1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd November 30, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _fib 196.Pq Vt int 197The 198.Xr setfib 1 199value to run the service under. 200.It Ao Ar name Ac Ns Va _group 201.Pq Vt str 202Run the chrooted service under this system group. 203Unlike the 204.Ao Ar name Ac Ns Va _user 205setting, this setting has no effect if the service is not chrooted. 206.It Ao Ar name Ac Ns Va _limits 207.Pq Vt str 208Resource limits to apply to the service using 209.Xr limits 1 . 210By default, resource limits are based on the login class defined in 211.Ao Ar name Ac Ns Va _login_class . 212.It Ao Ar name Ac Ns Va _login_class 213.Pq Vt str 214Login class to be used with 215.Ao Ar name Ac Ns Va _limits . 216Defaults to 217.Dq Li daemon . 218.It Ao Ar name Ac Ns Va _nice 219.Pq Vt int 220The 221.Xr nice 1 222value to run the service under. 223.It Ao Ar name Ac Ns Va _oomprotect 224Use 225.Xr protect 1 226to prevent the service from being killed when swap space 227is exhausted. 228Use 229.Dq Li YES 230to protect only the service itself, and 231.Dq Li ALL 232to protect the service and all child processes. 233.Pp 234Please note rc scripts that redefine 235.Bd 236${name}_cmd 237.Ed 238such as PostgreSQL will not inherit the OOM killer protection. 239.It Ao Ar name Ac Ns Va _user 240.Pq Vt str 241Run the service under this user account. 242.It Va apm_enable 243.Pq Vt bool 244If set to 245.Dq Li YES , 246enable support for Automatic Power Management with 247the 248.Xr apm 8 249command. 250.It Va apmd_enable 251.Pq Vt bool 252Run 253.Xr apmd 8 254to handle APM event from userland. 255This also enables support for APM. 256.It Va apmd_flags 257.Pq Vt str 258If 259.Va apmd_enable 260is set to 261.Dq Li YES , 262these are the flags to pass to the 263.Xr apmd 8 264daemon. 265.It Va devd_enable 266.Pq Vt bool 267Run 268.Xr devd 8 269to handle device added, removed or unknown events from the kernel. 270.It Va ddb_enable 271.Pq Vt bool 272Run 273.Xr ddb 8 274to install 275.Xr ddb 4 276scripts at boot time. 277.It Va ddb_config 278.Pq Vt str 279Configuration file for 280.Xr ddb 8 . 281Default 282.Pa /etc/ddb.conf . 283.It Va devmatch_enable 284.Pq Vt bool 285If set to 286.Dq Li NO , 287disable auto-loading of kernel modules with 288.Xr devmatch 8 . 289.It Va devmatch_blocklist 290.Pq Vt str 291A whitespace-separated list of kernel modules to be ignored by 292.Xr devmatch 8 . 293In addition, the 294.Xr kenv 1 295.Va devmatch_blocklist 296is appended to this variable to allow disabling of 297.Xr devmatch 8 298loaded modules from the boot loader. 299.It Va devmatch_blacklist 300.Pq Vt str 301This variable is deprecated. 302Use 303.Va devmatch_blocklist 304instead. 305A whitespace-separated list of kernel modules to be ignored by 306.Xr devmatch 8 . 307.It Va kld_list 308.Pq Vt str 309A whitespace-separated list of kernel modules to load right after 310the local disks are mounted, without any 311.Pa .ko 312extension or path. 313Loading modules at this point in the boot process is 314much faster than doing it via 315.Pa /boot/loader.conf 316for those modules not necessary for mounting local disks. 317.It Va kldxref_enable 318.Pq Vt bool 319Set to 320.Dq Li NO 321by default. 322Set to 323.Dq Li YES 324to automatically rebuild 325.Pa linker.hints 326files with 327.Xr kldxref 8 328at boot time. 329.It Va kldxref_clobber 330.Pq Vt bool 331Set to 332.Dq Li NO 333by default. 334If 335.Va kldxref_enable 336is true, 337setting to 338.Dq Li YES 339will overwrite existing 340.Pa linker.hints 341files at boot time. 342Otherwise, 343only missing 344.Pa linker.hints 345files are generated. 346.It Va kldxref_module_path 347.Pq Vt str 348Empty by default. 349A semi-colon 350.Pq Ql \&; 351delimited list of paths containing 352.Xr kld 4 353modules. 354If empty, 355the contents of the 356.Va kern.module_path 357.Xr sysctl 8 358are used. 359.It Va powerd_enable 360.Pq Vt bool 361If set to 362.Dq Li YES , 363enable the system power control facility with the 364.Xr powerd 8 365daemon. 366.It Va powerd_flags 367.Pq Vt str 368If 369.Va powerd_enable 370is set to 371.Dq Li YES , 372these are the flags to pass to the 373.Xr powerd 8 374daemon. 375.It Va tmpmfs 376Controls the creation of a 377.Pa /tmp 378memory file system. 379Always happens if set to 380.Dq Li YES 381and never happens if set to 382.Dq Li NO . 383If set to anything else, a memory file system is created if 384.Pa /tmp 385is not writable. 386.It Va tmpsize 387Controls the size of a created 388.Pa /tmp 389memory file system. 390.It Va tmpmfs_flags 391Extra options passed to the 392.Xr mdmfs 8 393utility when the memory file system for 394.Pa /tmp 395is created. 396The default is 397.Dq Li "-S" , 398which inhibits the use of softupdates on 399.Pa /tmp 400so that file system space is freed without delay 401after file truncation or deletion. 402See 403.Xr mdmfs 8 404for other options you can use in 405.Va tmpmfs_flags . 406.It Va varmfs 407Controls the creation of a 408.Pa /var 409memory file system. 410Always happens if set to 411.Dq Li YES 412and never happens if set to 413.Dq Li NO . 414If set to anything else, a memory file system is created if 415.Pa /var 416is not writable. 417.It Va varsize 418Controls the size of a created 419.Pa /var 420memory file system. 421.It Va varmfs_flags 422Extra options passed to the 423.Xr mdmfs 8 424utility when the memory file system for 425.Pa /var 426is created. 427The default is 428.Dq Li "-S" , 429which inhibits the use of softupdates on 430.Pa /var 431so that file system space is freed without delay 432after file truncation or deletion. 433See 434.Xr mdmfs 8 435for other options you can use in 436.Va varmfs_flags . 437.It Va populate_var 438Controls the automatic population of the 439.Pa /var 440file system. 441Always happens if set to 442.Dq Li YES 443and never happens if set to 444.Dq Li NO . 445If set to anything else, a memory file system is created if 446.Pa /var 447is not writable. 448Note that this process requires access to certain commands in 449.Pa /usr 450before 451.Pa /usr 452is mounted on normal systems. 453.It Va cleanvar_enable 454.Pq Vt bool 455Clean the 456.Pa /var 457directory. 458.It Va local_startup 459.Pq Vt str 460List of directories to search for startup script files. 461.It Va script_name_sep 462.Pq Vt str 463The field separator to use for breaking down the list of startup script files 464into individual filenames. 465The default is a space. 466It is not necessary to change this unless there are startup scripts with names 467containing spaces. 468.It Va hostapd_enable 469.Pq Vt bool 470Set to 471.Dq Li YES 472to start 473.Xr hostapd 8 474at system boot time. 475.It Va hostname 476.Pq Vt str 477The fully qualified domain name (FQDN) of this host on the network. 478This should almost certainly be set to something meaningful, even if 479there is no network connection. 480If 481.Xr dhclient 8 482is used to set the hostname via DHCP, 483this variable should be set to an empty string. 484Within a 485.Xr jail 8 486the hostname is generally already set and this variable may be absent. 487If this value remains unset when the system is done booting 488your console login will display the default hostname of 489.Dq Amnesiac . 490.It Va nisdomainname 491.Pq Vt str 492The NIS domain name of this host, or 493.Dq Li NO 494if NIS is not used. 495.It Va dhclient_program 496.Pq Vt str 497Path to the DHCP client program 498.Pa ( /sbin/dhclient , 499the 500.Ox 501DHCP client, 502is the default). 503.It Va dhclient_flags 504.Pq Vt str 505Additional flags to pass to the DHCP client program. 506For the 507.Ox 508DHCP client, see the 509.Xr dhclient 8 510manpage for a description of the command line options available. 511.It Va dhclient_flags_ Ns Aq Ar iface 512Additional flags to pass to the DHCP client program running on 513.Ar iface 514only. 515When specified, this variable overrides 516.Va dhclient_flags . 517.It Va background_dhclient 518.Pq Vt bool 519Set to 520.Dq Li YES 521to start the DHCP client in background. 522This can cause trouble with applications depending on 523a working network, but it will provide a faster startup 524in many cases. 525.It Va background_dhclient_ Ns Aq Ar iface 526When specified, this variable overrides the 527.Va background_dhclient 528variable for interface 529.Ar iface 530only. 531.It Va synchronous_dhclient 532.Pq Vt bool 533Set to 534.Dq Li YES 535to start 536.Xr dhclient 8 537synchronously at startup. 538This behavior can be overridden on a per-interface basis by replacing 539the 540.Dq Li DHCP 541keyword in the 542.Va ifconfig_ Ns Aq Ar interface 543variable with 544.Dq Li SYNCDHCP 545or 546.Dq Li NOSYNCDHCP . 547.It Va defaultroute_delay 548.Pq Vt int 549When set to a positive value, wait up to this long after configuring 550DHCP interfaces at startup to give the interfaces time to receive a lease. 551.It Va firewall_enable 552.Pq Vt bool 553Set to 554.Dq Li YES 555to load firewall rules at startup. 556If the kernel was not built with 557.Cd "options IPFIREWALL" , 558the 559.Pa ipfw.ko 560kernel module will be loaded. 561See also 562.Va ipfilter_enable . 563.It Va firewall_script 564.Pq Vt str 565This variable specifies the full path to the firewall script to run. 566The default is 567.Pa /etc/rc.firewall . 568.It Va firewall_type 569.Pq Vt str 570Names the firewall type from the selection in 571.Pa /etc/rc.firewall , 572or the file which contains the local firewall ruleset. 573Valid selections from 574.Pa /etc/rc.firewall 575are: 576.Pp 577.Bl -tag -width ".Li workstation" -compact 578.It Li open 579unrestricted IP access 580.It Li closed 581all IP services disabled, except via 582.Dq Li lo0 583.It Li client 584basic protection for a workstation 585.It Li workstation 586basic protection for a workstation using stateful firewalling 587.It Li simple 588basic protection for a LAN. 589.El 590.Pp 591If a filename is specified, the full path 592must be given. 593.Pp 594Most of the predefined rulesets define additional configuration variables. 595These are documented in 596.Pa /etc/rc.firewall . 597.It Va firewall_quiet 598.Pq Vt bool 599Set to 600.Dq Li YES 601to disable the display of firewall rules on the console during boot. 602.It Va firewall_logging 603.Pq Vt bool 604Set to 605.Dq Li YES 606to enable firewall event logging. 607This is equivalent to the 608.Dv IPFIREWALL_VERBOSE 609kernel option. 610.It Va firewall_logif 611.Pq Vt bool 612Set to 613.Dq Li YES 614to create pseudo interface 615.Li ipfw0 616for logging. 617For more details, see 618.Xr ipfw 8 619manual page. 620.It Va firewall_flags 621.Pq Vt str 622Flags passed to 623.Xr ipfw 8 624if 625.Va firewall_type 626specifies a filename. 627.It Va firewall_coscripts 628.Pq Vt str 629List of executables and/or rc scripts to run after firewall starts/stops. 630Default is empty. 631.\" ----- firewall_nat_enable setting -------------------------------- 632.It Va firewall_nat_enable 633.Pq Vt bool 634The 635.Xr ipfw 8 636equivalent of 637.Va natd_enable . 638Setting this to 639.Dq Li YES 640will automatically load the 641.Xr ipfw 8 642NAT kernel module if 643.Va firewall_enable 644is also set to 645.Dq Li YES . 646.It Va firewall_nat_interface 647.Pq Vt str 648The 649.Xr ipfw 8 650equivalent of 651.Va natd_interface . 652This is the name of the public interface or IP address on which 653kernel NAT should run. 654.It Va firewall_nat_flags 655.Pq Vt str 656Additional configuration parameters for kernel NAT should be placed here. 657.It Va firewall_nat64_enable 658.Pq Vt bool 659Setting this to 660.Dq Li YES 661will automatically load the 662.Xr ipfw 8 663NAT64 kernel module if 664.Va firewall_enable 665is also set to 666.Dq Li YES . 667.It Va firewall_nptv6_enable 668.Pq Vt bool 669Setting this to 670.Dq Li YES 671will automatically load the 672.Xr ipfw 8 673NPTv6 kernel module if 674.Va firewall_enable 675is also set to 676.Dq Li YES . 677.It Va firewall_pmod_enable 678.Pq Vt bool 679Setting this to 680.Dq Li YES 681will automatically load the 682.Xr ipfw 8 683pmod kernel module if 684.Va firewall_enable 685is also set to 686.Dq Li YES . 687.It Va dummynet_enable 688.Pq Vt bool 689Setting this to 690.Dq Li YES 691will automatically load the 692.Xr dummynet 4 693module if 694.Va firewall_enable 695is also set to 696.Dq Li YES . 697.\" ------------------------------------------------------------------- 698.It Va ipfw_netflow_enable 699.Pq Vt bool 700Setting this to 701.Dq Li YES 702will enable netflow logging via 703.Xr ng_netflow 4 704.Pp 705By default a ipfw rule is inserted and all packets are duplicated with 706the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 707port using protocol version 5. 708.It Va ipfw_netflow_hook 709.Pq Vt int 710netflow hook name, must be numerical 711(default 712.Pa 9995 ) . 713.It Va ipfw_netflow_rule 714.Pq Vt int 715ipfw rule number 716(default 717.Pa 1000 ) . 718.It Va ipfw_netflow_ip 719.Pq Vt str 720Destination server ip for receiving netflow data 721(default 722.Pa 127.0.0.1 ) . 723.It Va ipfw_netflow_port 724.Pq Vt int 725Destination server port for receiving netflow data 726(default 727.Pa 9995 ) . 728.It Va ipfw_netflow_version 729.Pq Vt int 730Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 731.It Va ipfw_netflow_fib 732.Pq Vt int 733Only match packet in FIB 734.Pa ipfw_netflow_fib 735(default is undefined meaning all FIBs). 736.It Va natd_program 737.Pq Vt str 738Path to 739.Xr natd 8 . 740.It Va natd_enable 741.Pq Vt bool 742Set to 743.Dq Li YES 744to enable 745.Xr natd 8 . 746.Va firewall_enable 747must also be set to 748.Dq Li YES , 749and 750.Xr divert 4 751sockets must be enabled in the kernel. 752If the kernel was not built with 753.Cd "options IPDIVERT" , 754the 755.Pa ipdivert.ko 756kernel module will be loaded. 757.It Va natd_interface 758.Pq Vt str 759This is the name of the public interface on which 760.Xr natd 8 761should run. 762The interface may be given as an interface name or as an IP address. 763.It Va natd_flags 764.Pq Vt str 765Additional 766.Xr natd 8 767flags should be placed here. 768The 769.Fl n 770or 771.Fl a 772flag is automatically added with the above 773.Va natd_interface 774as an argument. 775.\" ----- ipfilter_enable setting -------------------------------- 776.It Va ipfilter_enable 777.Pq Vt bool 778Set to 779.Dq Li NO 780by default. 781Setting this to 782.Dq Li YES 783enables 784.Xr ipf 8 785packet filtering. 786.Pp 787Typical usage will require putting 788.Bd -literal 789ipfilter_enable="YES" 790ipnat_enable="YES" 791ipmon_enable="YES" 792ipfs_enable="YES" 793.Ed 794.Pp 795into 796.Pa /etc/rc.conf 797and editing 798.Pa /etc/ipf.rules 799and 800.Pa /etc/ipnat.rules 801appropriately. 802.Pp 803Note that 804.Va ipfilter_enable 805and 806.Va ipnat_enable 807can be enabled independently. 808.Va ipmon_enable 809and 810.Va ipfs_enable 811both require at least one of 812.Va ipfilter_enable 813and 814.Va ipnat_enable 815to be enabled. 816.Pp 817Having 818.Bd -literal 819options IPFILTER 820options IPFILTER_LOG 821options IPFILTER_DEFAULT_BLOCK 822.Ed 823.Pp 824in the kernel configuration file is a good idea, too. 825.\" ----- ipfilter_program setting ------------------------------ 826.It Va ipfilter_program 827.Pq Vt str 828Path to 829.Xr ipf 8 830(default 831.Pa /sbin/ipf ) . 832.\" ----- ipfilter_rules setting -------------------------------- 833.It Va ipfilter_rules 834.Pq Vt str 835Set to 836.Pa /etc/ipf.rules 837by default. 838This variable contains the name of the filter rule definition file. 839The file is expected to be readable for the 840.Xr ipf 8 841command to execute. 842.\" ----- ipfilter_flags setting -------------------------------- 843.It Va ipfilter_flags 844.Pq Vt str 845Empty by default. 846This variable contains flags passed to the 847.Xr ipf 8 848program. 849.\" ----- ipnat_enable setting ---------------------------------- 850.It Va ipnat_enable 851.Pq Vt bool 852Set to 853.Dq Li NO 854by default. 855Set it to 856.Dq Li YES 857to enable 858.Xr ipnat 8 859network address translation. 860See 861.Va ipfilter_enable 862for a detailed discussion. 863.\" ----- ipnat_program setting --------------------------------- 864.It Va ipnat_program 865.Pq Vt str 866Path to 867.Xr ipnat 8 868(default 869.Pa /sbin/ipnat ) . 870.\" ----- ipnat_rules setting ----------------------------------- 871.It Va ipnat_rules 872.Pq Vt str 873Set to 874.Pa /etc/ipnat.rules 875by default. 876This variable contains the name of the file 877holding the network address translation definition. 878This file is expected to be readable for the 879.Xr ipnat 8 880command to execute. 881.\" ----- ipnat_flags setting ----------------------------------- 882.It Va ipnat_flags 883.Pq Vt str 884Empty by default. 885This variable contains flags passed to the 886.Xr ipnat 8 887program. 888.\" ----- ipmon_enable setting ---------------------------------- 889.It Va ipmon_enable 890.Pq Vt bool 891Set to 892.Dq Li NO 893by default. 894Set it to 895.Dq Li YES 896to enable 897.Xr ipmon 8 898monitoring (logging 899.Xr ipf 8 900and 901.Xr ipnat 8 902events). 903Setting this variable needs setting 904.Va ipfilter_enable 905or 906.Va ipnat_enable 907too. 908See 909.Va ipfilter_enable 910for a detailed discussion. 911.\" ----- ipmon_program setting --------------------------------- 912.It Va ipmon_program 913.Pq Vt str 914Path to 915.Xr ipmon 8 916(default 917.Pa /sbin/ipmon ) . 918.\" ----- ipmon_flags setting ----------------------------------- 919.It Va ipmon_flags 920.Pq Vt str 921Set to 922.Dq Li -Ds 923by default. 924This variable contains flags passed to the 925.Xr ipmon 8 926program. 927Another typical example would be 928.Dq Fl D Pa /var/log/ipflog 929to have 930.Xr ipmon 8 931log directly to a file bypassing 932.Xr syslogd 8 . 933Make sure to adjust 934.Pa /etc/newsyslog.conf 935in such case like this: 936.Bd -literal 937/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 938.Ed 939.\" ----- ipfs_enable setting ----------------------------------- 940.It Va ipfs_enable 941.Pq Vt bool 942Set to 943.Dq Li NO 944by default. 945Set it to 946.Dq Li YES 947to enable 948.Xr ipfs 8 949saving the filter and NAT state tables during shutdown 950and reloading them during startup again. 951Setting this variable needs setting 952.Va ipfilter_enable 953or 954.Va ipnat_enable 955to 956.Dq Li YES 957too. 958See 959.Va ipfilter_enable 960for a detailed discussion. 961Note that if 962.Va kern_securelevel 963is set to 3, 964.Va ipfs_enable 965cannot be used 966because the raised securelevel will prevent 967.Xr ipfs 8 968from saving the state tables at shutdown time. 969.\" ----- ipfs_program setting ---------------------------------- 970.It Va ipfs_program 971.Pq Vt str 972Path to 973.Xr ipfs 8 974(default 975.Pa /sbin/ipfs ) . 976.\" ----- ipfs_flags setting ------------------------------------ 977.It Va ipfs_flags 978.Pq Vt str 979Empty by default. 980This variable contains flags passed to the 981.Xr ipfs 8 982program. 983.\" ----- end of added ipf hook --------------------------------- 984.It Va pf_enable 985.Pq Vt bool 986Set to 987.Dq Li NO 988by default. 989Setting this to 990.Dq Li YES 991enables 992.Xr pf 4 993packet filtering. 994.Pp 995Typical usage will require putting 996.Pp 997.Dl pf_enable="YES" 998.Pp 999into 1000.Pa /etc/rc.conf 1001and editing 1002.Pa /etc/pf.conf 1003appropriately. 1004Adding 1005.Pp 1006.Dl "device pf" 1007.Pp 1008builds support for 1009.Xr pf 4 1010into the kernel, otherwise the 1011kernel module will be loaded. 1012.It Va pf_rules 1013.Pq Vt str 1014Path to 1015.Xr pf 4 1016ruleset configuration file 1017(default 1018.Pa /etc/pf.conf ) . 1019.It Va pf_program 1020.Pq Vt str 1021Path to 1022.Xr pfctl 8 1023(default 1024.Pa /sbin/pfctl ) . 1025.It Va pf_flags 1026.Pq Vt str 1027If 1028.Va pf_enable 1029is set to 1030.Dq Li YES , 1031these flags are passed to the 1032.Xr pfctl 8 1033program when loading the ruleset. 1034.It Va pf_fallback_rules_enable 1035.Pq Vt bool 1036Set to 1037.Dq Li NO 1038by default. 1039Setting this to 1040.Dq Li YES 1041enables loading 1042.Va pf_fallback_rules_file 1043or 1044.Va pf_fallback_rules 1045in case of a problem when loading the ruleset in 1046.Va pf_rules . 1047.It Va pf_fallback_rules_file 1048.Pq Vt str 1049Path to a pf ruleset to load in case of failure when loading the 1050ruleset in 1051.Va pf_rules 1052(default 1053.Pa /etc/pf-fallback.conf ) . 1054.It Va pf_fallback_rules 1055.Pq Vt str 1056A pf ruleset to load in case of failure when loading the ruleset in 1057.Va pf_rules 1058and 1059.Va pf_fallback_rules_file 1060is not found. 1061Multiple rules can be set as follows: 1062.Bd -literal 1063pf_fallback_rules="\\ 1064 block drop log all\\ 1065 pass in quick on em0" 1066.Pp 1067.Ed 1068The default fallback rule is 1069.Dq block drop log all 1070.It Va pflog_enable 1071.Pq Vt bool 1072Set to 1073.Dq Li NO 1074by default. 1075Setting this to 1076.Dq Li YES 1077enables 1078.Xr pflogd 8 1079which logs packets from the 1080.Xr pf 4 1081packet filter. 1082.It Va pflog_logfile 1083.Pq Vt str 1084If 1085.Va pflog_enable 1086is set to 1087.Dq Li YES 1088this controls where 1089.Xr pflogd 8 1090stores the logfile 1091(default 1092.Pa /var/log/pflog ) . 1093Check 1094.Pa /etc/newsyslog.conf 1095to adjust logfile rotation for this. 1096.It Va pflog_program 1097.Pq Vt str 1098Path to 1099.Xr pflogd 8 1100(default 1101.Pa /sbin/pflogd ) . 1102.It Va pflog_flags 1103.Pq Vt str 1104Empty by default. 1105This variable contains additional flags passed to the 1106.Xr pflogd 8 1107program. 1108.It Va pflog_instances 1109.Pq Vt str 1110If logging to more than one 1111.Xr pflog 4 1112interface is desired, 1113.Va pflog_instances 1114is set to the list of 1115.Xr pflogd 8 1116instances that should be started at system boot time. 1117If 1118.Va pflog_instances 1119is set, for each whitespace-separated 1120.Ar element 1121in the list, 1122.Ao Ar element Ac Ns Va _dev 1123and 1124.Ao Ar element Ac Ns Va _logfile 1125elements are assumed to exist. 1126.Ao Ar element Ac Ns Va _dev 1127must contain the 1128.Xr pflog 4 1129interface to be watched by the named 1130.Xr pflogd 8 1131instance. 1132.Ao Ar element Ac Ns Va _logfile 1133must contain the name of the logfile that will be used by the 1134.Xr pflogd 8 1135instance. 1136.It Va ftpproxy_enable 1137.Pq Vt bool 1138Set to 1139.Dq Li NO 1140by default. 1141Setting this to 1142.Dq Li YES 1143enables 1144.Xr ftp-proxy 8 1145which supports the 1146.Xr pf 4 1147packet filter in translating ftp connections. 1148.It Va ftpproxy_flags 1149.Pq Vt str 1150Empty by default. 1151This variable contains additional flags passed to the 1152.Xr ftp-proxy 8 1153program. 1154.It Va ftpproxy_instances 1155.Pq Vt str 1156Empty by default. 1157If multiple instances of 1158.Xr ftp-proxy 8 1159are desired at boot time, 1160.Va ftpproxy_instances 1161should contain a whitespace-separated list of instance names. 1162For each 1163.Ar element 1164in the list, a variable named 1165.Ao Ar element Ac Ns Va _flags 1166should be defined, containing the command-line flags to be passed to the 1167.Xr ftp-proxy 8 1168instance. 1169.It Va pfsync_enable 1170.Pq Vt bool 1171Set to 1172.Dq Li NO 1173by default. 1174Setting this to 1175.Dq Li YES 1176enables exposing 1177.Xr pf 4 1178state changes to other hosts over the network by means of 1179.Xr pfsync 4 . 1180The 1181.Va pfsync_syncdev 1182variable 1183must also be set then. 1184.It Va pfsync_syncdev 1185.Pq Vt str 1186Empty by default. 1187This variable specifies the name of the network interface 1188.Xr pfsync 4 1189should operate through. 1190It must be set accordingly if 1191.Va pfsync_enable 1192is set to 1193.Dq Li YES . 1194.It Va pfsync_syncpeer 1195.Pq Vt str 1196Empty by default. 1197This variable is optional. 1198By default, state change messages are sent out on the synchronisation 1199interface using IP multicast packets. 1200The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1201224.0.0.240. 1202When a peer address is specified using the 1203.Va pfsync_syncpeer 1204option, the peer address is used as a destination for the pfsync 1205traffic, and the traffic can then be protected using 1206.Xr ipsec 4 . 1207See the 1208.Xr pfsync 4 1209manpage for more details about using 1210.Xr ipsec 4 1211with 1212.Xr pfsync 4 1213interfaces. 1214.It Va pfsync_ifconfig 1215.Pq Vt str 1216Empty by default. 1217This variable can contain additional options to be passed to the 1218.Xr ifconfig 8 1219command used to set up 1220.Xr pfsync 4 . 1221.It Va tcp_extensions 1222.Pq Vt bool 1223Set to 1224.Dq Li YES 1225by default. 1226Setting this to 1227.Dq Li NO 1228disables certain TCP options as described by 1229.Rs 1230.%T "RFC 1323" 1231.Re 1232Setting this to 1233.Dq Li NO 1234might help remedy such problems with connections as randomly hanging 1235or other weird behavior. 1236Some network devices are known 1237to be broken with respect to these options. 1238.It Va log_in_vain 1239.Pq Vt int 1240Set to 0 by default. 1241The 1242.Xr sysctl 8 1243variables, 1244.Va net.inet.tcp.log_in_vain 1245and 1246.Va net.inet.udp.log_in_vain , 1247as described in 1248.Xr tcp 4 1249and 1250.Xr udp 4 , 1251are set to the given value. 1252.It Va tcp_keepalive 1253.Pq Vt bool 1254Set to 1255.Dq Li YES 1256by default. 1257Setting to 1258.Dq Li NO 1259will disable probing idle TCP connections to verify that the 1260peer is still up and reachable. 1261.It Va tcp_drop_synfin 1262.Pq Vt bool 1263Set to 1264.Dq Li NO 1265by default. 1266Setting to 1267.Dq Li YES 1268will cause the kernel to ignore TCP frames that have both 1269the SYN and FIN flags set. 1270This prevents OS fingerprinting, but may 1271break some legitimate applications. 1272.It Va icmp_drop_redirect 1273.Pq Vt bool 1274Set to 1275.Dq Li AUTO 1276by default. 1277This setting will be identical to 1278.Dq Li YES , 1279if a dynamicrouting daemon is enabled, because redirect processing may 1280cause performance issues for large routing tables. 1281If no such service is enabled, this setting behaves like a 1282.Dq Li NO . 1283Setting to 1284.Dq Li YES 1285will cause the kernel to ignore ICMP REDIRECT packets. 1286Setting to 1287.Dq Li NO 1288will cause the kernel to process ICMP REDIRECT packets. 1289Refer to 1290.Xr icmp 4 1291for more information. 1292.It Va icmp_log_redirect 1293.Pq Vt bool 1294Set to 1295.Dq Li NO 1296by default. 1297Setting to 1298.Dq Li YES 1299will cause the kernel to log ICMP REDIRECT packets. 1300Note that 1301the log messages are not rate-limited, so this option should only be used 1302for troubleshooting networks. 1303Refer to 1304.Xr icmp 4 1305for more information. 1306.It Va icmp_bmcastecho 1307.Pq Vt bool 1308Set to 1309.Dq Li YES 1310to respond to broadcast or multicast ICMP ping packets. 1311Refer to 1312.Xr icmp 4 1313for more information. 1314.It Va ip_portrange_first 1315.Pq Vt int 1316If not set to 1317.Dq Li NO , 1318this is the first port in the default portrange. 1319Refer to 1320.Xr ip 4 1321for more information. 1322.It Va ip_portrange_last 1323.Pq Vt int 1324If not set to 1325.Dq Li NO , 1326this is the last port in the default portrange. 1327Refer to 1328.Xr ip 4 1329for more information. 1330.It Va network_interfaces 1331.Pq Vt str 1332Set to the list of network interfaces to configure on this host or 1333.Dq Li AUTO 1334(the default) for all current interfaces. 1335Setting the 1336.Va network_interfaces 1337variable to anything other than the default is deprecated. 1338Interfaces that the administrator wishes to store configuration for, 1339but not start at boot should be configured with the 1340.Dq Li NOAUTO 1341keyword in their 1342.Va ifconfig_ Ns Aq Ar interface 1343variables as described below. 1344.Pp 1345An 1346.Va ifconfig_ Ns Aq Ar interface 1347variable is also assumed to exist for each value of 1348.Ar interface . 1349When an interface name contains any of the characters 1350.Dq Li .-/+ 1351they are translated to 1352.Dq Li _ 1353before lookup. 1354The variable can contain arguments to 1355.Xr ifconfig 8 , 1356as well as special case-insensitive keywords described below. 1357Such keywords are removed before passing the value to 1358.Xr ifconfig 8 1359while the order of the other arguments is preserved. 1360.Pp 1361It is possible to add IP alias entries using 1362.Xr ifconfig 8 1363syntax with the address family keyword such as 1364.Li inet . 1365Assuming that the interface in question was 1366.Li em0 , 1367it might look something like this: 1368.Bd -literal 1369ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1370ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1371.Ed 1372.Pp 1373It also possible to configure multiple IP addresses in Classless 1374Inter-Domain Routing 1375.Pq CIDR 1376address notation, 1377whose each address component can be a range like 1378.Li inet 192.0.2.5-23/24 1379or 1380.Li inet6 2001:db8:1-f::1/64 . 1381This notation allows address and prefix length part only, 1382not the other address modifiers. 1383Note that the maximum number of the generated addresses from a range 1384specification is limited to an integer value specified in 1385.Va netif_ipexpand_max 1386in 1387.Nm 1388because a small typo can unexpectedly generate a large number of addresses. 1389The default value is 1390.Li 2048 . 1391It can be increased by adding the following line into 1392.Nm : 1393.Bd -literal 1394netif_ipexpand_max="4096" 1395.Ed 1396.Pp 1397In the case of 1398.Li 192.0.2.5-23/24 , 1399the address 192.0.2.5 will be configured with the 1400netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1401the non-conflicting netmask /32 as explained in the 1402.Xr ifconfig 8 1403alias section. 1404Note that this special netmask handling is only for 1405.Li inet , 1406not for the other address families such as 1407.Li inet6 . 1408.Pp 1409With the interface in question being 1410.Li em0 , 1411an example could look like: 1412.Bd -literal 1413ifconfig_em0_alias2="inet 192.0.2.129/27" 1414ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1415.Ed 1416.Pp 1417and so on. 1418.Pp 1419Note that deprecated 1420.Va ipv4_addrs_ Ns Aq Ar interface 1421variable was supported for IPv4 CIDR address notation. 1422The 1423.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1424variable replaces it, though 1425.Va ipv4_addrs_ Ns Aq Ar interface 1426is still supported for backward compatibility. 1427.Pp 1428For each 1429.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1430entry with an address family keyword, 1431its contents are passed to 1432.Xr ifconfig 8 . 1433Execution stops at the first unsuccessful access, so if 1434something like this is present: 1435.Bd -literal 1436ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1437ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1438ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1439ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1440.Ed 1441.Pp 1442Then note that alias4 would 1443.Em not 1444be added since the search would 1445stop with the missing 1446.Dq Li alias3 1447entry. 1448Because of this difficult to manage behavior, 1449there is 1450.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1451variable, which has the same functionality as 1452.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1453and can have all of entries in a variable like the following: 1454.Bd -literal 1455ifconfig_em0_aliases="\\ 1456 inet 127.0.0.251 netmask 0xffffffff \\ 1457 inet 127.0.0.252 netmask 0xffffffff \\ 1458 inet 127.0.0.253 netmask 0xffffffff \\ 1459 inet 127.0.0.254 netmask 0xffffffff" 1460.Ed 1461.Pp 1462It also supports CIDR notation. 1463.Pp 1464If the 1465.Pa /etc/start_if . Ns Aq Ar interface 1466file is present, it is read and executed by the 1467.Xr sh 1 1468interpreter 1469before configuring the interface as specified in the 1470.Va ifconfig_ Ns Aq Ar interface 1471and 1472.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1473variables. 1474.Pp 1475If a 1476.Va vlans_ Ns Aq Ar interface 1477variable is set, 1478a 1479.Xr vlan 4 1480interface will be created for each item in the list with the 1481.Ar vlandev 1482argument set to 1483.Ar interface . 1484If a vlan interface's name is a number, 1485then that number is used as the vlan tag and the new vlan interface is 1486named 1487.Ar interface . Ns Ar tag . 1488Otherwise, 1489the vlan tag must be specified via a 1490.Va vlan 1491parameter in the 1492.Va create_args_ Ns Aq Ar interface 1493variable. 1494.Pp 1495To create a vlan device named 1496.Li em0.101 1497on 1498.Li em0 1499with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1500.Bd -literal 1501vlans_em0="101" 1502ifconfig_em0_101="inet 192.0.2.1/24" 1503.Ed 1504.Pp 1505To create a vlan device named 1506.Li myvlan 1507on 1508.Li em0 1509with the vlan tag 102: 1510.Bd -literal 1511vlans_em0="myvlan" 1512create_args_myvlan="vlan 102" 1513.Ed 1514.Pp 1515If a 1516.Va wlans_ Ns Aq Ar interface 1517variable is set, 1518an 1519.Xr wlan 4 1520interface will be created for each item in the list with the 1521.Ar wlandev 1522argument set to 1523.Ar interface . 1524Further wlan cloning arguments may be passed to the 1525.Xr ifconfig 8 1526.Cm create 1527command by setting the 1528.Va create_args_ Ns Aq Ar interface 1529variable. 1530One or more 1531.Xr wlan 4 1532devices must be created for each wireless devices as of 1533.Fx 8.0 . 1534Debugging flags for 1535.Xr wlan 4 1536devices as set by 1537.Xr wlandebug 8 1538may be specified with an 1539.Va wlandebug_ Ns Aq Ar interface 1540variable. 1541The contents of this variable will be passed directly to 1542.Xr wlandebug 8 . 1543.Pp 1544If the 1545.Va ifconfig_ Ns Aq Ar interface 1546contains the keyword 1547.Dq Li NOAUTO 1548then the interface will not be configured 1549at boot or by 1550.Pa /etc/pccard_ether 1551when 1552.Va network_interfaces 1553is set to 1554.Dq Li AUTO . 1555.Pp 1556It is possible to bring up an interface with DHCP by adding 1557.Dq Li DHCP 1558to the 1559.Va ifconfig_ Ns Aq Ar interface 1560variable. 1561For instance, to initialize the 1562.Li em0 1563device via DHCP, 1564it is possible to use something like: 1565.Bd -literal 1566ifconfig_em0="DHCP" 1567.Ed 1568.Pp 1569If you want to configure your wireless interface with 1570.Xr wpa_supplicant 8 1571for use with WPA, EAP/LEAP or WEP, you need to add 1572.Dq Li WPA 1573to the 1574.Va ifconfig_ Ns Aq Ar interface 1575variable. 1576.Pp 1577On the other hand, if you want to configure your wireless interface with 1578.Xr hostapd 8 , 1579you need to add 1580.Dq Li HOSTAP 1581to the 1582.Va ifconfig_ Ns Aq Ar interface 1583variable. 1584.Xr hostapd 8 1585will use the settings from 1586.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1587.Pp 1588Finally, you can add 1589.Xr ifconfig 8 1590options in this variable, in addition to the 1591.Pa /etc/start_if . Ns Aq Ar interface 1592file. 1593For instance, to configure an 1594.Xr ath 4 1595wireless device in station mode with an address obtained 1596via DHCP, using WPA authentication and 802.11b mode, it is 1597possible to use something like: 1598.Bd -literal 1599wlans_ath0="wlan0" 1600ifconfig_wlan0="DHCP WPA mode 11b" 1601.Ed 1602.Pp 1603In addition to the 1604.Va ifconfig_ Ns Aq Ar interface 1605form, a fallback variable 1606.Va ifconfig_DEFAULT 1607may be configured. 1608It will be used for all interfaces with no 1609.Va ifconfig_ Ns Aq Ar interface 1610variable. 1611This is intended to replace the no longer supported 1612.Va pccard_ifconfig 1613variable. 1614.Pp 1615It is also possible to rename an interface by doing: 1616.Bd -literal 1617ifconfig_em0_name="net0" 1618ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1619.Ed 1620.It Va ipv6_enable 1621.Pq Vt bool 1622This variable is deprecated. 1623Use 1624.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1625and 1626.Va ipv6_activate_all_interfaces 1627if necessary. 1628.Pp 1629If the variable is 1630.Dq Li YES , 1631.Dq Li inet6 accept_rtadv 1632is added to all of 1633.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1634and the 1635.Va ipv6_activate_all_interfaces 1636is defined as 1637.Dq Li YES . 1638.It Va ipv6_prefer 1639.Pq Vt bool 1640This variable is deprecated. 1641Use 1642.Va ip6addrctl_policy 1643instead. 1644.Pp 1645If the variable is 1646.Dq Li YES , 1647the default address selection policy table set by 1648.Xr ip6addrctl 8 1649will be IPv6-preferred. 1650.Pp 1651If the variable is 1652.Dq Li NO , 1653the default address selection policy table set by 1654.Xr ip6addrctl 8 1655will be IPv4-preferred. 1656.It Va ipv6_activate_all_interfaces 1657.Pq Vt bool 1658This controls initial configuration on IPv6-capable 1659interfaces with no corresponding 1660.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1661variable. 1662Note that it is not always necessary to set this variable to 1663.Dq YES 1664to use IPv6 functionality on 1665.Fx . 1666In most cases, just configuring 1667.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1668variables works. 1669.Pp 1670If the variable is 1671.Dq Li NO , 1672all interfaces which do not have a corresponding 1673.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1674variable will be marked as 1675.Dq Li IFDISABLED 1676at creation. 1677This means that all of IPv6 functionality on that interface 1678is completely disabled to enforce a security policy. 1679If the variable is set to 1680.Dq YES , 1681the flag will be cleared on all of the interfaces. 1682.Pp 1683In most cases, just defining an 1684.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1685for an IPv6-capable interface should be sufficient. 1686However, if an interface is added dynamically 1687.Pq by some tunneling protocols such as PPP, for example , 1688it is often difficult to define the variable in advance. 1689In such a case, configuring the 1690.Dq Li IFDISABLED 1691flag can be disabled by setting this variable to 1692.Dq YES . 1693.Pp 1694For more details of the 1695.Dq Li IFDISABLED 1696flag and keywords 1697.Dq Li inet6 ifdisabled , 1698see 1699.Xr ifconfig 8 . 1700.Pp 1701Default is 1702.Dq Li NO . 1703.It Va ipv6_privacy 1704.Pq Vt bool 1705If the variable is 1706.Dq Li YES 1707privacy addresses will be generated for each IPv6 1708interface as described in RFC 4941. 1709.It Va ipv6_network_interfaces 1710.Pq Vt str 1711This is the IPv6 equivalent of 1712.Va network_interfaces . 1713Normally manual configuration of this variable is not needed. 1714.It Va ipv6_cpe_wanif 1715.Pq Vt str 1716If the variable is set to an interface name, 1717the 1718.Xr ifconfig 8 1719options 1720.Dq inet6 -no_radr accept_rtadv 1721will be added to the specified interface automatically before evaluating 1722.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1723and two 1724.Xr sysctl 8 1725variables 1726.Va net.inet6.ip6.rfc6204w3 1727and 1728.Va net.inet6.ip6.no_radr 1729will be set to 1. 1730.Pp 1731This means the specified interface will accept ICMPv6 Router 1732Advertisement messages on that link and add the discovered 1733routers into the Default Router List. 1734While the other interfaces can still accept RA messages if the 1735.Dq inet6 accept_rtadv 1736option is specified, adding 1737routes into the Default Router List will be disabled by 1738.Dq inet6 no_radr 1739option by default. 1740See 1741.Xr ifconfig 8 1742for more details. 1743.Pp 1744Note that ICMPv6 Router Advertisement messages will be 1745accepted even when 1746.Va net.inet6.ip6.forwarding 1747is 1 1748.Pq packet forwarding is enabled 1749when 1750.Va net.inet6.ip6.rfc6204w3 1751is set to 1. 1752.Pp 1753Default is 1754.Dq Li NO . 1755.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1756.Pq Vt str 1757This assigns arbitrary description to an interface. 1758The 1759.Xr sysctl 8 1760variable 1761.Va net.ifdescr_maxlen 1762limits its length. 1763This static setting may be overridden by commands 1764started with dynamic interface configuration utilities 1765like 1766.Xr dhclient 8 1767hooks. 1768The description can be seen with 1769.Xr ifconfig 8 1770command and it may be exported with 1771.Xr bsnmpd 1 1772daemon using its MIB-2 module. 1773.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1774.Pq Vt str 1775IPv6 functionality on an interface should be configured by 1776.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1777instead of setting ifconfig parameters in 1778.Va ifconfig_ Ns Aq Ar interface . 1779If this variable is empty, all of IPv6 configurations on the 1780specified interface by other variables such as 1781.Va ipv6_prefix_ Ns Ao Ar interface Ac 1782will be ignored. 1783.Pp 1784Aliases should be set by 1785.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1786with 1787.Dq Li inet6 1788keyword. 1789For example: 1790.Bd -literal 1791ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1792ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1793.Ed 1794.Pp 1795Interfaces that have an 1796.Dq Li inet6 accept_rtadv 1797keyword in 1798.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1799setting will be automatically configured by SLAAC 1800.Pq StateLess Address AutoConfiguration 1801described in 1802.Rs 1803.%T "RFC 4862" 1804.Re 1805.Pp 1806Note that a link-local address will be automatically configured in 1807addition to the configured global-scope addresses because the IPv6 1808specifications require it on each link. 1809The address is calculated from the MAC address by using an algorithm 1810defined in 1811.Rs 1812.%T "RFC 4862" 1813.%O "Section 5.3" 1814.Re 1815.Pp 1816If only a link-local address is needed on the interface, 1817the following configuration can be used: 1818.Bd -literal 1819ifconfig_em0_ipv6="inet6 auto_linklocal" 1820.Ed 1821.Pp 1822A link-local address can also be configured manually. 1823This is useful for the default router address of an IPv6 router 1824so that it does not change when the network interface 1825card is replaced. 1826For example: 1827.Bd -literal 1828ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1829.Ed 1830.It Va ipv6_prefix_ Ns Aq Ar interface 1831.Pq Vt str 1832If one or more prefixes are defined in 1833.Va ipv6_prefix_ Ns Aq Ar interface 1834addresses based on each prefix and the EUI-64 interface index will be 1835configured on that interface. 1836Note that this variable will be ignored when 1837.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1838is empty. 1839.Pp 1840For example, the following configuration 1841.Bd -literal 1842ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1843.Ed 1844.Pp 1845is equivalent to the following: 1846.Bd -literal 1847ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1848ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1849ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1850ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1851.Ed 1852.Pp 1853These Subnet-Router anycast addresses will be added only when 1854.Va ipv6_gateway_enable 1855is YES. 1856.It Va ipv6_default_interface 1857.Pq Vt str 1858If not set to 1859.Dq Li NO , 1860this is the default output interface for scoped addresses. 1861This works only with ipv6_gateway_enable="NO". 1862.It Va ip6addrctl_enable 1863.Pq Vt bool 1864This variable is to enable configuring default address selection policy table 1865.Pq RFC 3484 . 1866The table can be specified in another variable 1867.Va ip6addrctl_policy . 1868For 1869.Va ip6addrctl_policy 1870the following keywords can be specified: 1871.Dq Li ipv4_prefer , 1872.Dq Li ipv6_prefer , 1873or 1874.Dq Li AUTO . 1875.Pp 1876If 1877.Dq Li ipv4_prefer 1878or 1879.Dq Li ipv6_prefer 1880is specified, 1881.Xr ip6addrctl 8 1882installs a pre-defined policy table described in Section 10.3 1883.Pq IPv4-preferred 1884or 2.1 1885.Pq IPv6-preferred 1886of RFC 3484. 1887.Pp 1888If 1889.Dq Li AUTO 1890is specified, it attempts to read a file 1891.Pa /etc/ip6addrctl.conf 1892first. 1893If this file is found, 1894.Xr ip6addrctl 8 1895reads and installs it. 1896If not found, a policy is automatically set 1897according to 1898.Va ipv6_activate_all_interfaces 1899variable; if the variable is set to 1900.Dq Li YES 1901the IPv6-preferred one is used. 1902Otherwise IPv4-preferred. 1903.Pp 1904The default value of 1905.Va ip6addrctl_enable 1906and 1907.Va ip6addrctl_policy 1908are 1909.Dq Li YES 1910and 1911.Dq Li AUTO , 1912respectively. 1913.It Va cloned_interfaces 1914.Pq Vt str 1915Set to the list of clonable network interfaces to create on this host. 1916Further cloning arguments may be passed to the 1917.Xr ifconfig 8 1918.Cm create 1919command for each interface by setting the 1920.Va create_args_ Ns Aq Ar interface 1921variable. 1922If an interface name is specified with 1923.Dq :sticky 1924keyword, 1925the interface will not be destroyed even when 1926.Pa rc.d/netif 1927script is invoked with 1928.Dq stop 1929argument. 1930This is useful when reconfiguring the interface without destroying it. 1931Entries in 1932.Va cloned_interfaces 1933are automatically appended to 1934.Va network_interfaces 1935for configuration. 1936.It Va cloned_interfaces_sticky 1937.Pq Vt bool 1938This variable is to globally enable functionality of 1939.Dq :sticky 1940keyword in 1941.Va cloned_interfaces 1942for all interfaces. 1943The default value is 1944.Dq NO . 1945Even if this variable is specified to 1946.Dq YES , 1947.Dq :nosticky 1948keyword can be used to override it on per interface basis. 1949.It Va gif_interfaces 1950Set to the list of 1951.Xr gif 4 1952tunnel interfaces to configure on this host. 1953A 1954.Va gifconfig_ Ns Aq Ar interface 1955variable is assumed to exist for each value of 1956.Ar interface . 1957The value of this variable is used to configure the link layer of the 1958tunnel using the 1959.Cm tunnel 1960option to 1961.Xr ifconfig 8 . 1962Additionally, this option ensures that each listed interface is created 1963via the 1964.Cm create 1965option to 1966.Xr ifconfig 8 1967before attempting to configure it. 1968.Pp 1969For example, configure two 1970.Xr gif 4 1971interfaces with: 1972.Bd -literal 1973gif_interfaces="gif0 gif1" 1974gifconfig_gif0="100.64.0.1 100.64.0.2" 1975ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1976gifconfig_gif1="inet6 2a00::1 2a01::1" 1977ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1978.Ed 1979.It Va ppp_enable 1980.Pq Vt bool 1981If set to 1982.Dq Li YES , 1983run the 1984.Xr ppp 8 1985daemon. 1986.It Va ppp_profile 1987.Pq Vt str 1988The name of the profile to use from 1989.Pa /etc/ppp/ppp.conf . 1990Also used for per-profile overrides of 1991.Va ppp_mode 1992and 1993.Va ppp_nat , 1994and 1995.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1996When the profile name contains any of the characters 1997.Dq Li .-/+ 1998they are translated to 1999.Dq Li _ 2000for the proposes of the override variable names. 2001.It Va ppp_mode 2002.Pq Vt str 2003Mode in which to run the 2004.Xr ppp 8 2005daemon. 2006.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2007.Pq Vt str 2008Overrides the global 2009.Va ppp_mode 2010for 2011.Ar profile . 2012Accepted modes are 2013.Dq Li auto , 2014.Dq Li ddial , 2015.Dq Li direct 2016and 2017.Dq Li dedicated . 2018See the manual for a full description. 2019.It Va ppp_nat 2020.Pq Vt bool 2021If set to 2022.Dq Li YES , 2023enables network address translation. 2024Used in conjunction with 2025.Va gateway_enable 2026allows hosts on private network addresses access to the Internet using 2027this host as a network address translating router. 2028Default is 2029.Dq Li YES . 2030.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2031.Pq Vt str 2032Overrides the global 2033.Va ppp_nat 2034for 2035.Ar profile . 2036.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2037.Pq Vt int 2038Set the unit number to be used for this profile. 2039See the manual description of 2040.Fl unit Ns Ar N 2041for details. 2042.It Va ppp_user 2043.Pq Vt str 2044The name of the user under which 2045.Xr ppp 8 2046should be started. 2047By 2048default, 2049.Xr ppp 8 2050is started as 2051.Dq Li root . 2052.It Va rc_conf_files 2053.Pq Vt str 2054This option is used to specify a list of files that will override 2055the settings in 2056.Pa /etc/defaults/rc.conf . 2057The files will be read in the order in which they are specified and should 2058include the full path to the file. 2059By default, the files specified are 2060.Pa /etc/rc.conf 2061and 2062.Pa /etc/rc.conf.local 2063.It Va zfs_enable 2064.Pq Vt bool 2065If set to 2066.Dq Li YES , 2067.Pa /etc/rc.d/zfs 2068will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2069(ZVOLs). 2070.It Va gptboot_enable 2071.Pq Vt bool 2072If set to 2073.Dq Li YES , 2074.Pa /etc/rc.d/gptboot 2075will log if the system successfully (or not) booted from a GPT partition, 2076which had the 2077.Ar bootonce 2078attribute set using 2079.Xr gpart 8 2080utility. 2081.It Va gbde_autoattach_all 2082.Pq Vt bool 2083If set to 2084.Dq Li YES , 2085.Pa /etc/rc.d/gbde 2086will attempt to automatically initialize your .bde devices in 2087.Pa /etc/fstab . 2088.It Va gbde_devices 2089.Pq Vt str 2090List the devices that the script should try to attach, 2091or 2092.Dq Li AUTO . 2093.It Va gbde_lockdir 2094.Pq Vt str 2095The directory where the 2096.Xr gbde 4 2097lockfiles are located. 2098The default lockfile directory is 2099.Pa /etc . 2100.Pp 2101The lockfile for each individual 2102.Xr gbde 4 2103device can be overridden by setting the variable 2104.Va gbde_lock_ Ns Aq Ar device , 2105where 2106.Ar device 2107is the encrypted device without the 2108.Dq Pa /dev/ 2109and 2110.Dq Pa .bde 2111parts. 2112.It Va gbde_attach_attempts 2113.Pq Vt int 2114Number of times to attempt attaching to a 2115.Xr gbde 4 2116device, i.e., how many times the user is asked for the pass-phrase. 2117Default is 3. 2118.It Va geli_devices 2119.Pq Vt str 2120List of devices to automatically attach on boot. 2121Note that .eli devices from 2122.Pa /etc/fstab 2123are automatically appended to this list. 2124.It Va geli_groups 2125.Pq Vt str 2126List of groups containing devices to automatically attach on boot with the same 2127keyfiles and passphrase. 2128This must be accompanied with a corresponding 2129.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2130variable. 2131.It Va geli_tries 2132.Pq Vt int 2133Number of times user is asked for the pass-phrase. 2134If empty, it will be taken from 2135.Va kern.geom.eli.tries 2136sysctl variable. 2137.It Va geli_default_flags 2138.Pq Vt str 2139Default flags to use by 2140.Xr geli 8 2141when configuring disk encryption. 2142Flags can be configured for every device separately by defining the 2143.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2144variable, and for every group separately by defining the 2145.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2146variable. 2147.It Va geli_autodetach 2148.Pq Vt str 2149Specifies if GELI devices should be marked for detach on last close after 2150file systems are mounted. 2151Default is 2152.Dq Li YES . 2153This can be changed for every device separately by defining the 2154.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2155variable. 2156.It Va root_rw_mount 2157.Pq Vt bool 2158Set to 2159.Dq Li YES 2160by default. 2161After the file systems are checked at boot time, the root file system 2162is remounted as read-write if this is set to 2163.Dq Li YES . 2164Diskless systems that mount their root file system from a read-only remote 2165NFS share should set this to 2166.Dq Li NO 2167in their 2168.Pa rc.conf . 2169.It Va fsck_y_enable 2170.Pq Vt bool 2171If set to 2172.Dq Li YES , 2173.Xr fsck 8 2174will be run with the 2175.Fl y 2176flag if the initial preen 2177of the file systems fails. 2178.It Va background_fsck 2179.Pq Vt bool 2180If set to 2181.Dq Li NO , 2182the system will not attempt to run 2183.Xr fsck 8 2184in the background where possible. 2185.It Va background_fsck_delay 2186.Pq Vt int 2187The amount of time in seconds to sleep before starting a background 2188.Xr fsck 8 . 2189It defaults to sixty seconds to allow large applications such as 2190the X server to start before disk I/O bandwidth is monopolized by 2191.Xr fsck 8 . 2192If set to a negative number, the background file system check will be 2193delayed indefinitely to allow the administrator to run it at a more 2194convenient time. 2195For example it may be run from 2196.Xr cron 8 2197by adding a line like 2198.Pp 2199.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2200.Pp 2201to 2202.Pa /etc/crontab . 2203.It Va netfs_types 2204.Pq Vt str 2205List of file system types that are network-based. 2206This list should generally not be modified by end users. 2207Use 2208.Va extra_netfs_types 2209instead. 2210.It Va extra_netfs_types 2211.Pq Vt str 2212If set to something other than 2213.Dq Li NO 2214(the default), 2215this variable extends the list of file system types 2216for which automatic mounting at startup by 2217.Xr rc 8 2218should be delayed until the network is initialized. 2219It should contain 2220a whitespace-separated list of network file system descriptor pairs, 2221each consisting of a file system type as passed to 2222.Xr mount 8 2223and a human-readable, one-word description, 2224joined with a colon 2225.Pq Ql \&: . 2226Extending the default list in this way is only necessary 2227when third party file system types are used. 2228.It Va syslogd_enable 2229.Pq Vt bool 2230If set to 2231.Dq Li YES , 2232run the 2233.Xr syslogd 8 2234daemon. 2235.It Va syslogd_program 2236.Pq Vt str 2237Path to 2238.Xr syslogd 8 2239(default 2240.Pa /usr/sbin/syslogd ) . 2241.It Va syslogd_flags 2242.Pq Vt str 2243If 2244.Va syslogd_enable 2245is set to 2246.Dq Li YES , 2247these are the flags to pass to 2248.Xr syslogd 8 . 2249.It Va inetd_enable 2250.Pq Vt bool 2251If set to 2252.Dq Li YES , 2253run the 2254.Xr inetd 8 2255daemon. 2256.It Va inetd_program 2257.Pq Vt str 2258Path to 2259.Xr inetd 8 2260(default 2261.Pa /usr/sbin/inetd ) . 2262.It Va inetd_flags 2263.Pq Vt str 2264If 2265.Va inetd_enable 2266is set to 2267.Dq Li YES , 2268these are the flags to pass to 2269.Xr inetd 8 . 2270.It Va hastd_enable 2271.Pq Vt bool 2272If set to 2273.Dq Li YES , 2274run the 2275.Xr hastd 8 2276daemon. 2277.It Va hastd_program 2278.Pq Vt str 2279Path to 2280.Xr hastd 8 2281(default 2282.Pa /sbin/hastd ) . 2283.It Va hastd_flags 2284.Pq Vt str 2285If 2286.Va hastd_enable 2287is set to 2288.Dq Li YES , 2289these are the flags to pass to 2290.Xr hastd 8 . 2291.It Va local_unbound_enable 2292.Pq Vt bool 2293If set to 2294.Dq Li YES , 2295run the 2296.Xr unbound 8 2297daemon as a local caching resolver. 2298.It Va kdc_enable 2299.Pq Vt bool 2300Set to 2301.Dq Li YES 2302to start a Kerberos 5 authentication server 2303at boot time. 2304.It Va kdc_program 2305.Pq Vt str 2306If 2307.Va kdc_enable 2308is set to 2309.Dq Li YES 2310this is the path to Kerberos 5 Authentication Server. 2311.It Va kdc_flags 2312.Pq Vt str 2313Empty by default. 2314This variable contains additional flags to be passed to the Kerberos 5 2315authentication server. 2316.It Va kadmind_enable 2317.Pq Vt bool 2318Set to 2319.Dq Li YES 2320to start 2321.Xr kadmind 8 , 2322the Kerberos 5 Administration Daemon; set to 2323.Dq Li NO 2324on a slave server. 2325.It Va kadmind_program 2326.Pq Vt str 2327If 2328.Va kadmind_enable 2329is set to 2330.Dq Li YES 2331this is the path to Kerberos 5 Administration Daemon. 2332.It Va kpasswdd_enable 2333.Pq Vt bool 2334Set to 2335.Dq Li YES 2336to start 2337.Xr kpasswdd 8 , 2338the Kerberos 5 Password-Changing Daemon; set to 2339.Dq Li NO 2340on a slave server. 2341.It Va kpasswdd_program 2342.Pq Vt str 2343If 2344.Va kpasswdd_enable 2345is set to 2346.Dq Li YES 2347this is the path to Kerberos 5 Password-Changing Daemon. 2348.It Va kfd_enable 2349.Pq Vt bool 2350Set to 2351.Dq Li YES 2352to start 2353.Xr kfd 8 , 2354the Kerberos 5 ticket forwarding daemon, at the boot time. 2355.It Va kfd_program 2356.Pq Vt str 2357Path to 2358.Xr kfd 8 2359(default 2360.Pa /usr/libexec/kfd ) . 2361.It Va rwhod_enable 2362.Pq Vt bool 2363If set to 2364.Dq Li YES , 2365run the 2366.Xr rwhod 8 2367daemon at boot time. 2368.It Va rwhod_flags 2369.Pq Vt str 2370If 2371.Va rwhod_enable 2372is set to 2373.Dq Li YES , 2374these are the flags to pass to it. 2375.It Va update_motd 2376.Pq Vt bool 2377If set to 2378.Dq Li YES , 2379.Pa /etc/motd 2380will be updated at boot time to reflect the kernel release 2381being run. 2382If set to 2383.Dq Li NO , 2384.Pa /etc/motd 2385will not be updated. 2386.It Va nfs_client_enable 2387.Pq Vt bool 2388If set to 2389.Dq Li YES , 2390run the NFS client daemons at boot time. 2391.It Va nfs_access_cache 2392.Pq Vt int 2393If 2394.Va nfs_client_enable 2395is set to 2396.Dq Li YES , 2397this can be set to 2398.Dq Li 0 2399to disable NFS ACCESS RPC caching, or to the number of seconds for which 2400NFS ACCESS 2401results should be cached. 2402A value of 2-10 seconds will substantially reduce network 2403traffic for many NFS operations. 2404.It Va nfs_server_enable 2405.Pq Vt bool 2406If set to 2407.Dq Li YES , 2408run the NFS server daemons at boot time. 2409.It Va nfs_server_flags 2410.Pq Vt str 2411If 2412.Va nfs_server_enable 2413is set to 2414.Dq Li YES , 2415these are the flags to pass to the 2416.Xr nfsd 8 2417daemon. 2418.It Va nfsv4_server_enable 2419.Pq Vt bool 2420If 2421.Va nfs_server_enable 2422is set to 2423.Dq Li YES 2424and 2425.Va nfsv4_server_enable 2426is set to 2427.Dq Li YES , 2428enable the server for NFSv4 as well as NFSv2 and NFSv3. 2429.It Va nfsv4_server_only 2430.Pq Vt bool 2431If 2432.Va nfs_server_enable 2433is set to 2434.Dq Li YES 2435and 2436.Va nfsv4_server_only 2437is set to 2438.Dq Li YES , 2439enable the NFS server for NFSv4 only. 2440.It Va nfs_server_maxio 2441.Pq Vt int 2442value to set vfs.nfsd.srvmaxio to, which is the 2443maximum I/O size for the NFS server. 2444.It Va tlsclntd_enable 2445.Pq Vt bool 2446If set to 2447.Dq Li YES , 2448run the 2449.Xr rpc.tlsclntd 8 2450daemon, which is needed for NFS-over-TLS NFS mounts. 2451.It Va tlsservd_enable 2452.Pq Vt bool 2453If set to 2454.Dq Li YES , 2455run the 2456.Xr rpc.tlsservd 8 2457daemon, which is needed for the 2458.Xr nfsd 8 2459to support NFS-over-TLS NFS mounts. 2460.It Va nfsuserd_enable 2461.Pq Vt bool 2462If 2463.Va nfsuserd_enable 2464is set to 2465.Dq Li YES , 2466run the nfsuserd daemon, which is needed for NFSv4 in order 2467to map between user/group names vs uid/gid numbers. 2468If 2469.Va nfsv4_server_enable 2470is set to 2471.Dq Li YES , 2472this will be forced enabled. 2473.It Va nfsuserd_flags 2474.Pq Vt str 2475If 2476.Va nfsuserd_enable 2477is set to 2478.Dq Li YES , 2479these are the flags to pass to the 2480.Xr nfsuserd 8 2481daemon. 2482.It Va nfscbd_enable 2483.Pq Vt bool 2484If 2485.Va nfscbd_enable 2486is set to 2487.Dq Li YES , 2488run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2489.It Va nfscbd_flags 2490.Pq Vt str 2491If 2492.Va nfscbd_enable 2493is set to 2494.Dq Li YES , 2495these are the flags to pass to the 2496.Xr nfscbd 8 2497daemon. 2498.It Va mountd_enable 2499.Pq Vt bool 2500If set to 2501.Dq Li YES , 2502and no 2503.Va nfs_server_enable 2504is set, start 2505.Xr mountd 8 , 2506but not 2507.Xr nfsd 8 2508daemon. 2509It is commonly needed to run CFS without real NFS used. 2510.It Va mountd_flags 2511.Pq Vt str 2512If 2513.Va mountd_enable 2514is set to 2515.Dq Li YES , 2516these are the flags to pass to the 2517.Xr mountd 8 2518daemon. 2519.It Va weak_mountd_authentication 2520.Pq Vt bool 2521If set to 2522.Dq Li YES , 2523allow services like PCNFSD to make non-privileged mount 2524requests. 2525.It Va nfs_reserved_port_only 2526.Pq Vt bool 2527If set to 2528.Dq Li YES , 2529provide NFS services only on a secure port. 2530.It Va nfs_bufpackets 2531.Pq Vt int 2532If set to a number, indicates the number of packets worth of 2533socket buffer space to reserve on an NFS client. 2534The kernel default is typically 4. 2535Using a higher number may be 2536useful on gigabit networks to improve performance. 2537The minimum value is 25382 and the maximum is 64. 2539.It Va rpc_lockd_enable 2540.Pq Vt bool 2541If set to 2542.Dq Li YES 2543and also an NFS server or client, run 2544.Xr rpc.lockd 8 2545at boot time. 2546.It Va rpc_lockd_flags 2547.Pq Vt str 2548If 2549.Va rpc_lockd_enable 2550is set to 2551.Dq Li YES , 2552these are the flags to pass to the 2553.Xr rpc.lockd 8 2554daemon. 2555.It Va rpc_statd_enable 2556.Pq Vt bool 2557If set to 2558.Dq Li YES 2559and also an NFS server or client, run 2560.Xr rpc.statd 8 2561at boot time. 2562.It Va rpc_statd_flags 2563.Pq Vt str 2564If 2565.Va rpc_statd_enable 2566is set to 2567.Dq Li YES , 2568these are the flags to pass to the 2569.Xr rpc.statd 8 2570daemon. 2571.It Va rpcbind_program 2572.Pq Vt str 2573Path to 2574.Xr rpcbind 8 2575(default 2576.Pa /usr/sbin/rpcbind ) . 2577.It Va rpcbind_enable 2578.Pq Vt bool 2579If set to 2580.Dq Li YES , 2581run the 2582.Xr rpcbind 8 2583service at boot time. 2584.It Va rpcbind_flags 2585.Pq Vt str 2586If 2587.Va rpcbind_enable 2588is set to 2589.Dq Li YES , 2590these are the flags to pass to the 2591.Xr rpcbind 8 2592daemon. 2593.It Va keyserv_enable 2594.Pq Vt bool 2595If set to 2596.Dq Li YES , 2597run the 2598.Xr keyserv 8 2599daemon on boot for running Secure RPC. 2600.It Va keyserv_flags 2601.Pq Vt str 2602If 2603.Va keyserv_enable 2604is set to 2605.Dq Li YES , 2606these are the flags to pass to 2607.Xr keyserv 8 2608daemon. 2609.It Va pppoed_enable 2610.Pq Vt bool 2611If set to 2612.Dq Li YES , 2613run the 2614.Xr pppoed 8 2615daemon at boot time to provide PPP over Ethernet services. 2616.It Va pppoed_ Ns Aq Ar provider 2617.Pq Vt str 2618.Xr pppoed 8 2619listens to requests to this 2620.Ar provider 2621and ultimately runs 2622.Xr ppp 8 2623with a 2624.Ar system 2625argument of the same name. 2626.It Va pppoed_flags 2627.Pq Vt str 2628Additional flags to pass to 2629.Xr pppoed 8 . 2630.It Va pppoed_interface 2631.Pq Vt str 2632The network interface to run 2633.Xr pppoed 8 2634on. 2635This is mandatory when 2636.Va pppoed_enable 2637is set to 2638.Dq Li YES . 2639.It Va ntpdate_enable 2640.Pq Vt bool 2641If set to 2642.Dq Li YES , 2643run 2644.Xr ntpdate 8 2645at system startup. 2646This command is intended to 2647synchronize the system clock only 2648.Em once 2649from some standard reference. 2650.Pp 2651Note that the use of the 2652.Va ntpd_sync_on_start 2653variable is a preferred alternative to the 2654.Xr ntpdate 8 2655utility as 2656.Xr ntpdate 8 2657is to be retired from the NTP distribution. 2658.It Va ntpdate_config 2659.Pq Vt str 2660Configuration file for 2661.Xr ntpdate 8 . 2662Default 2663.Pa /etc/ntp.conf . 2664.It Va ntpdate_hosts 2665.Pq Vt str 2666A whitespace-separated list of NTP servers to synchronize with at startup. 2667The default is to use the servers listed in 2668.Va ntpdate_config , 2669if that file exists. 2670.It Va ntpdate_program 2671.Pq Vt str 2672Path to 2673.Xr ntpdate 8 2674(default 2675.Pa /usr/sbin/ntpdate ) . 2676.It Va ntpdate_flags 2677.Pq Vt str 2678If 2679.Va ntpdate_enable 2680is set to 2681.Dq Li YES , 2682these are the flags to pass to the 2683.Xr ntpdate 8 2684command (typically a hostname). 2685.It Va ntpd_enable 2686.Pq Vt bool 2687If set to 2688.Dq Li YES , 2689run the 2690.Xr ntpd 8 2691command at boot time. 2692.It Va ntpd_program 2693.Pq Vt str 2694Path to 2695.Xr ntpd 8 2696(default 2697.Pa /usr/sbin/ntpd ) . 2698.It Va ntpd_config 2699.Pq Vt str 2700Path to 2701.Xr ntpd 8 2702configuration file. 2703Default 2704.Pa /etc/ntp.conf . 2705.It Va ntpd_flags 2706.Pq Vt str 2707If 2708.Va ntpd_enable 2709is set to 2710.Dq Li YES , 2711these are the flags to pass to the 2712.Xr ntpd 8 2713daemon. 2714.It Va ntpd_sync_on_start 2715.Pq Vt bool 2716If set to 2717.Dq Li YES , 2718.Xr ntpd 8 2719is run with the 2720.Fl g 2721flag, which syncs the system's clock on startup. 2722See 2723.Xr ntpd 8 2724for more information regarding the 2725.Fl g 2726option. 2727This is a preferred alternative to using 2728.Xr ntpdate 8 2729or specifying the 2730.Va ntpdate_enable 2731variable. 2732.It Va nis_client_enable 2733.Pq Vt bool 2734If set to 2735.Dq Li YES , 2736run the 2737.Xr ypbind 8 2738service at system boot time. 2739.It Va nis_client_flags 2740.Pq Vt str 2741If 2742.Va nis_client_enable 2743is set to 2744.Dq Li YES , 2745these are the flags to pass to the 2746.Xr ypbind 8 2747service. 2748.It Va nis_ypldap_enable 2749.Pq Vt bool 2750If set to 2751.Dq Li YES , 2752run the 2753.Xr ypldap 8 2754daemon at system boot time. 2755.It Va nis_ypldap_flags 2756.Pq Vt str 2757If 2758.Va nis.ypldap_enable 2759is set to 2760.Dq Li YES , 2761these are the flags to pass to the 2762.Xr ypldap 8 2763daemon. 2764.It Va nis_ypset_enable 2765.Pq Vt bool 2766If set to 2767.Dq Li YES , 2768run the 2769.Xr ypset 8 2770daemon at system boot time. 2771.It Va nis_ypset_flags 2772.Pq Vt str 2773If 2774.Va nis_ypset_enable 2775is set to 2776.Dq Li YES , 2777these are the flags to pass to the 2778.Xr ypset 8 2779daemon. 2780.It Va nis_server_enable 2781.Pq Vt bool 2782If set to 2783.Dq Li YES , 2784run the 2785.Xr ypserv 8 2786daemon at system boot time. 2787.It Va nis_server_flags 2788.Pq Vt str 2789If 2790.Va nis_server_enable 2791is set to 2792.Dq Li YES , 2793these are the flags to pass to the 2794.Xr ypserv 8 2795daemon. 2796.It Va nis_ypxfrd_enable 2797.Pq Vt bool 2798If set to 2799.Dq Li YES , 2800run the 2801.Xr rpc.ypxfrd 8 2802daemon at system boot time. 2803.It Va nis_ypxfrd_flags 2804.Pq Vt str 2805If 2806.Va nis_ypxfrd_enable 2807is set to 2808.Dq Li YES , 2809these are the flags to pass to the 2810.Xr rpc.ypxfrd 8 2811daemon. 2812.It Va nis_yppasswdd_enable 2813.Pq Vt bool 2814If set to 2815.Dq Li YES , 2816run the 2817.Xr rpc.yppasswdd 8 2818daemon at system boot time. 2819.It Va nis_yppasswdd_flags 2820.Pq Vt str 2821If 2822.Va nis_yppasswdd_enable 2823is set to 2824.Dq Li YES , 2825these are the flags to pass to the 2826.Xr rpc.yppasswdd 8 2827daemon. 2828.It Va rpc_ypupdated_enable 2829.Pq Vt bool 2830If set to 2831.Dq Li YES , 2832run the 2833.Nm rpc.ypupdated 2834daemon at system boot time. 2835.It Va bsnmpd_enable 2836.Pq Vt bool 2837If set to 2838.Dq Li YES , 2839run the 2840.Xr bsnmpd 1 2841daemon at system boot time. 2842Be sure to understand the security implications of running SNMP daemon 2843on your host. 2844.It Va bsnmpd_flags 2845.Pq Vt str 2846If 2847.Va bsnmpd_enable 2848is set to 2849.Dq Li YES , 2850these are the flags to pass to the 2851.Xr bsnmpd 1 2852daemon. 2853.It Va defaultrouter 2854.Pq Vt str 2855If not set to 2856.Dq Li NO , 2857create a default route to this host name or IP address 2858(use an IP address if this router is also required to get to the 2859name server!). 2860.It Va defaultrouter_fibN 2861.Pq Vt str 2862If not set to 2863.Dq Li NO , 2864create a default route in FIB N to this host name or IP address. 2865.It Va ipv6_defaultrouter 2866.Pq Vt str 2867The IPv6 equivalent of 2868.Va defaultrouter . 2869.It Va ipv6_defaultrouter_fibN 2870.Pq Vt str 2871The IPv6 equivalent of 2872.Va defaultrouter_fibN . 2873.It Va static_arp_pairs 2874.Pq Vt str 2875Set to the list of static ARP pairs that are to be added at system 2876boot time. 2877For each whitespace separated 2878.Ar element 2879in the value, a 2880.Va static_arp_ Ns Aq Ar element 2881variable is assumed to exist whose contents will later be passed to a 2882.Dq Nm arp Cm -S 2883operation. 2884For example 2885.Bd -literal 2886static_arp_pairs="gw" 2887static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2888.Ed 2889.It Va static_ndp_pairs 2890.Pq Vt str 2891Set to the list of static NDP pairs that are to be added at system 2892boot time. 2893For each whitespace separated 2894.Ar element 2895in the value, a 2896.Va static_ndp_ Ns Aq Ar element 2897variable is assumed to exist whose contents will later be passed to a 2898.Dq Nm ndp Cm -s 2899operation. 2900For example 2901.Bd -literal 2902static_ndp_pairs="gw" 2903static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2904.Ed 2905.It Va static_routes 2906.Pq Vt str 2907Set to the list of static routes that are to be added at system 2908boot time. 2909If not set to 2910.Dq Li NO 2911then for each whitespace separated 2912.Ar element 2913in the value, a 2914.Va route_ Ns Aq Ar element 2915variable is assumed to exist 2916whose contents will later be passed to a 2917.Dq Nm route Cm add 2918operation. 2919For example: 2920.Bd -literal 2921static_routes="ext mcast:gif0 gif0local:gif0" 2922route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2923route_mcast="-net 224.0.0.0/4 -iface gif0" 2924route_gif0local="-host 169.254.1.1 -iface lo0" 2925.Ed 2926.Pp 2927When an 2928.Ar element 2929is in the form of 2930.Li name:ifname , 2931the route is specific to the interface 2932.Li ifname . 2933.It Va ipv6_static_routes 2934.Pq Vt str 2935The IPv6 equivalent of 2936.Va static_routes . 2937If not set to 2938.Dq Li NO 2939then for each whitespace separated 2940.Ar element 2941in the value, a 2942.Va ipv6_route_ Ns Aq Ar element 2943variable is assumed to exist 2944whose contents will later be passed to a 2945.Dq Nm route Cm add Fl inet6 2946operation. 2947.It Va gateway_enable 2948.Pq Vt bool 2949If set to 2950.Dq Li YES , 2951configure host to act as an IP router, e.g.\& to forward packets 2952between interfaces. 2953.It Va ipv6_gateway_enable 2954.Pq Vt bool 2955The IPv6 equivalent of 2956.Va gateway_enable . 2957.It Va routed_enable 2958.Pq Vt bool 2959If set to 2960.Dq Li YES , 2961run a routing daemon of some sort, based on the 2962settings of 2963.Va routed_program 2964and 2965.Va routed_flags . 2966.It Va route6d_enable 2967.Pq Vt bool 2968The IPv6 equivalent of 2969.Va routed_enable . 2970If set to 2971.Dq Li YES , 2972run a routing daemon of some sort, based on the 2973settings of 2974.Va route6d_program 2975and 2976.Va route6d_flags . 2977.It Va routed_program 2978.Pq Vt str 2979If 2980.Va routed_enable 2981is set to 2982.Dq Li YES , 2983this is the name of the routing daemon to use. 2984.It Va route6d_program 2985.Pq Vt str 2986The IPv6 equivalent of 2987.Va routed_program . 2988.It Va routed_flags 2989.Pq Vt str 2990If 2991.Va routed_enable 2992is set to 2993.Dq Li YES , 2994these are the flags to pass to the routing daemon. 2995.It Va route6d_flags 2996.Pq Vt str 2997The IPv6 equivalent of 2998.Va routed_flags . 2999.It Va rtadvd_enable 3000.Pq Vt bool 3001If set to 3002.Dq Li YES , 3003run the 3004.Xr rtadvd 8 3005daemon at boot time. 3006The 3007.Xr rtadvd 8 3008utility sends ICMPv6 Router Advertisement messages to 3009the interfaces specified in 3010.Va rtadvd_interfaces . 3011This should only be enabled with great care. 3012You may want to fine-tune 3013.Xr rtadvd.conf 5 . 3014.It Va rtadvd_interfaces 3015.Pq Vt str 3016If 3017.Va rtadvd_enable 3018is set to 3019.Dq Li YES 3020this is the list of interfaces to use. 3021.It Va arpproxy_all 3022.Pq Vt bool 3023If set to 3024.Dq Li YES , 3025enable global proxy ARP. 3026.It Va forward_sourceroute 3027.Pq Vt bool 3028If set to 3029.Dq Li YES 3030and 3031.Va gateway_enable 3032is also set to 3033.Dq Li YES , 3034source-routed packets are forwarded. 3035.It Va accept_sourceroute 3036.Pq Vt bool 3037If set to 3038.Dq Li YES , 3039the system will accept source-routed packets directed at it. 3040.It Va rarpd_enable 3041.Pq Vt bool 3042If set to 3043.Dq Li YES , 3044run the 3045.Xr rarpd 8 3046daemon at system boot time. 3047.It Va rarpd_flags 3048.Pq Vt str 3049If 3050.Va rarpd_enable 3051is set to 3052.Dq Li YES , 3053these are the flags to pass to the 3054.Xr rarpd 8 3055daemon. 3056.It Va bootparamd_enable 3057.Pq Vt bool 3058If set to 3059.Dq Li YES , 3060run the 3061.Xr bootparamd 8 3062daemon at system boot time. 3063.It Va bootparamd_flags 3064.Pq Vt str 3065If 3066.Va bootparamd_enable 3067is set to 3068.Dq Li YES , 3069these are the flags to pass to the 3070.Xr bootparamd 8 3071daemon. 3072.It Va stf_interface_ipv4addr 3073.Pq Vt str 3074If not set to 3075.Dq Li NO , 3076this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3077interface). 3078Specify this entry to enable the 6to4 interface. 3079.It Va stf_interface_ipv4plen 3080.Pq Vt int 3081Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3082An effective value is 0-31. 3083.It Va stf_interface_ipv6_ifid 3084.Pq Vt str 3085IPv6 interface ID for 3086.Xr stf 4 . 3087This can be set to 3088.Dq Li AUTO . 3089.It Va stf_interface_ipv6_slaid 3090.Pq Vt str 3091IPv6 Site Level Aggregator for 3092.Xr stf 4 . 3093.It Va ipv6_ipv4mapping 3094.Pq Vt bool 3095If set to 3096.Dq Li YES 3097this enables IPv4 mapped IPv6 address communication (like 3098.Li ::ffff:a.b.c.d ) . 3099.It Va rtsold_enable 3100.Pq Vt bool 3101Set to 3102.Dq Li YES 3103to enable the 3104.Xr rtsold 8 3105daemon to send ICMPv6 Router Solicitation messages. 3106.It Va rtsold_flags 3107.Pq Vt str 3108If 3109.Va rtsold_enable 3110is set to 3111.Dq Li YES , 3112these are the flags to pass to 3113.Xr rtsold 8 . 3114.It Va rtsol_flags 3115.Pq Vt str 3116For interfaces configured with the 3117.Dq Li inet6 accept_rtadv 3118keyword, these are the flags to pass to 3119.Xr rtsol 8 . 3120.Pp 3121Note that 3122.Va rtsold_enable 3123is mutually exclusive to 3124.Va rtsol_flags ; 3125.Va rtsold_enable 3126takes precedence. 3127.It Va keybell 3128.Pq Vt str 3129The keyboard bell sound. 3130Set to 3131.Dq Li normal , 3132.Dq Li visual , 3133.Dq Li off , 3134or 3135.Dq Li NO 3136if the default behavior is desired. 3137For details, refer to the 3138.Xr kbdcontrol 1 3139manpage. 3140.It Va keyboard 3141.Pq Vt str 3142If set to a non-null string, the virtual console's keyboard input is 3143set to this device. 3144.It Va keymap 3145.Pq Vt str 3146If set to 3147.Dq Li NO , 3148no keymap is installed, otherwise the value is used to install 3149the keymap file found in 3150.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3151(if using 3152.Xr syscons 4 ) or 3153.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3154(if using 3155.Xr vt 4 ) . 3156.It Va keyrate 3157.Pq Vt str 3158The keyboard repeat speed. 3159Set to 3160.Dq Li slow , 3161.Dq Li normal , 3162.Dq Li fast , 3163or 3164.Dq Li NO 3165if the default behavior is desired. 3166.It Va keychange 3167.Pq Vt str 3168If not set to 3169.Dq Li NO , 3170attempt to program the function keys with the value. 3171The value should 3172be a single string of the form: 3173.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3174.It Va cursor 3175.Pq Vt str 3176Can be set to the value of 3177.Dq Li normal , 3178.Dq Li blink , 3179.Dq Li destructive , 3180or 3181.Dq Li NO 3182to set the cursor behavior explicitly or choose the default behavior. 3183.It Va scrnmap 3184.Pq Vt str 3185If set to 3186.Dq Li NO , 3187no screen map is installed, otherwise the value is used to install 3188the screen map file in 3189.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3190This parameter is ignored when using 3191.Xr vt 4 3192as the console driver. 3193.It Va font8x16 3194.Pq Vt str 3195If set to 3196.Dq Li NO , 3197the default 8x16 font value is used for screen size requests, otherwise 3198the value in 3199.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3200or 3201.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3202is used (depending on the console driver being used). 3203.It Va font8x14 3204.Pq Vt str 3205If set to 3206.Dq Li NO , 3207the default 8x14 font value is used for screen size requests, otherwise 3208the value in 3209.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3210or 3211.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3212is used (depending on the console driver being used). 3213.It Va font8x8 3214.Pq Vt str 3215If set to 3216.Dq Li NO , 3217the default 8x8 font value is used for screen size requests, otherwise 3218the value in 3219.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3220or 3221.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3222is used (depending on the console driver being used). 3223.It Va blanktime 3224.Pq Vt int 3225If set to 3226.Dq Li NO , 3227the default screen blanking interval is used, otherwise it is set 3228to 3229.Ar value 3230seconds. 3231.It Va saver 3232.Pq Vt str 3233If not set to 3234.Dq Li NO , 3235this is the actual screen saver to use 3236.Li ( blank , snake , daemon , 3237etc). 3238.It Va moused_nondefault_enable 3239.Pq Vt str 3240If set to 3241.Dq Li NO , 3242the mouse device specified on 3243the command line is not automatically treated as enabled by the 3244.Pa /etc/rc.d/moused 3245script. 3246Having this variable set to 3247.Dq Li YES 3248allows a 3249.Xr usb 4 3250mouse, 3251for example, 3252to be enabled as soon as it is plugged in. 3253.It Va moused_enable 3254.Pq Vt str 3255If set to 3256.Dq Li YES , 3257the 3258.Xr moused 8 3259daemon is started for doing cut/paste selection on the console. 3260.It Va moused_type 3261.Pq Vt str 3262This is the protocol type of the mouse connected to this host. 3263This variable must be set if 3264.Va moused_enable 3265is set to 3266.Dq Li YES . 3267The 3268.Xr moused 8 3269daemon 3270is able to detect the appropriate mouse type automatically in many cases. 3271Set this variable to 3272.Dq Li auto 3273to let the daemon detect it, or 3274select one from the following list if the automatic detection fails. 3275.Pp 3276If the mouse is attached to the PS/2 mouse port, choose 3277.Dq Li auto 3278or 3279.Dq Li ps/2 , 3280regardless of the brand and model of the mouse. 3281Likewise, if the 3282mouse is attached to the bus mouse port, choose 3283.Dq Li auto 3284or 3285.Dq Li busmouse . 3286All other protocols are for serial mice and will not work with 3287the PS/2 and bus mice. 3288If this is a USB mouse, 3289.Dq Li auto 3290is the only protocol type which will work. 3291.Pp 3292.Bl -tag -width ".Li x10mouseremote" -compact 3293.It Li microsoft 3294Microsoft mouse (serial) 3295.It Li intellimouse 3296Microsoft IntelliMouse (serial) 3297.It Li mousesystems 3298Mouse systems Corp.\& mouse (serial) 3299.It Li mmseries 3300MM Series mouse (serial) 3301.It Li logitech 3302Logitech mouse (serial) 3303.It Li busmouse 3304A bus mouse 3305.It Li mouseman 3306Logitech MouseMan and TrackMan (serial) 3307.It Li glidepoint 3308ALPS GlidePoint (serial) 3309.It Li thinkingmouse 3310Kensington ThinkingMouse (serial) 3311.It Li ps/2 3312PS/2 mouse 3313.It Li mmhittab 3314MM HitTablet (serial) 3315.It Li x10mouseremote 3316X10 MouseRemote (serial) 3317.It Li versapad 3318Interlink VersaPad (serial) 3319.El 3320.Pp 3321Even if the mouse is not in the above list, it may be compatible 3322with one in the list. 3323Refer to the manual page for 3324.Xr moused 8 3325for compatibility information. 3326.Pp 3327It should also be noted that while this is enabled, any 3328other client of the mouse (such as an X server) should access 3329the mouse through the virtual mouse device, 3330.Pa /dev/sysmouse , 3331and configure it as a 3332.Dq Li sysmouse 3333type mouse, since all 3334mouse data is converted to this single canonical format when 3335using 3336.Xr moused 8 . 3337If the client program does not support the 3338.Dq Li sysmouse 3339type, 3340specify the 3341.Dq Li mousesystems 3342type. 3343It is the second preferred type. 3344.It Va moused_port 3345.Pq Vt str 3346If 3347.Va moused_enable 3348is set to 3349.Dq Li YES , 3350this is the actual port the mouse is on. 3351It might be 3352.Pa /dev/cuau0 3353for a COM1 serial mouse, or 3354.Pa /dev/psm0 3355for a PS/2 mouse, for example. 3356.It Va moused_flags 3357.Pq Vt str 3358If 3359.Va moused_flags 3360is set, its value is used as an additional set of flags to pass to the 3361.Xr moused 8 3362daemon. 3363.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3364When 3365.Va moused_nondefault_enable 3366is enabled, and a 3367.Xr moused 8 3368daemon is started for a non-default port, the 3369.Va "moused_" Ns Ar XXX Ns Va "_flags" 3370set of options has precedence over and replaces the default 3371.Va moused_flags 3372(where 3373.Ar XXX 3374is the name of the non-default port, i.e.,\& 3375.Ar ums0 ) . 3376By setting 3377.Va "moused_" Ns Ar XXX Ns Va "_flags" 3378it is possible to set up a different set of default flags for each 3379.Xr moused 8 3380instance. 3381For example, you can use 3382.Dq Li "-3" 3383for the default 3384.Va moused_flags 3385to make your laptop's touchpad more comfortable to use, 3386but an empty set of options for 3387.Va moused_ums0_flags 3388when your 3389.Xr usb 4 3390mouse has three or more buttons. 3391.It Va mousechar_start 3392.Pq Vt int 3393If set to 3394.Dq Li NO , 3395the default mouse cursor character range 3396.Li 0xd0 Ns - Ns Li 0xd3 3397is used, 3398otherwise the range start is set 3399to 3400.Ar value 3401character, see 3402.Xr vidcontrol 1 . 3403Use if the default range is occupied in the language code table. 3404.It Va allscreens_flags 3405.Pq Vt str 3406If set, 3407.Xr vidcontrol 1 3408is run with these options for each of the virtual terminals 3409.Pq Pa /dev/ttyv* . 3410For example, 3411.Dq Fl m Cm on 3412will enable the mouse pointer on all virtual terminals 3413if 3414.Va moused_enable 3415is set to 3416.Dq Li YES . 3417.It Va allscreens_kbdflags 3418.Pq Vt str 3419If set, 3420.Xr kbdcontrol 1 3421is run with these options for each of the virtual terminals 3422.Pq Pa /dev/ttyv* . 3423For example, 3424.Dq Fl h Li 200 3425will set the 3426.Xr syscons 4 3427or 3428.Xr vt 4 3429scrollback (history) buffer to 200 lines. 3430.It Va cron_enable 3431.Pq Vt bool 3432If set to 3433.Dq Li YES , 3434run the 3435.Xr cron 8 3436daemon at system boot time. 3437.It Va cron_program 3438.Pq Vt str 3439Path to 3440.Xr cron 8 3441(default 3442.Pa /usr/sbin/cron ) . 3443.It Va cron_flags 3444.Pq Vt str 3445If 3446.Va cron_enable 3447is set to 3448.Dq Li YES , 3449these are the flags to pass to 3450.Xr cron 8 . 3451.It Va cron_dst 3452.Pq Vt bool 3453If set to 3454.Dq Li YES , 3455enable the special handling of transitions to and from the 3456Daylight Saving Time in 3457.Xr cron 8 3458(equivalent to using the flag 3459.Fl s ) . 3460.It Va lpd_program 3461.Pq Vt str 3462Path to 3463.Xr lpd 8 3464(default 3465.Pa /usr/sbin/lpd ) . 3466.It Va lpd_enable 3467.Pq Vt bool 3468If set to 3469.Dq Li YES , 3470run the 3471.Xr lpd 8 3472daemon at system boot time. 3473.It Va lpd_flags 3474.Pq Vt str 3475If 3476.Va lpd_enable 3477is set to 3478.Dq Li YES , 3479these are the flags to pass to the 3480.Xr lpd 8 3481daemon. 3482.It Va chkprintcap_enable 3483.Pq Vt bool 3484If set to 3485.Dq Li YES , 3486run the 3487.Xr chkprintcap 8 3488command before starting the 3489.Xr lpd 8 3490daemon. 3491.It Va chkprintcap_flags 3492.Pq Vt str 3493If 3494.Va lpd_enable 3495and 3496.Va chkprintcap_enable 3497are set to 3498.Dq Li YES , 3499these are the flags to pass to the 3500.Xr chkprintcap 8 3501program. 3502The default is 3503.Dq Li -d , 3504which causes missing directories to be created. 3505.It Va mta_start_script 3506.Pq Vt str 3507This variable specifies the full path to the script to run to start 3508a mail transfer agent. 3509The default is 3510.Pa /etc/rc.sendmail . 3511The 3512.Va sendmail_* 3513variables which 3514.Pa /etc/rc.sendmail 3515uses are documented in the 3516.Xr rc.sendmail 8 3517manual page. 3518.It Va dumpdev 3519.Pq Vt str 3520Indicates the device (usually a swap partition) to which a crash dump 3521should be written in the event of a system crash. 3522If the value of this variable is 3523.Dq Li AUTO , 3524the first suitable swap device listed in 3525.Pa /etc/fstab 3526will be used as dump device. 3527Otherwise, the value of this variable is passed as the argument to 3528.Xr dumpon 8 3529and 3530.Xr savecore 8 . 3531To disable crash dumps, set this variable to 3532.Dq Li NO . 3533.It Va dumpon_flags 3534.Pq Vt str 3535Flags to pass to 3536.Xr dumpon 8 3537when configuring 3538.Va dumpdev 3539as the system dump device. 3540.It Va dumpdir 3541.Pq Vt str 3542When the system reboots after a crash and a crash dump is found on the 3543device specified by the 3544.Va dumpdev 3545variable, 3546.Xr savecore 8 3547will save that crash dump and a copy of the kernel to the directory 3548specified by the 3549.Va dumpdir 3550variable. 3551The default value is 3552.Pa /var/crash . 3553Set to 3554.Dq Li NO 3555to not run 3556.Xr savecore 8 3557at boot time when 3558.Va dumpdir 3559is set. 3560.It Va savecore_enable 3561.Pq Vt bool 3562If set to 3563.Dq Li NO , 3564disable automatic extraction of the crash dump from the 3565.Va dumpdev . 3566.It Va savecore_flags 3567.Pq Vt str 3568If crash dumps are enabled, these are the flags to pass to the 3569.Xr savecore 8 3570utility. 3571.It Va quota_enable 3572.Pq Vt bool 3573Set to 3574.Dq Li YES 3575to turn on user and group disk quotas on system startup via the 3576.Xr quotaon 8 3577command for all file systems marked as having quotas enabled in 3578.Pa /etc/fstab . 3579The kernel must be built with 3580.Cd "options QUOTA" 3581for disk quotas to function. 3582.It Va check_quotas 3583.Pq Vt bool 3584Set to 3585.Dq Li YES 3586to enable user and group disk quota checking via the 3587.Xr quotacheck 8 3588command. 3589.It Va quotacheck_flags 3590.Pq Vt str 3591If 3592.Va quota_enable 3593is set to 3594.Dq Li YES , 3595and 3596.Va check_quotas 3597is set to 3598.Dq Li YES , 3599these are the flags to pass to the 3600.Xr quotacheck 8 3601utility. 3602The default is 3603.Dq Li "-a" , 3604which checks quotas for all file systems with quotas enabled in 3605.Pa /etc/fstab . 3606.It Va quotaon_flags 3607.Pq Vt str 3608If 3609.Va quota_enable 3610is set to 3611.Dq Li YES , 3612these are the flags to pass to the 3613.Xr quotaon 8 3614utility. 3615The default is 3616.Dq Li "-a" , 3617which enables quotas for all file systems with quotas enabled in 3618.Pa /etc/fstab . 3619.It Va quotaoff_flags 3620.Pq Vt str 3621If 3622.Va quota_enable 3623is set to 3624.Dq Li YES , 3625these are the flags to pass to the 3626.Xr quotaoff 8 3627utility when shutting down the quota system. 3628The default is 3629.Dq Li "-a" , 3630which disables quotas for all file systems with quotas enabled in 3631.Pa /etc/fstab . 3632.It Va accounting_enable 3633.Pq Vt bool 3634Set to 3635.Dq Li YES 3636to enable system accounting through the 3637.Xr accton 8 3638facility. 3639.It Va firstboot_sentinel 3640.Pq Vt str 3641This variable specifies the full path to a 3642.Dq first boot 3643sentinel file. 3644If a file exists with this path, 3645.Pa rc.d 3646scripts with the 3647.Dq firstboot 3648keyword will be run on startup and the sentinel file will be deleted 3649after the boot process completes. 3650The sentinel file must be located on a writable file system which is 3651mounted no later than 3652.Va early_late_divider 3653to function properly. 3654The default is 3655.Pa /firstboot . 3656.It Va linux_enable 3657.Pq Vt bool 3658Set to 3659.Dq Li YES 3660to enable Linux/ELF binary emulation at system initial 3661boot time. 3662.It Va sysvipc_enable 3663.Pq Vt bool 3664If set to 3665.Dq Li YES , 3666load System V IPC primitives at boot time. 3667.It Va clear_tmp_enable 3668.Pq Vt bool 3669Set to 3670.Dq Li YES 3671to have 3672.Pa /tmp 3673cleaned at startup. 3674.It Va clear_tmp_X 3675.Pq Vt bool 3676Set to 3677.Dq Li NO 3678to disable removing of X11 lock files, 3679and the removal and (secure) recreation 3680of the various socket directories for X11 3681related programs. 3682.It Va ldconfig_paths 3683.Pq Vt str 3684Set to the list of shared library paths to use with 3685.Xr ldconfig 8 . 3686NOTE: 3687.Pa /lib 3688and 3689.Pa /usr/lib 3690will always be added first, so they need not appear in this list. 3691.It Va ldconfig32_paths 3692.Pq Vt str 3693Set to the list of 32-bit compatibility shared library paths to 3694use with 3695.Xr ldconfig 8 . 3696.It Va ldconfig_insecure 3697.Pq Vt bool 3698The 3699.Xr ldconfig 8 3700utility normally refuses to use directories 3701which are writable by anyone except root. 3702Set this variable to 3703.Dq Li YES 3704to disable that security check during system startup. 3705.It Va ldconfig_local_dirs 3706.Pq Vt str 3707Set to the list of local 3708.Xr ldconfig 8 3709directories. 3710The names of all files in the directories listed will be 3711passed as arguments to 3712.Xr ldconfig 8 . 3713.It Va ldconfig_local32_dirs 3714.Pq Vt str 3715Set to the list of local 32-bit compatibility 3716.Xr ldconfig 8 3717directories. 3718The names of all files in the directories listed will be 3719passed as arguments to 3720.Dq Nm ldconfig Fl 32 . 3721.It Va kern_securelevel_enable 3722.Pq Vt bool 3723Set to 3724.Dq Li YES 3725to set the kernel security level at system startup. 3726.It Va kern_securelevel 3727.Pq Vt int 3728The kernel security level to set at startup. 3729The allowed range of 3730.Ar value 3731ranges from \-1 (the compile time default) to 3 (the 3732most secure). 3733See 3734.Xr security 7 3735for the list of possible security levels and their effect 3736on system operation. 3737.It Va sshd_program 3738.Pq Vt str 3739Path to the SSH server program 3740.Pa ( /usr/sbin/sshd 3741is the default). 3742.It Va sshd_enable 3743.Pq Vt bool 3744Set to 3745.Dq Li YES 3746to start 3747.Xr sshd 8 3748at system boot time. 3749.It Va sshd_flags 3750.Pq Vt str 3751If 3752.Va sshd_enable 3753is set to 3754.Dq Li YES , 3755these are the flags to pass to the 3756.Xr sshd 8 3757daemon. 3758.It Va ftpd_program 3759.Pq Vt str 3760Path to the FTP server program 3761.Pa ( /usr/libexec/ftpd 3762is the default). 3763.It Va ftpd_enable 3764.Pq Vt bool 3765Set to 3766.Dq Li YES 3767to start 3768.Xr ftpd 8 3769as a stand-alone daemon at system boot time. 3770.It Va ftpd_flags 3771.Pq Vt str 3772If 3773.Va ftpd_enable 3774is set to 3775.Dq Li YES , 3776these are the additional flags to pass to the 3777.Xr ftpd 8 3778daemon. 3779.It Va watchdogd_enable 3780.Pq Vt bool 3781If set to 3782.Dq Li YES , 3783start the 3784.Xr watchdogd 8 3785daemon at boot time. 3786This requires that the kernel have been compiled with a 3787.Xr watchdog 4 3788compatible device. 3789.It Va watchdogd_flags 3790.Pq Vt str 3791If 3792.Va watchdogd_enable 3793is set to 3794.Dq Li YES , 3795these are the flags passed to the 3796.Xr watchdogd 8 3797daemon. 3798.It Va watchdogd_timeout 3799.Pq Vt int 3800If 3801.Va watchdogd_enable 3802is set to 3803.Dq Li YES , 3804this is a timeout that will be used by the 3805.Xr watchdogd 8 3806daemon. 3807If this option is set, it overrides 3808.Fl t 3809in 3810.Va watchdogd_flags . 3811.It Va watchdogd_shutdown_timeout 3812.Pq Vt int 3813If 3814.Va watchdogd_enable 3815is set to 3816.Dq Li YES , 3817this is a timeout that will be set by the 3818.Xr watchdogd 8 3819daemon when it exits during the system shutdown. 3820This timeout will not be set when returning to the single-user mode 3821or when the watchdogd service is stopped individually using the 3822.Xr service 8 3823command or the rc.d script. 3824Note that the timeout will be applied if 3825.Xr watchdogd 8 3826is stopped outside of 3827.Xr rc 8 3828framework. 3829If this option is set, it overrides 3830.Fl x 3831in 3832.Va watchdogd_flags . 3833.It Va devfs_rulesets 3834.Pq Vt str 3835List of files containing sets of rules for 3836.Xr devfs 8 . 3837.It Va devfs_system_ruleset 3838.Pq Vt str 3839Rule name(s) to apply to the system 3840.Pa /dev 3841itself. 3842.It Va devfs_set_rulesets 3843.Pq Vt str 3844Pairs of already-mounted 3845.Pa dev 3846directories and rulesets that should be applied to them. 3847For example: /mount/dev=ruleset_name 3848.It Va devfs_load_rulesets 3849.Pq Vt bool 3850If set, always load the default rulesets listed in 3851.Va devfs_rulesets . 3852.It Va performance_cx_lowest 3853.Pq Vt str 3854CPU idle state to use while on AC power. 3855The string 3856.Dq Li LOW 3857indicates that 3858.Xr acpi 4 3859should use the lowest power state available while 3860.Dq Li HIGH 3861indicates that the lowest latency state (less power savings) should be used. 3862.It Va performance_cpu_freq 3863.Pq Vt str 3864CPU clock frequency to use while on AC power. 3865The string 3866.Dq Li LOW 3867indicates that 3868.Xr cpufreq 4 3869should use the lowest frequency available while 3870.Dq Li HIGH 3871indicates that the highest frequency (less power savings) should be used. 3872.It Va economy_cx_lowest 3873.Pq Vt str 3874CPU idle state to use when off AC power. 3875The string 3876.Dq Li LOW 3877indicates that 3878.Xr acpi 4 3879should use the lowest power state available while 3880.Dq Li HIGH 3881indicates that the lowest latency state (less power savings) should be used. 3882.It Va economy_cpu_freq 3883.Pq Vt str 3884CPU clock frequency to use when off AC power. 3885The string 3886.Dq Li LOW 3887indicates that 3888.Xr cpufreq 4 3889should use the lowest frequency available while 3890.Dq Li HIGH 3891indicates that the highest frequency (less power savings) should be used. 3892.It Va jail_enable 3893.Pq Vt bool 3894If set to 3895.Dq Li NO , 3896any configured jails will not be started. 3897.It Va jail_conf 3898.Pq Vt str 3899The configuration filename used by 3900.Xr jail 8 3901utility. 3902The default value is 3903.Pa /etc/jail.conf . 3904.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3905and 3906.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3907will also be used if 3908.Va Ao Ar jname Ac Va 3909is set in 3910.Va jail_list . 3911.It Va jail_parallel_start 3912.Pq Vt bool 3913If set to 3914.Dq Li YES , 3915all configured jails will be started in the background (in parallel). 3916.It Va jail_flags 3917.Pq Vt str 3918Unset by default. 3919When set, use as default value for 3920.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3921for every jail in 3922.Va jail_list . 3923.It Va jail_list 3924.Pq Vt str 3925A space-delimited list of jail names. 3926When left empty, all of the 3927.Xr jail 8 3928instances defined in the configuration file are started. 3929The names specified in this list control the jail startup order. 3930.Xr jail 8 3931instances missing from 3932.Va jail_list 3933must be started manually. 3934Note that a jail's 3935.Va depend 3936parameter in the configuration file may override this list. 3937.It Va jail_reverse_stop 3938.Pq Vt bool 3939When set to 3940.Dq Li YES , 3941all configured jails in 3942.Va jail_list 3943are stopped in reverse order. 3944.It Va jail_ Ns * variables 3945Note that older releases supported per-jail configuration via 3946.Nm 3947variables. 3948For example, 3949hostname of a jail named 3950.Li vjail 3951was able to be set by 3952.Li jail_vjail_hostname . 3953These per-jail configuration variables are now obsolete in favor of 3954.Xr jail 8 3955configuration file. 3956For backward compatibility, 3957when per-jail configuration variables are defined, 3958.Xr jail 8 3959configuration files are created as 3960.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3961and used. 3962.Pp 3963The following per-jail parameters are handled by 3964.Pa rc.d/jail 3965script out of their corresponding 3966.Nm 3967variables. 3968In addition to them, parameters in 3969.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3970will be added to the configuration file. 3971They must be a semi-colon 3972.Pq Ql \&; 3973delimited list of 3974.Dq key=value . 3975For more details, 3976see 3977.Xr jail 8 3978manual page. 3979.Bl -tag -width "host.hostname" -offset indent 3980.It Li path 3981set from 3982.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3983.It Li host.hostname 3984set from 3985.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3986.It Li exec.consolelog 3987set from 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3989The default value is 3990.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3991.It Li interface 3992set from 3993.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3994.It Li vnet.interface 3995set from 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3997This implies 3998.Li vnet 3999parameter will be enabled and cannot be specified with 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4001.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4002and/or 4003.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4004at the same time. 4005.It Li fstab 4006set from 4007.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4008.It Li mount 4009set from 4010.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4011.It Li exec.fib 4012set from 4013.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4014.It Li exec.start 4015set from 4016.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4017The parameter name was 4018.Li command 4019in some older releases. 4020.It Li exec.prestart 4021set from 4022.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4023.It Li exec.poststart 4024set from 4025.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4026.It Li exec.stop 4027set from 4028.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4029.It Li exec.prestop 4030set from 4031.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4032.It Li exec.poststop 4033set from 4034.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4035.It Li ip4.addr 4036set if 4037.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4038or 4039.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4040contain IPv4 addresses 4041.It Li ip6.addr 4042set if 4043.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4044or 4045.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4046contain IPv6 addresses 4047.It Li allow.mount 4048set from 4049.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4050.It Li mount.devfs 4051set from 4052.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4053.It Li devfs_ruleset 4054set from 4055.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4056This must be an integer, 4057not a string. 4058.It Li mount.fdescfs 4059set from 4060.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4061.It Li allow.set_hostname 4062set from 4063.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4064.It Li allow.rawsocket 4065set from 4066.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4067.It Li allow.sysvipc 4068set from 4069.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4070.El 4071.\" ----------------------------------------------------- 4072.It Va harvest_mask 4073.Pq Vt int 4074Set to a bit-mask 4075representing the entropy sources 4076you wish to harvest. 4077Refer to 4078.Xr random 4 4079for more information. 4080.It Va entropy_dir 4081.Pq Vt str 4082Set to 4083.Dq Li NO 4084to disable caching entropy via 4085.Xr cron 8 . 4086Otherwise set to the directory 4087in which the entropy files are stored. 4088To be useful, 4089there must be 4090a system cron job 4091that regularly writes and rotates 4092files here. 4093All files found 4094will be used at boot time. 4095The default is 4096.Pa /var/db/entropy . 4097.It Va entropy_file 4098.Pq Vt str 4099Set to 4100.Dq Li NO 4101to disable caching entropy through reboots. 4102Otherwise set to the name 4103of a file used to store cached entropy. 4104This file should be located 4105on a file system that is readable 4106before all the volumes specified in 4107.Xr fstab 5 4108are mounted. 4109By default, 4110.Pa /entropy 4111is used, 4112but if 4113.Pa /var/db/entropy-file 4114is found it will also be used. 4115This will be of some use to 4116.Xr bsdinstall 8 . 4117.It Va entropy_boot_file 4118.Pq Vt str 4119Set to 4120.Dq Li NO 4121to disable 4122very early caching entropy 4123through reboots. 4124Otherwise set to the filename 4125used to read 4126very early reboot cached entropy. 4127This file should be located where 4128.Xr loader 8 4129can read it. 4130See also 4131.Xr loader.conf 5 . 4132The default location is 4133.Pa /boot/entropy . 4134.It Va entropy_save_sz 4135.Pq Vt int 4136Size of the entropy cache files saved by 4137.Nm save-entropy 4138periodically. 4139.It Va entropy_save_num 4140.Pq Vt int 4141Number of entropy cache files to save by 4142.Nm save-entropy 4143periodically. 4144.It Va ipsec_enable 4145.Pq Vt bool 4146Set to 4147.Dq Li YES 4148to run 4149.Xr setkey 8 4150on 4151.Va ipsec_file 4152at boot time. 4153.It Va ipsec_file 4154.Pq Vt str 4155Configuration file for 4156.Xr setkey 8 . 4157.It Va dmesg_enable 4158.Pq Vt bool 4159Set to 4160.Dq Li YES 4161to save 4162.Xr dmesg 8 4163to 4164.Pa /var/run/dmesg.boot 4165on boot. 4166.It Va rcshutdown_timeout 4167.Pq Vt int 4168If set, start a watchdog timer in the background which will terminate 4169.Pa rc.shutdown 4170if 4171.Xr shutdown 8 4172has not completed within the specified time (in seconds). 4173Notice that in addition to this soft timeout, 4174.Xr init 8 4175also applies a hard timeout for the execution of 4176.Pa rc.shutdown . 4177This is configured via 4178.Xr sysctl 8 4179variable 4180.Va kern.init_shutdown_timeout 4181and defaults to 120 seconds. 4182Setting the value of 4183.Va rcshutdown_timeout 4184to more than 120 seconds will have no effect until the 4185.Xr sysctl 8 4186variable 4187.Va kern.init_shutdown_timeout 4188is also increased. 4189.It Va virecover_enable 4190.Pq Vt bool 4191Set to 4192.Dq Li NO 4193to prevent the system from trying to 4194recover pre-maturely terminated 4195.Xr vi 1 4196sessions. 4197.It Va ugidfw_enable 4198.Pq Vt bool 4199Set to 4200.Dq Li YES 4201to load the 4202.Xr mac_bsdextended 4 4203module upon system initialization and load a default 4204ruleset file. 4205.It Va bsdextended_script 4206.Pq Vt str 4207The default 4208.Xr mac_bsdextended 4 4209ruleset file to load. 4210The default value of this variable is 4211.Pa /etc/rc.bsdextended . 4212.It Va newsyslog_enable 4213.Pq Vt bool 4214If set to 4215.Dq Li YES , 4216run 4217.Xr newsyslog 8 4218command at startup. 4219.It Va newsyslog_flags 4220.Pq Vt str 4221If 4222.Va newsyslog_enable 4223is set to 4224.Dq Li YES , 4225these are the flags to pass to the 4226.Xr newsyslog 8 4227program. 4228The default is 4229.Dq Li -CN , 4230which causes log files flagged with a 4231.Cm C 4232to be created. 4233.It Va mdconfig_md Ns Aq Ar X 4234.Pq Vt str 4235Arguments to 4236.Xr mdconfig 8 4237for 4238.Xr md 4 4239device 4240.Ar X . 4241At minimum a 4242.Fl t Ar type 4243must be specified and either a 4244.Fl s Ar size 4245for malloc or swap backed 4246.Xr md 4 4247devices or a 4248.Fl f Ar file 4249for vnode backed 4250.Xr md 4 4251devices. 4252Note that 4253.Va mdconfig_md Ns Aq Ar X 4254variables are evaluated until one variable is unset or null. 4255.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4256.Pq Vt str 4257Optional arguments passed to 4258.Xr newfs 8 4259to initialize 4260.Xr md 4 4261device 4262.Ar X . 4263.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4264.Pq Vt str 4265An ownership specification passed to 4266.Xr chown 8 4267after the specified 4268.Xr md 4 4269device 4270.Ar X 4271has been mounted. 4272Both the 4273.Xr md 4 4274device and the mount point will be changed. 4275.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4276.Pq Vt str 4277A mode string passed to 4278.Xr chmod 1 4279after the specified 4280.Xr md 4 4281device 4282.Ar X 4283has been mounted. 4284Both the 4285.Xr md 4 4286device and the mount point will be changed. 4287.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4288.Pq Vt str 4289Files to be copied to the mount point of the 4290.Xr md 4 4291device 4292.Ar X 4293after it has been mounted. 4294.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4295.Pq Vt str 4296Command to execute after the specified 4297.Xr md 4 4298device 4299.Ar X 4300has been mounted. 4301Note that the command is passed to 4302.Ic eval 4303and that both 4304.Va _dev 4305and 4306.Va _mp 4307variables can be used to reference respectively the 4308.Xr md 4 4309device and the mount point. 4310Assuming that the 4311.Xr md 4 4312device is 4313.Li md0 , 4314one could set the following: 4315.Bd -literal 4316mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4317.Ed 4318.It Va autobridge_interfaces 4319.Pq Vt str 4320Set to the list of bridge interfaces that will have newly arriving interfaces 4321checked against to be automatically added. 4322If not set to 4323.Dq Li NO 4324then for each whitespace separated 4325.Ar element 4326in the value, a 4327.Va autobridge_ Ns Aq Ar element 4328variable is assumed to exist which has a whitespace separated list of interface 4329names to match, these names can use wildcards. 4330For example: 4331.Bd -literal 4332autobridge_interfaces="bridge0" 4333autobridge_bridge0="tap* dc0 vlan[345]" 4334.Ed 4335.It Va mixer_enable 4336.Pq Vt bool 4337If set to 4338.Dq Li YES , 4339enable support for sound mixer. 4340.It Va hcsecd_enable 4341.Pq Vt bool 4342If set to 4343.Dq Li YES , 4344enable Bluetooth security daemon. 4345.It Va hcsecd_config 4346.Pq Vt str 4347Configuration file for 4348.Xr hcsecd 8 . 4349Default 4350.Pa /etc/bluetooth/hcsecd.conf . 4351.It Va sdpd_enable 4352.Pq Vt bool 4353If set to 4354.Dq Li YES , 4355enable Bluetooth Service Discovery Protocol daemon. 4356.It Va sdpd_control 4357.Pq Vt str 4358Path to 4359.Xr sdpd 8 4360control socket. 4361Default 4362.Pa /var/run/sdp . 4363.It Va sdpd_groupname 4364.Pq Vt str 4365Sets 4366.Xr sdpd 8 4367group to run as after it initializes. 4368Default 4369.Dq Li nobody . 4370.It Va sdpd_username 4371.Pq Vt str 4372Sets 4373.Xr sdpd 8 4374user to run as after it initializes. 4375Default 4376.Dq Li nobody . 4377.It Va bthidd_enable 4378.Pq Vt bool 4379If set to 4380.Dq Li YES , 4381enable Bluetooth Human Interface Device daemon. 4382.It Va bthidd_config 4383.Pq Vt str 4384Configuration file for 4385.Xr bthidd 8 . 4386Default 4387.Pa /etc/bluetooth/bthidd.conf . 4388.It Va bthidd_hids 4389.Pq Vt str 4390Path to a file, where 4391.Xr bthidd 8 4392will store information about known HID devices. 4393Default 4394.Pa /var/db/bthidd.hids . 4395.It Va rfcomm_pppd_server_enable 4396.Pq Vt bool 4397If set to 4398.Dq Li YES , 4399enable Bluetooth RFCOMM PPP wrapper daemon. 4400.It Va rfcomm_pppd_server_profile 4401.Pq Vt str 4402The name of the profile to use from 4403.Pa /etc/ppp/ppp.conf . 4404Multiple profiles can be specified here. 4405Also used to specify per-profile overrides. 4406When the profile name contains any of the characters 4407.Dq Li .-/+ 4408they are translated to 4409.Dq Li _ 4410for the proposes of the override variable names. 4411.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4412.Pq Vt str 4413Overrides local address to listen on. 4414By default 4415.Xr rfcomm_pppd 8 4416will listen on 4417.Dq Li ANY 4418address. 4419The address can be specified as BD_ADDR or name. 4420.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4421.Pq Vt str 4422Overrides local RFCOMM channel to listen on. 4423By default 4424.Xr rfcomm_pppd 8 4425will listen on RFCOMM channel 1. 4426Must set properly if multiple profiles used in the same time. 4427.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4428.Pq Vt bool 4429Tells 4430.Xr rfcomm_pppd 8 4431if it should register Serial Port service on the specified RFCOMM channel. 4432Default 4433.Dq Li NO . 4434.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4435.Pq Vt bool 4436Tells 4437.Xr rfcomm_pppd 8 4438if it should register Dial-Up Networking service on the specified 4439RFCOMM channel. 4440Default 4441.Dq Li NO . 4442.It Va ubthidhci_enable 4443.Pq Vt bool 4444If set to 4445.Dq Li YES , 4446change the USB Bluetooth controller from HID mode to HCI mode. 4447You also need to specify the location of USB Bluetooth controller with the 4448.Va ubthidhci_busnum 4449and 4450.Va ubthidhci_addr 4451variables. 4452.It Va ubthidhci_busnum 4453Bus number where the USB Bluetooth controller is located. 4454Check the output of 4455.Xr usbconfig 8 4456on your system to find this information. 4457.It Va ubthidhci_addr 4458Bus address of the USB Bluetooth controller. 4459Check the output of 4460.Xr usbconfig 8 4461on your system to find this information. 4462.It Va netwait_enable 4463.Pq Vt bool 4464If set to 4465.Dq Li YES , 4466delays the start of network-reliant services until 4467.Va netwait_if 4468is up and ICMP packets to a destination defined in 4469.Va netwait_ip 4470are flowing. 4471Link state is examined first, followed by 4472.Dq Li pinging 4473an IP address to verify network usability. 4474If no destination can be reached or timeouts are exceeded, 4475network services are started anyway with no guarantee that 4476the network is usable. 4477Use of this variable requires both 4478.Va netwait_ip 4479and 4480.Va netwait_if 4481to be set. 4482.It Va netwait_ip 4483.Pq Vt str 4484Empty by default. 4485This variable contains a space-delimited list of IP addresses to 4486.Xr ping 8 . 4487DNS hostnames should not be used as resolution is not guaranteed 4488to be functional at this point. 4489If multiple IP addresses are specified, 4490each will be tried until one is successful or the list is exhausted. 4491.It Va netwait_timeout 4492.Pq Vt int 4493Indicates the total number of seconds to perform a 4494.Dq Li ping 4495against each IP address in 4496.Va netwait_ip , 4497at a rate of one ping per second. 4498If any of the pings are successful, 4499full network connectivity is considered reliable. 4500The default is 60. 4501.It Va netwait_if 4502.Pq Vt str 4503Empty by default. 4504Defines the name of the network interface on which watch for link. 4505.Xr ifconfig 8 4506is used to monitor the interface, looking for 4507.Dq Li status: no carrier . 4508Once gone, the link is considered up. 4509This can be a 4510.Xr vlan 4 4511interface if desired. 4512.It Va netwait_if_timeout 4513.Pq Vt int 4514Defines the total number of seconds to wait for link to become usable, 4515polled at a 1-second interval. 4516The default is 30. 4517.It Va rctl_enable 4518.Pq Vt bool 4519If set to 4520.Dq Li YES , 4521load 4522.Xr rctl 8 4523rules from the defined ruleset. 4524The kernel must be built with 4525.Cd "options RACCT" 4526and 4527.Cd "options RCTL" . 4528.It Va rctl_rules 4529.Pq Vt str 4530Set to 4531.Pa /etc/rctl.conf 4532by default. 4533This variables contains the 4534.Xr rctl.conf 5 4535ruleset to load for 4536.Xr rctl 8 . 4537.It Va iovctl_files 4538.Pq Vt str 4539A space-separated list of configuration files used by 4540.Xr iovctl 8 . 4541The default value is an empty string. 4542.It Va autofs_enable 4543.Pq Vt bool 4544If set to 4545.Dq Li YES , 4546start the 4547.Xr automount 8 4548utility and the 4549.Xr automountd 8 4550and 4551.Xr autounmountd 8 4552daemons at boot time. 4553.It Va automount_flags 4554.Pq Vt str 4555If 4556.Va autofs_enable 4557is set to 4558.Dq Li YES , 4559these are the flags to pass to the 4560.Xr automount 8 4561program. 4562By default no flags are passed. 4563.It Va automountd_flags 4564.Pq Vt str 4565If 4566.Va autofs_enable 4567is set to 4568.Dq Li YES , 4569these are the flags to pass to the 4570.Xr automountd 8 4571daemon. 4572By default no flags are passed. 4573.It Va autounmountd_flags 4574.Pq Vt str 4575If 4576.Va autofs_enable 4577is set to 4578.Dq Li YES , 4579these are the flags to pass to the 4580.Xr autounmountd 8 4581daemon. 4582By default no flags are passed. 4583.It Va ctld_enable 4584.Pq Vt bool 4585If set to 4586.Dq Li YES , 4587start the 4588.Xr ctld 8 4589daemon at boot time. 4590.It Va iscsid_enable 4591.Pq Vt bool 4592If set to 4593.Dq Li YES , 4594start the 4595.Xr iscsid 8 4596daemon at boot time. 4597.It Va iscsictl_enable 4598.Pq Vt bool 4599If set to 4600.Dq Li YES , 4601start the 4602.Xr iscsictl 8 4603utility at boot time. 4604.It Va iscsictl_flags 4605.Pq Vt str 4606If 4607.Va iscsictl_enable 4608is set to 4609.Dq Li YES , 4610these are the flags to pass to the 4611.Xr iscsictl 8 4612program. 4613The default is 4614.Dq Li -Aa , 4615which configures sessions based on the 4616.Pa /etc/iscsi.conf 4617configuration file. 4618.It Va cfumass_enable 4619.Pq Vt bool 4620If set to 4621.Dq Li YES , 4622create and export an USB LUN using 4623.Xr cfumass 4 4624at boot time. 4625.It Va cfumass_dir 4626.Pq Vt str 4627The directory where the files exported by USB LUN are located. 4628The default directory is 4629.Pa /var/cfumass . 4630.It Va service_delete_empty 4631.Pq Vt bool 4632If set to 4633.Dq Li YES , 4634.Ql Li service delete 4635removes empty 4636.Dq Li rc.conf.d 4637files. 4638.It Va zfs_bootonce_activate 4639.Pq Vt bool 4640If set to 4641.Dq Li YES , 4642and a boot environment marked bootonce is successfully booted, 4643it will be made permanently active. 4644.El 4645.Sh FILES 4646.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4647.It Pa /etc/defaults/rc.conf 4648.It Pa /etc/defaults/vendor.conf 4649.It Pa /etc/rc.conf 4650.It Pa /etc/rc.conf.local 4651.El 4652.Sh SEE ALSO 4653.Xr chmod 1 , 4654.Xr gdb 1 , 4655.Xr info 1 , 4656.Xr kbdcontrol 1 , 4657.Xr limits 1 , 4658.Xr protect 1 , 4659.Xr sh 1 , 4660.Xr vi 1 , 4661.Xr vidcontrol 1 , 4662.Xr bridge 4 , 4663.Xr dummynet 4 , 4664.Xr ip 4 , 4665.Xr ipf 4 , 4666.Xr ipfw 4 , 4667.Xr ipnat 4 , 4668.Xr kld 4 , 4669.Xr pf 4 , 4670.Xr pflog 4 , 4671.Xr pfsync 4 , 4672.Xr tcp 4 , 4673.Xr udp 4 , 4674.Xr exports 5 , 4675.Xr fstab 5 , 4676.Xr ipf 5 , 4677.Xr ipnat 5 , 4678.Xr jail.conf 5 , 4679.Xr loader.conf 5 , 4680.Xr login.conf 5 , 4681.Xr motd 5 , 4682.Xr newsyslog.conf 5 , 4683.Xr pf.conf 5 , 4684.Xr firewall 7 , 4685.Xr growfs 7 , 4686.Xr security 7 , 4687.Xr tuning 7 , 4688.Xr accton 8 , 4689.Xr apm 8 , 4690.Xr bsdinstall 8 , 4691.Xr bthidd 8 , 4692.Xr chkprintcap 8 , 4693.Xr chown 8 , 4694.Xr cron 8 , 4695.Xr devfs 8 , 4696.Xr dhclient 8 , 4697.Xr ftpd 8 , 4698.Xr geli 8 , 4699.Xr hcsecd 8 , 4700.Xr ifconfig 8 , 4701.Xr inetd 8 , 4702.Xr iovctl 8 , 4703.Xr ipf 8 , 4704.Xr ipfw 8 , 4705.Xr ipnat 8 , 4706.Xr jail 8 , 4707.Xr kldxref 8 , 4708.Xr loader 8 , 4709.Xr lpd 8 , 4710.Xr makewhatis 8 , 4711.Xr mdconfig 8 , 4712.Xr mdmfs 8 , 4713.Xr mixer 8 , 4714.Xr mountd 8 , 4715.Xr moused 8 , 4716.Xr newfs 8 , 4717.Xr newsyslog 8 , 4718.Xr nfsd 8 , 4719.Xr ntpd 8 , 4720.Xr ntpdate 8 , 4721.Xr pfctl 8 , 4722.Xr pflogd 8 , 4723.Xr ping 8 , 4724.Xr powerd 8 , 4725.Xr quotacheck 8 , 4726.Xr quotaon 8 , 4727.Xr rc 8 , 4728.Xr rc.sendmail 8 , 4729.Xr rc.subr 8 , 4730.Xr rcorder 8 , 4731.Xr rfcomm_pppd 8 , 4732.Xr route 8 , 4733.Xr routed 8 , 4734.Xr rpc.lockd 8 , 4735.Xr rpc.statd 8 , 4736.Xr rpc.tlsclntd 8 , 4737.Xr rpc.tlsservd 8 , 4738.Xr rpcbind 8 , 4739.Xr rwhod 8 , 4740.Xr savecore 8 , 4741.Xr sdpd 8 , 4742.Xr service 8 , 4743.Xr sshd 8 , 4744.Xr swapon 8 , 4745.Xr sysctl 8 , 4746.Xr syslogd 8 , 4747.Xr sysrc 8 , 4748.Xr unbound 8 , 4749.Xr usbconfig 8 , 4750.Xr wlandebug 8 , 4751.Xr yp 8 , 4752.Xr ypbind 8 , 4753.Xr ypserv 8 , 4754.Xr ypset 8 4755.Sh HISTORY 4756The 4757.Nm 4758file appeared in 4759.Fx 2.2.2 . 4760.Sh AUTHORS 4761.An Jordan K. Hubbard . 4762