1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd November 10, 2022 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail-specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/etc/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _fib 196.Pq Vt int 197The 198.Xr setfib 1 199value to run the service under. 200.It Ao Ar name Ac Ns Va _group 201.Pq Vt str 202Run the chrooted service under this system group. 203Unlike the 204.Ao Ar name Ac Ns Va _user 205setting, this setting has no effect if the service is not chrooted. 206.It Ao Ar name Ac Ns Va _limits 207.Pq Vt str 208Resource limits to apply to the service using 209.Xr limits 1 . 210By default, resource limits are based on the login class defined in 211.Ao Ar name Ac Ns Va _login_class . 212.It Ao Ar name Ac Ns Va _login_class 213.Pq Vt str 214Login class to be used with 215.Ao Ar name Ac Ns Va _limits . 216Defaults to 217.Dq Li daemon . 218.It Ao Ar name Ac Ns Va _nice 219.Pq Vt int 220The 221.Xr nice 1 222value to run the service under. 223.It Ao Ar name Ac Ns Va _oomprotect 224.Pq Vt str 225Use 226.Xr protect 1 227to prevent the service from being killed when swap space 228is exhausted. 229Use 230.Dq Li YES 231to protect only the service itself, and 232.Dq Li ALL 233to protect the service and all its child processes. 234.Pp 235Please note that rc scripts which redefine 236.Dl ${argument}_cmd 237.Pq see Xr rc.subr 8 238such as PostgreSQL will not inherit the OOM killer protection. 239.Pp 240This variable has no effect on services running within a 241.Xr jail 8 . 242.It Ao Ar name Ac Ns Va _umask 243.Pq Vt int 244Run the service using this 245.Xr umask 1 246value. 247.It Ao Ar name Ac Ns Va _user 248.Pq Vt str 249Run the service under this user account. 250.It Va apm_enable 251.Pq Vt bool 252If set to 253.Dq Li YES , 254enable support for Automatic Power Management with 255the 256.Xr apm 8 257command. 258.It Va apmd_enable 259.Pq Vt bool 260Run 261.Xr apmd 8 262to handle APM event from userland. 263This also enables support for APM. 264.It Va apmd_flags 265.Pq Vt str 266If 267.Va apmd_enable 268is set to 269.Dq Li YES , 270these are the flags to pass to the 271.Xr apmd 8 272daemon. 273.It Va devd_enable 274.Pq Vt bool 275Run 276.Xr devd 8 277to handle device added, removed or unknown events from the kernel. 278.It Va ddb_enable 279.Pq Vt bool 280Run 281.Xr ddb 8 282to install 283.Xr ddb 4 284scripts at boot time. 285.It Va ddb_config 286.Pq Vt str 287Configuration file for 288.Xr ddb 8 . 289Default 290.Pa /etc/ddb.conf . 291.It Va devmatch_enable 292.Pq Vt bool 293If set to 294.Dq Li NO , 295disable auto-loading of kernel modules with 296.Xr devmatch 8 . 297.It Va devmatch_blocklist 298.Pq Vt str 299A whitespace-separated list of kernel modules to be ignored by 300.Xr devmatch 8 . 301In addition, the 302.Xr kenv 1 303.Va devmatch_blocklist 304is appended to this variable to allow disabling of 305.Xr devmatch 8 306loaded modules from the boot loader. 307.It Va devmatch_blacklist 308.Pq Vt str 309This variable is deprecated. 310Use 311.Va devmatch_blocklist 312instead. 313A whitespace-separated list of kernel modules to be ignored by 314.Xr devmatch 8 . 315.It Va kld_list 316.Pq Vt str 317A whitespace-separated list of kernel modules to load right after 318the local disks are mounted, without any 319.Pa .ko 320extension or path. 321Loading modules at this point in the boot process is 322much faster than doing it via 323.Pa /boot/loader.conf 324for those modules not necessary for mounting local disks. 325.It Va kldxref_enable 326.Pq Vt bool 327Set to 328.Dq Li NO 329by default. 330Set to 331.Dq Li YES 332to automatically rebuild 333.Pa linker.hints 334files with 335.Xr kldxref 8 336at boot time. 337.It Va kldxref_clobber 338.Pq Vt bool 339Set to 340.Dq Li NO 341by default. 342If 343.Va kldxref_enable 344is true, 345setting to 346.Dq Li YES 347will overwrite existing 348.Pa linker.hints 349files at boot time. 350Otherwise, 351only missing 352.Pa linker.hints 353files are generated. 354.It Va kldxref_module_path 355.Pq Vt str 356Empty by default. 357A semi-colon 358.Pq Ql \&; 359delimited list of paths containing 360.Xr kld 4 361modules. 362If empty, 363the contents of the 364.Va kern.module_path 365.Xr sysctl 8 366are used. 367.It Va powerd_enable 368.Pq Vt bool 369If set to 370.Dq Li YES , 371enable the system power control facility with the 372.Xr powerd 8 373daemon. 374.It Va powerd_flags 375.Pq Vt str 376If 377.Va powerd_enable 378is set to 379.Dq Li YES , 380these are the flags to pass to the 381.Xr powerd 8 382daemon. 383.It Va tmpmfs 384Controls the creation of a 385.Pa /tmp 386memory file system. 387Always happens if set to 388.Dq Li YES 389and never happens if set to 390.Dq Li NO . 391If set to anything else, a memory file system is created if 392.Pa /tmp 393is not writable. 394.It Va tmpsize 395Controls the size of a created 396.Pa /tmp 397memory file system. 398.It Va tmpmfs_flags 399Extra options passed to the 400.Xr mdmfs 8 401utility when the memory file system for 402.Pa /tmp 403is created. 404The default is 405.Dq Li "-S" , 406which inhibits the use of softupdates on 407.Pa /tmp 408so that file system space is freed without delay 409after file truncation or deletion. 410See 411.Xr mdmfs 8 412for other options you can use in 413.Va tmpmfs_flags . 414.It Va varmfs 415Controls the creation of a 416.Pa /var 417memory file system. 418Always happens if set to 419.Dq Li YES 420and never happens if set to 421.Dq Li NO . 422If set to anything else, a memory file system is created if 423.Pa /var 424is not writable. 425.It Va varsize 426Controls the size of a created 427.Pa /var 428memory file system. 429.It Va varmfs_flags 430Extra options passed to the 431.Xr mdmfs 8 432utility when the memory file system for 433.Pa /var 434is created. 435The default is 436.Dq Li "-S" , 437which inhibits the use of softupdates on 438.Pa /var 439so that file system space is freed without delay 440after file truncation or deletion. 441See 442.Xr mdmfs 8 443for other options you can use in 444.Va varmfs_flags . 445.It Va populate_var 446Controls the automatic population of the 447.Pa /var 448file system. 449Always happens if set to 450.Dq Li YES 451and never happens if set to 452.Dq Li NO . 453If set to anything else, a memory file system is created if 454.Pa /var 455is not writable. 456Note that this process requires access to certain commands in 457.Pa /usr 458before 459.Pa /usr 460is mounted on normal systems. 461.It Va cleanvar_enable 462.Pq Vt bool 463Clean the 464.Pa /var 465directory. 466.It Va var_run_enable 467.Pq Vt bool 468Set to "YES" to enable saving of the 469.Pa /var/run 470directory strcucture into an mtree file at shutdown and the reload of the 471.Pa /var/run 472directory structure at boot. 473.It Va var_run_autosave 474.Pq Vt bool 475In some cases it may be undesirable to save 476.Pa /var/run 477at shutdown. 478When set to "NO" 479.Pa /var/run 480is loaded at reboot but not saved at shutdown. Typically in this scenario 481a 482.Pa service 483.Pa var_run 484.Pa save 485would be performed to save a copy of the 486.Pa /var/run 487directory structure once, to be reload during all subsequent reboots. 488.It Va var_run_mtree 489.Pq Vt str 490Where to save the 491.Pa /var/run 492mtree. The default location is 493.Pa /var/db/mtree/BSD.var-run.mtree . 494.It Va local_startup 495.Pq Vt str 496List of directories to search for startup script files. 497.It Va script_name_sep 498.Pq Vt str 499The field separator to use for breaking down the list of startup script files 500into individual filenames. 501The default is a space. 502It is not necessary to change this unless there are startup scripts with names 503containing spaces. 504.It Va hostapd_enable 505.Pq Vt bool 506Set to 507.Dq Li YES 508to start 509.Xr hostapd 8 510at system boot time. 511.It Va hostname 512.Pq Vt str 513The fully qualified domain name (FQDN) of this host on the network. 514This should almost certainly be set to something meaningful, even if 515there is no network connection. 516If 517.Xr dhclient 8 518is used to set the hostname via DHCP, 519this variable should be set to an empty string. 520Within a 521.Xr jail 8 522the hostname is generally already set and this variable may be absent. 523If this value remains unset when the system is done booting 524your console login will display the default hostname of 525.Dq Amnesiac . 526.It Va nisdomainname 527.Pq Vt str 528The NIS domain name of this host, or 529.Dq Li NO 530if NIS is not used. 531.It Va dhclient_program 532.Pq Vt str 533Path to the DHCP client program 534.Pa ( /sbin/dhclient , 535the 536.Ox 537DHCP client, 538is the default). 539.It Va dhclient_flags 540.Pq Vt str 541Additional flags to pass to the DHCP client program. 542For the 543.Ox 544DHCP client, see the 545.Xr dhclient 8 546manpage for a description of the command line options available. 547.It Va dhclient_flags_ Ns Aq Ar iface 548Additional flags to pass to the DHCP client program running on 549.Ar iface 550only. 551When specified, this variable overrides 552.Va dhclient_flags . 553.It Va background_dhclient 554.Pq Vt bool 555Set to 556.Dq Li YES 557to start the DHCP client in background. 558This can cause trouble with applications depending on 559a working network, but it will provide a faster startup 560in many cases. 561.It Va background_dhclient_ Ns Aq Ar iface 562When specified, this variable overrides the 563.Va background_dhclient 564variable for interface 565.Ar iface 566only. 567.It Va synchronous_dhclient 568.Pq Vt bool 569Set to 570.Dq Li YES 571to start 572.Xr dhclient 8 573synchronously at startup. 574This behavior can be overridden on a per-interface basis by replacing 575the 576.Dq Li DHCP 577keyword in the 578.Va ifconfig_ Ns Aq Ar interface 579variable with 580.Dq Li SYNCDHCP 581or 582.Dq Li NOSYNCDHCP . 583.It Va defaultroute_delay 584.Pq Vt int 585When set to a positive value, wait up to this long after configuring 586DHCP interfaces at startup to give the interfaces time to receive a lease. 587.It Va firewall_enable 588.Pq Vt bool 589Set to 590.Dq Li YES 591to load firewall rules at startup. 592If the kernel was not built with 593.Cd "options IPFIREWALL" , 594the 595.Pa ipfw.ko 596kernel module will be loaded. 597See also 598.Va ipfilter_enable . 599.It Va firewall_script 600.Pq Vt str 601This variable specifies the full path to the firewall script to run. 602The default is 603.Pa /etc/rc.firewall . 604.It Va firewall_type 605.Pq Vt str 606Names the firewall type from the selection in 607.Pa /etc/rc.firewall , 608or the file which contains the local firewall ruleset. 609Valid selections from 610.Pa /etc/rc.firewall 611are: 612.Pp 613.Bl -tag -width ".Li workstation" -compact 614.It Li open 615unrestricted IP access 616.It Li closed 617all IP services disabled, except via 618.Dq Li lo0 619.It Li client 620basic protection for a workstation 621.It Li workstation 622basic protection for a workstation using stateful firewalling 623.It Li simple 624basic protection for a LAN. 625.El 626.Pp 627If a filename is specified, the full path 628must be given. 629.Pp 630Most of the predefined rulesets define additional configuration variables. 631These are documented in 632.Pa /etc/rc.firewall . 633.It Va firewall_quiet 634.Pq Vt bool 635Set to 636.Dq Li YES 637to disable the display of firewall rules on the console during boot. 638.It Va firewall_logging 639.Pq Vt bool 640Set to 641.Dq Li YES 642to enable firewall event logging. 643This is equivalent to the 644.Dv IPFIREWALL_VERBOSE 645kernel option. 646.It Va firewall_logif 647.Pq Vt bool 648Set to 649.Dq Li YES 650to create pseudo interface 651.Li ipfw0 652for logging. 653For more details, see 654.Xr ipfw 8 655manual page. 656.It Va firewall_flags 657.Pq Vt str 658Flags passed to 659.Xr ipfw 8 660if 661.Va firewall_type 662specifies a filename. 663.It Va firewall_coscripts 664.Pq Vt str 665List of executables and/or rc scripts to run after firewall starts/stops. 666Default is empty. 667.\" ----- firewall_nat_enable setting -------------------------------- 668.It Va firewall_nat_enable 669.Pq Vt bool 670The 671.Xr ipfw 8 672equivalent of 673.Va natd_enable . 674Setting this to 675.Dq Li YES 676will automatically load the 677.Xr ipfw 8 678NAT kernel module if 679.Va firewall_enable 680is also set to 681.Dq Li YES . 682.It Va firewall_nat_interface 683.Pq Vt str 684The 685.Xr ipfw 8 686equivalent of 687.Va natd_interface . 688This is the name of the public interface or IP address on which 689kernel NAT should run. 690.It Va firewall_nat_flags 691.Pq Vt str 692Additional configuration parameters for kernel NAT should be placed here. 693.It Va firewall_nat64_enable 694.Pq Vt bool 695Setting this to 696.Dq Li YES 697will automatically load the 698.Xr ipfw 8 699NAT64 kernel module if 700.Va firewall_enable 701is also set to 702.Dq Li YES . 703.It Va firewall_nptv6_enable 704.Pq Vt bool 705Setting this to 706.Dq Li YES 707will automatically load the 708.Xr ipfw 8 709NPTv6 kernel module if 710.Va firewall_enable 711is also set to 712.Dq Li YES . 713.It Va firewall_pmod_enable 714.Pq Vt bool 715Setting this to 716.Dq Li YES 717will automatically load the 718.Xr ipfw 8 719pmod kernel module if 720.Va firewall_enable 721is also set to 722.Dq Li YES . 723.It Va dummynet_enable 724.Pq Vt bool 725Setting this to 726.Dq Li YES 727will automatically load the 728.Xr dummynet 4 729module if 730.Va firewall_enable 731is also set to 732.Dq Li YES . 733.\" ------------------------------------------------------------------- 734.It Va ipfw_netflow_enable 735.Pq Vt bool 736Setting this to 737.Dq Li YES 738will enable netflow logging via 739.Xr ng_netflow 4 740.Pp 741By default a ipfw rule is inserted and all packets are duplicated with 742the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 743port using protocol version 5. 744.It Va ipfw_netflow_hook 745.Pq Vt int 746netflow hook name, must be numerical 747(default 748.Pa 9995 ) . 749.It Va ipfw_netflow_rule 750.Pq Vt int 751ipfw rule number 752(default 753.Pa 1000 ) . 754.It Va ipfw_netflow_ip 755.Pq Vt str 756Destination server ip for receiving netflow data 757(default 758.Pa 127.0.0.1 ) . 759.It Va ipfw_netflow_port 760.Pq Vt int 761Destination server port for receiving netflow data 762(default 763.Pa 9995 ) . 764.It Va ipfw_netflow_version 765.Pq Vt int 766Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 767.It Va ipfw_netflow_fib 768.Pq Vt int 769Only match packet in FIB 770.Pa ipfw_netflow_fib 771(default is undefined meaning all FIBs). 772.It Va natd_program 773.Pq Vt str 774Path to 775.Xr natd 8 . 776.It Va natd_enable 777.Pq Vt bool 778Set to 779.Dq Li YES 780to enable 781.Xr natd 8 . 782.Va firewall_enable 783must also be set to 784.Dq Li YES , 785and 786.Xr divert 4 787sockets must be enabled in the kernel. 788If the kernel was not built with 789.Cd "options IPDIVERT" , 790the 791.Pa ipdivert.ko 792kernel module will be loaded. 793.It Va natd_interface 794.Pq Vt str 795This is the name of the public interface on which 796.Xr natd 8 797should run. 798The interface may be given as an interface name or as an IP address. 799.It Va natd_flags 800.Pq Vt str 801Additional 802.Xr natd 8 803flags should be placed here. 804The 805.Fl n 806or 807.Fl a 808flag is automatically added with the above 809.Va natd_interface 810as an argument. 811.\" ----- ipfilter_enable setting -------------------------------- 812.It Va ipfilter_enable 813.Pq Vt bool 814Set to 815.Dq Li NO 816by default. 817Setting this to 818.Dq Li YES 819enables 820.Xr ipf 8 821packet filtering. 822.Pp 823Typical usage will require putting 824.Bd -literal 825ipfilter_enable="YES" 826ipnat_enable="YES" 827ipmon_enable="YES" 828ipfs_enable="YES" 829.Ed 830.Pp 831into 832.Pa /etc/rc.conf 833and editing 834.Pa /etc/ipf.rules 835and 836.Pa /etc/ipnat.rules 837appropriately. 838.Pp 839Note that 840.Va ipfilter_enable 841and 842.Va ipnat_enable 843can be enabled independently. 844.Va ipmon_enable 845and 846.Va ipfs_enable 847both require at least one of 848.Va ipfilter_enable 849and 850.Va ipnat_enable 851to be enabled. 852.Pp 853Having 854.Bd -literal 855options IPFILTER 856options IPFILTER_LOG 857options IPFILTER_DEFAULT_BLOCK 858.Ed 859.Pp 860in the kernel configuration file is a good idea, too. 861.\" ----- ipfilter_program setting ------------------------------ 862.It Va ipfilter_program 863.Pq Vt str 864Path to 865.Xr ipf 8 866(default 867.Pa /sbin/ipf ) . 868.\" ----- ipfilter_rules setting -------------------------------- 869.It Va ipfilter_rules 870.Pq Vt str 871Set to 872.Pa /etc/ipf.rules 873by default. 874This variable contains the name of the filter rule definition file. 875The file is expected to be readable for the 876.Xr ipf 8 877command to execute. 878.\" ----- ipfilter_flags setting -------------------------------- 879.It Va ipfilter_flags 880.Pq Vt str 881Empty by default. 882This variable contains flags passed to the 883.Xr ipf 8 884program. 885.\" ----- ipnat_enable setting ---------------------------------- 886.It Va ipnat_enable 887.Pq Vt bool 888Set to 889.Dq Li NO 890by default. 891Set it to 892.Dq Li YES 893to enable 894.Xr ipnat 8 895network address translation. 896See 897.Va ipfilter_enable 898for a detailed discussion. 899.\" ----- ipnat_program setting --------------------------------- 900.It Va ipnat_program 901.Pq Vt str 902Path to 903.Xr ipnat 8 904(default 905.Pa /sbin/ipnat ) . 906.\" ----- ipnat_rules setting ----------------------------------- 907.It Va ipnat_rules 908.Pq Vt str 909Set to 910.Pa /etc/ipnat.rules 911by default. 912This variable contains the name of the file 913holding the network address translation definition. 914This file is expected to be readable for the 915.Xr ipnat 8 916command to execute. 917.\" ----- ipnat_flags setting ----------------------------------- 918.It Va ipnat_flags 919.Pq Vt str 920Empty by default. 921This variable contains flags passed to the 922.Xr ipnat 8 923program. 924.\" ----- ipmon_enable setting ---------------------------------- 925.It Va ipmon_enable 926.Pq Vt bool 927Set to 928.Dq Li NO 929by default. 930Set it to 931.Dq Li YES 932to enable 933.Xr ipmon 8 934monitoring (logging 935.Xr ipf 8 936and 937.Xr ipnat 8 938events). 939Setting this variable needs setting 940.Va ipfilter_enable 941or 942.Va ipnat_enable 943too. 944See 945.Va ipfilter_enable 946for a detailed discussion. 947.\" ----- ipmon_program setting --------------------------------- 948.It Va ipmon_program 949.Pq Vt str 950Path to 951.Xr ipmon 8 952(default 953.Pa /sbin/ipmon ) . 954.\" ----- ipmon_flags setting ----------------------------------- 955.It Va ipmon_flags 956.Pq Vt str 957Set to 958.Dq Li -Ds 959by default. 960This variable contains flags passed to the 961.Xr ipmon 8 962program. 963Another typical example would be 964.Dq Fl D Pa /var/log/ipflog 965to have 966.Xr ipmon 8 967log directly to a file bypassing 968.Xr syslogd 8 . 969Make sure to adjust 970.Pa /etc/newsyslog.conf 971in such case like this: 972.Bd -literal 973/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 974.Ed 975.\" ----- ipfs_enable setting ----------------------------------- 976.It Va ipfs_enable 977.Pq Vt bool 978Set to 979.Dq Li NO 980by default. 981Set it to 982.Dq Li YES 983to enable 984.Xr ipfs 8 985saving the filter and NAT state tables during shutdown 986and reloading them during startup again. 987Setting this variable needs setting 988.Va ipfilter_enable 989or 990.Va ipnat_enable 991to 992.Dq Li YES 993too. 994See 995.Va ipfilter_enable 996for a detailed discussion. 997Note that if 998.Va kern_securelevel 999is set to 3, 1000.Va ipfs_enable 1001cannot be used 1002because the raised securelevel will prevent 1003.Xr ipfs 8 1004from saving the state tables at shutdown time. 1005.\" ----- ipfs_program setting ---------------------------------- 1006.It Va ipfs_program 1007.Pq Vt str 1008Path to 1009.Xr ipfs 8 1010(default 1011.Pa /sbin/ipfs ) . 1012.\" ----- ipfs_flags setting ------------------------------------ 1013.It Va ipfs_flags 1014.Pq Vt str 1015Empty by default. 1016This variable contains flags passed to the 1017.Xr ipfs 8 1018program. 1019.\" ----- end of added ipf hook --------------------------------- 1020.It Va pf_enable 1021.Pq Vt bool 1022Set to 1023.Dq Li NO 1024by default. 1025Setting this to 1026.Dq Li YES 1027enables 1028.Xr pf 4 1029packet filtering. 1030.Pp 1031Typical usage will require putting 1032.Pp 1033.Dl pf_enable="YES" 1034.Pp 1035into 1036.Pa /etc/rc.conf 1037and editing 1038.Pa /etc/pf.conf 1039appropriately. 1040Adding 1041.Pp 1042.Dl "device pf" 1043.Pp 1044builds support for 1045.Xr pf 4 1046into the kernel, otherwise the 1047kernel module will be loaded. 1048.It Va pf_rules 1049.Pq Vt str 1050Path to 1051.Xr pf 4 1052ruleset configuration file 1053(default 1054.Pa /etc/pf.conf ) . 1055.It Va pf_program 1056.Pq Vt str 1057Path to 1058.Xr pfctl 8 1059(default 1060.Pa /sbin/pfctl ) . 1061.It Va pf_flags 1062.Pq Vt str 1063If 1064.Va pf_enable 1065is set to 1066.Dq Li YES , 1067these flags are passed to the 1068.Xr pfctl 8 1069program when loading the ruleset. 1070.It Va pf_fallback_rules_enable 1071.Pq Vt bool 1072Set to 1073.Dq Li NO 1074by default. 1075Setting this to 1076.Dq Li YES 1077enables loading 1078.Va pf_fallback_rules_file 1079or 1080.Va pf_fallback_rules 1081in case of a problem when loading the ruleset in 1082.Va pf_rules . 1083.It Va pf_fallback_rules_file 1084.Pq Vt str 1085Path to a pf ruleset to load in case of failure when loading the 1086ruleset in 1087.Va pf_rules 1088(default 1089.Pa /etc/pf-fallback.conf ) . 1090.It Va pf_fallback_rules 1091.Pq Vt str 1092A pf ruleset to load in case of failure when loading the ruleset in 1093.Va pf_rules 1094and 1095.Va pf_fallback_rules_file 1096is not found. 1097Multiple rules can be set as follows: 1098.Bd -literal 1099pf_fallback_rules="\\ 1100 block drop log all\\ 1101 pass in quick on em0" 1102.Pp 1103.Ed 1104The default fallback rule is 1105.Dq block drop log all 1106.It Va pflog_enable 1107.Pq Vt bool 1108Set to 1109.Dq Li NO 1110by default. 1111Setting this to 1112.Dq Li YES 1113enables 1114.Xr pflogd 8 1115which logs packets from the 1116.Xr pf 4 1117packet filter. 1118.It Va pflog_logfile 1119.Pq Vt str 1120If 1121.Va pflog_enable 1122is set to 1123.Dq Li YES 1124this controls where 1125.Xr pflogd 8 1126stores the logfile 1127(default 1128.Pa /var/log/pflog ) . 1129Check 1130.Pa /etc/newsyslog.conf 1131to adjust logfile rotation for this. 1132.It Va pflog_program 1133.Pq Vt str 1134Path to 1135.Xr pflogd 8 1136(default 1137.Pa /sbin/pflogd ) . 1138.It Va pflog_flags 1139.Pq Vt str 1140Empty by default. 1141This variable contains additional flags passed to the 1142.Xr pflogd 8 1143program. 1144.It Va pflog_instances 1145.Pq Vt str 1146If logging to more than one 1147.Xr pflog 4 1148interface is desired, 1149.Va pflog_instances 1150is set to the list of 1151.Xr pflogd 8 1152instances that should be started at system boot time. 1153If 1154.Va pflog_instances 1155is set, for each whitespace-separated 1156.Ar element 1157in the list, 1158.Ao Ar element Ac Ns Va _dev 1159and 1160.Ao Ar element Ac Ns Va _logfile 1161elements are assumed to exist. 1162.Ao Ar element Ac Ns Va _dev 1163must contain the 1164.Xr pflog 4 1165interface to be watched by the named 1166.Xr pflogd 8 1167instance. 1168.Ao Ar element Ac Ns Va _logfile 1169must contain the name of the logfile that will be used by the 1170.Xr pflogd 8 1171instance. 1172.It Va ftpproxy_enable 1173.Pq Vt bool 1174Set to 1175.Dq Li NO 1176by default. 1177Setting this to 1178.Dq Li YES 1179enables 1180.Xr ftp-proxy 8 1181which supports the 1182.Xr pf 4 1183packet filter in translating ftp connections. 1184.It Va ftpproxy_flags 1185.Pq Vt str 1186Empty by default. 1187This variable contains additional flags passed to the 1188.Xr ftp-proxy 8 1189program. 1190.It Va ftpproxy_instances 1191.Pq Vt str 1192Empty by default. 1193If multiple instances of 1194.Xr ftp-proxy 8 1195are desired at boot time, 1196.Va ftpproxy_instances 1197should contain a whitespace-separated list of instance names. 1198For each 1199.Ar element 1200in the list, a variable named 1201.Ao Ar element Ac Ns Va _flags 1202should be defined, containing the command-line flags to be passed to the 1203.Xr ftp-proxy 8 1204instance. 1205.It Va pfsync_enable 1206.Pq Vt bool 1207Set to 1208.Dq Li NO 1209by default. 1210Setting this to 1211.Dq Li YES 1212enables exposing 1213.Xr pf 4 1214state changes to other hosts over the network by means of 1215.Xr pfsync 4 . 1216The 1217.Va pfsync_syncdev 1218variable 1219must also be set then. 1220.It Va pfsync_syncdev 1221.Pq Vt str 1222Empty by default. 1223This variable specifies the name of the network interface 1224.Xr pfsync 4 1225should operate through. 1226It must be set accordingly if 1227.Va pfsync_enable 1228is set to 1229.Dq Li YES . 1230.It Va pfsync_syncpeer 1231.Pq Vt str 1232Empty by default. 1233This variable is optional. 1234By default, state change messages are sent out on the synchronisation 1235interface using IP multicast packets. 1236The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1237224.0.0.240. 1238When a peer address is specified using the 1239.Va pfsync_syncpeer 1240option, the peer address is used as a destination for the pfsync 1241traffic, and the traffic can then be protected using 1242.Xr ipsec 4 . 1243See the 1244.Xr pfsync 4 1245manpage for more details about using 1246.Xr ipsec 4 1247with 1248.Xr pfsync 4 1249interfaces. 1250.It Va pfsync_ifconfig 1251.Pq Vt str 1252Empty by default. 1253This variable can contain additional options to be passed to the 1254.Xr ifconfig 8 1255command used to set up 1256.Xr pfsync 4 . 1257.It Va tcp_extensions 1258.Pq Vt bool 1259Set to 1260.Dq Li YES 1261by default. 1262Setting this to 1263.Dq Li NO 1264disables certain TCP options as described by 1265.Rs 1266.%T "RFC 1323" 1267.Re 1268Setting this to 1269.Dq Li NO 1270might help remedy such problems with connections as randomly hanging 1271or other weird behavior. 1272Some network devices are known 1273to be broken with respect to these options. 1274.It Va log_in_vain 1275.Pq Vt int 1276Set to 0 by default. 1277The 1278.Xr sysctl 8 1279variables, 1280.Va net.inet.tcp.log_in_vain 1281and 1282.Va net.inet.udp.log_in_vain , 1283as described in 1284.Xr tcp 4 1285and 1286.Xr udp 4 , 1287are set to the given value. 1288.It Va tcp_keepalive 1289.Pq Vt bool 1290Set to 1291.Dq Li YES 1292by default. 1293Setting to 1294.Dq Li NO 1295will disable probing idle TCP connections to verify that the 1296peer is still up and reachable. 1297.It Va tcp_drop_synfin 1298.Pq Vt bool 1299Set to 1300.Dq Li NO 1301by default. 1302Setting to 1303.Dq Li YES 1304will cause the kernel to ignore TCP frames that have both 1305the SYN and FIN flags set. 1306This prevents OS fingerprinting, but may 1307break some legitimate applications. 1308.It Va icmp_drop_redirect 1309.Pq Vt bool 1310Set to 1311.Dq Li AUTO 1312by default. 1313This setting will be identical to 1314.Dq Li YES , 1315if a dynamicrouting daemon is enabled, because redirect processing may 1316cause performance issues for large routing tables. 1317If no such service is enabled, this setting behaves like a 1318.Dq Li NO . 1319Setting to 1320.Dq Li YES 1321will cause the kernel to ignore ICMP REDIRECT packets. 1322Setting to 1323.Dq Li NO 1324will cause the kernel to process ICMP REDIRECT packets. 1325Refer to 1326.Xr icmp 4 1327for more information. 1328.It Va icmp_log_redirect 1329.Pq Vt bool 1330Set to 1331.Dq Li NO 1332by default. 1333Setting to 1334.Dq Li YES 1335will cause the kernel to log ICMP REDIRECT packets. 1336Note that 1337the log messages are not rate-limited, so this option should only be used 1338for troubleshooting networks. 1339Refer to 1340.Xr icmp 4 1341for more information. 1342.It Va icmp_bmcastecho 1343.Pq Vt bool 1344Set to 1345.Dq Li YES 1346to respond to broadcast or multicast ICMP ping packets. 1347Refer to 1348.Xr icmp 4 1349for more information. 1350.It Va ip_portrange_first 1351.Pq Vt int 1352If not set to 1353.Dq Li NO , 1354this is the first port in the default portrange. 1355Refer to 1356.Xr ip 4 1357for more information. 1358.It Va ip_portrange_last 1359.Pq Vt int 1360If not set to 1361.Dq Li NO , 1362this is the last port in the default portrange. 1363Refer to 1364.Xr ip 4 1365for more information. 1366.It Va network_interfaces 1367.Pq Vt str 1368Set to the list of network interfaces to configure on this host or 1369.Dq Li AUTO 1370(the default) for all current interfaces. 1371Setting the 1372.Va network_interfaces 1373variable to anything other than the default is deprecated. 1374Interfaces that the administrator wishes to store configuration for, 1375but not start at boot should be configured with the 1376.Dq Li NOAUTO 1377keyword in their 1378.Va ifconfig_ Ns Aq Ar interface 1379variables as described below. 1380.Pp 1381An 1382.Va ifconfig_ Ns Aq Ar interface 1383variable is also assumed to exist for each value of 1384.Ar interface . 1385When an interface name contains any of the characters 1386.Dq Li .-/+ 1387they are translated to 1388.Dq Li _ 1389before lookup. 1390The variable can contain arguments to 1391.Xr ifconfig 8 , 1392as well as special case-insensitive keywords described below. 1393Such keywords are removed before passing the value to 1394.Xr ifconfig 8 1395while the order of the other arguments is preserved. 1396.Pp 1397It is possible to add IP alias entries using 1398.Xr ifconfig 8 1399syntax with the address family keyword such as 1400.Li inet . 1401Assuming that the interface in question was 1402.Li em0 , 1403it might look something like this: 1404.Bd -literal 1405ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1406ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1407.Ed 1408.Pp 1409It also possible to configure multiple IP addresses in Classless 1410Inter-Domain Routing 1411.Pq CIDR 1412address notation, 1413whose each address component can be a range like 1414.Li inet 192.0.2.5-23/24 1415or 1416.Li inet6 2001:db8:1-f::1/64 . 1417This notation allows address and prefix length part only, 1418not the other address modifiers. 1419Note that the maximum number of the generated addresses from a range 1420specification is limited to an integer value specified in 1421.Va netif_ipexpand_max 1422in 1423.Nm 1424because a small typo can unexpectedly generate a large number of addresses. 1425The default value is 1426.Li 2048 . 1427It can be increased by adding the following line into 1428.Nm : 1429.Bd -literal 1430netif_ipexpand_max="4096" 1431.Ed 1432.Pp 1433In the case of 1434.Li 192.0.2.5-23/24 , 1435the address 192.0.2.5 will be configured with the 1436netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1437the non-conflicting netmask /32 as explained in the 1438.Xr ifconfig 8 1439alias section. 1440Note that this special netmask handling is only for 1441.Li inet , 1442not for the other address families such as 1443.Li inet6 . 1444.Pp 1445With the interface in question being 1446.Li em0 , 1447an example could look like: 1448.Bd -literal 1449ifconfig_em0_alias2="inet 192.0.2.129/27" 1450ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1451.Ed 1452.Pp 1453and so on. 1454.Pp 1455Note that deprecated 1456.Va ipv4_addrs_ Ns Aq Ar interface 1457variable was supported for IPv4 CIDR address notation. 1458The 1459.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1460variable replaces it, though 1461.Va ipv4_addrs_ Ns Aq Ar interface 1462is still supported for backward compatibility. 1463.Pp 1464For each 1465.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1466entry with an address family keyword, 1467its contents are passed to 1468.Xr ifconfig 8 . 1469Execution stops at the first unsuccessful access, so if 1470something like this is present: 1471.Bd -literal 1472ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1473ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1474ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1475ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1476.Ed 1477.Pp 1478Then note that alias4 would 1479.Em not 1480be added since the search would 1481stop with the missing 1482.Dq Li alias3 1483entry. 1484Because of this difficult to manage behavior, 1485there is 1486.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1487variable, which has the same functionality as 1488.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1489and can have all of entries in a variable like the following: 1490.Bd -literal 1491ifconfig_em0_aliases="\\ 1492 inet 127.0.0.251 netmask 0xffffffff \\ 1493 inet 127.0.0.252 netmask 0xffffffff \\ 1494 inet 127.0.0.253 netmask 0xffffffff \\ 1495 inet 127.0.0.254 netmask 0xffffffff" 1496.Ed 1497.Pp 1498It also supports CIDR notation. 1499.Pp 1500If the 1501.Pa /etc/start_if . Ns Aq Ar interface 1502file is present, it is read and executed by the 1503.Xr sh 1 1504interpreter 1505before configuring the interface as specified in the 1506.Va ifconfig_ Ns Aq Ar interface 1507and 1508.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1509variables. 1510.Pp 1511If a 1512.Va vlans_ Ns Aq Ar interface 1513variable is set, 1514a 1515.Xr vlan 4 1516interface will be created for each item in the list with the 1517.Ar vlandev 1518argument set to 1519.Ar interface . 1520If a vlan interface's name is a number, 1521then that number is used as the vlan tag and the new vlan interface is 1522named 1523.Ar interface . Ns Ar tag . 1524Otherwise, 1525the vlan tag must be specified via a 1526.Va vlan 1527parameter in the 1528.Va create_args_ Ns Aq Ar interface 1529variable. 1530.Pp 1531To create a vlan device named 1532.Li em0.101 1533on 1534.Li em0 1535with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1536.Bd -literal 1537vlans_em0="101" 1538ifconfig_em0_101="inet 192.0.2.1/24" 1539.Ed 1540.Pp 1541To create a vlan device named 1542.Li myvlan 1543on 1544.Li em0 1545with the vlan tag 102: 1546.Bd -literal 1547vlans_em0="myvlan" 1548create_args_myvlan="vlan 102" 1549.Ed 1550.Pp 1551If a 1552.Va wlans_ Ns Aq Ar interface 1553variable is set, 1554an 1555.Xr wlan 4 1556interface will be created for each item in the list with the 1557.Ar wlandev 1558argument set to 1559.Ar interface . 1560Further wlan cloning arguments may be passed to the 1561.Xr ifconfig 8 1562.Cm create 1563command by setting the 1564.Va create_args_ Ns Aq Ar interface 1565variable. 1566One or more 1567.Xr wlan 4 1568devices must be created for each wireless devices as of 1569.Fx 8.0 . 1570Debugging flags for 1571.Xr wlan 4 1572devices as set by 1573.Xr wlandebug 8 1574may be specified with an 1575.Va wlandebug_ Ns Aq Ar interface 1576variable. 1577The contents of this variable will be passed directly to 1578.Xr wlandebug 8 . 1579.Pp 1580If the 1581.Va ifconfig_ Ns Aq Ar interface 1582contains the keyword 1583.Dq Li NOAUTO 1584then the interface will not be configured 1585at boot or by 1586.Pa /etc/pccard_ether 1587when 1588.Va network_interfaces 1589is set to 1590.Dq Li AUTO . 1591.Pp 1592It is possible to bring up an interface with DHCP by adding 1593.Dq Li DHCP 1594to the 1595.Va ifconfig_ Ns Aq Ar interface 1596variable. 1597For instance, to initialize the 1598.Li em0 1599device via DHCP, 1600it is possible to use something like: 1601.Bd -literal 1602ifconfig_em0="DHCP" 1603.Ed 1604.Pp 1605If you want to configure your wireless interface with 1606.Xr wpa_supplicant 8 1607for use with WPA, EAP/LEAP or WEP, you need to add 1608.Dq Li WPA 1609to the 1610.Va ifconfig_ Ns Aq Ar interface 1611variable. 1612.Pp 1613On the other hand, if you want to configure your wireless interface with 1614.Xr hostapd 8 , 1615you need to add 1616.Dq Li HOSTAP 1617to the 1618.Va ifconfig_ Ns Aq Ar interface 1619variable. 1620.Xr hostapd 8 1621will use the settings from 1622.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1623.Pp 1624Finally, you can add 1625.Xr ifconfig 8 1626options in this variable, in addition to the 1627.Pa /etc/start_if . Ns Aq Ar interface 1628file. 1629For instance, to configure an 1630.Xr ath 4 1631wireless device in station mode with an address obtained 1632via DHCP, using WPA authentication and 802.11b mode, it is 1633possible to use something like: 1634.Bd -literal 1635wlans_ath0="wlan0" 1636ifconfig_wlan0="DHCP WPA mode 11b" 1637.Ed 1638.Pp 1639In addition to the 1640.Va ifconfig_ Ns Aq Ar interface 1641form, a fallback variable 1642.Va ifconfig_DEFAULT 1643may be configured. 1644It will be used for all interfaces with no 1645.Va ifconfig_ Ns Aq Ar interface 1646variable. 1647This is intended to replace the no longer supported 1648.Va pccard_ifconfig 1649variable. 1650.Pp 1651It is also possible to rename an interface by doing: 1652.Bd -literal 1653ifconfig_em0_name="net0" 1654ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1655.Ed 1656.It Va ipv6_enable 1657.Pq Vt bool 1658This variable is deprecated. 1659Use 1660.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1661and 1662.Va ipv6_activate_all_interfaces 1663if necessary. 1664.Pp 1665If the variable is 1666.Dq Li YES , 1667.Dq Li inet6 accept_rtadv 1668is added to all of 1669.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1670and the 1671.Va ipv6_activate_all_interfaces 1672is defined as 1673.Dq Li YES . 1674.It Va ipv6_prefer 1675.Pq Vt bool 1676This variable is deprecated. 1677Use 1678.Va ip6addrctl_policy 1679instead. 1680.Pp 1681If the variable is 1682.Dq Li YES , 1683the default address selection policy table set by 1684.Xr ip6addrctl 8 1685will be IPv6-preferred. 1686.Pp 1687If the variable is 1688.Dq Li NO , 1689the default address selection policy table set by 1690.Xr ip6addrctl 8 1691will be IPv4-preferred. 1692.It Va ipv6_activate_all_interfaces 1693.Pq Vt bool 1694This controls initial configuration on IPv6-capable 1695interfaces with no corresponding 1696.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1697variable. 1698Note that it is not always necessary to set this variable to 1699.Dq YES 1700to use IPv6 functionality on 1701.Fx . 1702In most cases, just configuring 1703.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1704variables works. 1705.Pp 1706If the variable is 1707.Dq Li NO , 1708all interfaces which do not have a corresponding 1709.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1710variable will be marked as 1711.Dq Li IFDISABLED 1712at creation. 1713This means that all of IPv6 functionality on that interface 1714is completely disabled to enforce a security policy. 1715If the variable is set to 1716.Dq YES , 1717the flag will be cleared on all of the interfaces. 1718.Pp 1719In most cases, just defining an 1720.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1721for an IPv6-capable interface should be sufficient. 1722However, if an interface is added dynamically 1723.Pq by some tunneling protocols such as PPP, for example , 1724it is often difficult to define the variable in advance. 1725In such a case, configuring the 1726.Dq Li IFDISABLED 1727flag can be disabled by setting this variable to 1728.Dq YES . 1729.Pp 1730For more details of the 1731.Dq Li IFDISABLED 1732flag and keywords 1733.Dq Li inet6 ifdisabled , 1734see 1735.Xr ifconfig 8 . 1736.Pp 1737Default is 1738.Dq Li NO . 1739.It Va ipv6_privacy 1740.Pq Vt bool 1741If the variable is 1742.Dq Li YES 1743privacy addresses will be generated for each IPv6 1744interface as described in RFC 4941. 1745.It Va ipv6_network_interfaces 1746.Pq Vt str 1747This is the IPv6 equivalent of 1748.Va network_interfaces . 1749Normally manual configuration of this variable is not needed. 1750.It Va ipv6_cpe_wanif 1751.Pq Vt str 1752If the variable is set to an interface name, 1753the 1754.Xr ifconfig 8 1755options 1756.Dq inet6 -no_radr accept_rtadv 1757will be added to the specified interface automatically before evaluating 1758.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1759and two 1760.Xr sysctl 8 1761variables 1762.Va net.inet6.ip6.rfc6204w3 1763and 1764.Va net.inet6.ip6.no_radr 1765will be set to 1. 1766.Pp 1767This means the specified interface will accept ICMPv6 Router 1768Advertisement messages on that link and add the discovered 1769routers into the Default Router List. 1770While the other interfaces can still accept RA messages if the 1771.Dq inet6 accept_rtadv 1772option is specified, adding 1773routes into the Default Router List will be disabled by 1774.Dq inet6 no_radr 1775option by default. 1776See 1777.Xr ifconfig 8 1778for more details. 1779.Pp 1780Note that ICMPv6 Router Advertisement messages will be 1781accepted even when 1782.Va net.inet6.ip6.forwarding 1783is 1 1784.Pq packet forwarding is enabled 1785when 1786.Va net.inet6.ip6.rfc6204w3 1787is set to 1. 1788.Pp 1789Default is 1790.Dq Li NO . 1791.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1792.Pq Vt str 1793This assigns arbitrary description to an interface. 1794The 1795.Xr sysctl 8 1796variable 1797.Va net.ifdescr_maxlen 1798limits its length. 1799This static setting may be overridden by commands 1800started with dynamic interface configuration utilities 1801like 1802.Xr dhclient 8 1803hooks. 1804The description can be seen with 1805.Xr ifconfig 8 1806command and it may be exported with 1807.Xr bsnmpd 1 1808daemon using its MIB-2 module. 1809.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1810.Pq Vt str 1811IPv6 functionality on an interface should be configured by 1812.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1813instead of setting ifconfig parameters in 1814.Va ifconfig_ Ns Aq Ar interface . 1815If this variable is empty, all of IPv6 configurations on the 1816specified interface by other variables such as 1817.Va ipv6_prefix_ Ns Ao Ar interface Ac 1818will be ignored. 1819.Pp 1820Aliases should be set by 1821.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1822with 1823.Dq Li inet6 1824keyword. 1825For example: 1826.Bd -literal 1827ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1828ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1829.Ed 1830.Pp 1831Interfaces that have an 1832.Dq Li inet6 accept_rtadv 1833keyword in 1834.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1835setting will be automatically configured by SLAAC 1836.Pq StateLess Address AutoConfiguration 1837described in 1838.Rs 1839.%T "RFC 4862" 1840.Re 1841.Pp 1842Note that a link-local address will be automatically configured in 1843addition to the configured global-scope addresses because the IPv6 1844specifications require it on each link. 1845The address is calculated from the MAC address by using an algorithm 1846defined in 1847.Rs 1848.%T "RFC 4862" 1849.%O "Section 5.3" 1850.Re 1851.Pp 1852If only a link-local address is needed on the interface, 1853the following configuration can be used: 1854.Bd -literal 1855ifconfig_em0_ipv6="inet6 auto_linklocal" 1856.Ed 1857.Pp 1858A link-local address can also be configured manually. 1859This is useful for the default router address of an IPv6 router 1860so that it does not change when the network interface 1861card is replaced. 1862For example: 1863.Bd -literal 1864ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1865.Ed 1866.It Va ipv6_prefix_ Ns Aq Ar interface 1867.Pq Vt str 1868If one or more prefixes are defined in 1869.Va ipv6_prefix_ Ns Aq Ar interface 1870addresses based on each prefix and the EUI-64 interface index will be 1871configured on that interface. 1872Note that this variable will be ignored when 1873.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1874is empty. 1875.Pp 1876For example, the following configuration 1877.Bd -literal 1878ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1879.Ed 1880.Pp 1881is equivalent to the following: 1882.Bd -literal 1883ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1884ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1885ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1886ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1887.Ed 1888.Pp 1889These Subnet-Router anycast addresses will be added only when 1890.Va ipv6_gateway_enable 1891is YES. 1892.It Va ipv6_default_interface 1893.Pq Vt str 1894If not set to 1895.Dq Li NO , 1896this is the default output interface for scoped addresses. 1897This works only with ipv6_gateway_enable="NO". 1898.It Va ip6addrctl_enable 1899.Pq Vt bool 1900This variable is to enable configuring default address selection policy table 1901.Pq RFC 3484 . 1902The table can be specified in another variable 1903.Va ip6addrctl_policy . 1904For 1905.Va ip6addrctl_policy 1906the following keywords can be specified: 1907.Dq Li ipv4_prefer , 1908.Dq Li ipv6_prefer , 1909or 1910.Dq Li AUTO . 1911.Pp 1912If 1913.Dq Li ipv4_prefer 1914or 1915.Dq Li ipv6_prefer 1916is specified, 1917.Xr ip6addrctl 8 1918installs a pre-defined policy table described in Section 10.3 1919.Pq IPv4-preferred 1920or 2.1 1921.Pq IPv6-preferred 1922of RFC 3484. 1923.Pp 1924If 1925.Dq Li AUTO 1926is specified, it attempts to read a file 1927.Pa /etc/ip6addrctl.conf 1928first. 1929If this file is found, 1930.Xr ip6addrctl 8 1931reads and installs it. 1932If not found, a policy is automatically set 1933according to 1934.Va ipv6_activate_all_interfaces 1935variable; if the variable is set to 1936.Dq Li YES 1937the IPv6-preferred one is used. 1938Otherwise IPv4-preferred. 1939.Pp 1940The default value of 1941.Va ip6addrctl_enable 1942and 1943.Va ip6addrctl_policy 1944are 1945.Dq Li YES 1946and 1947.Dq Li AUTO , 1948respectively. 1949.It Va cloned_interfaces 1950.Pq Vt str 1951Set to the list of clonable network interfaces to create on this host. 1952Further cloning arguments may be passed to the 1953.Xr ifconfig 8 1954.Cm create 1955command for each interface by setting the 1956.Va create_args_ Ns Aq Ar interface 1957variable. 1958If an interface name is specified with 1959.Dq :sticky 1960keyword, 1961the interface will not be destroyed even when 1962.Pa rc.d/netif 1963script is invoked with 1964.Dq stop 1965argument. 1966This is useful when reconfiguring the interface without destroying it. 1967Entries in 1968.Va cloned_interfaces 1969are automatically appended to 1970.Va network_interfaces 1971for configuration. 1972.It Va cloned_interfaces_sticky 1973.Pq Vt bool 1974This variable is to globally enable functionality of 1975.Dq :sticky 1976keyword in 1977.Va cloned_interfaces 1978for all interfaces. 1979The default value is 1980.Dq NO . 1981Even if this variable is specified to 1982.Dq YES , 1983.Dq :nosticky 1984keyword can be used to override it on per interface basis. 1985.It Va gif_interfaces 1986Set to the list of 1987.Xr gif 4 1988tunnel interfaces to configure on this host. 1989A 1990.Va gifconfig_ Ns Aq Ar interface 1991variable is assumed to exist for each value of 1992.Ar interface . 1993The value of this variable is used to configure the link layer of the 1994tunnel using the 1995.Cm tunnel 1996option to 1997.Xr ifconfig 8 . 1998Additionally, this option ensures that each listed interface is created 1999via the 2000.Cm create 2001option to 2002.Xr ifconfig 8 2003before attempting to configure it. 2004.Pp 2005For example, configure two 2006.Xr gif 4 2007interfaces with: 2008.Bd -literal 2009gif_interfaces="gif0 gif1" 2010gifconfig_gif0="100.64.0.1 100.64.0.2" 2011ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 2012gifconfig_gif1="inet6 2a00::1 2a01::1" 2013ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 2014.Ed 2015.It Va ppp_enable 2016.Pq Vt bool 2017If set to 2018.Dq Li YES , 2019run the 2020.Xr ppp 8 2021daemon. 2022.It Va ppp_profile 2023.Pq Vt str 2024The name of the profile to use from 2025.Pa /etc/ppp/ppp.conf . 2026Also used for per-profile overrides of 2027.Va ppp_mode 2028and 2029.Va ppp_nat , 2030and 2031.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2032When the profile name contains any of the characters 2033.Dq Li .-/+ 2034they are translated to 2035.Dq Li _ 2036for the proposes of the override variable names. 2037.It Va ppp_mode 2038.Pq Vt str 2039Mode in which to run the 2040.Xr ppp 8 2041daemon. 2042.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2043.Pq Vt str 2044Overrides the global 2045.Va ppp_mode 2046for 2047.Ar profile . 2048Accepted modes are 2049.Dq Li auto , 2050.Dq Li ddial , 2051.Dq Li direct 2052and 2053.Dq Li dedicated . 2054See the manual for a full description. 2055.It Va ppp_nat 2056.Pq Vt bool 2057If set to 2058.Dq Li YES , 2059enables network address translation. 2060Used in conjunction with 2061.Va gateway_enable 2062allows hosts on private network addresses access to the Internet using 2063this host as a network address translating router. 2064Default is 2065.Dq Li YES . 2066.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2067.Pq Vt str 2068Overrides the global 2069.Va ppp_nat 2070for 2071.Ar profile . 2072.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2073.Pq Vt int 2074Set the unit number to be used for this profile. 2075See the manual description of 2076.Fl unit Ns Ar N 2077for details. 2078.It Va ppp_user 2079.Pq Vt str 2080The name of the user under which 2081.Xr ppp 8 2082should be started. 2083By 2084default, 2085.Xr ppp 8 2086is started as 2087.Dq Li root . 2088.It Va rc_conf_files 2089.Pq Vt str 2090This option is used to specify a list of files that will override 2091the settings in 2092.Pa /etc/defaults/rc.conf . 2093The files will be read in the order in which they are specified and should 2094include the full path to the file. 2095By default, the files specified are 2096.Pa /etc/rc.conf 2097and 2098.Pa /etc/rc.conf.local 2099.It Va zfs_enable 2100.Pq Vt bool 2101If set to 2102.Dq Li YES , 2103.Pa /etc/rc.d/zfs 2104will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2105(ZVOLs). 2106.It Va zpool_reguid 2107.Pq Vt str 2108A space-separated list of ZFS pool names for which new pool GUIDs should be 2109assigned upon first boot. 2110This is useful when using a ZFS pool copied from a template, such as a virtual 2111machine image. 2112.It Va zpool_upgrade 2113.Pq Vt str 2114A space-separated list of ZFS pool names for which version should be upgraded 2115upon first boot. 2116This is useful when using a ZFS pool generated by the 2117.Xr makefs 8 2118utility. 2119.It Va gptboot_enable 2120.Pq Vt bool 2121If set to 2122.Dq Li YES , 2123.Pa /etc/rc.d/gptboot 2124will log if the system successfully (or not) booted from a GPT partition, 2125which had the 2126.Ar bootonce 2127attribute set using 2128.Xr gpart 8 2129utility. 2130.It Va gbde_autoattach_all 2131.Pq Vt bool 2132If set to 2133.Dq Li YES , 2134.Pa /etc/rc.d/gbde 2135will attempt to automatically initialize your .bde devices in 2136.Pa /etc/fstab . 2137.It Va gbde_devices 2138.Pq Vt str 2139List the devices that the script should try to attach, 2140or 2141.Dq Li AUTO . 2142.It Va gbde_lockdir 2143.Pq Vt str 2144The directory where the 2145.Xr gbde 4 2146lockfiles are located. 2147The default lockfile directory is 2148.Pa /etc . 2149.Pp 2150The lockfile for each individual 2151.Xr gbde 4 2152device can be overridden by setting the variable 2153.Va gbde_lock_ Ns Aq Ar device , 2154where 2155.Ar device 2156is the encrypted device without the 2157.Dq Pa /dev/ 2158and 2159.Dq Pa .bde 2160parts. 2161.It Va gbde_attach_attempts 2162.Pq Vt int 2163Number of times to attempt attaching to a 2164.Xr gbde 4 2165device, i.e., how many times the user is asked for the pass-phrase. 2166Default is 3. 2167.It Va geli_devices 2168.Pq Vt str 2169List of devices to automatically attach on boot. 2170Note that .eli devices from 2171.Pa /etc/fstab 2172are automatically appended to this list. 2173.It Va geli_groups 2174.Pq Vt str 2175List of groups containing devices to automatically attach on boot with the same 2176keyfiles and passphrase. 2177This must be accompanied with a corresponding 2178.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2179variable. 2180.It Va geli_tries 2181.Pq Vt int 2182Number of times user is asked for the pass-phrase. 2183If empty, it will be taken from 2184.Va kern.geom.eli.tries 2185sysctl variable. 2186.It Va geli_default_flags 2187.Pq Vt str 2188Default flags to use by 2189.Xr geli 8 2190when configuring disk encryption. 2191Flags can be configured for every device separately by defining the 2192.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2193variable, and for every group separately by defining the 2194.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2195variable. 2196.It Va geli_autodetach 2197.Pq Vt str 2198Specifies if GELI devices should be marked for detach on last close after 2199file systems are mounted. 2200Default is 2201.Dq Li YES . 2202This can be changed for every device separately by defining the 2203.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2204variable. 2205.It Va root_rw_mount 2206.Pq Vt bool 2207Set to 2208.Dq Li YES 2209by default. 2210After the file systems are checked at boot time, the root file system 2211is remounted as read-write if this is set to 2212.Dq Li YES . 2213Diskless systems that mount their root file system from a read-only remote 2214NFS share should set this to 2215.Dq Li NO 2216in their 2217.Pa rc.conf . 2218.It Va fsck_y_enable 2219.Pq Vt bool 2220If set to 2221.Dq Li YES , 2222.Xr fsck 8 2223will be run with the 2224.Fl y 2225flag if the initial preen 2226of the file systems fails. 2227.It Va background_fsck 2228.Pq Vt bool 2229If set to 2230.Dq Li NO , 2231the system will not attempt to run 2232.Xr fsck 8 2233in the background where possible. 2234.It Va background_fsck_delay 2235.Pq Vt int 2236The amount of time in seconds to sleep before starting a background 2237.Xr fsck 8 . 2238It defaults to sixty seconds to allow large applications such as 2239the X server to start before disk I/O bandwidth is monopolized by 2240.Xr fsck 8 . 2241If set to a negative number, the background file system check will be 2242delayed indefinitely to allow the administrator to run it at a more 2243convenient time. 2244For example it may be run from 2245.Xr cron 8 2246by adding a line like 2247.Pp 2248.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2249.Pp 2250to 2251.Pa /etc/crontab . 2252.It Va netfs_types 2253.Pq Vt str 2254List of file system types that are network-based. 2255This list should generally not be modified by end users. 2256Use 2257.Va extra_netfs_types 2258instead. 2259.It Va extra_netfs_types 2260.Pq Vt str 2261If set to something other than 2262.Dq Li NO 2263(the default), 2264this variable extends the list of file system types 2265for which automatic mounting at startup by 2266.Xr rc 8 2267should be delayed until the network is initialized. 2268It should contain 2269a whitespace-separated list of network file system descriptor pairs, 2270each consisting of a file system type as passed to 2271.Xr mount 8 2272and a human-readable, one-word description, 2273joined with a colon 2274.Pq Ql \&: . 2275Extending the default list in this way is only necessary 2276when third party file system types are used. 2277.It Va syslogd_enable 2278.Pq Vt bool 2279If set to 2280.Dq Li YES , 2281run the 2282.Xr syslogd 8 2283daemon. 2284.It Va syslogd_program 2285.Pq Vt str 2286Path to 2287.Xr syslogd 8 2288(default 2289.Pa /usr/sbin/syslogd ) . 2290.It Va syslogd_flags 2291.Pq Vt str 2292If 2293.Va syslogd_enable 2294is set to 2295.Dq Li YES , 2296these are the flags to pass to 2297.Xr syslogd 8 . 2298.It Va inetd_enable 2299.Pq Vt bool 2300If set to 2301.Dq Li YES , 2302run the 2303.Xr inetd 8 2304daemon. 2305.It Va inetd_program 2306.Pq Vt str 2307Path to 2308.Xr inetd 8 2309(default 2310.Pa /usr/sbin/inetd ) . 2311.It Va inetd_flags 2312.Pq Vt str 2313If 2314.Va inetd_enable 2315is set to 2316.Dq Li YES , 2317these are the flags to pass to 2318.Xr inetd 8 . 2319.It Va hastd_enable 2320.Pq Vt bool 2321If set to 2322.Dq Li YES , 2323run the 2324.Xr hastd 8 2325daemon. 2326.It Va hastd_program 2327.Pq Vt str 2328Path to 2329.Xr hastd 8 2330(default 2331.Pa /sbin/hastd ) . 2332.It Va hastd_flags 2333.Pq Vt str 2334If 2335.Va hastd_enable 2336is set to 2337.Dq Li YES , 2338these are the flags to pass to 2339.Xr hastd 8 . 2340.It Va local_unbound_enable 2341.Pq Vt bool 2342If set to 2343.Dq Li YES , 2344run the 2345.Xr unbound 8 2346daemon as a local caching resolver. 2347.It Va kdc_enable 2348.Pq Vt bool 2349Set to 2350.Dq Li YES 2351to start a Kerberos 5 authentication server 2352at boot time. 2353.It Va kdc_program 2354.Pq Vt str 2355If 2356.Va kdc_enable 2357is set to 2358.Dq Li YES 2359this is the path to Kerberos 5 Authentication Server. 2360.It Va kdc_flags 2361.Pq Vt str 2362Empty by default. 2363This variable contains additional flags to be passed to the Kerberos 5 2364authentication server. 2365.It Va kadmind_enable 2366.Pq Vt bool 2367Set to 2368.Dq Li YES 2369to start 2370.Xr kadmind 8 , 2371the Kerberos 5 Administration Daemon; set to 2372.Dq Li NO 2373on a slave server. 2374.It Va kadmind_program 2375.Pq Vt str 2376If 2377.Va kadmind_enable 2378is set to 2379.Dq Li YES 2380this is the path to Kerberos 5 Administration Daemon. 2381.It Va kpasswdd_enable 2382.Pq Vt bool 2383Set to 2384.Dq Li YES 2385to start 2386.Xr kpasswdd 8 , 2387the Kerberos 5 Password-Changing Daemon; set to 2388.Dq Li NO 2389on a slave server. 2390.It Va kpasswdd_program 2391.Pq Vt str 2392If 2393.Va kpasswdd_enable 2394is set to 2395.Dq Li YES 2396this is the path to Kerberos 5 Password-Changing Daemon. 2397.It Va kfd_enable 2398.Pq Vt bool 2399Set to 2400.Dq Li YES 2401to start 2402.Xr kfd 8 , 2403the Kerberos 5 ticket forwarding daemon, at the boot time. 2404.It Va kfd_program 2405.Pq Vt str 2406Path to 2407.Xr kfd 8 2408(default 2409.Pa /usr/libexec/kfd ) . 2410.It Va rwhod_enable 2411.Pq Vt bool 2412If set to 2413.Dq Li YES , 2414run the 2415.Xr rwhod 8 2416daemon at boot time. 2417.It Va rwhod_flags 2418.Pq Vt str 2419If 2420.Va rwhod_enable 2421is set to 2422.Dq Li YES , 2423these are the flags to pass to it. 2424.It Va update_motd 2425.Pq Vt bool 2426If set to 2427.Dq Li YES , 2428.Pa /etc/motd 2429will be updated at boot time to reflect the kernel release 2430being run. 2431If set to 2432.Dq Li NO , 2433.Pa /etc/motd 2434will not be updated. 2435.It Va nfs_client_enable 2436.Pq Vt bool 2437If set to 2438.Dq Li YES , 2439run the NFS client daemons at boot time. 2440.It Va nfs_access_cache 2441.Pq Vt int 2442If 2443.Va nfs_client_enable 2444is set to 2445.Dq Li YES , 2446this can be set to 2447.Dq Li 0 2448to disable NFS ACCESS RPC caching, or to the number of seconds for which 2449NFS ACCESS 2450results should be cached. 2451A value of 2-10 seconds will substantially reduce network 2452traffic for many NFS operations. 2453.It Va nfs_server_enable 2454.Pq Vt bool 2455If set to 2456.Dq Li YES , 2457run the NFS server daemons at boot time. 2458.It Va nfs_server_flags 2459.Pq Vt str 2460If 2461.Va nfs_server_enable 2462is set to 2463.Dq Li YES , 2464these are the flags to pass to the 2465.Xr nfsd 8 2466daemon. 2467.It Va nfsv4_server_enable 2468.Pq Vt bool 2469If 2470.Va nfs_server_enable 2471is set to 2472.Dq Li YES 2473and 2474.Va nfsv4_server_enable 2475is set to 2476.Dq Li YES , 2477enable the server for NFSv4 as well as NFSv2 and NFSv3. 2478.It Va nfsv4_server_only 2479.Pq Vt bool 2480If 2481.Va nfs_server_enable 2482is set to 2483.Dq Li YES 2484and 2485.Va nfsv4_server_only 2486is set to 2487.Dq Li YES , 2488enable the NFS server for NFSv4 only. 2489.It Va nfs_server_maxio 2490.Pq Vt int 2491value to set vfs.nfsd.srvmaxio to, which is the 2492maximum I/O size for the NFS server. 2493.It Va tlsclntd_enable 2494.Pq Vt bool 2495If set to 2496.Dq Li YES , 2497run the 2498.Xr rpc.tlsclntd 8 2499daemon, which is needed for NFS-over-TLS NFS mounts. 2500.It Va tlsservd_enable 2501.Pq Vt bool 2502If set to 2503.Dq Li YES , 2504run the 2505.Xr rpc.tlsservd 8 2506daemon, which is needed for the 2507.Xr nfsd 8 2508to support NFS-over-TLS NFS mounts. 2509.It Va nfsuserd_enable 2510.Pq Vt bool 2511If 2512.Va nfsuserd_enable 2513is set to 2514.Dq Li YES , 2515run the nfsuserd daemon, which is needed for NFSv4 in order 2516to map between user/group names vs uid/gid numbers. 2517If 2518.Va nfsv4_server_enable 2519is set to 2520.Dq Li YES , 2521this will be forced enabled. 2522.It Va nfsuserd_flags 2523.Pq Vt str 2524If 2525.Va nfsuserd_enable 2526is set to 2527.Dq Li YES , 2528these are the flags to pass to the 2529.Xr nfsuserd 8 2530daemon. 2531.It Va nfscbd_enable 2532.Pq Vt bool 2533If 2534.Va nfscbd_enable 2535is set to 2536.Dq Li YES , 2537run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2538.It Va nfscbd_flags 2539.Pq Vt str 2540If 2541.Va nfscbd_enable 2542is set to 2543.Dq Li YES , 2544these are the flags to pass to the 2545.Xr nfscbd 8 2546daemon. 2547.It Va mountd_enable 2548.Pq Vt bool 2549If set to 2550.Dq Li YES , 2551and no 2552.Va nfs_server_enable 2553is set, start 2554.Xr mountd 8 , 2555but not 2556.Xr nfsd 8 2557daemon. 2558It is commonly needed to run CFS without real NFS used. 2559.It Va mountd_flags 2560.Pq Vt str 2561If 2562.Va mountd_enable 2563is set to 2564.Dq Li YES , 2565these are the flags to pass to the 2566.Xr mountd 8 2567daemon. 2568.It Va weak_mountd_authentication 2569.Pq Vt bool 2570If set to 2571.Dq Li YES , 2572allow services like PCNFSD to make non-privileged mount 2573requests. 2574.It Va nfs_reserved_port_only 2575.Pq Vt bool 2576If set to 2577.Dq Li YES , 2578provide NFS services only on a secure port. 2579.It Va nfs_bufpackets 2580.Pq Vt int 2581If set to a number, indicates the number of packets worth of 2582socket buffer space to reserve on an NFS client. 2583The kernel default is typically 4. 2584Using a higher number may be 2585useful on gigabit networks to improve performance. 2586The minimum value is 25872 and the maximum is 64. 2588.It Va rpc_lockd_enable 2589.Pq Vt bool 2590If set to 2591.Dq Li YES 2592and also an NFS server or client, run 2593.Xr rpc.lockd 8 2594at boot time. 2595.It Va rpc_lockd_flags 2596.Pq Vt str 2597If 2598.Va rpc_lockd_enable 2599is set to 2600.Dq Li YES , 2601these are the flags to pass to the 2602.Xr rpc.lockd 8 2603daemon. 2604.It Va rpc_statd_enable 2605.Pq Vt bool 2606If set to 2607.Dq Li YES 2608and also an NFS server or client, run 2609.Xr rpc.statd 8 2610at boot time. 2611.It Va rpc_statd_flags 2612.Pq Vt str 2613If 2614.Va rpc_statd_enable 2615is set to 2616.Dq Li YES , 2617these are the flags to pass to the 2618.Xr rpc.statd 8 2619daemon. 2620.It Va rpcbind_program 2621.Pq Vt str 2622Path to 2623.Xr rpcbind 8 2624(default 2625.Pa /usr/sbin/rpcbind ) . 2626.It Va rpcbind_enable 2627.Pq Vt bool 2628If set to 2629.Dq Li YES , 2630run the 2631.Xr rpcbind 8 2632service at boot time. 2633.It Va rpcbind_flags 2634.Pq Vt str 2635If 2636.Va rpcbind_enable 2637is set to 2638.Dq Li YES , 2639these are the flags to pass to the 2640.Xr rpcbind 8 2641daemon. 2642.It Va keyserv_enable 2643.Pq Vt bool 2644If set to 2645.Dq Li YES , 2646run the 2647.Xr keyserv 8 2648daemon on boot for running Secure RPC. 2649.It Va keyserv_flags 2650.Pq Vt str 2651If 2652.Va keyserv_enable 2653is set to 2654.Dq Li YES , 2655these are the flags to pass to 2656.Xr keyserv 8 2657daemon. 2658.It Va pppoed_enable 2659.Pq Vt bool 2660If set to 2661.Dq Li YES , 2662run the 2663.Xr pppoed 8 2664daemon at boot time to provide PPP over Ethernet services. 2665.It Va pppoed_ Ns Aq Ar provider 2666.Pq Vt str 2667.Xr pppoed 8 2668listens to requests to this 2669.Ar provider 2670and ultimately runs 2671.Xr ppp 8 2672with a 2673.Ar system 2674argument of the same name. 2675.It Va pppoed_flags 2676.Pq Vt str 2677Additional flags to pass to 2678.Xr pppoed 8 . 2679.It Va pppoed_interface 2680.Pq Vt str 2681The network interface to run 2682.Xr pppoed 8 2683on. 2684This is mandatory when 2685.Va pppoed_enable 2686is set to 2687.Dq Li YES . 2688.It Va ntpdate_enable 2689.Pq Vt bool 2690If set to 2691.Dq Li YES , 2692run 2693.Xr ntpdate 8 2694at system startup. 2695This command is intended to 2696synchronize the system clock only 2697.Em once 2698from some standard reference. 2699.Pp 2700Note that the use of the 2701.Va ntpd_sync_on_start 2702variable is a preferred alternative to the 2703.Xr ntpdate 8 2704utility as 2705.Xr ntpdate 8 2706is to be retired from the NTP distribution. 2707.It Va ntpdate_config 2708.Pq Vt str 2709Configuration file for 2710.Xr ntpdate 8 . 2711Default 2712.Pa /etc/ntp.conf . 2713.It Va ntpdate_hosts 2714.Pq Vt str 2715A whitespace-separated list of NTP servers to synchronize with at startup. 2716The default is to use the servers listed in 2717.Va ntpdate_config , 2718if that file exists. 2719.It Va ntpdate_program 2720.Pq Vt str 2721Path to 2722.Xr ntpdate 8 2723(default 2724.Pa /usr/sbin/ntpdate ) . 2725.It Va ntpdate_flags 2726.Pq Vt str 2727If 2728.Va ntpdate_enable 2729is set to 2730.Dq Li YES , 2731these are the flags to pass to the 2732.Xr ntpdate 8 2733command (typically a hostname). 2734.It Va ntpd_enable 2735.Pq Vt bool 2736If set to 2737.Dq Li YES , 2738run the 2739.Xr ntpd 8 2740command at boot time. 2741.It Va ntpd_program 2742.Pq Vt str 2743Path to 2744.Xr ntpd 8 2745(default 2746.Pa /usr/sbin/ntpd ) . 2747.It Va ntpd_config 2748.Pq Vt str 2749Path to 2750.Xr ntpd 8 2751configuration file. 2752Default 2753.Pa /etc/ntp.conf . 2754.It Va ntpd_flags 2755.Pq Vt str 2756If 2757.Va ntpd_enable 2758is set to 2759.Dq Li YES , 2760these are the flags to pass to the 2761.Xr ntpd 8 2762daemon. 2763.It Va ntpd_sync_on_start 2764.Pq Vt bool 2765If set to 2766.Dq Li YES , 2767.Xr ntpd 8 2768is run with the 2769.Fl g 2770flag, which syncs the system's clock on startup. 2771See 2772.Xr ntpd 8 2773for more information regarding the 2774.Fl g 2775option. 2776This is a preferred alternative to using 2777.Xr ntpdate 8 2778or specifying the 2779.Va ntpdate_enable 2780variable. 2781.It Va nis_client_enable 2782.Pq Vt bool 2783If set to 2784.Dq Li YES , 2785run the 2786.Xr ypbind 8 2787service at system boot time. 2788.It Va nis_client_flags 2789.Pq Vt str 2790If 2791.Va nis_client_enable 2792is set to 2793.Dq Li YES , 2794these are the flags to pass to the 2795.Xr ypbind 8 2796service. 2797.It Va nis_ypldap_enable 2798.Pq Vt bool 2799If set to 2800.Dq Li YES , 2801run the 2802.Xr ypldap 8 2803daemon at system boot time. 2804.It Va nis_ypldap_flags 2805.Pq Vt str 2806If 2807.Va nis.ypldap_enable 2808is set to 2809.Dq Li YES , 2810these are the flags to pass to the 2811.Xr ypldap 8 2812daemon. 2813.It Va nis_ypset_enable 2814.Pq Vt bool 2815If set to 2816.Dq Li YES , 2817run the 2818.Xr ypset 8 2819daemon at system boot time. 2820.It Va nis_ypset_flags 2821.Pq Vt str 2822If 2823.Va nis_ypset_enable 2824is set to 2825.Dq Li YES , 2826these are the flags to pass to the 2827.Xr ypset 8 2828daemon. 2829.It Va nis_server_enable 2830.Pq Vt bool 2831If set to 2832.Dq Li YES , 2833run the 2834.Xr ypserv 8 2835daemon at system boot time. 2836.It Va nis_server_flags 2837.Pq Vt str 2838If 2839.Va nis_server_enable 2840is set to 2841.Dq Li YES , 2842these are the flags to pass to the 2843.Xr ypserv 8 2844daemon. 2845.It Va nis_ypxfrd_enable 2846.Pq Vt bool 2847If set to 2848.Dq Li YES , 2849run the 2850.Xr rpc.ypxfrd 8 2851daemon at system boot time. 2852.It Va nis_ypxfrd_flags 2853.Pq Vt str 2854If 2855.Va nis_ypxfrd_enable 2856is set to 2857.Dq Li YES , 2858these are the flags to pass to the 2859.Xr rpc.ypxfrd 8 2860daemon. 2861.It Va nis_yppasswdd_enable 2862.Pq Vt bool 2863If set to 2864.Dq Li YES , 2865run the 2866.Xr rpc.yppasswdd 8 2867daemon at system boot time. 2868.It Va nis_yppasswdd_flags 2869.Pq Vt str 2870If 2871.Va nis_yppasswdd_enable 2872is set to 2873.Dq Li YES , 2874these are the flags to pass to the 2875.Xr rpc.yppasswdd 8 2876daemon. 2877.It Va rpc_ypupdated_enable 2878.Pq Vt bool 2879If set to 2880.Dq Li YES , 2881run the 2882.Nm rpc.ypupdated 2883daemon at system boot time. 2884.It Va bsnmpd_enable 2885.Pq Vt bool 2886If set to 2887.Dq Li YES , 2888run the 2889.Xr bsnmpd 1 2890daemon at system boot time. 2891Be sure to understand the security implications of running SNMP daemon 2892on your host. 2893.It Va bsnmpd_flags 2894.Pq Vt str 2895If 2896.Va bsnmpd_enable 2897is set to 2898.Dq Li YES , 2899these are the flags to pass to the 2900.Xr bsnmpd 1 2901daemon. 2902.It Va defaultrouter 2903.Pq Vt str 2904If not set to 2905.Dq Li NO , 2906create a default route to this host name or IP address 2907(use an IP address if this router is also required to get to the 2908name server!). 2909.It Va defaultrouter_fibN 2910.Pq Vt str 2911If not set to 2912.Dq Li NO , 2913create a default route in FIB N to this host name or IP address. 2914.It Va ipv6_defaultrouter 2915.Pq Vt str 2916The IPv6 equivalent of 2917.Va defaultrouter . 2918.It Va ipv6_defaultrouter_fibN 2919.Pq Vt str 2920The IPv6 equivalent of 2921.Va defaultrouter_fibN . 2922.It Va static_arp_pairs 2923.Pq Vt str 2924Set to the list of static ARP pairs that are to be added at system 2925boot time. 2926For each whitespace separated 2927.Ar element 2928in the value, a 2929.Va static_arp_ Ns Aq Ar element 2930variable is assumed to exist whose contents will later be passed to a 2931.Dq Nm arp Cm -S 2932operation. 2933For example 2934.Bd -literal 2935static_arp_pairs="gw" 2936static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2937.Ed 2938.It Va static_ndp_pairs 2939.Pq Vt str 2940Set to the list of static NDP pairs that are to be added at system 2941boot time. 2942For each whitespace separated 2943.Ar element 2944in the value, a 2945.Va static_ndp_ Ns Aq Ar element 2946variable is assumed to exist whose contents will later be passed to a 2947.Dq Nm ndp Cm -s 2948operation. 2949For example 2950.Bd -literal 2951static_ndp_pairs="gw" 2952static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2953.Ed 2954.It Va static_routes 2955.Pq Vt str 2956Set to the list of static routes that are to be added at system 2957boot time. 2958If not set to 2959.Dq Li NO 2960then for each whitespace separated 2961.Ar element 2962in the value, a 2963.Va route_ Ns Aq Ar element 2964variable is assumed to exist 2965whose contents will later be passed to a 2966.Dq Nm route Cm add 2967operation. 2968For example: 2969.Bd -literal 2970static_routes="ext mcast:gif0 gif0local:gif0" 2971route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2972route_mcast="-net 224.0.0.0/4 -iface gif0" 2973route_gif0local="-host 169.254.1.1 -iface lo0" 2974.Ed 2975.Pp 2976When an 2977.Ar element 2978is in the form of 2979.Li name:ifname , 2980the route is specific to the interface 2981.Li ifname . 2982.It Va ipv6_static_routes 2983.Pq Vt str 2984The IPv6 equivalent of 2985.Va static_routes . 2986If not set to 2987.Dq Li NO 2988then for each whitespace separated 2989.Ar element 2990in the value, a 2991.Va ipv6_route_ Ns Aq Ar element 2992variable is assumed to exist 2993whose contents will later be passed to a 2994.Dq Nm route Cm add Fl inet6 2995operation. 2996.It Va gateway_enable 2997.Pq Vt bool 2998If set to 2999.Dq Li YES , 3000configure host to act as an IP router, e.g.\& to forward packets 3001between interfaces. 3002.It Va ipv6_gateway_enable 3003.Pq Vt bool 3004The IPv6 equivalent of 3005.Va gateway_enable . 3006.It Va routed_enable 3007.Pq Vt bool 3008If set to 3009.Dq Li YES , 3010run a routing daemon of some sort, based on the 3011settings of 3012.Va routed_program 3013and 3014.Va routed_flags . 3015.It Va route6d_enable 3016.Pq Vt bool 3017The IPv6 equivalent of 3018.Va routed_enable . 3019If set to 3020.Dq Li YES , 3021run a routing daemon of some sort, based on the 3022settings of 3023.Va route6d_program 3024and 3025.Va route6d_flags . 3026.It Va routed_program 3027.Pq Vt str 3028If 3029.Va routed_enable 3030is set to 3031.Dq Li YES , 3032this is the name of the routing daemon to use. 3033.It Va route6d_program 3034.Pq Vt str 3035The IPv6 equivalent of 3036.Va routed_program . 3037.It Va routed_flags 3038.Pq Vt str 3039If 3040.Va routed_enable 3041is set to 3042.Dq Li YES , 3043these are the flags to pass to the routing daemon. 3044.It Va route6d_flags 3045.Pq Vt str 3046The IPv6 equivalent of 3047.Va routed_flags . 3048.It Va rtadvd_enable 3049.Pq Vt bool 3050If set to 3051.Dq Li YES , 3052run the 3053.Xr rtadvd 8 3054daemon at boot time. 3055The 3056.Xr rtadvd 8 3057utility sends ICMPv6 Router Advertisement messages to 3058the interfaces specified in 3059.Va rtadvd_interfaces . 3060This should only be enabled with great care. 3061You may want to fine-tune 3062.Xr rtadvd.conf 5 . 3063.It Va rtadvd_interfaces 3064.Pq Vt str 3065If 3066.Va rtadvd_enable 3067is set to 3068.Dq Li YES 3069this is the list of interfaces to use. 3070.It Va arpproxy_all 3071.Pq Vt bool 3072If set to 3073.Dq Li YES , 3074enable global proxy ARP. 3075.It Va forward_sourceroute 3076.Pq Vt bool 3077If set to 3078.Dq Li YES 3079and 3080.Va gateway_enable 3081is also set to 3082.Dq Li YES , 3083source-routed packets are forwarded. 3084.It Va accept_sourceroute 3085.Pq Vt bool 3086If set to 3087.Dq Li YES , 3088the system will accept source-routed packets directed at it. 3089.It Va rarpd_enable 3090.Pq Vt bool 3091If set to 3092.Dq Li YES , 3093run the 3094.Xr rarpd 8 3095daemon at system boot time. 3096.It Va rarpd_flags 3097.Pq Vt str 3098If 3099.Va rarpd_enable 3100is set to 3101.Dq Li YES , 3102these are the flags to pass to the 3103.Xr rarpd 8 3104daemon. 3105.It Va bootparamd_enable 3106.Pq Vt bool 3107If set to 3108.Dq Li YES , 3109run the 3110.Xr bootparamd 8 3111daemon at system boot time. 3112.It Va bootparamd_flags 3113.Pq Vt str 3114If 3115.Va bootparamd_enable 3116is set to 3117.Dq Li YES , 3118these are the flags to pass to the 3119.Xr bootparamd 8 3120daemon. 3121.It Va stf_interface_ipv4addr 3122.Pq Vt str 3123If not set to 3124.Dq Li NO , 3125this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3126interface). 3127Specify this entry to enable the 6to4 interface. 3128.It Va stf_interface_ipv4plen 3129.Pq Vt int 3130Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3131An effective value is 0-31. 3132.It Va stf_interface_ipv6_ifid 3133.Pq Vt str 3134IPv6 interface ID for 3135.Xr stf 4 . 3136This can be set to 3137.Dq Li AUTO . 3138.It Va stf_interface_ipv6_slaid 3139.Pq Vt str 3140IPv6 Site Level Aggregator for 3141.Xr stf 4 . 3142.It Va ipv6_ipv4mapping 3143.Pq Vt bool 3144If set to 3145.Dq Li YES 3146this enables IPv4 mapped IPv6 address communication (like 3147.Li ::ffff:a.b.c.d ) . 3148.It Va rtsold_enable 3149.Pq Vt bool 3150Set to 3151.Dq Li YES 3152to enable the 3153.Xr rtsold 8 3154daemon to send ICMPv6 Router Solicitation messages. 3155.It Va rtsold_flags 3156.Pq Vt str 3157If 3158.Va rtsold_enable 3159is set to 3160.Dq Li YES , 3161these are the flags to pass to 3162.Xr rtsold 8 . 3163.It Va rtsol_flags 3164.Pq Vt str 3165For interfaces configured with the 3166.Dq Li inet6 accept_rtadv 3167keyword, these are the flags to pass to 3168.Xr rtsol 8 . 3169.Pp 3170Note that 3171.Va rtsold_enable 3172is mutually exclusive to 3173.Va rtsol_flags ; 3174.Va rtsold_enable 3175takes precedence. 3176.It Va keybell 3177.Pq Vt str 3178The keyboard bell sound. 3179Set to 3180.Dq Li normal , 3181.Dq Li visual , 3182.Dq Li off , 3183or 3184.Dq Li NO 3185if the default behavior is desired. 3186For details, refer to the 3187.Xr kbdcontrol 1 3188manpage. 3189.It Va keyboard 3190.Pq Vt str 3191If set to a non-null string, the virtual console's keyboard input is 3192set to this device. 3193.It Va keymap 3194.Pq Vt str 3195If set to 3196.Dq Li NO , 3197no keymap is installed, otherwise the value is used to install 3198the keymap file found in 3199.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3200(if using 3201.Xr syscons 4 ) or 3202.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3203(if using 3204.Xr vt 4 ) . 3205.It Va keyrate 3206.Pq Vt str 3207The keyboard repeat speed. 3208Set to 3209.Dq Li slow , 3210.Dq Li normal , 3211.Dq Li fast , 3212or 3213.Dq Li NO 3214if the default behavior is desired. 3215.It Va keychange 3216.Pq Vt str 3217If not set to 3218.Dq Li NO , 3219attempt to program the function keys with the value. 3220The value should 3221be a single string of the form: 3222.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3223.It Va cursor 3224.Pq Vt str 3225Can be set to the value of 3226.Dq Li normal , 3227.Dq Li blink , 3228.Dq Li destructive , 3229or 3230.Dq Li NO 3231to set the cursor behavior explicitly or choose the default behavior. 3232.It Va scrnmap 3233.Pq Vt str 3234If set to 3235.Dq Li NO , 3236no screen map is installed, otherwise the value is used to install 3237the screen map file in 3238.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3239This parameter is ignored when using 3240.Xr vt 4 3241as the console driver. 3242.It Va font8x16 3243.Pq Vt str 3244If set to 3245.Dq Li NO , 3246the default 8x16 font value is used for screen size requests, otherwise 3247the value in 3248.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3249or 3250.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3251is used (depending on the console driver being used). 3252.It Va font8x14 3253.Pq Vt str 3254If set to 3255.Dq Li NO , 3256the default 8x14 font value is used for screen size requests, otherwise 3257the value in 3258.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3259or 3260.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3261is used (depending on the console driver being used). 3262.It Va font8x8 3263.Pq Vt str 3264If set to 3265.Dq Li NO , 3266the default 8x8 font value is used for screen size requests, otherwise 3267the value in 3268.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3269or 3270.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3271is used (depending on the console driver being used). 3272.It Va blanktime 3273.Pq Vt int 3274If set to 3275.Dq Li NO , 3276the default screen blanking interval is used, otherwise it is set 3277to 3278.Ar value 3279seconds. 3280.It Va saver 3281.Pq Vt str 3282If not set to 3283.Dq Li NO , 3284this is the actual screen saver to use 3285.Li ( blank , snake , daemon , 3286etc). 3287.It Va moused_nondefault_enable 3288.Pq Vt str 3289If set to 3290.Dq Li NO , 3291the mouse device specified on 3292the command line is not automatically treated as enabled by the 3293.Pa /etc/rc.d/moused 3294script. 3295Having this variable set to 3296.Dq Li YES 3297allows a 3298.Xr usb 4 3299mouse, 3300for example, 3301to be enabled as soon as it is plugged in. 3302.It Va moused_enable 3303.Pq Vt str 3304If set to 3305.Dq Li YES , 3306the 3307.Xr moused 8 3308daemon is started for doing cut/paste selection on the console. 3309.It Va moused_type 3310.Pq Vt str 3311This is the protocol type of the mouse connected to this host. 3312This variable must be set if 3313.Va moused_enable 3314is set to 3315.Dq Li YES . 3316The 3317.Xr moused 8 3318daemon 3319is able to detect the appropriate mouse type automatically in many cases. 3320Set this variable to 3321.Dq Li auto 3322to let the daemon detect it, or 3323select one from the following list if the automatic detection fails. 3324.Pp 3325If the mouse is attached to the PS/2 mouse port, choose 3326.Dq Li auto 3327or 3328.Dq Li ps/2 , 3329regardless of the brand and model of the mouse. 3330Likewise, if the 3331mouse is attached to the bus mouse port, choose 3332.Dq Li auto 3333or 3334.Dq Li busmouse . 3335All other protocols are for serial mice and will not work with 3336the PS/2 and bus mice. 3337If this is a USB mouse, 3338.Dq Li auto 3339is the only protocol type which will work. 3340.Pp 3341.Bl -tag -width ".Li x10mouseremote" -compact 3342.It Li microsoft 3343Microsoft mouse (serial) 3344.It Li intellimouse 3345Microsoft IntelliMouse (serial) 3346.It Li mousesystems 3347Mouse systems Corp.\& mouse (serial) 3348.It Li mmseries 3349MM Series mouse (serial) 3350.It Li logitech 3351Logitech mouse (serial) 3352.It Li busmouse 3353A bus mouse 3354.It Li mouseman 3355Logitech MouseMan and TrackMan (serial) 3356.It Li glidepoint 3357ALPS GlidePoint (serial) 3358.It Li thinkingmouse 3359Kensington ThinkingMouse (serial) 3360.It Li ps/2 3361PS/2 mouse 3362.It Li mmhittab 3363MM HitTablet (serial) 3364.It Li x10mouseremote 3365X10 MouseRemote (serial) 3366.It Li versapad 3367Interlink VersaPad (serial) 3368.El 3369.Pp 3370Even if the mouse is not in the above list, it may be compatible 3371with one in the list. 3372Refer to the manual page for 3373.Xr moused 8 3374for compatibility information. 3375.Pp 3376It should also be noted that while this is enabled, any 3377other client of the mouse (such as an X server) should access 3378the mouse through the virtual mouse device, 3379.Pa /dev/sysmouse , 3380and configure it as a 3381.Dq Li sysmouse 3382type mouse, since all 3383mouse data is converted to this single canonical format when 3384using 3385.Xr moused 8 . 3386If the client program does not support the 3387.Dq Li sysmouse 3388type, 3389specify the 3390.Dq Li mousesystems 3391type. 3392It is the second preferred type. 3393.It Va moused_port 3394.Pq Vt str 3395If 3396.Va moused_enable 3397is set to 3398.Dq Li YES , 3399this is the actual port the mouse is on. 3400It might be 3401.Pa /dev/cuau0 3402for a COM1 serial mouse, or 3403.Pa /dev/psm0 3404for a PS/2 mouse, for example. 3405.It Va moused_flags 3406.Pq Vt str 3407If 3408.Va moused_flags 3409is set, its value is used as an additional set of flags to pass to the 3410.Xr moused 8 3411daemon. 3412.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3413When 3414.Va moused_nondefault_enable 3415is enabled, and a 3416.Xr moused 8 3417daemon is started for a non-default port, the 3418.Va "moused_" Ns Ar XXX Ns Va "_flags" 3419set of options has precedence over and replaces the default 3420.Va moused_flags 3421(where 3422.Ar XXX 3423is the name of the non-default port, i.e.,\& 3424.Ar ums0 ) . 3425By setting 3426.Va "moused_" Ns Ar XXX Ns Va "_flags" 3427it is possible to set up a different set of default flags for each 3428.Xr moused 8 3429instance. 3430For example, you can use 3431.Dq Li "-3" 3432for the default 3433.Va moused_flags 3434to make your laptop's touchpad more comfortable to use, 3435but an empty set of options for 3436.Va moused_ums0_flags 3437when your 3438.Xr usb 4 3439mouse has three or more buttons. 3440.It Va mousechar_start 3441.Pq Vt int 3442If set to 3443.Dq Li NO , 3444the default mouse cursor character range 3445.Li 0xd0 Ns - Ns Li 0xd3 3446is used, 3447otherwise the range start is set 3448to 3449.Ar value 3450character, see 3451.Xr vidcontrol 1 . 3452Use if the default range is occupied in the language code table. 3453.It Va allscreens_flags 3454.Pq Vt str 3455If set, 3456.Xr vidcontrol 1 3457is run with these options for each of the virtual terminals 3458.Pq Pa /dev/ttyv* . 3459For example, 3460.Dq Fl m Cm on 3461will enable the mouse pointer on all virtual terminals 3462if 3463.Va moused_enable 3464is set to 3465.Dq Li YES . 3466.It Va allscreens_kbdflags 3467.Pq Vt str 3468If set, 3469.Xr kbdcontrol 1 3470is run with these options for each of the virtual terminals 3471.Pq Pa /dev/ttyv* . 3472For example, 3473.Dq Fl h Li 200 3474will set the 3475.Xr syscons 4 3476or 3477.Xr vt 4 3478scrollback (history) buffer to 200 lines. 3479.It Va cron_enable 3480.Pq Vt bool 3481If set to 3482.Dq Li YES , 3483run the 3484.Xr cron 8 3485daemon at system boot time. 3486.It Va cron_program 3487.Pq Vt str 3488Path to 3489.Xr cron 8 3490(default 3491.Pa /usr/sbin/cron ) . 3492.It Va cron_flags 3493.Pq Vt str 3494If 3495.Va cron_enable 3496is set to 3497.Dq Li YES , 3498these are the flags to pass to 3499.Xr cron 8 . 3500.It Va cron_dst 3501.Pq Vt bool 3502If set to 3503.Dq Li YES , 3504enable the special handling of transitions to and from the 3505Daylight Saving Time in 3506.Xr cron 8 3507(equivalent to using the flag 3508.Fl s ) . 3509.It Va lpd_program 3510.Pq Vt str 3511Path to 3512.Xr lpd 8 3513(default 3514.Pa /usr/sbin/lpd ) . 3515.It Va lpd_enable 3516.Pq Vt bool 3517If set to 3518.Dq Li YES , 3519run the 3520.Xr lpd 8 3521daemon at system boot time. 3522.It Va lpd_flags 3523.Pq Vt str 3524If 3525.Va lpd_enable 3526is set to 3527.Dq Li YES , 3528these are the flags to pass to the 3529.Xr lpd 8 3530daemon. 3531.It Va chkprintcap_enable 3532.Pq Vt bool 3533If set to 3534.Dq Li YES , 3535run the 3536.Xr chkprintcap 8 3537command before starting the 3538.Xr lpd 8 3539daemon. 3540.It Va chkprintcap_flags 3541.Pq Vt str 3542If 3543.Va lpd_enable 3544and 3545.Va chkprintcap_enable 3546are set to 3547.Dq Li YES , 3548these are the flags to pass to the 3549.Xr chkprintcap 8 3550program. 3551The default is 3552.Dq Li -d , 3553which causes missing directories to be created. 3554.It Va mta_start_script 3555.Pq Vt str 3556This variable specifies the full path to the script to run to start 3557a mail transfer agent. 3558The default is 3559.Pa /etc/rc.sendmail . 3560Note that it only executes a script if the value is set to something 3561different than the default. 3562.It Va dumpdev 3563.Pq Vt str 3564Indicates the device (usually a swap partition) to which a crash dump 3565should be written in the event of a system crash. 3566If the value of this variable is 3567.Dq Li AUTO , 3568the first suitable swap device listed in 3569.Pa /etc/fstab 3570will be used as dump device. 3571Otherwise, the value of this variable is passed as the argument to 3572.Xr dumpon 8 3573and 3574.Xr savecore 8 . 3575To disable crash dumps, set this variable to 3576.Dq Li NO . 3577.It Va dumpon_flags 3578.Pq Vt str 3579Flags to pass to 3580.Xr dumpon 8 3581when configuring 3582.Va dumpdev 3583as the system dump device. 3584.It Va dumpdir 3585.Pq Vt str 3586When the system reboots after a crash and a crash dump is found on the 3587device specified by the 3588.Va dumpdev 3589variable, 3590.Xr savecore 8 3591will save that crash dump and a copy of the kernel to the directory 3592specified by the 3593.Va dumpdir 3594variable. 3595The default value is 3596.Pa /var/crash . 3597Set to 3598.Dq Li NO 3599to not run 3600.Xr savecore 8 3601at boot time when 3602.Va dumpdir 3603is set. 3604.It Va savecore_enable 3605.Pq Vt bool 3606If set to 3607.Dq Li NO , 3608disable automatic extraction of the crash dump from the 3609.Va dumpdev . 3610.It Va savecore_flags 3611.Pq Vt str 3612If crash dumps are enabled, these are the flags to pass to the 3613.Xr savecore 8 3614utility. 3615.It Va quota_enable 3616.Pq Vt bool 3617Set to 3618.Dq Li YES 3619to turn on user and group disk quotas on system startup via the 3620.Xr quotaon 8 3621command for all file systems marked as having quotas enabled in 3622.Pa /etc/fstab . 3623The kernel must be built with 3624.Cd "options QUOTA" 3625for disk quotas to function. 3626.It Va check_quotas 3627.Pq Vt bool 3628Set to 3629.Dq Li YES 3630to enable user and group disk quota checking via the 3631.Xr quotacheck 8 3632command. 3633.It Va quotacheck_flags 3634.Pq Vt str 3635If 3636.Va quota_enable 3637is set to 3638.Dq Li YES , 3639and 3640.Va check_quotas 3641is set to 3642.Dq Li YES , 3643these are the flags to pass to the 3644.Xr quotacheck 8 3645utility. 3646The default is 3647.Dq Li "-a" , 3648which checks quotas for all file systems with quotas enabled in 3649.Pa /etc/fstab . 3650.It Va quotaon_flags 3651.Pq Vt str 3652If 3653.Va quota_enable 3654is set to 3655.Dq Li YES , 3656these are the flags to pass to the 3657.Xr quotaon 8 3658utility. 3659The default is 3660.Dq Li "-a" , 3661which enables quotas for all file systems with quotas enabled in 3662.Pa /etc/fstab . 3663.It Va quotaoff_flags 3664.Pq Vt str 3665If 3666.Va quota_enable 3667is set to 3668.Dq Li YES , 3669these are the flags to pass to the 3670.Xr quotaoff 8 3671utility when shutting down the quota system. 3672The default is 3673.Dq Li "-a" , 3674which disables quotas for all file systems with quotas enabled in 3675.Pa /etc/fstab . 3676.It Va accounting_enable 3677.Pq Vt bool 3678Set to 3679.Dq Li YES 3680to enable system accounting through the 3681.Xr accton 8 3682facility. 3683.It Va firstboot_sentinel 3684.Pq Vt str 3685This variable specifies the full path to a 3686.Dq first boot 3687sentinel file. 3688If a file exists with this path, 3689.Pa rc.d 3690scripts with the 3691.Dq firstboot 3692keyword will be run on startup and the sentinel file will be deleted 3693after the boot process completes. 3694The sentinel file must be located on a writable file system which is 3695mounted no later than 3696.Va early_late_divider 3697to function properly. 3698The default is 3699.Pa /firstboot . 3700.It Va linux_enable 3701.Pq Vt bool 3702Set to 3703.Dq Li YES 3704to enable Linux/ELF binary emulation at system initial 3705boot time. 3706.It Va sysvipc_enable 3707.Pq Vt bool 3708If set to 3709.Dq Li YES , 3710load System V IPC primitives at boot time. 3711.It Va clear_tmp_enable 3712.Pq Vt bool 3713Set to 3714.Dq Li YES 3715to have 3716.Pa /tmp 3717cleaned at startup. 3718.It Va clear_tmp_X 3719.Pq Vt bool 3720Set to 3721.Dq Li NO 3722to disable removing of X11 lock files, 3723and the removal and (secure) recreation 3724of the various socket directories for X11 3725related programs. 3726.It Va ldconfig_paths 3727.Pq Vt str 3728Set to the list of shared library paths to use with 3729.Xr ldconfig 8 . 3730NOTE: 3731.Pa /lib 3732and 3733.Pa /usr/lib 3734will always be added first, so they need not appear in this list. 3735.It Va ldconfig32_paths 3736.Pq Vt str 3737Set to the list of 32-bit compatibility shared library paths to 3738use with 3739.Xr ldconfig 8 . 3740.It Va ldconfig_insecure 3741.Pq Vt bool 3742The 3743.Xr ldconfig 8 3744utility normally refuses to use directories 3745which are writable by anyone except root. 3746Set this variable to 3747.Dq Li YES 3748to disable that security check during system startup. 3749.It Va ldconfig_local_dirs 3750.Pq Vt str 3751Set to the list of local 3752.Xr ldconfig 8 3753directories. 3754The names of all files in the directories listed will be 3755passed as arguments to 3756.Xr ldconfig 8 . 3757.It Va ldconfig_local32_dirs 3758.Pq Vt str 3759Set to the list of local 32-bit compatibility 3760.Xr ldconfig 8 3761directories. 3762The names of all files in the directories listed will be 3763passed as arguments to 3764.Dq Nm ldconfig Fl 32 . 3765.It Va kern_securelevel_enable 3766.Pq Vt bool 3767Set to 3768.Dq Li YES 3769to set the kernel security level at system startup. 3770.It Va kern_securelevel 3771.Pq Vt int 3772The kernel security level to set at startup. 3773The allowed range of 3774.Ar value 3775ranges from \-1 (the compile time default) to 3 (the 3776most secure). 3777See 3778.Xr security 7 3779for the list of possible security levels and their effect 3780on system operation. 3781.It Va sshd_program 3782.Pq Vt str 3783Path to the SSH server program 3784.Pa ( /usr/sbin/sshd 3785is the default). 3786.It Va sshd_enable 3787.Pq Vt bool 3788Set to 3789.Dq Li YES 3790to start 3791.Xr sshd 8 3792at system boot time. 3793.It Va sshd_flags 3794.Pq Vt str 3795If 3796.Va sshd_enable 3797is set to 3798.Dq Li YES , 3799these are the flags to pass to the 3800.Xr sshd 8 3801daemon. 3802.It Va ftpd_program 3803.Pq Vt str 3804Path to the FTP server program 3805.Pa ( /usr/libexec/ftpd 3806is the default). 3807.It Va ftpd_enable 3808.Pq Vt bool 3809Set to 3810.Dq Li YES 3811to start 3812.Xr ftpd 8 3813as a stand-alone daemon at system boot time. 3814.It Va ftpd_flags 3815.Pq Vt str 3816If 3817.Va ftpd_enable 3818is set to 3819.Dq Li YES , 3820these are the additional flags to pass to the 3821.Xr ftpd 8 3822daemon. 3823.It Va watchdogd_enable 3824.Pq Vt bool 3825If set to 3826.Dq Li YES , 3827start the 3828.Xr watchdogd 8 3829daemon at boot time. 3830This requires that the kernel have been compiled with a 3831.Xr watchdog 4 3832compatible device. 3833.It Va watchdogd_flags 3834.Pq Vt str 3835If 3836.Va watchdogd_enable 3837is set to 3838.Dq Li YES , 3839these are the flags passed to the 3840.Xr watchdogd 8 3841daemon. 3842.It Va watchdogd_timeout 3843.Pq Vt int 3844If 3845.Va watchdogd_enable 3846is set to 3847.Dq Li YES , 3848this is a timeout that will be used by the 3849.Xr watchdogd 8 3850daemon. 3851If this option is set, it overrides 3852.Fl t 3853in 3854.Va watchdogd_flags . 3855.It Va watchdogd_shutdown_timeout 3856.Pq Vt int 3857If 3858.Va watchdogd_enable 3859is set to 3860.Dq Li YES , 3861this is a timeout that will be set by the 3862.Xr watchdogd 8 3863daemon when it exits during the system shutdown. 3864This timeout will not be set when returning to the single-user mode 3865or when the watchdogd service is stopped individually using the 3866.Xr service 8 3867command or the rc.d script. 3868Note that the timeout will be applied if 3869.Xr watchdogd 8 3870is stopped outside of 3871.Xr rc 8 3872framework. 3873If this option is set, it overrides 3874.Fl x 3875in 3876.Va watchdogd_flags . 3877.It Va devfs_rulesets 3878.Pq Vt str 3879List of files containing sets of rules for 3880.Xr devfs 8 . 3881.It Va devfs_system_ruleset 3882.Pq Vt str 3883Rule name(s) to apply to the system 3884.Pa /dev 3885itself. 3886.It Va devfs_set_rulesets 3887.Pq Vt str 3888Pairs of already-mounted 3889.Pa dev 3890directories and rulesets that should be applied to them. 3891For example: /mount/dev=ruleset_name 3892.It Va devfs_load_rulesets 3893.Pq Vt bool 3894If set, always load the default rulesets listed in 3895.Va devfs_rulesets . 3896.It Va performance_cx_lowest 3897.Pq Vt str 3898CPU idle state to use while on AC power. 3899The string 3900.Dq Li LOW 3901indicates that 3902.Xr acpi 4 3903should use the lowest power state available while 3904.Dq Li HIGH 3905indicates that the lowest latency state (less power savings) should be used. 3906.It Va performance_cpu_freq 3907.Pq Vt str 3908CPU clock frequency to use while on AC power. 3909The string 3910.Dq Li LOW 3911indicates that 3912.Xr cpufreq 4 3913should use the lowest frequency available while 3914.Dq Li HIGH 3915indicates that the highest frequency (less power savings) should be used. 3916.It Va economy_cx_lowest 3917.Pq Vt str 3918CPU idle state to use when off AC power. 3919The string 3920.Dq Li LOW 3921indicates that 3922.Xr acpi 4 3923should use the lowest power state available while 3924.Dq Li HIGH 3925indicates that the lowest latency state (less power savings) should be used. 3926.It Va economy_cpu_freq 3927.Pq Vt str 3928CPU clock frequency to use when off AC power. 3929The string 3930.Dq Li LOW 3931indicates that 3932.Xr cpufreq 4 3933should use the lowest frequency available while 3934.Dq Li HIGH 3935indicates that the highest frequency (less power savings) should be used. 3936.It Va jail_enable 3937.Pq Vt bool 3938If set to 3939.Dq Li NO , 3940any configured jails will not be started. 3941.It Va jail_conf 3942.Pq Vt str 3943The configuration filename used by 3944.Xr jail 8 3945utility. 3946The default value is 3947.Pa /etc/jail.conf . 3948.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3949and 3950.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3951will also be used if 3952.Va Ao Ar jname Ac Va 3953is set in 3954.Va jail_list . 3955.It Va jail_parallel_start 3956.Pq Vt bool 3957If set to 3958.Dq Li YES , 3959all configured jails will be started in the background (in parallel). 3960.It Va jail_flags 3961.Pq Vt str 3962Unset by default. 3963When set, use as default value for 3964.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3965for every jail in 3966.Va jail_list . 3967.It Va jail_list 3968.Pq Vt str 3969A space-delimited list of jail names. 3970When left empty, all of the 3971.Xr jail 8 3972instances defined in the configuration file are started. 3973The names specified in this list control the jail startup order. 3974.Xr jail 8 3975instances missing from 3976.Va jail_list 3977must be started manually. 3978Note that a jail's 3979.Va depend 3980parameter in the configuration file may override this list. 3981.It Va jail_reverse_stop 3982.Pq Vt bool 3983When set to 3984.Dq Li YES , 3985all configured jails in 3986.Va jail_list 3987are stopped in reverse order. 3988.It Va jail_ Ns * variables 3989Note that older releases supported per-jail configuration via 3990.Nm 3991variables. 3992For example, 3993hostname of a jail named 3994.Li vjail 3995was able to be set by 3996.Li jail_vjail_hostname . 3997These per-jail configuration variables are now obsolete in favor of 3998.Xr jail 8 3999configuration file. 4000For backward compatibility, 4001when per-jail configuration variables are defined, 4002.Xr jail 8 4003configuration files are created as 4004.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4005and used. 4006.Pp 4007The following per-jail parameters are handled by 4008.Pa rc.d/jail 4009script out of their corresponding 4010.Nm 4011variables. 4012In addition to them, parameters in 4013.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4014will be added to the configuration file. 4015They must be a semi-colon 4016.Pq Ql \&; 4017delimited list of 4018.Dq key=value . 4019For more details, 4020see 4021.Xr jail 8 4022manual page. 4023.Bl -tag -width "host.hostname" -offset indent 4024.It Li path 4025set from 4026.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4027.It Li host.hostname 4028set from 4029.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4030.It Li exec.consolelog 4031set from 4032.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4033The default value is 4034.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4035.It Li interface 4036set from 4037.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4038.It Li vnet.interface 4039set from 4040.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4041This implies 4042.Li vnet 4043parameter will be enabled and cannot be specified with 4044.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4045.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4046and/or 4047.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4048at the same time. 4049.It Li fstab 4050set from 4051.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4052.It Li mount 4053set from 4054.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4055.It Li exec.fib 4056set from 4057.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4058.It Li exec.start 4059set from 4060.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4061The parameter name was 4062.Li command 4063in some older releases. 4064.It Li exec.prestart 4065set from 4066.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4067.It Li exec.poststart 4068set from 4069.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4070.It Li exec.stop 4071set from 4072.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4073.It Li exec.prestop 4074set from 4075.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4076.It Li exec.poststop 4077set from 4078.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4079.It Li ip4.addr 4080set if 4081.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4082or 4083.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4084contain IPv4 addresses 4085.It Li ip6.addr 4086set if 4087.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4088or 4089.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4090contain IPv6 addresses 4091.It Li allow.mount 4092set from 4093.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4094.It Li mount.devfs 4095set from 4096.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4097.It Li devfs_ruleset 4098set from 4099.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4100This must be an integer, 4101not a string. 4102.It Li mount.fdescfs 4103set from 4104.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4105.It Li allow.set_hostname 4106set from 4107.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4108.It Li allow.rawsocket 4109set from 4110.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4111.It Li allow.sysvipc 4112set from 4113.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4114.El 4115.\" ----------------------------------------------------- 4116.It Va harvest_mask 4117.Pq Vt int 4118Set to a bit-mask 4119representing the entropy sources 4120you wish to harvest. 4121Refer to 4122.Xr random 4 4123for more information. 4124.It Va entropy_dir 4125.Pq Vt str 4126Set to 4127.Dq Li NO 4128to disable caching entropy via 4129.Xr cron 8 . 4130Otherwise set to the directory 4131in which the entropy files are stored. 4132To be useful, 4133there must be 4134a system cron job 4135that regularly writes and rotates 4136files here. 4137All files found 4138will be used at boot time. 4139The default is 4140.Pa /var/db/entropy . 4141.It Va entropy_file 4142.Pq Vt str 4143Set to 4144.Dq Li NO 4145to disable caching entropy through reboots. 4146Otherwise set to the name 4147of a file used to store cached entropy. 4148This file should be located 4149on a file system that is readable 4150before all the volumes specified in 4151.Xr fstab 5 4152are mounted. 4153By default, 4154.Pa /entropy 4155is used, 4156but if 4157.Pa /var/db/entropy-file 4158is found it will also be used. 4159This will be of some use to 4160.Xr bsdinstall 8 . 4161.It Va entropy_boot_file 4162.Pq Vt str 4163Set to 4164.Dq Li NO 4165to disable 4166very early caching entropy 4167through reboots. 4168Otherwise set to the filename 4169used to read 4170very early reboot cached entropy. 4171This file should be located where 4172.Xr loader 8 4173can read it. 4174See also 4175.Xr loader.conf 5 . 4176The default location is 4177.Pa /boot/entropy . 4178.It Va entropy_save_sz 4179.Pq Vt int 4180Size of the entropy cache files saved by 4181.Nm save-entropy 4182periodically. 4183.It Va entropy_save_num 4184.Pq Vt int 4185Number of entropy cache files to save by 4186.Nm save-entropy 4187periodically. 4188.It Va ipsec_enable 4189.Pq Vt bool 4190Set to 4191.Dq Li YES 4192to run 4193.Xr setkey 8 4194on 4195.Va ipsec_file 4196at boot time. 4197.It Va ipsec_file 4198.Pq Vt str 4199Configuration file for 4200.Xr setkey 8 . 4201.It Va dmesg_enable 4202.Pq Vt bool 4203Set to 4204.Dq Li YES 4205to save 4206.Xr dmesg 8 4207to 4208.Pa /var/run/dmesg.boot 4209on boot. 4210.It Va rcshutdown_timeout 4211.Pq Vt int 4212If set, start a watchdog timer in the background which will terminate 4213.Pa rc.shutdown 4214if 4215.Xr shutdown 8 4216has not completed within the specified time (in seconds). 4217Notice that in addition to this soft timeout, 4218.Xr init 8 4219also applies a hard timeout for the execution of 4220.Pa rc.shutdown . 4221This is configured via 4222.Xr sysctl 8 4223variable 4224.Va kern.init_shutdown_timeout 4225and defaults to 120 seconds. 4226Setting the value of 4227.Va rcshutdown_timeout 4228to more than 120 seconds will have no effect until the 4229.Xr sysctl 8 4230variable 4231.Va kern.init_shutdown_timeout 4232is also increased. 4233.It Va virecover_enable 4234.Pq Vt bool 4235Set to 4236.Dq Li NO 4237to prevent the system from trying to 4238recover pre-maturely terminated 4239.Xr vi 1 4240sessions. 4241.It Va ugidfw_enable 4242.Pq Vt bool 4243Set to 4244.Dq Li YES 4245to load the 4246.Xr mac_bsdextended 4 4247module upon system initialization and load a default 4248ruleset file. 4249.It Va bsdextended_script 4250.Pq Vt str 4251The default 4252.Xr mac_bsdextended 4 4253ruleset file to load. 4254The default value of this variable is 4255.Pa /etc/rc.bsdextended . 4256.It Va newsyslog_enable 4257.Pq Vt bool 4258If set to 4259.Dq Li YES , 4260run 4261.Xr newsyslog 8 4262command at startup. 4263.It Va newsyslog_flags 4264.Pq Vt str 4265If 4266.Va newsyslog_enable 4267is set to 4268.Dq Li YES , 4269these are the flags to pass to the 4270.Xr newsyslog 8 4271program. 4272The default is 4273.Dq Li -CN , 4274which causes log files flagged with a 4275.Cm C 4276to be created. 4277.It Va mdconfig_md Ns Aq Ar X 4278.Pq Vt str 4279Arguments to 4280.Xr mdconfig 8 4281for 4282.Xr md 4 4283device 4284.Ar X . 4285At minimum a 4286.Fl t Ar type 4287must be specified and either a 4288.Fl s Ar size 4289for malloc or swap backed 4290.Xr md 4 4291devices or a 4292.Fl f Ar file 4293for vnode backed 4294.Xr md 4 4295devices. 4296Note that 4297.Va mdconfig_md Ns Aq Ar X 4298variables are evaluated until one variable is unset or null. 4299.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4300.Pq Vt str 4301Optional arguments passed to 4302.Xr newfs 8 4303to initialize 4304.Xr md 4 4305device 4306.Ar X . 4307.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4308.Pq Vt str 4309An ownership specification passed to 4310.Xr chown 8 4311after the specified 4312.Xr md 4 4313device 4314.Ar X 4315has been mounted. 4316Both the 4317.Xr md 4 4318device and the mount point will be changed. 4319.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4320.Pq Vt str 4321A mode string passed to 4322.Xr chmod 1 4323after the specified 4324.Xr md 4 4325device 4326.Ar X 4327has been mounted. 4328Both the 4329.Xr md 4 4330device and the mount point will be changed. 4331.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4332.Pq Vt str 4333Files to be copied to the mount point of the 4334.Xr md 4 4335device 4336.Ar X 4337after it has been mounted. 4338.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4339.Pq Vt str 4340Command to execute after the specified 4341.Xr md 4 4342device 4343.Ar X 4344has been mounted. 4345Note that the command is passed to 4346.Ic eval 4347and that both 4348.Va _dev 4349and 4350.Va _mp 4351variables can be used to reference respectively the 4352.Xr md 4 4353device and the mount point. 4354Assuming that the 4355.Xr md 4 4356device is 4357.Li md0 , 4358one could set the following: 4359.Bd -literal 4360mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4361.Ed 4362.It Va autobridge_interfaces 4363.Pq Vt str 4364Set to the list of bridge interfaces that will have newly arriving interfaces 4365checked against to be automatically added. 4366If not set to 4367.Dq Li NO 4368then for each whitespace separated 4369.Ar element 4370in the value, a 4371.Va autobridge_ Ns Aq Ar element 4372variable is assumed to exist which has a whitespace separated list of interface 4373names to match, these names can use wildcards. 4374For example: 4375.Bd -literal 4376autobridge_interfaces="bridge0" 4377autobridge_bridge0="tap* dc0 vlan[345]" 4378.Ed 4379.It Va mixer_enable 4380.Pq Vt bool 4381If set to 4382.Dq Li YES , 4383enable support for sound mixer. 4384.It Va hcsecd_enable 4385.Pq Vt bool 4386If set to 4387.Dq Li YES , 4388enable Bluetooth security daemon. 4389.It Va hcsecd_config 4390.Pq Vt str 4391Configuration file for 4392.Xr hcsecd 8 . 4393Default 4394.Pa /etc/bluetooth/hcsecd.conf . 4395.It Va sdpd_enable 4396.Pq Vt bool 4397If set to 4398.Dq Li YES , 4399enable Bluetooth Service Discovery Protocol daemon. 4400.It Va sdpd_control 4401.Pq Vt str 4402Path to 4403.Xr sdpd 8 4404control socket. 4405Default 4406.Pa /var/run/sdp . 4407.It Va sdpd_groupname 4408.Pq Vt str 4409Sets 4410.Xr sdpd 8 4411group to run as after it initializes. 4412Default 4413.Dq Li nobody . 4414.It Va sdpd_username 4415.Pq Vt str 4416Sets 4417.Xr sdpd 8 4418user to run as after it initializes. 4419Default 4420.Dq Li nobody . 4421.It Va bthidd_enable 4422.Pq Vt bool 4423If set to 4424.Dq Li YES , 4425enable Bluetooth Human Interface Device daemon. 4426.It Va bthidd_config 4427.Pq Vt str 4428Configuration file for 4429.Xr bthidd 8 . 4430Default 4431.Pa /etc/bluetooth/bthidd.conf . 4432.It Va bthidd_hids 4433.Pq Vt str 4434Path to a file, where 4435.Xr bthidd 8 4436will store information about known HID devices. 4437Default 4438.Pa /var/db/bthidd.hids . 4439.It Va rfcomm_pppd_server_enable 4440.Pq Vt bool 4441If set to 4442.Dq Li YES , 4443enable Bluetooth RFCOMM PPP wrapper daemon. 4444.It Va rfcomm_pppd_server_profile 4445.Pq Vt str 4446The name of the profile to use from 4447.Pa /etc/ppp/ppp.conf . 4448Multiple profiles can be specified here. 4449Also used to specify per-profile overrides. 4450When the profile name contains any of the characters 4451.Dq Li .-/+ 4452they are translated to 4453.Dq Li _ 4454for the proposes of the override variable names. 4455.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4456.Pq Vt str 4457Overrides local address to listen on. 4458By default 4459.Xr rfcomm_pppd 8 4460will listen on 4461.Dq Li ANY 4462address. 4463The address can be specified as BD_ADDR or name. 4464.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4465.Pq Vt str 4466Overrides local RFCOMM channel to listen on. 4467By default 4468.Xr rfcomm_pppd 8 4469will listen on RFCOMM channel 1. 4470Must set properly if multiple profiles used in the same time. 4471.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4472.Pq Vt bool 4473Tells 4474.Xr rfcomm_pppd 8 4475if it should register Serial Port service on the specified RFCOMM channel. 4476Default 4477.Dq Li NO . 4478.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4479.Pq Vt bool 4480Tells 4481.Xr rfcomm_pppd 8 4482if it should register Dial-Up Networking service on the specified 4483RFCOMM channel. 4484Default 4485.Dq Li NO . 4486.It Va ubthidhci_enable 4487.Pq Vt bool 4488If set to 4489.Dq Li YES , 4490change the USB Bluetooth controller from HID mode to HCI mode. 4491You also need to specify the location of USB Bluetooth controller with the 4492.Va ubthidhci_busnum 4493and 4494.Va ubthidhci_addr 4495variables. 4496.It Va ubthidhci_busnum 4497Bus number where the USB Bluetooth controller is located. 4498Check the output of 4499.Xr usbconfig 8 4500on your system to find this information. 4501.It Va ubthidhci_addr 4502Bus address of the USB Bluetooth controller. 4503Check the output of 4504.Xr usbconfig 8 4505on your system to find this information. 4506.It Va netwait_enable 4507.Pq Vt bool 4508If set to 4509.Dq Li YES , 4510delays the start of network-reliant services until 4511.Va netwait_if 4512is up and ICMP packets to a destination defined in 4513.Va netwait_ip 4514are flowing. 4515Link state is examined first, followed by 4516.Dq Li pinging 4517an IP address to verify network usability. 4518If no destination can be reached or timeouts are exceeded, 4519network services are started anyway with no guarantee that 4520the network is usable. 4521Use of this variable requires both 4522.Va netwait_ip 4523and 4524.Va netwait_if 4525to be set. 4526.It Va netwait_ip 4527.Pq Vt str 4528Empty by default. 4529This variable contains a space-delimited list of IP addresses to 4530.Xr ping 8 . 4531DNS hostnames should not be used as resolution is not guaranteed 4532to be functional at this point. 4533If multiple IP addresses are specified, 4534each will be tried until one is successful or the list is exhausted. 4535.It Va netwait_timeout 4536.Pq Vt int 4537Indicates the total number of seconds to perform a 4538.Dq Li ping 4539against each IP address in 4540.Va netwait_ip , 4541at a rate of one ping per second. 4542If any of the pings are successful, 4543full network connectivity is considered reliable. 4544The default is 60. 4545.It Va netwait_if 4546.Pq Vt str 4547Empty by default. 4548Defines the name of the network interface on which watch for link. 4549.Xr ifconfig 8 4550is used to monitor the interface, looking for 4551.Dq Li status: no carrier . 4552Once gone, the link is considered up. 4553This can be a 4554.Xr vlan 4 4555interface if desired. 4556.It Va netwait_if_timeout 4557.Pq Vt int 4558Defines the total number of seconds to wait for link to become usable, 4559polled at a 1-second interval. 4560The default is 30. 4561.It Va rctl_enable 4562.Pq Vt bool 4563If set to 4564.Dq Li YES , 4565load 4566.Xr rctl 8 4567rules from the defined ruleset. 4568The kernel must be built with 4569.Cd "options RACCT" 4570and 4571.Cd "options RCTL" . 4572.It Va rctl_rules 4573.Pq Vt str 4574Set to 4575.Pa /etc/rctl.conf 4576by default. 4577This variables contains the 4578.Xr rctl.conf 5 4579ruleset to load for 4580.Xr rctl 8 . 4581.It Va iovctl_files 4582.Pq Vt str 4583A space-separated list of configuration files used by 4584.Xr iovctl 8 . 4585The default value is an empty string. 4586.It Va autofs_enable 4587.Pq Vt bool 4588If set to 4589.Dq Li YES , 4590start the 4591.Xr automount 8 4592utility and the 4593.Xr automountd 8 4594and 4595.Xr autounmountd 8 4596daemons at boot time. 4597.It Va automount_flags 4598.Pq Vt str 4599If 4600.Va autofs_enable 4601is set to 4602.Dq Li YES , 4603these are the flags to pass to the 4604.Xr automount 8 4605program. 4606By default no flags are passed. 4607.It Va automountd_flags 4608.Pq Vt str 4609If 4610.Va autofs_enable 4611is set to 4612.Dq Li YES , 4613these are the flags to pass to the 4614.Xr automountd 8 4615daemon. 4616By default no flags are passed. 4617.It Va autounmountd_flags 4618.Pq Vt str 4619If 4620.Va autofs_enable 4621is set to 4622.Dq Li YES , 4623these are the flags to pass to the 4624.Xr autounmountd 8 4625daemon. 4626By default no flags are passed. 4627.It Va ctld_enable 4628.Pq Vt bool 4629If set to 4630.Dq Li YES , 4631start the 4632.Xr ctld 8 4633daemon at boot time. 4634.It Va iscsid_enable 4635.Pq Vt bool 4636If set to 4637.Dq Li YES , 4638start the 4639.Xr iscsid 8 4640daemon at boot time. 4641.It Va iscsictl_enable 4642.Pq Vt bool 4643If set to 4644.Dq Li YES , 4645start the 4646.Xr iscsictl 8 4647utility at boot time. 4648.It Va iscsictl_flags 4649.Pq Vt str 4650If 4651.Va iscsictl_enable 4652is set to 4653.Dq Li YES , 4654these are the flags to pass to the 4655.Xr iscsictl 8 4656program. 4657The default is 4658.Dq Li -Aa , 4659which configures sessions based on the 4660.Pa /etc/iscsi.conf 4661configuration file. 4662.It Va cfumass_enable 4663.Pq Vt bool 4664If set to 4665.Dq Li YES , 4666create and export an USB LUN using 4667.Xr cfumass 4 4668at boot time. 4669.It Va cfumass_dir 4670.Pq Vt str 4671The directory where the files exported by USB LUN are located. 4672The default directory is 4673.Pa /var/cfumass . 4674.It Va service_delete_empty 4675.Pq Vt bool 4676If set to 4677.Dq Li YES , 4678.Ql Li service delete 4679removes empty 4680.Dq Li rc.conf.d 4681files. 4682.It Va zfs_bootonce_activate 4683.Pq Vt bool 4684If set to 4685.Dq Li YES , 4686and a boot environment marked bootonce is successfully booted, 4687it will be made permanently active. 4688.It Va zfskeys_enable 4689.Pq Vt bool 4690If set to 4691.Dq Li YES , 4692enable auto-loading of encryption keys for encrypted ZFS datasets. 4693For every dataset the script will first load the appropriate encryption key 4694and then attempt to unlock the dataset. 4695.Pp 4696The script operates only on datasets which are encrypted with 4697ZFS native encryption 4698and have a ZFS 4699.Dq Li keylocation 4700dataset property beginning with 4701.Dq Li file:// . 4702.It Va zfskeys_datasets 4703.Pq Vt str 4704A whitespace-separated list of ZFS datasets to unlock. 4705The list is empty by default, 4706which means that the script will attempt to unlock all datasets. 4707.It Va zfskeys_timeout 4708.Pq Vt int 4709Define the total number of seconds to wait for the zfskeys script 4710to unlock an encrypted dataset. 4711The default is 10. 4712.It Va sendmail_enable 4713.Pq Vt str 4714If set to 4715.Dq Li YES , 4716run the 4717.Xr sendmail 8 4718daemon at system boot time. 4719If set to 4720.Dq Li NO , 4721do not run a 4722.Xr sendmail 8 4723daemon to listen for incoming network mail. 4724This does not preclude a 4725.Xr sendmail 8 4726daemon listening on the SMTP port of the loopback interface. 4727The 4728.Dq Li NONE 4729option sets each 4730.Va sendmail_enable , 4731.Va sendmail_submit_enable , 4732.Va sendmail_outbound_enable , 4733.Va sendmail_msp_queue_enable 4734to 4735.Dq Li NO . 4736.It Va sendmail_cert_create 4737.Pq Vt str 4738If 4739.Va sendmail_enable 4740is set to 4741.Dq Li YES , 4742create a signed certificate 4743.Pa /etc/mail/certs/host.cert 4744representing 4745.Pa /etc/mail/certs/host.key 4746by the CA certificate in 4747.Pa /etc/mail/certs/cacert.pem . 4748This will enable connecting hosts to negotiate STARTTLS allowing incoming 4749email to be encrypted in transit. 4750.Xr sendmail 8 4751needs to be configured to use these generated files. 4752The default configuration in 4753.Pa /etc/mail/freebsd.mc 4754has the required options in it. 4755.It Va sendmail_cert_cn 4756.Pq Vt str 4757If 4758.Va sendmail_enable 4759is set to 4760.Dq Li YES 4761and 4762.Va sendmail_cert_create 4763is set to 4764.Dq Li YES , 4765this is the Common Name (CN) of the certificate that will be created. 4766If 4767.Va sendmail_cert_cn 4768is not set, the system's hostname will be used. 4769If there is no hostname set, 4770.Dq Li amnesiac 4771will be used. 4772.It Va sendmail_flags 4773.Pq Vt str 4774If 4775.Va sendmail_enable 4776is set to 4777.Dq Li YES , 4778these are the flags to pass to the 4779.Xr sendmail 8 4780daemon. 4781.It Va sendmail_submit_enable 4782.Pq Vt bool 4783If set to 4784.Dq Li YES 4785and 4786.Va sendmail_enable 4787is set to 4788.Dq Li NO , 4789run 4790.Xr sendmail 8 4791using 4792.Va sendmail_submit_flags 4793instead of 4794.Va sendmail_flags . 4795This is intended to allow local mail submission via 4796a localhost-only listening SMTP service required for running 4797.Xr sendmail 8 4798as a non-set-user-ID binary. 4799Note that this does not work inside 4800.Xr jail 2 4801systems, as jails do not allow binding to just the localhost interface. 4802.It Va sendmail_submit_flags 4803.Pq Vt str 4804If 4805.Va sendmail_enable 4806is set to 4807.Dq Li NO 4808and 4809.Va sendmail_submit_enable 4810is set to 4811.Dq Li YES , 4812these are the flags to pass to the 4813.Xr sendmail 8 4814daemon. 4815.It Va sendmail_outbound_enable 4816.Pq Vt bool 4817If set to 4818.Dq Li YES 4819and both 4820.Va sendmail_enable 4821and 4822.Va sendmail_submit_enable 4823are set to 4824.Dq Li NO , 4825run 4826.Xr sendmail 8 4827using 4828.Va sendmail_outbound_flags 4829instead of 4830.Va sendmail_flags . 4831This is intended to allow local mail queue management 4832for systems that do not offer a listening SMTP service. 4833.It Va sendmail_outbound_flags 4834.Pq Vt str 4835If both 4836.Va sendmail_enable 4837and 4838.Va sendmail_submit_enable 4839are set to 4840.Dq Li NO 4841and 4842.Va sendmail_outbound_enable 4843is set to 4844.Dq Li YES , 4845these are the flags to pass to the 4846.Xr sendmail 8 4847daemon. 4848.It Va sendmail_msp_queue_enable 4849.Pq Vt bool 4850If set to 4851.Dq Li YES , 4852start a client (MSP) queue runner 4853.Xr sendmail 8 4854daemon at system boot time. 4855As of sendmail 8.12, a separate queue is used for command line 4856submissions. 4857The client queue runner ensures that nothing is 4858left behind in the submission queue. 4859.It Va sendmail_msp_queue_flags 4860.Pq Vt str 4861If 4862.Va sendmail_msp_queue_enable 4863is set to 4864daemon. 4865.Dq Li YES , 4866these are the flags to pass to the 4867.Xr sendmail 8 4868.El 4869.Sh FILES 4870.Bl -tag -width "/etc/defaults/rc.conf" -compact 4871.It Pa /etc/defaults/rc.conf 4872.It Pa /etc/defaults/vendor.conf 4873.It Pa /etc/rc.conf 4874.It Pa /etc/rc.conf.local 4875.It Pa /etc/rc.conf.d/ 4876.El 4877.Sh SEE ALSO 4878.Xr chmod 1 , 4879.Xr gdb 1 Pq Pa ports/devel/gdb , 4880.Xr info 1 , 4881.Xr kbdcontrol 1 , 4882.Xr limits 1 , 4883.Xr protect 1 , 4884.Xr sh 1 , 4885.Xr umask 1 , 4886.Xr vi 1 , 4887.Xr vidcontrol 1 , 4888.Xr bridge 4 , 4889.Xr dummynet 4 , 4890.Xr ip 4 , 4891.Xr ipf 4 , 4892.Xr ipfw 4 , 4893.Xr ipnat 4 , 4894.Xr kld 4 , 4895.Xr pf 4 , 4896.Xr pflog 4 , 4897.Xr pfsync 4 , 4898.Xr tcp 4 , 4899.Xr udp 4 , 4900.Xr exports 5 , 4901.Xr fstab 5 , 4902.Xr ipf 5 , 4903.Xr ipnat 5 , 4904.Xr jail.conf 5 , 4905.Xr loader.conf 5 , 4906.Xr login.conf 5 , 4907.Xr motd 5 , 4908.Xr newsyslog.conf 5 , 4909.Xr pf.conf 5 , 4910.Xr firewall 7 , 4911.Xr growfs 7 , 4912.Xr security 7 , 4913.Xr tuning 7 , 4914.Xr accton 8 , 4915.Xr apm 8 , 4916.Xr bsdinstall 8 , 4917.Xr bthidd 8 , 4918.Xr chkprintcap 8 , 4919.Xr chown 8 , 4920.Xr cron 8 , 4921.Xr devfs 8 , 4922.Xr dhclient 8 , 4923.Xr ftpd 8 , 4924.Xr geli 8 , 4925.Xr hcsecd 8 , 4926.Xr ifconfig 8 , 4927.Xr inetd 8 , 4928.Xr iovctl 8 , 4929.Xr ipf 8 , 4930.Xr ipfw 8 , 4931.Xr ipnat 8 , 4932.Xr jail 8 , 4933.Xr kldxref 8 , 4934.Xr loader 8 , 4935.Xr lpd 8 , 4936.Xr makewhatis 8 , 4937.Xr mdconfig 8 , 4938.Xr mdmfs 8 , 4939.Xr mixer 8 , 4940.Xr mountd 8 , 4941.Xr moused 8 , 4942.Xr newfs 8 , 4943.Xr newsyslog 8 , 4944.Xr nfsd 8 , 4945.Xr ntpd 8 , 4946.Xr ntpdate 8 , 4947.Xr pfctl 8 , 4948.Xr pflogd 8 , 4949.Xr ping 8 , 4950.Xr powerd 8 , 4951.Xr quotacheck 8 , 4952.Xr quotaon 8 , 4953.Xr rc 8 , 4954.Xr rc.subr 8 , 4955.Xr rcorder 8 , 4956.Xr rfcomm_pppd 8 , 4957.Xr route 8 , 4958.Xr routed 8 , 4959.Xr rpc.lockd 8 , 4960.Xr rpc.statd 8 , 4961.Xr rpc.tlsclntd 8 , 4962.Xr rpc.tlsservd 8 , 4963.Xr rpcbind 8 , 4964.Xr rwhod 8 , 4965.Xr savecore 8 , 4966.Xr sdpd 8 , 4967.Xr sendmail 8 , 4968.Xr service 8 , 4969.Xr sshd 8 , 4970.Xr swapon 8 , 4971.Xr sysctl 8 , 4972.Xr syslogd 8 , 4973.Xr sysrc 8 , 4974.Xr unbound 8 , 4975.Xr usbconfig 8 , 4976.Xr wlandebug 8 , 4977.Xr yp 8 , 4978.Xr ypbind 8 , 4979.Xr ypserv 8 , 4980.Xr ypset 8 4981.Sh HISTORY 4982The 4983.Nm 4984file appeared in 4985.Fx 2.2.2 . 4986.Sh AUTHORS 4987.An Jordan K. Hubbard . 4988