xref: /freebsd/share/man/man5/rc.conf.5 (revision 63f537551380d2dab29fa402ad1269feae17e594)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.Dd September 18, 2023
26.Dt RC.CONF 5
27.Os
28.Sh NAME
29.Nm rc.conf
30.Nd system configuration information
31.Sh DESCRIPTION
32The file
33.Nm
34contains descriptive information about the local host name, configuration
35details for any potential network interfaces and which services should be
36started up at system initial boot time.
37In new installations, the
38.Nm
39file is generally initialized by the system installation utility.
40.Pp
41The purpose of
42.Nm
43is not to run commands or perform system startup actions
44directly.
45Instead, it is included by the
46various generic startup scripts in
47.Pa /etc
48which conditionalize their
49internal actions according to the settings found there.
50.Pp
51The
52.Pa /etc/rc.conf
53file is included from the file
54.Pa /etc/defaults/rc.conf ,
55which specifies the default settings for all the available options.
56Options need only be specified in
57.Pa /etc/rc.conf
58when the system administrator wishes to override these defaults.
59The file
60.Pa /etc/defaults/vendor.conf
61allows vendors to override
62.Fx
63defaults.
64The file
65.Pa /etc/rc.conf.local
66is used to override settings in
67.Pa /etc/rc.conf
68for historical reasons.
69.Pp
70The sysrc(8) command provides a scripting interface to modify system
71config files.
72.Pp
73In addition to
74.Pa /etc/rc.conf.local
75you can also place smaller configuration files for each
76.Xr rc 8
77script in the
78.Pa /etc/rc.conf.d
79directory or
80.Ao Ar dir Ac Ns Pa /rc.conf.d
81directories (where
82.Ao Ar dir Ac
83is each entry specified in
84.Va local_startup ,
85but with any trailing
86.Pa /rc.d
87stripped),
88which will be included by the
89.Va load_rc_config
90function.
91For jail configurations you could use the file
92.Pa /etc/rc.conf.d/jail
93to store jail-specific configuration options.
94If
95.Va local_startup
96contains
97.Pa /usr/local/etc/rc.d
98and
99.Pa /opt/conf ,
100.Pa /usr/local/etc/rc.conf.d/jail
101and
102.Pa /opt/conf/rc.conf.d/jail
103will be loaded.
104If
105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
106is a directory,
107all of the files in the directory will be loaded.
108Also see the
109.Va rc_conf_files
110variable below.
111.Pp
112Options are set with
113.Dq Ar name Ns Li = Ns Ar value
114assignments that use
115.Xr sh 1
116syntax.
117The following list provides a name and short description for each
118variable that can be set in the
119.Nm
120file:
121.Bl -tag -width indent-two
122.It Va rc_debug
123.Pq Vt bool
124If set to
125.Dq Li YES ,
126enable output of debug messages from rc scripts.
127This variable can be helpful in diagnosing mistakes when
128editing or integrating new scripts.
129Beware that this produces copious output to the terminal and
130.Xr syslog 3 .
131.It Va rc_info
132.Pq Vt bool
133If set to
134.Dq Li NO ,
135disable informational messages from the rc scripts.
136Informational messages are displayed when
137a condition that is not serious enough to warrant a warning or
138an error occurs.
139.It Va rc_startmsgs
140.Pq Vt bool
141If set to
142.Dq Li YES ,
143show
144.Dq Starting foo:
145when faststart is used (e.g., at boot time).
146.It Va early_late_divider
147.Pq Vt str
148The name of the script that should be used as the
149delimiter between the
150.Dq early
151and
152.Dq late
153stages of the boot process.
154The early stage should contain all the services needed to
155get the disks (local or remote) mounted so that the late
156stage can include scripts contained in the directories
157listed in the
158.Va local_startup
159variable (see below).
160Thus, the two likely candidates for this value are
161.Pa mountcritlocal
162for the typical system, and
163.Pa mountcritremote
164if the system needs remote file
165systems mounted to get access to the
166.Va local_startup
167directories; for example when
168.Pa /usr/local
169is NFS mounted.
170For
171.Pa rc.conf
172within a
173.Xr jail 8
174.Pa NETWORKING
175is likely to be an appropriate value.
176Extreme care should be taken when changing this value,
177and before changing it one should ensure that there are
178adequate provisions to recover from a failed boot
179(such as physical contact with the machine,
180or reliable remote console access).
181.It Va always_force_depends
182.Pq Vt bool
183Various
184.Pa rc.d
185scripts use the force_depend function to check whether required
186services are already running, and to start them if necessary.
187By default during boot time this check is bypassed if the
188required service is enabled in
189.Pa /etc/rc.conf[.local] .
190Setting this option will bypass that check at boot time and
191always test whether or not the service is actually running.
192Enabling this option is likely to increase your boot time if
193services are enabled that utilize the force_depend check.
194.It Ao Ar name Ac Ns Va _chroot
195.Pq Vt str
196.Xr chroot 8
197to this directory before running the service.
198.It Ao Ar name Ac Ns Va _cpuset
199.Pq Vt str
200A list of CPUs to run the service on.
201Passed to
202.Xr cpuset 1
203using the
204.Fl l
205flag.
206.It Ao Ar name Ac Ns Va _fib
207.Pq Vt int
208The
209.Xr setfib 1
210value to run the service under.
211.It Ao Ar name Ac Ns Va _group
212.Pq Vt str
213Run the chrooted service under this system group.
214Unlike the
215.Ao Ar name Ac Ns Va _user
216setting, this setting has no effect if the service is not chrooted.
217.It Ao Ar name Ac Ns Va _limits
218.Pq Vt str
219Resource limits to apply to the service using
220.Xr limits 1 .
221By default, resource limits are based on the login class defined in
222.Ao Ar name Ac Ns Va _login_class .
223.It Ao Ar name Ac Ns Va _login_class
224.Pq Vt str
225Login class to be used with
226.Ao Ar name Ac Ns Va _limits .
227Defaults to
228.Dq Li daemon .
229.It Ao Ar name Ac Ns Va _nice
230.Pq Vt int
231The
232.Xr nice 1
233value to run the service under.
234.It Ao Ar name Ac Ns Va _oomprotect
235.Pq Vt str
236Use
237.Xr protect 1
238to prevent the service from being killed when swap space
239is exhausted.
240Use
241.Dq Li YES
242to protect only the service itself, and
243.Dq Li ALL
244to protect the service and all its child processes.
245.Pp
246Please note that rc scripts which redefine
247.Dl ${argument}_cmd
248.Pq see Xr rc.subr 8
249such as PostgreSQL will not inherit the OOM killer protection.
250.Pp
251This variable has no effect on services running within a
252.Xr jail 8 .
253.It Ao Ar name Ac Ns Va _setup
254.Pq Vt str
255Run the specified setup script right before starting the actual service
256command.
257Useful for automatic configuration file generation.
258.It Ao Ar name Ac Ns Va _umask
259.Pq Vt int
260Run the service using this
261.Xr umask 1
262value.
263.It Ao Ar name Ac Ns Va _user
264.Pq Vt str
265Run the service under this user account.
266.It Va apm_enable
267.Pq Vt bool
268If set to
269.Dq Li YES ,
270enable support for Automatic Power Management with
271the
272.Xr apm 8
273command.
274.It Va apmd_enable
275.Pq Vt bool
276Run
277.Xr apmd 8
278to handle APM event from userland.
279This also enables support for APM.
280.It Va apmd_flags
281.Pq Vt str
282If
283.Va apmd_enable
284is set to
285.Dq Li YES ,
286these are the flags to pass to the
287.Xr apmd 8
288daemon.
289.It Va devd_enable
290.Pq Vt bool
291Run
292.Xr devd 8
293to handle device added, removed or unknown events from the kernel.
294.It Va ddb_enable
295.Pq Vt bool
296Run
297.Xr ddb 8
298to install
299.Xr ddb 4
300scripts at boot time.
301.It Va ddb_config
302.Pq Vt str
303Configuration file for
304.Xr ddb 8 .
305Default
306.Pa /etc/ddb.conf .
307.It Va devmatch_enable
308.Pq Vt bool
309If set to
310.Dq Li NO ,
311disable auto-loading of kernel modules with
312.Xr devmatch 8 .
313.It Va devmatch_blocklist
314.Pq Vt str
315A whitespace-separated list of kernel modules to be ignored by
316.Xr devmatch 8 .
317In addition, the
318.Xr kenv 1
319.Va devmatch_blocklist
320is appended to this variable to allow disabling of
321.Xr devmatch 8
322loaded modules from the boot loader.
323.It Va devmatch_blacklist
324.Pq Vt str
325This variable is deprecated.
326Use
327.Va devmatch_blocklist
328instead.
329A whitespace-separated list of kernel modules to be ignored by
330.Xr devmatch 8 .
331.It Va kld_list
332.Pq Vt str
333A whitespace-separated list of kernel modules to load right after
334the local disks are mounted, without any
335.Pa .ko
336extension or path.
337Loading modules at this point in the boot process is
338much faster than doing it via
339.Pa /boot/loader.conf
340for those modules not necessary for mounting local disks.
341.It Va kldxref_enable
342.Pq Vt bool
343Set to
344.Dq Li NO
345by default.
346Set to
347.Dq Li YES
348to automatically rebuild
349.Pa linker.hints
350files with
351.Xr kldxref 8
352at boot time.
353.It Va kldxref_clobber
354.Pq Vt bool
355Set to
356.Dq Li NO
357by default.
358If
359.Va kldxref_enable
360is true,
361setting to
362.Dq Li YES
363will overwrite existing
364.Pa linker.hints
365files at boot time.
366Otherwise,
367only missing
368.Pa linker.hints
369files are generated.
370.It Va kldxref_module_path
371.Pq Vt str
372Empty by default.
373A semi-colon
374.Pq Ql \&;
375delimited list of paths containing
376.Xr kld 4
377modules.
378If empty,
379the contents of the
380.Va kern.module_path
381.Xr sysctl 8
382are used.
383.It Va powerd_enable
384.Pq Vt bool
385If set to
386.Dq Li YES ,
387enable the system power control facility with the
388.Xr powerd 8
389daemon.
390.It Va powerd_flags
391.Pq Vt str
392If
393.Va powerd_enable
394is set to
395.Dq Li YES ,
396these are the flags to pass to the
397.Xr powerd 8
398daemon.
399.It Va tmpmfs
400Controls the creation of a
401.Pa /tmp
402memory file system.
403Always happens if set to
404.Dq Li YES
405and never happens if set to
406.Dq Li NO .
407If set to anything else, a memory file system is created if
408.Pa /tmp
409is not writable.
410.It Va tmpsize
411Controls the size of a created
412.Pa /tmp
413memory file system.
414.It Va tmpmfs_flags
415Extra options passed to the
416.Xr mdmfs 8
417utility when the memory file system for
418.Pa /tmp
419is created.
420The default is
421.Dq Li "-S" ,
422which inhibits the use of softupdates on
423.Pa /tmp
424so that file system space is freed without delay
425after file truncation or deletion.
426See
427.Xr mdmfs 8
428for other options you can use in
429.Va tmpmfs_flags .
430.It Va varmfs
431Controls the creation of a
432.Pa /var
433memory file system.
434Always happens if set to
435.Dq Li YES
436and never happens if set to
437.Dq Li NO .
438If set to anything else, a memory file system is created if
439.Pa /var
440is not writable.
441.It Va varsize
442Controls the size of a created
443.Pa /var
444memory file system.
445.It Va varmfs_flags
446Extra options passed to the
447.Xr mdmfs 8
448utility when the memory file system for
449.Pa /var
450is created.
451The default is
452.Dq Li "-S" ,
453which inhibits the use of softupdates on
454.Pa /var
455so that file system space is freed without delay
456after file truncation or deletion.
457See
458.Xr mdmfs 8
459for other options you can use in
460.Va varmfs_flags .
461.It Va populate_var
462Controls the automatic population of the
463.Pa /var
464file system.
465Always happens if set to
466.Dq Li YES
467and never happens if set to
468.Dq Li NO .
469If set to anything else, a memory file system is created if
470.Pa /var
471is not writable.
472Note that this process requires access to certain commands in
473.Pa /usr
474before
475.Pa /usr
476is mounted on normal systems.
477.It Va cleanvar_enable
478.Pq Vt bool
479Clean the
480.Pa /var
481directory.
482.It Va var_run_enable
483.Pq Vt bool
484Set to "YES" to enable saving of the
485.Pa /var/run
486directory structure into an mtree file at shutdown and the reload of the
487.Pa /var/run
488directory structure at boot.
489.It Va var_run_autosave
490.Pq Vt bool
491In some cases it may be undesirable to save
492.Pa /var/run
493at shutdown.
494When set to "NO"
495.Pa /var/run
496is loaded at reboot but not saved at shutdown.
497Typically in this scenario
498.Ql service var_run save
499would be performed to save a copy of the
500.Pa /var/run
501directory structure once, to be reloaded during all subsequent reboots.
502.It Va var_run_mtree
503.Pq Vt str
504Where to save the
505.Pa /var/run
506mtree.
507The default location is
508.Pa /var/db/mtree/BSD.var-run.mtree .
509.It Va local_startup
510.Pq Vt str
511List of directories to search for startup script files.
512.It Va script_name_sep
513.Pq Vt str
514The field separator to use for breaking down the list of startup script files
515into individual filenames.
516The default is a space.
517It is not necessary to change this unless there are startup scripts with names
518containing spaces.
519.It Va hostapd_enable
520.Pq Vt bool
521Set to
522.Dq Li YES
523to start
524.Xr hostapd 8
525at system boot time.
526.It Va hostname
527.Pq Vt str
528The fully qualified domain name (FQDN) of this host on the network.
529This should almost certainly be set to something meaningful, even if
530there is no network connection.
531If
532.Xr dhclient 8
533is used to set the hostname via DHCP,
534this variable should be set to an empty string.
535Within a
536.Xr jail 8
537the hostname is generally already set and this variable may be absent.
538If this value remains unset when the system is done booting
539your console login will display the default hostname of
540.Dq Amnesiac .
541.It Va nisdomainname
542.Pq Vt str
543The NIS domain name of this host, or
544.Dq Li NO
545if NIS is not used.
546.It Va hostid_enable
547.Pq Vt bool
548If set to
549.Dq Li NO ,
550disable the generation or saving of the
551.Pa hostid
552and
553.Pa machine-id
554files at system boot and shutdown.
555.It Va hostid_file
556.Pq Vt str
557Path to the
558.Pa hostid
559file, default
560.Pa /etc/hostid .
561.It Va hostid_uuidgen_flags
562.Pq Vt str
563Flags passed to
564.Xr uuidgen 1
565when generating a software host UUID.
566This is used only if the system cannot determine a hardware UUID.
567Set to
568.Dq Li -r
569by default.
570.It Va machine_id_file
571.Pq Vt str
572Path to the
573.Pa machine-id
574file, default
575.Pa /etc/machine-id .
576.It Va dhclient_program
577.Pq Vt str
578Path to the DHCP client program, defaulting to
579.Pa /sbin/dhclient .
580.It Va dhclient_flags
581.Pq Vt str
582Additional flags to pass to the DHCP client program.
583See the
584.Xr dhclient 8
585manpage for a description of the command line options available.
586.It Va dhclient_flags_ Ns Aq Ar iface
587Additional flags to pass to the DHCP client program running on
588.Ar iface
589only.
590When specified, this variable overrides
591.Va dhclient_flags .
592.It Va background_dhclient
593.Pq Vt bool
594Set to
595.Dq Li YES
596to start the DHCP client in background.
597This can cause trouble with applications depending on
598a working network, but it will provide a faster startup
599in many cases.
600.It Va background_dhclient_ Ns Aq Ar iface
601When specified, this variable overrides the
602.Va background_dhclient
603variable for interface
604.Ar iface
605only.
606.It Va synchronous_dhclient
607.Pq Vt bool
608Set to
609.Dq Li YES
610to start
611.Xr dhclient 8
612synchronously at startup.
613This behavior can be overridden on a per-interface basis by replacing
614the
615.Dq Li DHCP
616keyword in the
617.Va ifconfig_ Ns Aq Ar interface
618variable with
619.Dq Li SYNCDHCP
620or
621.Dq Li NOSYNCDHCP .
622.It Va defaultroute_delay
623.Pq Vt int
624When set to a positive value, wait up to this long after configuring
625DHCP interfaces at startup to give the interfaces time to receive a lease.
626.It Va firewall_enable
627.Pq Vt bool
628Set to
629.Dq Li YES
630to load firewall rules at startup.
631If the kernel was not built with
632.Cd "options IPFIREWALL" ,
633the
634.Pa ipfw.ko
635kernel module will be loaded.
636See also
637.Va ipfilter_enable .
638.It Va firewall_script
639.Pq Vt str
640This variable specifies the full path to the firewall script to run.
641The default is
642.Pa /etc/rc.firewall .
643.It Va firewall_type
644.Pq Vt str
645Names the firewall type from the selection in
646.Pa /etc/rc.firewall ,
647or the file which contains the local firewall ruleset.
648Valid selections from
649.Pa /etc/rc.firewall
650are:
651.Pp
652.Bl -tag -width ".Li workstation" -compact
653.It Li open
654unrestricted IP access
655.It Li closed
656all IP services disabled, except via
657.Dq Li lo0
658.It Li client
659basic protection for a workstation
660.It Li workstation
661basic protection for a workstation using stateful firewalling
662.It Li simple
663basic protection for a LAN.
664.El
665.Pp
666If a filename is specified, the full path
667must be given.
668.Pp
669Most of the predefined rulesets define additional configuration variables.
670These are documented in
671.Pa /etc/rc.firewall .
672.It Va firewall_quiet
673.Pq Vt bool
674Set to
675.Dq Li YES
676to disable the display of firewall rules on the console during boot.
677.It Va firewall_logging
678.Pq Vt bool
679Set to
680.Dq Li YES
681to enable firewall event logging.
682This is equivalent to the
683.Dv IPFIREWALL_VERBOSE
684kernel option.
685.It Va firewall_logif
686.Pq Vt bool
687Set to
688.Dq Li YES
689to create pseudo interface
690.Li ipfw0
691for logging.
692For more details, see
693.Xr ipfw 8
694manual page.
695.It Va firewall_flags
696.Pq Vt str
697Flags passed to
698.Xr ipfw 8
699if
700.Va firewall_type
701specifies a filename.
702.It Va firewall_coscripts
703.Pq Vt str
704List of executables and/or rc scripts to run after firewall starts/stops.
705Default is empty.
706.\" ----- firewall_nat_enable setting --------------------------------
707.It Va firewall_nat_enable
708.Pq Vt bool
709The
710.Xr ipfw 8
711equivalent of
712.Va natd_enable .
713Setting this to
714.Dq Li YES
715will automatically load the
716.Xr ipfw 8
717NAT kernel module if
718.Va firewall_enable
719is also set to
720.Dq Li YES .
721.It Va firewall_nat_interface
722.Pq Vt str
723The
724.Xr ipfw 8
725equivalent of
726.Va natd_interface .
727This is the name of the public interface or IP address on which
728kernel NAT should run.
729.It Va firewall_nat_flags
730.Pq Vt str
731Additional configuration parameters for kernel NAT should be placed here.
732.It Va firewall_nat64_enable
733.Pq Vt bool
734Setting this to
735.Dq Li YES
736will automatically load the
737.Xr ipfw 8
738NAT64 kernel module if
739.Va firewall_enable
740is also set to
741.Dq Li YES .
742.It Va firewall_nptv6_enable
743.Pq Vt bool
744Setting this to
745.Dq Li YES
746will automatically load the
747.Xr ipfw 8
748NPTv6 kernel module if
749.Va firewall_enable
750is also set to
751.Dq Li YES .
752.It Va firewall_pmod_enable
753.Pq Vt bool
754Setting this to
755.Dq Li YES
756will automatically load the
757.Xr ipfw 8
758pmod kernel module if
759.Va firewall_enable
760is also set to
761.Dq Li YES .
762.It Va dummynet_enable
763.Pq Vt bool
764Setting this to
765.Dq Li YES
766will automatically load the
767.Xr dummynet 4
768module if
769.Va firewall_enable
770is also set to
771.Dq Li YES .
772.\" -------------------------------------------------------------------
773.It Va ipfw_netflow_enable
774.Pq Vt bool
775Setting this to
776.Dq Li YES
777will enable netflow logging via
778.Xr ng_netflow 4 .
779.Pp
780By default a ipfw rule is inserted and all packets are duplicated with
781the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
782port using protocol version 5.
783.It Va ipfw_netflow_hook
784.Pq Vt int
785netflow hook name, must be numerical
786(default
787.Pa 9995 ) .
788.It Va ipfw_netflow_rule
789.Pq Vt int
790ipfw rule number
791(default
792.Pa 1000 ) .
793.It Va ipfw_netflow_ip
794.Pq Vt str
795Destination server ip for receiving netflow data
796(default
797.Pa 127.0.0.1 ) .
798.It Va ipfw_netflow_port
799.Pq Vt int
800Destination server port for receiving netflow data
801(default
802.Pa 9995 ) .
803.It Va ipfw_netflow_version
804.Pq Vt int
805Do not set for using version 5 of the netflow protocol, set it to 9 for using
806version 9.
807.It Va ipfw_netflow_fib
808.Pq Vt int
809Only match packet in FIB
810.Pa ipfw_netflow_fib
811(default is undefined meaning all FIBs).
812.It Va natd_program
813.Pq Vt str
814Path to
815.Xr natd 8 .
816.It Va natd_enable
817.Pq Vt bool
818Set to
819.Dq Li YES
820to enable
821.Xr natd 8 .
822.Va firewall_enable
823must also be set to
824.Dq Li YES ,
825and
826.Xr divert 4
827sockets must be enabled in the kernel.
828If the kernel was not built with
829.Cd "options IPDIVERT" ,
830the
831.Pa ipdivert.ko
832kernel module will be loaded.
833.It Va natd_interface
834.Pq Vt str
835This is the name of the public interface on which
836.Xr natd 8
837should run.
838The interface may be given as an interface name or as an IP address.
839.It Va natd_flags
840.Pq Vt str
841Additional
842.Xr natd 8
843flags should be placed here.
844The
845.Fl n
846or
847.Fl a
848flag is automatically added with the above
849.Va natd_interface
850as an argument.
851.\" ----- ipfilter_enable setting --------------------------------
852.It Va ipfilter_enable
853.Pq Vt bool
854Set to
855.Dq Li NO
856by default.
857Setting this to
858.Dq Li YES
859enables
860.Xr ipf 8
861packet filtering.
862.Pp
863Typical usage will require putting
864.Bd -literal
865ipfilter_enable="YES"
866ipnat_enable="YES"
867ipmon_enable="YES"
868ipfs_enable="YES"
869.Ed
870.Pp
871into
872.Pa /etc/rc.conf
873and editing
874.Pa /etc/ipf.rules
875and
876.Pa /etc/ipnat.rules
877appropriately.
878.Pp
879Note that
880.Va ipfilter_enable
881and
882.Va ipnat_enable
883can be enabled independently.
884.Va ipmon_enable
885and
886.Va ipfs_enable
887both require at least one of
888.Va ipfilter_enable
889and
890.Va ipnat_enable
891to be enabled.
892.Pp
893Having
894.Bd -literal
895options IPFILTER
896options IPFILTER_LOG
897options IPFILTER_DEFAULT_BLOCK
898.Ed
899.Pp
900in the kernel configuration file is a good idea, too.
901.\" ----- ipfilter_program setting ------------------------------
902.It Va ipfilter_program
903.Pq Vt str
904Path to
905.Xr ipf 8
906(default
907.Pa /sbin/ipf ) .
908.\" ----- ipfilter_rules setting --------------------------------
909.It Va ipfilter_rules
910.Pq Vt str
911Set to
912.Pa /etc/ipf.rules
913by default.
914This variable contains the name of the filter rule definition file.
915The file is expected to be readable for the
916.Xr ipf 8
917command to execute.
918.\" ----- ipfilter_flags setting --------------------------------
919.It Va ipfilter_flags
920.Pq Vt str
921Empty by default.
922This variable contains flags passed to the
923.Xr ipf 8
924program.
925.\" ----- ipnat_enable setting ----------------------------------
926.It Va ipnat_enable
927.Pq Vt bool
928Set to
929.Dq Li NO
930by default.
931Set it to
932.Dq Li YES
933to enable
934.Xr ipnat 8
935network address translation.
936See
937.Va ipfilter_enable
938for a detailed discussion.
939.\" ----- ipnat_program setting ---------------------------------
940.It Va ipnat_program
941.Pq Vt str
942Path to
943.Xr ipnat 8
944(default
945.Pa /sbin/ipnat ) .
946.\" ----- ipnat_rules setting -----------------------------------
947.It Va ipnat_rules
948.Pq Vt str
949Set to
950.Pa /etc/ipnat.rules
951by default.
952This variable contains the name of the file
953holding the network address translation definition.
954This file is expected to be readable for the
955.Xr ipnat 8
956command to execute.
957.\" ----- ipnat_flags setting -----------------------------------
958.It Va ipnat_flags
959.Pq Vt str
960Empty by default.
961This variable contains flags passed to the
962.Xr ipnat 8
963program.
964.\" ----- ipmon_enable setting ----------------------------------
965.It Va ipmon_enable
966.Pq Vt bool
967Set to
968.Dq Li NO
969by default.
970Set it to
971.Dq Li YES
972to enable
973.Xr ipmon 8
974monitoring (logging
975.Xr ipf 8
976and
977.Xr ipnat 8
978events).
979Setting this variable needs setting
980.Va ipfilter_enable
981or
982.Va ipnat_enable
983too.
984See
985.Va ipfilter_enable
986for a detailed discussion.
987.\" ----- ipmon_program setting ---------------------------------
988.It Va ipmon_program
989.Pq Vt str
990Path to
991.Xr ipmon 8
992(default
993.Pa /sbin/ipmon ) .
994.\" ----- ipmon_flags setting -----------------------------------
995.It Va ipmon_flags
996.Pq Vt str
997Set to
998.Dq Li -Ds
999by default.
1000This variable contains flags passed to the
1001.Xr ipmon 8
1002program.
1003Another typical example would be
1004.Dq Fl D Pa /var/log/ipflog
1005to have
1006.Xr ipmon 8
1007log directly to a file bypassing
1008.Xr syslogd 8 .
1009Make sure to adjust
1010.Pa /etc/newsyslog.conf
1011in such case like this:
1012.Bd -literal
1013/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
1014.Ed
1015.\" ----- ipfs_enable setting -----------------------------------
1016.It Va ipfs_enable
1017.Pq Vt bool
1018Set to
1019.Dq Li NO
1020by default.
1021Set it to
1022.Dq Li YES
1023to enable
1024.Xr ipfs 8
1025saving the filter and NAT state tables during shutdown
1026and reloading them during startup again.
1027Setting this variable needs setting
1028.Va ipfilter_enable
1029or
1030.Va ipnat_enable
1031to
1032.Dq Li YES
1033too.
1034See
1035.Va ipfilter_enable
1036for a detailed discussion.
1037Note that if
1038.Va kern_securelevel
1039is set to 3,
1040.Va ipfs_enable
1041cannot be used
1042because the raised securelevel will prevent
1043.Xr ipfs 8
1044from saving the state tables at shutdown time.
1045.\" ----- ipfs_program setting ----------------------------------
1046.It Va ipfs_program
1047.Pq Vt str
1048Path to
1049.Xr ipfs 8
1050(default
1051.Pa /sbin/ipfs ) .
1052.\" ----- ipfs_flags setting ------------------------------------
1053.It Va ipfs_flags
1054.Pq Vt str
1055Empty by default.
1056This variable contains flags passed to the
1057.Xr ipfs 8
1058program.
1059.\" ----- end of added ipf hook ---------------------------------
1060.It Va pf_enable
1061.Pq Vt bool
1062Set to
1063.Dq Li NO
1064by default.
1065Setting this to
1066.Dq Li YES
1067enables
1068.Xr pf 4
1069packet filtering.
1070.Pp
1071Typical usage will require putting
1072.Pp
1073.Dl pf_enable="YES"
1074.Pp
1075into
1076.Pa /etc/rc.conf
1077and editing
1078.Pa /etc/pf.conf
1079appropriately.
1080Adding
1081.Pp
1082.Dl "device pf"
1083.Pp
1084builds support for
1085.Xr pf 4
1086into the kernel, otherwise the
1087kernel module will be loaded.
1088.It Va pf_rules
1089.Pq Vt str
1090Path to
1091.Xr pf 4
1092ruleset configuration file
1093(default
1094.Pa /etc/pf.conf ) .
1095.It Va pf_program
1096.Pq Vt str
1097Path to
1098.Xr pfctl 8
1099(default
1100.Pa /sbin/pfctl ) .
1101.It Va pf_flags
1102.Pq Vt str
1103If
1104.Va pf_enable
1105is set to
1106.Dq Li YES ,
1107these flags are passed to the
1108.Xr pfctl 8
1109program when loading the ruleset.
1110.It Va pf_fallback_rules_enable
1111.Pq Vt bool
1112Set to
1113.Dq Li NO
1114by default.
1115Setting this to
1116.Dq Li YES
1117enables loading
1118.Va pf_fallback_rules_file
1119or
1120.Va pf_fallback_rules
1121in case of a problem when loading the ruleset in
1122.Va pf_rules .
1123.It Va pf_fallback_rules_file
1124.Pq Vt str
1125Path to a pf ruleset to load in case of failure when loading the
1126ruleset in
1127.Va pf_rules
1128(default
1129.Pa /etc/pf-fallback.conf ) .
1130.It Va pf_fallback_rules
1131.Pq Vt str
1132A pf ruleset to load in case of failure when loading the ruleset in
1133.Va pf_rules
1134and
1135.Va pf_fallback_rules_file
1136is not found.
1137Multiple rules can be set as follows:
1138.Bd -literal
1139pf_fallback_rules="\\
1140	block drop log all\\
1141	pass in quick on em0"
1142.Pp
1143.Ed
1144The default fallback rule is
1145.Dq block drop log all
1146.It Va pflog_enable
1147.Pq Vt bool
1148Set to
1149.Dq Li NO
1150by default.
1151Setting this to
1152.Dq Li YES
1153enables
1154.Xr pflogd 8
1155which logs packets from the
1156.Xr pf 4
1157packet filter.
1158.It Va pflog_logfile
1159.Pq Vt str
1160If
1161.Va pflog_enable
1162is set to
1163.Dq Li YES
1164this controls where
1165.Xr pflogd 8
1166stores the logfile
1167(default
1168.Pa /var/log/pflog ) .
1169Check
1170.Pa /etc/newsyslog.conf
1171to adjust logfile rotation for this.
1172.It Va pflog_program
1173.Pq Vt str
1174Path to
1175.Xr pflogd 8
1176(default
1177.Pa /sbin/pflogd ) .
1178.It Va pflog_flags
1179.Pq Vt str
1180Empty by default.
1181This variable contains additional flags passed to the
1182.Xr pflogd 8
1183program.
1184.It Va pflog_instances
1185.Pq Vt str
1186If logging to more than one
1187.Xr pflog 4
1188interface is desired,
1189.Va pflog_instances
1190is set to the list of
1191.Xr pflogd 8
1192instances that should be started at system boot time.
1193If
1194.Va pflog_instances
1195is set, for each whitespace-separated
1196.Ar element
1197in the list,
1198.Ao Ar element Ac Ns Va _dev
1199and
1200.Ao Ar element Ac Ns Va _logfile
1201elements are assumed to exist.
1202.Ao Ar element Ac Ns Va _dev
1203must contain the
1204.Xr pflog 4
1205interface to be watched by the named
1206.Xr pflogd 8
1207instance.
1208.Ao Ar element Ac Ns Va _logfile
1209must contain the name of the logfile that will be used by the
1210.Xr pflogd 8
1211instance.
1212.It Va ftpproxy_enable
1213.Pq Vt bool
1214Set to
1215.Dq Li NO
1216by default.
1217Setting this to
1218.Dq Li YES
1219enables
1220.Xr ftp-proxy 8
1221which supports the
1222.Xr pf 4
1223packet filter in translating ftp connections.
1224.It Va ftpproxy_flags
1225.Pq Vt str
1226Empty by default.
1227This variable contains additional flags passed to the
1228.Xr ftp-proxy 8
1229program.
1230.It Va ftpproxy_instances
1231.Pq Vt str
1232Empty by default.
1233If multiple instances of
1234.Xr ftp-proxy 8
1235are desired at boot time,
1236.Va ftpproxy_instances
1237should contain a whitespace-separated list of instance names.
1238For each
1239.Ar element
1240in the list, a variable named
1241.Ao Ar element Ac Ns Va _flags
1242should be defined, containing the command-line flags to be passed to the
1243.Xr ftp-proxy 8
1244instance.
1245.It Va pfsync_enable
1246.Pq Vt bool
1247Set to
1248.Dq Li NO
1249by default.
1250Setting this to
1251.Dq Li YES
1252enables exposing
1253.Xr pf 4
1254state changes to other hosts over the network by means of
1255.Xr pfsync 4 .
1256The
1257.Va pfsync_syncdev
1258variable
1259must also be set then.
1260.It Va pfsync_syncdev
1261.Pq Vt str
1262Empty by default.
1263This variable specifies the name of the network interface
1264.Xr pfsync 4
1265should operate through.
1266It must be set accordingly if
1267.Va pfsync_enable
1268is set to
1269.Dq Li YES .
1270.It Va pfsync_syncpeer
1271.Pq Vt str
1272Empty by default.
1273This variable is optional.
1274By default, state change messages are sent out on the synchronisation
1275interface using IP multicast packets.
1276The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1277224.0.0.240.
1278When a peer address is specified using the
1279.Va pfsync_syncpeer
1280option, the peer address is used as a destination for the pfsync
1281traffic, and the traffic can then be protected using
1282.Xr ipsec 4 .
1283See the
1284.Xr pfsync 4
1285manpage for more details about using
1286.Xr ipsec 4
1287with
1288.Xr pfsync 4
1289interfaces.
1290.It Va pfsync_ifconfig
1291.Pq Vt str
1292Empty by default.
1293This variable can contain additional options to be passed to the
1294.Xr ifconfig 8
1295command used to set up
1296.Xr pfsync 4 .
1297.It Va tcp_extensions
1298.Pq Vt bool
1299Set to
1300.Dq Li YES
1301by default.
1302Setting this to
1303.Dq Li NO
1304disables certain TCP options as described by
1305.Rs
1306.%T "RFC 1323"
1307.Re
1308Setting this to
1309.Dq Li NO
1310might help remedy such problems with connections as randomly hanging
1311or other weird behavior.
1312Some network devices are known
1313to be broken with respect to these options.
1314.It Va log_in_vain
1315.Pq Vt int
1316Set to 0 by default.
1317The
1318.Xr sysctl 8
1319variables,
1320.Va net.inet.tcp.log_in_vain
1321and
1322.Va net.inet.udp.log_in_vain ,
1323as described in
1324.Xr tcp 4
1325and
1326.Xr udp 4 ,
1327are set to the given value.
1328.It Va tcp_keepalive
1329.Pq Vt bool
1330Set to
1331.Dq Li YES
1332by default.
1333Setting to
1334.Dq Li NO
1335will disable probing idle TCP connections to verify that the
1336peer is still up and reachable.
1337.It Va tcp_drop_synfin
1338.Pq Vt bool
1339Set to
1340.Dq Li NO
1341by default.
1342Setting to
1343.Dq Li YES
1344will cause the kernel to ignore TCP frames that have both
1345the SYN and FIN flags set.
1346This prevents OS fingerprinting, but may
1347break some legitimate applications.
1348.It Va icmp_drop_redirect
1349.Pq Vt bool
1350Set to
1351.Dq Li AUTO
1352by default.
1353This setting will be identical to
1354.Dq Li YES ,
1355if a dynamic routing daemon is enabled, because redirect processing may
1356cause performance issues for large routing tables.
1357If no such service is enabled, this setting behaves like a
1358.Dq Li NO .
1359Setting to
1360.Dq Li YES
1361will cause the kernel to ignore ICMP REDIRECT packets.
1362Setting to
1363.Dq Li NO
1364will cause the kernel to process ICMP REDIRECT packets.
1365Refer to
1366.Xr icmp 4
1367for more information.
1368.It Va icmp_log_redirect
1369.Pq Vt bool
1370Set to
1371.Dq Li NO
1372by default.
1373Setting to
1374.Dq Li YES
1375will cause the kernel to log ICMP REDIRECT packets.
1376Note that
1377the log messages are not rate-limited, so this option should only be used
1378for troubleshooting networks.
1379Refer to
1380.Xr icmp 4
1381for more information.
1382.It Va icmp_bmcastecho
1383.Pq Vt bool
1384Set to
1385.Dq Li YES
1386to respond to broadcast or multicast ICMP ping packets.
1387Refer to
1388.Xr icmp 4
1389for more information.
1390.It Va ip_portrange_first
1391.Pq Vt int
1392If not set to
1393.Dq Li NO ,
1394this is the first port in the default portrange.
1395Refer to
1396.Xr ip 4
1397for more information.
1398.It Va ip_portrange_last
1399.Pq Vt int
1400If not set to
1401.Dq Li NO ,
1402this is the last port in the default portrange.
1403Refer to
1404.Xr ip 4
1405for more information.
1406.It Va network_interfaces
1407.Pq Vt str
1408Set to the list of network interfaces to configure on this host or
1409.Dq Li AUTO
1410(the default) for all current interfaces.
1411Setting the
1412.Va network_interfaces
1413variable to anything other than the default is deprecated.
1414Interfaces that the administrator wishes to store configuration for,
1415but not start at boot should be configured with the
1416.Dq Li NOAUTO
1417keyword in their
1418.Va ifconfig_ Ns Aq Ar interface
1419variables as described below.
1420.Pp
1421An
1422.Va ifconfig_ Ns Aq Ar interface
1423variable is also assumed to exist for each value of
1424.Ar interface .
1425When an interface name contains any of the characters
1426.Dq Li .-/+
1427they are translated to
1428.Dq Li _
1429before lookup.
1430The variable can contain arguments to
1431.Xr ifconfig 8 ,
1432as well as special case-insensitive keywords described below.
1433Such keywords are removed before passing the value to
1434.Xr ifconfig 8
1435while the order of the other arguments is preserved.
1436.Pp
1437It is possible to add IP alias entries using
1438.Xr ifconfig 8
1439syntax with the address family keyword such as
1440.Li inet .
1441Assuming that the interface in question was
1442.Li em0 ,
1443it might look something like this:
1444.Bd -literal
1445ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1446ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1447.Ed
1448.Pp
1449It also possible to configure multiple IP addresses in Classless
1450Inter-Domain Routing
1451.Pq CIDR
1452address notation,
1453whose each address component can be a range like
1454.Li inet 192.0.2.5-23/24
1455or
1456.Li inet6 2001:db8:1-f::1/64 .
1457This notation allows address and prefix length part only,
1458not the other address modifiers.
1459Note that the maximum number of the generated addresses from a range
1460specification is limited to an integer value specified in
1461.Va netif_ipexpand_max
1462in
1463.Nm
1464because a small typo can unexpectedly generate a large number of addresses.
1465The default value is
1466.Li 2048 .
1467It can be increased by adding the following line into
1468.Nm :
1469.Bd -literal
1470netif_ipexpand_max="4096"
1471.Ed
1472.Pp
1473In the case of
1474.Li 192.0.2.5-23/24 ,
1475the address 192.0.2.5 will be configured with the
1476netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1477the non-conflicting netmask /32 as explained in the
1478.Xr ifconfig 8
1479alias section.
1480Note that this special netmask handling is only for
1481.Li inet ,
1482not for the other address families such as
1483.Li inet6 .
1484.Pp
1485With the interface in question being
1486.Li em0 ,
1487an example could look like:
1488.Bd -literal
1489ifconfig_em0_alias2="inet 192.0.2.129/27"
1490ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1491.Ed
1492.Pp
1493and so on.
1494.Pp
1495Note that deprecated
1496.Va ipv4_addrs_ Ns Aq Ar interface
1497variable was supported for IPv4 CIDR address notation.
1498The
1499.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1500variable replaces it, though
1501.Va ipv4_addrs_ Ns Aq Ar interface
1502is still supported for backward compatibility.
1503.Pp
1504For each
1505.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1506entry with an address family keyword,
1507its contents are passed to
1508.Xr ifconfig 8 .
1509Execution stops at the first unsuccessful access, so if
1510something like this is present:
1511.Bd -literal
1512ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1513ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1514ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1515ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1516.Ed
1517.Pp
1518Then note that alias4 would
1519.Em not
1520be added since the search would
1521stop with the missing
1522.Dq Li alias3
1523entry.
1524Because of this difficult to manage behavior,
1525there is
1526.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1527variable, which has the same functionality as
1528.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1529and can have all of the entries in a variable like the following:
1530.Bd -literal
1531ifconfig_em0_aliases="\\
1532	inet 127.0.0.251 netmask 0xffffffff \\
1533	inet 127.0.0.252 netmask 0xffffffff \\
1534	inet 127.0.0.253 netmask 0xffffffff \\
1535	inet 127.0.0.254 netmask 0xffffffff"
1536.Ed
1537.Pp
1538It also supports CIDR notation.
1539.Pp
1540If the
1541.Pa /etc/start_if . Ns Aq Ar interface
1542file is present, it is read and executed by the
1543.Xr sh 1
1544interpreter
1545before configuring the interface as specified in the
1546.Va ifconfig_ Ns Aq Ar interface
1547and
1548.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1549variables.
1550.Pp
1551If a
1552.Va vlans_ Ns Aq Ar interface
1553variable is set,
1554a
1555.Xr vlan 4
1556interface will be created for each item in the list with the
1557.Ar vlandev
1558argument set to
1559.Ar interface .
1560If a vlan interface's name is a number,
1561then that number is used as the vlan tag and the new vlan interface is
1562named
1563.Ar interface . Ns Ar tag .
1564Otherwise,
1565the vlan tag must be specified via a
1566.Va vlan
1567parameter in the
1568.Va create_args_ Ns Aq Ar interface
1569variable.
1570.Pp
1571To create a vlan device named
1572.Li em0.101
1573on
1574.Li em0
1575with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24:
1576.Bd -literal
1577vlans_em0="101"
1578ifconfig_em0_101="inet 192.0.2.1/24"
1579.Ed
1580.Pp
1581To create a vlan device named
1582.Li myvlan
1583on
1584.Li em0
1585with the vlan tag 102:
1586.Bd -literal
1587vlans_em0="myvlan"
1588create_args_myvlan="vlan 102"
1589.Ed
1590.Pp
1591If a
1592.Va wlans_ Ns Aq Ar interface
1593variable is set,
1594an
1595.Xr wlan 4
1596interface will be created for each item in the list with the
1597.Ar wlandev
1598argument set to
1599.Ar interface .
1600Further wlan cloning arguments may be passed to the
1601.Xr ifconfig 8
1602.Cm create
1603command by setting the
1604.Va create_args_ Ns Aq Ar interface
1605variable.
1606One or more
1607.Xr wlan 4
1608devices must be created for each wireless device as of
1609.Fx 8.0 .
1610Debugging flags for
1611.Xr wlan 4
1612devices as set by
1613.Xr wlandebug 8
1614may be specified with an
1615.Va wlandebug_ Ns Aq Ar interface
1616variable.
1617The contents of this variable will be passed directly to
1618.Xr wlandebug 8 .
1619.Pp
1620If the
1621.Va ifconfig_ Ns Aq Ar interface
1622contains the keyword
1623.Dq Li NOAUTO
1624then the interface will not be configured
1625at boot or by
1626.Pa /etc/pccard_ether
1627when
1628.Va network_interfaces
1629is set to
1630.Dq Li AUTO .
1631.Pp
1632It is possible to bring up an interface with DHCP by adding
1633.Dq Li DHCP
1634to the
1635.Va ifconfig_ Ns Aq Ar interface
1636variable.
1637For instance, to initialize the
1638.Li em0
1639device via DHCP,
1640it is possible to use something like:
1641.Bd -literal
1642ifconfig_em0="DHCP"
1643.Ed
1644.Pp
1645If you want to configure your wireless interface with
1646.Xr wpa_supplicant 8
1647for use with WPA, EAP/LEAP or WEP, you need to add
1648.Dq Li WPA
1649to the
1650.Va ifconfig_ Ns Aq Ar interface
1651variable.
1652.Pp
1653On the other hand, if you want to configure your wireless interface with
1654.Xr hostapd 8 ,
1655you need to add
1656.Dq Li HOSTAP
1657to the
1658.Va ifconfig_ Ns Aq Ar interface
1659variable.
1660.Xr hostapd 8
1661will use the settings from
1662.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1663.Pp
1664Finally, you can add
1665.Xr ifconfig 8
1666options in this variable, in addition to the
1667.Pa /etc/start_if . Ns Aq Ar interface
1668file.
1669For instance, to configure an
1670.Xr ath 4
1671wireless device in station mode with an address obtained
1672via DHCP, using WPA authentication and 802.11b mode, it is
1673possible to use something like:
1674.Bd -literal
1675wlans_ath0="wlan0"
1676ifconfig_wlan0="DHCP WPA mode 11b"
1677.Ed
1678.Pp
1679In addition to the
1680.Va ifconfig_ Ns Aq Ar interface
1681form, a fallback variable
1682.Va ifconfig_DEFAULT
1683may be configured.
1684It will be used for all interfaces with no
1685.Va ifconfig_ Ns Aq Ar interface
1686variable.
1687.Pp
1688It is also possible to rename an interface by doing:
1689.Bd -literal
1690ifconfig_em0_name="net0"
1691ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1692.Ed
1693.It Va ipv6_enable
1694.Pq Vt bool
1695This variable is deprecated.
1696Use
1697.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1698and
1699.Va ipv6_activate_all_interfaces
1700if necessary.
1701.Pp
1702If the variable is
1703.Dq Li YES ,
1704.Dq Li inet6 accept_rtadv
1705is added to all of
1706.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1707and the
1708.Va ipv6_activate_all_interfaces
1709is defined as
1710.Dq Li YES .
1711.It Va ipv6_prefer
1712.Pq Vt bool
1713This variable is deprecated.
1714Use
1715.Va ip6addrctl_policy
1716instead.
1717.Pp
1718If the variable is
1719.Dq Li YES ,
1720the default address selection policy table set by
1721.Xr ip6addrctl 8
1722will be IPv6-preferred.
1723.Pp
1724If the variable is
1725.Dq Li NO ,
1726the default address selection policy table set by
1727.Xr ip6addrctl 8
1728will be IPv4-preferred.
1729.It Va ipv6_activate_all_interfaces
1730.Pq Vt bool
1731This controls initial configuration on IPv6-capable
1732interfaces with no corresponding
1733.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1734variable.
1735Note that it is not always necessary to set this variable to
1736.Dq YES
1737to use IPv6 functionality on
1738.Fx .
1739In most cases, just configuring
1740.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1741variables works.
1742.Pp
1743If the variable is
1744.Dq Li NO ,
1745all interfaces which do not have a corresponding
1746.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1747variable will be marked as
1748.Dq Li IFDISABLED
1749at creation.
1750This means that all IPv6 functionality on that interface
1751is completely disabled to enforce a security policy.
1752If the variable is set to
1753.Dq YES ,
1754the flag will be cleared on all of the interfaces.
1755.Pp
1756In most cases, just defining an
1757.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1758for an IPv6-capable interface should be sufficient.
1759However, if an interface is added dynamically
1760.Pq by some tunneling protocols such as PPP, for example ,
1761it is often difficult to define the variable in advance.
1762In such a case, configuring the
1763.Dq Li IFDISABLED
1764flag can be disabled by setting this variable to
1765.Dq YES .
1766.Pp
1767For more details of the
1768.Dq Li IFDISABLED
1769flag and keywords
1770.Dq Li inet6 ifdisabled ,
1771see
1772.Xr ifconfig 8 .
1773.Pp
1774Default is
1775.Dq Li NO .
1776.It Va ipv6_privacy
1777.Pq Vt bool
1778If the variable is
1779.Dq Li YES
1780privacy addresses will be generated for each IPv6
1781interface as described in RFC 4941.
1782.It Va ipv6_network_interfaces
1783.Pq Vt str
1784This is the IPv6 equivalent of
1785.Va network_interfaces .
1786Normally manual configuration of this variable is not needed.
1787.It Va ipv6_cpe_wanif
1788.Pq Vt str
1789If the variable is set to an interface name,
1790the
1791.Xr ifconfig 8
1792options
1793.Dq inet6 -no_radr accept_rtadv
1794will be added to the specified interface automatically before evaluating
1795.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1796and two
1797.Xr sysctl 8
1798variables
1799.Va net.inet6.ip6.rfc6204w3
1800and
1801.Va net.inet6.ip6.no_radr
1802will be set to 1.
1803.Pp
1804This means the specified interface will accept ICMPv6 Router
1805Advertisement messages on that link and add the discovered
1806routers into the Default Router List.
1807While the other interfaces can still accept RA messages if the
1808.Dq inet6 accept_rtadv
1809option is specified, adding
1810routes into the Default Router List will be disabled by
1811.Dq inet6 no_radr
1812option by default.
1813See
1814.Xr ifconfig 8
1815for more details.
1816.Pp
1817Note that ICMPv6 Router Advertisement messages will be
1818accepted even when
1819.Va net.inet6.ip6.forwarding
1820is 1
1821.Pq packet forwarding is enabled
1822when
1823.Va net.inet6.ip6.rfc6204w3
1824is set to 1.
1825.Pp
1826Default is
1827.Dq Li NO .
1828.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1829.Pq Vt str
1830This assigns arbitrary description to an interface.
1831The
1832.Xr sysctl 8
1833variable
1834.Va net.ifdescr_maxlen
1835limits its length.
1836This static setting may be overridden by commands
1837started with dynamic interface configuration utilities
1838like
1839.Xr dhclient 8
1840hooks.
1841The description can be seen with
1842.Xr ifconfig 8
1843command and it may be exported with
1844.Xr bsnmpd 1
1845daemon using its MIB-2 module.
1846.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1847.Pq Vt str
1848IPv6 functionality on an interface should be configured by
1849.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1850instead of setting ifconfig parameters in
1851.Va ifconfig_ Ns Aq Ar interface .
1852If this variable is empty, all IPv6 configurations on the
1853specified interface by other variables such as
1854.Va ipv6_prefix_ Ns Ao Ar interface Ac
1855will be ignored.
1856.Pp
1857Aliases should be set by
1858.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1859with
1860.Dq Li inet6
1861keyword.
1862For example:
1863.Bd -literal
1864ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1865ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1866.Ed
1867.Pp
1868Interfaces that have an
1869.Dq Li inet6 accept_rtadv
1870keyword in
1871.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1872setting will be automatically configured by SLAAC
1873.Pq StateLess Address AutoConfiguration
1874described in
1875.Rs
1876.%T "RFC 4862"
1877.Re
1878.Pp
1879Note that a link-local address will be automatically configured in
1880addition to the configured global-scope addresses because the IPv6
1881specifications require it on each link.
1882The address is calculated from the MAC address by using an algorithm
1883defined in
1884.Rs
1885.%T "RFC 4862"
1886.%O "Section 5.3"
1887.Re
1888.Pp
1889If only a link-local address is needed on the interface,
1890the following configuration can be used:
1891.Bd -literal
1892ifconfig_em0_ipv6="inet6 auto_linklocal"
1893.Ed
1894.Pp
1895A link-local address can also be configured manually.
1896This is useful for the default router address of an IPv6 router
1897so that it does not change when the network interface
1898card is replaced.
1899For example:
1900.Bd -literal
1901ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1902.Ed
1903.It Va ipv6_prefix_ Ns Aq Ar interface
1904.Pq Vt str
1905If one or more prefixes are defined in
1906.Va ipv6_prefix_ Ns Aq Ar interface
1907addresses based on each prefix and the EUI-64 interface index will be
1908configured on that interface.
1909Note that this variable will be ignored when
1910.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1911is empty.
1912.Pp
1913For example, the following configuration
1914.Bd -literal
1915ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1916.Ed
1917.Pp
1918is equivalent to the following:
1919.Bd -literal
1920ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1921ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1922ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1923ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1924.Ed
1925.Pp
1926These Subnet-Router anycast addresses will be added only when
1927.Va ipv6_gateway_enable
1928is YES.
1929.It Va ipv6_default_interface
1930.Pq Vt str
1931If not set to
1932.Dq Li NO ,
1933this is the default output interface for scoped addresses.
1934This works only with ipv6_gateway_enable="NO".
1935.It Va ip6addrctl_enable
1936.Pq Vt bool
1937This variable is to enable configuring default address selection policy table
1938.Pq RFC 3484 .
1939The table can be specified in another variable
1940.Va ip6addrctl_policy .
1941For
1942.Va ip6addrctl_policy
1943the following keywords can be specified:
1944.Dq Li ipv4_prefer ,
1945.Dq Li ipv6_prefer ,
1946or
1947.Dq Li AUTO .
1948.Pp
1949If
1950.Dq Li ipv4_prefer
1951or
1952.Dq Li ipv6_prefer
1953is specified,
1954.Xr ip6addrctl 8
1955installs a pre-defined policy table described in Section 10.3
1956.Pq IPv4-preferred
1957or 2.1
1958.Pq IPv6-preferred
1959of RFC 3484.
1960.Pp
1961If
1962.Dq Li AUTO
1963is specified, it attempts to read a file
1964.Pa /etc/ip6addrctl.conf
1965first.
1966If this file is found,
1967.Xr ip6addrctl 8
1968reads and installs it.
1969If not found, a policy is automatically set
1970according to
1971.Va ipv6_activate_all_interfaces
1972variable; if the variable is set to
1973.Dq Li YES
1974the IPv6-preferred one is used.
1975Otherwise IPv4-preferred.
1976.Pp
1977The default value of
1978.Va ip6addrctl_enable
1979and
1980.Va ip6addrctl_policy
1981are
1982.Dq Li YES
1983and
1984.Dq Li AUTO ,
1985respectively.
1986.It Va cloned_interfaces
1987.Pq Vt str
1988Set to the list of clonable network interfaces to create on this host.
1989Further cloning arguments may be passed to the
1990.Xr ifconfig 8
1991.Cm create
1992command for each interface by setting the
1993.Va create_args_ Ns Aq Ar interface
1994variable.
1995If an interface name is specified with
1996.Dq :sticky
1997keyword,
1998the interface will not be destroyed even when
1999.Pa rc.d/netif
2000script is invoked with
2001.Dq stop
2002argument.
2003This is useful when reconfiguring the interface without destroying it.
2004Entries in
2005.Va cloned_interfaces
2006are automatically appended to
2007.Va network_interfaces
2008for configuration.
2009.It Va cloned_interfaces_sticky
2010.Pq Vt bool
2011This variable is to globally enable functionality of
2012.Dq :sticky
2013keyword in
2014.Va cloned_interfaces
2015for all interfaces.
2016The default value is
2017.Dq NO .
2018Even if this variable is specified to
2019.Dq YES ,
2020.Dq :nosticky
2021keyword can be used to override it on per interface basis.
2022.It Va gif_interfaces
2023Set to the list of
2024.Xr gif 4
2025tunnel interfaces to configure on this host.
2026A
2027.Va gifconfig_ Ns Aq Ar interface
2028variable is assumed to exist for each value of
2029.Ar interface .
2030The value of this variable is used to configure the link layer of the
2031tunnel using the
2032.Cm tunnel
2033option to
2034.Xr ifconfig 8 .
2035Additionally, this option ensures that each listed interface is created
2036via the
2037.Cm create
2038option to
2039.Xr ifconfig 8
2040before attempting to configure it.
2041.Pp
2042For example, configure two
2043.Xr gif 4
2044interfaces with:
2045.Bd -literal
2046gif_interfaces="gif0 gif1"
2047gifconfig_gif0="100.64.0.1 100.64.0.2"
2048ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
2049gifconfig_gif1="inet6 2a00::1 2a01::1"
2050ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
2051.Ed
2052.It Va ppp_enable
2053.Pq Vt bool
2054If set to
2055.Dq Li YES ,
2056run the
2057.Xr ppp 8
2058daemon.
2059.It Va ppp_profile
2060.Pq Vt str
2061The name of the profile to use from
2062.Pa /etc/ppp/ppp.conf .
2063Also used for per-profile overrides of
2064.Va ppp_mode
2065and
2066.Va ppp_nat ,
2067and
2068.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
2069When the profile name contains any of the characters
2070.Dq Li .-/+
2071they are translated to
2072.Dq Li _
2073for the proposes of the override variable names.
2074.It Va ppp_mode
2075.Pq Vt str
2076Mode in which to run the
2077.Xr ppp 8
2078daemon.
2079.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
2080.Pq Vt str
2081Overrides the global
2082.Va ppp_mode
2083for
2084.Ar profile .
2085Accepted modes are
2086.Dq Li auto ,
2087.Dq Li ddial ,
2088.Dq Li direct
2089and
2090.Dq Li dedicated .
2091See the manual for a full description.
2092.It Va ppp_nat
2093.Pq Vt bool
2094If set to
2095.Dq Li YES ,
2096enables network address translation.
2097Used in conjunction with
2098.Va gateway_enable
2099allows hosts on private network addresses access to the Internet using
2100this host as a network address translating router.
2101Default is
2102.Dq Li YES .
2103.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
2104.Pq Vt str
2105Overrides the global
2106.Va ppp_nat
2107for
2108.Ar profile .
2109.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
2110.Pq Vt int
2111Set the unit number to be used for this profile.
2112See the manual description of
2113.Fl unit Ns Ar N
2114for details.
2115.It Va ppp_user
2116.Pq Vt str
2117The name of the user under which
2118.Xr ppp 8
2119should be started.
2120By
2121default,
2122.Xr ppp 8
2123is started as
2124.Dq Li root .
2125.It Va rc_conf_files
2126.Pq Vt str
2127This option is used to specify a list of files that will override
2128the settings in
2129.Pa /etc/defaults/rc.conf .
2130The files will be read in the order in which they are specified and should
2131include the full path to the file.
2132By default, the files specified are
2133.Pa /etc/rc.conf
2134and
2135.Pa /etc/rc.conf.local .
2136.It Va zfs_enable
2137.Pq Vt bool
2138If set to
2139.Dq Li YES ,
2140.Pa /etc/rc.d/zfs
2141will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2142(ZVOLs).
2143.It Va zpool_reguid
2144.Pq Vt str
2145A space-separated list of ZFS pool names for which new pool GUIDs should be
2146assigned upon first boot.
2147This is useful when using a ZFS pool copied from a template, such as a virtual
2148machine image.
2149.It Va zpool_upgrade
2150.Pq Vt str
2151A space-separated list of ZFS pool names for which the version should be
2152upgraded upon first boot.
2153This is useful when using a ZFS pool generated by the
2154.Xr makefs 8
2155utility.
2156.It Va gptboot_enable
2157.Pq Vt bool
2158If set to
2159.Dq Li YES ,
2160.Pa /etc/rc.d/gptboot
2161will log if the system successfully (or not) booted from a GPT partition,
2162which had the
2163.Ar bootonce
2164attribute set using
2165.Xr gpart 8
2166utility.
2167.It Va gbde_autoattach_all
2168.Pq Vt bool
2169If set to
2170.Dq Li YES ,
2171.Pa /etc/rc.d/gbde
2172will attempt to automatically initialize the .bde devices specified in
2173.Pa /etc/fstab .
2174.It Va gbde_devices
2175.Pq Vt str
2176List the devices that the script should try to attach,
2177or
2178.Dq Li AUTO .
2179.It Va gbde_lockdir
2180.Pq Vt str
2181The directory where the
2182.Xr gbde 4
2183lockfiles are located.
2184The default lockfile directory is
2185.Pa /etc .
2186.Pp
2187The lockfile for each individual
2188.Xr gbde 4
2189device can be overridden by setting the variable
2190.Va gbde_lock_ Ns Aq Ar device ,
2191where
2192.Ar device
2193is the encrypted device without the
2194.Dq Pa /dev/
2195and
2196.Dq Pa .bde
2197parts.
2198.It Va gbde_attach_attempts
2199.Pq Vt int
2200Number of times to attempt attaching to a
2201.Xr gbde 4
2202device, i.e., how many times the user is asked for the pass-phrase.
2203Default is 3.
2204.It Va geli_devices
2205.Pq Vt str
2206List of devices to automatically attach on boot.
2207Note that .eli devices from
2208.Pa /etc/fstab
2209are automatically appended to this list.
2210.It Va geli_groups
2211.Pq Vt str
2212List of groups containing devices to automatically attach on boot with the same
2213keyfiles and passphrase.
2214This must be accompanied with a corresponding
2215.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2216variable.
2217.It Va geli_tries
2218.Pq Vt int
2219Number of times user is asked for the pass-phrase.
2220If empty, it will be taken from
2221.Va kern.geom.eli.tries
2222sysctl variable.
2223.It Va geli_default_flags
2224.Pq Vt str
2225Default flags to use by
2226.Xr geli 8
2227when configuring disk encryption.
2228Flags can be configured for every device separately by defining the
2229.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2230variable, and for every group separately by defining the
2231.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2232variable.
2233.It Va geli_autodetach
2234.Pq Vt str
2235Specifies if GELI devices should be marked for detach on last close after
2236file systems are mounted.
2237Default is
2238.Dq Li YES .
2239This can be changed for every device separately by defining the
2240.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2241variable.
2242.It Va root_rw_mount
2243.Pq Vt bool
2244Set to
2245.Dq Li YES
2246by default.
2247After the file systems are checked at boot time, the root file system
2248is remounted as read-write if this is set to
2249.Dq Li YES .
2250Diskless systems that mount their root file system from a read-only remote
2251NFS share should set this to
2252.Dq Li NO
2253in their
2254.Pa rc.conf .
2255.It Va fsck_y_enable
2256.Pq Vt bool
2257If set to
2258.Dq Li YES ,
2259.Xr fsck 8
2260will be run with the
2261.Fl y
2262flag if the initial preen
2263of the file systems fails.
2264.It Va background_fsck
2265.Pq Vt bool
2266If set to
2267.Dq Li NO ,
2268the system will not attempt to run
2269.Xr fsck 8
2270in the background where possible.
2271.It Va background_fsck_delay
2272.Pq Vt int
2273The amount of time in seconds to sleep before starting a background
2274.Xr fsck 8 .
2275It defaults to sixty seconds to allow large applications such as
2276the X server to start before disk I/O bandwidth is monopolized by
2277.Xr fsck 8 .
2278If set to a negative number, the background file system check will be
2279delayed indefinitely to allow the administrator to run it at a more
2280convenient time.
2281For example it may be run from
2282.Xr cron 8
2283by adding a line like
2284.Pp
2285.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2286.Pp
2287to
2288.Pa /etc/crontab .
2289.It Va netfs_types
2290.Pq Vt str
2291List of file system types that are network-based.
2292This list should generally not be modified by end users.
2293Use
2294.Va extra_netfs_types
2295instead.
2296.It Va extra_netfs_types
2297.Pq Vt str
2298If set to something other than
2299.Dq Li NO
2300(the default),
2301this variable extends the list of file system types
2302for which automatic mounting at startup by
2303.Xr rc 8
2304should be delayed until the network is initialized.
2305It should contain
2306a whitespace-separated list of network file system descriptor pairs,
2307each consisting of a file system type as passed to
2308.Xr mount 8
2309and a human-readable, one-word description,
2310joined with a colon
2311.Pq Ql \&: .
2312Extending the default list in this way is only necessary
2313when third party file system types are used.
2314.It Va syslogd_enable
2315.Pq Vt bool
2316If set to
2317.Dq Li YES ,
2318run the
2319.Xr syslogd 8
2320daemon.
2321.It Va syslogd_program
2322.Pq Vt str
2323Path to
2324.Xr syslogd 8
2325(default
2326.Pa /usr/sbin/syslogd ) .
2327.It Va syslogd_flags
2328.Pq Vt str
2329If
2330.Va syslogd_enable
2331is set to
2332.Dq Li YES ,
2333these are the flags to pass to
2334.Xr syslogd 8 .
2335.It Va inetd_enable
2336.Pq Vt bool
2337If set to
2338.Dq Li YES ,
2339run the
2340.Xr inetd 8
2341daemon.
2342.It Va inetd_program
2343.Pq Vt str
2344Path to
2345.Xr inetd 8
2346(default
2347.Pa /usr/sbin/inetd ) .
2348.It Va inetd_flags
2349.Pq Vt str
2350If
2351.Va inetd_enable
2352is set to
2353.Dq Li YES ,
2354these are the flags to pass to
2355.Xr inetd 8 .
2356.It Va hastd_enable
2357.Pq Vt bool
2358If set to
2359.Dq Li YES ,
2360run the
2361.Xr hastd 8
2362daemon.
2363.It Va hastd_program
2364.Pq Vt str
2365Path to
2366.Xr hastd 8
2367(default
2368.Pa /sbin/hastd ) .
2369.It Va hastd_flags
2370.Pq Vt str
2371If
2372.Va hastd_enable
2373is set to
2374.Dq Li YES ,
2375these are the flags to pass to
2376.Xr hastd 8 .
2377.It Va local_unbound_enable
2378.Pq Vt bool
2379If set to
2380.Dq Li YES ,
2381run the
2382.Xr unbound 8
2383daemon as a local caching DNS resolver.
2384.It Va nscd_enable
2385.Pq Vt bool
2386Set to
2387.Dq Li YES
2388to start the
2389.Xr nscd 8
2390caching daemon for the
2391.Nm nsswitch
2392subsystem.
2393.It Va nscd_flags
2394.Pq Vt str
2395If
2396.Va nscd_enable
2397is set to
2398.Dq Li YES ,
2399these flags are passed to
2400.Xr nscd 8 .
2401.It Va kdc_enable
2402.Pq Vt bool
2403Set to
2404.Dq Li YES
2405to start a Kerberos 5 authentication server
2406at boot time.
2407.It Va kdc_program
2408.Pq Vt str
2409If
2410.Va kdc_enable
2411is set to
2412.Dq Li YES
2413this is the path to Kerberos 5 Authentication Server.
2414.It Va kdc_flags
2415.Pq Vt str
2416Empty by default.
2417This variable contains additional flags to be passed to the Kerberos 5
2418authentication server.
2419.It Va kadmind_enable
2420.Pq Vt bool
2421Set to
2422.Dq Li YES
2423to start
2424.Xr kadmind 8 ,
2425the Kerberos 5 Administration Daemon; set to
2426.Dq Li NO
2427on a slave server.
2428.It Va kadmind_program
2429.Pq Vt str
2430If
2431.Va kadmind_enable
2432is set to
2433.Dq Li YES
2434this is the path to Kerberos 5 Administration Daemon.
2435.It Va kpasswdd_enable
2436.Pq Vt bool
2437Set to
2438.Dq Li YES
2439to start
2440.Xr kpasswdd 8 ,
2441the Kerberos 5 Password-Changing Daemon; set to
2442.Dq Li NO
2443on a slave server.
2444.It Va kpasswdd_program
2445.Pq Vt str
2446If
2447.Va kpasswdd_enable
2448is set to
2449.Dq Li YES
2450this is the path to Kerberos 5 Password-Changing Daemon.
2451.It Va kfd_enable
2452.Pq Vt bool
2453Set to
2454.Dq Li YES
2455to start
2456.Xr kfd 8 ,
2457the Kerberos 5 ticket forwarding daemon, at the boot time.
2458.It Va kfd_program
2459.Pq Vt str
2460Path to
2461.Xr kfd 8
2462(default
2463.Pa /usr/libexec/kfd ) .
2464.It Va rwhod_enable
2465.Pq Vt bool
2466If set to
2467.Dq Li YES ,
2468run the
2469.Xr rwhod 8
2470daemon at boot time.
2471.It Va rwhod_flags
2472.Pq Vt str
2473If
2474.Va rwhod_enable
2475is set to
2476.Dq Li YES ,
2477these are the flags to pass to it.
2478.It Va update_motd
2479.Pq Vt bool
2480If set to
2481.Dq Li YES ,
2482.Pa /var/run/motd
2483will be updated at boot time to reflect the kernel release
2484being run.
2485If set to
2486.Dq Li NO ,
2487.Pa /var/run/motd
2488will not be updated.
2489.It Va nfs_client_enable
2490.Pq Vt bool
2491If set to
2492.Dq Li YES ,
2493run the NFS client daemons at boot time.
2494.It Va nfs_access_cache
2495.Pq Vt int
2496If
2497.Va nfs_client_enable
2498is set to
2499.Dq Li YES ,
2500this can be set to
2501.Dq Li 0
2502to disable NFS ACCESS RPC caching, or to the number of seconds for which
2503NFS ACCESS
2504results should be cached.
2505A value of 2-10 seconds will substantially reduce network
2506traffic for many NFS operations.
2507.It Va nfs_server_enable
2508.Pq Vt bool
2509If set to
2510.Dq Li YES ,
2511run the NFS server daemons at boot time.
2512.It Va nfs_server_flags
2513.Pq Vt str
2514If
2515.Va nfs_server_enable
2516is set to
2517.Dq Li YES ,
2518these are the flags to pass to the
2519.Xr nfsd 8
2520daemon.
2521.It Va nfsv4_server_enable
2522.Pq Vt bool
2523If
2524.Va nfs_server_enable
2525is set to
2526.Dq Li YES
2527and
2528.Va nfsv4_server_enable
2529is set to
2530.Dq Li YES ,
2531enable the server for NFSv4 as well as NFSv2 and NFSv3.
2532.It Va nfsv4_server_only
2533.Pq Vt bool
2534If
2535.Va nfs_server_enable
2536is set to
2537.Dq Li YES
2538and
2539.Va nfsv4_server_only
2540is set to
2541.Dq Li YES ,
2542enable the NFS server for NFSv4 only.
2543.It Va nfs_server_maxio
2544.Pq Vt int
2545value to set vfs.nfsd.srvmaxio to, which is the
2546maximum I/O size for the NFS server.
2547.It Va tlsclntd_enable
2548.Pq Vt bool
2549If set to
2550.Dq Li YES ,
2551run the
2552.Xr rpc.tlsclntd 8
2553daemon, which is needed for NFS-over-TLS NFS mounts.
2554.It Va tlsservd_enable
2555.Pq Vt bool
2556If set to
2557.Dq Li YES ,
2558run the
2559.Xr rpc.tlsservd 8
2560daemon, which is needed for the
2561.Xr nfsd 8
2562to support NFS-over-TLS NFS mounts.
2563.It Va nfsuserd_enable
2564.Pq Vt bool
2565If
2566.Va nfsuserd_enable
2567is set to
2568.Dq Li YES ,
2569run the nfsuserd daemon, which is needed for NFSv4 in order
2570to map between user/group names vs uid/gid numbers.
2571If
2572.Va nfsv4_server_enable
2573is set to
2574.Dq Li YES ,
2575this will be forced enabled.
2576.It Va nfsuserd_flags
2577.Pq Vt str
2578If
2579.Va nfsuserd_enable
2580is set to
2581.Dq Li YES ,
2582these are the flags to pass to the
2583.Xr nfsuserd 8
2584daemon.
2585.It Va nfscbd_enable
2586.Pq Vt bool
2587If
2588.Va nfscbd_enable
2589is set to
2590.Dq Li YES ,
2591run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2592.It Va nfscbd_flags
2593.Pq Vt str
2594If
2595.Va nfscbd_enable
2596is set to
2597.Dq Li YES ,
2598these are the flags to pass to the
2599.Xr nfscbd 8
2600daemon.
2601.It Va mountd_enable
2602.Pq Vt bool
2603If set to
2604.Dq Li YES ,
2605and no
2606.Va nfs_server_enable
2607is set, start
2608.Xr mountd 8 ,
2609but not
2610.Xr nfsd 8
2611daemon.
2612It is commonly needed to run CFS without real NFS used.
2613.It Va mountd_flags
2614.Pq Vt str
2615If
2616.Va mountd_enable
2617is set to
2618.Dq Li YES ,
2619these are the flags to pass to the
2620.Xr mountd 8
2621daemon.
2622.It Va weak_mountd_authentication
2623.Pq Vt bool
2624If set to
2625.Dq Li YES ,
2626allow services like PCNFSD to make non-privileged mount
2627requests.
2628.It Va nfs_reserved_port_only
2629.Pq Vt bool
2630If set to
2631.Dq Li YES ,
2632provide NFS services only on a secure port.
2633.It Va nfs_bufpackets
2634.Pq Vt int
2635If set to a number, indicates the number of packets worth of
2636socket buffer space to reserve on an NFS client.
2637The kernel default is typically 4.
2638Using a higher number may be
2639useful on gigabit networks to improve performance.
2640The minimum value is
26412 and the maximum is 64.
2642.It Va rpc_lockd_enable
2643.Pq Vt bool
2644If set to
2645.Dq Li YES
2646and also an NFS server or client, run
2647.Xr rpc.lockd 8
2648at boot time.
2649.It Va rpc_lockd_flags
2650.Pq Vt str
2651If
2652.Va rpc_lockd_enable
2653is set to
2654.Dq Li YES ,
2655these are the flags to pass to the
2656.Xr rpc.lockd 8
2657daemon.
2658.It Va rpc_statd_enable
2659.Pq Vt bool
2660If set to
2661.Dq Li YES
2662and also an NFS server or client, run
2663.Xr rpc.statd 8
2664at boot time.
2665.It Va rpc_statd_flags
2666.Pq Vt str
2667If
2668.Va rpc_statd_enable
2669is set to
2670.Dq Li YES ,
2671these are the flags to pass to the
2672.Xr rpc.statd 8
2673daemon.
2674.It Va rpcbind_program
2675.Pq Vt str
2676Path to
2677.Xr rpcbind 8
2678(default
2679.Pa /usr/sbin/rpcbind ) .
2680.It Va rpcbind_enable
2681.Pq Vt bool
2682If set to
2683.Dq Li YES ,
2684run the
2685.Xr rpcbind 8
2686service at boot time.
2687.It Va rpcbind_flags
2688.Pq Vt str
2689If
2690.Va rpcbind_enable
2691is set to
2692.Dq Li YES ,
2693these are the flags to pass to the
2694.Xr rpcbind 8
2695daemon.
2696.It Va keyserv_enable
2697.Pq Vt bool
2698If set to
2699.Dq Li YES ,
2700run the
2701.Xr keyserv 8
2702daemon on boot for running Secure RPC.
2703.It Va keyserv_flags
2704.Pq Vt str
2705If
2706.Va keyserv_enable
2707is set to
2708.Dq Li YES ,
2709these are the flags to pass to
2710.Xr keyserv 8
2711daemon.
2712.It Va pppoed_enable
2713.Pq Vt bool
2714If set to
2715.Dq Li YES ,
2716run the
2717.Xr pppoed 8
2718daemon at boot time to provide PPP over Ethernet services.
2719.It Va pppoed_ Ns Aq Ar provider
2720.Pq Vt str
2721.Xr pppoed 8
2722listens to requests to this
2723.Ar provider
2724and ultimately runs
2725.Xr ppp 8
2726with a
2727.Ar system
2728argument of the same name.
2729.It Va pppoed_flags
2730.Pq Vt str
2731Additional flags to pass to
2732.Xr pppoed 8 .
2733.It Va pppoed_interface
2734.Pq Vt str
2735The network interface to run
2736.Xr pppoed 8
2737on.
2738This is mandatory when
2739.Va pppoed_enable
2740is set to
2741.Dq Li YES .
2742.It Va ntpdate_enable
2743.Pq Vt bool
2744If set to
2745.Dq Li YES ,
2746run
2747.Xr ntpdate 8
2748at system startup.
2749This command is intended to
2750synchronize the system clock only
2751.Em once
2752from some standard reference.
2753.Pp
2754Note that the use of the
2755.Va ntpd_sync_on_start
2756variable is a preferred alternative to the
2757.Xr ntpdate 8
2758utility as
2759.Xr ntpdate 8
2760is to be retired from the NTP distribution.
2761.It Va ntpdate_config
2762.Pq Vt str
2763Configuration file for
2764.Xr ntpdate 8 .
2765Default
2766.Pa /etc/ntp.conf .
2767.It Va ntpdate_hosts
2768.Pq Vt str
2769A whitespace-separated list of NTP servers to synchronize with at startup.
2770The default is to use the servers listed in
2771.Va ntpdate_config ,
2772if that file exists.
2773.It Va ntpdate_program
2774.Pq Vt str
2775Path to
2776.Xr ntpdate 8
2777(default
2778.Pa /usr/sbin/ntpdate ) .
2779.It Va ntpdate_flags
2780.Pq Vt str
2781If
2782.Va ntpdate_enable
2783is set to
2784.Dq Li YES ,
2785these are the flags to pass to the
2786.Xr ntpdate 8
2787command (typically a hostname).
2788.It Va ntpd_enable
2789.Pq Vt bool
2790If set to
2791.Dq Li YES ,
2792run the
2793.Xr ntpd 8
2794command at boot time.
2795.It Va ntpd_program
2796.Pq Vt str
2797Path to
2798.Xr ntpd 8
2799(default
2800.Pa /usr/sbin/ntpd ) .
2801.It Va ntpd_config
2802.Pq Vt str
2803Path to
2804.Xr ntpd 8
2805configuration file.
2806Default
2807.Pa /etc/ntp.conf .
2808.It Va ntpd_flags
2809.Pq Vt str
2810If
2811.Va ntpd_enable
2812is set to
2813.Dq Li YES ,
2814these are the flags to pass to the
2815.Xr ntpd 8
2816daemon.
2817.It Va ntpd_sync_on_start
2818.Pq Vt bool
2819If set to
2820.Dq Li YES ,
2821.Xr ntpd 8
2822is run with the
2823.Fl g
2824flag, which syncs the system's clock on startup.
2825See
2826.Xr ntpd 8
2827for more information regarding the
2828.Fl g
2829option.
2830This is a preferred alternative to using
2831.Xr ntpdate 8
2832or specifying the
2833.Va ntpdate_enable
2834variable.
2835.It Va nis_client_enable
2836.Pq Vt bool
2837If set to
2838.Dq Li YES ,
2839run the
2840.Xr ypbind 8
2841service at system boot time.
2842.It Va nis_client_flags
2843.Pq Vt str
2844If
2845.Va nis_client_enable
2846is set to
2847.Dq Li YES ,
2848these are the flags to pass to the
2849.Xr ypbind 8
2850service.
2851.It Va nis_ypldap_enable
2852.Pq Vt bool
2853If set to
2854.Dq Li YES ,
2855run the
2856.Xr ypldap 8
2857daemon at system boot time.
2858.It Va nis_ypldap_flags
2859.Pq Vt str
2860If
2861.Va nis.ypldap_enable
2862is set to
2863.Dq Li YES ,
2864these are the flags to pass to the
2865.Xr ypldap 8
2866daemon.
2867.It Va nis_ypset_enable
2868.Pq Vt bool
2869If set to
2870.Dq Li YES ,
2871run the
2872.Xr ypset 8
2873daemon at system boot time.
2874.It Va nis_ypset_flags
2875.Pq Vt str
2876If
2877.Va nis_ypset_enable
2878is set to
2879.Dq Li YES ,
2880these are the flags to pass to the
2881.Xr ypset 8
2882daemon.
2883.It Va nis_server_enable
2884.Pq Vt bool
2885If set to
2886.Dq Li YES ,
2887run the
2888.Xr ypserv 8
2889daemon at system boot time.
2890.It Va nis_server_flags
2891.Pq Vt str
2892If
2893.Va nis_server_enable
2894is set to
2895.Dq Li YES ,
2896these are the flags to pass to the
2897.Xr ypserv 8
2898daemon.
2899.It Va nis_ypxfrd_enable
2900.Pq Vt bool
2901If set to
2902.Dq Li YES ,
2903run the
2904.Xr rpc.ypxfrd 8
2905daemon at system boot time.
2906.It Va nis_ypxfrd_flags
2907.Pq Vt str
2908If
2909.Va nis_ypxfrd_enable
2910is set to
2911.Dq Li YES ,
2912these are the flags to pass to the
2913.Xr rpc.ypxfrd 8
2914daemon.
2915.It Va nis_yppasswdd_enable
2916.Pq Vt bool
2917If set to
2918.Dq Li YES ,
2919run the
2920.Xr rpc.yppasswdd 8
2921daemon at system boot time.
2922.It Va nis_yppasswdd_flags
2923.Pq Vt str
2924If
2925.Va nis_yppasswdd_enable
2926is set to
2927.Dq Li YES ,
2928these are the flags to pass to the
2929.Xr rpc.yppasswdd 8
2930daemon.
2931.It Va rpc_ypupdated_enable
2932.Pq Vt bool
2933If set to
2934.Dq Li YES ,
2935run the
2936.Nm rpc.ypupdated
2937daemon at system boot time.
2938.It Va bsnmpd_enable
2939.Pq Vt bool
2940If set to
2941.Dq Li YES ,
2942run the
2943.Xr bsnmpd 1
2944daemon at system boot time.
2945Be sure to understand the security implications of running an SNMP daemon
2946on your host.
2947.It Va bsnmpd_flags
2948.Pq Vt str
2949If
2950.Va bsnmpd_enable
2951is set to
2952.Dq Li YES ,
2953these are the flags to pass to the
2954.Xr bsnmpd 1
2955daemon.
2956.It Va defaultrouter
2957.Pq Vt str
2958If not set to
2959.Dq Li NO ,
2960create a default route to this host name or IP address
2961(use an IP address if this router is also required to get to the
2962name server!).
2963.It Va defaultrouter_fibN
2964.Pq Vt str
2965If not set to
2966.Dq Li NO ,
2967create a default route in FIB N to this host name or IP address.
2968.It Va ipv6_defaultrouter
2969.Pq Vt str
2970The IPv6 equivalent of
2971.Va defaultrouter .
2972.It Va ipv6_defaultrouter_fibN
2973.Pq Vt str
2974The IPv6 equivalent of
2975.Va defaultrouter_fibN .
2976.It Va static_arp_pairs
2977.Pq Vt str
2978Set to the list of static ARP pairs that are to be added at system
2979boot time.
2980For each whitespace separated
2981.Ar element
2982in the value, a
2983.Va static_arp_ Ns Aq Ar element
2984variable is assumed to exist whose contents will later be passed to a
2985.Dq Nm arp Cm -S
2986operation.
2987For example
2988.Bd -literal
2989static_arp_pairs="gw"
2990static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2991.Ed
2992.It Va static_ndp_pairs
2993.Pq Vt str
2994Set to the list of static NDP pairs that are to be added at system
2995boot time.
2996For each whitespace separated
2997.Ar element
2998in the value, a
2999.Va static_ndp_ Ns Aq Ar element
3000variable is assumed to exist whose contents will later be passed to a
3001.Dq Nm ndp Cm -s
3002operation.
3003For example
3004.Bd -literal
3005static_ndp_pairs="gw"
3006static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
3007.Ed
3008.It Va static_routes
3009.Pq Vt str
3010Set to the list of static routes that are to be added at system
3011boot time.
3012If not set to
3013.Dq Li NO
3014then for each whitespace separated
3015.Ar element
3016in the value, a
3017.Va route_ Ns Aq Ar element
3018variable is assumed to exist
3019whose contents will later be passed to a
3020.Dq Nm route Cm add
3021operation.
3022For example:
3023.Bd -literal
3024static_routes="ext mcast:gif0 gif0local:gif0"
3025route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
3026route_mcast="-net 224.0.0.0/4 -iface gif0"
3027route_gif0local="-host 169.254.1.1 -iface lo0"
3028.Ed
3029.Pp
3030When an
3031.Ar element
3032is in the form of
3033.Li name:ifname ,
3034the route is specific to the interface
3035.Li ifname .
3036.It Va ipv6_static_routes
3037.Pq Vt str
3038The IPv6 equivalent of
3039.Va static_routes .
3040If not set to
3041.Dq Li NO
3042then for each whitespace separated
3043.Ar element
3044in the value, a
3045.Va ipv6_route_ Ns Aq Ar element
3046variable is assumed to exist
3047whose contents will later be passed to a
3048.Dq Nm route Cm add Fl inet6
3049operation.
3050.It Va gateway_enable
3051.Pq Vt bool
3052If set to
3053.Dq Li YES ,
3054configure host to act as an IP router, e.g.\& to forward packets
3055between interfaces.
3056.It Va ipv6_gateway_enable
3057.Pq Vt bool
3058The IPv6 equivalent of
3059.Va gateway_enable .
3060.It Va routed_enable
3061.Pq Vt bool
3062If set to
3063.Dq Li YES ,
3064run a routing daemon of some sort, based on the
3065settings of
3066.Va routed_program
3067and
3068.Va routed_flags .
3069.It Va route6d_enable
3070.Pq Vt bool
3071The IPv6 equivalent of
3072.Va routed_enable .
3073If set to
3074.Dq Li YES ,
3075run a routing daemon of some sort, based on the
3076settings of
3077.Va route6d_program
3078and
3079.Va route6d_flags .
3080.It Va routed_program
3081.Pq Vt str
3082If
3083.Va routed_enable
3084is set to
3085.Dq Li YES ,
3086this is the name of the routing daemon to use.
3087The default is
3088.Xr routed 8 .
3089.It Va route6d_program
3090.Pq Vt str
3091The IPv6 equivalent of
3092.Va routed_program .
3093The default is
3094.Xr route6d 8 .
3095.It Va routed_flags
3096.Pq Vt str
3097If
3098.Va routed_enable
3099is set to
3100.Dq Li YES ,
3101these are the flags to pass to the routing daemon.
3102.It Va route6d_flags
3103.Pq Vt str
3104The IPv6 equivalent of
3105.Va routed_flags .
3106.It Va rtadvd_enable
3107.Pq Vt bool
3108If set to
3109.Dq Li YES ,
3110run the
3111.Xr rtadvd 8
3112daemon at boot time.
3113The
3114.Xr rtadvd 8
3115utility sends ICMPv6 Router Advertisement messages to
3116the interfaces specified in
3117.Va rtadvd_interfaces .
3118This should only be enabled with great care.
3119You may want to fine-tune
3120.Xr rtadvd.conf 5 .
3121.It Va rtadvd_interfaces
3122.Pq Vt str
3123If
3124.Va rtadvd_enable
3125is set to
3126.Dq Li YES
3127this is the list of interfaces to use.
3128.It Va arpproxy_all
3129.Pq Vt bool
3130If set to
3131.Dq Li YES ,
3132enable global proxy ARP.
3133.It Va forward_sourceroute
3134.Pq Vt bool
3135If set to
3136.Dq Li YES
3137and
3138.Va gateway_enable
3139is also set to
3140.Dq Li YES ,
3141source-routed packets are forwarded.
3142.It Va accept_sourceroute
3143.Pq Vt bool
3144If set to
3145.Dq Li YES ,
3146the system will accept source-routed packets directed at it.
3147.It Va rarpd_enable
3148.Pq Vt bool
3149If set to
3150.Dq Li YES ,
3151run the
3152.Xr rarpd 8
3153daemon at system boot time.
3154.It Va rarpd_flags
3155.Pq Vt str
3156If
3157.Va rarpd_enable
3158is set to
3159.Dq Li YES ,
3160these are the flags to pass to the
3161.Xr rarpd 8
3162daemon.
3163.It Va bootparamd_enable
3164.Pq Vt bool
3165If set to
3166.Dq Li YES ,
3167run the
3168.Xr bootparamd 8
3169daemon at system boot time.
3170.It Va bootparamd_flags
3171.Pq Vt str
3172If
3173.Va bootparamd_enable
3174is set to
3175.Dq Li YES ,
3176these are the flags to pass to the
3177.Xr bootparamd 8
3178daemon.
3179.It Va stf_interface_ipv4addr
3180.Pq Vt str
3181If not set to
3182.Dq Li NO ,
3183this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3184interface).
3185Specify this entry to enable the 6to4 interface.
3186.It Va stf_interface_ipv4plen
3187.Pq Vt int
3188Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3189An effective value is 0-31.
3190.It Va stf_interface_ipv6_ifid
3191.Pq Vt str
3192IPv6 interface ID for
3193.Xr stf 4 .
3194This can be set to
3195.Dq Li AUTO .
3196.It Va stf_interface_ipv6_slaid
3197.Pq Vt str
3198IPv6 Site Level Aggregator for
3199.Xr stf 4 .
3200.It Va ipv6_ipv4mapping
3201.Pq Vt bool
3202If set to
3203.Dq Li YES
3204this enables IPv4 mapped IPv6 address communication (like
3205.Li ::ffff:a.b.c.d ) .
3206.It Va rtsold_enable
3207.Pq Vt bool
3208Set to
3209.Dq Li YES
3210to enable the
3211.Xr rtsold 8
3212daemon to send ICMPv6 Router Solicitation messages.
3213.It Va rtsold_flags
3214.Pq Vt str
3215If
3216.Va rtsold_enable
3217is set to
3218.Dq Li YES ,
3219these are the flags to pass to
3220.Xr rtsold 8 .
3221.It Va rtsol_flags
3222.Pq Vt str
3223For interfaces configured with the
3224.Dq Li inet6 accept_rtadv
3225keyword, these are the flags to pass to
3226.Xr rtsol 8 .
3227.Pp
3228Note that
3229.Va rtsold_enable
3230is mutually exclusive to
3231.Va rtsol_flags ;
3232.Va rtsold_enable
3233takes precedence.
3234.It Va keybell
3235.Pq Vt str
3236The keyboard bell sound.
3237Set to
3238.Dq Li normal ,
3239.Dq Li visual ,
3240.Dq Li off ,
3241or
3242.Dq Li NO
3243if the default behavior is desired.
3244For details, refer to the
3245.Xr kbdcontrol 1
3246manpage.
3247.It Va keyboard
3248.Pq Vt str
3249If set to a non-null string, the virtual console's keyboard input is
3250set to this device.
3251.It Va keymap
3252.Pq Vt str
3253If set to
3254.Dq Li NO ,
3255no keymap is installed, otherwise the value is used to install
3256the keymap file found in
3257.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3258(if using
3259.Xr syscons 4 ) or
3260.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3261(if using
3262.Xr vt 4 ) .
3263.It Va keyrate
3264.Pq Vt str
3265The keyboard repeat speed.
3266Set to
3267.Dq Li slow ,
3268.Dq Li normal ,
3269.Dq Li fast ,
3270or
3271.Dq Li NO
3272if the default behavior is desired.
3273.It Va keychange
3274.Pq Vt str
3275If not set to
3276.Dq Li NO ,
3277attempt to program the function keys with the value.
3278The value should
3279be a single string of the form:
3280.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3281.It Va cursor
3282.Pq Vt str
3283Can be set to the value of
3284.Dq Li normal ,
3285.Dq Li blink ,
3286.Dq Li destructive ,
3287or
3288.Dq Li NO
3289to set the cursor behavior explicitly or choose the default behavior.
3290.It Va scrnmap
3291.Pq Vt str
3292If set to
3293.Dq Li NO ,
3294no screen map is installed, otherwise the value is used to install
3295the screen map file in
3296.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3297This parameter is ignored when using
3298.Xr vt 4
3299as the console driver.
3300.It Va font8x16
3301.Pq Vt str
3302If set to
3303.Dq Li NO ,
3304the default 8x16 font value is used for screen size requests, otherwise
3305the value in
3306.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3307or
3308.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3309is used (depending on the console driver being used).
3310.It Va font8x14
3311.Pq Vt str
3312If set to
3313.Dq Li NO ,
3314the default 8x14 font value is used for screen size requests, otherwise
3315the value in
3316.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3317or
3318.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3319is used (depending on the console driver being used).
3320.It Va font8x8
3321.Pq Vt str
3322If set to
3323.Dq Li NO ,
3324the default 8x8 font value is used for screen size requests, otherwise
3325the value in
3326.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3327or
3328.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3329is used (depending on the console driver being used).
3330.It Va blanktime
3331.Pq Vt int
3332If set to
3333.Dq Li NO ,
3334the default screen blanking interval is used, otherwise it is set
3335to
3336.Ar value
3337seconds.
3338.It Va saver
3339.Pq Vt str
3340If not set to
3341.Dq Li NO ,
3342this is the actual screen saver to use
3343.Li ( blank , snake , daemon ,
3344etc).
3345.It Va moused_nondefault_enable
3346.Pq Vt str
3347If set to
3348.Dq Li NO ,
3349the mouse device specified on
3350the command line is not automatically treated as enabled by the
3351.Pa /etc/rc.d/moused
3352script.
3353Having this variable set to
3354.Dq Li YES
3355allows a
3356.Xr usb 4
3357mouse,
3358for example,
3359to be enabled as soon as it is plugged in.
3360.It Va moused_enable
3361.Pq Vt str
3362If set to
3363.Dq Li YES ,
3364the
3365.Xr moused 8
3366daemon is started for doing cut/paste selection on the console.
3367.It Va moused_type
3368.Pq Vt str
3369This is the protocol type of the mouse connected to this host.
3370This variable must be set if
3371.Va moused_enable
3372is set to
3373.Dq Li YES ,
3374but defaults to
3375.Dq Li auto
3376as the
3377.Xr moused 8
3378daemon
3379is able to detect the appropriate mouse type automatically in many cases.
3380Set this variable to
3381one from the following list if the automatic detection fails.
3382.Pp
3383If the mouse is attached to the PS/2 mouse port, choose
3384.Dq Li auto
3385or
3386.Dq Li ps/2 ,
3387regardless of the brand and model of the mouse.
3388Likewise, if the
3389mouse is attached to the bus mouse port, choose
3390.Dq Li auto
3391or
3392.Dq Li busmouse .
3393All other protocols are for serial mice and will not work with
3394the PS/2 and bus mice.
3395If this is a USB mouse,
3396.Dq Li auto
3397is the only protocol type which will work.
3398.Pp
3399.Bl -tag -width ".Li x10mouseremote" -compact
3400.It Li microsoft
3401Microsoft mouse (serial)
3402.It Li intellimouse
3403Microsoft IntelliMouse (serial)
3404.It Li mousesystems
3405Mouse systems Corp.\& mouse (serial)
3406.It Li mmseries
3407MM Series mouse (serial)
3408.It Li logitech
3409Logitech mouse (serial)
3410.It Li busmouse
3411A bus mouse
3412.It Li mouseman
3413Logitech MouseMan and TrackMan (serial)
3414.It Li glidepoint
3415ALPS GlidePoint (serial)
3416.It Li thinkingmouse
3417Kensington ThinkingMouse (serial)
3418.It Li ps/2
3419PS/2 mouse
3420.It Li mmhittab
3421MM HitTablet (serial)
3422.It Li x10mouseremote
3423X10 MouseRemote (serial)
3424.It Li versapad
3425Interlink VersaPad (serial)
3426.El
3427.Pp
3428Even if the mouse is not in the above list, it may be compatible
3429with one in the list.
3430Refer to the manual page for
3431.Xr moused 8
3432for compatibility information.
3433.Pp
3434It should also be noted that while this is enabled, any
3435other client of the mouse (such as an X server) should access
3436the mouse through the virtual mouse device,
3437.Pa /dev/sysmouse ,
3438and configure it as a
3439.Dq Li sysmouse
3440type mouse, since all
3441mouse data is converted to this single canonical format when
3442using
3443.Xr moused 8 .
3444If the client program does not support the
3445.Dq Li sysmouse
3446type,
3447specify the
3448.Dq Li mousesystems
3449type.
3450It is the second preferred type.
3451.It Va moused_port
3452.Pq Vt str
3453If
3454.Va moused_enable
3455is set to
3456.Dq Li YES ,
3457this is the actual port the mouse is on.
3458It might be
3459.Pa /dev/cuau0
3460for a COM1 serial mouse, or
3461.Pa /dev/psm0
3462for a PS/2 mouse, for example.
3463.It Va moused_flags
3464.Pq Vt str
3465If
3466.Va moused_flags
3467is set, its value is used as an additional set of flags to pass to the
3468.Xr moused 8
3469daemon.
3470.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3471When
3472.Va moused_nondefault_enable
3473is enabled, and a
3474.Xr moused 8
3475daemon is started for a non-default port, the
3476.Va "moused_" Ns Ar XXX Ns Va "_flags"
3477set of options has precedence over and replaces the default
3478.Va moused_flags
3479(where
3480.Ar XXX
3481is the name of the non-default port, i.e.,\&
3482.Ar ums0 ) .
3483By setting
3484.Va "moused_" Ns Ar XXX Ns Va "_flags"
3485it is possible to set up a different set of default flags for each
3486.Xr moused 8
3487instance.
3488For example, you can use
3489.Dq Li "-3"
3490for the default
3491.Va moused_flags
3492to make your laptop's touchpad more comfortable to use,
3493but an empty set of options for
3494.Va moused_ums0_flags
3495when your
3496.Xr usb 4
3497mouse has three or more buttons.
3498.It Va mousechar_start
3499.Pq Vt int
3500If set to
3501.Dq Li NO ,
3502the default mouse cursor character range
3503.Li 0xd0 Ns - Ns Li 0xd3
3504is used,
3505otherwise the range start is set
3506to
3507.Ar value
3508character, see
3509.Xr vidcontrol 1 .
3510Use if the default range is occupied in the language code table.
3511.It Va allscreens_flags
3512.Pq Vt str
3513If set,
3514.Xr vidcontrol 1
3515is run with these options for each of the virtual terminals
3516.Pq Pa /dev/ttyv* .
3517For example,
3518.Dq Fl m Cm on
3519will enable the mouse pointer on all virtual terminals
3520if
3521.Va moused_enable
3522is set to
3523.Dq Li YES .
3524.It Va allscreens_kbdflags
3525.Pq Vt str
3526If set,
3527.Xr kbdcontrol 1
3528is run with these options for each of the virtual terminals
3529.Pq Pa /dev/ttyv* .
3530For example,
3531.Dq Fl h Li 200
3532will set the
3533.Xr syscons 4
3534or
3535.Xr vt 4
3536scrollback (history) buffer to 200 lines.
3537.It Va cron_enable
3538.Pq Vt bool
3539If set to
3540.Dq Li YES ,
3541run the
3542.Xr cron 8
3543daemon at system boot time.
3544.It Va cron_program
3545.Pq Vt str
3546Path to
3547.Xr cron 8
3548(default
3549.Pa /usr/sbin/cron ) .
3550.It Va cron_flags
3551.Pq Vt str
3552If
3553.Va cron_enable
3554is set to
3555.Dq Li YES ,
3556these are the flags to pass to
3557.Xr cron 8 .
3558.It Va cron_dst
3559.Pq Vt bool
3560If set to
3561.Dq Li YES ,
3562enable the special handling of transitions to and from the
3563Daylight Saving Time in
3564.Xr cron 8
3565(equivalent to using the flag
3566.Fl s ) .
3567.It Va lpd_program
3568.Pq Vt str
3569Path to
3570.Xr lpd 8
3571(default
3572.Pa /usr/sbin/lpd ) .
3573.It Va lpd_enable
3574.Pq Vt bool
3575If set to
3576.Dq Li YES ,
3577run the
3578.Xr lpd 8
3579daemon at system boot time.
3580.It Va lpd_flags
3581.Pq Vt str
3582If
3583.Va lpd_enable
3584is set to
3585.Dq Li YES ,
3586these are the flags to pass to the
3587.Xr lpd 8
3588daemon.
3589.It Va chkprintcap_enable
3590.Pq Vt bool
3591If set to
3592.Dq Li YES ,
3593run the
3594.Xr chkprintcap 8
3595command before starting the
3596.Xr lpd 8
3597daemon.
3598.It Va chkprintcap_flags
3599.Pq Vt str
3600If
3601.Va lpd_enable
3602and
3603.Va chkprintcap_enable
3604are set to
3605.Dq Li YES ,
3606these are the flags to pass to the
3607.Xr chkprintcap 8
3608program.
3609The default is
3610.Dq Li -d ,
3611which causes missing directories to be created.
3612.It Va dumpdev
3613.Pq Vt str
3614Indicates the device (usually a swap partition) to which a crash dump
3615should be written in the event of a system crash.
3616If the value of this variable is
3617.Dq Li AUTO ,
3618the first suitable swap device listed in
3619.Pa /etc/fstab
3620will be used as dump device.
3621Otherwise, the value of this variable is passed as the argument to
3622.Xr dumpon 8
3623and
3624.Xr savecore 8 .
3625To disable crash dumps, set this variable to
3626.Dq Li NO .
3627.It Va dumpon_flags
3628.Pq Vt str
3629Flags to pass to
3630.Xr dumpon 8
3631when configuring
3632.Va dumpdev
3633as the system dump device.
3634.It Va dumpdir
3635.Pq Vt str
3636When the system reboots after a crash and a crash dump is found on the
3637device specified by the
3638.Va dumpdev
3639variable,
3640.Xr savecore 8
3641will save that crash dump and a copy of the kernel to the directory
3642specified by the
3643.Va dumpdir
3644variable.
3645The default value is
3646.Pa /var/crash .
3647Set to
3648.Dq Li NO
3649to not run
3650.Xr savecore 8
3651at boot time when
3652.Va dumpdir
3653is set.
3654.It Va savecore_enable
3655.Pq Vt bool
3656If set to
3657.Dq Li NO ,
3658disable automatic extraction of the crash dump from the
3659.Va dumpdev .
3660.It Va savecore_flags
3661.Pq Vt str
3662If crash dumps are enabled, these are the flags to pass to the
3663.Xr savecore 8
3664utility.
3665.It Va quota_enable
3666.Pq Vt bool
3667Set to
3668.Dq Li YES
3669to turn on user and group disk quotas on system startup via the
3670.Xr quotaon 8
3671command for all file systems marked as having quotas enabled in
3672.Pa /etc/fstab .
3673The kernel must be built with
3674.Cd "options QUOTA"
3675for disk quotas to function.
3676.It Va check_quotas
3677.Pq Vt bool
3678Set to
3679.Dq Li YES
3680to enable user and group disk quota checking via the
3681.Xr quotacheck 8
3682command.
3683.It Va quotacheck_flags
3684.Pq Vt str
3685If
3686.Va quota_enable
3687is set to
3688.Dq Li YES ,
3689and
3690.Va check_quotas
3691is set to
3692.Dq Li YES ,
3693these are the flags to pass to the
3694.Xr quotacheck 8
3695utility.
3696The default is
3697.Dq Li "-a" ,
3698which checks quotas for all file systems with quotas enabled in
3699.Pa /etc/fstab .
3700.It Va quotaon_flags
3701.Pq Vt str
3702If
3703.Va quota_enable
3704is set to
3705.Dq Li YES ,
3706these are the flags to pass to the
3707.Xr quotaon 8
3708utility.
3709The default is
3710.Dq Li "-a" ,
3711which enables quotas for all file systems with quotas enabled in
3712.Pa /etc/fstab .
3713.It Va quotaoff_flags
3714.Pq Vt str
3715If
3716.Va quota_enable
3717is set to
3718.Dq Li YES ,
3719these are the flags to pass to the
3720.Xr quotaoff 8
3721utility when shutting down the quota system.
3722The default is
3723.Dq Li "-a" ,
3724which disables quotas for all file systems with quotas enabled in
3725.Pa /etc/fstab .
3726.It Va accounting_enable
3727.Pq Vt bool
3728Set to
3729.Dq Li YES
3730to enable system accounting through the
3731.Xr accton 8
3732facility.
3733.It Va firstboot_sentinel
3734.Pq Vt str
3735This variable specifies the full path to a
3736.Dq first boot
3737sentinel file.
3738If a file exists with this path,
3739.Pa rc.d
3740scripts with the
3741.Dq firstboot
3742keyword will be run on startup and the sentinel file will be deleted
3743after the boot process completes.
3744The sentinel file must be located on a writable file system which is
3745mounted no later than
3746.Va early_late_divider
3747to function properly.
3748The default is
3749.Pa /firstboot .
3750.It Va linux_enable
3751.Pq Vt bool
3752Set to
3753.Dq Li YES
3754to enable Linux/ELF binary emulation at system initial
3755boot time.
3756.It Va sysvipc_enable
3757.Pq Vt bool
3758If set to
3759.Dq Li YES ,
3760load System V IPC primitives at boot time.
3761.It Va clear_tmp_enable
3762.Pq Vt bool
3763Set to
3764.Dq Li YES
3765to have
3766.Pa /tmp
3767cleaned at startup.
3768.It Va clear_tmp_X
3769.Pq Vt bool
3770Set to
3771.Dq Li NO
3772to disable removing of X11 lock files,
3773and the removal and (secure) recreation
3774of the various socket directories for X11
3775related programs.
3776.It Va ldconfig_paths
3777.Pq Vt str
3778Set to the list of shared library paths to use with
3779.Xr ldconfig 8 .
3780NOTE:
3781.Pa /lib
3782and
3783.Pa /usr/lib
3784will always be added first, so they need not appear in this list.
3785.It Va ldconfig32_paths
3786.Pq Vt str
3787Set to the list of 32-bit compatibility shared library paths to
3788use with
3789.Xr ldconfig 8 .
3790.It Va ldconfig_insecure
3791.Pq Vt bool
3792The
3793.Xr ldconfig 8
3794utility normally refuses to use directories
3795which are writable by anyone except root.
3796Set this variable to
3797.Dq Li YES
3798to disable that security check during system startup.
3799.It Va ldconfig_local_dirs
3800.Pq Vt str
3801Set to the list of local
3802.Xr ldconfig 8
3803directories.
3804The names of all files in the directories listed will be
3805passed as arguments to
3806.Xr ldconfig 8 .
3807.It Va ldconfig_local32_dirs
3808.Pq Vt str
3809Set to the list of local 32-bit compatibility
3810.Xr ldconfig 8
3811directories.
3812The names of all files in the directories listed will be
3813passed as arguments to
3814.Dq Nm ldconfig Fl 32 .
3815.It Va kern_securelevel_enable
3816.Pq Vt bool
3817Set to
3818.Dq Li YES
3819to set the kernel security level at system startup.
3820.It Va kern_securelevel
3821.Pq Vt int
3822The kernel security level to set at startup.
3823The allowed range of
3824.Ar value
3825ranges from \-1 (the compile time default) to 3 (the
3826most secure).
3827See
3828.Xr security 7
3829for the list of possible security levels and their effect
3830on system operation.
3831.It Va sshd_program
3832.Pq Vt str
3833Path to the SSH server program
3834.Pa ( /usr/sbin/sshd
3835is the default).
3836.It Va sshd_enable
3837.Pq Vt bool
3838Set to
3839.Dq Li YES
3840to start
3841.Xr sshd 8
3842at system boot time.
3843.It Va sshd_flags
3844.Pq Vt str
3845If
3846.Va sshd_enable
3847is set to
3848.Dq Li YES ,
3849these are the flags to pass to the
3850.Xr sshd 8
3851daemon.
3852.It Va ftpd_program
3853.Pq Vt str
3854Path to the FTP server program
3855.Pa ( /usr/libexec/ftpd
3856is the default).
3857.It Va ftpd_enable
3858.Pq Vt bool
3859Set to
3860.Dq Li YES
3861to start
3862.Xr ftpd 8
3863as a stand-alone daemon at system boot time.
3864.It Va ftpd_flags
3865.Pq Vt str
3866If
3867.Va ftpd_enable
3868is set to
3869.Dq Li YES ,
3870these are the additional flags to pass to the
3871.Xr ftpd 8
3872daemon.
3873.It Va watchdogd_enable
3874.Pq Vt bool
3875If set to
3876.Dq Li YES ,
3877start the
3878.Xr watchdogd 8
3879daemon at boot time.
3880This requires that the kernel have been compiled with a
3881.Xr watchdog 4
3882compatible device.
3883.It Va watchdogd_flags
3884.Pq Vt str
3885If
3886.Va watchdogd_enable
3887is set to
3888.Dq Li YES ,
3889these are the flags passed to the
3890.Xr watchdogd 8
3891daemon.
3892.It Va watchdogd_timeout
3893.Pq Vt int
3894If
3895.Va watchdogd_enable
3896is set to
3897.Dq Li YES ,
3898this is a timeout that will be used by the
3899.Xr watchdogd 8
3900daemon.
3901If this option is set, it overrides
3902.Fl t
3903in
3904.Va watchdogd_flags .
3905.It Va watchdogd_shutdown_timeout
3906.Pq Vt int
3907If
3908.Va watchdogd_enable
3909is set to
3910.Dq Li YES ,
3911this is a timeout that will be set by the
3912.Xr watchdogd 8
3913daemon when it exits during the system shutdown.
3914This timeout will not be set when returning to the single-user mode
3915or when the watchdogd service is stopped individually using the
3916.Xr service 8
3917command or the rc.d script.
3918Note that the timeout will be applied if
3919.Xr watchdogd 8
3920is stopped outside of
3921.Xr rc 8
3922framework.
3923If this option is set, it overrides
3924.Fl x
3925in
3926.Va watchdogd_flags .
3927.It Va devfs_rulesets
3928.Pq Vt str
3929List of files containing sets of rules for
3930.Xr devfs 8 .
3931.It Va devfs_system_ruleset
3932.Pq Vt str
3933Rule name(s) to apply to the system
3934.Pa /dev
3935itself.
3936.It Va devfs_set_rulesets
3937.Pq Vt str
3938Pairs of already-mounted
3939.Pa dev
3940directories and rulesets that should be applied to them.
3941For example: /mount/dev=ruleset_name
3942.It Va devfs_load_rulesets
3943.Pq Vt bool
3944If set, always load the default rulesets listed in
3945.Va devfs_rulesets .
3946.It Va performance_cx_lowest
3947.Pq Vt str
3948CPU idle state to use while on AC power.
3949The string
3950.Dq Li LOW
3951indicates that
3952.Xr acpi 4
3953should use the lowest power state available while
3954.Dq Li HIGH
3955indicates that the lowest latency state (less power savings) should be used.
3956.It Va performance_cpu_freq
3957.Pq Vt str
3958CPU clock frequency to use while on AC power.
3959The string
3960.Dq Li LOW
3961indicates that
3962.Xr cpufreq 4
3963should use the lowest frequency available while
3964.Dq Li HIGH
3965indicates that the highest frequency (less power savings) should be used.
3966.It Va economy_cx_lowest
3967.Pq Vt str
3968CPU idle state to use when off AC power.
3969The string
3970.Dq Li LOW
3971indicates that
3972.Xr acpi 4
3973should use the lowest power state available while
3974.Dq Li HIGH
3975indicates that the lowest latency state (less power savings) should be used.
3976.It Va economy_cpu_freq
3977.Pq Vt str
3978CPU clock frequency to use when off AC power.
3979The string
3980.Dq Li LOW
3981indicates that
3982.Xr cpufreq 4
3983should use the lowest frequency available while
3984.Dq Li HIGH
3985indicates that the highest frequency (less power savings) should be used.
3986.It Va jail_enable
3987.Pq Vt bool
3988If set to
3989.Dq Li NO ,
3990any configured jails will not be started.
3991.It Va jail_conf
3992.Pq Vt str
3993The configuration filename used by
3994.Xr jail 8
3995utility.
3996The default value is
3997.Pa /etc/jail.conf .
3998.Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf
3999and
4000.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf
4001will also be used if
4002.Ao Va jname Ac
4003is set in
4004.Va jail_list .
4005.It Va jail_parallel_start
4006.Pq Vt bool
4007If set to
4008.Dq Li YES ,
4009all configured jails will be started in the background (in parallel).
4010.It Va jail_flags
4011.Pq Vt str
4012Unset by default.
4013When set, use as default value for
4014.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
4015for every jail in
4016.Va jail_list .
4017.It Va jail_list
4018.Pq Vt str
4019A space-delimited list of jail names.
4020When left empty, all of the
4021.Xr jail 8
4022instances defined in the configuration file are started.
4023The names specified in this list control the jail startup order.
4024.Xr jail 8
4025instances missing from
4026.Va jail_list
4027must be started manually.
4028Note that a jail's
4029.Va depend
4030parameter in the configuration file may override this list.
4031.It Va jail_reverse_stop
4032.Pq Vt bool
4033When set to
4034.Dq Li YES ,
4035all configured jails in
4036.Va jail_list
4037are stopped in reverse order.
4038.It Va jail_ Ns * variables
4039Note that older releases supported per-jail configuration via
4040.Nm
4041variables.
4042For example,
4043hostname of a jail named
4044.Li vjail
4045was able to be set by
4046.Li jail_vjail_hostname .
4047These per-jail configuration variables are now obsolete in favor of
4048.Xr jail 8
4049configuration file.
4050For backward compatibility,
4051when per-jail configuration variables are defined,
4052.Xr jail 8
4053configuration files are created as
4054.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf
4055and used.
4056.Pp
4057The following per-jail parameters are handled by
4058.Pa rc.d/jail
4059script out of their corresponding
4060.Nm
4061variables.
4062In addition to them, parameters in
4063.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
4064will be added to the configuration file.
4065They must be a semi-colon
4066.Pq Ql \&;
4067delimited list of
4068.Dq key=value .
4069For more details,
4070see
4071.Xr jail 8
4072manual page.
4073.Bl  -tag -width "host.hostname" -offset indent
4074.It Li path
4075set from
4076.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
4077.It Li host.hostname
4078set from
4079.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
4080.It Li exec.consolelog
4081set from
4082.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
4083The default value is
4084.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log .
4085.It Li interface
4086set from
4087.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
4088.It Li vnet.interface
4089set from
4090.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
4091This implies
4092.Li vnet
4093parameter will be enabled and cannot be specified with
4094.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
4095.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4096and/or
4097.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4098at the same time.
4099.It Li fstab
4100set from
4101.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
4102.It Li mount
4103set from
4104.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
4105.It Li exec.fib
4106set from
4107.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
4108.It Li exec.start
4109set from
4110.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
4111The parameter name was
4112.Li command
4113in some older releases.
4114.It Li exec.prestart
4115set from
4116.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
4117.It Li exec.poststart
4118set from
4119.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
4120.It Li exec.stop
4121set from
4122.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4123.It Li exec.prestop
4124set from
4125.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
4126.It Li exec.poststop
4127set from
4128.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
4129.It Li ip4.addr
4130set if
4131.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4132or
4133.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4134contain IPv4 addresses
4135.It Li ip6.addr
4136set if
4137.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4138or
4139.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4140contain IPv6 addresses
4141.It Li allow.mount
4142set from
4143.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4144.It Li mount.devfs
4145set from
4146.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4147.It Li devfs_ruleset
4148set from
4149.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4150This must be an integer,
4151not a string.
4152.It Li mount.fdescfs
4153set from
4154.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4155.It Li allow.set_hostname
4156set from
4157.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4158.It Li allow.rawsocket
4159set from
4160.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4161.It Li allow.sysvipc
4162set from
4163.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4164.El
4165.\" -----------------------------------------------------
4166.It Va harvest_mask
4167.Pq Vt int
4168Set to a bit-mask
4169representing the entropy sources
4170you wish to harvest.
4171Refer to
4172.Xr random 4
4173for more information.
4174.It Va entropy_dir
4175.Pq Vt str
4176Set to
4177.Dq Li NO
4178to disable caching entropy via
4179.Xr cron 8 .
4180Otherwise set to the directory
4181in which the entropy files are stored.
4182To be useful,
4183there must be
4184a system cron job
4185that regularly writes and rotates
4186files here.
4187All files found
4188will be used at boot time.
4189The default is
4190.Pa /var/db/entropy .
4191.It Va entropy_file
4192.Pq Vt str
4193Set to
4194.Dq Li NO
4195to disable caching entropy through reboots.
4196Otherwise set to the name
4197of a file used to store cached entropy.
4198This file should be located
4199on a file system that is readable
4200before all the volumes specified in
4201.Xr fstab 5
4202are mounted.
4203By default,
4204.Pa /entropy
4205is used,
4206but if
4207.Pa /var/db/entropy-file
4208is found it will also be used.
4209This will be of some use to
4210.Xr bsdinstall 8 .
4211.It Va entropy_boot_file
4212.Pq Vt str
4213Set to
4214.Dq Li NO
4215to disable
4216very early caching entropy
4217through reboots.
4218Otherwise set to the filename
4219used to read
4220very early reboot cached entropy.
4221This file should be located where
4222.Xr loader 8
4223can read it.
4224See also
4225.Xr loader.conf 5 .
4226The default location is
4227.Pa /boot/entropy .
4228.It Va entropy_save_sz
4229.Pq Vt int
4230Size of the entropy cache files saved by
4231.Nm save-entropy
4232periodically.
4233.It Va entropy_save_num
4234.Pq Vt int
4235Number of entropy cache files to save by
4236.Nm save-entropy
4237periodically.
4238.It Va ipsec_enable
4239.Pq Vt bool
4240Set to
4241.Dq Li YES
4242to run
4243.Xr setkey 8
4244on
4245.Va ipsec_file
4246at boot time.
4247.It Va ipsec_file
4248.Pq Vt str
4249Configuration file for
4250.Xr setkey 8 .
4251.It Va dmesg_enable
4252.Pq Vt bool
4253Set to
4254.Dq Li YES
4255to save
4256.Xr dmesg 8
4257to
4258.Pa /var/run/dmesg.boot
4259on boot.
4260.It Va rcshutdown_timeout
4261.Pq Vt int
4262If set, start a watchdog timer in the background which will terminate
4263.Pa rc.shutdown
4264if
4265.Xr shutdown 8
4266has not completed within the specified time (in seconds).
4267Notice that in addition to this soft timeout,
4268.Xr init 8
4269also applies a hard timeout for the execution of
4270.Pa rc.shutdown .
4271This is configured via
4272.Xr sysctl 8
4273variable
4274.Va kern.init_shutdown_timeout
4275and defaults to 120 seconds.
4276Setting the value of
4277.Va rcshutdown_timeout
4278to more than 120 seconds will have no effect until the
4279.Xr sysctl 8
4280variable
4281.Va kern.init_shutdown_timeout
4282is also increased.
4283.It Va virecover_enable
4284.Pq Vt bool
4285Set to
4286.Dq Li NO
4287to prevent the system from trying to
4288recover prematurely terminated
4289.Xr vi 1
4290sessions.
4291.It Va ugidfw_enable
4292.Pq Vt bool
4293Set to
4294.Dq Li YES
4295to load the
4296.Xr mac_bsdextended 4
4297module upon system initialization and load a default
4298ruleset file.
4299.It Va bsdextended_script
4300.Pq Vt str
4301The default
4302.Xr mac_bsdextended 4
4303ruleset file to load.
4304The default value of this variable is
4305.Pa /etc/rc.bsdextended .
4306.It Va newsyslog_enable
4307.Pq Vt bool
4308If set to
4309.Dq Li YES ,
4310run
4311.Xr newsyslog 8
4312command at startup.
4313.It Va newsyslog_flags
4314.Pq Vt str
4315If
4316.Va newsyslog_enable
4317is set to
4318.Dq Li YES ,
4319these are the flags to pass to the
4320.Xr newsyslog 8
4321program.
4322The default is
4323.Dq Li -CN ,
4324which causes log files flagged with a
4325.Cm C
4326to be created.
4327.It Va mdconfig_md Ns Aq Ar X
4328.Pq Vt str
4329Arguments to
4330.Xr mdconfig 8
4331for
4332.Xr md 4
4333device
4334.Ar X .
4335At minimum a
4336.Fl t Ar type
4337must be specified and either a
4338.Fl s Ar size
4339for malloc or swap backed
4340.Xr md 4
4341devices or a
4342.Fl f Ar file
4343for vnode backed
4344.Xr md 4
4345devices.
4346Note that
4347.Va mdconfig_md Ns Aq Ar X
4348variables are evaluated until one variable is unset or null.
4349.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4350.Pq Vt str
4351Optional arguments passed to
4352.Xr newfs 8
4353to initialize
4354.Xr md 4
4355device
4356.Ar X .
4357.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4358.Pq Vt str
4359An ownership specification passed to
4360.Xr chown 8
4361after the specified
4362.Xr md 4
4363device
4364.Ar X
4365has been mounted.
4366Both the
4367.Xr md 4
4368device and the mount point will be changed.
4369.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4370.Pq Vt str
4371A mode string passed to
4372.Xr chmod 1
4373after the specified
4374.Xr md 4
4375device
4376.Ar X
4377has been mounted.
4378Both the
4379.Xr md 4
4380device and the mount point will be changed.
4381.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4382.Pq Vt str
4383Files to be copied to the mount point of the
4384.Xr md 4
4385device
4386.Ar X
4387after it has been mounted.
4388.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4389.Pq Vt str
4390Command to execute after the specified
4391.Xr md 4
4392device
4393.Ar X
4394has been mounted.
4395Note that the command is passed to
4396.Ic eval
4397and that both
4398.Va _dev
4399and
4400.Va _mp
4401variables can be used to reference respectively the
4402.Xr md 4
4403device and the mount point.
4404Assuming that the
4405.Xr md 4
4406device is
4407.Li md0 ,
4408one could set the following:
4409.Bd -literal
4410mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4411.Ed
4412.It Va autobridge_interfaces
4413.Pq Vt str
4414Set to the list of bridge interfaces that will have newly arriving interfaces
4415checked against to be automatically added.
4416If not set to
4417.Dq Li NO
4418then for each whitespace separated
4419.Ar element
4420in the value, a
4421.Va autobridge_ Ns Aq Ar element
4422variable is assumed to exist which has a whitespace separated list of interface
4423names to match, these names can use wildcards.
4424For example:
4425.Bd -literal
4426autobridge_interfaces="bridge0"
4427autobridge_bridge0="tap* dc0 vlan[345]"
4428.Ed
4429.It Va mixer_enable
4430.Pq Vt bool
4431If set to
4432.Dq Li YES ,
4433enable support for sound mixer.
4434.It Va hcsecd_enable
4435.Pq Vt bool
4436If set to
4437.Dq Li YES ,
4438enable Bluetooth security daemon.
4439.It Va hcsecd_config
4440.Pq Vt str
4441Configuration file for
4442.Xr hcsecd 8 .
4443Default
4444.Pa /etc/bluetooth/hcsecd.conf .
4445.It Va sdpd_enable
4446.Pq Vt bool
4447If set to
4448.Dq Li YES ,
4449enable Bluetooth Service Discovery Protocol daemon.
4450.It Va sdpd_control
4451.Pq Vt str
4452Path to
4453.Xr sdpd 8
4454control socket.
4455Default
4456.Pa /var/run/sdp .
4457.It Va sdpd_groupname
4458.Pq Vt str
4459Sets
4460.Xr sdpd 8
4461group to run as after it initializes.
4462Default
4463.Dq Li nobody .
4464.It Va sdpd_username
4465.Pq Vt str
4466Sets
4467.Xr sdpd 8
4468user to run as after it initializes.
4469Default
4470.Dq Li nobody .
4471.It Va bthidd_enable
4472.Pq Vt bool
4473If set to
4474.Dq Li YES ,
4475enable Bluetooth Human Interface Device daemon.
4476.It Va bthidd_config
4477.Pq Vt str
4478Configuration file for
4479.Xr bthidd 8 .
4480Default
4481.Pa /etc/bluetooth/bthidd.conf .
4482.It Va bthidd_hids
4483.Pq Vt str
4484Path to a file, where
4485.Xr bthidd 8
4486will store information about known HID devices.
4487Default
4488.Pa /var/db/bthidd.hids .
4489.It Va rfcomm_pppd_server_enable
4490.Pq Vt bool
4491If set to
4492.Dq Li YES ,
4493enable Bluetooth RFCOMM PPP wrapper daemon.
4494.It Va rfcomm_pppd_server_profile
4495.Pq Vt str
4496The name of the profile to use from
4497.Pa /etc/ppp/ppp.conf .
4498Multiple profiles can be specified here.
4499Also used to specify per-profile overrides.
4500When the profile name contains any of the characters
4501.Dq Li .-/+
4502they are translated to
4503.Dq Li _
4504for the proposes of the override variable names.
4505.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4506.Pq Vt str
4507Overrides local address to listen on.
4508By default
4509.Xr rfcomm_pppd 8
4510will listen on
4511.Dq Li ANY
4512address.
4513The address can be specified as BD_ADDR or name.
4514.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4515.Pq Vt str
4516Overrides local RFCOMM channel to listen on.
4517By default
4518.Xr rfcomm_pppd 8
4519will listen on RFCOMM channel 1.
4520Must set properly if multiple profiles used in the same time.
4521.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4522.Pq Vt bool
4523Tells
4524.Xr rfcomm_pppd 8
4525if it should register Serial Port service on the specified RFCOMM channel.
4526Default
4527.Dq Li NO .
4528.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4529.Pq Vt bool
4530Tells
4531.Xr rfcomm_pppd 8
4532if it should register Dial-Up Networking service on the specified
4533RFCOMM channel.
4534Default
4535.Dq Li NO .
4536.It Va ubthidhci_enable
4537.Pq Vt bool
4538If set to
4539.Dq Li YES ,
4540change the USB Bluetooth controller from HID mode to HCI mode.
4541You also need to specify the location of USB Bluetooth controller with the
4542.Va ubthidhci_busnum
4543and
4544.Va ubthidhci_addr
4545variables.
4546.It Va ubthidhci_busnum
4547Bus number where the USB Bluetooth controller is located.
4548Check the output of
4549.Xr usbconfig 8
4550on your system to find this information.
4551.It Va ubthidhci_addr
4552Bus address of the USB Bluetooth controller.
4553Check the output of
4554.Xr usbconfig 8
4555on your system to find this information.
4556.It Va utx_enable
4557.Pq Vt bool
4558Set to
4559.Dq Li YES
4560to enable user accounting through the
4561.Xr utx 8
4562facility.
4563.It Va netwait_enable
4564.Pq Vt bool
4565If set to
4566.Dq Li YES ,
4567delays the start of network-reliant services until
4568.Va netwait_if
4569is up and ICMP packets to a destination defined in
4570.Va netwait_ip
4571are flowing.
4572Link state is examined first, followed by
4573.Dq Li pinging
4574an IP address to verify network usability.
4575If no destination can be reached or timeouts are exceeded,
4576network services are started anyway with no guarantee that
4577the network is usable.
4578Use of this variable requires both
4579.Va netwait_ip
4580and
4581.Va netwait_if
4582to be set.
4583.It Va netwait_ip
4584.Pq Vt str
4585Empty by default.
4586This variable contains a space-delimited list of IP addresses to
4587.Xr ping 8 .
4588DNS hostnames should not be used as resolution is not guaranteed
4589to be functional at this point.
4590If multiple IP addresses are specified,
4591each will be tried until one is successful or the list is exhausted.
4592.It Va netwait_timeout
4593.Pq Vt int
4594Indicates the total number of seconds to perform a
4595.Dq Li ping
4596against each IP address in
4597.Va netwait_ip ,
4598at a rate of one ping per second.
4599If any of the pings are successful,
4600full network connectivity is considered reliable.
4601The default is 60.
4602.It Va netwait_if
4603.Pq Vt str
4604Empty by default.
4605Defines the name of the network interface on which watch for link.
4606.Xr ifconfig 8
4607is used to monitor the interface, looking for
4608.Dq Li status: no carrier .
4609Once gone, the link is considered up.
4610This can be a
4611.Xr vlan 4
4612interface if desired.
4613.It Va netwait_if_timeout
4614.Pq Vt int
4615Defines the total number of seconds to wait for link to become usable,
4616polled at a 1-second interval.
4617The default is 30.
4618.It Va rctl_enable
4619.Pq Vt bool
4620If set to
4621.Dq Li YES ,
4622load
4623.Xr rctl 8
4624rules from the defined ruleset.
4625The kernel must be built with
4626.Cd "options RACCT"
4627and
4628.Cd "options RCTL" .
4629.It Va rctl_rules
4630.Pq Vt str
4631Set to
4632.Pa /etc/rctl.conf
4633by default.
4634This variables contains the
4635.Xr rctl.conf 5
4636ruleset to load for
4637.Xr rctl 8 .
4638.It Va iovctl_files
4639.Pq Vt str
4640A space-separated list of configuration files used by
4641.Xr iovctl 8 .
4642The default value is an empty string.
4643.It Va autofs_enable
4644.Pq Vt bool
4645If set to
4646.Dq Li YES ,
4647start the
4648.Xr automount 8
4649utility and the
4650.Xr automountd 8
4651and
4652.Xr autounmountd 8
4653daemons at boot time.
4654.It Va automount_flags
4655.Pq Vt str
4656If
4657.Va autofs_enable
4658is set to
4659.Dq Li YES ,
4660these are the flags to pass to the
4661.Xr automount 8
4662program.
4663By default no flags are passed.
4664.It Va automountd_flags
4665.Pq Vt str
4666If
4667.Va autofs_enable
4668is set to
4669.Dq Li YES ,
4670these are the flags to pass to the
4671.Xr automountd 8
4672daemon.
4673By default no flags are passed.
4674.It Va autounmountd_flags
4675.Pq Vt str
4676If
4677.Va autofs_enable
4678is set to
4679.Dq Li YES ,
4680these are the flags to pass to the
4681.Xr autounmountd 8
4682daemon.
4683By default no flags are passed.
4684.It Va ctld_enable
4685.Pq Vt bool
4686If set to
4687.Dq Li YES ,
4688start the
4689.Xr ctld 8
4690daemon at boot time.
4691.It Va iscsid_enable
4692.Pq Vt bool
4693If set to
4694.Dq Li YES ,
4695start the
4696.Xr iscsid 8
4697daemon at boot time.
4698.It Va iscsictl_enable
4699.Pq Vt bool
4700If set to
4701.Dq Li YES ,
4702start the
4703.Xr iscsictl 8
4704utility at boot time.
4705.It Va iscsictl_flags
4706.Pq Vt str
4707If
4708.Va iscsictl_enable
4709is set to
4710.Dq Li YES ,
4711these are the flags to pass to the
4712.Xr iscsictl 8
4713program.
4714The default is
4715.Dq Li -Aa ,
4716which configures sessions based on the
4717.Pa /etc/iscsi.conf
4718configuration file.
4719.It Va cfumass_enable
4720.Pq Vt bool
4721If set to
4722.Dq Li YES ,
4723create and export an USB LUN using
4724.Xr cfumass 4
4725at boot time.
4726.It Va cfumass_dir
4727.Pq Vt str
4728The directory where the files exported by USB LUN are located.
4729The default directory is
4730.Pa /var/cfumass .
4731.It Va service_delete_empty
4732.Pq Vt bool
4733If set to
4734.Dq Li YES ,
4735.Ql Li service delete
4736removes empty
4737.Dq Li rc.conf.d
4738files.
4739.It Va zfs_bootonce_activate
4740.Pq Vt bool
4741If set to
4742.Dq Li YES ,
4743and a boot environment marked bootonce is successfully booted,
4744it will be made permanently active.
4745.It Va zfskeys_enable
4746.Pq Vt bool
4747If set to
4748.Dq Li YES ,
4749enable auto-loading of encryption keys for encrypted ZFS datasets.
4750For every dataset the script will first load the appropriate encryption key
4751and then attempt to unlock the dataset.
4752.Pp
4753The script operates only on datasets which are encrypted with
4754ZFS native encryption
4755and have a ZFS
4756.Dq Li keylocation
4757dataset property beginning with
4758.Dq Li file:// .
4759.It Va zfskeys_datasets
4760.Pq Vt str
4761A whitespace-separated list of ZFS datasets to unlock.
4762The list is empty by default,
4763which means that the script will attempt to unlock all datasets.
4764.It Va zfskeys_timeout
4765.Pq Vt int
4766Define the total number of seconds to wait for the zfskeys script
4767to unlock an encrypted dataset.
4768The default is 10.
4769.It Va sendmail_enable
4770.Pq Vt str
4771If set to
4772.Dq Li YES ,
4773run the
4774.Xr sendmail 8
4775daemon at system boot time.
4776If set to
4777.Dq Li NO ,
4778do not run a
4779.Xr sendmail 8
4780daemon to listen for incoming network mail.
4781This does not preclude a
4782.Xr sendmail 8
4783daemon listening on the SMTP port of the loopback interface.
4784The
4785.Dq Li NONE
4786option sets each
4787.Va sendmail_enable ,
4788.Va sendmail_submit_enable ,
4789.Va sendmail_outbound_enable ,
4790.Va sendmail_msp_queue_enable
4791to
4792.Dq Li NO .
4793.It Va sendmail_cert_create
4794.Pq Vt str
4795If
4796.Va sendmail_enable
4797is set to
4798.Dq Li YES ,
4799create a signed certificate
4800.Pa /etc/mail/certs/host.cert
4801representing
4802.Pa /etc/mail/certs/host.key
4803by the CA certificate in
4804.Pa /etc/mail/certs/cacert.pem .
4805This will enable connecting hosts to negotiate STARTTLS allowing incoming
4806email to be encrypted in transit.
4807.Xr sendmail 8
4808needs to be configured to use these generated files.
4809The default configuration in
4810.Pa /etc/mail/freebsd.mc
4811has the required options in it.
4812.It Va sendmail_cert_cn
4813.Pq Vt str
4814If
4815.Va sendmail_enable
4816is set to
4817.Dq Li YES
4818and
4819.Va sendmail_cert_create
4820is set to
4821.Dq Li YES ,
4822this is the Common Name (CN) of the certificate that will be created.
4823If
4824.Va sendmail_cert_cn
4825is not set, the system's hostname will be used.
4826If there is no hostname set,
4827.Dq Li amnesiac
4828will be used.
4829.It Va sendmail_flags
4830.Pq Vt str
4831If
4832.Va sendmail_enable
4833is set to
4834.Dq Li YES ,
4835these are the flags to pass to the
4836.Xr sendmail 8
4837daemon.
4838.It Va sendmail_submit_enable
4839.Pq Vt bool
4840If set to
4841.Dq Li YES
4842and
4843.Va sendmail_enable
4844is set to
4845.Dq Li NO ,
4846run
4847.Xr sendmail 8
4848using
4849.Va sendmail_submit_flags
4850instead of
4851.Va sendmail_flags .
4852This is intended to allow local mail submission via
4853a localhost-only listening SMTP service required for running
4854.Xr sendmail 8
4855as a non-set-user-ID binary.
4856Note that this does not work inside
4857.Xr jail 2
4858systems, as jails do not allow binding to just the localhost interface.
4859.It Va sendmail_submit_flags
4860.Pq Vt str
4861If
4862.Va sendmail_enable
4863is set to
4864.Dq Li NO
4865and
4866.Va sendmail_submit_enable
4867is set to
4868.Dq Li YES ,
4869these are the flags to pass to the
4870.Xr sendmail 8
4871daemon.
4872.It Va sendmail_outbound_enable
4873.Pq Vt bool
4874If set to
4875.Dq Li YES
4876and both
4877.Va sendmail_enable
4878and
4879.Va sendmail_submit_enable
4880are set to
4881.Dq Li NO ,
4882run
4883.Xr sendmail 8
4884using
4885.Va sendmail_outbound_flags
4886instead of
4887.Va sendmail_flags .
4888This is intended to allow local mail queue management
4889for systems that do not offer a listening SMTP service.
4890.It Va sendmail_outbound_flags
4891.Pq Vt str
4892If both
4893.Va sendmail_enable
4894and
4895.Va sendmail_submit_enable
4896are set to
4897.Dq Li NO
4898and
4899.Va sendmail_outbound_enable
4900is set to
4901.Dq Li YES ,
4902these are the flags to pass to the
4903.Xr sendmail 8
4904daemon.
4905.It Va sendmail_msp_queue_enable
4906.Pq Vt bool
4907If set to
4908.Dq Li YES ,
4909start a client (MSP) queue runner
4910.Xr sendmail 8
4911daemon at system boot time.
4912As of sendmail 8.12, a separate queue is used for command line
4913submissions.
4914The client queue runner ensures that nothing is
4915left behind in the submission queue.
4916.It Va sendmail_msp_queue_flags
4917.Pq Vt str
4918If
4919.Va sendmail_msp_queue_enable
4920is set to
4921daemon.
4922.Dq Li YES ,
4923these are the flags to pass to the
4924.Xr sendmail 8
4925.El
4926.Sh FILES
4927.Bl -tag -width "/etc/defaults/rc.conf" -compact
4928.It Pa /etc/defaults/rc.conf
4929.It Pa /etc/defaults/vendor.conf
4930.It Pa /etc/rc.conf
4931.It Pa /etc/rc.conf.local
4932.It Pa /etc/rc.conf.d/
4933.El
4934.Sh SEE ALSO
4935.Xr chmod 1 ,
4936.Xr cpuset 1 ,
4937.Xr gdb 1 Pq Pa ports/devel/gdb ,
4938.Xr kbdcontrol 1 ,
4939.Xr limits 1 ,
4940.Xr protect 1 ,
4941.Xr sh 1 ,
4942.Xr umask 1 ,
4943.Xr uuidgen 1 ,
4944.Xr vi 1 ,
4945.Xr vidcontrol 1 ,
4946.Xr bridge 4 ,
4947.Xr dummynet 4 ,
4948.Xr ip 4 ,
4949.Xr ipf 4 ,
4950.Xr ipfw 4 ,
4951.Xr ipnat 4 ,
4952.Xr kld 4 ,
4953.Xr pf 4 ,
4954.Xr pflog 4 ,
4955.Xr pfsync 4 ,
4956.Xr tcp 4 ,
4957.Xr udp 4 ,
4958.Xr exports 5 ,
4959.Xr fstab 5 ,
4960.Xr ipf 5 ,
4961.Xr ipnat 5 ,
4962.Xr jail.conf 5 ,
4963.Xr loader.conf 5 ,
4964.Xr login.conf 5 ,
4965.Xr motd 5 ,
4966.Xr newsyslog.conf 5 ,
4967.Xr pf.conf 5 ,
4968.Xr firewall 7 ,
4969.Xr growfs 7 ,
4970.Xr security 7 ,
4971.Xr tuning 7 ,
4972.Xr accton 8 ,
4973.Xr apm 8 ,
4974.Xr bsdinstall 8 ,
4975.Xr bthidd 8 ,
4976.Xr chkprintcap 8 ,
4977.Xr chown 8 ,
4978.Xr cron 8 ,
4979.Xr devfs 8 ,
4980.Xr dhclient 8 ,
4981.Xr ftpd 8 ,
4982.Xr geli 8 ,
4983.Xr hcsecd 8 ,
4984.Xr ifconfig 8 ,
4985.Xr inetd 8 ,
4986.Xr iovctl 8 ,
4987.Xr ipf 8 ,
4988.Xr ipfw 8 ,
4989.Xr ipnat 8 ,
4990.Xr jail 8 ,
4991.Xr kldxref 8 ,
4992.Xr loader 8 ,
4993.Xr lpd 8 ,
4994.Xr makewhatis 8 ,
4995.Xr mdconfig 8 ,
4996.Xr mdmfs 8 ,
4997.Xr mixer 8 ,
4998.Xr mountd 8 ,
4999.Xr moused 8 ,
5000.Xr newfs 8 ,
5001.Xr newsyslog 8 ,
5002.Xr nfsd 8 ,
5003.Xr ntpd 8 ,
5004.Xr ntpdate 8 ,
5005.Xr pfctl 8 ,
5006.Xr pflogd 8 ,
5007.Xr ping 8 ,
5008.Xr powerd 8 ,
5009.Xr quotacheck 8 ,
5010.Xr quotaon 8 ,
5011.Xr rc 8 ,
5012.Xr rc.subr 8 ,
5013.Xr rcorder 8 ,
5014.Xr rfcomm_pppd 8 ,
5015.Xr route 8 ,
5016.Xr route6d 8 ,
5017.Xr routed 8 ,
5018.Xr rpc.lockd 8 ,
5019.Xr rpc.statd 8 ,
5020.Xr rpc.tlsclntd 8 ,
5021.Xr rpc.tlsservd 8 ,
5022.Xr rpcbind 8 ,
5023.Xr rwhod 8 ,
5024.Xr savecore 8 ,
5025.Xr sdpd 8 ,
5026.Xr sendmail 8 ,
5027.Xr service 8 ,
5028.Xr sshd 8 ,
5029.Xr swapon 8 ,
5030.Xr sysctl 8 ,
5031.Xr syslogd 8 ,
5032.Xr sysrc 8 ,
5033.Xr unbound 8 ,
5034.Xr usbconfig 8 ,
5035.Xr utx 8 ,
5036.Xr wlandebug 8 ,
5037.Xr yp 8 ,
5038.Xr ypbind 8 ,
5039.Xr ypserv 8 ,
5040.Xr ypset 8
5041.Sh HISTORY
5042The
5043.Nm
5044file appeared in
5045.Fx 2.2.2 .
5046.Sh AUTHORS
5047.An Jordan K. Hubbard .
5048