq Vt str
2812The IPv6 equivalent of
2813.Va mrouted_flags .
2814If
2815.Va mroute6d_enable
2816is set to
2817.Dq Li YES ,
2818these are the flags passed to the IPv6 multicast routing daemon.
2819.It Va mroute6d_program
2820.Pq Vt str
2821If
2822.Va mroute6d_enable
2823is set to
2824.Dq Li YES ,
2825this is the path to the IPv6 multicast routing daemon.
2826.It Va rtadvd_enable
2827.Pq Vt bool
2828If set to
2829.Dq Li YES ,
2830run the
2831.Xr rtadvd 8
2832daemon at boot time.
2833The
2834.Xr rtadvd 8
2835utility sends ICMPv6 Router Advertisement messages to
2836the interfaces specified in
2837.Va rtadvd_interfaces .
2838This should only be enabled with great care.
2839You may want to fine-tune
2840.Xr rtadvd.conf 5 .
2841.It Va rtadvd_interfaces
2842.Pq Vt str
2843If
2844.Va rtadvd_enable
2845is set to
2846.Dq Li YES
2847this is the list of interfaces to use.
2848.It Va arpproxy_all
2849.Pq Vt bool
2850If set to
2851.Dq Li YES ,
2852enable global proxy ARP.
2853.It Va forward_sourceroute
2854.Pq Vt bool
2855If set to
2856.Dq Li YES
2857and
2858.Va gateway_enable
2859is also set to
2860.Dq Li YES ,
2861source-routed packets are forwarded.
2862.It Va accept_sourceroute
2863.Pq Vt bool
2864If set to
2865.Dq Li YES ,
2866the system will accept source-routed packets directed at it.
2867.It Va rarpd_enable
2868.Pq Vt bool
2869If set to
2870.Dq Li YES ,
2871run the
2872.Xr rarpd 8
2873daemon at system boot time.
2874.It Va rarpd_flags
2875.Pq Vt str
2876If
2877.Va rarpd_enable
2878is set to
2879.Dq Li YES ,
2880these are the flags to pass to the
2881.Xr rarpd 8
2882daemon.
2883.It Va bootparamd_enable
2884.Pq Vt bool
2885If set to
2886.Dq Li YES ,
2887run the
2888.Xr bootparamd 8
2889daemon at system boot time.
2890.It Va bootparamd_flags
2891.Pq Vt str
2892If
2893.Va bootparamd_enable
2894is set to
2895.Dq Li YES ,
2896these are the flags to pass to the
2897.Xr bootparamd 8
2898daemon.
2899.It Va stf_interface_ipv4addr
2900.Pq Vt str
2901If not set to
2902.Dq Li NO ,
2903this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
2904interface).
2905Specify this entry to enable the 6to4 interface.
2906.It Va stf_interface_ipv4plen
2907.Pq Vt int
2908Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2909An effective value is 0-31.
2910.It Va stf_interface_ipv6_ifid
2911.Pq Vt str
2912IPv6 interface ID for
2913.Xr stf 4 .
2914This can be set to
2915.Dq Li AUTO .
2916.It Va stf_interface_ipv6_slaid
2917.Pq Vt str
2918IPv6 Site Level Aggregator for
2919.Xr stf 4 .
2920.It Va ipv6_faith_prefix
2921.Pq Vt str
2922If not set to
2923.Dq Li NO ,
2924this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2925translator.
2926You also need
2927.Xr faithd 8
2928setup.
2929.It Va ipv6_ipv4mapping
2930.Pq Vt bool
2931If set to
2932.Dq Li YES
2933this enables IPv4 mapped IPv6 address communication (like
2934.Li ::ffff:a.b.c.d ) .
2935.It Va rtsold_enable
2936.Pq Vt bool
2937Set to
2938.Dq Li YES
2939to enable the
2940.Xr rtsold 8
2941daemon to send ICMPv6 Router Solicitation messages.
2942.It Va rtsold_flags
2943.Pq Vt str
2944If
2945.Va rtsold_enable
2946is set to
2947.Dq Li YES ,
2948these are the flags to pass to
2949.Xr rtsold 8 .
2950.It Va rtsol_flags
2951.Pq Vt str
2952For interfaces configured with the
2953.Dq Li inet6 accept_rtadv
2954keyword, these are the flags to pass to
2955.Xr rtsol 8 .
2956.Pp
2957Note that
2958.Va rtsold_enable
2959is mutually exclusive to
2960.Va rtsol_flags ;
2961.Va rtsold_enable
2962takes precedence.
2963.It Va atm_enable
2964.Pq Vt bool
2965Set to
2966.Dq Li YES
2967to enable the configuration of ATM interfaces at system boot time.
2968For all of the ATM variables described below, please refer to the
2969.Xr atm 8
2970manual page for further details on the available command parameters.
2971Also refer to the files in
2972.Pa /usr/share/examples/atm
2973for more detailed configuration information.
2974.It Va atm_load
2975.Pq Vt str
2976This is a list of physical ATM interface drivers to load.
2977Typical values are
2978.Dq Li hfa_pci
2979and/or
2980.Dq Li hea_pci .
2981.It Va atm_netif_ Ns Aq Ar intf
2982.Pq Vt str
2983For the ATM physical interface
2984.Ar intf ,
2985this variable defines the name prefix and count for the ATM network
2986interfaces to be created.
2987The value will be passed as the parameters of an
2988.Dq Nm atm Cm "set netif" Ar intf
2989command.
2990.It Va atm_sigmgr_ Ns Aq Ar intf
2991.Pq Vt str
2992For the ATM physical interface
2993.Ar intf ,
2994this variable defines the ATM signalling manager to be used.
2995The value will be passed as the parameters of an
2996.Dq Nm atm Cm attach Ar intf
2997command.
2998.It Va atm_prefix_ Ns Aq Ar intf
2999.Pq Vt str
3000For the ATM physical interface
3001.Ar intf ,
3002this variable defines the NSAP prefix for interfaces using a UNI signalling
3003manager.
3004If set to
3005.Dq Li ILMI ,
3006the prefix will automatically be set via the
3007.Xr ilmid 8
3008daemon.
3009Otherwise, the value will be passed as the parameters of an
3010.Dq Nm atm Cm "set prefix" Ar intf
3011command.
3012.It Va atm_macaddr_ Ns Aq Ar intf
3013.Pq Vt str
3014For the ATM physical interface
3015.Ar intf ,
3016this variable defines the MAC address for interfaces using a UNI signalling
3017manager.
3018If set to
3019.Dq Li NO ,
3020the hardware MAC address contained in the ATM interface card will be used.
3021Otherwise, the value will be passed as the parameters of an
3022.Dq Nm atm Cm "set mac" Ar intf
3023command.
3024.It Va atm_arpserver_ Ns Aq Ar netif
3025.Pq Vt str
3026For the ATM network interface
3027.Ar netif ,
3028this variable defines the ATM address for a host which is to provide ATMARP
3029service.
3030This variable is only applicable to interfaces using a UNI signalling
3031manager.
3032If set to
3033.Dq Li local ,
3034this host will become an ATMARP server.
3035The value will be passed as the parameters of an
3036.Dq Nm atm Cm "set arpserver" Ar netif
3037command.
3038.It Va atm_scsparp_ Ns Aq Ar netif
3039.Pq Vt bool
3040If set to
3041.Dq Li YES ,
3042SCSP/ATMARP service for the network interface
3043.Ar netif
3044will be initiated using the
3045.Xr scspd 8
3046and
3047.Xr atmarpd 8
3048daemons.
3049This variable is only applicable if
3050.Va atm_arpserver_ Ns Aq Ar netif
3051is set to
3052.Dq Li local .
3053.It Va atm_pvcs
3054.Pq Vt str
3055Set to the list of ATM PVCs to be added at system
3056boot time.
3057For each whitespace separated
3058.Ar element
3059in the value, an
3060.Va atm_pvc_ Ns Aq Ar element
3061variable is assumed to exist.
3062The value of each of these variables
3063will be passed as the parameters of an
3064.Dq Nm atm Cm "add pvc"
3065command.
3066.It Va atm_arps
3067.Pq Vt str
3068Set to the list of permanent ATM ARP entries to be added
3069at system boot time.
3070For each whitespace separated
3071.Ar element
3072in the value, an
3073.Va atm_arp_ Ns Aq Ar element
3074variable is assumed to exist.
3075The value of each of these variables
3076will be passed as the parameters of an
3077.Dq Nm atm Cm "add arp"
3078command.
3079.It Va natm_interfaces
3080.Pq Vt str
3081Set to the list of
3082.Xr natm 4
3083interfaces that will also be used for HARP through
3084.Xr harp 4 .
3085If this list is not empty all interfaces in the list will be brought up
3086with
3087.Xr ifconfig 8
3088and
3089.Xr harp 4
3090will be loaded.
3091For this to work the interface drivers must be either compiled into the
3092kernel or must reside on the root partition.
3093.It Va keybell
3094.Pq Vt str
3095The keyboard bell sound.
3096Set to
3097.Dq Li normal ,
3098.Dq Li visual ,
3099.Dq Li off ,
3100or
3101.Dq Li NO
3102if the default behavior is desired.
3103For details, refer to the
3104.Xr kbdcontrol 1
3105manpage.
3106.It Va keyboard
3107.Pq Vt str
3108If set to a non-null string, the virtual console's keyboard input is
3109set to this device.
3110.It Va keymap
3111.Pq Vt str
3112If set to
3113.Dq Li NO ,
3114no keymap is installed, otherwise the value is used to install
3115the keymap file in
3116.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
3117.It Va keyrate
3118.Pq Vt str
3119The keyboard repeat speed.
3120Set to
3121.Dq Li slow ,
3122.Dq Li normal ,
3123.Dq Li fast ,
3124or
3125.Dq Li NO
3126if the default behavior is desired.
3127.It Va keychange
3128.Pq Vt str
3129If not set to
3130.Dq Li NO ,
3131attempt to program the function keys with the value.
3132The value should
3133be a single string of the form:
3134.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3135.It Va cursor
3136.Pq Vt str
3137Can be set to the value of
3138.Dq Li normal ,
3139.Dq Li blink ,
3140.Dq Li destructive ,
3141or
3142.Dq Li NO
3143to set the cursor behavior explicitly or choose the default behavior.
3144.It Va scrnmap
3145.Pq Vt str
3146If set to
3147.Dq Li NO ,
3148no screen map is installed, otherwise the value is used to install
3149the screen map file in
3150.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3151.It Va font8x16
3152.Pq Vt str
3153If set to
3154.Dq Li NO ,
3155the default 8x16 font value is used for screen size requests, otherwise
3156the value in
3157.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3158is used.
3159.It Va font8x14
3160.Pq Vt str
3161If set to
3162.Dq Li NO ,
3163the default 8x14 font value is used for screen size requests, otherwise
3164the value in
3165.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3166is used.
3167.It Va font8x8
3168.Pq Vt str
3169If set to
3170.Dq Li NO ,
3171the default 8x8 font value is used for screen size requests, otherwise
3172the value in
3173.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3174is used.
3175.It Va blanktime
3176.Pq Vt int
3177If set to
3178.Dq Li NO ,
3179the default screen blanking interval is used, otherwise it is set
3180to
3181.Ar value
3182seconds.
3183.It Va saver
3184.Pq Vt str
3185If not set to
3186.Dq Li NO ,
3187this is the actual screen saver to use
3188.Li ( blank , snake , daemon ,
3189etc).
3190.It Va moused_nondefault_enable
3191.Pq Vt str
3192If set to
3193.Dq Li NO ,
3194the mouse device specified on
3195the command line is not automatically treated as enabled by the
3196.Pa /etc/rc.d/moused
3197script.
3198Having this variable set to
3199.Dq Li YES
3200allows a
3201.Xr usb 4
3202mouse,
3203for example,
3204to be enabled as soon as it is plugged in.
3205.It Va moused_enable
3206.Pq Vt str
3207If set to
3208.Dq Li YES ,
3209the
3210.Xr moused 8
3211daemon is started for doing cut/paste selection on the console.
3212.It Va moused_type
3213.Pq Vt str
3214This is the protocol type of the mouse connected to this host.
3215This variable must be set if
3216.Va moused_enable
3217is set to
3218.Dq Li YES .
3219The
3220.Xr moused 8
3221daemon
3222is able to detect the appropriate mouse type automatically in many cases.
3223Set this variable to
3224.Dq Li auto
3225to let the daemon detect it, or
3226select one from the following list if the automatic detection fails.
3227.Pp
3228If the mouse is attached to the PS/2 mouse port, choose
3229.Dq Li auto
3230or
3231.Dq Li ps/2 ,
3232regardless of the brand and model of the mouse.
3233Likewise, if the
3234mouse is attached to the bus mouse port, choose
3235.Dq Li auto
3236or
3237.Dq Li busmouse .
3238All other protocols are for serial mice and will not work with
3239the PS/2 and bus mice.
3240If this is a USB mouse,
3241.Dq Li auto
3242is the only protocol type which will work.
3243.Pp
3244.Bl -tag -width ".Li x10mouseremote" -compact
3245.It Li microsoft
3246Microsoft mouse (serial)
3247.It Li intellimouse
3248Microsoft IntelliMouse (serial)
3249.It Li mousesystems
3250Mouse systems Corp.\& mouse (serial)
3251.It Li mmseries
3252MM Series mouse (serial)
3253.It Li logitech
3254Logitech mouse (serial)
3255.It Li busmouse
3256A bus mouse
3257.It Li mouseman
3258Logitech MouseMan and TrackMan (serial)
3259.It Li glidepoint
3260ALPS GlidePoint (serial)
3261.It Li thinkingmouse
3262Kensington ThinkingMouse (serial)
3263.It Li ps/2
3264PS/2 mouse
3265.It Li mmhittab
3266MM HitTablet (serial)
3267.It Li x10mouseremote
3268X10 MouseRemote (serial)
3269.It Li versapad
3270Interlink VersaPad (serial)
3271.El
3272.Pp
3273Even if the mouse is not in the above list, it may be compatible
3274with one in the list.
3275Refer to the manual page for
3276.Xr moused 8
3277for compatibility information.
3278.Pp
3279It should also be noted that while this is enabled, any
3280other client of the mouse (such as an X server) should access
3281the mouse through the virtual mouse device,
3282.Pa /dev/sysmouse ,
3283and configure it as a
3284.Dq Li sysmouse
3285type mouse, since all
3286mouse data is converted to this single canonical format when
3287using
3288.Xr moused 8 .
3289If the client program does not support the
3290.Dq Li sysmouse
3291type,
3292specify the
3293.Dq Li mousesystems
3294type.
3295It is the second preferred type.
3296.It Va moused_port
3297.Pq Vt str
3298If
3299.Va moused_enable
3300is set to
3301.Dq Li YES ,
3302this is the actual port the mouse is on.
3303It might be
3304.Pa /dev/cuau0
3305for a COM1 serial mouse,
3306.Pa /dev/psm0
3307for a PS/2 mouse or
3308.Pa /dev/mse0
3309for a bus mouse, for example.
3310.It Va moused_flags
3311.Pq Vt str
3312If
3313.Va moused_flags
3314is set, its value is used as an additional set of flags to pass to the
3315.Xr moused 8
3316daemon.
3317.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3318When
3319.Va moused_nondefault_enable
3320is enabled, and a
3321.Xr moused 8
3322daemon is started for a non-default port, the
3323.Va "moused_" Ns Ar XXX Ns Va "_flags"
3324set of options has precedence over and replaces the default
3325.Va moused_flags
3326(where
3327.Ar XXX
3328is the name of the non-default port, i.e.,\&
3329.Ar ums0 ) .
3330By setting
3331.Va "moused_" Ns Ar XXX Ns Va "_flags"
3332it is possible to set up a different set of default flags for each
3333.Xr moused 8
3334instance.
3335For example, you can use
3336.Dq Li "-3"
3337for the default
3338.Va moused_flags
3339to make your laptop's touchpad more comfortable to use,
3340but an empty set of options for
3341.Va moused_ums0_flags
3342when your
3343.Xr usb 4
3344mouse has three or more buttons.
3345.It Va mousechar_start
3346.Pq Vt int
3347If set to
3348.Dq Li NO ,
3349the default mouse cursor character range
3350.Li 0xd0 Ns - Ns Li 0xd3
3351is used,
3352otherwise the range start is set
3353to
3354.Ar value
3355character, see
3356.Xr vidcontrol 1 .
3357Use if the default range is occupied in the language code table.
3358.It Va allscreens_flags
3359.Pq Vt str
3360If set,
3361.Xr vidcontrol 1
3362is run with these options for each of the virtual terminals
3363.Pq Pa /dev/ttyv* .
3364For example,
3365.Dq Fl m Cm on
3366will enable the mouse pointer on all virtual terminals
3367if
3368.Va moused_enable
3369is set to
3370.Dq Li YES .
3371.It Va allscreens_kbdflags
3372.Pq Vt str
3373If set,
3374.Xr kbdcontrol 1
3375is run with these options for each of the virtual terminals
3376.Pq Pa /dev/ttyv* .
3377For example,
3378.Dq Fl h Li 200
3379will set the
3380.Xr syscons 4
3381scrollback (history) buffer to 200 lines.
3382.It Va cron_enable
3383.Pq Vt bool
3384If set to
3385.Dq Li YES ,
3386run the
3387.Xr cron 8
3388daemon at system boot time.
3389.It Va cron_program
3390.Pq Vt str
3391Path to
3392.Xr cron 8
3393(default
3394.Pa /usr/sbin/cron ) .
3395.It Va cron_flags
3396.Pq Vt str
3397If
3398.Va cron_enable
3399is set to
3400.Dq Li YES ,
3401these are the flags to pass to
3402.Xr cron 8 .
3403.It Va cron_dst
3404.Pq Vt bool
3405If set to
3406.Dq Li YES ,
3407enable the special handling of transitions to and from the
3408Daylight Saving Time in
3409.Xr cron 8
3410(equivalent to using the flag
3411.Fl s ) .
3412.It Va lpd_program
3413.Pq Vt str
3414Path to
3415.Xr lpd 8
3416(default
3417.Pa /usr/sbin/lpd ) .
3418.It Va lpd_enable
3419.Pq Vt bool
3420If set to
3421.Dq Li YES ,
3422run the
3423.Xr lpd 8
3424daemon at system boot time.
3425.It Va lpd_flags
3426.Pq Vt str
3427If
3428.Va lpd_enable
3429is set to
3430.Dq Li YES ,
3431these are the flags to pass to the
3432.Xr lpd 8
3433daemon.
3434.It Va chkprintcap_enable
3435.Pq Vt bool
3436If set to
3437.Dq Li YES ,
3438run the
3439.Xr chkprintcap 8
3440command before starting the
3441.Xr lpd 8
3442daemon.
3443.It Va chkprintcap_flags
3444.Pq Vt str
3445If
3446.Va lpd_enable
3447and
3448.Va chkprintcap_enable
3449are set to
3450.Dq Li YES ,
3451these are the flags to pass to the
3452.Xr chkprintcap 8
3453program.
3454The default is
3455.Dq Li -d ,
3456which causes missing directories to be created.
3457.It Va mta_start_script
3458.Pq Vt str
3459This variable specifies the full path to the script to run to start
3460a mail transfer agent.
3461The default is
3462.Pa /etc/rc.sendmail .
3463The
3464.Va sendmail_*
3465variables which
3466.Pa /etc/rc.sendmail
3467uses are documented in the
3468.Xr rc.sendmail 8
3469manual page.
3470.It Va dumpdev
3471.Pq Vt str
3472Indicates the device (usually a swap partition) to which a crash dump
3473should be written in the event of a system crash.
3474If the value of this variable is
3475.Dq Li AUTO ,
3476the first suitable swap device listed in
3477.Pa /etc/fstab
3478will be used as dump device.
3479Otherwise, the value of this variable is passed as the argument to
3480.Xr dumpon 8 .
3481To disable crash dumps, set this variable to
3482.Dq Li NO .
3483.It Va dumpdir
3484.Pq Vt str
3485When the system reboots after a crash and a crash dump is found on the
3486device specified by the
3487.Va dumpdev
3488variable,
3489.Xr savecore 8
3490will save that crash dump and a copy of the kernel to the directory
3491specified by the
3492.Va dumpdir
3493variable.
3494The default value is
3495.Pa /var/crash .
3496Set to
3497.Dq Li NO
3498to not run
3499.Xr savecore 8
3500at boot time when
3501.Va dumpdir
3502is set.
3503.It Va savecore_flags
3504.Pq Vt str
3505If crash dumps are enabled, these are the flags to pass to the
3506.Xr savecore 8
3507utility.
3508.It Va quota_enable
3509.Pq Vt bool
3510Set to
3511.Dq Li YES
3512to turn on user and group disk quotas on system startup via the
3513.Xr quotaon 8
3514command for all file systems marked as having quotas enabled in
3515.Pa /etc/fstab .
3516The kernel must be built with
3517.Cd "options QUOTA"
3518for disk quotas to function.
3519.It Va check_quotas
3520.Pq Vt bool
3521Set to
3522.Dq Li YES
3523to enable user and group disk quota checking via the
3524.Xr quotacheck 8
3525command.
3526.It Va quotacheck_flags
3527.Pq Vt str
3528If
3529.Va quota_enable
3530is set to
3531.Dq Li YES ,
3532and
3533.Va check_quotas
3534is set to
3535.Dq Li YES ,
3536these are the flags to pass to the
3537.Xr quotacheck 8
3538utility.
3539The default is
3540.Dq Li "-a" ,
3541which checks quotas for all file systems with quotas enabled in
3542.Pa /etc/fstab .
3543.It Va quotaon_flags
3544.Pq Vt str
3545If
3546.Va quota_enable
3547is set to
3548.Dq Li YES ,
3549these are the flags to pass to the
3550.Xr quotaon 8
3551utility.
3552The default is
3553.Dq Li "-a" ,
3554which enables quotas for all file systems with quotas enabled in
3555.Pa /etc/fstab .
3556.It Va quotaoff_flags
3557.Pq Vt str
3558If
3559.Va quota_enable
3560is set to
3561.Dq Li YES ,
3562these are the flags to pass to the
3563.Xr quotaoff 8
3564utility when shutting down the quota system.
3565The default is
3566.Dq Li "-a" ,
3567which disables quotas for all file systems with quotas enabled in
3568.Pa /etc/fstab .
3569.It Va accounting_enable
3570.Pq Vt bool
3571Set to
3572.Dq Li YES
3573to enable system accounting through the
3574.Xr accton 8
3575facility.
3576.It Va ibcs2_enable
3577.Pq Vt bool
3578Set to
3579.Dq Li YES
3580to enable iBCS2 (SCO) binary emulation at system initial boot
3581time.
3582.It Va ibcs2_loaders
3583.Pq Vt str
3584If not set to
3585.Dq Li NO
3586and if
3587.Va ibcs2_enable
3588is set to
3589.Dq Li YES ,
3590this specifies a list of additional iBCS2 loaders to enable.
3591.It Va firstboot_sentinel
3592.Pq Vt str
3593This variable specifies the full path to a
3594.Dq first boot
3595sentinel file.
3596If a file exists with this path,
3597.Pa rc.d
3598scripts with the
3599.Dq firstboot
3600keyword will be run on startup and the sentinel file will be deleted
3601after the boot process completes.
3602The sentinel file must be located on a writable file system which is
3603mounted no later than
3604.Va early_late_divider
3605to function properly.
3606The default is
3607.Pa /firstboot .
3608.It Va linux_enable
3609.Pq Vt bool
3610Set to
3611.Dq Li YES
3612to enable Linux/ELF binary emulation at system initial
3613boot time.
3614.It Va svr4_enable
3615.Pq Vt bool
3616If set to
3617.Dq Li YES ,
3618enable SysVR4 emulation at boot time.
3619.It Va sysvipc_enable
3620.Pq Vt bool
3621If set to
3622.Dq Li YES ,
3623load System V IPC primitives at boot time.
3624.It Va clear_tmp_enable
3625.Pq Vt bool
3626Set to
3627.Dq Li YES
3628to have
3629.Pa /tmp
3630cleaned at startup.
3631.It Va clear_tmp_X
3632.Pq Vt bool
3633Set to
3634.Dq Li NO
3635to disable removing of X11 lock files,
3636and the removal and (secure) recreation
3637of the various socket directories for X11
3638related programs.
3639.It Va ldconfig_paths
3640.Pq Vt str
3641Set to the list of shared library paths to use with
3642.Xr ldconfig 8 .
3643NOTE:
3644.Pa /usr/lib
3645will always be added first, so it need not appear in this list.
3646.It Va ldconfig32_paths
3647.Pq Vt str
3648Set to the list of 32-bit compatibility shared library paths to
3649use with
3650.Xr ldconfig 8 .
3651.It Va ldconfig_paths_aout
3652.Pq Vt str
3653Set to the list of shared library paths to use with
3654.Xr ldconfig 8
3655legacy
3656.Xr a.out 5
3657support.
3658.It Va ldconfig_insecure
3659.Pq Vt bool
3660The
3661.Xr ldconfig 8
3662utility normally refuses to use directories
3663which are writable by anyone except root.
3664Set this variable to
3665.Dq Li YES
3666to disable that security check during system startup.
3667.It Va ldconfig_local_dirs
3668.Pq Vt str
3669Set to the list of local
3670.Xr ldconfig 8
3671directories.
3672The names of all files in the directories listed will be
3673passed as arguments to
3674.Xr ldconfig 8 .
3675.It Va ldconfig_local32_dirs
3676.Pq Vt str
3677Set to the list of local 32-bit compatibility
3678.Xr ldconfig 8
3679directories.
3680The names of all files in the directories listed will be
3681passed as arguments to
3682.Dq Nm ldconfig Fl 32 .
3683.It Va kern_securelevel_enable
3684.Pq Vt bool
3685Set to
3686.Dq Li YES
3687to set the kernel security level at system startup.
3688.It Va kern_securelevel
3689.Pq Vt int
3690The kernel security level to set at startup.
3691The allowed range of
3692.Ar value
3693ranges from \-1 (the compile time default) to 3 (the
3694most secure).
3695See
3696.Xr security 7
3697for the list of possible security levels and their effect
3698on system operation.
3699.It Va sshd_program
3700.Pq Vt str
3701Path to the SSH server program
3702.Pa ( /usr/sbin/sshd
3703is the default).
3704.It Va sshd_enable
3705.Pq Vt bool
3706Set to
3707.Dq Li YES
3708to start
3709.Xr sshd 8
3710at system boot time.
3711.It Va sshd_flags
3712.Pq Vt str
3713If
3714.Va sshd_enable
3715is set to
3716.Dq Li YES ,
3717these are the flags to pass to the
3718.Xr sshd 8
3719daemon.
3720.It Va ftpd_program
3721.Pq Vt str
3722Path to the FTP server program
3723.Pa ( /usr/libexec/ftpd
3724is the default).
3725.It Va ftpd_enable
3726.Pq Vt bool
3727Set to
3728.Dq Li YES
3729to start
3730.Xr ftpd 8
3731as a stand-alone daemon at system boot time.
3732.It Va ftpd_flags
3733.Pq Vt str
3734If
3735.Va ftpd_enable
3736is set to
3737.Dq Li YES ,
3738these are the additional flags to pass to the
3739.Xr ftpd 8
3740daemon.
3741.It Va watchdogd_enable
3742.Pq Vt bool
3743If set to
3744.Dq Li YES ,
3745start the
3746.Xr watchdogd 8
3747daemon at boot time.
3748This requires that the kernel have been compiled with a
3749.Xr watchdog 4
3750compatible device.
3751.It Va watchdogd_flags
3752.Pq Vt str
3753If
3754.Va watchdogd_enable
3755is set to
3756.Dq Li YES ,
3757these are the flags passed to the
3758.Xr watchdogd 8
3759daemon.
3760.It Va devfs_rulesets
3761.Pq Vt str
3762List of files containing sets of rules for
3763.Xr devfs 8 .
3764.It Va devfs_system_ruleset
3765.Pq Vt str
3766Rule name(s) to apply to the system
3767.Pa /dev
3768itself.
3769.It Va devfs_set_rulesets
3770.Pq Vt str
3771Pairs of already-mounted
3772.Pa dev
3773directories and rulesets that should be applied to them.
3774For example: /mount/dev=ruleset_name
3775.It Va devfs_load_rulesets
3776.Pq Vt bool
3777If set, always load the default rulesets listed in
3778.Va devfs_rulesets .
3779.It Va performance_cx_lowest
3780.Pq Vt str
3781CPU idle state to use while on AC power.
3782The string
3783.Dq Li LOW
3784indicates that
3785.Xr acpi 4
3786should use the lowest power state available while
3787.Dq Li HIGH
3788indicates that the lowest latency state (less power savings) should be used.
3789.It Va performance_cpu_freq
3790.Pq Vt str
3791CPU clock frequency to use while on AC power.
3792The string
3793.Dq Li LOW
3794indicates that
3795.Xr cpufreq 4
3796should use the lowest frequency available while
3797.Dq Li HIGH
3798indicates that the highest frequency (less power savings) should be used.
3799.It Va economy_cx_lowest
3800.Pq Vt str
3801CPU idle state to use when off AC power.
3802The string
3803.Dq Li LOW
3804indicates that
3805.Xr acpi 4
3806should use the lowest power state available while
3807.Dq Li HIGH
3808indicates that the lowest latency state (less power savings) should be used.
3809.It Va economy_cpu_freq
3810.Pq Vt str
3811CPU clock frequency to use when off AC power.
3812The string
3813.Dq Li LOW
3814indicates that
3815.Xr cpufreq 4
3816should use the lowest frequency available while
3817.Dq Li HIGH
3818indicates that the highest frequency (less power savings) should be used.
3819.It Va jail_enable
3820.Pq Vt bool
3821If set to
3822.Dq Li NO ,
3823any configured jails will not be started.
3824.It Va jail_conf
3825.Pq Vt str
3826The configuration filename used by
3827.Xr jail 8
3828utility.
3829The default value is
3830.Pa /etc/jail.conf .
3831.It Va jail_parallel_start
3832.Pq Vt bool
3833If set to
3834.Dq Li YES ,
3835all configured jails will be started in the background (in parallel).
3836.It Va jail_flags
3837.Pq Vt str
3838Unset by default.
3839When set, use as default value for
3840.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3841for every jail in
3842.Va jail_list .
3843.It Va jail_list
3844.Pq Vt str
3845A space separated list of names for jails.
3846If this variable is empty,
3847all of
3848.Xr jail 8
3849instances in the configuration file will be configured.
3850This is purely a configuration aid to help identify and
3851configure multiple jails.
3852The names specified in this list will be used to
3853identify settings common to an instance of a jail,
3854and should contain alphanumeric characters only.
3855The literal jail name of
3856.Dq Li 0
3857.Pq zero
3858is not allowed.
3859.It Va jail_* variables
3860Note that older releases supported per-jail configuration via
3861.Xr rc.conf 5
3862variables.
3863For example,
3864hostname of a jail named
3865.Li vjail
3866was able to be set by
3867.Li jail_vjail_hostname .
3868These per-jail configuration variables are now obsolete in favor of
3869.Xr jail 8
3870configuration file.
3871For backward compatibility,
3872when per-jail configuration variables are defined,
3873.Xr jail 8
3874configuration files are created as
3875.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf
3876and used.
3877.Pp
3878The following per-jail parameters are handled by
3879.Pa rc.d/jail
3880script out of their corresponding
3881.Nm
3882variables.
3883In addition to them, parameters in
3884.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3885will be added to the configuration file.
3886They must be a semi-colon
3887.Pq Ql \&;
3888delimited list of
3889.Dq key=value .
3890For more details,
3891see
3892.Xr jail 8
3893manual page.
3894.Bl  -tag -width "host.hostname" -offset indent
3895.It Li path
3896set from
3897.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3898.It Li host.hostname
3899set from
3900.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3901.It Li exec.consolelog
3902set from
3903.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3904The default value is
3905.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3906.It Li interface
3907set from
3908.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3909.It Li vnet.interface
3910set from
3911.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3912This implies
3913.Li vnet
3914parameter will be enabled and cannot be specified with
3915.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3916.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3917and/or
3918.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3919at the same time.
3920.It Li fstab
3921set from
3922.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3923.It Li mount
3924set from
3925.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3926.It Li exec.fib
3927set from
3928.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3929.It Li exec.start
3930set from
3931.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3932The parameter name was
3933.Li command
3934in some older releases.
3935.It Li exec.prestart
3936set from
3937.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3938.It Li exec.poststart
3939set from
3940.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3941.It Li exec.stop
3942set from
3943.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3944.It Li exec.prestop
3945set from
3946.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3947.It Li exec.poststop
3948set from
3949.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3950.It Li ip4.addr
3951set if
3952.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3953or
3954.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3955contain IPv4 addresses
3956.It Li ip6.addr
3957set if
3958.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3959or
3960.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3961contain IPv6 addresses
3962.It Li allow.mount
3963set from
3964.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3965.It Li mount.devfs
3966set from
3967.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3968.It Li devfs_ruleset
3969set from
3970.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3971This must be an integer,
3972not a string.
3973.It Li mount.fdescfs
3974set from
3975.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3976.It Li allow.set_hostname
3977set from
3978.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
3979.It Li allow.rawsocket
3980set from
3981.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
3982.It Li allow.sysvipc
3983set from
3984.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
3985.El
3986.\" -----------------------------------------------------
3987.It Va harvest_interrupt
3988.Pq Vt bool
3989Set to
3990.Dq Li YES
3991to use hardware interrupts as an entropy source.
3992Refer to
3993.Xr random 4
3994for more information.
3995.It Va harvest_ethernet
3996.Pq Vt bool
3997Set to
3998.Dq Li YES
3999to use LAN traffic as an entropy source.
4000Refer to
4001.Xr random 4
4002for more information.
4003.It Va harvest_p_to_p
4004.Pq Vt bool
4005Set to
4006.Dq Li YES
4007to use serial line traffic as an entropy source.
4008Refer to
4009.Xr random 4
4010for more information.
4011.It Va entropy_dir
4012.Pq Vt str
4013Set to
4014.Dq Li NO
4015to disable caching entropy via
4016.Xr cron 8 .
4017Otherwise set to the directory used to store entropy files in.
4018.It Va entropy_file
4019.Pq Vt str
4020Set to
4021.Dq Li NO
4022to disable caching entropy through reboots.
4023Otherwise set to the filename used to store cached entropy through
4024reboots.
4025This file should be located on the root file system to seed the
4026.Xr random 4
4027device as early as possible in the boot process.
4028.It Va entropy_save_sz
4029.Pq Vt int
4030Size of the entropy cache files saved by
4031.Nm save-entropy
4032periodically.
4033.It Va entropy_save_num
4034.Pq Vt int
4035Number of entropy cache files to save by
4036.Nm save-entropy
4037periodically.
4038.It Va ipsec_enable
4039.Pq Vt bool
4040Set to
4041.Dq Li YES
4042to run
4043.Xr setkey 8
4044on
4045.Va ipsec_file
4046at boot time.
4047.It Va ipsec_file
4048.Pq Vt str
4049Configuration file for
4050.Xr setkey 8 .
4051.It Va dmesg_enable
4052.Pq Vt bool
4053Set to
4054.Dq Li YES
4055to save
4056.Xr dmesg 8
4057to
4058.Pa /var/run/dmesg.boot
4059on boot.
4060.It Va rcshutdown_timeout
4061.Pq Vt int
4062If set, start a watchdog timer in the background which will terminate
4063.Pa rc.shutdown
4064if
4065.Xr shutdown 8
4066has not completed within the specified time (in seconds).
4067Notice that in addition to this soft timeout,
4068.Xr init 8
4069also applies a hard timeout for the execution of
4070.Pa rc.shutdown .
4071This is configured via
4072.Xr sysctl 8
4073variable
4074.Va kern.init_shutdown_timeout
4075and defaults to 120 seconds.
4076Setting the value of
4077.Va rcshutdown_timeout
4078to more than 120 seconds will have no effect until the
4079.Xr sysctl 8
4080variable
4081.Va kern.init_shutdown_timeout
4082is also increased.
4083.It Va virecover_enable
4084.Pq Vt bool
4085Set to
4086.Dq Li NO
4087to prevent the system from trying to
4088recover pre-maturely terminated
4089.Xr vi 1
4090sessions.
4091.It Va ugidfw_enable
4092.Pq Vt bool
4093Set to
4094.Dq Li YES
4095to load the
4096.Xr mac_bsdextended 4
4097module upon system initialization and load a default
4098ruleset file.
4099.It Va bsdextended_script
4100.Pq Vt str
4101The default
4102.Xr mac_bsdextended 4
4103ruleset file to load.
4104The default value of this variable is
4105.Pa /etc/rc.bsdextended .
4106.It Va newsyslog_enable
4107.Pq Vt bool
4108If set to
4109.Dq Li YES ,
4110run
4111.Xr newsyslog 8
4112command at startup.
4113.It Va newsyslog_flags
4114.Pq Vt str
4115If
4116.Va newsyslog_enable
4117is set to
4118.Dq Li YES ,
4119these are the flags to pass to the
4120.Xr newsyslog 8
4121program.
4122The default is
4123.Dq Li -CN ,
4124which causes log files flagged with a
4125.Cm C
4126to be created.
4127.It Va mdconfig_md Ns Aq Ar X
4128.Pq Vt str
4129Arguments to
4130.Xr mdconfig 8
4131for
4132.Xr md 4
4133device
4134.Ar X .
4135At minimum a
4136.Fl t Ar type
4137must be specified and either a
4138.Fl s Ar size
4139for malloc or swap backed
4140.Xr md 4
4141devices or a
4142.Fl f Ar file
4143for vnode backed
4144.Xr md 4
4145devices.
4146Note that
4147.Va mdconfig_md Ns Aq Ar X
4148variables are evaluated until one variable is unset or null.
4149.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4150.Pq Vt str
4151Optional arguments passed to
4152.Xr newfs 8
4153to initialize
4154.Xr md 4
4155device
4156.Ar X .
4157.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4158.Pq Vt str
4159An ownership specification passed to
4160.Xr chown 8
4161after the specified
4162.Xr md 4
4163device
4164.Ar X
4165has been mounted.
4166Both the
4167.Xr md 4
4168device and the mount point will be changed.
4169.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4170.Pq Vt str
4171A mode string passed to
4172.Xr chmod 1
4173after the specified
4174.Xr md 4
4175device
4176.Ar X
4177has been mounted.
4178Both the
4179.Xr md 4
4180device and the mount point will be changed.
4181.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4182.Pq Vt str
4183Files to be copied to the mount point of the
4184.Xr md 4
4185device
4186.Ar X
4187after it has been mounted.
4188.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4189.Pq Vt str
4190Command to execute after the specified
4191.Xr md 4
4192device
4193.Ar X
4194has been mounted.
4195Note that the command is passed to
4196.Ic eval
4197and that both
4198.Va _dev
4199and
4200.Va _mp
4201variables can be used to reference respectively the
4202.Xr md 4
4203device and the mount point.
4204Assuming that the
4205.Xr md 4
4206device is
4207.Li md0 ,
4208one could set the following:
4209.Bd -literal
4210mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4211.Ed
4212.It Va autobridge_interfaces
4213.Pq Vt str
4214Set to the list of bridge interfaces that will have newly arriving interfaces
4215checked against to be automatically added.
4216If not set to
4217.Dq Li NO
4218then for each whitespace separated
4219.Ar element
4220in the value, a
4221.Va autobridge_ Ns Aq Ar element
4222variable is assumed to exist which has a whitespace separated list of interface
4223names to match, these names can use wildcards.
4224For example:
4225.Bd -literal
4226autobridge_interfaces="bridge0"
4227autobridge_bridge0="tap* dc0 vlan[345]"
4228.Ed
4229.It Va mixer_enable
4230.Pq Vt bool
4231If set to
4232.Dq Li YES ,
4233enable support for sound mixer.
4234.It Va hcsecd_enable
4235.Pq Vt bool
4236If set to
4237.Dq Li YES ,
4238enable Bluetooth security daemon.
4239.It Va hcsecd_config
4240.Pq Vt str
4241Configuration file for
4242.Xr hcsecd 8 .
4243Default
4244.Pa /etc/bluetooth/hcsecd.conf .
4245.It Va sdpd_enable
4246.Pq Vt bool
4247If set to
4248.Dq Li YES ,
4249enable Bluetooth Service Discovery Protocol daemon.
4250.It Va sdpd_control
4251.Pq Vt str
4252Path to
4253.Xr sdpd 8
4254control socket.
4255Default
4256.Pa /var/run/sdp .
4257.It Va sdpd_groupname
4258.Pq Vt str
4259Sets
4260.Xr sdpd 8
4261group to run as after it initializes.
4262Default
4263.Dq Li nobody .
4264.It Va sdpd_username
4265.Pq Vt str
4266Sets
4267.Xr sdpd 8
4268user to run as after it initializes.
4269Default
4270.Dq Li nobody .
4271.It Va bthidd_enable
4272.Pq Vt bool
4273If set to
4274.Dq Li YES ,
4275enable Bluetooth Human Interface Device daemon.
4276.It Va bthidd_config
4277.Pq Vt str
4278Configuration file for
4279.Xr bthidd 8 .
4280Default
4281.Pa /etc/bluetooth/bthidd.conf .
4282.It Va bthidd_hids
4283.Pq Vt str
4284Path to a file, where
4285.Xr bthidd 8
4286will store information about known HID devices.
4287Default
4288.Pa /var/db/bthidd.hids .
4289.It Va rfcomm_pppd_server_enable
4290.Pq Vt bool
4291If set to
4292.Dq Li YES ,
4293enable Bluetooth RFCOMM PPP wrapper daemon.
4294.It Va rfcomm_pppd_server_profile
4295.Pq Vt str
4296The name of the profile to use from
4297.Pa /etc/ppp/ppp.conf .
4298Multiple profiles can be specified here.
4299Also used to specify per-profile overrides.
4300When the profile name contains any of the characters
4301.Dq Li .-/+
4302they are translated to
4303.Dq Li _
4304for the proposes of the override variable names.
4305.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4306.Pq Vt str
4307Overrides local address to listen on.
4308By default
4309.Xr rfcomm_pppd 8
4310will listen on
4311.Dq Li ANY
4312address.
4313The address can be specified as BD_ADDR or name.
4314.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4315.Pq Vt str
4316Overrides local RFCOMM channel to listen on.
4317By default
4318.Xr rfcomm_pppd 8
4319will listen on RFCOMM channel 1.
4320Must set properly if multiple profiles used in the same time.
4321.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4322.Pq Vt bool
4323Tells
4324.Xr rfcomm_pppd 8
4325if it should register Serial Port service on the specified RFCOMM channel.
4326Default
4327.Dq Li NO .
4328.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4329.Pq Vt bool
4330Tells
4331.Xr rfcomm_pppd 8
4332if it should register Dial-Up Networking service on the specified
4333RFCOMM channel.
4334Default
4335.Dq Li NO .
4336.It Va ubthidhci_enable
4337.Pq Vt bool
4338If set to
4339.Dq Li YES ,
4340change the USB Bluetooth controller from HID mode to HCI mode.
4341You also need to specify the location of USB Bluetooth controller with the
4342.Va ubthidhci_busnum
4343and
4344.Va ubthidhci_addr
4345variables.
4346.It Va ubthidhci_busnum
4347Bus number where the USB Bluetooth controller is located.
4348Check the output of
4349.Xr usbconfig 8
4350on your system to find this information.
4351.It Va ubthidhci_addr
4352Bus address of the USB Bluetooth controller.
4353Check the output of
4354.Xr usbconfig 8
4355on your system to find this information.
4356.It Va netwait_enable
4357.Pq Vt bool
4358If set to
4359.Dq Li YES ,
4360delays the start of network-reliant services until
4361.Va netwait_if
4362is up and ICMP packets to a destination defined in
4363.Va netwait_ip
4364are flowing.
4365Link state is examined first, followed by
4366.Dq Li pinging
4367an IP address to verify network usability.
4368If no destination can be reached or timeouts are exceeded,
4369network services are started anyway with no guarantee that
4370the network is usable.
4371Use of this variable requires both
4372.Va netwait_ip
4373and
4374.Va netwait_if
4375to be set.
4376.It Va netwait_ip
4377.Pq Vt str
4378Empty by default.
4379This variable contains a space-delimited list of IP addresses to
4380.Xr ping 8 .
4381DNS hostnames should not be used as resolution is not guaranteed
4382to be functional at this point.
4383If multiple IP addresses are specified,
4384each will be tried until one is successful or the list is exhausted.
4385.It Va netwait_timeout
4386.Pq Vt int
4387Indicates the total number of seconds to perform a
4388.Dq Li ping
4389against each IP address in
4390.Va netwait_ip ,
4391at a rate of one ping per second.
4392If any of the pings are successful,
4393full network connectivity is considered reliable.
4394The default is 60.
4395.It Va netwait_if
4396.Pq Vt str
4397Empty by default.
4398Defines the name of the network interface on which watch for link.
4399.Xr ifconfig 8
4400is used to monitor the interface, looking for
4401.Dq Li status: no carrier .
4402Once gone, the link is considered up.
4403This can be a
4404.Xr vlan 4
4405interface if desired.
4406.It Va netwait_if_timeout
4407.Pq Vt int
4408Defines the total number of seconds to wait for link to become usable,
4409polled at a 1-second interval.
4410The default is 30.
4411.It Va rctl_enable
4412.Pq Vt bool
4413Set to
4414.Dq Li YES
4415to load
4416.Xr rctl 8
4417rules from the defined ruleset.
4418The kernel must be built with
4419.Cd "options RACCT"
4420and
4421.Cd "options RCTL" .
4422.It Va rctl_rules
4423.Pq Vt str
4424Set to
4425.Pa /etc/rctl.conf
4426by default.
4427This variables contains the
4428.Xr rctl.conf 5
4429ruleset to load for
4430.Xr rctl 8 .
4431.El
4432.Sh FILES
4433.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4434.It Pa /etc/defaults/rc.conf
4435.It Pa /etc/rc.conf
4436.It Pa /etc/rc.conf.local
4437.El
4438.Sh SEE ALSO
4439.Xr catman 1 ,
4440.Xr chmod 1 ,
4441.Xr gdb 1 ,
4442.Xr info 1 ,
4443.Xr kbdcontrol 1 ,
4444.Xr makewhatis 1 ,
4445.Xr sh 1 ,
4446.Xr vi 1 ,
4447.Xr vidcontrol 1 ,
4448.Xr bridge 4 ,
4449.Xr dummynet 4 ,
4450.Xr ip 4 ,
4451.Xr ipf 4 ,
4452.Xr ipfw 4 ,
4453.Xr ipnat 4 ,
4454.Xr kld 4 ,
4455.Xr pf 4 ,
4456.Xr pflog 4 ,
4457.Xr pfsync 4 ,
4458.Xr tcp 4 ,
4459.Xr udp 4 ,
4460.Xr exports 5 ,
4461.Xr fstab 5 ,
4462.Xr ipf 5 ,
4463.Xr ipnat 5 ,
4464.Xr jail.conf 5 ,
4465.Xr motd 5 ,
4466.Xr newsyslog.conf 5 ,
4467.Xr pf.conf 5 ,
4468.Xr security 7 ,
4469.Xr accton 8 ,
4470.Xr amd 8 ,
4471.Xr apm 8 ,
4472.Xr atm 8 ,
4473.Xr bthidd 8 ,
4474.Xr chkprintcap 8 ,
4475.Xr chown 8 ,
4476.Xr cron 8 ,
4477.Xr devfs 8 ,
4478.Xr dhclient 8 ,
4479.Xr ftpd 8 ,
4480.Xr geli 8 ,
4481.Xr hcsecd 8 ,
4482.Xr ifconfig 8 ,
4483.Xr inetd 8 ,
4484.Xr ipf 8 ,
4485.Xr ipfw 8 ,
4486.Xr ipnat 8 ,
4487.Xr jail 8 ,
4488.Xr kldxref 8 ,
4489.Xr lpd 8 ,
4490.Xr mdconfig 8 ,
4491.Xr mdmfs 8 ,
4492.Xr mixer 8 ,
4493.Xr mountd 8 ,
4494.Xr moused 8 ,
4495.Xr mrouted 8 ,
4496.Xr newfs 8 ,
4497.Xr newsyslog 8 ,
4498.Xr nfsd 8 ,
4499.Xr ntpd 8 ,
4500.Xr ntpdate 8 ,
4501.Xr pfctl 8 ,
4502.Xr pflogd 8 ,
4503.Xr ping 8 ,
4504.Xr powerd 8 ,
4505.Xr quotacheck 8 ,
4506.Xr quotaon 8 ,
4507.Xr rc 8 ,
4508.Xr rc.sendmail 8 ,
4509.Xr rfcomm_pppd 8 ,
4510.Xr route 8 ,
4511.Xr routed 8 ,
4512.Xr rpcbind 8 ,
4513.Xr rpc.lockd 8 ,
4514.Xr rpc.statd 8 ,
4515.Xr rwhod 8 ,
4516.Xr savecore 8 ,
4517.Xr sdpd 8 ,
4518.Xr sshd 8 ,
4519.Xr swapon 8 ,
4520.Xr sysctl 8 ,
4521.Xr syslogd 8 ,
4522.Xr timed 8 ,
4523.Xr unbound 8 ,
4524.Xr usbconfig 8 ,
4525.Xr wlandebug 8 ,
4526.Xr yp 8 ,
4527.Xr ypbind 8 ,
4528.Xr ypserv 8 ,
4529.Xr ypset 8
4530.Sh HISTORY
4531The
4532.Nm
4533file appeared in
4534.Fx 2.2.2 .
4535.Sh AUTHORS
4536.An Jordan K. Hubbard .
4537