1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd September 9, 2019 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67The sysrc(8) command provides a scripting interface to modify system 68config files. 69.Pp 70In addition to 71.Pa /etc/rc.conf.local 72you can also place smaller configuration files for each 73.Xr rc 8 74script in the 75.Pa /etc/rc.conf.d 76directory or 77.Ao Ar dir Ac Ns Pa /rc.conf.d 78directories specified in 79.Va local_startup , 80which will be included by the 81.Va load_rc_config 82function. 83For jail configurations you could use the file 84.Pa /etc/rc.conf.d/jail 85to store jail specific configuration options. 86If 87.Va local_startup 88contains 89.Pa /usr/local/etc/rc.d 90and 91.Pa /opt/conf , 92.Pa /usr/local/rc.conf.d/jail 93and 94.Pa /opt/conf/rc.conf.d/jail 95will be loaded. 96If 97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 98is a directory, 99all of files in the directory will be loaded. 100Also see the 101.Va rc_conf_files 102variable below. 103.Pp 104Options are set with 105.Dq Ar name Ns Li = Ns Ar value 106assignments that use 107.Xr sh 1 108syntax. 109The following list provides a name and short description for each 110variable that can be set in the 111.Nm 112file: 113.Bl -tag -width indent-two 114.It Va rc_debug 115.Pq Vt bool 116If set to 117.Dq Li YES , 118enable output of debug messages from rc scripts. 119This variable can be helpful in diagnosing mistakes when 120editing or integrating new scripts. 121Beware that this produces copious output to the terminal and 122.Xr syslog 3 . 123.It Va rc_info 124.Pq Vt bool 125If set to 126.Dq Li NO , 127disable informational messages from the rc scripts. 128Informational messages are displayed when 129a condition that is not serious enough to warrant a warning or 130an error occurs. 131.It Va rc_startmsgs 132.Pq Vt bool 133If set to 134.Dq Li YES , 135show 136.Dq Starting foo: 137when faststart is used (e.g., at boot time). 138.It Va early_late_divider 139.Pq Vt str 140The name of the script that should be used as the 141delimiter between the 142.Dq early 143and 144.Dq late 145stages of the boot process. 146The early stage should contain all the services needed to 147get the disks (local or remote) mounted so that the late 148stage can include scripts contained in the directories 149listed in the 150.Va local_startup 151variable (see below). 152Thus, the two likely candidates for this value are 153.Pa mountcritlocal 154for the typical system, and 155.Pa mountcritremote 156if the system needs remote file 157systems mounted to get access to the 158.Va local_startup 159directories; for example when 160.Pa /usr/local 161is NFS mounted. 162For 163.Pa rc.conf 164within a 165.Xr jail 8 166.Pa NETWORKING 167is likely to be an appropriate value. 168Extreme care should be taken when changing this value, 169and before changing it one should ensure that there are 170adequate provisions to recover from a failed boot 171(such as physical contact with the machine, 172or reliable remote console access). 173.It Va always_force_depends 174.Pq Vt bool 175Various 176.Pa rc.d 177scripts use the force_depend function to check whether required 178services are already running, and to start them if necessary. 179By default during boot time this check is bypassed if the 180required service is enabled in 181.Pa /etc/rc.conf[.local] . 182Setting this option will bypass that check at boot time and 183always test whether or not the service is actually running. 184Enabling this option is likely to increase your boot time if 185services are enabled that utilize the force_depend check. 186.It Ao Ar name Ac Ns Va _chroot 187.Pq Vt str 188.Xr chroot 8 189to this directory before running the service. 190.It Ao Ar name Ac Ns Va _user 191.Pq Vt str 192Run the service under this user account. 193.It Ao Ar name Ac Ns Va _group 194.Pq Vt str 195Run the chrooted service under this system group. 196Unlike the _user 197setting, this setting has no effect if the service is not chrooted. 198.It Ao Ar name Ac Ns Va _fib 199.Pq Vt int 200The 201.Xr setfib 1 202value to run the service under. 203.It Ao Ar name Ac Ns Va _nice 204.Pq Vt int 205The 206.Xr nice 1 207value to run the service under. 208.It Va apm_enable 209.Pq Vt bool 210If set to 211.Dq Li YES , 212enable support for Automatic Power Management with 213the 214.Xr apm 8 215command. 216.It Va apmd_enable 217.Pq Vt bool 218Run 219.Xr apmd 8 220to handle APM event from userland. 221This also enables support for APM. 222.It Va apmd_flags 223.Pq Vt str 224If 225.Va apmd_enable 226is set to 227.Dq Li YES , 228these are the flags to pass to the 229.Xr apmd 8 230daemon. 231.It Va devd_enable 232.Pq Vt bool 233Run 234.Xr devd 8 235to handle device added, removed or unknown events from the kernel. 236.It Va ddb_enable 237.Pq Vt bool 238Run 239.Xr ddb 8 240to install 241.Xr ddb 4 242scripts at boot time. 243.It Va ddb_config 244.Pq Vt str 245Configuration file for 246.Xr ddb 8 . 247Default 248.Pa /etc/ddb.conf . 249.It Va kld_list 250.Pq Vt str 251A whitespace-separated list of kernel modules to load right after 252the local disks are mounted, without any 253.Pa .ko 254extension or path. 255Loading modules at this point in the boot process is 256much faster than doing it via 257.Pa /boot/loader.conf 258for those modules not necessary for mounting local disks. 259.It Va kldxref_enable 260.Pq Vt bool 261Set to 262.Dq Li NO 263by default. 264Set to 265.Dq Li YES 266to automatically rebuild 267.Pa linker.hints 268files with 269.Xr kldxref 8 270at boot time. 271.It Va kldxref_clobber 272.Pq Vt bool 273Set to 274.Dq Li NO 275by default. 276If 277.Va kldxref_enable 278is true, 279setting to 280.Dq Li YES 281will overwrite existing 282.Pa linker.hints 283files at boot time. 284Otherwise, 285only missing 286.Pa linker.hints 287files are generated. 288.It Va kldxref_module_path 289.Pq Vt str 290Empty by default. 291A semi-colon 292.Pq Ql \&; 293delimited list of paths containing 294.Xr kld 4 295modules. 296If empty, 297the contents of the 298.Va kern.module_path 299.Xr sysctl 8 300are used. 301.It Va powerd_enable 302.Pq Vt bool 303If set to 304.Dq Li YES , 305enable the system power control facility with the 306.Xr powerd 8 307daemon. 308.It Va powerd_flags 309.Pq Vt str 310If 311.Va powerd_enable 312is set to 313.Dq Li YES , 314these are the flags to pass to the 315.Xr powerd 8 316daemon. 317.It Va tmpmfs 318Controls the creation of a 319.Pa /tmp 320memory file system. 321Always happens if set to 322.Dq Li YES 323and never happens if set to 324.Dq Li NO . 325If set to anything else, a memory file system is created if 326.Pa /tmp 327is not writable. 328.It Va tmpsize 329Controls the size of a created 330.Pa /tmp 331memory file system. 332.It Va tmpmfs_flags 333Extra options passed to the 334.Xr mdmfs 8 335utility when the memory file system for 336.Pa /tmp 337is created. 338The default is 339.Dq Li "-S" , 340which inhibits the use of softupdates on 341.Pa /tmp 342so that file system space is freed without delay 343after file truncation or deletion. 344See 345.Xr mdmfs 8 346for other options you can use in 347.Va tmpmfs_flags . 348.It Va varmfs 349Controls the creation of a 350.Pa /var 351memory file system. 352Always happens if set to 353.Dq Li YES 354and never happens if set to 355.Dq Li NO . 356If set to anything else, a memory file system is created if 357.Pa /var 358is not writable. 359.It Va varsize 360Controls the size of a created 361.Pa /var 362memory file system. 363.It Va varmfs_flags 364Extra options passed to the 365.Xr mdmfs 8 366utility when the memory file system for 367.Pa /var 368is created. 369The default is 370.Dq Li "-S" , 371which inhibits the use of softupdates on 372.Pa /var 373so that file system space is freed without delay 374after file truncation or deletion. 375See 376.Xr mdmfs 8 377for other options you can use in 378.Va varmfs_flags . 379.It Va populate_var 380Controls the automatic population of the 381.Pa /var 382file system. 383Always happens if set to 384.Dq Li YES 385and never happens if set to 386.Dq Li NO . 387If set to anything else, a memory file system is created if 388.Pa /var 389is not writable. 390Note that this process requires access to certain commands in 391.Pa /usr 392before 393.Pa /usr 394is mounted on normal systems. 395.It Va cleanvar_enable 396.Pq Vt bool 397Clean the 398.Pa /var 399directory. 400.It Va local_startup 401.Pq Vt str 402List of directories to search for startup script files. 403.It Va script_name_sep 404.Pq Vt str 405The field separator to use for breaking down the list of startup script files 406into individual filenames. 407The default is a space. 408It is not necessary to change this unless there are startup scripts with names 409containing spaces. 410.It Va hostapd_enable 411.Pq Vt bool 412Set to 413.Dq Li YES 414to start 415.Xr hostapd 8 416at system boot time. 417.It Va hostname 418.Pq Vt str 419The fully qualified domain name (FQDN) of this host on the network. 420This should almost certainly be set to something meaningful, even if 421there is no network connection. 422If 423.Xr dhclient 8 424is used to set the hostname via DHCP, 425this variable should be set to an empty string. 426Within a 427.Xr jail 8 428the hostname is generally already set and this variable may absent. 429If this value remains unset when the system is done booting 430your console login will display the default hostname of 431.Dq Amnesiac . 432.It Va nisdomainname 433.Pq Vt str 434The NIS domain name of this host, or 435.Dq Li NO 436if NIS is not used. 437.It Va dhclient_program 438.Pq Vt str 439Path to the DHCP client program 440.Pa ( /sbin/dhclient , 441the 442.Ox 443DHCP client, 444is the default). 445.It Va dhclient_flags 446.Pq Vt str 447Additional flags to pass to the DHCP client program. 448For the 449.Ox 450DHCP client, see the 451.Xr dhclient 8 452manpage for a description of the command line options available. 453.It Va dhclient_flags_ Ns Aq Ar iface 454Additional flags to pass to the DHCP client program running on 455.Ar iface 456only. 457When specified, this variable overrides 458.Va dhclient_flags . 459.It Va background_dhclient 460.Pq Vt bool 461Set to 462.Dq Li YES 463to start the DHCP client in background. 464This can cause trouble with applications depending on 465a working network, but it will provide a faster startup 466in many cases. 467.It Va background_dhclient_ Ns Aq Ar iface 468When specified, this variable overrides the 469.Va background_dhclient 470variable for interface 471.Ar iface 472only. 473.It Va synchronous_dhclient 474.Pq Vt bool 475Set to 476.Dq Li YES 477to start 478.Xr dhclient 8 479synchronously at startup. 480This behavior can be overridden on a per-interface basis by replacing 481the 482.Dq Li DHCP 483keyword in the 484.Va ifconfig_ Ns Aq Ar interface 485variable with 486.Dq Li SYNCDHCP 487or 488.Dq Li NOSYNCDHCP . 489.It Va defaultroute_delay 490.Pq Vt int 491When set to a positive value, wait up to this long after configuring 492DHCP interfaces at startup to give the interfaces time to receive a lease. 493.It Va firewall_enable 494.Pq Vt bool 495Set to 496.Dq Li YES 497to load firewall rules at startup. 498If the kernel was not built with 499.Cd "options IPFIREWALL" , 500the 501.Pa ipfw.ko 502kernel module will be loaded. 503See also 504.Va ipfilter_enable . 505.It Va firewall_script 506.Pq Vt str 507This variable specifies the full path to the firewall script to run. 508The default is 509.Pa /etc/rc.firewall . 510.It Va firewall_type 511.Pq Vt str 512Names the firewall type from the selection in 513.Pa /etc/rc.firewall , 514or the file which contains the local firewall ruleset. 515Valid selections from 516.Pa /etc/rc.firewall 517are: 518.Pp 519.Bl -tag -width ".Li simple" -compact 520.It Li open 521unrestricted IP access 522.It Li closed 523all IP services disabled, except via 524.Dq Li lo0 525.It Li client 526basic protection for a workstation 527.It Li simple 528basic protection for a LAN. 529.El 530.Pp 531If a filename is specified, the full path 532must be given. 533.It Va firewall_quiet 534.Pq Vt bool 535Set to 536.Dq Li YES 537to disable the display of firewall rules on the console during boot. 538.It Va firewall_logging 539.Pq Vt bool 540Set to 541.Dq Li YES 542to enable firewall event logging. 543This is equivalent to the 544.Dv IPFIREWALL_VERBOSE 545kernel option. 546.It Va firewall_logif 547.Pq Vt bool 548Set to 549.Dq Li YES 550to create pseudo interface 551.Li ipfw0 552for logging. 553For more details, see 554.Xr ipfw 8 555manual page. 556.It Va firewall_flags 557.Pq Vt str 558Flags passed to 559.Xr ipfw 8 560if 561.Va firewall_type 562specifies a filename. 563.It Va firewall_coscripts 564.Pq Vt str 565List of executables and/or rc scripts to run after firewall starts/stops. 566Default is empty. 567.\" ----- firewall_nat_enable setting -------------------------------- 568.It Va firewall_nat_enable 569.Pq Vt bool 570The 571.Xr ipfw 8 572equivalent of 573.Va natd_enable . 574Setting this to 575.Dq Li YES 576will automatically load the 577.Xr ipfw 8 578NAT kernel module if 579.Va firewall_enable 580is also set to 581.Dq Li YES . 582.It Va firewall_nat_interface 583.Pq Vt str 584The 585.Xr ipfw 8 586equivalent of 587.Va natd_interface . 588This is the name of the public interface or IP address on which 589kernel NAT should run. 590.It Va firewall_nat_flags 591.Pq Vt str 592Additional configuration parameters for kernel NAT should be placed here. 593.It Va firewall_nat64_enable 594.Pq Vt bool 595Setting this to 596.Dq Li YES 597will automatically load the 598.Xr ipfw 8 599NAT64 kernel module if 600.Va firewall_enable 601is also set to 602.Dq Li YES . 603.It Va firewall_nptv6_enable 604.Pq Vt bool 605Setting this to 606.Dq Li YES 607will automatically load the 608.Xr ipfw 8 609NPTv6 kernel module if 610.Va firewall_enable 611is also set to 612.Dq Li YES . 613.It Va firewall_pmod_enable 614.Pq Vt bool 615Setting this to 616.Dq Li YES 617will automatically load the 618.Xr ipfw 8 619pmod kernel module if 620.Va firewall_enable 621is also set to 622.Dq Li YES . 623.It Va dummynet_enable 624.Pq Vt bool 625Setting this to 626.Dq Li YES 627will automatically load the 628.Xr dummynet 4 629module if 630.Va firewall_enable 631is also set to 632.Dq Li YES . 633.\" ------------------------------------------------------------------- 634.It Va ipfw_netflow_enable 635.Pq Vt bool 636Setting this to 637.Dq Li YES 638will enable netflow logging via 639.Xr ng_netflow 4 640.Pp 641By default a ipfw rule is inserted and all packets are duplicated with 642the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 643port using protocol version 5. 644.It Va ipfw_netflow_hook 645.Pq Vt int 646netflow hook name, must be numerical 647(default 648.Pa 9995 ) . 649.It Va ipfw_netflow_rule 650.Pq Vt int 651ipfw rule number 652(default 653.Pa 1000 ) . 654.It Va ipfw_netflow_ip 655.Pq Vt str 656Destination server ip for receiving netflow data 657(default 658.Pa 127.0.0.1 ) . 659.It Va ipfw_netflow_port 660.Pq Vt int 661Destination server port for receiving netflow data 662(default 663.Pa 9995 ) . 664.It Va ipfw_netflow_version 665.Pq Vt int 666Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 667.It Va ipfw_netflow_fib 668.Pq Vt int 669Only match packet in FIB 670.Pa ipfw_netflow_fib 671(default is undefined meaning all FIBs). 672.It Va natd_program 673.Pq Vt str 674Path to 675.Xr natd 8 . 676.It Va natd_enable 677.Pq Vt bool 678Set to 679.Dq Li YES 680to enable 681.Xr natd 8 . 682.Va firewall_enable 683must also be set to 684.Dq Li YES , 685and 686.Xr divert 4 687sockets must be enabled in the kernel. 688If the kernel was not built with 689.Cd "options IPDIVERT" , 690the 691.Pa ipdivert.ko 692kernel module will be loaded. 693.It Va natd_interface 694.Pq Vt str 695This is the name of the public interface on which 696.Xr natd 8 697should run. 698The interface may be given as an interface name or as an IP address. 699.It Va natd_flags 700.Pq Vt str 701Additional 702.Xr natd 8 703flags should be placed here. 704The 705.Fl n 706or 707.Fl a 708flag is automatically added with the above 709.Va natd_interface 710as an argument. 711.\" ----- ipfilter_enable setting -------------------------------- 712.It Va ipfilter_enable 713.Pq Vt bool 714Set to 715.Dq Li NO 716by default. 717Setting this to 718.Dq Li YES 719enables 720.Xr ipf 8 721packet filtering. 722.Pp 723Typical usage will require putting 724.Bd -literal 725ipfilter_enable="YES" 726ipnat_enable="YES" 727ipmon_enable="YES" 728ipfs_enable="YES" 729.Ed 730.Pp 731into 732.Pa /etc/rc.conf 733and editing 734.Pa /etc/ipf.rules 735and 736.Pa /etc/ipnat.rules 737appropriately. 738.Pp 739Note that 740.Va ipfilter_enable 741and 742.Va ipnat_enable 743can be enabled independently. 744.Va ipmon_enable 745and 746.Va ipfs_enable 747both require at least one of 748.Va ipfilter_enable 749and 750.Va ipnat_enable 751to be enabled. 752.Pp 753Having 754.Bd -literal 755options IPFILTER 756options IPFILTER_LOG 757options IPFILTER_DEFAULT_BLOCK 758.Ed 759.Pp 760in the kernel configuration file is a good idea, too. 761.\" ----- ipfilter_program setting ------------------------------ 762.It Va ipfilter_program 763.Pq Vt str 764Path to 765.Xr ipf 8 766(default 767.Pa /sbin/ipf ) . 768.\" ----- ipfilter_rules setting -------------------------------- 769.It Va ipfilter_rules 770.Pq Vt str 771Set to 772.Pa /etc/ipf.rules 773by default. 774This variable contains the name of the filter rule definition file. 775The file is expected to be readable for the 776.Xr ipf 8 777command to execute. 778.\" ----- ipv6_ipfilter_rules setting --------------------------- 779.It Va ipv6_ipfilter_rules 780.Pq Vt str 781Set to 782.Pa /etc/ipf6.rules 783by default. 784This variable contains the IPv6 filter rule definition file. 785The file is expected to be readable for the 786.Xr ipf 8 787command to execute. 788.\" ----- ipfilter_flags setting -------------------------------- 789.It Va ipfilter_flags 790.Pq Vt str 791Empty by default. 792This variable contains flags passed to the 793.Xr ipf 8 794program. 795.\" ----- ipnat_enable setting ---------------------------------- 796.It Va ipnat_enable 797.Pq Vt bool 798Set to 799.Dq Li NO 800by default. 801Set it to 802.Dq Li YES 803to enable 804.Xr ipnat 8 805network address translation. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809.\" ----- ipnat_program setting --------------------------------- 810.It Va ipnat_program 811.Pq Vt str 812Path to 813.Xr ipnat 8 814(default 815.Pa /sbin/ipnat ) . 816.\" ----- ipnat_rules setting ----------------------------------- 817.It Va ipnat_rules 818.Pq Vt str 819Set to 820.Pa /etc/ipnat.rules 821by default. 822This variable contains the name of the file 823holding the network address translation definition. 824This file is expected to be readable for the 825.Xr ipnat 8 826command to execute. 827.\" ----- ipnat_flags setting ----------------------------------- 828.It Va ipnat_flags 829.Pq Vt str 830Empty by default. 831This variable contains flags passed to the 832.Xr ipnat 8 833program. 834.\" ----- ipmon_enable setting ---------------------------------- 835.It Va ipmon_enable 836.Pq Vt bool 837Set to 838.Dq Li NO 839by default. 840Set it to 841.Dq Li YES 842to enable 843.Xr ipmon 8 844monitoring (logging 845.Xr ipf 8 846and 847.Xr ipnat 8 848events). 849Setting this variable needs setting 850.Va ipfilter_enable 851or 852.Va ipnat_enable 853too. 854See 855.Va ipfilter_enable 856for a detailed discussion. 857.\" ----- ipmon_program setting --------------------------------- 858.It Va ipmon_program 859.Pq Vt str 860Path to 861.Xr ipmon 8 862(default 863.Pa /sbin/ipmon ) . 864.\" ----- ipmon_flags setting ----------------------------------- 865.It Va ipmon_flags 866.Pq Vt str 867Set to 868.Dq Li -Ds 869by default. 870This variable contains flags passed to the 871.Xr ipmon 8 872program. 873Another typical example would be 874.Dq Fl D Pa /var/log/ipflog 875to have 876.Xr ipmon 8 877log directly to a file bypassing 878.Xr syslogd 8 . 879Make sure to adjust 880.Pa /etc/newsyslog.conf 881in such case like this: 882.Bd -literal 883/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 884.Ed 885.\" ----- ipfs_enable setting ----------------------------------- 886.It Va ipfs_enable 887.Pq Vt bool 888Set to 889.Dq Li NO 890by default. 891Set it to 892.Dq Li YES 893to enable 894.Xr ipfs 8 895saving the filter and NAT state tables during shutdown 896and reloading them during startup again. 897Setting this variable needs setting 898.Va ipfilter_enable 899or 900.Va ipnat_enable 901to 902.Dq Li YES 903too. 904See 905.Va ipfilter_enable 906for a detailed discussion. 907Note that if 908.Va kern_securelevel 909is set to 3, 910.Va ipfs_enable 911cannot be used 912because the raised securelevel will prevent 913.Xr ipfs 8 914from saving the state tables at shutdown time. 915.\" ----- ipfs_program setting ---------------------------------- 916.It Va ipfs_program 917.Pq Vt str 918Path to 919.Xr ipfs 8 920(default 921.Pa /sbin/ipfs ) . 922.\" ----- ipfs_flags setting ------------------------------------ 923.It Va ipfs_flags 924.Pq Vt str 925Empty by default. 926This variable contains flags passed to the 927.Xr ipfs 8 928program. 929.\" ----- end of added ipf hook --------------------------------- 930.It Va pf_enable 931.Pq Vt bool 932Set to 933.Dq Li NO 934by default. 935Setting this to 936.Dq Li YES 937enables 938.Xr pf 4 939packet filtering. 940.Pp 941Typical usage will require putting 942.Pp 943.Dl pf_enable="YES" 944.Pp 945into 946.Pa /etc/rc.conf 947and editing 948.Pa /etc/pf.conf 949appropriately. 950Adding 951.Pp 952.Dl "device pf" 953.Pp 954builds support for 955.Xr pf 4 956into the kernel, otherwise the 957kernel module will be loaded. 958.It Va pf_rules 959.Pq Vt str 960Path to 961.Xr pf 4 962ruleset configuration file 963(default 964.Pa /etc/pf.conf ) . 965.It Va pf_program 966.Pq Vt str 967Path to 968.Xr pfctl 8 969(default 970.Pa /sbin/pfctl ) . 971.It Va pf_flags 972.Pq Vt str 973If 974.Va pf_enable 975is set to 976.Dq Li YES , 977these flags are passed to the 978.Xr pfctl 8 979program when loading the ruleset. 980.It Va pflog_enable 981.Pq Vt bool 982Set to 983.Dq Li NO 984by default. 985Setting this to 986.Dq Li YES 987enables 988.Xr pflogd 8 989which logs packets from the 990.Xr pf 4 991packet filter. 992.It Va pflog_logfile 993.Pq Vt str 994If 995.Va pflog_enable 996is set to 997.Dq Li YES 998this controls where 999.Xr pflogd 8 1000stores the logfile 1001(default 1002.Pa /var/log/pflog ) . 1003Check 1004.Pa /etc/newsyslog.conf 1005to adjust logfile rotation for this. 1006.It Va pflog_program 1007.Pq Vt str 1008Path to 1009.Xr pflogd 8 1010(default 1011.Pa /sbin/pflogd ) . 1012.It Va pflog_flags 1013.Pq Vt str 1014Empty by default. 1015This variable contains additional flags passed to the 1016.Xr pflogd 8 1017program. 1018.It Va pflog_instances 1019.Pq Vt str 1020If logging to more than one 1021.Xr pflog 4 1022interface is desired, 1023.Va pflog_instances 1024is set to the list of 1025.Xr pflogd 8 1026instances that should be started at system boot time. 1027If 1028.Va pflog_instances 1029is set, for each whitespace-separated 1030.Ar element 1031in the list, 1032.Ao Ar element Ac Ns Va _dev 1033and 1034.Ao Ar element Ac Ns Va _logfile 1035elements are assumed to exist. 1036.Ao Ar element Ac Ns Va _dev 1037must contain the 1038.Xr pflog 4 1039interface to be watched by the named 1040.Xr pflogd 8 1041instance. 1042.Ao Ar element Ac Ns Va _logfile 1043must contain the name of the logfile that will be used by the 1044.Xr pflogd 8 1045instance. 1046.It Va ftpproxy_enable 1047.Pq Vt bool 1048Set to 1049.Dq Li NO 1050by default. 1051Setting this to 1052.Dq Li YES 1053enables 1054.Xr ftp-proxy 8 1055which supports the 1056.Xr pf 4 1057packet filter in translating ftp connections. 1058.It Va ftpproxy_flags 1059.Pq Vt str 1060Empty by default. 1061This variable contains additional flags passed to the 1062.Xr ftp-proxy 8 1063program. 1064.It Va ftpproxy_instances 1065.Pq Vt str 1066Empty by default. 1067If multiple instances of 1068.Xr ftp-proxy 8 1069are desired at boot time, 1070.Va ftpproxy_instances 1071should contain a whitespace-separated list of instance names. 1072For each 1073.Ar element 1074in the list, a variable named 1075.Ao Ar element Ac Ns Va _flags 1076should be defined, containing the command-line flags to be passed to the 1077.Xr ftp-proxy 8 1078instance. 1079.It Va pfsync_enable 1080.Pq Vt bool 1081Set to 1082.Dq Li NO 1083by default. 1084Setting this to 1085.Dq Li YES 1086enables exposing 1087.Xr pf 4 1088state changes to other hosts over the network by means of 1089.Xr pfsync 4 . 1090The 1091.Va pfsync_syncdev 1092variable 1093must also be set then. 1094.It Va pfsync_syncdev 1095.Pq Vt str 1096Empty by default. 1097This variable specifies the name of the network interface 1098.Xr pfsync 4 1099should operate through. 1100It must be set accordingly if 1101.Va pfsync_enable 1102is set to 1103.Dq Li YES . 1104.It Va pfsync_syncpeer 1105.Pq Vt str 1106Empty by default. 1107This variable is optional. 1108By default, state change messages are sent out on the synchronisation 1109interface using IP multicast packets. 1110The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1111224.0.0.240. 1112When a peer address is specified using the 1113.Va pfsync_syncpeer 1114option, the peer address is used as a destination for the pfsync 1115traffic, and the traffic can then be protected using 1116.Xr ipsec 4 . 1117See the 1118.Xr pfsync 4 1119manpage for more details about using 1120.Xr ipsec 4 1121with 1122.Xr pfsync 4 1123interfaces. 1124.It Va pfsync_ifconfig 1125.Pq Vt str 1126Empty by default. 1127This variable can contain additional options to be passed to the 1128.Xr ifconfig 8 1129command used to set up 1130.Xr pfsync 4 . 1131.It Va tcp_extensions 1132.Pq Vt bool 1133Set to 1134.Dq Li YES 1135by default. 1136Setting this to 1137.Dq Li NO 1138disables certain TCP options as described by 1139.Rs 1140.%T "RFC 1323" 1141.Re 1142Setting this to 1143.Dq Li NO 1144might help remedy such problems with connections as randomly hanging 1145or other weird behavior. 1146Some network devices are known 1147to be broken with respect to these options. 1148.It Va log_in_vain 1149.Pq Vt int 1150Set to 0 by default. 1151The 1152.Xr sysctl 8 1153variables, 1154.Va net.inet.tcp.log_in_vain 1155and 1156.Va net.inet.udp.log_in_vain , 1157as described in 1158.Xr tcp 4 1159and 1160.Xr udp 4 , 1161are set to the given value. 1162.It Va tcp_keepalive 1163.Pq Vt bool 1164Set to 1165.Dq Li YES 1166by default. 1167Setting to 1168.Dq Li NO 1169will disable probing idle TCP connections to verify that the 1170peer is still up and reachable. 1171.It Va tcp_drop_synfin 1172.Pq Vt bool 1173Set to 1174.Dq Li NO 1175by default. 1176Setting to 1177.Dq Li YES 1178will cause the kernel to ignore TCP frames that have both 1179the SYN and FIN flags set. 1180This prevents OS fingerprinting, but may 1181break some legitimate applications. 1182.It Va icmp_drop_redirect 1183.Pq Vt bool 1184Set to 1185.Dq Li NO 1186by default. 1187Setting to 1188.Dq Li YES 1189will cause the kernel to ignore ICMP REDIRECT packets. 1190Refer to 1191.Xr icmp 4 1192for more information. 1193.It Va icmp_log_redirect 1194.Pq Vt bool 1195Set to 1196.Dq Li NO 1197by default. 1198Setting to 1199.Dq Li YES 1200will cause the kernel to log ICMP REDIRECT packets. 1201Note that 1202the log messages are not rate-limited, so this option should only be used 1203for troubleshooting networks. 1204Refer to 1205.Xr icmp 4 1206for more information. 1207.It Va icmp_bmcastecho 1208.Pq Vt bool 1209Set to 1210.Dq Li YES 1211to respond to broadcast or multicast ICMP ping packets. 1212Refer to 1213.Xr icmp 4 1214for more information. 1215.It Va ip_portrange_first 1216.Pq Vt int 1217If not set to 1218.Dq Li NO , 1219this is the first port in the default portrange. 1220Refer to 1221.Xr ip 4 1222for more information. 1223.It Va ip_portrange_last 1224.Pq Vt int 1225If not set to 1226.Dq Li NO , 1227this is the last port in the default portrange. 1228Refer to 1229.Xr ip 4 1230for more information. 1231.It Va network_interfaces 1232.Pq Vt str 1233Set to the list of network interfaces to configure on this host or 1234.Dq Li AUTO 1235(the default) for all current interfaces. 1236Setting the 1237.Va network_interfaces 1238variable to anything other than the default is deprecated. 1239Interfaces that the administrator wishes to store configuration for, 1240but not start at boot should be configured with the 1241.Dq Li NOAUTO 1242keyword in their 1243.Va ifconfig_ Ns Aq Ar interface 1244variables as described below. 1245.Pp 1246An 1247.Va ifconfig_ Ns Aq Ar interface 1248variable is also assumed to exist for each value of 1249.Ar interface . 1250When an interface name contains any of the characters 1251.Dq Li .-/+ 1252they are translated to 1253.Dq Li _ 1254before lookup. 1255The variable can contain arguments to 1256.Xr ifconfig 8 , 1257as well as special case-insensitive keywords described below. 1258Such keywords are removed before passing the value to 1259.Xr ifconfig 8 1260while the order of the other arguments is preserved. 1261.Pp 1262It is possible to add IP alias entries using 1263.Xr ifconfig 8 1264syntax with the address family keyword such as 1265.Li inet . 1266Assuming that the interface in question was 1267.Li em0 , 1268it might look something like this: 1269.Bd -literal 1270ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1271ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1272.Ed 1273.Pp 1274It also possible to configure multiple IP addresses in Classless 1275Inter-Domain Routing 1276.Pq CIDR 1277address notation, 1278whose each address component can be a range like 1279.Li inet 192.0.2.5-23/24 1280or 1281.Li inet6 2001:db8:1-f::1/64 . 1282This notation allows address and prefix length part only, 1283not the other address modifiers. 1284Note that the maximum number of the generated addresses from a range 1285specification is limited to an integer value specified in 1286.Va netif_ipexpand_max 1287in 1288.Nm 1289because a small typo can unexpectedly generate a large number of addresses. 1290The default value is 1291.Li 2048 . 1292It can be increased by adding the following line into 1293.Nm : 1294.Bd -literal 1295netif_ipexpand_max="4096" 1296.Ed 1297.Pp 1298In the case of 1299.Li 192.0.2.5-23/24 , 1300the address 192.0.2.5 will be configured with the 1301netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1302the non-conflicting netmask /32 as explained in the 1303.Xr ifconfig 8 1304alias section. 1305Note that this special netmask handling is only for 1306.Li inet , 1307not for the other address families such as 1308.Li inet6 . 1309.Pp 1310With the interface in question being 1311.Li em0 , 1312an example could look like: 1313.Bd -literal 1314ifconfig_em0_alias2="inet 192.0.2.129/27" 1315ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1316.Ed 1317.Pp 1318and so on. 1319.Pp 1320Note that deprecated 1321.Va ipv4_addrs_ Ns Aq Ar interface 1322variable was supported for IPv4 CIDR address notation. 1323The 1324.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1325variable replaces it, though 1326.Va ipv4_addrs_ Ns Aq Ar interface 1327is still supported for backward compatibility. 1328.Pp 1329For each 1330.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1331entry with an address family keyword, 1332its contents are passed to 1333.Xr ifconfig 8 . 1334Execution stops at the first unsuccessful access, so if 1335something like this is present: 1336.Bd -literal 1337ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1338ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1339ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1340ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1341.Ed 1342.Pp 1343Then note that alias4 would 1344.Em not 1345be added since the search would 1346stop with the missing 1347.Dq Li alias3 1348entry. 1349Because of this difficult to manage behavior, 1350there is 1351.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1352variable, which has the same functionality as 1353.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1354and can have all of entries in a variable like the following: 1355.Bd -literal 1356ifconfig_em0_aliases="\\ 1357 inet 127.0.0.251 netmask 0xffffffff \\ 1358 inet 127.0.0.252 netmask 0xffffffff \\ 1359 inet 127.0.0.253 netmask 0xffffffff \\ 1360 inet 127.0.0.254 netmask 0xffffffff" 1361.Ed 1362.Pp 1363It also supports CIDR notation. 1364.Pp 1365If the 1366.Pa /etc/start_if. Ns Aq Ar interface 1367file is present, it is read and executed by the 1368.Xr sh 1 1369interpreter 1370before configuring the interface as specified in the 1371.Va ifconfig_ Ns Aq Ar interface 1372and 1373.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1374variables. 1375.Pp 1376If a 1377.Va vlans_ Ns Aq Ar interface 1378variable is set, 1379a 1380.Xr vlan 4 1381interface will be created for each item in the list with the 1382.Ar vlandev 1383argument set to 1384.Ar interface . 1385If a vlan interface's name is a number, 1386then that number is used as the vlan tag and the new vlan interface is 1387named 1388.Ar interface . Ns Ar tag . 1389Otherwise, 1390the vlan tag must be specified via a 1391.Va vlan 1392parameter in the 1393.Va create_args_ Ns Aq Ar interface 1394variable. 1395.Pp 1396To create a vlan device named 1397.Li em0.101 1398on 1399.Li em0 1400with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1401.Bd -literal 1402vlans_em0="101" 1403ifconfig_em0_101="inet 192.0.2.1/24" 1404.Ed 1405.Pp 1406To create a vlan device named 1407.Li myvlan 1408on 1409.Li em0 1410with the vlan tag 102: 1411.Bd -literal 1412vlans_em0="myvlan" 1413create_args_myvlan="vlan 102" 1414.Ed 1415.Pp 1416If a 1417.Va wlans_ Ns Aq Ar interface 1418variable is set, 1419an 1420.Xr wlan 4 1421interface will be created for each item in the list with the 1422.Ar wlandev 1423argument set to 1424.Ar interface . 1425Further wlan cloning arguments may be passed to the 1426.Xr ifconfig 8 1427.Cm create 1428command by setting the 1429.Va create_args_ Ns Aq Ar interface 1430variable. 1431One or more 1432.Xr wlan 4 1433devices must be created for each wireless devices as of 1434.Fx 8.0 . 1435Debugging flags for 1436.Xr wlan 4 1437devices as set by 1438.Xr wlandebug 8 1439may be specified with an 1440.Va wlandebug_ Ns Aq Ar interface 1441variable. 1442The contents of this variable will be passed directly to 1443.Xr wlandebug 8 . 1444.Pp 1445If the 1446.Va ifconfig_ Ns Aq Ar interface 1447contains the keyword 1448.Dq Li NOAUTO 1449then the interface will not be configured 1450at boot or by 1451.Pa /etc/pccard_ether 1452when 1453.Va network_interfaces 1454is set to 1455.Dq Li AUTO . 1456.Pp 1457It is possible to bring up an interface with DHCP by adding 1458.Dq Li DHCP 1459to the 1460.Va ifconfig_ Ns Aq Ar interface 1461variable. 1462For instance, to initialize the 1463.Li em0 1464device via DHCP, 1465it is possible to use something like: 1466.Bd -literal 1467ifconfig_em0="DHCP" 1468.Ed 1469.Pp 1470If you want to configure your wireless interface with 1471.Xr wpa_supplicant 8 1472for use with WPA, EAP/LEAP or WEP, you need to add 1473.Dq Li WPA 1474to the 1475.Va ifconfig_ Ns Aq Ar interface 1476variable. 1477.Pp 1478On the other hand, if you want to configure your wireless interface with 1479.Xr hostapd 8 , 1480you need to add 1481.Dq Li HOSTAP 1482to the 1483.Va ifconfig_ Ns Aq Ar interface 1484variable. 1485.Xr hostapd 8 1486will use the settings from 1487.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1488.Pp 1489Finally, you can add 1490.Xr ifconfig 8 1491options in this variable, in addition to the 1492.Pa /etc/start_if. Ns Aq Ar interface 1493file. 1494For instance, to configure an 1495.Xr ath 4 1496wireless device in station mode with an address obtained 1497via DHCP, using WPA authentication and 802.11b mode, it is 1498possible to use something like: 1499.Bd -literal 1500wlans_ath0="wlan0" 1501ifconfig_wlan0="DHCP WPA mode 11b" 1502.Ed 1503.Pp 1504In addition to the 1505.Va ifconfig_ Ns Aq Ar interface 1506form, a fallback variable 1507.Va ifconfig_DEFAULT 1508may be configured. 1509It will be used for all interfaces with no 1510.Va ifconfig_ Ns Aq Ar interface 1511variable. 1512This is intended to replace the no longer supported 1513.Va pccard_ifconfig 1514variable. 1515.Pp 1516It is also possible to rename an interface by doing: 1517.Bd -literal 1518ifconfig_em0_name="net0" 1519ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1520.Ed 1521.It Va ipv6_enable 1522.Pq Vt bool 1523This variable is deprecated. 1524Use 1525.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1526and 1527.Va ipv6_activate_all_interfaces 1528if necessary. 1529.Pp 1530If the variable is 1531.Dq Li YES , 1532.Dq Li inet6 accept_rtadv 1533is added to all of 1534.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1535and the 1536.Va ipv6_activate_all_interfaces 1537is defined as 1538.Dq Li YES . 1539.It Va ipv6_prefer 1540.Pq Vt bool 1541This variable is deprecated. 1542Use 1543.Va ip6addrctl_policy 1544instead. 1545.Pp 1546If the variable is 1547.Dq Li YES , 1548the default address selection policy table set by 1549.Xr ip6addrctl 8 1550will be IPv6-preferred. 1551.Pp 1552If the variable is 1553.Dq Li NO , 1554the default address selection policy table set by 1555.Xr ip6addrctl 8 1556will be IPv4-preferred. 1557.It Va ipv6_activate_all_interfaces 1558.Pq Vt bool 1559This controls initial configuration on IPv6-capable 1560interfaces with no corresponding 1561.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1562variable. 1563Note that it is not always necessary to set this variable to 1564.Dq YES 1565to use IPv6 functionality on 1566.Fx . 1567In most cases, just configuring 1568.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1569variables works. 1570.Pp 1571If the variable is 1572.Dq Li NO , 1573all interfaces which do not have a corresponding 1574.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1575variable will be marked as 1576.Dq Li IFDISABLED 1577at creation. 1578This means that all of IPv6 functionality on that interface 1579is completely disabled to enforce a security policy. 1580If the variable is set to 1581.Dq YES , 1582the flag will be cleared on all of the interfaces. 1583.Pp 1584In most cases, just defining an 1585.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1586for an IPv6-capable interface should be sufficient. 1587However, if an interface is added dynamically 1588.Pq by some tunneling protocols such as PPP, for example , 1589it is often difficult to define the variable in advance. 1590In such a case, configuring the 1591.Dq Li IFDISABLED 1592flag can be disabled by setting this variable to 1593.Dq YES . 1594.Pp 1595For more details of the 1596.Dq Li IFDISABLED 1597flag and keywords 1598.Dq Li inet6 ifdisabled , 1599see 1600.Xr ifconfig 8 . 1601.Pp 1602Default is 1603.Dq Li NO . 1604.It Va ipv6_privacy 1605.Pq Vt bool 1606If the variable is 1607.Dq Li YES 1608privacy addresses will be generated for each IPv6 1609interface as described in RFC 4941. 1610.It Va ipv6_network_interfaces 1611.Pq Vt str 1612This is the IPv6 equivalent of 1613.Va network_interfaces . 1614Normally manual configuration of this variable is not needed. 1615.It Va ipv6_cpe_wanif 1616.Pq Vt str 1617If the variable is set to an interface name, 1618the 1619.Xr ifconfig 8 1620options 1621.Dq inet6 -no_radr accept_rtadv 1622will be added to the specified interface automatically before evaluating 1623.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1624and two 1625.Xr sysctl 8 1626variables 1627.Va net.inet6.ip6.rfc6204w3 1628and 1629.Va net.inet6.ip6.no_radr 1630will be set to 1. 1631.Pp 1632This means the specified interface will accept ICMPv6 Router 1633Advertisement messages on that link and add the discovered 1634routers into the Default Router List. 1635While the other interfaces can still accept RA messages if the 1636.Dq inet6 accept_rtadv 1637option is specified, adding 1638routes into the Default Router List will be disabled by 1639.Dq inet6 no_radr 1640option by default. 1641See 1642.Xr ifconfig 8 1643for more details. 1644.Pp 1645Note that ICMPv6 Router Advertisement messages will be 1646accepted even when 1647.Va net.inet6.ip6.forwarding 1648is 1 1649.Pq packet forwarding is enabled 1650when 1651.Va net.inet6.ip6.rfc6204w3 1652is set to 1. 1653.Pp 1654Default is 1655.Dq Li NO . 1656.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1657.Pq Vt str 1658This assigns arbitrary description to an interface. 1659The 1660.Xr sysctl 8 1661variable 1662.Va net.ifdescr_maxlen 1663limits its length. 1664This static setting may be overridden by commands 1665started with dynamic interface configuration utilities 1666like 1667.Xr dhclient 8 1668hooks. The description can be seen with 1669.Xr ifconfig 8 1670command and it may be exported with 1671.Xr bsnmpd 1 1672daemon using its MIB-2 module. 1673.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1674.Pq Vt str 1675IPv6 functionality on an interface should be configured by 1676.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1677instead of setting ifconfig parameters in 1678.Va ifconfig_ Ns Aq Ar interface . 1679If this variable is empty, all of IPv6 configurations on the 1680specified interface by other variables such as 1681.Va ipv6_prefix_ Ns Ao Ar interface Ac 1682will be ignored. 1683.Pp 1684Aliases should be set by 1685.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1686with 1687.Dq Li inet6 1688keyword. 1689For example: 1690.Bd -literal 1691ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1692ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1693.Ed 1694.Pp 1695Interfaces that have an 1696.Dq Li inet6 accept_rtadv 1697keyword in 1698.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1699setting will be automatically configured by SLAAC 1700.Pq StateLess Address AutoConfiguration 1701described in 1702.Rs 1703.%T "RFC 4862" 1704.Re 1705.Pp 1706Note that a link-local address will be automatically configured in 1707addition to the configured global-scope addresses because the IPv6 1708specifications require it on each link. 1709The address is calculated from the MAC address by using an algorithm 1710defined in 1711.Rs 1712.%T "RFC 4862" 1713.%O "Section 5.3" 1714.Re 1715.Pp 1716If only a link-local address is needed on the interface, 1717the following configuration can be used: 1718.Bd -literal 1719ifconfig_em0_ipv6="inet6 auto_linklocal" 1720.Ed 1721.Pp 1722A link-local address can also be configured manually. 1723This is useful for the default router address of an IPv6 router 1724so that it does not change when the network interface 1725card is replaced. 1726For example: 1727.Bd -literal 1728ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1729.Ed 1730.It Va ipv6_prefix_ Ns Aq Ar interface 1731.Pq Vt str 1732If one or more prefixes are defined in 1733.Va ipv6_prefix_ Ns Aq Ar interface 1734addresses based on each prefix and the EUI-64 interface index will be 1735configured on that interface. 1736Note that this variable will be ignored when 1737.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1738is empty. 1739.Pp 1740For example, the following configuration 1741.Bd -literal 1742ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1743.Ed 1744.Pp 1745is equivalent to the following: 1746.Bd -literal 1747ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1748ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1749ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1750ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1751.Ed 1752.Pp 1753These Subnet-Router anycast addresses will be added only when 1754.Va ipv6_gateway_enable 1755is YES. 1756.It Va ipv6_default_interface 1757.Pq Vt str 1758If not set to 1759.Dq Li NO , 1760this is the default output interface for scoped addresses. 1761This works only with ipv6_gateway_enable="NO". 1762.It Va ip6addrctl_enable 1763.Pq Vt bool 1764This variable is to enable configuring default address selection policy table 1765.Pq RFC 3484 . 1766The table can be specified in another variable 1767.Va ip6addrctl_policy . 1768For 1769.Va ip6addrctl_policy 1770the following keywords can be specified: 1771.Dq Li ipv4_prefer , 1772.Dq Li ipv6_prefer , 1773or 1774.Dq Li AUTO . 1775.Pp 1776If 1777.Dq Li ipv4_prefer 1778or 1779.Dq Li ipv6_prefer 1780is specified, 1781.Xr ip6addrctl 8 1782installs a pre-defined policy table described in Section 10.3 1783.Pq IPv4-preferred 1784or 2.1 1785.Pq IPv6-preferred 1786of RFC 3484. 1787.Pp 1788If 1789.Dq Li AUTO 1790is specified, it attempts to read a file 1791.Pa /etc/ip6addrctl.conf 1792first. 1793If this file is found, 1794.Xr ip6addrctl 8 1795reads and installs it. 1796If not found, a policy is automatically set 1797according to 1798.Va ipv6_activate_all_interfaces 1799variable; if the variable is set to 1800.Dq Li YES 1801the IPv6-preferred one is used. 1802Otherwise IPv4-preferred. 1803.Pp 1804The default value of 1805.Va ip6addrctl_enable 1806and 1807.Va ip6addrctl_policy 1808are 1809.Dq Li YES 1810and 1811.Dq Li AUTO , 1812respectively. 1813.It Va cloned_interfaces 1814.Pq Vt str 1815Set to the list of clonable network interfaces to create on this host. 1816Further cloning arguments may be passed to the 1817.Xr ifconfig 8 1818.Cm create 1819command for each interface by setting the 1820.Va create_args_ Ns Aq Ar interface 1821variable. 1822If an interface name is specified with 1823.Dq :sticky 1824keyword, 1825the interface will not be destroyed even when 1826.Pa rc.d/netif 1827script is invoked with 1828.Dq stop 1829argument. 1830This is useful when reconfiguring the interface without destroying it. 1831Entries in 1832.Va cloned_interfaces 1833are automatically appended to 1834.Va network_interfaces 1835for configuration. 1836.It Va cloned_interfaces_sticky 1837.Pq Vt bool 1838This variable is to globally enable functionality of 1839.Dq :sticky 1840keyword in 1841.Va cloned_interfaces 1842for all interfaces. 1843The default value is 1844.Dq NO . 1845Even if this variable is specified to 1846.Dq YES , 1847.Dq :nosticky 1848keyword can be used to override it on per interface basis. 1849.It Va gif_interfaces 1850.Pq Vt str 1851This variable is deprecated in favor of 1852.Va cloned_interfaces . 1853Set to the list of 1854.Xr gif 4 1855tunnel interfaces to configure on this host. 1856For each 1857.Xr gif 1858tunnel interface, set a variable named 1859.Va ifconfig_ Ns Aq Ar interface 1860with the parameters for the 1861.Xr ifconfig 8 1862command to configure the link level for 1863.Ar interface 1864with the 1865.Cm tunnel 1866option. 1867The value of this variable is used to configure the link layer of the 1868tunnel using the 1869.Cm tunnel 1870option to 1871.Xr ifconfig . 1872For example, configure two 1873.Xr gif 1874interfaces with: 1875.Bd -literal -offset indent 1876gif_interfaces="gif0 gif1" 1877ifconfig_gif0="tunnel src_addr0 dst_addr0" 1878ifconfig_gif1="tunnel src_addr1 dst_addr1" 1879.Ed 1880.Pp 1881Additionally, this option ensures that each listed interface is created 1882via the 1883.Cm create 1884option to 1885.Xr ifconfig . 1886This example also works with 1887.Va cloned_interfaces 1888instead of 1889.Va gif_interfaces . 1890.It Va sppp_interfaces 1891.Pq Vt str 1892Set to the list of 1893.Xr sppp 4 1894interfaces to configure on this host. 1895A 1896.Va spppconfig_ Ns Aq Ar interface 1897variable is assumed to exist for each value of 1898.Ar interface . 1899Each interface should also be configured by a general 1900.Va ifconfig_ Ns Aq Ar interface 1901setting. 1902Refer to 1903.Xr spppcontrol 8 1904for more information about available options. 1905.It Va ppp_enable 1906.Pq Vt bool 1907If set to 1908.Dq Li YES , 1909run the 1910.Xr ppp 8 1911daemon. 1912.It Va ppp_profile 1913.Pq Vt str 1914The name of the profile to use from 1915.Pa /etc/ppp/ppp.conf . 1916Also used for per-profile overrides of 1917.Va ppp_mode 1918and 1919.Va ppp_nat , 1920and 1921.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1922When the profile name contains any of the characters 1923.Dq Li .-/+ 1924they are translated to 1925.Dq Li _ 1926for the proposes of the override variable names. 1927.It Va ppp_mode 1928.Pq Vt str 1929Mode in which to run the 1930.Xr ppp 8 1931daemon. 1932.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1933.Pq Vt str 1934Overrides the global 1935.Va ppp_mode 1936for 1937.Ar profile . 1938Accepted modes are 1939.Dq Li auto , 1940.Dq Li ddial , 1941.Dq Li direct 1942and 1943.Dq Li dedicated . 1944See the manual for a full description. 1945.It Va ppp_nat 1946.Pq Vt bool 1947If set to 1948.Dq Li YES , 1949enables network address translation. 1950Used in conjunction with 1951.Va gateway_enable 1952allows hosts on private network addresses access to the Internet using 1953this host as a network address translating router. 1954.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1955.Pq Vt str 1956Overrides the global 1957.Va ppp_nat 1958for 1959.Ar profile . 1960.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1961.Pq Vt int 1962Set the unit number to be used for this profile. 1963See the manual description of 1964.Fl unit Ns Ar N 1965for details. 1966.It Va ppp_user 1967.Pq Vt str 1968The name of the user under which 1969.Xr ppp 8 1970should be started. 1971By 1972default, 1973.Xr ppp 8 1974is started as 1975.Dq Li root . 1976.It Va rc_conf_files 1977.Pq Vt str 1978This option is used to specify a list of files that will override 1979the settings in 1980.Pa /etc/defaults/rc.conf . 1981The files will be read in the order in which they are specified and should 1982include the full path to the file. 1983By default, the files specified are 1984.Pa /etc/rc.conf 1985and 1986.Pa /etc/rc.conf.local 1987.It Va zfs_enable 1988.Pq Vt bool 1989If set to 1990.Dq Li YES , 1991.Pa /etc/rc.d/zfs 1992will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1993(ZVOLs). 1994.It Va gptboot_enable 1995.Pq Vt bool 1996If set to 1997.Dq Li YES , 1998.Pa /etc/rc.d/gptboot 1999will log if the system successfully (or not) booted from a GPT partition, 2000which had the 2001.Ar bootonce 2002attribute set using 2003.Xr gpart 8 2004utility. 2005.It Va gbde_autoattach_all 2006.Pq Vt bool 2007If set to 2008.Dq Li YES , 2009.Pa /etc/rc.d/gbde 2010will attempt to automatically initialize your .bde devices in 2011.Pa /etc/fstab . 2012.It Va gbde_devices 2013.Pq Vt str 2014List the devices that the script should try to attach, 2015or 2016.Dq Li AUTO . 2017.It Va gbde_lockdir 2018.Pq Vt str 2019The directory where the 2020.Xr gbde 4 2021lockfiles are located. 2022The default lockfile directory is 2023.Pa /etc . 2024.Pp 2025The lockfile for each individual 2026.Xr gbde 4 2027device can be overridden by setting the variable 2028.Va gbde_lock_ Ns Aq Ar device , 2029where 2030.Ar device 2031is the encrypted device without the 2032.Dq Pa /dev/ 2033and 2034.Dq Pa .bde 2035parts. 2036.It Va gbde_attach_attempts 2037.Pq Vt int 2038Number of times to attempt attaching to a 2039.Xr gbde 4 2040device, i.e., how many times the user is asked for the pass-phrase. 2041Default is 3. 2042.It Va geli_devices 2043.Pq Vt str 2044List of devices to automatically attach on boot. 2045Note that .eli devices from 2046.Pa /etc/fstab 2047are automatically appended to this list. 2048.It Va geli_groups 2049.Pq Vt str 2050List of groups containing devices to automatically attach on boot with the same 2051keyfiles and passphrase. 2052This must be accompanied with a corresponding 2053.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2054variable. 2055.It Va geli_tries 2056.Pq Vt int 2057Number of times user is asked for the pass-phrase. 2058If empty, it will be taken from 2059.Va kern.geom.eli.tries 2060sysctl variable. 2061.It Va geli_default_flags 2062.Pq Vt str 2063Default flags to use by 2064.Xr geli 8 2065when configuring disk encryption. 2066Flags can be configured for every device separately by defining the 2067.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2068variable, and for every group separately by defining the 2069.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2070variable. 2071.It Va geli_autodetach 2072.Pq Vt str 2073Specifies if GELI devices should be marked for detach on last close after 2074file systems are mounted. 2075Default is 2076.Dq Li YES . 2077This can be changed for every device separately by defining the 2078.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2079variable. 2080.It Va root_rw_mount 2081.Pq Vt bool 2082Set to 2083.Dq Li YES 2084by default. 2085After the file systems are checked at boot time, the root file system 2086is remounted as read-write if this is set to 2087.Dq Li YES . 2088Diskless systems that mount their root file system from a read-only remote 2089NFS share should set this to 2090.Dq Li NO 2091in their 2092.Pa rc.conf . 2093.It Va fsck_y_enable 2094.Pq Vt bool 2095If set to 2096.Dq Li YES , 2097.Xr fsck 8 2098will be run with the 2099.Fl y 2100flag if the initial preen 2101of the file systems fails. 2102.It Va background_fsck 2103.Pq Vt bool 2104If set to 2105.Dq Li NO , 2106the system will not attempt to run 2107.Xr fsck 8 2108in the background where possible. 2109.It Va background_fsck_delay 2110.Pq Vt int 2111The amount of time in seconds to sleep before starting a background 2112.Xr fsck 8 . 2113It defaults to sixty seconds to allow large applications such as 2114the X server to start before disk I/O bandwidth is monopolized by 2115.Xr fsck 8 . 2116If set to a negative number, the background file system check will be 2117delayed indefinitely to allow the administrator to run it at a more 2118convenient time. 2119For example it may be run from 2120.Xr cron 8 2121by adding a line like 2122.Pp 2123.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2124.Pp 2125to 2126.Pa /etc/crontab . 2127.It Va netfs_types 2128.Pq Vt str 2129List of file system types that are network-based. 2130This list should generally not be modified by end users. 2131Use 2132.Va extra_netfs_types 2133instead. 2134.It Va extra_netfs_types 2135.Pq Vt str 2136If set to something other than 2137.Dq Li NO 2138(the default), 2139this variable extends the list of file system types 2140for which automatic mounting at startup by 2141.Xr rc 8 2142should be delayed until the network is initialized. 2143It should contain 2144a whitespace-separated list of network file system descriptor pairs, 2145each consisting of a file system type as passed to 2146.Xr mount 8 2147and a human-readable, one-word description, 2148joined with a colon 2149.Pq Ql \&: . 2150Extending the default list in this way is only necessary 2151when third party file system types are used. 2152.It Va syslogd_enable 2153.Pq Vt bool 2154If set to 2155.Dq Li YES , 2156run the 2157.Xr syslogd 8 2158daemon. 2159.It Va syslogd_program 2160.Pq Vt str 2161Path to 2162.Xr syslogd 8 2163(default 2164.Pa /usr/sbin/syslogd ) . 2165.It Va syslogd_flags 2166.Pq Vt str 2167If 2168.Va syslogd_enable 2169is set to 2170.Dq Li YES , 2171these are the flags to pass to 2172.Xr syslogd 8 . 2173.It Va inetd_enable 2174.Pq Vt bool 2175If set to 2176.Dq Li YES , 2177run the 2178.Xr inetd 8 2179daemon. 2180.It Va inetd_program 2181.Pq Vt str 2182Path to 2183.Xr inetd 8 2184(default 2185.Pa /usr/sbin/inetd ) . 2186.It Va inetd_flags 2187.Pq Vt str 2188If 2189.Va inetd_enable 2190is set to 2191.Dq Li YES , 2192these are the flags to pass to 2193.Xr inetd 8 . 2194.It Va hastd_enable 2195.Pq Vt bool 2196If set to 2197.Dq Li YES , 2198run the 2199.Xr hastd 8 2200daemon. 2201.It Va hastd_program 2202.Pq Vt str 2203Path to 2204.Xr hastd 8 2205(default 2206.Pa /sbin/hastd ) . 2207.It Va hastd_flags 2208.Pq Vt str 2209If 2210.Va hastd_enable 2211is set to 2212.Dq Li YES , 2213these are the flags to pass to 2214.Xr hastd 8 . 2215.It Va local_unbound_enable 2216.Pq Vt bool 2217If set to 2218.Dq Li YES , 2219run the 2220.Xr unbound 8 2221daemon as a local caching resolver. 2222.It Va kdc_enable 2223.Pq Vt bool 2224Set to 2225.Dq Li YES 2226to start a Kerberos 5 authentication server 2227at boot time. 2228.It Va kdc_program 2229.Pq Vt str 2230If 2231.Va kdc_enable 2232is set to 2233.Dq Li YES 2234this is the path to Kerberos 5 Authentication Server. 2235.It Va kdc_flags 2236.Pq Vt str 2237Empty by default. 2238This variable contains additional flags to be passed to the Kerberos 5 2239authentication server. 2240.It Va kadmind_enable 2241.Pq Vt bool 2242Set to 2243.Dq Li YES 2244to start 2245.Xr kadmind 8 , 2246the Kerberos 5 Administration Daemon; set to 2247.Dq Li NO 2248on a slave server. 2249.It Va kadmind_program 2250.Pq Vt str 2251If 2252.Va kadmind_enable 2253is set to 2254.Dq Li YES 2255this is the path to Kerberos 5 Administration Daemon. 2256.It Va kpasswdd_enable 2257.Pq Vt bool 2258Set to 2259.Dq Li YES 2260to start 2261.Xr kpasswdd 8 , 2262the Kerberos 5 Password-Changing Daemon; set to 2263.Dq Li NO 2264on a slave server. 2265.It Va kpasswdd_program 2266.Pq Vt str 2267If 2268.Va kpasswdd_enable 2269is set to 2270.Dq Li YES 2271this is the path to Kerberos 5 Password-Changing Daemon. 2272.It Va kfd_enable 2273.Pq Vt bool 2274Set to 2275.Dq Li YES 2276to start 2277.Xr kfd 8 , 2278the Kerberos 5 ticket forwarding daemon, at the boot time. 2279.It Va kfd_program 2280.Pq Vt str 2281Path to 2282.Xr kfd 8 2283(default 2284.Pa /usr/libexec/kfd ) . 2285.It Va rwhod_enable 2286.Pq Vt bool 2287If set to 2288.Dq Li YES , 2289run the 2290.Xr rwhod 8 2291daemon at boot time. 2292.It Va rwhod_flags 2293.Pq Vt str 2294If 2295.Va rwhod_enable 2296is set to 2297.Dq Li YES , 2298these are the flags to pass to it. 2299.It Va amd_enable 2300.Pq Vt bool 2301If set to 2302.Dq Li YES , 2303run the 2304.Xr amd 8 2305daemon at boot time. 2306.It Va amd_flags 2307.Pq Vt str 2308If 2309.Va amd_enable 2310is set to 2311.Dq Li YES , 2312these are the flags to pass to it. 2313See the 2314.Xr amd 8 2315manpage for more information. 2316.It Va amd_map_program 2317.Pq Vt str 2318If set, 2319the specified program is run to get the list of 2320.Xr amd 8 2321maps. 2322For example, if the 2323.Xr amd 8 2324maps are stored in NIS, one can set this to 2325run 2326.Xr ypcat 1 2327to get a list of 2328.Xr amd 8 2329maps from the 2330.Pa amd.master 2331NIS map. 2332.It Va update_motd 2333.Pq Vt bool 2334If set to 2335.Dq Li YES , 2336.Pa /etc/motd 2337will be updated at boot time to reflect the kernel release 2338being run. 2339If set to 2340.Dq Li NO , 2341.Pa /etc/motd 2342will not be updated. 2343.It Va nfs_client_enable 2344.Pq Vt bool 2345If set to 2346.Dq Li YES , 2347run the NFS client daemons at boot time. 2348.It Va nfs_access_cache 2349.Pq Vt int 2350If 2351.Va nfs_client_enable 2352is set to 2353.Dq Li YES , 2354this can be set to 2355.Dq Li 0 2356to disable NFS ACCESS RPC caching, or to the number of seconds for which 2357NFS ACCESS 2358results should be cached. 2359A value of 2-10 seconds will substantially reduce network 2360traffic for many NFS operations. 2361.It Va nfs_server_enable 2362.Pq Vt bool 2363If set to 2364.Dq Li YES , 2365run the NFS server daemons at boot time. 2366.It Va nfs_server_flags 2367.Pq Vt str 2368If 2369.Va nfs_server_enable 2370is set to 2371.Dq Li YES , 2372these are the flags to pass to the 2373.Xr nfsd 8 2374daemon. 2375.It Va nfsv4_server_enable 2376.Pq Vt bool 2377If 2378.Va nfs_server_enable 2379is set to 2380.Dq Li YES 2381and 2382.Va nfsv4_server_enable 2383are set to 2384.Dq Li YES , 2385enable the server for NFSv4 as well as NFSv2 and NFSv3. 2386.It Va nfsuserd_enable 2387.Pq Vt bool 2388If 2389.Va nfsuserd_enable 2390is set to 2391.Dq Li YES , 2392run the nfsuserd daemon, which is needed for NFSv4 in order 2393to map between user/group names vs uid/gid numbers. 2394If 2395.Va nfsv4_server_enable 2396is set to 2397.Dq Li YES , 2398this will be forced enabled. 2399.It Va nfsuserd_flags 2400.Pq Vt str 2401If 2402.Va nfsuserd_enable 2403is set to 2404.Dq Li YES , 2405these are the flags to pass to the 2406.Xr nfsuserd 8 2407daemon. 2408.It Va nfscbd_enable 2409.Pq Vt bool 2410If 2411.Va nfscbd_enable 2412is set to 2413.Dq Li YES , 2414run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2415.It Va nfscbd_flags 2416.Pq Vt str 2417If 2418.Va nfscbd_enable 2419is set to 2420.Dq Li YES , 2421these are the flags to pass to the 2422.Xr nfscbd 8 2423daemon. 2424.It Va mountd_enable 2425.Pq Vt bool 2426If set to 2427.Dq Li YES , 2428and no 2429.Va nfs_server_enable 2430is set, start 2431.Xr mountd 8 , 2432but not 2433.Xr nfsd 8 2434daemon. 2435It is commonly needed to run CFS without real NFS used. 2436.It Va mountd_flags 2437.Pq Vt str 2438If 2439.Va mountd_enable 2440is set to 2441.Dq Li YES , 2442these are the flags to pass to the 2443.Xr mountd 8 2444daemon. 2445.It Va weak_mountd_authentication 2446.Pq Vt bool 2447If set to 2448.Dq Li YES , 2449allow services like PCNFSD to make non-privileged mount 2450requests. 2451.It Va nfs_reserved_port_only 2452.Pq Vt bool 2453If set to 2454.Dq Li YES , 2455provide NFS services only on a secure port. 2456.It Va nfs_bufpackets 2457.Pq Vt int 2458If set to a number, indicates the number of packets worth of 2459socket buffer space to reserve on an NFS client. 2460The kernel default is typically 4. 2461Using a higher number may be 2462useful on gigabit networks to improve performance. 2463The minimum value is 24642 and the maximum is 64. 2465.It Va rpc_lockd_enable 2466.Pq Vt bool 2467If set to 2468.Dq Li YES 2469and also an NFS server or client, run 2470.Xr rpc.lockd 8 2471at boot time. 2472.It Va rpc_lockd_flags 2473.Pq Vt str 2474If 2475.Va rpc_lockd_enable 2476is set to 2477.Dq Li YES , 2478these are the flags to pass to the 2479.Xr rpc.lockd 8 2480daemon. 2481.It Va rpc_statd_enable 2482.Pq Vt bool 2483If set to 2484.Dq Li YES 2485and also an NFS server or client, run 2486.Xr rpc.statd 8 2487at boot time. 2488.It Va rpc_statd_flags 2489.Pq Vt str 2490If 2491.Va rpc_statd_enable 2492is set to 2493.Dq Li YES , 2494these are the flags to pass to the 2495.Xr rpc.statd 8 2496daemon. 2497.It Va rpcbind_program 2498.Pq Vt str 2499Path to 2500.Xr rpcbind 8 2501(default 2502.Pa /usr/sbin/rpcbind ) . 2503.It Va rpcbind_enable 2504.Pq Vt bool 2505If set to 2506.Dq Li YES , 2507run the 2508.Xr rpcbind 8 2509service at boot time. 2510.It Va rpcbind_flags 2511.Pq Vt str 2512If 2513.Va rpcbind_enable 2514is set to 2515.Dq Li YES , 2516these are the flags to pass to the 2517.Xr rpcbind 8 2518daemon. 2519.It Va keyserv_enable 2520.Pq Vt bool 2521If set to 2522.Dq Li YES , 2523run the 2524.Xr keyserv 8 2525daemon on boot for running Secure RPC. 2526.It Va keyserv_flags 2527.Pq Vt str 2528If 2529.Va keyserv_enable 2530is set to 2531.Dq Li YES , 2532these are the flags to pass to 2533.Xr keyserv 8 2534daemon. 2535.It Va pppoed_enable 2536.Pq Vt bool 2537If set to 2538.Dq Li YES , 2539run the 2540.Xr pppoed 8 2541daemon at boot time to provide PPP over Ethernet services. 2542.It Va pppoed_ Ns Aq Ar provider 2543.Pq Vt str 2544.Xr pppoed 8 2545listens to requests to this 2546.Ar provider 2547and ultimately runs 2548.Xr ppp 8 2549with a 2550.Ar system 2551argument of the same name. 2552.It Va pppoed_flags 2553.Pq Vt str 2554Additional flags to pass to 2555.Xr pppoed 8 . 2556.It Va pppoed_interface 2557.Pq Vt str 2558The network interface to run 2559.Xr pppoed 8 2560on. 2561This is mandatory when 2562.Va pppoed_enable 2563is set to 2564.Dq Li YES . 2565.It Va timed_enable 2566.Pq Vt bool 2567If set to 2568.Dq Li YES , 2569run the 2570.Xr timed 8 2571service at boot time. 2572This command is intended for networks of 2573machines where a consistent 2574.Dq "network time" 2575for all hosts must be established. 2576This is often useful in large NFS 2577environments where time stamps on files are expected to be consistent 2578network-wide. 2579.It Va timed_flags 2580.Pq Vt str 2581If 2582.Va timed_enable 2583is set to 2584.Dq Li YES , 2585these are the flags to pass to the 2586.Xr timed 8 2587service. 2588.It Va ntpdate_enable 2589.Pq Vt bool 2590If set to 2591.Dq Li YES , 2592run 2593.Xr ntpdate 8 2594at system startup. 2595This command is intended to 2596synchronize the system clock only 2597.Em once 2598from some standard reference. 2599.Pp 2600Note that the use of the 2601.Va ntpd_sync_on_start 2602variable is a preferred alternative to the 2603.Xr ntpdate 8 2604utility as 2605.Xr ntpdate 8 2606is to be retired from the NTP distribution. 2607.It Va ntpdate_config 2608.Pq Vt str 2609Configuration file for 2610.Xr ntpdate 8 . 2611Default 2612.Pa /etc/ntp.conf . 2613.It Va ntpdate_hosts 2614.Pq Vt str 2615A whitespace-separated list of NTP servers to synchronize with at startup. 2616The default is to use the servers listed in 2617.Va ntpdate_config , 2618if that file exists. 2619.It Va ntpdate_program 2620.Pq Vt str 2621Path to 2622.Xr ntpdate 8 2623(default 2624.Pa /usr/sbin/ntpdate ) . 2625.It Va ntpdate_flags 2626.Pq Vt str 2627If 2628.Va ntpdate_enable 2629is set to 2630.Dq Li YES , 2631these are the flags to pass to the 2632.Xr ntpdate 8 2633command (typically a hostname). 2634.It Va ntpd_enable 2635.Pq Vt bool 2636If set to 2637.Dq Li YES , 2638run the 2639.Xr ntpd 8 2640command at boot time. 2641.It Va ntpd_program 2642.Pq Vt str 2643Path to 2644.Xr ntpd 8 2645(default 2646.Pa /usr/sbin/ntpd ) . 2647.It Va ntpd_config 2648.Pq Vt str 2649Path to 2650.Xr ntpd 8 2651configuration file. 2652Default 2653.Pa /etc/ntp.conf . 2654.It Va ntpd_flags 2655.Pq Vt str 2656If 2657.Va ntpd_enable 2658is set to 2659.Dq Li YES , 2660these are the flags to pass to the 2661.Xr ntpd 8 2662daemon. 2663.It Va ntpd_sync_on_start 2664.Pq Vt bool 2665If set to 2666.Dq Li YES , 2667.Xr ntpd 8 2668is run with the 2669.Fl g 2670flag, which syncs the system's clock on startup. 2671See 2672.Xr ntpd 8 2673for more information regarding the 2674.Fl g 2675option. 2676This is a preferred alternative to using 2677.Xr ntpdate 8 2678or specifying the 2679.Va ntpdate_enable 2680variable. 2681.It Va nis_client_enable 2682.Pq Vt bool 2683If set to 2684.Dq Li YES , 2685run the 2686.Xr ypbind 8 2687service at system boot time. 2688.It Va nis_client_flags 2689.Pq Vt str 2690If 2691.Va nis_client_enable 2692is set to 2693.Dq Li YES , 2694these are the flags to pass to the 2695.Xr ypbind 8 2696service. 2697.It Va nis_ypldap_enable 2698.Pq Vt bool 2699If set to 2700.Dq Li YES , 2701run the 2702.Xr ypldap 8 2703daemon at system boot time. 2704.It Va nis_ypldap_flags 2705.Pq Vt str 2706If 2707.Va nis.ypldap_enable 2708is set to 2709.Dq Li YES , 2710these are the flags to pass to the 2711.Xr ypldap 8 2712daemon. 2713.It Va nis_ypset_enable 2714.Pq Vt bool 2715If set to 2716.Dq Li YES , 2717run the 2718.Xr ypset 8 2719daemon at system boot time. 2720.It Va nis_ypset_flags 2721.Pq Vt str 2722If 2723.Va nis_ypset_enable 2724is set to 2725.Dq Li YES , 2726these are the flags to pass to the 2727.Xr ypset 8 2728daemon. 2729.It Va nis_server_enable 2730.Pq Vt bool 2731If set to 2732.Dq Li YES , 2733run the 2734.Xr ypserv 8 2735daemon at system boot time. 2736.It Va nis_server_flags 2737.Pq Vt str 2738If 2739.Va nis_server_enable 2740is set to 2741.Dq Li YES , 2742these are the flags to pass to the 2743.Xr ypserv 8 2744daemon. 2745.It Va nis_ypxfrd_enable 2746.Pq Vt bool 2747If set to 2748.Dq Li YES , 2749run the 2750.Xr rpc.ypxfrd 8 2751daemon at system boot time. 2752.It Va nis_ypxfrd_flags 2753.Pq Vt str 2754If 2755.Va nis_ypxfrd_enable 2756is set to 2757.Dq Li YES , 2758these are the flags to pass to the 2759.Xr rpc.ypxfrd 8 2760daemon. 2761.It Va nis_yppasswdd_enable 2762.Pq Vt bool 2763If set to 2764.Dq Li YES , 2765run the 2766.Xr rpc.yppasswdd 8 2767daemon at system boot time. 2768.It Va nis_yppasswdd_flags 2769.Pq Vt str 2770If 2771.Va nis_yppasswdd_enable 2772is set to 2773.Dq Li YES , 2774these are the flags to pass to the 2775.Xr rpc.yppasswdd 8 2776daemon. 2777.It Va rpc_ypupdated_enable 2778.Pq Vt bool 2779If set to 2780.Dq Li YES , 2781run the 2782.Nm rpc.ypupdated 2783daemon at system boot time. 2784.It Va bsnmpd_enable 2785.Pq Vt bool 2786If set to 2787.Dq Li YES , 2788run the 2789.Xr bsnmpd 1 2790daemon at system boot time. 2791Be sure to understand the security implications of running SNMP daemon 2792on your host. 2793.It Va bsnmpd_flags 2794.Pq Vt str 2795If 2796.Va bsnmpd_enable 2797is set to 2798.Dq Li YES , 2799these are the flags to pass to the 2800.Xr bsnmpd 1 2801daemon. 2802.It Va defaultrouter 2803.Pq Vt str 2804If not set to 2805.Dq Li NO , 2806create a default route to this host name or IP address 2807(use an IP address if this router is also required to get to the 2808name server!). 2809.It Va ipv6_defaultrouter 2810.Pq Vt str 2811The IPv6 equivalent of 2812.Va defaultrouter . 2813.It Va static_arp_pairs 2814.Pq Vt str 2815Set to the list of static ARP pairs that are to be added at system 2816boot time. 2817For each whitespace separated 2818.Ar element 2819in the value, a 2820.Va static_arp_ Ns Aq Ar element 2821variable is assumed to exist whose contents will later be passed to a 2822.Dq Nm arp Cm -S 2823operation. 2824For example 2825.Bd -literal 2826static_arp_pairs="gw" 2827static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2828.Ed 2829.It Va static_ndp_pairs 2830.Pq Vt str 2831Set to the list of static NDP pairs that are to be added at system 2832boot time. 2833For each whitespace separated 2834.Ar element 2835in the value, a 2836.Va static_ndp_ Ns Aq Ar element 2837variable is assumed to exist whose contents will later be passed to a 2838.Dq Nm ndp Cm -s 2839operation. 2840For example 2841.Bd -literal 2842static_ndp_pairs="gw" 2843static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2844.Ed 2845.It Va static_routes 2846.Pq Vt str 2847Set to the list of static routes that are to be added at system 2848boot time. 2849If not set to 2850.Dq Li NO 2851then for each whitespace separated 2852.Ar element 2853in the value, a 2854.Va route_ Ns Aq Ar element 2855variable is assumed to exist 2856whose contents will later be passed to a 2857.Dq Nm route Cm add 2858operation. 2859For example: 2860.Bd -literal 2861static_routes="ext mcast:gif0 gif0local:gif0" 2862route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2863route_mcast="-net 224.0.0.0/4 -iface gif0" 2864route_gif0local="-host 169.254.1.1 -iface lo0" 2865.Ed 2866.Pp 2867When an 2868.Ar element 2869is in the form of 2870.Li name:ifname , 2871the route is specific to the interface 2872.Li ifname . 2873.It Va ipv6_static_routes 2874.Pq Vt str 2875The IPv6 equivalent of 2876.Va static_routes . 2877If not set to 2878.Dq Li NO 2879then for each whitespace separated 2880.Ar element 2881in the value, a 2882.Va ipv6_route_ Ns Aq Ar element 2883variable is assumed to exist 2884whose contents will later be passed to a 2885.Dq Nm route Cm add Fl inet6 2886operation. 2887.It Va gateway_enable 2888.Pq Vt bool 2889If set to 2890.Dq Li YES , 2891configure host to act as an IP router, e.g.\& to forward packets 2892between interfaces. 2893.It Va ipv6_gateway_enable 2894.Pq Vt bool 2895The IPv6 equivalent of 2896.Va gateway_enable . 2897.It Va routed_enable 2898.Pq Vt bool 2899If set to 2900.Dq Li YES , 2901run a routing daemon of some sort, based on the 2902settings of 2903.Va routed_program 2904and 2905.Va routed_flags . 2906.It Va route6d_enable 2907.Pq Vt bool 2908The IPv6 equivalent of 2909.Va routed_enable . 2910If set to 2911.Dq Li YES , 2912run a routing daemon of some sort, based on the 2913settings of 2914.Va route6d_program 2915and 2916.Va route6d_flags . 2917.It Va routed_program 2918.Pq Vt str 2919If 2920.Va routed_enable 2921is set to 2922.Dq Li YES , 2923this is the name of the routing daemon to use. 2924.It Va route6d_program 2925.Pq Vt str 2926The IPv6 equivalent of 2927.Va routed_program . 2928.It Va routed_flags 2929.Pq Vt str 2930If 2931.Va routed_enable 2932is set to 2933.Dq Li YES , 2934these are the flags to pass to the routing daemon. 2935.It Va route6d_flags 2936.Pq Vt str 2937The IPv6 equivalent of 2938.Va routed_flags . 2939.It Va rtadvd_enable 2940.Pq Vt bool 2941If set to 2942.Dq Li YES , 2943run the 2944.Xr rtadvd 8 2945daemon at boot time. 2946The 2947.Xr rtadvd 8 2948utility sends ICMPv6 Router Advertisement messages to 2949the interfaces specified in 2950.Va rtadvd_interfaces . 2951This should only be enabled with great care. 2952You may want to fine-tune 2953.Xr rtadvd.conf 5 . 2954.It Va rtadvd_interfaces 2955.Pq Vt str 2956If 2957.Va rtadvd_enable 2958is set to 2959.Dq Li YES 2960this is the list of interfaces to use. 2961.It Va arpproxy_all 2962.Pq Vt bool 2963If set to 2964.Dq Li YES , 2965enable global proxy ARP. 2966.It Va forward_sourceroute 2967.Pq Vt bool 2968If set to 2969.Dq Li YES 2970and 2971.Va gateway_enable 2972is also set to 2973.Dq Li YES , 2974source-routed packets are forwarded. 2975.It Va accept_sourceroute 2976.Pq Vt bool 2977If set to 2978.Dq Li YES , 2979the system will accept source-routed packets directed at it. 2980.It Va rarpd_enable 2981.Pq Vt bool 2982If set to 2983.Dq Li YES , 2984run the 2985.Xr rarpd 8 2986daemon at system boot time. 2987.It Va rarpd_flags 2988.Pq Vt str 2989If 2990.Va rarpd_enable 2991is set to 2992.Dq Li YES , 2993these are the flags to pass to the 2994.Xr rarpd 8 2995daemon. 2996.It Va bootparamd_enable 2997.Pq Vt bool 2998If set to 2999.Dq Li YES , 3000run the 3001.Xr bootparamd 8 3002daemon at system boot time. 3003.It Va bootparamd_flags 3004.Pq Vt str 3005If 3006.Va bootparamd_enable 3007is set to 3008.Dq Li YES , 3009these are the flags to pass to the 3010.Xr bootparamd 8 3011daemon. 3012.It Va stf_interface_ipv4addr 3013.Pq Vt str 3014If not set to 3015.Dq Li NO , 3016this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3017interface). 3018Specify this entry to enable the 6to4 interface. 3019.It Va stf_interface_ipv4plen 3020.Pq Vt int 3021Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3022An effective value is 0-31. 3023.It Va stf_interface_ipv6_ifid 3024.Pq Vt str 3025IPv6 interface ID for 3026.Xr stf 4 . 3027This can be set to 3028.Dq Li AUTO . 3029.It Va stf_interface_ipv6_slaid 3030.Pq Vt str 3031IPv6 Site Level Aggregator for 3032.Xr stf 4 . 3033.It Va ipv6_ipv4mapping 3034.Pq Vt bool 3035If set to 3036.Dq Li YES 3037this enables IPv4 mapped IPv6 address communication (like 3038.Li ::ffff:a.b.c.d ) . 3039.It Va rtsold_enable 3040.Pq Vt bool 3041Set to 3042.Dq Li YES 3043to enable the 3044.Xr rtsold 8 3045daemon to send ICMPv6 Router Solicitation messages. 3046.It Va rtsold_flags 3047.Pq Vt str 3048If 3049.Va rtsold_enable 3050is set to 3051.Dq Li YES , 3052these are the flags to pass to 3053.Xr rtsold 8 . 3054.It Va rtsol_flags 3055.Pq Vt str 3056For interfaces configured with the 3057.Dq Li inet6 accept_rtadv 3058keyword, these are the flags to pass to 3059.Xr rtsol 8 . 3060.Pp 3061Note that 3062.Va rtsold_enable 3063is mutually exclusive to 3064.Va rtsol_flags ; 3065.Va rtsold_enable 3066takes precedence. 3067.It Va keybell 3068.Pq Vt str 3069The keyboard bell sound. 3070Set to 3071.Dq Li normal , 3072.Dq Li visual , 3073.Dq Li off , 3074or 3075.Dq Li NO 3076if the default behavior is desired. 3077For details, refer to the 3078.Xr kbdcontrol 1 3079manpage. 3080.It Va keyboard 3081.Pq Vt str 3082If set to a non-null string, the virtual console's keyboard input is 3083set to this device. 3084.It Va keymap 3085.Pq Vt str 3086If set to 3087.Dq Li NO , 3088no keymap is installed, otherwise the value is used to install 3089the keymap file found in 3090.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3091(if using 3092.Xr syscons 4 ) or 3093.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3094(if using 3095.Xr vt 4 ) . 3096.It Va keyrate 3097.Pq Vt str 3098The keyboard repeat speed. 3099Set to 3100.Dq Li slow , 3101.Dq Li normal , 3102.Dq Li fast , 3103or 3104.Dq Li NO 3105if the default behavior is desired. 3106.It Va keychange 3107.Pq Vt str 3108If not set to 3109.Dq Li NO , 3110attempt to program the function keys with the value. 3111The value should 3112be a single string of the form: 3113.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3114.It Va cursor 3115.Pq Vt str 3116Can be set to the value of 3117.Dq Li normal , 3118.Dq Li blink , 3119.Dq Li destructive , 3120or 3121.Dq Li NO 3122to set the cursor behavior explicitly or choose the default behavior. 3123.It Va scrnmap 3124.Pq Vt str 3125If set to 3126.Dq Li NO , 3127no screen map is installed, otherwise the value is used to install 3128the screen map file in 3129.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3130This parameter is ignored when using 3131.Xr vt 4 3132as the console driver. 3133.It Va font8x16 3134.Pq Vt str 3135If set to 3136.Dq Li NO , 3137the default 8x16 font value is used for screen size requests, otherwise 3138the value in 3139.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3140or 3141.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3142is used (depending on the console driver being used). 3143.It Va font8x14 3144.Pq Vt str 3145If set to 3146.Dq Li NO , 3147the default 8x14 font value is used for screen size requests, otherwise 3148the value in 3149.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3150or 3151.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3152is used (depending on the console driver being used). 3153.It Va font8x8 3154.Pq Vt str 3155If set to 3156.Dq Li NO , 3157the default 8x8 font value is used for screen size requests, otherwise 3158the value in 3159.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3160or 3161.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3162is used (depending on the console driver being used). 3163.It Va blanktime 3164.Pq Vt int 3165If set to 3166.Dq Li NO , 3167the default screen blanking interval is used, otherwise it is set 3168to 3169.Ar value 3170seconds. 3171.It Va saver 3172.Pq Vt str 3173If not set to 3174.Dq Li NO , 3175this is the actual screen saver to use 3176.Li ( blank , snake , daemon , 3177etc). 3178.It Va moused_nondefault_enable 3179.Pq Vt str 3180If set to 3181.Dq Li NO , 3182the mouse device specified on 3183the command line is not automatically treated as enabled by the 3184.Pa /etc/rc.d/moused 3185script. 3186Having this variable set to 3187.Dq Li YES 3188allows a 3189.Xr usb 4 3190mouse, 3191for example, 3192to be enabled as soon as it is plugged in. 3193.It Va moused_enable 3194.Pq Vt str 3195If set to 3196.Dq Li YES , 3197the 3198.Xr moused 8 3199daemon is started for doing cut/paste selection on the console. 3200.It Va moused_type 3201.Pq Vt str 3202This is the protocol type of the mouse connected to this host. 3203This variable must be set if 3204.Va moused_enable 3205is set to 3206.Dq Li YES . 3207The 3208.Xr moused 8 3209daemon 3210is able to detect the appropriate mouse type automatically in many cases. 3211Set this variable to 3212.Dq Li auto 3213to let the daemon detect it, or 3214select one from the following list if the automatic detection fails. 3215.Pp 3216If the mouse is attached to the PS/2 mouse port, choose 3217.Dq Li auto 3218or 3219.Dq Li ps/2 , 3220regardless of the brand and model of the mouse. 3221Likewise, if the 3222mouse is attached to the bus mouse port, choose 3223.Dq Li auto 3224or 3225.Dq Li busmouse . 3226All other protocols are for serial mice and will not work with 3227the PS/2 and bus mice. 3228If this is a USB mouse, 3229.Dq Li auto 3230is the only protocol type which will work. 3231.Pp 3232.Bl -tag -width ".Li x10mouseremote" -compact 3233.It Li microsoft 3234Microsoft mouse (serial) 3235.It Li intellimouse 3236Microsoft IntelliMouse (serial) 3237.It Li mousesystems 3238Mouse systems Corp.\& mouse (serial) 3239.It Li mmseries 3240MM Series mouse (serial) 3241.It Li logitech 3242Logitech mouse (serial) 3243.It Li busmouse 3244A bus mouse 3245.It Li mouseman 3246Logitech MouseMan and TrackMan (serial) 3247.It Li glidepoint 3248ALPS GlidePoint (serial) 3249.It Li thinkingmouse 3250Kensington ThinkingMouse (serial) 3251.It Li ps/2 3252PS/2 mouse 3253.It Li mmhittab 3254MM HitTablet (serial) 3255.It Li x10mouseremote 3256X10 MouseRemote (serial) 3257.It Li versapad 3258Interlink VersaPad (serial) 3259.El 3260.Pp 3261Even if the mouse is not in the above list, it may be compatible 3262with one in the list. 3263Refer to the manual page for 3264.Xr moused 8 3265for compatibility information. 3266.Pp 3267It should also be noted that while this is enabled, any 3268other client of the mouse (such as an X server) should access 3269the mouse through the virtual mouse device, 3270.Pa /dev/sysmouse , 3271and configure it as a 3272.Dq Li sysmouse 3273type mouse, since all 3274mouse data is converted to this single canonical format when 3275using 3276.Xr moused 8 . 3277If the client program does not support the 3278.Dq Li sysmouse 3279type, 3280specify the 3281.Dq Li mousesystems 3282type. 3283It is the second preferred type. 3284.It Va moused_port 3285.Pq Vt str 3286If 3287.Va moused_enable 3288is set to 3289.Dq Li YES , 3290this is the actual port the mouse is on. 3291It might be 3292.Pa /dev/cuau0 3293for a COM1 serial mouse, or 3294.Pa /dev/psm0 3295for a PS/2 mouse, for example. 3296.It Va moused_flags 3297.Pq Vt str 3298If 3299.Va moused_flags 3300is set, its value is used as an additional set of flags to pass to the 3301.Xr moused 8 3302daemon. 3303.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3304When 3305.Va moused_nondefault_enable 3306is enabled, and a 3307.Xr moused 8 3308daemon is started for a non-default port, the 3309.Va "moused_" Ns Ar XXX Ns Va "_flags" 3310set of options has precedence over and replaces the default 3311.Va moused_flags 3312(where 3313.Ar XXX 3314is the name of the non-default port, i.e.,\& 3315.Ar ums0 ) . 3316By setting 3317.Va "moused_" Ns Ar XXX Ns Va "_flags" 3318it is possible to set up a different set of default flags for each 3319.Xr moused 8 3320instance. 3321For example, you can use 3322.Dq Li "-3" 3323for the default 3324.Va moused_flags 3325to make your laptop's touchpad more comfortable to use, 3326but an empty set of options for 3327.Va moused_ums0_flags 3328when your 3329.Xr usb 4 3330mouse has three or more buttons. 3331.It Va mousechar_start 3332.Pq Vt int 3333If set to 3334.Dq Li NO , 3335the default mouse cursor character range 3336.Li 0xd0 Ns - Ns Li 0xd3 3337is used, 3338otherwise the range start is set 3339to 3340.Ar value 3341character, see 3342.Xr vidcontrol 1 . 3343Use if the default range is occupied in the language code table. 3344.It Va allscreens_flags 3345.Pq Vt str 3346If set, 3347.Xr vidcontrol 1 3348is run with these options for each of the virtual terminals 3349.Pq Pa /dev/ttyv* . 3350For example, 3351.Dq Fl m Cm on 3352will enable the mouse pointer on all virtual terminals 3353if 3354.Va moused_enable 3355is set to 3356.Dq Li YES . 3357.It Va allscreens_kbdflags 3358.Pq Vt str 3359If set, 3360.Xr kbdcontrol 1 3361is run with these options for each of the virtual terminals 3362.Pq Pa /dev/ttyv* . 3363For example, 3364.Dq Fl h Li 200 3365will set the 3366.Xr syscons 4 3367or 3368.Xr vt 4 3369scrollback (history) buffer to 200 lines. 3370.It Va cron_enable 3371.Pq Vt bool 3372If set to 3373.Dq Li YES , 3374run the 3375.Xr cron 8 3376daemon at system boot time. 3377.It Va cron_program 3378.Pq Vt str 3379Path to 3380.Xr cron 8 3381(default 3382.Pa /usr/sbin/cron ) . 3383.It Va cron_flags 3384.Pq Vt str 3385If 3386.Va cron_enable 3387is set to 3388.Dq Li YES , 3389these are the flags to pass to 3390.Xr cron 8 . 3391.It Va cron_dst 3392.Pq Vt bool 3393If set to 3394.Dq Li YES , 3395enable the special handling of transitions to and from the 3396Daylight Saving Time in 3397.Xr cron 8 3398(equivalent to using the flag 3399.Fl s ) . 3400.It Va lpd_program 3401.Pq Vt str 3402Path to 3403.Xr lpd 8 3404(default 3405.Pa /usr/sbin/lpd ) . 3406.It Va lpd_enable 3407.Pq Vt bool 3408If set to 3409.Dq Li YES , 3410run the 3411.Xr lpd 8 3412daemon at system boot time. 3413.It Va lpd_flags 3414.Pq Vt str 3415If 3416.Va lpd_enable 3417is set to 3418.Dq Li YES , 3419these are the flags to pass to the 3420.Xr lpd 8 3421daemon. 3422.It Va chkprintcap_enable 3423.Pq Vt bool 3424If set to 3425.Dq Li YES , 3426run the 3427.Xr chkprintcap 8 3428command before starting the 3429.Xr lpd 8 3430daemon. 3431.It Va chkprintcap_flags 3432.Pq Vt str 3433If 3434.Va lpd_enable 3435and 3436.Va chkprintcap_enable 3437are set to 3438.Dq Li YES , 3439these are the flags to pass to the 3440.Xr chkprintcap 8 3441program. 3442The default is 3443.Dq Li -d , 3444which causes missing directories to be created. 3445.It Va mta_start_script 3446.Pq Vt str 3447This variable specifies the full path to the script to run to start 3448a mail transfer agent. 3449The default is 3450.Pa /etc/rc.sendmail . 3451The 3452.Va sendmail_* 3453variables which 3454.Pa /etc/rc.sendmail 3455uses are documented in the 3456.Xr rc.sendmail 8 3457manual page. 3458.It Va dumpdev 3459.Pq Vt str 3460Indicates the device (usually a swap partition) to which a crash dump 3461should be written in the event of a system crash. 3462If the value of this variable is 3463.Dq Li AUTO , 3464the first suitable swap device listed in 3465.Pa /etc/fstab 3466will be used as dump device. 3467Otherwise, the value of this variable is passed as the argument to 3468.Xr dumpon 8 . 3469To disable crash dumps, set this variable to 3470.Dq Li NO . 3471.It Va dumpon_flags 3472.Pq Vt str 3473Flags to pass to 3474.Xr dumpon 8 3475when configuring 3476.Va dumpdev 3477as the system dump device. 3478.It Va dumpdir 3479.Pq Vt str 3480When the system reboots after a crash and a crash dump is found on the 3481device specified by the 3482.Va dumpdev 3483variable, 3484.Xr savecore 8 3485will save that crash dump and a copy of the kernel to the directory 3486specified by the 3487.Va dumpdir 3488variable. 3489The default value is 3490.Pa /var/crash . 3491Set to 3492.Dq Li NO 3493to not run 3494.Xr savecore 8 3495at boot time when 3496.Va dumpdir 3497is set. 3498.It Va savecore_enable 3499.Pq Vt bool 3500If set to 3501.Dq Li NO , 3502disable automatic extraction of the crash dump from the 3503.Va dumpdev . 3504.It Va savecore_flags 3505.Pq Vt str 3506If crash dumps are enabled, these are the flags to pass to the 3507.Xr savecore 8 3508utility. 3509.It Va quota_enable 3510.Pq Vt bool 3511Set to 3512.Dq Li YES 3513to turn on user and group disk quotas on system startup via the 3514.Xr quotaon 8 3515command for all file systems marked as having quotas enabled in 3516.Pa /etc/fstab . 3517The kernel must be built with 3518.Cd "options QUOTA" 3519for disk quotas to function. 3520.It Va check_quotas 3521.Pq Vt bool 3522Set to 3523.Dq Li YES 3524to enable user and group disk quota checking via the 3525.Xr quotacheck 8 3526command. 3527.It Va quotacheck_flags 3528.Pq Vt str 3529If 3530.Va quota_enable 3531is set to 3532.Dq Li YES , 3533and 3534.Va check_quotas 3535is set to 3536.Dq Li YES , 3537these are the flags to pass to the 3538.Xr quotacheck 8 3539utility. 3540The default is 3541.Dq Li "-a" , 3542which checks quotas for all file systems with quotas enabled in 3543.Pa /etc/fstab . 3544.It Va quotaon_flags 3545.Pq Vt str 3546If 3547.Va quota_enable 3548is set to 3549.Dq Li YES , 3550these are the flags to pass to the 3551.Xr quotaon 8 3552utility. 3553The default is 3554.Dq Li "-a" , 3555which enables quotas for all file systems with quotas enabled in 3556.Pa /etc/fstab . 3557.It Va quotaoff_flags 3558.Pq Vt str 3559If 3560.Va quota_enable 3561is set to 3562.Dq Li YES , 3563these are the flags to pass to the 3564.Xr quotaoff 8 3565utility when shutting down the quota system. 3566The default is 3567.Dq Li "-a" , 3568which disables quotas for all file systems with quotas enabled in 3569.Pa /etc/fstab . 3570.It Va accounting_enable 3571.Pq Vt bool 3572Set to 3573.Dq Li YES 3574to enable system accounting through the 3575.Xr accton 8 3576facility. 3577.It Va firstboot_sentinel 3578.Pq Vt str 3579This variable specifies the full path to a 3580.Dq first boot 3581sentinel file. 3582If a file exists with this path, 3583.Pa rc.d 3584scripts with the 3585.Dq firstboot 3586keyword will be run on startup and the sentinel file will be deleted 3587after the boot process completes. 3588The sentinel file must be located on a writable file system which is 3589mounted no later than 3590.Va early_late_divider 3591to function properly. 3592The default is 3593.Pa /firstboot . 3594.It Va linux_enable 3595.Pq Vt bool 3596Set to 3597.Dq Li YES 3598to enable Linux/ELF binary emulation at system initial 3599boot time. 3600.It Va sysvipc_enable 3601.Pq Vt bool 3602If set to 3603.Dq Li YES , 3604load System V IPC primitives at boot time. 3605.It Va clear_tmp_enable 3606.Pq Vt bool 3607Set to 3608.Dq Li YES 3609to have 3610.Pa /tmp 3611cleaned at startup. 3612.It Va clear_tmp_X 3613.Pq Vt bool 3614Set to 3615.Dq Li NO 3616to disable removing of X11 lock files, 3617and the removal and (secure) recreation 3618of the various socket directories for X11 3619related programs. 3620.It Va ldconfig_paths 3621.Pq Vt str 3622Set to the list of shared library paths to use with 3623.Xr ldconfig 8 . 3624NOTE: 3625.Pa /usr/lib 3626will always be added first, so it need not appear in this list. 3627.It Va ldconfig32_paths 3628.Pq Vt str 3629Set to the list of 32-bit compatibility shared library paths to 3630use with 3631.Xr ldconfig 8 . 3632.It Va ldconfig_paths_aout 3633.Pq Vt str 3634Set to the list of shared library paths to use with 3635.Xr ldconfig 8 3636legacy 3637.Xr a.out 5 3638support. 3639.It Va ldconfig_insecure 3640.Pq Vt bool 3641The 3642.Xr ldconfig 8 3643utility normally refuses to use directories 3644which are writable by anyone except root. 3645Set this variable to 3646.Dq Li YES 3647to disable that security check during system startup. 3648.It Va ldconfig_local_dirs 3649.Pq Vt str 3650Set to the list of local 3651.Xr ldconfig 8 3652directories. 3653The names of all files in the directories listed will be 3654passed as arguments to 3655.Xr ldconfig 8 . 3656.It Va ldconfig_local32_dirs 3657.Pq Vt str 3658Set to the list of local 32-bit compatibility 3659.Xr ldconfig 8 3660directories. 3661The names of all files in the directories listed will be 3662passed as arguments to 3663.Dq Nm ldconfig Fl 32 . 3664.It Va kern_securelevel_enable 3665.Pq Vt bool 3666Set to 3667.Dq Li YES 3668to set the kernel security level at system startup. 3669.It Va kern_securelevel 3670.Pq Vt int 3671The kernel security level to set at startup. 3672The allowed range of 3673.Ar value 3674ranges from \-1 (the compile time default) to 3 (the 3675most secure). 3676See 3677.Xr security 7 3678for the list of possible security levels and their effect 3679on system operation. 3680.It Va sshd_program 3681.Pq Vt str 3682Path to the SSH server program 3683.Pa ( /usr/sbin/sshd 3684is the default). 3685.It Va sshd_enable 3686.Pq Vt bool 3687Set to 3688.Dq Li YES 3689to start 3690.Xr sshd 8 3691at system boot time. 3692.It Va sshd_flags 3693.Pq Vt str 3694If 3695.Va sshd_enable 3696is set to 3697.Dq Li YES , 3698these are the flags to pass to the 3699.Xr sshd 8 3700daemon. 3701.It Va ftpd_program 3702.Pq Vt str 3703Path to the FTP server program 3704.Pa ( /usr/libexec/ftpd 3705is the default). 3706.It Va ftpd_enable 3707.Pq Vt bool 3708Set to 3709.Dq Li YES 3710to start 3711.Xr ftpd 8 3712as a stand-alone daemon at system boot time. 3713.It Va ftpd_flags 3714.Pq Vt str 3715If 3716.Va ftpd_enable 3717is set to 3718.Dq Li YES , 3719these are the additional flags to pass to the 3720.Xr ftpd 8 3721daemon. 3722.It Va watchdogd_enable 3723.Pq Vt bool 3724If set to 3725.Dq Li YES , 3726start the 3727.Xr watchdogd 8 3728daemon at boot time. 3729This requires that the kernel have been compiled with a 3730.Xr watchdog 4 3731compatible device. 3732.It Va watchdogd_flags 3733.Pq Vt str 3734If 3735.Va watchdogd_enable 3736is set to 3737.Dq Li YES , 3738these are the flags passed to the 3739.Xr watchdogd 8 3740daemon. 3741.It Va watchdogd_timeout 3742.Pq Vt int 3743If 3744.Va watchdogd_enable 3745is set to 3746.Dq Li YES , 3747this is a timeout that will be used by the 3748.Xr watchdogd 8 3749daemon. 3750If this option is set, it overrides 3751.Fl t 3752in 3753.Va watchdogd_flags . 3754.It Va watchdogd_shutdown_timeout 3755.Pq Vt int 3756If 3757.Va watchdogd_enable 3758is set to 3759.Dq Li YES , 3760this is a timeout that will be set by the 3761.Xr watchdogd 8 3762daemon when it exits during the system shutdown. 3763This timeout will not be set when returning to the single-user mode 3764or when the watchdogd service is stopped individually using the 3765.Xr service 8 3766command or the rc.d script. 3767Note that the timeout will be applied if 3768.Xr watchdogd 8 3769is stopped outside of 3770.Xr rc 8 3771framework. 3772If this option is set, it overrides 3773.Fl x 3774in 3775.Va watchdogd_flags . 3776.It Va devfs_rulesets 3777.Pq Vt str 3778List of files containing sets of rules for 3779.Xr devfs 8 . 3780.It Va devfs_system_ruleset 3781.Pq Vt str 3782Rule name(s) to apply to the system 3783.Pa /dev 3784itself. 3785.It Va devfs_set_rulesets 3786.Pq Vt str 3787Pairs of already-mounted 3788.Pa dev 3789directories and rulesets that should be applied to them. 3790For example: /mount/dev=ruleset_name 3791.It Va devfs_load_rulesets 3792.Pq Vt bool 3793If set, always load the default rulesets listed in 3794.Va devfs_rulesets . 3795.It Va performance_cx_lowest 3796.Pq Vt str 3797CPU idle state to use while on AC power. 3798The string 3799.Dq Li LOW 3800indicates that 3801.Xr acpi 4 3802should use the lowest power state available while 3803.Dq Li HIGH 3804indicates that the lowest latency state (less power savings) should be used. 3805.It Va performance_cpu_freq 3806.Pq Vt str 3807CPU clock frequency to use while on AC power. 3808The string 3809.Dq Li LOW 3810indicates that 3811.Xr cpufreq 4 3812should use the lowest frequency available while 3813.Dq Li HIGH 3814indicates that the highest frequency (less power savings) should be used. 3815.It Va economy_cx_lowest 3816.Pq Vt str 3817CPU idle state to use when off AC power. 3818The string 3819.Dq Li LOW 3820indicates that 3821.Xr acpi 4 3822should use the lowest power state available while 3823.Dq Li HIGH 3824indicates that the lowest latency state (less power savings) should be used. 3825.It Va economy_cpu_freq 3826.Pq Vt str 3827CPU clock frequency to use when off AC power. 3828The string 3829.Dq Li LOW 3830indicates that 3831.Xr cpufreq 4 3832should use the lowest frequency available while 3833.Dq Li HIGH 3834indicates that the highest frequency (less power savings) should be used. 3835.It Va jail_enable 3836.Pq Vt bool 3837If set to 3838.Dq Li NO , 3839any configured jails will not be started. 3840.It Va jail_conf 3841.Pq Vt str 3842The configuration filename used by 3843.Xr jail 8 3844utility. 3845The default value is 3846.Pa /etc/jail.conf . 3847.It Va jail_parallel_start 3848.Pq Vt bool 3849If set to 3850.Dq Li YES , 3851all configured jails will be started in the background (in parallel). 3852.It Va jail_flags 3853.Pq Vt str 3854Unset by default. 3855When set, use as default value for 3856.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3857for every jail in 3858.Va jail_list . 3859.It Va jail_list 3860.Pq Vt str 3861A space-delimited list of jail names. 3862When left empty, all of the 3863.Xr jail 8 3864instances defined in the configuration file are started. 3865The names specified in this list control the jail startup order. 3866.Xr jail 8 3867instances missing from 3868.Va jail_list 3869must be started manually. 3870Note that a jail's 3871.Va depend 3872parameter in the configuration file may override this list. 3873.It Va jail_reverse_stop 3874.Pq Vt bool 3875When set to 3876.Dq Li YES , 3877all configured jails in 3878.Va jail_list 3879are stopped in reverse order. 3880.It Va jail_* variables 3881Note that older releases supported per-jail configuration via 3882.Nm 3883variables. 3884For example, 3885hostname of a jail named 3886.Li vjail 3887was able to be set by 3888.Li jail_vjail_hostname . 3889These per-jail configuration variables are now obsolete in favor of 3890.Xr jail 8 3891configuration file. 3892For backward compatibility, 3893when per-jail configuration variables are defined, 3894.Xr jail 8 3895configuration files are created as 3896.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3897and used. 3898.Pp 3899The following per-jail parameters are handled by 3900.Pa rc.d/jail 3901script out of their corresponding 3902.Nm 3903variables. 3904In addition to them, parameters in 3905.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3906will be added to the configuration file. 3907They must be a semi-colon 3908.Pq Ql \&; 3909delimited list of 3910.Dq key=value . 3911For more details, 3912see 3913.Xr jail 8 3914manual page. 3915.Bl -tag -width "host.hostname" -offset indent 3916.It Li path 3917set from 3918.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3919.It Li host.hostname 3920set from 3921.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3922.It Li exec.consolelog 3923set from 3924.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3925The default value is 3926.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3927.It Li interface 3928set from 3929.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3930.It Li vnet.interface 3931set from 3932.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3933This implies 3934.Li vnet 3935parameter will be enabled and cannot be specified with 3936.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3938and/or 3939.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3940at the same time. 3941.It Li fstab 3942set from 3943.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3944.It Li mount 3945set from 3946.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3947.It Li exec.fib 3948set from 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3950.It Li exec.start 3951set from 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3953The parameter name was 3954.Li command 3955in some older releases. 3956.It Li exec.prestart 3957set from 3958.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3959.It Li exec.poststart 3960set from 3961.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3962.It Li exec.stop 3963set from 3964.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3965.It Li exec.prestop 3966set from 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3968.It Li exec.poststop 3969set from 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3971.It Li ip4.addr 3972set if 3973.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3974or 3975.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3976contain IPv4 addresses 3977.It Li ip6.addr 3978set if 3979.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3980or 3981.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3982contain IPv6 addresses 3983.It Li allow.mount 3984set from 3985.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3986.It Li mount.devfs 3987set from 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3989.It Li devfs_ruleset 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3992This must be an integer, 3993not a string. 3994.It Li mount.fdescfs 3995set from 3996.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3997.It Li allow.set_hostname 3998set from 3999.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4000.It Li allow.rawsocket 4001set from 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4003.It Li allow.sysvipc 4004set from 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4006.El 4007.\" ----------------------------------------------------- 4008.It Va harvest_mask 4009.Pq Vt int 4010Set to a bit-mask 4011representing the entropy sources 4012you wish to harvest. 4013Refer to 4014.Xr random 4 4015for more information. 4016.It Va entropy_dir 4017.Pq Vt str 4018Set to 4019.Dq Li NO 4020to disable caching entropy via 4021.Xr cron 8 . 4022Otherwise set to the directory 4023in which the entropy files are stored. 4024To be useful, 4025there must be 4026a system cron job 4027that regularly writes and rotates 4028files here. 4029All files found 4030will be used at boot time. 4031The default is 4032.Pa /var/db/entropy . 4033.It Va entropy_file 4034.Pq Vt str 4035Set to 4036.Dq Li NO 4037to disable caching entropy through reboots. 4038Otherwise set to the name 4039of a file used to store cached entropy. 4040This file should be located 4041on a file system that is readable 4042before all the volumes specified in 4043.Xr fstab 5 4044are mounted. 4045By default, 4046.Pa /entropy 4047is used, 4048but if 4049.Pa /var/db/entropy-file 4050is found it will also be used. 4051This will be of some use to 4052.Xr bsdinstall 8 . 4053.It Va entropy_boot_file 4054.Pq Vt str 4055Set to 4056.Dq Li NO 4057to disable 4058very early caching entropy 4059through reboots. 4060Otherwise set to the filename 4061used to read 4062very early reboot cached entropy. 4063This file should be located where 4064.Xr loader 8 4065can read it. 4066See also 4067.Xr loader.conf 5 . 4068The default location is 4069.Pa /boot/entropy . 4070.It Va entropy_save_sz 4071.Pq Vt int 4072Size of the entropy cache files saved by 4073.Nm save-entropy 4074periodically. 4075.It Va entropy_save_num 4076.Pq Vt int 4077Number of entropy cache files to save by 4078.Nm save-entropy 4079periodically. 4080.It Va ipsec_enable 4081.Pq Vt bool 4082Set to 4083.Dq Li YES 4084to run 4085.Xr setkey 8 4086on 4087.Va ipsec_file 4088at boot time. 4089.It Va ipsec_file 4090.Pq Vt str 4091Configuration file for 4092.Xr setkey 8 . 4093.It Va dmesg_enable 4094.Pq Vt bool 4095Set to 4096.Dq Li YES 4097to save 4098.Xr dmesg 8 4099to 4100.Pa /var/run/dmesg.boot 4101on boot. 4102.It Va rcshutdown_timeout 4103.Pq Vt int 4104If set, start a watchdog timer in the background which will terminate 4105.Pa rc.shutdown 4106if 4107.Xr shutdown 8 4108has not completed within the specified time (in seconds). 4109Notice that in addition to this soft timeout, 4110.Xr init 8 4111also applies a hard timeout for the execution of 4112.Pa rc.shutdown . 4113This is configured via 4114.Xr sysctl 8 4115variable 4116.Va kern.init_shutdown_timeout 4117and defaults to 120 seconds. 4118Setting the value of 4119.Va rcshutdown_timeout 4120to more than 120 seconds will have no effect until the 4121.Xr sysctl 8 4122variable 4123.Va kern.init_shutdown_timeout 4124is also increased. 4125.It Va virecover_enable 4126.Pq Vt bool 4127Set to 4128.Dq Li NO 4129to prevent the system from trying to 4130recover pre-maturely terminated 4131.Xr vi 1 4132sessions. 4133.It Va ugidfw_enable 4134.Pq Vt bool 4135Set to 4136.Dq Li YES 4137to load the 4138.Xr mac_bsdextended 4 4139module upon system initialization and load a default 4140ruleset file. 4141.It Va bsdextended_script 4142.Pq Vt str 4143The default 4144.Xr mac_bsdextended 4 4145ruleset file to load. 4146The default value of this variable is 4147.Pa /etc/rc.bsdextended . 4148.It Va newsyslog_enable 4149.Pq Vt bool 4150If set to 4151.Dq Li YES , 4152run 4153.Xr newsyslog 8 4154command at startup. 4155.It Va newsyslog_flags 4156.Pq Vt str 4157If 4158.Va newsyslog_enable 4159is set to 4160.Dq Li YES , 4161these are the flags to pass to the 4162.Xr newsyslog 8 4163program. 4164The default is 4165.Dq Li -CN , 4166which causes log files flagged with a 4167.Cm C 4168to be created. 4169.It Va mdconfig_md Ns Aq Ar X 4170.Pq Vt str 4171Arguments to 4172.Xr mdconfig 8 4173for 4174.Xr md 4 4175device 4176.Ar X . 4177At minimum a 4178.Fl t Ar type 4179must be specified and either a 4180.Fl s Ar size 4181for malloc or swap backed 4182.Xr md 4 4183devices or a 4184.Fl f Ar file 4185for vnode backed 4186.Xr md 4 4187devices. 4188Note that 4189.Va mdconfig_md Ns Aq Ar X 4190variables are evaluated until one variable is unset or null. 4191.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4192.Pq Vt str 4193Optional arguments passed to 4194.Xr newfs 8 4195to initialize 4196.Xr md 4 4197device 4198.Ar X . 4199.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4200.Pq Vt str 4201An ownership specification passed to 4202.Xr chown 8 4203after the specified 4204.Xr md 4 4205device 4206.Ar X 4207has been mounted. 4208Both the 4209.Xr md 4 4210device and the mount point will be changed. 4211.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4212.Pq Vt str 4213A mode string passed to 4214.Xr chmod 1 4215after the specified 4216.Xr md 4 4217device 4218.Ar X 4219has been mounted. 4220Both the 4221.Xr md 4 4222device and the mount point will be changed. 4223.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4224.Pq Vt str 4225Files to be copied to the mount point of the 4226.Xr md 4 4227device 4228.Ar X 4229after it has been mounted. 4230.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4231.Pq Vt str 4232Command to execute after the specified 4233.Xr md 4 4234device 4235.Ar X 4236has been mounted. 4237Note that the command is passed to 4238.Ic eval 4239and that both 4240.Va _dev 4241and 4242.Va _mp 4243variables can be used to reference respectively the 4244.Xr md 4 4245device and the mount point. 4246Assuming that the 4247.Xr md 4 4248device is 4249.Li md0 , 4250one could set the following: 4251.Bd -literal 4252mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4253.Ed 4254.It Va autobridge_interfaces 4255.Pq Vt str 4256Set to the list of bridge interfaces that will have newly arriving interfaces 4257checked against to be automatically added. 4258If not set to 4259.Dq Li NO 4260then for each whitespace separated 4261.Ar element 4262in the value, a 4263.Va autobridge_ Ns Aq Ar element 4264variable is assumed to exist which has a whitespace separated list of interface 4265names to match, these names can use wildcards. 4266For example: 4267.Bd -literal 4268autobridge_interfaces="bridge0" 4269autobridge_bridge0="tap* dc0 vlan[345]" 4270.Ed 4271.It Va mixer_enable 4272.Pq Vt bool 4273If set to 4274.Dq Li YES , 4275enable support for sound mixer. 4276.It Va hcsecd_enable 4277.Pq Vt bool 4278If set to 4279.Dq Li YES , 4280enable Bluetooth security daemon. 4281.It Va hcsecd_config 4282.Pq Vt str 4283Configuration file for 4284.Xr hcsecd 8 . 4285Default 4286.Pa /etc/bluetooth/hcsecd.conf . 4287.It Va sdpd_enable 4288.Pq Vt bool 4289If set to 4290.Dq Li YES , 4291enable Bluetooth Service Discovery Protocol daemon. 4292.It Va sdpd_control 4293.Pq Vt str 4294Path to 4295.Xr sdpd 8 4296control socket. 4297Default 4298.Pa /var/run/sdp . 4299.It Va sdpd_groupname 4300.Pq Vt str 4301Sets 4302.Xr sdpd 8 4303group to run as after it initializes. 4304Default 4305.Dq Li nobody . 4306.It Va sdpd_username 4307.Pq Vt str 4308Sets 4309.Xr sdpd 8 4310user to run as after it initializes. 4311Default 4312.Dq Li nobody . 4313.It Va bthidd_enable 4314.Pq Vt bool 4315If set to 4316.Dq Li YES , 4317enable Bluetooth Human Interface Device daemon. 4318.It Va bthidd_config 4319.Pq Vt str 4320Configuration file for 4321.Xr bthidd 8 . 4322Default 4323.Pa /etc/bluetooth/bthidd.conf . 4324.It Va bthidd_hids 4325.Pq Vt str 4326Path to a file, where 4327.Xr bthidd 8 4328will store information about known HID devices. 4329Default 4330.Pa /var/db/bthidd.hids . 4331.It Va rfcomm_pppd_server_enable 4332.Pq Vt bool 4333If set to 4334.Dq Li YES , 4335enable Bluetooth RFCOMM PPP wrapper daemon. 4336.It Va rfcomm_pppd_server_profile 4337.Pq Vt str 4338The name of the profile to use from 4339.Pa /etc/ppp/ppp.conf . 4340Multiple profiles can be specified here. 4341Also used to specify per-profile overrides. 4342When the profile name contains any of the characters 4343.Dq Li .-/+ 4344they are translated to 4345.Dq Li _ 4346for the proposes of the override variable names. 4347.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4348.Pq Vt str 4349Overrides local address to listen on. 4350By default 4351.Xr rfcomm_pppd 8 4352will listen on 4353.Dq Li ANY 4354address. 4355The address can be specified as BD_ADDR or name. 4356.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4357.Pq Vt str 4358Overrides local RFCOMM channel to listen on. 4359By default 4360.Xr rfcomm_pppd 8 4361will listen on RFCOMM channel 1. 4362Must set properly if multiple profiles used in the same time. 4363.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4364.Pq Vt bool 4365Tells 4366.Xr rfcomm_pppd 8 4367if it should register Serial Port service on the specified RFCOMM channel. 4368Default 4369.Dq Li NO . 4370.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4371.Pq Vt bool 4372Tells 4373.Xr rfcomm_pppd 8 4374if it should register Dial-Up Networking service on the specified 4375RFCOMM channel. 4376Default 4377.Dq Li NO . 4378.It Va ubthidhci_enable 4379.Pq Vt bool 4380If set to 4381.Dq Li YES , 4382change the USB Bluetooth controller from HID mode to HCI mode. 4383You also need to specify the location of USB Bluetooth controller with the 4384.Va ubthidhci_busnum 4385and 4386.Va ubthidhci_addr 4387variables. 4388.It Va ubthidhci_busnum 4389Bus number where the USB Bluetooth controller is located. 4390Check the output of 4391.Xr usbconfig 8 4392on your system to find this information. 4393.It Va ubthidhci_addr 4394Bus address of the USB Bluetooth controller. 4395Check the output of 4396.Xr usbconfig 8 4397on your system to find this information. 4398.It Va netwait_enable 4399.Pq Vt bool 4400If set to 4401.Dq Li YES , 4402delays the start of network-reliant services until 4403.Va netwait_if 4404is up and ICMP packets to a destination defined in 4405.Va netwait_ip 4406are flowing. 4407Link state is examined first, followed by 4408.Dq Li pinging 4409an IP address to verify network usability. 4410If no destination can be reached or timeouts are exceeded, 4411network services are started anyway with no guarantee that 4412the network is usable. 4413Use of this variable requires both 4414.Va netwait_ip 4415and 4416.Va netwait_if 4417to be set. 4418.It Va netwait_ip 4419.Pq Vt str 4420Empty by default. 4421This variable contains a space-delimited list of IP addresses to 4422.Xr ping 8 . 4423DNS hostnames should not be used as resolution is not guaranteed 4424to be functional at this point. 4425If multiple IP addresses are specified, 4426each will be tried until one is successful or the list is exhausted. 4427.It Va netwait_timeout 4428.Pq Vt int 4429Indicates the total number of seconds to perform a 4430.Dq Li ping 4431against each IP address in 4432.Va netwait_ip , 4433at a rate of one ping per second. 4434If any of the pings are successful, 4435full network connectivity is considered reliable. 4436The default is 60. 4437.It Va netwait_if 4438.Pq Vt str 4439Empty by default. 4440Defines the name of the network interface on which watch for link. 4441.Xr ifconfig 8 4442is used to monitor the interface, looking for 4443.Dq Li status: no carrier . 4444Once gone, the link is considered up. 4445This can be a 4446.Xr vlan 4 4447interface if desired. 4448.It Va netwait_if_timeout 4449.Pq Vt int 4450Defines the total number of seconds to wait for link to become usable, 4451polled at a 1-second interval. 4452The default is 30. 4453.It Va rctl_enable 4454.Pq Vt bool 4455If set to 4456.Dq Li YES , 4457load 4458.Xr rctl 8 4459rules from the defined ruleset. 4460The kernel must be built with 4461.Cd "options RACCT" 4462and 4463.Cd "options RCTL" . 4464.It Va rctl_rules 4465.Pq Vt str 4466Set to 4467.Pa /etc/rctl.conf 4468by default. 4469This variables contains the 4470.Xr rctl.conf 5 4471ruleset to load for 4472.Xr rctl 8 . 4473.It Va iovctl_files 4474.Pq Vt str 4475A space-separated list of configuration files used by 4476.Xr iovctl 8 . 4477The default value is an empty string. 4478.It Va autofs_enable 4479.Pq Vt bool 4480If set to 4481.Dq Li YES , 4482start the 4483.Xr automount 8 4484utility and the 4485.Xr automountd 8 4486and 4487.Xr autounmountd 8 4488daemons at boot time. 4489.It Va automount_flags 4490.Pq Vt str 4491If 4492.Va autofs_enable 4493is set to 4494.Dq Li YES , 4495these are the flags to pass to the 4496.Xr automount 8 4497program. 4498By default no flags are passed. 4499.It Va automountd_flags 4500.Pq Vt str 4501If 4502.Va autofs_enable 4503is set to 4504.Dq Li YES , 4505these are the flags to pass to the 4506.Xr automountd 8 4507daemon. 4508By default no flags are passed. 4509.It Va autounmountd_flags 4510.Pq Vt str 4511If 4512.Va autofs_enable 4513is set to 4514.Dq Li YES , 4515these are the flags to pass to the 4516.Xr autounmountd 8 4517daemon. 4518By default no flags are passed. 4519.It Va ctld_enable 4520.Pq Vt bool 4521If set to 4522.Dq Li YES , 4523start the 4524.Xr ctld 8 4525daemon at boot time. 4526.It Va iscsid_enable 4527.Pq Vt bool 4528If set to 4529.Dq Li YES , 4530start the 4531.Xr iscsid 8 4532daemon at boot time. 4533.It Va iscsictl_enable 4534.Pq Vt bool 4535If set to 4536.Dq Li YES , 4537start the 4538.Xr iscsictl 8 4539utility at boot time. 4540.It Va iscsictl_flags 4541.Pq Vt str 4542If 4543.Va iscsictl_enable 4544is set to 4545.Dq Li YES , 4546these are the flags to pass to the 4547.Xr iscsictl 8 4548program. 4549The default is 4550.Dq Li -Aa , 4551which configures sessions based on the 4552.Pa /etc/iscsi.conf 4553configuration file. 4554.It Va cfumass_enable 4555.Pq Vt bool 4556If set to 4557.Dq Li YES , 4558create and export an USB LUN using 4559.Xr cfumass 4 4560at boot time. 4561.It Va cfumass_dir 4562.Pq Vt str 4563The directory where the files exported by USB LUN are located. 4564The default directory is 4565.Pa /var/cfumass . 4566.It Va service_delete_empty 4567.Pq Vt bool 4568If set to 4569.Dq Li YES , 4570.Ql Li service delete 4571removes empty 4572.Dq Li rc.conf.d 4573files. 4574.El 4575.Sh FILES 4576.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4577.It Pa /etc/defaults/rc.conf 4578.It Pa /etc/rc.conf 4579.It Pa /etc/rc.conf.local 4580.El 4581.Sh SEE ALSO 4582.Xr chmod 1 , 4583.Xr gdb 1 , 4584.Xr info 1 , 4585.Xr kbdcontrol 1 , 4586.Xr makewhatis 1 , 4587.Xr sh 1 , 4588.Xr vi 1 , 4589.Xr vidcontrol 1 , 4590.Xr bridge 4 , 4591.Xr dummynet 4 , 4592.Xr ip 4 , 4593.Xr ipf 4 , 4594.Xr ipfw 4 , 4595.Xr ipnat 4 , 4596.Xr kld 4 , 4597.Xr pf 4 , 4598.Xr pflog 4 , 4599.Xr pfsync 4 , 4600.Xr tcp 4 , 4601.Xr udp 4 , 4602.Xr exports 5 , 4603.Xr fstab 5 , 4604.Xr ipf 5 , 4605.Xr ipnat 5 , 4606.Xr jail.conf 5 , 4607.Xr loader.conf 5 , 4608.Xr motd 5 , 4609.Xr newsyslog.conf 5 , 4610.Xr pf.conf 5 , 4611.Xr security 7 , 4612.Xr accton 8 , 4613.Xr amd 8 , 4614.Xr apm 8 , 4615.Xr bsdinstall 8 , 4616.Xr bthidd 8 , 4617.Xr chkprintcap 8 , 4618.Xr chown 8 , 4619.Xr cron 8 , 4620.Xr devfs 8 , 4621.Xr dhclient 8 , 4622.Xr ftpd 8 , 4623.Xr geli 8 , 4624.Xr hcsecd 8 , 4625.Xr ifconfig 8 , 4626.Xr inetd 8 , 4627.Xr iovctl 8 , 4628.Xr ipf 8 , 4629.Xr ipfw 8 , 4630.Xr ipnat 8 , 4631.Xr jail 8 , 4632.Xr kldxref 8 , 4633.Xr loader 8 , 4634.Xr lpd 8 , 4635.Xr mdconfig 8 , 4636.Xr mdmfs 8 , 4637.Xr mixer 8 , 4638.Xr mountd 8 , 4639.Xr moused 8 , 4640.Xr newfs 8 , 4641.Xr newsyslog 8 , 4642.Xr nfsd 8 , 4643.Xr ntpd 8 , 4644.Xr ntpdate 8 , 4645.Xr pfctl 8 , 4646.Xr pflogd 8 , 4647.Xr ping 8 , 4648.Xr powerd 8 , 4649.Xr quotacheck 8 , 4650.Xr quotaon 8 , 4651.Xr rc 8 , 4652.Xr rc.sendmail 8 , 4653.Xr rfcomm_pppd 8 , 4654.Xr route 8 , 4655.Xr routed 8 , 4656.Xr rpc.lockd 8 , 4657.Xr rpc.statd 8 , 4658.Xr rpcbind 8 , 4659.Xr rwhod 8 , 4660.Xr savecore 8 , 4661.Xr sdpd 8 , 4662.Xr service 8 , 4663.Xr sshd 8 , 4664.Xr swapon 8 , 4665.Xr sysctl 8 , 4666.Xr syslogd 8 , 4667.Xr sysrc 8 , 4668.Xr timed 8 , 4669.Xr unbound 8 , 4670.Xr usbconfig 8 , 4671.Xr wlandebug 8 , 4672.Xr yp 8 , 4673.Xr ypbind 8 , 4674.Xr ypserv 8 , 4675.Xr ypset 8 4676.Sh HISTORY 4677The 4678.Nm 4679file appeared in 4680.Fx 2.2.2 . 4681.Sh AUTHORS 4682.An Jordan K. Hubbard . 4683