1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd June 20, 2013 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Va swapfile 165.Pq Vt str 166If set to 167.Dq Li NO , 168no swapfile is installed, otherwise the value is used as the full 169pathname to a file to use for additional swap space. 170.It Ao Ar name Ac Ns Va _chroot 171.Pq Vt str 172.Xr chroot 173to this directory before running the service. 174.It Ao Ar name Ac Ns Va _user 175.Pq Vt str 176Run the service under this user account. 177.It Ao Ar name Ac Ns Va _group 178.Pq Vt str 179Run the chrooted service under this system group. Unlike the _user 180setting, this setting has no effect if the service is not chrooted. 181.It Ao Ar name Ac Ns Va _fib 182.Pq Vt int 183The 184.Xr setfib 1 185value to run the service under. 186.It Ao Ar name Ac Ns Va _nice 187.Pq Vt int 188The 189.Xr nice 1 190value to run the service under. 191.It Va apm_enable 192.Pq Vt bool 193If set to 194.Dq Li YES , 195enable support for Automatic Power Management with 196the 197.Xr apm 8 198command. 199.It Va apmd_enable 200.Pq Vt bool 201Run 202.Xr apmd 8 203to handle APM event from userland. 204This also enables support for APM. 205.It Va apmd_flags 206.Pq Vt str 207If 208.Va apmd_enable 209is set to 210.Dq Li YES , 211these are the flags to pass to the 212.Xr apmd 8 213daemon. 214.It Va devd_enable 215.Pq Vt bool 216Run 217.Xr devd 8 218to handle device added, removed or unknown events from the kernel. 219.It Va ddb_enable 220.Pq Vt bool 221Run 222.Xr ddb 8 223to install 224.Xr ddb 4 225scripts at boot time. 226.It Va ddb_config 227.Pq Vt str 228Configuration file for 229.Xr ddb 8 . 230Default 231.Pa /etc/ddb.conf . 232.It Va kld_list 233.Pq Vt str 234A list of kernel modules to load right after the local 235disks are mounted. 236Loading modules at this point in the boot process is 237much faster than doing it via 238.Pa /boot/loader.conf 239for those modules not necessary for mounting local disk. 240.It Va kldxref_enable 241.Pq Vt bool 242Set to 243.Dq Li NO 244by default. 245Set to 246.Dq Li YES 247to automatically rebuild 248.Pa linker.hints 249files with 250.Xr kldxref 8 251at boot time. 252.It Va kldxref_clobber 253.Pq Vt bool 254Set to 255.Dq Li NO 256by default. 257If 258.Va kldxref_enable 259is true, 260setting to 261.Dq Li YES 262will overwrite existing 263.Pa linker.hints 264files at boot time. 265Otherwise, 266only missing 267.Pa linker.hints 268files are generated. 269.It Va kldxref_module_path 270.Pq Vt str 271Empty by default. 272A semi-colon 273.Pq Ql \&; 274delimited list of paths containing 275.Xr kld 4 276modules. 277If empty, 278the contents of the 279.Va kern.module_path 280.Xr sysctl 8 281are used. 282.It Va powerd_enable 283.Pq Vt bool 284If set to 285.Dq Li YES , 286enable the system power control facility with the 287.Xr powerd 8 288daemon. 289.It Va powerd_flags 290.Pq Vt str 291If 292.Va powerd_enable 293is set to 294.Dq Li YES , 295these are the flags to pass to the 296.Xr powerd 8 297daemon. 298.It Va tmpmfs 299Controls the creation of a 300.Pa /tmp 301memory file system. 302Always happens if set to 303.Dq Li YES 304and never happens if set to 305.Dq Li NO . 306If set to anything else, a memory file system is created if 307.Pa /tmp 308is not writable. 309.It Va tmpsize 310Controls the size of a created 311.Pa /tmp 312memory file system. 313.It Va tmpmfs_flags 314Extra options passed to the 315.Xr mdmfs 8 316utility when the memory file system for 317.Pa /tmp 318is created. 319The default is 320.Dq Li "-S" , 321which inhibits the use of softupdates on 322.Pa /tmp 323so that file system space is freed without delay 324after file truncation or deletion. 325See 326.Xr mdmfs 8 327for other options you can use in 328.Va tmpmfs_flags . 329.It Va varmfs 330Controls the creation of a 331.Pa /var 332memory file system. 333Always happens if set to 334.Dq Li YES 335and never happens if set to 336.Dq Li NO . 337If set to anything else, a memory file system is created if 338.Pa /var 339is not writable. 340.It Va varsize 341Controls the size of a created 342.Pa /var 343memory file system. 344.It Va varmfs_flags 345Extra options passed to the 346.Xr mdmfs 8 347utility when the memory file system for 348.Pa /var 349is created. 350The default is 351.Dq Li "-S" , 352which inhibits the use of softupdates on 353.Pa /var 354so that file system space is freed without delay 355after file truncation or deletion. 356See 357.Xr mdmfs 8 358for other options you can use in 359.Va varmfs_flags . 360.It Va populate_var 361Controls the automatic population of the 362.Pa /var 363file system. 364Always happens if set to 365.Dq Li YES 366and never happens if set to 367.Dq Li NO . 368If set to anything else, a memory file system is created if 369.Pa /var 370is not writable. 371Note that this process requires access to certain commands in 372.Pa /usr 373before 374.Pa /usr 375is mounted on normal systems. 376.It Va cleanvar_enable 377.Pq Vt bool 378Clean the 379.Pa /var 380directory. 381.It Va local_startup 382.Pq Vt str 383List of directories to search for startup script files. 384.It Va script_name_sep 385.Pq Vt str 386The field separator to use for breaking down the list of startup script files 387into individual filenames. 388The default is a space. 389It is not necessary to change this unless there are startup scripts with names 390containing spaces. 391.It Va hostapd_enable 392.Pq Vt bool 393Set to 394.Dq Li YES 395to start 396.Xr hostapd 8 397at system boot time. 398.It Va hostname 399.Pq Vt str 400The fully qualified domain name (FQDN) of this host on the network. 401This should almost certainly be set to something meaningful, even if 402there is no network connection. 403If 404.Xr dhclient 8 405is used to set the hostname via DHCP, 406this variable should be set to an empty string. 407If this value remains unset when the system is done booting 408your console login will display the default hostname of 409.Dq Amnesiac . 410.It Va nisdomainname 411.Pq Vt str 412The NIS domain name of this host, or 413.Dq Li NO 414if NIS is not used. 415.It Va dhclient_program 416.Pq Vt str 417Path to the DHCP client program 418.Pa ( /sbin/dhclient , 419the 420.Ox 421DHCP client, 422is the default). 423.It Va dhclient_flags 424.Pq Vt str 425Additional flags to pass to the DHCP client program. 426For the 427.Ox 428DHCP client, see the 429.Xr dhclient 8 430manpage for a description of the command line options available. 431.It Va dhclient_flags_ Ns Aq Ar iface 432Additional flags to pass to the DHCP client program running on 433.Ar iface 434only. 435When specified, this variable overrides 436.Va dhclient_flags . 437.It Va background_dhclient 438.Pq Vt bool 439Set to 440.Dq Li YES 441to start the DHCP client in background. 442This can cause trouble with applications depending on 443a working network, but it will provide a faster startup 444in many cases. 445.It Va background_dhclient_ Ns Aq Ar iface 446When specified, this variable overrides the 447.Va background_dhclient 448variable for interface 449.Ar iface 450only. 451.It Va synchronous_dhclient 452.Pq Vt bool 453Set to 454.Dq Li YES 455to start 456.Xr dhclient 8 457synchronously at startup. 458This behavior can be overridden on a per-interface basis by replacing 459the 460.Dq Li DHCP 461keyword in the 462.Va ifconfig_ Ns Aq Ar interface 463variable with 464.Dq Li SYNCDHCP 465or 466.Dq Li NOSYNCDHCP . 467.It Va defaultroute_delay 468.Pq Vt int 469When set to a positive value, wait up to this long after configuring 470DHCP interfaces at startup to give the interfaces time to receive a lease. 471.It Va firewall_enable 472.Pq Vt bool 473Set to 474.Dq Li YES 475to load firewall rules at startup. 476If the kernel was not built with 477.Cd "options IPFIREWALL" , 478the 479.Pa ipfw.ko 480kernel module will be loaded. 481See also 482.Va ipfilter_enable . 483.It Va firewall_script 484.Pq Vt str 485This variable specifies the full path to the firewall script to run. 486The default is 487.Pa /etc/rc.firewall . 488.It Va firewall_type 489.Pq Vt str 490Names the firewall type from the selection in 491.Pa /etc/rc.firewall , 492or the file which contains the local firewall ruleset. 493Valid selections from 494.Pa /etc/rc.firewall 495are: 496.Pp 497.Bl -tag -width ".Li simple" -compact 498.It Li open 499unrestricted IP access 500.It Li closed 501all IP services disabled, except via 502.Dq Li lo0 503.It Li client 504basic protection for a workstation 505.It Li simple 506basic protection for a LAN. 507.El 508.Pp 509If a filename is specified, the full path 510must be given. 511.It Va firewall_quiet 512.Pq Vt bool 513Set to 514.Dq Li YES 515to disable the display of firewall rules on the console during boot. 516.It Va firewall_logging 517.Pq Vt bool 518Set to 519.Dq Li YES 520to enable firewall event logging. 521This is equivalent to the 522.Dv IPFIREWALL_VERBOSE 523kernel option. 524.It Va firewall_logif 525.Pq Vt bool 526Set to 527.Dq Li YES 528to create pseudo interface 529.Li ipfw0 530for logging. 531For more details, see 532.Xr ipfw 8 533manual page. 534.It Va firewall_flags 535.Pq Vt str 536Flags passed to 537.Xr ipfw 8 538if 539.Va firewall_type 540specifies a filename. 541.It Va firewall_coscripts 542.Pq Vt str 543List of executables and/or rc scripts to run after firewall starts/stops. 544Default is empty. 545.\" ----- firewall_nat_enable setting -------------------------------- 546.It Va firewall_nat_enable 547.Pq Vt bool 548The 549.Xr ipfw 8 550equivalent of 551.Va natd_enable . 552Setting this to 553.Dq Li YES 554enables kernel NAT. 555.Va firewall_enable 556must also be set to 557.Dq Li YES . 558.It Va firewall_nat_interface 559.Pq Vt str 560The 561.Xr ipfw 8 562equivalent of 563.Va natd_interface . 564This is the name of the public interface or IP address on which 565kernel NAT should run. 566.It Va firewall_nat_flags 567.Pq Vt str 568Additional configuration parameters for kernel NAT should be placed here. 569.It Va dummynet_enable 570.Pq Vt bool 571Setting this to 572.Dq Li YES 573will automatically load the 574.Xr dummynet 4 575module if 576.Va firewall_enable 577is also set to 578.Dq Li YES . 579.\" ------------------------------------------------------------------- 580.It Va natd_program 581.Pq Vt str 582Path to 583.Xr natd 8 . 584.It Va natd_enable 585.Pq Vt bool 586Set to 587.Dq Li YES 588to enable 589.Xr natd 8 . 590.Va firewall_enable 591must also be set to 592.Dq Li YES , 593and 594.Xr divert 4 595sockets must be enabled in the kernel. 596If the kernel was not built with 597.Cd "options IPDIVERT" , 598the 599.Pa ipdivert.ko 600kernel module will be loaded. 601.It Va natd_interface 602.Pq Vt str 603This is the name of the public interface on which 604.Xr natd 8 605should run. 606The interface may be given as an interface name or as an IP address. 607.It Va natd_flags 608.Pq Vt str 609Additional 610.Xr natd 8 611flags should be placed here. 612The 613.Fl n 614or 615.Fl a 616flag is automatically added with the above 617.Va natd_interface 618as an argument. 619.\" ----- ipfilter_enable setting -------------------------------- 620.It Va ipfilter_enable 621.Pq Vt bool 622Set to 623.Dq Li NO 624by default. 625Setting this to 626.Dq Li YES 627enables 628.Xr ipf 8 629packet filtering. 630.Pp 631Typical usage will require putting 632.Bd -literal 633ipfilter_enable="YES" 634ipnat_enable="YES" 635ipmon_enable="YES" 636ipfs_enable="YES" 637.Ed 638.Pp 639into 640.Pa /etc/rc.conf 641and editing 642.Pa /etc/ipf.rules 643and 644.Pa /etc/ipnat.rules 645appropriately. 646.Pp 647Note that 648.Va ipfilter_enable 649and 650.Va ipnat_enable 651can be enabled independently. 652.Va ipmon_enable 653and 654.Va ipfs_enable 655both require at least one of 656.Va ipfilter_enable 657and 658.Va ipnat_enable 659to be enabled. 660.Pp 661Having 662.Bd -literal 663options IPFILTER 664options IPFILTER_LOG 665options IPFILTER_DEFAULT_BLOCK 666.Ed 667.Pp 668in the kernel configuration file is a good idea, too. 669.\" ----- ipfilter_program setting ------------------------------ 670.It Va ipfilter_program 671.Pq Vt str 672Path to 673.Xr ipf 8 674(default 675.Pa /sbin/ipf ) . 676.\" ----- ipfilter_rules setting -------------------------------- 677.It Va ipfilter_rules 678.Pq Vt str 679Set to 680.Pa /etc/ipf.rules 681by default. 682This variable contains the name of the filter rule definition file. 683The file is expected to be readable for the 684.Xr ipf 8 685command to execute. 686.\" ----- ipv6_ipfilter_rules setting --------------------------- 687.It Va ipv6_ipfilter_rules 688.Pq Vt str 689Set to 690.Pa /etc/ipf6.rules 691by default. 692This variable contains the IPv6 filter rule definition file. 693The file is expected to be readable for the 694.Xr ipf 8 695command to execute. 696.\" ----- ipfilter_flags setting -------------------------------- 697.It Va ipfilter_flags 698.Pq Vt str 699Empty by default. 700This variable contains flags passed to the 701.Xr ipf 8 702program. 703.\" ----- ipnat_enable setting ---------------------------------- 704.It Va ipnat_enable 705.Pq Vt bool 706Set to 707.Dq Li NO 708by default. 709Set it to 710.Dq Li YES 711to enable 712.Xr ipnat 8 713network address translation. 714See 715.Va ipfilter_enable 716for a detailed discussion. 717.\" ----- ipnat_program setting --------------------------------- 718.It Va ipnat_program 719.Pq Vt str 720Path to 721.Xr ipnat 8 722(default 723.Pa /sbin/ipnat ) . 724.\" ----- ipnat_rules setting ----------------------------------- 725.It Va ipnat_rules 726.Pq Vt str 727Set to 728.Pa /etc/ipnat.rules 729by default. 730This variable contains the name of the file 731holding the network address translation definition. 732This file is expected to be readable for the 733.Xr ipnat 8 734command to execute. 735.\" ----- ipnat_flags setting ----------------------------------- 736.It Va ipnat_flags 737.Pq Vt str 738Empty by default. 739This variable contains flags passed to the 740.Xr ipnat 8 741program. 742.\" ----- ipmon_enable setting ---------------------------------- 743.It Va ipmon_enable 744.Pq Vt bool 745Set to 746.Dq Li NO 747by default. 748Set it to 749.Dq Li YES 750to enable 751.Xr ipmon 8 752monitoring (logging 753.Xr ipf 8 754and 755.Xr ipnat 8 756events). 757Setting this variable needs setting 758.Va ipfilter_enable 759or 760.Va ipnat_enable 761too. 762See 763.Va ipfilter_enable 764for a detailed discussion. 765.\" ----- ipmon_program setting --------------------------------- 766.It Va ipmon_program 767.Pq Vt str 768Path to 769.Xr ipmon 8 770(default 771.Pa /sbin/ipmon ) . 772.\" ----- ipmon_flags setting ----------------------------------- 773.It Va ipmon_flags 774.Pq Vt str 775Set to 776.Dq Li -Ds 777by default. 778This variable contains flags passed to the 779.Xr ipmon 8 780program. 781Another typical example would be 782.Dq Fl D Pa /var/log/ipflog 783to have 784.Xr ipmon 8 785log directly to a file bypassing 786.Xr syslogd 8 . 787Make sure to adjust 788.Pa /etc/newsyslog.conf 789in such case like this: 790.Bd -literal 791/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 792.Ed 793.\" ----- ipfs_enable setting ----------------------------------- 794.It Va ipfs_enable 795.Pq Vt bool 796Set to 797.Dq Li NO 798by default. 799Set it to 800.Dq Li YES 801to enable 802.Xr ipfs 8 803saving the filter and NAT state tables during shutdown 804and reloading them during startup again. 805Setting this variable needs setting 806.Va ipfilter_enable 807or 808.Va ipnat_enable 809to 810.Dq Li YES 811too. 812See 813.Va ipfilter_enable 814for a detailed discussion. 815Note that if 816.Va kern_securelevel 817is set to 3, 818.Va ipfs_enable 819cannot be used 820because the raised securelevel will prevent 821.Xr ipfs 8 822from saving the state tables at shutdown time. 823.\" ----- ipfs_program setting ---------------------------------- 824.It Va ipfs_program 825.Pq Vt str 826Path to 827.Xr ipfs 8 828(default 829.Pa /sbin/ipfs ) . 830.\" ----- ipfs_flags setting ------------------------------------ 831.It Va ipfs_flags 832.Pq Vt str 833Empty by default. 834This variable contains flags passed to the 835.Xr ipfs 8 836program. 837.\" ----- end of added ipf hook --------------------------------- 838.It Va pf_enable 839.Pq Vt bool 840Set to 841.Dq Li NO 842by default. 843Setting this to 844.Dq Li YES 845enables 846.Xr pf 4 847packet filtering. 848.Pp 849Typical usage will require putting 850.Pp 851.Dl pf_enable="YES" 852.Pp 853into 854.Pa /etc/rc.conf 855and editing 856.Pa /etc/pf.conf 857appropriately. 858Adding 859.Pp 860.Dl "device pf" 861.Pp 862builds support for 863.Xr pf 4 864into the kernel, otherwise the 865kernel module will be loaded. 866.It Va pf_rules 867.Pq Vt str 868Path to 869.Xr pf 4 870ruleset configuration file 871(default 872.Pa /etc/pf.conf ) . 873.It Va pf_program 874.Pq Vt str 875Path to 876.Xr pfctl 8 877(default 878.Pa /sbin/pfctl ) . 879.It Va pf_flags 880.Pq Vt str 881If 882.Va pf_enable 883is set to 884.Dq Li YES , 885these flags are passed to the 886.Xr pfctl 8 887program when loading the ruleset. 888.It Va pflog_enable 889.Pq Vt bool 890Set to 891.Dq Li NO 892by default. 893Setting this to 894.Dq Li YES 895enables 896.Xr pflogd 8 897which logs packets from the 898.Xr pf 4 899packet filter. 900.It Va pflog_logfile 901.Pq Vt str 902If 903.Va pflog_enable 904is set to 905.Dq Li YES 906this controls where 907.Xr pflogd 8 908stores the logfile 909(default 910.Pa /var/log/pflog ) . 911Check 912.Pa /etc/newsyslog.conf 913to adjust logfile rotation for this. 914.It Va pflog_program 915.Pq Vt str 916Path to 917.Xr pflogd 8 918(default 919.Pa /sbin/pflogd ) . 920.It Va pflog_flags 921.Pq Vt str 922Empty by default. 923This variable contains additional flags passed to the 924.Xr pflogd 8 925program. 926.It Va ftpproxy_enable 927.Pq Vt bool 928Set to 929.Dq Li NO 930by default. 931Setting this to 932.Dq Li YES 933enables 934.Xr ftp-proxy 8 935which supports the 936.Xr pf 4 937packet filter in translating ftp connections. 938.It Va ftpproxy_flags 939.Pq Vt str 940Empty by default. 941This variable contains additional flags passed to the 942.Xr ftp-proxy 8 943program. 944.It Va pfsync_enable 945.Pq Vt bool 946Set to 947.Dq Li NO 948by default. 949Setting this to 950.Dq Li YES 951enables exposing 952.Xr pf 4 953state changes to other hosts over the network by means of 954.Xr pfsync 4 . 955The 956.Va pfsync_syncdev 957variable 958must also be set then. 959.It Va pfsync_syncdev 960.Pq Vt str 961Empty by default. 962This variable specifies the name of the network interface 963.Xr pfsync 4 964should operate through. 965It must be set accordingly if 966.Va pfsync_enable 967is set to 968.Dq Li YES . 969.It Va pfsync_syncpeer 970.Pq Vt str 971Empty by default. 972This variable is optional. 973By default, state change messages are sent out on the synchronisation 974interface using IP multicast packets. 975The protocol is IP protocol 240, PFSYNC, and the multicast group used is 976224.0.0.240. 977When a peer address is specified using the 978.Va pfsync_syncpeer 979option, the peer address is used as a destination for the pfsync 980traffic, and the traffic can then be protected using 981.Xr ipsec 4 . 982See the 983.Xr pfsync 4 984manpage for more details about using 985.Xr ipsec 4 986with 987.Xr pfsync 4 988interfaces. 989.It Va pfsync_ifconfig 990.Pq Vt str 991Empty by default. 992This variable can contain additional options to be passed to the 993.Xr ifconfig 8 994command used to set up 995.Xr pfsync 4 . 996.It Va tcp_extensions 997.Pq Vt bool 998Set to 999.Dq Li YES 1000by default. 1001Setting this to 1002.Dq Li NO 1003disables certain TCP options as described by 1004.Rs 1005.%T "RFC 1323" 1006.Re 1007Setting this to 1008.Dq Li NO 1009might help remedy such problems with connections as randomly hanging 1010or other weird behavior. 1011Some network devices are known 1012to be broken with respect to these options. 1013.It Va log_in_vain 1014.Pq Vt int 1015Set to 0 by default. 1016The 1017.Xr sysctl 8 1018variables, 1019.Va net.inet.tcp.log_in_vain 1020and 1021.Va net.inet.udp.log_in_vain , 1022as described in 1023.Xr tcp 4 1024and 1025.Xr udp 4 , 1026are set to the given value. 1027.It Va tcp_keepalive 1028.Pq Vt bool 1029Set to 1030.Dq Li YES 1031by default. 1032Setting to 1033.Dq Li NO 1034will disable probing idle TCP connections to verify that the 1035peer is still up and reachable. 1036.It Va tcp_drop_synfin 1037.Pq Vt bool 1038Set to 1039.Dq Li NO 1040by default. 1041Setting to 1042.Dq Li YES 1043will cause the kernel to ignore TCP frames that have both 1044the SYN and FIN flags set. 1045This prevents OS fingerprinting, but may 1046break some legitimate applications. 1047.It Va icmp_drop_redirect 1048.Pq Vt bool 1049Set to 1050.Dq Li NO 1051by default. 1052Setting to 1053.Dq Li YES 1054will cause the kernel to ignore ICMP REDIRECT packets. 1055Refer to 1056.Xr icmp 4 1057for more information. 1058.It Va icmp_log_redirect 1059.Pq Vt bool 1060Set to 1061.Dq Li NO 1062by default. 1063Setting to 1064.Dq Li YES 1065will cause the kernel to log ICMP REDIRECT packets. 1066Note that 1067the log messages are not rate-limited, so this option should only be used 1068for troubleshooting networks. 1069Refer to 1070.Xr icmp 4 1071for more information. 1072.It Va icmp_bmcastecho 1073.Pq Vt bool 1074Set to 1075.Dq Li YES 1076to respond to broadcast or multicast ICMP ping packets. 1077Refer to 1078.Xr icmp 4 1079for more information. 1080.It Va ip_portrange_first 1081.Pq Vt int 1082If not set to 1083.Dq Li NO , 1084this is the first port in the default portrange. 1085Refer to 1086.Xr ip 4 1087for more information. 1088.It Va ip_portrange_last 1089.Pq Vt int 1090If not set to 1091.Dq Li NO , 1092this is the last port in the default portrange. 1093Refer to 1094.Xr ip 4 1095for more information. 1096.It Va network_interfaces 1097.Pq Vt str 1098Set to the list of network interfaces to configure on this host or 1099.Dq Li AUTO 1100(the default) for all current interfaces. 1101Setting the 1102.Va network_interfaces 1103variable to anything other than the default is deprecated. 1104Interfaces that the administrator wishes to store configuration for, 1105but not start at boot should be configured with the 1106.Dq Li NOAUTO 1107keyword in their 1108.Va ifconfig_ Ns Aq Ar interface 1109variables as described below. 1110.Pp 1111An 1112.Va ifconfig_ Ns Aq Ar interface 1113variable is also assumed to exist for each value of 1114.Ar interface . 1115When an interface name contains any of the characters 1116.Dq Li .-/+ 1117they are translated to 1118.Dq Li _ 1119before lookup. 1120The variable can contain arguments to 1121.Xr ifconfig 8 , 1122as well as special case-insensitive keywords described below. 1123Such keywords are removed before passing the value to 1124.Xr ifconfig 8 1125while the order of the other arguments is preserved. 1126.Pp 1127It is possible to add IP alias entries using 1128.Xr ifconfig 8 1129syntax with the address family keyword such as 1130.Li inet . 1131Assuming that the interface in question was 1132.Li ed0 , 1133it might look something like this: 1134.Bd -literal 1135ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1136ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1137.Ed 1138.Pp 1139It also possible to configure multiple IP addresses in Classless 1140Inter-Domain Routing 1141.Pq CIDR 1142address notation, 1143whose each address component can be a range like 1144.Li inet 192.0.2.5-23/24 1145or 1146.Li inet6 2001:db8:1-f::1/64 . 1147This notation allows address and prefix length part only, 1148not the other address modifiers. 1149.Pp 1150In the case of 1151.Li 192.0.2.5-23/24 , 1152the address 192.0.2.5 will be configured with the 1153netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1154the non-conflicting netmask /32 as explained in the 1155.Xr ifconfig 8 1156alias section. 1157Note that this special netmask handling is only for 1158.Li inet , 1159not for the other address families such as 1160.Li inet6 . 1161.Pp 1162With the interface in question being 1163.Li ed0 , 1164an example could look like: 1165.Bd -literal 1166ifconfig_ed0_alias2="inet 192.0.2.129/27" 1167ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1168.Ed 1169.Pp 1170and so on. 1171.Pp 1172Note that 1173.Va ipv4_addrs_ Ns Aq Ar interface 1174variable was supported for IPv4 CIDR address notation. 1175It is now deprecated because the functionality was integrated into 1176.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1177though 1178.Va ipv4_addrs_ Ns Aq Ar interface 1179is still supported for backward compatibility. 1180.Pp 1181For each 1182.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1183entry with an address family keyword, 1184its contents are passed to 1185.Xr ifconfig 8 . 1186Execution stops at the first unsuccessful access, so if 1187something like this is present: 1188.Bd -literal 1189ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1190ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1191ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1192ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1193.Ed 1194.Pp 1195Then note that alias4 would 1196.Em not 1197be added since the search would 1198stop with the missing 1199.Dq Li alias3 1200entry. 1201Due to this difficult to manage behavior, the 1202.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1203form is deprecated. 1204There is 1205.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1206variable, which has the same functionality as 1207.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1208and can have all of entries in a variable like the following: 1209.Bd -literal 1210ifconfig_ed0_aliases="\\ 1211 inet 127.0.0.251 netmask 0xffffffff \\ 1212 inet 127.0.0.252 netmask 0xffffffff \\ 1213 inet 127.0.0.253 netmask 0xffffffff \\ 1214 inet 127.0.0.254 netmask 0xffffffff" 1215.Ed 1216.Pp 1217It also supports CIDR notation. 1218.Pp 1219If the 1220.Pa /etc/start_if. Ns Aq Ar interface 1221file is present, it is read and executed by the 1222.Xr sh 1 1223interpreter 1224before configuring the interface as specified in the 1225.Va ifconfig_ Ns Aq Ar interface 1226and 1227.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1228variables. 1229.Pp 1230If a 1231.Va vlans_ Ns Aq Ar interface 1232variable is set, 1233a 1234.Xr vlan 4 1235interface will be created for each item in the list with the 1236.Ar vlandev 1237argument set to 1238.Ar interface . 1239If a vlan interface's name is a number, 1240then that number is used as the vlan tag and the new vlan interface is 1241named 1242.Ar interface . Ns Ar tag . 1243Otherwise, 1244the vlan tag must be specified via a 1245.Va vlan 1246parameter in the 1247.Va create_args_ Ns Aq Ar interface 1248variable. 1249.Pp 1250To create a vlan device named 1251.Li em0.101 1252on 1253.Li em0 1254with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1255.Bd -literal 1256vlans_em0="101" 1257ifconfig_em0_101="inet 192.0.2.1/24" 1258.Ed 1259.Pp 1260To create a vlan device named 1261.Li myvlan 1262on 1263.Li em0 1264with the vlan tag 102: 1265.Bd -literal 1266vlans_em0="myvlan" 1267create_args_myvlan="vlan 102" 1268.Ed 1269.Pp 1270If a 1271.Va wlans_ Ns Aq Ar interface 1272variable is set, 1273an 1274.Xr wlan 4 1275interface will be created for each item in the list with the 1276.Ar wlandev 1277argument set to 1278.Ar interface . 1279Further wlan cloning arguments may be passed to the 1280.Xr ifconfig 8 1281.Cm create 1282command by setting the 1283.Va create_args_ Ns Aq Ar interface 1284variable. 1285One or more 1286.Xr wlan 4 1287devices must be created for each wireless devices as of 1288.Fx 8.0 . 1289Debugging flags for 1290.Xr wlan 4 1291devices as set by 1292.Xr wlandebug 8 1293may be specified with an 1294.Va wlandebug_ Ns Aq Ar interface 1295variable. 1296The contents of this variable will be passed directly to 1297.Xr wlandebug 8 . 1298.Pp 1299If the 1300.Va ifconfig_ Ns Aq Ar interface 1301contains the keyword 1302.Dq Li NOAUTO 1303then the interface will not be configured 1304at boot or by 1305.Pa /etc/pccard_ether 1306when 1307.Va network_interfaces 1308is set to 1309.Dq Li AUTO . 1310.Pp 1311It is possible to bring up an interface with DHCP by adding 1312.Dq Li DHCP 1313to the 1314.Va ifconfig_ Ns Aq Ar interface 1315variable. 1316For instance, to initialize the 1317.Li ed0 1318device via DHCP, 1319it is possible to use something like: 1320.Bd -literal 1321ifconfig_ed0="DHCP" 1322.Ed 1323.Pp 1324Also, if you want to configure your wireless interface with 1325.Xr wpa_supplicant 8 1326for use with WPA, EAP/LEAP or WEP, you need to add 1327.Dq Li WPA 1328to the 1329.Va ifconfig_ Ns Aq Ar interface 1330variable. 1331.Pp 1332Finally, you can add 1333.Xr ifconfig 8 1334options in this variable, in addition to the 1335.Pa /etc/start_if. Ns Aq Ar interface 1336file. 1337For instance, to configure an 1338.Xr ath 4 1339wireless device in station mode with an address obtained 1340via DHCP, using WPA authentication and 802.11b mode, it is 1341possible to use something like: 1342.Bd -literal 1343wlans_ath0="wlan0" 1344ifconfig_wlan0="DHCP WPA mode 11b" 1345.Ed 1346.Pp 1347In addition to the 1348.Va ifconfig_ Ns Aq Ar interface 1349form, a fallback variable 1350.Va ifconfig_DEFAULT 1351may be configured. 1352It will be used for all interfaces with no 1353.Va ifconfig_ Ns Aq Ar interface 1354variable. 1355This is intended to replace the no longer supported 1356.Va pccard_ifconfig 1357variable. 1358.Pp 1359It is also possible to rename an interface by doing: 1360.Bd -literal 1361ifconfig_ed0_name="net0" 1362ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1363.Ed 1364.It Va ipv6_enable 1365.Pq Vt bool 1366This variable is deprecated. 1367Use 1368.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1369and 1370.Va ipv6_activate_all_interfaces 1371if necessary. 1372.Pp 1373If the variable is 1374.Dq Li YES , 1375.Dq Li inet6 accept_rtadv 1376is added to all of 1377.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1378and the 1379.Va ipv6_activate_all_interfaces 1380is defined as 1381.Dq Li YES . 1382.It Va ipv6_prefer 1383.Pq Vt bool 1384This variable is deprecated. 1385Use 1386.Va ip6addrctl_policy 1387instead. 1388.Pp 1389If the variable is 1390.Dq Li YES , 1391the default address selection policy table set by 1392.Xr ip6addrctl 8 1393will be IPv6-preferred. 1394.Pp 1395If the variable is 1396.Dq Li NO , 1397the default address selection policy table set by 1398.Xr ip6addrctl 8 1399will be IPv4-preferred. 1400.It Va ipv6_activate_all_interfaces 1401.Pq Vt bool 1402This controls initial configuration on IPv6-capable 1403interfaces with no corresponding 1404.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1405variable. 1406Note that it is not always necessary to set this variable to 1407.Dq YES 1408to use IPv6 functionality on 1409.Fx . 1410In most cases, just configuring 1411.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1412variables works. 1413.Pp 1414If the variable is 1415.Dq Li NO , 1416all interfaces which do not have a corresponding 1417.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1418variable will be marked as 1419.Dq Li IFDISABLED 1420at creation. 1421This means that all of IPv6 functionality on that interface 1422is completely disabled to enforce a security policy. 1423If the variable is set to 1424.Dq YES , 1425the flag will be cleared on all of the interfaces. 1426.Pp 1427In most cases, just defining an 1428.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1429for an IPv6-capable interface should be sufficient. 1430However, if an interface is added dynamically 1431.Pq by some tunneling protocols such as PPP, for example , 1432it is often difficult to define the variable in advance. 1433In such a case, configuring the 1434.Dq Li IFDISABLED 1435flag can be disabled by setting this variable to 1436.Dq YES . 1437.Pp 1438For more details of the 1439.Dq Li IFDISABLED 1440flag and keywords 1441.Dq Li inet6 ifdisabled , 1442see 1443.Xr ifconfig 8 . 1444.Pp 1445Default is 1446.Dq Li NO . 1447.It Va ipv6_privacy 1448.Pq Vt bool 1449If the variable is 1450.Dq Li YES 1451privacy addresses will be generated for each IPv6 1452interface as described in RFC 4941. 1453.It Va ipv6_network_interfaces 1454.Pq Vt str 1455This is the IPv6 equivalent of 1456.Va network_interfaces . 1457Normally manual configuration of this variable is not needed. 1458.Pp 1459.It Va ipv6_cpe_wanif 1460.Pq Vt str 1461If the variable is set to an interface name, 1462the 1463.Xr ifconfig 8 1464options 1465.Dq inet6 -no_radr accept_rtadv 1466will be added to the specified interface automatically before evaluating 1467.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1468and two 1469.Xr sysctl 8 1470variables 1471.Va net.inet6.ip6.rfc6204w3 1472and 1473.Va net.inet6.ip6.no_radr 1474will be set to 1. 1475.Pp 1476This means the specified interface will accept ICMPv6 Router 1477Advertisement messages on that link and add the discovered 1478routers into the Default Router List. 1479While the other interfaces can still accept RA messages if the 1480.Dq inet6 accept_rtadv 1481option is specified, adding 1482routes into the Default Router List will be disabled by 1483.Dq inet6 no_radr 1484option by default. 1485See 1486.Xr ifconfig 8 1487for more details. 1488.Pp 1489Note that ICMPv6 Router Advertisement messages will be 1490accepted even when 1491.Va net.inet6.ip6.forwarding 1492is 1 1493.Pq packet forwarding is enabled 1494when 1495.Va net.inet6.ip6.rfc6204w3 1496is set to 1. 1497.Pp 1498Default is 1499.Dq Li NO . 1500.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1501.Pq Vt str 1502IPv6 functionality on an interface should be configured by 1503.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1504instead of setting ifconfig parameters in 1505.Va ifconfig_ Ns Aq Ar interface . 1506If this variable is empty, all of IPv6 configurations on the 1507specified interface by other variables such as 1508.Va ipv6_prefix_ Ns Ao Ar interface Ac 1509will be ignored. 1510.Pp 1511Aliases should be set by 1512.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1513with 1514.Dq Li inet6 1515keyword. 1516For example: 1517.Bd -literal 1518ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1519ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1520.Ed 1521.Pp 1522Interfaces that have an 1523.Dq Li inet6 accept_rtadv 1524keyword in 1525.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1526setting will be automatically configured by SLAAC 1527.Pq StateLess Address AutoConfiguration 1528described in 1529.Rs 1530.%T "RFC 4862" 1531.Re 1532.Pp 1533Note that a link-local address will be automatically configured in 1534addition to the configured global-scope addresses because the IPv6 1535specifications require it on each link. 1536The address is calculated from the MAC address by using an algorithm 1537defined in 1538.Rs 1539.%T "RFC 4862" 1540.%O "Section 5.3" 1541.Re 1542.Pp 1543If only a link-local address is needed on the interface, 1544the following configuration can be used: 1545.Bd -literal 1546ifconfig_ed0_ipv6="inet6 auto_linklocal" 1547.Ed 1548.Pp 1549A link-local address can also be configured manually. 1550This is useful for the default router address of an IPv6 router 1551so that it does not change when the network interface 1552card is replaced. 1553For example: 1554.Bd -literal 1555ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1556.Ed 1557.It Va ipv6_prefix_ Ns Aq Ar interface 1558.Pq Vt str 1559If one or more prefixes are defined in 1560.Va ipv6_prefix_ Ns Aq Ar interface 1561addresses based on each prefix and the EUI-64 interface index will be 1562configured on that interface. 1563Note that this variable will be ignored when 1564.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1565is empty. 1566.Pp 1567For example, the following configuration 1568.Bd -literal 1569ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1570.Ed 1571.Pp 1572is equivalent to the following: 1573.Bd -literal 1574ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1575ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1576ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1577ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1578.Ed 1579.Pp 1580These Subnet-Router anycast addresses will be added only when 1581.Va ipv6_gateway_enable 1582is YES. 1583.It Va ipv6_default_interface 1584.Pq Vt str 1585If not set to 1586.Dq Li NO , 1587this is the default output interface for scoped addresses. 1588This works only with ipv6_gateway_enable="NO". 1589.It Va ip6addrctl_enable 1590.Pq Vt bool 1591This variable is to enable configuring default address selection policy table 1592.Pq RFC 3484 . 1593The table can be specified in another variable 1594.Va ip6addrctl_policy . 1595For 1596.Va ip6addrctl_policy 1597the following keywords can be specified: 1598.Dq Li ipv4_prefer , 1599.Dq Li ipv6_prefer , 1600or 1601.Dq Li AUTO . 1602.Pp 1603If 1604.Dq Li ipv4_prefer 1605or 1606.Dq Li ipv6_prefer 1607is specified, 1608.Xr ip6addrctl 8 1609installs a pre-defined policy table described in Section 2.1 1610.Pq IPv6-preferred 1611or 10.3 1612.Pq IPv4-preferred 1613of RFC 3484. 1614.Pp 1615If 1616.Dq Li AUTO 1617is specified, it attempts to read a file 1618.Pa /etc/ip6addrctl.conf 1619first. 1620If this file is found, 1621.Xr ip6addrctl 8 1622reads and installs it. 1623If not found, a policy is automatically set 1624according to 1625.Va ipv6_activate_all_interfaces 1626variable; if the variable is set to 1627.Dq Li YES 1628the IPv6-preferred one is used. 1629Otherwise IPv4-preferred. 1630.Pp 1631The default value of 1632.Va ip6addrctl_enable 1633and 1634.Va ip6addrctl_policy 1635are 1636.Dq Li YES 1637and 1638.Dq Li AUTO , 1639respectively. 1640.It Va cloned_interfaces 1641.Pq Vt str 1642Set to the list of clonable network interfaces to create on this host. 1643Further cloning arguments may be passed to the 1644.Xr ifconfig 8 1645.Cm create 1646command for each interface by setting the 1647.Va create_args_ Ns Aq Ar interface 1648variable. 1649Entries in 1650.Va cloned_interfaces 1651are automatically appended to 1652.Va network_interfaces 1653for configuration. 1654.It Va fec_interfaces 1655.Pq Vt str 1656Set to the list of 1657.Xr ng_fec 4 1658Fast EtherChannel interfaces to configure on this host. 1659A 1660.Va fecconfig_ Ns Aq Ar interface 1661variable is assumed to exist for each value of 1662.Ar interface . 1663The value of this variable is used to configure link aggregated interfaces 1664according to the syntax of the 1665.Cm NGM_FEC_ADD_IFACE 1666to 1667.Xr ngctl 8 1668msg. 1669Additionally, this option ensures that each listed interface is created 1670via the 1671.Cm mkpeer 1672command to 1673.Xr ngctl 8 1674before attempting to configure it. 1675For example: 1676.Bd -literal 1677fec_interfaces="fec0" 1678fecconfig_fec0="em0 em1" 1679ifconfig_fec0="DHCP" 1680.Ed 1681.It Va gif_interfaces 1682.Pq Vt str 1683Set to the list of 1684.Xr gif 4 1685tunnel interfaces to configure on this host. 1686A 1687.Va gifconfig_ Ns Aq Ar interface 1688variable is assumed to exist for each value of 1689.Ar interface . 1690The value of this variable is used to configure the link layer of the 1691tunnel according to the syntax of the 1692.Cm tunnel 1693option to 1694.Xr ifconfig 8 . 1695Additionally, this option ensures that each listed interface is created 1696via the 1697.Cm create 1698option to 1699.Xr ifconfig 8 1700before attempting to configure it. 1701.It Va sppp_interfaces 1702.Pq Vt str 1703Set to the list of 1704.Xr sppp 4 1705interfaces to configure on this host. 1706A 1707.Va spppconfig_ Ns Aq Ar interface 1708variable is assumed to exist for each value of 1709.Ar interface . 1710Each interface should also be configured by a general 1711.Va ifconfig_ Ns Aq Ar interface 1712setting. 1713Refer to 1714.Xr spppcontrol 8 1715for more information about available options. 1716.It Va ppp_enable 1717.Pq Vt bool 1718If set to 1719.Dq Li YES , 1720run the 1721.Xr ppp 8 1722daemon. 1723.It Va ppp_profile 1724.Pq Vt str 1725The name of the profile to use from 1726.Pa /etc/ppp/ppp.conf . 1727Also used for per-profile overrides of 1728.Va ppp_mode 1729and 1730.Va ppp_nat , 1731and 1732.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1733When the profile name contains any of the characters 1734.Dq Li .-/+ 1735they are translated to 1736.Dq Li _ 1737for the proposes of the override variable names. 1738.It Va ppp_mode 1739.Pq Vt str 1740Mode in which to run the 1741.Xr ppp 8 1742daemon. 1743.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1744.Pq Vt str 1745Overrides the global 1746.Va ppp_mode 1747for 1748.Ar profile . 1749Accepted modes are 1750.Dq Li auto , 1751.Dq Li ddial , 1752.Dq Li direct 1753and 1754.Dq Li dedicated . 1755See the manual for a full description. 1756.It Va ppp_nat 1757.Pq Vt bool 1758If set to 1759.Dq Li YES , 1760enables network address translation. 1761Used in conjunction with 1762.Va gateway_enable 1763allows hosts on private network addresses access to the Internet using 1764this host as a network address translating router. 1765.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1766.Pq Vt str 1767Overrides the global 1768.Va ppp_nat 1769for 1770.Ar profile . 1771.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1772.Pq Vt int 1773Set the unit number to be used for this profile. 1774See the manual description of 1775.Fl unit Ns Ar N 1776for details. 1777.It Va ppp_user 1778.Pq Vt str 1779The name of the user under which 1780.Xr ppp 8 1781should be started. 1782By 1783default, 1784.Xr ppp 8 1785is started as 1786.Dq Li root . 1787.It Va rc_conf_files 1788.Pq Vt str 1789This option is used to specify a list of files that will override 1790the settings in 1791.Pa /etc/defaults/rc.conf . 1792The files will be read in the order in which they are specified and should 1793include the full path to the file. 1794By default, the files specified are 1795.Pa /etc/rc.conf 1796and 1797.Pa /etc/rc.conf.local 1798.It Va zfs_enable 1799.Pq Vt bool 1800If set to 1801.Dq Li YES , 1802.Pa /etc/rc.d/zfs 1803will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1804(ZVOLs). 1805.It Va gptboot_enable 1806.Pq Vt bool 1807If set to 1808.Dq Li YES , 1809.Pa /etc/rc.d/gptboot 1810will log if the system successfully (or not) booted from a GPT partition, 1811which had the 1812.Ar bootonce 1813attribute set using 1814.Xr gpart 8 1815utility. 1816.It Va gbde_autoattach_all 1817.Pq Vt bool 1818If set to 1819.Dq Li YES , 1820.Pa /etc/rc.d/gbde 1821will attempt to automatically initialize your .bde devices in 1822.Pa /etc/fstab . 1823.It Va gbde_devices 1824.Pq Vt str 1825List the devices that the script should try to attach, 1826or 1827.Dq Li AUTO . 1828.It Va gbde_lockdir 1829.Pq Vt str 1830The directory where the 1831.Xr gbde 4 1832lockfiles are located. 1833The default lockfile directory is 1834.Pa /etc . 1835.Pp 1836The lockfile for each individual 1837.Xr gbde 4 1838device can be overridden by setting the variable 1839.Va gbde_lock_ Ns Aq Ar device , 1840where 1841.Ar device 1842is the encrypted device without the 1843.Dq Pa /dev/ 1844and 1845.Dq Pa .bde 1846parts. 1847.It Va gbde_attach_attempts 1848.Pq Vt int 1849Number of times to attempt attaching to a 1850.Xr gbde 4 1851device, i.e., how many times the user is asked for the pass-phrase. 1852Default is 3. 1853.It Va geli_devices 1854.Pq Vt str 1855List of devices to automatically attach on boot. 1856Note that .eli devices from 1857.Pa /etc/fstab 1858are automatically appended to this list. 1859.It Va geli_tries 1860.Pq Vt int 1861Number of times user is asked for the pass-phrase. 1862If empty, it will be taken from 1863.Va kern.geom.eli.tries 1864sysctl variable. 1865.It Va geli_default_flags 1866.Pq Vt str 1867Default flags to use by 1868.Xr geli 8 1869when configuring disk encryption. 1870Flags can be configured for every device separately by defining 1871.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1872variable. 1873.It Va geli_autodetach 1874.Pq Vt str 1875Specifies if GELI devices should be marked for detach on last close after 1876file systems are mounted. 1877Default is 1878.Dq Li YES . 1879This can be changed for every device separately by defining 1880.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1881variable. 1882.It Va geli_swap_flags 1883Options passed to the 1884.Xr geli 8 1885utility when encrypted GEOM providers for swap partitions are created. 1886The default is 1887.Dq Li "-e aes -l 256 -s 4096 -d" . 1888.It Va root_rw_mount 1889.Pq Vt bool 1890Set to 1891.Dq Li YES 1892by default. 1893After the file systems are checked at boot time, the root file system 1894is remounted as read-write if this is set to 1895.Dq Li YES . 1896Diskless systems that mount their root file system from a read-only remote 1897NFS share should set this to 1898.Dq Li NO 1899in their 1900.Pa rc.conf . 1901.It Va fsck_y_enable 1902.Pq Vt bool 1903If set to 1904.Dq Li YES , 1905.Xr fsck 8 1906will be run with the 1907.Fl y 1908flag if the initial preen 1909of the file systems fails. 1910.It Va background_fsck 1911.Pq Vt bool 1912If set to 1913.Dq Li YES , 1914the system will attempt to run 1915.Xr fsck 8 1916in the background where possible. 1917.It Va background_fsck_delay 1918.Pq Vt int 1919The amount of time in seconds to sleep before starting a background 1920.Xr fsck 8 . 1921It defaults to sixty seconds to allow large applications such as 1922the X server to start before disk I/O bandwidth is monopolized by 1923.Xr fsck 8 . 1924If set to a negative number, the background file system check will be 1925delayed indefinitely to allow the administrator to run it at a more 1926convenient time. 1927For example it may be run from 1928.Xr cron 8 1929by adding a line like 1930.Pp 1931.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1932.Pp 1933to 1934.Pa /etc/crontab . 1935.It Va netfs_types 1936.Pq Vt str 1937List of file system types that are network-based. 1938This list should generally not be modified by end users. 1939Use 1940.Va extra_netfs_types 1941instead. 1942.It Va extra_netfs_types 1943.Pq Vt str 1944If set to something other than 1945.Dq Li NO 1946(the default), 1947this variable extends the list of file system types 1948for which automatic mounting at startup by 1949.Xr rc 8 1950should be delayed until the network is initialized. 1951It should contain 1952a whitespace-separated list of network file system descriptor pairs, 1953each consisting of a file system type as passed to 1954.Xr mount 8 1955and a human-readable, one-word description, 1956joined with a colon 1957.Pq Ql \&: . 1958Extending the default list in this way is only necessary 1959when third party file system types are used. 1960.It Va syslogd_enable 1961.Pq Vt bool 1962If set to 1963.Dq Li YES , 1964run the 1965.Xr syslogd 8 1966daemon. 1967.It Va syslogd_program 1968.Pq Vt str 1969Path to 1970.Xr syslogd 8 1971(default 1972.Pa /usr/sbin/syslogd ) . 1973.It Va syslogd_flags 1974.Pq Vt str 1975If 1976.Va syslogd_enable 1977is set to 1978.Dq Li YES , 1979these are the flags to pass to 1980.Xr syslogd 8 . 1981.It Va inetd_enable 1982.Pq Vt bool 1983If set to 1984.Dq Li YES , 1985run the 1986.Xr inetd 8 1987daemon. 1988.It Va inetd_program 1989.Pq Vt str 1990Path to 1991.Xr inetd 8 1992(default 1993.Pa /usr/sbin/inetd ) . 1994.It Va inetd_flags 1995.Pq Vt str 1996If 1997.Va inetd_enable 1998is set to 1999.Dq Li YES , 2000these are the flags to pass to 2001.Xr inetd 8 . 2002.It Va hastd_enable 2003.Pq Vt bool 2004If set to 2005.Dq Li YES , 2006run the 2007.Xr hastd 8 2008daemon. 2009.It Va hastd_program 2010.Pq Vt str 2011Path to 2012.Xr hastd 8 2013(default 2014.Pa /sbin/hastd ) . 2015.It Va hastd_flags 2016.Pq Vt str 2017If 2018.Va hastd_enable 2019is set to 2020.Dq Li YES , 2021these are the flags to pass to 2022.Xr hastd 8 . 2023.It Va named_enable 2024.Pq Vt bool 2025If set to 2026.Dq Li YES , 2027run the 2028.Xr named 8 2029daemon. 2030.It Va named_program 2031.Pq Vt str 2032Path to 2033.Xr named 8 2034(default 2035.Pa /usr/sbin/named ) . 2036.It Va named_conf 2037.Pq Vt str 2038Path to 2039.Xr named 8 2040configuration file, (default 2041.Pa /etc/namedb/named.conf ) . 2042.It Va named_flags 2043.Pq Vt str 2044If 2045.Va named_enable 2046is set to 2047.Dq Li YES , 2048these are the flags to pass to 2049.Xr named 8 . 2050.It Va named_uid 2051.Pq Vt str 2052The user that the 2053.Xr named 8 2054process should be run as. 2055.It Va named_chrootdir 2056.Pq Vt str 2057The root directory for a name server run in a 2058.Xr chroot 8 2059environment (default 2060.Pa /var/named ) . 2061If left empty 2062.Xr named 8 2063will not be run in a 2064.Xr chroot 8 2065environment. 2066.It Va named_chroot_autoupdate 2067.Pq Vt bool 2068Set to 2069.Dq Li NO 2070to disable automatic update of the 2071.Xr chroot 8 2072environment. 2073.It Va named_symlink_enable 2074.Pq Vt bool 2075Set to 2076.Dq Li NO 2077to disable symlinking of 2078daemon's PID file 2079into the 2080.Xr chroot 8 2081environment. 2082.It Va named_wait 2083.Pq Vt bool 2084Set to have 2085.Pa /etc/rc.d/named 2086loop until working name service is established. 2087.It Va named_wait_host 2088.Pq Vt str 2089Name of host to lookup for the named_wait option. 2090(Default localhost) 2091.It Va named_auto_forward 2092.Pq Vt bool 2093Set to enable automatic creation of a forwarder 2094configuration file derived from 2095.Pa /etc/resolv.conf . 2096.It Va named_auto_forward_only 2097.Pq Vt bool 2098Set to change the default forwarder configuration from 2099.Dq forward first 2100to 2101.Dq forward only . 2102.It Va kerberos5_server_enable 2103.Pq Vt bool 2104Set to 2105.Dq Li YES 2106to start a Kerberos 5 authentication server 2107at boot time. 2108.It Va kerberos5_server 2109.Pq Vt str 2110If 2111.Va kerberos5_server_enable 2112is set to 2113.Dq Li YES 2114this is the path to Kerberos 5 Authentication Server. 2115.It Va kerberos5_server_flags 2116.Pq Vt str 2117Empty by default. 2118This variable contains additional flags to be passed to the Kerberos 5 2119authentication server. 2120.It Va kadmind5_server_enable 2121.Pq Vt bool 2122Set to 2123.Dq Li YES 2124to start 2125.Xr kadmind 8 , 2126the Kerberos 5 Administration Daemon; set to 2127.Dq Li NO 2128on a slave server. 2129.It Va kadmind5_server 2130.Pq Vt str 2131If 2132.Va kadmind5_server_enable 2133is set to 2134.Dq Li YES 2135this is the path to Kerberos 5 Administration Daemon. 2136.It Va kpasswdd_server_enable 2137.Pq Vt bool 2138Set to 2139.Dq Li YES 2140to start 2141.Xr kpasswdd 8 , 2142the Kerberos 5 Password-Changing Daemon; set to 2143.Dq Li NO 2144on a slave server. 2145.It Va kpasswdd_server 2146.Pq Vt str 2147If 2148.Va kpasswdd_server_enable 2149is set to 2150.Dq Li YES 2151this is the path to Kerberos 5 Password-Changing Daemon. 2152.It Va kfd_enable 2153.Pq Vt bool 2154Set to 2155.Dq Li YES 2156to start 2157.Xr kfd 8 , 2158the Kerberos 5 ticket forwarding daemon, at the boot time. 2159.It Va kfd_program 2160.Pq Vt str 2161Path to 2162.Xr kfd 8 2163(default 2164.Pa /usr/libexec/kfd ) . 2165.It Va rwhod_enable 2166.Pq Vt bool 2167If set to 2168.Dq Li YES , 2169run the 2170.Xr rwhod 8 2171daemon at boot time. 2172.It Va rwhod_flags 2173.Pq Vt str 2174If 2175.Va rwhod_enable 2176is set to 2177.Dq Li YES , 2178these are the flags to pass to it. 2179.It Va amd_enable 2180.Pq Vt bool 2181If set to 2182.Dq Li YES , 2183run the 2184.Xr amd 8 2185daemon at boot time. 2186.It Va amd_flags 2187.Pq Vt str 2188If 2189.Va amd_enable 2190is set to 2191.Dq Li YES , 2192these are the flags to pass to it. 2193See the 2194.Xr amd 8 2195manpage for more information. 2196.It Va amd_map_program 2197.Pq Vt str 2198If set, 2199the specified program is run to get the list of 2200.Xr amd 8 2201maps. 2202For example, if the 2203.Xr amd 8 2204maps are stored in NIS, one can set this to 2205run 2206.Xr ypcat 1 2207to get a list of 2208.Xr amd 8 2209maps from the 2210.Pa amd.master 2211NIS map. 2212.It Va update_motd 2213.Pq Vt bool 2214If set to 2215.Dq Li YES , 2216.Pa /etc/motd 2217will be updated at boot time to reflect the kernel release 2218being run. 2219If set to 2220.Dq Li NO , 2221.Pa /etc/motd 2222will not be updated. 2223.It Va nfs_client_enable 2224.Pq Vt bool 2225If set to 2226.Dq Li YES , 2227run the NFS client daemons at boot time. 2228.It Va nfs_access_cache 2229.Pq Vt int 2230If 2231.Va nfs_client_enable 2232is set to 2233.Dq Li YES , 2234this can be set to 2235.Dq Li 0 2236to disable NFS ACCESS RPC caching, or to the number of seconds for which 2237NFS ACCESS 2238results should be cached. 2239A value of 2-10 seconds will substantially reduce network 2240traffic for many NFS operations. 2241.It Va nfs_server_enable 2242.Pq Vt bool 2243If set to 2244.Dq Li YES , 2245run the NFS server daemons at boot time. 2246.It Va nfs_server_flags 2247.Pq Vt str 2248If 2249.Va nfs_server_enable 2250is set to 2251.Dq Li YES , 2252these are the flags to pass to the 2253.Xr nfsd 8 2254daemon. 2255.It Va nfsv4_server_enable 2256.Pq Vt bool 2257If 2258.Va nfs_server_enable 2259is set to 2260.Dq Li YES 2261and 2262.Va nfsv4_server_enable 2263are set to 2264.Dq Li YES , 2265enable the server for NFSv4 as well as NFSv2 and NFSv3. 2266.It Va nfsuserd_enable 2267.Pq Vt bool 2268If 2269.Va nfsuserd_enable 2270is set to 2271.Dq Li YES , 2272run the nfsuserd daemon, which is needed for NFSv4 in order 2273to map between user/group names vs uid/gid numbers. 2274If 2275.Va nfsv4_server_enable 2276is set to 2277.Dq Li YES , 2278this will be forced enabled. 2279.It Va nfsuserd_flags 2280.Pq Vt str 2281If 2282.Va nfsuserd_enable 2283is set to 2284.Dq Li YES , 2285these are the flags to pass to the 2286.Xr nfsuserd 8 2287daemon. 2288.It Va nfscbd_enable 2289.Pq Vt bool 2290If 2291.Va nfscbd_enable 2292is set to 2293.Dq Li YES , 2294run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2295.It Va nfscbd_flags 2296.Pq Vt str 2297If 2298.Va nfscbd_enable 2299is set to 2300.Dq Li YES , 2301these are the flags to pass to the 2302.Xr nfscbd 8 2303daemon. 2304.It Va oldnfs_server_enable 2305.Pq Vt bool 2306If 2307.Va oldnfs_server_enable 2308is set to 2309.Dq Li YES , 2310force the NFS server daemons to run the old NFS server code 2311that does not support NFSv4. 2312.It Va mountd_enable 2313.Pq Vt bool 2314If set to 2315.Dq Li YES , 2316and no 2317.Va nfs_server_enable 2318is set, start 2319.Xr mountd 8 , 2320but not 2321.Xr nfsd 8 2322daemon. 2323It is commonly needed to run CFS without real NFS used. 2324.It Va mountd_flags 2325.Pq Vt str 2326If 2327.Va mountd_enable 2328is set to 2329.Dq Li YES , 2330these are the flags to pass to the 2331.Xr mountd 8 2332daemon. 2333.It Va weak_mountd_authentication 2334.Pq Vt bool 2335If set to 2336.Dq Li YES , 2337allow services like PCNFSD to make non-privileged mount 2338requests. 2339.It Va nfs_reserved_port_only 2340.Pq Vt bool 2341If set to 2342.Dq Li YES , 2343provide NFS services only on a secure port. 2344.It Va nfs_bufpackets 2345.Pq Vt int 2346If set to a number, indicates the number of packets worth of 2347socket buffer space to reserve on an NFS client. 2348The kernel default is typically 4. 2349Using a higher number may be 2350useful on gigabit networks to improve performance. 2351The minimum value is 23522 and the maximum is 64. 2353.It Va rpc_lockd_enable 2354.Pq Vt bool 2355If set to 2356.Dq Li YES 2357and also an NFS server or client, run 2358.Xr rpc.lockd 8 2359at boot time. 2360.It Va rpc_lockd_flags 2361.Pq Vt str 2362If 2363.Va rpc_lockd_enable 2364is set to 2365.Dq Li YES , 2366these are the flags to pass to the 2367.Xr rpc.lockd 8 2368daemon. 2369.It Va rpc_statd_enable 2370.Pq Vt bool 2371If set to 2372.Dq Li YES 2373and also an NFS server or client, run 2374.Xr rpc.statd 8 2375at boot time. 2376.It Va rpc_statd_flags 2377.Pq Vt str 2378If 2379.Va rpc_statd_enable 2380is set to 2381.Dq Li YES , 2382these are the flags to pass to the 2383.Xr rpc.statd 8 2384daemon. 2385.It Va rpcbind_program 2386.Pq Vt str 2387Path to 2388.Xr rpcbind 8 2389(default 2390.Pa /usr/sbin/rpcbind ) . 2391.It Va rpcbind_enable 2392.Pq Vt bool 2393If set to 2394.Dq Li YES , 2395run the 2396.Xr rpcbind 8 2397service at boot time. 2398.It Va rpcbind_flags 2399.Pq Vt str 2400If 2401.Va rpcbind_enable 2402is set to 2403.Dq Li YES , 2404these are the flags to pass to the 2405.Xr rpcbind 8 2406daemon. 2407.It Va keyserv_enable 2408.Pq Vt bool 2409If set to 2410.Dq Li YES , 2411run the 2412.Xr keyserv 8 2413daemon on boot for running Secure RPC. 2414.It Va keyserv_flags 2415.Pq Vt str 2416If 2417.Va keyserv_enable 2418is set to 2419.Dq Li YES , 2420these are the flags to pass to 2421.Xr keyserv 8 2422daemon. 2423.It Va pppoed_enable 2424.Pq Vt bool 2425If set to 2426.Dq Li YES , 2427run the 2428.Xr pppoed 8 2429daemon at boot time to provide PPP over Ethernet services. 2430.It Va pppoed_ Ns Aq Ar provider 2431.Pq Vt str 2432.Xr pppoed 8 2433listens to requests to this 2434.Ar provider 2435and ultimately runs 2436.Xr ppp 8 2437with a 2438.Ar system 2439argument of the same name. 2440.It Va pppoed_flags 2441.Pq Vt str 2442Additional flags to pass to 2443.Xr pppoed 8 . 2444.It Va pppoed_interface 2445.Pq Vt str 2446The network interface to run 2447.Xr pppoed 8 2448on. 2449This is mandatory when 2450.Va pppoed_enable 2451is set to 2452.Dq Li YES . 2453.It Va timed_enable 2454.Pq Vt bool 2455If set to 2456.Dq Li YES , 2457run the 2458.Xr timed 8 2459service at boot time. 2460This command is intended for networks of 2461machines where a consistent 2462.Dq "network time" 2463for all hosts must be established. 2464This is often useful in large NFS 2465environments where time stamps on files are expected to be consistent 2466network-wide. 2467.It Va timed_flags 2468.Pq Vt str 2469If 2470.Va timed_enable 2471is set to 2472.Dq Li YES , 2473these are the flags to pass to the 2474.Xr timed 8 2475service. 2476.It Va ntpdate_enable 2477.Pq Vt bool 2478If set to 2479.Dq Li YES , 2480run 2481.Xr ntpdate 8 2482at system startup. 2483This command is intended to 2484synchronize the system clock only 2485.Em once 2486from some standard reference. 2487.It Va ntpdate_config 2488.Pq Vt str 2489Configuration file for 2490.Xr ntpdate 8 . 2491Default 2492.Pa /etc/ntp.conf . 2493.It Va ntpdate_hosts 2494.Pq Vt str 2495A whitespace-separated list of NTP servers to synchronize with at startup. 2496The default is to use the servers listed in 2497.Va ntpdate_config , 2498if that file exists. 2499.It Va ntpdate_program 2500.Pq Vt str 2501Path to 2502.Xr ntpdate 8 2503(default 2504.Pa /usr/sbin/ntpdate ) . 2505.It Va ntpdate_flags 2506.Pq Vt str 2507If 2508.Va ntpdate_enable 2509is set to 2510.Dq Li YES , 2511these are the flags to pass to the 2512.Xr ntpdate 8 2513command (typically a hostname). 2514.It Va ntpd_enable 2515.Pq Vt bool 2516If set to 2517.Dq Li YES , 2518run the 2519.Xr ntpd 8 2520command at boot time. 2521.It Va ntpd_program 2522.Pq Vt str 2523Path to 2524.Xr ntpd 8 2525(default 2526.Pa /usr/sbin/ntpd ) . 2527.It Va ntpd_config 2528.Pq Vt str 2529Path to 2530.Xr ntpd 8 2531configuration file. 2532Default 2533.Pa /etc/ntp.conf . 2534.It Va ntpd_flags 2535.Pq Vt str 2536If 2537.Va ntpd_enable 2538is set to 2539.Dq Li YES , 2540these are the flags to pass to the 2541.Xr ntpd 8 2542daemon. 2543.It Va ntpd_sync_on_start 2544.Pq Vt bool 2545If set to 2546.Dq Li YES , 2547.Xr ntpd 8 2548is run with the 2549.Fl g 2550flag, which syncs the system's clock on startup. 2551See 2552.Xr ntpd 8 2553for more information regarding the 2554.Fl g 2555option. 2556This is a preferred alternative to using 2557.Xr ntpdate 8 2558or specifying the 2559.Va ntpdate_enable 2560variable. 2561.It Va nis_client_enable 2562.Pq Vt bool 2563If set to 2564.Dq Li YES , 2565run the 2566.Xr ypbind 8 2567service at system boot time. 2568.It Va nis_client_flags 2569.Pq Vt str 2570If 2571.Va nis_client_enable 2572is set to 2573.Dq Li YES , 2574these are the flags to pass to the 2575.Xr ypbind 8 2576service. 2577.It Va nis_ypset_enable 2578.Pq Vt bool 2579If set to 2580.Dq Li YES , 2581run the 2582.Xr ypset 8 2583daemon at system boot time. 2584.It Va nis_ypset_flags 2585.Pq Vt str 2586If 2587.Va nis_ypset_enable 2588is set to 2589.Dq Li YES , 2590these are the flags to pass to the 2591.Xr ypset 8 2592daemon. 2593.It Va nis_server_enable 2594.Pq Vt bool 2595If set to 2596.Dq Li YES , 2597run the 2598.Xr ypserv 8 2599daemon at system boot time. 2600.It Va nis_server_flags 2601.Pq Vt str 2602If 2603.Va nis_server_enable 2604is set to 2605.Dq Li YES , 2606these are the flags to pass to the 2607.Xr ypserv 8 2608daemon. 2609.It Va nis_ypxfrd_enable 2610.Pq Vt bool 2611If set to 2612.Dq Li YES , 2613run the 2614.Xr rpc.ypxfrd 8 2615daemon at system boot time. 2616.It Va nis_ypxfrd_flags 2617.Pq Vt str 2618If 2619.Va nis_ypxfrd_enable 2620is set to 2621.Dq Li YES , 2622these are the flags to pass to the 2623.Xr rpc.ypxfrd 8 2624daemon. 2625.It Va nis_yppasswdd_enable 2626.Pq Vt bool 2627If set to 2628.Dq Li YES , 2629run the 2630.Xr rpc.yppasswdd 8 2631daemon at system boot time. 2632.It Va nis_yppasswdd_flags 2633.Pq Vt str 2634If 2635.Va nis_yppasswdd_enable 2636is set to 2637.Dq Li YES , 2638these are the flags to pass to the 2639.Xr rpc.yppasswdd 8 2640daemon. 2641.It Va rpc_ypupdated_enable 2642.Pq Vt bool 2643If set to 2644.Dq Li YES , 2645run the 2646.Nm rpc.ypupdated 2647daemon at system boot time. 2648.It Va bsnmpd_enable 2649.Pq Vt bool 2650If set to 2651.Dq Li YES , 2652run the 2653.Xr bsnmpd 1 2654daemon at system boot time. 2655Be sure to understand the security implications of running SNMP daemon 2656on your host. 2657.It Va bsnmpd_flags 2658.Pq Vt str 2659If 2660.Va bsnmpd_enable 2661is set to 2662.Dq Li YES , 2663these are the flags to pass to the 2664.Xr bsnmpd 1 2665daemon. 2666.It Va defaultrouter 2667.Pq Vt str 2668If not set to 2669.Dq Li NO , 2670create a default route to this host name or IP address 2671(use an IP address if this router is also required to get to the 2672name server!). 2673.It Va ipv6_defaultrouter 2674.Pq Vt str 2675The IPv6 equivalent of 2676.Va defaultrouter . 2677.It Va static_arp_pairs 2678.Pq Vt str 2679Set to the list of static ARP pairs that are to be added at system 2680boot time. 2681For each whitespace separated 2682.Ar element 2683in the value, a 2684.Va static_arp_ Ns Aq Ar element 2685variable is assumed to exist whose contents will later be passed to a 2686.Dq Nm arp Cm -S 2687operation. 2688For example 2689.Bd -literal 2690static_arp_pairs="gw" 2691static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2692.Ed 2693.It Va static_ndp_pairs 2694.Pq Vt str 2695Set to the list of static NDP pairs that are to be added at system 2696boot time. 2697For each whitespace separated 2698.Ar element 2699in the value, a 2700.Va static_ndp_ Ns Aq Ar element 2701variable is assumed to exist whose contents will later be passed to a 2702.Dq Nm ndp Cm -s 2703operation. 2704For example 2705.Bd -literal 2706static_ndp_pairs="gw" 2707static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2708.Ed 2709.It Va static_routes 2710.Pq Vt str 2711Set to the list of static routes that are to be added at system 2712boot time. 2713If not set to 2714.Dq Li NO 2715then for each whitespace separated 2716.Ar element 2717in the value, a 2718.Va route_ Ns Aq Ar element 2719variable is assumed to exist 2720whose contents will later be passed to a 2721.Dq Nm route Cm add 2722operation. 2723For example: 2724.Bd -literal 2725static_routes="ext mcast:gif0 gif0local:gif0" 2726route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2727route_mcast="-net 224.0.0.0/4 -iface gif0" 2728route_gif0local="-host 169.254.1.1 -iface lo0" 2729.Ed 2730.Pp 2731When an 2732.Ar element 2733is in the form of 2734.Li name:ifname , 2735the route is specific to the interface 2736.Li ifname . 2737.It Va ipv6_static_routes 2738.Pq Vt str 2739The IPv6 equivalent of 2740.Va static_routes . 2741If not set to 2742.Dq Li NO 2743then for each whitespace separated 2744.Ar element 2745in the value, a 2746.Va ipv6_route_ Ns Aq Ar element 2747variable is assumed to exist 2748whose contents will later be passed to a 2749.Dq Nm route Cm add Fl inet6 2750operation. 2751.It Va natm_static_routes 2752.Pq Vt str 2753The 2754.Xr natmip 4 2755equivalent of 2756.Va static_routes . 2757If not empty then for each whitespace separated 2758.Ar element 2759in the value, a 2760.Va route_ Ns Aq Ar element 2761variable is assumed to exist whose contents will later be passed to a 2762.Dq Nm atmconfig Cm natm Cm add 2763operation. 2764.It Va gateway_enable 2765.Pq Vt bool 2766If set to 2767.Dq Li YES , 2768configure host to act as an IP router, e.g.\& to forward packets 2769between interfaces. 2770.It Va ipv6_gateway_enable 2771.Pq Vt bool 2772The IPv6 equivalent of 2773.Va gateway_enable . 2774.It Va routed_enable 2775.Pq Vt bool 2776If set to 2777.Dq Li YES , 2778run a routing daemon of some sort, based on the 2779settings of 2780.Va routed_program 2781and 2782.Va routed_flags . 2783.It Va route6d_enable 2784.Pq Vt bool 2785The IPv6 equivalent of 2786.Va routed_enable . 2787If set to 2788.Dq Li YES , 2789run a routing daemon of some sort, based on the 2790settings of 2791.Va route6d_program 2792and 2793.Va route6d_flags . 2794.It Va routed_program 2795.Pq Vt str 2796If 2797.Va routed_enable 2798is set to 2799.Dq Li YES , 2800this is the name of the routing daemon to use. 2801.It Va route6d_program 2802.Pq Vt str 2803The IPv6 equivalent of 2804.Va routed_program . 2805.It Va routed_flags 2806.Pq Vt str 2807If 2808.Va routed_enable 2809is set to 2810.Dq Li YES , 2811these are the flags to pass to the routing daemon. 2812.It Va route6d_flags 2813.Pq Vt str 2814The IPv6 equivalent of 2815.Va routed_flags . 2816.It Va mrouted_enable 2817.Pq Vt bool 2818If set to 2819.Dq Li YES , 2820run the multicast routing daemon, 2821.Xr mrouted 8 . 2822.It Va mroute6d_enable 2823.Pq Vt bool 2824The IPv6 equivalent of 2825.Va mrouted_enable . 2826If set to 2827.Dq Li YES , 2828run the IPv6 multicast routing daemon. 2829.Pp 2830Note that multicast routing daemons are no longer included in the 2831.Fx 2832base system, however, both 2833.Xr mrouted 8 2834and 2835.Xr pim6dd 8 2836may be installed from the 2837.Fx 2838Ports Collection. 2839.It Va mrouted_flags 2840.Pq Vt str 2841If 2842.Va mrouted_enable 2843is set to 2844.Dq Li YES , 2845these are the flags to pass to the 2846.Xr mrouted 8 2847daemon. 2848.It Va mroute6d_flags 2849.Pq Vt str 2850The IPv6 equivalent of 2851.Va mrouted_flags . 2852If 2853.Va mroute6d_enable 2854is set to 2855.Dq Li YES , 2856these are the flags passed to the IPv6 multicast routing daemon. 2857.It Va mroute6d_program 2858.Pq Vt str 2859If 2860.Va mroute6d_enable 2861is set to 2862.Dq Li YES , 2863this is the path to the IPv6 multicast routing daemon. 2864.It Va rtadvd_enable 2865.Pq Vt bool 2866If set to 2867.Dq Li YES , 2868run the 2869.Xr rtadvd 8 2870daemon at boot time. 2871The 2872.Xr rtadvd 8 2873utility sends ICMPv6 Router Advertisement messages to 2874the interfaces specified in 2875.Va rtadvd_interfaces . 2876This should only be enabled with great care. 2877You may want to fine-tune 2878.Xr rtadvd.conf 5 . 2879.It Va rtadvd_interfaces 2880.Pq Vt str 2881If 2882.Va rtadvd_enable 2883is set to 2884.Dq Li YES 2885this is the list of interfaces to use. 2886.It Va ipxgateway_enable 2887.Pq Vt bool 2888If set to 2889.Dq Li YES , 2890enable the routing of IPX traffic. 2891.It Va ipxrouted_enable 2892.Pq Vt bool 2893If set to 2894.Dq Li YES , 2895run the 2896.Xr IPXrouted 8 2897daemon at system boot time. 2898.It Va ipxrouted_flags 2899.Pq Vt str 2900If 2901.Va ipxrouted_enable 2902is set to 2903.Dq Li YES , 2904these are the flags to pass to the 2905.Xr IPXrouted 8 2906daemon. 2907.It Va arpproxy_all 2908.Pq Vt bool 2909If set to 2910.Dq Li YES , 2911enable global proxy ARP. 2912.It Va forward_sourceroute 2913.Pq Vt bool 2914If set to 2915.Dq Li YES 2916and 2917.Va gateway_enable 2918is also set to 2919.Dq Li YES , 2920source-routed packets are forwarded. 2921.It Va accept_sourceroute 2922.Pq Vt bool 2923If set to 2924.Dq Li YES , 2925the system will accept source-routed packets directed at it. 2926.It Va rarpd_enable 2927.Pq Vt bool 2928If set to 2929.Dq Li YES , 2930run the 2931.Xr rarpd 8 2932daemon at system boot time. 2933.It Va rarpd_flags 2934.Pq Vt str 2935If 2936.Va rarpd_enable 2937is set to 2938.Dq Li YES , 2939these are the flags to pass to the 2940.Xr rarpd 8 2941daemon. 2942.It Va bootparamd_enable 2943.Pq Vt bool 2944If set to 2945.Dq Li YES , 2946run the 2947.Xr bootparamd 8 2948daemon at system boot time. 2949.It Va bootparamd_flags 2950.Pq Vt str 2951If 2952.Va bootparamd_enable 2953is set to 2954.Dq Li YES , 2955these are the flags to pass to the 2956.Xr bootparamd 8 2957daemon. 2958.It Va stf_interface_ipv4addr 2959.Pq Vt str 2960If not set to 2961.Dq Li NO , 2962this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2963interface). 2964Specify this entry to enable the 6to4 interface. 2965.It Va stf_interface_ipv4plen 2966.Pq Vt int 2967Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2968An effective value is 0-31. 2969.It Va stf_interface_ipv6_ifid 2970.Pq Vt str 2971IPv6 interface ID for 2972.Xr stf 4 . 2973This can be set to 2974.Dq Li AUTO . 2975.It Va stf_interface_ipv6_slaid 2976.Pq Vt str 2977IPv6 Site Level Aggregator for 2978.Xr stf 4 . 2979.It Va ipv6_faith_prefix 2980.Pq Vt str 2981If not set to 2982.Dq Li NO , 2983this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2984translator. 2985You also need 2986.Xr faithd 8 2987setup. 2988.It Va ipv6_ipv4mapping 2989.Pq Vt bool 2990If set to 2991.Dq Li YES 2992this enables IPv4 mapped IPv6 address communication (like 2993.Li ::ffff:a.b.c.d ) . 2994.It Va rtsold_enable 2995.Pq Vt bool 2996Set to 2997.Dq Li YES 2998to enable the 2999.Xr rtsold 8 3000daemon to send ICMPv6 Router Solicitation messages. 3001.It Va rtsold_flags 3002.Pq Vt str 3003If 3004.Va rtsold_enable 3005is set to 3006.Dq Li YES , 3007these are the flags to pass to 3008.Xr rtsold 8 . 3009.It Va rtsol_flags 3010.Pq Vt str 3011For interfaces configured with the 3012.Dq Li inet6 accept_rtadv 3013keyword, these are the flags to pass to 3014.Xr rtsol 8 . 3015.Pp 3016Note that 3017.Va rtsold_enable 3018is mutually exclusive to 3019.Va rtsol_flags ; 3020.Va rtsold_enable 3021takes precedence. 3022.It Va atm_enable 3023.Pq Vt bool 3024Set to 3025.Dq Li YES 3026to enable the configuration of ATM interfaces at system boot time. 3027For all of the ATM variables described below, please refer to the 3028.Xr atm 8 3029manual page for further details on the available command parameters. 3030Also refer to the files in 3031.Pa /usr/share/examples/atm 3032for more detailed configuration information. 3033.It Va atm_load 3034.Pq Vt str 3035This is a list of physical ATM interface drivers to load. 3036Typical values are 3037.Dq Li hfa_pci 3038and/or 3039.Dq Li hea_pci . 3040.It Va atm_netif_ Ns Aq Ar intf 3041.Pq Vt str 3042For the ATM physical interface 3043.Ar intf , 3044this variable defines the name prefix and count for the ATM network 3045interfaces to be created. 3046The value will be passed as the parameters of an 3047.Dq Nm atm Cm "set netif" Ar intf 3048command. 3049.It Va atm_sigmgr_ Ns Aq Ar intf 3050.Pq Vt str 3051For the ATM physical interface 3052.Ar intf , 3053this variable defines the ATM signalling manager to be used. 3054The value will be passed as the parameters of an 3055.Dq Nm atm Cm attach Ar intf 3056command. 3057.It Va atm_prefix_ Ns Aq Ar intf 3058.Pq Vt str 3059For the ATM physical interface 3060.Ar intf , 3061this variable defines the NSAP prefix for interfaces using a UNI signalling 3062manager. 3063If set to 3064.Dq Li ILMI , 3065the prefix will automatically be set via the 3066.Xr ilmid 8 3067daemon. 3068Otherwise, the value will be passed as the parameters of an 3069.Dq Nm atm Cm "set prefix" Ar intf 3070command. 3071.It Va atm_macaddr_ Ns Aq Ar intf 3072.Pq Vt str 3073For the ATM physical interface 3074.Ar intf , 3075this variable defines the MAC address for interfaces using a UNI signalling 3076manager. 3077If set to 3078.Dq Li NO , 3079the hardware MAC address contained in the ATM interface card will be used. 3080Otherwise, the value will be passed as the parameters of an 3081.Dq Nm atm Cm "set mac" Ar intf 3082command. 3083.It Va atm_arpserver_ Ns Aq Ar netif 3084.Pq Vt str 3085For the ATM network interface 3086.Ar netif , 3087this variable defines the ATM address for a host which is to provide ATMARP 3088service. 3089This variable is only applicable to interfaces using a UNI signalling 3090manager. 3091If set to 3092.Dq Li local , 3093this host will become an ATMARP server. 3094The value will be passed as the parameters of an 3095.Dq Nm atm Cm "set arpserver" Ar netif 3096command. 3097.It Va atm_scsparp_ Ns Aq Ar netif 3098.Pq Vt bool 3099If set to 3100.Dq Li YES , 3101SCSP/ATMARP service for the network interface 3102.Ar netif 3103will be initiated using the 3104.Xr scspd 8 3105and 3106.Xr atmarpd 8 3107daemons. 3108This variable is only applicable if 3109.Va atm_arpserver_ Ns Aq Ar netif 3110is set to 3111.Dq Li local . 3112.It Va atm_pvcs 3113.Pq Vt str 3114Set to the list of ATM PVCs to be added at system 3115boot time. 3116For each whitespace separated 3117.Ar element 3118in the value, an 3119.Va atm_pvc_ Ns Aq Ar element 3120variable is assumed to exist. 3121The value of each of these variables 3122will be passed as the parameters of an 3123.Dq Nm atm Cm "add pvc" 3124command. 3125.It Va atm_arps 3126.Pq Vt str 3127Set to the list of permanent ATM ARP entries to be added 3128at system boot time. 3129For each whitespace separated 3130.Ar element 3131in the value, an 3132.Va atm_arp_ Ns Aq Ar element 3133variable is assumed to exist. 3134The value of each of these variables 3135will be passed as the parameters of an 3136.Dq Nm atm Cm "add arp" 3137command. 3138.It Va natm_interfaces 3139.Pq Vt str 3140Set to the list of 3141.Xr natm 4 3142interfaces that will also be used for HARP through 3143.Xr harp 4 . 3144If this list is not empty all interfaces in the list will be brought up 3145with 3146.Xr ifconfig 8 3147and 3148.Xr harp 4 3149will be loaded. 3150For this to work the interface drivers must be either compiled into the 3151kernel or must reside on the root partition. 3152.It Va keybell 3153.Pq Vt str 3154The keyboard bell sound. 3155Set to 3156.Dq Li normal , 3157.Dq Li visual , 3158.Dq Li off , 3159or 3160.Dq Li NO 3161if the default behavior is desired. 3162For details, refer to the 3163.Xr kbdcontrol 1 3164manpage. 3165.It Va keyboard 3166.Pq Vt str 3167If set to a non-null string, the virtual console's keyboard input is 3168set to this device. 3169.It Va keymap 3170.Pq Vt str 3171If set to 3172.Dq Li NO , 3173no keymap is installed, otherwise the value is used to install 3174the keymap file in 3175.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3176.It Va keyrate 3177.Pq Vt str 3178The keyboard repeat speed. 3179Set to 3180.Dq Li slow , 3181.Dq Li normal , 3182.Dq Li fast , 3183or 3184.Dq Li NO 3185if the default behavior is desired. 3186.It Va keychange 3187.Pq Vt str 3188If not set to 3189.Dq Li NO , 3190attempt to program the function keys with the value. 3191The value should 3192be a single string of the form: 3193.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3194.It Va cursor 3195.Pq Vt str 3196Can be set to the value of 3197.Dq Li normal , 3198.Dq Li blink , 3199.Dq Li destructive , 3200or 3201.Dq Li NO 3202to set the cursor behavior explicitly or choose the default behavior. 3203.It Va scrnmap 3204.Pq Vt str 3205If set to 3206.Dq Li NO , 3207no screen map is installed, otherwise the value is used to install 3208the screen map file in 3209.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3210.It Va font8x16 3211.Pq Vt str 3212If set to 3213.Dq Li NO , 3214the default 8x16 font value is used for screen size requests, otherwise 3215the value in 3216.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3217is used. 3218.It Va font8x14 3219.Pq Vt str 3220If set to 3221.Dq Li NO , 3222the default 8x14 font value is used for screen size requests, otherwise 3223the value in 3224.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3225is used. 3226.It Va font8x8 3227.Pq Vt str 3228If set to 3229.Dq Li NO , 3230the default 8x8 font value is used for screen size requests, otherwise 3231the value in 3232.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3233is used. 3234.It Va blanktime 3235.Pq Vt int 3236If set to 3237.Dq Li NO , 3238the default screen blanking interval is used, otherwise it is set 3239to 3240.Ar value 3241seconds. 3242.It Va saver 3243.Pq Vt str 3244If not set to 3245.Dq Li NO , 3246this is the actual screen saver to use 3247.Li ( blank , snake , daemon , 3248etc). 3249.It Va moused_nondefault_enable 3250.Pq Vt str 3251If set to 3252.Dq Li NO , 3253the mouse device specified on 3254the command line is not automatically treated as enabled by the 3255.Pa /etc/rc.d/moused 3256script. 3257Having this variable set to 3258.Dq Li YES 3259allows a 3260.Xr usb 4 3261mouse, 3262for example, 3263to be enabled as soon as it is plugged in. 3264.It Va moused_enable 3265.Pq Vt str 3266If set to 3267.Dq Li YES , 3268the 3269.Xr moused 8 3270daemon is started for doing cut/paste selection on the console. 3271.It Va moused_type 3272.Pq Vt str 3273This is the protocol type of the mouse connected to this host. 3274This variable must be set if 3275.Va moused_enable 3276is set to 3277.Dq Li YES . 3278The 3279.Xr moused 8 3280daemon 3281is able to detect the appropriate mouse type automatically in many cases. 3282Set this variable to 3283.Dq Li auto 3284to let the daemon detect it, or 3285select one from the following list if the automatic detection fails. 3286.Pp 3287If the mouse is attached to the PS/2 mouse port, choose 3288.Dq Li auto 3289or 3290.Dq Li ps/2 , 3291regardless of the brand and model of the mouse. 3292Likewise, if the 3293mouse is attached to the bus mouse port, choose 3294.Dq Li auto 3295or 3296.Dq Li busmouse . 3297All other protocols are for serial mice and will not work with 3298the PS/2 and bus mice. 3299If this is a USB mouse, 3300.Dq Li auto 3301is the only protocol type which will work. 3302.Pp 3303.Bl -tag -width ".Li x10mouseremote" -compact 3304.It Li microsoft 3305Microsoft mouse (serial) 3306.It Li intellimouse 3307Microsoft IntelliMouse (serial) 3308.It Li mousesystems 3309Mouse systems Corp.\& mouse (serial) 3310.It Li mmseries 3311MM Series mouse (serial) 3312.It Li logitech 3313Logitech mouse (serial) 3314.It Li busmouse 3315A bus mouse 3316.It Li mouseman 3317Logitech MouseMan and TrackMan (serial) 3318.It Li glidepoint 3319ALPS GlidePoint (serial) 3320.It Li thinkingmouse 3321Kensington ThinkingMouse (serial) 3322.It Li ps/2 3323PS/2 mouse 3324.It Li mmhittab 3325MM HitTablet (serial) 3326.It Li x10mouseremote 3327X10 MouseRemote (serial) 3328.It Li versapad 3329Interlink VersaPad (serial) 3330.El 3331.Pp 3332Even if the mouse is not in the above list, it may be compatible 3333with one in the list. 3334Refer to the manual page for 3335.Xr moused 8 3336for compatibility information. 3337.Pp 3338It should also be noted that while this is enabled, any 3339other client of the mouse (such as an X server) should access 3340the mouse through the virtual mouse device, 3341.Pa /dev/sysmouse , 3342and configure it as a 3343.Dq Li sysmouse 3344type mouse, since all 3345mouse data is converted to this single canonical format when 3346using 3347.Xr moused 8 . 3348If the client program does not support the 3349.Dq Li sysmouse 3350type, 3351specify the 3352.Dq Li mousesystems 3353type. 3354It is the second preferred type. 3355.It Va moused_port 3356.Pq Vt str 3357If 3358.Va moused_enable 3359is set to 3360.Dq Li YES , 3361this is the actual port the mouse is on. 3362It might be 3363.Pa /dev/cuau0 3364for a COM1 serial mouse, 3365.Pa /dev/psm0 3366for a PS/2 mouse or 3367.Pa /dev/mse0 3368for a bus mouse, for example. 3369.It Va moused_flags 3370.Pq Vt str 3371If 3372.Va moused_flags 3373is set, its value is used as an additional set of flags to pass to the 3374.Xr moused 8 3375daemon. 3376.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3377When 3378.Va moused_nondefault_enable 3379is enabled, and a 3380.Xr moused 8 3381daemon is started for a non-default port, the 3382.Va "moused_" Ns Ar XXX Ns Va "_flags" 3383set of options has precedence over and replaces the default 3384.Va moused_flags 3385(where 3386.Ar XXX 3387is the name of the non-default port, i.e.,\& 3388.Ar ums0 ) . 3389By setting 3390.Va "moused_" Ns Ar XXX Ns Va "_flags" 3391it is possible to set up a different set of default flags for each 3392.Xr moused 8 3393instance. 3394For example, you can use 3395.Dq Li "-3" 3396for the default 3397.Va moused_flags 3398to make your laptop's touchpad more comfortable to use, 3399but an empty set of options for 3400.Va moused_ums0_flags 3401when your 3402.Xr usb 4 3403mouse has three or more buttons. 3404.It Va mousechar_start 3405.Pq Vt int 3406If set to 3407.Dq Li NO , 3408the default mouse cursor character range 3409.Li 0xd0 Ns - Ns Li 0xd3 3410is used, 3411otherwise the range start is set 3412to 3413.Ar value 3414character, see 3415.Xr vidcontrol 1 . 3416Use if the default range is occupied in the language code table. 3417.It Va allscreens_flags 3418.Pq Vt str 3419If set, 3420.Xr vidcontrol 1 3421is run with these options for each of the virtual terminals 3422.Pq Pa /dev/ttyv* . 3423For example, 3424.Dq Fl m Cm on 3425will enable the mouse pointer on all virtual terminals 3426if 3427.Va moused_enable 3428is set to 3429.Dq Li YES . 3430.It Va allscreens_kbdflags 3431.Pq Vt str 3432If set, 3433.Xr kbdcontrol 1 3434is run with these options for each of the virtual terminals 3435.Pq Pa /dev/ttyv* . 3436For example, 3437.Dq Fl h Li 200 3438will set the 3439.Xr syscons 4 3440scrollback (history) buffer to 200 lines. 3441.It Va cron_enable 3442.Pq Vt bool 3443If set to 3444.Dq Li YES , 3445run the 3446.Xr cron 8 3447daemon at system boot time. 3448.It Va cron_program 3449.Pq Vt str 3450Path to 3451.Xr cron 8 3452(default 3453.Pa /usr/sbin/cron ) . 3454.It Va cron_flags 3455.Pq Vt str 3456If 3457.Va cron_enable 3458is set to 3459.Dq Li YES , 3460these are the flags to pass to 3461.Xr cron 8 . 3462.It Va cron_dst 3463.Pq Vt bool 3464If set to 3465.Dq Li YES , 3466enable the special handling of transitions to and from the 3467Daylight Saving Time in 3468.Xr cron 8 3469(equivalent to using the flag 3470.Fl s ) . 3471.It Va lpd_program 3472.Pq Vt str 3473Path to 3474.Xr lpd 8 3475(default 3476.Pa /usr/sbin/lpd ) . 3477.It Va lpd_enable 3478.Pq Vt bool 3479If set to 3480.Dq Li YES , 3481run the 3482.Xr lpd 8 3483daemon at system boot time. 3484.It Va lpd_flags 3485.Pq Vt str 3486If 3487.Va lpd_enable 3488is set to 3489.Dq Li YES , 3490these are the flags to pass to the 3491.Xr lpd 8 3492daemon. 3493.It Va chkprintcap_enable 3494.Pq Vt bool 3495If set to 3496.Dq Li YES , 3497run the 3498.Xr chkprintcap 8 3499command before starting the 3500.Xr lpd 8 3501daemon. 3502.It Va chkprintcap_flags 3503.Pq Vt str 3504If 3505.Va lpd_enable 3506and 3507.Va chkprintcap_enable 3508are set to 3509.Dq Li YES , 3510these are the flags to pass to the 3511.Xr chkprintcap 8 3512program. 3513The default is 3514.Dq Li -d , 3515which causes missing directories to be created. 3516.It Va mta_start_script 3517.Pq Vt str 3518This variable specifies the full path to the script to run to start 3519a mail transfer agent. 3520The default is 3521.Pa /etc/rc.sendmail . 3522The 3523.Va sendmail_* 3524variables which 3525.Pa /etc/rc.sendmail 3526uses are documented in the 3527.Xr rc.sendmail 8 3528manual page. 3529.It Va dumpdev 3530.Pq Vt str 3531Indicates the device (usually a swap partition) to which a crash dump 3532should be written in the event of a system crash. 3533If the value of this variable is 3534.Dq Li AUTO , 3535the first suitable swap device listed in 3536.Pa /etc/fstab 3537will be used as dump device. 3538Otherwise, the value of this variable is passed as the argument to 3539.Xr dumpon 8 . 3540To disable crash dumps, set this variable to 3541.Dq Li NO . 3542.It Va dumpdir 3543.Pq Vt str 3544When the system reboots after a crash and a crash dump is found on the 3545device specified by the 3546.Va dumpdev 3547variable, 3548.Xr savecore 8 3549will save that crash dump and a copy of the kernel to the directory 3550specified by the 3551.Va dumpdir 3552variable. 3553The default value is 3554.Pa /var/crash . 3555Set to 3556.Dq Li NO 3557to not run 3558.Xr savecore 8 3559at boot time when 3560.Va dumpdir 3561is set. 3562.It Va savecore_flags 3563.Pq Vt str 3564If crash dumps are enabled, these are the flags to pass to the 3565.Xr savecore 8 3566utility. 3567.It Va quota_enable 3568.Pq Vt bool 3569Set to 3570.Dq Li YES 3571to turn on user and group disk quotas on system startup via the 3572.Xr quotaon 8 3573command for all file systems marked as having quotas enabled in 3574.Pa /etc/fstab . 3575The kernel must be built with 3576.Cd "options QUOTA" 3577for disk quotas to function. 3578.It Va check_quotas 3579.Pq Vt bool 3580Set to 3581.Dq Li YES 3582to enable user and group disk quota checking via the 3583.Xr quotacheck 8 3584command. 3585.It Va quotacheck_flags 3586.Pq Vt str 3587If 3588.Va quota_enable 3589is set to 3590.Dq Li YES , 3591and 3592.Va check_quotas 3593is set to 3594.Dq Li YES , 3595these are the flags to pass to the 3596.Xr quotacheck 8 3597utility. 3598The default is 3599.Dq Li "-a" , 3600which checks quotas for all file systems with quotas enabled in 3601.Pa /etc/fstab . 3602.It Va quotaon_flags 3603.Pq Vt str 3604If 3605.Va quota_enable 3606is set to 3607.Dq Li YES , 3608these are the flags to pass to the 3609.Xr quotaon 8 3610utility. 3611The default is 3612.Dq Li "-a" , 3613which enables quotas for all file systems with quotas enabled in 3614.Pa /etc/fstab . 3615.It Va quotaoff_flags 3616.Pq Vt str 3617If 3618.Va quota_enable 3619is set to 3620.Dq Li YES , 3621these are the flags to pass to the 3622.Xr quotaoff 8 3623utility when shutting down the quota system. 3624The default is 3625.Dq Li "-a" , 3626which disables quotas for all file systems with quotas enabled in 3627.Pa /etc/fstab . 3628.It Va accounting_enable 3629.Pq Vt bool 3630Set to 3631.Dq Li YES 3632to enable system accounting through the 3633.Xr accton 8 3634facility. 3635.It Va ibcs2_enable 3636.Pq Vt bool 3637Set to 3638.Dq Li YES 3639to enable iBCS2 (SCO) binary emulation at system initial boot 3640time. 3641.It Va ibcs2_loaders 3642.Pq Vt str 3643If not set to 3644.Dq Li NO 3645and if 3646.Va ibcs2_enable 3647is set to 3648.Dq Li YES , 3649this specifies a list of additional iBCS2 loaders to enable. 3650.It Va linux_enable 3651.Pq Vt bool 3652Set to 3653.Dq Li YES 3654to enable Linux/ELF binary emulation at system initial 3655boot time. 3656.It Va svr4_enable 3657.Pq Vt bool 3658If set to 3659.Dq Li YES , 3660enable SysVR4 emulation at boot time. 3661.It Va sysvipc_enable 3662.Pq Vt bool 3663If set to 3664.Dq Li YES , 3665load System V IPC primitives at boot time. 3666.It Va clear_tmp_enable 3667.Pq Vt bool 3668Set to 3669.Dq Li YES 3670to have 3671.Pa /tmp 3672cleaned at startup. 3673.It Va clear_tmp_X 3674.Pq Vt bool 3675Set to 3676.Dq Li NO 3677to disable removing of X11 lock files, 3678and the removal and (secure) recreation 3679of the various socket directories for X11 3680related programs. 3681.It Va ldconfig_paths 3682.Pq Vt str 3683Set to the list of shared library paths to use with 3684.Xr ldconfig 8 . 3685NOTE: 3686.Pa /usr/lib 3687will always be added first, so it need not appear in this list. 3688.It Va ldconfig32_paths 3689.Pq Vt str 3690Set to the list of 32-bit compatibility shared library paths to 3691use with 3692.Xr ldconfig 8 . 3693.It Va ldconfig_paths_aout 3694.Pq Vt str 3695Set to the list of shared library paths to use with 3696.Xr ldconfig 8 3697legacy 3698.Xr a.out 5 3699support. 3700.It Va ldconfig_insecure 3701.Pq Vt bool 3702The 3703.Xr ldconfig 8 3704utility normally refuses to use directories 3705which are writable by anyone except root. 3706Set this variable to 3707.Dq Li YES 3708to disable that security check during system startup. 3709.It Va ldconfig_local_dirs 3710.Pq Vt str 3711Set to the list of local 3712.Xr ldconfig 8 3713directories. 3714The names of all files in the directories listed will be 3715passed as arguments to 3716.Xr ldconfig 8 . 3717.It Va ldconfig_local32_dirs 3718.Pq Vt str 3719Set to the list of local 32-bit compatibility 3720.Xr ldconfig 8 3721directories. 3722The names of all files in the directories listed will be 3723passed as arguments to 3724.Dq Nm ldconfig Fl 32 . 3725.It Va kern_securelevel_enable 3726.Pq Vt bool 3727Set to 3728.Dq Li YES 3729to set the kernel security level at system startup. 3730.It Va kern_securelevel 3731.Pq Vt int 3732The kernel security level to set at startup. 3733The allowed range of 3734.Ar value 3735ranges from \-1 (the compile time default) to 3 (the 3736most secure). 3737See 3738.Xr security 7 3739for the list of possible security levels and their effect 3740on system operation. 3741.It Va sshd_program 3742.Pq Vt str 3743Path to the SSH server program 3744.Pa ( /usr/sbin/sshd 3745is the default). 3746.It Va sshd_enable 3747.Pq Vt bool 3748Set to 3749.Dq Li YES 3750to start 3751.Xr sshd 8 3752at system boot time. 3753.It Va sshd_flags 3754.Pq Vt str 3755If 3756.Va sshd_enable 3757is set to 3758.Dq Li YES , 3759these are the flags to pass to the 3760.Xr sshd 8 3761daemon. 3762.It Va ftpd_program 3763.Pq Vt str 3764Path to the FTP server program 3765.Pa ( /usr/libexec/ftpd 3766is the default). 3767.It Va ftpd_enable 3768.Pq Vt bool 3769Set to 3770.Dq Li YES 3771to start 3772.Xr ftpd 8 3773as a stand-alone daemon at system boot time. 3774.It Va ftpd_flags 3775.Pq Vt str 3776If 3777.Va ftpd_enable 3778is set to 3779.Dq Li YES , 3780these are the additional flags to pass to the 3781.Xr ftpd 8 3782daemon. 3783.It Va watchdogd_enable 3784.Pq Vt bool 3785If set to 3786.Dq Li YES , 3787start the 3788.Xr watchdogd 8 3789daemon at boot time. 3790This requires that the kernel have been compiled with a 3791.Xr watchdog 4 3792compatible device. 3793.It Va watchdogd_flags 3794.Pq Vt str 3795If 3796.Va watchdogd_enable 3797is set to 3798.Dq Li YES , 3799these are the flags passed to the 3800.Xr watchdogd 8 3801daemon. 3802.It Va devfs_rulesets 3803.Pq Vt str 3804List of files containing sets of rules for 3805.Xr devfs 8 . 3806.It Va devfs_system_ruleset 3807.Pq Vt str 3808Rule name(s) to apply to the system 3809.Pa /dev 3810itself. 3811.It Va devfs_set_rulesets 3812.Pq Vt str 3813Pairs of already-mounted 3814.Pa dev 3815directories and rulesets that should be applied to them. 3816For example: /mount/dev=ruleset_name 3817.It Va devfs_load_rulesets 3818.Pq Vt bool 3819If set, always load the default rulesets listed in 3820.Va devfs_rulesets . 3821.It Va performance_cx_lowest 3822.Pq Vt str 3823CPU idle state to use while on AC power. 3824The string 3825.Dq Li LOW 3826indicates that 3827.Xr acpi 4 3828should use the lowest power state available while 3829.Dq Li HIGH 3830indicates that the lowest latency state (less power savings) should be used. 3831.It Va performance_cpu_freq 3832.Pq Vt str 3833CPU clock frequency to use while on AC power. 3834The string 3835.Dq Li LOW 3836indicates that 3837.Xr cpufreq 4 3838should use the lowest frequency available while 3839.Dq Li HIGH 3840indicates that the highest frequency (less power savings) should be used. 3841.It Va economy_cx_lowest 3842.Pq Vt str 3843CPU idle state to use when off AC power. 3844The string 3845.Dq Li LOW 3846indicates that 3847.Xr acpi 4 3848should use the lowest power state available while 3849.Dq Li HIGH 3850indicates that the lowest latency state (less power savings) should be used. 3851.It Va economy_cpu_freq 3852.Pq Vt str 3853CPU clock frequency to use when off AC power. 3854The string 3855.Dq Li LOW 3856indicates that 3857.Xr cpufreq 4 3858should use the lowest frequency available while 3859.Dq Li HIGH 3860indicates that the highest frequency (less power savings) should be used. 3861.It Va jail_enable 3862.Pq Vt bool 3863If set to 3864.Dq Li NO , 3865any configured jails will not be started. 3866.It Va jail_parallel_start 3867.Pq Vt bool 3868If set to 3869.Dq Li YES , 3870all configured jails will be started in the background (in parallel). 3871.It Va jail_list 3872.Pq Vt str 3873A space separated list of names for jails. 3874This is purely a configuration aid to help identify and 3875configure multiple jails. 3876The names specified in this list will be used to 3877identify settings common to an instance of a jail, 3878and should contain alphanumeric characters only. 3879Assuming that the jail in question was named 3880.Li vjail , 3881you would have the following dependent variables: 3882.Bd -literal 3883jail_vjail_hostname="jail.example.com" 3884jail_vjail_ip="192.0.2.100" 3885jail_vjail_rootdir="/var/jails/vjail/root" 3886.Ed 3887.Pp 3888.It Va jail_flags 3889.Pq Vt str 3890Unset by default. 3891When set, use as default value for 3892.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3893for every jail in 3894.Va jail_list . 3895.It Va jail_interface 3896.Pq Vt str 3897Unset by default. 3898When set, use as default value for 3899.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3900for every jail in 3901.Va jail_list . 3902.It Va jail_fstab 3903.Pq Vt str 3904Unset by default. 3905When set, use as default value for 3906.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3907for every jail in 3908.Va jail_list . 3909.It Va jail_mount_enable 3910.Pq Vt bool 3911Set to 3912.Dq Li NO 3913by default. 3914When set to 3915.Dq Li YES , 3916sets 3917.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3918to 3919.Dq Li YES 3920by default for every jail in 3921.Va jail_list . 3922.It Va jail_devfs_ruleset 3923.Pq Vt str 3924Unset by default. 3925When set, sets 3926.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3927to given value for every jail in 3928.Va jail_list . 3929.It Va jail_devfs_enable 3930.Pq Vt bool 3931Set to 3932.Dq Li NO 3933by default. 3934When set to 3935.Dq Li YES , 3936sets 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3938to 3939.Dq Li YES 3940by default for every jail in 3941.Va jail_list . 3942.It Va jail_fdescfs_enable 3943.Pq Vt bool 3944Set to 3945.Dq Li NO 3946by default. 3947When set to 3948.Dq Li YES , 3949sets 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3951to 3952.Dq Li YES 3953by default for every jail in 3954.Va jail_list . 3955.It Va jail_procfs_enable 3956.Pq Vt bool 3957Set to 3958.Dq Li NO 3959by default. 3960When set to 3961.Dq Li YES , 3962sets 3963.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3964to 3965.Dq Li YES 3966by default for every jail in 3967.Va jail_list . 3968.It Va jail_exec_prestart Ns Aq Ar N 3969.Pq Vt str 3970Unset by default. 3971When set, use as default value for 3972.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3973for every jail in 3974.Va jail_list . 3975.It Va jail_exec_start 3976.Pq Vt str 3977Unset by default. 3978When set, use as default value for 3979.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3980for every jail in 3981.Va jail_list . 3982.It Va jail_exec_afterstart Ns Aq Ar N 3983.Pq Vt str 3984Unset by default. 3985When set, use as default value for 3986.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3987for every jail in 3988.Va jail_list . 3989.It Va jail_exec_poststart Ns Aq Ar N 3990.Pq Vt str 3991Unset by default. 3992When set, use as default value for 3993.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3994for every jail in 3995.Va jail_list . 3996.It Va jail_exec_prestop Ns Aq Ar N 3997.Pq Vt str 3998Unset by default. 3999When set, use as default value for 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4001for every jail in 4002.Va jail_list . 4003.It Va jail_exec_stop 4004Unset by default. 4005When set, use as default value for 4006.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4007for every jail in 4008.Va jail_list . 4009.It Va jail_exec_poststop Ns Aq Ar N 4010.Pq Vt str 4011Unset by default. 4012When set, use as default value for 4013.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4014for every jail in 4015.Va jail_list . 4016.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4017.Pq Vt str 4018Unset by default. 4019Set to the root directory used by jail 4020.Va jname . 4021.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4022.Pq Vt str 4023Unset by default. 4024Set to the fully qualified domain name (FQDN) assigned to jail 4025.Va jname . 4026.It Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4027.Pq Vt str 4028Unset by default. 4029Set extra parameters for jail 4030.Va jname , 4031such as 4032.Dq Li allow.chflags 4033or 4034.Dq Li children.max . 4035See 4036.Xr jail 8 4037for a list of available parameters. 4038Note that the following parameters are already defined by 4039.Pa rc.d/jail 4040script out of their corresponding 4041.Nm 4042variables: 4043.Bl -tag -width "host.hostname" -offset indent 4044.It Li path 4045set from 4046.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4047.It Li host.hostname 4048set from 4049.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4050.It Li command 4051set from 4052.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4053.It Li ip4.addr 4054set if 4055.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4056contains IPv4 addresses 4057.It Li ip6.addr 4058set if 4059.Va jail_ Ns Ao Ar jname Ac Ns Va _ip6 4060contains IPv6 addresses 4061.El 4062.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4063.Pq Vt str 4064Unset by default. 4065Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 4066The argument can be a sole address or a comma separated list of addresses. 4067Additionally each address can be prefixed by the name of an interface 4068followed by a pipe to overwrite 4069.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4070or 4071.Va jail_interface 4072and/or suffixed by a netmask, prefixlen or prefix. 4073In case no netmask, prefixlen or prefix is given, 4074.Sq /32 4075will be used for IPv4 and 4076.Sq /128 4077will be used for an IPv6 address. 4078If no address is given for the jail then the jail will be started with 4079no networking support. 4080.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4081.Pq Vt str 4082Unset by default. 4083Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 4084The sequence starts with 4085.Dq Li _multi0 4086and the numbers have to be strictly ascending. 4087These entries follow the same syntax as their primary 4088.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4089entry. 4090The order of the entries can be important as the first address for 4091each address family found will be the primary address of the jail. 4092See 4093.Va ip-addresses 4094option in 4095.Xr jail 8 4096for more details. 4097.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4098.Pq Vt str 4099Set to 4100.Dq Li -l -U root 4101by default. 4102These are flags to pass to 4103.Xr jail 8 . 4104.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4105.Pq Vt str 4106Unset by default. 4107When set, sets the interface to use when setting IP address alias. 4108Note that the alias is created at jail startup and removed at jail shutdown. 4109.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4110.Pq Vt str 4111Unset by default. 4112When set, the jail is started with the specified forwarding table (sometimes 4113referred to as a routing table) via 4114.Xr setfib 1 . 4115.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4116.Pq Vt str 4117Set to 4118.Pa /etc/fstab. Ns Aq Ar jname 4119by default. 4120This is the file system information file to use for jail 4121.Va jname . 4122.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4123.Pq Vt bool 4124Set to 4125.Dq Li NO 4126by default. 4127When set to 4128.Dq Li YES , 4129mount all file systems from 4130.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4131at jail startup. 4132.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 4133.Pq Vt str 4134Unset by default. 4135When set, defines the device file system ruleset file to use for jail 4136.Va jname . 4137.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4138.Pq Vt bool 4139Set to 4140.Dq Li NO 4141by default. 4142When set to 4143.Dq Li YES , 4144mount the device file system inside jail 4145.Ar jname 4146at jail startup. 4147.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4148.Pq Vt bool 4149Set to 4150.Dq Li NO 4151by default. 4152When set to 4153.Dq Li YES , 4154mount the file-descriptor file system inside jail 4155.Ar jname 4156at jail startup. 4157.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4158.Pq Vt bool 4159Set to 4160.Dq Li NO 4161by default. 4162When set to 4163.Dq Li YES , 4164mount the process file system inside jail 4165.Ar jname 4166at jail startup. 4167.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4168.Pq Vt str 4169Unset by default. 4170This is the command run as 4171.Ar N Ns 4172th command 4173before jail startup, where 4174.Ar N 4175is 0, 1, and so on. 4176It is run outside the jail. 4177.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4178.Pq Vt str 4179Set to 4180.Dq Li /bin/sh /etc/rc 4181by default. 4182This is the command executed in a jail at jail startup. 4183.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4184.Pq Vt str 4185Unset by default. 4186This is the command run as 4187.Ar N Ns 4188th command 4189in a jail 4190after jail startup, where 4191.Ar N 4192is 1, 2, and so on. 4193.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4194.Pq Vt str 4195Unset by default. 4196This is the command run as 4197.Ar N Ns 4198th command 4199after jail startup, where 4200.Ar N 4201is 0, 1, and so on. 4202It is run outside the jail. 4203.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4204.Pq Vt str 4205Unset by default. 4206This is the command run as 4207.Ar N Ns 4208th command 4209before jail shutdown, where 4210.Ar N 4211is 0, 1, and so on. 4212It is run outside the jail. 4213.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4214.Pq Vt str 4215Set to 4216.Dq Li /bin/sh /etc/rc.shutdown 4217by default. 4218This is the command executed in a jail at jail shutdown. 4219.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4220.Pq Vt str 4221Unset by default. 4222This is the command run as 4223.Ar N Ns 4224th command 4225after jail shutdown, where 4226.Ar N 4227is 0, 1, and so on. 4228It is run outside the jail. 4229.It Va jail_set_hostname_allow 4230.Pq Vt bool 4231If set to 4232.Dq Li NO , 4233do not allow the root user in a jail to set its hostname. 4234.It Va jail_socket_unixiproute_only 4235.Pq Vt bool 4236If set to 4237.Dq Li YES , 4238do not allow any sockets, 4239besides UNIX/IP/route sockets, 4240to be used within a jail. 4241.It Va jail_sysvipc_allow 4242.Pq Vt bool 4243If set to 4244.Dq Li YES , 4245allow applications within a jail to use System V IPC. 4246.\" ----------------------------------------------------- 4247.It Va harvest_interrupt 4248.Pq Vt bool 4249Set to 4250.Dq Li YES 4251to use hardware interrupts as an entropy source. 4252Refer to 4253.Xr random 4 4254for more information. 4255.It Va harvest_ethernet 4256.Pq Vt bool 4257Set to 4258.Dq Li YES 4259to use LAN traffic as an entropy source. 4260Refer to 4261.Xr random 4 4262for more information. 4263.It Va harvest_p_to_p 4264.Pq Vt bool 4265Set to 4266.Dq Li YES 4267to use serial line traffic as an entropy source. 4268Refer to 4269.Xr random 4 4270for more information. 4271.It Va entropy_dir 4272.Pq Vt str 4273Set to 4274.Dq Li NO 4275to disable caching entropy via 4276.Xr cron 8 . 4277Otherwise set to the directory used to store entropy files in. 4278.It Va entropy_file 4279.Pq Vt str 4280Set to 4281.Dq Li NO 4282to disable caching entropy through reboots. 4283Otherwise set to the filename used to store cached entropy through 4284reboots. 4285This file should be located on the root file system to seed the 4286.Xr random 4 4287device as early as possible in the boot process. 4288.It Va entropy_save_sz 4289.Pq Vt int 4290Size of the entropy cache files saved by 4291.Nm save-entropy 4292periodically. 4293.It Va entropy_save_num 4294.Pq Vt int 4295Number of entropy cache files to save by 4296.Nm save-entropy 4297periodically. 4298.It Va ipsec_enable 4299.Pq Vt bool 4300Set to 4301.Dq Li YES 4302to run 4303.Xr setkey 8 4304on 4305.Va ipsec_file 4306at boot time. 4307.It Va ipsec_file 4308.Pq Vt str 4309Configuration file for 4310.Xr setkey 8 . 4311.It Va dmesg_enable 4312.Pq Vt bool 4313Set to 4314.Dq Li YES 4315to save 4316.Xr dmesg 8 4317to 4318.Pa /var/run/dmesg.boot 4319on boot. 4320.It Va rcshutdown_timeout 4321.Pq Vt int 4322If set, start a watchdog timer in the background which will terminate 4323.Pa rc.shutdown 4324if 4325.Xr shutdown 8 4326has not completed within the specified time (in seconds). 4327Notice that in addition to this soft timeout, 4328.Xr init 8 4329also applies a hard timeout for the execution of 4330.Pa rc.shutdown . 4331This is configured via 4332.Xr sysctl 8 4333variable 4334.Va kern.init_shutdown_timeout 4335and defaults to 120 seconds. 4336Setting the value of 4337.Va rcshutdown_timeout 4338to more than 120 seconds will have no effect until the 4339.Xr sysctl 8 4340variable 4341.Va kern.init_shutdown_timeout 4342is also increased. 4343.It Va virecover_enable 4344.Pq Vt bool 4345Set to 4346.Dq Li NO 4347to prevent the system from trying to 4348recover pre-maturely terminated 4349.Xr vi 1 4350sessions. 4351.It Va ugidfw_enable 4352.Pq Vt bool 4353Set to 4354.Dq Li YES 4355to load the 4356.Xr mac_bsdextended 4 4357module upon system initialization and load a default 4358ruleset file. 4359.It Va bsdextended_script 4360.Pq Vt str 4361The default 4362.Xr mac_bsdextended 4 4363ruleset file to load. 4364The default value of this variable is 4365.Pa /etc/rc.bsdextended . 4366.It Va newsyslog_enable 4367.Pq Vt bool 4368If set to 4369.Dq Li YES , 4370run 4371.Xr newsyslog 8 4372command at startup. 4373.It Va newsyslog_flags 4374.Pq Vt str 4375If 4376.Va newsyslog_enable 4377is set to 4378.Dq Li YES , 4379these are the flags to pass to the 4380.Xr newsyslog 8 4381program. 4382The default is 4383.Dq Li -CN , 4384which causes log files flagged with a 4385.Cm C 4386to be created. 4387.It Va mdconfig_md Ns Aq Ar X 4388.Pq Vt str 4389Arguments to 4390.Xr mdconfig 8 4391for 4392.Xr md 4 4393device 4394.Ar X . 4395At minimum a 4396.Fl t Ar type 4397must be specified and either a 4398.Fl s Ar size 4399for malloc or swap backed 4400.Xr md 4 4401devices or a 4402.Fl f Ar file 4403for vnode backed 4404.Xr md 4 4405devices. 4406Note that 4407.Va mdconfig_md Ns Aq Ar X 4408variables are evaluated until one variable is unset or null. 4409.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4410.Pq Vt str 4411Optional arguments passed to 4412.Xr newfs 8 4413to initialize 4414.Xr md 4 4415device 4416.Ar X . 4417.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4418.Pq Vt str 4419An ownership specification passed to 4420.Xr chown 8 4421after the specified 4422.Xr md 4 4423device 4424.Ar X 4425has been mounted. 4426Both the 4427.Xr md 4 4428device and the mount point will be changed. 4429.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4430.Pq Vt str 4431A mode string passed to 4432.Xr chmod 1 4433after the specified 4434.Xr md 4 4435device 4436.Ar X 4437has been mounted. 4438Both the 4439.Xr md 4 4440device and the mount point will be changed. 4441.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4442.Pq Vt str 4443Files to be copied to the mount point of the 4444.Xr md 4 4445device 4446.Ar X 4447after it has been mounted. 4448.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4449.Pq Vt str 4450Command to execute after the specified 4451.Xr md 4 4452device 4453.Ar X 4454has been mounted. 4455Note that the command is passed to 4456.Ic eval 4457and that both 4458.Va _dev 4459and 4460.Va _mp 4461variables can be used to reference respectively the 4462.Xr md 4 4463device and the mount point. 4464Assuming that the 4465.Xr md 4 4466device is 4467.Li md0 , 4468one could set the following: 4469.Bd -literal 4470mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4471.Ed 4472.It Va autobridge_interfaces 4473.Pq Vt str 4474Set to the list of bridge interfaces that will have newly arriving interfaces 4475checked against to be automatically added. 4476If not set to 4477.Dq Li NO 4478then for each whitespace separated 4479.Ar element 4480in the value, a 4481.Va autobridge_ Ns Aq Ar element 4482variable is assumed to exist which has a whitespace separated list of interface 4483names to match, these names can use wildcards. 4484For example: 4485.Bd -literal 4486autobridge_interfaces="bridge0" 4487autobridge_bridge0="tap* dc0 vlan[345]" 4488.Ed 4489.It Va mixer_enable 4490.Pq Vt bool 4491If set to 4492.Dq Li YES , 4493enable support for sound mixer. 4494.It Va hcsecd_enable 4495.Pq Vt bool 4496If set to 4497.Dq Li YES , 4498enable Bluetooth security daemon. 4499.It Va hcsecd_config 4500.Pq Vt str 4501Configuration file for 4502.Xr hcsecd 8 . 4503Default 4504.Pa /etc/bluetooth/hcsecd.conf . 4505.It Va sdpd_enable 4506.Pq Vt bool 4507If set to 4508.Dq Li YES , 4509enable Bluetooth Service Discovery Protocol daemon. 4510.It Va sdpd_control 4511.Pq Vt str 4512Path to 4513.Xr sdpd 8 4514control socket. 4515Default 4516.Pa /var/run/sdp . 4517.It Va sdpd_groupname 4518.Pq Vt str 4519Sets 4520.Xr sdpd 8 4521group to run as after it initializes. 4522Default 4523.Dq Li nobody . 4524.It Va sdpd_username 4525.Pq Vt str 4526Sets 4527.Xr sdpd 8 4528user to run as after it initializes. 4529Default 4530.Dq Li nobody . 4531.It Va bthidd_enable 4532.Pq Vt bool 4533If set to 4534.Dq Li YES , 4535enable Bluetooth Human Interface Device daemon. 4536.It Va bthidd_config 4537.Pq Vt str 4538Configuration file for 4539.Xr bthidd 8 . 4540Default 4541.Pa /etc/bluetooth/bthidd.conf . 4542.It Va bthidd_hids 4543.Pq Vt str 4544Path to a file, where 4545.Xr bthidd 8 4546will store information about known HID devices. 4547Default 4548.Pa /var/db/bthidd.hids . 4549.It Va rfcomm_pppd_server_enable 4550.Pq Vt bool 4551If set to 4552.Dq Li YES , 4553enable Bluetooth RFCOMM PPP wrapper daemon. 4554.It Va rfcomm_pppd_server_profile 4555.Pq Vt str 4556The name of the profile to use from 4557.Pa /etc/ppp/ppp.conf . 4558Multiple profiles can be specified here. 4559Also used to specify per-profile overrides. 4560When the profile name contains any of the characters 4561.Dq Li .-/+ 4562they are translated to 4563.Dq Li _ 4564for the proposes of the override variable names. 4565.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4566.Pq Vt str 4567Overrides local address to listen on. 4568By default 4569.Xr rfcomm_pppd 8 4570will listen on 4571.Dq Li ANY 4572address. 4573The address can be specified as BD_ADDR or name. 4574.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4575.Pq Vt str 4576Overrides local RFCOMM channel to listen on. 4577By default 4578.Xr rfcomm_pppd 8 4579will listen on RFCOMM channel 1. 4580Must set properly if multiple profiles used in the same time. 4581.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4582.Pq Vt bool 4583Tells 4584.Xr rfcomm_pppd 8 4585if it should register Serial Port service on the specified RFCOMM channel. 4586Default 4587.Dq Li NO . 4588.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4589.Pq Vt bool 4590Tells 4591.Xr rfcomm_pppd 8 4592if it should register Dial-Up Networking service on the specified 4593RFCOMM channel. 4594Default 4595.Dq Li NO . 4596.It Va ubthidhci_enable 4597.Pq Vt bool 4598If set to 4599.Dq Li YES , 4600change the USB Bluetooth controller from HID mode to HCI mode. 4601You also need to specify the location of USB Bluetooth controller with the 4602.Va ubthidhci_busnum 4603and 4604.Va ubthidhci_addr 4605variables. 4606.It Va ubthidhci_busnum 4607Bus number where the USB Bluetooth controller is located. 4608Check the output of 4609.Xr usbconfig 8 4610on your system to find this information. 4611.It Va ubthidhci_addr 4612Bus address of the USB Bluetooth controller. 4613Check the output of 4614.Xr usbconfig 8 4615on your system to find this information. 4616.It Va netwait_enable 4617.Pq Vt bool 4618If set to 4619.Dq Li YES , 4620delays the start of network-reliant services until 4621.Va netwait_if 4622is up and ICMP packets to a destination defined in 4623.Va netwait_ip 4624are flowing. 4625Link state is examined first, followed by 4626.Dq Li pinging 4627an IP address to verify network usability. 4628If no destination can be reached or timeouts are exceeded, 4629network services are started anyway with no guarantee that 4630the network is usable. 4631Use of this variable requires both 4632.Va netwait_ip 4633and 4634.Va netwait_if 4635to be set. 4636.It Va netwait_ip 4637.Pq Vt str 4638Empty by default. 4639This variable contains a space-delimited list of IP addresses to 4640.Xr ping 8 . 4641DNS hostnames should not be used as resolution is not guaranteed 4642to be functional at this point. 4643If multiple IP addresses are specified, 4644each will be tried until one is successful or the list is exhausted. 4645.It Va netwait_timeout 4646.Pq Vt int 4647Indicates the total number of seconds to perform a 4648.Dq Li ping 4649against each IP address in 4650.Va netwait_ip , 4651at a rate of one ping per second. 4652If any of the pings are successful, 4653full network connectivity is considered reliable. 4654The default is 60. 4655.It Va netwait_if 4656.Pq Vt str 4657Empty by default. 4658Defines the name of the network interface on which watch for link. 4659.Xr ifconfig 8 4660is used to monitor the interface, looking for 4661.Dq Li status: no carrier . 4662Once gone, the link is considered up. 4663This can be a 4664.Xr vlan 4 4665interface if desired. 4666.It Va netwait_if_timeout 4667.Pq Vt int 4668Defines the total number of seconds to wait for link to become usable, 4669polled at a 1-second interval. 4670The default is 30. 4671.El 4672.Sh FILES 4673.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4674.It Pa /etc/defaults/rc.conf 4675.It Pa /etc/rc.conf 4676.It Pa /etc/rc.conf.local 4677.El 4678.Sh SEE ALSO 4679.Xr catman 1 , 4680.Xr chmod 1 , 4681.Xr gdb 1 , 4682.Xr info 1 , 4683.Xr kbdcontrol 1 , 4684.Xr makewhatis 1 , 4685.Xr sh 1 , 4686.Xr vi 1 , 4687.Xr vidcontrol 1 , 4688.Xr bridge 4 , 4689.Xr dummynet 4 , 4690.Xr ip 4 , 4691.Xr ipf 4 , 4692.Xr ipfw 4 , 4693.Xr ipnat 4 , 4694.Xr kld 4 , 4695.Xr pf 4 , 4696.Xr pflog 4 , 4697.Xr pfsync 4 , 4698.Xr tcp 4 , 4699.Xr udp 4 , 4700.Xr exports 5 , 4701.Xr fstab 5 , 4702.Xr ipf 5 , 4703.Xr ipnat 5 , 4704.Xr motd 5 , 4705.Xr newsyslog.conf 5 , 4706.Xr pf.conf 5 , 4707.Xr security 7 , 4708.Xr accton 8 , 4709.Xr amd 8 , 4710.Xr apm 8 , 4711.Xr atm 8 , 4712.Xr bthidd 8 , 4713.Xr chkprintcap 8 , 4714.Xr chown 8 , 4715.Xr cron 8 , 4716.Xr devfs 8 , 4717.Xr dhclient 8 , 4718.Xr ftpd 8 , 4719.Xr geli 8 , 4720.Xr hcsecd 8 , 4721.Xr ifconfig 8 , 4722.Xr inetd 8 , 4723.Xr ipf 8 , 4724.Xr ipfw 8 , 4725.Xr ipnat 8 , 4726.Xr jail 8 , 4727.Xr kldxref 8 , 4728.Xr lpd 8 , 4729.Xr mdconfig 8 , 4730.Xr mdmfs 8 , 4731.Xr mixer 8 , 4732.Xr mountd 8 , 4733.Xr moused 8 , 4734.Xr mrouted 8 , 4735.Xr named 8 , 4736.Xr newfs 8 , 4737.Xr newsyslog 8 , 4738.Xr nfsd 8 , 4739.Xr ntpd 8 , 4740.Xr ntpdate 8 , 4741.Xr pfctl 8 , 4742.Xr pflogd 8 , 4743.Xr ping 8 , 4744.Xr powerd 8 , 4745.Xr quotacheck 8 , 4746.Xr quotaon 8 , 4747.Xr rc 8 , 4748.Xr rc.sendmail 8 , 4749.Xr rfcomm_pppd 8 , 4750.Xr route 8 , 4751.Xr routed 8 , 4752.Xr rpcbind 8 , 4753.Xr rpc.lockd 8 , 4754.Xr rpc.statd 8 , 4755.Xr rwhod 8 , 4756.Xr savecore 8 , 4757.Xr sdpd 8 , 4758.Xr sshd 8 , 4759.Xr swapon 8 , 4760.Xr sysctl 8 , 4761.Xr syslogd 8 , 4762.Xr timed 8 , 4763.Xr usbconfig 8 , 4764.Xr wlandebug 8 , 4765.Xr yp 8 , 4766.Xr ypbind 8 , 4767.Xr ypserv 8 , 4768.Xr ypset 8 4769.Sh HISTORY 4770The 4771.Nm 4772file appeared in 4773.Fx 2.2.2 . 4774.Sh AUTHORS 4775.An Jordan K. Hubbard . 4776