1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 27, 2012 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Va swapfile 165.Pq Vt str 166If set to 167.Dq Li NO , 168no swapfile is installed, otherwise the value is used as the full 169pathname to a file to use for additional swap space. 170.It Ao Ar name Ac Ns Va _chroot 171.Pq Vt str 172.Xr chroot 173to this directory before running the service. 174.It Ao Ar name Ac Ns Va _user 175.Pq Vt str 176Run the service under this user account. 177.It Ao Ar name Ac Ns Va _group 178.Pq Vt str 179Run the chrooted service under this system group. Unlike the _user 180setting, this setting has no effect if the service is not chrooted. 181.It Ao Ar name Ac Ns Va _fib 182.Pq Vt int 183The 184.Xr setfib 1 185value to run the service under. 186.It Ao Ar name Ac Ns Va _nice 187.Pq Vt int 188The 189.Xr nice 1 190value to run the service under. 191.It Va apm_enable 192.Pq Vt bool 193If set to 194.Dq Li YES , 195enable support for Automatic Power Management with 196the 197.Xr apm 8 198command. 199.It Va apmd_enable 200.Pq Vt bool 201Run 202.Xr apmd 8 203to handle APM event from userland. 204This also enables support for APM. 205.It Va apmd_flags 206.Pq Vt str 207If 208.Va apmd_enable 209is set to 210.Dq Li YES , 211these are the flags to pass to the 212.Xr apmd 8 213daemon. 214.It Va devd_enable 215.Pq Vt bool 216Run 217.Xr devd 8 218to handle device added, removed or unknown events from the kernel. 219.It Va ddb_enable 220.Pq Vt bool 221Run 222.Xr ddb 8 223to install 224.Xr ddb 4 225scripts at boot time. 226.It Va ddb_config 227.Pq Vt str 228Configuration file for 229.Xr ddb 8 . 230Default 231.Pa /etc/ddb.conf . 232.It Va kld_list 233.Pq Vt str 234A list of kernel modules to load right after the local 235disks are mounted. 236Loading modules at this point in the boot process is 237much faster than doing it via 238.Pa /boot/loader.conf 239for those modules not necessary for mounting local disk. 240.It Va kldxref_enable 241.Pq Vt bool 242Set to 243.Dq Li NO 244by default. 245Set to 246.Dq Li YES 247to automatically rebuild 248.Pa linker.hints 249files with 250.Xr kldxref 8 251at boot time. 252.It Va kldxref_clobber 253.Pq Vt bool 254Set to 255.Dq Li NO 256by default. 257If 258.Va kldxref_enable 259is true, 260setting to 261.Dq Li YES 262will overwrite existing 263.Pa linker.hints 264files at boot time. 265Otherwise, 266only missing 267.Pa linker.hints 268files are generated. 269.It Va kldxref_module_path 270.Pq Vt str 271Empty by default. 272A semi-colon 273.Pq Ql \&; 274delimited list of paths containing 275.Xr kld 4 276modules. 277If empty, 278the contents of the 279.Va kern.module_path 280.Xr sysctl 8 281are used. 282.It Va powerd_enable 283.Pq Vt bool 284If set to 285.Dq Li YES , 286enable the system power control facility with the 287.Xr powerd 8 288daemon. 289.It Va powerd_flags 290.Pq Vt str 291If 292.Va powerd_enable 293is set to 294.Dq Li YES , 295these are the flags to pass to the 296.Xr powerd 8 297daemon. 298.It Va tmpmfs 299Controls the creation of a 300.Pa /tmp 301memory file system. 302Always happens if set to 303.Dq Li YES 304and never happens if set to 305.Dq Li NO . 306If set to anything else, a memory file system is created if 307.Pa /tmp 308is not writable. 309.It Va tmpsize 310Controls the size of a created 311.Pa /tmp 312memory file system. 313.It Va tmpmfs_flags 314Extra options passed to the 315.Xr mdmfs 8 316utility when the memory file system for 317.Pa /tmp 318is created. 319The default is 320.Dq Li "-S" , 321which inhibits the use of softupdates on 322.Pa /tmp 323so that file system space is freed without delay 324after file truncation or deletion. 325See 326.Xr mdmfs 8 327for other options you can use in 328.Va tmpmfs_flags . 329.It Va varmfs 330Controls the creation of a 331.Pa /var 332memory file system. 333Always happens if set to 334.Dq Li YES 335and never happens if set to 336.Dq Li NO . 337If set to anything else, a memory file system is created if 338.Pa /var 339is not writable. 340.It Va varsize 341Controls the size of a created 342.Pa /var 343memory file system. 344.It Va varmfs_flags 345Extra options passed to the 346.Xr mdmfs 8 347utility when the memory file system for 348.Pa /var 349is created. 350The default is 351.Dq Li "-S" , 352which inhibits the use of softupdates on 353.Pa /var 354so that file system space is freed without delay 355after file truncation or deletion. 356See 357.Xr mdmfs 8 358for other options you can use in 359.Va varmfs_flags . 360.It Va populate_var 361Controls the automatic population of the 362.Pa /var 363file system. 364Always happens if set to 365.Dq Li YES 366and never happens if set to 367.Dq Li NO . 368If set to anything else, a memory file system is created if 369.Pa /var 370is not writable. 371Note that this process requires access to certain commands in 372.Pa /usr 373before 374.Pa /usr 375is mounted on normal systems. 376.It Va cleanvar_enable 377.Pq Vt bool 378Clean the 379.Pa /var 380directory. 381.It Va local_startup 382.Pq Vt str 383List of directories to search for startup script files. 384.It Va script_name_sep 385.Pq Vt str 386The field separator to use for breaking down the list of startup script files 387into individual filenames. 388The default is a space. 389It is not necessary to change this unless there are startup scripts with names 390containing spaces. 391.It Va hostapd_enable 392.Pq Vt bool 393Set to 394.Dq Li YES 395to start 396.Xr hostapd 8 397at system boot time. 398.It Va hostname 399.Pq Vt str 400The fully qualified domain name (FQDN) of this host on the network. 401This should almost certainly be set to something meaningful, even if 402there is no network connection. 403If 404.Xr dhclient 8 405is used to set the hostname via DHCP, 406this variable should be set to an empty string. 407If this value remains unset when the system is done booting 408your console login will display the default hostname of 409.Dq Amnesiac . 410.It Va nisdomainname 411.Pq Vt str 412The NIS domain name of this host, or 413.Dq Li NO 414if NIS is not used. 415.It Va dhclient_program 416.Pq Vt str 417Path to the DHCP client program 418.Pa ( /sbin/dhclient , 419the 420.Ox 421DHCP client, 422is the default). 423.It Va dhclient_flags 424.Pq Vt str 425Additional flags to pass to the DHCP client program. 426For the 427.Ox 428DHCP client, see the 429.Xr dhclient 8 430manpage for a description of the command line options available. 431.It Va dhclient_flags_ Ns Aq Ar iface 432Additional flags to pass to the DHCP client program running on 433.Ar iface 434only. 435When specified, this variable overrides 436.Va dhclient_flags . 437.It Va background_dhclient 438.Pq Vt bool 439Set to 440.Dq Li YES 441to start the DHCP client in background. 442This can cause trouble with applications depending on 443a working network, but it will provide a faster startup 444in many cases. 445.It Va background_dhclient_ Ns Aq Ar iface 446When specified, this variable overrides the 447.Va background_dhclient 448variable for interface 449.Ar iface 450only. 451.It Va synchronous_dhclient 452.Pq Vt bool 453Set to 454.Dq Li YES 455to start 456.Xr dhclient 8 457synchronously at startup. 458This behavior can be overridden on a per-interface basis by replacing 459the 460.Dq Li DHCP 461keyword in the 462.Va ifconfig_ Ns Aq Ar interface 463variable with 464.Dq Li SYNCDHCP 465or 466.Dq Li NOSYNCDHCP . 467.It Va defaultroute_delay 468.Pq Vt int 469When set to a positive value, wait up to this long after configuring 470DHCP interfaces at startup to give the interfaces time to receive a lease. 471.It Va firewall_enable 472.Pq Vt bool 473Set to 474.Dq Li YES 475to load firewall rules at startup. 476If the kernel was not built with 477.Cd "options IPFIREWALL" , 478the 479.Pa ipfw.ko 480kernel module will be loaded. 481See also 482.Va ipfilter_enable . 483.It Va firewall_script 484.Pq Vt str 485This variable specifies the full path to the firewall script to run. 486The default is 487.Pa /etc/rc.firewall . 488.It Va firewall_type 489.Pq Vt str 490Names the firewall type from the selection in 491.Pa /etc/rc.firewall , 492or the file which contains the local firewall ruleset. 493Valid selections from 494.Pa /etc/rc.firewall 495are: 496.Pp 497.Bl -tag -width ".Li simple" -compact 498.It Li open 499unrestricted IP access 500.It Li closed 501all IP services disabled, except via 502.Dq Li lo0 503.It Li client 504basic protection for a workstation 505.It Li simple 506basic protection for a LAN. 507.El 508.Pp 509If a filename is specified, the full path 510must be given. 511.It Va firewall_quiet 512.Pq Vt bool 513Set to 514.Dq Li YES 515to disable the display of firewall rules on the console during boot. 516.It Va firewall_logging 517.Pq Vt bool 518Set to 519.Dq Li YES 520to enable firewall event logging. 521This is equivalent to the 522.Dv IPFIREWALL_VERBOSE 523kernel option. 524.It Va firewall_logif 525.Pq Vt bool 526Set to 527.Dq Li YES 528to create pseudo interface 529.Li ipfw0 530for logging. 531For more details, see 532.Xr ipfw 8 533manual page. 534.It Va firewall_flags 535.Pq Vt str 536Flags passed to 537.Xr ipfw 8 538if 539.Va firewall_type 540specifies a filename. 541.It Va firewall_coscripts 542.Pq Vt str 543List of executables and/or rc scripts to run after firewall starts/stops. 544Default is empty. 545.\" ----- firewall_nat_enable setting -------------------------------- 546.It Va firewall_nat_enable 547.Pq Vt bool 548The 549.Xr ipfw 8 550equivalent of 551.Va natd_enable . 552Setting this to 553.Dq Li YES 554enables kernel NAT. 555.Va firewall_enable 556must also be set to 557.Dq Li YES . 558.It Va firewall_nat_interface 559.Pq Vt str 560The 561.Xr ipfw 8 562equivalent of 563.Va natd_interface . 564This is the name of the public interface or IP address on which 565kernel NAT should run. 566.It Va firewall_nat_flags 567.Pq Vt str 568Additional configuration parameters for kernel NAT should be placed here. 569.It Va dummynet_enable 570.Pq Vt bool 571Setting this to 572.Dq Li YES 573will automatically load the 574.Xr dummynet 4 575module if 576.Va firewall_enable 577is also set to 578.Dq Li YES . 579.\" ------------------------------------------------------------------- 580.It Va natd_program 581.Pq Vt str 582Path to 583.Xr natd 8 . 584.It Va natd_enable 585.Pq Vt bool 586Set to 587.Dq Li YES 588to enable 589.Xr natd 8 . 590.Va firewall_enable 591must also be set to 592.Dq Li YES , 593and 594.Xr divert 4 595sockets must be enabled in the kernel. 596If the kernel was not built with 597.Cd "options IPDIVERT" , 598the 599.Pa ipdivert.ko 600kernel module will be loaded. 601.It Va natd_interface 602.Pq Vt str 603This is the name of the public interface on which 604.Xr natd 8 605should run. 606The interface may be given as an interface name or as an IP address. 607.It Va natd_flags 608.Pq Vt str 609Additional 610.Xr natd 8 611flags should be placed here. 612The 613.Fl n 614or 615.Fl a 616flag is automatically added with the above 617.Va natd_interface 618as an argument. 619.\" ----- ipfilter_enable setting -------------------------------- 620.It Va ipfilter_enable 621.Pq Vt bool 622Set to 623.Dq Li NO 624by default. 625Setting this to 626.Dq Li YES 627enables 628.Xr ipf 8 629packet filtering. 630.Pp 631Typical usage will require putting 632.Bd -literal 633ipfilter_enable="YES" 634ipnat_enable="YES" 635ipmon_enable="YES" 636ipfs_enable="YES" 637.Ed 638.Pp 639into 640.Pa /etc/rc.conf 641and editing 642.Pa /etc/ipf.rules 643and 644.Pa /etc/ipnat.rules 645appropriately. 646.Pp 647Note that 648.Va ipfilter_enable 649and 650.Va ipnat_enable 651can be enabled independently. 652.Va ipmon_enable 653and 654.Va ipfs_enable 655both require at least one of 656.Va ipfilter_enable 657and 658.Va ipnat_enable 659to be enabled. 660.Pp 661Having 662.Bd -literal 663options IPFILTER 664options IPFILTER_LOG 665options IPFILTER_DEFAULT_BLOCK 666.Ed 667.Pp 668in the kernel configuration file is a good idea, too. 669.\" ----- ipfilter_program setting ------------------------------ 670.It Va ipfilter_program 671.Pq Vt str 672Path to 673.Xr ipf 8 674(default 675.Pa /sbin/ipf ) . 676.\" ----- ipfilter_rules setting -------------------------------- 677.It Va ipfilter_rules 678.Pq Vt str 679Set to 680.Pa /etc/ipf.rules 681by default. 682This variable contains the name of the filter rule definition file. 683The file is expected to be readable for the 684.Xr ipf 8 685command to execute. 686.\" ----- ipv6_ipfilter_rules setting --------------------------- 687.It Va ipv6_ipfilter_rules 688.Pq Vt str 689Set to 690.Pa /etc/ipf6.rules 691by default. 692This variable contains the IPv6 filter rule definition file. 693The file is expected to be readable for the 694.Xr ipf 8 695command to execute. 696.\" ----- ipfilter_flags setting -------------------------------- 697.It Va ipfilter_flags 698.Pq Vt str 699Empty by default. 700This variable contains flags passed to the 701.Xr ipf 8 702program. 703.\" ----- ipnat_enable setting ---------------------------------- 704.It Va ipnat_enable 705.Pq Vt bool 706Set to 707.Dq Li NO 708by default. 709Set it to 710.Dq Li YES 711to enable 712.Xr ipnat 8 713network address translation. 714See 715.Va ipfilter_enable 716for a detailed discussion. 717.\" ----- ipnat_program setting --------------------------------- 718.It Va ipnat_program 719.Pq Vt str 720Path to 721.Xr ipnat 8 722(default 723.Pa /sbin/ipnat ) . 724.\" ----- ipnat_rules setting ----------------------------------- 725.It Va ipnat_rules 726.Pq Vt str 727Set to 728.Pa /etc/ipnat.rules 729by default. 730This variable contains the name of the file 731holding the network address translation definition. 732This file is expected to be readable for the 733.Xr ipnat 8 734command to execute. 735.\" ----- ipnat_flags setting ----------------------------------- 736.It Va ipnat_flags 737.Pq Vt str 738Empty by default. 739This variable contains flags passed to the 740.Xr ipnat 8 741program. 742.\" ----- ipmon_enable setting ---------------------------------- 743.It Va ipmon_enable 744.Pq Vt bool 745Set to 746.Dq Li NO 747by default. 748Set it to 749.Dq Li YES 750to enable 751.Xr ipmon 8 752monitoring (logging 753.Xr ipf 8 754and 755.Xr ipnat 8 756events). 757Setting this variable needs setting 758.Va ipfilter_enable 759or 760.Va ipnat_enable 761too. 762See 763.Va ipfilter_enable 764for a detailed discussion. 765.\" ----- ipmon_program setting --------------------------------- 766.It Va ipmon_program 767.Pq Vt str 768Path to 769.Xr ipmon 8 770(default 771.Pa /sbin/ipmon ) . 772.\" ----- ipmon_flags setting ----------------------------------- 773.It Va ipmon_flags 774.Pq Vt str 775Set to 776.Dq Li -Ds 777by default. 778This variable contains flags passed to the 779.Xr ipmon 8 780program. 781Another typical example would be 782.Dq Fl D Pa /var/log/ipflog 783to have 784.Xr ipmon 8 785log directly to a file bypassing 786.Xr syslogd 8 . 787Make sure to adjust 788.Pa /etc/newsyslog.conf 789in such case like this: 790.Bd -literal 791/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 792.Ed 793.\" ----- ipfs_enable setting ----------------------------------- 794.It Va ipfs_enable 795.Pq Vt bool 796Set to 797.Dq Li NO 798by default. 799Set it to 800.Dq Li YES 801to enable 802.Xr ipfs 8 803saving the filter and NAT state tables during shutdown 804and reloading them during startup again. 805Setting this variable needs setting 806.Va ipfilter_enable 807or 808.Va ipnat_enable 809to 810.Dq Li YES 811too. 812See 813.Va ipfilter_enable 814for a detailed discussion. 815Note that if 816.Va kern_securelevel 817is set to 3, 818.Va ipfs_enable 819cannot be used 820because the raised securelevel will prevent 821.Xr ipfs 8 822from saving the state tables at shutdown time. 823.\" ----- ipfs_program setting ---------------------------------- 824.It Va ipfs_program 825.Pq Vt str 826Path to 827.Xr ipfs 8 828(default 829.Pa /sbin/ipfs ) . 830.\" ----- ipfs_flags setting ------------------------------------ 831.It Va ipfs_flags 832.Pq Vt str 833Empty by default. 834This variable contains flags passed to the 835.Xr ipfs 8 836program. 837.\" ----- end of added ipf hook --------------------------------- 838.It Va pf_enable 839.Pq Vt bool 840Set to 841.Dq Li NO 842by default. 843Setting this to 844.Dq Li YES 845enables 846.Xr pf 4 847packet filtering. 848.Pp 849Typical usage will require putting 850.Pp 851.Dl pf_enable="YES" 852.Pp 853into 854.Pa /etc/rc.conf 855and editing 856.Pa /etc/pf.conf 857appropriately. 858Adding 859.Pp 860.Dl "device pf" 861.Pp 862builds support for 863.Xr pf 4 864into the kernel, otherwise the 865kernel module will be loaded. 866.It Va pf_rules 867.Pq Vt str 868Path to 869.Xr pf 4 870ruleset configuration file 871(default 872.Pa /etc/pf.conf ) . 873.It Va pf_program 874.Pq Vt str 875Path to 876.Xr pfctl 8 877(default 878.Pa /sbin/pfctl ) . 879.It Va pf_flags 880.Pq Vt str 881If 882.Va pf_enable 883is set to 884.Dq Li YES , 885these flags are passed to the 886.Xr pfctl 8 887program when loading the ruleset. 888.It Va pflog_enable 889.Pq Vt bool 890Set to 891.Dq Li NO 892by default. 893Setting this to 894.Dq Li YES 895enables 896.Xr pflogd 8 897which logs packets from the 898.Xr pf 4 899packet filter. 900.It Va pflog_logfile 901.Pq Vt str 902If 903.Va pflog_enable 904is set to 905.Dq Li YES 906this controls where 907.Xr pflogd 8 908stores the logfile 909(default 910.Pa /var/log/pflog ) . 911Check 912.Pa /etc/newsyslog.conf 913to adjust logfile rotation for this. 914.It Va pflog_program 915.Pq Vt str 916Path to 917.Xr pflogd 8 918(default 919.Pa /sbin/pflogd ) . 920.It Va pflog_flags 921.Pq Vt str 922Empty by default. 923This variable contains additional flags passed to the 924.Xr pflogd 8 925program. 926.It Va ftpproxy_enable 927.Pq Vt bool 928Set to 929.Dq Li NO 930by default. 931Setting this to 932.Dq Li YES 933enables 934.Xr ftp-proxy 8 935which supports the 936.Xr pf 4 937packet filter in translating ftp connections. 938.It Va ftpproxy_flags 939.Pq Vt str 940Empty by default. 941This variable contains additional flags passed to the 942.Xr ftp-proxy 8 943program. 944.It Va pfsync_enable 945.Pq Vt bool 946Set to 947.Dq Li NO 948by default. 949Setting this to 950.Dq Li YES 951enables exposing 952.Xr pf 4 953state changes to other hosts over the network by means of 954.Xr pfsync 4 . 955The 956.Va pfsync_syncdev 957variable 958must also be set then. 959.It Va pfsync_syncdev 960.Pq Vt str 961Empty by default. 962This variable specifies the name of the network interface 963.Xr pfsync 4 964should operate through. 965It must be set accordingly if 966.Va pfsync_enable 967is set to 968.Dq Li YES . 969.It Va pfsync_syncpeer 970.Pq Vt str 971Empty by default. 972This variable is optional. 973By default, state change messages are sent out on the synchronisation 974interface using IP multicast packets. 975The protocol is IP protocol 240, PFSYNC, and the multicast group used is 976224.0.0.240. 977When a peer address is specified using the 978.Va pfsync_syncpeer 979option, the peer address is used as a destination for the pfsync 980traffic, and the traffic can then be protected using 981.Xr ipsec 4 . 982See the 983.Xr pfsync 4 984manpage for more details about using 985.Xr ipsec 4 986with 987.Xr pfsync 4 988interfaces. 989.It Va pfsync_ifconfig 990.Pq Vt str 991Empty by default. 992This variable can contain additional options to be passed to the 993.Xr ifconfig 8 994command used to set up 995.Xr pfsync 4 . 996.It Va tcp_extensions 997.Pq Vt bool 998Set to 999.Dq Li YES 1000by default. 1001Setting this to 1002.Dq Li NO 1003disables certain TCP options as described by 1004.Rs 1005.%T "RFC 1323" 1006.Re 1007Setting this to 1008.Dq Li NO 1009might help remedy such problems with connections as randomly hanging 1010or other weird behavior. 1011Some network devices are known 1012to be broken with respect to these options. 1013.It Va log_in_vain 1014.Pq Vt int 1015Set to 0 by default. 1016The 1017.Xr sysctl 8 1018variables, 1019.Va net.inet.tcp.log_in_vain 1020and 1021.Va net.inet.udp.log_in_vain , 1022as described in 1023.Xr tcp 4 1024and 1025.Xr udp 4 , 1026are set to the given value. 1027.It Va tcp_keepalive 1028.Pq Vt bool 1029Set to 1030.Dq Li YES 1031by default. 1032Setting to 1033.Dq Li NO 1034will disable probing idle TCP connections to verify that the 1035peer is still up and reachable. 1036.It Va tcp_drop_synfin 1037.Pq Vt bool 1038Set to 1039.Dq Li NO 1040by default. 1041Setting to 1042.Dq Li YES 1043will cause the kernel to ignore TCP frames that have both 1044the SYN and FIN flags set. 1045This prevents OS fingerprinting, but may 1046break some legitimate applications. 1047.It Va icmp_drop_redirect 1048.Pq Vt bool 1049Set to 1050.Dq Li NO 1051by default. 1052Setting to 1053.Dq Li YES 1054will cause the kernel to ignore ICMP REDIRECT packets. 1055Refer to 1056.Xr icmp 4 1057for more information. 1058.It Va icmp_log_redirect 1059.Pq Vt bool 1060Set to 1061.Dq Li NO 1062by default. 1063Setting to 1064.Dq Li YES 1065will cause the kernel to log ICMP REDIRECT packets. 1066Note that 1067the log messages are not rate-limited, so this option should only be used 1068for troubleshooting networks. 1069Refer to 1070.Xr icmp 4 1071for more information. 1072.It Va icmp_bmcastecho 1073.Pq Vt bool 1074Set to 1075.Dq Li YES 1076to respond to broadcast or multicast ICMP ping packets. 1077Refer to 1078.Xr icmp 4 1079for more information. 1080.It Va ip_portrange_first 1081.Pq Vt int 1082If not set to 1083.Dq Li NO , 1084this is the first port in the default portrange. 1085Refer to 1086.Xr ip 4 1087for more information. 1088.It Va ip_portrange_last 1089.Pq Vt int 1090If not set to 1091.Dq Li NO , 1092this is the last port in the default portrange. 1093Refer to 1094.Xr ip 4 1095for more information. 1096.It Va network_interfaces 1097.Pq Vt str 1098Set to the list of network interfaces to configure on this host or 1099.Dq Li AUTO 1100(the default) for all current interfaces. 1101Setting the 1102.Va network_interfaces 1103variable to anything other than the default is deprecated. 1104Interfaces that the administrator wishes to store configuration for, 1105but not start at boot should be configured with the 1106.Dq Li NOAUTO 1107keyword in their 1108.Va ifconfig_ Ns Aq Ar interface 1109variables as described below. 1110.Pp 1111An 1112.Va ifconfig_ Ns Aq Ar interface 1113variable is also assumed to exist for each value of 1114.Ar interface . 1115When an interface name contains any of the characters 1116.Dq Li .-/+ 1117they are translated to 1118.Dq Li _ 1119before lookup. 1120The variable can contain arguments to 1121.Xr ifconfig 8 , 1122as well as special case-insensitive keywords described below. 1123Such keywords are removed before passing the value to 1124.Xr ifconfig 8 1125while the order of the other arguments is preserved. 1126.Pp 1127One can configure more than one IPv4 address with the 1128.Va ipv4_addrs_ Ns Aq Ar interface 1129variable. 1130One or more IP addresses must be provided in Classless Inter-Domain 1131Routing (CIDR) address notation, whose last byte can be a range like 1132192.0.2.5-23/24. 1133In this case the address 192.0.2.5 will be configured with the 1134netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1135the non-conflicting netmask /32 as explained in the 1136.Xr ifconfig 8 1137alias section. 1138With the interface in question being 1139.Li ed0 , 1140an example could look like: 1141.Bd -literal 1142ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1143.Ed 1144.Pp 1145It is also possible to add IP alias entries using 1146.Xr ifconfig 8 1147syntax with the 1148.Dq Li inet 1149keyword. 1150Assuming that the interface in question was 1151.Li ed0 , 1152it might look 1153something like this: 1154.Bd -literal 1155ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1156ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1157.Ed 1158.Pp 1159And so on. 1160For each 1161.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1162entry with the 1163.Dq Li inet 1164keyword that is found, 1165its contents are passed to 1166.Xr ifconfig 8 . 1167Execution stops at the first unsuccessful access, so if 1168something like this is present: 1169.Bd -literal 1170ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1171ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1172ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1173ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1174.Ed 1175.Pp 1176Then note that alias4 would 1177.Em not 1178be added since the search would 1179stop with the missing 1180.Dq Li alias3 1181entry. 1182Due to this difficult to manage behavior, the 1183.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1184form is deprecated. 1185.Pp 1186If the 1187.Pa /etc/start_if. Ns Aq Ar interface 1188file is present, it is read and executed by the 1189.Xr sh 1 1190interpreter 1191before configuring the interface as specified in the 1192.Va ifconfig_ Ns Aq Ar interface 1193and 1194.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1195variables. 1196.Pp 1197If a 1198.Va vlans_ Ns Aq Ar interface 1199variable is set, 1200a 1201.Xr vlan 4 1202interface will be created for each item in the list with the 1203.Ar vlandev 1204argument set to 1205.Ar interface . 1206If a vlan interface's name is a number, 1207then that number is used as the vlan tag and the new vlan interface is 1208named 1209.Ar interface . Ns Ar tag . 1210Otherwise, 1211the vlan tag must be specified via a 1212.Va vlan 1213parameter in the 1214.Va create_args_ Ns Aq Ar interface 1215variable. 1216.Pp 1217To create a vlan device named 1218.Li em0.101 1219on 1220.Li em0 1221with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1222.Bd -literal 1223vlans_em0="101" 1224ifconfig_em0_101="inet 192.0.2.1/24" 1225.Ed 1226.Pp 1227To create a vlan device named 1228.Li myvlan 1229on 1230.Li em0 1231with the vlan tag 102: 1232.Bd -literal 1233vlans_em0="myvlan" 1234create_args_myvlan="vlan 102" 1235.Ed 1236.Pp 1237If a 1238.Va wlans_ Ns Aq Ar interface 1239variable is set, 1240an 1241.Xr wlan 4 1242interface will be created for each item in the list with the 1243.Ar wlandev 1244argument set to 1245.Ar interface . 1246Further wlan cloning arguments may be passed to the 1247.Xr ifconfig 8 1248.Cm create 1249command by setting the 1250.Va create_args_ Ns Aq Ar interface 1251variable. 1252One or more 1253.Xr wlan 4 1254devices must be created for each wireless devices as of 1255.Fx 8.0 . 1256Debugging flags for 1257.Xr wlan 4 1258devices as set by 1259.Xr wlandebug 8 1260may be specified with an 1261.Va wlandebug_ Ns Aq Ar interface 1262variable. 1263The contents of this variable will be passed directly to 1264.Xr wlandebug 8 . 1265.Pp 1266If the 1267.Va ifconfig_ Ns Aq Ar interface 1268contains the keyword 1269.Dq Li NOAUTO 1270then the interface will not be configured 1271at boot or by 1272.Pa /etc/pccard_ether 1273when 1274.Va network_interfaces 1275is set to 1276.Dq Li AUTO . 1277.Pp 1278It is possible to bring up an interface with DHCP by adding 1279.Dq Li DHCP 1280to the 1281.Va ifconfig_ Ns Aq Ar interface 1282variable. 1283For instance, to initialize the 1284.Li ed0 1285device via DHCP, 1286it is possible to use something like: 1287.Bd -literal 1288ifconfig_ed0="DHCP" 1289.Ed 1290.Pp 1291Also, if you want to configure your wireless interface with 1292.Xr wpa_supplicant 8 1293for use with WPA, EAP/LEAP or WEP, you need to add 1294.Dq Li WPA 1295to the 1296.Va ifconfig_ Ns Aq Ar interface 1297variable. 1298.Pp 1299Finally, you can add 1300.Xr ifconfig 8 1301options in this variable, in addition to the 1302.Pa /etc/start_if. Ns Aq Ar interface 1303file. 1304For instance, to configure an 1305.Xr ath 4 1306wireless device in station mode with an address obtained 1307via DHCP, using WPA authentication and 802.11b mode, it is 1308possible to use something like: 1309.Bd -literal 1310wlans_ath0="wlan0" 1311ifconfig_wlan0="DHCP WPA mode 11b" 1312.Ed 1313.Pp 1314In addition to the 1315.Va ifconfig_ Ns Aq Ar interface 1316form, a fallback variable 1317.Va ifconfig_DEFAULT 1318may be configured. 1319It will be used for all interfaces with no 1320.Va ifconfig_ Ns Aq Ar interface 1321variable. 1322This is intended to replace the no longer supported 1323.Va pccard_ifconfig 1324variable. 1325.Pp 1326It is also possible to rename an interface by doing: 1327.Bd -literal 1328ifconfig_ed0_name="net0" 1329ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1330.Ed 1331.It Va ipv6_enable 1332.Pq Vt bool 1333This variable is deprecated. 1334Use 1335.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1336and 1337.Va ipv6_activate_all_interfaces 1338if necessary. 1339.Pp 1340If the variable is 1341.Dq Li YES , 1342.Dq Li inet6 accept_rtadv 1343is added to all of 1344.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1345and the 1346.Va ipv6_activate_all_interfaces 1347is defined as 1348.Dq Li YES . 1349.It Va ipv6_prefer 1350.Pq Vt bool 1351This variable is deprecated. 1352Use 1353.Va ip6addrctl_policy 1354instead. 1355.Pp 1356If the variable is 1357.Dq Li YES , 1358the default address selection policy table set by 1359.Xr ip6addrctl 8 1360will be IPv6-preferred. 1361.Pp 1362If the variable is 1363.Dq Li NO , 1364the default address selection policy table set by 1365.Xr ip6addrctl 8 1366will be IPv4-preferred. 1367.It Va ipv6_activate_all_interfaces 1368.Pq Vt bool 1369This controls initial configuration on IPv6-capable 1370interfaces with no corresponding 1371.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1372variable. 1373Note that it is not always necessary to set this variable to 1374.Dq YES 1375to use IPv6 functionality on 1376.Fx . 1377In most cases, just configuring 1378.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1379variables works. 1380.Pp 1381If the variable is 1382.Dq Li NO , 1383all interfaces which do not have a corresponding 1384.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1385variable will be marked as 1386.Dq Li IFDISABLED 1387at creation. 1388This means that all of IPv6 functionality on that interface 1389is completely disabled to enforce a security policy. 1390If the variable is set to 1391.Dq YES , 1392the flag will be cleared on all of the interfaces. 1393.Pp 1394In most cases, just defining an 1395.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1396for an IPv6-capable interface should be sufficient. 1397However, if an interface is added dynamically 1398.Pq by some tunneling protocols such as PPP, for example , 1399it is often difficult to define the variable in advance. 1400In such a case, configuring the 1401.Dq Li IFDISABLED 1402flag can be disabled by setting this variable to 1403.Dq YES . 1404.Pp 1405For more details of the 1406.Dq Li IFDISABLED 1407flag and keywords 1408.Dq Li inet6 ifdisabled , 1409see 1410.Xr ifconfig 8 . 1411.Pp 1412Default is 1413.Dq Li NO . 1414.It Va ipv6_privacy 1415.Pq Vt bool 1416If the variable is 1417.Dq Li YES 1418privacy addresses will be generated for each IPv6 1419interface as described in RFC 4941. 1420.It Va ipv6_network_interfaces 1421.Pq Vt str 1422This is the IPv6 equivalent of 1423.Va network_interfaces . 1424Normally manual configuration of this variable is not needed. 1425.Pp 1426.It Va ipv6_cpe_wanif 1427.Pq Vt str 1428If the variable is set to an interface name, 1429the 1430.Xr ifconfig 8 1431options 1432.Dq inet6 -no_radr accept_rtadv 1433will be added to the specified interface automatically before evaluating 1434.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1435and two 1436.Xr sysctl 8 1437variables 1438.Va net.inet6.ip6.rfc6204w3 1439and 1440.Va net.inet6.ip6.no_radr 1441will be set to 1. 1442.Pp 1443This means the specified interface will accept ICMPv6 Router 1444Advertisement messages on that link and add the discovered 1445routers into the Default Router List. 1446While the other interfaces can still accept RA messages if the 1447.Dq inet6 accept_rtadv 1448option is specified, adding 1449routes into the Default Router List will be disabled by 1450.Dq inet6 no_radr 1451option by default. 1452See 1453.Xr ifconfig 8 1454for more details. 1455.Pp 1456Note that ICMPv6 Router Advertisement messages will be 1457accepted even when 1458.Va net.inet6.ip6.forwarding 1459is 1 1460.Pq packet forwarding is enabled 1461when 1462.Va net.inet6.ip6.rfc6204w3 1463is set to 1. 1464.Pp 1465Default is 1466.Dq Li NO . 1467.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1468.Pq Vt str 1469IPv6 functionality on an interface should be configured by 1470.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1471instead of setting ifconfig parameters in 1472.Va ifconfig_ Ns Aq Ar interface . 1473If this variable is empty, all of IPv6 configurations on the 1474specified interface by other variables such as 1475.Va ipv6_prefix_ Ns Ao Ar interface Ac 1476will be ignored. 1477.Pp 1478Aliases should be set by 1479.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1480with 1481.Dq Li inet6 1482keyword. 1483For example: 1484.Bd -literal 1485ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1486ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1487.Ed 1488.Pp 1489Interfaces that have an 1490.Dq Li inet6 accept_rtadv 1491keyword in 1492.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1493setting will be automatically configured by SLAAC 1494.Pq StateLess Address AutoConfiguration 1495described in 1496.Rs 1497.%T "RFC 4862" 1498.Re 1499.Pp 1500Note that a link-local address will be automatically configured in 1501addition to the configured global-scope addresses because the IPv6 1502specifications require it on each link. 1503The address is calculated from the MAC address by using an algorithm 1504defined in 1505.Rs 1506.%T "RFC 4862" 1507.%O "Section 5.3" 1508.Re 1509.Pp 1510If only a link-local address is needed on the interface, 1511the following configuration can be used: 1512.Bd -literal 1513ifconfig_ed0_ipv6="inet6 auto_linklocal" 1514.Ed 1515.Pp 1516A link-local address can also be configured manually. 1517This is useful for the default router address of an IPv6 router 1518so that it does not change when the network interface 1519card is replaced. 1520For example: 1521.Bd -literal 1522ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1523.Ed 1524.It Va ipv6_prefix_ Ns Aq Ar interface 1525.Pq Vt str 1526If one or more prefixes are defined in 1527.Va ipv6_prefix_ Ns Aq Ar interface 1528addresses based on each prefix and the EUI-64 interface index will be 1529configured on that interface. 1530Note that this variable will be ignored when 1531.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1532is empty. 1533.Pp 1534For example, the following configuration 1535.Bd -literal 1536ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1537.Ed 1538.Pp 1539is equivalent to the following: 1540.Bd -literal 1541ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1542ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1543ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1544ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1545.Ed 1546.Pp 1547These Subnet-Router anycast addresses will be added only when 1548.Va ipv6_gateway_enable 1549is YES. 1550.It Va ipv6_default_interface 1551.Pq Vt str 1552If not set to 1553.Dq Li NO , 1554this is the default output interface for scoped addresses. 1555This works only with ipv6_gateway_enable="NO". 1556.It Va ip6addrctl_enable 1557.Pq Vt bool 1558This variable is to enable configuring default address selection policy table 1559.Pq RFC 3484 . 1560The table can be specified in another variable 1561.Va ip6addrctl_policy . 1562For 1563.Va ip6addrctl_policy 1564the following keywords can be specified: 1565.Dq Li ipv4_prefer , 1566.Dq Li ipv6_prefer , 1567or 1568.Dq Li AUTO . 1569.Pp 1570If 1571.Dq Li ipv4_prefer 1572or 1573.Dq Li ipv6_prefer 1574is specified, 1575.Xr ip6addrctl 8 1576installs a pre-defined policy table described in Section 2.1 1577.Pq IPv6-preferred 1578or 10.3 1579.Pq IPv4-preferred 1580of RFC 3484. 1581.Pp 1582If 1583.Dq Li AUTO 1584is specified, it attempts to read a file 1585.Pa /etc/ip6addrctl.conf 1586first. 1587If this file is found, 1588.Xr ip6addrctl 8 1589reads and installs it. 1590If not found, a policy is automatically set 1591according to 1592.Va ipv6_activate_all_interfaces 1593variable; if the variable is set to 1594.Dq Li YES 1595the IPv6-preferred one is used. 1596Otherwise IPv4-preferred. 1597.Pp 1598The default value of 1599.Va ip6addrctl_enable 1600and 1601.Va ip6addrctl_policy 1602are 1603.Dq Li YES 1604and 1605.Dq Li AUTO , 1606respectively. 1607.It Va cloned_interfaces 1608.Pq Vt str 1609Set to the list of clonable network interfaces to create on this host. 1610Further cloning arguments may be passed to the 1611.Xr ifconfig 8 1612.Cm create 1613command for each interface by setting the 1614.Va create_args_ Ns Aq Ar interface 1615variable. 1616Entries in 1617.Va cloned_interfaces 1618are automatically appended to 1619.Va network_interfaces 1620for configuration. 1621.It Va fec_interfaces 1622.Pq Vt str 1623Set to the list of 1624.Xr ng_fec 4 1625Fast EtherChannel interfaces to configure on this host. 1626A 1627.Va fecconfig_ Ns Aq Ar interface 1628variable is assumed to exist for each value of 1629.Ar interface . 1630The value of this variable is used to configure link aggregated interfaces 1631according to the syntax of the 1632.Cm NGM_FEC_ADD_IFACE 1633to 1634.Xr ngctl 8 1635msg. 1636Additionally, this option ensures that each listed interface is created 1637via the 1638.Cm mkpeer 1639command to 1640.Xr ngctl 8 1641before attempting to configure it. 1642For example: 1643.Bd -literal 1644fec_interfaces="fec0" 1645fecconfig_fec0="em0 em1" 1646ifconfig_fec0="DHCP" 1647.Ed 1648.It Va gif_interfaces 1649.Pq Vt str 1650Set to the list of 1651.Xr gif 4 1652tunnel interfaces to configure on this host. 1653A 1654.Va gifconfig_ Ns Aq Ar interface 1655variable is assumed to exist for each value of 1656.Ar interface . 1657The value of this variable is used to configure the link layer of the 1658tunnel according to the syntax of the 1659.Cm tunnel 1660option to 1661.Xr ifconfig 8 . 1662Additionally, this option ensures that each listed interface is created 1663via the 1664.Cm create 1665option to 1666.Xr ifconfig 8 1667before attempting to configure it. 1668.It Va sppp_interfaces 1669.Pq Vt str 1670Set to the list of 1671.Xr sppp 4 1672interfaces to configure on this host. 1673A 1674.Va spppconfig_ Ns Aq Ar interface 1675variable is assumed to exist for each value of 1676.Ar interface . 1677Each interface should also be configured by a general 1678.Va ifconfig_ Ns Aq Ar interface 1679setting. 1680Refer to 1681.Xr spppcontrol 8 1682for more information about available options. 1683.It Va ppp_enable 1684.Pq Vt bool 1685If set to 1686.Dq Li YES , 1687run the 1688.Xr ppp 8 1689daemon. 1690.It Va ppp_profile 1691.Pq Vt str 1692The name of the profile to use from 1693.Pa /etc/ppp/ppp.conf . 1694Also used for per-profile overrides of 1695.Va ppp_mode 1696and 1697.Va ppp_nat , 1698and 1699.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1700When the profile name contains any of the characters 1701.Dq Li .-/+ 1702they are translated to 1703.Dq Li _ 1704for the proposes of the override variable names. 1705.It Va ppp_mode 1706.Pq Vt str 1707Mode in which to run the 1708.Xr ppp 8 1709daemon. 1710.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1711.Pq Vt str 1712Overrides the global 1713.Va ppp_mode 1714for 1715.Ar profile . 1716Accepted modes are 1717.Dq Li auto , 1718.Dq Li ddial , 1719.Dq Li direct 1720and 1721.Dq Li dedicated . 1722See the manual for a full description. 1723.It Va ppp_nat 1724.Pq Vt bool 1725If set to 1726.Dq Li YES , 1727enables network address translation. 1728Used in conjunction with 1729.Va gateway_enable 1730allows hosts on private network addresses access to the Internet using 1731this host as a network address translating router. 1732.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1733.Pq Vt str 1734Overrides the global 1735.Va ppp_nat 1736for 1737.Ar profile . 1738.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1739.Pq Vt int 1740Set the unit number to be used for this profile. 1741See the manual description of 1742.Fl unit Ns Ar N 1743for details. 1744.It Va ppp_user 1745.Pq Vt str 1746The name of the user under which 1747.Xr ppp 8 1748should be started. 1749By 1750default, 1751.Xr ppp 8 1752is started as 1753.Dq Li root . 1754.It Va rc_conf_files 1755.Pq Vt str 1756This option is used to specify a list of files that will override 1757the settings in 1758.Pa /etc/defaults/rc.conf . 1759The files will be read in the order in which they are specified and should 1760include the full path to the file. 1761By default, the files specified are 1762.Pa /etc/rc.conf 1763and 1764.Pa /etc/rc.conf.local 1765.It Va zfs_enable 1766.Pq Vt bool 1767If set to 1768.Dq Li YES , 1769.Pa /etc/rc.d/zfs 1770will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1771(ZVOLs). 1772.It Va gptboot_enable 1773.Pq Vt bool 1774If set to 1775.Dq Li YES , 1776.Pa /etc/rc.d/gptboot 1777will log if the system successfully (or not) booted from a GPT partition, 1778which had the 1779.Ar bootonce 1780attribute set using 1781.Xr gpart 8 1782utility. 1783.It Va gbde_autoattach_all 1784.Pq Vt bool 1785If set to 1786.Dq Li YES , 1787.Pa /etc/rc.d/gbde 1788will attempt to automatically initialize your .bde devices in 1789.Pa /etc/fstab . 1790.It Va gbde_devices 1791.Pq Vt str 1792List the devices that the script should try to attach, 1793or 1794.Dq Li AUTO . 1795.It Va gbde_lockdir 1796.Pq Vt str 1797The directory where the 1798.Xr gbde 4 1799lockfiles are located. 1800The default lockfile directory is 1801.Pa /etc . 1802.Pp 1803The lockfile for each individual 1804.Xr gbde 4 1805device can be overridden by setting the variable 1806.Va gbde_lock_ Ns Aq Ar device , 1807where 1808.Ar device 1809is the encrypted device without the 1810.Dq Pa /dev/ 1811and 1812.Dq Pa .bde 1813parts. 1814.It Va gbde_attach_attempts 1815.Pq Vt int 1816Number of times to attempt attaching to a 1817.Xr gbde 4 1818device, i.e., how many times the user is asked for the pass-phrase. 1819Default is 3. 1820.It Va geli_devices 1821.Pq Vt str 1822List of devices to automatically attach on boot. 1823Note that .eli devices from 1824.Pa /etc/fstab 1825are automatically appended to this list. 1826.It Va geli_tries 1827.Pq Vt int 1828Number of times user is asked for the pass-phrase. 1829If empty, it will be taken from 1830.Va kern.geom.eli.tries 1831sysctl variable. 1832.It Va geli_default_flags 1833.Pq Vt str 1834Default flags to use by 1835.Xr geli 8 1836when configuring disk encryption. 1837Flags can be configured for every device separately by defining 1838.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1839variable. 1840.It Va geli_autodetach 1841.Pq Vt str 1842Specifies if GELI devices should be marked for detach on last close after 1843file systems are mounted. 1844Default is 1845.Dq Li YES . 1846This can be changed for every device separately by defining 1847.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1848variable. 1849.It Va geli_swap_flags 1850Options passed to the 1851.Xr geli 8 1852utility when encrypted GEOM providers for swap partitions are created. 1853The default is 1854.Dq Li "-e aes -l 256 -s 4096 -d" . 1855.It Va root_rw_mount 1856.Pq Vt bool 1857Set to 1858.Dq Li YES 1859by default. 1860After the file systems are checked at boot time, the root file system 1861is remounted as read-write if this is set to 1862.Dq Li YES . 1863Diskless systems that mount their root file system from a read-only remote 1864NFS share should set this to 1865.Dq Li NO 1866in their 1867.Pa rc.conf . 1868.It Va fsck_y_enable 1869.Pq Vt bool 1870If set to 1871.Dq Li YES , 1872.Xr fsck 8 1873will be run with the 1874.Fl y 1875flag if the initial preen 1876of the file systems fails. 1877.It Va background_fsck 1878.Pq Vt bool 1879If set to 1880.Dq Li YES , 1881the system will attempt to run 1882.Xr fsck 8 1883in the background where possible. 1884.It Va background_fsck_delay 1885.Pq Vt int 1886The amount of time in seconds to sleep before starting a background 1887.Xr fsck 8 . 1888It defaults to sixty seconds to allow large applications such as 1889the X server to start before disk I/O bandwidth is monopolized by 1890.Xr fsck 8 . 1891If set to a negative number, the background file system check will be 1892delayed indefinitely to allow the administrator to run it at a more 1893convenient time. 1894For example it may be run from 1895.Xr cron 8 1896by adding a line like 1897.Pp 1898.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1899.Pp 1900to 1901.Pa /etc/crontab . 1902.It Va netfs_types 1903.Pq Vt str 1904List of file system types that are network-based. 1905This list should generally not be modified by end users. 1906Use 1907.Va extra_netfs_types 1908instead. 1909.It Va extra_netfs_types 1910.Pq Vt str 1911If set to something other than 1912.Dq Li NO 1913(the default), 1914this variable extends the list of file system types 1915for which automatic mounting at startup by 1916.Xr rc 8 1917should be delayed until the network is initialized. 1918It should contain 1919a whitespace-separated list of network file system descriptor pairs, 1920each consisting of a file system type as passed to 1921.Xr mount 8 1922and a human-readable, one-word description, 1923joined with a colon 1924.Pq Ql \&: . 1925Extending the default list in this way is only necessary 1926when third party file system types are used. 1927.It Va syslogd_enable 1928.Pq Vt bool 1929If set to 1930.Dq Li YES , 1931run the 1932.Xr syslogd 8 1933daemon. 1934.It Va syslogd_program 1935.Pq Vt str 1936Path to 1937.Xr syslogd 8 1938(default 1939.Pa /usr/sbin/syslogd ) . 1940.It Va syslogd_flags 1941.Pq Vt str 1942If 1943.Va syslogd_enable 1944is set to 1945.Dq Li YES , 1946these are the flags to pass to 1947.Xr syslogd 8 . 1948.It Va inetd_enable 1949.Pq Vt bool 1950If set to 1951.Dq Li YES , 1952run the 1953.Xr inetd 8 1954daemon. 1955.It Va inetd_program 1956.Pq Vt str 1957Path to 1958.Xr inetd 8 1959(default 1960.Pa /usr/sbin/inetd ) . 1961.It Va inetd_flags 1962.Pq Vt str 1963If 1964.Va inetd_enable 1965is set to 1966.Dq Li YES , 1967these are the flags to pass to 1968.Xr inetd 8 . 1969.It Va hastd_enable 1970.Pq Vt bool 1971If set to 1972.Dq Li YES , 1973run the 1974.Xr hastd 8 1975daemon. 1976.It Va hastd_program 1977.Pq Vt str 1978Path to 1979.Xr hastd 8 1980(default 1981.Pa /sbin/hastd ) . 1982.It Va hastd_flags 1983.Pq Vt str 1984If 1985.Va hastd_enable 1986is set to 1987.Dq Li YES , 1988these are the flags to pass to 1989.Xr hastd 8 . 1990.It Va named_enable 1991.Pq Vt bool 1992If set to 1993.Dq Li YES , 1994run the 1995.Xr named 8 1996daemon. 1997.It Va named_program 1998.Pq Vt str 1999Path to 2000.Xr named 8 2001(default 2002.Pa /usr/sbin/named ) . 2003.It Va named_conf 2004.Pq Vt str 2005Path to 2006.Xr named 8 2007configuration file, (default 2008.Pa /etc/namedb/named.conf ) . 2009.It Va named_flags 2010.Pq Vt str 2011If 2012.Va named_enable 2013is set to 2014.Dq Li YES , 2015these are the flags to pass to 2016.Xr named 8 . 2017.It Va named_uid 2018.Pq Vt str 2019The user that the 2020.Xr named 8 2021process should be run as. 2022.It Va named_chrootdir 2023.Pq Vt str 2024The root directory for a name server run in a 2025.Xr chroot 8 2026environment (default 2027.Pa /var/named ) . 2028If left empty 2029.Xr named 8 2030will not be run in a 2031.Xr chroot 8 2032environment. 2033.It Va named_chroot_autoupdate 2034.Pq Vt bool 2035Set to 2036.Dq Li NO 2037to disable automatic update of the 2038.Xr chroot 8 2039environment. 2040.It Va named_symlink_enable 2041.Pq Vt bool 2042Set to 2043.Dq Li NO 2044to disable symlinking of 2045daemon's PID file 2046into the 2047.Xr chroot 8 2048environment. 2049.It Va named_wait 2050.Pq Vt bool 2051Set to have 2052.Pa /etc/rc.d/named 2053loop until working name service is established. 2054.It Va named_wait_host 2055.Pq Vt str 2056Name of host to lookup for the named_wait option. 2057(Default localhost) 2058.It Va named_auto_forward 2059.Pq Vt bool 2060Set to enable automatic creation of a forwarder 2061configuration file derived from 2062.Pa /etc/resolv.conf . 2063.It Va named_auto_forward_only 2064.Pq Vt bool 2065Set to change the default forwarder configuration from 2066.Dq forward first 2067to 2068.Dq forward only . 2069.It Va kerberos5_server_enable 2070.Pq Vt bool 2071Set to 2072.Dq Li YES 2073to start a Kerberos 5 authentication server 2074at boot time. 2075.It Va kerberos5_server 2076.Pq Vt str 2077If 2078.Va kerberos5_server_enable 2079is set to 2080.Dq Li YES 2081this is the path to Kerberos 5 Authentication Server. 2082.It Va kerberos5_server_flags 2083.Pq Vt str 2084Empty by default. 2085This variable contains additional flags to be passed to the Kerberos 5 2086authentication server. 2087.It Va kadmind5_server_enable 2088.Pq Vt bool 2089Set to 2090.Dq Li YES 2091to start 2092.Xr kadmind 8 , 2093the Kerberos 5 Administration Daemon; set to 2094.Dq Li NO 2095on a slave server. 2096.It Va kadmind5_server 2097.Pq Vt str 2098If 2099.Va kadmind5_server_enable 2100is set to 2101.Dq Li YES 2102this is the path to Kerberos 5 Administration Daemon. 2103.It Va kpasswdd_server_enable 2104.Pq Vt bool 2105Set to 2106.Dq Li YES 2107to start 2108.Xr kpasswdd 8 , 2109the Kerberos 5 Password-Changing Daemon; set to 2110.Dq Li NO 2111on a slave server. 2112.It Va kpasswdd_server 2113.Pq Vt str 2114If 2115.Va kpasswdd_server_enable 2116is set to 2117.Dq Li YES 2118this is the path to Kerberos 5 Password-Changing Daemon. 2119.It Va kfd_enable 2120.Pq Vt bool 2121Set to 2122.Dq Li YES 2123to start 2124.Xr kfd 8 , 2125the Kerberos 5 ticket forwarding daemon, at the boot time. 2126.It Va kfd_program 2127.Pq Vt str 2128Path to 2129.Xr kfd 8 2130(default 2131.Pa /usr/libexec/kfd ) . 2132.It Va rwhod_enable 2133.Pq Vt bool 2134If set to 2135.Dq Li YES , 2136run the 2137.Xr rwhod 8 2138daemon at boot time. 2139.It Va rwhod_flags 2140.Pq Vt str 2141If 2142.Va rwhod_enable 2143is set to 2144.Dq Li YES , 2145these are the flags to pass to it. 2146.It Va amd_enable 2147.Pq Vt bool 2148If set to 2149.Dq Li YES , 2150run the 2151.Xr amd 8 2152daemon at boot time. 2153.It Va amd_flags 2154.Pq Vt str 2155If 2156.Va amd_enable 2157is set to 2158.Dq Li YES , 2159these are the flags to pass to it. 2160See the 2161.Xr amd 8 2162manpage for more information. 2163.It Va amd_map_program 2164.Pq Vt str 2165If set, 2166the specified program is run to get the list of 2167.Xr amd 8 2168maps. 2169For example, if the 2170.Xr amd 8 2171maps are stored in NIS, one can set this to 2172run 2173.Xr ypcat 1 2174to get a list of 2175.Xr amd 8 2176maps from the 2177.Pa amd.master 2178NIS map. 2179.It Va update_motd 2180.Pq Vt bool 2181If set to 2182.Dq Li YES , 2183.Pa /etc/motd 2184will be updated at boot time to reflect the kernel release 2185being run. 2186If set to 2187.Dq Li NO , 2188.Pa /etc/motd 2189will not be updated. 2190.It Va nfs_client_enable 2191.Pq Vt bool 2192If set to 2193.Dq Li YES , 2194run the NFS client daemons at boot time. 2195.It Va nfs_access_cache 2196.Pq Vt int 2197If 2198.Va nfs_client_enable 2199is set to 2200.Dq Li YES , 2201this can be set to 2202.Dq Li 0 2203to disable NFS ACCESS RPC caching, or to the number of seconds for which 2204NFS ACCESS 2205results should be cached. 2206A value of 2-10 seconds will substantially reduce network 2207traffic for many NFS operations. 2208.It Va nfs_server_enable 2209.Pq Vt bool 2210If set to 2211.Dq Li YES , 2212run the NFS server daemons at boot time. 2213.It Va nfs_server_flags 2214.Pq Vt str 2215If 2216.Va nfs_server_enable 2217is set to 2218.Dq Li YES , 2219these are the flags to pass to the 2220.Xr nfsd 8 2221daemon. 2222.It Va nfsv4_server_enable 2223.Pq Vt bool 2224If 2225.Va nfs_server_enable 2226is set to 2227.Dq Li YES 2228and 2229.Va nfsv4_server_enable 2230are set to 2231.Dq Li YES , 2232enable the server for NFSv4 as well as NFSv2 and NFSv3. 2233.It Va nfsuserd_enable 2234.Pq Vt bool 2235If 2236.Va nfsuserd_enable 2237is set to 2238.Dq Li YES , 2239run the nfsuserd daemon, which is needed for NFSv4 in order 2240to map between user/group names vs uid/gid numbers. 2241If 2242.Va nfsv4_server_enable 2243is set to 2244.Dq Li YES , 2245this will be forced enabled. 2246.It Va nfsuserd_flags 2247.Pq Vt str 2248If 2249.Va nfsuserd_enable 2250is set to 2251.Dq Li YES , 2252these are the flags to pass to the 2253.Xr nfsuserd 8 2254daemon. 2255.It Va nfscbd_enable 2256.Pq Vt bool 2257If 2258.Va nfscbd_enable 2259is set to 2260.Dq Li YES , 2261run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2262.It Va nfscbd_flags 2263.Pq Vt str 2264If 2265.Va nfscbd_enable 2266is set to 2267.Dq Li YES , 2268these are the flags to pass to the 2269.Xr nfscbd 8 2270daemon. 2271.It Va oldnfs_server_enable 2272.Pq Vt bool 2273If 2274.Va oldnfs_server_enable 2275is set to 2276.Dq Li YES , 2277force the NFS server daemons to run the old NFS server code 2278that does not support NFSv4. 2279.It Va mountd_enable 2280.Pq Vt bool 2281If set to 2282.Dq Li YES , 2283and no 2284.Va nfs_server_enable 2285is set, start 2286.Xr mountd 8 , 2287but not 2288.Xr nfsd 8 2289daemon. 2290It is commonly needed to run CFS without real NFS used. 2291.It Va mountd_flags 2292.Pq Vt str 2293If 2294.Va mountd_enable 2295is set to 2296.Dq Li YES , 2297these are the flags to pass to the 2298.Xr mountd 8 2299daemon. 2300.It Va weak_mountd_authentication 2301.Pq Vt bool 2302If set to 2303.Dq Li YES , 2304allow services like PCNFSD to make non-privileged mount 2305requests. 2306.It Va nfs_reserved_port_only 2307.Pq Vt bool 2308If set to 2309.Dq Li YES , 2310provide NFS services only on a secure port. 2311.It Va nfs_bufpackets 2312.Pq Vt int 2313If set to a number, indicates the number of packets worth of 2314socket buffer space to reserve on an NFS client. 2315The kernel default is typically 4. 2316Using a higher number may be 2317useful on gigabit networks to improve performance. 2318The minimum value is 23192 and the maximum is 64. 2320.It Va rpc_lockd_enable 2321.Pq Vt bool 2322If set to 2323.Dq Li YES 2324and also an NFS server or client, run 2325.Xr rpc.lockd 8 2326at boot time. 2327.It Va rpc_lockd_flags 2328.Pq Vt str 2329If 2330.Va rpc_lockd_enable 2331is set to 2332.Dq Li YES , 2333these are the flags to pass to the 2334.Xr rpc.lockd 8 2335daemon. 2336.It Va rpc_statd_enable 2337.Pq Vt bool 2338If set to 2339.Dq Li YES 2340and also an NFS server or client, run 2341.Xr rpc.statd 8 2342at boot time. 2343.It Va rpc_statd_flags 2344.Pq Vt str 2345If 2346.Va rpc_statd_enable 2347is set to 2348.Dq Li YES , 2349these are the flags to pass to the 2350.Xr rpc.statd 8 2351daemon. 2352.It Va rpcbind_program 2353.Pq Vt str 2354Path to 2355.Xr rpcbind 8 2356(default 2357.Pa /usr/sbin/rpcbind ) . 2358.It Va rpcbind_enable 2359.Pq Vt bool 2360If set to 2361.Dq Li YES , 2362run the 2363.Xr rpcbind 8 2364service at boot time. 2365.It Va rpcbind_flags 2366.Pq Vt str 2367If 2368.Va rpcbind_enable 2369is set to 2370.Dq Li YES , 2371these are the flags to pass to the 2372.Xr rpcbind 8 2373daemon. 2374.It Va keyserv_enable 2375.Pq Vt bool 2376If set to 2377.Dq Li YES , 2378run the 2379.Xr keyserv 8 2380daemon on boot for running Secure RPC. 2381.It Va keyserv_flags 2382.Pq Vt str 2383If 2384.Va keyserv_enable 2385is set to 2386.Dq Li YES , 2387these are the flags to pass to 2388.Xr keyserv 8 2389daemon. 2390.It Va pppoed_enable 2391.Pq Vt bool 2392If set to 2393.Dq Li YES , 2394run the 2395.Xr pppoed 8 2396daemon at boot time to provide PPP over Ethernet services. 2397.It Va pppoed_ Ns Aq Ar provider 2398.Pq Vt str 2399.Xr pppoed 8 2400listens to requests to this 2401.Ar provider 2402and ultimately runs 2403.Xr ppp 8 2404with a 2405.Ar system 2406argument of the same name. 2407.It Va pppoed_flags 2408.Pq Vt str 2409Additional flags to pass to 2410.Xr pppoed 8 . 2411.It Va pppoed_interface 2412.Pq Vt str 2413The network interface to run 2414.Xr pppoed 8 2415on. 2416This is mandatory when 2417.Va pppoed_enable 2418is set to 2419.Dq Li YES . 2420.It Va timed_enable 2421.Pq Vt bool 2422If set to 2423.Dq Li YES , 2424run the 2425.Xr timed 8 2426service at boot time. 2427This command is intended for networks of 2428machines where a consistent 2429.Dq "network time" 2430for all hosts must be established. 2431This is often useful in large NFS 2432environments where time stamps on files are expected to be consistent 2433network-wide. 2434.It Va timed_flags 2435.Pq Vt str 2436If 2437.Va timed_enable 2438is set to 2439.Dq Li YES , 2440these are the flags to pass to the 2441.Xr timed 8 2442service. 2443.It Va ntpdate_enable 2444.Pq Vt bool 2445If set to 2446.Dq Li YES , 2447run 2448.Xr ntpdate 8 2449at system startup. 2450This command is intended to 2451synchronize the system clock only 2452.Em once 2453from some standard reference. 2454.It Va ntpdate_config 2455.Pq Vt str 2456Configuration file for 2457.Xr ntpdate 8 . 2458Default 2459.Pa /etc/ntp.conf . 2460.It Va ntpdate_hosts 2461.Pq Vt str 2462A whitespace-separated list of NTP servers to synchronize with at startup. 2463The default is to use the servers listed in 2464.Va ntpdate_config , 2465if that file exists. 2466.It Va ntpdate_program 2467.Pq Vt str 2468Path to 2469.Xr ntpdate 8 2470(default 2471.Pa /usr/sbin/ntpdate ) . 2472.It Va ntpdate_flags 2473.Pq Vt str 2474If 2475.Va ntpdate_enable 2476is set to 2477.Dq Li YES , 2478these are the flags to pass to the 2479.Xr ntpdate 8 2480command (typically a hostname). 2481.It Va ntpd_enable 2482.Pq Vt bool 2483If set to 2484.Dq Li YES , 2485run the 2486.Xr ntpd 8 2487command at boot time. 2488.It Va ntpd_program 2489.Pq Vt str 2490Path to 2491.Xr ntpd 8 2492(default 2493.Pa /usr/sbin/ntpd ) . 2494.It Va ntpd_config 2495.Pq Vt str 2496Path to 2497.Xr ntpd 8 2498configuration file. 2499Default 2500.Pa /etc/ntp.conf . 2501.It Va ntpd_flags 2502.Pq Vt str 2503If 2504.Va ntpd_enable 2505is set to 2506.Dq Li YES , 2507these are the flags to pass to the 2508.Xr ntpd 8 2509daemon. 2510.It Va ntpd_sync_on_start 2511.Pq Vt bool 2512If set to 2513.Dq Li YES , 2514.Xr ntpd 8 2515is run with the 2516.Fl g 2517flag, which syncs the system's clock on startup. 2518See 2519.Xr ntpd 8 2520for more information regarding the 2521.Fl g 2522option. 2523This is a preferred alternative to using 2524.Xr ntpdate 8 2525or specifying the 2526.Va ntpdate_enable 2527variable. 2528.It Va nis_client_enable 2529.Pq Vt bool 2530If set to 2531.Dq Li YES , 2532run the 2533.Xr ypbind 8 2534service at system boot time. 2535.It Va nis_client_flags 2536.Pq Vt str 2537If 2538.Va nis_client_enable 2539is set to 2540.Dq Li YES , 2541these are the flags to pass to the 2542.Xr ypbind 8 2543service. 2544.It Va nis_ypset_enable 2545.Pq Vt bool 2546If set to 2547.Dq Li YES , 2548run the 2549.Xr ypset 8 2550daemon at system boot time. 2551.It Va nis_ypset_flags 2552.Pq Vt str 2553If 2554.Va nis_ypset_enable 2555is set to 2556.Dq Li YES , 2557these are the flags to pass to the 2558.Xr ypset 8 2559daemon. 2560.It Va nis_server_enable 2561.Pq Vt bool 2562If set to 2563.Dq Li YES , 2564run the 2565.Xr ypserv 8 2566daemon at system boot time. 2567.It Va nis_server_flags 2568.Pq Vt str 2569If 2570.Va nis_server_enable 2571is set to 2572.Dq Li YES , 2573these are the flags to pass to the 2574.Xr ypserv 8 2575daemon. 2576.It Va nis_ypxfrd_enable 2577.Pq Vt bool 2578If set to 2579.Dq Li YES , 2580run the 2581.Xr rpc.ypxfrd 8 2582daemon at system boot time. 2583.It Va nis_ypxfrd_flags 2584.Pq Vt str 2585If 2586.Va nis_ypxfrd_enable 2587is set to 2588.Dq Li YES , 2589these are the flags to pass to the 2590.Xr rpc.ypxfrd 8 2591daemon. 2592.It Va nis_yppasswdd_enable 2593.Pq Vt bool 2594If set to 2595.Dq Li YES , 2596run the 2597.Xr rpc.yppasswdd 8 2598daemon at system boot time. 2599.It Va nis_yppasswdd_flags 2600.Pq Vt str 2601If 2602.Va nis_yppasswdd_enable 2603is set to 2604.Dq Li YES , 2605these are the flags to pass to the 2606.Xr rpc.yppasswdd 8 2607daemon. 2608.It Va rpc_ypupdated_enable 2609.Pq Vt bool 2610If set to 2611.Dq Li YES , 2612run the 2613.Nm rpc.ypupdated 2614daemon at system boot time. 2615.It Va bsnmpd_enable 2616.Pq Vt bool 2617If set to 2618.Dq Li YES , 2619run the 2620.Xr bsnmpd 1 2621daemon at system boot time. 2622Be sure to understand the security implications of running SNMP daemon 2623on your host. 2624.It Va bsnmpd_flags 2625.Pq Vt str 2626If 2627.Va bsnmpd_enable 2628is set to 2629.Dq Li YES , 2630these are the flags to pass to the 2631.Xr bsnmpd 1 2632daemon. 2633.It Va defaultrouter 2634.Pq Vt str 2635If not set to 2636.Dq Li NO , 2637create a default route to this host name or IP address 2638(use an IP address if this router is also required to get to the 2639name server!). 2640.It Va ipv6_defaultrouter 2641.Pq Vt str 2642The IPv6 equivalent of 2643.Va defaultrouter . 2644.It Va static_arp_pairs 2645.Pq Vt str 2646Set to the list of static ARP pairs that are to be added at system 2647boot time. 2648For each whitespace separated 2649.Ar element 2650in the value, a 2651.Va static_arp_ Ns Aq Ar element 2652variable is assumed to exist whose contents will later be passed to a 2653.Dq Nm arp Cm -S 2654operation. 2655For example 2656.Bd -literal 2657static_arp_pairs="gw" 2658static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2659.Ed 2660.It Va static_ndp_pairs 2661.Pq Vt str 2662Set to the list of static NDP pairs that are to be added at system 2663boot time. 2664For each whitespace separated 2665.Ar element 2666in the value, a 2667.Va static_ndp_ Ns Aq Ar element 2668variable is assumed to exist whose contents will later be passed to a 2669.Dq Nm ndp Cm -s 2670operation. 2671For example 2672.Bd -literal 2673static_ndp_pairs="gw" 2674static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2675.Ed 2676.It Va static_routes 2677.Pq Vt str 2678Set to the list of static routes that are to be added at system 2679boot time. 2680If not set to 2681.Dq Li NO 2682then for each whitespace separated 2683.Ar element 2684in the value, a 2685.Va route_ Ns Aq Ar element 2686variable is assumed to exist 2687whose contents will later be passed to a 2688.Dq Nm route Cm add 2689operation. 2690For example: 2691.Bd -literal 2692static_routes="mcast gif0local" 2693route_mcast="-net 224.0.0.0/4 -iface gif0" 2694route_gif0local="-host 169.254.1.1 -iface lo0" 2695.Ed 2696.It Va ipv6_static_routes 2697.Pq Vt str 2698The IPv6 equivalent of 2699.Va static_routes . 2700If not set to 2701.Dq Li NO 2702then for each whitespace separated 2703.Ar element 2704in the value, a 2705.Va ipv6_route_ Ns Aq Ar element 2706variable is assumed to exist 2707whose contents will later be passed to a 2708.Dq Nm route Cm add Fl inet6 2709operation. 2710.It Va natm_static_routes 2711.Pq Vt str 2712The 2713.Xr natmip 4 2714equivalent of 2715.Va static_routes . 2716If not empty then for each whitespace separated 2717.Ar element 2718in the value, a 2719.Va route_ Ns Aq Ar element 2720variable is assumed to exist whose contents will later be passed to a 2721.Dq Nm atmconfig Cm natm Cm add 2722operation. 2723.It Va gateway_enable 2724.Pq Vt bool 2725If set to 2726.Dq Li YES , 2727configure host to act as an IP router, e.g.\& to forward packets 2728between interfaces. 2729.It Va ipv6_gateway_enable 2730.Pq Vt bool 2731The IPv6 equivalent of 2732.Va gateway_enable . 2733.It Va routed_enable 2734.Pq Vt bool 2735If set to 2736.Dq Li YES , 2737run a routing daemon of some sort, based on the 2738settings of 2739.Va routed_program 2740and 2741.Va routed_flags . 2742.It Va route6d_enable 2743.Pq Vt bool 2744The IPv6 equivalent of 2745.Va routed_enable . 2746If set to 2747.Dq Li YES , 2748run a routing daemon of some sort, based on the 2749settings of 2750.Va route6d_program 2751and 2752.Va route6d_flags . 2753.It Va routed_program 2754.Pq Vt str 2755If 2756.Va routed_enable 2757is set to 2758.Dq Li YES , 2759this is the name of the routing daemon to use. 2760.It Va route6d_program 2761.Pq Vt str 2762The IPv6 equivalent of 2763.Va routed_program . 2764.It Va routed_flags 2765.Pq Vt str 2766If 2767.Va routed_enable 2768is set to 2769.Dq Li YES , 2770these are the flags to pass to the routing daemon. 2771.It Va route6d_flags 2772.Pq Vt str 2773The IPv6 equivalent of 2774.Va routed_flags . 2775.It Va mrouted_enable 2776.Pq Vt bool 2777If set to 2778.Dq Li YES , 2779run the multicast routing daemon, 2780.Xr mrouted 8 . 2781.It Va mroute6d_enable 2782.Pq Vt bool 2783The IPv6 equivalent of 2784.Va mrouted_enable . 2785If set to 2786.Dq Li YES , 2787run the IPv6 multicast routing daemon. 2788.Pp 2789Note that multicast routing daemons are no longer included in the 2790.Fx 2791base system, however, both 2792.Xr mrouted 8 2793and 2794.Xr pim6dd 8 2795may be installed from the 2796.Fx 2797Ports Collection. 2798.It Va mrouted_flags 2799.Pq Vt str 2800If 2801.Va mrouted_enable 2802is set to 2803.Dq Li YES , 2804these are the flags to pass to the 2805.Xr mrouted 8 2806daemon. 2807.It Va mroute6d_flags 2808.Pq Vt str 2809The IPv6 equivalent of 2810.Va mrouted_flags . 2811If 2812.Va mroute6d_enable 2813is set to 2814.Dq Li YES , 2815these are the flags passed to the IPv6 multicast routing daemon. 2816.It Va mroute6d_program 2817.Pq Vt str 2818If 2819.Va mroute6d_enable 2820is set to 2821.Dq Li YES , 2822this is the path to the IPv6 multicast routing daemon. 2823.It Va rtadvd_enable 2824.Pq Vt bool 2825If set to 2826.Dq Li YES , 2827run the 2828.Xr rtadvd 8 2829daemon at boot time. 2830The 2831.Xr rtadvd 8 2832utility sends ICMPv6 Router Advertisement messages to 2833the interfaces specified in 2834.Va rtadvd_interfaces . 2835This should only be enabled with great care. 2836You may want to fine-tune 2837.Xr rtadvd.conf 5 . 2838.It Va rtadvd_interfaces 2839.Pq Vt str 2840If 2841.Va rtadvd_enable 2842is set to 2843.Dq Li YES 2844this is the list of interfaces to use. 2845.It Va ipxgateway_enable 2846.Pq Vt bool 2847If set to 2848.Dq Li YES , 2849enable the routing of IPX traffic. 2850.It Va ipxrouted_enable 2851.Pq Vt bool 2852If set to 2853.Dq Li YES , 2854run the 2855.Xr IPXrouted 8 2856daemon at system boot time. 2857.It Va ipxrouted_flags 2858.Pq Vt str 2859If 2860.Va ipxrouted_enable 2861is set to 2862.Dq Li YES , 2863these are the flags to pass to the 2864.Xr IPXrouted 8 2865daemon. 2866.It Va arpproxy_all 2867.Pq Vt bool 2868If set to 2869.Dq Li YES , 2870enable global proxy ARP. 2871.It Va forward_sourceroute 2872.Pq Vt bool 2873If set to 2874.Dq Li YES 2875and 2876.Va gateway_enable 2877is also set to 2878.Dq Li YES , 2879source-routed packets are forwarded. 2880.It Va accept_sourceroute 2881.Pq Vt bool 2882If set to 2883.Dq Li YES , 2884the system will accept source-routed packets directed at it. 2885.It Va rarpd_enable 2886.Pq Vt bool 2887If set to 2888.Dq Li YES , 2889run the 2890.Xr rarpd 8 2891daemon at system boot time. 2892.It Va rarpd_flags 2893.Pq Vt str 2894If 2895.Va rarpd_enable 2896is set to 2897.Dq Li YES , 2898these are the flags to pass to the 2899.Xr rarpd 8 2900daemon. 2901.It Va bootparamd_enable 2902.Pq Vt bool 2903If set to 2904.Dq Li YES , 2905run the 2906.Xr bootparamd 8 2907daemon at system boot time. 2908.It Va bootparamd_flags 2909.Pq Vt str 2910If 2911.Va bootparamd_enable 2912is set to 2913.Dq Li YES , 2914these are the flags to pass to the 2915.Xr bootparamd 8 2916daemon. 2917.It Va stf_interface_ipv4addr 2918.Pq Vt str 2919If not set to 2920.Dq Li NO , 2921this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2922interface). 2923Specify this entry to enable the 6to4 interface. 2924.It Va stf_interface_ipv4plen 2925.Pq Vt int 2926Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2927An effective value is 0-31. 2928.It Va stf_interface_ipv6_ifid 2929.Pq Vt str 2930IPv6 interface ID for 2931.Xr stf 4 . 2932This can be set to 2933.Dq Li AUTO . 2934.It Va stf_interface_ipv6_slaid 2935.Pq Vt str 2936IPv6 Site Level Aggregator for 2937.Xr stf 4 . 2938.It Va ipv6_faith_prefix 2939.Pq Vt str 2940If not set to 2941.Dq Li NO , 2942this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2943translator. 2944You also need 2945.Xr faithd 8 2946setup. 2947.It Va ipv6_ipv4mapping 2948.Pq Vt bool 2949If set to 2950.Dq Li YES 2951this enables IPv4 mapped IPv6 address communication (like 2952.Li ::ffff:a.b.c.d ) . 2953.It Va rtsold_enable 2954.Pq Vt bool 2955Set to 2956.Dq Li YES 2957to enable the 2958.Xr rtsold 8 2959daemon to send ICMPv6 Router Solicitation messages. 2960.It Va rtsold_flags 2961.Pq Vt str 2962If 2963.Va rtsold_enable 2964is set to 2965.Dq Li YES , 2966these are the flags to pass to 2967.Xr rtsold 8 . 2968.It Va rtsol_flags 2969.Pq Vt str 2970For interfaces configured with the 2971.Dq Li inet6 accept_rtadv 2972keyword, these are the flags to pass to 2973.Xr rtsol 8 . 2974.Pp 2975Note that 2976.Va rtsold_enable 2977is mutually exclusive to 2978.Va rtsol_flags ; 2979.Va rtsold_enable 2980takes precedence. 2981.It Va atm_enable 2982.Pq Vt bool 2983Set to 2984.Dq Li YES 2985to enable the configuration of ATM interfaces at system boot time. 2986For all of the ATM variables described below, please refer to the 2987.Xr atm 8 2988manual page for further details on the available command parameters. 2989Also refer to the files in 2990.Pa /usr/share/examples/atm 2991for more detailed configuration information. 2992.It Va atm_load 2993.Pq Vt str 2994This is a list of physical ATM interface drivers to load. 2995Typical values are 2996.Dq Li hfa_pci 2997and/or 2998.Dq Li hea_pci . 2999.It Va atm_netif_ Ns Aq Ar intf 3000.Pq Vt str 3001For the ATM physical interface 3002.Ar intf , 3003this variable defines the name prefix and count for the ATM network 3004interfaces to be created. 3005The value will be passed as the parameters of an 3006.Dq Nm atm Cm "set netif" Ar intf 3007command. 3008.It Va atm_sigmgr_ Ns Aq Ar intf 3009.Pq Vt str 3010For the ATM physical interface 3011.Ar intf , 3012this variable defines the ATM signalling manager to be used. 3013The value will be passed as the parameters of an 3014.Dq Nm atm Cm attach Ar intf 3015command. 3016.It Va atm_prefix_ Ns Aq Ar intf 3017.Pq Vt str 3018For the ATM physical interface 3019.Ar intf , 3020this variable defines the NSAP prefix for interfaces using a UNI signalling 3021manager. 3022If set to 3023.Dq Li ILMI , 3024the prefix will automatically be set via the 3025.Xr ilmid 8 3026daemon. 3027Otherwise, the value will be passed as the parameters of an 3028.Dq Nm atm Cm "set prefix" Ar intf 3029command. 3030.It Va atm_macaddr_ Ns Aq Ar intf 3031.Pq Vt str 3032For the ATM physical interface 3033.Ar intf , 3034this variable defines the MAC address for interfaces using a UNI signalling 3035manager. 3036If set to 3037.Dq Li NO , 3038the hardware MAC address contained in the ATM interface card will be used. 3039Otherwise, the value will be passed as the parameters of an 3040.Dq Nm atm Cm "set mac" Ar intf 3041command. 3042.It Va atm_arpserver_ Ns Aq Ar netif 3043.Pq Vt str 3044For the ATM network interface 3045.Ar netif , 3046this variable defines the ATM address for a host which is to provide ATMARP 3047service. 3048This variable is only applicable to interfaces using a UNI signalling 3049manager. 3050If set to 3051.Dq Li local , 3052this host will become an ATMARP server. 3053The value will be passed as the parameters of an 3054.Dq Nm atm Cm "set arpserver" Ar netif 3055command. 3056.It Va atm_scsparp_ Ns Aq Ar netif 3057.Pq Vt bool 3058If set to 3059.Dq Li YES , 3060SCSP/ATMARP service for the network interface 3061.Ar netif 3062will be initiated using the 3063.Xr scspd 8 3064and 3065.Xr atmarpd 8 3066daemons. 3067This variable is only applicable if 3068.Va atm_arpserver_ Ns Aq Ar netif 3069is set to 3070.Dq Li local . 3071.It Va atm_pvcs 3072.Pq Vt str 3073Set to the list of ATM PVCs to be added at system 3074boot time. 3075For each whitespace separated 3076.Ar element 3077in the value, an 3078.Va atm_pvc_ Ns Aq Ar element 3079variable is assumed to exist. 3080The value of each of these variables 3081will be passed as the parameters of an 3082.Dq Nm atm Cm "add pvc" 3083command. 3084.It Va atm_arps 3085.Pq Vt str 3086Set to the list of permanent ATM ARP entries to be added 3087at system boot time. 3088For each whitespace separated 3089.Ar element 3090in the value, an 3091.Va atm_arp_ Ns Aq Ar element 3092variable is assumed to exist. 3093The value of each of these variables 3094will be passed as the parameters of an 3095.Dq Nm atm Cm "add arp" 3096command. 3097.It Va natm_interfaces 3098.Pq Vt str 3099Set to the list of 3100.Xr natm 4 3101interfaces that will also be used for HARP through 3102.Xr harp 4 . 3103If this list is not empty all interfaces in the list will be brought up 3104with 3105.Xr ifconfig 8 3106and 3107.Xr harp 4 3108will be loaded. 3109For this to work the interface drivers must be either compiled into the 3110kernel or must reside on the root partition. 3111.It Va keybell 3112.Pq Vt str 3113The keyboard bell sound. 3114Set to 3115.Dq Li normal , 3116.Dq Li visual , 3117.Dq Li off , 3118or 3119.Dq Li NO 3120if the default behavior is desired. 3121For details, refer to the 3122.Xr kbdcontrol 1 3123manpage. 3124.It Va keyboard 3125.Pq Vt str 3126If set to a non-null string, the virtual console's keyboard input is 3127set to this device. 3128.It Va keymap 3129.Pq Vt str 3130If set to 3131.Dq Li NO , 3132no keymap is installed, otherwise the value is used to install 3133the keymap file in 3134.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3135.It Va keyrate 3136.Pq Vt str 3137The keyboard repeat speed. 3138Set to 3139.Dq Li slow , 3140.Dq Li normal , 3141.Dq Li fast , 3142or 3143.Dq Li NO 3144if the default behavior is desired. 3145.It Va keychange 3146.Pq Vt str 3147If not set to 3148.Dq Li NO , 3149attempt to program the function keys with the value. 3150The value should 3151be a single string of the form: 3152.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3153.It Va cursor 3154.Pq Vt str 3155Can be set to the value of 3156.Dq Li normal , 3157.Dq Li blink , 3158.Dq Li destructive , 3159or 3160.Dq Li NO 3161to set the cursor behavior explicitly or choose the default behavior. 3162.It Va scrnmap 3163.Pq Vt str 3164If set to 3165.Dq Li NO , 3166no screen map is installed, otherwise the value is used to install 3167the screen map file in 3168.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3169.It Va font8x16 3170.Pq Vt str 3171If set to 3172.Dq Li NO , 3173the default 8x16 font value is used for screen size requests, otherwise 3174the value in 3175.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3176is used. 3177.It Va font8x14 3178.Pq Vt str 3179If set to 3180.Dq Li NO , 3181the default 8x14 font value is used for screen size requests, otherwise 3182the value in 3183.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3184is used. 3185.It Va font8x8 3186.Pq Vt str 3187If set to 3188.Dq Li NO , 3189the default 8x8 font value is used for screen size requests, otherwise 3190the value in 3191.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3192is used. 3193.It Va blanktime 3194.Pq Vt int 3195If set to 3196.Dq Li NO , 3197the default screen blanking interval is used, otherwise it is set 3198to 3199.Ar value 3200seconds. 3201.It Va saver 3202.Pq Vt str 3203If not set to 3204.Dq Li NO , 3205this is the actual screen saver to use 3206.Li ( blank , snake , daemon , 3207etc). 3208.It Va moused_nondefault_enable 3209.Pq Vt str 3210If set to 3211.Dq Li NO , 3212the mouse device specified on 3213the command line is not automatically treated as enabled by the 3214.Pa /etc/rc.d/moused 3215script. 3216Having this variable set to 3217.Dq Li YES 3218allows a 3219.Xr usb 4 3220mouse, 3221for example, 3222to be enabled as soon as it is plugged in. 3223.It Va moused_enable 3224.Pq Vt str 3225If set to 3226.Dq Li YES , 3227the 3228.Xr moused 8 3229daemon is started for doing cut/paste selection on the console. 3230.It Va moused_type 3231.Pq Vt str 3232This is the protocol type of the mouse connected to this host. 3233This variable must be set if 3234.Va moused_enable 3235is set to 3236.Dq Li YES . 3237The 3238.Xr moused 8 3239daemon 3240is able to detect the appropriate mouse type automatically in many cases. 3241Set this variable to 3242.Dq Li auto 3243to let the daemon detect it, or 3244select one from the following list if the automatic detection fails. 3245.Pp 3246If the mouse is attached to the PS/2 mouse port, choose 3247.Dq Li auto 3248or 3249.Dq Li ps/2 , 3250regardless of the brand and model of the mouse. 3251Likewise, if the 3252mouse is attached to the bus mouse port, choose 3253.Dq Li auto 3254or 3255.Dq Li busmouse . 3256All other protocols are for serial mice and will not work with 3257the PS/2 and bus mice. 3258If this is a USB mouse, 3259.Dq Li auto 3260is the only protocol type which will work. 3261.Pp 3262.Bl -tag -width ".Li x10mouseremote" -compact 3263.It Li microsoft 3264Microsoft mouse (serial) 3265.It Li intellimouse 3266Microsoft IntelliMouse (serial) 3267.It Li mousesystems 3268Mouse systems Corp.\& mouse (serial) 3269.It Li mmseries 3270MM Series mouse (serial) 3271.It Li logitech 3272Logitech mouse (serial) 3273.It Li busmouse 3274A bus mouse 3275.It Li mouseman 3276Logitech MouseMan and TrackMan (serial) 3277.It Li glidepoint 3278ALPS GlidePoint (serial) 3279.It Li thinkingmouse 3280Kensington ThinkingMouse (serial) 3281.It Li ps/2 3282PS/2 mouse 3283.It Li mmhittab 3284MM HitTablet (serial) 3285.It Li x10mouseremote 3286X10 MouseRemote (serial) 3287.It Li versapad 3288Interlink VersaPad (serial) 3289.El 3290.Pp 3291Even if the mouse is not in the above list, it may be compatible 3292with one in the list. 3293Refer to the manual page for 3294.Xr moused 8 3295for compatibility information. 3296.Pp 3297It should also be noted that while this is enabled, any 3298other client of the mouse (such as an X server) should access 3299the mouse through the virtual mouse device, 3300.Pa /dev/sysmouse , 3301and configure it as a 3302.Dq Li sysmouse 3303type mouse, since all 3304mouse data is converted to this single canonical format when 3305using 3306.Xr moused 8 . 3307If the client program does not support the 3308.Dq Li sysmouse 3309type, 3310specify the 3311.Dq Li mousesystems 3312type. 3313It is the second preferred type. 3314.It Va moused_port 3315.Pq Vt str 3316If 3317.Va moused_enable 3318is set to 3319.Dq Li YES , 3320this is the actual port the mouse is on. 3321It might be 3322.Pa /dev/cuau0 3323for a COM1 serial mouse, 3324.Pa /dev/psm0 3325for a PS/2 mouse or 3326.Pa /dev/mse0 3327for a bus mouse, for example. 3328.It Va moused_flags 3329.Pq Vt str 3330If 3331.Va moused_flags 3332is set, its value is used as an additional set of flags to pass to the 3333.Xr moused 8 3334daemon. 3335.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3336When 3337.Va moused_nondefault_enable 3338is enabled, and a 3339.Xr moused 8 3340daemon is started for a non-default port, the 3341.Va "moused_" Ns Ar XXX Ns Va "_flags" 3342set of options has precedence over and replaces the default 3343.Va moused_flags 3344(where 3345.Ar XXX 3346is the name of the non-default port, i.e.,\& 3347.Ar ums0 ) . 3348By setting 3349.Va "moused_" Ns Ar XXX Ns Va "_flags" 3350it is possible to set up a different set of default flags for each 3351.Xr moused 8 3352instance. 3353For example, you can use 3354.Dq Li "-3" 3355for the default 3356.Va moused_flags 3357to make your laptop's touchpad more comfortable to use, 3358but an empty set of options for 3359.Va moused_ums0_flags 3360when your 3361.Xr usb 4 3362mouse has three or more buttons. 3363.It Va mousechar_start 3364.Pq Vt int 3365If set to 3366.Dq Li NO , 3367the default mouse cursor character range 3368.Li 0xd0 Ns - Ns Li 0xd3 3369is used, 3370otherwise the range start is set 3371to 3372.Ar value 3373character, see 3374.Xr vidcontrol 1 . 3375Use if the default range is occupied in the language code table. 3376.It Va allscreens_flags 3377.Pq Vt str 3378If set, 3379.Xr vidcontrol 1 3380is run with these options for each of the virtual terminals 3381.Pq Pa /dev/ttyv* . 3382For example, 3383.Dq Fl m Cm on 3384will enable the mouse pointer on all virtual terminals 3385if 3386.Va moused_enable 3387is set to 3388.Dq Li YES . 3389.It Va allscreens_kbdflags 3390.Pq Vt str 3391If set, 3392.Xr kbdcontrol 1 3393is run with these options for each of the virtual terminals 3394.Pq Pa /dev/ttyv* . 3395For example, 3396.Dq Fl h Li 200 3397will set the 3398.Xr syscons 4 3399scrollback (history) buffer to 200 lines. 3400.It Va cron_enable 3401.Pq Vt bool 3402If set to 3403.Dq Li YES , 3404run the 3405.Xr cron 8 3406daemon at system boot time. 3407.It Va cron_program 3408.Pq Vt str 3409Path to 3410.Xr cron 8 3411(default 3412.Pa /usr/sbin/cron ) . 3413.It Va cron_flags 3414.Pq Vt str 3415If 3416.Va cron_enable 3417is set to 3418.Dq Li YES , 3419these are the flags to pass to 3420.Xr cron 8 . 3421.It Va cron_dst 3422.Pq Vt bool 3423If set to 3424.Dq Li YES , 3425enable the special handling of transitions to and from the 3426Daylight Saving Time in 3427.Xr cron 8 3428(equivalent to using the flag 3429.Fl s ) . 3430.It Va lpd_program 3431.Pq Vt str 3432Path to 3433.Xr lpd 8 3434(default 3435.Pa /usr/sbin/lpd ) . 3436.It Va lpd_enable 3437.Pq Vt bool 3438If set to 3439.Dq Li YES , 3440run the 3441.Xr lpd 8 3442daemon at system boot time. 3443.It Va lpd_flags 3444.Pq Vt str 3445If 3446.Va lpd_enable 3447is set to 3448.Dq Li YES , 3449these are the flags to pass to the 3450.Xr lpd 8 3451daemon. 3452.It Va chkprintcap_enable 3453.Pq Vt bool 3454If set to 3455.Dq Li YES , 3456run the 3457.Xr chkprintcap 8 3458command before starting the 3459.Xr lpd 8 3460daemon. 3461.It Va chkprintcap_flags 3462.Pq Vt str 3463If 3464.Va lpd_enable 3465and 3466.Va chkprintcap_enable 3467are set to 3468.Dq Li YES , 3469these are the flags to pass to the 3470.Xr chkprintcap 8 3471program. 3472The default is 3473.Dq Li -d , 3474which causes missing directories to be created. 3475.It Va mta_start_script 3476.Pq Vt str 3477This variable specifies the full path to the script to run to start 3478a mail transfer agent. 3479The default is 3480.Pa /etc/rc.sendmail . 3481The 3482.Va sendmail_* 3483variables which 3484.Pa /etc/rc.sendmail 3485uses are documented in the 3486.Xr rc.sendmail 8 3487manual page. 3488.It Va dumpdev 3489.Pq Vt str 3490Indicates the device (usually a swap partition) to which a crash dump 3491should be written in the event of a system crash. 3492If the value of this variable is 3493.Dq Li AUTO , 3494the first suitable swap device listed in 3495.Pa /etc/fstab 3496will be used as dump device. 3497Otherwise, the value of this variable is passed as the argument to 3498.Xr dumpon 8 . 3499To disable crash dumps, set this variable to 3500.Dq Li NO . 3501.It Va dumpdir 3502.Pq Vt str 3503When the system reboots after a crash and a crash dump is found on the 3504device specified by the 3505.Va dumpdev 3506variable, 3507.Xr savecore 8 3508will save that crash dump and a copy of the kernel to the directory 3509specified by the 3510.Va dumpdir 3511variable. 3512The default value is 3513.Pa /var/crash . 3514Set to 3515.Dq Li NO 3516to not run 3517.Xr savecore 8 3518at boot time when 3519.Va dumpdir 3520is set. 3521.It Va savecore_flags 3522.Pq Vt str 3523If crash dumps are enabled, these are the flags to pass to the 3524.Xr savecore 8 3525utility. 3526.It Va quota_enable 3527.Pq Vt bool 3528Set to 3529.Dq Li YES 3530to turn on user and group disk quotas on system startup via the 3531.Xr quotaon 8 3532command for all file systems marked as having quotas enabled in 3533.Pa /etc/fstab . 3534The kernel must be built with 3535.Cd "options QUOTA" 3536for disk quotas to function. 3537.It Va check_quotas 3538.Pq Vt bool 3539Set to 3540.Dq Li YES 3541to enable user and group disk quota checking via the 3542.Xr quotacheck 8 3543command. 3544.It Va quotacheck_flags 3545.Pq Vt str 3546If 3547.Va quota_enable 3548is set to 3549.Dq Li YES , 3550and 3551.Va check_quotas 3552is set to 3553.Dq Li YES , 3554these are the flags to pass to the 3555.Xr quotacheck 8 3556utility. 3557The default is 3558.Dq Li "-a" , 3559which checks quotas for all file systems with quotas enabled in 3560.Pa /etc/fstab . 3561.It Va quotaon_flags 3562.Pq Vt str 3563If 3564.Va quota_enable 3565is set to 3566.Dq Li YES , 3567these are the flags to pass to the 3568.Xr quotaon 8 3569utility. 3570The default is 3571.Dq Li "-a" , 3572which enables quotas for all file systems with quotas enabled in 3573.Pa /etc/fstab . 3574.It Va quotaoff_flags 3575.Pq Vt str 3576If 3577.Va quota_enable 3578is set to 3579.Dq Li YES , 3580these are the flags to pass to the 3581.Xr quotaoff 8 3582utility when shutting down the quota system. 3583The default is 3584.Dq Li "-a" , 3585which disables quotas for all file systems with quotas enabled in 3586.Pa /etc/fstab . 3587.It Va accounting_enable 3588.Pq Vt bool 3589Set to 3590.Dq Li YES 3591to enable system accounting through the 3592.Xr accton 8 3593facility. 3594.It Va ibcs2_enable 3595.Pq Vt bool 3596Set to 3597.Dq Li YES 3598to enable iBCS2 (SCO) binary emulation at system initial boot 3599time. 3600.It Va ibcs2_loaders 3601.Pq Vt str 3602If not set to 3603.Dq Li NO 3604and if 3605.Va ibcs2_enable 3606is set to 3607.Dq Li YES , 3608this specifies a list of additional iBCS2 loaders to enable. 3609.It Va linux_enable 3610.Pq Vt bool 3611Set to 3612.Dq Li YES 3613to enable Linux/ELF binary emulation at system initial 3614boot time. 3615.It Va svr4_enable 3616.Pq Vt bool 3617If set to 3618.Dq Li YES , 3619enable SysVR4 emulation at boot time. 3620.It Va sysvipc_enable 3621.Pq Vt bool 3622If set to 3623.Dq Li YES , 3624load System V IPC primitives at boot time. 3625.It Va clear_tmp_enable 3626.Pq Vt bool 3627Set to 3628.Dq Li YES 3629to have 3630.Pa /tmp 3631cleaned at startup. 3632.It Va clear_tmp_X 3633.Pq Vt bool 3634Set to 3635.Dq Li NO 3636to disable removing of X11 lock files, 3637and the removal and (secure) recreation 3638of the various socket directories for X11 3639related programs. 3640.It Va ldconfig_paths 3641.Pq Vt str 3642Set to the list of shared library paths to use with 3643.Xr ldconfig 8 . 3644NOTE: 3645.Pa /usr/lib 3646will always be added first, so it need not appear in this list. 3647.It Va ldconfig32_paths 3648.Pq Vt str 3649Set to the list of 32-bit compatibility shared library paths to 3650use with 3651.Xr ldconfig 8 . 3652.It Va ldconfig_paths_aout 3653.Pq Vt str 3654Set to the list of shared library paths to use with 3655.Xr ldconfig 8 3656legacy 3657.Xr a.out 5 3658support. 3659.It Va ldconfig_insecure 3660.Pq Vt bool 3661The 3662.Xr ldconfig 8 3663utility normally refuses to use directories 3664which are writable by anyone except root. 3665Set this variable to 3666.Dq Li YES 3667to disable that security check during system startup. 3668.It Va ldconfig_local_dirs 3669.Pq Vt str 3670Set to the list of local 3671.Xr ldconfig 8 3672directories. 3673The names of all files in the directories listed will be 3674passed as arguments to 3675.Xr ldconfig 8 . 3676.It Va ldconfig_local32_dirs 3677.Pq Vt str 3678Set to the list of local 32-bit compatibility 3679.Xr ldconfig 8 3680directories. 3681The names of all files in the directories listed will be 3682passed as arguments to 3683.Dq Nm ldconfig Fl 32 . 3684.It Va kern_securelevel_enable 3685.Pq Vt bool 3686Set to 3687.Dq Li YES 3688to set the kernel security level at system startup. 3689.It Va kern_securelevel 3690.Pq Vt int 3691The kernel security level to set at startup. 3692The allowed range of 3693.Ar value 3694ranges from \-1 (the compile time default) to 3 (the 3695most secure). 3696See 3697.Xr security 7 3698for the list of possible security levels and their effect 3699on system operation. 3700.It Va sshd_program 3701.Pq Vt str 3702Path to the SSH server program 3703.Pa ( /usr/sbin/sshd 3704is the default). 3705.It Va sshd_enable 3706.Pq Vt bool 3707Set to 3708.Dq Li YES 3709to start 3710.Xr sshd 8 3711at system boot time. 3712.It Va sshd_flags 3713.Pq Vt str 3714If 3715.Va sshd_enable 3716is set to 3717.Dq Li YES , 3718these are the flags to pass to the 3719.Xr sshd 8 3720daemon. 3721.It Va ftpd_program 3722.Pq Vt str 3723Path to the FTP server program 3724.Pa ( /usr/libexec/ftpd 3725is the default). 3726.It Va ftpd_enable 3727.Pq Vt bool 3728Set to 3729.Dq Li YES 3730to start 3731.Xr ftpd 8 3732as a stand-alone daemon at system boot time. 3733.It Va ftpd_flags 3734.Pq Vt str 3735If 3736.Va ftpd_enable 3737is set to 3738.Dq Li YES , 3739these are the additional flags to pass to the 3740.Xr ftpd 8 3741daemon. 3742.It Va watchdogd_enable 3743.Pq Vt bool 3744If set to 3745.Dq Li YES , 3746start the 3747.Xr watchdogd 8 3748daemon at boot time. 3749This requires that the kernel have been compiled with a 3750.Xr watchdog 4 3751compatible device. 3752.It Va watchdogd_flags 3753.Pq Vt str 3754If 3755.Va watchdogd_enable 3756is set to 3757.Dq Li YES , 3758these are the flags passed to the 3759.Xr watchdogd 8 3760daemon. 3761.It Va devfs_rulesets 3762.Pq Vt str 3763List of files containing sets of rules for 3764.Xr devfs 8 . 3765.It Va devfs_system_ruleset 3766.Pq Vt str 3767Rule name(s) to apply to the system 3768.Pa /dev 3769itself. 3770.It Va devfs_set_rulesets 3771.Pq Vt str 3772Pairs of already-mounted 3773.Pa dev 3774directories and rulesets that should be applied to them. 3775For example: /mount/dev=ruleset_name 3776.It Va devfs_load_rulesets 3777.Pq Vt bool 3778If set, always load the default rulesets listed in 3779.Va devfs_rulesets . 3780.It Va performance_cx_lowest 3781.Pq Vt str 3782CPU idle state to use while on AC power. 3783The string 3784.Dq Li LOW 3785indicates that 3786.Xr acpi 4 3787should use the lowest power state available while 3788.Dq Li HIGH 3789indicates that the lowest latency state (less power savings) should be used. 3790.It Va performance_cpu_freq 3791.Pq Vt str 3792CPU clock frequency to use while on AC power. 3793The string 3794.Dq Li LOW 3795indicates that 3796.Xr cpufreq 4 3797should use the lowest frequency available while 3798.Dq Li HIGH 3799indicates that the highest frequency (less power savings) should be used. 3800.It Va economy_cx_lowest 3801.Pq Vt str 3802CPU idle state to use when off AC power. 3803The string 3804.Dq Li LOW 3805indicates that 3806.Xr acpi 4 3807should use the lowest power state available while 3808.Dq Li HIGH 3809indicates that the lowest latency state (less power savings) should be used. 3810.It Va economy_cpu_freq 3811.Pq Vt str 3812CPU clock frequency to use when off AC power. 3813The string 3814.Dq Li LOW 3815indicates that 3816.Xr cpufreq 4 3817should use the lowest frequency available while 3818.Dq Li HIGH 3819indicates that the highest frequency (less power savings) should be used. 3820.It Va jail_enable 3821.Pq Vt bool 3822If set to 3823.Dq Li NO , 3824any configured jails will not be started. 3825.It Va jail_parallel_start 3826.Pq Vt bool 3827If set to 3828.Dq Li YES , 3829all configured jails will be started in the background (in parallel). 3830.It Va jail_list 3831.Pq Vt str 3832A space separated list of names for jails. 3833This is purely a configuration aid to help identify and 3834configure multiple jails. 3835The names specified in this list will be used to 3836identify settings common to an instance of a jail, 3837and should contain alphanumeric characters only. 3838Assuming that the jail in question was named 3839.Li vjail , 3840you would have the following dependent variables: 3841.Bd -literal 3842jail_vjail_hostname="jail.example.com" 3843jail_vjail_ip="192.0.2.100" 3844jail_vjail_rootdir="/var/jails/vjail/root" 3845.Ed 3846.Pp 3847.It Va jail_flags 3848.Pq Vt str 3849Unset by default. 3850When set, use as default value for 3851.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3852for every jail in 3853.Va jail_list . 3854.It Va jail_interface 3855.Pq Vt str 3856Unset by default. 3857When set, use as default value for 3858.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3859for every jail in 3860.Va jail_list . 3861.It Va jail_fstab 3862.Pq Vt str 3863Unset by default. 3864When set, use as default value for 3865.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3866for every jail in 3867.Va jail_list . 3868.It Va jail_mount_enable 3869.Pq Vt bool 3870Set to 3871.Dq Li NO 3872by default. 3873When set to 3874.Dq Li YES , 3875sets 3876.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3877to 3878.Dq Li YES 3879by default for every jail in 3880.Va jail_list . 3881.It Va jail_devfs_ruleset 3882.Pq Vt str 3883Unset by default. 3884When set, sets 3885.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3886to given value for every jail in 3887.Va jail_list . 3888.It Va jail_devfs_enable 3889.Pq Vt bool 3890Set to 3891.Dq Li NO 3892by default. 3893When set to 3894.Dq Li YES , 3895sets 3896.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3897to 3898.Dq Li YES 3899by default for every jail in 3900.Va jail_list . 3901.It Va jail_fdescfs_enable 3902.Pq Vt bool 3903Set to 3904.Dq Li NO 3905by default. 3906When set to 3907.Dq Li YES , 3908sets 3909.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3910to 3911.Dq Li YES 3912by default for every jail in 3913.Va jail_list . 3914.It Va jail_procfs_enable 3915.Pq Vt bool 3916Set to 3917.Dq Li NO 3918by default. 3919When set to 3920.Dq Li YES , 3921sets 3922.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3923to 3924.Dq Li YES 3925by default for every jail in 3926.Va jail_list . 3927.It Va jail_exec_prestart Ns Aq Ar N 3928.Pq Vt str 3929Unset by default. 3930When set, use as default value for 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3932for every jail in 3933.Va jail_list . 3934.It Va jail_exec_start 3935.Pq Vt str 3936Unset by default. 3937When set, use as default value for 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3939for every jail in 3940.Va jail_list . 3941.It Va jail_exec_afterstart Ns Aq Ar N 3942.Pq Vt str 3943Unset by default. 3944When set, use as default value for 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3946for every jail in 3947.Va jail_list . 3948.It Va jail_exec_poststart Ns Aq Ar N 3949.Pq Vt str 3950Unset by default. 3951When set, use as default value for 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3953for every jail in 3954.Va jail_list . 3955.It Va jail_exec_prestop Ns Aq Ar N 3956.Pq Vt str 3957Unset by default. 3958When set, use as default value for 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3960for every jail in 3961.Va jail_list . 3962.It Va jail_exec_stop 3963Unset by default. 3964When set, use as default value for 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3966for every jail in 3967.Va jail_list . 3968.It Va jail_exec_poststop Ns Aq Ar N 3969.Pq Vt str 3970Unset by default. 3971When set, use as default value for 3972.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3973for every jail in 3974.Va jail_list . 3975.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3976.Pq Vt str 3977Unset by default. 3978Set to the root directory used by jail 3979.Va jname . 3980.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3981.Pq Vt str 3982Unset by default. 3983Set to the fully qualified domain name (FQDN) assigned to jail 3984.Va jname . 3985.It Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3986.Pq Vt str 3987Unset by default. 3988Set extra parameters for jail 3989.Va jname , 3990such as 3991.Dq Li allow.chflags 3992or 3993.Dq Li children.max . 3994See 3995.Xr jail 8 3996for a list of available parameters. 3997Note that the following parameters are already defined by 3998.Pa rc.d/jail 3999script out of their corresponding 4000.Nm 4001variables: 4002.Bl -tag -width "host.hostname" -offset indent 4003.It Li path 4004set from 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4006.It Li host.hostname 4007set from 4008.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4009.It Li command 4010set from 4011.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4012.It Li ip4.addr 4013set if 4014.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4015contains IPv4 addresses 4016.It Li ip6.addr 4017set if 4018.Va jail_ Ns Ao Ar jname Ac Ns Va _ip6 4019contains IPv6 addresses 4020.El 4021.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4022.Pq Vt str 4023Unset by default. 4024Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 4025The argument can be a sole address or a comma separated list of addresses. 4026Additionally each address can be prefixed by the name of an interface 4027followed by a pipe to overwrite 4028.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4029or 4030.Va jail_interface 4031and/or suffixed by a netmask, prefixlen or prefix. 4032In case no netmask, prefixlen or prefix is given, 4033.Sq /32 4034will be used for IPv4 and 4035.Sq /128 4036will be used for an IPv6 address. 4037If no address is given for the jail then the jail will be started with 4038no networking support. 4039.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4040.Pq Vt str 4041Unset by default. 4042Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 4043The sequence starts with 4044.Dq Li _multi0 4045and the numbers have to be strictly ascending. 4046These entries follow the same syntax as their primary 4047.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4048entry. 4049The order of the entries can be important as the first address for 4050each address family found will be the primary address of the jail. 4051See 4052.Va ip-addresses 4053option in 4054.Xr jail 8 4055for more details. 4056.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4057.Pq Vt str 4058Set to 4059.Dq Li -l -U root 4060by default. 4061These are flags to pass to 4062.Xr jail 8 . 4063.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4064.Pq Vt str 4065Unset by default. 4066When set, sets the interface to use when setting IP address alias. 4067Note that the alias is created at jail startup and removed at jail shutdown. 4068.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4069.Pq Vt str 4070Unset by default. 4071When set, the jail is started with the specified forwarding table (sometimes 4072referred to as a routing table) via 4073.Xr setfib 1 . 4074.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4075.Pq Vt str 4076Set to 4077.Pa /etc/fstab. Ns Aq Ar jname 4078by default. 4079This is the file system information file to use for jail 4080.Va jname . 4081.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4082.Pq Vt bool 4083Set to 4084.Dq Li NO 4085by default. 4086When set to 4087.Dq Li YES , 4088mount all file systems from 4089.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4090at jail startup. 4091.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 4092.Pq Vt str 4093Unset by default. 4094When set, defines the device file system ruleset file to use for jail 4095.Va jname . 4096.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4097.Pq Vt bool 4098Set to 4099.Dq Li NO 4100by default. 4101When set to 4102.Dq Li YES , 4103mount the device file system inside jail 4104.Ar jname 4105at jail startup. 4106.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4107.Pq Vt bool 4108Set to 4109.Dq Li NO 4110by default. 4111When set to 4112.Dq Li YES , 4113mount the file-descriptor file system inside jail 4114.Ar jname 4115at jail startup. 4116.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4117.Pq Vt bool 4118Set to 4119.Dq Li NO 4120by default. 4121When set to 4122.Dq Li YES , 4123mount the process file system inside jail 4124.Ar jname 4125at jail startup. 4126.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4127.Pq Vt str 4128Unset by default. 4129This is the command run as 4130.Ar N Ns 4131th command 4132before jail startup, where 4133.Ar N 4134is 0, 1, and so on. 4135It is run outside the jail. 4136.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4137.Pq Vt str 4138Set to 4139.Dq Li /bin/sh /etc/rc 4140by default. 4141This is the command executed in a jail at jail startup. 4142.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4143.Pq Vt str 4144Unset by default. 4145This is the command run as 4146.Ar N Ns 4147th command 4148in a jail 4149after jail startup, where 4150.Ar N 4151is 1, 2, and so on. 4152.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4153.Pq Vt str 4154Unset by default. 4155This is the command run as 4156.Ar N Ns 4157th command 4158after jail startup, where 4159.Ar N 4160is 0, 1, and so on. 4161It is run outside the jail. 4162.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4163.Pq Vt str 4164Unset by default. 4165This is the command run as 4166.Ar N Ns 4167th command 4168before jail shutdown, where 4169.Ar N 4170is 0, 1, and so on. 4171It is run outside the jail. 4172.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4173.Pq Vt str 4174Set to 4175.Dq Li /bin/sh /etc/rc.shutdown 4176by default. 4177This is the command executed in a jail at jail shutdown. 4178.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4179.Pq Vt str 4180Unset by default. 4181This is the command run as 4182.Ar N Ns 4183th command 4184after jail shutdown, where 4185.Ar N 4186is 0, 1, and so on. 4187It is run outside the jail. 4188.It Va jail_set_hostname_allow 4189.Pq Vt bool 4190If set to 4191.Dq Li NO , 4192do not allow the root user in a jail to set its hostname. 4193.It Va jail_socket_unixiproute_only 4194.Pq Vt bool 4195If set to 4196.Dq Li YES , 4197do not allow any sockets, 4198besides UNIX/IP/route sockets, 4199to be used within a jail. 4200.It Va jail_sysvipc_allow 4201.Pq Vt bool 4202If set to 4203.Dq Li YES , 4204allow applications within a jail to use System V IPC. 4205.\" ----------------------------------------------------- 4206.It Va harvest_interrupt 4207.Pq Vt bool 4208Set to 4209.Dq Li YES 4210to use hardware interrupts as an entropy source. 4211Refer to 4212.Xr random 4 4213for more information. 4214.It Va harvest_ethernet 4215.Pq Vt bool 4216Set to 4217.Dq Li YES 4218to use LAN traffic as an entropy source. 4219Refer to 4220.Xr random 4 4221for more information. 4222.It Va harvest_p_to_p 4223.Pq Vt bool 4224Set to 4225.Dq Li YES 4226to use serial line traffic as an entropy source. 4227Refer to 4228.Xr random 4 4229for more information. 4230.It Va entropy_dir 4231.Pq Vt str 4232Set to 4233.Dq Li NO 4234to disable caching entropy via 4235.Xr cron 8 . 4236Otherwise set to the directory used to store entropy files in. 4237.It Va entropy_file 4238.Pq Vt str 4239Set to 4240.Dq Li NO 4241to disable caching entropy through reboots. 4242Otherwise set to the filename used to store cached entropy through 4243reboots. 4244This file should be located on the root file system to seed the 4245.Xr random 4 4246device as early as possible in the boot process. 4247.It Va entropy_save_sz 4248.Pq Vt int 4249Size of the entropy cache files saved by 4250.Nm save-entropy 4251periodically. 4252.It Va entropy_save_num 4253.Pq Vt int 4254Number of entropy cache files to save by 4255.Nm save-entropy 4256periodically. 4257.It Va ipsec_enable 4258.Pq Vt bool 4259Set to 4260.Dq Li YES 4261to run 4262.Xr setkey 8 4263on 4264.Va ipsec_file 4265at boot time. 4266.It Va ipsec_file 4267.Pq Vt str 4268Configuration file for 4269.Xr setkey 8 . 4270.It Va dmesg_enable 4271.Pq Vt bool 4272Set to 4273.Dq Li YES 4274to save 4275.Xr dmesg 8 4276to 4277.Pa /var/run/dmesg.boot 4278on boot. 4279.It Va rcshutdown_timeout 4280.Pq Vt int 4281If set, start a watchdog timer in the background which will terminate 4282.Pa rc.shutdown 4283if 4284.Xr shutdown 8 4285has not completed within the specified time (in seconds). 4286Notice that in addition to this soft timeout, 4287.Xr init 8 4288also applies a hard timeout for the execution of 4289.Pa rc.shutdown . 4290This is configured via 4291.Xr sysctl 8 4292variable 4293.Va kern.init_shutdown_timeout 4294and defaults to 120 seconds. 4295Setting the value of 4296.Va rcshutdown_timeout 4297to more than 120 seconds will have no effect until the 4298.Xr sysctl 8 4299variable 4300.Va kern.init_shutdown_timeout 4301is also increased. 4302.It Va virecover_enable 4303.Pq Vt bool 4304Set to 4305.Dq Li NO 4306to prevent the system from trying to 4307recover pre-maturely terminated 4308.Xr vi 1 4309sessions. 4310.It Va ugidfw_enable 4311.Pq Vt bool 4312Set to 4313.Dq Li YES 4314to load the 4315.Xr mac_bsdextended 4 4316module upon system initialization and load a default 4317ruleset file. 4318.It Va bsdextended_script 4319.Pq Vt str 4320The default 4321.Xr mac_bsdextended 4 4322ruleset file to load. 4323The default value of this variable is 4324.Pa /etc/rc.bsdextended . 4325.It Va newsyslog_enable 4326.Pq Vt bool 4327If set to 4328.Dq Li YES , 4329run 4330.Xr newsyslog 8 4331command at startup. 4332.It Va newsyslog_flags 4333.Pq Vt str 4334If 4335.Va newsyslog_enable 4336is set to 4337.Dq Li YES , 4338these are the flags to pass to the 4339.Xr newsyslog 8 4340program. 4341The default is 4342.Dq Li -CN , 4343which causes log files flagged with a 4344.Cm C 4345to be created. 4346.It Va mdconfig_md Ns Aq Ar X 4347.Pq Vt str 4348Arguments to 4349.Xr mdconfig 8 4350for 4351.Xr md 4 4352device 4353.Ar X . 4354At minimum a 4355.Fl t Ar type 4356must be specified and either a 4357.Fl s Ar size 4358for malloc or swap backed 4359.Xr md 4 4360devices or a 4361.Fl f Ar file 4362for vnode backed 4363.Xr md 4 4364devices. 4365Note that 4366.Va mdconfig_md Ns Aq Ar X 4367variables are evaluated until one variable is unset or null. 4368.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4369.Pq Vt str 4370Optional arguments passed to 4371.Xr newfs 8 4372to initialize 4373.Xr md 4 4374device 4375.Ar X . 4376.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4377.Pq Vt str 4378An ownership specification passed to 4379.Xr chown 8 4380after the specified 4381.Xr md 4 4382device 4383.Ar X 4384has been mounted. 4385Both the 4386.Xr md 4 4387device and the mount point will be changed. 4388.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4389.Pq Vt str 4390A mode string passed to 4391.Xr chmod 1 4392after the specified 4393.Xr md 4 4394device 4395.Ar X 4396has been mounted. 4397Both the 4398.Xr md 4 4399device and the mount point will be changed. 4400.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4401.Pq Vt str 4402Files to be copied to the mount point of the 4403.Xr md 4 4404device 4405.Ar X 4406after it has been mounted. 4407.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4408.Pq Vt str 4409Command to execute after the specified 4410.Xr md 4 4411device 4412.Ar X 4413has been mounted. 4414Note that the command is passed to 4415.Ic eval 4416and that both 4417.Va _dev 4418and 4419.Va _mp 4420variables can be used to reference respectively the 4421.Xr md 4 4422device and the mount point. 4423Assuming that the 4424.Xr md 4 4425device is 4426.Li md0 , 4427one could set the following: 4428.Bd -literal 4429mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4430.Ed 4431.It Va autobridge_interfaces 4432.Pq Vt str 4433Set to the list of bridge interfaces that will have newly arriving interfaces 4434checked against to be automatically added. 4435If not set to 4436.Dq Li NO 4437then for each whitespace separated 4438.Ar element 4439in the value, a 4440.Va autobridge_ Ns Aq Ar element 4441variable is assumed to exist which has a whitespace separated list of interface 4442names to match, these names can use wildcards. 4443For example: 4444.Bd -literal 4445autobridge_interfaces="bridge0" 4446autobridge_bridge0="tap* dc0 vlan[345]" 4447.Ed 4448.It Va mixer_enable 4449.Pq Vt bool 4450If set to 4451.Dq Li YES , 4452enable support for sound mixer. 4453.It Va hcsecd_enable 4454.Pq Vt bool 4455If set to 4456.Dq Li YES , 4457enable Bluetooth security daemon. 4458.It Va hcsecd_config 4459.Pq Vt str 4460Configuration file for 4461.Xr hcsecd 8 . 4462Default 4463.Pa /etc/bluetooth/hcsecd.conf . 4464.It Va sdpd_enable 4465.Pq Vt bool 4466If set to 4467.Dq Li YES , 4468enable Bluetooth Service Discovery Protocol daemon. 4469.It Va sdpd_control 4470.Pq Vt str 4471Path to 4472.Xr sdpd 8 4473control socket. 4474Default 4475.Pa /var/run/sdp . 4476.It Va sdpd_groupname 4477.Pq Vt str 4478Sets 4479.Xr sdpd 8 4480group to run as after it initializes. 4481Default 4482.Dq Li nobody . 4483.It Va sdpd_username 4484.Pq Vt str 4485Sets 4486.Xr sdpd 8 4487user to run as after it initializes. 4488Default 4489.Dq Li nobody . 4490.It Va bthidd_enable 4491.Pq Vt bool 4492If set to 4493.Dq Li YES , 4494enable Bluetooth Human Interface Device daemon. 4495.It Va bthidd_config 4496.Pq Vt str 4497Configuration file for 4498.Xr bthidd 8 . 4499Default 4500.Pa /etc/bluetooth/bthidd.conf . 4501.It Va bthidd_hids 4502.Pq Vt str 4503Path to a file, where 4504.Xr bthidd 8 4505will store information about known HID devices. 4506Default 4507.Pa /var/db/bthidd.hids . 4508.It Va rfcomm_pppd_server_enable 4509.Pq Vt bool 4510If set to 4511.Dq Li YES , 4512enable Bluetooth RFCOMM PPP wrapper daemon. 4513.It Va rfcomm_pppd_server_profile 4514.Pq Vt str 4515The name of the profile to use from 4516.Pa /etc/ppp/ppp.conf . 4517Multiple profiles can be specified here. 4518Also used to specify per-profile overrides. 4519When the profile name contains any of the characters 4520.Dq Li .-/+ 4521they are translated to 4522.Dq Li _ 4523for the proposes of the override variable names. 4524.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4525.Pq Vt str 4526Overrides local address to listen on. 4527By default 4528.Xr rfcomm_pppd 8 4529will listen on 4530.Dq Li ANY 4531address. 4532The address can be specified as BD_ADDR or name. 4533.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4534.Pq Vt str 4535Overrides local RFCOMM channel to listen on. 4536By default 4537.Xr rfcomm_pppd 8 4538will listen on RFCOMM channel 1. 4539Must set properly if multiple profiles used in the same time. 4540.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4541.Pq Vt bool 4542Tells 4543.Xr rfcomm_pppd 8 4544if it should register Serial Port service on the specified RFCOMM channel. 4545Default 4546.Dq Li NO . 4547.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4548.Pq Vt bool 4549Tells 4550.Xr rfcomm_pppd 8 4551if it should register Dial-Up Networking service on the specified 4552RFCOMM channel. 4553Default 4554.Dq Li NO . 4555.It Va ubthidhci_enable 4556.Pq Vt bool 4557If set to 4558.Dq Li YES , 4559change the USB Bluetooth controller from HID mode to HCI mode. 4560You also need to specify the location of USB Bluetooth controller with the 4561.Va ubthidhci_busnum 4562and 4563.Va ubthidhci_addr 4564variables. 4565.It Va ubthidhci_busnum 4566Bus number where the USB Bluetooth controller is located. 4567Check the output of 4568.Xr usbconfig 8 4569on your system to find this information. 4570.It Va ubthidhci_addr 4571Bus address of the USB Bluetooth controller. 4572Check the output of 4573.Xr usbconfig 8 4574on your system to find this information. 4575.It Va netwait_enable 4576.Pq Vt bool 4577If set to 4578.Dq Li YES , 4579delays the start of network-reliant services until 4580.Va netwait_if 4581is up and ICMP packets to a destination defined in 4582.Va netwait_ip 4583are flowing. 4584Link state is examined first, followed by 4585.Dq Li pinging 4586an IP address to verify network usability. 4587If no destination can be reached or timeouts are exceeded, 4588network services are started anyway with no guarantee that 4589the network is usable. 4590Use of this variable requires both 4591.Va netwait_ip 4592and 4593.Va netwait_if 4594to be set. 4595.It Va netwait_ip 4596.Pq Vt str 4597Empty by default. 4598This variable contains a space-delimited list of IP addresses to 4599.Xr ping 8 . 4600DNS hostnames should not be used as resolution is not guaranteed 4601to be functional at this point. 4602If multiple IP addresses are specified, 4603each will be tried until one is successful or the list is exhausted. 4604.It Va netwait_timeout 4605.Pq Vt int 4606Indicates the total number of seconds to perform a 4607.Dq Li ping 4608against each IP address in 4609.Va netwait_ip , 4610at a rate of one ping per second. 4611If any of the pings are successful, 4612full network connectivity is considered reliable. 4613The default is 60. 4614.It Va netwait_if 4615.Pq Vt str 4616Empty by default. 4617Defines the name of the network interface on which watch for link. 4618.Xr ifconfig 8 4619is used to monitor the interface, looking for 4620.Dq Li status: no carrier . 4621Once gone, the link is considered up. 4622This can be a 4623.Xr vlan 4 4624interface if desired. 4625.It Va netwait_if_timeout 4626.Pq Vt int 4627Defines the total number of seconds to wait for link to become usable, 4628polled at a 1-second interval. 4629The default is 30. 4630.El 4631.Sh FILES 4632.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4633.It Pa /etc/defaults/rc.conf 4634.It Pa /etc/rc.conf 4635.It Pa /etc/rc.conf.local 4636.El 4637.Sh SEE ALSO 4638.Xr catman 1 , 4639.Xr chmod 1 , 4640.Xr gdb 1 , 4641.Xr info 1 , 4642.Xr kbdcontrol 1 , 4643.Xr makewhatis 1 , 4644.Xr sh 1 , 4645.Xr vi 1 , 4646.Xr vidcontrol 1 , 4647.Xr bridge 4 , 4648.Xr dummynet 4 , 4649.Xr ip 4 , 4650.Xr ipf 4 , 4651.Xr ipfw 4 , 4652.Xr ipnat 4 , 4653.Xr kld 4 , 4654.Xr pf 4 , 4655.Xr pflog 4 , 4656.Xr pfsync 4 , 4657.Xr tcp 4 , 4658.Xr udp 4 , 4659.Xr exports 5 , 4660.Xr fstab 5 , 4661.Xr ipf 5 , 4662.Xr ipnat 5 , 4663.Xr motd 5 , 4664.Xr newsyslog.conf 5 , 4665.Xr pf.conf 5 , 4666.Xr security 7 , 4667.Xr accton 8 , 4668.Xr amd 8 , 4669.Xr apm 8 , 4670.Xr atm 8 , 4671.Xr bthidd 8 , 4672.Xr chkprintcap 8 , 4673.Xr chown 8 , 4674.Xr cron 8 , 4675.Xr devfs 8 , 4676.Xr dhclient 8 , 4677.Xr ftpd 8 , 4678.Xr geli 8 , 4679.Xr hcsecd 8 , 4680.Xr ifconfig 8 , 4681.Xr inetd 8 , 4682.Xr ipf 8 , 4683.Xr ipfw 8 , 4684.Xr ipnat 8 , 4685.Xr jail 8 , 4686.Xr kldxref 8 , 4687.Xr lpd 8 , 4688.Xr mdconfig 8 , 4689.Xr mdmfs 8 , 4690.Xr mixer 8 , 4691.Xr mountd 8 , 4692.Xr moused 8 , 4693.Xr mrouted 8 , 4694.Xr named 8 , 4695.Xr newfs 8 , 4696.Xr newsyslog 8 , 4697.Xr nfsd 8 , 4698.Xr ntpd 8 , 4699.Xr ntpdate 8 , 4700.Xr pfctl 8 , 4701.Xr pflogd 8 , 4702.Xr ping 8 , 4703.Xr powerd 8 , 4704.Xr quotacheck 8 , 4705.Xr quotaon 8 , 4706.Xr rc 8 , 4707.Xr rc.sendmail 8 , 4708.Xr rfcomm_pppd 8 , 4709.Xr route 8 , 4710.Xr routed 8 , 4711.Xr rpcbind 8 , 4712.Xr rpc.lockd 8 , 4713.Xr rpc.statd 8 , 4714.Xr rwhod 8 , 4715.Xr savecore 8 , 4716.Xr sdpd 8 , 4717.Xr sshd 8 , 4718.Xr swapon 8 , 4719.Xr sysctl 8 , 4720.Xr syslogd 8 , 4721.Xr timed 8 , 4722.Xr usbconfig 8 , 4723.Xr wlandebug 8 , 4724.Xr yp 8 , 4725.Xr ypbind 8 , 4726.Xr ypserv 8 , 4727.Xr ypset 8 4728.Sh HISTORY 4729The 4730.Nm 4731file appeared in 4732.Fx 2.2.2 . 4733.Sh AUTHORS 4734.An Jordan K. Hubbard . 4735