xref: /freebsd/share/man/man5/rc.conf.5 (revision 62ff619dcc3540659a319be71c9a489f1659e14a)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd May 26, 2022
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/defaults/vendor.conf
63allows vendors to override
64.Fx
65defaults.
66The file
67.Pa /etc/rc.conf.local
68is used to override settings in
69.Pa /etc/rc.conf
70for historical reasons.
71.Pp
72The sysrc(8) command provides a scripting interface to modify system
73config files.
74.Pp
75In addition to
76.Pa /etc/rc.conf.local
77you can also place smaller configuration files for each
78.Xr rc 8
79script in the
80.Pa /etc/rc.conf.d
81directory or
82.Ao Ar dir Ac Ns Pa /rc.conf.d
83directories specified in
84.Va local_startup ,
85which will be included by the
86.Va load_rc_config
87function.
88For jail configurations you could use the file
89.Pa /etc/rc.conf.d/jail
90to store jail specific configuration options.
91If
92.Va local_startup
93contains
94.Pa /usr/local/etc/rc.d
95and
96.Pa /opt/conf ,
97.Pa /usr/local/rc.conf.d/jail
98and
99.Pa /opt/conf/rc.conf.d/jail
100will be loaded.
101If
102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
103is a directory,
104all of files in the directory will be loaded.
105Also see the
106.Va rc_conf_files
107variable below.
108.Pp
109Options are set with
110.Dq Ar name Ns Li = Ns Ar value
111assignments that use
112.Xr sh 1
113syntax.
114The following list provides a name and short description for each
115variable that can be set in the
116.Nm
117file:
118.Bl -tag -width indent-two
119.It Va rc_debug
120.Pq Vt bool
121If set to
122.Dq Li YES ,
123enable output of debug messages from rc scripts.
124This variable can be helpful in diagnosing mistakes when
125editing or integrating new scripts.
126Beware that this produces copious output to the terminal and
127.Xr syslog 3 .
128.It Va rc_info
129.Pq Vt bool
130If set to
131.Dq Li NO ,
132disable informational messages from the rc scripts.
133Informational messages are displayed when
134a condition that is not serious enough to warrant a warning or
135an error occurs.
136.It Va rc_startmsgs
137.Pq Vt bool
138If set to
139.Dq Li YES ,
140show
141.Dq Starting foo:
142when faststart is used (e.g., at boot time).
143.It Va early_late_divider
144.Pq Vt str
145The name of the script that should be used as the
146delimiter between the
147.Dq early
148and
149.Dq late
150stages of the boot process.
151The early stage should contain all the services needed to
152get the disks (local or remote) mounted so that the late
153stage can include scripts contained in the directories
154listed in the
155.Va local_startup
156variable (see below).
157Thus, the two likely candidates for this value are
158.Pa mountcritlocal
159for the typical system, and
160.Pa mountcritremote
161if the system needs remote file
162systems mounted to get access to the
163.Va local_startup
164directories; for example when
165.Pa /usr/local
166is NFS mounted.
167For
168.Pa rc.conf
169within a
170.Xr jail 8
171.Pa NETWORKING
172is likely to be an appropriate value.
173Extreme care should be taken when changing this value,
174and before changing it one should ensure that there are
175adequate provisions to recover from a failed boot
176(such as physical contact with the machine,
177or reliable remote console access).
178.It Va always_force_depends
179.Pq Vt bool
180Various
181.Pa rc.d
182scripts use the force_depend function to check whether required
183services are already running, and to start them if necessary.
184By default during boot time this check is bypassed if the
185required service is enabled in
186.Pa /etc/rc.conf[.local] .
187Setting this option will bypass that check at boot time and
188always test whether or not the service is actually running.
189Enabling this option is likely to increase your boot time if
190services are enabled that utilize the force_depend check.
191.It Ao Ar name Ac Ns Va _chroot
192.Pq Vt str
193.Xr chroot 8
194to this directory before running the service.
195.It Ao Ar name Ac Ns Va _fib
196.Pq Vt int
197The
198.Xr setfib 1
199value to run the service under.
200.It Ao Ar name Ac Ns Va _group
201.Pq Vt str
202Run the chrooted service under this system group.
203Unlike the
204.Ao Ar name Ac Ns Va _user
205setting, this setting has no effect if the service is not chrooted.
206.It Ao Ar name Ac Ns Va _limits
207.Pq Vt str
208Resource limits to apply to the service using
209.Xr limits 1 .
210By default, resource limits are based on the login class defined in
211.Ao Ar name Ac Ns Va _login_class .
212.It Ao Ar name Ac Ns Va _login_class
213.Pq Vt str
214Login class to be used with
215.Ao Ar name Ac Ns Va _limits .
216Defaults to
217.Dq Li daemon .
218.It Ao Ar name Ac Ns Va _nice
219.Pq Vt int
220The
221.Xr nice 1
222value to run the service under.
223.It Ao Ar name Ac Ns Va _oomprotect
224Use
225.Xr protect 1
226to prevent the service from being killed when swap space
227is exhausted.
228Use
229.Dq Li YES
230to protect only the service itself, and
231.Dq Li ALL
232to protect the service and all child processes.
233.Pp
234Please note rc scripts that redefine
235.Bd -literal
236${name}_cmd
237.Ed
238such as PostgreSQL will not inherit the OOM killer protection.
239.It Ao Ar name Ac Ns Va _user
240.Pq Vt str
241Run the service under this user account.
242.It Va apm_enable
243.Pq Vt bool
244If set to
245.Dq Li YES ,
246enable support for Automatic Power Management with
247the
248.Xr apm 8
249command.
250.It Va apmd_enable
251.Pq Vt bool
252Run
253.Xr apmd 8
254to handle APM event from userland.
255This also enables support for APM.
256.It Va apmd_flags
257.Pq Vt str
258If
259.Va apmd_enable
260is set to
261.Dq Li YES ,
262these are the flags to pass to the
263.Xr apmd 8
264daemon.
265.It Va devd_enable
266.Pq Vt bool
267Run
268.Xr devd 8
269to handle device added, removed or unknown events from the kernel.
270.It Va ddb_enable
271.Pq Vt bool
272Run
273.Xr ddb 8
274to install
275.Xr ddb 4
276scripts at boot time.
277.It Va ddb_config
278.Pq Vt str
279Configuration file for
280.Xr ddb 8 .
281Default
282.Pa /etc/ddb.conf .
283.It Va devmatch_enable
284.Pq Vt bool
285If set to
286.Dq Li NO ,
287disable auto-loading of kernel modules with
288.Xr devmatch 8 .
289.It Va devmatch_blocklist
290.Pq Vt str
291A whitespace-separated list of kernel modules to be ignored by
292.Xr devmatch 8 .
293In addition, the
294.Xr kenv 1
295.Va devmatch_blocklist
296is appended to this variable to allow disabling of
297.Xr devmatch 8
298loaded modules from the boot loader.
299.It Va devmatch_blacklist
300.Pq Vt str
301This variable is deprecated.
302Use
303.Va devmatch_blocklist
304instead.
305A whitespace-separated list of kernel modules to be ignored by
306.Xr devmatch 8 .
307.It Va kld_list
308.Pq Vt str
309A whitespace-separated list of kernel modules to load right after
310the local disks are mounted, without any
311.Pa .ko
312extension or path.
313Loading modules at this point in the boot process is
314much faster than doing it via
315.Pa /boot/loader.conf
316for those modules not necessary for mounting local disks.
317.It Va kldxref_enable
318.Pq Vt bool
319Set to
320.Dq Li NO
321by default.
322Set to
323.Dq Li YES
324to automatically rebuild
325.Pa linker.hints
326files with
327.Xr kldxref 8
328at boot time.
329.It Va kldxref_clobber
330.Pq Vt bool
331Set to
332.Dq Li NO
333by default.
334If
335.Va kldxref_enable
336is true,
337setting to
338.Dq Li YES
339will overwrite existing
340.Pa linker.hints
341files at boot time.
342Otherwise,
343only missing
344.Pa linker.hints
345files are generated.
346.It Va kldxref_module_path
347.Pq Vt str
348Empty by default.
349A semi-colon
350.Pq Ql \&;
351delimited list of paths containing
352.Xr kld 4
353modules.
354If empty,
355the contents of the
356.Va kern.module_path
357.Xr sysctl 8
358are used.
359.It Va powerd_enable
360.Pq Vt bool
361If set to
362.Dq Li YES ,
363enable the system power control facility with the
364.Xr powerd 8
365daemon.
366.It Va powerd_flags
367.Pq Vt str
368If
369.Va powerd_enable
370is set to
371.Dq Li YES ,
372these are the flags to pass to the
373.Xr powerd 8
374daemon.
375.It Va tmpmfs
376Controls the creation of a
377.Pa /tmp
378memory file system.
379Always happens if set to
380.Dq Li YES
381and never happens if set to
382.Dq Li NO .
383If set to anything else, a memory file system is created if
384.Pa /tmp
385is not writable.
386.It Va tmpsize
387Controls the size of a created
388.Pa /tmp
389memory file system.
390.It Va tmpmfs_flags
391Extra options passed to the
392.Xr mdmfs 8
393utility when the memory file system for
394.Pa /tmp
395is created.
396The default is
397.Dq Li "-S" ,
398which inhibits the use of softupdates on
399.Pa /tmp
400so that file system space is freed without delay
401after file truncation or deletion.
402See
403.Xr mdmfs 8
404for other options you can use in
405.Va tmpmfs_flags .
406.It Va varmfs
407Controls the creation of a
408.Pa /var
409memory file system.
410Always happens if set to
411.Dq Li YES
412and never happens if set to
413.Dq Li NO .
414If set to anything else, a memory file system is created if
415.Pa /var
416is not writable.
417.It Va varsize
418Controls the size of a created
419.Pa /var
420memory file system.
421.It Va varmfs_flags
422Extra options passed to the
423.Xr mdmfs 8
424utility when the memory file system for
425.Pa /var
426is created.
427The default is
428.Dq Li "-S" ,
429which inhibits the use of softupdates on
430.Pa /var
431so that file system space is freed without delay
432after file truncation or deletion.
433See
434.Xr mdmfs 8
435for other options you can use in
436.Va varmfs_flags .
437.It Va populate_var
438Controls the automatic population of the
439.Pa /var
440file system.
441Always happens if set to
442.Dq Li YES
443and never happens if set to
444.Dq Li NO .
445If set to anything else, a memory file system is created if
446.Pa /var
447is not writable.
448Note that this process requires access to certain commands in
449.Pa /usr
450before
451.Pa /usr
452is mounted on normal systems.
453.It Va cleanvar_enable
454.Pq Vt bool
455Clean the
456.Pa /var
457directory.
458.It Va local_startup
459.Pq Vt str
460List of directories to search for startup script files.
461.It Va script_name_sep
462.Pq Vt str
463The field separator to use for breaking down the list of startup script files
464into individual filenames.
465The default is a space.
466It is not necessary to change this unless there are startup scripts with names
467containing spaces.
468.It Va hostapd_enable
469.Pq Vt bool
470Set to
471.Dq Li YES
472to start
473.Xr hostapd 8
474at system boot time.
475.It Va hostname
476.Pq Vt str
477The fully qualified domain name (FQDN) of this host on the network.
478This should almost certainly be set to something meaningful, even if
479there is no network connection.
480If
481.Xr dhclient 8
482is used to set the hostname via DHCP,
483this variable should be set to an empty string.
484Within a
485.Xr jail 8
486the hostname is generally already set and this variable may be absent.
487If this value remains unset when the system is done booting
488your console login will display the default hostname of
489.Dq Amnesiac .
490.It Va nisdomainname
491.Pq Vt str
492The NIS domain name of this host, or
493.Dq Li NO
494if NIS is not used.
495.It Va dhclient_program
496.Pq Vt str
497Path to the DHCP client program
498.Pa ( /sbin/dhclient ,
499the
500.Ox
501DHCP client,
502is the default).
503.It Va dhclient_flags
504.Pq Vt str
505Additional flags to pass to the DHCP client program.
506For the
507.Ox
508DHCP client, see the
509.Xr dhclient 8
510manpage for a description of the command line options available.
511.It Va dhclient_flags_ Ns Aq Ar iface
512Additional flags to pass to the DHCP client program running on
513.Ar iface
514only.
515When specified, this variable overrides
516.Va dhclient_flags .
517.It Va background_dhclient
518.Pq Vt bool
519Set to
520.Dq Li YES
521to start the DHCP client in background.
522This can cause trouble with applications depending on
523a working network, but it will provide a faster startup
524in many cases.
525.It Va background_dhclient_ Ns Aq Ar iface
526When specified, this variable overrides the
527.Va background_dhclient
528variable for interface
529.Ar iface
530only.
531.It Va synchronous_dhclient
532.Pq Vt bool
533Set to
534.Dq Li YES
535to start
536.Xr dhclient 8
537synchronously at startup.
538This behavior can be overridden on a per-interface basis by replacing
539the
540.Dq Li DHCP
541keyword in the
542.Va ifconfig_ Ns Aq Ar interface
543variable with
544.Dq Li SYNCDHCP
545or
546.Dq Li NOSYNCDHCP .
547.It Va defaultroute_delay
548.Pq Vt int
549When set to a positive value, wait up to this long after configuring
550DHCP interfaces at startup to give the interfaces time to receive a lease.
551.It Va firewall_enable
552.Pq Vt bool
553Set to
554.Dq Li YES
555to load firewall rules at startup.
556If the kernel was not built with
557.Cd "options IPFIREWALL" ,
558the
559.Pa ipfw.ko
560kernel module will be loaded.
561See also
562.Va ipfilter_enable .
563.It Va firewall_script
564.Pq Vt str
565This variable specifies the full path to the firewall script to run.
566The default is
567.Pa /etc/rc.firewall .
568.It Va firewall_type
569.Pq Vt str
570Names the firewall type from the selection in
571.Pa /etc/rc.firewall ,
572or the file which contains the local firewall ruleset.
573Valid selections from
574.Pa /etc/rc.firewall
575are:
576.Pp
577.Bl -tag -width ".Li workstation" -compact
578.It Li open
579unrestricted IP access
580.It Li closed
581all IP services disabled, except via
582.Dq Li lo0
583.It Li client
584basic protection for a workstation
585.It Li workstation
586basic protection for a workstation using stateful firewalling
587.It Li simple
588basic protection for a LAN.
589.El
590.Pp
591If a filename is specified, the full path
592must be given.
593.Pp
594Most of the predefined rulesets define additional configuration variables.
595These are documented in
596.Pa /etc/rc.firewall .
597.It Va firewall_quiet
598.Pq Vt bool
599Set to
600.Dq Li YES
601to disable the display of firewall rules on the console during boot.
602.It Va firewall_logging
603.Pq Vt bool
604Set to
605.Dq Li YES
606to enable firewall event logging.
607This is equivalent to the
608.Dv IPFIREWALL_VERBOSE
609kernel option.
610.It Va firewall_logif
611.Pq Vt bool
612Set to
613.Dq Li YES
614to create pseudo interface
615.Li ipfw0
616for logging.
617For more details, see
618.Xr ipfw 8
619manual page.
620.It Va firewall_flags
621.Pq Vt str
622Flags passed to
623.Xr ipfw 8
624if
625.Va firewall_type
626specifies a filename.
627.It Va firewall_coscripts
628.Pq Vt str
629List of executables and/or rc scripts to run after firewall starts/stops.
630Default is empty.
631.\" ----- firewall_nat_enable setting --------------------------------
632.It Va firewall_nat_enable
633.Pq Vt bool
634The
635.Xr ipfw 8
636equivalent of
637.Va natd_enable .
638Setting this to
639.Dq Li YES
640will automatically load the
641.Xr ipfw 8
642NAT kernel module if
643.Va firewall_enable
644is also set to
645.Dq Li YES .
646.It Va firewall_nat_interface
647.Pq Vt str
648The
649.Xr ipfw 8
650equivalent of
651.Va natd_interface .
652This is the name of the public interface or IP address on which
653kernel NAT should run.
654.It Va firewall_nat_flags
655.Pq Vt str
656Additional configuration parameters for kernel NAT should be placed here.
657.It Va firewall_nat64_enable
658.Pq Vt bool
659Setting this to
660.Dq Li YES
661will automatically load the
662.Xr ipfw 8
663NAT64 kernel module if
664.Va firewall_enable
665is also set to
666.Dq Li YES .
667.It Va firewall_nptv6_enable
668.Pq Vt bool
669Setting this to
670.Dq Li YES
671will automatically load the
672.Xr ipfw 8
673NPTv6 kernel module if
674.Va firewall_enable
675is also set to
676.Dq Li YES .
677.It Va firewall_pmod_enable
678.Pq Vt bool
679Setting this to
680.Dq Li YES
681will automatically load the
682.Xr ipfw 8
683pmod kernel module if
684.Va firewall_enable
685is also set to
686.Dq Li YES .
687.It Va dummynet_enable
688.Pq Vt bool
689Setting this to
690.Dq Li YES
691will automatically load the
692.Xr dummynet 4
693module if
694.Va firewall_enable
695is also set to
696.Dq Li YES .
697.\" -------------------------------------------------------------------
698.It Va ipfw_netflow_enable
699.Pq Vt bool
700Setting this to
701.Dq Li YES
702will enable netflow logging via
703.Xr ng_netflow 4
704.Pp
705By default a ipfw rule is inserted and all packets are duplicated with
706the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
707port using protocol version 5.
708.It Va ipfw_netflow_hook
709.Pq Vt int
710netflow hook name, must be numerical
711(default
712.Pa 9995 ) .
713.It Va ipfw_netflow_rule
714.Pq Vt int
715ipfw rule number
716(default
717.Pa 1000 ) .
718.It Va ipfw_netflow_ip
719.Pq Vt str
720Destination server ip for receiving netflow data
721(default
722.Pa 127.0.0.1 ) .
723.It Va ipfw_netflow_port
724.Pq Vt int
725Destination server port for receiving netflow data
726(default
727.Pa 9995 ) .
728.It Va ipfw_netflow_version
729.Pq Vt int
730Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
731.It Va ipfw_netflow_fib
732.Pq Vt int
733Only match packet in FIB
734.Pa ipfw_netflow_fib
735(default is undefined meaning all FIBs).
736.It Va natd_program
737.Pq Vt str
738Path to
739.Xr natd 8 .
740.It Va natd_enable
741.Pq Vt bool
742Set to
743.Dq Li YES
744to enable
745.Xr natd 8 .
746.Va firewall_enable
747must also be set to
748.Dq Li YES ,
749and
750.Xr divert 4
751sockets must be enabled in the kernel.
752If the kernel was not built with
753.Cd "options IPDIVERT" ,
754the
755.Pa ipdivert.ko
756kernel module will be loaded.
757.It Va natd_interface
758.Pq Vt str
759This is the name of the public interface on which
760.Xr natd 8
761should run.
762The interface may be given as an interface name or as an IP address.
763.It Va natd_flags
764.Pq Vt str
765Additional
766.Xr natd 8
767flags should be placed here.
768The
769.Fl n
770or
771.Fl a
772flag is automatically added with the above
773.Va natd_interface
774as an argument.
775.\" ----- ipfilter_enable setting --------------------------------
776.It Va ipfilter_enable
777.Pq Vt bool
778Set to
779.Dq Li NO
780by default.
781Setting this to
782.Dq Li YES
783enables
784.Xr ipf 8
785packet filtering.
786.Pp
787Typical usage will require putting
788.Bd -literal
789ipfilter_enable="YES"
790ipnat_enable="YES"
791ipmon_enable="YES"
792ipfs_enable="YES"
793.Ed
794.Pp
795into
796.Pa /etc/rc.conf
797and editing
798.Pa /etc/ipf.rules
799and
800.Pa /etc/ipnat.rules
801appropriately.
802.Pp
803Note that
804.Va ipfilter_enable
805and
806.Va ipnat_enable
807can be enabled independently.
808.Va ipmon_enable
809and
810.Va ipfs_enable
811both require at least one of
812.Va ipfilter_enable
813and
814.Va ipnat_enable
815to be enabled.
816.Pp
817Having
818.Bd -literal
819options IPFILTER
820options IPFILTER_LOG
821options IPFILTER_DEFAULT_BLOCK
822.Ed
823.Pp
824in the kernel configuration file is a good idea, too.
825.\" ----- ipfilter_program setting ------------------------------
826.It Va ipfilter_program
827.Pq Vt str
828Path to
829.Xr ipf 8
830(default
831.Pa /sbin/ipf ) .
832.\" ----- ipfilter_rules setting --------------------------------
833.It Va ipfilter_rules
834.Pq Vt str
835Set to
836.Pa /etc/ipf.rules
837by default.
838This variable contains the name of the filter rule definition file.
839The file is expected to be readable for the
840.Xr ipf 8
841command to execute.
842.\" ----- ipfilter_flags setting --------------------------------
843.It Va ipfilter_flags
844.Pq Vt str
845Empty by default.
846This variable contains flags passed to the
847.Xr ipf 8
848program.
849.\" ----- ipnat_enable setting ----------------------------------
850.It Va ipnat_enable
851.Pq Vt bool
852Set to
853.Dq Li NO
854by default.
855Set it to
856.Dq Li YES
857to enable
858.Xr ipnat 8
859network address translation.
860See
861.Va ipfilter_enable
862for a detailed discussion.
863.\" ----- ipnat_program setting ---------------------------------
864.It Va ipnat_program
865.Pq Vt str
866Path to
867.Xr ipnat 8
868(default
869.Pa /sbin/ipnat ) .
870.\" ----- ipnat_rules setting -----------------------------------
871.It Va ipnat_rules
872.Pq Vt str
873Set to
874.Pa /etc/ipnat.rules
875by default.
876This variable contains the name of the file
877holding the network address translation definition.
878This file is expected to be readable for the
879.Xr ipnat 8
880command to execute.
881.\" ----- ipnat_flags setting -----------------------------------
882.It Va ipnat_flags
883.Pq Vt str
884Empty by default.
885This variable contains flags passed to the
886.Xr ipnat 8
887program.
888.\" ----- ipmon_enable setting ----------------------------------
889.It Va ipmon_enable
890.Pq Vt bool
891Set to
892.Dq Li NO
893by default.
894Set it to
895.Dq Li YES
896to enable
897.Xr ipmon 8
898monitoring (logging
899.Xr ipf 8
900and
901.Xr ipnat 8
902events).
903Setting this variable needs setting
904.Va ipfilter_enable
905or
906.Va ipnat_enable
907too.
908See
909.Va ipfilter_enable
910for a detailed discussion.
911.\" ----- ipmon_program setting ---------------------------------
912.It Va ipmon_program
913.Pq Vt str
914Path to
915.Xr ipmon 8
916(default
917.Pa /sbin/ipmon ) .
918.\" ----- ipmon_flags setting -----------------------------------
919.It Va ipmon_flags
920.Pq Vt str
921Set to
922.Dq Li -Ds
923by default.
924This variable contains flags passed to the
925.Xr ipmon 8
926program.
927Another typical example would be
928.Dq Fl D Pa /var/log/ipflog
929to have
930.Xr ipmon 8
931log directly to a file bypassing
932.Xr syslogd 8 .
933Make sure to adjust
934.Pa /etc/newsyslog.conf
935in such case like this:
936.Bd -literal
937/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
938.Ed
939.\" ----- ipfs_enable setting -----------------------------------
940.It Va ipfs_enable
941.Pq Vt bool
942Set to
943.Dq Li NO
944by default.
945Set it to
946.Dq Li YES
947to enable
948.Xr ipfs 8
949saving the filter and NAT state tables during shutdown
950and reloading them during startup again.
951Setting this variable needs setting
952.Va ipfilter_enable
953or
954.Va ipnat_enable
955to
956.Dq Li YES
957too.
958See
959.Va ipfilter_enable
960for a detailed discussion.
961Note that if
962.Va kern_securelevel
963is set to 3,
964.Va ipfs_enable
965cannot be used
966because the raised securelevel will prevent
967.Xr ipfs 8
968from saving the state tables at shutdown time.
969.\" ----- ipfs_program setting ----------------------------------
970.It Va ipfs_program
971.Pq Vt str
972Path to
973.Xr ipfs 8
974(default
975.Pa /sbin/ipfs ) .
976.\" ----- ipfs_flags setting ------------------------------------
977.It Va ipfs_flags
978.Pq Vt str
979Empty by default.
980This variable contains flags passed to the
981.Xr ipfs 8
982program.
983.\" ----- end of added ipf hook ---------------------------------
984.It Va pf_enable
985.Pq Vt bool
986Set to
987.Dq Li NO
988by default.
989Setting this to
990.Dq Li YES
991enables
992.Xr pf 4
993packet filtering.
994.Pp
995Typical usage will require putting
996.Pp
997.Dl pf_enable="YES"
998.Pp
999into
1000.Pa /etc/rc.conf
1001and editing
1002.Pa /etc/pf.conf
1003appropriately.
1004Adding
1005.Pp
1006.Dl "device pf"
1007.Pp
1008builds support for
1009.Xr pf 4
1010into the kernel, otherwise the
1011kernel module will be loaded.
1012.It Va pf_rules
1013.Pq Vt str
1014Path to
1015.Xr pf 4
1016ruleset configuration file
1017(default
1018.Pa /etc/pf.conf ) .
1019.It Va pf_program
1020.Pq Vt str
1021Path to
1022.Xr pfctl 8
1023(default
1024.Pa /sbin/pfctl ) .
1025.It Va pf_flags
1026.Pq Vt str
1027If
1028.Va pf_enable
1029is set to
1030.Dq Li YES ,
1031these flags are passed to the
1032.Xr pfctl 8
1033program when loading the ruleset.
1034.It Va pf_fallback_rules_enable
1035.Pq Vt bool
1036Set to
1037.Dq Li NO
1038by default.
1039Setting this to
1040.Dq Li YES
1041enables loading
1042.Va pf_fallback_rules_file
1043or
1044.Va pf_fallback_rules
1045in case of a problem when loading the ruleset in
1046.Va pf_rules .
1047.It Va pf_fallback_rules_file
1048.Pq Vt str
1049Path to a pf ruleset to load in case of failure when loading the
1050ruleset in
1051.Va pf_rules
1052(default
1053.Pa /etc/pf-fallback.conf ) .
1054.It Va pf_fallback_rules
1055.Pq Vt str
1056A pf ruleset to load in case of failure when loading the ruleset in
1057.Va pf_rules
1058and
1059.Va pf_fallback_rules_file
1060is not found.
1061Multiple rules can be set as follows:
1062.Bd -literal
1063pf_fallback_rules="\\
1064	block drop log all\\
1065	pass in quick on em0"
1066.Pp
1067.Ed
1068The default fallback rule is
1069.Dq block drop log all
1070.It Va pflog_enable
1071.Pq Vt bool
1072Set to
1073.Dq Li NO
1074by default.
1075Setting this to
1076.Dq Li YES
1077enables
1078.Xr pflogd 8
1079which logs packets from the
1080.Xr pf 4
1081packet filter.
1082.It Va pflog_logfile
1083.Pq Vt str
1084If
1085.Va pflog_enable
1086is set to
1087.Dq Li YES
1088this controls where
1089.Xr pflogd 8
1090stores the logfile
1091(default
1092.Pa /var/log/pflog ) .
1093Check
1094.Pa /etc/newsyslog.conf
1095to adjust logfile rotation for this.
1096.It Va pflog_program
1097.Pq Vt str
1098Path to
1099.Xr pflogd 8
1100(default
1101.Pa /sbin/pflogd ) .
1102.It Va pflog_flags
1103.Pq Vt str
1104Empty by default.
1105This variable contains additional flags passed to the
1106.Xr pflogd 8
1107program.
1108.It Va pflog_instances
1109.Pq Vt str
1110If logging to more than one
1111.Xr pflog 4
1112interface is desired,
1113.Va pflog_instances
1114is set to the list of
1115.Xr pflogd 8
1116instances that should be started at system boot time.
1117If
1118.Va pflog_instances
1119is set, for each whitespace-separated
1120.Ar element
1121in the list,
1122.Ao Ar element Ac Ns Va _dev
1123and
1124.Ao Ar element Ac Ns Va _logfile
1125elements are assumed to exist.
1126.Ao Ar element Ac Ns Va _dev
1127must contain the
1128.Xr pflog 4
1129interface to be watched by the named
1130.Xr pflogd 8
1131instance.
1132.Ao Ar element Ac Ns Va _logfile
1133must contain the name of the logfile that will be used by the
1134.Xr pflogd 8
1135instance.
1136.It Va ftpproxy_enable
1137.Pq Vt bool
1138Set to
1139.Dq Li NO
1140by default.
1141Setting this to
1142.Dq Li YES
1143enables
1144.Xr ftp-proxy 8
1145which supports the
1146.Xr pf 4
1147packet filter in translating ftp connections.
1148.It Va ftpproxy_flags
1149.Pq Vt str
1150Empty by default.
1151This variable contains additional flags passed to the
1152.Xr ftp-proxy 8
1153program.
1154.It Va ftpproxy_instances
1155.Pq Vt str
1156Empty by default.
1157If multiple instances of
1158.Xr ftp-proxy 8
1159are desired at boot time,
1160.Va ftpproxy_instances
1161should contain a whitespace-separated list of instance names.
1162For each
1163.Ar element
1164in the list, a variable named
1165.Ao Ar element Ac Ns Va _flags
1166should be defined, containing the command-line flags to be passed to the
1167.Xr ftp-proxy 8
1168instance.
1169.It Va pfsync_enable
1170.Pq Vt bool
1171Set to
1172.Dq Li NO
1173by default.
1174Setting this to
1175.Dq Li YES
1176enables exposing
1177.Xr pf 4
1178state changes to other hosts over the network by means of
1179.Xr pfsync 4 .
1180The
1181.Va pfsync_syncdev
1182variable
1183must also be set then.
1184.It Va pfsync_syncdev
1185.Pq Vt str
1186Empty by default.
1187This variable specifies the name of the network interface
1188.Xr pfsync 4
1189should operate through.
1190It must be set accordingly if
1191.Va pfsync_enable
1192is set to
1193.Dq Li YES .
1194.It Va pfsync_syncpeer
1195.Pq Vt str
1196Empty by default.
1197This variable is optional.
1198By default, state change messages are sent out on the synchronisation
1199interface using IP multicast packets.
1200The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1201224.0.0.240.
1202When a peer address is specified using the
1203.Va pfsync_syncpeer
1204option, the peer address is used as a destination for the pfsync
1205traffic, and the traffic can then be protected using
1206.Xr ipsec 4 .
1207See the
1208.Xr pfsync 4
1209manpage for more details about using
1210.Xr ipsec 4
1211with
1212.Xr pfsync 4
1213interfaces.
1214.It Va pfsync_ifconfig
1215.Pq Vt str
1216Empty by default.
1217This variable can contain additional options to be passed to the
1218.Xr ifconfig 8
1219command used to set up
1220.Xr pfsync 4 .
1221.It Va tcp_extensions
1222.Pq Vt bool
1223Set to
1224.Dq Li YES
1225by default.
1226Setting this to
1227.Dq Li NO
1228disables certain TCP options as described by
1229.Rs
1230.%T "RFC 1323"
1231.Re
1232Setting this to
1233.Dq Li NO
1234might help remedy such problems with connections as randomly hanging
1235or other weird behavior.
1236Some network devices are known
1237to be broken with respect to these options.
1238.It Va log_in_vain
1239.Pq Vt int
1240Set to 0 by default.
1241The
1242.Xr sysctl 8
1243variables,
1244.Va net.inet.tcp.log_in_vain
1245and
1246.Va net.inet.udp.log_in_vain ,
1247as described in
1248.Xr tcp 4
1249and
1250.Xr udp 4 ,
1251are set to the given value.
1252.It Va tcp_keepalive
1253.Pq Vt bool
1254Set to
1255.Dq Li YES
1256by default.
1257Setting to
1258.Dq Li NO
1259will disable probing idle TCP connections to verify that the
1260peer is still up and reachable.
1261.It Va tcp_drop_synfin
1262.Pq Vt bool
1263Set to
1264.Dq Li NO
1265by default.
1266Setting to
1267.Dq Li YES
1268will cause the kernel to ignore TCP frames that have both
1269the SYN and FIN flags set.
1270This prevents OS fingerprinting, but may
1271break some legitimate applications.
1272.It Va icmp_drop_redirect
1273.Pq Vt bool
1274Set to
1275.Dq Li AUTO
1276by default.
1277This setting will be identical to
1278.Dq Li YES ,
1279if a dynamicrouting daemon is enabled, because redirect processing may
1280cause performance issues for large routing tables.
1281If no such service is enabled, this setting behaves like a
1282.Dq Li NO .
1283Setting to
1284.Dq Li YES
1285will cause the kernel to ignore ICMP REDIRECT packets.
1286Setting to
1287.Dq Li NO
1288will cause the kernel to process ICMP REDIRECT packets.
1289Refer to
1290.Xr icmp 4
1291for more information.
1292.It Va icmp_log_redirect
1293.Pq Vt bool
1294Set to
1295.Dq Li NO
1296by default.
1297Setting to
1298.Dq Li YES
1299will cause the kernel to log ICMP REDIRECT packets.
1300Note that
1301the log messages are not rate-limited, so this option should only be used
1302for troubleshooting networks.
1303Refer to
1304.Xr icmp 4
1305for more information.
1306.It Va icmp_bmcastecho
1307.Pq Vt bool
1308Set to
1309.Dq Li YES
1310to respond to broadcast or multicast ICMP ping packets.
1311Refer to
1312.Xr icmp 4
1313for more information.
1314.It Va ip_portrange_first
1315.Pq Vt int
1316If not set to
1317.Dq Li NO ,
1318this is the first port in the default portrange.
1319Refer to
1320.Xr ip 4
1321for more information.
1322.It Va ip_portrange_last
1323.Pq Vt int
1324If not set to
1325.Dq Li NO ,
1326this is the last port in the default portrange.
1327Refer to
1328.Xr ip 4
1329for more information.
1330.It Va network_interfaces
1331.Pq Vt str
1332Set to the list of network interfaces to configure on this host or
1333.Dq Li AUTO
1334(the default) for all current interfaces.
1335Setting the
1336.Va network_interfaces
1337variable to anything other than the default is deprecated.
1338Interfaces that the administrator wishes to store configuration for,
1339but not start at boot should be configured with the
1340.Dq Li NOAUTO
1341keyword in their
1342.Va ifconfig_ Ns Aq Ar interface
1343variables as described below.
1344.Pp
1345An
1346.Va ifconfig_ Ns Aq Ar interface
1347variable is also assumed to exist for each value of
1348.Ar interface .
1349When an interface name contains any of the characters
1350.Dq Li .-/+
1351they are translated to
1352.Dq Li _
1353before lookup.
1354The variable can contain arguments to
1355.Xr ifconfig 8 ,
1356as well as special case-insensitive keywords described below.
1357Such keywords are removed before passing the value to
1358.Xr ifconfig 8
1359while the order of the other arguments is preserved.
1360.Pp
1361It is possible to add IP alias entries using
1362.Xr ifconfig 8
1363syntax with the address family keyword such as
1364.Li inet .
1365Assuming that the interface in question was
1366.Li em0 ,
1367it might look something like this:
1368.Bd -literal
1369ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1370ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1371.Ed
1372.Pp
1373It also possible to configure multiple IP addresses in Classless
1374Inter-Domain Routing
1375.Pq CIDR
1376address notation,
1377whose each address component can be a range like
1378.Li inet 192.0.2.5-23/24
1379or
1380.Li inet6 2001:db8:1-f::1/64 .
1381This notation allows address and prefix length part only,
1382not the other address modifiers.
1383Note that the maximum number of the generated addresses from a range
1384specification is limited to an integer value specified in
1385.Va netif_ipexpand_max
1386in
1387.Nm
1388because a small typo can unexpectedly generate a large number of addresses.
1389The default value is
1390.Li 2048 .
1391It can be increased by adding the following line into
1392.Nm :
1393.Bd -literal
1394netif_ipexpand_max="4096"
1395.Ed
1396.Pp
1397In the case of
1398.Li 192.0.2.5-23/24 ,
1399the address 192.0.2.5 will be configured with the
1400netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1401the non-conflicting netmask /32 as explained in the
1402.Xr ifconfig 8
1403alias section.
1404Note that this special netmask handling is only for
1405.Li inet ,
1406not for the other address families such as
1407.Li inet6 .
1408.Pp
1409With the interface in question being
1410.Li em0 ,
1411an example could look like:
1412.Bd -literal
1413ifconfig_em0_alias2="inet 192.0.2.129/27"
1414ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1415.Ed
1416.Pp
1417and so on.
1418.Pp
1419Note that deprecated
1420.Va ipv4_addrs_ Ns Aq Ar interface
1421variable was supported for IPv4 CIDR address notation.
1422The
1423.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1424variable replaces it, though
1425.Va ipv4_addrs_ Ns Aq Ar interface
1426is still supported for backward compatibility.
1427.Pp
1428For each
1429.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1430entry with an address family keyword,
1431its contents are passed to
1432.Xr ifconfig 8 .
1433Execution stops at the first unsuccessful access, so if
1434something like this is present:
1435.Bd -literal
1436ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1437ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1438ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1439ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1440.Ed
1441.Pp
1442Then note that alias4 would
1443.Em not
1444be added since the search would
1445stop with the missing
1446.Dq Li alias3
1447entry.
1448Because of this difficult to manage behavior,
1449there is
1450.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1451variable, which has the same functionality as
1452.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1453and can have all of entries in a variable like the following:
1454.Bd -literal
1455ifconfig_em0_aliases="\\
1456	inet 127.0.0.251 netmask 0xffffffff \\
1457	inet 127.0.0.252 netmask 0xffffffff \\
1458	inet 127.0.0.253 netmask 0xffffffff \\
1459	inet 127.0.0.254 netmask 0xffffffff"
1460.Ed
1461.Pp
1462It also supports CIDR notation.
1463.Pp
1464If the
1465.Pa /etc/start_if . Ns Aq Ar interface
1466file is present, it is read and executed by the
1467.Xr sh 1
1468interpreter
1469before configuring the interface as specified in the
1470.Va ifconfig_ Ns Aq Ar interface
1471and
1472.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1473variables.
1474.Pp
1475If a
1476.Va vlans_ Ns Aq Ar interface
1477variable is set,
1478a
1479.Xr vlan 4
1480interface will be created for each item in the list with the
1481.Ar vlandev
1482argument set to
1483.Ar interface .
1484If a vlan interface's name is a number,
1485then that number is used as the vlan tag and the new vlan interface is
1486named
1487.Ar interface . Ns Ar tag .
1488Otherwise,
1489the vlan tag must be specified via a
1490.Va vlan
1491parameter in the
1492.Va create_args_ Ns Aq Ar interface
1493variable.
1494.Pp
1495To create a vlan device named
1496.Li em0.101
1497on
1498.Li em0
1499with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1500.Bd -literal
1501vlans_em0="101"
1502ifconfig_em0_101="inet 192.0.2.1/24"
1503.Ed
1504.Pp
1505To create a vlan device named
1506.Li myvlan
1507on
1508.Li em0
1509with the vlan tag 102:
1510.Bd -literal
1511vlans_em0="myvlan"
1512create_args_myvlan="vlan 102"
1513.Ed
1514.Pp
1515If a
1516.Va wlans_ Ns Aq Ar interface
1517variable is set,
1518an
1519.Xr wlan 4
1520interface will be created for each item in the list with the
1521.Ar wlandev
1522argument set to
1523.Ar interface .
1524Further wlan cloning arguments may be passed to the
1525.Xr ifconfig 8
1526.Cm create
1527command by setting the
1528.Va create_args_ Ns Aq Ar interface
1529variable.
1530One or more
1531.Xr wlan 4
1532devices must be created for each wireless devices as of
1533.Fx 8.0 .
1534Debugging flags for
1535.Xr wlan 4
1536devices as set by
1537.Xr wlandebug 8
1538may be specified with an
1539.Va wlandebug_ Ns Aq Ar interface
1540variable.
1541The contents of this variable will be passed directly to
1542.Xr wlandebug 8 .
1543.Pp
1544If the
1545.Va ifconfig_ Ns Aq Ar interface
1546contains the keyword
1547.Dq Li NOAUTO
1548then the interface will not be configured
1549at boot or by
1550.Pa /etc/pccard_ether
1551when
1552.Va network_interfaces
1553is set to
1554.Dq Li AUTO .
1555.Pp
1556It is possible to bring up an interface with DHCP by adding
1557.Dq Li DHCP
1558to the
1559.Va ifconfig_ Ns Aq Ar interface
1560variable.
1561For instance, to initialize the
1562.Li em0
1563device via DHCP,
1564it is possible to use something like:
1565.Bd -literal
1566ifconfig_em0="DHCP"
1567.Ed
1568.Pp
1569If you want to configure your wireless interface with
1570.Xr wpa_supplicant 8
1571for use with WPA, EAP/LEAP or WEP, you need to add
1572.Dq Li WPA
1573to the
1574.Va ifconfig_ Ns Aq Ar interface
1575variable.
1576.Pp
1577On the other hand, if you want to configure your wireless interface with
1578.Xr hostapd 8 ,
1579you need to add
1580.Dq Li HOSTAP
1581to the
1582.Va ifconfig_ Ns Aq Ar interface
1583variable.
1584.Xr hostapd 8
1585will use the settings from
1586.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1587.Pp
1588Finally, you can add
1589.Xr ifconfig 8
1590options in this variable, in addition to the
1591.Pa /etc/start_if . Ns Aq Ar interface
1592file.
1593For instance, to configure an
1594.Xr ath 4
1595wireless device in station mode with an address obtained
1596via DHCP, using WPA authentication and 802.11b mode, it is
1597possible to use something like:
1598.Bd -literal
1599wlans_ath0="wlan0"
1600ifconfig_wlan0="DHCP WPA mode 11b"
1601.Ed
1602.Pp
1603In addition to the
1604.Va ifconfig_ Ns Aq Ar interface
1605form, a fallback variable
1606.Va ifconfig_DEFAULT
1607may be configured.
1608It will be used for all interfaces with no
1609.Va ifconfig_ Ns Aq Ar interface
1610variable.
1611This is intended to replace the no longer supported
1612.Va pccard_ifconfig
1613variable.
1614.Pp
1615It is also possible to rename an interface by doing:
1616.Bd -literal
1617ifconfig_em0_name="net0"
1618ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1619.Ed
1620.It Va ipv6_enable
1621.Pq Vt bool
1622This variable is deprecated.
1623Use
1624.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1625and
1626.Va ipv6_activate_all_interfaces
1627if necessary.
1628.Pp
1629If the variable is
1630.Dq Li YES ,
1631.Dq Li inet6 accept_rtadv
1632is added to all of
1633.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1634and the
1635.Va ipv6_activate_all_interfaces
1636is defined as
1637.Dq Li YES .
1638.It Va ipv6_prefer
1639.Pq Vt bool
1640This variable is deprecated.
1641Use
1642.Va ip6addrctl_policy
1643instead.
1644.Pp
1645If the variable is
1646.Dq Li YES ,
1647the default address selection policy table set by
1648.Xr ip6addrctl 8
1649will be IPv6-preferred.
1650.Pp
1651If the variable is
1652.Dq Li NO ,
1653the default address selection policy table set by
1654.Xr ip6addrctl 8
1655will be IPv4-preferred.
1656.It Va ipv6_activate_all_interfaces
1657.Pq Vt bool
1658This controls initial configuration on IPv6-capable
1659interfaces with no corresponding
1660.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1661variable.
1662Note that it is not always necessary to set this variable to
1663.Dq YES
1664to use IPv6 functionality on
1665.Fx .
1666In most cases, just configuring
1667.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1668variables works.
1669.Pp
1670If the variable is
1671.Dq Li NO ,
1672all interfaces which do not have a corresponding
1673.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1674variable will be marked as
1675.Dq Li IFDISABLED
1676at creation.
1677This means that all of IPv6 functionality on that interface
1678is completely disabled to enforce a security policy.
1679If the variable is set to
1680.Dq YES ,
1681the flag will be cleared on all of the interfaces.
1682.Pp
1683In most cases, just defining an
1684.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1685for an IPv6-capable interface should be sufficient.
1686However, if an interface is added dynamically
1687.Pq by some tunneling protocols such as PPP, for example ,
1688it is often difficult to define the variable in advance.
1689In such a case, configuring the
1690.Dq Li IFDISABLED
1691flag can be disabled by setting this variable to
1692.Dq YES .
1693.Pp
1694For more details of the
1695.Dq Li IFDISABLED
1696flag and keywords
1697.Dq Li inet6 ifdisabled ,
1698see
1699.Xr ifconfig 8 .
1700.Pp
1701Default is
1702.Dq Li NO .
1703.It Va ipv6_privacy
1704.Pq Vt bool
1705If the variable is
1706.Dq Li YES
1707privacy addresses will be generated for each IPv6
1708interface as described in RFC 4941.
1709.It Va ipv6_network_interfaces
1710.Pq Vt str
1711This is the IPv6 equivalent of
1712.Va network_interfaces .
1713Normally manual configuration of this variable is not needed.
1714.It Va ipv6_cpe_wanif
1715.Pq Vt str
1716If the variable is set to an interface name,
1717the
1718.Xr ifconfig 8
1719options
1720.Dq inet6 -no_radr accept_rtadv
1721will be added to the specified interface automatically before evaluating
1722.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1723and two
1724.Xr sysctl 8
1725variables
1726.Va net.inet6.ip6.rfc6204w3
1727and
1728.Va net.inet6.ip6.no_radr
1729will be set to 1.
1730.Pp
1731This means the specified interface will accept ICMPv6 Router
1732Advertisement messages on that link and add the discovered
1733routers into the Default Router List.
1734While the other interfaces can still accept RA messages if the
1735.Dq inet6 accept_rtadv
1736option is specified, adding
1737routes into the Default Router List will be disabled by
1738.Dq inet6 no_radr
1739option by default.
1740See
1741.Xr ifconfig 8
1742for more details.
1743.Pp
1744Note that ICMPv6 Router Advertisement messages will be
1745accepted even when
1746.Va net.inet6.ip6.forwarding
1747is 1
1748.Pq packet forwarding is enabled
1749when
1750.Va net.inet6.ip6.rfc6204w3
1751is set to 1.
1752.Pp
1753Default is
1754.Dq Li NO .
1755.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1756.Pq Vt str
1757This assigns arbitrary description to an interface.
1758The
1759.Xr sysctl 8
1760variable
1761.Va net.ifdescr_maxlen
1762limits its length.
1763This static setting may be overridden by commands
1764started with dynamic interface configuration utilities
1765like
1766.Xr dhclient 8
1767hooks.
1768The description can be seen with
1769.Xr ifconfig 8
1770command and it may be exported with
1771.Xr bsnmpd 1
1772daemon using its MIB-2 module.
1773.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1774.Pq Vt str
1775IPv6 functionality on an interface should be configured by
1776.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1777instead of setting ifconfig parameters in
1778.Va ifconfig_ Ns Aq Ar interface .
1779If this variable is empty, all of IPv6 configurations on the
1780specified interface by other variables such as
1781.Va ipv6_prefix_ Ns Ao Ar interface Ac
1782will be ignored.
1783.Pp
1784Aliases should be set by
1785.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1786with
1787.Dq Li inet6
1788keyword.
1789For example:
1790.Bd -literal
1791ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1792ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1793.Ed
1794.Pp
1795Interfaces that have an
1796.Dq Li inet6 accept_rtadv
1797keyword in
1798.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1799setting will be automatically configured by SLAAC
1800.Pq StateLess Address AutoConfiguration
1801described in
1802.Rs
1803.%T "RFC 4862"
1804.Re
1805.Pp
1806Note that a link-local address will be automatically configured in
1807addition to the configured global-scope addresses because the IPv6
1808specifications require it on each link.
1809The address is calculated from the MAC address by using an algorithm
1810defined in
1811.Rs
1812.%T "RFC 4862"
1813.%O "Section 5.3"
1814.Re
1815.Pp
1816If only a link-local address is needed on the interface,
1817the following configuration can be used:
1818.Bd -literal
1819ifconfig_em0_ipv6="inet6 auto_linklocal"
1820.Ed
1821.Pp
1822A link-local address can also be configured manually.
1823This is useful for the default router address of an IPv6 router
1824so that it does not change when the network interface
1825card is replaced.
1826For example:
1827.Bd -literal
1828ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1829.Ed
1830.It Va ipv6_prefix_ Ns Aq Ar interface
1831.Pq Vt str
1832If one or more prefixes are defined in
1833.Va ipv6_prefix_ Ns Aq Ar interface
1834addresses based on each prefix and the EUI-64 interface index will be
1835configured on that interface.
1836Note that this variable will be ignored when
1837.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1838is empty.
1839.Pp
1840For example, the following configuration
1841.Bd -literal
1842ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1843.Ed
1844.Pp
1845is equivalent to the following:
1846.Bd -literal
1847ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1848ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1849ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1850ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1851.Ed
1852.Pp
1853These Subnet-Router anycast addresses will be added only when
1854.Va ipv6_gateway_enable
1855is YES.
1856.It Va ipv6_default_interface
1857.Pq Vt str
1858If not set to
1859.Dq Li NO ,
1860this is the default output interface for scoped addresses.
1861This works only with ipv6_gateway_enable="NO".
1862.It Va ip6addrctl_enable
1863.Pq Vt bool
1864This variable is to enable configuring default address selection policy table
1865.Pq RFC 3484 .
1866The table can be specified in another variable
1867.Va ip6addrctl_policy .
1868For
1869.Va ip6addrctl_policy
1870the following keywords can be specified:
1871.Dq Li ipv4_prefer ,
1872.Dq Li ipv6_prefer ,
1873or
1874.Dq Li AUTO .
1875.Pp
1876If
1877.Dq Li ipv4_prefer
1878or
1879.Dq Li ipv6_prefer
1880is specified,
1881.Xr ip6addrctl 8
1882installs a pre-defined policy table described in Section 10.3
1883.Pq IPv4-preferred
1884or 2.1
1885.Pq IPv6-preferred
1886of RFC 3484.
1887.Pp
1888If
1889.Dq Li AUTO
1890is specified, it attempts to read a file
1891.Pa /etc/ip6addrctl.conf
1892first.
1893If this file is found,
1894.Xr ip6addrctl 8
1895reads and installs it.
1896If not found, a policy is automatically set
1897according to
1898.Va ipv6_activate_all_interfaces
1899variable; if the variable is set to
1900.Dq Li YES
1901the IPv6-preferred one is used.
1902Otherwise IPv4-preferred.
1903.Pp
1904The default value of
1905.Va ip6addrctl_enable
1906and
1907.Va ip6addrctl_policy
1908are
1909.Dq Li YES
1910and
1911.Dq Li AUTO ,
1912respectively.
1913.It Va cloned_interfaces
1914.Pq Vt str
1915Set to the list of clonable network interfaces to create on this host.
1916Further cloning arguments may be passed to the
1917.Xr ifconfig 8
1918.Cm create
1919command for each interface by setting the
1920.Va create_args_ Ns Aq Ar interface
1921variable.
1922If an interface name is specified with
1923.Dq :sticky
1924keyword,
1925the interface will not be destroyed even when
1926.Pa rc.d/netif
1927script is invoked with
1928.Dq stop
1929argument.
1930This is useful when reconfiguring the interface without destroying it.
1931Entries in
1932.Va cloned_interfaces
1933are automatically appended to
1934.Va network_interfaces
1935for configuration.
1936.It Va cloned_interfaces_sticky
1937.Pq Vt bool
1938This variable is to globally enable functionality of
1939.Dq :sticky
1940keyword in
1941.Va cloned_interfaces
1942for all interfaces.
1943The default value is
1944.Dq NO .
1945Even if this variable is specified to
1946.Dq YES ,
1947.Dq :nosticky
1948keyword can be used to override it on per interface basis.
1949.It Va gif_interfaces
1950Set to the list of
1951.Xr gif 4
1952tunnel interfaces to configure on this host.
1953A
1954.Va gifconfig_ Ns Aq Ar interface
1955variable is assumed to exist for each value of
1956.Ar interface .
1957The value of this variable is used to configure the link layer of the
1958tunnel using the
1959.Cm tunnel
1960option to
1961.Xr ifconfig 8 .
1962Additionally, this option ensures that each listed interface is created
1963via the
1964.Cm create
1965option to
1966.Xr ifconfig 8
1967before attempting to configure it.
1968.Pp
1969For example, configure two
1970.Xr gif 4
1971interfaces with:
1972.Bd -literal
1973gif_interfaces="gif0 gif1"
1974gifconfig_gif0="100.64.0.1 100.64.0.2"
1975ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
1976gifconfig_gif1="inet6 2a00::1 2a01::1"
1977ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
1978.Ed
1979.It Va ppp_enable
1980.Pq Vt bool
1981If set to
1982.Dq Li YES ,
1983run the
1984.Xr ppp 8
1985daemon.
1986.It Va ppp_profile
1987.Pq Vt str
1988The name of the profile to use from
1989.Pa /etc/ppp/ppp.conf .
1990Also used for per-profile overrides of
1991.Va ppp_mode
1992and
1993.Va ppp_nat ,
1994and
1995.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1996When the profile name contains any of the characters
1997.Dq Li .-/+
1998they are translated to
1999.Dq Li _
2000for the proposes of the override variable names.
2001.It Va ppp_mode
2002.Pq Vt str
2003Mode in which to run the
2004.Xr ppp 8
2005daemon.
2006.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
2007.Pq Vt str
2008Overrides the global
2009.Va ppp_mode
2010for
2011.Ar profile .
2012Accepted modes are
2013.Dq Li auto ,
2014.Dq Li ddial ,
2015.Dq Li direct
2016and
2017.Dq Li dedicated .
2018See the manual for a full description.
2019.It Va ppp_nat
2020.Pq Vt bool
2021If set to
2022.Dq Li YES ,
2023enables network address translation.
2024Used in conjunction with
2025.Va gateway_enable
2026allows hosts on private network addresses access to the Internet using
2027this host as a network address translating router.
2028Default is
2029.Dq Li YES .
2030.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
2031.Pq Vt str
2032Overrides the global
2033.Va ppp_nat
2034for
2035.Ar profile .
2036.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
2037.Pq Vt int
2038Set the unit number to be used for this profile.
2039See the manual description of
2040.Fl unit Ns Ar N
2041for details.
2042.It Va ppp_user
2043.Pq Vt str
2044The name of the user under which
2045.Xr ppp 8
2046should be started.
2047By
2048default,
2049.Xr ppp 8
2050is started as
2051.Dq Li root .
2052.It Va rc_conf_files
2053.Pq Vt str
2054This option is used to specify a list of files that will override
2055the settings in
2056.Pa /etc/defaults/rc.conf .
2057The files will be read in the order in which they are specified and should
2058include the full path to the file.
2059By default, the files specified are
2060.Pa /etc/rc.conf
2061and
2062.Pa /etc/rc.conf.local
2063.It Va zfs_enable
2064.Pq Vt bool
2065If set to
2066.Dq Li YES ,
2067.Pa /etc/rc.d/zfs
2068will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2069(ZVOLs).
2070.It Va zpool_reguid
2071.Pq Vt str
2072A space-separated list of ZFS pool names for which new pool GUIDs should be
2073assigned upon first boot.
2074This is useful when using a ZFS pool copied from a template, such as a virtual
2075machine image.
2076.It Va gptboot_enable
2077.Pq Vt bool
2078If set to
2079.Dq Li YES ,
2080.Pa /etc/rc.d/gptboot
2081will log if the system successfully (or not) booted from a GPT partition,
2082which had the
2083.Ar bootonce
2084attribute set using
2085.Xr gpart 8
2086utility.
2087.It Va gbde_autoattach_all
2088.Pq Vt bool
2089If set to
2090.Dq Li YES ,
2091.Pa /etc/rc.d/gbde
2092will attempt to automatically initialize your .bde devices in
2093.Pa /etc/fstab .
2094.It Va gbde_devices
2095.Pq Vt str
2096List the devices that the script should try to attach,
2097or
2098.Dq Li AUTO .
2099.It Va gbde_lockdir
2100.Pq Vt str
2101The directory where the
2102.Xr gbde 4
2103lockfiles are located.
2104The default lockfile directory is
2105.Pa /etc .
2106.Pp
2107The lockfile for each individual
2108.Xr gbde 4
2109device can be overridden by setting the variable
2110.Va gbde_lock_ Ns Aq Ar device ,
2111where
2112.Ar device
2113is the encrypted device without the
2114.Dq Pa /dev/
2115and
2116.Dq Pa .bde
2117parts.
2118.It Va gbde_attach_attempts
2119.Pq Vt int
2120Number of times to attempt attaching to a
2121.Xr gbde 4
2122device, i.e., how many times the user is asked for the pass-phrase.
2123Default is 3.
2124.It Va geli_devices
2125.Pq Vt str
2126List of devices to automatically attach on boot.
2127Note that .eli devices from
2128.Pa /etc/fstab
2129are automatically appended to this list.
2130.It Va geli_groups
2131.Pq Vt str
2132List of groups containing devices to automatically attach on boot with the same
2133keyfiles and passphrase.
2134This must be accompanied with a corresponding
2135.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2136variable.
2137.It Va geli_tries
2138.Pq Vt int
2139Number of times user is asked for the pass-phrase.
2140If empty, it will be taken from
2141.Va kern.geom.eli.tries
2142sysctl variable.
2143.It Va geli_default_flags
2144.Pq Vt str
2145Default flags to use by
2146.Xr geli 8
2147when configuring disk encryption.
2148Flags can be configured for every device separately by defining the
2149.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2150variable, and for every group separately by defining the
2151.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2152variable.
2153.It Va geli_autodetach
2154.Pq Vt str
2155Specifies if GELI devices should be marked for detach on last close after
2156file systems are mounted.
2157Default is
2158.Dq Li YES .
2159This can be changed for every device separately by defining the
2160.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2161variable.
2162.It Va root_rw_mount
2163.Pq Vt bool
2164Set to
2165.Dq Li YES
2166by default.
2167After the file systems are checked at boot time, the root file system
2168is remounted as read-write if this is set to
2169.Dq Li YES .
2170Diskless systems that mount their root file system from a read-only remote
2171NFS share should set this to
2172.Dq Li NO
2173in their
2174.Pa rc.conf .
2175.It Va fsck_y_enable
2176.Pq Vt bool
2177If set to
2178.Dq Li YES ,
2179.Xr fsck 8
2180will be run with the
2181.Fl y
2182flag if the initial preen
2183of the file systems fails.
2184.It Va background_fsck
2185.Pq Vt bool
2186If set to
2187.Dq Li NO ,
2188the system will not attempt to run
2189.Xr fsck 8
2190in the background where possible.
2191.It Va background_fsck_delay
2192.Pq Vt int
2193The amount of time in seconds to sleep before starting a background
2194.Xr fsck 8 .
2195It defaults to sixty seconds to allow large applications such as
2196the X server to start before disk I/O bandwidth is monopolized by
2197.Xr fsck 8 .
2198If set to a negative number, the background file system check will be
2199delayed indefinitely to allow the administrator to run it at a more
2200convenient time.
2201For example it may be run from
2202.Xr cron 8
2203by adding a line like
2204.Pp
2205.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2206.Pp
2207to
2208.Pa /etc/crontab .
2209.It Va netfs_types
2210.Pq Vt str
2211List of file system types that are network-based.
2212This list should generally not be modified by end users.
2213Use
2214.Va extra_netfs_types
2215instead.
2216.It Va extra_netfs_types
2217.Pq Vt str
2218If set to something other than
2219.Dq Li NO
2220(the default),
2221this variable extends the list of file system types
2222for which automatic mounting at startup by
2223.Xr rc 8
2224should be delayed until the network is initialized.
2225It should contain
2226a whitespace-separated list of network file system descriptor pairs,
2227each consisting of a file system type as passed to
2228.Xr mount 8
2229and a human-readable, one-word description,
2230joined with a colon
2231.Pq Ql \&: .
2232Extending the default list in this way is only necessary
2233when third party file system types are used.
2234.It Va syslogd_enable
2235.Pq Vt bool
2236If set to
2237.Dq Li YES ,
2238run the
2239.Xr syslogd 8
2240daemon.
2241.It Va syslogd_program
2242.Pq Vt str
2243Path to
2244.Xr syslogd 8
2245(default
2246.Pa /usr/sbin/syslogd ) .
2247.It Va syslogd_flags
2248.Pq Vt str
2249If
2250.Va syslogd_enable
2251is set to
2252.Dq Li YES ,
2253these are the flags to pass to
2254.Xr syslogd 8 .
2255.It Va inetd_enable
2256.Pq Vt bool
2257If set to
2258.Dq Li YES ,
2259run the
2260.Xr inetd 8
2261daemon.
2262.It Va inetd_program
2263.Pq Vt str
2264Path to
2265.Xr inetd 8
2266(default
2267.Pa /usr/sbin/inetd ) .
2268.It Va inetd_flags
2269.Pq Vt str
2270If
2271.Va inetd_enable
2272is set to
2273.Dq Li YES ,
2274these are the flags to pass to
2275.Xr inetd 8 .
2276.It Va hastd_enable
2277.Pq Vt bool
2278If set to
2279.Dq Li YES ,
2280run the
2281.Xr hastd 8
2282daemon.
2283.It Va hastd_program
2284.Pq Vt str
2285Path to
2286.Xr hastd 8
2287(default
2288.Pa /sbin/hastd ) .
2289.It Va hastd_flags
2290.Pq Vt str
2291If
2292.Va hastd_enable
2293is set to
2294.Dq Li YES ,
2295these are the flags to pass to
2296.Xr hastd 8 .
2297.It Va local_unbound_enable
2298.Pq Vt bool
2299If set to
2300.Dq Li YES ,
2301run the
2302.Xr unbound 8
2303daemon as a local caching resolver.
2304.It Va kdc_enable
2305.Pq Vt bool
2306Set to
2307.Dq Li YES
2308to start a Kerberos 5 authentication server
2309at boot time.
2310.It Va kdc_program
2311.Pq Vt str
2312If
2313.Va kdc_enable
2314is set to
2315.Dq Li YES
2316this is the path to Kerberos 5 Authentication Server.
2317.It Va kdc_flags
2318.Pq Vt str
2319Empty by default.
2320This variable contains additional flags to be passed to the Kerberos 5
2321authentication server.
2322.It Va kadmind_enable
2323.Pq Vt bool
2324Set to
2325.Dq Li YES
2326to start
2327.Xr kadmind 8 ,
2328the Kerberos 5 Administration Daemon; set to
2329.Dq Li NO
2330on a slave server.
2331.It Va kadmind_program
2332.Pq Vt str
2333If
2334.Va kadmind_enable
2335is set to
2336.Dq Li YES
2337this is the path to Kerberos 5 Administration Daemon.
2338.It Va kpasswdd_enable
2339.Pq Vt bool
2340Set to
2341.Dq Li YES
2342to start
2343.Xr kpasswdd 8 ,
2344the Kerberos 5 Password-Changing Daemon; set to
2345.Dq Li NO
2346on a slave server.
2347.It Va kpasswdd_program
2348.Pq Vt str
2349If
2350.Va kpasswdd_enable
2351is set to
2352.Dq Li YES
2353this is the path to Kerberos 5 Password-Changing Daemon.
2354.It Va kfd_enable
2355.Pq Vt bool
2356Set to
2357.Dq Li YES
2358to start
2359.Xr kfd 8 ,
2360the Kerberos 5 ticket forwarding daemon, at the boot time.
2361.It Va kfd_program
2362.Pq Vt str
2363Path to
2364.Xr kfd 8
2365(default
2366.Pa /usr/libexec/kfd ) .
2367.It Va rwhod_enable
2368.Pq Vt bool
2369If set to
2370.Dq Li YES ,
2371run the
2372.Xr rwhod 8
2373daemon at boot time.
2374.It Va rwhod_flags
2375.Pq Vt str
2376If
2377.Va rwhod_enable
2378is set to
2379.Dq Li YES ,
2380these are the flags to pass to it.
2381.It Va update_motd
2382.Pq Vt bool
2383If set to
2384.Dq Li YES ,
2385.Pa /etc/motd
2386will be updated at boot time to reflect the kernel release
2387being run.
2388If set to
2389.Dq Li NO ,
2390.Pa /etc/motd
2391will not be updated.
2392.It Va nfs_client_enable
2393.Pq Vt bool
2394If set to
2395.Dq Li YES ,
2396run the NFS client daemons at boot time.
2397.It Va nfs_access_cache
2398.Pq Vt int
2399If
2400.Va nfs_client_enable
2401is set to
2402.Dq Li YES ,
2403this can be set to
2404.Dq Li 0
2405to disable NFS ACCESS RPC caching, or to the number of seconds for which
2406NFS ACCESS
2407results should be cached.
2408A value of 2-10 seconds will substantially reduce network
2409traffic for many NFS operations.
2410.It Va nfs_server_enable
2411.Pq Vt bool
2412If set to
2413.Dq Li YES ,
2414run the NFS server daemons at boot time.
2415.It Va nfs_server_flags
2416.Pq Vt str
2417If
2418.Va nfs_server_enable
2419is set to
2420.Dq Li YES ,
2421these are the flags to pass to the
2422.Xr nfsd 8
2423daemon.
2424.It Va nfsv4_server_enable
2425.Pq Vt bool
2426If
2427.Va nfs_server_enable
2428is set to
2429.Dq Li YES
2430and
2431.Va nfsv4_server_enable
2432is set to
2433.Dq Li YES ,
2434enable the server for NFSv4 as well as NFSv2 and NFSv3.
2435.It Va nfsv4_server_only
2436.Pq Vt bool
2437If
2438.Va nfs_server_enable
2439is set to
2440.Dq Li YES
2441and
2442.Va nfsv4_server_only
2443is set to
2444.Dq Li YES ,
2445enable the NFS server for NFSv4 only.
2446.It Va nfs_server_maxio
2447.Pq Vt int
2448value to set vfs.nfsd.srvmaxio to, which is the
2449maximum I/O size for the NFS server.
2450.It Va tlsclntd_enable
2451.Pq Vt bool
2452If set to
2453.Dq Li YES ,
2454run the
2455.Xr rpc.tlsclntd 8
2456daemon, which is needed for NFS-over-TLS NFS mounts.
2457.It Va tlsservd_enable
2458.Pq Vt bool
2459If set to
2460.Dq Li YES ,
2461run the
2462.Xr rpc.tlsservd 8
2463daemon, which is needed for the
2464.Xr nfsd 8
2465to support NFS-over-TLS NFS mounts.
2466.It Va nfsuserd_enable
2467.Pq Vt bool
2468If
2469.Va nfsuserd_enable
2470is set to
2471.Dq Li YES ,
2472run the nfsuserd daemon, which is needed for NFSv4 in order
2473to map between user/group names vs uid/gid numbers.
2474If
2475.Va nfsv4_server_enable
2476is set to
2477.Dq Li YES ,
2478this will be forced enabled.
2479.It Va nfsuserd_flags
2480.Pq Vt str
2481If
2482.Va nfsuserd_enable
2483is set to
2484.Dq Li YES ,
2485these are the flags to pass to the
2486.Xr nfsuserd 8
2487daemon.
2488.It Va nfscbd_enable
2489.Pq Vt bool
2490If
2491.Va nfscbd_enable
2492is set to
2493.Dq Li YES ,
2494run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2495.It Va nfscbd_flags
2496.Pq Vt str
2497If
2498.Va nfscbd_enable
2499is set to
2500.Dq Li YES ,
2501these are the flags to pass to the
2502.Xr nfscbd 8
2503daemon.
2504.It Va mountd_enable
2505.Pq Vt bool
2506If set to
2507.Dq Li YES ,
2508and no
2509.Va nfs_server_enable
2510is set, start
2511.Xr mountd 8 ,
2512but not
2513.Xr nfsd 8
2514daemon.
2515It is commonly needed to run CFS without real NFS used.
2516.It Va mountd_flags
2517.Pq Vt str
2518If
2519.Va mountd_enable
2520is set to
2521.Dq Li YES ,
2522these are the flags to pass to the
2523.Xr mountd 8
2524daemon.
2525.It Va weak_mountd_authentication
2526.Pq Vt bool
2527If set to
2528.Dq Li YES ,
2529allow services like PCNFSD to make non-privileged mount
2530requests.
2531.It Va nfs_reserved_port_only
2532.Pq Vt bool
2533If set to
2534.Dq Li YES ,
2535provide NFS services only on a secure port.
2536.It Va nfs_bufpackets
2537.Pq Vt int
2538If set to a number, indicates the number of packets worth of
2539socket buffer space to reserve on an NFS client.
2540The kernel default is typically 4.
2541Using a higher number may be
2542useful on gigabit networks to improve performance.
2543The minimum value is
25442 and the maximum is 64.
2545.It Va rpc_lockd_enable
2546.Pq Vt bool
2547If set to
2548.Dq Li YES
2549and also an NFS server or client, run
2550.Xr rpc.lockd 8
2551at boot time.
2552.It Va rpc_lockd_flags
2553.Pq Vt str
2554If
2555.Va rpc_lockd_enable
2556is set to
2557.Dq Li YES ,
2558these are the flags to pass to the
2559.Xr rpc.lockd 8
2560daemon.
2561.It Va rpc_statd_enable
2562.Pq Vt bool
2563If set to
2564.Dq Li YES
2565and also an NFS server or client, run
2566.Xr rpc.statd 8
2567at boot time.
2568.It Va rpc_statd_flags
2569.Pq Vt str
2570If
2571.Va rpc_statd_enable
2572is set to
2573.Dq Li YES ,
2574these are the flags to pass to the
2575.Xr rpc.statd 8
2576daemon.
2577.It Va rpcbind_program
2578.Pq Vt str
2579Path to
2580.Xr rpcbind 8
2581(default
2582.Pa /usr/sbin/rpcbind ) .
2583.It Va rpcbind_enable
2584.Pq Vt bool
2585If set to
2586.Dq Li YES ,
2587run the
2588.Xr rpcbind 8
2589service at boot time.
2590.It Va rpcbind_flags
2591.Pq Vt str
2592If
2593.Va rpcbind_enable
2594is set to
2595.Dq Li YES ,
2596these are the flags to pass to the
2597.Xr rpcbind 8
2598daemon.
2599.It Va keyserv_enable
2600.Pq Vt bool
2601If set to
2602.Dq Li YES ,
2603run the
2604.Xr keyserv 8
2605daemon on boot for running Secure RPC.
2606.It Va keyserv_flags
2607.Pq Vt str
2608If
2609.Va keyserv_enable
2610is set to
2611.Dq Li YES ,
2612these are the flags to pass to
2613.Xr keyserv 8
2614daemon.
2615.It Va pppoed_enable
2616.Pq Vt bool
2617If set to
2618.Dq Li YES ,
2619run the
2620.Xr pppoed 8
2621daemon at boot time to provide PPP over Ethernet services.
2622.It Va pppoed_ Ns Aq Ar provider
2623.Pq Vt str
2624.Xr pppoed 8
2625listens to requests to this
2626.Ar provider
2627and ultimately runs
2628.Xr ppp 8
2629with a
2630.Ar system
2631argument of the same name.
2632.It Va pppoed_flags
2633.Pq Vt str
2634Additional flags to pass to
2635.Xr pppoed 8 .
2636.It Va pppoed_interface
2637.Pq Vt str
2638The network interface to run
2639.Xr pppoed 8
2640on.
2641This is mandatory when
2642.Va pppoed_enable
2643is set to
2644.Dq Li YES .
2645.It Va ntpdate_enable
2646.Pq Vt bool
2647If set to
2648.Dq Li YES ,
2649run
2650.Xr ntpdate 8
2651at system startup.
2652This command is intended to
2653synchronize the system clock only
2654.Em once
2655from some standard reference.
2656.Pp
2657Note that the use of the
2658.Va ntpd_sync_on_start
2659variable is a preferred alternative to the
2660.Xr ntpdate 8
2661utility as
2662.Xr ntpdate 8
2663is to be retired from the NTP distribution.
2664.It Va ntpdate_config
2665.Pq Vt str
2666Configuration file for
2667.Xr ntpdate 8 .
2668Default
2669.Pa /etc/ntp.conf .
2670.It Va ntpdate_hosts
2671.Pq Vt str
2672A whitespace-separated list of NTP servers to synchronize with at startup.
2673The default is to use the servers listed in
2674.Va ntpdate_config ,
2675if that file exists.
2676.It Va ntpdate_program
2677.Pq Vt str
2678Path to
2679.Xr ntpdate 8
2680(default
2681.Pa /usr/sbin/ntpdate ) .
2682.It Va ntpdate_flags
2683.Pq Vt str
2684If
2685.Va ntpdate_enable
2686is set to
2687.Dq Li YES ,
2688these are the flags to pass to the
2689.Xr ntpdate 8
2690command (typically a hostname).
2691.It Va ntpd_enable
2692.Pq Vt bool
2693If set to
2694.Dq Li YES ,
2695run the
2696.Xr ntpd 8
2697command at boot time.
2698.It Va ntpd_program
2699.Pq Vt str
2700Path to
2701.Xr ntpd 8
2702(default
2703.Pa /usr/sbin/ntpd ) .
2704.It Va ntpd_config
2705.Pq Vt str
2706Path to
2707.Xr ntpd 8
2708configuration file.
2709Default
2710.Pa /etc/ntp.conf .
2711.It Va ntpd_flags
2712.Pq Vt str
2713If
2714.Va ntpd_enable
2715is set to
2716.Dq Li YES ,
2717these are the flags to pass to the
2718.Xr ntpd 8
2719daemon.
2720.It Va ntpd_sync_on_start
2721.Pq Vt bool
2722If set to
2723.Dq Li YES ,
2724.Xr ntpd 8
2725is run with the
2726.Fl g
2727flag, which syncs the system's clock on startup.
2728See
2729.Xr ntpd 8
2730for more information regarding the
2731.Fl g
2732option.
2733This is a preferred alternative to using
2734.Xr ntpdate 8
2735or specifying the
2736.Va ntpdate_enable
2737variable.
2738.It Va nis_client_enable
2739.Pq Vt bool
2740If set to
2741.Dq Li YES ,
2742run the
2743.Xr ypbind 8
2744service at system boot time.
2745.It Va nis_client_flags
2746.Pq Vt str
2747If
2748.Va nis_client_enable
2749is set to
2750.Dq Li YES ,
2751these are the flags to pass to the
2752.Xr ypbind 8
2753service.
2754.It Va nis_ypldap_enable
2755.Pq Vt bool
2756If set to
2757.Dq Li YES ,
2758run the
2759.Xr ypldap 8
2760daemon at system boot time.
2761.It Va nis_ypldap_flags
2762.Pq Vt str
2763If
2764.Va nis.ypldap_enable
2765is set to
2766.Dq Li YES ,
2767these are the flags to pass to the
2768.Xr ypldap 8
2769daemon.
2770.It Va nis_ypset_enable
2771.Pq Vt bool
2772If set to
2773.Dq Li YES ,
2774run the
2775.Xr ypset 8
2776daemon at system boot time.
2777.It Va nis_ypset_flags
2778.Pq Vt str
2779If
2780.Va nis_ypset_enable
2781is set to
2782.Dq Li YES ,
2783these are the flags to pass to the
2784.Xr ypset 8
2785daemon.
2786.It Va nis_server_enable
2787.Pq Vt bool
2788If set to
2789.Dq Li YES ,
2790run the
2791.Xr ypserv 8
2792daemon at system boot time.
2793.It Va nis_server_flags
2794.Pq Vt str
2795If
2796.Va nis_server_enable
2797is set to
2798.Dq Li YES ,
2799these are the flags to pass to the
2800.Xr ypserv 8
2801daemon.
2802.It Va nis_ypxfrd_enable
2803.Pq Vt bool
2804If set to
2805.Dq Li YES ,
2806run the
2807.Xr rpc.ypxfrd 8
2808daemon at system boot time.
2809.It Va nis_ypxfrd_flags
2810.Pq Vt str
2811If
2812.Va nis_ypxfrd_enable
2813is set to
2814.Dq Li YES ,
2815these are the flags to pass to the
2816.Xr rpc.ypxfrd 8
2817daemon.
2818.It Va nis_yppasswdd_enable
2819.Pq Vt bool
2820If set to
2821.Dq Li YES ,
2822run the
2823.Xr rpc.yppasswdd 8
2824daemon at system boot time.
2825.It Va nis_yppasswdd_flags
2826.Pq Vt str
2827If
2828.Va nis_yppasswdd_enable
2829is set to
2830.Dq Li YES ,
2831these are the flags to pass to the
2832.Xr rpc.yppasswdd 8
2833daemon.
2834.It Va rpc_ypupdated_enable
2835.Pq Vt bool
2836If set to
2837.Dq Li YES ,
2838run the
2839.Nm rpc.ypupdated
2840daemon at system boot time.
2841.It Va bsnmpd_enable
2842.Pq Vt bool
2843If set to
2844.Dq Li YES ,
2845run the
2846.Xr bsnmpd 1
2847daemon at system boot time.
2848Be sure to understand the security implications of running SNMP daemon
2849on your host.
2850.It Va bsnmpd_flags
2851.Pq Vt str
2852If
2853.Va bsnmpd_enable
2854is set to
2855.Dq Li YES ,
2856these are the flags to pass to the
2857.Xr bsnmpd 1
2858daemon.
2859.It Va defaultrouter
2860.Pq Vt str
2861If not set to
2862.Dq Li NO ,
2863create a default route to this host name or IP address
2864(use an IP address if this router is also required to get to the
2865name server!).
2866.It Va defaultrouter_fibN
2867.Pq Vt str
2868If not set to
2869.Dq Li NO ,
2870create a default route in FIB N to this host name or IP address.
2871.It Va ipv6_defaultrouter
2872.Pq Vt str
2873The IPv6 equivalent of
2874.Va defaultrouter .
2875.It Va ipv6_defaultrouter_fibN
2876.Pq Vt str
2877The IPv6 equivalent of
2878.Va defaultrouter_fibN .
2879.It Va static_arp_pairs
2880.Pq Vt str
2881Set to the list of static ARP pairs that are to be added at system
2882boot time.
2883For each whitespace separated
2884.Ar element
2885in the value, a
2886.Va static_arp_ Ns Aq Ar element
2887variable is assumed to exist whose contents will later be passed to a
2888.Dq Nm arp Cm -S
2889operation.
2890For example
2891.Bd -literal
2892static_arp_pairs="gw"
2893static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2894.Ed
2895.It Va static_ndp_pairs
2896.Pq Vt str
2897Set to the list of static NDP pairs that are to be added at system
2898boot time.
2899For each whitespace separated
2900.Ar element
2901in the value, a
2902.Va static_ndp_ Ns Aq Ar element
2903variable is assumed to exist whose contents will later be passed to a
2904.Dq Nm ndp Cm -s
2905operation.
2906For example
2907.Bd -literal
2908static_ndp_pairs="gw"
2909static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2910.Ed
2911.It Va static_routes
2912.Pq Vt str
2913Set to the list of static routes that are to be added at system
2914boot time.
2915If not set to
2916.Dq Li NO
2917then for each whitespace separated
2918.Ar element
2919in the value, a
2920.Va route_ Ns Aq Ar element
2921variable is assumed to exist
2922whose contents will later be passed to a
2923.Dq Nm route Cm add
2924operation.
2925For example:
2926.Bd -literal
2927static_routes="ext mcast:gif0 gif0local:gif0"
2928route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2929route_mcast="-net 224.0.0.0/4 -iface gif0"
2930route_gif0local="-host 169.254.1.1 -iface lo0"
2931.Ed
2932.Pp
2933When an
2934.Ar element
2935is in the form of
2936.Li name:ifname ,
2937the route is specific to the interface
2938.Li ifname .
2939.It Va ipv6_static_routes
2940.Pq Vt str
2941The IPv6 equivalent of
2942.Va static_routes .
2943If not set to
2944.Dq Li NO
2945then for each whitespace separated
2946.Ar element
2947in the value, a
2948.Va ipv6_route_ Ns Aq Ar element
2949variable is assumed to exist
2950whose contents will later be passed to a
2951.Dq Nm route Cm add Fl inet6
2952operation.
2953.It Va gateway_enable
2954.Pq Vt bool
2955If set to
2956.Dq Li YES ,
2957configure host to act as an IP router, e.g.\& to forward packets
2958between interfaces.
2959.It Va ipv6_gateway_enable
2960.Pq Vt bool
2961The IPv6 equivalent of
2962.Va gateway_enable .
2963.It Va routed_enable
2964.Pq Vt bool
2965If set to
2966.Dq Li YES ,
2967run a routing daemon of some sort, based on the
2968settings of
2969.Va routed_program
2970and
2971.Va routed_flags .
2972.It Va route6d_enable
2973.Pq Vt bool
2974The IPv6 equivalent of
2975.Va routed_enable .
2976If set to
2977.Dq Li YES ,
2978run a routing daemon of some sort, based on the
2979settings of
2980.Va route6d_program
2981and
2982.Va route6d_flags .
2983.It Va routed_program
2984.Pq Vt str
2985If
2986.Va routed_enable
2987is set to
2988.Dq Li YES ,
2989this is the name of the routing daemon to use.
2990.It Va route6d_program
2991.Pq Vt str
2992The IPv6 equivalent of
2993.Va routed_program .
2994.It Va routed_flags
2995.Pq Vt str
2996If
2997.Va routed_enable
2998is set to
2999.Dq Li YES ,
3000these are the flags to pass to the routing daemon.
3001.It Va route6d_flags
3002.Pq Vt str
3003The IPv6 equivalent of
3004.Va routed_flags .
3005.It Va rtadvd_enable
3006.Pq Vt bool
3007If set to
3008.Dq Li YES ,
3009run the
3010.Xr rtadvd 8
3011daemon at boot time.
3012The
3013.Xr rtadvd 8
3014utility sends ICMPv6 Router Advertisement messages to
3015the interfaces specified in
3016.Va rtadvd_interfaces .
3017This should only be enabled with great care.
3018You may want to fine-tune
3019.Xr rtadvd.conf 5 .
3020.It Va rtadvd_interfaces
3021.Pq Vt str
3022If
3023.Va rtadvd_enable
3024is set to
3025.Dq Li YES
3026this is the list of interfaces to use.
3027.It Va arpproxy_all
3028.Pq Vt bool
3029If set to
3030.Dq Li YES ,
3031enable global proxy ARP.
3032.It Va forward_sourceroute
3033.Pq Vt bool
3034If set to
3035.Dq Li YES
3036and
3037.Va gateway_enable
3038is also set to
3039.Dq Li YES ,
3040source-routed packets are forwarded.
3041.It Va accept_sourceroute
3042.Pq Vt bool
3043If set to
3044.Dq Li YES ,
3045the system will accept source-routed packets directed at it.
3046.It Va rarpd_enable
3047.Pq Vt bool
3048If set to
3049.Dq Li YES ,
3050run the
3051.Xr rarpd 8
3052daemon at system boot time.
3053.It Va rarpd_flags
3054.Pq Vt str
3055If
3056.Va rarpd_enable
3057is set to
3058.Dq Li YES ,
3059these are the flags to pass to the
3060.Xr rarpd 8
3061daemon.
3062.It Va bootparamd_enable
3063.Pq Vt bool
3064If set to
3065.Dq Li YES ,
3066run the
3067.Xr bootparamd 8
3068daemon at system boot time.
3069.It Va bootparamd_flags
3070.Pq Vt str
3071If
3072.Va bootparamd_enable
3073is set to
3074.Dq Li YES ,
3075these are the flags to pass to the
3076.Xr bootparamd 8
3077daemon.
3078.It Va stf_interface_ipv4addr
3079.Pq Vt str
3080If not set to
3081.Dq Li NO ,
3082this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3083interface).
3084Specify this entry to enable the 6to4 interface.
3085.It Va stf_interface_ipv4plen
3086.Pq Vt int
3087Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3088An effective value is 0-31.
3089.It Va stf_interface_ipv6_ifid
3090.Pq Vt str
3091IPv6 interface ID for
3092.Xr stf 4 .
3093This can be set to
3094.Dq Li AUTO .
3095.It Va stf_interface_ipv6_slaid
3096.Pq Vt str
3097IPv6 Site Level Aggregator for
3098.Xr stf 4 .
3099.It Va ipv6_ipv4mapping
3100.Pq Vt bool
3101If set to
3102.Dq Li YES
3103this enables IPv4 mapped IPv6 address communication (like
3104.Li ::ffff:a.b.c.d ) .
3105.It Va rtsold_enable
3106.Pq Vt bool
3107Set to
3108.Dq Li YES
3109to enable the
3110.Xr rtsold 8
3111daemon to send ICMPv6 Router Solicitation messages.
3112.It Va rtsold_flags
3113.Pq Vt str
3114If
3115.Va rtsold_enable
3116is set to
3117.Dq Li YES ,
3118these are the flags to pass to
3119.Xr rtsold 8 .
3120.It Va rtsol_flags
3121.Pq Vt str
3122For interfaces configured with the
3123.Dq Li inet6 accept_rtadv
3124keyword, these are the flags to pass to
3125.Xr rtsol 8 .
3126.Pp
3127Note that
3128.Va rtsold_enable
3129is mutually exclusive to
3130.Va rtsol_flags ;
3131.Va rtsold_enable
3132takes precedence.
3133.It Va keybell
3134.Pq Vt str
3135The keyboard bell sound.
3136Set to
3137.Dq Li normal ,
3138.Dq Li visual ,
3139.Dq Li off ,
3140or
3141.Dq Li NO
3142if the default behavior is desired.
3143For details, refer to the
3144.Xr kbdcontrol 1
3145manpage.
3146.It Va keyboard
3147.Pq Vt str
3148If set to a non-null string, the virtual console's keyboard input is
3149set to this device.
3150.It Va keymap
3151.Pq Vt str
3152If set to
3153.Dq Li NO ,
3154no keymap is installed, otherwise the value is used to install
3155the keymap file found in
3156.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3157(if using
3158.Xr syscons 4 ) or
3159.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3160(if using
3161.Xr vt 4 ) .
3162.It Va keyrate
3163.Pq Vt str
3164The keyboard repeat speed.
3165Set to
3166.Dq Li slow ,
3167.Dq Li normal ,
3168.Dq Li fast ,
3169or
3170.Dq Li NO
3171if the default behavior is desired.
3172.It Va keychange
3173.Pq Vt str
3174If not set to
3175.Dq Li NO ,
3176attempt to program the function keys with the value.
3177The value should
3178be a single string of the form:
3179.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3180.It Va cursor
3181.Pq Vt str
3182Can be set to the value of
3183.Dq Li normal ,
3184.Dq Li blink ,
3185.Dq Li destructive ,
3186or
3187.Dq Li NO
3188to set the cursor behavior explicitly or choose the default behavior.
3189.It Va scrnmap
3190.Pq Vt str
3191If set to
3192.Dq Li NO ,
3193no screen map is installed, otherwise the value is used to install
3194the screen map file in
3195.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3196This parameter is ignored when using
3197.Xr vt 4
3198as the console driver.
3199.It Va font8x16
3200.Pq Vt str
3201If set to
3202.Dq Li NO ,
3203the default 8x16 font value is used for screen size requests, otherwise
3204the value in
3205.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3206or
3207.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3208is used (depending on the console driver being used).
3209.It Va font8x14
3210.Pq Vt str
3211If set to
3212.Dq Li NO ,
3213the default 8x14 font value is used for screen size requests, otherwise
3214the value in
3215.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3216or
3217.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3218is used (depending on the console driver being used).
3219.It Va font8x8
3220.Pq Vt str
3221If set to
3222.Dq Li NO ,
3223the default 8x8 font value is used for screen size requests, otherwise
3224the value in
3225.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3226or
3227.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3228is used (depending on the console driver being used).
3229.It Va blanktime
3230.Pq Vt int
3231If set to
3232.Dq Li NO ,
3233the default screen blanking interval is used, otherwise it is set
3234to
3235.Ar value
3236seconds.
3237.It Va saver
3238.Pq Vt str
3239If not set to
3240.Dq Li NO ,
3241this is the actual screen saver to use
3242.Li ( blank , snake , daemon ,
3243etc).
3244.It Va moused_nondefault_enable
3245.Pq Vt str
3246If set to
3247.Dq Li NO ,
3248the mouse device specified on
3249the command line is not automatically treated as enabled by the
3250.Pa /etc/rc.d/moused
3251script.
3252Having this variable set to
3253.Dq Li YES
3254allows a
3255.Xr usb 4
3256mouse,
3257for example,
3258to be enabled as soon as it is plugged in.
3259.It Va moused_enable
3260.Pq Vt str
3261If set to
3262.Dq Li YES ,
3263the
3264.Xr moused 8
3265daemon is started for doing cut/paste selection on the console.
3266.It Va moused_type
3267.Pq Vt str
3268This is the protocol type of the mouse connected to this host.
3269This variable must be set if
3270.Va moused_enable
3271is set to
3272.Dq Li YES .
3273The
3274.Xr moused 8
3275daemon
3276is able to detect the appropriate mouse type automatically in many cases.
3277Set this variable to
3278.Dq Li auto
3279to let the daemon detect it, or
3280select one from the following list if the automatic detection fails.
3281.Pp
3282If the mouse is attached to the PS/2 mouse port, choose
3283.Dq Li auto
3284or
3285.Dq Li ps/2 ,
3286regardless of the brand and model of the mouse.
3287Likewise, if the
3288mouse is attached to the bus mouse port, choose
3289.Dq Li auto
3290or
3291.Dq Li busmouse .
3292All other protocols are for serial mice and will not work with
3293the PS/2 and bus mice.
3294If this is a USB mouse,
3295.Dq Li auto
3296is the only protocol type which will work.
3297.Pp
3298.Bl -tag -width ".Li x10mouseremote" -compact
3299.It Li microsoft
3300Microsoft mouse (serial)
3301.It Li intellimouse
3302Microsoft IntelliMouse (serial)
3303.It Li mousesystems
3304Mouse systems Corp.\& mouse (serial)
3305.It Li mmseries
3306MM Series mouse (serial)
3307.It Li logitech
3308Logitech mouse (serial)
3309.It Li busmouse
3310A bus mouse
3311.It Li mouseman
3312Logitech MouseMan and TrackMan (serial)
3313.It Li glidepoint
3314ALPS GlidePoint (serial)
3315.It Li thinkingmouse
3316Kensington ThinkingMouse (serial)
3317.It Li ps/2
3318PS/2 mouse
3319.It Li mmhittab
3320MM HitTablet (serial)
3321.It Li x10mouseremote
3322X10 MouseRemote (serial)
3323.It Li versapad
3324Interlink VersaPad (serial)
3325.El
3326.Pp
3327Even if the mouse is not in the above list, it may be compatible
3328with one in the list.
3329Refer to the manual page for
3330.Xr moused 8
3331for compatibility information.
3332.Pp
3333It should also be noted that while this is enabled, any
3334other client of the mouse (such as an X server) should access
3335the mouse through the virtual mouse device,
3336.Pa /dev/sysmouse ,
3337and configure it as a
3338.Dq Li sysmouse
3339type mouse, since all
3340mouse data is converted to this single canonical format when
3341using
3342.Xr moused 8 .
3343If the client program does not support the
3344.Dq Li sysmouse
3345type,
3346specify the
3347.Dq Li mousesystems
3348type.
3349It is the second preferred type.
3350.It Va moused_port
3351.Pq Vt str
3352If
3353.Va moused_enable
3354is set to
3355.Dq Li YES ,
3356this is the actual port the mouse is on.
3357It might be
3358.Pa /dev/cuau0
3359for a COM1 serial mouse, or
3360.Pa /dev/psm0
3361for a PS/2 mouse, for example.
3362.It Va moused_flags
3363.Pq Vt str
3364If
3365.Va moused_flags
3366is set, its value is used as an additional set of flags to pass to the
3367.Xr moused 8
3368daemon.
3369.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3370When
3371.Va moused_nondefault_enable
3372is enabled, and a
3373.Xr moused 8
3374daemon is started for a non-default port, the
3375.Va "moused_" Ns Ar XXX Ns Va "_flags"
3376set of options has precedence over and replaces the default
3377.Va moused_flags
3378(where
3379.Ar XXX
3380is the name of the non-default port, i.e.,\&
3381.Ar ums0 ) .
3382By setting
3383.Va "moused_" Ns Ar XXX Ns Va "_flags"
3384it is possible to set up a different set of default flags for each
3385.Xr moused 8
3386instance.
3387For example, you can use
3388.Dq Li "-3"
3389for the default
3390.Va moused_flags
3391to make your laptop's touchpad more comfortable to use,
3392but an empty set of options for
3393.Va moused_ums0_flags
3394when your
3395.Xr usb 4
3396mouse has three or more buttons.
3397.It Va mousechar_start
3398.Pq Vt int
3399If set to
3400.Dq Li NO ,
3401the default mouse cursor character range
3402.Li 0xd0 Ns - Ns Li 0xd3
3403is used,
3404otherwise the range start is set
3405to
3406.Ar value
3407character, see
3408.Xr vidcontrol 1 .
3409Use if the default range is occupied in the language code table.
3410.It Va allscreens_flags
3411.Pq Vt str
3412If set,
3413.Xr vidcontrol 1
3414is run with these options for each of the virtual terminals
3415.Pq Pa /dev/ttyv* .
3416For example,
3417.Dq Fl m Cm on
3418will enable the mouse pointer on all virtual terminals
3419if
3420.Va moused_enable
3421is set to
3422.Dq Li YES .
3423.It Va allscreens_kbdflags
3424.Pq Vt str
3425If set,
3426.Xr kbdcontrol 1
3427is run with these options for each of the virtual terminals
3428.Pq Pa /dev/ttyv* .
3429For example,
3430.Dq Fl h Li 200
3431will set the
3432.Xr syscons 4
3433or
3434.Xr vt 4
3435scrollback (history) buffer to 200 lines.
3436.It Va cron_enable
3437.Pq Vt bool
3438If set to
3439.Dq Li YES ,
3440run the
3441.Xr cron 8
3442daemon at system boot time.
3443.It Va cron_program
3444.Pq Vt str
3445Path to
3446.Xr cron 8
3447(default
3448.Pa /usr/sbin/cron ) .
3449.It Va cron_flags
3450.Pq Vt str
3451If
3452.Va cron_enable
3453is set to
3454.Dq Li YES ,
3455these are the flags to pass to
3456.Xr cron 8 .
3457.It Va cron_dst
3458.Pq Vt bool
3459If set to
3460.Dq Li YES ,
3461enable the special handling of transitions to and from the
3462Daylight Saving Time in
3463.Xr cron 8
3464(equivalent to using the flag
3465.Fl s ) .
3466.It Va lpd_program
3467.Pq Vt str
3468Path to
3469.Xr lpd 8
3470(default
3471.Pa /usr/sbin/lpd ) .
3472.It Va lpd_enable
3473.Pq Vt bool
3474If set to
3475.Dq Li YES ,
3476run the
3477.Xr lpd 8
3478daemon at system boot time.
3479.It Va lpd_flags
3480.Pq Vt str
3481If
3482.Va lpd_enable
3483is set to
3484.Dq Li YES ,
3485these are the flags to pass to the
3486.Xr lpd 8
3487daemon.
3488.It Va chkprintcap_enable
3489.Pq Vt bool
3490If set to
3491.Dq Li YES ,
3492run the
3493.Xr chkprintcap 8
3494command before starting the
3495.Xr lpd 8
3496daemon.
3497.It Va chkprintcap_flags
3498.Pq Vt str
3499If
3500.Va lpd_enable
3501and
3502.Va chkprintcap_enable
3503are set to
3504.Dq Li YES ,
3505these are the flags to pass to the
3506.Xr chkprintcap 8
3507program.
3508The default is
3509.Dq Li -d ,
3510which causes missing directories to be created.
3511.It Va mta_start_script
3512.Pq Vt str
3513This variable specifies the full path to the script to run to start
3514a mail transfer agent.
3515The default is
3516.Pa /etc/rc.sendmail .
3517The
3518.Va sendmail_*
3519variables which
3520.Pa /etc/rc.sendmail
3521uses are documented in the
3522.Xr rc.sendmail 8
3523manual page.
3524.It Va dumpdev
3525.Pq Vt str
3526Indicates the device (usually a swap partition) to which a crash dump
3527should be written in the event of a system crash.
3528If the value of this variable is
3529.Dq Li AUTO ,
3530the first suitable swap device listed in
3531.Pa /etc/fstab
3532will be used as dump device.
3533Otherwise, the value of this variable is passed as the argument to
3534.Xr dumpon 8
3535and
3536.Xr savecore 8 .
3537To disable crash dumps, set this variable to
3538.Dq Li NO .
3539.It Va dumpon_flags
3540.Pq Vt str
3541Flags to pass to
3542.Xr dumpon 8
3543when configuring
3544.Va dumpdev
3545as the system dump device.
3546.It Va dumpdir
3547.Pq Vt str
3548When the system reboots after a crash and a crash dump is found on the
3549device specified by the
3550.Va dumpdev
3551variable,
3552.Xr savecore 8
3553will save that crash dump and a copy of the kernel to the directory
3554specified by the
3555.Va dumpdir
3556variable.
3557The default value is
3558.Pa /var/crash .
3559Set to
3560.Dq Li NO
3561to not run
3562.Xr savecore 8
3563at boot time when
3564.Va dumpdir
3565is set.
3566.It Va savecore_enable
3567.Pq Vt bool
3568If set to
3569.Dq Li NO ,
3570disable automatic extraction of the crash dump from the
3571.Va dumpdev .
3572.It Va savecore_flags
3573.Pq Vt str
3574If crash dumps are enabled, these are the flags to pass to the
3575.Xr savecore 8
3576utility.
3577.It Va quota_enable
3578.Pq Vt bool
3579Set to
3580.Dq Li YES
3581to turn on user and group disk quotas on system startup via the
3582.Xr quotaon 8
3583command for all file systems marked as having quotas enabled in
3584.Pa /etc/fstab .
3585The kernel must be built with
3586.Cd "options QUOTA"
3587for disk quotas to function.
3588.It Va check_quotas
3589.Pq Vt bool
3590Set to
3591.Dq Li YES
3592to enable user and group disk quota checking via the
3593.Xr quotacheck 8
3594command.
3595.It Va quotacheck_flags
3596.Pq Vt str
3597If
3598.Va quota_enable
3599is set to
3600.Dq Li YES ,
3601and
3602.Va check_quotas
3603is set to
3604.Dq Li YES ,
3605these are the flags to pass to the
3606.Xr quotacheck 8
3607utility.
3608The default is
3609.Dq Li "-a" ,
3610which checks quotas for all file systems with quotas enabled in
3611.Pa /etc/fstab .
3612.It Va quotaon_flags
3613.Pq Vt str
3614If
3615.Va quota_enable
3616is set to
3617.Dq Li YES ,
3618these are the flags to pass to the
3619.Xr quotaon 8
3620utility.
3621The default is
3622.Dq Li "-a" ,
3623which enables quotas for all file systems with quotas enabled in
3624.Pa /etc/fstab .
3625.It Va quotaoff_flags
3626.Pq Vt str
3627If
3628.Va quota_enable
3629is set to
3630.Dq Li YES ,
3631these are the flags to pass to the
3632.Xr quotaoff 8
3633utility when shutting down the quota system.
3634The default is
3635.Dq Li "-a" ,
3636which disables quotas for all file systems with quotas enabled in
3637.Pa /etc/fstab .
3638.It Va accounting_enable
3639.Pq Vt bool
3640Set to
3641.Dq Li YES
3642to enable system accounting through the
3643.Xr accton 8
3644facility.
3645.It Va firstboot_sentinel
3646.Pq Vt str
3647This variable specifies the full path to a
3648.Dq first boot
3649sentinel file.
3650If a file exists with this path,
3651.Pa rc.d
3652scripts with the
3653.Dq firstboot
3654keyword will be run on startup and the sentinel file will be deleted
3655after the boot process completes.
3656The sentinel file must be located on a writable file system which is
3657mounted no later than
3658.Va early_late_divider
3659to function properly.
3660The default is
3661.Pa /firstboot .
3662.It Va linux_enable
3663.Pq Vt bool
3664Set to
3665.Dq Li YES
3666to enable Linux/ELF binary emulation at system initial
3667boot time.
3668.It Va sysvipc_enable
3669.Pq Vt bool
3670If set to
3671.Dq Li YES ,
3672load System V IPC primitives at boot time.
3673.It Va clear_tmp_enable
3674.Pq Vt bool
3675Set to
3676.Dq Li YES
3677to have
3678.Pa /tmp
3679cleaned at startup.
3680.It Va clear_tmp_X
3681.Pq Vt bool
3682Set to
3683.Dq Li NO
3684to disable removing of X11 lock files,
3685and the removal and (secure) recreation
3686of the various socket directories for X11
3687related programs.
3688.It Va ldconfig_paths
3689.Pq Vt str
3690Set to the list of shared library paths to use with
3691.Xr ldconfig 8 .
3692NOTE:
3693.Pa /lib
3694and
3695.Pa /usr/lib
3696will always be added first, so they need not appear in this list.
3697.It Va ldconfig32_paths
3698.Pq Vt str
3699Set to the list of 32-bit compatibility shared library paths to
3700use with
3701.Xr ldconfig 8 .
3702.It Va ldconfig_insecure
3703.Pq Vt bool
3704The
3705.Xr ldconfig 8
3706utility normally refuses to use directories
3707which are writable by anyone except root.
3708Set this variable to
3709.Dq Li YES
3710to disable that security check during system startup.
3711.It Va ldconfig_local_dirs
3712.Pq Vt str
3713Set to the list of local
3714.Xr ldconfig 8
3715directories.
3716The names of all files in the directories listed will be
3717passed as arguments to
3718.Xr ldconfig 8 .
3719.It Va ldconfig_local32_dirs
3720.Pq Vt str
3721Set to the list of local 32-bit compatibility
3722.Xr ldconfig 8
3723directories.
3724The names of all files in the directories listed will be
3725passed as arguments to
3726.Dq Nm ldconfig Fl 32 .
3727.It Va kern_securelevel_enable
3728.Pq Vt bool
3729Set to
3730.Dq Li YES
3731to set the kernel security level at system startup.
3732.It Va kern_securelevel
3733.Pq Vt int
3734The kernel security level to set at startup.
3735The allowed range of
3736.Ar value
3737ranges from \-1 (the compile time default) to 3 (the
3738most secure).
3739See
3740.Xr security 7
3741for the list of possible security levels and their effect
3742on system operation.
3743.It Va sshd_program
3744.Pq Vt str
3745Path to the SSH server program
3746.Pa ( /usr/sbin/sshd
3747is the default).
3748.It Va sshd_enable
3749.Pq Vt bool
3750Set to
3751.Dq Li YES
3752to start
3753.Xr sshd 8
3754at system boot time.
3755.It Va sshd_flags
3756.Pq Vt str
3757If
3758.Va sshd_enable
3759is set to
3760.Dq Li YES ,
3761these are the flags to pass to the
3762.Xr sshd 8
3763daemon.
3764.It Va ftpd_program
3765.Pq Vt str
3766Path to the FTP server program
3767.Pa ( /usr/libexec/ftpd
3768is the default).
3769.It Va ftpd_enable
3770.Pq Vt bool
3771Set to
3772.Dq Li YES
3773to start
3774.Xr ftpd 8
3775as a stand-alone daemon at system boot time.
3776.It Va ftpd_flags
3777.Pq Vt str
3778If
3779.Va ftpd_enable
3780is set to
3781.Dq Li YES ,
3782these are the additional flags to pass to the
3783.Xr ftpd 8
3784daemon.
3785.It Va watchdogd_enable
3786.Pq Vt bool
3787If set to
3788.Dq Li YES ,
3789start the
3790.Xr watchdogd 8
3791daemon at boot time.
3792This requires that the kernel have been compiled with a
3793.Xr watchdog 4
3794compatible device.
3795.It Va watchdogd_flags
3796.Pq Vt str
3797If
3798.Va watchdogd_enable
3799is set to
3800.Dq Li YES ,
3801these are the flags passed to the
3802.Xr watchdogd 8
3803daemon.
3804.It Va watchdogd_timeout
3805.Pq Vt int
3806If
3807.Va watchdogd_enable
3808is set to
3809.Dq Li YES ,
3810this is a timeout that will be used by the
3811.Xr watchdogd 8
3812daemon.
3813If this option is set, it overrides
3814.Fl t
3815in
3816.Va watchdogd_flags .
3817.It Va watchdogd_shutdown_timeout
3818.Pq Vt int
3819If
3820.Va watchdogd_enable
3821is set to
3822.Dq Li YES ,
3823this is a timeout that will be set by the
3824.Xr watchdogd 8
3825daemon when it exits during the system shutdown.
3826This timeout will not be set when returning to the single-user mode
3827or when the watchdogd service is stopped individually using the
3828.Xr service 8
3829command or the rc.d script.
3830Note that the timeout will be applied if
3831.Xr watchdogd 8
3832is stopped outside of
3833.Xr rc 8
3834framework.
3835If this option is set, it overrides
3836.Fl x
3837in
3838.Va watchdogd_flags .
3839.It Va devfs_rulesets
3840.Pq Vt str
3841List of files containing sets of rules for
3842.Xr devfs 8 .
3843.It Va devfs_system_ruleset
3844.Pq Vt str
3845Rule name(s) to apply to the system
3846.Pa /dev
3847itself.
3848.It Va devfs_set_rulesets
3849.Pq Vt str
3850Pairs of already-mounted
3851.Pa dev
3852directories and rulesets that should be applied to them.
3853For example: /mount/dev=ruleset_name
3854.It Va devfs_load_rulesets
3855.Pq Vt bool
3856If set, always load the default rulesets listed in
3857.Va devfs_rulesets .
3858.It Va performance_cx_lowest
3859.Pq Vt str
3860CPU idle state to use while on AC power.
3861The string
3862.Dq Li LOW
3863indicates that
3864.Xr acpi 4
3865should use the lowest power state available while
3866.Dq Li HIGH
3867indicates that the lowest latency state (less power savings) should be used.
3868.It Va performance_cpu_freq
3869.Pq Vt str
3870CPU clock frequency to use while on AC power.
3871The string
3872.Dq Li LOW
3873indicates that
3874.Xr cpufreq 4
3875should use the lowest frequency available while
3876.Dq Li HIGH
3877indicates that the highest frequency (less power savings) should be used.
3878.It Va economy_cx_lowest
3879.Pq Vt str
3880CPU idle state to use when off AC power.
3881The string
3882.Dq Li LOW
3883indicates that
3884.Xr acpi 4
3885should use the lowest power state available while
3886.Dq Li HIGH
3887indicates that the lowest latency state (less power savings) should be used.
3888.It Va economy_cpu_freq
3889.Pq Vt str
3890CPU clock frequency to use when off AC power.
3891The string
3892.Dq Li LOW
3893indicates that
3894.Xr cpufreq 4
3895should use the lowest frequency available while
3896.Dq Li HIGH
3897indicates that the highest frequency (less power savings) should be used.
3898.It Va jail_enable
3899.Pq Vt bool
3900If set to
3901.Dq Li NO ,
3902any configured jails will not be started.
3903.It Va jail_conf
3904.Pq Vt str
3905The configuration filename used by
3906.Xr jail 8
3907utility.
3908The default value is
3909.Pa /etc/jail.conf .
3910.Pa /etc/jail.  Ns Ao Ar jname Ac Ns Va .conf
3911and
3912.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf
3913will also be used if
3914.Va Ao Ar jname Ac Va
3915is set in
3916.Va jail_list .
3917.It Va jail_parallel_start
3918.Pq Vt bool
3919If set to
3920.Dq Li YES ,
3921all configured jails will be started in the background (in parallel).
3922.It Va jail_flags
3923.Pq Vt str
3924Unset by default.
3925When set, use as default value for
3926.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3927for every jail in
3928.Va jail_list .
3929.It Va jail_list
3930.Pq Vt str
3931A space-delimited list of jail names.
3932When left empty, all of the
3933.Xr jail 8
3934instances defined in the configuration file are started.
3935The names specified in this list control the jail startup order.
3936.Xr jail 8
3937instances missing from
3938.Va jail_list
3939must be started manually.
3940Note that a jail's
3941.Va depend
3942parameter in the configuration file may override this list.
3943.It Va jail_reverse_stop
3944.Pq Vt bool
3945When set to
3946.Dq Li YES ,
3947all configured jails in
3948.Va jail_list
3949are stopped in reverse order.
3950.It Va jail_ Ns * variables
3951Note that older releases supported per-jail configuration via
3952.Nm
3953variables.
3954For example,
3955hostname of a jail named
3956.Li vjail
3957was able to be set by
3958.Li jail_vjail_hostname .
3959These per-jail configuration variables are now obsolete in favor of
3960.Xr jail 8
3961configuration file.
3962For backward compatibility,
3963when per-jail configuration variables are defined,
3964.Xr jail 8
3965configuration files are created as
3966.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf
3967and used.
3968.Pp
3969The following per-jail parameters are handled by
3970.Pa rc.d/jail
3971script out of their corresponding
3972.Nm
3973variables.
3974In addition to them, parameters in
3975.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3976will be added to the configuration file.
3977They must be a semi-colon
3978.Pq Ql \&;
3979delimited list of
3980.Dq key=value .
3981For more details,
3982see
3983.Xr jail 8
3984manual page.
3985.Bl  -tag -width "host.hostname" -offset indent
3986.It Li path
3987set from
3988.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3989.It Li host.hostname
3990set from
3991.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3992.It Li exec.consolelog
3993set from
3994.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3995The default value is
3996.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3997.It Li interface
3998set from
3999.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
4000.It Li vnet.interface
4001set from
4002.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
4003This implies
4004.Li vnet
4005parameter will be enabled and cannot be specified with
4006.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
4007.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4008and/or
4009.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4010at the same time.
4011.It Li fstab
4012set from
4013.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
4014.It Li mount
4015set from
4016.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
4017.It Li exec.fib
4018set from
4019.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
4020.It Li exec.start
4021set from
4022.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
4023The parameter name was
4024.Li command
4025in some older releases.
4026.It Li exec.prestart
4027set from
4028.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
4029.It Li exec.poststart
4030set from
4031.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
4032.It Li exec.stop
4033set from
4034.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4035.It Li exec.prestop
4036set from
4037.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
4038.It Li exec.poststop
4039set from
4040.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
4041.It Li ip4.addr
4042set if
4043.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4044or
4045.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4046contain IPv4 addresses
4047.It Li ip6.addr
4048set if
4049.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4050or
4051.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4052contain IPv6 addresses
4053.It Li allow.mount
4054set from
4055.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4056.It Li mount.devfs
4057set from
4058.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4059.It Li devfs_ruleset
4060set from
4061.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4062This must be an integer,
4063not a string.
4064.It Li mount.fdescfs
4065set from
4066.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4067.It Li allow.set_hostname
4068set from
4069.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4070.It Li allow.rawsocket
4071set from
4072.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4073.It Li allow.sysvipc
4074set from
4075.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4076.El
4077.\" -----------------------------------------------------
4078.It Va harvest_mask
4079.Pq Vt int
4080Set to a bit-mask
4081representing the entropy sources
4082you wish to harvest.
4083Refer to
4084.Xr random 4
4085for more information.
4086.It Va entropy_dir
4087.Pq Vt str
4088Set to
4089.Dq Li NO
4090to disable caching entropy via
4091.Xr cron 8 .
4092Otherwise set to the directory
4093in which the entropy files are stored.
4094To be useful,
4095there must be
4096a system cron job
4097that regularly writes and rotates
4098files here.
4099All files found
4100will be used at boot time.
4101The default is
4102.Pa /var/db/entropy .
4103.It Va entropy_file
4104.Pq Vt str
4105Set to
4106.Dq Li NO
4107to disable caching entropy through reboots.
4108Otherwise set to the name
4109of a file used to store cached entropy.
4110This file should be located
4111on a file system that is readable
4112before all the volumes specified in
4113.Xr fstab 5
4114are mounted.
4115By default,
4116.Pa /entropy
4117is used,
4118but if
4119.Pa /var/db/entropy-file
4120is found it will also be used.
4121This will be of some use to
4122.Xr bsdinstall 8 .
4123.It Va entropy_boot_file
4124.Pq Vt str
4125Set to
4126.Dq Li NO
4127to disable
4128very early caching entropy
4129through reboots.
4130Otherwise set to the filename
4131used to read
4132very early reboot cached entropy.
4133This file should be located where
4134.Xr loader 8
4135can read it.
4136See also
4137.Xr loader.conf 5 .
4138The default location is
4139.Pa /boot/entropy .
4140.It Va entropy_save_sz
4141.Pq Vt int
4142Size of the entropy cache files saved by
4143.Nm save-entropy
4144periodically.
4145.It Va entropy_save_num
4146.Pq Vt int
4147Number of entropy cache files to save by
4148.Nm save-entropy
4149periodically.
4150.It Va ipsec_enable
4151.Pq Vt bool
4152Set to
4153.Dq Li YES
4154to run
4155.Xr setkey 8
4156on
4157.Va ipsec_file
4158at boot time.
4159.It Va ipsec_file
4160.Pq Vt str
4161Configuration file for
4162.Xr setkey 8 .
4163.It Va dmesg_enable
4164.Pq Vt bool
4165Set to
4166.Dq Li YES
4167to save
4168.Xr dmesg 8
4169to
4170.Pa /var/run/dmesg.boot
4171on boot.
4172.It Va rcshutdown_timeout
4173.Pq Vt int
4174If set, start a watchdog timer in the background which will terminate
4175.Pa rc.shutdown
4176if
4177.Xr shutdown 8
4178has not completed within the specified time (in seconds).
4179Notice that in addition to this soft timeout,
4180.Xr init 8
4181also applies a hard timeout for the execution of
4182.Pa rc.shutdown .
4183This is configured via
4184.Xr sysctl 8
4185variable
4186.Va kern.init_shutdown_timeout
4187and defaults to 120 seconds.
4188Setting the value of
4189.Va rcshutdown_timeout
4190to more than 120 seconds will have no effect until the
4191.Xr sysctl 8
4192variable
4193.Va kern.init_shutdown_timeout
4194is also increased.
4195.It Va virecover_enable
4196.Pq Vt bool
4197Set to
4198.Dq Li NO
4199to prevent the system from trying to
4200recover pre-maturely terminated
4201.Xr vi 1
4202sessions.
4203.It Va ugidfw_enable
4204.Pq Vt bool
4205Set to
4206.Dq Li YES
4207to load the
4208.Xr mac_bsdextended 4
4209module upon system initialization and load a default
4210ruleset file.
4211.It Va bsdextended_script
4212.Pq Vt str
4213The default
4214.Xr mac_bsdextended 4
4215ruleset file to load.
4216The default value of this variable is
4217.Pa /etc/rc.bsdextended .
4218.It Va newsyslog_enable
4219.Pq Vt bool
4220If set to
4221.Dq Li YES ,
4222run
4223.Xr newsyslog 8
4224command at startup.
4225.It Va newsyslog_flags
4226.Pq Vt str
4227If
4228.Va newsyslog_enable
4229is set to
4230.Dq Li YES ,
4231these are the flags to pass to the
4232.Xr newsyslog 8
4233program.
4234The default is
4235.Dq Li -CN ,
4236which causes log files flagged with a
4237.Cm C
4238to be created.
4239.It Va mdconfig_md Ns Aq Ar X
4240.Pq Vt str
4241Arguments to
4242.Xr mdconfig 8
4243for
4244.Xr md 4
4245device
4246.Ar X .
4247At minimum a
4248.Fl t Ar type
4249must be specified and either a
4250.Fl s Ar size
4251for malloc or swap backed
4252.Xr md 4
4253devices or a
4254.Fl f Ar file
4255for vnode backed
4256.Xr md 4
4257devices.
4258Note that
4259.Va mdconfig_md Ns Aq Ar X
4260variables are evaluated until one variable is unset or null.
4261.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4262.Pq Vt str
4263Optional arguments passed to
4264.Xr newfs 8
4265to initialize
4266.Xr md 4
4267device
4268.Ar X .
4269.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4270.Pq Vt str
4271An ownership specification passed to
4272.Xr chown 8
4273after the specified
4274.Xr md 4
4275device
4276.Ar X
4277has been mounted.
4278Both the
4279.Xr md 4
4280device and the mount point will be changed.
4281.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4282.Pq Vt str
4283A mode string passed to
4284.Xr chmod 1
4285after the specified
4286.Xr md 4
4287device
4288.Ar X
4289has been mounted.
4290Both the
4291.Xr md 4
4292device and the mount point will be changed.
4293.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4294.Pq Vt str
4295Files to be copied to the mount point of the
4296.Xr md 4
4297device
4298.Ar X
4299after it has been mounted.
4300.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4301.Pq Vt str
4302Command to execute after the specified
4303.Xr md 4
4304device
4305.Ar X
4306has been mounted.
4307Note that the command is passed to
4308.Ic eval
4309and that both
4310.Va _dev
4311and
4312.Va _mp
4313variables can be used to reference respectively the
4314.Xr md 4
4315device and the mount point.
4316Assuming that the
4317.Xr md 4
4318device is
4319.Li md0 ,
4320one could set the following:
4321.Bd -literal
4322mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4323.Ed
4324.It Va autobridge_interfaces
4325.Pq Vt str
4326Set to the list of bridge interfaces that will have newly arriving interfaces
4327checked against to be automatically added.
4328If not set to
4329.Dq Li NO
4330then for each whitespace separated
4331.Ar element
4332in the value, a
4333.Va autobridge_ Ns Aq Ar element
4334variable is assumed to exist which has a whitespace separated list of interface
4335names to match, these names can use wildcards.
4336For example:
4337.Bd -literal
4338autobridge_interfaces="bridge0"
4339autobridge_bridge0="tap* dc0 vlan[345]"
4340.Ed
4341.It Va mixer_enable
4342.Pq Vt bool
4343If set to
4344.Dq Li YES ,
4345enable support for sound mixer.
4346.It Va hcsecd_enable
4347.Pq Vt bool
4348If set to
4349.Dq Li YES ,
4350enable Bluetooth security daemon.
4351.It Va hcsecd_config
4352.Pq Vt str
4353Configuration file for
4354.Xr hcsecd 8 .
4355Default
4356.Pa /etc/bluetooth/hcsecd.conf .
4357.It Va sdpd_enable
4358.Pq Vt bool
4359If set to
4360.Dq Li YES ,
4361enable Bluetooth Service Discovery Protocol daemon.
4362.It Va sdpd_control
4363.Pq Vt str
4364Path to
4365.Xr sdpd 8
4366control socket.
4367Default
4368.Pa /var/run/sdp .
4369.It Va sdpd_groupname
4370.Pq Vt str
4371Sets
4372.Xr sdpd 8
4373group to run as after it initializes.
4374Default
4375.Dq Li nobody .
4376.It Va sdpd_username
4377.Pq Vt str
4378Sets
4379.Xr sdpd 8
4380user to run as after it initializes.
4381Default
4382.Dq Li nobody .
4383.It Va bthidd_enable
4384.Pq Vt bool
4385If set to
4386.Dq Li YES ,
4387enable Bluetooth Human Interface Device daemon.
4388.It Va bthidd_config
4389.Pq Vt str
4390Configuration file for
4391.Xr bthidd 8 .
4392Default
4393.Pa /etc/bluetooth/bthidd.conf .
4394.It Va bthidd_hids
4395.Pq Vt str
4396Path to a file, where
4397.Xr bthidd 8
4398will store information about known HID devices.
4399Default
4400.Pa /var/db/bthidd.hids .
4401.It Va rfcomm_pppd_server_enable
4402.Pq Vt bool
4403If set to
4404.Dq Li YES ,
4405enable Bluetooth RFCOMM PPP wrapper daemon.
4406.It Va rfcomm_pppd_server_profile
4407.Pq Vt str
4408The name of the profile to use from
4409.Pa /etc/ppp/ppp.conf .
4410Multiple profiles can be specified here.
4411Also used to specify per-profile overrides.
4412When the profile name contains any of the characters
4413.Dq Li .-/+
4414they are translated to
4415.Dq Li _
4416for the proposes of the override variable names.
4417.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4418.Pq Vt str
4419Overrides local address to listen on.
4420By default
4421.Xr rfcomm_pppd 8
4422will listen on
4423.Dq Li ANY
4424address.
4425The address can be specified as BD_ADDR or name.
4426.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4427.Pq Vt str
4428Overrides local RFCOMM channel to listen on.
4429By default
4430.Xr rfcomm_pppd 8
4431will listen on RFCOMM channel 1.
4432Must set properly if multiple profiles used in the same time.
4433.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4434.Pq Vt bool
4435Tells
4436.Xr rfcomm_pppd 8
4437if it should register Serial Port service on the specified RFCOMM channel.
4438Default
4439.Dq Li NO .
4440.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4441.Pq Vt bool
4442Tells
4443.Xr rfcomm_pppd 8
4444if it should register Dial-Up Networking service on the specified
4445RFCOMM channel.
4446Default
4447.Dq Li NO .
4448.It Va ubthidhci_enable
4449.Pq Vt bool
4450If set to
4451.Dq Li YES ,
4452change the USB Bluetooth controller from HID mode to HCI mode.
4453You also need to specify the location of USB Bluetooth controller with the
4454.Va ubthidhci_busnum
4455and
4456.Va ubthidhci_addr
4457variables.
4458.It Va ubthidhci_busnum
4459Bus number where the USB Bluetooth controller is located.
4460Check the output of
4461.Xr usbconfig 8
4462on your system to find this information.
4463.It Va ubthidhci_addr
4464Bus address of the USB Bluetooth controller.
4465Check the output of
4466.Xr usbconfig 8
4467on your system to find this information.
4468.It Va netwait_enable
4469.Pq Vt bool
4470If set to
4471.Dq Li YES ,
4472delays the start of network-reliant services until
4473.Va netwait_if
4474is up and ICMP packets to a destination defined in
4475.Va netwait_ip
4476are flowing.
4477Link state is examined first, followed by
4478.Dq Li pinging
4479an IP address to verify network usability.
4480If no destination can be reached or timeouts are exceeded,
4481network services are started anyway with no guarantee that
4482the network is usable.
4483Use of this variable requires both
4484.Va netwait_ip
4485and
4486.Va netwait_if
4487to be set.
4488.It Va netwait_ip
4489.Pq Vt str
4490Empty by default.
4491This variable contains a space-delimited list of IP addresses to
4492.Xr ping 8 .
4493DNS hostnames should not be used as resolution is not guaranteed
4494to be functional at this point.
4495If multiple IP addresses are specified,
4496each will be tried until one is successful or the list is exhausted.
4497.It Va netwait_timeout
4498.Pq Vt int
4499Indicates the total number of seconds to perform a
4500.Dq Li ping
4501against each IP address in
4502.Va netwait_ip ,
4503at a rate of one ping per second.
4504If any of the pings are successful,
4505full network connectivity is considered reliable.
4506The default is 60.
4507.It Va netwait_if
4508.Pq Vt str
4509Empty by default.
4510Defines the name of the network interface on which watch for link.
4511.Xr ifconfig 8
4512is used to monitor the interface, looking for
4513.Dq Li status: no carrier .
4514Once gone, the link is considered up.
4515This can be a
4516.Xr vlan 4
4517interface if desired.
4518.It Va netwait_if_timeout
4519.Pq Vt int
4520Defines the total number of seconds to wait for link to become usable,
4521polled at a 1-second interval.
4522The default is 30.
4523.It Va rctl_enable
4524.Pq Vt bool
4525If set to
4526.Dq Li YES ,
4527load
4528.Xr rctl 8
4529rules from the defined ruleset.
4530The kernel must be built with
4531.Cd "options RACCT"
4532and
4533.Cd "options RCTL" .
4534.It Va rctl_rules
4535.Pq Vt str
4536Set to
4537.Pa /etc/rctl.conf
4538by default.
4539This variables contains the
4540.Xr rctl.conf 5
4541ruleset to load for
4542.Xr rctl 8 .
4543.It Va iovctl_files
4544.Pq Vt str
4545A space-separated list of configuration files used by
4546.Xr iovctl 8 .
4547The default value is an empty string.
4548.It Va autofs_enable
4549.Pq Vt bool
4550If set to
4551.Dq Li YES ,
4552start the
4553.Xr automount 8
4554utility and the
4555.Xr automountd 8
4556and
4557.Xr autounmountd 8
4558daemons at boot time.
4559.It Va automount_flags
4560.Pq Vt str
4561If
4562.Va autofs_enable
4563is set to
4564.Dq Li YES ,
4565these are the flags to pass to the
4566.Xr automount 8
4567program.
4568By default no flags are passed.
4569.It Va automountd_flags
4570.Pq Vt str
4571If
4572.Va autofs_enable
4573is set to
4574.Dq Li YES ,
4575these are the flags to pass to the
4576.Xr automountd 8
4577daemon.
4578By default no flags are passed.
4579.It Va autounmountd_flags
4580.Pq Vt str
4581If
4582.Va autofs_enable
4583is set to
4584.Dq Li YES ,
4585these are the flags to pass to the
4586.Xr autounmountd 8
4587daemon.
4588By default no flags are passed.
4589.It Va ctld_enable
4590.Pq Vt bool
4591If set to
4592.Dq Li YES ,
4593start the
4594.Xr ctld 8
4595daemon at boot time.
4596.It Va iscsid_enable
4597.Pq Vt bool
4598If set to
4599.Dq Li YES ,
4600start the
4601.Xr iscsid 8
4602daemon at boot time.
4603.It Va iscsictl_enable
4604.Pq Vt bool
4605If set to
4606.Dq Li YES ,
4607start the
4608.Xr iscsictl 8
4609utility at boot time.
4610.It Va iscsictl_flags
4611.Pq Vt str
4612If
4613.Va iscsictl_enable
4614is set to
4615.Dq Li YES ,
4616these are the flags to pass to the
4617.Xr iscsictl 8
4618program.
4619The default is
4620.Dq Li -Aa ,
4621which configures sessions based on the
4622.Pa /etc/iscsi.conf
4623configuration file.
4624.It Va cfumass_enable
4625.Pq Vt bool
4626If set to
4627.Dq Li YES ,
4628create and export an USB LUN using
4629.Xr cfumass 4
4630at boot time.
4631.It Va cfumass_dir
4632.Pq Vt str
4633The directory where the files exported by USB LUN are located.
4634The default directory is
4635.Pa /var/cfumass .
4636.It Va service_delete_empty
4637.Pq Vt bool
4638If set to
4639.Dq Li YES ,
4640.Ql Li service delete
4641removes empty
4642.Dq Li rc.conf.d
4643files.
4644.It Va zfs_bootonce_activate
4645.Pq Vt bool
4646If set to
4647.Dq Li YES ,
4648and a boot environment marked bootonce is successfully booted,
4649it will be made permanently active.
4650.It Va zfskeys_enable
4651.Pq Vt bool
4652If set to
4653.Dq Li YES ,
4654enable auto-loading of encryption keys for encrypted ZFS datasets.
4655For every dataset the script will first load the appropriate encryption key
4656and then attempt to unlock the dataset.
4657.Pp
4658The script operates only on datasets which are encrypted with
4659ZFS native encryption
4660and have a ZFS
4661.Dq Li keylocation
4662dataset property beginning with
4663.Dq Li file:// .
4664.It Va zfskeys_datasets
4665.Pq Vt str
4666A whitespace-separated list of ZFS datasets to unlock.
4667The list is empty by default,
4668which means that the script will attempt to unlock all datasets.
4669.It Va zfskeys_timeout
4670.Pq Vt int
4671Define the total number of seconds to wait for the zfskeys script
4672to unlock an encrypted dataset.
4673The default is 10.
4674.El
4675.Sh FILES
4676.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4677.It Pa /etc/defaults/rc.conf
4678.It Pa /etc/defaults/vendor.conf
4679.It Pa /etc/rc.conf
4680.It Pa /etc/rc.conf.local
4681.El
4682.Sh SEE ALSO
4683.Xr chmod 1 ,
4684.Xr gdb 1 ,
4685.Xr info 1 ,
4686.Xr kbdcontrol 1 ,
4687.Xr limits 1 ,
4688.Xr protect 1 ,
4689.Xr sh 1 ,
4690.Xr vi 1 ,
4691.Xr vidcontrol 1 ,
4692.Xr bridge 4 ,
4693.Xr dummynet 4 ,
4694.Xr ip 4 ,
4695.Xr ipf 4 ,
4696.Xr ipfw 4 ,
4697.Xr ipnat 4 ,
4698.Xr kld 4 ,
4699.Xr pf 4 ,
4700.Xr pflog 4 ,
4701.Xr pfsync 4 ,
4702.Xr tcp 4 ,
4703.Xr udp 4 ,
4704.Xr exports 5 ,
4705.Xr fstab 5 ,
4706.Xr ipf 5 ,
4707.Xr ipnat 5 ,
4708.Xr jail.conf 5 ,
4709.Xr loader.conf 5 ,
4710.Xr login.conf 5 ,
4711.Xr motd 5 ,
4712.Xr newsyslog.conf 5 ,
4713.Xr pf.conf 5 ,
4714.Xr firewall 7 ,
4715.Xr growfs 7 ,
4716.Xr security 7 ,
4717.Xr tuning 7 ,
4718.Xr accton 8 ,
4719.Xr apm 8 ,
4720.Xr bsdinstall 8 ,
4721.Xr bthidd 8 ,
4722.Xr chkprintcap 8 ,
4723.Xr chown 8 ,
4724.Xr cron 8 ,
4725.Xr devfs 8 ,
4726.Xr dhclient 8 ,
4727.Xr ftpd 8 ,
4728.Xr geli 8 ,
4729.Xr hcsecd 8 ,
4730.Xr ifconfig 8 ,
4731.Xr inetd 8 ,
4732.Xr iovctl 8 ,
4733.Xr ipf 8 ,
4734.Xr ipfw 8 ,
4735.Xr ipnat 8 ,
4736.Xr jail 8 ,
4737.Xr kldxref 8 ,
4738.Xr loader 8 ,
4739.Xr lpd 8 ,
4740.Xr makewhatis 8 ,
4741.Xr mdconfig 8 ,
4742.Xr mdmfs 8 ,
4743.Xr mixer 8 ,
4744.Xr mountd 8 ,
4745.Xr moused 8 ,
4746.Xr newfs 8 ,
4747.Xr newsyslog 8 ,
4748.Xr nfsd 8 ,
4749.Xr ntpd 8 ,
4750.Xr ntpdate 8 ,
4751.Xr pfctl 8 ,
4752.Xr pflogd 8 ,
4753.Xr ping 8 ,
4754.Xr powerd 8 ,
4755.Xr quotacheck 8 ,
4756.Xr quotaon 8 ,
4757.Xr rc 8 ,
4758.Xr rc.sendmail 8 ,
4759.Xr rc.subr 8 ,
4760.Xr rcorder 8 ,
4761.Xr rfcomm_pppd 8 ,
4762.Xr route 8 ,
4763.Xr routed 8 ,
4764.Xr rpc.lockd 8 ,
4765.Xr rpc.statd 8 ,
4766.Xr rpc.tlsclntd 8 ,
4767.Xr rpc.tlsservd 8 ,
4768.Xr rpcbind 8 ,
4769.Xr rwhod 8 ,
4770.Xr savecore 8 ,
4771.Xr sdpd 8 ,
4772.Xr service 8 ,
4773.Xr sshd 8 ,
4774.Xr swapon 8 ,
4775.Xr sysctl 8 ,
4776.Xr syslogd 8 ,
4777.Xr sysrc 8 ,
4778.Xr unbound 8 ,
4779.Xr usbconfig 8 ,
4780.Xr wlandebug 8 ,
4781.Xr yp 8 ,
4782.Xr ypbind 8 ,
4783.Xr ypserv 8 ,
4784.Xr ypset 8
4785.Sh HISTORY
4786The
4787.Nm
4788file appeared in
4789.Fx 2.2.2 .
4790.Sh AUTHORS
4791.An Jordan K. Hubbard .
4792