1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd May 22, 2024 26.Dt RC.CONF 5 27.Os 28.Sh NAME 29.Nm rc.conf 30.Nd system configuration information 31.Sh DESCRIPTION 32The file 33.Nm 34contains descriptive information about the local host name, configuration 35details for any potential network interfaces and which services should be 36started up at system initial boot time. 37In new installations, the 38.Nm 39file is generally initialized by the system installation utility. 40.Pp 41The purpose of 42.Nm 43is not to run commands or perform system startup actions 44directly. 45Instead, it is included by the 46various generic startup scripts in 47.Pa /etc 48which conditionalize their 49internal actions according to the settings found there. 50.Pp 51The 52.Pa /etc/rc.conf 53file is included from the file 54.Pa /etc/defaults/rc.conf , 55which specifies the default settings for all the available options. 56Options need only be specified in 57.Pa /etc/rc.conf 58when the system administrator wishes to override these defaults. 59The file 60.Pa /etc/defaults/vendor.conf 61allows vendors to override 62.Fx 63defaults. 64The file 65.Pa /etc/rc.conf.local 66is used to override settings in 67.Pa /etc/rc.conf 68for historical reasons. 69.Pp 70The sysrc(8) command provides a scripting interface to modify system 71config files. 72.Pp 73In addition to 74.Pa /etc/rc.conf.local 75you can also place smaller configuration files for each 76.Xr rc 8 77script in the 78.Pa /etc/rc.conf.d 79directory or 80.Ao Ar dir Ac Ns Pa /rc.conf.d 81directories (where 82.Ao Ar dir Ac 83is each entry specified in 84.Va local_startup , 85but with any trailing 86.Pa /rc.d 87stripped), 88which will be included by the 89.Va load_rc_config 90function. 91For jail configurations you could use the file 92.Pa /etc/rc.conf.d/jail 93to store jail-specific configuration options. 94If 95.Va local_startup 96contains 97.Pa /usr/local/etc/rc.d 98and 99.Pa /opt/conf , 100.Pa /usr/local/etc/rc.conf.d/jail 101and 102.Pa /opt/conf/rc.conf.d/jail 103will be loaded. 104If 105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 106is a directory, 107all of the files in the directory will be loaded. 108Also see the 109.Va rc_conf_files 110variable below. 111.Pp 112Options are set with 113.Dq Ar name Ns Li = Ns Ar value 114assignments that use 115.Xr sh 1 116syntax. 117The following list provides a name and short description for each 118variable that can be set in the 119.Nm 120file: 121.Bl -tag -width indent-two 122.It Va rc_debug 123.Pq Vt bool 124If set to 125.Dq Li YES , 126enable output of debug messages from rc scripts. 127This variable can be helpful in diagnosing mistakes when 128editing or integrating new scripts. 129Beware that this produces copious output to the terminal and 130.Xr syslog 3 . 131.It Va rc_info 132.Pq Vt bool 133If set to 134.Dq Li NO , 135disable informational messages from the rc scripts. 136Informational messages are displayed when 137a condition that is not serious enough to warrant a warning or 138an error occurs. 139.It Va rc_startmsgs 140.Pq Vt bool 141If set to 142.Dq Li YES , 143show 144.Dq Starting foo: 145when faststart is used (e.g., at boot time). 146.It Va early_late_divider 147.Pq Vt str 148The name of the script that should be used as the 149delimiter between the 150.Dq early 151and 152.Dq late 153stages of the boot process. 154The early stage should contain all the services needed to 155get the disks (local or remote) mounted so that the late 156stage can include scripts contained in the directories 157listed in the 158.Va local_startup 159variable (see below). 160Thus, the two likely candidates for this value are 161.Pa mountcritlocal 162for the typical system, and 163.Pa mountcritremote 164if the system needs remote file 165systems mounted to get access to the 166.Va local_startup 167directories; for example when 168.Pa /usr/local 169is NFS mounted. 170For 171.Pa rc.conf 172within a 173.Xr jail 8 174.Pa NETWORKING 175is likely to be an appropriate value. 176Extreme care should be taken when changing this value, 177and before changing it one should ensure that there are 178adequate provisions to recover from a failed boot 179(such as physical contact with the machine, 180or reliable remote console access). 181.It Va always_force_depends 182.Pq Vt bool 183Various 184.Pa rc.d 185scripts use the force_depend function to check whether required 186services are already running, and to start them if necessary. 187By default during boot time this check is bypassed if the 188required service is enabled in 189.Pa /etc/rc.conf[.local] . 190Setting this option will bypass that check at boot time and 191always test whether or not the service is actually running. 192Enabling this option is likely to increase your boot time if 193services are enabled that utilize the force_depend check. 194.It Ao Ar name Ac Ns Va _chroot 195.Pq Vt str 196.Xr chroot 8 197to this directory before running the service. 198.It Ao Ar name Ac Ns Va _cpuset 199.Pq Vt str 200A list of CPUs to run the service on. 201Passed to 202.Xr cpuset 1 203using the 204.Fl l 205flag. 206.It Ao Ar name Ac Ns Va _fib 207.Pq Vt int 208The 209.Xr setfib 1 210value to run the service under. 211.It Ao Ar name Ac Ns Va _group 212.Pq Vt str 213Run the chrooted service under this system group. 214Unlike the 215.Ao Ar name Ac Ns Va _user 216setting, this setting has no effect if the service is not chrooted. 217.It Ao Ar name Ac Ns Va _limits 218.Pq Vt str 219Resource limits to apply to the service using 220.Xr limits 1 . 221By default, resource limits are based on the login class defined in 222.Ao Ar name Ac Ns Va _login_class . 223.It Ao Ar name Ac Ns Va _login_class 224.Pq Vt str 225Login class to be used with 226.Ao Ar name Ac Ns Va _limits . 227Defaults to 228.Dq Li daemon . 229.It Ao Ar name Ac Ns Va _nice 230.Pq Vt int 231The 232.Xr nice 1 233value to run the service under. 234.It Ao Ar name Ac Ns Va _oomprotect 235.Pq Vt str 236Use 237.Xr protect 1 238to prevent the service from being killed when swap space 239is exhausted. 240Use 241.Dq Li YES 242to protect only the service itself, and 243.Dq Li ALL 244to protect the service and all its child processes. 245.Pp 246Please note that rc scripts which redefine 247.Dl ${argument}_cmd 248.Pq see Xr rc.subr 8 249such as PostgreSQL will not inherit the OOM killer protection. 250.Pp 251This variable has no effect on services running within a 252.Xr jail 8 . 253.It Ao Ar name Ac Ns Va _setup 254.Pq Vt str 255Run the specified setup script right before starting the actual service 256command. 257Useful for automatic configuration file generation. 258.It Ao Ar name Ac Ns Va _umask 259.Pq Vt int 260Run the service using this 261.Xr umask 1 262value. 263.It Ao Ar name Ac Ns Va _user 264.Pq Vt str 265Run the service under this user account. 266.It Ao Ar name Ac Ns Va _svcj 267.Pq Vt bool 268If set to 269.Dq Li YES , 270auto-jail the service with inherited filesystem and other 271jail properties depending on 272.Ao Ar name Ac Ns Va _svcj_options . 273.It Ao Ar name Ac Ns Va _svcj_options 274.Pq Vt str 275A list of jail properties for the service. 276See 277.Sx SERVICE JAILS 278for a list of valid properties. 279.It Va apm_enable 280.Pq Vt bool 281If set to 282.Dq Li YES , 283enable support for Automatic Power Management with 284the 285.Xr apm 8 286command. 287.It Va apmd_enable 288.Pq Vt bool 289Run 290.Xr apmd 8 291to handle APM event from userland. 292This also enables support for APM. 293.It Va apmd_flags 294.Pq Vt str 295If 296.Va apmd_enable 297is set to 298.Dq Li YES , 299these are the flags to pass to the 300.Xr apmd 8 301daemon. 302.It Va devd_enable 303.Pq Vt bool 304Run 305.Xr devd 8 306to handle device added, removed or unknown events from the kernel. 307.It Va ddb_enable 308.Pq Vt bool 309Run 310.Xr ddb 8 311to install 312.Xr ddb 4 313scripts at boot time. 314.It Va ddb_config 315.Pq Vt str 316Configuration file for 317.Xr ddb 8 . 318Default 319.Pa /etc/ddb.conf . 320.It Va devmatch_enable 321.Pq Vt bool 322If set to 323.Dq Li NO , 324disable auto-loading of kernel modules with 325.Xr devmatch 8 . 326.It Va devmatch_blocklist 327.Pq Vt str 328A whitespace-separated list of kernel modules to be ignored by 329.Xr devmatch 8 . 330In addition, the 331.Xr kenv 1 332.Va devmatch_blocklist 333is appended to this variable to allow disabling of 334.Xr devmatch 8 335loaded modules from the boot loader. 336.It Va devmatch_blacklist 337.Pq Vt str 338This variable is deprecated. 339Use 340.Va devmatch_blocklist 341instead. 342A whitespace-separated list of kernel modules to be ignored by 343.Xr devmatch 8 . 344.It Va kld_list 345.Pq Vt str 346A whitespace-separated list of kernel modules to load right after 347the local disks are mounted, without any 348.Pa .ko 349extension or path. 350.It Va kldxref_enable 351.Pq Vt bool 352Set to 353.Dq Li NO 354by default. 355Set to 356.Dq Li YES 357to automatically rebuild 358.Pa linker.hints 359files with 360.Xr kldxref 8 361at boot time. 362.It Va kldxref_clobber 363.Pq Vt bool 364Set to 365.Dq Li NO 366by default. 367If 368.Va kldxref_enable 369is true, 370setting to 371.Dq Li YES 372will overwrite existing 373.Pa linker.hints 374files at boot time. 375Otherwise, 376only missing 377.Pa linker.hints 378files are generated. 379.It Va kldxref_module_path 380.Pq Vt str 381Empty by default. 382A semi-colon 383.Pq Ql \&; 384delimited list of paths containing 385.Xr kld 4 386modules. 387If empty, 388the contents of the 389.Va kern.module_path 390.Xr sysctl 8 391are used. 392.It Va powerd_enable 393.Pq Vt bool 394If set to 395.Dq Li YES , 396enable the system power control facility with the 397.Xr powerd 8 398daemon. 399.It Va powerd_flags 400.Pq Vt str 401If 402.Va powerd_enable 403is set to 404.Dq Li YES , 405these are the flags to pass to the 406.Xr powerd 8 407daemon. 408.It Va svcj_all_enable 409Enable auto-jailing of all services which are not explicitly 410excluded. 411See 412.Sx SERVICE JAILS 413for more info. 414.It Va tmpmfs 415Controls the creation of a 416.Pa /tmp 417memory file system. 418Always happens if set to 419.Dq Li YES 420and never happens if set to 421.Dq Li NO . 422If set to anything else, a memory file system is created if 423.Pa /tmp 424is not writable. 425.It Va tmpsize 426Controls the size of a created 427.Pa /tmp 428memory file system. 429.It Va tmpmfs_flags 430Extra options passed to the 431.Xr mdmfs 8 432utility when the memory file system for 433.Pa /tmp 434is created. 435The default is 436.Dq Li "-S" , 437which inhibits the use of softupdates on 438.Pa /tmp 439so that file system space is freed without delay 440after file truncation or deletion. 441See 442.Xr mdmfs 8 443for other options you can use in 444.Va tmpmfs_flags . 445.It Va varmfs 446Controls the creation of a 447.Pa /var 448memory file system. 449Always happens if set to 450.Dq Li YES 451and never happens if set to 452.Dq Li NO . 453If set to anything else, a memory file system is created if 454.Pa /var 455is not writable. 456.It Va varsize 457Controls the size of a created 458.Pa /var 459memory file system. 460.It Va varmfs_flags 461Extra options passed to the 462.Xr mdmfs 8 463utility when the memory file system for 464.Pa /var 465is created. 466The default is 467.Dq Li "-S" , 468which inhibits the use of softupdates on 469.Pa /var 470so that file system space is freed without delay 471after file truncation or deletion. 472See 473.Xr mdmfs 8 474for other options you can use in 475.Va varmfs_flags . 476.It Va populate_var 477Controls the automatic population of the 478.Pa /var 479file system. 480Always happens if set to 481.Dq Li YES 482and never happens if set to 483.Dq Li NO . 484If set to anything else, a memory file system is created if 485.Pa /var 486is not writable. 487Note that this process requires access to certain commands in 488.Pa /usr 489before 490.Pa /usr 491is mounted on normal systems. 492.It Va cleanvar_enable 493.Pq Vt bool 494Clean the 495.Pa /var 496directory. 497.It Va var_run_enable 498.Pq Vt bool 499Set to "YES" to enable saving of the 500.Pa /var/run 501directory structure into an mtree file at shutdown and the reload of the 502.Pa /var/run 503directory structure at boot. 504.It Va var_run_autosave 505.Pq Vt bool 506In some cases it may be undesirable to save 507.Pa /var/run 508at shutdown. 509When set to "NO" 510.Pa /var/run 511is loaded at reboot but not saved at shutdown. 512Typically in this scenario 513.Ql service var_run save 514would be performed to save a copy of the 515.Pa /var/run 516directory structure once, to be reloaded during all subsequent reboots. 517.It Va var_run_mtree 518.Pq Vt str 519Where to save the 520.Pa /var/run 521mtree. 522The default location is 523.Pa /var/db/mtree/BSD.var-run.mtree . 524.It Va local_startup 525.Pq Vt str 526List of directories to search for startup script files. 527.It Va script_name_sep 528.Pq Vt str 529The field separator to use for breaking down the list of startup script files 530into individual filenames. 531The default is a space. 532It is not necessary to change this unless there are startup scripts with names 533containing spaces. 534.It Va hostapd_enable 535.Pq Vt bool 536Set to 537.Dq Li YES 538to start 539.Xr hostapd 8 540at system boot time. 541.It Va hostname 542.Pq Vt str 543The fully qualified domain name (FQDN) of this host on the network. 544This should almost certainly be set to something meaningful, even if 545there is no network connection. 546If 547.Xr dhclient 8 548is used to set the hostname via DHCP, 549this variable should be set to an empty string. 550Within a 551.Xr jail 8 552the hostname is generally already set and this variable may be absent. 553If this value remains unset when the system is done booting 554your console login will display the default hostname of 555.Dq Amnesiac . 556.It Va nisdomainname 557.Pq Vt str 558The NIS domain name of this host, or 559.Dq Li NO 560if NIS is not used. 561.It Va hostid_enable 562.Pq Vt bool 563If set to 564.Dq Li NO , 565disable the generation or saving of the 566.Pa hostid 567and 568.Pa machine-id 569files at system boot and shutdown. 570.It Va hostid_file 571.Pq Vt str 572Path to the 573.Pa hostid 574file, default 575.Pa /etc/hostid . 576.It Va hostid_uuidgen_flags 577.Pq Vt str 578Flags passed to 579.Xr uuidgen 1 580when generating a software host UUID. 581This is used only if the system cannot determine a hardware UUID. 582Set to 583.Dq Li -r 584by default. 585.It Va machine_id_file 586.Pq Vt str 587Path to the 588.Pa machine-id 589file, default 590.Pa /etc/machine-id . 591.It Va dhclient_program 592.Pq Vt str 593Path to the DHCP client program, defaulting to 594.Pa /sbin/dhclient . 595.It Va dhclient_flags 596.Pq Vt str 597Additional flags to pass to the DHCP client program. 598See the 599.Xr dhclient 8 600manpage for a description of the command line options available. 601.It Va dhclient_flags_ Ns Aq Ar iface 602Additional flags to pass to the DHCP client program running on 603.Ar iface 604only. 605When specified, this variable overrides 606.Va dhclient_flags . 607.It Va background_dhclient 608.Pq Vt bool 609Set to 610.Dq Li YES 611to start the DHCP client in background. 612This can cause trouble with applications depending on 613a working network, but it will provide a faster startup 614in many cases. 615.It Va background_dhclient_ Ns Aq Ar iface 616When specified, this variable overrides the 617.Va background_dhclient 618variable for interface 619.Ar iface 620only. 621.It Va dhclient_arpwait 622.Pq Vt bool 623Set to 624.Dq Li NO 625to stop 626.Xr dhclient 8 627from waiting for ARP resolution, to make the system boot faster. 628This may be done on networks where the DHCP server is certain to 629know whether an address is available. 630.It Va synchronous_dhclient 631.Pq Vt bool 632Set to 633.Dq Li YES 634to start 635.Xr dhclient 8 636synchronously at startup. 637This behavior can be overridden on a per-interface basis by replacing 638the 639.Dq Li DHCP 640keyword in the 641.Va ifconfig_ Ns Aq Ar interface 642variable with 643.Dq Li SYNCDHCP 644or 645.Dq Li NOSYNCDHCP . 646.It Va defaultroute_delay 647.Pq Vt int 648When set to a positive value, wait up to this long after configuring 649DHCP interfaces at startup to give the interfaces time to receive a lease. 650.It Va firewall_enable 651.Pq Vt bool 652Set to 653.Dq Li YES 654to load firewall rules at startup. 655If the kernel was not built with 656.Cd "options IPFIREWALL" , 657the 658.Pa ipfw.ko 659kernel module will be loaded. 660See also 661.Va ipfilter_enable . 662.It Va firewall_script 663.Pq Vt str 664This variable specifies the full path to the firewall script to run. 665The default is 666.Pa /etc/rc.firewall . 667.It Va firewall_type 668.Pq Vt str 669Names the firewall type from the selection in 670.Pa /etc/rc.firewall , 671or the file which contains the local firewall ruleset. 672Valid selections from 673.Pa /etc/rc.firewall 674are: 675.Pp 676.Bl -tag -width ".Li workstation" -compact 677.It Li open 678unrestricted IP access 679.It Li closed 680all IP services disabled, except via 681.Dq Li lo0 682.It Li client 683basic protection for a workstation 684.It Li workstation 685basic protection for a workstation using stateful firewalling 686.It Li simple 687basic protection for a LAN. 688.El 689.Pp 690If a filename is specified, the full path 691must be given. 692.Pp 693Most of the predefined rulesets define additional configuration variables. 694These are documented in 695.Pa /etc/rc.firewall . 696.It Va firewall_quiet 697.Pq Vt bool 698Set to 699.Dq Li YES 700to disable the display of firewall rules on the console during boot. 701.It Va firewall_logging 702.Pq Vt bool 703Set to 704.Dq Li YES 705to enable firewall event logging. 706This is equivalent to the 707.Dv IPFIREWALL_VERBOSE 708kernel option. 709.It Va firewall_logif 710.Pq Vt bool 711Set to 712.Dq Li YES 713to create pseudo interface 714.Li ipfw0 715for logging. 716For more details, see 717.Xr ipfw 8 718manual page. 719.It Va firewall_flags 720.Pq Vt str 721Flags passed to 722.Xr ipfw 8 723if 724.Va firewall_type 725specifies a filename. 726.It Va firewall_coscripts 727.Pq Vt str 728List of executables and/or rc scripts to run after firewall starts/stops. 729Default is empty. 730.\" ----- firewall_nat_enable setting -------------------------------- 731.It Va firewall_nat_enable 732.Pq Vt bool 733The 734.Xr ipfw 8 735equivalent of 736.Va natd_enable . 737Setting this to 738.Dq Li YES 739will automatically load the 740.Xr ipfw 8 741NAT kernel module if 742.Va firewall_enable 743is also set to 744.Dq Li YES . 745.It Va firewall_nat_interface 746.Pq Vt str 747The 748.Xr ipfw 8 749equivalent of 750.Va natd_interface . 751This is the name of the public interface or IP address on which 752kernel NAT should run. 753.It Va firewall_nat_flags 754.Pq Vt str 755Additional configuration parameters for kernel NAT should be placed here. 756.It Va firewall_nat64_enable 757.Pq Vt bool 758Setting this to 759.Dq Li YES 760will automatically load the 761.Xr ipfw 8 762NAT64 kernel module if 763.Va firewall_enable 764is also set to 765.Dq Li YES . 766.It Va firewall_nptv6_enable 767.Pq Vt bool 768Setting this to 769.Dq Li YES 770will automatically load the 771.Xr ipfw 8 772NPTv6 kernel module if 773.Va firewall_enable 774is also set to 775.Dq Li YES . 776.It Va firewall_pmod_enable 777.Pq Vt bool 778Setting this to 779.Dq Li YES 780will automatically load the 781.Xr ipfw 8 782pmod kernel module if 783.Va firewall_enable 784is also set to 785.Dq Li YES . 786.It Va dummynet_enable 787.Pq Vt bool 788Setting this to 789.Dq Li YES 790will automatically load the 791.Xr dummynet 4 792module if 793.Va firewall_enable 794is also set to 795.Dq Li YES . 796.\" ------------------------------------------------------------------- 797.It Va ipfw_netflow_enable 798.Pq Vt bool 799Setting this to 800.Dq Li YES 801will enable netflow logging via 802.Xr ng_netflow 4 . 803.Pp 804By default a ipfw rule is inserted and all packets are duplicated with 805the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 806port using protocol version 5. 807.It Va ipfw_netflow_hook 808.Pq Vt int 809netflow hook name, must be numerical 810(default 811.Pa 9995 ) . 812.It Va ipfw_netflow_rule 813.Pq Vt int 814ipfw rule number 815(default 816.Pa 1000 ) . 817.It Va ipfw_netflow_ip 818.Pq Vt str 819Destination server ip for receiving netflow data 820(default 821.Pa 127.0.0.1 ) . 822.It Va ipfw_netflow_port 823.Pq Vt int 824Destination server port for receiving netflow data 825(default 826.Pa 9995 ) . 827.It Va ipfw_netflow_version 828.Pq Vt int 829Do not set for using version 5 of the netflow protocol, set it to 9 for using 830version 9. 831.It Va ipfw_netflow_fib 832.Pq Vt int 833Only match packet in FIB 834.Pa ipfw_netflow_fib 835(default is undefined meaning all FIBs). 836.It Va natd_program 837.Pq Vt str 838Path to 839.Xr natd 8 . 840.It Va natd_enable 841.Pq Vt bool 842Set to 843.Dq Li YES 844to enable 845.Xr natd 8 . 846.Va firewall_enable 847must also be set to 848.Dq Li YES , 849and 850.Xr divert 4 851sockets must be enabled in the kernel. 852If the kernel was not built with 853.Cd "options IPDIVERT" , 854the 855.Pa ipdivert.ko 856kernel module will be loaded. 857.It Va natd_interface 858.Pq Vt str 859This is the name of the public interface on which 860.Xr natd 8 861should run. 862The interface may be given as an interface name or as an IP address. 863.It Va natd_flags 864.Pq Vt str 865Additional 866.Xr natd 8 867flags should be placed here. 868The 869.Fl n 870or 871.Fl a 872flag is automatically added with the above 873.Va natd_interface 874as an argument. 875.\" ----- ipfilter_enable setting -------------------------------- 876.It Va ipfilter_enable 877.Pq Vt bool 878Set to 879.Dq Li NO 880by default. 881Setting this to 882.Dq Li YES 883enables 884.Xr ipf 8 885packet filtering. 886.Pp 887Typical usage will require putting 888.Bd -literal 889ipfilter_enable="YES" 890ipnat_enable="YES" 891ipmon_enable="YES" 892ipfs_enable="YES" 893.Ed 894.Pp 895into 896.Pa /etc/rc.conf 897and editing 898.Pa /etc/ipf.rules 899and 900.Pa /etc/ipnat.rules 901appropriately. 902.Pp 903Note that 904.Va ipfilter_enable 905and 906.Va ipnat_enable 907can be enabled independently. 908.Va ipmon_enable 909and 910.Va ipfs_enable 911both require at least one of 912.Va ipfilter_enable 913and 914.Va ipnat_enable 915to be enabled. 916.Pp 917Having 918.Bd -literal 919options IPFILTER 920options IPFILTER_LOG 921options IPFILTER_DEFAULT_BLOCK 922.Ed 923.Pp 924in the kernel configuration file is a good idea, too. 925.\" ----- ipfilter_program setting ------------------------------ 926.It Va ipfilter_program 927.Pq Vt str 928Path to 929.Xr ipf 8 930(default 931.Pa /sbin/ipf ) . 932.\" ----- ipfilter_rules setting -------------------------------- 933.It Va ipfilter_rules 934.Pq Vt str 935Set to 936.Pa /etc/ipf.rules 937by default. 938This variable contains the name of the filter rule definition file. 939The file is expected to be readable for the 940.Xr ipf 8 941command to execute. 942.\" ----- ipfilter_flags setting -------------------------------- 943.It Va ipfilter_flags 944.Pq Vt str 945Empty by default. 946This variable contains flags passed to the 947.Xr ipf 8 948program. 949.\" ----- ipnat_enable setting ---------------------------------- 950.It Va ipnat_enable 951.Pq Vt bool 952Set to 953.Dq Li NO 954by default. 955Set it to 956.Dq Li YES 957to enable 958.Xr ipnat 8 959network address translation. 960See 961.Va ipfilter_enable 962for a detailed discussion. 963.\" ----- ipnat_program setting --------------------------------- 964.It Va ipnat_program 965.Pq Vt str 966Path to 967.Xr ipnat 8 968(default 969.Pa /sbin/ipnat ) . 970.\" ----- ipnat_rules setting ----------------------------------- 971.It Va ipnat_rules 972.Pq Vt str 973Set to 974.Pa /etc/ipnat.rules 975by default. 976This variable contains the name of the file 977holding the network address translation definition. 978This file is expected to be readable for the 979.Xr ipnat 8 980command to execute. 981.\" ----- ipnat_flags setting ----------------------------------- 982.It Va ipnat_flags 983.Pq Vt str 984Empty by default. 985This variable contains flags passed to the 986.Xr ipnat 8 987program. 988.\" ----- ipmon_enable setting ---------------------------------- 989.It Va ipmon_enable 990.Pq Vt bool 991Set to 992.Dq Li NO 993by default. 994Set it to 995.Dq Li YES 996to enable 997.Xr ipmon 8 998monitoring (logging 999.Xr ipf 8 1000and 1001.Xr ipnat 8 1002events). 1003Setting this variable needs setting 1004.Va ipfilter_enable 1005or 1006.Va ipnat_enable 1007too. 1008See 1009.Va ipfilter_enable 1010for a detailed discussion. 1011.\" ----- ipmon_program setting --------------------------------- 1012.It Va ipmon_program 1013.Pq Vt str 1014Path to 1015.Xr ipmon 8 1016(default 1017.Pa /sbin/ipmon ) . 1018.\" ----- ipmon_flags setting ----------------------------------- 1019.It Va ipmon_flags 1020.Pq Vt str 1021Set to 1022.Dq Li -Ds 1023by default. 1024This variable contains flags passed to the 1025.Xr ipmon 8 1026program. 1027Another typical example would be 1028.Dq Fl D Pa /var/log/ipflog 1029to have 1030.Xr ipmon 8 1031log directly to a file bypassing 1032.Xr syslogd 8 . 1033Make sure to adjust 1034.Pa /etc/newsyslog.conf 1035in such case like this: 1036.Bd -literal 1037/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1038.Ed 1039.\" ----- ipfs_enable setting ----------------------------------- 1040.It Va ipfs_enable 1041.Pq Vt bool 1042Set to 1043.Dq Li NO 1044by default. 1045Set it to 1046.Dq Li YES 1047to enable 1048.Xr ipfs 8 1049saving the filter and NAT state tables during shutdown 1050and reloading them during startup again. 1051Setting this variable needs setting 1052.Va ipfilter_enable 1053or 1054.Va ipnat_enable 1055to 1056.Dq Li YES 1057too. 1058See 1059.Va ipfilter_enable 1060for a detailed discussion. 1061Note that if 1062.Va kern_securelevel 1063is set to 3, 1064.Va ipfs_enable 1065cannot be used 1066because the raised securelevel will prevent 1067.Xr ipfs 8 1068from saving the state tables at shutdown time. 1069.\" ----- ipfs_program setting ---------------------------------- 1070.It Va ipfs_program 1071.Pq Vt str 1072Path to 1073.Xr ipfs 8 1074(default 1075.Pa /sbin/ipfs ) . 1076.\" ----- ipfs_flags setting ------------------------------------ 1077.It Va ipfs_flags 1078.Pq Vt str 1079Empty by default. 1080This variable contains flags passed to the 1081.Xr ipfs 8 1082program. 1083.\" ----- end of added ipf hook --------------------------------- 1084.It Va pf_enable 1085.Pq Vt bool 1086Set to 1087.Dq Li NO 1088by default. 1089Setting this to 1090.Dq Li YES 1091enables 1092.Xr pf 4 1093packet filtering. 1094.Pp 1095Typical usage will require putting 1096.Pp 1097.Dl pf_enable="YES" 1098.Pp 1099into 1100.Pa /etc/rc.conf 1101and editing 1102.Pa /etc/pf.conf 1103appropriately. 1104Adding 1105.Pp 1106.Dl "device pf" 1107.Pp 1108builds support for 1109.Xr pf 4 1110into the kernel, otherwise the 1111kernel module will be loaded. 1112.It Va pf_rules 1113.Pq Vt str 1114Path to 1115.Xr pf 4 1116ruleset configuration file 1117(default 1118.Pa /etc/pf.conf ) . 1119.It Va pf_program 1120.Pq Vt str 1121Path to 1122.Xr pfctl 8 1123(default 1124.Pa /sbin/pfctl ) . 1125.It Va pf_flags 1126.Pq Vt str 1127If 1128.Va pf_enable 1129is set to 1130.Dq Li YES , 1131these flags are passed to the 1132.Xr pfctl 8 1133program when loading the ruleset. 1134.It Va pf_fallback_rules_enable 1135.Pq Vt bool 1136Set to 1137.Dq Li NO 1138by default. 1139Setting this to 1140.Dq Li YES 1141enables loading 1142.Va pf_fallback_rules_file 1143or 1144.Va pf_fallback_rules 1145in case of a problem when loading the ruleset in 1146.Va pf_rules . 1147.It Va pf_fallback_rules_file 1148.Pq Vt str 1149Path to a pf ruleset to load in case of failure when loading the 1150ruleset in 1151.Va pf_rules 1152(default 1153.Pa /etc/pf-fallback.conf ) . 1154.It Va pf_fallback_rules 1155.Pq Vt str 1156A pf ruleset to load in case of failure when loading the ruleset in 1157.Va pf_rules 1158and 1159.Va pf_fallback_rules_file 1160is not found. 1161Multiple rules can be set as follows: 1162.Bd -literal 1163pf_fallback_rules="\\ 1164 block drop log all\\ 1165 pass in quick on em0" 1166.Pp 1167.Ed 1168The default fallback rule is 1169.Dq block drop log all 1170.It Va pflog_enable 1171.Pq Vt bool 1172Set to 1173.Dq Li NO 1174by default. 1175Setting this to 1176.Dq Li YES 1177enables 1178.Xr pflogd 8 1179which logs packets from the 1180.Xr pf 4 1181packet filter. 1182.It Va pflog_logfile 1183.Pq Vt str 1184If 1185.Va pflog_enable 1186is set to 1187.Dq Li YES 1188this controls where 1189.Xr pflogd 8 1190stores the logfile 1191(default 1192.Pa /var/log/pflog ) . 1193Check 1194.Pa /etc/newsyslog.conf 1195to adjust logfile rotation for this. 1196.It Va pflog_program 1197.Pq Vt str 1198Path to 1199.Xr pflogd 8 1200(default 1201.Pa /sbin/pflogd ) . 1202.It Va pflog_flags 1203.Pq Vt str 1204Empty by default. 1205This variable contains additional flags passed to the 1206.Xr pflogd 8 1207program. 1208.It Va pflog_instances 1209.Pq Vt str 1210If logging to more than one 1211.Xr pflog 4 1212interface is desired, 1213.Va pflog_instances 1214is set to the list of 1215.Xr pflogd 8 1216instances that should be started at system boot time. 1217If 1218.Va pflog_instances 1219is set, for each whitespace-separated 1220.Ar element 1221in the list, 1222.Ao Ar element Ac Ns Va _dev 1223and 1224.Ao Ar element Ac Ns Va _logfile 1225elements are assumed to exist. 1226.Ao Ar element Ac Ns Va _dev 1227must contain the 1228.Xr pflog 4 1229interface to be watched by the named 1230.Xr pflogd 8 1231instance. 1232.Ao Ar element Ac Ns Va _logfile 1233must contain the name of the logfile that will be used by the 1234.Xr pflogd 8 1235instance. 1236.It Va ftpproxy_enable 1237.Pq Vt bool 1238Set to 1239.Dq Li NO 1240by default. 1241Setting this to 1242.Dq Li YES 1243enables 1244.Xr ftp-proxy 8 1245which supports the 1246.Xr pf 4 1247packet filter in translating ftp connections. 1248.It Va ftpproxy_flags 1249.Pq Vt str 1250Empty by default. 1251This variable contains additional flags passed to the 1252.Xr ftp-proxy 8 1253program. 1254.It Va ftpproxy_instances 1255.Pq Vt str 1256Empty by default. 1257If multiple instances of 1258.Xr ftp-proxy 8 1259are desired at boot time, 1260.Va ftpproxy_instances 1261should contain a whitespace-separated list of instance names. 1262For each 1263.Ar element 1264in the list, a variable named 1265.Ao Ar element Ac Ns Va _flags 1266should be defined, containing the command-line flags to be passed to the 1267.Xr ftp-proxy 8 1268instance. 1269.It Va pfsync_enable 1270.Pq Vt bool 1271Set to 1272.Dq Li NO 1273by default. 1274Setting this to 1275.Dq Li YES 1276enables exposing 1277.Xr pf 4 1278state changes to other hosts over the network by means of 1279.Xr pfsync 4 . 1280The 1281.Va pfsync_syncdev 1282variable 1283must also be set then. 1284.It Va pfsync_syncdev 1285.Pq Vt str 1286Empty by default. 1287This variable specifies the name of the network interface 1288.Xr pfsync 4 1289should operate through. 1290It must be set accordingly if 1291.Va pfsync_enable 1292is set to 1293.Dq Li YES . 1294.It Va pfsync_syncpeer 1295.Pq Vt str 1296Empty by default. 1297This variable is optional. 1298By default, state change messages are sent out on the synchronisation 1299interface using IP multicast packets. 1300The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1301224.0.0.240. 1302When a peer address is specified using the 1303.Va pfsync_syncpeer 1304option, the peer address is used as a destination for the pfsync 1305traffic, and the traffic can then be protected using 1306.Xr ipsec 4 . 1307See the 1308.Xr pfsync 4 1309manpage for more details about using 1310.Xr ipsec 4 1311with 1312.Xr pfsync 4 1313interfaces. 1314.It Va pfsync_ifconfig 1315.Pq Vt str 1316Empty by default. 1317This variable can contain additional options to be passed to the 1318.Xr ifconfig 8 1319command used to set up 1320.Xr pfsync 4 . 1321.It Va tcp_extensions 1322.Pq Vt bool 1323Set to 1324.Dq Li YES 1325by default. 1326Setting this to 1327.Dq Li NO 1328disables certain TCP options as described by 1329.Rs 1330.%T "RFC 1323" 1331.Re 1332Setting this to 1333.Dq Li NO 1334might help remedy such problems with connections as randomly hanging 1335or other weird behavior. 1336Some network devices are known 1337to be broken with respect to these options. 1338.It Va log_in_vain 1339.Pq Vt int 1340Set to 0 by default. 1341The 1342.Xr sysctl 8 1343variables, 1344.Va net.inet.tcp.log_in_vain 1345and 1346.Va net.inet.udp.log_in_vain , 1347as described in 1348.Xr tcp 4 1349and 1350.Xr udp 4 , 1351are set to the given value. 1352.It Va tcp_keepalive 1353.Pq Vt bool 1354Set to 1355.Dq Li YES 1356by default. 1357Setting to 1358.Dq Li NO 1359will disable probing idle TCP connections to verify that the 1360peer is still up and reachable. 1361.It Va tcp_drop_synfin 1362.Pq Vt bool 1363Set to 1364.Dq Li NO 1365by default. 1366Setting to 1367.Dq Li YES 1368will cause the kernel to ignore TCP frames that have both 1369the SYN and FIN flags set. 1370This prevents OS fingerprinting, but may 1371break some legitimate applications. 1372.It Va icmp_drop_redirect 1373.Pq Vt bool 1374Set to 1375.Dq Li AUTO 1376by default. 1377This setting will be identical to 1378.Dq Li YES , 1379if a dynamic routing daemon is enabled, because redirect processing may 1380cause performance issues for large routing tables. 1381If no such service is enabled, this setting behaves like a 1382.Dq Li NO . 1383Setting to 1384.Dq Li YES 1385will cause the kernel to ignore ICMP REDIRECT packets. 1386Setting to 1387.Dq Li NO 1388will cause the kernel to process ICMP REDIRECT packets. 1389Refer to 1390.Xr icmp 4 1391for more information. 1392.It Va icmp_log_redirect 1393.Pq Vt bool 1394Set to 1395.Dq Li NO 1396by default. 1397Setting to 1398.Dq Li YES 1399will cause the kernel to log ICMP REDIRECT packets. 1400Note that 1401the log messages are not rate-limited, so this option should only be used 1402for troubleshooting networks. 1403Refer to 1404.Xr icmp 4 1405for more information. 1406.It Va icmp_bmcastecho 1407.Pq Vt bool 1408Set to 1409.Dq Li YES 1410to respond to broadcast or multicast ICMP ping packets. 1411Refer to 1412.Xr icmp 4 1413for more information. 1414.It Va ip_portrange_first 1415.Pq Vt int 1416If not set to 1417.Dq Li NO , 1418this is the first port in the default portrange. 1419Refer to 1420.Xr ip 4 1421for more information. 1422.It Va ip_portrange_last 1423.Pq Vt int 1424If not set to 1425.Dq Li NO , 1426this is the last port in the default portrange. 1427Refer to 1428.Xr ip 4 1429for more information. 1430.It Va network_interfaces 1431.Pq Vt str 1432Set to the list of network interfaces to configure on this host or 1433.Dq Li AUTO 1434(the default) for all current interfaces. 1435Setting the 1436.Va network_interfaces 1437variable to anything other than the default is deprecated. 1438Interfaces that the administrator wishes to store configuration for, 1439but not start at boot should be configured with the 1440.Dq Li NOAUTO 1441keyword in their 1442.Va ifconfig_ Ns Aq Ar interface 1443variables as described below. 1444.Pp 1445An 1446.Va ifconfig_ Ns Aq Ar interface 1447variable is assumed to exist for each value of 1448.Ar interface . 1449When an interface name contains any of the characters 1450.Dq Li .-/+ 1451they are translated to 1452.Dq Li _ 1453before lookup. 1454For example, the interface 1455.Va em0.102 1456would be configured using the variable 1457.Va ifconfig_em0_102 . 1458.Pp 1459The variable can contain arguments to 1460.Xr ifconfig 8 , 1461as well as special case-insensitive keywords described below. 1462Such keywords are removed before passing the value to 1463.Xr ifconfig 8 1464while the order of the other arguments is preserved. 1465.Pp 1466For example, to assign the IPv4 address 192.0.2.1/24 to the interface em0: 1467.Bd -literal 1468ifconfig_em0="inet 192.0.2.1/24 up" 1469.Ed 1470.Pp 1471If the variable 1472.Va ifconfig_ Ns Ao Ar interface Ac Ns Pa _ipv6 1473is set, then 1474.Va ifconfig_ Ns Aq Ar interface 1475does not need to be set unless an IPv4 address should also be assigned to 1476the interface. 1477.Pp 1478It is possible to add IP alias entries using 1479.Xr ifconfig 8 1480syntax with the address family keyword such as 1481.Li inet . 1482Assuming that the interface in question was 1483.Li em0 , 1484it might look something like this: 1485.Bd -literal 1486ifconfig_em0_alias0="inet 127.0.0.253/32" 1487ifconfig_em0_alias1="inet 127.0.0.254/32" 1488.Ed 1489.Pp 1490It also possible to configure multiple IP addresses in Classless 1491Inter-Domain Routing 1492.Pq CIDR 1493address notation, 1494whose each address component can be a range like 1495.Li inet 192.0.2.5-23/24 1496or 1497.Li inet6 2001:db8:1-f::1/64 . 1498This notation allows address and prefix length part only, 1499not the other address modifiers. 1500Note that the maximum number of the generated addresses from a range 1501specification is limited to an integer value specified in 1502.Va netif_ipexpand_max 1503in 1504.Nm 1505because a small typo can unexpectedly generate a large number of addresses. 1506The default value is 1507.Li 2048 . 1508It can be increased by adding the following line into 1509.Nm : 1510.Bd -literal 1511netif_ipexpand_max="4096" 1512.Ed 1513.Pp 1514In the case of 1515.Li 192.0.2.5-23/24 , 1516the address 192.0.2.5 will be configured with the prefix length /24 and the 1517addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting prefix length /32 as 1518explained in the 1519.Xr ifconfig 8 1520alias section. 1521Note that this special CIDR handling is only for 1522.Li inet , 1523not for the other address families such as 1524.Li inet6 . 1525.Pp 1526With the interface in question being 1527.Li em0 , 1528an example could look like: 1529.Bd -literal 1530ifconfig_em0_alias2="inet 192.0.2.129/27" 1531ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1532.Ed 1533.Pp 1534and so on. 1535.Pp 1536Note that deprecated 1537.Va ipv4_addrs_ Ns Aq Ar interface 1538variable was supported for IPv4 CIDR address notation. 1539The 1540.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1541variable replaces it, though 1542.Va ipv4_addrs_ Ns Aq Ar interface 1543is still supported for backward compatibility. 1544.Pp 1545For each 1546.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1547entry with an address family keyword, 1548its contents are passed to 1549.Xr ifconfig 8 . 1550Execution stops at the first unsuccessful access, so if 1551something like this is present: 1552.Bd -literal 1553ifconfig_em0_alias0="inet 127.0.0.251/32" 1554ifconfig_em0_alias1="inet 127.0.0.252/32" 1555ifconfig_em0_alias2="inet 127.0.0.253/32" 1556ifconfig_em0_alias4="inet 127.0.0.254/32" 1557.Ed 1558.Pp 1559Then note that alias4 would 1560.Em not 1561be added since the search would 1562stop with the missing 1563.Dq Li alias3 1564entry. 1565Because of this difficult to manage behavior, 1566there is 1567.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1568variable, which has the same functionality as 1569.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1570and can have all of the entries in a variable like the following: 1571.Bd -literal 1572ifconfig_em0_aliases="\\ 1573 inet 127.0.0.251/32 \\ 1574 inet 127.0.0.252/32 \\ 1575 inet 127.0.0.253/32 \\ 1576 inet 127.0.0.254/32" 1577.Ed 1578.Pp 1579It also supports netmask notation for backward compatibility. 1580.Pp 1581If the 1582.Pa /etc/start_if . Ns Aq Ar interface 1583file is present, it is read and executed by the 1584.Xr sh 1 1585interpreter 1586before configuring the interface as specified in the 1587.Va ifconfig_ Ns Aq Ar interface 1588and 1589.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1590variables. 1591.Pp 1592If a 1593.Va vlans_ Ns Aq Ar interface 1594variable is set, 1595a 1596.Xr vlan 4 1597interface will be created for each item in the list with the 1598.Ar vlandev 1599argument set to 1600.Ar interface . 1601If a vlan interface's name is a number, 1602then that number is used as the vlan tag and the new vlan interface is 1603named 1604.Ar interface . Ns Ar tag . 1605Otherwise, 1606the vlan tag must be specified via a 1607.Va vlan 1608parameter in the 1609.Va create_args_ Ns Aq Ar interface 1610variable. 1611.Pp 1612To create a vlan device named 1613.Li em0.101 1614on 1615.Li em0 1616with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1617.Bd -literal 1618vlans_em0="101" 1619ifconfig_em0_101="inet 192.0.2.1/24" 1620.Ed 1621.Pp 1622To create a vlan device named 1623.Li myvlan 1624on 1625.Li em0 1626with the vlan tag 102: 1627.Bd -literal 1628vlans_em0="myvlan" 1629create_args_myvlan="vlan 102" 1630.Ed 1631.Pp 1632If a 1633.Va wlans_ Ns Aq Ar interface 1634variable is set, 1635an 1636.Xr wlan 4 1637interface will be created for each item in the list with the 1638.Ar wlandev 1639argument set to 1640.Ar interface . 1641Further wlan cloning arguments may be passed to the 1642.Xr ifconfig 8 1643.Cm create 1644command by setting the 1645.Va create_args_ Ns Aq Ar interface 1646variable. 1647One or more 1648.Xr wlan 4 1649devices must be created for each wireless device as of 1650.Fx 8.0 . 1651Debugging flags for 1652.Xr wlan 4 1653devices as set by 1654.Xr wlandebug 8 1655may be specified with an 1656.Va wlandebug_ Ns Aq Ar interface 1657variable. 1658The contents of this variable will be passed directly to 1659.Xr wlandebug 8 . 1660.Pp 1661If the 1662.Va ifconfig_ Ns Aq Ar interface 1663contains the keyword 1664.Dq Li NOAUTO 1665then the interface will not be configured 1666at boot or by 1667.Pa /etc/pccard_ether 1668when 1669.Va network_interfaces 1670is set to 1671.Dq Li AUTO . 1672.Pp 1673It is possible to bring up an interface with DHCP by adding 1674.Dq Li DHCP 1675to the 1676.Va ifconfig_ Ns Aq Ar interface 1677variable. 1678For instance, to initialize the 1679.Li em0 1680device via DHCP, 1681it is possible to use something like: 1682.Bd -literal 1683ifconfig_em0="DHCP" 1684.Ed 1685.Pp 1686If you want to configure your wireless interface with 1687.Xr wpa_supplicant 8 1688for use with WPA, EAP/LEAP or WEP, you need to add 1689.Dq Li WPA 1690to the 1691.Va ifconfig_ Ns Aq Ar interface 1692variable. 1693.Pp 1694On the other hand, if you want to configure your wireless interface with 1695.Xr hostapd 8 , 1696you need to add 1697.Dq Li HOSTAP 1698to the 1699.Va ifconfig_ Ns Aq Ar interface 1700variable. 1701.Xr hostapd 8 1702will use the settings from 1703.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1704.Pp 1705Finally, you can add 1706.Xr ifconfig 8 1707options in this variable, in addition to the 1708.Pa /etc/start_if . Ns Aq Ar interface 1709file. 1710For instance, to configure an 1711.Xr ath 4 1712wireless device in station mode with an address obtained 1713via DHCP, using WPA authentication and 802.11b mode, it is 1714possible to use something like: 1715.Bd -literal 1716wlans_ath0="wlan0" 1717ifconfig_wlan0="DHCP WPA mode 11b" 1718.Ed 1719.Pp 1720In addition to the 1721.Va ifconfig_ Ns Aq Ar interface 1722form, a fallback variable 1723.Va ifconfig_DEFAULT 1724may be configured. 1725It will be used for all interfaces with no 1726.Va ifconfig_ Ns Aq Ar interface 1727variable. 1728.Pp 1729It is also possible to rename an interface by doing: 1730.Bd -literal 1731ifconfig_em0_name="net0" 1732ifconfig_net0="inet 192.0.2.1/24" 1733.Ed 1734.It Va ipv6_enable 1735.Pq Vt bool 1736This variable is deprecated. 1737Use 1738.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1739and 1740.Va ipv6_activate_all_interfaces 1741if necessary. 1742.Pp 1743If the variable is 1744.Dq Li YES , 1745.Dq Li inet6 accept_rtadv 1746is added to all of 1747.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1748and the 1749.Va ipv6_activate_all_interfaces 1750is defined as 1751.Dq Li YES . 1752.It Va ipv6_prefer 1753.Pq Vt bool 1754This variable is deprecated. 1755Use 1756.Va ip6addrctl_policy 1757instead. 1758.Pp 1759If the variable is 1760.Dq Li YES , 1761the default address selection policy table set by 1762.Xr ip6addrctl 8 1763will be IPv6-preferred. 1764.Pp 1765If the variable is 1766.Dq Li NO , 1767the default address selection policy table set by 1768.Xr ip6addrctl 8 1769will be IPv4-preferred. 1770.It Va ipv6_activate_all_interfaces 1771.Pq Vt bool 1772This controls initial configuration on IPv6-capable 1773interfaces with no corresponding 1774.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1775variable. 1776Note that it is not always necessary to set this variable to 1777.Dq YES 1778to use IPv6 functionality on 1779.Fx . 1780In most cases, just configuring 1781.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1782variables works. 1783.Pp 1784If the variable is 1785.Dq Li NO , 1786all interfaces which do not have a corresponding 1787.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1788variable will be marked as 1789.Dq Li IFDISABLED 1790at creation. 1791This means that all IPv6 functionality on that interface 1792is completely disabled to enforce a security policy. 1793If the variable is set to 1794.Dq YES , 1795the flag will be cleared on all of the interfaces. 1796.Pp 1797In most cases, just defining an 1798.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1799for an IPv6-capable interface should be sufficient. 1800However, if an interface is added dynamically 1801.Pq by some tunneling protocols such as PPP, for example , 1802it is often difficult to define the variable in advance. 1803In such a case, configuring the 1804.Dq Li IFDISABLED 1805flag can be disabled by setting this variable to 1806.Dq YES . 1807.Pp 1808For more details of the 1809.Dq Li IFDISABLED 1810flag and keywords 1811.Dq Li inet6 ifdisabled , 1812see 1813.Xr ifconfig 8 . 1814.Pp 1815Default is 1816.Dq Li NO . 1817.It Va ipv6_privacy 1818.Pq Vt bool 1819If the variable is 1820.Dq Li YES 1821privacy addresses will be generated for each IPv6 1822interface as described in RFC 4941. 1823.It Va ipv6_network_interfaces 1824.Pq Vt str 1825This is the IPv6 equivalent of 1826.Va network_interfaces . 1827Normally manual configuration of this variable is not needed. 1828.It Va ipv6_cpe_wanif 1829.Pq Vt str 1830If the variable is set to an interface name, 1831the 1832.Xr ifconfig 8 1833options 1834.Dq inet6 -no_radr accept_rtadv 1835will be added to the specified interface automatically before evaluating 1836.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1837and two 1838.Xr sysctl 8 1839variables 1840.Va net.inet6.ip6.rfc6204w3 1841and 1842.Va net.inet6.ip6.no_radr 1843will be set to 1. 1844.Pp 1845This means the specified interface will accept ICMPv6 Router 1846Advertisement messages on that link and add the discovered 1847routers into the Default Router List. 1848While the other interfaces can still accept RA messages if the 1849.Dq inet6 accept_rtadv 1850option is specified, adding 1851routes into the Default Router List will be disabled by 1852.Dq inet6 no_radr 1853option by default. 1854See 1855.Xr ifconfig 8 1856for more details. 1857.Pp 1858Note that ICMPv6 Router Advertisement messages will be 1859accepted even when 1860.Va net.inet6.ip6.forwarding 1861is 1 1862.Pq packet forwarding is enabled 1863when 1864.Va net.inet6.ip6.rfc6204w3 1865is set to 1. 1866.Pp 1867Default is 1868.Dq Li NO . 1869.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1870.Pq Vt str 1871This assigns arbitrary description to an interface. 1872The 1873.Xr sysctl 8 1874variable 1875.Va net.ifdescr_maxlen 1876limits its length. 1877This static setting may be overridden by commands 1878started with dynamic interface configuration utilities 1879like 1880.Xr dhclient 8 1881hooks. 1882The description can be seen with 1883.Xr ifconfig 8 1884command and it may be exported with 1885.Xr bsnmpd 1 1886daemon using its MIB-2 module. 1887.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1888.Pq Vt str 1889IPv6 functionality on an interface should be configured by 1890.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1891instead of setting ifconfig parameters in 1892.Va ifconfig_ Ns Aq Ar interface . 1893If this variable is empty, all IPv6 configurations on the 1894specified interface by other variables such as 1895.Va ipv6_prefix_ Ns Ao Ar interface Ac 1896will be ignored. 1897.Pp 1898Aliases should be set by 1899.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1900with 1901.Dq Li inet6 1902keyword. 1903For example: 1904.Bd -literal 1905ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1906ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1907.Ed 1908.Pp 1909Interfaces that have an 1910.Dq Li inet6 accept_rtadv 1911keyword in 1912.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1913setting will be automatically configured by SLAAC 1914.Pq StateLess Address AutoConfiguration 1915described in 1916.Rs 1917.%T "RFC 4862" 1918.Re 1919.Pp 1920Note that a link-local address will be automatically configured in 1921addition to the configured global-scope addresses because the IPv6 1922specifications require it on each link. 1923The address is calculated from the MAC address by using an algorithm 1924defined in 1925.Rs 1926.%T "RFC 4862" 1927.%O "Section 5.3" 1928.Re 1929.Pp 1930If only a link-local address is needed on the interface, 1931the following configuration can be used: 1932.Bd -literal 1933ifconfig_em0_ipv6="inet6 auto_linklocal" 1934.Ed 1935.Pp 1936A link-local address can also be configured manually. 1937This is useful for the default router address of an IPv6 router 1938so that it does not change when the network interface 1939card is replaced. 1940For example: 1941.Bd -literal 1942ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1943.Ed 1944.It Va ipv6_prefix_ Ns Aq Ar interface 1945.Pq Vt str 1946If one or more prefixes are defined in 1947.Va ipv6_prefix_ Ns Aq Ar interface 1948addresses based on each prefix and the EUI-64 interface index will be 1949configured on that interface. 1950Note that this variable will be ignored when 1951.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1952is empty. 1953.Pp 1954For example, the following configuration 1955.Bd -literal 1956ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1957.Ed 1958.Pp 1959is equivalent to the following: 1960.Bd -literal 1961ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1962ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1963ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1964ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1965.Ed 1966.Pp 1967These Subnet-Router anycast addresses will be added only when 1968.Va ipv6_gateway_enable 1969is YES. 1970.It Va ipv6_default_interface 1971.Pq Vt str 1972If not set to 1973.Dq Li NO , 1974this is the default output interface for scoped addresses. 1975This works only with ipv6_gateway_enable="NO". 1976.It Va ip6addrctl_enable 1977.Pq Vt bool 1978This variable is to enable configuring default address selection policy table 1979.Pq RFC 3484 . 1980The table can be specified in another variable 1981.Va ip6addrctl_policy . 1982For 1983.Va ip6addrctl_policy 1984the following keywords can be specified: 1985.Dq Li ipv4_prefer , 1986.Dq Li ipv6_prefer , 1987or 1988.Dq Li AUTO . 1989.Pp 1990If 1991.Dq Li ipv4_prefer 1992or 1993.Dq Li ipv6_prefer 1994is specified, 1995.Xr ip6addrctl 8 1996installs a pre-defined policy table described in Section 10.3 1997.Pq IPv4-preferred 1998or 2.1 1999.Pq IPv6-preferred 2000of RFC 3484. 2001.Pp 2002If 2003.Dq Li AUTO 2004is specified, it attempts to read a file 2005.Pa /etc/ip6addrctl.conf 2006first. 2007If this file is found, 2008.Xr ip6addrctl 8 2009reads and installs it. 2010If not found, a policy is automatically set 2011according to 2012.Va ipv6_activate_all_interfaces 2013variable; if the variable is set to 2014.Dq Li YES 2015the IPv6-preferred one is used. 2016Otherwise IPv4-preferred. 2017.Pp 2018The default value of 2019.Va ip6addrctl_enable 2020and 2021.Va ip6addrctl_policy 2022are 2023.Dq Li YES 2024and 2025.Dq Li AUTO , 2026respectively. 2027.It Va cloned_interfaces 2028.Pq Vt str 2029Set to the list of clonable network interfaces to create on this host. 2030Further cloning arguments may be passed to the 2031.Xr ifconfig 8 2032.Cm create 2033command for each interface by setting the 2034.Va create_args_ Ns Aq Ar interface 2035variable. 2036If an interface name is specified with 2037.Dq :sticky 2038keyword, 2039the interface will not be destroyed even when 2040.Pa rc.d/netif 2041script is invoked with 2042.Dq stop 2043argument. 2044This is useful when reconfiguring the interface without destroying it. 2045Entries in 2046.Va cloned_interfaces 2047are automatically appended to 2048.Va network_interfaces 2049for configuration. 2050.It Va cloned_interfaces_sticky 2051.Pq Vt bool 2052This variable is to globally enable functionality of 2053.Dq :sticky 2054keyword in 2055.Va cloned_interfaces 2056for all interfaces. 2057The default value is 2058.Dq NO . 2059Even if this variable is specified to 2060.Dq YES , 2061.Dq :nosticky 2062keyword can be used to override it on per interface basis. 2063.It Va gif_interfaces 2064Set to the list of 2065.Xr gif 4 2066tunnel interfaces to configure on this host. 2067A 2068.Va gifconfig_ Ns Aq Ar interface 2069variable is assumed to exist for each value of 2070.Ar interface . 2071The value of this variable is used to configure the link layer of the 2072tunnel using the 2073.Cm tunnel 2074option to 2075.Xr ifconfig 8 . 2076Additionally, this option ensures that each listed interface is created 2077via the 2078.Cm create 2079option to 2080.Xr ifconfig 8 2081before attempting to configure it. 2082.Pp 2083For example, configure two 2084.Xr gif 4 2085interfaces with: 2086.Bd -literal 2087gif_interfaces="gif0 gif1" 2088gifconfig_gif0="100.64.0.1 100.64.0.2" 2089ifconfig_gif0="inet 10.0.0.1/30 10.0.0.2" 2090gifconfig_gif1="inet6 2a00::1 2a01::1" 2091ifconfig_gif1="inet 10.1.0.1/30 10.1.0.2" 2092.Ed 2093.It Va ppp_enable 2094.Pq Vt bool 2095If set to 2096.Dq Li YES , 2097run the 2098.Xr ppp 8 2099daemon. 2100.It Va ppp_profile 2101.Pq Vt str 2102The name of the profile to use from 2103.Pa /etc/ppp/ppp.conf . 2104Also used for per-profile overrides of 2105.Va ppp_mode 2106and 2107.Va ppp_nat , 2108and 2109.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2110When the profile name contains any of the characters 2111.Dq Li .-/+ 2112they are translated to 2113.Dq Li _ 2114for the proposes of the override variable names. 2115.It Va ppp_mode 2116.Pq Vt str 2117Mode in which to run the 2118.Xr ppp 8 2119daemon. 2120.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2121.Pq Vt str 2122Overrides the global 2123.Va ppp_mode 2124for 2125.Ar profile . 2126Accepted modes are 2127.Dq Li auto , 2128.Dq Li ddial , 2129.Dq Li direct 2130and 2131.Dq Li dedicated . 2132See the manual for a full description. 2133.It Va ppp_nat 2134.Pq Vt bool 2135If set to 2136.Dq Li YES , 2137enables network address translation. 2138Used in conjunction with 2139.Va gateway_enable 2140allows hosts on private network addresses access to the Internet using 2141this host as a network address translating router. 2142Default is 2143.Dq Li YES . 2144.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2145.Pq Vt str 2146Overrides the global 2147.Va ppp_nat 2148for 2149.Ar profile . 2150.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2151.Pq Vt int 2152Set the unit number to be used for this profile. 2153See the manual description of 2154.Fl unit Ns Ar N 2155for details. 2156.It Va ppp_user 2157.Pq Vt str 2158The name of the user under which 2159.Xr ppp 8 2160should be started. 2161By 2162default, 2163.Xr ppp 8 2164is started as 2165.Dq Li root . 2166.It Va rc_conf_files 2167.Pq Vt str 2168This option is used to specify a list of files that will override 2169the settings in 2170.Pa /etc/defaults/rc.conf . 2171The files will be read in the order in which they are specified and should 2172include the full path to the file. 2173By default, the files specified are 2174.Pa /etc/rc.conf 2175and 2176.Pa /etc/rc.conf.local . 2177.It Va zfs_enable 2178.Pq Vt bool 2179If set to 2180.Dq Li YES , 2181.Pa /etc/rc.d/zfs 2182will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2183(ZVOLs). 2184.It Va zpool_reguid 2185.Pq Vt str 2186A space-separated list of ZFS pool names for which new pool GUIDs should be 2187assigned upon first boot. 2188This is useful when using a ZFS pool copied from a template, such as a virtual 2189machine image. 2190.It Va zpool_upgrade 2191.Pq Vt str 2192A space-separated list of ZFS pool names for which the version should be 2193upgraded upon first boot. 2194This is useful when using a ZFS pool generated by the 2195.Xr makefs 8 2196utility. 2197.It Va gptboot_enable 2198.Pq Vt bool 2199If set to 2200.Dq Li YES , 2201.Pa /etc/rc.d/gptboot 2202will log if the system successfully (or not) booted from a GPT partition, 2203which had the 2204.Ar bootonce 2205attribute set using 2206.Xr gpart 8 2207utility. 2208.It Va geli_devices 2209.Pq Vt str 2210List of devices to automatically attach on boot. 2211Note that .eli devices from 2212.Pa /etc/fstab 2213are automatically appended to this list. 2214.It Va geli_groups 2215.Pq Vt str 2216List of groups containing devices to automatically attach on boot with the same 2217keyfiles and passphrase. 2218This must be accompanied with a corresponding 2219.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2220variable. 2221.It Va geli_tries 2222.Pq Vt int 2223Number of times user is asked for the pass-phrase. 2224If empty, it will be taken from 2225.Va kern.geom.eli.tries 2226sysctl variable. 2227.It Va geli_default_flags 2228.Pq Vt str 2229Default flags to use by 2230.Xr geli 8 2231when configuring disk encryption. 2232Flags can be configured for every device separately by defining the 2233.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2234variable, and for every group separately by defining the 2235.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2236variable. 2237.It Va geli_autodetach 2238.Pq Vt str 2239Specifies if GELI devices should be marked for detach on last close after 2240file systems are mounted. 2241Default is 2242.Dq Li YES . 2243This can be changed for every device separately by defining the 2244.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2245variable. 2246.It Va root_rw_mount 2247.Pq Vt bool 2248Set to 2249.Dq Li YES 2250by default. 2251After the file systems are checked at boot time, the root file system 2252is remounted as read-write if this is set to 2253.Dq Li YES . 2254Diskless systems that mount their root file system from a read-only remote 2255NFS share should set this to 2256.Dq Li NO 2257in their 2258.Pa rc.conf . 2259.It Va fsck_y_enable 2260.Pq Vt bool 2261If set to 2262.Dq Li YES , 2263.Xr fsck 8 2264will be run with the 2265.Fl y 2266flag if the initial preen 2267of the file systems fails. 2268.It Va background_fsck 2269.Pq Vt bool 2270If set to 2271.Dq Li NO , 2272the system will not attempt to run 2273.Xr fsck 8 2274in the background where possible. 2275.It Va background_fsck_delay 2276.Pq Vt int 2277The amount of time in seconds to sleep before starting a background 2278.Xr fsck 8 . 2279It defaults to sixty seconds to allow large applications such as 2280the X server to start before disk I/O bandwidth is monopolized by 2281.Xr fsck 8 . 2282If set to a negative number, the background file system check will be 2283delayed indefinitely to allow the administrator to run it at a more 2284convenient time. 2285For example it may be run from 2286.Xr cron 8 2287by adding a line like 2288.Pp 2289.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2290.Pp 2291to 2292.Pa /etc/crontab . 2293.It Va netfs_types 2294.Pq Vt str 2295List of file system types that are network-based. 2296This list should generally not be modified by end users. 2297Use 2298.Va extra_netfs_types 2299instead. 2300.It Va extra_netfs_types 2301.Pq Vt str 2302If set to something other than 2303.Dq Li NO 2304(the default), 2305this variable extends the list of file system types 2306for which automatic mounting at startup by 2307.Xr rc 8 2308should be delayed until the network is initialized. 2309It should contain 2310a whitespace-separated list of network file system descriptor pairs, 2311each consisting of a file system type as passed to 2312.Xr mount 8 2313and a human-readable, one-word description, 2314joined with a colon 2315.Pq Ql \&: . 2316Extending the default list in this way is only necessary 2317when third party file system types are used. 2318.It Va syslogd_enable 2319.Pq Vt bool 2320If set to 2321.Dq Li YES , 2322run the 2323.Xr syslogd 8 2324daemon. 2325Note, the 2326.Va syslogd_oomprotect 2327variable is set to 2328.Dq Li YES 2329by default in 2330.Pa /etc/defaults/rc.conf . 2331.It Va syslogd_program 2332.Pq Vt str 2333Path to 2334.Xr syslogd 8 2335(default 2336.Pa /usr/sbin/syslogd ) . 2337.It Va syslogd_flags 2338.Pq Vt str 2339If 2340.Va syslogd_enable 2341is set to 2342.Dq Li YES , 2343these are the flags to pass to 2344.Xr syslogd 8 . 2345.It Va inetd_enable 2346.Pq Vt bool 2347If set to 2348.Dq Li YES , 2349run the 2350.Xr inetd 8 2351daemon. 2352.It Va inetd_program 2353.Pq Vt str 2354Path to 2355.Xr inetd 8 2356(default 2357.Pa /usr/sbin/inetd ) . 2358.It Va inetd_flags 2359.Pq Vt str 2360If 2361.Va inetd_enable 2362is set to 2363.Dq Li YES , 2364these are the flags to pass to 2365.Xr inetd 8 . 2366.It Va hastd_enable 2367.Pq Vt bool 2368If set to 2369.Dq Li YES , 2370run the 2371.Xr hastd 8 2372daemon. 2373.It Va hastd_program 2374.Pq Vt str 2375Path to 2376.Xr hastd 8 2377(default 2378.Pa /sbin/hastd ) . 2379.It Va hastd_flags 2380.Pq Vt str 2381If 2382.Va hastd_enable 2383is set to 2384.Dq Li YES , 2385these are the flags to pass to 2386.Xr hastd 8 . 2387.It Va local_unbound_enable 2388.Pq Vt bool 2389If set to 2390.Dq Li YES , 2391run the 2392.Xr unbound 8 2393daemon as a local caching DNS resolver. 2394Note, the 2395.Va local_unbound_oomprotect 2396variable is set to 2397.Dq Li YES 2398by default in 2399.Pa /etc/defaults/rc.conf . 2400.It Va nscd_enable 2401.Pq Vt bool 2402Set to 2403.Dq Li YES 2404to start the 2405.Xr nscd 8 2406caching daemon for the 2407.Nm nsswitch 2408subsystem. 2409.It Va nscd_flags 2410.Pq Vt str 2411If 2412.Va nscd_enable 2413is set to 2414.Dq Li YES , 2415these flags are passed to 2416.Xr nscd 8 . 2417.It Va kdc_enable 2418.Pq Vt bool 2419Set to 2420.Dq Li YES 2421to start a Kerberos 5 authentication server 2422at boot time. 2423.It Va kdc_program 2424.Pq Vt str 2425If 2426.Va kdc_enable 2427is set to 2428.Dq Li YES 2429this is the path to Kerberos 5 Authentication Server. 2430.It Va kdc_flags 2431.Pq Vt str 2432Empty by default. 2433This variable contains additional flags to be passed to the Kerberos 5 2434authentication server. 2435.It Va kadmind_enable 2436.Pq Vt bool 2437Set to 2438.Dq Li YES 2439to start 2440.Xr kadmind 8 , 2441the Kerberos 5 Administration Daemon; set to 2442.Dq Li NO 2443on a slave server. 2444.It Va kadmind_program 2445.Pq Vt str 2446If 2447.Va kadmind_enable 2448is set to 2449.Dq Li YES 2450this is the path to Kerberos 5 Administration Daemon. 2451.It Va kpasswdd_enable 2452.Pq Vt bool 2453Set to 2454.Dq Li YES 2455to start 2456.Xr kpasswdd 8 , 2457the Kerberos 5 Password-Changing Daemon; set to 2458.Dq Li NO 2459on a slave server. 2460.It Va kpasswdd_program 2461.Pq Vt str 2462If 2463.Va kpasswdd_enable 2464is set to 2465.Dq Li YES 2466this is the path to Kerberos 5 Password-Changing Daemon. 2467.It Va kfd_enable 2468.Pq Vt bool 2469Set to 2470.Dq Li YES 2471to start 2472.Xr kfd 8 , 2473the Kerberos 5 ticket forwarding daemon, at the boot time. 2474.It Va kfd_program 2475.Pq Vt str 2476Path to 2477.Xr kfd 8 2478(default 2479.Pa /usr/libexec/kfd ) . 2480.It Va rwhod_enable 2481.Pq Vt bool 2482If set to 2483.Dq Li YES , 2484run the 2485.Xr rwhod 8 2486daemon at boot time. 2487.It Va rwhod_flags 2488.Pq Vt str 2489If 2490.Va rwhod_enable 2491is set to 2492.Dq Li YES , 2493these are the flags to pass to it. 2494.It Va update_motd 2495.Pq Vt bool 2496If set to 2497.Dq Li YES , 2498.Pa /var/run/motd 2499will be updated at boot time to reflect the kernel release 2500being run. 2501If set to 2502.Dq Li NO , 2503.Pa /var/run/motd 2504will not be updated. 2505.It Va nfs_client_enable 2506.Pq Vt bool 2507If set to 2508.Dq Li YES , 2509run the NFS client daemons at boot time. 2510.It Va nfs_access_cache 2511.Pq Vt int 2512If 2513.Va nfs_client_enable 2514is set to 2515.Dq Li YES , 2516this can be set to 2517.Dq Li 0 2518to disable NFS ACCESS RPC caching, or to the number of seconds for which 2519NFS ACCESS 2520results should be cached. 2521A value of 2-10 seconds will substantially reduce network 2522traffic for many NFS operations. 2523.It Va nfs_server_enable 2524.Pq Vt bool 2525If set to 2526.Dq Li YES , 2527run the NFS server daemons at boot time. 2528.It Va nfs_server_flags 2529.Pq Vt str 2530If 2531.Va nfs_server_enable 2532is set to 2533.Dq Li YES , 2534these are the flags to pass to the 2535.Xr nfsd 8 2536daemon. 2537.It Va nfsv4_server_enable 2538.Pq Vt bool 2539If 2540.Va nfs_server_enable 2541is set to 2542.Dq Li YES 2543and 2544.Va nfsv4_server_enable 2545is set to 2546.Dq Li YES , 2547enable the server for NFSv4 as well as NFSv2 and NFSv3. 2548.It Va nfsv4_server_only 2549.Pq Vt bool 2550If 2551.Va nfs_server_enable 2552is set to 2553.Dq Li YES 2554and 2555.Va nfsv4_server_only 2556is set to 2557.Dq Li YES , 2558enable the NFS server for NFSv4 only. 2559.It Va nfs_server_maxio 2560.Pq Vt int 2561value to set vfs.nfsd.srvmaxio to, which is the 2562maximum I/O size for the NFS server. 2563.It Va tlsclntd_enable 2564.Pq Vt bool 2565If set to 2566.Dq Li YES , 2567run the 2568.Xr rpc.tlsclntd 8 2569daemon, which is needed for NFS-over-TLS NFS mounts. 2570.It Va tlsservd_enable 2571.Pq Vt bool 2572If set to 2573.Dq Li YES , 2574run the 2575.Xr rpc.tlsservd 8 2576daemon, which is needed for the 2577.Xr nfsd 8 2578to support NFS-over-TLS NFS mounts. 2579.It Va nfsuserd_enable 2580.Pq Vt bool 2581If 2582.Va nfsuserd_enable 2583is set to 2584.Dq Li YES , 2585run the nfsuserd daemon, which is needed for NFSv4 in order 2586to map between user/group names vs uid/gid numbers. 2587If 2588.Va nfsv4_server_enable 2589is set to 2590.Dq Li YES , 2591this will be forced enabled. 2592.It Va nfsuserd_flags 2593.Pq Vt str 2594If 2595.Va nfsuserd_enable 2596is set to 2597.Dq Li YES , 2598these are the flags to pass to the 2599.Xr nfsuserd 8 2600daemon. 2601.It Va nfscbd_enable 2602.Pq Vt bool 2603If 2604.Va nfscbd_enable 2605is set to 2606.Dq Li YES , 2607run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2608.It Va nfscbd_flags 2609.Pq Vt str 2610If 2611.Va nfscbd_enable 2612is set to 2613.Dq Li YES , 2614these are the flags to pass to the 2615.Xr nfscbd 8 2616daemon. 2617.It Va mountd_enable 2618.Pq Vt bool 2619If set to 2620.Dq Li YES , 2621and no 2622.Va nfs_server_enable 2623is set, start 2624.Xr mountd 8 , 2625but not 2626.Xr nfsd 8 2627daemon. 2628It is commonly needed to run CFS without real NFS used. 2629.It Va mountd_flags 2630.Pq Vt str 2631If 2632.Va mountd_enable 2633is set to 2634.Dq Li YES , 2635these are the flags to pass to the 2636.Xr mountd 8 2637daemon. 2638.It Va weak_mountd_authentication 2639.Pq Vt bool 2640If set to 2641.Dq Li YES , 2642allow services like PCNFSD to make non-privileged mount 2643requests. 2644.It Va nfs_reserved_port_only 2645.Pq Vt bool 2646If set to 2647.Dq Li YES , 2648provide NFS services only on a secure port. 2649.It Va nfs_bufpackets 2650.Pq Vt int 2651If set to a number, indicates the number of packets worth of 2652socket buffer space to reserve on an NFS client. 2653The kernel default is typically 4. 2654Using a higher number may be 2655useful on gigabit networks to improve performance. 2656The minimum value is 26572 and the maximum is 64. 2658.It Va rpc_lockd_enable 2659.Pq Vt bool 2660If set to 2661.Dq Li YES 2662and also an NFS server or client, run 2663.Xr rpc.lockd 8 2664at boot time. 2665.It Va rpc_lockd_flags 2666.Pq Vt str 2667If 2668.Va rpc_lockd_enable 2669is set to 2670.Dq Li YES , 2671these are the flags to pass to the 2672.Xr rpc.lockd 8 2673daemon. 2674.It Va rpc_statd_enable 2675.Pq Vt bool 2676If set to 2677.Dq Li YES 2678and also an NFS server or client, run 2679.Xr rpc.statd 8 2680at boot time. 2681.It Va rpc_statd_flags 2682.Pq Vt str 2683If 2684.Va rpc_statd_enable 2685is set to 2686.Dq Li YES , 2687these are the flags to pass to the 2688.Xr rpc.statd 8 2689daemon. 2690.It Va rpcbind_program 2691.Pq Vt str 2692Path to 2693.Xr rpcbind 8 2694(default 2695.Pa /usr/sbin/rpcbind ) . 2696.It Va rpcbind_enable 2697.Pq Vt bool 2698If set to 2699.Dq Li YES , 2700run the 2701.Xr rpcbind 8 2702service at boot time. 2703.It Va rpcbind_flags 2704.Pq Vt str 2705If 2706.Va rpcbind_enable 2707is set to 2708.Dq Li YES , 2709these are the flags to pass to the 2710.Xr rpcbind 8 2711daemon. 2712.It Va keyserv_enable 2713.Pq Vt bool 2714If set to 2715.Dq Li YES , 2716run the 2717.Xr keyserv 8 2718daemon on boot for running Secure RPC. 2719.It Va keyserv_flags 2720.Pq Vt str 2721If 2722.Va keyserv_enable 2723is set to 2724.Dq Li YES , 2725these are the flags to pass to 2726.Xr keyserv 8 2727daemon. 2728.It Va pppoed_enable 2729.Pq Vt bool 2730If set to 2731.Dq Li YES , 2732run the 2733.Xr pppoed 8 2734daemon at boot time to provide PPP over Ethernet services. 2735.It Va pppoed_ Ns Aq Ar provider 2736.Pq Vt str 2737.Xr pppoed 8 2738listens to requests to this 2739.Ar provider 2740and ultimately runs 2741.Xr ppp 8 2742with a 2743.Ar system 2744argument of the same name. 2745.It Va pppoed_flags 2746.Pq Vt str 2747Additional flags to pass to 2748.Xr pppoed 8 . 2749.It Va pppoed_interface 2750.Pq Vt str 2751The network interface to run 2752.Xr pppoed 8 2753on. 2754This is mandatory when 2755.Va pppoed_enable 2756is set to 2757.Dq Li YES . 2758.It Va ntpdate_enable 2759.Pq Vt bool 2760If set to 2761.Dq Li YES , 2762run 2763.Xr ntpdate 8 2764at system startup. 2765This command is intended to 2766synchronize the system clock only 2767.Em once 2768from some standard reference. 2769.Pp 2770Note that the use of the 2771.Va ntpd_sync_on_start 2772variable is a preferred alternative to the 2773.Xr ntpdate 8 2774utility as 2775.Xr ntpdate 8 2776is to be retired from the NTP distribution. 2777.It Va ntpdate_config 2778.Pq Vt str 2779Configuration file for 2780.Xr ntpdate 8 . 2781Default 2782.Pa /etc/ntp.conf . 2783.It Va ntpdate_hosts 2784.Pq Vt str 2785A whitespace-separated list of NTP servers to synchronize with at startup. 2786The default is to use the servers listed in 2787.Va ntpdate_config , 2788if that file exists. 2789.It Va ntpdate_program 2790.Pq Vt str 2791Path to 2792.Xr ntpdate 8 2793(default 2794.Pa /usr/sbin/ntpdate ) . 2795.It Va ntpdate_flags 2796.Pq Vt str 2797If 2798.Va ntpdate_enable 2799is set to 2800.Dq Li YES , 2801these are the flags to pass to the 2802.Xr ntpdate 8 2803command (typically a hostname). 2804.It Va ntpd_enable 2805.Pq Vt bool 2806If set to 2807.Dq Li YES , 2808run the 2809.Xr ntpd 8 2810command at boot time. 2811.It Va ntpd_program 2812.Pq Vt str 2813Path to 2814.Xr ntpd 8 2815(default 2816.Pa /usr/sbin/ntpd ) . 2817.It Va ntpd_config 2818.Pq Vt str 2819Path to 2820.Xr ntpd 8 2821configuration file. 2822Default 2823.Pa /etc/ntp.conf . 2824.It Va ntpd_flags 2825.Pq Vt str 2826If 2827.Va ntpd_enable 2828is set to 2829.Dq Li YES , 2830these are the flags to pass to the 2831.Xr ntpd 8 2832daemon. 2833.It Va ntpd_sync_on_start 2834.Pq Vt bool 2835If set to 2836.Dq Li YES , 2837.Xr ntpd 8 2838is run with the 2839.Fl g 2840flag, which syncs the system's clock on startup. 2841See 2842.Xr ntpd 8 2843for more information regarding the 2844.Fl g 2845option. 2846This is a preferred alternative to using 2847.Xr ntpdate 8 2848or specifying the 2849.Va ntpdate_enable 2850variable. 2851.It Va nis_client_enable 2852.Pq Vt bool 2853If set to 2854.Dq Li YES , 2855run the 2856.Xr ypbind 8 2857service at system boot time. 2858.It Va nis_client_flags 2859.Pq Vt str 2860If 2861.Va nis_client_enable 2862is set to 2863.Dq Li YES , 2864these are the flags to pass to the 2865.Xr ypbind 8 2866service. 2867.It Va nis_ypldap_enable 2868.Pq Vt bool 2869If set to 2870.Dq Li YES , 2871run the 2872.Xr ypldap 8 2873daemon at system boot time. 2874.It Va nis_ypldap_flags 2875.Pq Vt str 2876If 2877.Va nis.ypldap_enable 2878is set to 2879.Dq Li YES , 2880these are the flags to pass to the 2881.Xr ypldap 8 2882daemon. 2883.It Va nis_ypset_enable 2884.Pq Vt bool 2885If set to 2886.Dq Li YES , 2887run the 2888.Xr ypset 8 2889daemon at system boot time. 2890.It Va nis_ypset_flags 2891.Pq Vt str 2892If 2893.Va nis_ypset_enable 2894is set to 2895.Dq Li YES , 2896these are the flags to pass to the 2897.Xr ypset 8 2898daemon. 2899.It Va nis_server_enable 2900.Pq Vt bool 2901If set to 2902.Dq Li YES , 2903run the 2904.Xr ypserv 8 2905daemon at system boot time. 2906.It Va nis_server_flags 2907.Pq Vt str 2908If 2909.Va nis_server_enable 2910is set to 2911.Dq Li YES , 2912these are the flags to pass to the 2913.Xr ypserv 8 2914daemon. 2915.It Va nis_ypxfrd_enable 2916.Pq Vt bool 2917If set to 2918.Dq Li YES , 2919run the 2920.Xr rpc.ypxfrd 8 2921daemon at system boot time. 2922.It Va nis_ypxfrd_flags 2923.Pq Vt str 2924If 2925.Va nis_ypxfrd_enable 2926is set to 2927.Dq Li YES , 2928these are the flags to pass to the 2929.Xr rpc.ypxfrd 8 2930daemon. 2931.It Va nis_yppasswdd_enable 2932.Pq Vt bool 2933If set to 2934.Dq Li YES , 2935run the 2936.Xr rpc.yppasswdd 8 2937daemon at system boot time. 2938.It Va nis_yppasswdd_flags 2939.Pq Vt str 2940If 2941.Va nis_yppasswdd_enable 2942is set to 2943.Dq Li YES , 2944these are the flags to pass to the 2945.Xr rpc.yppasswdd 8 2946daemon. 2947.It Va rpc_ypupdated_enable 2948.Pq Vt bool 2949If set to 2950.Dq Li YES , 2951run the 2952.Nm rpc.ypupdated 2953daemon at system boot time. 2954.It Va bsnmpd_enable 2955.Pq Vt bool 2956If set to 2957.Dq Li YES , 2958run the 2959.Xr bsnmpd 1 2960daemon at system boot time. 2961Be sure to understand the security implications of running an SNMP daemon 2962on your host. 2963.It Va bsnmpd_flags 2964.Pq Vt str 2965If 2966.Va bsnmpd_enable 2967is set to 2968.Dq Li YES , 2969these are the flags to pass to the 2970.Xr bsnmpd 1 2971daemon. 2972.It Va defaultrouter 2973.Pq Vt str 2974If not set to 2975.Dq Li NO , 2976create a default route to this host name or IP address 2977(use an IP address if this router is also required to get to the 2978name server!). 2979.It Va defaultrouter_fibN 2980.Pq Vt str 2981If not set to 2982.Dq Li NO , 2983create a default route in FIB N to this host name or IP address. 2984.It Va ipv6_defaultrouter 2985.Pq Vt str 2986The IPv6 equivalent of 2987.Va defaultrouter . 2988.It Va ipv6_defaultrouter_fibN 2989.Pq Vt str 2990The IPv6 equivalent of 2991.Va defaultrouter_fibN . 2992.It Va static_arp_pairs 2993.Pq Vt str 2994Set to the list of static ARP pairs that are to be added at system 2995boot time. 2996For each whitespace separated 2997.Ar element 2998in the value, a 2999.Va static_arp_ Ns Aq Ar element 3000variable is assumed to exist whose contents will later be passed to a 3001.Dq Nm arp Cm -S 3002operation. 3003For example 3004.Bd -literal 3005static_arp_pairs="gw" 3006static_arp_gw="192.168.1.1 00:01:02:03:04:05" 3007.Ed 3008.It Va static_ndp_pairs 3009.Pq Vt str 3010Set to the list of static NDP pairs that are to be added at system 3011boot time. 3012For each whitespace separated 3013.Ar element 3014in the value, a 3015.Va static_ndp_ Ns Aq Ar element 3016variable is assumed to exist whose contents will later be passed to a 3017.Dq Nm ndp Cm -s 3018operation. 3019For example 3020.Bd -literal 3021static_ndp_pairs="gw" 3022static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 3023.Ed 3024.It Va static_routes 3025.Pq Vt str 3026Set to the list of static routes that are to be added at system 3027boot time. 3028If not set to 3029.Dq Li NO 3030then for each whitespace separated 3031.Ar element 3032in the value, a 3033.Va route_ Ns Aq Ar element 3034variable is assumed to exist 3035whose contents will later be passed to a 3036.Dq Nm route Cm add 3037operation. 3038For example: 3039.Bd -literal 3040static_routes="ext mcast:gif0 gif0local:gif0" 3041route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3042route_mcast="-net 224.0.0.0/4 -iface gif0" 3043route_gif0local="-host 169.254.1.1 -iface lo0" 3044.Ed 3045.Pp 3046When an 3047.Ar element 3048is in the form of 3049.Li name:ifname , 3050the route is specific to the interface 3051.Li ifname . 3052.It Va ipv6_static_routes 3053.Pq Vt str 3054The IPv6 equivalent of 3055.Va static_routes . 3056If not set to 3057.Dq Li NO 3058then for each whitespace separated 3059.Ar element 3060in the value, a 3061.Va ipv6_route_ Ns Aq Ar element 3062variable is assumed to exist 3063whose contents will later be passed to a 3064.Dq Nm route Cm add Fl inet6 3065operation. 3066.It Va gateway_enable 3067.Pq Vt bool 3068If set to 3069.Dq Li YES , 3070configure host to act as an IP router, e.g.\& to forward packets 3071between interfaces. 3072.It Va ipv6_gateway_enable 3073.Pq Vt bool 3074The IPv6 equivalent of 3075.Va gateway_enable . 3076.It Va routed_enable 3077.Pq Vt bool 3078If set to 3079.Dq Li YES , 3080run a routing daemon of some sort, based on the 3081settings of 3082.Va routed_program 3083and 3084.Va routed_flags . 3085.It Va route6d_enable 3086.Pq Vt bool 3087The IPv6 equivalent of 3088.Va routed_enable . 3089If set to 3090.Dq Li YES , 3091run a routing daemon of some sort, based on the 3092settings of 3093.Va route6d_program 3094and 3095.Va route6d_flags . 3096.It Va routed_program 3097.Pq Vt str 3098If 3099.Va routed_enable 3100is set to 3101.Dq Li YES , 3102this is the name of the routing daemon to use. 3103The default is 3104.Xr routed 8 . 3105.It Va route6d_program 3106.Pq Vt str 3107The IPv6 equivalent of 3108.Va routed_program . 3109The default is 3110.Xr route6d 8 . 3111.It Va routed_flags 3112.Pq Vt str 3113If 3114.Va routed_enable 3115is set to 3116.Dq Li YES , 3117these are the flags to pass to the routing daemon. 3118.It Va route6d_flags 3119.Pq Vt str 3120The IPv6 equivalent of 3121.Va routed_flags . 3122.It Va rtadvd_enable 3123.Pq Vt bool 3124If set to 3125.Dq Li YES , 3126run the 3127.Xr rtadvd 8 3128daemon at boot time. 3129The 3130.Xr rtadvd 8 3131utility sends ICMPv6 Router Advertisement messages to 3132the interfaces specified in 3133.Va rtadvd_interfaces . 3134This should only be enabled with great care. 3135You may want to fine-tune 3136.Xr rtadvd.conf 5 . 3137.It Va rtadvd_interfaces 3138.Pq Vt str 3139If 3140.Va rtadvd_enable 3141is set to 3142.Dq Li YES 3143this is the list of interfaces to use. 3144.It Va arpproxy_all 3145.Pq Vt bool 3146If set to 3147.Dq Li YES , 3148enable global proxy ARP. 3149.It Va forward_sourceroute 3150.Pq Vt bool 3151If set to 3152.Dq Li YES 3153and 3154.Va gateway_enable 3155is also set to 3156.Dq Li YES , 3157source-routed packets are forwarded. 3158.It Va accept_sourceroute 3159.Pq Vt bool 3160If set to 3161.Dq Li YES , 3162the system will accept source-routed packets directed at it. 3163.It Va rarpd_enable 3164.Pq Vt bool 3165If set to 3166.Dq Li YES , 3167run the 3168.Xr rarpd 8 3169daemon at system boot time. 3170.It Va rarpd_flags 3171.Pq Vt str 3172If 3173.Va rarpd_enable 3174is set to 3175.Dq Li YES , 3176these are the flags to pass to the 3177.Xr rarpd 8 3178daemon. 3179.It Va bootparamd_enable 3180.Pq Vt bool 3181If set to 3182.Dq Li YES , 3183run the 3184.Xr bootparamd 8 3185daemon at system boot time. 3186.It Va bootparamd_flags 3187.Pq Vt str 3188If 3189.Va bootparamd_enable 3190is set to 3191.Dq Li YES , 3192these are the flags to pass to the 3193.Xr bootparamd 8 3194daemon. 3195.It Va stf_interface_ipv4addr 3196.Pq Vt str 3197If not set to 3198.Dq Li NO , 3199this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3200interface). 3201Specify this entry to enable the 6to4 interface. 3202.It Va stf_interface_ipv4plen 3203.Pq Vt int 3204Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3205An effective value is 0-31. 3206.It Va stf_interface_ipv6_ifid 3207.Pq Vt str 3208IPv6 interface ID for 3209.Xr stf 4 . 3210This can be set to 3211.Dq Li AUTO . 3212.It Va stf_interface_ipv6_slaid 3213.Pq Vt str 3214IPv6 Site Level Aggregator for 3215.Xr stf 4 . 3216.It Va ipv6_ipv4mapping 3217.Pq Vt bool 3218If set to 3219.Dq Li YES 3220this enables IPv4 mapped IPv6 address communication (like 3221.Li ::ffff:a.b.c.d ) . 3222.It Va rtsold_enable 3223.Pq Vt bool 3224Set to 3225.Dq Li YES 3226to enable the 3227.Xr rtsold 8 3228daemon to send ICMPv6 Router Solicitation messages. 3229.It Va rtsold_flags 3230.Pq Vt str 3231If 3232.Va rtsold_enable 3233is set to 3234.Dq Li YES , 3235these are the flags to pass to 3236.Xr rtsold 8 . 3237.It Va rtsol_flags 3238.Pq Vt str 3239For interfaces configured with the 3240.Dq Li inet6 accept_rtadv 3241keyword, these are the flags to pass to 3242.Xr rtsol 8 . 3243.Pp 3244Note that 3245.Va rtsold_enable 3246is mutually exclusive to 3247.Va rtsol_flags ; 3248.Va rtsold_enable 3249takes precedence. 3250.It Va keybell 3251.Pq Vt str 3252The keyboard bell sound. 3253Set to 3254.Dq Li normal , 3255.Dq Li visual , 3256.Dq Li off , 3257or 3258.Dq Li NO 3259if the default behavior is desired. 3260For details, refer to the 3261.Xr kbdcontrol 1 3262manpage. 3263.It Va keyboard 3264.Pq Vt str 3265If set to a non-null string, the virtual console's keyboard input is 3266set to this device. 3267.It Va keymap 3268.Pq Vt str 3269If set to 3270.Dq Li NO , 3271no keymap is installed, otherwise the value is used to install 3272the keymap file found in 3273.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3274(if using 3275.Xr syscons 4 ) or 3276.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3277(if using 3278.Xr vt 4 ) . 3279.It Va keyrate 3280.Pq Vt str 3281The keyboard repeat speed. 3282Set to 3283.Dq Li slow , 3284.Dq Li normal , 3285.Dq Li fast , 3286or 3287.Dq Li NO 3288if the default behavior is desired. 3289.It Va keychange 3290.Pq Vt str 3291If not set to 3292.Dq Li NO , 3293attempt to program the function keys with the value. 3294The value should 3295be a single string of the form: 3296.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3297.It Va cursor 3298.Pq Vt str 3299Can be set to the value of 3300.Dq Li normal , 3301.Dq Li blink , 3302.Dq Li destructive , 3303or 3304.Dq Li NO 3305to set the cursor behavior explicitly or choose the default behavior. 3306.It Va scrnmap 3307.Pq Vt str 3308If set to 3309.Dq Li NO , 3310no screen map is installed, otherwise the value is used to install 3311the screen map file in 3312.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3313This parameter is ignored when using 3314.Xr vt 4 3315as the console driver. 3316.It Va font8x16 3317.Pq Vt str 3318If set to 3319.Dq Li NO , 3320the default 8x16 font value is used for screen size requests, otherwise 3321the value in 3322.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3323or 3324.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3325is used (depending on the console driver being used). 3326.It Va font8x14 3327.Pq Vt str 3328If set to 3329.Dq Li NO , 3330the default 8x14 font value is used for screen size requests, otherwise 3331the value in 3332.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3333or 3334.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3335is used (depending on the console driver being used). 3336.It Va font8x8 3337.Pq Vt str 3338If set to 3339.Dq Li NO , 3340the default 8x8 font value is used for screen size requests, otherwise 3341the value in 3342.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3343or 3344.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3345is used (depending on the console driver being used). 3346.It Va blanktime 3347.Pq Vt int 3348If set to 3349.Dq Li NO , 3350the default screen blanking interval is used, otherwise it is set 3351to 3352.Ar value 3353seconds. 3354.It Va saver 3355.Pq Vt str 3356If not set to 3357.Dq Li NO , 3358this is the actual screen saver to use 3359.Li ( blank , snake , daemon , 3360etc). 3361.It Va moused_nondefault_enable 3362.Pq Vt str 3363If set to 3364.Dq Li NO , 3365the mouse device specified on 3366the command line is not automatically treated as enabled by the 3367.Pa /etc/rc.d/moused 3368script. 3369Having this variable set to 3370.Dq Li YES 3371allows a 3372.Xr usb 4 3373mouse, 3374for example, 3375to be enabled as soon as it is plugged in. 3376.It Va moused_enable 3377.Pq Vt str 3378If set to 3379.Dq Li YES , 3380the 3381.Xr moused 8 3382daemon is started for doing cut/paste selection on the console. 3383.It Va moused_type 3384.Pq Vt str 3385This is the protocol type of the mouse connected to this host. 3386This variable must be set if 3387.Va moused_enable 3388is set to 3389.Dq Li YES , 3390but defaults to 3391.Dq Li auto 3392as the 3393.Xr moused 8 3394daemon 3395is able to detect the appropriate mouse type automatically in many cases. 3396Set this variable to 3397one from the following list if the automatic detection fails. 3398.Pp 3399If the mouse is attached to the PS/2 mouse port, choose 3400.Dq Li auto 3401or 3402.Dq Li ps/2 , 3403regardless of the brand and model of the mouse. 3404Likewise, if the 3405mouse is attached to the bus mouse port, choose 3406.Dq Li auto 3407or 3408.Dq Li busmouse . 3409All other protocols are for serial mice and will not work with 3410the PS/2 and bus mice. 3411If this is a USB mouse, 3412.Dq Li auto 3413is the only protocol type which will work. 3414.Pp 3415.Bl -tag -width ".Li x10mouseremote" -compact 3416.It Li microsoft 3417Microsoft mouse (serial) 3418.It Li intellimouse 3419Microsoft IntelliMouse (serial) 3420.It Li mousesystems 3421Mouse systems Corp.\& mouse (serial) 3422.It Li mmseries 3423MM Series mouse (serial) 3424.It Li logitech 3425Logitech mouse (serial) 3426.It Li busmouse 3427A bus mouse 3428.It Li mouseman 3429Logitech MouseMan and TrackMan (serial) 3430.It Li glidepoint 3431ALPS GlidePoint (serial) 3432.It Li thinkingmouse 3433Kensington ThinkingMouse (serial) 3434.It Li ps/2 3435PS/2 mouse 3436.It Li mmhittab 3437MM HitTablet (serial) 3438.It Li x10mouseremote 3439X10 MouseRemote (serial) 3440.It Li versapad 3441Interlink VersaPad (serial) 3442.El 3443.Pp 3444Even if the mouse is not in the above list, it may be compatible 3445with one in the list. 3446Refer to the manual page for 3447.Xr moused 8 3448for compatibility information. 3449.Pp 3450It should also be noted that while this is enabled, any 3451other client of the mouse (such as an X server) should access 3452the mouse through the virtual mouse device, 3453.Pa /dev/sysmouse , 3454and configure it as a 3455.Dq Li sysmouse 3456type mouse, since all 3457mouse data is converted to this single canonical format when 3458using 3459.Xr moused 8 . 3460If the client program does not support the 3461.Dq Li sysmouse 3462type, 3463specify the 3464.Dq Li mousesystems 3465type. 3466It is the second preferred type. 3467.It Va moused_port 3468.Pq Vt str 3469If 3470.Va moused_enable 3471is set to 3472.Dq Li YES , 3473this is the actual port the mouse is on. 3474It might be 3475.Pa /dev/cuau0 3476for a COM1 serial mouse, or 3477.Pa /dev/psm0 3478for a PS/2 mouse, for example. 3479.It Va moused_flags 3480.Pq Vt str 3481If 3482.Va moused_flags 3483is set, its value is used as an additional set of flags to pass to the 3484.Xr moused 8 3485daemon. 3486.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3487When 3488.Va moused_nondefault_enable 3489is enabled, and a 3490.Xr moused 8 3491daemon is started for a non-default port, the 3492.Va "moused_" Ns Ar XXX Ns Va "_flags" 3493set of options has precedence over and replaces the default 3494.Va moused_flags 3495(where 3496.Ar XXX 3497is the name of the non-default port, i.e.,\& 3498.Ar ums0 ) . 3499By setting 3500.Va "moused_" Ns Ar XXX Ns Va "_flags" 3501it is possible to set up a different set of default flags for each 3502.Xr moused 8 3503instance. 3504For example, you can use 3505.Dq Li "-3" 3506for the default 3507.Va moused_flags 3508to make your laptop's touchpad more comfortable to use, 3509but an empty set of options for 3510.Va moused_ums0_flags 3511when your 3512.Xr usb 4 3513mouse has three or more buttons. 3514.It Va mousechar_start 3515.Pq Vt int 3516If set to 3517.Dq Li NO , 3518the default mouse cursor character range 3519.Li 0xd0 Ns - Ns Li 0xd3 3520is used, 3521otherwise the range start is set 3522to 3523.Ar value 3524character, see 3525.Xr vidcontrol 1 . 3526Use if the default range is occupied in the language code table. 3527.It Va allscreens_flags 3528.Pq Vt str 3529If set, 3530.Xr vidcontrol 1 3531is run with these options for each of the virtual terminals 3532.Pq Pa /dev/ttyv* . 3533For example, 3534.Dq Fl m Cm on 3535will enable the mouse pointer on all virtual terminals 3536if 3537.Va moused_enable 3538is set to 3539.Dq Li YES . 3540.It Va allscreens_kbdflags 3541.Pq Vt str 3542If set, 3543.Xr kbdcontrol 1 3544is run with these options for each of the virtual terminals 3545.Pq Pa /dev/ttyv* . 3546For example, 3547.Dq Fl h Li 200 3548will set the 3549.Xr syscons 4 3550or 3551.Xr vt 4 3552scrollback (history) buffer to 200 lines. 3553.It Va cron_enable 3554.Pq Vt bool 3555If set to 3556.Dq Li YES , 3557run the 3558.Xr cron 8 3559daemon at system boot time. 3560.It Va cron_program 3561.Pq Vt str 3562Path to 3563.Xr cron 8 3564(default 3565.Pa /usr/sbin/cron ) . 3566.It Va cron_flags 3567.Pq Vt str 3568If 3569.Va cron_enable 3570is set to 3571.Dq Li YES , 3572these are the flags to pass to 3573.Xr cron 8 . 3574.It Va cron_dst 3575.Pq Vt bool 3576If set to 3577.Dq Li YES , 3578enable the special handling of transitions to and from the 3579Daylight Saving Time in 3580.Xr cron 8 3581(equivalent to using the flag 3582.Fl s ) . 3583.It Va lpd_program 3584.Pq Vt str 3585Path to 3586.Xr lpd 8 3587(default 3588.Pa /usr/sbin/lpd ) . 3589.It Va lpd_enable 3590.Pq Vt bool 3591If set to 3592.Dq Li YES , 3593run the 3594.Xr lpd 8 3595daemon at system boot time. 3596.It Va lpd_flags 3597.Pq Vt str 3598If 3599.Va lpd_enable 3600is set to 3601.Dq Li YES , 3602these are the flags to pass to the 3603.Xr lpd 8 3604daemon. 3605.It Va chkprintcap_enable 3606.Pq Vt bool 3607If set to 3608.Dq Li YES , 3609run the 3610.Xr chkprintcap 8 3611command before starting the 3612.Xr lpd 8 3613daemon. 3614.It Va chkprintcap_flags 3615.Pq Vt str 3616If 3617.Va lpd_enable 3618and 3619.Va chkprintcap_enable 3620are set to 3621.Dq Li YES , 3622these are the flags to pass to the 3623.Xr chkprintcap 8 3624program. 3625The default is 3626.Dq Li -d , 3627which causes missing directories to be created. 3628.It Va dumpdev 3629.Pq Vt str 3630Indicates the device (usually a swap partition) to which a crash dump 3631should be written in the event of a system crash. 3632If the value of this variable is 3633.Dq Li AUTO , 3634the first suitable swap device listed in 3635.Pa /etc/fstab 3636will be used as dump device. 3637Otherwise, the value of this variable is passed as the argument to 3638.Xr dumpon 8 3639and 3640.Xr savecore 8 . 3641To disable crash dumps, set this variable to 3642.Dq Li NO . 3643.It Va dumpon_flags 3644.Pq Vt str 3645Flags to pass to 3646.Xr dumpon 8 3647when configuring 3648.Va dumpdev 3649as the system dump device. 3650.It Va dumpdir 3651.Pq Vt str 3652When the system reboots after a crash and a crash dump is found on the 3653device specified by the 3654.Va dumpdev 3655variable, 3656.Xr savecore 8 3657will save that crash dump and a copy of the kernel to the directory 3658specified by the 3659.Va dumpdir 3660variable. 3661The default value is 3662.Pa /var/crash . 3663Set to 3664.Dq Li NO 3665to not run 3666.Xr savecore 8 3667at boot time when 3668.Va dumpdir 3669is set. 3670.It Va savecore_enable 3671.Pq Vt bool 3672If set to 3673.Dq Li NO , 3674disable automatic extraction of the crash dump from the 3675.Va dumpdev . 3676.It Va savecore_flags 3677.Pq Vt str 3678If crash dumps are enabled, these are the flags to pass to the 3679.Xr savecore 8 3680utility. 3681.It Va quota_enable 3682.Pq Vt bool 3683Set to 3684.Dq Li YES 3685to turn on user and group disk quotas on system startup via the 3686.Xr quotaon 8 3687command for all file systems marked as having quotas enabled in 3688.Pa /etc/fstab . 3689The kernel must be built with 3690.Cd "options QUOTA" 3691for disk quotas to function. 3692.It Va check_quotas 3693.Pq Vt bool 3694Set to 3695.Dq Li YES 3696to enable user and group disk quota checking via the 3697.Xr quotacheck 8 3698command. 3699.It Va quotacheck_flags 3700.Pq Vt str 3701If 3702.Va quota_enable 3703is set to 3704.Dq Li YES , 3705and 3706.Va check_quotas 3707is set to 3708.Dq Li YES , 3709these are the flags to pass to the 3710.Xr quotacheck 8 3711utility. 3712The default is 3713.Dq Li "-a" , 3714which checks quotas for all file systems with quotas enabled in 3715.Pa /etc/fstab . 3716.It Va quotaon_flags 3717.Pq Vt str 3718If 3719.Va quota_enable 3720is set to 3721.Dq Li YES , 3722these are the flags to pass to the 3723.Xr quotaon 8 3724utility. 3725The default is 3726.Dq Li "-a" , 3727which enables quotas for all file systems with quotas enabled in 3728.Pa /etc/fstab . 3729.It Va quotaoff_flags 3730.Pq Vt str 3731If 3732.Va quota_enable 3733is set to 3734.Dq Li YES , 3735these are the flags to pass to the 3736.Xr quotaoff 8 3737utility when shutting down the quota system. 3738The default is 3739.Dq Li "-a" , 3740which disables quotas for all file systems with quotas enabled in 3741.Pa /etc/fstab . 3742.It Va accounting_enable 3743.Pq Vt bool 3744Set to 3745.Dq Li YES 3746to enable system accounting through the 3747.Xr accton 8 3748facility. 3749.It Va firstboot_sentinel 3750.Pq Vt str 3751This variable specifies the full path to a 3752.Dq first boot 3753sentinel file. 3754If a file exists with this path, 3755.Pa rc.d 3756scripts with the 3757.Dq firstboot 3758keyword will be run on startup and the sentinel file will be deleted 3759after the boot process completes. 3760The sentinel file must be located on a writable file system which is 3761mounted no later than 3762.Va early_late_divider 3763to function properly. 3764The default is 3765.Pa /firstboot . 3766.It Va linux_enable 3767.Pq Vt bool 3768Set to 3769.Dq Li YES 3770to enable Linux/ELF binary emulation at system initial 3771boot time. 3772.It Va sysvipc_enable 3773.Pq Vt bool 3774If set to 3775.Dq Li YES , 3776load System V IPC primitives at boot time. 3777.It Va clear_tmp_enable 3778.Pq Vt bool 3779Set to 3780.Dq Li YES 3781to have 3782.Pa /tmp 3783cleaned at startup. 3784.It Va clear_tmp_X 3785.Pq Vt bool 3786Set to 3787.Dq Li NO 3788to disable removing of X11 lock files, 3789and the removal and (secure) recreation 3790of the various socket directories for X11 3791related programs. 3792.It Va ldconfig_paths 3793.Pq Vt str 3794Set to the list of shared library paths to use with 3795.Xr ldconfig 8 . 3796NOTE: 3797.Pa /lib 3798and 3799.Pa /usr/lib 3800will always be added first, so they need not appear in this list. 3801.It Va ldconfig32_paths 3802.Pq Vt str 3803Set to the list of 32-bit compatibility shared library paths to 3804use with 3805.Xr ldconfig 8 . 3806.It Va ldconfig_insecure 3807.Pq Vt bool 3808The 3809.Xr ldconfig 8 3810utility normally refuses to use directories 3811which are writable by anyone except root. 3812Set this variable to 3813.Dq Li YES 3814to disable that security check during system startup. 3815.It Va ldconfig_local_dirs 3816.Pq Vt str 3817Set to the list of local 3818.Xr ldconfig 8 3819directories. 3820The names of all files in the directories listed will be 3821passed as arguments to 3822.Xr ldconfig 8 . 3823.It Va ldconfig_local32_dirs 3824.Pq Vt str 3825Set to the list of local 32-bit compatibility 3826.Xr ldconfig 8 3827directories. 3828The names of all files in the directories listed will be 3829passed as arguments to 3830.Dq Nm ldconfig Fl 32 . 3831.It Va kern_securelevel_enable 3832.Pq Vt bool 3833Set to 3834.Dq Li YES 3835to set the kernel security level at system startup. 3836.It Va kern_securelevel 3837.Pq Vt int 3838The kernel security level to set at startup. 3839The allowed range of 3840.Ar value 3841ranges from \-1 (the compile time default) to 3 (the 3842most secure). 3843See 3844.Xr security 7 3845for the list of possible security levels and their effect 3846on system operation. 3847.It Va sshd_program 3848.Pq Vt str 3849Path to the SSH server program 3850.Pa ( /usr/sbin/sshd 3851is the default). 3852.It Va sshd_enable 3853.Pq Vt bool 3854Set to 3855.Dq Li YES 3856to start 3857.Xr sshd 8 3858at system boot time. 3859Note, the 3860.Va sshd_oomprotect 3861variable is set to 3862.Dq Li YES 3863by default in 3864.Pa /etc/defaults/rc.conf . 3865.It Va sshd_flags 3866.Pq Vt str 3867If 3868.Va sshd_enable 3869is set to 3870.Dq Li YES , 3871these are the flags to pass to the 3872.Xr sshd 8 3873daemon. 3874.It Va ftpd_program 3875.Pq Vt str 3876Path to the FTP server program 3877.Pa ( /usr/libexec/ftpd 3878is the default). 3879.It Va ftpd_enable 3880.Pq Vt bool 3881Set to 3882.Dq Li YES 3883to start 3884.Xr ftpd 8 3885as a stand-alone daemon at system boot time. 3886.It Va ftpd_flags 3887.Pq Vt str 3888If 3889.Va ftpd_enable 3890is set to 3891.Dq Li YES , 3892these are the additional flags to pass to the 3893.Xr ftpd 8 3894daemon. 3895.It Va watchdogd_enable 3896.Pq Vt bool 3897If set to 3898.Dq Li YES , 3899start the 3900.Xr watchdogd 8 3901daemon at boot time. 3902This requires that the kernel have been compiled with a 3903.Xr watchdog 4 3904compatible device. 3905.It Va watchdogd_flags 3906.Pq Vt str 3907If 3908.Va watchdogd_enable 3909is set to 3910.Dq Li YES , 3911these are the flags passed to the 3912.Xr watchdogd 8 3913daemon. 3914.It Va watchdogd_timeout 3915.Pq Vt int 3916If 3917.Va watchdogd_enable 3918is set to 3919.Dq Li YES , 3920this is a timeout that will be used by the 3921.Xr watchdogd 8 3922daemon. 3923If this option is set, it overrides 3924.Fl t 3925in 3926.Va watchdogd_flags . 3927.It Va watchdogd_shutdown_timeout 3928.Pq Vt int 3929If 3930.Va watchdogd_enable 3931is set to 3932.Dq Li YES , 3933this is a timeout that will be set by the 3934.Xr watchdogd 8 3935daemon when it exits during the system shutdown. 3936This timeout will not be set when returning to the single-user mode 3937or when the watchdogd service is stopped individually using the 3938.Xr service 8 3939command or the rc.d script. 3940Note that the timeout will be applied if 3941.Xr watchdogd 8 3942is stopped outside of 3943.Xr rc 8 3944framework. 3945If this option is set, it overrides 3946.Fl x 3947in 3948.Va watchdogd_flags . 3949.It Va devfs_rulesets 3950.Pq Vt str 3951List of files containing sets of rules for 3952.Xr devfs 8 . 3953.It Va devfs_system_ruleset 3954.Pq Vt str 3955Rule name(s) to apply to the system 3956.Pa /dev 3957itself. 3958.It Va devfs_set_rulesets 3959.Pq Vt str 3960Pairs of already-mounted 3961.Pa dev 3962directories and rulesets that should be applied to them. 3963For example: /mount/dev=ruleset_name 3964.It Va devfs_load_rulesets 3965.Pq Vt bool 3966If set, always load the default rulesets listed in 3967.Va devfs_rulesets . 3968.It Va performance_cx_lowest 3969.Pq Vt str 3970CPU idle state to use while on AC power. 3971The string 3972.Dq Li LOW 3973indicates that 3974.Xr acpi 4 3975should use the lowest power state available while 3976.Dq Li HIGH 3977indicates that the lowest latency state (less power savings) should be used. 3978.It Va performance_cpu_freq 3979.Pq Vt str 3980CPU clock frequency to use while on AC power. 3981The string 3982.Dq Li LOW 3983indicates that 3984.Xr cpufreq 4 3985should use the lowest frequency available while 3986.Dq Li HIGH 3987indicates that the highest frequency (less power savings) should be used. 3988.It Va economy_cx_lowest 3989.Pq Vt str 3990CPU idle state to use when off AC power. 3991The string 3992.Dq Li LOW 3993indicates that 3994.Xr acpi 4 3995should use the lowest power state available while 3996.Dq Li HIGH 3997indicates that the lowest latency state (less power savings) should be used. 3998.It Va economy_cpu_freq 3999.Pq Vt str 4000CPU clock frequency to use when off AC power. 4001The string 4002.Dq Li LOW 4003indicates that 4004.Xr cpufreq 4 4005should use the lowest frequency available while 4006.Dq Li HIGH 4007indicates that the highest frequency (less power savings) should be used. 4008.It Va jail_enable 4009.Pq Vt bool 4010If set to 4011.Dq Li NO , 4012any configured jails will not be started. 4013.It Va jail_conf 4014.Pq Vt str 4015The configuration filename used by 4016.Xr jail 8 4017utility. 4018The default value is 4019.Pa /etc/jail.conf . 4020.Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf 4021and 4022.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 4023will also be used if 4024.Ao Va jname Ac 4025is set in 4026.Va jail_list . 4027.It Va jail_parallel_start 4028.Pq Vt bool 4029If set to 4030.Dq Li YES , 4031all configured jails will be started in the background (in parallel). 4032.It Va jail_flags 4033.Pq Vt str 4034Unset by default. 4035When set, use as default value for 4036.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4037for every jail in 4038.Va jail_list . 4039.It Va jail_list 4040.Pq Vt str 4041A space-delimited list of jail names. 4042When left empty, all of the 4043.Xr jail 8 4044instances defined in the configuration file are started. 4045The names specified in this list control the jail startup order. 4046.Xr jail 8 4047instances missing from 4048.Va jail_list 4049must be started manually. 4050Note that a jail's 4051.Va depend 4052parameter in the configuration file may override this list. 4053.It Va jail_reverse_stop 4054.Pq Vt bool 4055When set to 4056.Dq Li YES , 4057all configured jails in 4058.Va jail_list 4059are stopped in reverse order. 4060.It Va jail_ Ns * variables 4061Note that older releases supported per-jail configuration via 4062.Nm 4063variables. 4064For example, 4065hostname of a jail named 4066.Li vjail 4067was able to be set by 4068.Li jail_vjail_hostname . 4069These per-jail configuration variables are now obsolete in favor of 4070.Xr jail 8 4071configuration file. 4072For backward compatibility, 4073when per-jail configuration variables are defined, 4074.Xr jail 8 4075configuration files are created as 4076.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4077and used. 4078.Pp 4079The following per-jail parameters are handled by 4080.Pa rc.d/jail 4081script out of their corresponding 4082.Nm 4083variables. 4084In addition to them, parameters in 4085.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4086will be added to the configuration file. 4087They must be a semi-colon 4088.Pq Ql \&; 4089delimited list of 4090.Dq key=value . 4091For more details, 4092see 4093.Xr jail 8 4094manual page. 4095.Bl -tag -width "host.hostname" -offset indent 4096.It Li path 4097set from 4098.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4099.It Li host.hostname 4100set from 4101.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4102.It Li exec.consolelog 4103set from 4104.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4105The default value is 4106.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4107.It Li interface 4108set from 4109.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4110.It Li vnet.interface 4111set from 4112.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4113This implies 4114.Li vnet 4115parameter will be enabled and cannot be specified with 4116.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4117.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4118and/or 4119.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4120at the same time. 4121.It Li fstab 4122set from 4123.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4124.It Li mount 4125set from 4126.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4127.It Li exec.fib 4128set from 4129.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4130.It Li exec.start 4131set from 4132.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4133The parameter name was 4134.Li command 4135in some older releases. 4136.It Li exec.prestart 4137set from 4138.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4139.It Li exec.poststart 4140set from 4141.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4142.It Li exec.stop 4143set from 4144.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4145.It Li exec.prestop 4146set from 4147.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4148.It Li exec.poststop 4149set from 4150.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4151.It Li ip4.addr 4152set if 4153.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4154or 4155.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4156contain IPv4 addresses 4157.It Li ip6.addr 4158set if 4159.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4160or 4161.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4162contain IPv6 addresses 4163.It Li allow.mount 4164set from 4165.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4166.It Li mount.devfs 4167set from 4168.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4169.It Li devfs_ruleset 4170set from 4171.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4172This must be an integer, 4173not a string. 4174.It Li mount.fdescfs 4175set from 4176.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4177.It Li allow.set_hostname 4178set from 4179.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4180.It Li allow.rawsocket 4181set from 4182.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4183.It Li allow.sysvipc 4184set from 4185.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4186.El 4187.\" ----------------------------------------------------- 4188.It Va harvest_mask 4189.Pq Vt int 4190Set to a bit-mask 4191representing the entropy sources 4192you wish to harvest. 4193Refer to 4194.Xr random 4 4195for more information. 4196.It Va entropy_dir 4197.Pq Vt str 4198Set to 4199.Dq Li NO 4200to disable caching entropy via 4201.Xr cron 8 . 4202Otherwise set to the directory 4203in which the entropy files are stored. 4204To be useful, 4205there must be 4206a system cron job 4207that regularly writes and rotates 4208files here. 4209All files found 4210will be used at boot time. 4211The default is 4212.Pa /var/db/entropy . 4213.It Va entropy_file 4214.Pq Vt str 4215Set to 4216.Dq Li NO 4217to disable caching entropy through reboots. 4218Otherwise set to the name 4219of a file used to store cached entropy. 4220This file should be located 4221on a file system that is readable 4222before all the volumes specified in 4223.Xr fstab 5 4224are mounted. 4225By default, 4226.Pa /entropy 4227is used, 4228but if 4229.Pa /var/db/entropy-file 4230is found it will also be used. 4231This will be of some use to 4232.Xr bsdinstall 8 . 4233.It Va entropy_boot_file 4234.Pq Vt str 4235Set to 4236.Dq Li NO 4237to disable 4238very early caching entropy 4239through reboots. 4240Otherwise set to the filename 4241used to read 4242very early reboot cached entropy. 4243This file should be located where 4244.Xr loader 8 4245can read it. 4246See also 4247.Xr loader.conf 5 . 4248The default location is 4249.Pa /boot/entropy . 4250.It Va entropy_save_sz 4251.Pq Vt int 4252Size of the entropy cache files saved by 4253.Nm save-entropy 4254periodically. 4255.It Va entropy_save_num 4256.Pq Vt int 4257Number of entropy cache files to save by 4258.Nm save-entropy 4259periodically. 4260.It Va ipsec_enable 4261.Pq Vt bool 4262Set to 4263.Dq Li YES 4264to run 4265.Xr setkey 8 4266on 4267.Va ipsec_file 4268at boot time. 4269.It Va ipsec_file 4270.Pq Vt str 4271Configuration file for 4272.Xr setkey 8 . 4273.It Va dmesg_enable 4274.Pq Vt bool 4275Set to 4276.Dq Li YES 4277to save 4278.Xr dmesg 8 4279to 4280.Pa /var/run/dmesg.boot 4281on boot. 4282.It Va rcshutdown_timeout 4283.Pq Vt int 4284If set, start a watchdog timer in the background which will terminate 4285.Pa rc.shutdown 4286if 4287.Xr shutdown 8 4288has not completed within the specified time (in seconds). 4289Notice that in addition to this soft timeout, 4290.Xr init 8 4291also applies a hard timeout for the execution of 4292.Pa rc.shutdown . 4293This is configured via 4294.Xr sysctl 8 4295variable 4296.Va kern.init_shutdown_timeout 4297and defaults to 120 seconds. 4298Setting the value of 4299.Va rcshutdown_timeout 4300to more than 120 seconds will have no effect until the 4301.Xr sysctl 8 4302variable 4303.Va kern.init_shutdown_timeout 4304is also increased. 4305.It Va virecover_enable 4306.Pq Vt bool 4307Set to 4308.Dq Li NO 4309to prevent the system from trying to 4310recover prematurely terminated 4311.Xr vi 1 4312sessions. 4313.It Va ugidfw_enable 4314.Pq Vt bool 4315Set to 4316.Dq Li YES 4317to load the 4318.Xr mac_bsdextended 4 4319module upon system initialization and load a default 4320ruleset file. 4321.It Va bsdextended_script 4322.Pq Vt str 4323The default 4324.Xr mac_bsdextended 4 4325ruleset file to load. 4326The default value of this variable is 4327.Pa /etc/rc.bsdextended . 4328.It Va newsyslog_enable 4329.Pq Vt bool 4330If set to 4331.Dq Li YES , 4332run 4333.Xr newsyslog 8 4334command at startup. 4335.It Va newsyslog_flags 4336.Pq Vt str 4337If 4338.Va newsyslog_enable 4339is set to 4340.Dq Li YES , 4341these are the flags to pass to the 4342.Xr newsyslog 8 4343program. 4344The default is 4345.Dq Li -CN , 4346which causes log files flagged with a 4347.Cm C 4348to be created. 4349.It Va mdconfig_md Ns Aq Ar X 4350.Pq Vt str 4351Arguments to 4352.Xr mdconfig 8 4353for 4354.Xr md 4 4355device 4356.Ar X . 4357At minimum a 4358.Fl t Ar type 4359must be specified and either a 4360.Fl s Ar size 4361for malloc or swap backed 4362.Xr md 4 4363devices or a 4364.Fl f Ar file 4365for vnode backed 4366.Xr md 4 4367devices. 4368Note that 4369.Va mdconfig_md Ns Aq Ar X 4370variables are evaluated until one variable is unset or null. 4371.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4372.Pq Vt str 4373Optional arguments passed to 4374.Xr newfs 8 4375to initialize 4376.Xr md 4 4377device 4378.Ar X . 4379.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4380.Pq Vt str 4381An ownership specification passed to 4382.Xr chown 8 4383after the specified 4384.Xr md 4 4385device 4386.Ar X 4387has been mounted. 4388Both the 4389.Xr md 4 4390device and the mount point will be changed. 4391.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4392.Pq Vt str 4393A mode string passed to 4394.Xr chmod 1 4395after the specified 4396.Xr md 4 4397device 4398.Ar X 4399has been mounted. 4400Both the 4401.Xr md 4 4402device and the mount point will be changed. 4403.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4404.Pq Vt str 4405Files to be copied to the mount point of the 4406.Xr md 4 4407device 4408.Ar X 4409after it has been mounted. 4410.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4411.Pq Vt str 4412Command to execute after the specified 4413.Xr md 4 4414device 4415.Ar X 4416has been mounted. 4417Note that the command is passed to 4418.Ic eval 4419and that both 4420.Va _dev 4421and 4422.Va _mp 4423variables can be used to reference respectively the 4424.Xr md 4 4425device and the mount point. 4426Assuming that the 4427.Xr md 4 4428device is 4429.Li md0 , 4430one could set the following: 4431.Bd -literal 4432mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4433.Ed 4434.It Va autobridge_interfaces 4435.Pq Vt str 4436Set to the list of bridge interfaces that will have newly arriving interfaces 4437checked against to be automatically added. 4438If not set to 4439.Dq Li NO 4440then for each whitespace separated 4441.Ar element 4442in the value, a 4443.Va autobridge_ Ns Aq Ar element 4444variable is assumed to exist which has a whitespace separated list of interface 4445names to match, these names can use wildcards. 4446For example: 4447.Bd -literal 4448autobridge_interfaces="bridge0" 4449autobridge_bridge0="tap* dc0 vlan[345]" 4450.Ed 4451.It Va mixer_enable 4452.Pq Vt bool 4453If set to 4454.Dq Li YES , 4455enable support for sound mixer. 4456.It Va hcsecd_enable 4457.Pq Vt bool 4458If set to 4459.Dq Li YES , 4460enable Bluetooth security daemon. 4461.It Va hcsecd_config 4462.Pq Vt str 4463Configuration file for 4464.Xr hcsecd 8 . 4465Default 4466.Pa /etc/bluetooth/hcsecd.conf . 4467.It Va sdpd_enable 4468.Pq Vt bool 4469If set to 4470.Dq Li YES , 4471enable Bluetooth Service Discovery Protocol daemon. 4472.It Va sdpd_control 4473.Pq Vt str 4474Path to 4475.Xr sdpd 8 4476control socket. 4477Default 4478.Pa /var/run/sdp . 4479.It Va sdpd_groupname 4480.Pq Vt str 4481Sets 4482.Xr sdpd 8 4483group to run as after it initializes. 4484Default 4485.Dq Li nobody . 4486.It Va sdpd_username 4487.Pq Vt str 4488Sets 4489.Xr sdpd 8 4490user to run as after it initializes. 4491Default 4492.Dq Li nobody . 4493.It Va bthidd_enable 4494.Pq Vt bool 4495If set to 4496.Dq Li YES , 4497enable Bluetooth Human Interface Device daemon. 4498.It Va bthidd_config 4499.Pq Vt str 4500Configuration file for 4501.Xr bthidd 8 . 4502Default 4503.Pa /etc/bluetooth/bthidd.conf . 4504.It Va bthidd_hids 4505.Pq Vt str 4506Path to a file, where 4507.Xr bthidd 8 4508will store information about known HID devices. 4509Default 4510.Pa /var/db/bthidd.hids . 4511.It Va rfcomm_pppd_server_enable 4512.Pq Vt bool 4513If set to 4514.Dq Li YES , 4515enable Bluetooth RFCOMM PPP wrapper daemon. 4516.It Va rfcomm_pppd_server_profile 4517.Pq Vt str 4518The name of the profile to use from 4519.Pa /etc/ppp/ppp.conf . 4520Multiple profiles can be specified here. 4521Also used to specify per-profile overrides. 4522When the profile name contains any of the characters 4523.Dq Li .-/+ 4524they are translated to 4525.Dq Li _ 4526for the proposes of the override variable names. 4527.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4528.Pq Vt str 4529Overrides local address to listen on. 4530By default 4531.Xr rfcomm_pppd 8 4532will listen on 4533.Dq Li ANY 4534address. 4535The address can be specified as BD_ADDR or name. 4536.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4537.Pq Vt str 4538Overrides local RFCOMM channel to listen on. 4539By default 4540.Xr rfcomm_pppd 8 4541will listen on RFCOMM channel 1. 4542Must set properly if multiple profiles used in the same time. 4543.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4544.Pq Vt bool 4545Tells 4546.Xr rfcomm_pppd 8 4547if it should register Serial Port service on the specified RFCOMM channel. 4548Default 4549.Dq Li NO . 4550.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4551.Pq Vt bool 4552Tells 4553.Xr rfcomm_pppd 8 4554if it should register Dial-Up Networking service on the specified 4555RFCOMM channel. 4556Default 4557.Dq Li NO . 4558.It Va ubthidhci_enable 4559.Pq Vt bool 4560If set to 4561.Dq Li YES , 4562change the USB Bluetooth controller from HID mode to HCI mode. 4563You also need to specify the location of USB Bluetooth controller with the 4564.Va ubthidhci_busnum 4565and 4566.Va ubthidhci_addr 4567variables. 4568.It Va ubthidhci_busnum 4569Bus number where the USB Bluetooth controller is located. 4570Check the output of 4571.Xr usbconfig 8 4572on your system to find this information. 4573.It Va ubthidhci_addr 4574Bus address of the USB Bluetooth controller. 4575Check the output of 4576.Xr usbconfig 8 4577on your system to find this information. 4578.It Va utx_enable 4579.Pq Vt bool 4580Set to 4581.Dq Li YES 4582to enable user accounting through the 4583.Xr utx 8 4584facility. 4585.It Va netwait_enable 4586.Pq Vt bool 4587If set to 4588.Dq Li YES , 4589delays the start of network-reliant services until 4590.Va netwait_if 4591is up and ICMP packets to a destination defined in 4592.Va netwait_ip 4593are flowing. 4594Link state is examined first, followed by 4595.Dq Li pinging 4596an IP address to verify network usability. 4597If no destination can be reached or timeouts are exceeded, 4598network services are started anyway with no guarantee that 4599the network is usable. 4600Use of this variable requires both 4601.Va netwait_ip 4602and 4603.Va netwait_if 4604to be set. 4605.It Va netwait_ip 4606.Pq Vt str 4607Empty by default. 4608This variable contains a space-delimited list of IP addresses to 4609.Xr ping 8 . 4610DNS hostnames should not be used as resolution is not guaranteed 4611to be functional at this point. 4612If multiple IP addresses are specified, 4613each will be tried until one is successful or the list is exhausted. 4614.It Va netwait_timeout 4615.Pq Vt int 4616Indicates the total number of seconds to perform a 4617.Dq Li ping 4618against each IP address in 4619.Va netwait_ip , 4620at a rate of one ping per second. 4621If any of the pings are successful, 4622full network connectivity is considered reliable. 4623The default is 60. 4624.It Va netwait_if 4625.Pq Vt str 4626Empty by default. 4627Defines the name of the network interface on which watch for link. 4628.Xr ifconfig 8 4629is used to monitor the interface, looking for 4630.Dq Li status: no carrier . 4631Once gone, the link is considered up. 4632This can be a 4633.Xr vlan 4 4634interface if desired. 4635.It Va netwait_if_timeout 4636.Pq Vt int 4637Defines the total number of seconds to wait for link to become usable, 4638polled at a 1-second interval. 4639The default is 30. 4640.It Va rctl_enable 4641.Pq Vt bool 4642If set to 4643.Dq Li YES , 4644load 4645.Xr rctl 8 4646rules from the defined ruleset. 4647The kernel must be built with 4648.Cd "options RACCT" 4649and 4650.Cd "options RCTL" . 4651.It Va rctl_rules 4652.Pq Vt str 4653Set to 4654.Pa /etc/rctl.conf 4655by default. 4656This variables contains the 4657.Xr rctl.conf 5 4658ruleset to load for 4659.Xr rctl 8 . 4660.It Va iovctl_files 4661.Pq Vt str 4662A space-separated list of configuration files used by 4663.Xr iovctl 8 . 4664The default value is an empty string. 4665.It Va autofs_enable 4666.Pq Vt bool 4667If set to 4668.Dq Li YES , 4669start the 4670.Xr automount 8 4671utility and the 4672.Xr automountd 8 4673and 4674.Xr autounmountd 8 4675daemons at boot time. 4676.It Va automount_flags 4677.Pq Vt str 4678If 4679.Va autofs_enable 4680is set to 4681.Dq Li YES , 4682these are the flags to pass to the 4683.Xr automount 8 4684program. 4685By default no flags are passed. 4686.It Va automountd_flags 4687.Pq Vt str 4688If 4689.Va autofs_enable 4690is set to 4691.Dq Li YES , 4692these are the flags to pass to the 4693.Xr automountd 8 4694daemon. 4695By default no flags are passed. 4696.It Va autounmountd_flags 4697.Pq Vt str 4698If 4699.Va autofs_enable 4700is set to 4701.Dq Li YES , 4702these are the flags to pass to the 4703.Xr autounmountd 8 4704daemon. 4705By default no flags are passed. 4706.It Va ctld_enable 4707.Pq Vt bool 4708If set to 4709.Dq Li YES , 4710start the 4711.Xr ctld 8 4712daemon at boot time. 4713.It Va iscsid_enable 4714.Pq Vt bool 4715If set to 4716.Dq Li YES , 4717start the 4718.Xr iscsid 8 4719daemon at boot time. 4720.It Va iscsictl_enable 4721.Pq Vt bool 4722If set to 4723.Dq Li YES , 4724start the 4725.Xr iscsictl 8 4726utility at boot time. 4727.It Va iscsictl_flags 4728.Pq Vt str 4729If 4730.Va iscsictl_enable 4731is set to 4732.Dq Li YES , 4733these are the flags to pass to the 4734.Xr iscsictl 8 4735program. 4736The default is 4737.Dq Li -Aa , 4738which configures sessions based on the 4739.Pa /etc/iscsi.conf 4740configuration file. 4741.It Va cfumass_enable 4742.Pq Vt bool 4743If set to 4744.Dq Li YES , 4745create and export an USB LUN using 4746.Xr cfumass 4 4747at boot time. 4748.It Va cfumass_dir 4749.Pq Vt str 4750The directory where the files exported by USB LUN are located. 4751The default directory is 4752.Pa /var/cfumass . 4753.It Va service_delete_empty 4754.Pq Vt bool 4755If set to 4756.Dq Li YES , 4757.Ql Li service delete 4758removes empty 4759.Dq Li rc.conf.d 4760files. 4761.It Va zfs_bootonce_activate 4762.Pq Vt bool 4763If set to 4764.Dq Li YES , 4765and a boot environment marked bootonce is successfully booted, 4766it will be made permanently active. 4767.It Va zfskeys_enable 4768.Pq Vt bool 4769If set to 4770.Dq Li YES , 4771enable auto-loading of encryption keys for encrypted ZFS datasets. 4772For every dataset the script will first load the appropriate encryption key 4773and then attempt to unlock the dataset. 4774.Pp 4775The script operates only on datasets which are encrypted with 4776ZFS native encryption 4777and have a ZFS 4778.Dq Li keylocation 4779dataset property beginning with 4780.Dq Li file:// . 4781.It Va zfskeys_datasets 4782.Pq Vt str 4783A whitespace-separated list of ZFS datasets to unlock. 4784The list is empty by default, 4785which means that the script will attempt to unlock all datasets. 4786.It Va zfskeys_timeout 4787.Pq Vt int 4788Define the total number of seconds to wait for the zfskeys script 4789to unlock an encrypted dataset. 4790The default is 10. 4791.It Va sendmail_enable 4792.Pq Vt str 4793If set to 4794.Dq Li YES , 4795run the 4796.Xr sendmail 8 4797daemon at system boot time. 4798If set to 4799.Dq Li NO , 4800do not run a 4801.Xr sendmail 8 4802daemon to listen for incoming network mail. 4803This does not preclude a 4804.Xr sendmail 8 4805daemon listening on the SMTP port of the loopback interface. 4806The 4807.Dq Li NONE 4808option sets each 4809.Va sendmail_enable , 4810.Va sendmail_submit_enable , 4811.Va sendmail_outbound_enable , 4812.Va sendmail_msp_queue_enable 4813to 4814.Dq Li NO . 4815.It Va sendmail_cert_create 4816.Pq Vt str 4817If 4818.Va sendmail_enable 4819is set to 4820.Dq Li YES , 4821create a signed certificate 4822.Pa /etc/mail/certs/host.cert 4823representing 4824.Pa /etc/mail/certs/host.key 4825by the CA certificate in 4826.Pa /etc/mail/certs/cacert.pem . 4827This will enable connecting hosts to negotiate STARTTLS allowing incoming 4828email to be encrypted in transit. 4829.Xr sendmail 8 4830needs to be configured to use these generated files. 4831The default configuration in 4832.Pa /etc/mail/freebsd.mc 4833has the required options in it. 4834.It Va sendmail_cert_cn 4835.Pq Vt str 4836If 4837.Va sendmail_enable 4838is set to 4839.Dq Li YES 4840and 4841.Va sendmail_cert_create 4842is set to 4843.Dq Li YES , 4844this is the Common Name (CN) of the certificate that will be created. 4845If 4846.Va sendmail_cert_cn 4847is not set, the system's hostname will be used. 4848If there is no hostname set, 4849.Dq Li amnesiac 4850will be used. 4851.It Va sendmail_flags 4852.Pq Vt str 4853If 4854.Va sendmail_enable 4855is set to 4856.Dq Li YES , 4857these are the flags to pass to the 4858.Xr sendmail 8 4859daemon. 4860.It Va sendmail_submit_enable 4861.Pq Vt bool 4862If set to 4863.Dq Li YES 4864and 4865.Va sendmail_enable 4866is set to 4867.Dq Li NO , 4868run 4869.Xr sendmail 8 4870using 4871.Va sendmail_submit_flags 4872instead of 4873.Va sendmail_flags . 4874This is intended to allow local mail submission via 4875a localhost-only listening SMTP service required for running 4876.Xr sendmail 8 4877as a non-set-user-ID binary. 4878Note that this does not work inside 4879.Xr jail 2 4880systems, as jails do not allow binding to just the localhost interface. 4881.It Va sendmail_submit_flags 4882.Pq Vt str 4883If 4884.Va sendmail_enable 4885is set to 4886.Dq Li NO 4887and 4888.Va sendmail_submit_enable 4889is set to 4890.Dq Li YES , 4891these are the flags to pass to the 4892.Xr sendmail 8 4893daemon. 4894.It Va sendmail_outbound_enable 4895.Pq Vt bool 4896If set to 4897.Dq Li YES 4898and both 4899.Va sendmail_enable 4900and 4901.Va sendmail_submit_enable 4902are set to 4903.Dq Li NO , 4904run 4905.Xr sendmail 8 4906using 4907.Va sendmail_outbound_flags 4908instead of 4909.Va sendmail_flags . 4910This is intended to allow local mail queue management 4911for systems that do not offer a listening SMTP service. 4912.It Va sendmail_outbound_flags 4913.Pq Vt str 4914If both 4915.Va sendmail_enable 4916and 4917.Va sendmail_submit_enable 4918are set to 4919.Dq Li NO 4920and 4921.Va sendmail_outbound_enable 4922is set to 4923.Dq Li YES , 4924these are the flags to pass to the 4925.Xr sendmail 8 4926daemon. 4927.It Va sendmail_msp_queue_enable 4928.Pq Vt bool 4929If set to 4930.Dq Li YES , 4931start a client (MSP) queue runner 4932.Xr sendmail 8 4933daemon at system boot time. 4934As of sendmail 8.12, a separate queue is used for command line 4935submissions. 4936The client queue runner ensures that nothing is 4937left behind in the submission queue. 4938.It Va sendmail_msp_queue_flags 4939.Pq Vt str 4940If 4941.Va sendmail_msp_queue_enable 4942is set to 4943daemon. 4944.Dq Li YES , 4945these are the flags to pass to the 4946.Xr sendmail 8 4947.El 4948.Sh SERVICE JAILS 4949The service jails part of the rc system automatically puts a service 4950into a jail. 4951This jail inherits the filesystem and various other parts of the 4952parent (if you allow child-jails in your jails, service jails 4953can be used in jails) depending on the content of the 4954.Ao Ar name Ac Ns Va _svcj_options 4955variable. 4956Typically this variable is set inside rc scripts, but it can be 4957overriden in the rc config. 4958Valid options for 4959.Ao Ar name Ac Ns Va _svcj_options 4960are: 4961.Bl -tag -width indent-two 4962.It mlock 4963Allows to lock memory pages into the physical memory. 4964.It netv4 4965Inherit the IPv4 address and allows to open reserved ports. 4966This can not be combined with 4967.Pa netv6 . 4968.It netv6 4969Inherit the IPv6 address and allows to open reserved ports. 4970This can not be combined with 4971.Pa netv4 . 4972.It net_basic 4973Inherits the IPv4 and IPv6 addresses and allows to open 4974reserved ports. 4975.It net_raw 4976Allow to open raw sockets. 4977This option can be combined with 4978.Pa netv4 , 4979.Pa netv6 , 4980.Pa net_basic . 4981.It net_all 4982Inherits the IPv4 and IPv6 addresses, allows to open reserved 4983ports, allows to open raw sockets, and allows to open sockets 4984of protocol stacks that have not had jail functionality added 4985to them. 4986.It nfsd 4987Allows to run nfsd and affiliated daemons. 4988.It sysvipc 4989Inherits the SysV semaphores, SysV shared memory and 4990SysV messages from the host or the parent jail. 4991.It sysvipcnew 4992Creates a new namespace for SysV semaphores, SysV shared memory 4993and SysV messages for this particular service jail. 4994.It vmm 4995Allows access to 4996.Xr vmm 4 . 4997This option is only available when 4998.Xr vmm 4 4999is enabled in the kernel. 5000.El 5001 5002All non-network options can be combined with all other options. 5003From the SysV options only one option can be specified. 5004 5005If the 5006.Ao Ar name Ac Ns Va _svcj 5007variable is set to 5008.Dq Li YES , 5009this particular service is started in a 5010service jail named 5011.Va svcj- Ns Ar name . 5012 5013The 5014.Va svcj_all_enable 5015variable allows to enable service jails for all services of the 5016system at once. 5017Services which have 5018.Ao Ar name Ac Ns Va _svcj 5019set to 5020.Dq Li NO 5021are excluded. 5022Some services may set 5023.Ao Ar name Ac Ns Va _svcj 5024to 5025.Dq Li NO 5026in the script to either prevent service jails for this 5027service at all, or may set it to 5028.Dq Li NO 5029if it is not set in the 5030rc config, to exclude it from 5031.Va svcj_all_enable 5032but allow to explicitely enable it. 5033The sshd service for example would not see other jails, if 5034it would run as a service jail. 5035This may or may not be what is needed, and as such it is 5036excluded from 5037.Va svcj_all_enable 5038but can be enabled via setting 5039.Va sshd_svcj 5040to 5041.Dq Li YES . 5042.Sh FILES 5043.Bl -tag -width "/etc/defaults/rc.conf" -compact 5044.It Pa /etc/defaults/rc.conf 5045.It Pa /etc/defaults/vendor.conf 5046.It Pa /etc/rc.conf 5047.It Pa /etc/rc.conf.local 5048.It Pa /etc/rc.conf.d/ 5049.El 5050.Sh SEE ALSO 5051.Xr chmod 1 , 5052.Xr cpuset 1 , 5053.Xr gdb 1 Pq Pa ports/devel/gdb , 5054.Xr kbdcontrol 1 , 5055.Xr limits 1 , 5056.Xr protect 1 , 5057.Xr sh 1 , 5058.Xr umask 1 , 5059.Xr uuidgen 1 , 5060.Xr vi 1 , 5061.Xr vidcontrol 1 , 5062.Xr bridge 4 , 5063.Xr dummynet 4 , 5064.Xr ip 4 , 5065.Xr ipf 4 , 5066.Xr ipfw 4 , 5067.Xr ipnat 4 , 5068.Xr kld 4 , 5069.Xr pf 4 , 5070.Xr pflog 4 , 5071.Xr pfsync 4 , 5072.Xr tcp 4 , 5073.Xr udp 4 , 5074.Xr exports 5 , 5075.Xr fstab 5 , 5076.Xr ipf 5 , 5077.Xr ipnat 5 , 5078.Xr jail.conf 5 , 5079.Xr loader.conf 5 , 5080.Xr login.conf 5 , 5081.Xr motd 5 , 5082.Xr newsyslog.conf 5 , 5083.Xr pf.conf 5 , 5084.Xr firewall 7 , 5085.Xr growfs 7 , 5086.Xr security 7 , 5087.Xr tuning 7 , 5088.Xr accton 8 , 5089.Xr apm 8 , 5090.Xr bsdinstall 8 , 5091.Xr bthidd 8 , 5092.Xr chkprintcap 8 , 5093.Xr chown 8 , 5094.Xr cron 8 , 5095.Xr devfs 8 , 5096.Xr dhclient 8 , 5097.Xr ftpd 8 , 5098.Xr geli 8 , 5099.Xr hcsecd 8 , 5100.Xr ifconfig 8 , 5101.Xr inetd 8 , 5102.Xr iovctl 8 , 5103.Xr ipf 8 , 5104.Xr ipfw 8 , 5105.Xr ipnat 8 , 5106.Xr jail 8 , 5107.Xr kldxref 8 , 5108.Xr loader 8 , 5109.Xr lpd 8 , 5110.Xr makewhatis 8 , 5111.Xr mdconfig 8 , 5112.Xr mdmfs 8 , 5113.Xr mixer 8 , 5114.Xr mountd 8 , 5115.Xr moused 8 , 5116.Xr newfs 8 , 5117.Xr newsyslog 8 , 5118.Xr nfsd 8 , 5119.Xr ntpd 8 , 5120.Xr ntpdate 8 , 5121.Xr pfctl 8 , 5122.Xr pflogd 8 , 5123.Xr ping 8 , 5124.Xr powerd 8 , 5125.Xr quotacheck 8 , 5126.Xr quotaon 8 , 5127.Xr rc 8 , 5128.Xr rc.subr 8 , 5129.Xr rcorder 8 , 5130.Xr rfcomm_pppd 8 , 5131.Xr route 8 , 5132.Xr route6d 8 , 5133.Xr routed 8 , 5134.Xr rpc.lockd 8 , 5135.Xr rpc.statd 8 , 5136.Xr rpc.tlsclntd 8 , 5137.Xr rpc.tlsservd 8 , 5138.Xr rpcbind 8 , 5139.Xr rwhod 8 , 5140.Xr savecore 8 , 5141.Xr sdpd 8 , 5142.Xr sendmail 8 , 5143.Xr service 8 , 5144.Xr sshd 8 , 5145.Xr swapon 8 , 5146.Xr sysctl 8 , 5147.Xr syslogd 8 , 5148.Xr sysrc 8 , 5149.Xr unbound 8 , 5150.Xr usbconfig 8 , 5151.Xr utx 8 , 5152.Xr wlandebug 8 , 5153.Xr yp 8 , 5154.Xr ypbind 8 , 5155.Xr ypserv 8 , 5156.Xr ypset 8 5157.Sh HISTORY 5158The 5159.Nm 5160file appeared in 5161.Fx 2.2.2 . 5162.Sh AUTHORS 5163.An Jordan K. Hubbard . 5164