1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd September 11, 2014 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory or 74.Ao Ar dir Ac Ns Pa /rc.conf.d 75directories specified in 76.Va local_startup , 77which will be included by the 78.Va load_rc_config 79function. 80For jail configurations you could use the file 81.Pa /etc/rc.conf.d/jail 82to store jail specific configuration options. 83If 84.Va local_startup 85contains 86.Pa /usr/local/etc/rc.d 87and 88.Pa /opt/conf , 89.Pa /usr/local/rc.conf.d/jail 90and 91.Pa /opt/conf/rc.conf.d/jail 92will be loaded. 93If 94.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 95is a directory, 96all of files in the directory will be loaded. 97Also see the 98.Va rc_conf_files 99variable below. 100.Pp 101Options are set with 102.Dq Ar name Ns Li = Ns Ar value 103assignments that use 104.Xr sh 1 105syntax. 106The following list provides a name and short description for each 107variable that can be set in the 108.Nm 109file: 110.Bl -tag -width indent-two 111.It Va rc_debug 112.Pq Vt bool 113If set to 114.Dq Li YES , 115enable output of debug messages from rc scripts. 116This variable can be helpful in diagnosing mistakes when 117editing or integrating new scripts. 118Beware that this produces copious output to the terminal and 119.Xr syslog 3 . 120.It Va rc_info 121.Pq Vt bool 122If set to 123.Dq Li NO , 124disable informational messages from the rc scripts. 125Informational messages are displayed when 126a condition that is not serious enough to warrant a warning or 127an error occurs. 128.It Va rc_startmsgs 129.Pq Vt bool 130If set to 131.Dq Li YES , 132show 133.Dq Starting foo: 134when faststart is used (e.g., at boot time). 135.It Va early_late_divider 136.Pq Vt str 137The name of the script that should be used as the 138delimiter between the 139.Dq early 140and 141.Dq late 142stages of the boot process. 143The early stage should contain all the services needed to 144get the disks (local or remote) mounted so that the late 145stage can include scripts contained in the directories 146listed in the 147.Va local_startup 148variable (see below). 149Thus, the two likely candidates for this value are 150.Pa mountcritlocal 151for the typical system, and 152.Pa mountcritremote 153if the system needs remote file 154systems mounted to get access to the 155.Va local_startup 156directories; for example when 157.Pa /usr/local 158is NFS mounted. 159For 160.Pa rc.conf 161within a 162.Xr jail 8 163.Pa NETWORKING 164is likely to be an appropriate value. 165Extreme care should be taken when changing this value, 166and before changing it one should ensure that there are 167adequate provisions to recover from a failed boot 168(such as physical contact with the machine, 169or reliable remote console access). 170.It Va always_force_depends 171.Pq Vt bool 172Various 173.Pa rc.d 174scripts use the force_depend function to check whether required 175services are already running, and to start them if necessary. 176By default during boot time this check is bypassed if the 177required service is enabled in 178.Pa /etc/rc.conf[.local] . 179Setting this option will bypass that check at boot time and 180always test whether or not the service is actually running. 181Enabling this option is likely to increase your boot time if 182services are enabled that utilize the force_depend check. 183.It Ao Ar name Ac Ns Va _chroot 184.Pq Vt str 185.Xr chroot 186to this directory before running the service. 187.It Ao Ar name Ac Ns Va _user 188.Pq Vt str 189Run the service under this user account. 190.It Ao Ar name Ac Ns Va _group 191.Pq Vt str 192Run the chrooted service under this system group. Unlike the _user 193setting, this setting has no effect if the service is not chrooted. 194.It Ao Ar name Ac Ns Va _fib 195.Pq Vt int 196The 197.Xr setfib 1 198value to run the service under. 199.It Ao Ar name Ac Ns Va _nice 200.Pq Vt int 201The 202.Xr nice 1 203value to run the service under. 204.It Va apm_enable 205.Pq Vt bool 206If set to 207.Dq Li YES , 208enable support for Automatic Power Management with 209the 210.Xr apm 8 211command. 212.It Va apmd_enable 213.Pq Vt bool 214Run 215.Xr apmd 8 216to handle APM event from userland. 217This also enables support for APM. 218.It Va apmd_flags 219.Pq Vt str 220If 221.Va apmd_enable 222is set to 223.Dq Li YES , 224these are the flags to pass to the 225.Xr apmd 8 226daemon. 227.It Va devd_enable 228.Pq Vt bool 229Run 230.Xr devd 8 231to handle device added, removed or unknown events from the kernel. 232.It Va ddb_enable 233.Pq Vt bool 234Run 235.Xr ddb 8 236to install 237.Xr ddb 4 238scripts at boot time. 239.It Va ddb_config 240.Pq Vt str 241Configuration file for 242.Xr ddb 8 . 243Default 244.Pa /etc/ddb.conf . 245.It Va kld_list 246.Pq Vt str 247A list of kernel modules to load right after the local 248disks are mounted. 249Loading modules at this point in the boot process is 250much faster than doing it via 251.Pa /boot/loader.conf 252for those modules not necessary for mounting local disk. 253.It Va kldxref_enable 254.Pq Vt bool 255Set to 256.Dq Li NO 257by default. 258Set to 259.Dq Li YES 260to automatically rebuild 261.Pa linker.hints 262files with 263.Xr kldxref 8 264at boot time. 265.It Va kldxref_clobber 266.Pq Vt bool 267Set to 268.Dq Li NO 269by default. 270If 271.Va kldxref_enable 272is true, 273setting to 274.Dq Li YES 275will overwrite existing 276.Pa linker.hints 277files at boot time. 278Otherwise, 279only missing 280.Pa linker.hints 281files are generated. 282.It Va kldxref_module_path 283.Pq Vt str 284Empty by default. 285A semi-colon 286.Pq Ql \&; 287delimited list of paths containing 288.Xr kld 4 289modules. 290If empty, 291the contents of the 292.Va kern.module_path 293.Xr sysctl 8 294are used. 295.It Va powerd_enable 296.Pq Vt bool 297If set to 298.Dq Li YES , 299enable the system power control facility with the 300.Xr powerd 8 301daemon. 302.It Va powerd_flags 303.Pq Vt str 304If 305.Va powerd_enable 306is set to 307.Dq Li YES , 308these are the flags to pass to the 309.Xr powerd 8 310daemon. 311.It Va tmpmfs 312Controls the creation of a 313.Pa /tmp 314memory file system. 315Always happens if set to 316.Dq Li YES 317and never happens if set to 318.Dq Li NO . 319If set to anything else, a memory file system is created if 320.Pa /tmp 321is not writable. 322.It Va tmpsize 323Controls the size of a created 324.Pa /tmp 325memory file system. 326.It Va tmpmfs_flags 327Extra options passed to the 328.Xr mdmfs 8 329utility when the memory file system for 330.Pa /tmp 331is created. 332The default is 333.Dq Li "-S" , 334which inhibits the use of softupdates on 335.Pa /tmp 336so that file system space is freed without delay 337after file truncation or deletion. 338See 339.Xr mdmfs 8 340for other options you can use in 341.Va tmpmfs_flags . 342.It Va varmfs 343Controls the creation of a 344.Pa /var 345memory file system. 346Always happens if set to 347.Dq Li YES 348and never happens if set to 349.Dq Li NO . 350If set to anything else, a memory file system is created if 351.Pa /var 352is not writable. 353.It Va varsize 354Controls the size of a created 355.Pa /var 356memory file system. 357.It Va varmfs_flags 358Extra options passed to the 359.Xr mdmfs 8 360utility when the memory file system for 361.Pa /var 362is created. 363The default is 364.Dq Li "-S" , 365which inhibits the use of softupdates on 366.Pa /var 367so that file system space is freed without delay 368after file truncation or deletion. 369See 370.Xr mdmfs 8 371for other options you can use in 372.Va varmfs_flags . 373.It Va populate_var 374Controls the automatic population of the 375.Pa /var 376file system. 377Always happens if set to 378.Dq Li YES 379and never happens if set to 380.Dq Li NO . 381If set to anything else, a memory file system is created if 382.Pa /var 383is not writable. 384Note that this process requires access to certain commands in 385.Pa /usr 386before 387.Pa /usr 388is mounted on normal systems. 389.It Va cleanvar_enable 390.Pq Vt bool 391Clean the 392.Pa /var 393directory. 394.It Va local_startup 395.Pq Vt str 396List of directories to search for startup script files. 397.It Va script_name_sep 398.Pq Vt str 399The field separator to use for breaking down the list of startup script files 400into individual filenames. 401The default is a space. 402It is not necessary to change this unless there are startup scripts with names 403containing spaces. 404.It Va hostapd_enable 405.Pq Vt bool 406Set to 407.Dq Li YES 408to start 409.Xr hostapd 8 410at system boot time. 411.It Va hostname 412.Pq Vt str 413The fully qualified domain name (FQDN) of this host on the network. 414This should almost certainly be set to something meaningful, even if 415there is no network connection. 416If 417.Xr dhclient 8 418is used to set the hostname via DHCP, 419this variable should be set to an empty string. 420If this value remains unset when the system is done booting 421your console login will display the default hostname of 422.Dq Amnesiac . 423.It Va nisdomainname 424.Pq Vt str 425The NIS domain name of this host, or 426.Dq Li NO 427if NIS is not used. 428.It Va dhclient_program 429.Pq Vt str 430Path to the DHCP client program 431.Pa ( /sbin/dhclient , 432the 433.Ox 434DHCP client, 435is the default). 436.It Va dhclient_flags 437.Pq Vt str 438Additional flags to pass to the DHCP client program. 439For the 440.Ox 441DHCP client, see the 442.Xr dhclient 8 443manpage for a description of the command line options available. 444.It Va dhclient_flags_ Ns Aq Ar iface 445Additional flags to pass to the DHCP client program running on 446.Ar iface 447only. 448When specified, this variable overrides 449.Va dhclient_flags . 450.It Va background_dhclient 451.Pq Vt bool 452Set to 453.Dq Li YES 454to start the DHCP client in background. 455This can cause trouble with applications depending on 456a working network, but it will provide a faster startup 457in many cases. 458.It Va background_dhclient_ Ns Aq Ar iface 459When specified, this variable overrides the 460.Va background_dhclient 461variable for interface 462.Ar iface 463only. 464.It Va synchronous_dhclient 465.Pq Vt bool 466Set to 467.Dq Li YES 468to start 469.Xr dhclient 8 470synchronously at startup. 471This behavior can be overridden on a per-interface basis by replacing 472the 473.Dq Li DHCP 474keyword in the 475.Va ifconfig_ Ns Aq Ar interface 476variable with 477.Dq Li SYNCDHCP 478or 479.Dq Li NOSYNCDHCP . 480.It Va defaultroute_delay 481.Pq Vt int 482When set to a positive value, wait up to this long after configuring 483DHCP interfaces at startup to give the interfaces time to receive a lease. 484.It Va firewall_enable 485.Pq Vt bool 486Set to 487.Dq Li YES 488to load firewall rules at startup. 489If the kernel was not built with 490.Cd "options IPFIREWALL" , 491the 492.Pa ipfw.ko 493kernel module will be loaded. 494See also 495.Va ipfilter_enable . 496.It Va firewall_script 497.Pq Vt str 498This variable specifies the full path to the firewall script to run. 499The default is 500.Pa /etc/rc.firewall . 501.It Va firewall_type 502.Pq Vt str 503Names the firewall type from the selection in 504.Pa /etc/rc.firewall , 505or the file which contains the local firewall ruleset. 506Valid selections from 507.Pa /etc/rc.firewall 508are: 509.Pp 510.Bl -tag -width ".Li simple" -compact 511.It Li open 512unrestricted IP access 513.It Li closed 514all IP services disabled, except via 515.Dq Li lo0 516.It Li client 517basic protection for a workstation 518.It Li simple 519basic protection for a LAN. 520.El 521.Pp 522If a filename is specified, the full path 523must be given. 524.It Va firewall_quiet 525.Pq Vt bool 526Set to 527.Dq Li YES 528to disable the display of firewall rules on the console during boot. 529.It Va firewall_logging 530.Pq Vt bool 531Set to 532.Dq Li YES 533to enable firewall event logging. 534This is equivalent to the 535.Dv IPFIREWALL_VERBOSE 536kernel option. 537.It Va firewall_logif 538.Pq Vt bool 539Set to 540.Dq Li YES 541to create pseudo interface 542.Li ipfw0 543for logging. 544For more details, see 545.Xr ipfw 8 546manual page. 547.It Va firewall_flags 548.Pq Vt str 549Flags passed to 550.Xr ipfw 8 551if 552.Va firewall_type 553specifies a filename. 554.It Va firewall_coscripts 555.Pq Vt str 556List of executables and/or rc scripts to run after firewall starts/stops. 557Default is empty. 558.\" ----- firewall_nat_enable setting -------------------------------- 559.It Va firewall_nat_enable 560.Pq Vt bool 561The 562.Xr ipfw 8 563equivalent of 564.Va natd_enable . 565Setting this to 566.Dq Li YES 567enables kernel NAT. 568.Va firewall_enable 569must also be set to 570.Dq Li YES . 571.It Va firewall_nat_interface 572.Pq Vt str 573The 574.Xr ipfw 8 575equivalent of 576.Va natd_interface . 577This is the name of the public interface or IP address on which 578kernel NAT should run. 579.It Va firewall_nat_flags 580.Pq Vt str 581Additional configuration parameters for kernel NAT should be placed here. 582.It Va dummynet_enable 583.Pq Vt bool 584Setting this to 585.Dq Li YES 586will automatically load the 587.Xr dummynet 4 588module if 589.Va firewall_enable 590is also set to 591.Dq Li YES . 592.\" ------------------------------------------------------------------- 593.It Va natd_program 594.Pq Vt str 595Path to 596.Xr natd 8 . 597.It Va natd_enable 598.Pq Vt bool 599Set to 600.Dq Li YES 601to enable 602.Xr natd 8 . 603.Va firewall_enable 604must also be set to 605.Dq Li YES , 606and 607.Xr divert 4 608sockets must be enabled in the kernel. 609If the kernel was not built with 610.Cd "options IPDIVERT" , 611the 612.Pa ipdivert.ko 613kernel module will be loaded. 614.It Va natd_interface 615.Pq Vt str 616This is the name of the public interface on which 617.Xr natd 8 618should run. 619The interface may be given as an interface name or as an IP address. 620.It Va natd_flags 621.Pq Vt str 622Additional 623.Xr natd 8 624flags should be placed here. 625The 626.Fl n 627or 628.Fl a 629flag is automatically added with the above 630.Va natd_interface 631as an argument. 632.\" ----- ipfilter_enable setting -------------------------------- 633.It Va ipfilter_enable 634.Pq Vt bool 635Set to 636.Dq Li NO 637by default. 638Setting this to 639.Dq Li YES 640enables 641.Xr ipf 8 642packet filtering. 643.Pp 644Typical usage will require putting 645.Bd -literal 646ipfilter_enable="YES" 647ipnat_enable="YES" 648ipmon_enable="YES" 649ipfs_enable="YES" 650.Ed 651.Pp 652into 653.Pa /etc/rc.conf 654and editing 655.Pa /etc/ipf.rules 656and 657.Pa /etc/ipnat.rules 658appropriately. 659.Pp 660Note that 661.Va ipfilter_enable 662and 663.Va ipnat_enable 664can be enabled independently. 665.Va ipmon_enable 666and 667.Va ipfs_enable 668both require at least one of 669.Va ipfilter_enable 670and 671.Va ipnat_enable 672to be enabled. 673.Pp 674Having 675.Bd -literal 676options IPFILTER 677options IPFILTER_LOG 678options IPFILTER_DEFAULT_BLOCK 679.Ed 680.Pp 681in the kernel configuration file is a good idea, too. 682.\" ----- ipfilter_program setting ------------------------------ 683.It Va ipfilter_program 684.Pq Vt str 685Path to 686.Xr ipf 8 687(default 688.Pa /sbin/ipf ) . 689.\" ----- ipfilter_rules setting -------------------------------- 690.It Va ipfilter_rules 691.Pq Vt str 692Set to 693.Pa /etc/ipf.rules 694by default. 695This variable contains the name of the filter rule definition file. 696The file is expected to be readable for the 697.Xr ipf 8 698command to execute. 699.\" ----- ipv6_ipfilter_rules setting --------------------------- 700.It Va ipv6_ipfilter_rules 701.Pq Vt str 702Set to 703.Pa /etc/ipf6.rules 704by default. 705This variable contains the IPv6 filter rule definition file. 706The file is expected to be readable for the 707.Xr ipf 8 708command to execute. 709.\" ----- ipfilter_flags setting -------------------------------- 710.It Va ipfilter_flags 711.Pq Vt str 712Empty by default. 713This variable contains flags passed to the 714.Xr ipf 8 715program. 716.\" ----- ipnat_enable setting ---------------------------------- 717.It Va ipnat_enable 718.Pq Vt bool 719Set to 720.Dq Li NO 721by default. 722Set it to 723.Dq Li YES 724to enable 725.Xr ipnat 8 726network address translation. 727See 728.Va ipfilter_enable 729for a detailed discussion. 730.\" ----- ipnat_program setting --------------------------------- 731.It Va ipnat_program 732.Pq Vt str 733Path to 734.Xr ipnat 8 735(default 736.Pa /sbin/ipnat ) . 737.\" ----- ipnat_rules setting ----------------------------------- 738.It Va ipnat_rules 739.Pq Vt str 740Set to 741.Pa /etc/ipnat.rules 742by default. 743This variable contains the name of the file 744holding the network address translation definition. 745This file is expected to be readable for the 746.Xr ipnat 8 747command to execute. 748.\" ----- ipnat_flags setting ----------------------------------- 749.It Va ipnat_flags 750.Pq Vt str 751Empty by default. 752This variable contains flags passed to the 753.Xr ipnat 8 754program. 755.\" ----- ipmon_enable setting ---------------------------------- 756.It Va ipmon_enable 757.Pq Vt bool 758Set to 759.Dq Li NO 760by default. 761Set it to 762.Dq Li YES 763to enable 764.Xr ipmon 8 765monitoring (logging 766.Xr ipf 8 767and 768.Xr ipnat 8 769events). 770Setting this variable needs setting 771.Va ipfilter_enable 772or 773.Va ipnat_enable 774too. 775See 776.Va ipfilter_enable 777for a detailed discussion. 778.\" ----- ipmon_program setting --------------------------------- 779.It Va ipmon_program 780.Pq Vt str 781Path to 782.Xr ipmon 8 783(default 784.Pa /sbin/ipmon ) . 785.\" ----- ipmon_flags setting ----------------------------------- 786.It Va ipmon_flags 787.Pq Vt str 788Set to 789.Dq Li -Ds 790by default. 791This variable contains flags passed to the 792.Xr ipmon 8 793program. 794Another typical example would be 795.Dq Fl D Pa /var/log/ipflog 796to have 797.Xr ipmon 8 798log directly to a file bypassing 799.Xr syslogd 8 . 800Make sure to adjust 801.Pa /etc/newsyslog.conf 802in such case like this: 803.Bd -literal 804/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 805.Ed 806.\" ----- ipfs_enable setting ----------------------------------- 807.It Va ipfs_enable 808.Pq Vt bool 809Set to 810.Dq Li NO 811by default. 812Set it to 813.Dq Li YES 814to enable 815.Xr ipfs 8 816saving the filter and NAT state tables during shutdown 817and reloading them during startup again. 818Setting this variable needs setting 819.Va ipfilter_enable 820or 821.Va ipnat_enable 822to 823.Dq Li YES 824too. 825See 826.Va ipfilter_enable 827for a detailed discussion. 828Note that if 829.Va kern_securelevel 830is set to 3, 831.Va ipfs_enable 832cannot be used 833because the raised securelevel will prevent 834.Xr ipfs 8 835from saving the state tables at shutdown time. 836.\" ----- ipfs_program setting ---------------------------------- 837.It Va ipfs_program 838.Pq Vt str 839Path to 840.Xr ipfs 8 841(default 842.Pa /sbin/ipfs ) . 843.\" ----- ipfs_flags setting ------------------------------------ 844.It Va ipfs_flags 845.Pq Vt str 846Empty by default. 847This variable contains flags passed to the 848.Xr ipfs 8 849program. 850.\" ----- end of added ipf hook --------------------------------- 851.It Va pf_enable 852.Pq Vt bool 853Set to 854.Dq Li NO 855by default. 856Setting this to 857.Dq Li YES 858enables 859.Xr pf 4 860packet filtering. 861.Pp 862Typical usage will require putting 863.Pp 864.Dl pf_enable="YES" 865.Pp 866into 867.Pa /etc/rc.conf 868and editing 869.Pa /etc/pf.conf 870appropriately. 871Adding 872.Pp 873.Dl "device pf" 874.Pp 875builds support for 876.Xr pf 4 877into the kernel, otherwise the 878kernel module will be loaded. 879.It Va pf_rules 880.Pq Vt str 881Path to 882.Xr pf 4 883ruleset configuration file 884(default 885.Pa /etc/pf.conf ) . 886.It Va pf_program 887.Pq Vt str 888Path to 889.Xr pfctl 8 890(default 891.Pa /sbin/pfctl ) . 892.It Va pf_flags 893.Pq Vt str 894If 895.Va pf_enable 896is set to 897.Dq Li YES , 898these flags are passed to the 899.Xr pfctl 8 900program when loading the ruleset. 901.It Va pflog_enable 902.Pq Vt bool 903Set to 904.Dq Li NO 905by default. 906Setting this to 907.Dq Li YES 908enables 909.Xr pflogd 8 910which logs packets from the 911.Xr pf 4 912packet filter. 913.It Va pflog_logfile 914.Pq Vt str 915If 916.Va pflog_enable 917is set to 918.Dq Li YES 919this controls where 920.Xr pflogd 8 921stores the logfile 922(default 923.Pa /var/log/pflog ) . 924Check 925.Pa /etc/newsyslog.conf 926to adjust logfile rotation for this. 927.It Va pflog_program 928.Pq Vt str 929Path to 930.Xr pflogd 8 931(default 932.Pa /sbin/pflogd ) . 933.It Va pflog_flags 934.Pq Vt str 935Empty by default. 936This variable contains additional flags passed to the 937.Xr pflogd 8 938program. 939.It Va pflog_instances 940.Pq Vt str 941If logging to more than one 942.Xr pflog 4 943interface is desired, 944.Va pflog_instances 945is set to the list of 946.Xr pflogd 8 947instances that should be started at system boot time. If 948.Va pflog_instances 949is set, for each whitespace-seperated 950.Ar element 951in the list, 952.Ao Ar element Ac Ns Va _dev 953and 954.Ao Ar element Ac Ns Va _logfile 955elements are assumed to exist. 956.Ao Ar element Ac Ns Va _dev 957must contain the 958.Xr pflog 4 959interface to be watched by the named 960.Xr pflogd 8 961instance. 962.Ao Ar element Ac Ns Va _logfile 963must contain the name of the logfile that will be used by the 964.Xr pflogd 8 965instance. 966.It Va ftpproxy_enable 967.Pq Vt bool 968Set to 969.Dq Li NO 970by default. 971Setting this to 972.Dq Li YES 973enables 974.Xr ftp-proxy 8 975which supports the 976.Xr pf 4 977packet filter in translating ftp connections. 978.It Va ftpproxy_flags 979.Pq Vt str 980Empty by default. 981This variable contains additional flags passed to the 982.Xr ftp-proxy 8 983program. 984.It Va ftpproxy_instances 985.Pq Vt str 986Empty by default. If multiple instances of 987.Xr ftp-proxy 8 988are desired at boot time, 989.Va ftpproxy_instances 990should contain a whitespace-seperated list of instance names. For each 991.Ar element 992in the list, a variable named 993.Ao Ar element Ac Ns Va _flags 994should be defined, containing the command-line flags to be passed to the 995.Xr ftp-proxy 8 996instance. 997.It Va pfsync_enable 998.Pq Vt bool 999Set to 1000.Dq Li NO 1001by default. 1002Setting this to 1003.Dq Li YES 1004enables exposing 1005.Xr pf 4 1006state changes to other hosts over the network by means of 1007.Xr pfsync 4 . 1008The 1009.Va pfsync_syncdev 1010variable 1011must also be set then. 1012.It Va pfsync_syncdev 1013.Pq Vt str 1014Empty by default. 1015This variable specifies the name of the network interface 1016.Xr pfsync 4 1017should operate through. 1018It must be set accordingly if 1019.Va pfsync_enable 1020is set to 1021.Dq Li YES . 1022.It Va pfsync_syncpeer 1023.Pq Vt str 1024Empty by default. 1025This variable is optional. 1026By default, state change messages are sent out on the synchronisation 1027interface using IP multicast packets. 1028The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1029224.0.0.240. 1030When a peer address is specified using the 1031.Va pfsync_syncpeer 1032option, the peer address is used as a destination for the pfsync 1033traffic, and the traffic can then be protected using 1034.Xr ipsec 4 . 1035See the 1036.Xr pfsync 4 1037manpage for more details about using 1038.Xr ipsec 4 1039with 1040.Xr pfsync 4 1041interfaces. 1042.It Va pfsync_ifconfig 1043.Pq Vt str 1044Empty by default. 1045This variable can contain additional options to be passed to the 1046.Xr ifconfig 8 1047command used to set up 1048.Xr pfsync 4 . 1049.It Va tcp_extensions 1050.Pq Vt bool 1051Set to 1052.Dq Li YES 1053by default. 1054Setting this to 1055.Dq Li NO 1056disables certain TCP options as described by 1057.Rs 1058.%T "RFC 1323" 1059.Re 1060Setting this to 1061.Dq Li NO 1062might help remedy such problems with connections as randomly hanging 1063or other weird behavior. 1064Some network devices are known 1065to be broken with respect to these options. 1066.It Va log_in_vain 1067.Pq Vt int 1068Set to 0 by default. 1069The 1070.Xr sysctl 8 1071variables, 1072.Va net.inet.tcp.log_in_vain 1073and 1074.Va net.inet.udp.log_in_vain , 1075as described in 1076.Xr tcp 4 1077and 1078.Xr udp 4 , 1079are set to the given value. 1080.It Va tcp_keepalive 1081.Pq Vt bool 1082Set to 1083.Dq Li YES 1084by default. 1085Setting to 1086.Dq Li NO 1087will disable probing idle TCP connections to verify that the 1088peer is still up and reachable. 1089.It Va tcp_drop_synfin 1090.Pq Vt bool 1091Set to 1092.Dq Li NO 1093by default. 1094Setting to 1095.Dq Li YES 1096will cause the kernel to ignore TCP frames that have both 1097the SYN and FIN flags set. 1098This prevents OS fingerprinting, but may 1099break some legitimate applications. 1100.It Va icmp_drop_redirect 1101.Pq Vt bool 1102Set to 1103.Dq Li NO 1104by default. 1105Setting to 1106.Dq Li YES 1107will cause the kernel to ignore ICMP REDIRECT packets. 1108Refer to 1109.Xr icmp 4 1110for more information. 1111.It Va icmp_log_redirect 1112.Pq Vt bool 1113Set to 1114.Dq Li NO 1115by default. 1116Setting to 1117.Dq Li YES 1118will cause the kernel to log ICMP REDIRECT packets. 1119Note that 1120the log messages are not rate-limited, so this option should only be used 1121for troubleshooting networks. 1122Refer to 1123.Xr icmp 4 1124for more information. 1125.It Va icmp_bmcastecho 1126.Pq Vt bool 1127Set to 1128.Dq Li YES 1129to respond to broadcast or multicast ICMP ping packets. 1130Refer to 1131.Xr icmp 4 1132for more information. 1133.It Va ip_portrange_first 1134.Pq Vt int 1135If not set to 1136.Dq Li NO , 1137this is the first port in the default portrange. 1138Refer to 1139.Xr ip 4 1140for more information. 1141.It Va ip_portrange_last 1142.Pq Vt int 1143If not set to 1144.Dq Li NO , 1145this is the last port in the default portrange. 1146Refer to 1147.Xr ip 4 1148for more information. 1149.It Va network_interfaces 1150.Pq Vt str 1151Set to the list of network interfaces to configure on this host or 1152.Dq Li AUTO 1153(the default) for all current interfaces. 1154Setting the 1155.Va network_interfaces 1156variable to anything other than the default is deprecated. 1157Interfaces that the administrator wishes to store configuration for, 1158but not start at boot should be configured with the 1159.Dq Li NOAUTO 1160keyword in their 1161.Va ifconfig_ Ns Aq Ar interface 1162variables as described below. 1163.Pp 1164An 1165.Va ifconfig_ Ns Aq Ar interface 1166variable is also assumed to exist for each value of 1167.Ar interface . 1168When an interface name contains any of the characters 1169.Dq Li .-/+ 1170they are translated to 1171.Dq Li _ 1172before lookup. 1173The variable can contain arguments to 1174.Xr ifconfig 8 , 1175as well as special case-insensitive keywords described below. 1176Such keywords are removed before passing the value to 1177.Xr ifconfig 8 1178while the order of the other arguments is preserved. 1179.Pp 1180It is possible to add IP alias entries using 1181.Xr ifconfig 8 1182syntax with the address family keyword such as 1183.Li inet . 1184Assuming that the interface in question was 1185.Li ed0 , 1186it might look something like this: 1187.Bd -literal 1188ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1189ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1190.Ed 1191.Pp 1192It also possible to configure multiple IP addresses in Classless 1193Inter-Domain Routing 1194.Pq CIDR 1195address notation, 1196whose each address component can be a range like 1197.Li inet 192.0.2.5-23/24 1198or 1199.Li inet6 2001:db8:1-f::1/64 . 1200This notation allows address and prefix length part only, 1201not the other address modifiers. 1202Note that the maximum number of the generated addresses from a range 1203specification is limited to an integer value specified in 1204.Va netif_ipexpand_max 1205in 1206.Xr rc.conf 5 1207because a small typo can unexpectedly generate a large number of addresses. 1208The default value is 1209.Li 2048 . 1210It can be increased by adding the following line into 1211.Xr rc.conf 5 : 1212.Bd -literal 1213netif_ipexpand_max="4096" 1214.Ed 1215.Pp 1216In the case of 1217.Li 192.0.2.5-23/24 , 1218the address 192.0.2.5 will be configured with the 1219netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1220the non-conflicting netmask /32 as explained in the 1221.Xr ifconfig 8 1222alias section. 1223Note that this special netmask handling is only for 1224.Li inet , 1225not for the other address families such as 1226.Li inet6 . 1227.Pp 1228With the interface in question being 1229.Li ed0 , 1230an example could look like: 1231.Bd -literal 1232ifconfig_ed0_alias2="inet 192.0.2.129/27" 1233ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1234.Ed 1235.Pp 1236and so on. 1237.Pp 1238Note that 1239.Va ipv4_addrs_ Ns Aq Ar interface 1240variable was supported for IPv4 CIDR address notation. 1241It is now deprecated because the functionality was integrated into 1242.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1243though 1244.Va ipv4_addrs_ Ns Aq Ar interface 1245is still supported for backward compatibility. 1246.Pp 1247For each 1248.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1249entry with an address family keyword, 1250its contents are passed to 1251.Xr ifconfig 8 . 1252Execution stops at the first unsuccessful access, so if 1253something like this is present: 1254.Bd -literal 1255ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1256ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1257ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1258ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1259.Ed 1260.Pp 1261Then note that alias4 would 1262.Em not 1263be added since the search would 1264stop with the missing 1265.Dq Li alias3 1266entry. 1267Because of this difficult to manage behavior, 1268there is 1269.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1270variable, which has the same functionality as 1271.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1272and can have all of entries in a variable like the following: 1273.Bd -literal 1274ifconfig_ed0_aliases="\\ 1275 inet 127.0.0.251 netmask 0xffffffff \\ 1276 inet 127.0.0.252 netmask 0xffffffff \\ 1277 inet 127.0.0.253 netmask 0xffffffff \\ 1278 inet 127.0.0.254 netmask 0xffffffff" 1279.Ed 1280.Pp 1281It also supports CIDR notation. 1282.Pp 1283If the 1284.Pa /etc/start_if. Ns Aq Ar interface 1285file is present, it is read and executed by the 1286.Xr sh 1 1287interpreter 1288before configuring the interface as specified in the 1289.Va ifconfig_ Ns Aq Ar interface 1290and 1291.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1292variables. 1293.Pp 1294If a 1295.Va vlans_ Ns Aq Ar interface 1296variable is set, 1297a 1298.Xr vlan 4 1299interface will be created for each item in the list with the 1300.Ar vlandev 1301argument set to 1302.Ar interface . 1303If a vlan interface's name is a number, 1304then that number is used as the vlan tag and the new vlan interface is 1305named 1306.Ar interface . Ns Ar tag . 1307Otherwise, 1308the vlan tag must be specified via a 1309.Va vlan 1310parameter in the 1311.Va create_args_ Ns Aq Ar interface 1312variable. 1313.Pp 1314To create a vlan device named 1315.Li em0.101 1316on 1317.Li em0 1318with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1319.Bd -literal 1320vlans_em0="101" 1321ifconfig_em0_101="inet 192.0.2.1/24" 1322.Ed 1323.Pp 1324To create a vlan device named 1325.Li myvlan 1326on 1327.Li em0 1328with the vlan tag 102: 1329.Bd -literal 1330vlans_em0="myvlan" 1331create_args_myvlan="vlan 102" 1332.Ed 1333.Pp 1334If a 1335.Va wlans_ Ns Aq Ar interface 1336variable is set, 1337an 1338.Xr wlan 4 1339interface will be created for each item in the list with the 1340.Ar wlandev 1341argument set to 1342.Ar interface . 1343Further wlan cloning arguments may be passed to the 1344.Xr ifconfig 8 1345.Cm create 1346command by setting the 1347.Va create_args_ Ns Aq Ar interface 1348variable. 1349One or more 1350.Xr wlan 4 1351devices must be created for each wireless devices as of 1352.Fx 8.0 . 1353Debugging flags for 1354.Xr wlan 4 1355devices as set by 1356.Xr wlandebug 8 1357may be specified with an 1358.Va wlandebug_ Ns Aq Ar interface 1359variable. 1360The contents of this variable will be passed directly to 1361.Xr wlandebug 8 . 1362.Pp 1363If the 1364.Va ifconfig_ Ns Aq Ar interface 1365contains the keyword 1366.Dq Li NOAUTO 1367then the interface will not be configured 1368at boot or by 1369.Pa /etc/pccard_ether 1370when 1371.Va network_interfaces 1372is set to 1373.Dq Li AUTO . 1374.Pp 1375It is possible to bring up an interface with DHCP by adding 1376.Dq Li DHCP 1377to the 1378.Va ifconfig_ Ns Aq Ar interface 1379variable. 1380For instance, to initialize the 1381.Li ed0 1382device via DHCP, 1383it is possible to use something like: 1384.Bd -literal 1385ifconfig_ed0="DHCP" 1386.Ed 1387.Pp 1388If you want to configure your wireless interface with 1389.Xr wpa_supplicant 8 1390for use with WPA, EAP/LEAP or WEP, you need to add 1391.Dq Li WPA 1392to the 1393.Va ifconfig_ Ns Aq Ar interface 1394variable. 1395.Pp 1396On the other hand, if you want to configure your wireless interface with 1397.Xr hostapd 8 , 1398you need to add 1399.Dq Li HOSTAP 1400to the 1401.Va ifconfig_ Ns Aq Ar interface 1402variable. 1403.Xr hostapd 8 1404will use the settings from 1405.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1406.Pp 1407Finally, you can add 1408.Xr ifconfig 8 1409options in this variable, in addition to the 1410.Pa /etc/start_if. Ns Aq Ar interface 1411file. 1412For instance, to configure an 1413.Xr ath 4 1414wireless device in station mode with an address obtained 1415via DHCP, using WPA authentication and 802.11b mode, it is 1416possible to use something like: 1417.Bd -literal 1418wlans_ath0="wlan0" 1419ifconfig_wlan0="DHCP WPA mode 11b" 1420.Ed 1421.Pp 1422In addition to the 1423.Va ifconfig_ Ns Aq Ar interface 1424form, a fallback variable 1425.Va ifconfig_DEFAULT 1426may be configured. 1427It will be used for all interfaces with no 1428.Va ifconfig_ Ns Aq Ar interface 1429variable. 1430This is intended to replace the no longer supported 1431.Va pccard_ifconfig 1432variable. 1433.Pp 1434It is also possible to rename an interface by doing: 1435.Bd -literal 1436ifconfig_ed0_name="net0" 1437ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1438.Ed 1439.It Va ipv6_enable 1440.Pq Vt bool 1441This variable is deprecated. 1442Use 1443.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1444and 1445.Va ipv6_activate_all_interfaces 1446if necessary. 1447.Pp 1448If the variable is 1449.Dq Li YES , 1450.Dq Li inet6 accept_rtadv 1451is added to all of 1452.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1453and the 1454.Va ipv6_activate_all_interfaces 1455is defined as 1456.Dq Li YES . 1457.It Va ipv6_prefer 1458.Pq Vt bool 1459This variable is deprecated. 1460Use 1461.Va ip6addrctl_policy 1462instead. 1463.Pp 1464If the variable is 1465.Dq Li YES , 1466the default address selection policy table set by 1467.Xr ip6addrctl 8 1468will be IPv6-preferred. 1469.Pp 1470If the variable is 1471.Dq Li NO , 1472the default address selection policy table set by 1473.Xr ip6addrctl 8 1474will be IPv4-preferred. 1475.It Va ipv6_activate_all_interfaces 1476.Pq Vt bool 1477This controls initial configuration on IPv6-capable 1478interfaces with no corresponding 1479.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1480variable. 1481Note that it is not always necessary to set this variable to 1482.Dq YES 1483to use IPv6 functionality on 1484.Fx . 1485In most cases, just configuring 1486.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1487variables works. 1488.Pp 1489If the variable is 1490.Dq Li NO , 1491all interfaces which do not have a corresponding 1492.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1493variable will be marked as 1494.Dq Li IFDISABLED 1495at creation. 1496This means that all of IPv6 functionality on that interface 1497is completely disabled to enforce a security policy. 1498If the variable is set to 1499.Dq YES , 1500the flag will be cleared on all of the interfaces. 1501.Pp 1502In most cases, just defining an 1503.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1504for an IPv6-capable interface should be sufficient. 1505However, if an interface is added dynamically 1506.Pq by some tunneling protocols such as PPP, for example , 1507it is often difficult to define the variable in advance. 1508In such a case, configuring the 1509.Dq Li IFDISABLED 1510flag can be disabled by setting this variable to 1511.Dq YES . 1512.Pp 1513For more details of the 1514.Dq Li IFDISABLED 1515flag and keywords 1516.Dq Li inet6 ifdisabled , 1517see 1518.Xr ifconfig 8 . 1519.Pp 1520Default is 1521.Dq Li NO . 1522.It Va ipv6_privacy 1523.Pq Vt bool 1524If the variable is 1525.Dq Li YES 1526privacy addresses will be generated for each IPv6 1527interface as described in RFC 4941. 1528.It Va ipv6_network_interfaces 1529.Pq Vt str 1530This is the IPv6 equivalent of 1531.Va network_interfaces . 1532Normally manual configuration of this variable is not needed. 1533.It Va ipv6_cpe_wanif 1534.Pq Vt str 1535If the variable is set to an interface name, 1536the 1537.Xr ifconfig 8 1538options 1539.Dq inet6 -no_radr accept_rtadv 1540will be added to the specified interface automatically before evaluating 1541.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1542and two 1543.Xr sysctl 8 1544variables 1545.Va net.inet6.ip6.rfc6204w3 1546and 1547.Va net.inet6.ip6.no_radr 1548will be set to 1. 1549.Pp 1550This means the specified interface will accept ICMPv6 Router 1551Advertisement messages on that link and add the discovered 1552routers into the Default Router List. 1553While the other interfaces can still accept RA messages if the 1554.Dq inet6 accept_rtadv 1555option is specified, adding 1556routes into the Default Router List will be disabled by 1557.Dq inet6 no_radr 1558option by default. 1559See 1560.Xr ifconfig 8 1561for more details. 1562.Pp 1563Note that ICMPv6 Router Advertisement messages will be 1564accepted even when 1565.Va net.inet6.ip6.forwarding 1566is 1 1567.Pq packet forwarding is enabled 1568when 1569.Va net.inet6.ip6.rfc6204w3 1570is set to 1. 1571.Pp 1572Default is 1573.Dq Li NO . 1574.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1575.Pq Vt str 1576IPv6 functionality on an interface should be configured by 1577.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1578instead of setting ifconfig parameters in 1579.Va ifconfig_ Ns Aq Ar interface . 1580If this variable is empty, all of IPv6 configurations on the 1581specified interface by other variables such as 1582.Va ipv6_prefix_ Ns Ao Ar interface Ac 1583will be ignored. 1584.Pp 1585Aliases should be set by 1586.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1587with 1588.Dq Li inet6 1589keyword. 1590For example: 1591.Bd -literal 1592ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1593ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1594.Ed 1595.Pp 1596Interfaces that have an 1597.Dq Li inet6 accept_rtadv 1598keyword in 1599.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1600setting will be automatically configured by SLAAC 1601.Pq StateLess Address AutoConfiguration 1602described in 1603.Rs 1604.%T "RFC 4862" 1605.Re 1606.Pp 1607Note that a link-local address will be automatically configured in 1608addition to the configured global-scope addresses because the IPv6 1609specifications require it on each link. 1610The address is calculated from the MAC address by using an algorithm 1611defined in 1612.Rs 1613.%T "RFC 4862" 1614.%O "Section 5.3" 1615.Re 1616.Pp 1617If only a link-local address is needed on the interface, 1618the following configuration can be used: 1619.Bd -literal 1620ifconfig_ed0_ipv6="inet6 auto_linklocal" 1621.Ed 1622.Pp 1623A link-local address can also be configured manually. 1624This is useful for the default router address of an IPv6 router 1625so that it does not change when the network interface 1626card is replaced. 1627For example: 1628.Bd -literal 1629ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1630.Ed 1631.It Va ipv6_prefix_ Ns Aq Ar interface 1632.Pq Vt str 1633If one or more prefixes are defined in 1634.Va ipv6_prefix_ Ns Aq Ar interface 1635addresses based on each prefix and the EUI-64 interface index will be 1636configured on that interface. 1637Note that this variable will be ignored when 1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1639is empty. 1640.Pp 1641For example, the following configuration 1642.Bd -literal 1643ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1644.Ed 1645.Pp 1646is equivalent to the following: 1647.Bd -literal 1648ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1649ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1650ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1651ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1652.Ed 1653.Pp 1654These Subnet-Router anycast addresses will be added only when 1655.Va ipv6_gateway_enable 1656is YES. 1657.It Va ipv6_default_interface 1658.Pq Vt str 1659If not set to 1660.Dq Li NO , 1661this is the default output interface for scoped addresses. 1662This works only with ipv6_gateway_enable="NO". 1663.It Va ip6addrctl_enable 1664.Pq Vt bool 1665This variable is to enable configuring default address selection policy table 1666.Pq RFC 3484 . 1667The table can be specified in another variable 1668.Va ip6addrctl_policy . 1669For 1670.Va ip6addrctl_policy 1671the following keywords can be specified: 1672.Dq Li ipv4_prefer , 1673.Dq Li ipv6_prefer , 1674or 1675.Dq Li AUTO . 1676.Pp 1677If 1678.Dq Li ipv4_prefer 1679or 1680.Dq Li ipv6_prefer 1681is specified, 1682.Xr ip6addrctl 8 1683installs a pre-defined policy table described in Section 2.1 1684.Pq IPv6-preferred 1685or 10.3 1686.Pq IPv4-preferred 1687of RFC 3484. 1688.Pp 1689If 1690.Dq Li AUTO 1691is specified, it attempts to read a file 1692.Pa /etc/ip6addrctl.conf 1693first. 1694If this file is found, 1695.Xr ip6addrctl 8 1696reads and installs it. 1697If not found, a policy is automatically set 1698according to 1699.Va ipv6_activate_all_interfaces 1700variable; if the variable is set to 1701.Dq Li YES 1702the IPv6-preferred one is used. 1703Otherwise IPv4-preferred. 1704.Pp 1705The default value of 1706.Va ip6addrctl_enable 1707and 1708.Va ip6addrctl_policy 1709are 1710.Dq Li YES 1711and 1712.Dq Li AUTO , 1713respectively. 1714.It Va cloned_interfaces 1715.Pq Vt str 1716Set to the list of clonable network interfaces to create on this host. 1717Further cloning arguments may be passed to the 1718.Xr ifconfig 8 1719.Cm create 1720command for each interface by setting the 1721.Va create_args_ Ns Aq Ar interface 1722variable. 1723If an interface name is specified with 1724.Dq :sticky 1725keyword, 1726the interface will not be destroyed even when 1727.Pa rc.d/netif 1728script is invoked with 1729.Dq stop 1730argument. 1731This is useful when reconfiguring the interface without destroying it. 1732Entries in 1733.Va cloned_interfaces 1734are automatically appended to 1735.Va network_interfaces 1736for configuration. 1737.It Va cloned_interfaces_sticky 1738.Pq Vt bool 1739This variable is to globally enable functionality of 1740.Dq :sticky 1741keyword in 1742.Va cloned_interfaces 1743for all interfaces. 1744The default value is 1745.Dq NO . 1746Even if this variable is specified to 1747.Dq YES , 1748.Dq :nosticky 1749keyword can be used to override it on per interface basis. 1750.It Va gif_interfaces 1751.Pq Vt str 1752This variable is deprecated in favor of 1753.Va cloned_interfaces . 1754Set to the list of 1755.Xr gif 4 1756tunnel interfaces to configure on this host. 1757A 1758.Va gifconfig_ Ns Aq Ar interface 1759variable is assumed to exist for each value of 1760.Ar interface . 1761The value of this variable is used to configure the link layer of the 1762tunnel according to the syntax of the 1763.Cm tunnel 1764option to 1765.Xr ifconfig 8 . 1766Additionally, this option ensures that each listed interface is created 1767via the 1768.Cm create 1769option to 1770.Xr ifconfig 8 1771before attempting to configure it. 1772.It Va sppp_interfaces 1773.Pq Vt str 1774Set to the list of 1775.Xr sppp 4 1776interfaces to configure on this host. 1777A 1778.Va spppconfig_ Ns Aq Ar interface 1779variable is assumed to exist for each value of 1780.Ar interface . 1781Each interface should also be configured by a general 1782.Va ifconfig_ Ns Aq Ar interface 1783setting. 1784Refer to 1785.Xr spppcontrol 8 1786for more information about available options. 1787.It Va ppp_enable 1788.Pq Vt bool 1789If set to 1790.Dq Li YES , 1791run the 1792.Xr ppp 8 1793daemon. 1794.It Va ppp_profile 1795.Pq Vt str 1796The name of the profile to use from 1797.Pa /etc/ppp/ppp.conf . 1798Also used for per-profile overrides of 1799.Va ppp_mode 1800and 1801.Va ppp_nat , 1802and 1803.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1804When the profile name contains any of the characters 1805.Dq Li .-/+ 1806they are translated to 1807.Dq Li _ 1808for the proposes of the override variable names. 1809.It Va ppp_mode 1810.Pq Vt str 1811Mode in which to run the 1812.Xr ppp 8 1813daemon. 1814.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1815.Pq Vt str 1816Overrides the global 1817.Va ppp_mode 1818for 1819.Ar profile . 1820Accepted modes are 1821.Dq Li auto , 1822.Dq Li ddial , 1823.Dq Li direct 1824and 1825.Dq Li dedicated . 1826See the manual for a full description. 1827.It Va ppp_nat 1828.Pq Vt bool 1829If set to 1830.Dq Li YES , 1831enables network address translation. 1832Used in conjunction with 1833.Va gateway_enable 1834allows hosts on private network addresses access to the Internet using 1835this host as a network address translating router. 1836.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1837.Pq Vt str 1838Overrides the global 1839.Va ppp_nat 1840for 1841.Ar profile . 1842.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1843.Pq Vt int 1844Set the unit number to be used for this profile. 1845See the manual description of 1846.Fl unit Ns Ar N 1847for details. 1848.It Va ppp_user 1849.Pq Vt str 1850The name of the user under which 1851.Xr ppp 8 1852should be started. 1853By 1854default, 1855.Xr ppp 8 1856is started as 1857.Dq Li root . 1858.It Va rc_conf_files 1859.Pq Vt str 1860This option is used to specify a list of files that will override 1861the settings in 1862.Pa /etc/defaults/rc.conf . 1863The files will be read in the order in which they are specified and should 1864include the full path to the file. 1865By default, the files specified are 1866.Pa /etc/rc.conf 1867and 1868.Pa /etc/rc.conf.local 1869.It Va zfs_enable 1870.Pq Vt bool 1871If set to 1872.Dq Li YES , 1873.Pa /etc/rc.d/zfs 1874will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1875(ZVOLs). 1876.It Va gptboot_enable 1877.Pq Vt bool 1878If set to 1879.Dq Li YES , 1880.Pa /etc/rc.d/gptboot 1881will log if the system successfully (or not) booted from a GPT partition, 1882which had the 1883.Ar bootonce 1884attribute set using 1885.Xr gpart 8 1886utility. 1887.It Va gbde_autoattach_all 1888.Pq Vt bool 1889If set to 1890.Dq Li YES , 1891.Pa /etc/rc.d/gbde 1892will attempt to automatically initialize your .bde devices in 1893.Pa /etc/fstab . 1894.It Va gbde_devices 1895.Pq Vt str 1896List the devices that the script should try to attach, 1897or 1898.Dq Li AUTO . 1899.It Va gbde_lockdir 1900.Pq Vt str 1901The directory where the 1902.Xr gbde 4 1903lockfiles are located. 1904The default lockfile directory is 1905.Pa /etc . 1906.Pp 1907The lockfile for each individual 1908.Xr gbde 4 1909device can be overridden by setting the variable 1910.Va gbde_lock_ Ns Aq Ar device , 1911where 1912.Ar device 1913is the encrypted device without the 1914.Dq Pa /dev/ 1915and 1916.Dq Pa .bde 1917parts. 1918.It Va gbde_attach_attempts 1919.Pq Vt int 1920Number of times to attempt attaching to a 1921.Xr gbde 4 1922device, i.e., how many times the user is asked for the pass-phrase. 1923Default is 3. 1924.It Va geli_devices 1925.Pq Vt str 1926List of devices to automatically attach on boot. 1927Note that .eli devices from 1928.Pa /etc/fstab 1929are automatically appended to this list. 1930.It Va geli_tries 1931.Pq Vt int 1932Number of times user is asked for the pass-phrase. 1933If empty, it will be taken from 1934.Va kern.geom.eli.tries 1935sysctl variable. 1936.It Va geli_default_flags 1937.Pq Vt str 1938Default flags to use by 1939.Xr geli 8 1940when configuring disk encryption. 1941Flags can be configured for every device separately by defining 1942.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1943variable. 1944.It Va geli_autodetach 1945.Pq Vt str 1946Specifies if GELI devices should be marked for detach on last close after 1947file systems are mounted. 1948Default is 1949.Dq Li YES . 1950This can be changed for every device separately by defining 1951.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1952variable. 1953.It Va root_rw_mount 1954.Pq Vt bool 1955Set to 1956.Dq Li YES 1957by default. 1958After the file systems are checked at boot time, the root file system 1959is remounted as read-write if this is set to 1960.Dq Li YES . 1961Diskless systems that mount their root file system from a read-only remote 1962NFS share should set this to 1963.Dq Li NO 1964in their 1965.Pa rc.conf . 1966.It Va fsck_y_enable 1967.Pq Vt bool 1968If set to 1969.Dq Li YES , 1970.Xr fsck 8 1971will be run with the 1972.Fl y 1973flag if the initial preen 1974of the file systems fails. 1975.It Va background_fsck 1976.Pq Vt bool 1977If set to 1978.Dq Li YES , 1979the system will attempt to run 1980.Xr fsck 8 1981in the background where possible. 1982.It Va background_fsck_delay 1983.Pq Vt int 1984The amount of time in seconds to sleep before starting a background 1985.Xr fsck 8 . 1986It defaults to sixty seconds to allow large applications such as 1987the X server to start before disk I/O bandwidth is monopolized by 1988.Xr fsck 8 . 1989If set to a negative number, the background file system check will be 1990delayed indefinitely to allow the administrator to run it at a more 1991convenient time. 1992For example it may be run from 1993.Xr cron 8 1994by adding a line like 1995.Pp 1996.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1997.Pp 1998to 1999.Pa /etc/crontab . 2000.It Va netfs_types 2001.Pq Vt str 2002List of file system types that are network-based. 2003This list should generally not be modified by end users. 2004Use 2005.Va extra_netfs_types 2006instead. 2007.It Va extra_netfs_types 2008.Pq Vt str 2009If set to something other than 2010.Dq Li NO 2011(the default), 2012this variable extends the list of file system types 2013for which automatic mounting at startup by 2014.Xr rc 8 2015should be delayed until the network is initialized. 2016It should contain 2017a whitespace-separated list of network file system descriptor pairs, 2018each consisting of a file system type as passed to 2019.Xr mount 8 2020and a human-readable, one-word description, 2021joined with a colon 2022.Pq Ql \&: . 2023Extending the default list in this way is only necessary 2024when third party file system types are used. 2025.It Va syslogd_enable 2026.Pq Vt bool 2027If set to 2028.Dq Li YES , 2029run the 2030.Xr syslogd 8 2031daemon. 2032.It Va syslogd_program 2033.Pq Vt str 2034Path to 2035.Xr syslogd 8 2036(default 2037.Pa /usr/sbin/syslogd ) . 2038.It Va syslogd_flags 2039.Pq Vt str 2040If 2041.Va syslogd_enable 2042is set to 2043.Dq Li YES , 2044these are the flags to pass to 2045.Xr syslogd 8 . 2046.It Va inetd_enable 2047.Pq Vt bool 2048If set to 2049.Dq Li YES , 2050run the 2051.Xr inetd 8 2052daemon. 2053.It Va inetd_program 2054.Pq Vt str 2055Path to 2056.Xr inetd 8 2057(default 2058.Pa /usr/sbin/inetd ) . 2059.It Va inetd_flags 2060.Pq Vt str 2061If 2062.Va inetd_enable 2063is set to 2064.Dq Li YES , 2065these are the flags to pass to 2066.Xr inetd 8 . 2067.It Va hastd_enable 2068.Pq Vt bool 2069If set to 2070.Dq Li YES , 2071run the 2072.Xr hastd 8 2073daemon. 2074.It Va hastd_program 2075.Pq Vt str 2076Path to 2077.Xr hastd 8 2078(default 2079.Pa /sbin/hastd ) . 2080.It Va hastd_flags 2081.Pq Vt str 2082If 2083.Va hastd_enable 2084is set to 2085.Dq Li YES , 2086these are the flags to pass to 2087.Xr hastd 8 . 2088.It Va local_unbound_enable 2089.Pq Vt bool 2090If set to 2091.Dq Li YES , 2092run the 2093.Xr unbound 8 2094daemon as a local caching resolver. 2095.It Va kerberos5_server_enable 2096.Pq Vt bool 2097Set to 2098.Dq Li YES 2099to start a Kerberos 5 authentication server 2100at boot time. 2101.It Va kerberos5_server 2102.Pq Vt str 2103If 2104.Va kerberos5_server_enable 2105is set to 2106.Dq Li YES 2107this is the path to Kerberos 5 Authentication Server. 2108.It Va kerberos5_server_flags 2109.Pq Vt str 2110Empty by default. 2111This variable contains additional flags to be passed to the Kerberos 5 2112authentication server. 2113.It Va kadmind5_server_enable 2114.Pq Vt bool 2115Set to 2116.Dq Li YES 2117to start 2118.Xr kadmind 8 , 2119the Kerberos 5 Administration Daemon; set to 2120.Dq Li NO 2121on a slave server. 2122.It Va kadmind5_server 2123.Pq Vt str 2124If 2125.Va kadmind5_server_enable 2126is set to 2127.Dq Li YES 2128this is the path to Kerberos 5 Administration Daemon. 2129.It Va kpasswdd_server_enable 2130.Pq Vt bool 2131Set to 2132.Dq Li YES 2133to start 2134.Xr kpasswdd 8 , 2135the Kerberos 5 Password-Changing Daemon; set to 2136.Dq Li NO 2137on a slave server. 2138.It Va kpasswdd_server 2139.Pq Vt str 2140If 2141.Va kpasswdd_server_enable 2142is set to 2143.Dq Li YES 2144this is the path to Kerberos 5 Password-Changing Daemon. 2145.It Va kfd_enable 2146.Pq Vt bool 2147Set to 2148.Dq Li YES 2149to start 2150.Xr kfd 8 , 2151the Kerberos 5 ticket forwarding daemon, at the boot time. 2152.It Va kfd_program 2153.Pq Vt str 2154Path to 2155.Xr kfd 8 2156(default 2157.Pa /usr/libexec/kfd ) . 2158.It Va rwhod_enable 2159.Pq Vt bool 2160If set to 2161.Dq Li YES , 2162run the 2163.Xr rwhod 8 2164daemon at boot time. 2165.It Va rwhod_flags 2166.Pq Vt str 2167If 2168.Va rwhod_enable 2169is set to 2170.Dq Li YES , 2171these are the flags to pass to it. 2172.It Va amd_enable 2173.Pq Vt bool 2174If set to 2175.Dq Li YES , 2176run the 2177.Xr amd 8 2178daemon at boot time. 2179.It Va amd_flags 2180.Pq Vt str 2181If 2182.Va amd_enable 2183is set to 2184.Dq Li YES , 2185these are the flags to pass to it. 2186See the 2187.Xr amd 8 2188manpage for more information. 2189.It Va amd_map_program 2190.Pq Vt str 2191If set, 2192the specified program is run to get the list of 2193.Xr amd 8 2194maps. 2195For example, if the 2196.Xr amd 8 2197maps are stored in NIS, one can set this to 2198run 2199.Xr ypcat 1 2200to get a list of 2201.Xr amd 8 2202maps from the 2203.Pa amd.master 2204NIS map. 2205.It Va update_motd 2206.Pq Vt bool 2207If set to 2208.Dq Li YES , 2209.Pa /etc/motd 2210will be updated at boot time to reflect the kernel release 2211being run. 2212If set to 2213.Dq Li NO , 2214.Pa /etc/motd 2215will not be updated. 2216.It Va nfs_client_enable 2217.Pq Vt bool 2218If set to 2219.Dq Li YES , 2220run the NFS client daemons at boot time. 2221.It Va nfs_access_cache 2222.Pq Vt int 2223If 2224.Va nfs_client_enable 2225is set to 2226.Dq Li YES , 2227this can be set to 2228.Dq Li 0 2229to disable NFS ACCESS RPC caching, or to the number of seconds for which 2230NFS ACCESS 2231results should be cached. 2232A value of 2-10 seconds will substantially reduce network 2233traffic for many NFS operations. 2234.It Va nfs_server_enable 2235.Pq Vt bool 2236If set to 2237.Dq Li YES , 2238run the NFS server daemons at boot time. 2239.It Va nfs_server_flags 2240.Pq Vt str 2241If 2242.Va nfs_server_enable 2243is set to 2244.Dq Li YES , 2245these are the flags to pass to the 2246.Xr nfsd 8 2247daemon. 2248.It Va nfsv4_server_enable 2249.Pq Vt bool 2250If 2251.Va nfs_server_enable 2252is set to 2253.Dq Li YES 2254and 2255.Va nfsv4_server_enable 2256are set to 2257.Dq Li YES , 2258enable the server for NFSv4 as well as NFSv2 and NFSv3. 2259.It Va nfsuserd_enable 2260.Pq Vt bool 2261If 2262.Va nfsuserd_enable 2263is set to 2264.Dq Li YES , 2265run the nfsuserd daemon, which is needed for NFSv4 in order 2266to map between user/group names vs uid/gid numbers. 2267If 2268.Va nfsv4_server_enable 2269is set to 2270.Dq Li YES , 2271this will be forced enabled. 2272.It Va nfsuserd_flags 2273.Pq Vt str 2274If 2275.Va nfsuserd_enable 2276is set to 2277.Dq Li YES , 2278these are the flags to pass to the 2279.Xr nfsuserd 8 2280daemon. 2281.It Va nfscbd_enable 2282.Pq Vt bool 2283If 2284.Va nfscbd_enable 2285is set to 2286.Dq Li YES , 2287run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2288.It Va nfscbd_flags 2289.Pq Vt str 2290If 2291.Va nfscbd_enable 2292is set to 2293.Dq Li YES , 2294these are the flags to pass to the 2295.Xr nfscbd 8 2296daemon. 2297.It Va oldnfs_server_enable 2298.Pq Vt bool 2299If 2300.Va oldnfs_server_enable 2301is set to 2302.Dq Li YES , 2303force the NFS server daemons to run the old NFS server code 2304that does not support NFSv4. 2305.It Va mountd_enable 2306.Pq Vt bool 2307If set to 2308.Dq Li YES , 2309and no 2310.Va nfs_server_enable 2311is set, start 2312.Xr mountd 8 , 2313but not 2314.Xr nfsd 8 2315daemon. 2316It is commonly needed to run CFS without real NFS used. 2317.It Va mountd_flags 2318.Pq Vt str 2319If 2320.Va mountd_enable 2321is set to 2322.Dq Li YES , 2323these are the flags to pass to the 2324.Xr mountd 8 2325daemon. 2326.It Va weak_mountd_authentication 2327.Pq Vt bool 2328If set to 2329.Dq Li YES , 2330allow services like PCNFSD to make non-privileged mount 2331requests. 2332.It Va nfs_reserved_port_only 2333.Pq Vt bool 2334If set to 2335.Dq Li YES , 2336provide NFS services only on a secure port. 2337.It Va nfs_bufpackets 2338.Pq Vt int 2339If set to a number, indicates the number of packets worth of 2340socket buffer space to reserve on an NFS client. 2341The kernel default is typically 4. 2342Using a higher number may be 2343useful on gigabit networks to improve performance. 2344The minimum value is 23452 and the maximum is 64. 2346.It Va rpc_lockd_enable 2347.Pq Vt bool 2348If set to 2349.Dq Li YES 2350and also an NFS server or client, run 2351.Xr rpc.lockd 8 2352at boot time. 2353.It Va rpc_lockd_flags 2354.Pq Vt str 2355If 2356.Va rpc_lockd_enable 2357is set to 2358.Dq Li YES , 2359these are the flags to pass to the 2360.Xr rpc.lockd 8 2361daemon. 2362.It Va rpc_statd_enable 2363.Pq Vt bool 2364If set to 2365.Dq Li YES 2366and also an NFS server or client, run 2367.Xr rpc.statd 8 2368at boot time. 2369.It Va rpc_statd_flags 2370.Pq Vt str 2371If 2372.Va rpc_statd_enable 2373is set to 2374.Dq Li YES , 2375these are the flags to pass to the 2376.Xr rpc.statd 8 2377daemon. 2378.It Va rpcbind_program 2379.Pq Vt str 2380Path to 2381.Xr rpcbind 8 2382(default 2383.Pa /usr/sbin/rpcbind ) . 2384.It Va rpcbind_enable 2385.Pq Vt bool 2386If set to 2387.Dq Li YES , 2388run the 2389.Xr rpcbind 8 2390service at boot time. 2391.It Va rpcbind_flags 2392.Pq Vt str 2393If 2394.Va rpcbind_enable 2395is set to 2396.Dq Li YES , 2397these are the flags to pass to the 2398.Xr rpcbind 8 2399daemon. 2400.It Va keyserv_enable 2401.Pq Vt bool 2402If set to 2403.Dq Li YES , 2404run the 2405.Xr keyserv 8 2406daemon on boot for running Secure RPC. 2407.It Va keyserv_flags 2408.Pq Vt str 2409If 2410.Va keyserv_enable 2411is set to 2412.Dq Li YES , 2413these are the flags to pass to 2414.Xr keyserv 8 2415daemon. 2416.It Va pppoed_enable 2417.Pq Vt bool 2418If set to 2419.Dq Li YES , 2420run the 2421.Xr pppoed 8 2422daemon at boot time to provide PPP over Ethernet services. 2423.It Va pppoed_ Ns Aq Ar provider 2424.Pq Vt str 2425.Xr pppoed 8 2426listens to requests to this 2427.Ar provider 2428and ultimately runs 2429.Xr ppp 8 2430with a 2431.Ar system 2432argument of the same name. 2433.It Va pppoed_flags 2434.Pq Vt str 2435Additional flags to pass to 2436.Xr pppoed 8 . 2437.It Va pppoed_interface 2438.Pq Vt str 2439The network interface to run 2440.Xr pppoed 8 2441on. 2442This is mandatory when 2443.Va pppoed_enable 2444is set to 2445.Dq Li YES . 2446.It Va timed_enable 2447.Pq Vt bool 2448If set to 2449.Dq Li YES , 2450run the 2451.Xr timed 8 2452service at boot time. 2453This command is intended for networks of 2454machines where a consistent 2455.Dq "network time" 2456for all hosts must be established. 2457This is often useful in large NFS 2458environments where time stamps on files are expected to be consistent 2459network-wide. 2460.It Va timed_flags 2461.Pq Vt str 2462If 2463.Va timed_enable 2464is set to 2465.Dq Li YES , 2466these are the flags to pass to the 2467.Xr timed 8 2468service. 2469.It Va ntpdate_enable 2470.Pq Vt bool 2471If set to 2472.Dq Li YES , 2473run 2474.Xr ntpdate 8 2475at system startup. 2476This command is intended to 2477synchronize the system clock only 2478.Em once 2479from some standard reference. 2480.It Va ntpdate_config 2481.Pq Vt str 2482Configuration file for 2483.Xr ntpdate 8 . 2484Default 2485.Pa /etc/ntp.conf . 2486.It Va ntpdate_hosts 2487.Pq Vt str 2488A whitespace-separated list of NTP servers to synchronize with at startup. 2489The default is to use the servers listed in 2490.Va ntpdate_config , 2491if that file exists. 2492.It Va ntpdate_program 2493.Pq Vt str 2494Path to 2495.Xr ntpdate 8 2496(default 2497.Pa /usr/sbin/ntpdate ) . 2498.It Va ntpdate_flags 2499.Pq Vt str 2500If 2501.Va ntpdate_enable 2502is set to 2503.Dq Li YES , 2504these are the flags to pass to the 2505.Xr ntpdate 8 2506command (typically a hostname). 2507.It Va ntpd_enable 2508.Pq Vt bool 2509If set to 2510.Dq Li YES , 2511run the 2512.Xr ntpd 8 2513command at boot time. 2514.It Va ntpd_program 2515.Pq Vt str 2516Path to 2517.Xr ntpd 8 2518(default 2519.Pa /usr/sbin/ntpd ) . 2520.It Va ntpd_config 2521.Pq Vt str 2522Path to 2523.Xr ntpd 8 2524configuration file. 2525Default 2526.Pa /etc/ntp.conf . 2527.It Va ntpd_flags 2528.Pq Vt str 2529If 2530.Va ntpd_enable 2531is set to 2532.Dq Li YES , 2533these are the flags to pass to the 2534.Xr ntpd 8 2535daemon. 2536.It Va ntpd_sync_on_start 2537.Pq Vt bool 2538If set to 2539.Dq Li YES , 2540.Xr ntpd 8 2541is run with the 2542.Fl g 2543flag, which syncs the system's clock on startup. 2544See 2545.Xr ntpd 8 2546for more information regarding the 2547.Fl g 2548option. 2549This is a preferred alternative to using 2550.Xr ntpdate 8 2551or specifying the 2552.Va ntpdate_enable 2553variable. 2554.It Va nis_client_enable 2555.Pq Vt bool 2556If set to 2557.Dq Li YES , 2558run the 2559.Xr ypbind 8 2560service at system boot time. 2561.It Va nis_client_flags 2562.Pq Vt str 2563If 2564.Va nis_client_enable 2565is set to 2566.Dq Li YES , 2567these are the flags to pass to the 2568.Xr ypbind 8 2569service. 2570.It Va nis_ypset_enable 2571.Pq Vt bool 2572If set to 2573.Dq Li YES , 2574run the 2575.Xr ypset 8 2576daemon at system boot time. 2577.It Va nis_ypset_flags 2578.Pq Vt str 2579If 2580.Va nis_ypset_enable 2581is set to 2582.Dq Li YES , 2583these are the flags to pass to the 2584.Xr ypset 8 2585daemon. 2586.It Va nis_server_enable 2587.Pq Vt bool 2588If set to 2589.Dq Li YES , 2590run the 2591.Xr ypserv 8 2592daemon at system boot time. 2593.It Va nis_server_flags 2594.Pq Vt str 2595If 2596.Va nis_server_enable 2597is set to 2598.Dq Li YES , 2599these are the flags to pass to the 2600.Xr ypserv 8 2601daemon. 2602.It Va nis_ypxfrd_enable 2603.Pq Vt bool 2604If set to 2605.Dq Li YES , 2606run the 2607.Xr rpc.ypxfrd 8 2608daemon at system boot time. 2609.It Va nis_ypxfrd_flags 2610.Pq Vt str 2611If 2612.Va nis_ypxfrd_enable 2613is set to 2614.Dq Li YES , 2615these are the flags to pass to the 2616.Xr rpc.ypxfrd 8 2617daemon. 2618.It Va nis_yppasswdd_enable 2619.Pq Vt bool 2620If set to 2621.Dq Li YES , 2622run the 2623.Xr rpc.yppasswdd 8 2624daemon at system boot time. 2625.It Va nis_yppasswdd_flags 2626.Pq Vt str 2627If 2628.Va nis_yppasswdd_enable 2629is set to 2630.Dq Li YES , 2631these are the flags to pass to the 2632.Xr rpc.yppasswdd 8 2633daemon. 2634.It Va rpc_ypupdated_enable 2635.Pq Vt bool 2636If set to 2637.Dq Li YES , 2638run the 2639.Nm rpc.ypupdated 2640daemon at system boot time. 2641.It Va bsnmpd_enable 2642.Pq Vt bool 2643If set to 2644.Dq Li YES , 2645run the 2646.Xr bsnmpd 1 2647daemon at system boot time. 2648Be sure to understand the security implications of running SNMP daemon 2649on your host. 2650.It Va bsnmpd_flags 2651.Pq Vt str 2652If 2653.Va bsnmpd_enable 2654is set to 2655.Dq Li YES , 2656these are the flags to pass to the 2657.Xr bsnmpd 1 2658daemon. 2659.It Va defaultrouter 2660.Pq Vt str 2661If not set to 2662.Dq Li NO , 2663create a default route to this host name or IP address 2664(use an IP address if this router is also required to get to the 2665name server!). 2666.It Va ipv6_defaultrouter 2667.Pq Vt str 2668The IPv6 equivalent of 2669.Va defaultrouter . 2670.It Va static_arp_pairs 2671.Pq Vt str 2672Set to the list of static ARP pairs that are to be added at system 2673boot time. 2674For each whitespace separated 2675.Ar element 2676in the value, a 2677.Va static_arp_ Ns Aq Ar element 2678variable is assumed to exist whose contents will later be passed to a 2679.Dq Nm arp Cm -S 2680operation. 2681For example 2682.Bd -literal 2683static_arp_pairs="gw" 2684static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2685.Ed 2686.It Va static_ndp_pairs 2687.Pq Vt str 2688Set to the list of static NDP pairs that are to be added at system 2689boot time. 2690For each whitespace separated 2691.Ar element 2692in the value, a 2693.Va static_ndp_ Ns Aq Ar element 2694variable is assumed to exist whose contents will later be passed to a 2695.Dq Nm ndp Cm -s 2696operation. 2697For example 2698.Bd -literal 2699static_ndp_pairs="gw" 2700static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2701.Ed 2702.It Va static_routes 2703.Pq Vt str 2704Set to the list of static routes that are to be added at system 2705boot time. 2706If not set to 2707.Dq Li NO 2708then for each whitespace separated 2709.Ar element 2710in the value, a 2711.Va route_ Ns Aq Ar element 2712variable is assumed to exist 2713whose contents will later be passed to a 2714.Dq Nm route Cm add 2715operation. 2716For example: 2717.Bd -literal 2718static_routes="ext mcast:gif0 gif0local:gif0" 2719route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2720route_mcast="-net 224.0.0.0/4 -iface gif0" 2721route_gif0local="-host 169.254.1.1 -iface lo0" 2722.Ed 2723.Pp 2724When an 2725.Ar element 2726is in the form of 2727.Li name:ifname , 2728the route is specific to the interface 2729.Li ifname . 2730.It Va ipv6_static_routes 2731.Pq Vt str 2732The IPv6 equivalent of 2733.Va static_routes . 2734If not set to 2735.Dq Li NO 2736then for each whitespace separated 2737.Ar element 2738in the value, a 2739.Va ipv6_route_ Ns Aq Ar element 2740variable is assumed to exist 2741whose contents will later be passed to a 2742.Dq Nm route Cm add Fl inet6 2743operation. 2744.It Va natm_static_routes 2745.Pq Vt str 2746The 2747.Xr natmip 4 2748equivalent of 2749.Va static_routes . 2750If not empty then for each whitespace separated 2751.Ar element 2752in the value, a 2753.Va route_ Ns Aq Ar element 2754variable is assumed to exist whose contents will later be passed to a 2755.Dq Nm atmconfig Cm natm Cm add 2756operation. 2757.It Va gateway_enable 2758.Pq Vt bool 2759If set to 2760.Dq Li YES , 2761configure host to act as an IP router, e.g.\& to forward packets 2762between interfaces. 2763.It Va ipv6_gateway_enable 2764.Pq Vt bool 2765The IPv6 equivalent of 2766.Va gateway_enable . 2767.It Va routed_enable 2768.Pq Vt bool 2769If set to 2770.Dq Li YES , 2771run a routing daemon of some sort, based on the 2772settings of 2773.Va routed_program 2774and 2775.Va routed_flags . 2776.It Va route6d_enable 2777.Pq Vt bool 2778The IPv6 equivalent of 2779.Va routed_enable . 2780If set to 2781.Dq Li YES , 2782run a routing daemon of some sort, based on the 2783settings of 2784.Va route6d_program 2785and 2786.Va route6d_flags . 2787.It Va routed_program 2788.Pq Vt str 2789If 2790.Va routed_enable 2791is set to 2792.Dq Li YES , 2793this is the name of the routing daemon to use. 2794.It Va route6d_program 2795.Pq Vt str 2796The IPv6 equivalent of 2797.Va routed_program . 2798.It Va routed_flags 2799.Pq Vt str 2800If 2801.Va routed_enable 2802is set to 2803.Dq Li YES , 2804these are the flags to pass to the routing daemon. 2805.It Va route6d_flags 2806.Pq Vt str 2807The IPv6 equivalent of 2808.Va routed_flags . 2809.It Va mrouted_enable 2810.Pq Vt bool 2811If set to 2812.Dq Li YES , 2813run the multicast routing daemon, 2814.Xr mrouted 8 . 2815.It Va mroute6d_enable 2816.Pq Vt bool 2817The IPv6 equivalent of 2818.Va mrouted_enable . 2819If set to 2820.Dq Li YES , 2821run the IPv6 multicast routing daemon. 2822.Pp 2823Note that multicast routing daemons are no longer included in the 2824.Fx 2825base system, however, both 2826.Xr mrouted 8 2827and 2828.Xr pim6dd 8 2829may be installed from the 2830.Fx 2831Ports Collection. 2832.It Va mrouted_flags 2833.Pq Vt str 2834If 2835.Va mrouted_enable 2836is set to 2837.Dq Li YES , 2838these are the flags to pass to the 2839.Xr mrouted 8 2840daemon. 2841.It Va mroute6d_flags 2842.Pq Vt str 2843The IPv6 equivalent of 2844.Va mrouted_flags . 2845If 2846.Va mroute6d_enable 2847is set to 2848.Dq Li YES , 2849these are the flags passed to the IPv6 multicast routing daemon. 2850.It Va mroute6d_program 2851.Pq Vt str 2852If 2853.Va mroute6d_enable 2854is set to 2855.Dq Li YES , 2856this is the path to the IPv6 multicast routing daemon. 2857.It Va rtadvd_enable 2858.Pq Vt bool 2859If set to 2860.Dq Li YES , 2861run the 2862.Xr rtadvd 8 2863daemon at boot time. 2864The 2865.Xr rtadvd 8 2866utility sends ICMPv6 Router Advertisement messages to 2867the interfaces specified in 2868.Va rtadvd_interfaces . 2869This should only be enabled with great care. 2870You may want to fine-tune 2871.Xr rtadvd.conf 5 . 2872.It Va rtadvd_interfaces 2873.Pq Vt str 2874If 2875.Va rtadvd_enable 2876is set to 2877.Dq Li YES 2878this is the list of interfaces to use. 2879.It Va arpproxy_all 2880.Pq Vt bool 2881If set to 2882.Dq Li YES , 2883enable global proxy ARP. 2884.It Va forward_sourceroute 2885.Pq Vt bool 2886If set to 2887.Dq Li YES 2888and 2889.Va gateway_enable 2890is also set to 2891.Dq Li YES , 2892source-routed packets are forwarded. 2893.It Va accept_sourceroute 2894.Pq Vt bool 2895If set to 2896.Dq Li YES , 2897the system will accept source-routed packets directed at it. 2898.It Va rarpd_enable 2899.Pq Vt bool 2900If set to 2901.Dq Li YES , 2902run the 2903.Xr rarpd 8 2904daemon at system boot time. 2905.It Va rarpd_flags 2906.Pq Vt str 2907If 2908.Va rarpd_enable 2909is set to 2910.Dq Li YES , 2911these are the flags to pass to the 2912.Xr rarpd 8 2913daemon. 2914.It Va bootparamd_enable 2915.Pq Vt bool 2916If set to 2917.Dq Li YES , 2918run the 2919.Xr bootparamd 8 2920daemon at system boot time. 2921.It Va bootparamd_flags 2922.Pq Vt str 2923If 2924.Va bootparamd_enable 2925is set to 2926.Dq Li YES , 2927these are the flags to pass to the 2928.Xr bootparamd 8 2929daemon. 2930.It Va stf_interface_ipv4addr 2931.Pq Vt str 2932If not set to 2933.Dq Li NO , 2934this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2935interface). 2936Specify this entry to enable the 6to4 interface. 2937.It Va stf_interface_ipv4plen 2938.Pq Vt int 2939Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2940An effective value is 0-31. 2941.It Va stf_interface_ipv6_ifid 2942.Pq Vt str 2943IPv6 interface ID for 2944.Xr stf 4 . 2945This can be set to 2946.Dq Li AUTO . 2947.It Va stf_interface_ipv6_slaid 2948.Pq Vt str 2949IPv6 Site Level Aggregator for 2950.Xr stf 4 . 2951.It Va ipv6_faith_prefix 2952.Pq Vt str 2953If not set to 2954.Dq Li NO , 2955this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2956translator. 2957You also need 2958.Xr faithd 8 2959setup. 2960.It Va ipv6_ipv4mapping 2961.Pq Vt bool 2962If set to 2963.Dq Li YES 2964this enables IPv4 mapped IPv6 address communication (like 2965.Li ::ffff:a.b.c.d ) . 2966.It Va rtsold_enable 2967.Pq Vt bool 2968Set to 2969.Dq Li YES 2970to enable the 2971.Xr rtsold 8 2972daemon to send ICMPv6 Router Solicitation messages. 2973.It Va rtsold_flags 2974.Pq Vt str 2975If 2976.Va rtsold_enable 2977is set to 2978.Dq Li YES , 2979these are the flags to pass to 2980.Xr rtsold 8 . 2981.It Va rtsol_flags 2982.Pq Vt str 2983For interfaces configured with the 2984.Dq Li inet6 accept_rtadv 2985keyword, these are the flags to pass to 2986.Xr rtsol 8 . 2987.Pp 2988Note that 2989.Va rtsold_enable 2990is mutually exclusive to 2991.Va rtsol_flags ; 2992.Va rtsold_enable 2993takes precedence. 2994.It Va atm_enable 2995.Pq Vt bool 2996Set to 2997.Dq Li YES 2998to enable the configuration of ATM interfaces at system boot time. 2999For all of the ATM variables described below, please refer to the 3000.Xr atm 8 3001manual page for further details on the available command parameters. 3002Also refer to the files in 3003.Pa /usr/share/examples/atm 3004for more detailed configuration information. 3005.It Va atm_load 3006.Pq Vt str 3007This is a list of physical ATM interface drivers to load. 3008Typical values are 3009.Dq Li hfa_pci 3010and/or 3011.Dq Li hea_pci . 3012.It Va atm_netif_ Ns Aq Ar intf 3013.Pq Vt str 3014For the ATM physical interface 3015.Ar intf , 3016this variable defines the name prefix and count for the ATM network 3017interfaces to be created. 3018The value will be passed as the parameters of an 3019.Dq Nm atm Cm "set netif" Ar intf 3020command. 3021.It Va atm_sigmgr_ Ns Aq Ar intf 3022.Pq Vt str 3023For the ATM physical interface 3024.Ar intf , 3025this variable defines the ATM signalling manager to be used. 3026The value will be passed as the parameters of an 3027.Dq Nm atm Cm attach Ar intf 3028command. 3029.It Va atm_prefix_ Ns Aq Ar intf 3030.Pq Vt str 3031For the ATM physical interface 3032.Ar intf , 3033this variable defines the NSAP prefix for interfaces using a UNI signalling 3034manager. 3035If set to 3036.Dq Li ILMI , 3037the prefix will automatically be set via the 3038.Xr ilmid 8 3039daemon. 3040Otherwise, the value will be passed as the parameters of an 3041.Dq Nm atm Cm "set prefix" Ar intf 3042command. 3043.It Va atm_macaddr_ Ns Aq Ar intf 3044.Pq Vt str 3045For the ATM physical interface 3046.Ar intf , 3047this variable defines the MAC address for interfaces using a UNI signalling 3048manager. 3049If set to 3050.Dq Li NO , 3051the hardware MAC address contained in the ATM interface card will be used. 3052Otherwise, the value will be passed as the parameters of an 3053.Dq Nm atm Cm "set mac" Ar intf 3054command. 3055.It Va atm_arpserver_ Ns Aq Ar netif 3056.Pq Vt str 3057For the ATM network interface 3058.Ar netif , 3059this variable defines the ATM address for a host which is to provide ATMARP 3060service. 3061This variable is only applicable to interfaces using a UNI signalling 3062manager. 3063If set to 3064.Dq Li local , 3065this host will become an ATMARP server. 3066The value will be passed as the parameters of an 3067.Dq Nm atm Cm "set arpserver" Ar netif 3068command. 3069.It Va atm_scsparp_ Ns Aq Ar netif 3070.Pq Vt bool 3071If set to 3072.Dq Li YES , 3073SCSP/ATMARP service for the network interface 3074.Ar netif 3075will be initiated using the 3076.Xr scspd 8 3077and 3078.Xr atmarpd 8 3079daemons. 3080This variable is only applicable if 3081.Va atm_arpserver_ Ns Aq Ar netif 3082is set to 3083.Dq Li local . 3084.It Va atm_pvcs 3085.Pq Vt str 3086Set to the list of ATM PVCs to be added at system 3087boot time. 3088For each whitespace separated 3089.Ar element 3090in the value, an 3091.Va atm_pvc_ Ns Aq Ar element 3092variable is assumed to exist. 3093The value of each of these variables 3094will be passed as the parameters of an 3095.Dq Nm atm Cm "add pvc" 3096command. 3097.It Va atm_arps 3098.Pq Vt str 3099Set to the list of permanent ATM ARP entries to be added 3100at system boot time. 3101For each whitespace separated 3102.Ar element 3103in the value, an 3104.Va atm_arp_ Ns Aq Ar element 3105variable is assumed to exist. 3106The value of each of these variables 3107will be passed as the parameters of an 3108.Dq Nm atm Cm "add arp" 3109command. 3110.It Va natm_interfaces 3111.Pq Vt str 3112Set to the list of 3113.Xr natm 4 3114interfaces that will also be used for HARP through 3115.Xr harp 4 . 3116If this list is not empty all interfaces in the list will be brought up 3117with 3118.Xr ifconfig 8 3119and 3120.Xr harp 4 3121will be loaded. 3122For this to work the interface drivers must be either compiled into the 3123kernel or must reside on the root partition. 3124.It Va keybell 3125.Pq Vt str 3126The keyboard bell sound. 3127Set to 3128.Dq Li normal , 3129.Dq Li visual , 3130.Dq Li off , 3131or 3132.Dq Li NO 3133if the default behavior is desired. 3134For details, refer to the 3135.Xr kbdcontrol 1 3136manpage. 3137.It Va keyboard 3138.Pq Vt str 3139If set to a non-null string, the virtual console's keyboard input is 3140set to this device. 3141.It Va keymap 3142.Pq Vt str 3143If set to 3144.Dq Li NO , 3145no keymap is installed, otherwise the value is used to install 3146the keymap file found in 3147.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3148(if using 3149.Xr syscons 4 ) or 3150.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3151(if using 3152.Xr vt 4 ) . 3153.It Va keyrate 3154.Pq Vt str 3155The keyboard repeat speed. 3156Set to 3157.Dq Li slow , 3158.Dq Li normal , 3159.Dq Li fast , 3160or 3161.Dq Li NO 3162if the default behavior is desired. 3163.It Va keychange 3164.Pq Vt str 3165If not set to 3166.Dq Li NO , 3167attempt to program the function keys with the value. 3168The value should 3169be a single string of the form: 3170.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3171.It Va cursor 3172.Pq Vt str 3173Can be set to the value of 3174.Dq Li normal , 3175.Dq Li blink , 3176.Dq Li destructive , 3177or 3178.Dq Li NO 3179to set the cursor behavior explicitly or choose the default behavior. 3180.It Va scrnmap 3181.Pq Vt str 3182If set to 3183.Dq Li NO , 3184no screen map is installed, otherwise the value is used to install 3185the screen map file in 3186.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3187This parameter is ignored when using 3188.Xr vt 4 3189as the console driver. 3190.It Va font8x16 3191.Pq Vt str 3192If set to 3193.Dq Li NO , 3194the default 8x16 font value is used for screen size requests, otherwise 3195the value in 3196.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3197or 3198.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3199is used (depending on the console driver being used). 3200.It Va font8x14 3201.Pq Vt str 3202If set to 3203.Dq Li NO , 3204the default 8x14 font value is used for screen size requests, otherwise 3205the value in 3206.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3207or 3208.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3209is used (depending on the console driver being used). 3210.It Va font8x8 3211.Pq Vt str 3212If set to 3213.Dq Li NO , 3214the default 8x8 font value is used for screen size requests, otherwise 3215the value in 3216.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3217or 3218.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3219is used (depending on the console driver being used). 3220.It Va blanktime 3221.Pq Vt int 3222If set to 3223.Dq Li NO , 3224the default screen blanking interval is used, otherwise it is set 3225to 3226.Ar value 3227seconds. 3228.It Va saver 3229.Pq Vt str 3230If not set to 3231.Dq Li NO , 3232this is the actual screen saver to use 3233.Li ( blank , snake , daemon , 3234etc). 3235.It Va moused_nondefault_enable 3236.Pq Vt str 3237If set to 3238.Dq Li NO , 3239the mouse device specified on 3240the command line is not automatically treated as enabled by the 3241.Pa /etc/rc.d/moused 3242script. 3243Having this variable set to 3244.Dq Li YES 3245allows a 3246.Xr usb 4 3247mouse, 3248for example, 3249to be enabled as soon as it is plugged in. 3250.It Va moused_enable 3251.Pq Vt str 3252If set to 3253.Dq Li YES , 3254the 3255.Xr moused 8 3256daemon is started for doing cut/paste selection on the console. 3257.It Va moused_type 3258.Pq Vt str 3259This is the protocol type of the mouse connected to this host. 3260This variable must be set if 3261.Va moused_enable 3262is set to 3263.Dq Li YES . 3264The 3265.Xr moused 8 3266daemon 3267is able to detect the appropriate mouse type automatically in many cases. 3268Set this variable to 3269.Dq Li auto 3270to let the daemon detect it, or 3271select one from the following list if the automatic detection fails. 3272.Pp 3273If the mouse is attached to the PS/2 mouse port, choose 3274.Dq Li auto 3275or 3276.Dq Li ps/2 , 3277regardless of the brand and model of the mouse. 3278Likewise, if the 3279mouse is attached to the bus mouse port, choose 3280.Dq Li auto 3281or 3282.Dq Li busmouse . 3283All other protocols are for serial mice and will not work with 3284the PS/2 and bus mice. 3285If this is a USB mouse, 3286.Dq Li auto 3287is the only protocol type which will work. 3288.Pp 3289.Bl -tag -width ".Li x10mouseremote" -compact 3290.It Li microsoft 3291Microsoft mouse (serial) 3292.It Li intellimouse 3293Microsoft IntelliMouse (serial) 3294.It Li mousesystems 3295Mouse systems Corp.\& mouse (serial) 3296.It Li mmseries 3297MM Series mouse (serial) 3298.It Li logitech 3299Logitech mouse (serial) 3300.It Li busmouse 3301A bus mouse 3302.It Li mouseman 3303Logitech MouseMan and TrackMan (serial) 3304.It Li glidepoint 3305ALPS GlidePoint (serial) 3306.It Li thinkingmouse 3307Kensington ThinkingMouse (serial) 3308.It Li ps/2 3309PS/2 mouse 3310.It Li mmhittab 3311MM HitTablet (serial) 3312.It Li x10mouseremote 3313X10 MouseRemote (serial) 3314.It Li versapad 3315Interlink VersaPad (serial) 3316.El 3317.Pp 3318Even if the mouse is not in the above list, it may be compatible 3319with one in the list. 3320Refer to the manual page for 3321.Xr moused 8 3322for compatibility information. 3323.Pp 3324It should also be noted that while this is enabled, any 3325other client of the mouse (such as an X server) should access 3326the mouse through the virtual mouse device, 3327.Pa /dev/sysmouse , 3328and configure it as a 3329.Dq Li sysmouse 3330type mouse, since all 3331mouse data is converted to this single canonical format when 3332using 3333.Xr moused 8 . 3334If the client program does not support the 3335.Dq Li sysmouse 3336type, 3337specify the 3338.Dq Li mousesystems 3339type. 3340It is the second preferred type. 3341.It Va moused_port 3342.Pq Vt str 3343If 3344.Va moused_enable 3345is set to 3346.Dq Li YES , 3347this is the actual port the mouse is on. 3348It might be 3349.Pa /dev/cuau0 3350for a COM1 serial mouse, 3351.Pa /dev/psm0 3352for a PS/2 mouse or 3353.Pa /dev/mse0 3354for a bus mouse, for example. 3355.It Va moused_flags 3356.Pq Vt str 3357If 3358.Va moused_flags 3359is set, its value is used as an additional set of flags to pass to the 3360.Xr moused 8 3361daemon. 3362.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3363When 3364.Va moused_nondefault_enable 3365is enabled, and a 3366.Xr moused 8 3367daemon is started for a non-default port, the 3368.Va "moused_" Ns Ar XXX Ns Va "_flags" 3369set of options has precedence over and replaces the default 3370.Va moused_flags 3371(where 3372.Ar XXX 3373is the name of the non-default port, i.e.,\& 3374.Ar ums0 ) . 3375By setting 3376.Va "moused_" Ns Ar XXX Ns Va "_flags" 3377it is possible to set up a different set of default flags for each 3378.Xr moused 8 3379instance. 3380For example, you can use 3381.Dq Li "-3" 3382for the default 3383.Va moused_flags 3384to make your laptop's touchpad more comfortable to use, 3385but an empty set of options for 3386.Va moused_ums0_flags 3387when your 3388.Xr usb 4 3389mouse has three or more buttons. 3390.It Va mousechar_start 3391.Pq Vt int 3392If set to 3393.Dq Li NO , 3394the default mouse cursor character range 3395.Li 0xd0 Ns - Ns Li 0xd3 3396is used, 3397otherwise the range start is set 3398to 3399.Ar value 3400character, see 3401.Xr vidcontrol 1 . 3402Use if the default range is occupied in the language code table. 3403.It Va allscreens_flags 3404.Pq Vt str 3405If set, 3406.Xr vidcontrol 1 3407is run with these options for each of the virtual terminals 3408.Pq Pa /dev/ttyv* . 3409For example, 3410.Dq Fl m Cm on 3411will enable the mouse pointer on all virtual terminals 3412if 3413.Va moused_enable 3414is set to 3415.Dq Li YES . 3416.It Va allscreens_kbdflags 3417.Pq Vt str 3418If set, 3419.Xr kbdcontrol 1 3420is run with these options for each of the virtual terminals 3421.Pq Pa /dev/ttyv* . 3422For example, 3423.Dq Fl h Li 200 3424will set the 3425.Xr syscons 4 3426or 3427.Xr vt 4 3428scrollback (history) buffer to 200 lines. 3429.It Va cron_enable 3430.Pq Vt bool 3431If set to 3432.Dq Li YES , 3433run the 3434.Xr cron 8 3435daemon at system boot time. 3436.It Va cron_program 3437.Pq Vt str 3438Path to 3439.Xr cron 8 3440(default 3441.Pa /usr/sbin/cron ) . 3442.It Va cron_flags 3443.Pq Vt str 3444If 3445.Va cron_enable 3446is set to 3447.Dq Li YES , 3448these are the flags to pass to 3449.Xr cron 8 . 3450.It Va cron_dst 3451.Pq Vt bool 3452If set to 3453.Dq Li YES , 3454enable the special handling of transitions to and from the 3455Daylight Saving Time in 3456.Xr cron 8 3457(equivalent to using the flag 3458.Fl s ) . 3459.It Va lpd_program 3460.Pq Vt str 3461Path to 3462.Xr lpd 8 3463(default 3464.Pa /usr/sbin/lpd ) . 3465.It Va lpd_enable 3466.Pq Vt bool 3467If set to 3468.Dq Li YES , 3469run the 3470.Xr lpd 8 3471daemon at system boot time. 3472.It Va lpd_flags 3473.Pq Vt str 3474If 3475.Va lpd_enable 3476is set to 3477.Dq Li YES , 3478these are the flags to pass to the 3479.Xr lpd 8 3480daemon. 3481.It Va chkprintcap_enable 3482.Pq Vt bool 3483If set to 3484.Dq Li YES , 3485run the 3486.Xr chkprintcap 8 3487command before starting the 3488.Xr lpd 8 3489daemon. 3490.It Va chkprintcap_flags 3491.Pq Vt str 3492If 3493.Va lpd_enable 3494and 3495.Va chkprintcap_enable 3496are set to 3497.Dq Li YES , 3498these are the flags to pass to the 3499.Xr chkprintcap 8 3500program. 3501The default is 3502.Dq Li -d , 3503which causes missing directories to be created. 3504.It Va mta_start_script 3505.Pq Vt str 3506This variable specifies the full path to the script to run to start 3507a mail transfer agent. 3508The default is 3509.Pa /etc/rc.sendmail . 3510The 3511.Va sendmail_* 3512variables which 3513.Pa /etc/rc.sendmail 3514uses are documented in the 3515.Xr rc.sendmail 8 3516manual page. 3517.It Va dumpdev 3518.Pq Vt str 3519Indicates the device (usually a swap partition) to which a crash dump 3520should be written in the event of a system crash. 3521If the value of this variable is 3522.Dq Li AUTO , 3523the first suitable swap device listed in 3524.Pa /etc/fstab 3525will be used as dump device. 3526Otherwise, the value of this variable is passed as the argument to 3527.Xr dumpon 8 . 3528To disable crash dumps, set this variable to 3529.Dq Li NO . 3530.It Va dumpdir 3531.Pq Vt str 3532When the system reboots after a crash and a crash dump is found on the 3533device specified by the 3534.Va dumpdev 3535variable, 3536.Xr savecore 8 3537will save that crash dump and a copy of the kernel to the directory 3538specified by the 3539.Va dumpdir 3540variable. 3541The default value is 3542.Pa /var/crash . 3543Set to 3544.Dq Li NO 3545to not run 3546.Xr savecore 8 3547at boot time when 3548.Va dumpdir 3549is set. 3550.It Va savecore_flags 3551.Pq Vt str 3552If crash dumps are enabled, these are the flags to pass to the 3553.Xr savecore 8 3554utility. 3555.It Va quota_enable 3556.Pq Vt bool 3557Set to 3558.Dq Li YES 3559to turn on user and group disk quotas on system startup via the 3560.Xr quotaon 8 3561command for all file systems marked as having quotas enabled in 3562.Pa /etc/fstab . 3563The kernel must be built with 3564.Cd "options QUOTA" 3565for disk quotas to function. 3566.It Va check_quotas 3567.Pq Vt bool 3568Set to 3569.Dq Li YES 3570to enable user and group disk quota checking via the 3571.Xr quotacheck 8 3572command. 3573.It Va quotacheck_flags 3574.Pq Vt str 3575If 3576.Va quota_enable 3577is set to 3578.Dq Li YES , 3579and 3580.Va check_quotas 3581is set to 3582.Dq Li YES , 3583these are the flags to pass to the 3584.Xr quotacheck 8 3585utility. 3586The default is 3587.Dq Li "-a" , 3588which checks quotas for all file systems with quotas enabled in 3589.Pa /etc/fstab . 3590.It Va quotaon_flags 3591.Pq Vt str 3592If 3593.Va quota_enable 3594is set to 3595.Dq Li YES , 3596these are the flags to pass to the 3597.Xr quotaon 8 3598utility. 3599The default is 3600.Dq Li "-a" , 3601which enables quotas for all file systems with quotas enabled in 3602.Pa /etc/fstab . 3603.It Va quotaoff_flags 3604.Pq Vt str 3605If 3606.Va quota_enable 3607is set to 3608.Dq Li YES , 3609these are the flags to pass to the 3610.Xr quotaoff 8 3611utility when shutting down the quota system. 3612The default is 3613.Dq Li "-a" , 3614which disables quotas for all file systems with quotas enabled in 3615.Pa /etc/fstab . 3616.It Va accounting_enable 3617.Pq Vt bool 3618Set to 3619.Dq Li YES 3620to enable system accounting through the 3621.Xr accton 8 3622facility. 3623.It Va ibcs2_enable 3624.Pq Vt bool 3625Set to 3626.Dq Li YES 3627to enable iBCS2 (SCO) binary emulation at system initial boot 3628time. 3629.It Va ibcs2_loaders 3630.Pq Vt str 3631If not set to 3632.Dq Li NO 3633and if 3634.Va ibcs2_enable 3635is set to 3636.Dq Li YES , 3637this specifies a list of additional iBCS2 loaders to enable. 3638.It Va firstboot_sentinel 3639.Pq Vt str 3640This variable specifies the full path to a 3641.Dq first boot 3642sentinel file. 3643If a file exists with this path, 3644.Pa rc.d 3645scripts with the 3646.Dq firstboot 3647keyword will be run on startup and the sentinel file will be deleted 3648after the boot process completes. 3649The sentinel file must be located on a writable file system which is 3650mounted no later than 3651.Va early_late_divider 3652to function properly. 3653The default is 3654.Pa /firstboot . 3655.It Va linux_enable 3656.Pq Vt bool 3657Set to 3658.Dq Li YES 3659to enable Linux/ELF binary emulation at system initial 3660boot time. 3661.It Va svr4_enable 3662.Pq Vt bool 3663If set to 3664.Dq Li YES , 3665enable SysVR4 emulation at boot time. 3666.It Va sysvipc_enable 3667.Pq Vt bool 3668If set to 3669.Dq Li YES , 3670load System V IPC primitives at boot time. 3671.It Va clear_tmp_enable 3672.Pq Vt bool 3673Set to 3674.Dq Li YES 3675to have 3676.Pa /tmp 3677cleaned at startup. 3678.It Va clear_tmp_X 3679.Pq Vt bool 3680Set to 3681.Dq Li NO 3682to disable removing of X11 lock files, 3683and the removal and (secure) recreation 3684of the various socket directories for X11 3685related programs. 3686.It Va ldconfig_paths 3687.Pq Vt str 3688Set to the list of shared library paths to use with 3689.Xr ldconfig 8 . 3690NOTE: 3691.Pa /usr/lib 3692will always be added first, so it need not appear in this list. 3693.It Va ldconfig32_paths 3694.Pq Vt str 3695Set to the list of 32-bit compatibility shared library paths to 3696use with 3697.Xr ldconfig 8 . 3698.It Va ldconfig_paths_aout 3699.Pq Vt str 3700Set to the list of shared library paths to use with 3701.Xr ldconfig 8 3702legacy 3703.Xr a.out 5 3704support. 3705.It Va ldconfig_insecure 3706.Pq Vt bool 3707The 3708.Xr ldconfig 8 3709utility normally refuses to use directories 3710which are writable by anyone except root. 3711Set this variable to 3712.Dq Li YES 3713to disable that security check during system startup. 3714.It Va ldconfig_local_dirs 3715.Pq Vt str 3716Set to the list of local 3717.Xr ldconfig 8 3718directories. 3719The names of all files in the directories listed will be 3720passed as arguments to 3721.Xr ldconfig 8 . 3722.It Va ldconfig_local32_dirs 3723.Pq Vt str 3724Set to the list of local 32-bit compatibility 3725.Xr ldconfig 8 3726directories. 3727The names of all files in the directories listed will be 3728passed as arguments to 3729.Dq Nm ldconfig Fl 32 . 3730.It Va kern_securelevel_enable 3731.Pq Vt bool 3732Set to 3733.Dq Li YES 3734to set the kernel security level at system startup. 3735.It Va kern_securelevel 3736.Pq Vt int 3737The kernel security level to set at startup. 3738The allowed range of 3739.Ar value 3740ranges from \-1 (the compile time default) to 3 (the 3741most secure). 3742See 3743.Xr security 7 3744for the list of possible security levels and their effect 3745on system operation. 3746.It Va sshd_program 3747.Pq Vt str 3748Path to the SSH server program 3749.Pa ( /usr/sbin/sshd 3750is the default). 3751.It Va sshd_enable 3752.Pq Vt bool 3753Set to 3754.Dq Li YES 3755to start 3756.Xr sshd 8 3757at system boot time. 3758.It Va sshd_flags 3759.Pq Vt str 3760If 3761.Va sshd_enable 3762is set to 3763.Dq Li YES , 3764these are the flags to pass to the 3765.Xr sshd 8 3766daemon. 3767.It Va ftpd_program 3768.Pq Vt str 3769Path to the FTP server program 3770.Pa ( /usr/libexec/ftpd 3771is the default). 3772.It Va ftpd_enable 3773.Pq Vt bool 3774Set to 3775.Dq Li YES 3776to start 3777.Xr ftpd 8 3778as a stand-alone daemon at system boot time. 3779.It Va ftpd_flags 3780.Pq Vt str 3781If 3782.Va ftpd_enable 3783is set to 3784.Dq Li YES , 3785these are the additional flags to pass to the 3786.Xr ftpd 8 3787daemon. 3788.It Va watchdogd_enable 3789.Pq Vt bool 3790If set to 3791.Dq Li YES , 3792start the 3793.Xr watchdogd 8 3794daemon at boot time. 3795This requires that the kernel have been compiled with a 3796.Xr watchdog 4 3797compatible device. 3798.It Va watchdogd_flags 3799.Pq Vt str 3800If 3801.Va watchdogd_enable 3802is set to 3803.Dq Li YES , 3804these are the flags passed to the 3805.Xr watchdogd 8 3806daemon. 3807.It Va devfs_rulesets 3808.Pq Vt str 3809List of files containing sets of rules for 3810.Xr devfs 8 . 3811.It Va devfs_system_ruleset 3812.Pq Vt str 3813Rule name(s) to apply to the system 3814.Pa /dev 3815itself. 3816.It Va devfs_set_rulesets 3817.Pq Vt str 3818Pairs of already-mounted 3819.Pa dev 3820directories and rulesets that should be applied to them. 3821For example: /mount/dev=ruleset_name 3822.It Va devfs_load_rulesets 3823.Pq Vt bool 3824If set, always load the default rulesets listed in 3825.Va devfs_rulesets . 3826.It Va performance_cx_lowest 3827.Pq Vt str 3828CPU idle state to use while on AC power. 3829The string 3830.Dq Li LOW 3831indicates that 3832.Xr acpi 4 3833should use the lowest power state available while 3834.Dq Li HIGH 3835indicates that the lowest latency state (less power savings) should be used. 3836.It Va performance_cpu_freq 3837.Pq Vt str 3838CPU clock frequency to use while on AC power. 3839The string 3840.Dq Li LOW 3841indicates that 3842.Xr cpufreq 4 3843should use the lowest frequency available while 3844.Dq Li HIGH 3845indicates that the highest frequency (less power savings) should be used. 3846.It Va economy_cx_lowest 3847.Pq Vt str 3848CPU idle state to use when off AC power. 3849The string 3850.Dq Li LOW 3851indicates that 3852.Xr acpi 4 3853should use the lowest power state available while 3854.Dq Li HIGH 3855indicates that the lowest latency state (less power savings) should be used. 3856.It Va economy_cpu_freq 3857.Pq Vt str 3858CPU clock frequency to use when off AC power. 3859The string 3860.Dq Li LOW 3861indicates that 3862.Xr cpufreq 4 3863should use the lowest frequency available while 3864.Dq Li HIGH 3865indicates that the highest frequency (less power savings) should be used. 3866.It Va jail_enable 3867.Pq Vt bool 3868If set to 3869.Dq Li NO , 3870any configured jails will not be started. 3871.It Va jail_conf 3872.Pq Vt str 3873The configuration filename used by 3874.Xr jail 8 3875utility. 3876The default value is 3877.Pa /etc/jail.conf . 3878.It Va jail_parallel_start 3879.Pq Vt bool 3880If set to 3881.Dq Li YES , 3882all configured jails will be started in the background (in parallel). 3883.It Va jail_flags 3884.Pq Vt str 3885Unset by default. 3886When set, use as default value for 3887.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3888for every jail in 3889.Va jail_list . 3890.It Va jail_list 3891.Pq Vt str 3892A space separated list of names for jails. 3893If this variable is empty, 3894all of 3895.Xr jail 8 3896instances in the configuration file will be configured. 3897This is purely a configuration aid to help identify and 3898configure multiple jails. 3899The names specified in this list will be used to 3900identify settings common to an instance of a jail, 3901and should contain alphanumeric characters only. 3902The literal jail name of 3903.Dq Li 0 3904.Pq zero 3905is not allowed. 3906.It Va jail_* variables 3907Note that older releases supported per-jail configuration via 3908.Xr rc.conf 5 3909variables. 3910For example, 3911hostname of a jail named 3912.Li vjail 3913was able to be set by 3914.Li jail_vjail_hostname . 3915These per-jail configuration variables are now obsolete in favor of 3916.Xr jail 8 3917configuration file. 3918For backward compatibility, 3919when per-jail configuration variables are defined, 3920.Xr jail 8 3921configuration files are created as 3922.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3923and used. 3924.Pp 3925The following per-jail parameters are handled by 3926.Pa rc.d/jail 3927script out of their corresponding 3928.Nm 3929variables. 3930In addition to them, parameters in 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3932will be added to the configuration file. 3933They must be a semi-colon 3934.Pq Ql \&; 3935delimited list of 3936.Dq key=value . 3937For more details, 3938see 3939.Xr jail 8 3940manual page. 3941.Bl -tag -width "host.hostname" -offset indent 3942.It Li path 3943set from 3944.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3945.It Li host.hostname 3946set from 3947.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3948.It Li exec.consolelog 3949set from 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3951The default value is 3952.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3953.It Li interface 3954set from 3955.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3956.It Li vnet.interface 3957set from 3958.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3959This implies 3960.Li vnet 3961parameter will be enabled and cannot be specified with 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3963.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3964and/or 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3966at the same time. 3967.It Li fstab 3968set from 3969.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3970.It Li mount 3971set from 3972.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3973.It Li exec.fib 3974set from 3975.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3976.It Li exec.start 3977set from 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3979The parameter name was 3980.Li command 3981in some older releases. 3982.It Li exec.prestart 3983set from 3984.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3985.It Li exec.poststart 3986set from 3987.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3988.It Li exec.stop 3989set from 3990.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3991.It Li exec.prestop 3992set from 3993.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3994.It Li exec.poststop 3995set from 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3997.It Li ip4.addr 3998set if 3999.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4000or 4001.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4002contain IPv4 addresses 4003.It Li ip6.addr 4004set if 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4006or 4007.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4008contain IPv6 addresses 4009.It Li allow.mount 4010set from 4011.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4012.It Li mount.devfs 4013set from 4014.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4015.It Li devfs_ruleset 4016set from 4017.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4018This must be an integer, 4019not a string. 4020.It Li mount.fdescfs 4021set from 4022.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4023.It Li allow.set_hostname 4024set from 4025.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4026.It Li allow.rawsocket 4027set from 4028.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4029.It Li allow.sysvipc 4030set from 4031.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4032.El 4033.\" ----------------------------------------------------- 4034.It Va harvest_interrupt 4035.Pq Vt bool 4036Set to 4037.Dq Li YES 4038to use hardware interrupts as an entropy source. 4039Refer to 4040.Xr random 4 4041for more information. 4042.It Va harvest_ethernet 4043.Pq Vt bool 4044Set to 4045.Dq Li YES 4046to use LAN traffic as an entropy source. 4047Refer to 4048.Xr random 4 4049for more information. 4050.It Va harvest_p_to_p 4051.Pq Vt bool 4052Set to 4053.Dq Li YES 4054to use serial line traffic as an entropy source. 4055Refer to 4056.Xr random 4 4057for more information. 4058.It Va entropy_dir 4059.Pq Vt str 4060Set to 4061.Dq Li NO 4062to disable caching entropy via 4063.Xr cron 8 . 4064Otherwise set to the directory used to store entropy files in. 4065.It Va entropy_file 4066.Pq Vt str 4067Set to 4068.Dq Li NO 4069to disable caching entropy through reboots. 4070Otherwise set to the filename used to store cached entropy through 4071reboots. 4072This file should be located on the root file system to seed the 4073.Xr random 4 4074device as early as possible in the boot process. 4075.It Va entropy_save_sz 4076.Pq Vt int 4077Size of the entropy cache files saved by 4078.Nm save-entropy 4079periodically. 4080.It Va entropy_save_num 4081.Pq Vt int 4082Number of entropy cache files to save by 4083.Nm save-entropy 4084periodically. 4085.It Va ipsec_enable 4086.Pq Vt bool 4087Set to 4088.Dq Li YES 4089to run 4090.Xr setkey 8 4091on 4092.Va ipsec_file 4093at boot time. 4094.It Va ipsec_file 4095.Pq Vt str 4096Configuration file for 4097.Xr setkey 8 . 4098.It Va dmesg_enable 4099.Pq Vt bool 4100Set to 4101.Dq Li YES 4102to save 4103.Xr dmesg 8 4104to 4105.Pa /var/run/dmesg.boot 4106on boot. 4107.It Va rcshutdown_timeout 4108.Pq Vt int 4109If set, start a watchdog timer in the background which will terminate 4110.Pa rc.shutdown 4111if 4112.Xr shutdown 8 4113has not completed within the specified time (in seconds). 4114Notice that in addition to this soft timeout, 4115.Xr init 8 4116also applies a hard timeout for the execution of 4117.Pa rc.shutdown . 4118This is configured via 4119.Xr sysctl 8 4120variable 4121.Va kern.init_shutdown_timeout 4122and defaults to 120 seconds. 4123Setting the value of 4124.Va rcshutdown_timeout 4125to more than 120 seconds will have no effect until the 4126.Xr sysctl 8 4127variable 4128.Va kern.init_shutdown_timeout 4129is also increased. 4130.It Va virecover_enable 4131.Pq Vt bool 4132Set to 4133.Dq Li NO 4134to prevent the system from trying to 4135recover pre-maturely terminated 4136.Xr vi 1 4137sessions. 4138.It Va ugidfw_enable 4139.Pq Vt bool 4140Set to 4141.Dq Li YES 4142to load the 4143.Xr mac_bsdextended 4 4144module upon system initialization and load a default 4145ruleset file. 4146.It Va bsdextended_script 4147.Pq Vt str 4148The default 4149.Xr mac_bsdextended 4 4150ruleset file to load. 4151The default value of this variable is 4152.Pa /etc/rc.bsdextended . 4153.It Va newsyslog_enable 4154.Pq Vt bool 4155If set to 4156.Dq Li YES , 4157run 4158.Xr newsyslog 8 4159command at startup. 4160.It Va newsyslog_flags 4161.Pq Vt str 4162If 4163.Va newsyslog_enable 4164is set to 4165.Dq Li YES , 4166these are the flags to pass to the 4167.Xr newsyslog 8 4168program. 4169The default is 4170.Dq Li -CN , 4171which causes log files flagged with a 4172.Cm C 4173to be created. 4174.It Va mdconfig_md Ns Aq Ar X 4175.Pq Vt str 4176Arguments to 4177.Xr mdconfig 8 4178for 4179.Xr md 4 4180device 4181.Ar X . 4182At minimum a 4183.Fl t Ar type 4184must be specified and either a 4185.Fl s Ar size 4186for malloc or swap backed 4187.Xr md 4 4188devices or a 4189.Fl f Ar file 4190for vnode backed 4191.Xr md 4 4192devices. 4193Note that 4194.Va mdconfig_md Ns Aq Ar X 4195variables are evaluated until one variable is unset or null. 4196.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4197.Pq Vt str 4198Optional arguments passed to 4199.Xr newfs 8 4200to initialize 4201.Xr md 4 4202device 4203.Ar X . 4204.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4205.Pq Vt str 4206An ownership specification passed to 4207.Xr chown 8 4208after the specified 4209.Xr md 4 4210device 4211.Ar X 4212has been mounted. 4213Both the 4214.Xr md 4 4215device and the mount point will be changed. 4216.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4217.Pq Vt str 4218A mode string passed to 4219.Xr chmod 1 4220after the specified 4221.Xr md 4 4222device 4223.Ar X 4224has been mounted. 4225Both the 4226.Xr md 4 4227device and the mount point will be changed. 4228.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4229.Pq Vt str 4230Files to be copied to the mount point of the 4231.Xr md 4 4232device 4233.Ar X 4234after it has been mounted. 4235.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4236.Pq Vt str 4237Command to execute after the specified 4238.Xr md 4 4239device 4240.Ar X 4241has been mounted. 4242Note that the command is passed to 4243.Ic eval 4244and that both 4245.Va _dev 4246and 4247.Va _mp 4248variables can be used to reference respectively the 4249.Xr md 4 4250device and the mount point. 4251Assuming that the 4252.Xr md 4 4253device is 4254.Li md0 , 4255one could set the following: 4256.Bd -literal 4257mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4258.Ed 4259.It Va autobridge_interfaces 4260.Pq Vt str 4261Set to the list of bridge interfaces that will have newly arriving interfaces 4262checked against to be automatically added. 4263If not set to 4264.Dq Li NO 4265then for each whitespace separated 4266.Ar element 4267in the value, a 4268.Va autobridge_ Ns Aq Ar element 4269variable is assumed to exist which has a whitespace separated list of interface 4270names to match, these names can use wildcards. 4271For example: 4272.Bd -literal 4273autobridge_interfaces="bridge0" 4274autobridge_bridge0="tap* dc0 vlan[345]" 4275.Ed 4276.It Va mixer_enable 4277.Pq Vt bool 4278If set to 4279.Dq Li YES , 4280enable support for sound mixer. 4281.It Va hcsecd_enable 4282.Pq Vt bool 4283If set to 4284.Dq Li YES , 4285enable Bluetooth security daemon. 4286.It Va hcsecd_config 4287.Pq Vt str 4288Configuration file for 4289.Xr hcsecd 8 . 4290Default 4291.Pa /etc/bluetooth/hcsecd.conf . 4292.It Va sdpd_enable 4293.Pq Vt bool 4294If set to 4295.Dq Li YES , 4296enable Bluetooth Service Discovery Protocol daemon. 4297.It Va sdpd_control 4298.Pq Vt str 4299Path to 4300.Xr sdpd 8 4301control socket. 4302Default 4303.Pa /var/run/sdp . 4304.It Va sdpd_groupname 4305.Pq Vt str 4306Sets 4307.Xr sdpd 8 4308group to run as after it initializes. 4309Default 4310.Dq Li nobody . 4311.It Va sdpd_username 4312.Pq Vt str 4313Sets 4314.Xr sdpd 8 4315user to run as after it initializes. 4316Default 4317.Dq Li nobody . 4318.It Va bthidd_enable 4319.Pq Vt bool 4320If set to 4321.Dq Li YES , 4322enable Bluetooth Human Interface Device daemon. 4323.It Va bthidd_config 4324.Pq Vt str 4325Configuration file for 4326.Xr bthidd 8 . 4327Default 4328.Pa /etc/bluetooth/bthidd.conf . 4329.It Va bthidd_hids 4330.Pq Vt str 4331Path to a file, where 4332.Xr bthidd 8 4333will store information about known HID devices. 4334Default 4335.Pa /var/db/bthidd.hids . 4336.It Va rfcomm_pppd_server_enable 4337.Pq Vt bool 4338If set to 4339.Dq Li YES , 4340enable Bluetooth RFCOMM PPP wrapper daemon. 4341.It Va rfcomm_pppd_server_profile 4342.Pq Vt str 4343The name of the profile to use from 4344.Pa /etc/ppp/ppp.conf . 4345Multiple profiles can be specified here. 4346Also used to specify per-profile overrides. 4347When the profile name contains any of the characters 4348.Dq Li .-/+ 4349they are translated to 4350.Dq Li _ 4351for the proposes of the override variable names. 4352.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4353.Pq Vt str 4354Overrides local address to listen on. 4355By default 4356.Xr rfcomm_pppd 8 4357will listen on 4358.Dq Li ANY 4359address. 4360The address can be specified as BD_ADDR or name. 4361.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4362.Pq Vt str 4363Overrides local RFCOMM channel to listen on. 4364By default 4365.Xr rfcomm_pppd 8 4366will listen on RFCOMM channel 1. 4367Must set properly if multiple profiles used in the same time. 4368.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4369.Pq Vt bool 4370Tells 4371.Xr rfcomm_pppd 8 4372if it should register Serial Port service on the specified RFCOMM channel. 4373Default 4374.Dq Li NO . 4375.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4376.Pq Vt bool 4377Tells 4378.Xr rfcomm_pppd 8 4379if it should register Dial-Up Networking service on the specified 4380RFCOMM channel. 4381Default 4382.Dq Li NO . 4383.It Va ubthidhci_enable 4384.Pq Vt bool 4385If set to 4386.Dq Li YES , 4387change the USB Bluetooth controller from HID mode to HCI mode. 4388You also need to specify the location of USB Bluetooth controller with the 4389.Va ubthidhci_busnum 4390and 4391.Va ubthidhci_addr 4392variables. 4393.It Va ubthidhci_busnum 4394Bus number where the USB Bluetooth controller is located. 4395Check the output of 4396.Xr usbconfig 8 4397on your system to find this information. 4398.It Va ubthidhci_addr 4399Bus address of the USB Bluetooth controller. 4400Check the output of 4401.Xr usbconfig 8 4402on your system to find this information. 4403.It Va netwait_enable 4404.Pq Vt bool 4405If set to 4406.Dq Li YES , 4407delays the start of network-reliant services until 4408.Va netwait_if 4409is up and ICMP packets to a destination defined in 4410.Va netwait_ip 4411are flowing. 4412Link state is examined first, followed by 4413.Dq Li pinging 4414an IP address to verify network usability. 4415If no destination can be reached or timeouts are exceeded, 4416network services are started anyway with no guarantee that 4417the network is usable. 4418Use of this variable requires both 4419.Va netwait_ip 4420and 4421.Va netwait_if 4422to be set. 4423.It Va netwait_ip 4424.Pq Vt str 4425Empty by default. 4426This variable contains a space-delimited list of IP addresses to 4427.Xr ping 8 . 4428DNS hostnames should not be used as resolution is not guaranteed 4429to be functional at this point. 4430If multiple IP addresses are specified, 4431each will be tried until one is successful or the list is exhausted. 4432.It Va netwait_timeout 4433.Pq Vt int 4434Indicates the total number of seconds to perform a 4435.Dq Li ping 4436against each IP address in 4437.Va netwait_ip , 4438at a rate of one ping per second. 4439If any of the pings are successful, 4440full network connectivity is considered reliable. 4441The default is 60. 4442.It Va netwait_if 4443.Pq Vt str 4444Empty by default. 4445Defines the name of the network interface on which watch for link. 4446.Xr ifconfig 8 4447is used to monitor the interface, looking for 4448.Dq Li status: no carrier . 4449Once gone, the link is considered up. 4450This can be a 4451.Xr vlan 4 4452interface if desired. 4453.It Va netwait_if_timeout 4454.Pq Vt int 4455Defines the total number of seconds to wait for link to become usable, 4456polled at a 1-second interval. 4457The default is 30. 4458.It Va rctl_enable 4459.Pq Vt bool 4460Set to 4461.Dq Li YES 4462to load 4463.Xr rctl 8 4464rules from the defined ruleset. 4465The kernel must be built with 4466.Cd "options RACCT" 4467and 4468.Cd "options RCTL" . 4469.It Va rctl_rules 4470.Pq Vt str 4471Set to 4472.Pa /etc/rctl.conf 4473by default. 4474This variables contains the 4475.Xr rctl.conf 5 4476ruleset to load for 4477.Xr rctl 8 . 4478.El 4479.Sh FILES 4480.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4481.It Pa /etc/defaults/rc.conf 4482.It Pa /etc/rc.conf 4483.It Pa /etc/rc.conf.local 4484.El 4485.Sh SEE ALSO 4486.Xr catman 1 , 4487.Xr chmod 1 , 4488.Xr gdb 1 , 4489.Xr info 1 , 4490.Xr kbdcontrol 1 , 4491.Xr makewhatis 1 , 4492.Xr sh 1 , 4493.Xr vi 1 , 4494.Xr vidcontrol 1 , 4495.Xr bridge 4 , 4496.Xr dummynet 4 , 4497.Xr ip 4 , 4498.Xr ipf 4 , 4499.Xr ipfw 4 , 4500.Xr ipnat 4 , 4501.Xr kld 4 , 4502.Xr pf 4 , 4503.Xr pflog 4 , 4504.Xr pfsync 4 , 4505.Xr tcp 4 , 4506.Xr udp 4 , 4507.Xr exports 5 , 4508.Xr fstab 5 , 4509.Xr ipf 5 , 4510.Xr ipnat 5 , 4511.Xr jail.conf 5 , 4512.Xr motd 5 , 4513.Xr newsyslog.conf 5 , 4514.Xr pf.conf 5 , 4515.Xr security 7 , 4516.Xr accton 8 , 4517.Xr amd 8 , 4518.Xr apm 8 , 4519.Xr atm 8 , 4520.Xr bthidd 8 , 4521.Xr chkprintcap 8 , 4522.Xr chown 8 , 4523.Xr cron 8 , 4524.Xr devfs 8 , 4525.Xr dhclient 8 , 4526.Xr ftpd 8 , 4527.Xr geli 8 , 4528.Xr hcsecd 8 , 4529.Xr ifconfig 8 , 4530.Xr inetd 8 , 4531.Xr ipf 8 , 4532.Xr ipfw 8 , 4533.Xr ipnat 8 , 4534.Xr jail 8 , 4535.Xr kldxref 8 , 4536.Xr lpd 8 , 4537.Xr mdconfig 8 , 4538.Xr mdmfs 8 , 4539.Xr mixer 8 , 4540.Xr mountd 8 , 4541.Xr moused 8 , 4542.Xr mrouted 8 , 4543.Xr newfs 8 , 4544.Xr newsyslog 8 , 4545.Xr nfsd 8 , 4546.Xr ntpd 8 , 4547.Xr ntpdate 8 , 4548.Xr pfctl 8 , 4549.Xr pflogd 8 , 4550.Xr ping 8 , 4551.Xr powerd 8 , 4552.Xr quotacheck 8 , 4553.Xr quotaon 8 , 4554.Xr rc 8 , 4555.Xr rc.sendmail 8 , 4556.Xr rfcomm_pppd 8 , 4557.Xr route 8 , 4558.Xr routed 8 , 4559.Xr rpcbind 8 , 4560.Xr rpc.lockd 8 , 4561.Xr rpc.statd 8 , 4562.Xr rwhod 8 , 4563.Xr savecore 8 , 4564.Xr sdpd 8 , 4565.Xr sshd 8 , 4566.Xr swapon 8 , 4567.Xr sysctl 8 , 4568.Xr syslogd 8 , 4569.Xr timed 8 , 4570.Xr unbound 8 , 4571.Xr usbconfig 8 , 4572.Xr wlandebug 8 , 4573.Xr yp 8 , 4574.Xr ypbind 8 , 4575.Xr ypserv 8 , 4576.Xr ypset 8 4577.Sh HISTORY 4578The 4579.Nm 4580file appeared in 4581.Fx 2.2.2 . 4582.Sh AUTHORS 4583.An Jordan K. Hubbard . 4584