1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd July 7, 2022 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail-specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/etc/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _fib 196.Pq Vt int 197The 198.Xr setfib 1 199value to run the service under. 200.It Ao Ar name Ac Ns Va _group 201.Pq Vt str 202Run the chrooted service under this system group. 203Unlike the 204.Ao Ar name Ac Ns Va _user 205setting, this setting has no effect if the service is not chrooted. 206.It Ao Ar name Ac Ns Va _limits 207.Pq Vt str 208Resource limits to apply to the service using 209.Xr limits 1 . 210By default, resource limits are based on the login class defined in 211.Ao Ar name Ac Ns Va _login_class . 212.It Ao Ar name Ac Ns Va _login_class 213.Pq Vt str 214Login class to be used with 215.Ao Ar name Ac Ns Va _limits . 216Defaults to 217.Dq Li daemon . 218.It Ao Ar name Ac Ns Va _nice 219.Pq Vt int 220The 221.Xr nice 1 222value to run the service under. 223.It Ao Ar name Ac Ns Va _oomprotect 224.Pq Vt str 225Use 226.Xr protect 1 227to prevent the service from being killed when swap space 228is exhausted. 229Use 230.Dq Li YES 231to protect only the service itself, and 232.Dq Li ALL 233to protect the service and all its child processes. 234.Pp 235Please note that rc scripts which redefine 236.Dl ${argument}_cmd 237.Pq see Xr rc.subr 8 238such as PostgreSQL will not inherit the OOM killer protection. 239.Pp 240This variable has no effect on services running within a 241.Xr jail 8 . 242.It Ao Ar name Ac Ns Va _user 243.Pq Vt str 244Run the service under this user account. 245.It Va apm_enable 246.Pq Vt bool 247If set to 248.Dq Li YES , 249enable support for Automatic Power Management with 250the 251.Xr apm 8 252command. 253.It Va apmd_enable 254.Pq Vt bool 255Run 256.Xr apmd 8 257to handle APM event from userland. 258This also enables support for APM. 259.It Va apmd_flags 260.Pq Vt str 261If 262.Va apmd_enable 263is set to 264.Dq Li YES , 265these are the flags to pass to the 266.Xr apmd 8 267daemon. 268.It Va devd_enable 269.Pq Vt bool 270Run 271.Xr devd 8 272to handle device added, removed or unknown events from the kernel. 273.It Va ddb_enable 274.Pq Vt bool 275Run 276.Xr ddb 8 277to install 278.Xr ddb 4 279scripts at boot time. 280.It Va ddb_config 281.Pq Vt str 282Configuration file for 283.Xr ddb 8 . 284Default 285.Pa /etc/ddb.conf . 286.It Va devmatch_enable 287.Pq Vt bool 288If set to 289.Dq Li NO , 290disable auto-loading of kernel modules with 291.Xr devmatch 8 . 292.It Va devmatch_blocklist 293.Pq Vt str 294A whitespace-separated list of kernel modules to be ignored by 295.Xr devmatch 8 . 296In addition, the 297.Xr kenv 1 298.Va devmatch_blocklist 299is appended to this variable to allow disabling of 300.Xr devmatch 8 301loaded modules from the boot loader. 302.It Va devmatch_blacklist 303.Pq Vt str 304This variable is deprecated. 305Use 306.Va devmatch_blocklist 307instead. 308A whitespace-separated list of kernel modules to be ignored by 309.Xr devmatch 8 . 310.It Va kld_list 311.Pq Vt str 312A whitespace-separated list of kernel modules to load right after 313the local disks are mounted, without any 314.Pa .ko 315extension or path. 316Loading modules at this point in the boot process is 317much faster than doing it via 318.Pa /boot/loader.conf 319for those modules not necessary for mounting local disks. 320.It Va kldxref_enable 321.Pq Vt bool 322Set to 323.Dq Li NO 324by default. 325Set to 326.Dq Li YES 327to automatically rebuild 328.Pa linker.hints 329files with 330.Xr kldxref 8 331at boot time. 332.It Va kldxref_clobber 333.Pq Vt bool 334Set to 335.Dq Li NO 336by default. 337If 338.Va kldxref_enable 339is true, 340setting to 341.Dq Li YES 342will overwrite existing 343.Pa linker.hints 344files at boot time. 345Otherwise, 346only missing 347.Pa linker.hints 348files are generated. 349.It Va kldxref_module_path 350.Pq Vt str 351Empty by default. 352A semi-colon 353.Pq Ql \&; 354delimited list of paths containing 355.Xr kld 4 356modules. 357If empty, 358the contents of the 359.Va kern.module_path 360.Xr sysctl 8 361are used. 362.It Va powerd_enable 363.Pq Vt bool 364If set to 365.Dq Li YES , 366enable the system power control facility with the 367.Xr powerd 8 368daemon. 369.It Va powerd_flags 370.Pq Vt str 371If 372.Va powerd_enable 373is set to 374.Dq Li YES , 375these are the flags to pass to the 376.Xr powerd 8 377daemon. 378.It Va tmpmfs 379Controls the creation of a 380.Pa /tmp 381memory file system. 382Always happens if set to 383.Dq Li YES 384and never happens if set to 385.Dq Li NO . 386If set to anything else, a memory file system is created if 387.Pa /tmp 388is not writable. 389.It Va tmpsize 390Controls the size of a created 391.Pa /tmp 392memory file system. 393.It Va tmpmfs_flags 394Extra options passed to the 395.Xr mdmfs 8 396utility when the memory file system for 397.Pa /tmp 398is created. 399The default is 400.Dq Li "-S" , 401which inhibits the use of softupdates on 402.Pa /tmp 403so that file system space is freed without delay 404after file truncation or deletion. 405See 406.Xr mdmfs 8 407for other options you can use in 408.Va tmpmfs_flags . 409.It Va varmfs 410Controls the creation of a 411.Pa /var 412memory file system. 413Always happens if set to 414.Dq Li YES 415and never happens if set to 416.Dq Li NO . 417If set to anything else, a memory file system is created if 418.Pa /var 419is not writable. 420.It Va varsize 421Controls the size of a created 422.Pa /var 423memory file system. 424.It Va varmfs_flags 425Extra options passed to the 426.Xr mdmfs 8 427utility when the memory file system for 428.Pa /var 429is created. 430The default is 431.Dq Li "-S" , 432which inhibits the use of softupdates on 433.Pa /var 434so that file system space is freed without delay 435after file truncation or deletion. 436See 437.Xr mdmfs 8 438for other options you can use in 439.Va varmfs_flags . 440.It Va populate_var 441Controls the automatic population of the 442.Pa /var 443file system. 444Always happens if set to 445.Dq Li YES 446and never happens if set to 447.Dq Li NO . 448If set to anything else, a memory file system is created if 449.Pa /var 450is not writable. 451Note that this process requires access to certain commands in 452.Pa /usr 453before 454.Pa /usr 455is mounted on normal systems. 456.It Va cleanvar_enable 457.Pq Vt bool 458Clean the 459.Pa /var 460directory. 461.It Va local_startup 462.Pq Vt str 463List of directories to search for startup script files. 464.It Va script_name_sep 465.Pq Vt str 466The field separator to use for breaking down the list of startup script files 467into individual filenames. 468The default is a space. 469It is not necessary to change this unless there are startup scripts with names 470containing spaces. 471.It Va hostapd_enable 472.Pq Vt bool 473Set to 474.Dq Li YES 475to start 476.Xr hostapd 8 477at system boot time. 478.It Va hostname 479.Pq Vt str 480The fully qualified domain name (FQDN) of this host on the network. 481This should almost certainly be set to something meaningful, even if 482there is no network connection. 483If 484.Xr dhclient 8 485is used to set the hostname via DHCP, 486this variable should be set to an empty string. 487Within a 488.Xr jail 8 489the hostname is generally already set and this variable may be absent. 490If this value remains unset when the system is done booting 491your console login will display the default hostname of 492.Dq Amnesiac . 493.It Va nisdomainname 494.Pq Vt str 495The NIS domain name of this host, or 496.Dq Li NO 497if NIS is not used. 498.It Va dhclient_program 499.Pq Vt str 500Path to the DHCP client program 501.Pa ( /sbin/dhclient , 502the 503.Ox 504DHCP client, 505is the default). 506.It Va dhclient_flags 507.Pq Vt str 508Additional flags to pass to the DHCP client program. 509For the 510.Ox 511DHCP client, see the 512.Xr dhclient 8 513manpage for a description of the command line options available. 514.It Va dhclient_flags_ Ns Aq Ar iface 515Additional flags to pass to the DHCP client program running on 516.Ar iface 517only. 518When specified, this variable overrides 519.Va dhclient_flags . 520.It Va background_dhclient 521.Pq Vt bool 522Set to 523.Dq Li YES 524to start the DHCP client in background. 525This can cause trouble with applications depending on 526a working network, but it will provide a faster startup 527in many cases. 528.It Va background_dhclient_ Ns Aq Ar iface 529When specified, this variable overrides the 530.Va background_dhclient 531variable for interface 532.Ar iface 533only. 534.It Va synchronous_dhclient 535.Pq Vt bool 536Set to 537.Dq Li YES 538to start 539.Xr dhclient 8 540synchronously at startup. 541This behavior can be overridden on a per-interface basis by replacing 542the 543.Dq Li DHCP 544keyword in the 545.Va ifconfig_ Ns Aq Ar interface 546variable with 547.Dq Li SYNCDHCP 548or 549.Dq Li NOSYNCDHCP . 550.It Va defaultroute_delay 551.Pq Vt int 552When set to a positive value, wait up to this long after configuring 553DHCP interfaces at startup to give the interfaces time to receive a lease. 554.It Va firewall_enable 555.Pq Vt bool 556Set to 557.Dq Li YES 558to load firewall rules at startup. 559If the kernel was not built with 560.Cd "options IPFIREWALL" , 561the 562.Pa ipfw.ko 563kernel module will be loaded. 564See also 565.Va ipfilter_enable . 566.It Va firewall_script 567.Pq Vt str 568This variable specifies the full path to the firewall script to run. 569The default is 570.Pa /etc/rc.firewall . 571.It Va firewall_type 572.Pq Vt str 573Names the firewall type from the selection in 574.Pa /etc/rc.firewall , 575or the file which contains the local firewall ruleset. 576Valid selections from 577.Pa /etc/rc.firewall 578are: 579.Pp 580.Bl -tag -width ".Li workstation" -compact 581.It Li open 582unrestricted IP access 583.It Li closed 584all IP services disabled, except via 585.Dq Li lo0 586.It Li client 587basic protection for a workstation 588.It Li workstation 589basic protection for a workstation using stateful firewalling 590.It Li simple 591basic protection for a LAN. 592.El 593.Pp 594If a filename is specified, the full path 595must be given. 596.Pp 597Most of the predefined rulesets define additional configuration variables. 598These are documented in 599.Pa /etc/rc.firewall . 600.It Va firewall_quiet 601.Pq Vt bool 602Set to 603.Dq Li YES 604to disable the display of firewall rules on the console during boot. 605.It Va firewall_logging 606.Pq Vt bool 607Set to 608.Dq Li YES 609to enable firewall event logging. 610This is equivalent to the 611.Dv IPFIREWALL_VERBOSE 612kernel option. 613.It Va firewall_logif 614.Pq Vt bool 615Set to 616.Dq Li YES 617to create pseudo interface 618.Li ipfw0 619for logging. 620For more details, see 621.Xr ipfw 8 622manual page. 623.It Va firewall_flags 624.Pq Vt str 625Flags passed to 626.Xr ipfw 8 627if 628.Va firewall_type 629specifies a filename. 630.It Va firewall_coscripts 631.Pq Vt str 632List of executables and/or rc scripts to run after firewall starts/stops. 633Default is empty. 634.\" ----- firewall_nat_enable setting -------------------------------- 635.It Va firewall_nat_enable 636.Pq Vt bool 637The 638.Xr ipfw 8 639equivalent of 640.Va natd_enable . 641Setting this to 642.Dq Li YES 643will automatically load the 644.Xr ipfw 8 645NAT kernel module if 646.Va firewall_enable 647is also set to 648.Dq Li YES . 649.It Va firewall_nat_interface 650.Pq Vt str 651The 652.Xr ipfw 8 653equivalent of 654.Va natd_interface . 655This is the name of the public interface or IP address on which 656kernel NAT should run. 657.It Va firewall_nat_flags 658.Pq Vt str 659Additional configuration parameters for kernel NAT should be placed here. 660.It Va firewall_nat64_enable 661.Pq Vt bool 662Setting this to 663.Dq Li YES 664will automatically load the 665.Xr ipfw 8 666NAT64 kernel module if 667.Va firewall_enable 668is also set to 669.Dq Li YES . 670.It Va firewall_nptv6_enable 671.Pq Vt bool 672Setting this to 673.Dq Li YES 674will automatically load the 675.Xr ipfw 8 676NPTv6 kernel module if 677.Va firewall_enable 678is also set to 679.Dq Li YES . 680.It Va firewall_pmod_enable 681.Pq Vt bool 682Setting this to 683.Dq Li YES 684will automatically load the 685.Xr ipfw 8 686pmod kernel module if 687.Va firewall_enable 688is also set to 689.Dq Li YES . 690.It Va dummynet_enable 691.Pq Vt bool 692Setting this to 693.Dq Li YES 694will automatically load the 695.Xr dummynet 4 696module if 697.Va firewall_enable 698is also set to 699.Dq Li YES . 700.\" ------------------------------------------------------------------- 701.It Va ipfw_netflow_enable 702.Pq Vt bool 703Setting this to 704.Dq Li YES 705will enable netflow logging via 706.Xr ng_netflow 4 707.Pp 708By default a ipfw rule is inserted and all packets are duplicated with 709the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 710port using protocol version 5. 711.It Va ipfw_netflow_hook 712.Pq Vt int 713netflow hook name, must be numerical 714(default 715.Pa 9995 ) . 716.It Va ipfw_netflow_rule 717.Pq Vt int 718ipfw rule number 719(default 720.Pa 1000 ) . 721.It Va ipfw_netflow_ip 722.Pq Vt str 723Destination server ip for receiving netflow data 724(default 725.Pa 127.0.0.1 ) . 726.It Va ipfw_netflow_port 727.Pq Vt int 728Destination server port for receiving netflow data 729(default 730.Pa 9995 ) . 731.It Va ipfw_netflow_version 732.Pq Vt int 733Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 734.It Va ipfw_netflow_fib 735.Pq Vt int 736Only match packet in FIB 737.Pa ipfw_netflow_fib 738(default is undefined meaning all FIBs). 739.It Va natd_program 740.Pq Vt str 741Path to 742.Xr natd 8 . 743.It Va natd_enable 744.Pq Vt bool 745Set to 746.Dq Li YES 747to enable 748.Xr natd 8 . 749.Va firewall_enable 750must also be set to 751.Dq Li YES , 752and 753.Xr divert 4 754sockets must be enabled in the kernel. 755If the kernel was not built with 756.Cd "options IPDIVERT" , 757the 758.Pa ipdivert.ko 759kernel module will be loaded. 760.It Va natd_interface 761.Pq Vt str 762This is the name of the public interface on which 763.Xr natd 8 764should run. 765The interface may be given as an interface name or as an IP address. 766.It Va natd_flags 767.Pq Vt str 768Additional 769.Xr natd 8 770flags should be placed here. 771The 772.Fl n 773or 774.Fl a 775flag is automatically added with the above 776.Va natd_interface 777as an argument. 778.\" ----- ipfilter_enable setting -------------------------------- 779.It Va ipfilter_enable 780.Pq Vt bool 781Set to 782.Dq Li NO 783by default. 784Setting this to 785.Dq Li YES 786enables 787.Xr ipf 8 788packet filtering. 789.Pp 790Typical usage will require putting 791.Bd -literal 792ipfilter_enable="YES" 793ipnat_enable="YES" 794ipmon_enable="YES" 795ipfs_enable="YES" 796.Ed 797.Pp 798into 799.Pa /etc/rc.conf 800and editing 801.Pa /etc/ipf.rules 802and 803.Pa /etc/ipnat.rules 804appropriately. 805.Pp 806Note that 807.Va ipfilter_enable 808and 809.Va ipnat_enable 810can be enabled independently. 811.Va ipmon_enable 812and 813.Va ipfs_enable 814both require at least one of 815.Va ipfilter_enable 816and 817.Va ipnat_enable 818to be enabled. 819.Pp 820Having 821.Bd -literal 822options IPFILTER 823options IPFILTER_LOG 824options IPFILTER_DEFAULT_BLOCK 825.Ed 826.Pp 827in the kernel configuration file is a good idea, too. 828.\" ----- ipfilter_program setting ------------------------------ 829.It Va ipfilter_program 830.Pq Vt str 831Path to 832.Xr ipf 8 833(default 834.Pa /sbin/ipf ) . 835.\" ----- ipfilter_rules setting -------------------------------- 836.It Va ipfilter_rules 837.Pq Vt str 838Set to 839.Pa /etc/ipf.rules 840by default. 841This variable contains the name of the filter rule definition file. 842The file is expected to be readable for the 843.Xr ipf 8 844command to execute. 845.\" ----- ipfilter_flags setting -------------------------------- 846.It Va ipfilter_flags 847.Pq Vt str 848Empty by default. 849This variable contains flags passed to the 850.Xr ipf 8 851program. 852.\" ----- ipnat_enable setting ---------------------------------- 853.It Va ipnat_enable 854.Pq Vt bool 855Set to 856.Dq Li NO 857by default. 858Set it to 859.Dq Li YES 860to enable 861.Xr ipnat 8 862network address translation. 863See 864.Va ipfilter_enable 865for a detailed discussion. 866.\" ----- ipnat_program setting --------------------------------- 867.It Va ipnat_program 868.Pq Vt str 869Path to 870.Xr ipnat 8 871(default 872.Pa /sbin/ipnat ) . 873.\" ----- ipnat_rules setting ----------------------------------- 874.It Va ipnat_rules 875.Pq Vt str 876Set to 877.Pa /etc/ipnat.rules 878by default. 879This variable contains the name of the file 880holding the network address translation definition. 881This file is expected to be readable for the 882.Xr ipnat 8 883command to execute. 884.\" ----- ipnat_flags setting ----------------------------------- 885.It Va ipnat_flags 886.Pq Vt str 887Empty by default. 888This variable contains flags passed to the 889.Xr ipnat 8 890program. 891.\" ----- ipmon_enable setting ---------------------------------- 892.It Va ipmon_enable 893.Pq Vt bool 894Set to 895.Dq Li NO 896by default. 897Set it to 898.Dq Li YES 899to enable 900.Xr ipmon 8 901monitoring (logging 902.Xr ipf 8 903and 904.Xr ipnat 8 905events). 906Setting this variable needs setting 907.Va ipfilter_enable 908or 909.Va ipnat_enable 910too. 911See 912.Va ipfilter_enable 913for a detailed discussion. 914.\" ----- ipmon_program setting --------------------------------- 915.It Va ipmon_program 916.Pq Vt str 917Path to 918.Xr ipmon 8 919(default 920.Pa /sbin/ipmon ) . 921.\" ----- ipmon_flags setting ----------------------------------- 922.It Va ipmon_flags 923.Pq Vt str 924Set to 925.Dq Li -Ds 926by default. 927This variable contains flags passed to the 928.Xr ipmon 8 929program. 930Another typical example would be 931.Dq Fl D Pa /var/log/ipflog 932to have 933.Xr ipmon 8 934log directly to a file bypassing 935.Xr syslogd 8 . 936Make sure to adjust 937.Pa /etc/newsyslog.conf 938in such case like this: 939.Bd -literal 940/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 941.Ed 942.\" ----- ipfs_enable setting ----------------------------------- 943.It Va ipfs_enable 944.Pq Vt bool 945Set to 946.Dq Li NO 947by default. 948Set it to 949.Dq Li YES 950to enable 951.Xr ipfs 8 952saving the filter and NAT state tables during shutdown 953and reloading them during startup again. 954Setting this variable needs setting 955.Va ipfilter_enable 956or 957.Va ipnat_enable 958to 959.Dq Li YES 960too. 961See 962.Va ipfilter_enable 963for a detailed discussion. 964Note that if 965.Va kern_securelevel 966is set to 3, 967.Va ipfs_enable 968cannot be used 969because the raised securelevel will prevent 970.Xr ipfs 8 971from saving the state tables at shutdown time. 972.\" ----- ipfs_program setting ---------------------------------- 973.It Va ipfs_program 974.Pq Vt str 975Path to 976.Xr ipfs 8 977(default 978.Pa /sbin/ipfs ) . 979.\" ----- ipfs_flags setting ------------------------------------ 980.It Va ipfs_flags 981.Pq Vt str 982Empty by default. 983This variable contains flags passed to the 984.Xr ipfs 8 985program. 986.\" ----- end of added ipf hook --------------------------------- 987.It Va pf_enable 988.Pq Vt bool 989Set to 990.Dq Li NO 991by default. 992Setting this to 993.Dq Li YES 994enables 995.Xr pf 4 996packet filtering. 997.Pp 998Typical usage will require putting 999.Pp 1000.Dl pf_enable="YES" 1001.Pp 1002into 1003.Pa /etc/rc.conf 1004and editing 1005.Pa /etc/pf.conf 1006appropriately. 1007Adding 1008.Pp 1009.Dl "device pf" 1010.Pp 1011builds support for 1012.Xr pf 4 1013into the kernel, otherwise the 1014kernel module will be loaded. 1015.It Va pf_rules 1016.Pq Vt str 1017Path to 1018.Xr pf 4 1019ruleset configuration file 1020(default 1021.Pa /etc/pf.conf ) . 1022.It Va pf_program 1023.Pq Vt str 1024Path to 1025.Xr pfctl 8 1026(default 1027.Pa /sbin/pfctl ) . 1028.It Va pf_flags 1029.Pq Vt str 1030If 1031.Va pf_enable 1032is set to 1033.Dq Li YES , 1034these flags are passed to the 1035.Xr pfctl 8 1036program when loading the ruleset. 1037.It Va pf_fallback_rules_enable 1038.Pq Vt bool 1039Set to 1040.Dq Li NO 1041by default. 1042Setting this to 1043.Dq Li YES 1044enables loading 1045.Va pf_fallback_rules_file 1046or 1047.Va pf_fallback_rules 1048in case of a problem when loading the ruleset in 1049.Va pf_rules . 1050.It Va pf_fallback_rules_file 1051.Pq Vt str 1052Path to a pf ruleset to load in case of failure when loading the 1053ruleset in 1054.Va pf_rules 1055(default 1056.Pa /etc/pf-fallback.conf ) . 1057.It Va pf_fallback_rules 1058.Pq Vt str 1059A pf ruleset to load in case of failure when loading the ruleset in 1060.Va pf_rules 1061and 1062.Va pf_fallback_rules_file 1063is not found. 1064Multiple rules can be set as follows: 1065.Bd -literal 1066pf_fallback_rules="\\ 1067 block drop log all\\ 1068 pass in quick on em0" 1069.Pp 1070.Ed 1071The default fallback rule is 1072.Dq block drop log all 1073.It Va pflog_enable 1074.Pq Vt bool 1075Set to 1076.Dq Li NO 1077by default. 1078Setting this to 1079.Dq Li YES 1080enables 1081.Xr pflogd 8 1082which logs packets from the 1083.Xr pf 4 1084packet filter. 1085.It Va pflog_logfile 1086.Pq Vt str 1087If 1088.Va pflog_enable 1089is set to 1090.Dq Li YES 1091this controls where 1092.Xr pflogd 8 1093stores the logfile 1094(default 1095.Pa /var/log/pflog ) . 1096Check 1097.Pa /etc/newsyslog.conf 1098to adjust logfile rotation for this. 1099.It Va pflog_program 1100.Pq Vt str 1101Path to 1102.Xr pflogd 8 1103(default 1104.Pa /sbin/pflogd ) . 1105.It Va pflog_flags 1106.Pq Vt str 1107Empty by default. 1108This variable contains additional flags passed to the 1109.Xr pflogd 8 1110program. 1111.It Va pflog_instances 1112.Pq Vt str 1113If logging to more than one 1114.Xr pflog 4 1115interface is desired, 1116.Va pflog_instances 1117is set to the list of 1118.Xr pflogd 8 1119instances that should be started at system boot time. 1120If 1121.Va pflog_instances 1122is set, for each whitespace-separated 1123.Ar element 1124in the list, 1125.Ao Ar element Ac Ns Va _dev 1126and 1127.Ao Ar element Ac Ns Va _logfile 1128elements are assumed to exist. 1129.Ao Ar element Ac Ns Va _dev 1130must contain the 1131.Xr pflog 4 1132interface to be watched by the named 1133.Xr pflogd 8 1134instance. 1135.Ao Ar element Ac Ns Va _logfile 1136must contain the name of the logfile that will be used by the 1137.Xr pflogd 8 1138instance. 1139.It Va ftpproxy_enable 1140.Pq Vt bool 1141Set to 1142.Dq Li NO 1143by default. 1144Setting this to 1145.Dq Li YES 1146enables 1147.Xr ftp-proxy 8 1148which supports the 1149.Xr pf 4 1150packet filter in translating ftp connections. 1151.It Va ftpproxy_flags 1152.Pq Vt str 1153Empty by default. 1154This variable contains additional flags passed to the 1155.Xr ftp-proxy 8 1156program. 1157.It Va ftpproxy_instances 1158.Pq Vt str 1159Empty by default. 1160If multiple instances of 1161.Xr ftp-proxy 8 1162are desired at boot time, 1163.Va ftpproxy_instances 1164should contain a whitespace-separated list of instance names. 1165For each 1166.Ar element 1167in the list, a variable named 1168.Ao Ar element Ac Ns Va _flags 1169should be defined, containing the command-line flags to be passed to the 1170.Xr ftp-proxy 8 1171instance. 1172.It Va pfsync_enable 1173.Pq Vt bool 1174Set to 1175.Dq Li NO 1176by default. 1177Setting this to 1178.Dq Li YES 1179enables exposing 1180.Xr pf 4 1181state changes to other hosts over the network by means of 1182.Xr pfsync 4 . 1183The 1184.Va pfsync_syncdev 1185variable 1186must also be set then. 1187.It Va pfsync_syncdev 1188.Pq Vt str 1189Empty by default. 1190This variable specifies the name of the network interface 1191.Xr pfsync 4 1192should operate through. 1193It must be set accordingly if 1194.Va pfsync_enable 1195is set to 1196.Dq Li YES . 1197.It Va pfsync_syncpeer 1198.Pq Vt str 1199Empty by default. 1200This variable is optional. 1201By default, state change messages are sent out on the synchronisation 1202interface using IP multicast packets. 1203The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1204224.0.0.240. 1205When a peer address is specified using the 1206.Va pfsync_syncpeer 1207option, the peer address is used as a destination for the pfsync 1208traffic, and the traffic can then be protected using 1209.Xr ipsec 4 . 1210See the 1211.Xr pfsync 4 1212manpage for more details about using 1213.Xr ipsec 4 1214with 1215.Xr pfsync 4 1216interfaces. 1217.It Va pfsync_ifconfig 1218.Pq Vt str 1219Empty by default. 1220This variable can contain additional options to be passed to the 1221.Xr ifconfig 8 1222command used to set up 1223.Xr pfsync 4 . 1224.It Va tcp_extensions 1225.Pq Vt bool 1226Set to 1227.Dq Li YES 1228by default. 1229Setting this to 1230.Dq Li NO 1231disables certain TCP options as described by 1232.Rs 1233.%T "RFC 1323" 1234.Re 1235Setting this to 1236.Dq Li NO 1237might help remedy such problems with connections as randomly hanging 1238or other weird behavior. 1239Some network devices are known 1240to be broken with respect to these options. 1241.It Va log_in_vain 1242.Pq Vt int 1243Set to 0 by default. 1244The 1245.Xr sysctl 8 1246variables, 1247.Va net.inet.tcp.log_in_vain 1248and 1249.Va net.inet.udp.log_in_vain , 1250as described in 1251.Xr tcp 4 1252and 1253.Xr udp 4 , 1254are set to the given value. 1255.It Va tcp_keepalive 1256.Pq Vt bool 1257Set to 1258.Dq Li YES 1259by default. 1260Setting to 1261.Dq Li NO 1262will disable probing idle TCP connections to verify that the 1263peer is still up and reachable. 1264.It Va tcp_drop_synfin 1265.Pq Vt bool 1266Set to 1267.Dq Li NO 1268by default. 1269Setting to 1270.Dq Li YES 1271will cause the kernel to ignore TCP frames that have both 1272the SYN and FIN flags set. 1273This prevents OS fingerprinting, but may 1274break some legitimate applications. 1275.It Va icmp_drop_redirect 1276.Pq Vt bool 1277Set to 1278.Dq Li AUTO 1279by default. 1280This setting will be identical to 1281.Dq Li YES , 1282if a dynamicrouting daemon is enabled, because redirect processing may 1283cause performance issues for large routing tables. 1284If no such service is enabled, this setting behaves like a 1285.Dq Li NO . 1286Setting to 1287.Dq Li YES 1288will cause the kernel to ignore ICMP REDIRECT packets. 1289Setting to 1290.Dq Li NO 1291will cause the kernel to process ICMP REDIRECT packets. 1292Refer to 1293.Xr icmp 4 1294for more information. 1295.It Va icmp_log_redirect 1296.Pq Vt bool 1297Set to 1298.Dq Li NO 1299by default. 1300Setting to 1301.Dq Li YES 1302will cause the kernel to log ICMP REDIRECT packets. 1303Note that 1304the log messages are not rate-limited, so this option should only be used 1305for troubleshooting networks. 1306Refer to 1307.Xr icmp 4 1308for more information. 1309.It Va icmp_bmcastecho 1310.Pq Vt bool 1311Set to 1312.Dq Li YES 1313to respond to broadcast or multicast ICMP ping packets. 1314Refer to 1315.Xr icmp 4 1316for more information. 1317.It Va ip_portrange_first 1318.Pq Vt int 1319If not set to 1320.Dq Li NO , 1321this is the first port in the default portrange. 1322Refer to 1323.Xr ip 4 1324for more information. 1325.It Va ip_portrange_last 1326.Pq Vt int 1327If not set to 1328.Dq Li NO , 1329this is the last port in the default portrange. 1330Refer to 1331.Xr ip 4 1332for more information. 1333.It Va network_interfaces 1334.Pq Vt str 1335Set to the list of network interfaces to configure on this host or 1336.Dq Li AUTO 1337(the default) for all current interfaces. 1338Setting the 1339.Va network_interfaces 1340variable to anything other than the default is deprecated. 1341Interfaces that the administrator wishes to store configuration for, 1342but not start at boot should be configured with the 1343.Dq Li NOAUTO 1344keyword in their 1345.Va ifconfig_ Ns Aq Ar interface 1346variables as described below. 1347.Pp 1348An 1349.Va ifconfig_ Ns Aq Ar interface 1350variable is also assumed to exist for each value of 1351.Ar interface . 1352When an interface name contains any of the characters 1353.Dq Li .-/+ 1354they are translated to 1355.Dq Li _ 1356before lookup. 1357The variable can contain arguments to 1358.Xr ifconfig 8 , 1359as well as special case-insensitive keywords described below. 1360Such keywords are removed before passing the value to 1361.Xr ifconfig 8 1362while the order of the other arguments is preserved. 1363.Pp 1364It is possible to add IP alias entries using 1365.Xr ifconfig 8 1366syntax with the address family keyword such as 1367.Li inet . 1368Assuming that the interface in question was 1369.Li em0 , 1370it might look something like this: 1371.Bd -literal 1372ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1373ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1374.Ed 1375.Pp 1376It also possible to configure multiple IP addresses in Classless 1377Inter-Domain Routing 1378.Pq CIDR 1379address notation, 1380whose each address component can be a range like 1381.Li inet 192.0.2.5-23/24 1382or 1383.Li inet6 2001:db8:1-f::1/64 . 1384This notation allows address and prefix length part only, 1385not the other address modifiers. 1386Note that the maximum number of the generated addresses from a range 1387specification is limited to an integer value specified in 1388.Va netif_ipexpand_max 1389in 1390.Nm 1391because a small typo can unexpectedly generate a large number of addresses. 1392The default value is 1393.Li 2048 . 1394It can be increased by adding the following line into 1395.Nm : 1396.Bd -literal 1397netif_ipexpand_max="4096" 1398.Ed 1399.Pp 1400In the case of 1401.Li 192.0.2.5-23/24 , 1402the address 192.0.2.5 will be configured with the 1403netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1404the non-conflicting netmask /32 as explained in the 1405.Xr ifconfig 8 1406alias section. 1407Note that this special netmask handling is only for 1408.Li inet , 1409not for the other address families such as 1410.Li inet6 . 1411.Pp 1412With the interface in question being 1413.Li em0 , 1414an example could look like: 1415.Bd -literal 1416ifconfig_em0_alias2="inet 192.0.2.129/27" 1417ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1418.Ed 1419.Pp 1420and so on. 1421.Pp 1422Note that deprecated 1423.Va ipv4_addrs_ Ns Aq Ar interface 1424variable was supported for IPv4 CIDR address notation. 1425The 1426.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1427variable replaces it, though 1428.Va ipv4_addrs_ Ns Aq Ar interface 1429is still supported for backward compatibility. 1430.Pp 1431For each 1432.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1433entry with an address family keyword, 1434its contents are passed to 1435.Xr ifconfig 8 . 1436Execution stops at the first unsuccessful access, so if 1437something like this is present: 1438.Bd -literal 1439ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1440ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1441ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1442ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1443.Ed 1444.Pp 1445Then note that alias4 would 1446.Em not 1447be added since the search would 1448stop with the missing 1449.Dq Li alias3 1450entry. 1451Because of this difficult to manage behavior, 1452there is 1453.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1454variable, which has the same functionality as 1455.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1456and can have all of entries in a variable like the following: 1457.Bd -literal 1458ifconfig_em0_aliases="\\ 1459 inet 127.0.0.251 netmask 0xffffffff \\ 1460 inet 127.0.0.252 netmask 0xffffffff \\ 1461 inet 127.0.0.253 netmask 0xffffffff \\ 1462 inet 127.0.0.254 netmask 0xffffffff" 1463.Ed 1464.Pp 1465It also supports CIDR notation. 1466.Pp 1467If the 1468.Pa /etc/start_if . Ns Aq Ar interface 1469file is present, it is read and executed by the 1470.Xr sh 1 1471interpreter 1472before configuring the interface as specified in the 1473.Va ifconfig_ Ns Aq Ar interface 1474and 1475.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1476variables. 1477.Pp 1478If a 1479.Va vlans_ Ns Aq Ar interface 1480variable is set, 1481a 1482.Xr vlan 4 1483interface will be created for each item in the list with the 1484.Ar vlandev 1485argument set to 1486.Ar interface . 1487If a vlan interface's name is a number, 1488then that number is used as the vlan tag and the new vlan interface is 1489named 1490.Ar interface . Ns Ar tag . 1491Otherwise, 1492the vlan tag must be specified via a 1493.Va vlan 1494parameter in the 1495.Va create_args_ Ns Aq Ar interface 1496variable. 1497.Pp 1498To create a vlan device named 1499.Li em0.101 1500on 1501.Li em0 1502with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1503.Bd -literal 1504vlans_em0="101" 1505ifconfig_em0_101="inet 192.0.2.1/24" 1506.Ed 1507.Pp 1508To create a vlan device named 1509.Li myvlan 1510on 1511.Li em0 1512with the vlan tag 102: 1513.Bd -literal 1514vlans_em0="myvlan" 1515create_args_myvlan="vlan 102" 1516.Ed 1517.Pp 1518If a 1519.Va wlans_ Ns Aq Ar interface 1520variable is set, 1521an 1522.Xr wlan 4 1523interface will be created for each item in the list with the 1524.Ar wlandev 1525argument set to 1526.Ar interface . 1527Further wlan cloning arguments may be passed to the 1528.Xr ifconfig 8 1529.Cm create 1530command by setting the 1531.Va create_args_ Ns Aq Ar interface 1532variable. 1533One or more 1534.Xr wlan 4 1535devices must be created for each wireless devices as of 1536.Fx 8.0 . 1537Debugging flags for 1538.Xr wlan 4 1539devices as set by 1540.Xr wlandebug 8 1541may be specified with an 1542.Va wlandebug_ Ns Aq Ar interface 1543variable. 1544The contents of this variable will be passed directly to 1545.Xr wlandebug 8 . 1546.Pp 1547If the 1548.Va ifconfig_ Ns Aq Ar interface 1549contains the keyword 1550.Dq Li NOAUTO 1551then the interface will not be configured 1552at boot or by 1553.Pa /etc/pccard_ether 1554when 1555.Va network_interfaces 1556is set to 1557.Dq Li AUTO . 1558.Pp 1559It is possible to bring up an interface with DHCP by adding 1560.Dq Li DHCP 1561to the 1562.Va ifconfig_ Ns Aq Ar interface 1563variable. 1564For instance, to initialize the 1565.Li em0 1566device via DHCP, 1567it is possible to use something like: 1568.Bd -literal 1569ifconfig_em0="DHCP" 1570.Ed 1571.Pp 1572If you want to configure your wireless interface with 1573.Xr wpa_supplicant 8 1574for use with WPA, EAP/LEAP or WEP, you need to add 1575.Dq Li WPA 1576to the 1577.Va ifconfig_ Ns Aq Ar interface 1578variable. 1579.Pp 1580On the other hand, if you want to configure your wireless interface with 1581.Xr hostapd 8 , 1582you need to add 1583.Dq Li HOSTAP 1584to the 1585.Va ifconfig_ Ns Aq Ar interface 1586variable. 1587.Xr hostapd 8 1588will use the settings from 1589.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1590.Pp 1591Finally, you can add 1592.Xr ifconfig 8 1593options in this variable, in addition to the 1594.Pa /etc/start_if . Ns Aq Ar interface 1595file. 1596For instance, to configure an 1597.Xr ath 4 1598wireless device in station mode with an address obtained 1599via DHCP, using WPA authentication and 802.11b mode, it is 1600possible to use something like: 1601.Bd -literal 1602wlans_ath0="wlan0" 1603ifconfig_wlan0="DHCP WPA mode 11b" 1604.Ed 1605.Pp 1606In addition to the 1607.Va ifconfig_ Ns Aq Ar interface 1608form, a fallback variable 1609.Va ifconfig_DEFAULT 1610may be configured. 1611It will be used for all interfaces with no 1612.Va ifconfig_ Ns Aq Ar interface 1613variable. 1614This is intended to replace the no longer supported 1615.Va pccard_ifconfig 1616variable. 1617.Pp 1618It is also possible to rename an interface by doing: 1619.Bd -literal 1620ifconfig_em0_name="net0" 1621ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1622.Ed 1623.It Va ipv6_enable 1624.Pq Vt bool 1625This variable is deprecated. 1626Use 1627.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1628and 1629.Va ipv6_activate_all_interfaces 1630if necessary. 1631.Pp 1632If the variable is 1633.Dq Li YES , 1634.Dq Li inet6 accept_rtadv 1635is added to all of 1636.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1637and the 1638.Va ipv6_activate_all_interfaces 1639is defined as 1640.Dq Li YES . 1641.It Va ipv6_prefer 1642.Pq Vt bool 1643This variable is deprecated. 1644Use 1645.Va ip6addrctl_policy 1646instead. 1647.Pp 1648If the variable is 1649.Dq Li YES , 1650the default address selection policy table set by 1651.Xr ip6addrctl 8 1652will be IPv6-preferred. 1653.Pp 1654If the variable is 1655.Dq Li NO , 1656the default address selection policy table set by 1657.Xr ip6addrctl 8 1658will be IPv4-preferred. 1659.It Va ipv6_activate_all_interfaces 1660.Pq Vt bool 1661This controls initial configuration on IPv6-capable 1662interfaces with no corresponding 1663.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1664variable. 1665Note that it is not always necessary to set this variable to 1666.Dq YES 1667to use IPv6 functionality on 1668.Fx . 1669In most cases, just configuring 1670.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1671variables works. 1672.Pp 1673If the variable is 1674.Dq Li NO , 1675all interfaces which do not have a corresponding 1676.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1677variable will be marked as 1678.Dq Li IFDISABLED 1679at creation. 1680This means that all of IPv6 functionality on that interface 1681is completely disabled to enforce a security policy. 1682If the variable is set to 1683.Dq YES , 1684the flag will be cleared on all of the interfaces. 1685.Pp 1686In most cases, just defining an 1687.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1688for an IPv6-capable interface should be sufficient. 1689However, if an interface is added dynamically 1690.Pq by some tunneling protocols such as PPP, for example , 1691it is often difficult to define the variable in advance. 1692In such a case, configuring the 1693.Dq Li IFDISABLED 1694flag can be disabled by setting this variable to 1695.Dq YES . 1696.Pp 1697For more details of the 1698.Dq Li IFDISABLED 1699flag and keywords 1700.Dq Li inet6 ifdisabled , 1701see 1702.Xr ifconfig 8 . 1703.Pp 1704Default is 1705.Dq Li NO . 1706.It Va ipv6_privacy 1707.Pq Vt bool 1708If the variable is 1709.Dq Li YES 1710privacy addresses will be generated for each IPv6 1711interface as described in RFC 4941. 1712.It Va ipv6_network_interfaces 1713.Pq Vt str 1714This is the IPv6 equivalent of 1715.Va network_interfaces . 1716Normally manual configuration of this variable is not needed. 1717.It Va ipv6_cpe_wanif 1718.Pq Vt str 1719If the variable is set to an interface name, 1720the 1721.Xr ifconfig 8 1722options 1723.Dq inet6 -no_radr accept_rtadv 1724will be added to the specified interface automatically before evaluating 1725.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1726and two 1727.Xr sysctl 8 1728variables 1729.Va net.inet6.ip6.rfc6204w3 1730and 1731.Va net.inet6.ip6.no_radr 1732will be set to 1. 1733.Pp 1734This means the specified interface will accept ICMPv6 Router 1735Advertisement messages on that link and add the discovered 1736routers into the Default Router List. 1737While the other interfaces can still accept RA messages if the 1738.Dq inet6 accept_rtadv 1739option is specified, adding 1740routes into the Default Router List will be disabled by 1741.Dq inet6 no_radr 1742option by default. 1743See 1744.Xr ifconfig 8 1745for more details. 1746.Pp 1747Note that ICMPv6 Router Advertisement messages will be 1748accepted even when 1749.Va net.inet6.ip6.forwarding 1750is 1 1751.Pq packet forwarding is enabled 1752when 1753.Va net.inet6.ip6.rfc6204w3 1754is set to 1. 1755.Pp 1756Default is 1757.Dq Li NO . 1758.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1759.Pq Vt str 1760This assigns arbitrary description to an interface. 1761The 1762.Xr sysctl 8 1763variable 1764.Va net.ifdescr_maxlen 1765limits its length. 1766This static setting may be overridden by commands 1767started with dynamic interface configuration utilities 1768like 1769.Xr dhclient 8 1770hooks. 1771The description can be seen with 1772.Xr ifconfig 8 1773command and it may be exported with 1774.Xr bsnmpd 1 1775daemon using its MIB-2 module. 1776.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1777.Pq Vt str 1778IPv6 functionality on an interface should be configured by 1779.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1780instead of setting ifconfig parameters in 1781.Va ifconfig_ Ns Aq Ar interface . 1782If this variable is empty, all of IPv6 configurations on the 1783specified interface by other variables such as 1784.Va ipv6_prefix_ Ns Ao Ar interface Ac 1785will be ignored. 1786.Pp 1787Aliases should be set by 1788.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1789with 1790.Dq Li inet6 1791keyword. 1792For example: 1793.Bd -literal 1794ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1795ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1796.Ed 1797.Pp 1798Interfaces that have an 1799.Dq Li inet6 accept_rtadv 1800keyword in 1801.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1802setting will be automatically configured by SLAAC 1803.Pq StateLess Address AutoConfiguration 1804described in 1805.Rs 1806.%T "RFC 4862" 1807.Re 1808.Pp 1809Note that a link-local address will be automatically configured in 1810addition to the configured global-scope addresses because the IPv6 1811specifications require it on each link. 1812The address is calculated from the MAC address by using an algorithm 1813defined in 1814.Rs 1815.%T "RFC 4862" 1816.%O "Section 5.3" 1817.Re 1818.Pp 1819If only a link-local address is needed on the interface, 1820the following configuration can be used: 1821.Bd -literal 1822ifconfig_em0_ipv6="inet6 auto_linklocal" 1823.Ed 1824.Pp 1825A link-local address can also be configured manually. 1826This is useful for the default router address of an IPv6 router 1827so that it does not change when the network interface 1828card is replaced. 1829For example: 1830.Bd -literal 1831ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1832.Ed 1833.It Va ipv6_prefix_ Ns Aq Ar interface 1834.Pq Vt str 1835If one or more prefixes are defined in 1836.Va ipv6_prefix_ Ns Aq Ar interface 1837addresses based on each prefix and the EUI-64 interface index will be 1838configured on that interface. 1839Note that this variable will be ignored when 1840.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1841is empty. 1842.Pp 1843For example, the following configuration 1844.Bd -literal 1845ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1846.Ed 1847.Pp 1848is equivalent to the following: 1849.Bd -literal 1850ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1851ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1852ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1853ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1854.Ed 1855.Pp 1856These Subnet-Router anycast addresses will be added only when 1857.Va ipv6_gateway_enable 1858is YES. 1859.It Va ipv6_default_interface 1860.Pq Vt str 1861If not set to 1862.Dq Li NO , 1863this is the default output interface for scoped addresses. 1864This works only with ipv6_gateway_enable="NO". 1865.It Va ip6addrctl_enable 1866.Pq Vt bool 1867This variable is to enable configuring default address selection policy table 1868.Pq RFC 3484 . 1869The table can be specified in another variable 1870.Va ip6addrctl_policy . 1871For 1872.Va ip6addrctl_policy 1873the following keywords can be specified: 1874.Dq Li ipv4_prefer , 1875.Dq Li ipv6_prefer , 1876or 1877.Dq Li AUTO . 1878.Pp 1879If 1880.Dq Li ipv4_prefer 1881or 1882.Dq Li ipv6_prefer 1883is specified, 1884.Xr ip6addrctl 8 1885installs a pre-defined policy table described in Section 10.3 1886.Pq IPv4-preferred 1887or 2.1 1888.Pq IPv6-preferred 1889of RFC 3484. 1890.Pp 1891If 1892.Dq Li AUTO 1893is specified, it attempts to read a file 1894.Pa /etc/ip6addrctl.conf 1895first. 1896If this file is found, 1897.Xr ip6addrctl 8 1898reads and installs it. 1899If not found, a policy is automatically set 1900according to 1901.Va ipv6_activate_all_interfaces 1902variable; if the variable is set to 1903.Dq Li YES 1904the IPv6-preferred one is used. 1905Otherwise IPv4-preferred. 1906.Pp 1907The default value of 1908.Va ip6addrctl_enable 1909and 1910.Va ip6addrctl_policy 1911are 1912.Dq Li YES 1913and 1914.Dq Li AUTO , 1915respectively. 1916.It Va cloned_interfaces 1917.Pq Vt str 1918Set to the list of clonable network interfaces to create on this host. 1919Further cloning arguments may be passed to the 1920.Xr ifconfig 8 1921.Cm create 1922command for each interface by setting the 1923.Va create_args_ Ns Aq Ar interface 1924variable. 1925If an interface name is specified with 1926.Dq :sticky 1927keyword, 1928the interface will not be destroyed even when 1929.Pa rc.d/netif 1930script is invoked with 1931.Dq stop 1932argument. 1933This is useful when reconfiguring the interface without destroying it. 1934Entries in 1935.Va cloned_interfaces 1936are automatically appended to 1937.Va network_interfaces 1938for configuration. 1939.It Va cloned_interfaces_sticky 1940.Pq Vt bool 1941This variable is to globally enable functionality of 1942.Dq :sticky 1943keyword in 1944.Va cloned_interfaces 1945for all interfaces. 1946The default value is 1947.Dq NO . 1948Even if this variable is specified to 1949.Dq YES , 1950.Dq :nosticky 1951keyword can be used to override it on per interface basis. 1952.It Va gif_interfaces 1953Set to the list of 1954.Xr gif 4 1955tunnel interfaces to configure on this host. 1956A 1957.Va gifconfig_ Ns Aq Ar interface 1958variable is assumed to exist for each value of 1959.Ar interface . 1960The value of this variable is used to configure the link layer of the 1961tunnel using the 1962.Cm tunnel 1963option to 1964.Xr ifconfig 8 . 1965Additionally, this option ensures that each listed interface is created 1966via the 1967.Cm create 1968option to 1969.Xr ifconfig 8 1970before attempting to configure it. 1971.Pp 1972For example, configure two 1973.Xr gif 4 1974interfaces with: 1975.Bd -literal 1976gif_interfaces="gif0 gif1" 1977gifconfig_gif0="100.64.0.1 100.64.0.2" 1978ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1979gifconfig_gif1="inet6 2a00::1 2a01::1" 1980ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1981.Ed 1982.It Va ppp_enable 1983.Pq Vt bool 1984If set to 1985.Dq Li YES , 1986run the 1987.Xr ppp 8 1988daemon. 1989.It Va ppp_profile 1990.Pq Vt str 1991The name of the profile to use from 1992.Pa /etc/ppp/ppp.conf . 1993Also used for per-profile overrides of 1994.Va ppp_mode 1995and 1996.Va ppp_nat , 1997and 1998.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1999When the profile name contains any of the characters 2000.Dq Li .-/+ 2001they are translated to 2002.Dq Li _ 2003for the proposes of the override variable names. 2004.It Va ppp_mode 2005.Pq Vt str 2006Mode in which to run the 2007.Xr ppp 8 2008daemon. 2009.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2010.Pq Vt str 2011Overrides the global 2012.Va ppp_mode 2013for 2014.Ar profile . 2015Accepted modes are 2016.Dq Li auto , 2017.Dq Li ddial , 2018.Dq Li direct 2019and 2020.Dq Li dedicated . 2021See the manual for a full description. 2022.It Va ppp_nat 2023.Pq Vt bool 2024If set to 2025.Dq Li YES , 2026enables network address translation. 2027Used in conjunction with 2028.Va gateway_enable 2029allows hosts on private network addresses access to the Internet using 2030this host as a network address translating router. 2031Default is 2032.Dq Li YES . 2033.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2034.Pq Vt str 2035Overrides the global 2036.Va ppp_nat 2037for 2038.Ar profile . 2039.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2040.Pq Vt int 2041Set the unit number to be used for this profile. 2042See the manual description of 2043.Fl unit Ns Ar N 2044for details. 2045.It Va ppp_user 2046.Pq Vt str 2047The name of the user under which 2048.Xr ppp 8 2049should be started. 2050By 2051default, 2052.Xr ppp 8 2053is started as 2054.Dq Li root . 2055.It Va rc_conf_files 2056.Pq Vt str 2057This option is used to specify a list of files that will override 2058the settings in 2059.Pa /etc/defaults/rc.conf . 2060The files will be read in the order in which they are specified and should 2061include the full path to the file. 2062By default, the files specified are 2063.Pa /etc/rc.conf 2064and 2065.Pa /etc/rc.conf.local 2066.It Va zfs_enable 2067.Pq Vt bool 2068If set to 2069.Dq Li YES , 2070.Pa /etc/rc.d/zfs 2071will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2072(ZVOLs). 2073.It Va zpool_reguid 2074.Pq Vt str 2075A space-separated list of ZFS pool names for which new pool GUIDs should be 2076assigned upon first boot. 2077This is useful when using a ZFS pool copied from a template, such as a virtual 2078machine image. 2079.It Va gptboot_enable 2080.Pq Vt bool 2081If set to 2082.Dq Li YES , 2083.Pa /etc/rc.d/gptboot 2084will log if the system successfully (or not) booted from a GPT partition, 2085which had the 2086.Ar bootonce 2087attribute set using 2088.Xr gpart 8 2089utility. 2090.It Va gbde_autoattach_all 2091.Pq Vt bool 2092If set to 2093.Dq Li YES , 2094.Pa /etc/rc.d/gbde 2095will attempt to automatically initialize your .bde devices in 2096.Pa /etc/fstab . 2097.It Va gbde_devices 2098.Pq Vt str 2099List the devices that the script should try to attach, 2100or 2101.Dq Li AUTO . 2102.It Va gbde_lockdir 2103.Pq Vt str 2104The directory where the 2105.Xr gbde 4 2106lockfiles are located. 2107The default lockfile directory is 2108.Pa /etc . 2109.Pp 2110The lockfile for each individual 2111.Xr gbde 4 2112device can be overridden by setting the variable 2113.Va gbde_lock_ Ns Aq Ar device , 2114where 2115.Ar device 2116is the encrypted device without the 2117.Dq Pa /dev/ 2118and 2119.Dq Pa .bde 2120parts. 2121.It Va gbde_attach_attempts 2122.Pq Vt int 2123Number of times to attempt attaching to a 2124.Xr gbde 4 2125device, i.e., how many times the user is asked for the pass-phrase. 2126Default is 3. 2127.It Va geli_devices 2128.Pq Vt str 2129List of devices to automatically attach on boot. 2130Note that .eli devices from 2131.Pa /etc/fstab 2132are automatically appended to this list. 2133.It Va geli_groups 2134.Pq Vt str 2135List of groups containing devices to automatically attach on boot with the same 2136keyfiles and passphrase. 2137This must be accompanied with a corresponding 2138.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2139variable. 2140.It Va geli_tries 2141.Pq Vt int 2142Number of times user is asked for the pass-phrase. 2143If empty, it will be taken from 2144.Va kern.geom.eli.tries 2145sysctl variable. 2146.It Va geli_default_flags 2147.Pq Vt str 2148Default flags to use by 2149.Xr geli 8 2150when configuring disk encryption. 2151Flags can be configured for every device separately by defining the 2152.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2153variable, and for every group separately by defining the 2154.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2155variable. 2156.It Va geli_autodetach 2157.Pq Vt str 2158Specifies if GELI devices should be marked for detach on last close after 2159file systems are mounted. 2160Default is 2161.Dq Li YES . 2162This can be changed for every device separately by defining the 2163.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2164variable. 2165.It Va root_rw_mount 2166.Pq Vt bool 2167Set to 2168.Dq Li YES 2169by default. 2170After the file systems are checked at boot time, the root file system 2171is remounted as read-write if this is set to 2172.Dq Li YES . 2173Diskless systems that mount their root file system from a read-only remote 2174NFS share should set this to 2175.Dq Li NO 2176in their 2177.Pa rc.conf . 2178.It Va fsck_y_enable 2179.Pq Vt bool 2180If set to 2181.Dq Li YES , 2182.Xr fsck 8 2183will be run with the 2184.Fl y 2185flag if the initial preen 2186of the file systems fails. 2187.It Va background_fsck 2188.Pq Vt bool 2189If set to 2190.Dq Li NO , 2191the system will not attempt to run 2192.Xr fsck 8 2193in the background where possible. 2194.It Va background_fsck_delay 2195.Pq Vt int 2196The amount of time in seconds to sleep before starting a background 2197.Xr fsck 8 . 2198It defaults to sixty seconds to allow large applications such as 2199the X server to start before disk I/O bandwidth is monopolized by 2200.Xr fsck 8 . 2201If set to a negative number, the background file system check will be 2202delayed indefinitely to allow the administrator to run it at a more 2203convenient time. 2204For example it may be run from 2205.Xr cron 8 2206by adding a line like 2207.Pp 2208.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2209.Pp 2210to 2211.Pa /etc/crontab . 2212.It Va netfs_types 2213.Pq Vt str 2214List of file system types that are network-based. 2215This list should generally not be modified by end users. 2216Use 2217.Va extra_netfs_types 2218instead. 2219.It Va extra_netfs_types 2220.Pq Vt str 2221If set to something other than 2222.Dq Li NO 2223(the default), 2224this variable extends the list of file system types 2225for which automatic mounting at startup by 2226.Xr rc 8 2227should be delayed until the network is initialized. 2228It should contain 2229a whitespace-separated list of network file system descriptor pairs, 2230each consisting of a file system type as passed to 2231.Xr mount 8 2232and a human-readable, one-word description, 2233joined with a colon 2234.Pq Ql \&: . 2235Extending the default list in this way is only necessary 2236when third party file system types are used. 2237.It Va syslogd_enable 2238.Pq Vt bool 2239If set to 2240.Dq Li YES , 2241run the 2242.Xr syslogd 8 2243daemon. 2244.It Va syslogd_program 2245.Pq Vt str 2246Path to 2247.Xr syslogd 8 2248(default 2249.Pa /usr/sbin/syslogd ) . 2250.It Va syslogd_flags 2251.Pq Vt str 2252If 2253.Va syslogd_enable 2254is set to 2255.Dq Li YES , 2256these are the flags to pass to 2257.Xr syslogd 8 . 2258.It Va inetd_enable 2259.Pq Vt bool 2260If set to 2261.Dq Li YES , 2262run the 2263.Xr inetd 8 2264daemon. 2265.It Va inetd_program 2266.Pq Vt str 2267Path to 2268.Xr inetd 8 2269(default 2270.Pa /usr/sbin/inetd ) . 2271.It Va inetd_flags 2272.Pq Vt str 2273If 2274.Va inetd_enable 2275is set to 2276.Dq Li YES , 2277these are the flags to pass to 2278.Xr inetd 8 . 2279.It Va hastd_enable 2280.Pq Vt bool 2281If set to 2282.Dq Li YES , 2283run the 2284.Xr hastd 8 2285daemon. 2286.It Va hastd_program 2287.Pq Vt str 2288Path to 2289.Xr hastd 8 2290(default 2291.Pa /sbin/hastd ) . 2292.It Va hastd_flags 2293.Pq Vt str 2294If 2295.Va hastd_enable 2296is set to 2297.Dq Li YES , 2298these are the flags to pass to 2299.Xr hastd 8 . 2300.It Va local_unbound_enable 2301.Pq Vt bool 2302If set to 2303.Dq Li YES , 2304run the 2305.Xr unbound 8 2306daemon as a local caching resolver. 2307.It Va kdc_enable 2308.Pq Vt bool 2309Set to 2310.Dq Li YES 2311to start a Kerberos 5 authentication server 2312at boot time. 2313.It Va kdc_program 2314.Pq Vt str 2315If 2316.Va kdc_enable 2317is set to 2318.Dq Li YES 2319this is the path to Kerberos 5 Authentication Server. 2320.It Va kdc_flags 2321.Pq Vt str 2322Empty by default. 2323This variable contains additional flags to be passed to the Kerberos 5 2324authentication server. 2325.It Va kadmind_enable 2326.Pq Vt bool 2327Set to 2328.Dq Li YES 2329to start 2330.Xr kadmind 8 , 2331the Kerberos 5 Administration Daemon; set to 2332.Dq Li NO 2333on a slave server. 2334.It Va kadmind_program 2335.Pq Vt str 2336If 2337.Va kadmind_enable 2338is set to 2339.Dq Li YES 2340this is the path to Kerberos 5 Administration Daemon. 2341.It Va kpasswdd_enable 2342.Pq Vt bool 2343Set to 2344.Dq Li YES 2345to start 2346.Xr kpasswdd 8 , 2347the Kerberos 5 Password-Changing Daemon; set to 2348.Dq Li NO 2349on a slave server. 2350.It Va kpasswdd_program 2351.Pq Vt str 2352If 2353.Va kpasswdd_enable 2354is set to 2355.Dq Li YES 2356this is the path to Kerberos 5 Password-Changing Daemon. 2357.It Va kfd_enable 2358.Pq Vt bool 2359Set to 2360.Dq Li YES 2361to start 2362.Xr kfd 8 , 2363the Kerberos 5 ticket forwarding daemon, at the boot time. 2364.It Va kfd_program 2365.Pq Vt str 2366Path to 2367.Xr kfd 8 2368(default 2369.Pa /usr/libexec/kfd ) . 2370.It Va rwhod_enable 2371.Pq Vt bool 2372If set to 2373.Dq Li YES , 2374run the 2375.Xr rwhod 8 2376daemon at boot time. 2377.It Va rwhod_flags 2378.Pq Vt str 2379If 2380.Va rwhod_enable 2381is set to 2382.Dq Li YES , 2383these are the flags to pass to it. 2384.It Va update_motd 2385.Pq Vt bool 2386If set to 2387.Dq Li YES , 2388.Pa /etc/motd 2389will be updated at boot time to reflect the kernel release 2390being run. 2391If set to 2392.Dq Li NO , 2393.Pa /etc/motd 2394will not be updated. 2395.It Va nfs_client_enable 2396.Pq Vt bool 2397If set to 2398.Dq Li YES , 2399run the NFS client daemons at boot time. 2400.It Va nfs_access_cache 2401.Pq Vt int 2402If 2403.Va nfs_client_enable 2404is set to 2405.Dq Li YES , 2406this can be set to 2407.Dq Li 0 2408to disable NFS ACCESS RPC caching, or to the number of seconds for which 2409NFS ACCESS 2410results should be cached. 2411A value of 2-10 seconds will substantially reduce network 2412traffic for many NFS operations. 2413.It Va nfs_server_enable 2414.Pq Vt bool 2415If set to 2416.Dq Li YES , 2417run the NFS server daemons at boot time. 2418.It Va nfs_server_flags 2419.Pq Vt str 2420If 2421.Va nfs_server_enable 2422is set to 2423.Dq Li YES , 2424these are the flags to pass to the 2425.Xr nfsd 8 2426daemon. 2427.It Va nfsv4_server_enable 2428.Pq Vt bool 2429If 2430.Va nfs_server_enable 2431is set to 2432.Dq Li YES 2433and 2434.Va nfsv4_server_enable 2435is set to 2436.Dq Li YES , 2437enable the server for NFSv4 as well as NFSv2 and NFSv3. 2438.It Va nfsv4_server_only 2439.Pq Vt bool 2440If 2441.Va nfs_server_enable 2442is set to 2443.Dq Li YES 2444and 2445.Va nfsv4_server_only 2446is set to 2447.Dq Li YES , 2448enable the NFS server for NFSv4 only. 2449.It Va nfs_server_maxio 2450.Pq Vt int 2451value to set vfs.nfsd.srvmaxio to, which is the 2452maximum I/O size for the NFS server. 2453.It Va tlsclntd_enable 2454.Pq Vt bool 2455If set to 2456.Dq Li YES , 2457run the 2458.Xr rpc.tlsclntd 8 2459daemon, which is needed for NFS-over-TLS NFS mounts. 2460.It Va tlsservd_enable 2461.Pq Vt bool 2462If set to 2463.Dq Li YES , 2464run the 2465.Xr rpc.tlsservd 8 2466daemon, which is needed for the 2467.Xr nfsd 8 2468to support NFS-over-TLS NFS mounts. 2469.It Va nfsuserd_enable 2470.Pq Vt bool 2471If 2472.Va nfsuserd_enable 2473is set to 2474.Dq Li YES , 2475run the nfsuserd daemon, which is needed for NFSv4 in order 2476to map between user/group names vs uid/gid numbers. 2477If 2478.Va nfsv4_server_enable 2479is set to 2480.Dq Li YES , 2481this will be forced enabled. 2482.It Va nfsuserd_flags 2483.Pq Vt str 2484If 2485.Va nfsuserd_enable 2486is set to 2487.Dq Li YES , 2488these are the flags to pass to the 2489.Xr nfsuserd 8 2490daemon. 2491.It Va nfscbd_enable 2492.Pq Vt bool 2493If 2494.Va nfscbd_enable 2495is set to 2496.Dq Li YES , 2497run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2498.It Va nfscbd_flags 2499.Pq Vt str 2500If 2501.Va nfscbd_enable 2502is set to 2503.Dq Li YES , 2504these are the flags to pass to the 2505.Xr nfscbd 8 2506daemon. 2507.It Va mountd_enable 2508.Pq Vt bool 2509If set to 2510.Dq Li YES , 2511and no 2512.Va nfs_server_enable 2513is set, start 2514.Xr mountd 8 , 2515but not 2516.Xr nfsd 8 2517daemon. 2518It is commonly needed to run CFS without real NFS used. 2519.It Va mountd_flags 2520.Pq Vt str 2521If 2522.Va mountd_enable 2523is set to 2524.Dq Li YES , 2525these are the flags to pass to the 2526.Xr mountd 8 2527daemon. 2528.It Va weak_mountd_authentication 2529.Pq Vt bool 2530If set to 2531.Dq Li YES , 2532allow services like PCNFSD to make non-privileged mount 2533requests. 2534.It Va nfs_reserved_port_only 2535.Pq Vt bool 2536If set to 2537.Dq Li YES , 2538provide NFS services only on a secure port. 2539.It Va nfs_bufpackets 2540.Pq Vt int 2541If set to a number, indicates the number of packets worth of 2542socket buffer space to reserve on an NFS client. 2543The kernel default is typically 4. 2544Using a higher number may be 2545useful on gigabit networks to improve performance. 2546The minimum value is 25472 and the maximum is 64. 2548.It Va rpc_lockd_enable 2549.Pq Vt bool 2550If set to 2551.Dq Li YES 2552and also an NFS server or client, run 2553.Xr rpc.lockd 8 2554at boot time. 2555.It Va rpc_lockd_flags 2556.Pq Vt str 2557If 2558.Va rpc_lockd_enable 2559is set to 2560.Dq Li YES , 2561these are the flags to pass to the 2562.Xr rpc.lockd 8 2563daemon. 2564.It Va rpc_statd_enable 2565.Pq Vt bool 2566If set to 2567.Dq Li YES 2568and also an NFS server or client, run 2569.Xr rpc.statd 8 2570at boot time. 2571.It Va rpc_statd_flags 2572.Pq Vt str 2573If 2574.Va rpc_statd_enable 2575is set to 2576.Dq Li YES , 2577these are the flags to pass to the 2578.Xr rpc.statd 8 2579daemon. 2580.It Va rpcbind_program 2581.Pq Vt str 2582Path to 2583.Xr rpcbind 8 2584(default 2585.Pa /usr/sbin/rpcbind ) . 2586.It Va rpcbind_enable 2587.Pq Vt bool 2588If set to 2589.Dq Li YES , 2590run the 2591.Xr rpcbind 8 2592service at boot time. 2593.It Va rpcbind_flags 2594.Pq Vt str 2595If 2596.Va rpcbind_enable 2597is set to 2598.Dq Li YES , 2599these are the flags to pass to the 2600.Xr rpcbind 8 2601daemon. 2602.It Va keyserv_enable 2603.Pq Vt bool 2604If set to 2605.Dq Li YES , 2606run the 2607.Xr keyserv 8 2608daemon on boot for running Secure RPC. 2609.It Va keyserv_flags 2610.Pq Vt str 2611If 2612.Va keyserv_enable 2613is set to 2614.Dq Li YES , 2615these are the flags to pass to 2616.Xr keyserv 8 2617daemon. 2618.It Va pppoed_enable 2619.Pq Vt bool 2620If set to 2621.Dq Li YES , 2622run the 2623.Xr pppoed 8 2624daemon at boot time to provide PPP over Ethernet services. 2625.It Va pppoed_ Ns Aq Ar provider 2626.Pq Vt str 2627.Xr pppoed 8 2628listens to requests to this 2629.Ar provider 2630and ultimately runs 2631.Xr ppp 8 2632with a 2633.Ar system 2634argument of the same name. 2635.It Va pppoed_flags 2636.Pq Vt str 2637Additional flags to pass to 2638.Xr pppoed 8 . 2639.It Va pppoed_interface 2640.Pq Vt str 2641The network interface to run 2642.Xr pppoed 8 2643on. 2644This is mandatory when 2645.Va pppoed_enable 2646is set to 2647.Dq Li YES . 2648.It Va ntpdate_enable 2649.Pq Vt bool 2650If set to 2651.Dq Li YES , 2652run 2653.Xr ntpdate 8 2654at system startup. 2655This command is intended to 2656synchronize the system clock only 2657.Em once 2658from some standard reference. 2659.Pp 2660Note that the use of the 2661.Va ntpd_sync_on_start 2662variable is a preferred alternative to the 2663.Xr ntpdate 8 2664utility as 2665.Xr ntpdate 8 2666is to be retired from the NTP distribution. 2667.It Va ntpdate_config 2668.Pq Vt str 2669Configuration file for 2670.Xr ntpdate 8 . 2671Default 2672.Pa /etc/ntp.conf . 2673.It Va ntpdate_hosts 2674.Pq Vt str 2675A whitespace-separated list of NTP servers to synchronize with at startup. 2676The default is to use the servers listed in 2677.Va ntpdate_config , 2678if that file exists. 2679.It Va ntpdate_program 2680.Pq Vt str 2681Path to 2682.Xr ntpdate 8 2683(default 2684.Pa /usr/sbin/ntpdate ) . 2685.It Va ntpdate_flags 2686.Pq Vt str 2687If 2688.Va ntpdate_enable 2689is set to 2690.Dq Li YES , 2691these are the flags to pass to the 2692.Xr ntpdate 8 2693command (typically a hostname). 2694.It Va ntpd_enable 2695.Pq Vt bool 2696If set to 2697.Dq Li YES , 2698run the 2699.Xr ntpd 8 2700command at boot time. 2701.It Va ntpd_program 2702.Pq Vt str 2703Path to 2704.Xr ntpd 8 2705(default 2706.Pa /usr/sbin/ntpd ) . 2707.It Va ntpd_config 2708.Pq Vt str 2709Path to 2710.Xr ntpd 8 2711configuration file. 2712Default 2713.Pa /etc/ntp.conf . 2714.It Va ntpd_flags 2715.Pq Vt str 2716If 2717.Va ntpd_enable 2718is set to 2719.Dq Li YES , 2720these are the flags to pass to the 2721.Xr ntpd 8 2722daemon. 2723.It Va ntpd_sync_on_start 2724.Pq Vt bool 2725If set to 2726.Dq Li YES , 2727.Xr ntpd 8 2728is run with the 2729.Fl g 2730flag, which syncs the system's clock on startup. 2731See 2732.Xr ntpd 8 2733for more information regarding the 2734.Fl g 2735option. 2736This is a preferred alternative to using 2737.Xr ntpdate 8 2738or specifying the 2739.Va ntpdate_enable 2740variable. 2741.It Va nis_client_enable 2742.Pq Vt bool 2743If set to 2744.Dq Li YES , 2745run the 2746.Xr ypbind 8 2747service at system boot time. 2748.It Va nis_client_flags 2749.Pq Vt str 2750If 2751.Va nis_client_enable 2752is set to 2753.Dq Li YES , 2754these are the flags to pass to the 2755.Xr ypbind 8 2756service. 2757.It Va nis_ypldap_enable 2758.Pq Vt bool 2759If set to 2760.Dq Li YES , 2761run the 2762.Xr ypldap 8 2763daemon at system boot time. 2764.It Va nis_ypldap_flags 2765.Pq Vt str 2766If 2767.Va nis.ypldap_enable 2768is set to 2769.Dq Li YES , 2770these are the flags to pass to the 2771.Xr ypldap 8 2772daemon. 2773.It Va nis_ypset_enable 2774.Pq Vt bool 2775If set to 2776.Dq Li YES , 2777run the 2778.Xr ypset 8 2779daemon at system boot time. 2780.It Va nis_ypset_flags 2781.Pq Vt str 2782If 2783.Va nis_ypset_enable 2784is set to 2785.Dq Li YES , 2786these are the flags to pass to the 2787.Xr ypset 8 2788daemon. 2789.It Va nis_server_enable 2790.Pq Vt bool 2791If set to 2792.Dq Li YES , 2793run the 2794.Xr ypserv 8 2795daemon at system boot time. 2796.It Va nis_server_flags 2797.Pq Vt str 2798If 2799.Va nis_server_enable 2800is set to 2801.Dq Li YES , 2802these are the flags to pass to the 2803.Xr ypserv 8 2804daemon. 2805.It Va nis_ypxfrd_enable 2806.Pq Vt bool 2807If set to 2808.Dq Li YES , 2809run the 2810.Xr rpc.ypxfrd 8 2811daemon at system boot time. 2812.It Va nis_ypxfrd_flags 2813.Pq Vt str 2814If 2815.Va nis_ypxfrd_enable 2816is set to 2817.Dq Li YES , 2818these are the flags to pass to the 2819.Xr rpc.ypxfrd 8 2820daemon. 2821.It Va nis_yppasswdd_enable 2822.Pq Vt bool 2823If set to 2824.Dq Li YES , 2825run the 2826.Xr rpc.yppasswdd 8 2827daemon at system boot time. 2828.It Va nis_yppasswdd_flags 2829.Pq Vt str 2830If 2831.Va nis_yppasswdd_enable 2832is set to 2833.Dq Li YES , 2834these are the flags to pass to the 2835.Xr rpc.yppasswdd 8 2836daemon. 2837.It Va rpc_ypupdated_enable 2838.Pq Vt bool 2839If set to 2840.Dq Li YES , 2841run the 2842.Nm rpc.ypupdated 2843daemon at system boot time. 2844.It Va bsnmpd_enable 2845.Pq Vt bool 2846If set to 2847.Dq Li YES , 2848run the 2849.Xr bsnmpd 1 2850daemon at system boot time. 2851Be sure to understand the security implications of running SNMP daemon 2852on your host. 2853.It Va bsnmpd_flags 2854.Pq Vt str 2855If 2856.Va bsnmpd_enable 2857is set to 2858.Dq Li YES , 2859these are the flags to pass to the 2860.Xr bsnmpd 1 2861daemon. 2862.It Va defaultrouter 2863.Pq Vt str 2864If not set to 2865.Dq Li NO , 2866create a default route to this host name or IP address 2867(use an IP address if this router is also required to get to the 2868name server!). 2869.It Va defaultrouter_fibN 2870.Pq Vt str 2871If not set to 2872.Dq Li NO , 2873create a default route in FIB N to this host name or IP address. 2874.It Va ipv6_defaultrouter 2875.Pq Vt str 2876The IPv6 equivalent of 2877.Va defaultrouter . 2878.It Va ipv6_defaultrouter_fibN 2879.Pq Vt str 2880The IPv6 equivalent of 2881.Va defaultrouter_fibN . 2882.It Va static_arp_pairs 2883.Pq Vt str 2884Set to the list of static ARP pairs that are to be added at system 2885boot time. 2886For each whitespace separated 2887.Ar element 2888in the value, a 2889.Va static_arp_ Ns Aq Ar element 2890variable is assumed to exist whose contents will later be passed to a 2891.Dq Nm arp Cm -S 2892operation. 2893For example 2894.Bd -literal 2895static_arp_pairs="gw" 2896static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2897.Ed 2898.It Va static_ndp_pairs 2899.Pq Vt str 2900Set to the list of static NDP pairs that are to be added at system 2901boot time. 2902For each whitespace separated 2903.Ar element 2904in the value, a 2905.Va static_ndp_ Ns Aq Ar element 2906variable is assumed to exist whose contents will later be passed to a 2907.Dq Nm ndp Cm -s 2908operation. 2909For example 2910.Bd -literal 2911static_ndp_pairs="gw" 2912static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2913.Ed 2914.It Va static_routes 2915.Pq Vt str 2916Set to the list of static routes that are to be added at system 2917boot time. 2918If not set to 2919.Dq Li NO 2920then for each whitespace separated 2921.Ar element 2922in the value, a 2923.Va route_ Ns Aq Ar element 2924variable is assumed to exist 2925whose contents will later be passed to a 2926.Dq Nm route Cm add 2927operation. 2928For example: 2929.Bd -literal 2930static_routes="ext mcast:gif0 gif0local:gif0" 2931route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2932route_mcast="-net 224.0.0.0/4 -iface gif0" 2933route_gif0local="-host 169.254.1.1 -iface lo0" 2934.Ed 2935.Pp 2936When an 2937.Ar element 2938is in the form of 2939.Li name:ifname , 2940the route is specific to the interface 2941.Li ifname . 2942.It Va ipv6_static_routes 2943.Pq Vt str 2944The IPv6 equivalent of 2945.Va static_routes . 2946If not set to 2947.Dq Li NO 2948then for each whitespace separated 2949.Ar element 2950in the value, a 2951.Va ipv6_route_ Ns Aq Ar element 2952variable is assumed to exist 2953whose contents will later be passed to a 2954.Dq Nm route Cm add Fl inet6 2955operation. 2956.It Va gateway_enable 2957.Pq Vt bool 2958If set to 2959.Dq Li YES , 2960configure host to act as an IP router, e.g.\& to forward packets 2961between interfaces. 2962.It Va ipv6_gateway_enable 2963.Pq Vt bool 2964The IPv6 equivalent of 2965.Va gateway_enable . 2966.It Va routed_enable 2967.Pq Vt bool 2968If set to 2969.Dq Li YES , 2970run a routing daemon of some sort, based on the 2971settings of 2972.Va routed_program 2973and 2974.Va routed_flags . 2975.It Va route6d_enable 2976.Pq Vt bool 2977The IPv6 equivalent of 2978.Va routed_enable . 2979If set to 2980.Dq Li YES , 2981run a routing daemon of some sort, based on the 2982settings of 2983.Va route6d_program 2984and 2985.Va route6d_flags . 2986.It Va routed_program 2987.Pq Vt str 2988If 2989.Va routed_enable 2990is set to 2991.Dq Li YES , 2992this is the name of the routing daemon to use. 2993.It Va route6d_program 2994.Pq Vt str 2995The IPv6 equivalent of 2996.Va routed_program . 2997.It Va routed_flags 2998.Pq Vt str 2999If 3000.Va routed_enable 3001is set to 3002.Dq Li YES , 3003these are the flags to pass to the routing daemon. 3004.It Va route6d_flags 3005.Pq Vt str 3006The IPv6 equivalent of 3007.Va routed_flags . 3008.It Va rtadvd_enable 3009.Pq Vt bool 3010If set to 3011.Dq Li YES , 3012run the 3013.Xr rtadvd 8 3014daemon at boot time. 3015The 3016.Xr rtadvd 8 3017utility sends ICMPv6 Router Advertisement messages to 3018the interfaces specified in 3019.Va rtadvd_interfaces . 3020This should only be enabled with great care. 3021You may want to fine-tune 3022.Xr rtadvd.conf 5 . 3023.It Va rtadvd_interfaces 3024.Pq Vt str 3025If 3026.Va rtadvd_enable 3027is set to 3028.Dq Li YES 3029this is the list of interfaces to use. 3030.It Va arpproxy_all 3031.Pq Vt bool 3032If set to 3033.Dq Li YES , 3034enable global proxy ARP. 3035.It Va forward_sourceroute 3036.Pq Vt bool 3037If set to 3038.Dq Li YES 3039and 3040.Va gateway_enable 3041is also set to 3042.Dq Li YES , 3043source-routed packets are forwarded. 3044.It Va accept_sourceroute 3045.Pq Vt bool 3046If set to 3047.Dq Li YES , 3048the system will accept source-routed packets directed at it. 3049.It Va rarpd_enable 3050.Pq Vt bool 3051If set to 3052.Dq Li YES , 3053run the 3054.Xr rarpd 8 3055daemon at system boot time. 3056.It Va rarpd_flags 3057.Pq Vt str 3058If 3059.Va rarpd_enable 3060is set to 3061.Dq Li YES , 3062these are the flags to pass to the 3063.Xr rarpd 8 3064daemon. 3065.It Va bootparamd_enable 3066.Pq Vt bool 3067If set to 3068.Dq Li YES , 3069run the 3070.Xr bootparamd 8 3071daemon at system boot time. 3072.It Va bootparamd_flags 3073.Pq Vt str 3074If 3075.Va bootparamd_enable 3076is set to 3077.Dq Li YES , 3078these are the flags to pass to the 3079.Xr bootparamd 8 3080daemon. 3081.It Va stf_interface_ipv4addr 3082.Pq Vt str 3083If not set to 3084.Dq Li NO , 3085this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3086interface). 3087Specify this entry to enable the 6to4 interface. 3088.It Va stf_interface_ipv4plen 3089.Pq Vt int 3090Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3091An effective value is 0-31. 3092.It Va stf_interface_ipv6_ifid 3093.Pq Vt str 3094IPv6 interface ID for 3095.Xr stf 4 . 3096This can be set to 3097.Dq Li AUTO . 3098.It Va stf_interface_ipv6_slaid 3099.Pq Vt str 3100IPv6 Site Level Aggregator for 3101.Xr stf 4 . 3102.It Va ipv6_ipv4mapping 3103.Pq Vt bool 3104If set to 3105.Dq Li YES 3106this enables IPv4 mapped IPv6 address communication (like 3107.Li ::ffff:a.b.c.d ) . 3108.It Va rtsold_enable 3109.Pq Vt bool 3110Set to 3111.Dq Li YES 3112to enable the 3113.Xr rtsold 8 3114daemon to send ICMPv6 Router Solicitation messages. 3115.It Va rtsold_flags 3116.Pq Vt str 3117If 3118.Va rtsold_enable 3119is set to 3120.Dq Li YES , 3121these are the flags to pass to 3122.Xr rtsold 8 . 3123.It Va rtsol_flags 3124.Pq Vt str 3125For interfaces configured with the 3126.Dq Li inet6 accept_rtadv 3127keyword, these are the flags to pass to 3128.Xr rtsol 8 . 3129.Pp 3130Note that 3131.Va rtsold_enable 3132is mutually exclusive to 3133.Va rtsol_flags ; 3134.Va rtsold_enable 3135takes precedence. 3136.It Va keybell 3137.Pq Vt str 3138The keyboard bell sound. 3139Set to 3140.Dq Li normal , 3141.Dq Li visual , 3142.Dq Li off , 3143or 3144.Dq Li NO 3145if the default behavior is desired. 3146For details, refer to the 3147.Xr kbdcontrol 1 3148manpage. 3149.It Va keyboard 3150.Pq Vt str 3151If set to a non-null string, the virtual console's keyboard input is 3152set to this device. 3153.It Va keymap 3154.Pq Vt str 3155If set to 3156.Dq Li NO , 3157no keymap is installed, otherwise the value is used to install 3158the keymap file found in 3159.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3160(if using 3161.Xr syscons 4 ) or 3162.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3163(if using 3164.Xr vt 4 ) . 3165.It Va keyrate 3166.Pq Vt str 3167The keyboard repeat speed. 3168Set to 3169.Dq Li slow , 3170.Dq Li normal , 3171.Dq Li fast , 3172or 3173.Dq Li NO 3174if the default behavior is desired. 3175.It Va keychange 3176.Pq Vt str 3177If not set to 3178.Dq Li NO , 3179attempt to program the function keys with the value. 3180The value should 3181be a single string of the form: 3182.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3183.It Va cursor 3184.Pq Vt str 3185Can be set to the value of 3186.Dq Li normal , 3187.Dq Li blink , 3188.Dq Li destructive , 3189or 3190.Dq Li NO 3191to set the cursor behavior explicitly or choose the default behavior. 3192.It Va scrnmap 3193.Pq Vt str 3194If set to 3195.Dq Li NO , 3196no screen map is installed, otherwise the value is used to install 3197the screen map file in 3198.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3199This parameter is ignored when using 3200.Xr vt 4 3201as the console driver. 3202.It Va font8x16 3203.Pq Vt str 3204If set to 3205.Dq Li NO , 3206the default 8x16 font value is used for screen size requests, otherwise 3207the value in 3208.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3209or 3210.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3211is used (depending on the console driver being used). 3212.It Va font8x14 3213.Pq Vt str 3214If set to 3215.Dq Li NO , 3216the default 8x14 font value is used for screen size requests, otherwise 3217the value in 3218.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3219or 3220.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3221is used (depending on the console driver being used). 3222.It Va font8x8 3223.Pq Vt str 3224If set to 3225.Dq Li NO , 3226the default 8x8 font value is used for screen size requests, otherwise 3227the value in 3228.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3229or 3230.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3231is used (depending on the console driver being used). 3232.It Va blanktime 3233.Pq Vt int 3234If set to 3235.Dq Li NO , 3236the default screen blanking interval is used, otherwise it is set 3237to 3238.Ar value 3239seconds. 3240.It Va saver 3241.Pq Vt str 3242If not set to 3243.Dq Li NO , 3244this is the actual screen saver to use 3245.Li ( blank , snake , daemon , 3246etc). 3247.It Va moused_nondefault_enable 3248.Pq Vt str 3249If set to 3250.Dq Li NO , 3251the mouse device specified on 3252the command line is not automatically treated as enabled by the 3253.Pa /etc/rc.d/moused 3254script. 3255Having this variable set to 3256.Dq Li YES 3257allows a 3258.Xr usb 4 3259mouse, 3260for example, 3261to be enabled as soon as it is plugged in. 3262.It Va moused_enable 3263.Pq Vt str 3264If set to 3265.Dq Li YES , 3266the 3267.Xr moused 8 3268daemon is started for doing cut/paste selection on the console. 3269.It Va moused_type 3270.Pq Vt str 3271This is the protocol type of the mouse connected to this host. 3272This variable must be set if 3273.Va moused_enable 3274is set to 3275.Dq Li YES . 3276The 3277.Xr moused 8 3278daemon 3279is able to detect the appropriate mouse type automatically in many cases. 3280Set this variable to 3281.Dq Li auto 3282to let the daemon detect it, or 3283select one from the following list if the automatic detection fails. 3284.Pp 3285If the mouse is attached to the PS/2 mouse port, choose 3286.Dq Li auto 3287or 3288.Dq Li ps/2 , 3289regardless of the brand and model of the mouse. 3290Likewise, if the 3291mouse is attached to the bus mouse port, choose 3292.Dq Li auto 3293or 3294.Dq Li busmouse . 3295All other protocols are for serial mice and will not work with 3296the PS/2 and bus mice. 3297If this is a USB mouse, 3298.Dq Li auto 3299is the only protocol type which will work. 3300.Pp 3301.Bl -tag -width ".Li x10mouseremote" -compact 3302.It Li microsoft 3303Microsoft mouse (serial) 3304.It Li intellimouse 3305Microsoft IntelliMouse (serial) 3306.It Li mousesystems 3307Mouse systems Corp.\& mouse (serial) 3308.It Li mmseries 3309MM Series mouse (serial) 3310.It Li logitech 3311Logitech mouse (serial) 3312.It Li busmouse 3313A bus mouse 3314.It Li mouseman 3315Logitech MouseMan and TrackMan (serial) 3316.It Li glidepoint 3317ALPS GlidePoint (serial) 3318.It Li thinkingmouse 3319Kensington ThinkingMouse (serial) 3320.It Li ps/2 3321PS/2 mouse 3322.It Li mmhittab 3323MM HitTablet (serial) 3324.It Li x10mouseremote 3325X10 MouseRemote (serial) 3326.It Li versapad 3327Interlink VersaPad (serial) 3328.El 3329.Pp 3330Even if the mouse is not in the above list, it may be compatible 3331with one in the list. 3332Refer to the manual page for 3333.Xr moused 8 3334for compatibility information. 3335.Pp 3336It should also be noted that while this is enabled, any 3337other client of the mouse (such as an X server) should access 3338the mouse through the virtual mouse device, 3339.Pa /dev/sysmouse , 3340and configure it as a 3341.Dq Li sysmouse 3342type mouse, since all 3343mouse data is converted to this single canonical format when 3344using 3345.Xr moused 8 . 3346If the client program does not support the 3347.Dq Li sysmouse 3348type, 3349specify the 3350.Dq Li mousesystems 3351type. 3352It is the second preferred type. 3353.It Va moused_port 3354.Pq Vt str 3355If 3356.Va moused_enable 3357is set to 3358.Dq Li YES , 3359this is the actual port the mouse is on. 3360It might be 3361.Pa /dev/cuau0 3362for a COM1 serial mouse, or 3363.Pa /dev/psm0 3364for a PS/2 mouse, for example. 3365.It Va moused_flags 3366.Pq Vt str 3367If 3368.Va moused_flags 3369is set, its value is used as an additional set of flags to pass to the 3370.Xr moused 8 3371daemon. 3372.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3373When 3374.Va moused_nondefault_enable 3375is enabled, and a 3376.Xr moused 8 3377daemon is started for a non-default port, the 3378.Va "moused_" Ns Ar XXX Ns Va "_flags" 3379set of options has precedence over and replaces the default 3380.Va moused_flags 3381(where 3382.Ar XXX 3383is the name of the non-default port, i.e.,\& 3384.Ar ums0 ) . 3385By setting 3386.Va "moused_" Ns Ar XXX Ns Va "_flags" 3387it is possible to set up a different set of default flags for each 3388.Xr moused 8 3389instance. 3390For example, you can use 3391.Dq Li "-3" 3392for the default 3393.Va moused_flags 3394to make your laptop's touchpad more comfortable to use, 3395but an empty set of options for 3396.Va moused_ums0_flags 3397when your 3398.Xr usb 4 3399mouse has three or more buttons. 3400.It Va mousechar_start 3401.Pq Vt int 3402If set to 3403.Dq Li NO , 3404the default mouse cursor character range 3405.Li 0xd0 Ns - Ns Li 0xd3 3406is used, 3407otherwise the range start is set 3408to 3409.Ar value 3410character, see 3411.Xr vidcontrol 1 . 3412Use if the default range is occupied in the language code table. 3413.It Va allscreens_flags 3414.Pq Vt str 3415If set, 3416.Xr vidcontrol 1 3417is run with these options for each of the virtual terminals 3418.Pq Pa /dev/ttyv* . 3419For example, 3420.Dq Fl m Cm on 3421will enable the mouse pointer on all virtual terminals 3422if 3423.Va moused_enable 3424is set to 3425.Dq Li YES . 3426.It Va allscreens_kbdflags 3427.Pq Vt str 3428If set, 3429.Xr kbdcontrol 1 3430is run with these options for each of the virtual terminals 3431.Pq Pa /dev/ttyv* . 3432For example, 3433.Dq Fl h Li 200 3434will set the 3435.Xr syscons 4 3436or 3437.Xr vt 4 3438scrollback (history) buffer to 200 lines. 3439.It Va cron_enable 3440.Pq Vt bool 3441If set to 3442.Dq Li YES , 3443run the 3444.Xr cron 8 3445daemon at system boot time. 3446.It Va cron_program 3447.Pq Vt str 3448Path to 3449.Xr cron 8 3450(default 3451.Pa /usr/sbin/cron ) . 3452.It Va cron_flags 3453.Pq Vt str 3454If 3455.Va cron_enable 3456is set to 3457.Dq Li YES , 3458these are the flags to pass to 3459.Xr cron 8 . 3460.It Va cron_dst 3461.Pq Vt bool 3462If set to 3463.Dq Li YES , 3464enable the special handling of transitions to and from the 3465Daylight Saving Time in 3466.Xr cron 8 3467(equivalent to using the flag 3468.Fl s ) . 3469.It Va lpd_program 3470.Pq Vt str 3471Path to 3472.Xr lpd 8 3473(default 3474.Pa /usr/sbin/lpd ) . 3475.It Va lpd_enable 3476.Pq Vt bool 3477If set to 3478.Dq Li YES , 3479run the 3480.Xr lpd 8 3481daemon at system boot time. 3482.It Va lpd_flags 3483.Pq Vt str 3484If 3485.Va lpd_enable 3486is set to 3487.Dq Li YES , 3488these are the flags to pass to the 3489.Xr lpd 8 3490daemon. 3491.It Va chkprintcap_enable 3492.Pq Vt bool 3493If set to 3494.Dq Li YES , 3495run the 3496.Xr chkprintcap 8 3497command before starting the 3498.Xr lpd 8 3499daemon. 3500.It Va chkprintcap_flags 3501.Pq Vt str 3502If 3503.Va lpd_enable 3504and 3505.Va chkprintcap_enable 3506are set to 3507.Dq Li YES , 3508these are the flags to pass to the 3509.Xr chkprintcap 8 3510program. 3511The default is 3512.Dq Li -d , 3513which causes missing directories to be created. 3514.It Va mta_start_script 3515.Pq Vt str 3516This variable specifies the full path to the script to run to start 3517a mail transfer agent. 3518The default is 3519.Pa /etc/rc.sendmail . 3520The 3521.Va sendmail_* 3522variables which 3523.Pa /etc/rc.sendmail 3524uses are documented in the 3525.Xr rc.sendmail 8 3526manual page. 3527.It Va dumpdev 3528.Pq Vt str 3529Indicates the device (usually a swap partition) to which a crash dump 3530should be written in the event of a system crash. 3531If the value of this variable is 3532.Dq Li AUTO , 3533the first suitable swap device listed in 3534.Pa /etc/fstab 3535will be used as dump device. 3536Otherwise, the value of this variable is passed as the argument to 3537.Xr dumpon 8 3538and 3539.Xr savecore 8 . 3540To disable crash dumps, set this variable to 3541.Dq Li NO . 3542.It Va dumpon_flags 3543.Pq Vt str 3544Flags to pass to 3545.Xr dumpon 8 3546when configuring 3547.Va dumpdev 3548as the system dump device. 3549.It Va dumpdir 3550.Pq Vt str 3551When the system reboots after a crash and a crash dump is found on the 3552device specified by the 3553.Va dumpdev 3554variable, 3555.Xr savecore 8 3556will save that crash dump and a copy of the kernel to the directory 3557specified by the 3558.Va dumpdir 3559variable. 3560The default value is 3561.Pa /var/crash . 3562Set to 3563.Dq Li NO 3564to not run 3565.Xr savecore 8 3566at boot time when 3567.Va dumpdir 3568is set. 3569.It Va savecore_enable 3570.Pq Vt bool 3571If set to 3572.Dq Li NO , 3573disable automatic extraction of the crash dump from the 3574.Va dumpdev . 3575.It Va savecore_flags 3576.Pq Vt str 3577If crash dumps are enabled, these are the flags to pass to the 3578.Xr savecore 8 3579utility. 3580.It Va quota_enable 3581.Pq Vt bool 3582Set to 3583.Dq Li YES 3584to turn on user and group disk quotas on system startup via the 3585.Xr quotaon 8 3586command for all file systems marked as having quotas enabled in 3587.Pa /etc/fstab . 3588The kernel must be built with 3589.Cd "options QUOTA" 3590for disk quotas to function. 3591.It Va check_quotas 3592.Pq Vt bool 3593Set to 3594.Dq Li YES 3595to enable user and group disk quota checking via the 3596.Xr quotacheck 8 3597command. 3598.It Va quotacheck_flags 3599.Pq Vt str 3600If 3601.Va quota_enable 3602is set to 3603.Dq Li YES , 3604and 3605.Va check_quotas 3606is set to 3607.Dq Li YES , 3608these are the flags to pass to the 3609.Xr quotacheck 8 3610utility. 3611The default is 3612.Dq Li "-a" , 3613which checks quotas for all file systems with quotas enabled in 3614.Pa /etc/fstab . 3615.It Va quotaon_flags 3616.Pq Vt str 3617If 3618.Va quota_enable 3619is set to 3620.Dq Li YES , 3621these are the flags to pass to the 3622.Xr quotaon 8 3623utility. 3624The default is 3625.Dq Li "-a" , 3626which enables quotas for all file systems with quotas enabled in 3627.Pa /etc/fstab . 3628.It Va quotaoff_flags 3629.Pq Vt str 3630If 3631.Va quota_enable 3632is set to 3633.Dq Li YES , 3634these are the flags to pass to the 3635.Xr quotaoff 8 3636utility when shutting down the quota system. 3637The default is 3638.Dq Li "-a" , 3639which disables quotas for all file systems with quotas enabled in 3640.Pa /etc/fstab . 3641.It Va accounting_enable 3642.Pq Vt bool 3643Set to 3644.Dq Li YES 3645to enable system accounting through the 3646.Xr accton 8 3647facility. 3648.It Va firstboot_sentinel 3649.Pq Vt str 3650This variable specifies the full path to a 3651.Dq first boot 3652sentinel file. 3653If a file exists with this path, 3654.Pa rc.d 3655scripts with the 3656.Dq firstboot 3657keyword will be run on startup and the sentinel file will be deleted 3658after the boot process completes. 3659The sentinel file must be located on a writable file system which is 3660mounted no later than 3661.Va early_late_divider 3662to function properly. 3663The default is 3664.Pa /firstboot . 3665.It Va linux_enable 3666.Pq Vt bool 3667Set to 3668.Dq Li YES 3669to enable Linux/ELF binary emulation at system initial 3670boot time. 3671.It Va sysvipc_enable 3672.Pq Vt bool 3673If set to 3674.Dq Li YES , 3675load System V IPC primitives at boot time. 3676.It Va clear_tmp_enable 3677.Pq Vt bool 3678Set to 3679.Dq Li YES 3680to have 3681.Pa /tmp 3682cleaned at startup. 3683.It Va clear_tmp_X 3684.Pq Vt bool 3685Set to 3686.Dq Li NO 3687to disable removing of X11 lock files, 3688and the removal and (secure) recreation 3689of the various socket directories for X11 3690related programs. 3691.It Va ldconfig_paths 3692.Pq Vt str 3693Set to the list of shared library paths to use with 3694.Xr ldconfig 8 . 3695NOTE: 3696.Pa /lib 3697and 3698.Pa /usr/lib 3699will always be added first, so they need not appear in this list. 3700.It Va ldconfig32_paths 3701.Pq Vt str 3702Set to the list of 32-bit compatibility shared library paths to 3703use with 3704.Xr ldconfig 8 . 3705.It Va ldconfig_insecure 3706.Pq Vt bool 3707The 3708.Xr ldconfig 8 3709utility normally refuses to use directories 3710which are writable by anyone except root. 3711Set this variable to 3712.Dq Li YES 3713to disable that security check during system startup. 3714.It Va ldconfig_local_dirs 3715.Pq Vt str 3716Set to the list of local 3717.Xr ldconfig 8 3718directories. 3719The names of all files in the directories listed will be 3720passed as arguments to 3721.Xr ldconfig 8 . 3722.It Va ldconfig_local32_dirs 3723.Pq Vt str 3724Set to the list of local 32-bit compatibility 3725.Xr ldconfig 8 3726directories. 3727The names of all files in the directories listed will be 3728passed as arguments to 3729.Dq Nm ldconfig Fl 32 . 3730.It Va kern_securelevel_enable 3731.Pq Vt bool 3732Set to 3733.Dq Li YES 3734to set the kernel security level at system startup. 3735.It Va kern_securelevel 3736.Pq Vt int 3737The kernel security level to set at startup. 3738The allowed range of 3739.Ar value 3740ranges from \-1 (the compile time default) to 3 (the 3741most secure). 3742See 3743.Xr security 7 3744for the list of possible security levels and their effect 3745on system operation. 3746.It Va sshd_program 3747.Pq Vt str 3748Path to the SSH server program 3749.Pa ( /usr/sbin/sshd 3750is the default). 3751.It Va sshd_enable 3752.Pq Vt bool 3753Set to 3754.Dq Li YES 3755to start 3756.Xr sshd 8 3757at system boot time. 3758.It Va sshd_flags 3759.Pq Vt str 3760If 3761.Va sshd_enable 3762is set to 3763.Dq Li YES , 3764these are the flags to pass to the 3765.Xr sshd 8 3766daemon. 3767.It Va ftpd_program 3768.Pq Vt str 3769Path to the FTP server program 3770.Pa ( /usr/libexec/ftpd 3771is the default). 3772.It Va ftpd_enable 3773.Pq Vt bool 3774Set to 3775.Dq Li YES 3776to start 3777.Xr ftpd 8 3778as a stand-alone daemon at system boot time. 3779.It Va ftpd_flags 3780.Pq Vt str 3781If 3782.Va ftpd_enable 3783is set to 3784.Dq Li YES , 3785these are the additional flags to pass to the 3786.Xr ftpd 8 3787daemon. 3788.It Va watchdogd_enable 3789.Pq Vt bool 3790If set to 3791.Dq Li YES , 3792start the 3793.Xr watchdogd 8 3794daemon at boot time. 3795This requires that the kernel have been compiled with a 3796.Xr watchdog 4 3797compatible device. 3798.It Va watchdogd_flags 3799.Pq Vt str 3800If 3801.Va watchdogd_enable 3802is set to 3803.Dq Li YES , 3804these are the flags passed to the 3805.Xr watchdogd 8 3806daemon. 3807.It Va watchdogd_timeout 3808.Pq Vt int 3809If 3810.Va watchdogd_enable 3811is set to 3812.Dq Li YES , 3813this is a timeout that will be used by the 3814.Xr watchdogd 8 3815daemon. 3816If this option is set, it overrides 3817.Fl t 3818in 3819.Va watchdogd_flags . 3820.It Va watchdogd_shutdown_timeout 3821.Pq Vt int 3822If 3823.Va watchdogd_enable 3824is set to 3825.Dq Li YES , 3826this is a timeout that will be set by the 3827.Xr watchdogd 8 3828daemon when it exits during the system shutdown. 3829This timeout will not be set when returning to the single-user mode 3830or when the watchdogd service is stopped individually using the 3831.Xr service 8 3832command or the rc.d script. 3833Note that the timeout will be applied if 3834.Xr watchdogd 8 3835is stopped outside of 3836.Xr rc 8 3837framework. 3838If this option is set, it overrides 3839.Fl x 3840in 3841.Va watchdogd_flags . 3842.It Va devfs_rulesets 3843.Pq Vt str 3844List of files containing sets of rules for 3845.Xr devfs 8 . 3846.It Va devfs_system_ruleset 3847.Pq Vt str 3848Rule name(s) to apply to the system 3849.Pa /dev 3850itself. 3851.It Va devfs_set_rulesets 3852.Pq Vt str 3853Pairs of already-mounted 3854.Pa dev 3855directories and rulesets that should be applied to them. 3856For example: /mount/dev=ruleset_name 3857.It Va devfs_load_rulesets 3858.Pq Vt bool 3859If set, always load the default rulesets listed in 3860.Va devfs_rulesets . 3861.It Va performance_cx_lowest 3862.Pq Vt str 3863CPU idle state to use while on AC power. 3864The string 3865.Dq Li LOW 3866indicates that 3867.Xr acpi 4 3868should use the lowest power state available while 3869.Dq Li HIGH 3870indicates that the lowest latency state (less power savings) should be used. 3871.It Va performance_cpu_freq 3872.Pq Vt str 3873CPU clock frequency to use while on AC power. 3874The string 3875.Dq Li LOW 3876indicates that 3877.Xr cpufreq 4 3878should use the lowest frequency available while 3879.Dq Li HIGH 3880indicates that the highest frequency (less power savings) should be used. 3881.It Va economy_cx_lowest 3882.Pq Vt str 3883CPU idle state to use when off AC power. 3884The string 3885.Dq Li LOW 3886indicates that 3887.Xr acpi 4 3888should use the lowest power state available while 3889.Dq Li HIGH 3890indicates that the lowest latency state (less power savings) should be used. 3891.It Va economy_cpu_freq 3892.Pq Vt str 3893CPU clock frequency to use when off AC power. 3894The string 3895.Dq Li LOW 3896indicates that 3897.Xr cpufreq 4 3898should use the lowest frequency available while 3899.Dq Li HIGH 3900indicates that the highest frequency (less power savings) should be used. 3901.It Va jail_enable 3902.Pq Vt bool 3903If set to 3904.Dq Li NO , 3905any configured jails will not be started. 3906.It Va jail_conf 3907.Pq Vt str 3908The configuration filename used by 3909.Xr jail 8 3910utility. 3911The default value is 3912.Pa /etc/jail.conf . 3913.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3914and 3915.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3916will also be used if 3917.Va Ao Ar jname Ac Va 3918is set in 3919.Va jail_list . 3920.It Va jail_parallel_start 3921.Pq Vt bool 3922If set to 3923.Dq Li YES , 3924all configured jails will be started in the background (in parallel). 3925.It Va jail_flags 3926.Pq Vt str 3927Unset by default. 3928When set, use as default value for 3929.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3930for every jail in 3931.Va jail_list . 3932.It Va jail_list 3933.Pq Vt str 3934A space-delimited list of jail names. 3935When left empty, all of the 3936.Xr jail 8 3937instances defined in the configuration file are started. 3938The names specified in this list control the jail startup order. 3939.Xr jail 8 3940instances missing from 3941.Va jail_list 3942must be started manually. 3943Note that a jail's 3944.Va depend 3945parameter in the configuration file may override this list. 3946.It Va jail_reverse_stop 3947.Pq Vt bool 3948When set to 3949.Dq Li YES , 3950all configured jails in 3951.Va jail_list 3952are stopped in reverse order. 3953.It Va jail_ Ns * variables 3954Note that older releases supported per-jail configuration via 3955.Nm 3956variables. 3957For example, 3958hostname of a jail named 3959.Li vjail 3960was able to be set by 3961.Li jail_vjail_hostname . 3962These per-jail configuration variables are now obsolete in favor of 3963.Xr jail 8 3964configuration file. 3965For backward compatibility, 3966when per-jail configuration variables are defined, 3967.Xr jail 8 3968configuration files are created as 3969.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3970and used. 3971.Pp 3972The following per-jail parameters are handled by 3973.Pa rc.d/jail 3974script out of their corresponding 3975.Nm 3976variables. 3977In addition to them, parameters in 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3979will be added to the configuration file. 3980They must be a semi-colon 3981.Pq Ql \&; 3982delimited list of 3983.Dq key=value . 3984For more details, 3985see 3986.Xr jail 8 3987manual page. 3988.Bl -tag -width "host.hostname" -offset indent 3989.It Li path 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3992.It Li host.hostname 3993set from 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3995.It Li exec.consolelog 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3998The default value is 3999.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4000.It Li interface 4001set from 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4003.It Li vnet.interface 4004set from 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4006This implies 4007.Li vnet 4008parameter will be enabled and cannot be specified with 4009.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4010.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4011and/or 4012.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4013at the same time. 4014.It Li fstab 4015set from 4016.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4017.It Li mount 4018set from 4019.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4020.It Li exec.fib 4021set from 4022.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4023.It Li exec.start 4024set from 4025.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4026The parameter name was 4027.Li command 4028in some older releases. 4029.It Li exec.prestart 4030set from 4031.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4032.It Li exec.poststart 4033set from 4034.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4035.It Li exec.stop 4036set from 4037.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4038.It Li exec.prestop 4039set from 4040.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4041.It Li exec.poststop 4042set from 4043.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4044.It Li ip4.addr 4045set if 4046.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4047or 4048.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4049contain IPv4 addresses 4050.It Li ip6.addr 4051set if 4052.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4053or 4054.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4055contain IPv6 addresses 4056.It Li allow.mount 4057set from 4058.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4059.It Li mount.devfs 4060set from 4061.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4062.It Li devfs_ruleset 4063set from 4064.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4065This must be an integer, 4066not a string. 4067.It Li mount.fdescfs 4068set from 4069.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4070.It Li allow.set_hostname 4071set from 4072.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4073.It Li allow.rawsocket 4074set from 4075.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4076.It Li allow.sysvipc 4077set from 4078.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4079.El 4080.\" ----------------------------------------------------- 4081.It Va harvest_mask 4082.Pq Vt int 4083Set to a bit-mask 4084representing the entropy sources 4085you wish to harvest. 4086Refer to 4087.Xr random 4 4088for more information. 4089.It Va entropy_dir 4090.Pq Vt str 4091Set to 4092.Dq Li NO 4093to disable caching entropy via 4094.Xr cron 8 . 4095Otherwise set to the directory 4096in which the entropy files are stored. 4097To be useful, 4098there must be 4099a system cron job 4100that regularly writes and rotates 4101files here. 4102All files found 4103will be used at boot time. 4104The default is 4105.Pa /var/db/entropy . 4106.It Va entropy_file 4107.Pq Vt str 4108Set to 4109.Dq Li NO 4110to disable caching entropy through reboots. 4111Otherwise set to the name 4112of a file used to store cached entropy. 4113This file should be located 4114on a file system that is readable 4115before all the volumes specified in 4116.Xr fstab 5 4117are mounted. 4118By default, 4119.Pa /entropy 4120is used, 4121but if 4122.Pa /var/db/entropy-file 4123is found it will also be used. 4124This will be of some use to 4125.Xr bsdinstall 8 . 4126.It Va entropy_boot_file 4127.Pq Vt str 4128Set to 4129.Dq Li NO 4130to disable 4131very early caching entropy 4132through reboots. 4133Otherwise set to the filename 4134used to read 4135very early reboot cached entropy. 4136This file should be located where 4137.Xr loader 8 4138can read it. 4139See also 4140.Xr loader.conf 5 . 4141The default location is 4142.Pa /boot/entropy . 4143.It Va entropy_save_sz 4144.Pq Vt int 4145Size of the entropy cache files saved by 4146.Nm save-entropy 4147periodically. 4148.It Va entropy_save_num 4149.Pq Vt int 4150Number of entropy cache files to save by 4151.Nm save-entropy 4152periodically. 4153.It Va ipsec_enable 4154.Pq Vt bool 4155Set to 4156.Dq Li YES 4157to run 4158.Xr setkey 8 4159on 4160.Va ipsec_file 4161at boot time. 4162.It Va ipsec_file 4163.Pq Vt str 4164Configuration file for 4165.Xr setkey 8 . 4166.It Va dmesg_enable 4167.Pq Vt bool 4168Set to 4169.Dq Li YES 4170to save 4171.Xr dmesg 8 4172to 4173.Pa /var/run/dmesg.boot 4174on boot. 4175.It Va rcshutdown_timeout 4176.Pq Vt int 4177If set, start a watchdog timer in the background which will terminate 4178.Pa rc.shutdown 4179if 4180.Xr shutdown 8 4181has not completed within the specified time (in seconds). 4182Notice that in addition to this soft timeout, 4183.Xr init 8 4184also applies a hard timeout for the execution of 4185.Pa rc.shutdown . 4186This is configured via 4187.Xr sysctl 8 4188variable 4189.Va kern.init_shutdown_timeout 4190and defaults to 120 seconds. 4191Setting the value of 4192.Va rcshutdown_timeout 4193to more than 120 seconds will have no effect until the 4194.Xr sysctl 8 4195variable 4196.Va kern.init_shutdown_timeout 4197is also increased. 4198.It Va virecover_enable 4199.Pq Vt bool 4200Set to 4201.Dq Li NO 4202to prevent the system from trying to 4203recover pre-maturely terminated 4204.Xr vi 1 4205sessions. 4206.It Va ugidfw_enable 4207.Pq Vt bool 4208Set to 4209.Dq Li YES 4210to load the 4211.Xr mac_bsdextended 4 4212module upon system initialization and load a default 4213ruleset file. 4214.It Va bsdextended_script 4215.Pq Vt str 4216The default 4217.Xr mac_bsdextended 4 4218ruleset file to load. 4219The default value of this variable is 4220.Pa /etc/rc.bsdextended . 4221.It Va newsyslog_enable 4222.Pq Vt bool 4223If set to 4224.Dq Li YES , 4225run 4226.Xr newsyslog 8 4227command at startup. 4228.It Va newsyslog_flags 4229.Pq Vt str 4230If 4231.Va newsyslog_enable 4232is set to 4233.Dq Li YES , 4234these are the flags to pass to the 4235.Xr newsyslog 8 4236program. 4237The default is 4238.Dq Li -CN , 4239which causes log files flagged with a 4240.Cm C 4241to be created. 4242.It Va mdconfig_md Ns Aq Ar X 4243.Pq Vt str 4244Arguments to 4245.Xr mdconfig 8 4246for 4247.Xr md 4 4248device 4249.Ar X . 4250At minimum a 4251.Fl t Ar type 4252must be specified and either a 4253.Fl s Ar size 4254for malloc or swap backed 4255.Xr md 4 4256devices or a 4257.Fl f Ar file 4258for vnode backed 4259.Xr md 4 4260devices. 4261Note that 4262.Va mdconfig_md Ns Aq Ar X 4263variables are evaluated until one variable is unset or null. 4264.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4265.Pq Vt str 4266Optional arguments passed to 4267.Xr newfs 8 4268to initialize 4269.Xr md 4 4270device 4271.Ar X . 4272.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4273.Pq Vt str 4274An ownership specification passed to 4275.Xr chown 8 4276after the specified 4277.Xr md 4 4278device 4279.Ar X 4280has been mounted. 4281Both the 4282.Xr md 4 4283device and the mount point will be changed. 4284.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4285.Pq Vt str 4286A mode string passed to 4287.Xr chmod 1 4288after the specified 4289.Xr md 4 4290device 4291.Ar X 4292has been mounted. 4293Both the 4294.Xr md 4 4295device and the mount point will be changed. 4296.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4297.Pq Vt str 4298Files to be copied to the mount point of the 4299.Xr md 4 4300device 4301.Ar X 4302after it has been mounted. 4303.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4304.Pq Vt str 4305Command to execute after the specified 4306.Xr md 4 4307device 4308.Ar X 4309has been mounted. 4310Note that the command is passed to 4311.Ic eval 4312and that both 4313.Va _dev 4314and 4315.Va _mp 4316variables can be used to reference respectively the 4317.Xr md 4 4318device and the mount point. 4319Assuming that the 4320.Xr md 4 4321device is 4322.Li md0 , 4323one could set the following: 4324.Bd -literal 4325mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4326.Ed 4327.It Va autobridge_interfaces 4328.Pq Vt str 4329Set to the list of bridge interfaces that will have newly arriving interfaces 4330checked against to be automatically added. 4331If not set to 4332.Dq Li NO 4333then for each whitespace separated 4334.Ar element 4335in the value, a 4336.Va autobridge_ Ns Aq Ar element 4337variable is assumed to exist which has a whitespace separated list of interface 4338names to match, these names can use wildcards. 4339For example: 4340.Bd -literal 4341autobridge_interfaces="bridge0" 4342autobridge_bridge0="tap* dc0 vlan[345]" 4343.Ed 4344.It Va mixer_enable 4345.Pq Vt bool 4346If set to 4347.Dq Li YES , 4348enable support for sound mixer. 4349.It Va hcsecd_enable 4350.Pq Vt bool 4351If set to 4352.Dq Li YES , 4353enable Bluetooth security daemon. 4354.It Va hcsecd_config 4355.Pq Vt str 4356Configuration file for 4357.Xr hcsecd 8 . 4358Default 4359.Pa /etc/bluetooth/hcsecd.conf . 4360.It Va sdpd_enable 4361.Pq Vt bool 4362If set to 4363.Dq Li YES , 4364enable Bluetooth Service Discovery Protocol daemon. 4365.It Va sdpd_control 4366.Pq Vt str 4367Path to 4368.Xr sdpd 8 4369control socket. 4370Default 4371.Pa /var/run/sdp . 4372.It Va sdpd_groupname 4373.Pq Vt str 4374Sets 4375.Xr sdpd 8 4376group to run as after it initializes. 4377Default 4378.Dq Li nobody . 4379.It Va sdpd_username 4380.Pq Vt str 4381Sets 4382.Xr sdpd 8 4383user to run as after it initializes. 4384Default 4385.Dq Li nobody . 4386.It Va bthidd_enable 4387.Pq Vt bool 4388If set to 4389.Dq Li YES , 4390enable Bluetooth Human Interface Device daemon. 4391.It Va bthidd_config 4392.Pq Vt str 4393Configuration file for 4394.Xr bthidd 8 . 4395Default 4396.Pa /etc/bluetooth/bthidd.conf . 4397.It Va bthidd_hids 4398.Pq Vt str 4399Path to a file, where 4400.Xr bthidd 8 4401will store information about known HID devices. 4402Default 4403.Pa /var/db/bthidd.hids . 4404.It Va rfcomm_pppd_server_enable 4405.Pq Vt bool 4406If set to 4407.Dq Li YES , 4408enable Bluetooth RFCOMM PPP wrapper daemon. 4409.It Va rfcomm_pppd_server_profile 4410.Pq Vt str 4411The name of the profile to use from 4412.Pa /etc/ppp/ppp.conf . 4413Multiple profiles can be specified here. 4414Also used to specify per-profile overrides. 4415When the profile name contains any of the characters 4416.Dq Li .-/+ 4417they are translated to 4418.Dq Li _ 4419for the proposes of the override variable names. 4420.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4421.Pq Vt str 4422Overrides local address to listen on. 4423By default 4424.Xr rfcomm_pppd 8 4425will listen on 4426.Dq Li ANY 4427address. 4428The address can be specified as BD_ADDR or name. 4429.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4430.Pq Vt str 4431Overrides local RFCOMM channel to listen on. 4432By default 4433.Xr rfcomm_pppd 8 4434will listen on RFCOMM channel 1. 4435Must set properly if multiple profiles used in the same time. 4436.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4437.Pq Vt bool 4438Tells 4439.Xr rfcomm_pppd 8 4440if it should register Serial Port service on the specified RFCOMM channel. 4441Default 4442.Dq Li NO . 4443.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4444.Pq Vt bool 4445Tells 4446.Xr rfcomm_pppd 8 4447if it should register Dial-Up Networking service on the specified 4448RFCOMM channel. 4449Default 4450.Dq Li NO . 4451.It Va ubthidhci_enable 4452.Pq Vt bool 4453If set to 4454.Dq Li YES , 4455change the USB Bluetooth controller from HID mode to HCI mode. 4456You also need to specify the location of USB Bluetooth controller with the 4457.Va ubthidhci_busnum 4458and 4459.Va ubthidhci_addr 4460variables. 4461.It Va ubthidhci_busnum 4462Bus number where the USB Bluetooth controller is located. 4463Check the output of 4464.Xr usbconfig 8 4465on your system to find this information. 4466.It Va ubthidhci_addr 4467Bus address of the USB Bluetooth controller. 4468Check the output of 4469.Xr usbconfig 8 4470on your system to find this information. 4471.It Va netwait_enable 4472.Pq Vt bool 4473If set to 4474.Dq Li YES , 4475delays the start of network-reliant services until 4476.Va netwait_if 4477is up and ICMP packets to a destination defined in 4478.Va netwait_ip 4479are flowing. 4480Link state is examined first, followed by 4481.Dq Li pinging 4482an IP address to verify network usability. 4483If no destination can be reached or timeouts are exceeded, 4484network services are started anyway with no guarantee that 4485the network is usable. 4486Use of this variable requires both 4487.Va netwait_ip 4488and 4489.Va netwait_if 4490to be set. 4491.It Va netwait_ip 4492.Pq Vt str 4493Empty by default. 4494This variable contains a space-delimited list of IP addresses to 4495.Xr ping 8 . 4496DNS hostnames should not be used as resolution is not guaranteed 4497to be functional at this point. 4498If multiple IP addresses are specified, 4499each will be tried until one is successful or the list is exhausted. 4500.It Va netwait_timeout 4501.Pq Vt int 4502Indicates the total number of seconds to perform a 4503.Dq Li ping 4504against each IP address in 4505.Va netwait_ip , 4506at a rate of one ping per second. 4507If any of the pings are successful, 4508full network connectivity is considered reliable. 4509The default is 60. 4510.It Va netwait_if 4511.Pq Vt str 4512Empty by default. 4513Defines the name of the network interface on which watch for link. 4514.Xr ifconfig 8 4515is used to monitor the interface, looking for 4516.Dq Li status: no carrier . 4517Once gone, the link is considered up. 4518This can be a 4519.Xr vlan 4 4520interface if desired. 4521.It Va netwait_if_timeout 4522.Pq Vt int 4523Defines the total number of seconds to wait for link to become usable, 4524polled at a 1-second interval. 4525The default is 30. 4526.It Va rctl_enable 4527.Pq Vt bool 4528If set to 4529.Dq Li YES , 4530load 4531.Xr rctl 8 4532rules from the defined ruleset. 4533The kernel must be built with 4534.Cd "options RACCT" 4535and 4536.Cd "options RCTL" . 4537.It Va rctl_rules 4538.Pq Vt str 4539Set to 4540.Pa /etc/rctl.conf 4541by default. 4542This variables contains the 4543.Xr rctl.conf 5 4544ruleset to load for 4545.Xr rctl 8 . 4546.It Va iovctl_files 4547.Pq Vt str 4548A space-separated list of configuration files used by 4549.Xr iovctl 8 . 4550The default value is an empty string. 4551.It Va autofs_enable 4552.Pq Vt bool 4553If set to 4554.Dq Li YES , 4555start the 4556.Xr automount 8 4557utility and the 4558.Xr automountd 8 4559and 4560.Xr autounmountd 8 4561daemons at boot time. 4562.It Va automount_flags 4563.Pq Vt str 4564If 4565.Va autofs_enable 4566is set to 4567.Dq Li YES , 4568these are the flags to pass to the 4569.Xr automount 8 4570program. 4571By default no flags are passed. 4572.It Va automountd_flags 4573.Pq Vt str 4574If 4575.Va autofs_enable 4576is set to 4577.Dq Li YES , 4578these are the flags to pass to the 4579.Xr automountd 8 4580daemon. 4581By default no flags are passed. 4582.It Va autounmountd_flags 4583.Pq Vt str 4584If 4585.Va autofs_enable 4586is set to 4587.Dq Li YES , 4588these are the flags to pass to the 4589.Xr autounmountd 8 4590daemon. 4591By default no flags are passed. 4592.It Va ctld_enable 4593.Pq Vt bool 4594If set to 4595.Dq Li YES , 4596start the 4597.Xr ctld 8 4598daemon at boot time. 4599.It Va iscsid_enable 4600.Pq Vt bool 4601If set to 4602.Dq Li YES , 4603start the 4604.Xr iscsid 8 4605daemon at boot time. 4606.It Va iscsictl_enable 4607.Pq Vt bool 4608If set to 4609.Dq Li YES , 4610start the 4611.Xr iscsictl 8 4612utility at boot time. 4613.It Va iscsictl_flags 4614.Pq Vt str 4615If 4616.Va iscsictl_enable 4617is set to 4618.Dq Li YES , 4619these are the flags to pass to the 4620.Xr iscsictl 8 4621program. 4622The default is 4623.Dq Li -Aa , 4624which configures sessions based on the 4625.Pa /etc/iscsi.conf 4626configuration file. 4627.It Va cfumass_enable 4628.Pq Vt bool 4629If set to 4630.Dq Li YES , 4631create and export an USB LUN using 4632.Xr cfumass 4 4633at boot time. 4634.It Va cfumass_dir 4635.Pq Vt str 4636The directory where the files exported by USB LUN are located. 4637The default directory is 4638.Pa /var/cfumass . 4639.It Va service_delete_empty 4640.Pq Vt bool 4641If set to 4642.Dq Li YES , 4643.Ql Li service delete 4644removes empty 4645.Dq Li rc.conf.d 4646files. 4647.It Va zfs_bootonce_activate 4648.Pq Vt bool 4649If set to 4650.Dq Li YES , 4651and a boot environment marked bootonce is successfully booted, 4652it will be made permanently active. 4653.It Va zfskeys_enable 4654.Pq Vt bool 4655If set to 4656.Dq Li YES , 4657enable auto-loading of encryption keys for encrypted ZFS datasets. 4658For every dataset the script will first load the appropriate encryption key 4659and then attempt to unlock the dataset. 4660.Pp 4661The script operates only on datasets which are encrypted with 4662ZFS native encryption 4663and have a ZFS 4664.Dq Li keylocation 4665dataset property beginning with 4666.Dq Li file:// . 4667.It Va zfskeys_datasets 4668.Pq Vt str 4669A whitespace-separated list of ZFS datasets to unlock. 4670The list is empty by default, 4671which means that the script will attempt to unlock all datasets. 4672.It Va zfskeys_timeout 4673.Pq Vt int 4674Define the total number of seconds to wait for the zfskeys script 4675to unlock an encrypted dataset. 4676The default is 10. 4677.El 4678.Sh FILES 4679.Bl -tag -width "/etc/defaults/rc.conf" -compact 4680.It Pa /etc/defaults/rc.conf 4681.It Pa /etc/defaults/vendor.conf 4682.It Pa /etc/rc.conf 4683.It Pa /etc/rc.conf.local 4684.It Pa /etc/rc.conf.d/ 4685.El 4686.Sh SEE ALSO 4687.Xr chmod 1 , 4688.Xr gdb 1 , 4689.Xr info 1 , 4690.Xr kbdcontrol 1 , 4691.Xr limits 1 , 4692.Xr protect 1 , 4693.Xr sh 1 , 4694.Xr vi 1 , 4695.Xr vidcontrol 1 , 4696.Xr bridge 4 , 4697.Xr dummynet 4 , 4698.Xr ip 4 , 4699.Xr ipf 4 , 4700.Xr ipfw 4 , 4701.Xr ipnat 4 , 4702.Xr kld 4 , 4703.Xr pf 4 , 4704.Xr pflog 4 , 4705.Xr pfsync 4 , 4706.Xr tcp 4 , 4707.Xr udp 4 , 4708.Xr exports 5 , 4709.Xr fstab 5 , 4710.Xr ipf 5 , 4711.Xr ipnat 5 , 4712.Xr jail.conf 5 , 4713.Xr loader.conf 5 , 4714.Xr login.conf 5 , 4715.Xr motd 5 , 4716.Xr newsyslog.conf 5 , 4717.Xr pf.conf 5 , 4718.Xr firewall 7 , 4719.Xr growfs 7 , 4720.Xr security 7 , 4721.Xr tuning 7 , 4722.Xr accton 8 , 4723.Xr apm 8 , 4724.Xr bsdinstall 8 , 4725.Xr bthidd 8 , 4726.Xr chkprintcap 8 , 4727.Xr chown 8 , 4728.Xr cron 8 , 4729.Xr devfs 8 , 4730.Xr dhclient 8 , 4731.Xr ftpd 8 , 4732.Xr geli 8 , 4733.Xr hcsecd 8 , 4734.Xr ifconfig 8 , 4735.Xr inetd 8 , 4736.Xr iovctl 8 , 4737.Xr ipf 8 , 4738.Xr ipfw 8 , 4739.Xr ipnat 8 , 4740.Xr jail 8 , 4741.Xr kldxref 8 , 4742.Xr loader 8 , 4743.Xr lpd 8 , 4744.Xr makewhatis 8 , 4745.Xr mdconfig 8 , 4746.Xr mdmfs 8 , 4747.Xr mixer 8 , 4748.Xr mountd 8 , 4749.Xr moused 8 , 4750.Xr newfs 8 , 4751.Xr newsyslog 8 , 4752.Xr nfsd 8 , 4753.Xr ntpd 8 , 4754.Xr ntpdate 8 , 4755.Xr pfctl 8 , 4756.Xr pflogd 8 , 4757.Xr ping 8 , 4758.Xr powerd 8 , 4759.Xr quotacheck 8 , 4760.Xr quotaon 8 , 4761.Xr rc 8 , 4762.Xr rc.sendmail 8 , 4763.Xr rc.subr 8 , 4764.Xr rcorder 8 , 4765.Xr rfcomm_pppd 8 , 4766.Xr route 8 , 4767.Xr routed 8 , 4768.Xr rpc.lockd 8 , 4769.Xr rpc.statd 8 , 4770.Xr rpc.tlsclntd 8 , 4771.Xr rpc.tlsservd 8 , 4772.Xr rpcbind 8 , 4773.Xr rwhod 8 , 4774.Xr savecore 8 , 4775.Xr sdpd 8 , 4776.Xr service 8 , 4777.Xr sshd 8 , 4778.Xr swapon 8 , 4779.Xr sysctl 8 , 4780.Xr syslogd 8 , 4781.Xr sysrc 8 , 4782.Xr unbound 8 , 4783.Xr usbconfig 8 , 4784.Xr wlandebug 8 , 4785.Xr yp 8 , 4786.Xr ypbind 8 , 4787.Xr ypserv 8 , 4788.Xr ypset 8 4789.Sh HISTORY 4790The 4791.Nm 4792file appeared in 4793.Fx 2.2.2 . 4794.Sh AUTHORS 4795.An Jordan K. Hubbard . 4796