xref: /freebsd/share/man/man5/rc.conf.5 (revision 643ac419fafba89f5adda0e0ea75b538727453fb)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd July 7, 2022
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/defaults/vendor.conf
63allows vendors to override
64.Fx
65defaults.
66The file
67.Pa /etc/rc.conf.local
68is used to override settings in
69.Pa /etc/rc.conf
70for historical reasons.
71.Pp
72The sysrc(8) command provides a scripting interface to modify system
73config files.
74.Pp
75In addition to
76.Pa /etc/rc.conf.local
77you can also place smaller configuration files for each
78.Xr rc 8
79script in the
80.Pa /etc/rc.conf.d
81directory or
82.Ao Ar dir Ac Ns Pa /rc.conf.d
83directories specified in
84.Va local_startup ,
85which will be included by the
86.Va load_rc_config
87function.
88For jail configurations you could use the file
89.Pa /etc/rc.conf.d/jail
90to store jail-specific configuration options.
91If
92.Va local_startup
93contains
94.Pa /usr/local/etc/rc.d
95and
96.Pa /opt/conf ,
97.Pa /usr/local/etc/rc.conf.d/jail
98and
99.Pa /opt/conf/rc.conf.d/jail
100will be loaded.
101If
102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
103is a directory,
104all of files in the directory will be loaded.
105Also see the
106.Va rc_conf_files
107variable below.
108.Pp
109Options are set with
110.Dq Ar name Ns Li = Ns Ar value
111assignments that use
112.Xr sh 1
113syntax.
114The following list provides a name and short description for each
115variable that can be set in the
116.Nm
117file:
118.Bl -tag -width indent-two
119.It Va rc_debug
120.Pq Vt bool
121If set to
122.Dq Li YES ,
123enable output of debug messages from rc scripts.
124This variable can be helpful in diagnosing mistakes when
125editing or integrating new scripts.
126Beware that this produces copious output to the terminal and
127.Xr syslog 3 .
128.It Va rc_info
129.Pq Vt bool
130If set to
131.Dq Li NO ,
132disable informational messages from the rc scripts.
133Informational messages are displayed when
134a condition that is not serious enough to warrant a warning or
135an error occurs.
136.It Va rc_startmsgs
137.Pq Vt bool
138If set to
139.Dq Li YES ,
140show
141.Dq Starting foo:
142when faststart is used (e.g., at boot time).
143.It Va early_late_divider
144.Pq Vt str
145The name of the script that should be used as the
146delimiter between the
147.Dq early
148and
149.Dq late
150stages of the boot process.
151The early stage should contain all the services needed to
152get the disks (local or remote) mounted so that the late
153stage can include scripts contained in the directories
154listed in the
155.Va local_startup
156variable (see below).
157Thus, the two likely candidates for this value are
158.Pa mountcritlocal
159for the typical system, and
160.Pa mountcritremote
161if the system needs remote file
162systems mounted to get access to the
163.Va local_startup
164directories; for example when
165.Pa /usr/local
166is NFS mounted.
167For
168.Pa rc.conf
169within a
170.Xr jail 8
171.Pa NETWORKING
172is likely to be an appropriate value.
173Extreme care should be taken when changing this value,
174and before changing it one should ensure that there are
175adequate provisions to recover from a failed boot
176(such as physical contact with the machine,
177or reliable remote console access).
178.It Va always_force_depends
179.Pq Vt bool
180Various
181.Pa rc.d
182scripts use the force_depend function to check whether required
183services are already running, and to start them if necessary.
184By default during boot time this check is bypassed if the
185required service is enabled in
186.Pa /etc/rc.conf[.local] .
187Setting this option will bypass that check at boot time and
188always test whether or not the service is actually running.
189Enabling this option is likely to increase your boot time if
190services are enabled that utilize the force_depend check.
191.It Ao Ar name Ac Ns Va _chroot
192.Pq Vt str
193.Xr chroot 8
194to this directory before running the service.
195.It Ao Ar name Ac Ns Va _fib
196.Pq Vt int
197The
198.Xr setfib 1
199value to run the service under.
200.It Ao Ar name Ac Ns Va _group
201.Pq Vt str
202Run the chrooted service under this system group.
203Unlike the
204.Ao Ar name Ac Ns Va _user
205setting, this setting has no effect if the service is not chrooted.
206.It Ao Ar name Ac Ns Va _limits
207.Pq Vt str
208Resource limits to apply to the service using
209.Xr limits 1 .
210By default, resource limits are based on the login class defined in
211.Ao Ar name Ac Ns Va _login_class .
212.It Ao Ar name Ac Ns Va _login_class
213.Pq Vt str
214Login class to be used with
215.Ao Ar name Ac Ns Va _limits .
216Defaults to
217.Dq Li daemon .
218.It Ao Ar name Ac Ns Va _nice
219.Pq Vt int
220The
221.Xr nice 1
222value to run the service under.
223.It Ao Ar name Ac Ns Va _oomprotect
224.Pq Vt str
225Use
226.Xr protect 1
227to prevent the service from being killed when swap space
228is exhausted.
229Use
230.Dq Li YES
231to protect only the service itself, and
232.Dq Li ALL
233to protect the service and all its child processes.
234.Pp
235Please note that rc scripts which redefine
236.Dl ${argument}_cmd
237.Pq see Xr rc.subr 8
238such as PostgreSQL will not inherit the OOM killer protection.
239.Pp
240This variable has no effect on services running within a
241.Xr jail 8 .
242.It Ao Ar name Ac Ns Va _user
243.Pq Vt str
244Run the service under this user account.
245.It Va apm_enable
246.Pq Vt bool
247If set to
248.Dq Li YES ,
249enable support for Automatic Power Management with
250the
251.Xr apm 8
252command.
253.It Va apmd_enable
254.Pq Vt bool
255Run
256.Xr apmd 8
257to handle APM event from userland.
258This also enables support for APM.
259.It Va apmd_flags
260.Pq Vt str
261If
262.Va apmd_enable
263is set to
264.Dq Li YES ,
265these are the flags to pass to the
266.Xr apmd 8
267daemon.
268.It Va devd_enable
269.Pq Vt bool
270Run
271.Xr devd 8
272to handle device added, removed or unknown events from the kernel.
273.It Va ddb_enable
274.Pq Vt bool
275Run
276.Xr ddb 8
277to install
278.Xr ddb 4
279scripts at boot time.
280.It Va ddb_config
281.Pq Vt str
282Configuration file for
283.Xr ddb 8 .
284Default
285.Pa /etc/ddb.conf .
286.It Va devmatch_enable
287.Pq Vt bool
288If set to
289.Dq Li NO ,
290disable auto-loading of kernel modules with
291.Xr devmatch 8 .
292.It Va devmatch_blocklist
293.Pq Vt str
294A whitespace-separated list of kernel modules to be ignored by
295.Xr devmatch 8 .
296In addition, the
297.Xr kenv 1
298.Va devmatch_blocklist
299is appended to this variable to allow disabling of
300.Xr devmatch 8
301loaded modules from the boot loader.
302.It Va devmatch_blacklist
303.Pq Vt str
304This variable is deprecated.
305Use
306.Va devmatch_blocklist
307instead.
308A whitespace-separated list of kernel modules to be ignored by
309.Xr devmatch 8 .
310.It Va kld_list
311.Pq Vt str
312A whitespace-separated list of kernel modules to load right after
313the local disks are mounted, without any
314.Pa .ko
315extension or path.
316Loading modules at this point in the boot process is
317much faster than doing it via
318.Pa /boot/loader.conf
319for those modules not necessary for mounting local disks.
320.It Va kldxref_enable
321.Pq Vt bool
322Set to
323.Dq Li NO
324by default.
325Set to
326.Dq Li YES
327to automatically rebuild
328.Pa linker.hints
329files with
330.Xr kldxref 8
331at boot time.
332.It Va kldxref_clobber
333.Pq Vt bool
334Set to
335.Dq Li NO
336by default.
337If
338.Va kldxref_enable
339is true,
340setting to
341.Dq Li YES
342will overwrite existing
343.Pa linker.hints
344files at boot time.
345Otherwise,
346only missing
347.Pa linker.hints
348files are generated.
349.It Va kldxref_module_path
350.Pq Vt str
351Empty by default.
352A semi-colon
353.Pq Ql \&;
354delimited list of paths containing
355.Xr kld 4
356modules.
357If empty,
358the contents of the
359.Va kern.module_path
360.Xr sysctl 8
361are used.
362.It Va powerd_enable
363.Pq Vt bool
364If set to
365.Dq Li YES ,
366enable the system power control facility with the
367.Xr powerd 8
368daemon.
369.It Va powerd_flags
370.Pq Vt str
371If
372.Va powerd_enable
373is set to
374.Dq Li YES ,
375these are the flags to pass to the
376.Xr powerd 8
377daemon.
378.It Va tmpmfs
379Controls the creation of a
380.Pa /tmp
381memory file system.
382Always happens if set to
383.Dq Li YES
384and never happens if set to
385.Dq Li NO .
386If set to anything else, a memory file system is created if
387.Pa /tmp
388is not writable.
389.It Va tmpsize
390Controls the size of a created
391.Pa /tmp
392memory file system.
393.It Va tmpmfs_flags
394Extra options passed to the
395.Xr mdmfs 8
396utility when the memory file system for
397.Pa /tmp
398is created.
399The default is
400.Dq Li "-S" ,
401which inhibits the use of softupdates on
402.Pa /tmp
403so that file system space is freed without delay
404after file truncation or deletion.
405See
406.Xr mdmfs 8
407for other options you can use in
408.Va tmpmfs_flags .
409.It Va varmfs
410Controls the creation of a
411.Pa /var
412memory file system.
413Always happens if set to
414.Dq Li YES
415and never happens if set to
416.Dq Li NO .
417If set to anything else, a memory file system is created if
418.Pa /var
419is not writable.
420.It Va varsize
421Controls the size of a created
422.Pa /var
423memory file system.
424.It Va varmfs_flags
425Extra options passed to the
426.Xr mdmfs 8
427utility when the memory file system for
428.Pa /var
429is created.
430The default is
431.Dq Li "-S" ,
432which inhibits the use of softupdates on
433.Pa /var
434so that file system space is freed without delay
435after file truncation or deletion.
436See
437.Xr mdmfs 8
438for other options you can use in
439.Va varmfs_flags .
440.It Va populate_var
441Controls the automatic population of the
442.Pa /var
443file system.
444Always happens if set to
445.Dq Li YES
446and never happens if set to
447.Dq Li NO .
448If set to anything else, a memory file system is created if
449.Pa /var
450is not writable.
451Note that this process requires access to certain commands in
452.Pa /usr
453before
454.Pa /usr
455is mounted on normal systems.
456.It Va cleanvar_enable
457.Pq Vt bool
458Clean the
459.Pa /var
460directory.
461.It Va local_startup
462.Pq Vt str
463List of directories to search for startup script files.
464.It Va script_name_sep
465.Pq Vt str
466The field separator to use for breaking down the list of startup script files
467into individual filenames.
468The default is a space.
469It is not necessary to change this unless there are startup scripts with names
470containing spaces.
471.It Va hostapd_enable
472.Pq Vt bool
473Set to
474.Dq Li YES
475to start
476.Xr hostapd 8
477at system boot time.
478.It Va hostname
479.Pq Vt str
480The fully qualified domain name (FQDN) of this host on the network.
481This should almost certainly be set to something meaningful, even if
482there is no network connection.
483If
484.Xr dhclient 8
485is used to set the hostname via DHCP,
486this variable should be set to an empty string.
487Within a
488.Xr jail 8
489the hostname is generally already set and this variable may be absent.
490If this value remains unset when the system is done booting
491your console login will display the default hostname of
492.Dq Amnesiac .
493.It Va nisdomainname
494.Pq Vt str
495The NIS domain name of this host, or
496.Dq Li NO
497if NIS is not used.
498.It Va dhclient_program
499.Pq Vt str
500Path to the DHCP client program
501.Pa ( /sbin/dhclient ,
502the
503.Ox
504DHCP client,
505is the default).
506.It Va dhclient_flags
507.Pq Vt str
508Additional flags to pass to the DHCP client program.
509For the
510.Ox
511DHCP client, see the
512.Xr dhclient 8
513manpage for a description of the command line options available.
514.It Va dhclient_flags_ Ns Aq Ar iface
515Additional flags to pass to the DHCP client program running on
516.Ar iface
517only.
518When specified, this variable overrides
519.Va dhclient_flags .
520.It Va background_dhclient
521.Pq Vt bool
522Set to
523.Dq Li YES
524to start the DHCP client in background.
525This can cause trouble with applications depending on
526a working network, but it will provide a faster startup
527in many cases.
528.It Va background_dhclient_ Ns Aq Ar iface
529When specified, this variable overrides the
530.Va background_dhclient
531variable for interface
532.Ar iface
533only.
534.It Va synchronous_dhclient
535.Pq Vt bool
536Set to
537.Dq Li YES
538to start
539.Xr dhclient 8
540synchronously at startup.
541This behavior can be overridden on a per-interface basis by replacing
542the
543.Dq Li DHCP
544keyword in the
545.Va ifconfig_ Ns Aq Ar interface
546variable with
547.Dq Li SYNCDHCP
548or
549.Dq Li NOSYNCDHCP .
550.It Va defaultroute_delay
551.Pq Vt int
552When set to a positive value, wait up to this long after configuring
553DHCP interfaces at startup to give the interfaces time to receive a lease.
554.It Va firewall_enable
555.Pq Vt bool
556Set to
557.Dq Li YES
558to load firewall rules at startup.
559If the kernel was not built with
560.Cd "options IPFIREWALL" ,
561the
562.Pa ipfw.ko
563kernel module will be loaded.
564See also
565.Va ipfilter_enable .
566.It Va firewall_script
567.Pq Vt str
568This variable specifies the full path to the firewall script to run.
569The default is
570.Pa /etc/rc.firewall .
571.It Va firewall_type
572.Pq Vt str
573Names the firewall type from the selection in
574.Pa /etc/rc.firewall ,
575or the file which contains the local firewall ruleset.
576Valid selections from
577.Pa /etc/rc.firewall
578are:
579.Pp
580.Bl -tag -width ".Li workstation" -compact
581.It Li open
582unrestricted IP access
583.It Li closed
584all IP services disabled, except via
585.Dq Li lo0
586.It Li client
587basic protection for a workstation
588.It Li workstation
589basic protection for a workstation using stateful firewalling
590.It Li simple
591basic protection for a LAN.
592.El
593.Pp
594If a filename is specified, the full path
595must be given.
596.Pp
597Most of the predefined rulesets define additional configuration variables.
598These are documented in
599.Pa /etc/rc.firewall .
600.It Va firewall_quiet
601.Pq Vt bool
602Set to
603.Dq Li YES
604to disable the display of firewall rules on the console during boot.
605.It Va firewall_logging
606.Pq Vt bool
607Set to
608.Dq Li YES
609to enable firewall event logging.
610This is equivalent to the
611.Dv IPFIREWALL_VERBOSE
612kernel option.
613.It Va firewall_logif
614.Pq Vt bool
615Set to
616.Dq Li YES
617to create pseudo interface
618.Li ipfw0
619for logging.
620For more details, see
621.Xr ipfw 8
622manual page.
623.It Va firewall_flags
624.Pq Vt str
625Flags passed to
626.Xr ipfw 8
627if
628.Va firewall_type
629specifies a filename.
630.It Va firewall_coscripts
631.Pq Vt str
632List of executables and/or rc scripts to run after firewall starts/stops.
633Default is empty.
634.\" ----- firewall_nat_enable setting --------------------------------
635.It Va firewall_nat_enable
636.Pq Vt bool
637The
638.Xr ipfw 8
639equivalent of
640.Va natd_enable .
641Setting this to
642.Dq Li YES
643will automatically load the
644.Xr ipfw 8
645NAT kernel module if
646.Va firewall_enable
647is also set to
648.Dq Li YES .
649.It Va firewall_nat_interface
650.Pq Vt str
651The
652.Xr ipfw 8
653equivalent of
654.Va natd_interface .
655This is the name of the public interface or IP address on which
656kernel NAT should run.
657.It Va firewall_nat_flags
658.Pq Vt str
659Additional configuration parameters for kernel NAT should be placed here.
660.It Va firewall_nat64_enable
661.Pq Vt bool
662Setting this to
663.Dq Li YES
664will automatically load the
665.Xr ipfw 8
666NAT64 kernel module if
667.Va firewall_enable
668is also set to
669.Dq Li YES .
670.It Va firewall_nptv6_enable
671.Pq Vt bool
672Setting this to
673.Dq Li YES
674will automatically load the
675.Xr ipfw 8
676NPTv6 kernel module if
677.Va firewall_enable
678is also set to
679.Dq Li YES .
680.It Va firewall_pmod_enable
681.Pq Vt bool
682Setting this to
683.Dq Li YES
684will automatically load the
685.Xr ipfw 8
686pmod kernel module if
687.Va firewall_enable
688is also set to
689.Dq Li YES .
690.It Va dummynet_enable
691.Pq Vt bool
692Setting this to
693.Dq Li YES
694will automatically load the
695.Xr dummynet 4
696module if
697.Va firewall_enable
698is also set to
699.Dq Li YES .
700.\" -------------------------------------------------------------------
701.It Va ipfw_netflow_enable
702.Pq Vt bool
703Setting this to
704.Dq Li YES
705will enable netflow logging via
706.Xr ng_netflow 4
707.Pp
708By default a ipfw rule is inserted and all packets are duplicated with
709the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
710port using protocol version 5.
711.It Va ipfw_netflow_hook
712.Pq Vt int
713netflow hook name, must be numerical
714(default
715.Pa 9995 ) .
716.It Va ipfw_netflow_rule
717.Pq Vt int
718ipfw rule number
719(default
720.Pa 1000 ) .
721.It Va ipfw_netflow_ip
722.Pq Vt str
723Destination server ip for receiving netflow data
724(default
725.Pa 127.0.0.1 ) .
726.It Va ipfw_netflow_port
727.Pq Vt int
728Destination server port for receiving netflow data
729(default
730.Pa 9995 ) .
731.It Va ipfw_netflow_version
732.Pq Vt int
733Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
734.It Va ipfw_netflow_fib
735.Pq Vt int
736Only match packet in FIB
737.Pa ipfw_netflow_fib
738(default is undefined meaning all FIBs).
739.It Va natd_program
740.Pq Vt str
741Path to
742.Xr natd 8 .
743.It Va natd_enable
744.Pq Vt bool
745Set to
746.Dq Li YES
747to enable
748.Xr natd 8 .
749.Va firewall_enable
750must also be set to
751.Dq Li YES ,
752and
753.Xr divert 4
754sockets must be enabled in the kernel.
755If the kernel was not built with
756.Cd "options IPDIVERT" ,
757the
758.Pa ipdivert.ko
759kernel module will be loaded.
760.It Va natd_interface
761.Pq Vt str
762This is the name of the public interface on which
763.Xr natd 8
764should run.
765The interface may be given as an interface name or as an IP address.
766.It Va natd_flags
767.Pq Vt str
768Additional
769.Xr natd 8
770flags should be placed here.
771The
772.Fl n
773or
774.Fl a
775flag is automatically added with the above
776.Va natd_interface
777as an argument.
778.\" ----- ipfilter_enable setting --------------------------------
779.It Va ipfilter_enable
780.Pq Vt bool
781Set to
782.Dq Li NO
783by default.
784Setting this to
785.Dq Li YES
786enables
787.Xr ipf 8
788packet filtering.
789.Pp
790Typical usage will require putting
791.Bd -literal
792ipfilter_enable="YES"
793ipnat_enable="YES"
794ipmon_enable="YES"
795ipfs_enable="YES"
796.Ed
797.Pp
798into
799.Pa /etc/rc.conf
800and editing
801.Pa /etc/ipf.rules
802and
803.Pa /etc/ipnat.rules
804appropriately.
805.Pp
806Note that
807.Va ipfilter_enable
808and
809.Va ipnat_enable
810can be enabled independently.
811.Va ipmon_enable
812and
813.Va ipfs_enable
814both require at least one of
815.Va ipfilter_enable
816and
817.Va ipnat_enable
818to be enabled.
819.Pp
820Having
821.Bd -literal
822options IPFILTER
823options IPFILTER_LOG
824options IPFILTER_DEFAULT_BLOCK
825.Ed
826.Pp
827in the kernel configuration file is a good idea, too.
828.\" ----- ipfilter_program setting ------------------------------
829.It Va ipfilter_program
830.Pq Vt str
831Path to
832.Xr ipf 8
833(default
834.Pa /sbin/ipf ) .
835.\" ----- ipfilter_rules setting --------------------------------
836.It Va ipfilter_rules
837.Pq Vt str
838Set to
839.Pa /etc/ipf.rules
840by default.
841This variable contains the name of the filter rule definition file.
842The file is expected to be readable for the
843.Xr ipf 8
844command to execute.
845.\" ----- ipfilter_flags setting --------------------------------
846.It Va ipfilter_flags
847.Pq Vt str
848Empty by default.
849This variable contains flags passed to the
850.Xr ipf 8
851program.
852.\" ----- ipnat_enable setting ----------------------------------
853.It Va ipnat_enable
854.Pq Vt bool
855Set to
856.Dq Li NO
857by default.
858Set it to
859.Dq Li YES
860to enable
861.Xr ipnat 8
862network address translation.
863See
864.Va ipfilter_enable
865for a detailed discussion.
866.\" ----- ipnat_program setting ---------------------------------
867.It Va ipnat_program
868.Pq Vt str
869Path to
870.Xr ipnat 8
871(default
872.Pa /sbin/ipnat ) .
873.\" ----- ipnat_rules setting -----------------------------------
874.It Va ipnat_rules
875.Pq Vt str
876Set to
877.Pa /etc/ipnat.rules
878by default.
879This variable contains the name of the file
880holding the network address translation definition.
881This file is expected to be readable for the
882.Xr ipnat 8
883command to execute.
884.\" ----- ipnat_flags setting -----------------------------------
885.It Va ipnat_flags
886.Pq Vt str
887Empty by default.
888This variable contains flags passed to the
889.Xr ipnat 8
890program.
891.\" ----- ipmon_enable setting ----------------------------------
892.It Va ipmon_enable
893.Pq Vt bool
894Set to
895.Dq Li NO
896by default.
897Set it to
898.Dq Li YES
899to enable
900.Xr ipmon 8
901monitoring (logging
902.Xr ipf 8
903and
904.Xr ipnat 8
905events).
906Setting this variable needs setting
907.Va ipfilter_enable
908or
909.Va ipnat_enable
910too.
911See
912.Va ipfilter_enable
913for a detailed discussion.
914.\" ----- ipmon_program setting ---------------------------------
915.It Va ipmon_program
916.Pq Vt str
917Path to
918.Xr ipmon 8
919(default
920.Pa /sbin/ipmon ) .
921.\" ----- ipmon_flags setting -----------------------------------
922.It Va ipmon_flags
923.Pq Vt str
924Set to
925.Dq Li -Ds
926by default.
927This variable contains flags passed to the
928.Xr ipmon 8
929program.
930Another typical example would be
931.Dq Fl D Pa /var/log/ipflog
932to have
933.Xr ipmon 8
934log directly to a file bypassing
935.Xr syslogd 8 .
936Make sure to adjust
937.Pa /etc/newsyslog.conf
938in such case like this:
939.Bd -literal
940/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
941.Ed
942.\" ----- ipfs_enable setting -----------------------------------
943.It Va ipfs_enable
944.Pq Vt bool
945Set to
946.Dq Li NO
947by default.
948Set it to
949.Dq Li YES
950to enable
951.Xr ipfs 8
952saving the filter and NAT state tables during shutdown
953and reloading them during startup again.
954Setting this variable needs setting
955.Va ipfilter_enable
956or
957.Va ipnat_enable
958to
959.Dq Li YES
960too.
961See
962.Va ipfilter_enable
963for a detailed discussion.
964Note that if
965.Va kern_securelevel
966is set to 3,
967.Va ipfs_enable
968cannot be used
969because the raised securelevel will prevent
970.Xr ipfs 8
971from saving the state tables at shutdown time.
972.\" ----- ipfs_program setting ----------------------------------
973.It Va ipfs_program
974.Pq Vt str
975Path to
976.Xr ipfs 8
977(default
978.Pa /sbin/ipfs ) .
979.\" ----- ipfs_flags setting ------------------------------------
980.It Va ipfs_flags
981.Pq Vt str
982Empty by default.
983This variable contains flags passed to the
984.Xr ipfs 8
985program.
986.\" ----- end of added ipf hook ---------------------------------
987.It Va pf_enable
988.Pq Vt bool
989Set to
990.Dq Li NO
991by default.
992Setting this to
993.Dq Li YES
994enables
995.Xr pf 4
996packet filtering.
997.Pp
998Typical usage will require putting
999.Pp
1000.Dl pf_enable="YES"
1001.Pp
1002into
1003.Pa /etc/rc.conf
1004and editing
1005.Pa /etc/pf.conf
1006appropriately.
1007Adding
1008.Pp
1009.Dl "device pf"
1010.Pp
1011builds support for
1012.Xr pf 4
1013into the kernel, otherwise the
1014kernel module will be loaded.
1015.It Va pf_rules
1016.Pq Vt str
1017Path to
1018.Xr pf 4
1019ruleset configuration file
1020(default
1021.Pa /etc/pf.conf ) .
1022.It Va pf_program
1023.Pq Vt str
1024Path to
1025.Xr pfctl 8
1026(default
1027.Pa /sbin/pfctl ) .
1028.It Va pf_flags
1029.Pq Vt str
1030If
1031.Va pf_enable
1032is set to
1033.Dq Li YES ,
1034these flags are passed to the
1035.Xr pfctl 8
1036program when loading the ruleset.
1037.It Va pf_fallback_rules_enable
1038.Pq Vt bool
1039Set to
1040.Dq Li NO
1041by default.
1042Setting this to
1043.Dq Li YES
1044enables loading
1045.Va pf_fallback_rules_file
1046or
1047.Va pf_fallback_rules
1048in case of a problem when loading the ruleset in
1049.Va pf_rules .
1050.It Va pf_fallback_rules_file
1051.Pq Vt str
1052Path to a pf ruleset to load in case of failure when loading the
1053ruleset in
1054.Va pf_rules
1055(default
1056.Pa /etc/pf-fallback.conf ) .
1057.It Va pf_fallback_rules
1058.Pq Vt str
1059A pf ruleset to load in case of failure when loading the ruleset in
1060.Va pf_rules
1061and
1062.Va pf_fallback_rules_file
1063is not found.
1064Multiple rules can be set as follows:
1065.Bd -literal
1066pf_fallback_rules="\\
1067	block drop log all\\
1068	pass in quick on em0"
1069.Pp
1070.Ed
1071The default fallback rule is
1072.Dq block drop log all
1073.It Va pflog_enable
1074.Pq Vt bool
1075Set to
1076.Dq Li NO
1077by default.
1078Setting this to
1079.Dq Li YES
1080enables
1081.Xr pflogd 8
1082which logs packets from the
1083.Xr pf 4
1084packet filter.
1085.It Va pflog_logfile
1086.Pq Vt str
1087If
1088.Va pflog_enable
1089is set to
1090.Dq Li YES
1091this controls where
1092.Xr pflogd 8
1093stores the logfile
1094(default
1095.Pa /var/log/pflog ) .
1096Check
1097.Pa /etc/newsyslog.conf
1098to adjust logfile rotation for this.
1099.It Va pflog_program
1100.Pq Vt str
1101Path to
1102.Xr pflogd 8
1103(default
1104.Pa /sbin/pflogd ) .
1105.It Va pflog_flags
1106.Pq Vt str
1107Empty by default.
1108This variable contains additional flags passed to the
1109.Xr pflogd 8
1110program.
1111.It Va pflog_instances
1112.Pq Vt str
1113If logging to more than one
1114.Xr pflog 4
1115interface is desired,
1116.Va pflog_instances
1117is set to the list of
1118.Xr pflogd 8
1119instances that should be started at system boot time.
1120If
1121.Va pflog_instances
1122is set, for each whitespace-separated
1123.Ar element
1124in the list,
1125.Ao Ar element Ac Ns Va _dev
1126and
1127.Ao Ar element Ac Ns Va _logfile
1128elements are assumed to exist.
1129.Ao Ar element Ac Ns Va _dev
1130must contain the
1131.Xr pflog 4
1132interface to be watched by the named
1133.Xr pflogd 8
1134instance.
1135.Ao Ar element Ac Ns Va _logfile
1136must contain the name of the logfile that will be used by the
1137.Xr pflogd 8
1138instance.
1139.It Va ftpproxy_enable
1140.Pq Vt bool
1141Set to
1142.Dq Li NO
1143by default.
1144Setting this to
1145.Dq Li YES
1146enables
1147.Xr ftp-proxy 8
1148which supports the
1149.Xr pf 4
1150packet filter in translating ftp connections.
1151.It Va ftpproxy_flags
1152.Pq Vt str
1153Empty by default.
1154This variable contains additional flags passed to the
1155.Xr ftp-proxy 8
1156program.
1157.It Va ftpproxy_instances
1158.Pq Vt str
1159Empty by default.
1160If multiple instances of
1161.Xr ftp-proxy 8
1162are desired at boot time,
1163.Va ftpproxy_instances
1164should contain a whitespace-separated list of instance names.
1165For each
1166.Ar element
1167in the list, a variable named
1168.Ao Ar element Ac Ns Va _flags
1169should be defined, containing the command-line flags to be passed to the
1170.Xr ftp-proxy 8
1171instance.
1172.It Va pfsync_enable
1173.Pq Vt bool
1174Set to
1175.Dq Li NO
1176by default.
1177Setting this to
1178.Dq Li YES
1179enables exposing
1180.Xr pf 4
1181state changes to other hosts over the network by means of
1182.Xr pfsync 4 .
1183The
1184.Va pfsync_syncdev
1185variable
1186must also be set then.
1187.It Va pfsync_syncdev
1188.Pq Vt str
1189Empty by default.
1190This variable specifies the name of the network interface
1191.Xr pfsync 4
1192should operate through.
1193It must be set accordingly if
1194.Va pfsync_enable
1195is set to
1196.Dq Li YES .
1197.It Va pfsync_syncpeer
1198.Pq Vt str
1199Empty by default.
1200This variable is optional.
1201By default, state change messages are sent out on the synchronisation
1202interface using IP multicast packets.
1203The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1204224.0.0.240.
1205When a peer address is specified using the
1206.Va pfsync_syncpeer
1207option, the peer address is used as a destination for the pfsync
1208traffic, and the traffic can then be protected using
1209.Xr ipsec 4 .
1210See the
1211.Xr pfsync 4
1212manpage for more details about using
1213.Xr ipsec 4
1214with
1215.Xr pfsync 4
1216interfaces.
1217.It Va pfsync_ifconfig
1218.Pq Vt str
1219Empty by default.
1220This variable can contain additional options to be passed to the
1221.Xr ifconfig 8
1222command used to set up
1223.Xr pfsync 4 .
1224.It Va tcp_extensions
1225.Pq Vt bool
1226Set to
1227.Dq Li YES
1228by default.
1229Setting this to
1230.Dq Li NO
1231disables certain TCP options as described by
1232.Rs
1233.%T "RFC 1323"
1234.Re
1235Setting this to
1236.Dq Li NO
1237might help remedy such problems with connections as randomly hanging
1238or other weird behavior.
1239Some network devices are known
1240to be broken with respect to these options.
1241.It Va log_in_vain
1242.Pq Vt int
1243Set to 0 by default.
1244The
1245.Xr sysctl 8
1246variables,
1247.Va net.inet.tcp.log_in_vain
1248and
1249.Va net.inet.udp.log_in_vain ,
1250as described in
1251.Xr tcp 4
1252and
1253.Xr udp 4 ,
1254are set to the given value.
1255.It Va tcp_keepalive
1256.Pq Vt bool
1257Set to
1258.Dq Li YES
1259by default.
1260Setting to
1261.Dq Li NO
1262will disable probing idle TCP connections to verify that the
1263peer is still up and reachable.
1264.It Va tcp_drop_synfin
1265.Pq Vt bool
1266Set to
1267.Dq Li NO
1268by default.
1269Setting to
1270.Dq Li YES
1271will cause the kernel to ignore TCP frames that have both
1272the SYN and FIN flags set.
1273This prevents OS fingerprinting, but may
1274break some legitimate applications.
1275.It Va icmp_drop_redirect
1276.Pq Vt bool
1277Set to
1278.Dq Li AUTO
1279by default.
1280This setting will be identical to
1281.Dq Li YES ,
1282if a dynamicrouting daemon is enabled, because redirect processing may
1283cause performance issues for large routing tables.
1284If no such service is enabled, this setting behaves like a
1285.Dq Li NO .
1286Setting to
1287.Dq Li YES
1288will cause the kernel to ignore ICMP REDIRECT packets.
1289Setting to
1290.Dq Li NO
1291will cause the kernel to process ICMP REDIRECT packets.
1292Refer to
1293.Xr icmp 4
1294for more information.
1295.It Va icmp_log_redirect
1296.Pq Vt bool
1297Set to
1298.Dq Li NO
1299by default.
1300Setting to
1301.Dq Li YES
1302will cause the kernel to log ICMP REDIRECT packets.
1303Note that
1304the log messages are not rate-limited, so this option should only be used
1305for troubleshooting networks.
1306Refer to
1307.Xr icmp 4
1308for more information.
1309.It Va icmp_bmcastecho
1310.Pq Vt bool
1311Set to
1312.Dq Li YES
1313to respond to broadcast or multicast ICMP ping packets.
1314Refer to
1315.Xr icmp 4
1316for more information.
1317.It Va ip_portrange_first
1318.Pq Vt int
1319If not set to
1320.Dq Li NO ,
1321this is the first port in the default portrange.
1322Refer to
1323.Xr ip 4
1324for more information.
1325.It Va ip_portrange_last
1326.Pq Vt int
1327If not set to
1328.Dq Li NO ,
1329this is the last port in the default portrange.
1330Refer to
1331.Xr ip 4
1332for more information.
1333.It Va network_interfaces
1334.Pq Vt str
1335Set to the list of network interfaces to configure on this host or
1336.Dq Li AUTO
1337(the default) for all current interfaces.
1338Setting the
1339.Va network_interfaces
1340variable to anything other than the default is deprecated.
1341Interfaces that the administrator wishes to store configuration for,
1342but not start at boot should be configured with the
1343.Dq Li NOAUTO
1344keyword in their
1345.Va ifconfig_ Ns Aq Ar interface
1346variables as described below.
1347.Pp
1348An
1349.Va ifconfig_ Ns Aq Ar interface
1350variable is also assumed to exist for each value of
1351.Ar interface .
1352When an interface name contains any of the characters
1353.Dq Li .-/+
1354they are translated to
1355.Dq Li _
1356before lookup.
1357The variable can contain arguments to
1358.Xr ifconfig 8 ,
1359as well as special case-insensitive keywords described below.
1360Such keywords are removed before passing the value to
1361.Xr ifconfig 8
1362while the order of the other arguments is preserved.
1363.Pp
1364It is possible to add IP alias entries using
1365.Xr ifconfig 8
1366syntax with the address family keyword such as
1367.Li inet .
1368Assuming that the interface in question was
1369.Li em0 ,
1370it might look something like this:
1371.Bd -literal
1372ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1373ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1374.Ed
1375.Pp
1376It also possible to configure multiple IP addresses in Classless
1377Inter-Domain Routing
1378.Pq CIDR
1379address notation,
1380whose each address component can be a range like
1381.Li inet 192.0.2.5-23/24
1382or
1383.Li inet6 2001:db8:1-f::1/64 .
1384This notation allows address and prefix length part only,
1385not the other address modifiers.
1386Note that the maximum number of the generated addresses from a range
1387specification is limited to an integer value specified in
1388.Va netif_ipexpand_max
1389in
1390.Nm
1391because a small typo can unexpectedly generate a large number of addresses.
1392The default value is
1393.Li 2048 .
1394It can be increased by adding the following line into
1395.Nm :
1396.Bd -literal
1397netif_ipexpand_max="4096"
1398.Ed
1399.Pp
1400In the case of
1401.Li 192.0.2.5-23/24 ,
1402the address 192.0.2.5 will be configured with the
1403netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1404the non-conflicting netmask /32 as explained in the
1405.Xr ifconfig 8
1406alias section.
1407Note that this special netmask handling is only for
1408.Li inet ,
1409not for the other address families such as
1410.Li inet6 .
1411.Pp
1412With the interface in question being
1413.Li em0 ,
1414an example could look like:
1415.Bd -literal
1416ifconfig_em0_alias2="inet 192.0.2.129/27"
1417ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1418.Ed
1419.Pp
1420and so on.
1421.Pp
1422Note that deprecated
1423.Va ipv4_addrs_ Ns Aq Ar interface
1424variable was supported for IPv4 CIDR address notation.
1425The
1426.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1427variable replaces it, though
1428.Va ipv4_addrs_ Ns Aq Ar interface
1429is still supported for backward compatibility.
1430.Pp
1431For each
1432.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1433entry with an address family keyword,
1434its contents are passed to
1435.Xr ifconfig 8 .
1436Execution stops at the first unsuccessful access, so if
1437something like this is present:
1438.Bd -literal
1439ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1440ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1441ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1442ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1443.Ed
1444.Pp
1445Then note that alias4 would
1446.Em not
1447be added since the search would
1448stop with the missing
1449.Dq Li alias3
1450entry.
1451Because of this difficult to manage behavior,
1452there is
1453.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1454variable, which has the same functionality as
1455.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1456and can have all of entries in a variable like the following:
1457.Bd -literal
1458ifconfig_em0_aliases="\\
1459	inet 127.0.0.251 netmask 0xffffffff \\
1460	inet 127.0.0.252 netmask 0xffffffff \\
1461	inet 127.0.0.253 netmask 0xffffffff \\
1462	inet 127.0.0.254 netmask 0xffffffff"
1463.Ed
1464.Pp
1465It also supports CIDR notation.
1466.Pp
1467If the
1468.Pa /etc/start_if . Ns Aq Ar interface
1469file is present, it is read and executed by the
1470.Xr sh 1
1471interpreter
1472before configuring the interface as specified in the
1473.Va ifconfig_ Ns Aq Ar interface
1474and
1475.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1476variables.
1477.Pp
1478If a
1479.Va vlans_ Ns Aq Ar interface
1480variable is set,
1481a
1482.Xr vlan 4
1483interface will be created for each item in the list with the
1484.Ar vlandev
1485argument set to
1486.Ar interface .
1487If a vlan interface's name is a number,
1488then that number is used as the vlan tag and the new vlan interface is
1489named
1490.Ar interface . Ns Ar tag .
1491Otherwise,
1492the vlan tag must be specified via a
1493.Va vlan
1494parameter in the
1495.Va create_args_ Ns Aq Ar interface
1496variable.
1497.Pp
1498To create a vlan device named
1499.Li em0.101
1500on
1501.Li em0
1502with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1503.Bd -literal
1504vlans_em0="101"
1505ifconfig_em0_101="inet 192.0.2.1/24"
1506.Ed
1507.Pp
1508To create a vlan device named
1509.Li myvlan
1510on
1511.Li em0
1512with the vlan tag 102:
1513.Bd -literal
1514vlans_em0="myvlan"
1515create_args_myvlan="vlan 102"
1516.Ed
1517.Pp
1518If a
1519.Va wlans_ Ns Aq Ar interface
1520variable is set,
1521an
1522.Xr wlan 4
1523interface will be created for each item in the list with the
1524.Ar wlandev
1525argument set to
1526.Ar interface .
1527Further wlan cloning arguments may be passed to the
1528.Xr ifconfig 8
1529.Cm create
1530command by setting the
1531.Va create_args_ Ns Aq Ar interface
1532variable.
1533One or more
1534.Xr wlan 4
1535devices must be created for each wireless devices as of
1536.Fx 8.0 .
1537Debugging flags for
1538.Xr wlan 4
1539devices as set by
1540.Xr wlandebug 8
1541may be specified with an
1542.Va wlandebug_ Ns Aq Ar interface
1543variable.
1544The contents of this variable will be passed directly to
1545.Xr wlandebug 8 .
1546.Pp
1547If the
1548.Va ifconfig_ Ns Aq Ar interface
1549contains the keyword
1550.Dq Li NOAUTO
1551then the interface will not be configured
1552at boot or by
1553.Pa /etc/pccard_ether
1554when
1555.Va network_interfaces
1556is set to
1557.Dq Li AUTO .
1558.Pp
1559It is possible to bring up an interface with DHCP by adding
1560.Dq Li DHCP
1561to the
1562.Va ifconfig_ Ns Aq Ar interface
1563variable.
1564For instance, to initialize the
1565.Li em0
1566device via DHCP,
1567it is possible to use something like:
1568.Bd -literal
1569ifconfig_em0="DHCP"
1570.Ed
1571.Pp
1572If you want to configure your wireless interface with
1573.Xr wpa_supplicant 8
1574for use with WPA, EAP/LEAP or WEP, you need to add
1575.Dq Li WPA
1576to the
1577.Va ifconfig_ Ns Aq Ar interface
1578variable.
1579.Pp
1580On the other hand, if you want to configure your wireless interface with
1581.Xr hostapd 8 ,
1582you need to add
1583.Dq Li HOSTAP
1584to the
1585.Va ifconfig_ Ns Aq Ar interface
1586variable.
1587.Xr hostapd 8
1588will use the settings from
1589.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1590.Pp
1591Finally, you can add
1592.Xr ifconfig 8
1593options in this variable, in addition to the
1594.Pa /etc/start_if . Ns Aq Ar interface
1595file.
1596For instance, to configure an
1597.Xr ath 4
1598wireless device in station mode with an address obtained
1599via DHCP, using WPA authentication and 802.11b mode, it is
1600possible to use something like:
1601.Bd -literal
1602wlans_ath0="wlan0"
1603ifconfig_wlan0="DHCP WPA mode 11b"
1604.Ed
1605.Pp
1606In addition to the
1607.Va ifconfig_ Ns Aq Ar interface
1608form, a fallback variable
1609.Va ifconfig_DEFAULT
1610may be configured.
1611It will be used for all interfaces with no
1612.Va ifconfig_ Ns Aq Ar interface
1613variable.
1614This is intended to replace the no longer supported
1615.Va pccard_ifconfig
1616variable.
1617.Pp
1618It is also possible to rename an interface by doing:
1619.Bd -literal
1620ifconfig_em0_name="net0"
1621ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1622.Ed
1623.It Va ipv6_enable
1624.Pq Vt bool
1625This variable is deprecated.
1626Use
1627.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1628and
1629.Va ipv6_activate_all_interfaces
1630if necessary.
1631.Pp
1632If the variable is
1633.Dq Li YES ,
1634.Dq Li inet6 accept_rtadv
1635is added to all of
1636.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1637and the
1638.Va ipv6_activate_all_interfaces
1639is defined as
1640.Dq Li YES .
1641.It Va ipv6_prefer
1642.Pq Vt bool
1643This variable is deprecated.
1644Use
1645.Va ip6addrctl_policy
1646instead.
1647.Pp
1648If the variable is
1649.Dq Li YES ,
1650the default address selection policy table set by
1651.Xr ip6addrctl 8
1652will be IPv6-preferred.
1653.Pp
1654If the variable is
1655.Dq Li NO ,
1656the default address selection policy table set by
1657.Xr ip6addrctl 8
1658will be IPv4-preferred.
1659.It Va ipv6_activate_all_interfaces
1660.Pq Vt bool
1661This controls initial configuration on IPv6-capable
1662interfaces with no corresponding
1663.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1664variable.
1665Note that it is not always necessary to set this variable to
1666.Dq YES
1667to use IPv6 functionality on
1668.Fx .
1669In most cases, just configuring
1670.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1671variables works.
1672.Pp
1673If the variable is
1674.Dq Li NO ,
1675all interfaces which do not have a corresponding
1676.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1677variable will be marked as
1678.Dq Li IFDISABLED
1679at creation.
1680This means that all of IPv6 functionality on that interface
1681is completely disabled to enforce a security policy.
1682If the variable is set to
1683.Dq YES ,
1684the flag will be cleared on all of the interfaces.
1685.Pp
1686In most cases, just defining an
1687.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1688for an IPv6-capable interface should be sufficient.
1689However, if an interface is added dynamically
1690.Pq by some tunneling protocols such as PPP, for example ,
1691it is often difficult to define the variable in advance.
1692In such a case, configuring the
1693.Dq Li IFDISABLED
1694flag can be disabled by setting this variable to
1695.Dq YES .
1696.Pp
1697For more details of the
1698.Dq Li IFDISABLED
1699flag and keywords
1700.Dq Li inet6 ifdisabled ,
1701see
1702.Xr ifconfig 8 .
1703.Pp
1704Default is
1705.Dq Li NO .
1706.It Va ipv6_privacy
1707.Pq Vt bool
1708If the variable is
1709.Dq Li YES
1710privacy addresses will be generated for each IPv6
1711interface as described in RFC 4941.
1712.It Va ipv6_network_interfaces
1713.Pq Vt str
1714This is the IPv6 equivalent of
1715.Va network_interfaces .
1716Normally manual configuration of this variable is not needed.
1717.It Va ipv6_cpe_wanif
1718.Pq Vt str
1719If the variable is set to an interface name,
1720the
1721.Xr ifconfig 8
1722options
1723.Dq inet6 -no_radr accept_rtadv
1724will be added to the specified interface automatically before evaluating
1725.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1726and two
1727.Xr sysctl 8
1728variables
1729.Va net.inet6.ip6.rfc6204w3
1730and
1731.Va net.inet6.ip6.no_radr
1732will be set to 1.
1733.Pp
1734This means the specified interface will accept ICMPv6 Router
1735Advertisement messages on that link and add the discovered
1736routers into the Default Router List.
1737While the other interfaces can still accept RA messages if the
1738.Dq inet6 accept_rtadv
1739option is specified, adding
1740routes into the Default Router List will be disabled by
1741.Dq inet6 no_radr
1742option by default.
1743See
1744.Xr ifconfig 8
1745for more details.
1746.Pp
1747Note that ICMPv6 Router Advertisement messages will be
1748accepted even when
1749.Va net.inet6.ip6.forwarding
1750is 1
1751.Pq packet forwarding is enabled
1752when
1753.Va net.inet6.ip6.rfc6204w3
1754is set to 1.
1755.Pp
1756Default is
1757.Dq Li NO .
1758.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1759.Pq Vt str
1760This assigns arbitrary description to an interface.
1761The
1762.Xr sysctl 8
1763variable
1764.Va net.ifdescr_maxlen
1765limits its length.
1766This static setting may be overridden by commands
1767started with dynamic interface configuration utilities
1768like
1769.Xr dhclient 8
1770hooks.
1771The description can be seen with
1772.Xr ifconfig 8
1773command and it may be exported with
1774.Xr bsnmpd 1
1775daemon using its MIB-2 module.
1776.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1777.Pq Vt str
1778IPv6 functionality on an interface should be configured by
1779.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1780instead of setting ifconfig parameters in
1781.Va ifconfig_ Ns Aq Ar interface .
1782If this variable is empty, all of IPv6 configurations on the
1783specified interface by other variables such as
1784.Va ipv6_prefix_ Ns Ao Ar interface Ac
1785will be ignored.
1786.Pp
1787Aliases should be set by
1788.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1789with
1790.Dq Li inet6
1791keyword.
1792For example:
1793.Bd -literal
1794ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1795ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1796.Ed
1797.Pp
1798Interfaces that have an
1799.Dq Li inet6 accept_rtadv
1800keyword in
1801.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1802setting will be automatically configured by SLAAC
1803.Pq StateLess Address AutoConfiguration
1804described in
1805.Rs
1806.%T "RFC 4862"
1807.Re
1808.Pp
1809Note that a link-local address will be automatically configured in
1810addition to the configured global-scope addresses because the IPv6
1811specifications require it on each link.
1812The address is calculated from the MAC address by using an algorithm
1813defined in
1814.Rs
1815.%T "RFC 4862"
1816.%O "Section 5.3"
1817.Re
1818.Pp
1819If only a link-local address is needed on the interface,
1820the following configuration can be used:
1821.Bd -literal
1822ifconfig_em0_ipv6="inet6 auto_linklocal"
1823.Ed
1824.Pp
1825A link-local address can also be configured manually.
1826This is useful for the default router address of an IPv6 router
1827so that it does not change when the network interface
1828card is replaced.
1829For example:
1830.Bd -literal
1831ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1832.Ed
1833.It Va ipv6_prefix_ Ns Aq Ar interface
1834.Pq Vt str
1835If one or more prefixes are defined in
1836.Va ipv6_prefix_ Ns Aq Ar interface
1837addresses based on each prefix and the EUI-64 interface index will be
1838configured on that interface.
1839Note that this variable will be ignored when
1840.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1841is empty.
1842.Pp
1843For example, the following configuration
1844.Bd -literal
1845ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1846.Ed
1847.Pp
1848is equivalent to the following:
1849.Bd -literal
1850ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1851ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1852ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1853ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1854.Ed
1855.Pp
1856These Subnet-Router anycast addresses will be added only when
1857.Va ipv6_gateway_enable
1858is YES.
1859.It Va ipv6_default_interface
1860.Pq Vt str
1861If not set to
1862.Dq Li NO ,
1863this is the default output interface for scoped addresses.
1864This works only with ipv6_gateway_enable="NO".
1865.It Va ip6addrctl_enable
1866.Pq Vt bool
1867This variable is to enable configuring default address selection policy table
1868.Pq RFC 3484 .
1869The table can be specified in another variable
1870.Va ip6addrctl_policy .
1871For
1872.Va ip6addrctl_policy
1873the following keywords can be specified:
1874.Dq Li ipv4_prefer ,
1875.Dq Li ipv6_prefer ,
1876or
1877.Dq Li AUTO .
1878.Pp
1879If
1880.Dq Li ipv4_prefer
1881or
1882.Dq Li ipv6_prefer
1883is specified,
1884.Xr ip6addrctl 8
1885installs a pre-defined policy table described in Section 10.3
1886.Pq IPv4-preferred
1887or 2.1
1888.Pq IPv6-preferred
1889of RFC 3484.
1890.Pp
1891If
1892.Dq Li AUTO
1893is specified, it attempts to read a file
1894.Pa /etc/ip6addrctl.conf
1895first.
1896If this file is found,
1897.Xr ip6addrctl 8
1898reads and installs it.
1899If not found, a policy is automatically set
1900according to
1901.Va ipv6_activate_all_interfaces
1902variable; if the variable is set to
1903.Dq Li YES
1904the IPv6-preferred one is used.
1905Otherwise IPv4-preferred.
1906.Pp
1907The default value of
1908.Va ip6addrctl_enable
1909and
1910.Va ip6addrctl_policy
1911are
1912.Dq Li YES
1913and
1914.Dq Li AUTO ,
1915respectively.
1916.It Va cloned_interfaces
1917.Pq Vt str
1918Set to the list of clonable network interfaces to create on this host.
1919Further cloning arguments may be passed to the
1920.Xr ifconfig 8
1921.Cm create
1922command for each interface by setting the
1923.Va create_args_ Ns Aq Ar interface
1924variable.
1925If an interface name is specified with
1926.Dq :sticky
1927keyword,
1928the interface will not be destroyed even when
1929.Pa rc.d/netif
1930script is invoked with
1931.Dq stop
1932argument.
1933This is useful when reconfiguring the interface without destroying it.
1934Entries in
1935.Va cloned_interfaces
1936are automatically appended to
1937.Va network_interfaces
1938for configuration.
1939.It Va cloned_interfaces_sticky
1940.Pq Vt bool
1941This variable is to globally enable functionality of
1942.Dq :sticky
1943keyword in
1944.Va cloned_interfaces
1945for all interfaces.
1946The default value is
1947.Dq NO .
1948Even if this variable is specified to
1949.Dq YES ,
1950.Dq :nosticky
1951keyword can be used to override it on per interface basis.
1952.It Va gif_interfaces
1953Set to the list of
1954.Xr gif 4
1955tunnel interfaces to configure on this host.
1956A
1957.Va gifconfig_ Ns Aq Ar interface
1958variable is assumed to exist for each value of
1959.Ar interface .
1960The value of this variable is used to configure the link layer of the
1961tunnel using the
1962.Cm tunnel
1963option to
1964.Xr ifconfig 8 .
1965Additionally, this option ensures that each listed interface is created
1966via the
1967.Cm create
1968option to
1969.Xr ifconfig 8
1970before attempting to configure it.
1971.Pp
1972For example, configure two
1973.Xr gif 4
1974interfaces with:
1975.Bd -literal
1976gif_interfaces="gif0 gif1"
1977gifconfig_gif0="100.64.0.1 100.64.0.2"
1978ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
1979gifconfig_gif1="inet6 2a00::1 2a01::1"
1980ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
1981.Ed
1982.It Va ppp_enable
1983.Pq Vt bool
1984If set to
1985.Dq Li YES ,
1986run the
1987.Xr ppp 8
1988daemon.
1989.It Va ppp_profile
1990.Pq Vt str
1991The name of the profile to use from
1992.Pa /etc/ppp/ppp.conf .
1993Also used for per-profile overrides of
1994.Va ppp_mode
1995and
1996.Va ppp_nat ,
1997and
1998.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1999When the profile name contains any of the characters
2000.Dq Li .-/+
2001they are translated to
2002.Dq Li _
2003for the proposes of the override variable names.
2004.It Va ppp_mode
2005.Pq Vt str
2006Mode in which to run the
2007.Xr ppp 8
2008daemon.
2009.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
2010.Pq Vt str
2011Overrides the global
2012.Va ppp_mode
2013for
2014.Ar profile .
2015Accepted modes are
2016.Dq Li auto ,
2017.Dq Li ddial ,
2018.Dq Li direct
2019and
2020.Dq Li dedicated .
2021See the manual for a full description.
2022.It Va ppp_nat
2023.Pq Vt bool
2024If set to
2025.Dq Li YES ,
2026enables network address translation.
2027Used in conjunction with
2028.Va gateway_enable
2029allows hosts on private network addresses access to the Internet using
2030this host as a network address translating router.
2031Default is
2032.Dq Li YES .
2033.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
2034.Pq Vt str
2035Overrides the global
2036.Va ppp_nat
2037for
2038.Ar profile .
2039.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
2040.Pq Vt int
2041Set the unit number to be used for this profile.
2042See the manual description of
2043.Fl unit Ns Ar N
2044for details.
2045.It Va ppp_user
2046.Pq Vt str
2047The name of the user under which
2048.Xr ppp 8
2049should be started.
2050By
2051default,
2052.Xr ppp 8
2053is started as
2054.Dq Li root .
2055.It Va rc_conf_files
2056.Pq Vt str
2057This option is used to specify a list of files that will override
2058the settings in
2059.Pa /etc/defaults/rc.conf .
2060The files will be read in the order in which they are specified and should
2061include the full path to the file.
2062By default, the files specified are
2063.Pa /etc/rc.conf
2064and
2065.Pa /etc/rc.conf.local
2066.It Va zfs_enable
2067.Pq Vt bool
2068If set to
2069.Dq Li YES ,
2070.Pa /etc/rc.d/zfs
2071will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2072(ZVOLs).
2073.It Va zpool_reguid
2074.Pq Vt str
2075A space-separated list of ZFS pool names for which new pool GUIDs should be
2076assigned upon first boot.
2077This is useful when using a ZFS pool copied from a template, such as a virtual
2078machine image.
2079.It Va gptboot_enable
2080.Pq Vt bool
2081If set to
2082.Dq Li YES ,
2083.Pa /etc/rc.d/gptboot
2084will log if the system successfully (or not) booted from a GPT partition,
2085which had the
2086.Ar bootonce
2087attribute set using
2088.Xr gpart 8
2089utility.
2090.It Va gbde_autoattach_all
2091.Pq Vt bool
2092If set to
2093.Dq Li YES ,
2094.Pa /etc/rc.d/gbde
2095will attempt to automatically initialize your .bde devices in
2096.Pa /etc/fstab .
2097.It Va gbde_devices
2098.Pq Vt str
2099List the devices that the script should try to attach,
2100or
2101.Dq Li AUTO .
2102.It Va gbde_lockdir
2103.Pq Vt str
2104The directory where the
2105.Xr gbde 4
2106lockfiles are located.
2107The default lockfile directory is
2108.Pa /etc .
2109.Pp
2110The lockfile for each individual
2111.Xr gbde 4
2112device can be overridden by setting the variable
2113.Va gbde_lock_ Ns Aq Ar device ,
2114where
2115.Ar device
2116is the encrypted device without the
2117.Dq Pa /dev/
2118and
2119.Dq Pa .bde
2120parts.
2121.It Va gbde_attach_attempts
2122.Pq Vt int
2123Number of times to attempt attaching to a
2124.Xr gbde 4
2125device, i.e., how many times the user is asked for the pass-phrase.
2126Default is 3.
2127.It Va geli_devices
2128.Pq Vt str
2129List of devices to automatically attach on boot.
2130Note that .eli devices from
2131.Pa /etc/fstab
2132are automatically appended to this list.
2133.It Va geli_groups
2134.Pq Vt str
2135List of groups containing devices to automatically attach on boot with the same
2136keyfiles and passphrase.
2137This must be accompanied with a corresponding
2138.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2139variable.
2140.It Va geli_tries
2141.Pq Vt int
2142Number of times user is asked for the pass-phrase.
2143If empty, it will be taken from
2144.Va kern.geom.eli.tries
2145sysctl variable.
2146.It Va geli_default_flags
2147.Pq Vt str
2148Default flags to use by
2149.Xr geli 8
2150when configuring disk encryption.
2151Flags can be configured for every device separately by defining the
2152.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2153variable, and for every group separately by defining the
2154.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2155variable.
2156.It Va geli_autodetach
2157.Pq Vt str
2158Specifies if GELI devices should be marked for detach on last close after
2159file systems are mounted.
2160Default is
2161.Dq Li YES .
2162This can be changed for every device separately by defining the
2163.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2164variable.
2165.It Va root_rw_mount
2166.Pq Vt bool
2167Set to
2168.Dq Li YES
2169by default.
2170After the file systems are checked at boot time, the root file system
2171is remounted as read-write if this is set to
2172.Dq Li YES .
2173Diskless systems that mount their root file system from a read-only remote
2174NFS share should set this to
2175.Dq Li NO
2176in their
2177.Pa rc.conf .
2178.It Va fsck_y_enable
2179.Pq Vt bool
2180If set to
2181.Dq Li YES ,
2182.Xr fsck 8
2183will be run with the
2184.Fl y
2185flag if the initial preen
2186of the file systems fails.
2187.It Va background_fsck
2188.Pq Vt bool
2189If set to
2190.Dq Li NO ,
2191the system will not attempt to run
2192.Xr fsck 8
2193in the background where possible.
2194.It Va background_fsck_delay
2195.Pq Vt int
2196The amount of time in seconds to sleep before starting a background
2197.Xr fsck 8 .
2198It defaults to sixty seconds to allow large applications such as
2199the X server to start before disk I/O bandwidth is monopolized by
2200.Xr fsck 8 .
2201If set to a negative number, the background file system check will be
2202delayed indefinitely to allow the administrator to run it at a more
2203convenient time.
2204For example it may be run from
2205.Xr cron 8
2206by adding a line like
2207.Pp
2208.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2209.Pp
2210to
2211.Pa /etc/crontab .
2212.It Va netfs_types
2213.Pq Vt str
2214List of file system types that are network-based.
2215This list should generally not be modified by end users.
2216Use
2217.Va extra_netfs_types
2218instead.
2219.It Va extra_netfs_types
2220.Pq Vt str
2221If set to something other than
2222.Dq Li NO
2223(the default),
2224this variable extends the list of file system types
2225for which automatic mounting at startup by
2226.Xr rc 8
2227should be delayed until the network is initialized.
2228It should contain
2229a whitespace-separated list of network file system descriptor pairs,
2230each consisting of a file system type as passed to
2231.Xr mount 8
2232and a human-readable, one-word description,
2233joined with a colon
2234.Pq Ql \&: .
2235Extending the default list in this way is only necessary
2236when third party file system types are used.
2237.It Va syslogd_enable
2238.Pq Vt bool
2239If set to
2240.Dq Li YES ,
2241run the
2242.Xr syslogd 8
2243daemon.
2244.It Va syslogd_program
2245.Pq Vt str
2246Path to
2247.Xr syslogd 8
2248(default
2249.Pa /usr/sbin/syslogd ) .
2250.It Va syslogd_flags
2251.Pq Vt str
2252If
2253.Va syslogd_enable
2254is set to
2255.Dq Li YES ,
2256these are the flags to pass to
2257.Xr syslogd 8 .
2258.It Va inetd_enable
2259.Pq Vt bool
2260If set to
2261.Dq Li YES ,
2262run the
2263.Xr inetd 8
2264daemon.
2265.It Va inetd_program
2266.Pq Vt str
2267Path to
2268.Xr inetd 8
2269(default
2270.Pa /usr/sbin/inetd ) .
2271.It Va inetd_flags
2272.Pq Vt str
2273If
2274.Va inetd_enable
2275is set to
2276.Dq Li YES ,
2277these are the flags to pass to
2278.Xr inetd 8 .
2279.It Va hastd_enable
2280.Pq Vt bool
2281If set to
2282.Dq Li YES ,
2283run the
2284.Xr hastd 8
2285daemon.
2286.It Va hastd_program
2287.Pq Vt str
2288Path to
2289.Xr hastd 8
2290(default
2291.Pa /sbin/hastd ) .
2292.It Va hastd_flags
2293.Pq Vt str
2294If
2295.Va hastd_enable
2296is set to
2297.Dq Li YES ,
2298these are the flags to pass to
2299.Xr hastd 8 .
2300.It Va local_unbound_enable
2301.Pq Vt bool
2302If set to
2303.Dq Li YES ,
2304run the
2305.Xr unbound 8
2306daemon as a local caching resolver.
2307.It Va kdc_enable
2308.Pq Vt bool
2309Set to
2310.Dq Li YES
2311to start a Kerberos 5 authentication server
2312at boot time.
2313.It Va kdc_program
2314.Pq Vt str
2315If
2316.Va kdc_enable
2317is set to
2318.Dq Li YES
2319this is the path to Kerberos 5 Authentication Server.
2320.It Va kdc_flags
2321.Pq Vt str
2322Empty by default.
2323This variable contains additional flags to be passed to the Kerberos 5
2324authentication server.
2325.It Va kadmind_enable
2326.Pq Vt bool
2327Set to
2328.Dq Li YES
2329to start
2330.Xr kadmind 8 ,
2331the Kerberos 5 Administration Daemon; set to
2332.Dq Li NO
2333on a slave server.
2334.It Va kadmind_program
2335.Pq Vt str
2336If
2337.Va kadmind_enable
2338is set to
2339.Dq Li YES
2340this is the path to Kerberos 5 Administration Daemon.
2341.It Va kpasswdd_enable
2342.Pq Vt bool
2343Set to
2344.Dq Li YES
2345to start
2346.Xr kpasswdd 8 ,
2347the Kerberos 5 Password-Changing Daemon; set to
2348.Dq Li NO
2349on a slave server.
2350.It Va kpasswdd_program
2351.Pq Vt str
2352If
2353.Va kpasswdd_enable
2354is set to
2355.Dq Li YES
2356this is the path to Kerberos 5 Password-Changing Daemon.
2357.It Va kfd_enable
2358.Pq Vt bool
2359Set to
2360.Dq Li YES
2361to start
2362.Xr kfd 8 ,
2363the Kerberos 5 ticket forwarding daemon, at the boot time.
2364.It Va kfd_program
2365.Pq Vt str
2366Path to
2367.Xr kfd 8
2368(default
2369.Pa /usr/libexec/kfd ) .
2370.It Va rwhod_enable
2371.Pq Vt bool
2372If set to
2373.Dq Li YES ,
2374run the
2375.Xr rwhod 8
2376daemon at boot time.
2377.It Va rwhod_flags
2378.Pq Vt str
2379If
2380.Va rwhod_enable
2381is set to
2382.Dq Li YES ,
2383these are the flags to pass to it.
2384.It Va update_motd
2385.Pq Vt bool
2386If set to
2387.Dq Li YES ,
2388.Pa /etc/motd
2389will be updated at boot time to reflect the kernel release
2390being run.
2391If set to
2392.Dq Li NO ,
2393.Pa /etc/motd
2394will not be updated.
2395.It Va nfs_client_enable
2396.Pq Vt bool
2397If set to
2398.Dq Li YES ,
2399run the NFS client daemons at boot time.
2400.It Va nfs_access_cache
2401.Pq Vt int
2402If
2403.Va nfs_client_enable
2404is set to
2405.Dq Li YES ,
2406this can be set to
2407.Dq Li 0
2408to disable NFS ACCESS RPC caching, or to the number of seconds for which
2409NFS ACCESS
2410results should be cached.
2411A value of 2-10 seconds will substantially reduce network
2412traffic for many NFS operations.
2413.It Va nfs_server_enable
2414.Pq Vt bool
2415If set to
2416.Dq Li YES ,
2417run the NFS server daemons at boot time.
2418.It Va nfs_server_flags
2419.Pq Vt str
2420If
2421.Va nfs_server_enable
2422is set to
2423.Dq Li YES ,
2424these are the flags to pass to the
2425.Xr nfsd 8
2426daemon.
2427.It Va nfsv4_server_enable
2428.Pq Vt bool
2429If
2430.Va nfs_server_enable
2431is set to
2432.Dq Li YES
2433and
2434.Va nfsv4_server_enable
2435is set to
2436.Dq Li YES ,
2437enable the server for NFSv4 as well as NFSv2 and NFSv3.
2438.It Va nfsv4_server_only
2439.Pq Vt bool
2440If
2441.Va nfs_server_enable
2442is set to
2443.Dq Li YES
2444and
2445.Va nfsv4_server_only
2446is set to
2447.Dq Li YES ,
2448enable the NFS server for NFSv4 only.
2449.It Va nfs_server_maxio
2450.Pq Vt int
2451value to set vfs.nfsd.srvmaxio to, which is the
2452maximum I/O size for the NFS server.
2453.It Va tlsclntd_enable
2454.Pq Vt bool
2455If set to
2456.Dq Li YES ,
2457run the
2458.Xr rpc.tlsclntd 8
2459daemon, which is needed for NFS-over-TLS NFS mounts.
2460.It Va tlsservd_enable
2461.Pq Vt bool
2462If set to
2463.Dq Li YES ,
2464run the
2465.Xr rpc.tlsservd 8
2466daemon, which is needed for the
2467.Xr nfsd 8
2468to support NFS-over-TLS NFS mounts.
2469.It Va nfsuserd_enable
2470.Pq Vt bool
2471If
2472.Va nfsuserd_enable
2473is set to
2474.Dq Li YES ,
2475run the nfsuserd daemon, which is needed for NFSv4 in order
2476to map between user/group names vs uid/gid numbers.
2477If
2478.Va nfsv4_server_enable
2479is set to
2480.Dq Li YES ,
2481this will be forced enabled.
2482.It Va nfsuserd_flags
2483.Pq Vt str
2484If
2485.Va nfsuserd_enable
2486is set to
2487.Dq Li YES ,
2488these are the flags to pass to the
2489.Xr nfsuserd 8
2490daemon.
2491.It Va nfscbd_enable
2492.Pq Vt bool
2493If
2494.Va nfscbd_enable
2495is set to
2496.Dq Li YES ,
2497run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2498.It Va nfscbd_flags
2499.Pq Vt str
2500If
2501.Va nfscbd_enable
2502is set to
2503.Dq Li YES ,
2504these are the flags to pass to the
2505.Xr nfscbd 8
2506daemon.
2507.It Va mountd_enable
2508.Pq Vt bool
2509If set to
2510.Dq Li YES ,
2511and no
2512.Va nfs_server_enable
2513is set, start
2514.Xr mountd 8 ,
2515but not
2516.Xr nfsd 8
2517daemon.
2518It is commonly needed to run CFS without real NFS used.
2519.It Va mountd_flags
2520.Pq Vt str
2521If
2522.Va mountd_enable
2523is set to
2524.Dq Li YES ,
2525these are the flags to pass to the
2526.Xr mountd 8
2527daemon.
2528.It Va weak_mountd_authentication
2529.Pq Vt bool
2530If set to
2531.Dq Li YES ,
2532allow services like PCNFSD to make non-privileged mount
2533requests.
2534.It Va nfs_reserved_port_only
2535.Pq Vt bool
2536If set to
2537.Dq Li YES ,
2538provide NFS services only on a secure port.
2539.It Va nfs_bufpackets
2540.Pq Vt int
2541If set to a number, indicates the number of packets worth of
2542socket buffer space to reserve on an NFS client.
2543The kernel default is typically 4.
2544Using a higher number may be
2545useful on gigabit networks to improve performance.
2546The minimum value is
25472 and the maximum is 64.
2548.It Va rpc_lockd_enable
2549.Pq Vt bool
2550If set to
2551.Dq Li YES
2552and also an NFS server or client, run
2553.Xr rpc.lockd 8
2554at boot time.
2555.It Va rpc_lockd_flags
2556.Pq Vt str
2557If
2558.Va rpc_lockd_enable
2559is set to
2560.Dq Li YES ,
2561these are the flags to pass to the
2562.Xr rpc.lockd 8
2563daemon.
2564.It Va rpc_statd_enable
2565.Pq Vt bool
2566If set to
2567.Dq Li YES
2568and also an NFS server or client, run
2569.Xr rpc.statd 8
2570at boot time.
2571.It Va rpc_statd_flags
2572.Pq Vt str
2573If
2574.Va rpc_statd_enable
2575is set to
2576.Dq Li YES ,
2577these are the flags to pass to the
2578.Xr rpc.statd 8
2579daemon.
2580.It Va rpcbind_program
2581.Pq Vt str
2582Path to
2583.Xr rpcbind 8
2584(default
2585.Pa /usr/sbin/rpcbind ) .
2586.It Va rpcbind_enable
2587.Pq Vt bool
2588If set to
2589.Dq Li YES ,
2590run the
2591.Xr rpcbind 8
2592service at boot time.
2593.It Va rpcbind_flags
2594.Pq Vt str
2595If
2596.Va rpcbind_enable
2597is set to
2598.Dq Li YES ,
2599these are the flags to pass to the
2600.Xr rpcbind 8
2601daemon.
2602.It Va keyserv_enable
2603.Pq Vt bool
2604If set to
2605.Dq Li YES ,
2606run the
2607.Xr keyserv 8
2608daemon on boot for running Secure RPC.
2609.It Va keyserv_flags
2610.Pq Vt str
2611If
2612.Va keyserv_enable
2613is set to
2614.Dq Li YES ,
2615these are the flags to pass to
2616.Xr keyserv 8
2617daemon.
2618.It Va pppoed_enable
2619.Pq Vt bool
2620If set to
2621.Dq Li YES ,
2622run the
2623.Xr pppoed 8
2624daemon at boot time to provide PPP over Ethernet services.
2625.It Va pppoed_ Ns Aq Ar provider
2626.Pq Vt str
2627.Xr pppoed 8
2628listens to requests to this
2629.Ar provider
2630and ultimately runs
2631.Xr ppp 8
2632with a
2633.Ar system
2634argument of the same name.
2635.It Va pppoed_flags
2636.Pq Vt str
2637Additional flags to pass to
2638.Xr pppoed 8 .
2639.It Va pppoed_interface
2640.Pq Vt str
2641The network interface to run
2642.Xr pppoed 8
2643on.
2644This is mandatory when
2645.Va pppoed_enable
2646is set to
2647.Dq Li YES .
2648.It Va ntpdate_enable
2649.Pq Vt bool
2650If set to
2651.Dq Li YES ,
2652run
2653.Xr ntpdate 8
2654at system startup.
2655This command is intended to
2656synchronize the system clock only
2657.Em once
2658from some standard reference.
2659.Pp
2660Note that the use of the
2661.Va ntpd_sync_on_start
2662variable is a preferred alternative to the
2663.Xr ntpdate 8
2664utility as
2665.Xr ntpdate 8
2666is to be retired from the NTP distribution.
2667.It Va ntpdate_config
2668.Pq Vt str
2669Configuration file for
2670.Xr ntpdate 8 .
2671Default
2672.Pa /etc/ntp.conf .
2673.It Va ntpdate_hosts
2674.Pq Vt str
2675A whitespace-separated list of NTP servers to synchronize with at startup.
2676The default is to use the servers listed in
2677.Va ntpdate_config ,
2678if that file exists.
2679.It Va ntpdate_program
2680.Pq Vt str
2681Path to
2682.Xr ntpdate 8
2683(default
2684.Pa /usr/sbin/ntpdate ) .
2685.It Va ntpdate_flags
2686.Pq Vt str
2687If
2688.Va ntpdate_enable
2689is set to
2690.Dq Li YES ,
2691these are the flags to pass to the
2692.Xr ntpdate 8
2693command (typically a hostname).
2694.It Va ntpd_enable
2695.Pq Vt bool
2696If set to
2697.Dq Li YES ,
2698run the
2699.Xr ntpd 8
2700command at boot time.
2701.It Va ntpd_program
2702.Pq Vt str
2703Path to
2704.Xr ntpd 8
2705(default
2706.Pa /usr/sbin/ntpd ) .
2707.It Va ntpd_config
2708.Pq Vt str
2709Path to
2710.Xr ntpd 8
2711configuration file.
2712Default
2713.Pa /etc/ntp.conf .
2714.It Va ntpd_flags
2715.Pq Vt str
2716If
2717.Va ntpd_enable
2718is set to
2719.Dq Li YES ,
2720these are the flags to pass to the
2721.Xr ntpd 8
2722daemon.
2723.It Va ntpd_sync_on_start
2724.Pq Vt bool
2725If set to
2726.Dq Li YES ,
2727.Xr ntpd 8
2728is run with the
2729.Fl g
2730flag, which syncs the system's clock on startup.
2731See
2732.Xr ntpd 8
2733for more information regarding the
2734.Fl g
2735option.
2736This is a preferred alternative to using
2737.Xr ntpdate 8
2738or specifying the
2739.Va ntpdate_enable
2740variable.
2741.It Va nis_client_enable
2742.Pq Vt bool
2743If set to
2744.Dq Li YES ,
2745run the
2746.Xr ypbind 8
2747service at system boot time.
2748.It Va nis_client_flags
2749.Pq Vt str
2750If
2751.Va nis_client_enable
2752is set to
2753.Dq Li YES ,
2754these are the flags to pass to the
2755.Xr ypbind 8
2756service.
2757.It Va nis_ypldap_enable
2758.Pq Vt bool
2759If set to
2760.Dq Li YES ,
2761run the
2762.Xr ypldap 8
2763daemon at system boot time.
2764.It Va nis_ypldap_flags
2765.Pq Vt str
2766If
2767.Va nis.ypldap_enable
2768is set to
2769.Dq Li YES ,
2770these are the flags to pass to the
2771.Xr ypldap 8
2772daemon.
2773.It Va nis_ypset_enable
2774.Pq Vt bool
2775If set to
2776.Dq Li YES ,
2777run the
2778.Xr ypset 8
2779daemon at system boot time.
2780.It Va nis_ypset_flags
2781.Pq Vt str
2782If
2783.Va nis_ypset_enable
2784is set to
2785.Dq Li YES ,
2786these are the flags to pass to the
2787.Xr ypset 8
2788daemon.
2789.It Va nis_server_enable
2790.Pq Vt bool
2791If set to
2792.Dq Li YES ,
2793run the
2794.Xr ypserv 8
2795daemon at system boot time.
2796.It Va nis_server_flags
2797.Pq Vt str
2798If
2799.Va nis_server_enable
2800is set to
2801.Dq Li YES ,
2802these are the flags to pass to the
2803.Xr ypserv 8
2804daemon.
2805.It Va nis_ypxfrd_enable
2806.Pq Vt bool
2807If set to
2808.Dq Li YES ,
2809run the
2810.Xr rpc.ypxfrd 8
2811daemon at system boot time.
2812.It Va nis_ypxfrd_flags
2813.Pq Vt str
2814If
2815.Va nis_ypxfrd_enable
2816is set to
2817.Dq Li YES ,
2818these are the flags to pass to the
2819.Xr rpc.ypxfrd 8
2820daemon.
2821.It Va nis_yppasswdd_enable
2822.Pq Vt bool
2823If set to
2824.Dq Li YES ,
2825run the
2826.Xr rpc.yppasswdd 8
2827daemon at system boot time.
2828.It Va nis_yppasswdd_flags
2829.Pq Vt str
2830If
2831.Va nis_yppasswdd_enable
2832is set to
2833.Dq Li YES ,
2834these are the flags to pass to the
2835.Xr rpc.yppasswdd 8
2836daemon.
2837.It Va rpc_ypupdated_enable
2838.Pq Vt bool
2839If set to
2840.Dq Li YES ,
2841run the
2842.Nm rpc.ypupdated
2843daemon at system boot time.
2844.It Va bsnmpd_enable
2845.Pq Vt bool
2846If set to
2847.Dq Li YES ,
2848run the
2849.Xr bsnmpd 1
2850daemon at system boot time.
2851Be sure to understand the security implications of running SNMP daemon
2852on your host.
2853.It Va bsnmpd_flags
2854.Pq Vt str
2855If
2856.Va bsnmpd_enable
2857is set to
2858.Dq Li YES ,
2859these are the flags to pass to the
2860.Xr bsnmpd 1
2861daemon.
2862.It Va defaultrouter
2863.Pq Vt str
2864If not set to
2865.Dq Li NO ,
2866create a default route to this host name or IP address
2867(use an IP address if this router is also required to get to the
2868name server!).
2869.It Va defaultrouter_fibN
2870.Pq Vt str
2871If not set to
2872.Dq Li NO ,
2873create a default route in FIB N to this host name or IP address.
2874.It Va ipv6_defaultrouter
2875.Pq Vt str
2876The IPv6 equivalent of
2877.Va defaultrouter .
2878.It Va ipv6_defaultrouter_fibN
2879.Pq Vt str
2880The IPv6 equivalent of
2881.Va defaultrouter_fibN .
2882.It Va static_arp_pairs
2883.Pq Vt str
2884Set to the list of static ARP pairs that are to be added at system
2885boot time.
2886For each whitespace separated
2887.Ar element
2888in the value, a
2889.Va static_arp_ Ns Aq Ar element
2890variable is assumed to exist whose contents will later be passed to a
2891.Dq Nm arp Cm -S
2892operation.
2893For example
2894.Bd -literal
2895static_arp_pairs="gw"
2896static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2897.Ed
2898.It Va static_ndp_pairs
2899.Pq Vt str
2900Set to the list of static NDP pairs that are to be added at system
2901boot time.
2902For each whitespace separated
2903.Ar element
2904in the value, a
2905.Va static_ndp_ Ns Aq Ar element
2906variable is assumed to exist whose contents will later be passed to a
2907.Dq Nm ndp Cm -s
2908operation.
2909For example
2910.Bd -literal
2911static_ndp_pairs="gw"
2912static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2913.Ed
2914.It Va static_routes
2915.Pq Vt str
2916Set to the list of static routes that are to be added at system
2917boot time.
2918If not set to
2919.Dq Li NO
2920then for each whitespace separated
2921.Ar element
2922in the value, a
2923.Va route_ Ns Aq Ar element
2924variable is assumed to exist
2925whose contents will later be passed to a
2926.Dq Nm route Cm add
2927operation.
2928For example:
2929.Bd -literal
2930static_routes="ext mcast:gif0 gif0local:gif0"
2931route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2932route_mcast="-net 224.0.0.0/4 -iface gif0"
2933route_gif0local="-host 169.254.1.1 -iface lo0"
2934.Ed
2935.Pp
2936When an
2937.Ar element
2938is in the form of
2939.Li name:ifname ,
2940the route is specific to the interface
2941.Li ifname .
2942.It Va ipv6_static_routes
2943.Pq Vt str
2944The IPv6 equivalent of
2945.Va static_routes .
2946If not set to
2947.Dq Li NO
2948then for each whitespace separated
2949.Ar element
2950in the value, a
2951.Va ipv6_route_ Ns Aq Ar element
2952variable is assumed to exist
2953whose contents will later be passed to a
2954.Dq Nm route Cm add Fl inet6
2955operation.
2956.It Va gateway_enable
2957.Pq Vt bool
2958If set to
2959.Dq Li YES ,
2960configure host to act as an IP router, e.g.\& to forward packets
2961between interfaces.
2962.It Va ipv6_gateway_enable
2963.Pq Vt bool
2964The IPv6 equivalent of
2965.Va gateway_enable .
2966.It Va routed_enable
2967.Pq Vt bool
2968If set to
2969.Dq Li YES ,
2970run a routing daemon of some sort, based on the
2971settings of
2972.Va routed_program
2973and
2974.Va routed_flags .
2975.It Va route6d_enable
2976.Pq Vt bool
2977The IPv6 equivalent of
2978.Va routed_enable .
2979If set to
2980.Dq Li YES ,
2981run a routing daemon of some sort, based on the
2982settings of
2983.Va route6d_program
2984and
2985.Va route6d_flags .
2986.It Va routed_program
2987.Pq Vt str
2988If
2989.Va routed_enable
2990is set to
2991.Dq Li YES ,
2992this is the name of the routing daemon to use.
2993.It Va route6d_program
2994.Pq Vt str
2995The IPv6 equivalent of
2996.Va routed_program .
2997.It Va routed_flags
2998.Pq Vt str
2999If
3000.Va routed_enable
3001is set to
3002.Dq Li YES ,
3003these are the flags to pass to the routing daemon.
3004.It Va route6d_flags
3005.Pq Vt str
3006The IPv6 equivalent of
3007.Va routed_flags .
3008.It Va rtadvd_enable
3009.Pq Vt bool
3010If set to
3011.Dq Li YES ,
3012run the
3013.Xr rtadvd 8
3014daemon at boot time.
3015The
3016.Xr rtadvd 8
3017utility sends ICMPv6 Router Advertisement messages to
3018the interfaces specified in
3019.Va rtadvd_interfaces .
3020This should only be enabled with great care.
3021You may want to fine-tune
3022.Xr rtadvd.conf 5 .
3023.It Va rtadvd_interfaces
3024.Pq Vt str
3025If
3026.Va rtadvd_enable
3027is set to
3028.Dq Li YES
3029this is the list of interfaces to use.
3030.It Va arpproxy_all
3031.Pq Vt bool
3032If set to
3033.Dq Li YES ,
3034enable global proxy ARP.
3035.It Va forward_sourceroute
3036.Pq Vt bool
3037If set to
3038.Dq Li YES
3039and
3040.Va gateway_enable
3041is also set to
3042.Dq Li YES ,
3043source-routed packets are forwarded.
3044.It Va accept_sourceroute
3045.Pq Vt bool
3046If set to
3047.Dq Li YES ,
3048the system will accept source-routed packets directed at it.
3049.It Va rarpd_enable
3050.Pq Vt bool
3051If set to
3052.Dq Li YES ,
3053run the
3054.Xr rarpd 8
3055daemon at system boot time.
3056.It Va rarpd_flags
3057.Pq Vt str
3058If
3059.Va rarpd_enable
3060is set to
3061.Dq Li YES ,
3062these are the flags to pass to the
3063.Xr rarpd 8
3064daemon.
3065.It Va bootparamd_enable
3066.Pq Vt bool
3067If set to
3068.Dq Li YES ,
3069run the
3070.Xr bootparamd 8
3071daemon at system boot time.
3072.It Va bootparamd_flags
3073.Pq Vt str
3074If
3075.Va bootparamd_enable
3076is set to
3077.Dq Li YES ,
3078these are the flags to pass to the
3079.Xr bootparamd 8
3080daemon.
3081.It Va stf_interface_ipv4addr
3082.Pq Vt str
3083If not set to
3084.Dq Li NO ,
3085this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3086interface).
3087Specify this entry to enable the 6to4 interface.
3088.It Va stf_interface_ipv4plen
3089.Pq Vt int
3090Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3091An effective value is 0-31.
3092.It Va stf_interface_ipv6_ifid
3093.Pq Vt str
3094IPv6 interface ID for
3095.Xr stf 4 .
3096This can be set to
3097.Dq Li AUTO .
3098.It Va stf_interface_ipv6_slaid
3099.Pq Vt str
3100IPv6 Site Level Aggregator for
3101.Xr stf 4 .
3102.It Va ipv6_ipv4mapping
3103.Pq Vt bool
3104If set to
3105.Dq Li YES
3106this enables IPv4 mapped IPv6 address communication (like
3107.Li ::ffff:a.b.c.d ) .
3108.It Va rtsold_enable
3109.Pq Vt bool
3110Set to
3111.Dq Li YES
3112to enable the
3113.Xr rtsold 8
3114daemon to send ICMPv6 Router Solicitation messages.
3115.It Va rtsold_flags
3116.Pq Vt str
3117If
3118.Va rtsold_enable
3119is set to
3120.Dq Li YES ,
3121these are the flags to pass to
3122.Xr rtsold 8 .
3123.It Va rtsol_flags
3124.Pq Vt str
3125For interfaces configured with the
3126.Dq Li inet6 accept_rtadv
3127keyword, these are the flags to pass to
3128.Xr rtsol 8 .
3129.Pp
3130Note that
3131.Va rtsold_enable
3132is mutually exclusive to
3133.Va rtsol_flags ;
3134.Va rtsold_enable
3135takes precedence.
3136.It Va keybell
3137.Pq Vt str
3138The keyboard bell sound.
3139Set to
3140.Dq Li normal ,
3141.Dq Li visual ,
3142.Dq Li off ,
3143or
3144.Dq Li NO
3145if the default behavior is desired.
3146For details, refer to the
3147.Xr kbdcontrol 1
3148manpage.
3149.It Va keyboard
3150.Pq Vt str
3151If set to a non-null string, the virtual console's keyboard input is
3152set to this device.
3153.It Va keymap
3154.Pq Vt str
3155If set to
3156.Dq Li NO ,
3157no keymap is installed, otherwise the value is used to install
3158the keymap file found in
3159.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3160(if using
3161.Xr syscons 4 ) or
3162.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3163(if using
3164.Xr vt 4 ) .
3165.It Va keyrate
3166.Pq Vt str
3167The keyboard repeat speed.
3168Set to
3169.Dq Li slow ,
3170.Dq Li normal ,
3171.Dq Li fast ,
3172or
3173.Dq Li NO
3174if the default behavior is desired.
3175.It Va keychange
3176.Pq Vt str
3177If not set to
3178.Dq Li NO ,
3179attempt to program the function keys with the value.
3180The value should
3181be a single string of the form:
3182.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3183.It Va cursor
3184.Pq Vt str
3185Can be set to the value of
3186.Dq Li normal ,
3187.Dq Li blink ,
3188.Dq Li destructive ,
3189or
3190.Dq Li NO
3191to set the cursor behavior explicitly or choose the default behavior.
3192.It Va scrnmap
3193.Pq Vt str
3194If set to
3195.Dq Li NO ,
3196no screen map is installed, otherwise the value is used to install
3197the screen map file in
3198.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3199This parameter is ignored when using
3200.Xr vt 4
3201as the console driver.
3202.It Va font8x16
3203.Pq Vt str
3204If set to
3205.Dq Li NO ,
3206the default 8x16 font value is used for screen size requests, otherwise
3207the value in
3208.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3209or
3210.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3211is used (depending on the console driver being used).
3212.It Va font8x14
3213.Pq Vt str
3214If set to
3215.Dq Li NO ,
3216the default 8x14 font value is used for screen size requests, otherwise
3217the value in
3218.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3219or
3220.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3221is used (depending on the console driver being used).
3222.It Va font8x8
3223.Pq Vt str
3224If set to
3225.Dq Li NO ,
3226the default 8x8 font value is used for screen size requests, otherwise
3227the value in
3228.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3229or
3230.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3231is used (depending on the console driver being used).
3232.It Va blanktime
3233.Pq Vt int
3234If set to
3235.Dq Li NO ,
3236the default screen blanking interval is used, otherwise it is set
3237to
3238.Ar value
3239seconds.
3240.It Va saver
3241.Pq Vt str
3242If not set to
3243.Dq Li NO ,
3244this is the actual screen saver to use
3245.Li ( blank , snake , daemon ,
3246etc).
3247.It Va moused_nondefault_enable
3248.Pq Vt str
3249If set to
3250.Dq Li NO ,
3251the mouse device specified on
3252the command line is not automatically treated as enabled by the
3253.Pa /etc/rc.d/moused
3254script.
3255Having this variable set to
3256.Dq Li YES
3257allows a
3258.Xr usb 4
3259mouse,
3260for example,
3261to be enabled as soon as it is plugged in.
3262.It Va moused_enable
3263.Pq Vt str
3264If set to
3265.Dq Li YES ,
3266the
3267.Xr moused 8
3268daemon is started for doing cut/paste selection on the console.
3269.It Va moused_type
3270.Pq Vt str
3271This is the protocol type of the mouse connected to this host.
3272This variable must be set if
3273.Va moused_enable
3274is set to
3275.Dq Li YES .
3276The
3277.Xr moused 8
3278daemon
3279is able to detect the appropriate mouse type automatically in many cases.
3280Set this variable to
3281.Dq Li auto
3282to let the daemon detect it, or
3283select one from the following list if the automatic detection fails.
3284.Pp
3285If the mouse is attached to the PS/2 mouse port, choose
3286.Dq Li auto
3287or
3288.Dq Li ps/2 ,
3289regardless of the brand and model of the mouse.
3290Likewise, if the
3291mouse is attached to the bus mouse port, choose
3292.Dq Li auto
3293or
3294.Dq Li busmouse .
3295All other protocols are for serial mice and will not work with
3296the PS/2 and bus mice.
3297If this is a USB mouse,
3298.Dq Li auto
3299is the only protocol type which will work.
3300.Pp
3301.Bl -tag -width ".Li x10mouseremote" -compact
3302.It Li microsoft
3303Microsoft mouse (serial)
3304.It Li intellimouse
3305Microsoft IntelliMouse (serial)
3306.It Li mousesystems
3307Mouse systems Corp.\& mouse (serial)
3308.It Li mmseries
3309MM Series mouse (serial)
3310.It Li logitech
3311Logitech mouse (serial)
3312.It Li busmouse
3313A bus mouse
3314.It Li mouseman
3315Logitech MouseMan and TrackMan (serial)
3316.It Li glidepoint
3317ALPS GlidePoint (serial)
3318.It Li thinkingmouse
3319Kensington ThinkingMouse (serial)
3320.It Li ps/2
3321PS/2 mouse
3322.It Li mmhittab
3323MM HitTablet (serial)
3324.It Li x10mouseremote
3325X10 MouseRemote (serial)
3326.It Li versapad
3327Interlink VersaPad (serial)
3328.El
3329.Pp
3330Even if the mouse is not in the above list, it may be compatible
3331with one in the list.
3332Refer to the manual page for
3333.Xr moused 8
3334for compatibility information.
3335.Pp
3336It should also be noted that while this is enabled, any
3337other client of the mouse (such as an X server) should access
3338the mouse through the virtual mouse device,
3339.Pa /dev/sysmouse ,
3340and configure it as a
3341.Dq Li sysmouse
3342type mouse, since all
3343mouse data is converted to this single canonical format when
3344using
3345.Xr moused 8 .
3346If the client program does not support the
3347.Dq Li sysmouse
3348type,
3349specify the
3350.Dq Li mousesystems
3351type.
3352It is the second preferred type.
3353.It Va moused_port
3354.Pq Vt str
3355If
3356.Va moused_enable
3357is set to
3358.Dq Li YES ,
3359this is the actual port the mouse is on.
3360It might be
3361.Pa /dev/cuau0
3362for a COM1 serial mouse, or
3363.Pa /dev/psm0
3364for a PS/2 mouse, for example.
3365.It Va moused_flags
3366.Pq Vt str
3367If
3368.Va moused_flags
3369is set, its value is used as an additional set of flags to pass to the
3370.Xr moused 8
3371daemon.
3372.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3373When
3374.Va moused_nondefault_enable
3375is enabled, and a
3376.Xr moused 8
3377daemon is started for a non-default port, the
3378.Va "moused_" Ns Ar XXX Ns Va "_flags"
3379set of options has precedence over and replaces the default
3380.Va moused_flags
3381(where
3382.Ar XXX
3383is the name of the non-default port, i.e.,\&
3384.Ar ums0 ) .
3385By setting
3386.Va "moused_" Ns Ar XXX Ns Va "_flags"
3387it is possible to set up a different set of default flags for each
3388.Xr moused 8
3389instance.
3390For example, you can use
3391.Dq Li "-3"
3392for the default
3393.Va moused_flags
3394to make your laptop's touchpad more comfortable to use,
3395but an empty set of options for
3396.Va moused_ums0_flags
3397when your
3398.Xr usb 4
3399mouse has three or more buttons.
3400.It Va mousechar_start
3401.Pq Vt int
3402If set to
3403.Dq Li NO ,
3404the default mouse cursor character range
3405.Li 0xd0 Ns - Ns Li 0xd3
3406is used,
3407otherwise the range start is set
3408to
3409.Ar value
3410character, see
3411.Xr vidcontrol 1 .
3412Use if the default range is occupied in the language code table.
3413.It Va allscreens_flags
3414.Pq Vt str
3415If set,
3416.Xr vidcontrol 1
3417is run with these options for each of the virtual terminals
3418.Pq Pa /dev/ttyv* .
3419For example,
3420.Dq Fl m Cm on
3421will enable the mouse pointer on all virtual terminals
3422if
3423.Va moused_enable
3424is set to
3425.Dq Li YES .
3426.It Va allscreens_kbdflags
3427.Pq Vt str
3428If set,
3429.Xr kbdcontrol 1
3430is run with these options for each of the virtual terminals
3431.Pq Pa /dev/ttyv* .
3432For example,
3433.Dq Fl h Li 200
3434will set the
3435.Xr syscons 4
3436or
3437.Xr vt 4
3438scrollback (history) buffer to 200 lines.
3439.It Va cron_enable
3440.Pq Vt bool
3441If set to
3442.Dq Li YES ,
3443run the
3444.Xr cron 8
3445daemon at system boot time.
3446.It Va cron_program
3447.Pq Vt str
3448Path to
3449.Xr cron 8
3450(default
3451.Pa /usr/sbin/cron ) .
3452.It Va cron_flags
3453.Pq Vt str
3454If
3455.Va cron_enable
3456is set to
3457.Dq Li YES ,
3458these are the flags to pass to
3459.Xr cron 8 .
3460.It Va cron_dst
3461.Pq Vt bool
3462If set to
3463.Dq Li YES ,
3464enable the special handling of transitions to and from the
3465Daylight Saving Time in
3466.Xr cron 8
3467(equivalent to using the flag
3468.Fl s ) .
3469.It Va lpd_program
3470.Pq Vt str
3471Path to
3472.Xr lpd 8
3473(default
3474.Pa /usr/sbin/lpd ) .
3475.It Va lpd_enable
3476.Pq Vt bool
3477If set to
3478.Dq Li YES ,
3479run the
3480.Xr lpd 8
3481daemon at system boot time.
3482.It Va lpd_flags
3483.Pq Vt str
3484If
3485.Va lpd_enable
3486is set to
3487.Dq Li YES ,
3488these are the flags to pass to the
3489.Xr lpd 8
3490daemon.
3491.It Va chkprintcap_enable
3492.Pq Vt bool
3493If set to
3494.Dq Li YES ,
3495run the
3496.Xr chkprintcap 8
3497command before starting the
3498.Xr lpd 8
3499daemon.
3500.It Va chkprintcap_flags
3501.Pq Vt str
3502If
3503.Va lpd_enable
3504and
3505.Va chkprintcap_enable
3506are set to
3507.Dq Li YES ,
3508these are the flags to pass to the
3509.Xr chkprintcap 8
3510program.
3511The default is
3512.Dq Li -d ,
3513which causes missing directories to be created.
3514.It Va mta_start_script
3515.Pq Vt str
3516This variable specifies the full path to the script to run to start
3517a mail transfer agent.
3518The default is
3519.Pa /etc/rc.sendmail .
3520The
3521.Va sendmail_*
3522variables which
3523.Pa /etc/rc.sendmail
3524uses are documented in the
3525.Xr rc.sendmail 8
3526manual page.
3527.It Va dumpdev
3528.Pq Vt str
3529Indicates the device (usually a swap partition) to which a crash dump
3530should be written in the event of a system crash.
3531If the value of this variable is
3532.Dq Li AUTO ,
3533the first suitable swap device listed in
3534.Pa /etc/fstab
3535will be used as dump device.
3536Otherwise, the value of this variable is passed as the argument to
3537.Xr dumpon 8
3538and
3539.Xr savecore 8 .
3540To disable crash dumps, set this variable to
3541.Dq Li NO .
3542.It Va dumpon_flags
3543.Pq Vt str
3544Flags to pass to
3545.Xr dumpon 8
3546when configuring
3547.Va dumpdev
3548as the system dump device.
3549.It Va dumpdir
3550.Pq Vt str
3551When the system reboots after a crash and a crash dump is found on the
3552device specified by the
3553.Va dumpdev
3554variable,
3555.Xr savecore 8
3556will save that crash dump and a copy of the kernel to the directory
3557specified by the
3558.Va dumpdir
3559variable.
3560The default value is
3561.Pa /var/crash .
3562Set to
3563.Dq Li NO
3564to not run
3565.Xr savecore 8
3566at boot time when
3567.Va dumpdir
3568is set.
3569.It Va savecore_enable
3570.Pq Vt bool
3571If set to
3572.Dq Li NO ,
3573disable automatic extraction of the crash dump from the
3574.Va dumpdev .
3575.It Va savecore_flags
3576.Pq Vt str
3577If crash dumps are enabled, these are the flags to pass to the
3578.Xr savecore 8
3579utility.
3580.It Va quota_enable
3581.Pq Vt bool
3582Set to
3583.Dq Li YES
3584to turn on user and group disk quotas on system startup via the
3585.Xr quotaon 8
3586command for all file systems marked as having quotas enabled in
3587.Pa /etc/fstab .
3588The kernel must be built with
3589.Cd "options QUOTA"
3590for disk quotas to function.
3591.It Va check_quotas
3592.Pq Vt bool
3593Set to
3594.Dq Li YES
3595to enable user and group disk quota checking via the
3596.Xr quotacheck 8
3597command.
3598.It Va quotacheck_flags
3599.Pq Vt str
3600If
3601.Va quota_enable
3602is set to
3603.Dq Li YES ,
3604and
3605.Va check_quotas
3606is set to
3607.Dq Li YES ,
3608these are the flags to pass to the
3609.Xr quotacheck 8
3610utility.
3611The default is
3612.Dq Li "-a" ,
3613which checks quotas for all file systems with quotas enabled in
3614.Pa /etc/fstab .
3615.It Va quotaon_flags
3616.Pq Vt str
3617If
3618.Va quota_enable
3619is set to
3620.Dq Li YES ,
3621these are the flags to pass to the
3622.Xr quotaon 8
3623utility.
3624The default is
3625.Dq Li "-a" ,
3626which enables quotas for all file systems with quotas enabled in
3627.Pa /etc/fstab .
3628.It Va quotaoff_flags
3629.Pq Vt str
3630If
3631.Va quota_enable
3632is set to
3633.Dq Li YES ,
3634these are the flags to pass to the
3635.Xr quotaoff 8
3636utility when shutting down the quota system.
3637The default is
3638.Dq Li "-a" ,
3639which disables quotas for all file systems with quotas enabled in
3640.Pa /etc/fstab .
3641.It Va accounting_enable
3642.Pq Vt bool
3643Set to
3644.Dq Li YES
3645to enable system accounting through the
3646.Xr accton 8
3647facility.
3648.It Va firstboot_sentinel
3649.Pq Vt str
3650This variable specifies the full path to a
3651.Dq first boot
3652sentinel file.
3653If a file exists with this path,
3654.Pa rc.d
3655scripts with the
3656.Dq firstboot
3657keyword will be run on startup and the sentinel file will be deleted
3658after the boot process completes.
3659The sentinel file must be located on a writable file system which is
3660mounted no later than
3661.Va early_late_divider
3662to function properly.
3663The default is
3664.Pa /firstboot .
3665.It Va linux_enable
3666.Pq Vt bool
3667Set to
3668.Dq Li YES
3669to enable Linux/ELF binary emulation at system initial
3670boot time.
3671.It Va sysvipc_enable
3672.Pq Vt bool
3673If set to
3674.Dq Li YES ,
3675load System V IPC primitives at boot time.
3676.It Va clear_tmp_enable
3677.Pq Vt bool
3678Set to
3679.Dq Li YES
3680to have
3681.Pa /tmp
3682cleaned at startup.
3683.It Va clear_tmp_X
3684.Pq Vt bool
3685Set to
3686.Dq Li NO
3687to disable removing of X11 lock files,
3688and the removal and (secure) recreation
3689of the various socket directories for X11
3690related programs.
3691.It Va ldconfig_paths
3692.Pq Vt str
3693Set to the list of shared library paths to use with
3694.Xr ldconfig 8 .
3695NOTE:
3696.Pa /lib
3697and
3698.Pa /usr/lib
3699will always be added first, so they need not appear in this list.
3700.It Va ldconfig32_paths
3701.Pq Vt str
3702Set to the list of 32-bit compatibility shared library paths to
3703use with
3704.Xr ldconfig 8 .
3705.It Va ldconfig_insecure
3706.Pq Vt bool
3707The
3708.Xr ldconfig 8
3709utility normally refuses to use directories
3710which are writable by anyone except root.
3711Set this variable to
3712.Dq Li YES
3713to disable that security check during system startup.
3714.It Va ldconfig_local_dirs
3715.Pq Vt str
3716Set to the list of local
3717.Xr ldconfig 8
3718directories.
3719The names of all files in the directories listed will be
3720passed as arguments to
3721.Xr ldconfig 8 .
3722.It Va ldconfig_local32_dirs
3723.Pq Vt str
3724Set to the list of local 32-bit compatibility
3725.Xr ldconfig 8
3726directories.
3727The names of all files in the directories listed will be
3728passed as arguments to
3729.Dq Nm ldconfig Fl 32 .
3730.It Va kern_securelevel_enable
3731.Pq Vt bool
3732Set to
3733.Dq Li YES
3734to set the kernel security level at system startup.
3735.It Va kern_securelevel
3736.Pq Vt int
3737The kernel security level to set at startup.
3738The allowed range of
3739.Ar value
3740ranges from \-1 (the compile time default) to 3 (the
3741most secure).
3742See
3743.Xr security 7
3744for the list of possible security levels and their effect
3745on system operation.
3746.It Va sshd_program
3747.Pq Vt str
3748Path to the SSH server program
3749.Pa ( /usr/sbin/sshd
3750is the default).
3751.It Va sshd_enable
3752.Pq Vt bool
3753Set to
3754.Dq Li YES
3755to start
3756.Xr sshd 8
3757at system boot time.
3758.It Va sshd_flags
3759.Pq Vt str
3760If
3761.Va sshd_enable
3762is set to
3763.Dq Li YES ,
3764these are the flags to pass to the
3765.Xr sshd 8
3766daemon.
3767.It Va ftpd_program
3768.Pq Vt str
3769Path to the FTP server program
3770.Pa ( /usr/libexec/ftpd
3771is the default).
3772.It Va ftpd_enable
3773.Pq Vt bool
3774Set to
3775.Dq Li YES
3776to start
3777.Xr ftpd 8
3778as a stand-alone daemon at system boot time.
3779.It Va ftpd_flags
3780.Pq Vt str
3781If
3782.Va ftpd_enable
3783is set to
3784.Dq Li YES ,
3785these are the additional flags to pass to the
3786.Xr ftpd 8
3787daemon.
3788.It Va watchdogd_enable
3789.Pq Vt bool
3790If set to
3791.Dq Li YES ,
3792start the
3793.Xr watchdogd 8
3794daemon at boot time.
3795This requires that the kernel have been compiled with a
3796.Xr watchdog 4
3797compatible device.
3798.It Va watchdogd_flags
3799.Pq Vt str
3800If
3801.Va watchdogd_enable
3802is set to
3803.Dq Li YES ,
3804these are the flags passed to the
3805.Xr watchdogd 8
3806daemon.
3807.It Va watchdogd_timeout
3808.Pq Vt int
3809If
3810.Va watchdogd_enable
3811is set to
3812.Dq Li YES ,
3813this is a timeout that will be used by the
3814.Xr watchdogd 8
3815daemon.
3816If this option is set, it overrides
3817.Fl t
3818in
3819.Va watchdogd_flags .
3820.It Va watchdogd_shutdown_timeout
3821.Pq Vt int
3822If
3823.Va watchdogd_enable
3824is set to
3825.Dq Li YES ,
3826this is a timeout that will be set by the
3827.Xr watchdogd 8
3828daemon when it exits during the system shutdown.
3829This timeout will not be set when returning to the single-user mode
3830or when the watchdogd service is stopped individually using the
3831.Xr service 8
3832command or the rc.d script.
3833Note that the timeout will be applied if
3834.Xr watchdogd 8
3835is stopped outside of
3836.Xr rc 8
3837framework.
3838If this option is set, it overrides
3839.Fl x
3840in
3841.Va watchdogd_flags .
3842.It Va devfs_rulesets
3843.Pq Vt str
3844List of files containing sets of rules for
3845.Xr devfs 8 .
3846.It Va devfs_system_ruleset
3847.Pq Vt str
3848Rule name(s) to apply to the system
3849.Pa /dev
3850itself.
3851.It Va devfs_set_rulesets
3852.Pq Vt str
3853Pairs of already-mounted
3854.Pa dev
3855directories and rulesets that should be applied to them.
3856For example: /mount/dev=ruleset_name
3857.It Va devfs_load_rulesets
3858.Pq Vt bool
3859If set, always load the default rulesets listed in
3860.Va devfs_rulesets .
3861.It Va performance_cx_lowest
3862.Pq Vt str
3863CPU idle state to use while on AC power.
3864The string
3865.Dq Li LOW
3866indicates that
3867.Xr acpi 4
3868should use the lowest power state available while
3869.Dq Li HIGH
3870indicates that the lowest latency state (less power savings) should be used.
3871.It Va performance_cpu_freq
3872.Pq Vt str
3873CPU clock frequency to use while on AC power.
3874The string
3875.Dq Li LOW
3876indicates that
3877.Xr cpufreq 4
3878should use the lowest frequency available while
3879.Dq Li HIGH
3880indicates that the highest frequency (less power savings) should be used.
3881.It Va economy_cx_lowest
3882.Pq Vt str
3883CPU idle state to use when off AC power.
3884The string
3885.Dq Li LOW
3886indicates that
3887.Xr acpi 4
3888should use the lowest power state available while
3889.Dq Li HIGH
3890indicates that the lowest latency state (less power savings) should be used.
3891.It Va economy_cpu_freq
3892.Pq Vt str
3893CPU clock frequency to use when off AC power.
3894The string
3895.Dq Li LOW
3896indicates that
3897.Xr cpufreq 4
3898should use the lowest frequency available while
3899.Dq Li HIGH
3900indicates that the highest frequency (less power savings) should be used.
3901.It Va jail_enable
3902.Pq Vt bool
3903If set to
3904.Dq Li NO ,
3905any configured jails will not be started.
3906.It Va jail_conf
3907.Pq Vt str
3908The configuration filename used by
3909.Xr jail 8
3910utility.
3911The default value is
3912.Pa /etc/jail.conf .
3913.Pa /etc/jail.  Ns Ao Ar jname Ac Ns Va .conf
3914and
3915.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf
3916will also be used if
3917.Va Ao Ar jname Ac Va
3918is set in
3919.Va jail_list .
3920.It Va jail_parallel_start
3921.Pq Vt bool
3922If set to
3923.Dq Li YES ,
3924all configured jails will be started in the background (in parallel).
3925.It Va jail_flags
3926.Pq Vt str
3927Unset by default.
3928When set, use as default value for
3929.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3930for every jail in
3931.Va jail_list .
3932.It Va jail_list
3933.Pq Vt str
3934A space-delimited list of jail names.
3935When left empty, all of the
3936.Xr jail 8
3937instances defined in the configuration file are started.
3938The names specified in this list control the jail startup order.
3939.Xr jail 8
3940instances missing from
3941.Va jail_list
3942must be started manually.
3943Note that a jail's
3944.Va depend
3945parameter in the configuration file may override this list.
3946.It Va jail_reverse_stop
3947.Pq Vt bool
3948When set to
3949.Dq Li YES ,
3950all configured jails in
3951.Va jail_list
3952are stopped in reverse order.
3953.It Va jail_ Ns * variables
3954Note that older releases supported per-jail configuration via
3955.Nm
3956variables.
3957For example,
3958hostname of a jail named
3959.Li vjail
3960was able to be set by
3961.Li jail_vjail_hostname .
3962These per-jail configuration variables are now obsolete in favor of
3963.Xr jail 8
3964configuration file.
3965For backward compatibility,
3966when per-jail configuration variables are defined,
3967.Xr jail 8
3968configuration files are created as
3969.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf
3970and used.
3971.Pp
3972The following per-jail parameters are handled by
3973.Pa rc.d/jail
3974script out of their corresponding
3975.Nm
3976variables.
3977In addition to them, parameters in
3978.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3979will be added to the configuration file.
3980They must be a semi-colon
3981.Pq Ql \&;
3982delimited list of
3983.Dq key=value .
3984For more details,
3985see
3986.Xr jail 8
3987manual page.
3988.Bl  -tag -width "host.hostname" -offset indent
3989.It Li path
3990set from
3991.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3992.It Li host.hostname
3993set from
3994.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3995.It Li exec.consolelog
3996set from
3997.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3998The default value is
3999.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log .
4000.It Li interface
4001set from
4002.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
4003.It Li vnet.interface
4004set from
4005.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
4006This implies
4007.Li vnet
4008parameter will be enabled and cannot be specified with
4009.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
4010.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4011and/or
4012.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4013at the same time.
4014.It Li fstab
4015set from
4016.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
4017.It Li mount
4018set from
4019.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
4020.It Li exec.fib
4021set from
4022.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
4023.It Li exec.start
4024set from
4025.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
4026The parameter name was
4027.Li command
4028in some older releases.
4029.It Li exec.prestart
4030set from
4031.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
4032.It Li exec.poststart
4033set from
4034.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
4035.It Li exec.stop
4036set from
4037.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4038.It Li exec.prestop
4039set from
4040.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
4041.It Li exec.poststop
4042set from
4043.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
4044.It Li ip4.addr
4045set if
4046.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4047or
4048.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4049contain IPv4 addresses
4050.It Li ip6.addr
4051set if
4052.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4053or
4054.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4055contain IPv6 addresses
4056.It Li allow.mount
4057set from
4058.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4059.It Li mount.devfs
4060set from
4061.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4062.It Li devfs_ruleset
4063set from
4064.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4065This must be an integer,
4066not a string.
4067.It Li mount.fdescfs
4068set from
4069.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4070.It Li allow.set_hostname
4071set from
4072.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4073.It Li allow.rawsocket
4074set from
4075.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4076.It Li allow.sysvipc
4077set from
4078.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4079.El
4080.\" -----------------------------------------------------
4081.It Va harvest_mask
4082.Pq Vt int
4083Set to a bit-mask
4084representing the entropy sources
4085you wish to harvest.
4086Refer to
4087.Xr random 4
4088for more information.
4089.It Va entropy_dir
4090.Pq Vt str
4091Set to
4092.Dq Li NO
4093to disable caching entropy via
4094.Xr cron 8 .
4095Otherwise set to the directory
4096in which the entropy files are stored.
4097To be useful,
4098there must be
4099a system cron job
4100that regularly writes and rotates
4101files here.
4102All files found
4103will be used at boot time.
4104The default is
4105.Pa /var/db/entropy .
4106.It Va entropy_file
4107.Pq Vt str
4108Set to
4109.Dq Li NO
4110to disable caching entropy through reboots.
4111Otherwise set to the name
4112of a file used to store cached entropy.
4113This file should be located
4114on a file system that is readable
4115before all the volumes specified in
4116.Xr fstab 5
4117are mounted.
4118By default,
4119.Pa /entropy
4120is used,
4121but if
4122.Pa /var/db/entropy-file
4123is found it will also be used.
4124This will be of some use to
4125.Xr bsdinstall 8 .
4126.It Va entropy_boot_file
4127.Pq Vt str
4128Set to
4129.Dq Li NO
4130to disable
4131very early caching entropy
4132through reboots.
4133Otherwise set to the filename
4134used to read
4135very early reboot cached entropy.
4136This file should be located where
4137.Xr loader 8
4138can read it.
4139See also
4140.Xr loader.conf 5 .
4141The default location is
4142.Pa /boot/entropy .
4143.It Va entropy_save_sz
4144.Pq Vt int
4145Size of the entropy cache files saved by
4146.Nm save-entropy
4147periodically.
4148.It Va entropy_save_num
4149.Pq Vt int
4150Number of entropy cache files to save by
4151.Nm save-entropy
4152periodically.
4153.It Va ipsec_enable
4154.Pq Vt bool
4155Set to
4156.Dq Li YES
4157to run
4158.Xr setkey 8
4159on
4160.Va ipsec_file
4161at boot time.
4162.It Va ipsec_file
4163.Pq Vt str
4164Configuration file for
4165.Xr setkey 8 .
4166.It Va dmesg_enable
4167.Pq Vt bool
4168Set to
4169.Dq Li YES
4170to save
4171.Xr dmesg 8
4172to
4173.Pa /var/run/dmesg.boot
4174on boot.
4175.It Va rcshutdown_timeout
4176.Pq Vt int
4177If set, start a watchdog timer in the background which will terminate
4178.Pa rc.shutdown
4179if
4180.Xr shutdown 8
4181has not completed within the specified time (in seconds).
4182Notice that in addition to this soft timeout,
4183.Xr init 8
4184also applies a hard timeout for the execution of
4185.Pa rc.shutdown .
4186This is configured via
4187.Xr sysctl 8
4188variable
4189.Va kern.init_shutdown_timeout
4190and defaults to 120 seconds.
4191Setting the value of
4192.Va rcshutdown_timeout
4193to more than 120 seconds will have no effect until the
4194.Xr sysctl 8
4195variable
4196.Va kern.init_shutdown_timeout
4197is also increased.
4198.It Va virecover_enable
4199.Pq Vt bool
4200Set to
4201.Dq Li NO
4202to prevent the system from trying to
4203recover pre-maturely terminated
4204.Xr vi 1
4205sessions.
4206.It Va ugidfw_enable
4207.Pq Vt bool
4208Set to
4209.Dq Li YES
4210to load the
4211.Xr mac_bsdextended 4
4212module upon system initialization and load a default
4213ruleset file.
4214.It Va bsdextended_script
4215.Pq Vt str
4216The default
4217.Xr mac_bsdextended 4
4218ruleset file to load.
4219The default value of this variable is
4220.Pa /etc/rc.bsdextended .
4221.It Va newsyslog_enable
4222.Pq Vt bool
4223If set to
4224.Dq Li YES ,
4225run
4226.Xr newsyslog 8
4227command at startup.
4228.It Va newsyslog_flags
4229.Pq Vt str
4230If
4231.Va newsyslog_enable
4232is set to
4233.Dq Li YES ,
4234these are the flags to pass to the
4235.Xr newsyslog 8
4236program.
4237The default is
4238.Dq Li -CN ,
4239which causes log files flagged with a
4240.Cm C
4241to be created.
4242.It Va mdconfig_md Ns Aq Ar X
4243.Pq Vt str
4244Arguments to
4245.Xr mdconfig 8
4246for
4247.Xr md 4
4248device
4249.Ar X .
4250At minimum a
4251.Fl t Ar type
4252must be specified and either a
4253.Fl s Ar size
4254for malloc or swap backed
4255.Xr md 4
4256devices or a
4257.Fl f Ar file
4258for vnode backed
4259.Xr md 4
4260devices.
4261Note that
4262.Va mdconfig_md Ns Aq Ar X
4263variables are evaluated until one variable is unset or null.
4264.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4265.Pq Vt str
4266Optional arguments passed to
4267.Xr newfs 8
4268to initialize
4269.Xr md 4
4270device
4271.Ar X .
4272.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4273.Pq Vt str
4274An ownership specification passed to
4275.Xr chown 8
4276after the specified
4277.Xr md 4
4278device
4279.Ar X
4280has been mounted.
4281Both the
4282.Xr md 4
4283device and the mount point will be changed.
4284.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4285.Pq Vt str
4286A mode string passed to
4287.Xr chmod 1
4288after the specified
4289.Xr md 4
4290device
4291.Ar X
4292has been mounted.
4293Both the
4294.Xr md 4
4295device and the mount point will be changed.
4296.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4297.Pq Vt str
4298Files to be copied to the mount point of the
4299.Xr md 4
4300device
4301.Ar X
4302after it has been mounted.
4303.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4304.Pq Vt str
4305Command to execute after the specified
4306.Xr md 4
4307device
4308.Ar X
4309has been mounted.
4310Note that the command is passed to
4311.Ic eval
4312and that both
4313.Va _dev
4314and
4315.Va _mp
4316variables can be used to reference respectively the
4317.Xr md 4
4318device and the mount point.
4319Assuming that the
4320.Xr md 4
4321device is
4322.Li md0 ,
4323one could set the following:
4324.Bd -literal
4325mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4326.Ed
4327.It Va autobridge_interfaces
4328.Pq Vt str
4329Set to the list of bridge interfaces that will have newly arriving interfaces
4330checked against to be automatically added.
4331If not set to
4332.Dq Li NO
4333then for each whitespace separated
4334.Ar element
4335in the value, a
4336.Va autobridge_ Ns Aq Ar element
4337variable is assumed to exist which has a whitespace separated list of interface
4338names to match, these names can use wildcards.
4339For example:
4340.Bd -literal
4341autobridge_interfaces="bridge0"
4342autobridge_bridge0="tap* dc0 vlan[345]"
4343.Ed
4344.It Va mixer_enable
4345.Pq Vt bool
4346If set to
4347.Dq Li YES ,
4348enable support for sound mixer.
4349.It Va hcsecd_enable
4350.Pq Vt bool
4351If set to
4352.Dq Li YES ,
4353enable Bluetooth security daemon.
4354.It Va hcsecd_config
4355.Pq Vt str
4356Configuration file for
4357.Xr hcsecd 8 .
4358Default
4359.Pa /etc/bluetooth/hcsecd.conf .
4360.It Va sdpd_enable
4361.Pq Vt bool
4362If set to
4363.Dq Li YES ,
4364enable Bluetooth Service Discovery Protocol daemon.
4365.It Va sdpd_control
4366.Pq Vt str
4367Path to
4368.Xr sdpd 8
4369control socket.
4370Default
4371.Pa /var/run/sdp .
4372.It Va sdpd_groupname
4373.Pq Vt str
4374Sets
4375.Xr sdpd 8
4376group to run as after it initializes.
4377Default
4378.Dq Li nobody .
4379.It Va sdpd_username
4380.Pq Vt str
4381Sets
4382.Xr sdpd 8
4383user to run as after it initializes.
4384Default
4385.Dq Li nobody .
4386.It Va bthidd_enable
4387.Pq Vt bool
4388If set to
4389.Dq Li YES ,
4390enable Bluetooth Human Interface Device daemon.
4391.It Va bthidd_config
4392.Pq Vt str
4393Configuration file for
4394.Xr bthidd 8 .
4395Default
4396.Pa /etc/bluetooth/bthidd.conf .
4397.It Va bthidd_hids
4398.Pq Vt str
4399Path to a file, where
4400.Xr bthidd 8
4401will store information about known HID devices.
4402Default
4403.Pa /var/db/bthidd.hids .
4404.It Va rfcomm_pppd_server_enable
4405.Pq Vt bool
4406If set to
4407.Dq Li YES ,
4408enable Bluetooth RFCOMM PPP wrapper daemon.
4409.It Va rfcomm_pppd_server_profile
4410.Pq Vt str
4411The name of the profile to use from
4412.Pa /etc/ppp/ppp.conf .
4413Multiple profiles can be specified here.
4414Also used to specify per-profile overrides.
4415When the profile name contains any of the characters
4416.Dq Li .-/+
4417they are translated to
4418.Dq Li _
4419for the proposes of the override variable names.
4420.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4421.Pq Vt str
4422Overrides local address to listen on.
4423By default
4424.Xr rfcomm_pppd 8
4425will listen on
4426.Dq Li ANY
4427address.
4428The address can be specified as BD_ADDR or name.
4429.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4430.Pq Vt str
4431Overrides local RFCOMM channel to listen on.
4432By default
4433.Xr rfcomm_pppd 8
4434will listen on RFCOMM channel 1.
4435Must set properly if multiple profiles used in the same time.
4436.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4437.Pq Vt bool
4438Tells
4439.Xr rfcomm_pppd 8
4440if it should register Serial Port service on the specified RFCOMM channel.
4441Default
4442.Dq Li NO .
4443.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4444.Pq Vt bool
4445Tells
4446.Xr rfcomm_pppd 8
4447if it should register Dial-Up Networking service on the specified
4448RFCOMM channel.
4449Default
4450.Dq Li NO .
4451.It Va ubthidhci_enable
4452.Pq Vt bool
4453If set to
4454.Dq Li YES ,
4455change the USB Bluetooth controller from HID mode to HCI mode.
4456You also need to specify the location of USB Bluetooth controller with the
4457.Va ubthidhci_busnum
4458and
4459.Va ubthidhci_addr
4460variables.
4461.It Va ubthidhci_busnum
4462Bus number where the USB Bluetooth controller is located.
4463Check the output of
4464.Xr usbconfig 8
4465on your system to find this information.
4466.It Va ubthidhci_addr
4467Bus address of the USB Bluetooth controller.
4468Check the output of
4469.Xr usbconfig 8
4470on your system to find this information.
4471.It Va netwait_enable
4472.Pq Vt bool
4473If set to
4474.Dq Li YES ,
4475delays the start of network-reliant services until
4476.Va netwait_if
4477is up and ICMP packets to a destination defined in
4478.Va netwait_ip
4479are flowing.
4480Link state is examined first, followed by
4481.Dq Li pinging
4482an IP address to verify network usability.
4483If no destination can be reached or timeouts are exceeded,
4484network services are started anyway with no guarantee that
4485the network is usable.
4486Use of this variable requires both
4487.Va netwait_ip
4488and
4489.Va netwait_if
4490to be set.
4491.It Va netwait_ip
4492.Pq Vt str
4493Empty by default.
4494This variable contains a space-delimited list of IP addresses to
4495.Xr ping 8 .
4496DNS hostnames should not be used as resolution is not guaranteed
4497to be functional at this point.
4498If multiple IP addresses are specified,
4499each will be tried until one is successful or the list is exhausted.
4500.It Va netwait_timeout
4501.Pq Vt int
4502Indicates the total number of seconds to perform a
4503.Dq Li ping
4504against each IP address in
4505.Va netwait_ip ,
4506at a rate of one ping per second.
4507If any of the pings are successful,
4508full network connectivity is considered reliable.
4509The default is 60.
4510.It Va netwait_if
4511.Pq Vt str
4512Empty by default.
4513Defines the name of the network interface on which watch for link.
4514.Xr ifconfig 8
4515is used to monitor the interface, looking for
4516.Dq Li status: no carrier .
4517Once gone, the link is considered up.
4518This can be a
4519.Xr vlan 4
4520interface if desired.
4521.It Va netwait_if_timeout
4522.Pq Vt int
4523Defines the total number of seconds to wait for link to become usable,
4524polled at a 1-second interval.
4525The default is 30.
4526.It Va rctl_enable
4527.Pq Vt bool
4528If set to
4529.Dq Li YES ,
4530load
4531.Xr rctl 8
4532rules from the defined ruleset.
4533The kernel must be built with
4534.Cd "options RACCT"
4535and
4536.Cd "options RCTL" .
4537.It Va rctl_rules
4538.Pq Vt str
4539Set to
4540.Pa /etc/rctl.conf
4541by default.
4542This variables contains the
4543.Xr rctl.conf 5
4544ruleset to load for
4545.Xr rctl 8 .
4546.It Va iovctl_files
4547.Pq Vt str
4548A space-separated list of configuration files used by
4549.Xr iovctl 8 .
4550The default value is an empty string.
4551.It Va autofs_enable
4552.Pq Vt bool
4553If set to
4554.Dq Li YES ,
4555start the
4556.Xr automount 8
4557utility and the
4558.Xr automountd 8
4559and
4560.Xr autounmountd 8
4561daemons at boot time.
4562.It Va automount_flags
4563.Pq Vt str
4564If
4565.Va autofs_enable
4566is set to
4567.Dq Li YES ,
4568these are the flags to pass to the
4569.Xr automount 8
4570program.
4571By default no flags are passed.
4572.It Va automountd_flags
4573.Pq Vt str
4574If
4575.Va autofs_enable
4576is set to
4577.Dq Li YES ,
4578these are the flags to pass to the
4579.Xr automountd 8
4580daemon.
4581By default no flags are passed.
4582.It Va autounmountd_flags
4583.Pq Vt str
4584If
4585.Va autofs_enable
4586is set to
4587.Dq Li YES ,
4588these are the flags to pass to the
4589.Xr autounmountd 8
4590daemon.
4591By default no flags are passed.
4592.It Va ctld_enable
4593.Pq Vt bool
4594If set to
4595.Dq Li YES ,
4596start the
4597.Xr ctld 8
4598daemon at boot time.
4599.It Va iscsid_enable
4600.Pq Vt bool
4601If set to
4602.Dq Li YES ,
4603start the
4604.Xr iscsid 8
4605daemon at boot time.
4606.It Va iscsictl_enable
4607.Pq Vt bool
4608If set to
4609.Dq Li YES ,
4610start the
4611.Xr iscsictl 8
4612utility at boot time.
4613.It Va iscsictl_flags
4614.Pq Vt str
4615If
4616.Va iscsictl_enable
4617is set to
4618.Dq Li YES ,
4619these are the flags to pass to the
4620.Xr iscsictl 8
4621program.
4622The default is
4623.Dq Li -Aa ,
4624which configures sessions based on the
4625.Pa /etc/iscsi.conf
4626configuration file.
4627.It Va cfumass_enable
4628.Pq Vt bool
4629If set to
4630.Dq Li YES ,
4631create and export an USB LUN using
4632.Xr cfumass 4
4633at boot time.
4634.It Va cfumass_dir
4635.Pq Vt str
4636The directory where the files exported by USB LUN are located.
4637The default directory is
4638.Pa /var/cfumass .
4639.It Va service_delete_empty
4640.Pq Vt bool
4641If set to
4642.Dq Li YES ,
4643.Ql Li service delete
4644removes empty
4645.Dq Li rc.conf.d
4646files.
4647.It Va zfs_bootonce_activate
4648.Pq Vt bool
4649If set to
4650.Dq Li YES ,
4651and a boot environment marked bootonce is successfully booted,
4652it will be made permanently active.
4653.It Va zfskeys_enable
4654.Pq Vt bool
4655If set to
4656.Dq Li YES ,
4657enable auto-loading of encryption keys for encrypted ZFS datasets.
4658For every dataset the script will first load the appropriate encryption key
4659and then attempt to unlock the dataset.
4660.Pp
4661The script operates only on datasets which are encrypted with
4662ZFS native encryption
4663and have a ZFS
4664.Dq Li keylocation
4665dataset property beginning with
4666.Dq Li file:// .
4667.It Va zfskeys_datasets
4668.Pq Vt str
4669A whitespace-separated list of ZFS datasets to unlock.
4670The list is empty by default,
4671which means that the script will attempt to unlock all datasets.
4672.It Va zfskeys_timeout
4673.Pq Vt int
4674Define the total number of seconds to wait for the zfskeys script
4675to unlock an encrypted dataset.
4676The default is 10.
4677.El
4678.Sh FILES
4679.Bl -tag -width "/etc/defaults/rc.conf" -compact
4680.It Pa /etc/defaults/rc.conf
4681.It Pa /etc/defaults/vendor.conf
4682.It Pa /etc/rc.conf
4683.It Pa /etc/rc.conf.local
4684.It Pa /etc/rc.conf.d/
4685.El
4686.Sh SEE ALSO
4687.Xr chmod 1 ,
4688.Xr gdb 1 ,
4689.Xr info 1 ,
4690.Xr kbdcontrol 1 ,
4691.Xr limits 1 ,
4692.Xr protect 1 ,
4693.Xr sh 1 ,
4694.Xr vi 1 ,
4695.Xr vidcontrol 1 ,
4696.Xr bridge 4 ,
4697.Xr dummynet 4 ,
4698.Xr ip 4 ,
4699.Xr ipf 4 ,
4700.Xr ipfw 4 ,
4701.Xr ipnat 4 ,
4702.Xr kld 4 ,
4703.Xr pf 4 ,
4704.Xr pflog 4 ,
4705.Xr pfsync 4 ,
4706.Xr tcp 4 ,
4707.Xr udp 4 ,
4708.Xr exports 5 ,
4709.Xr fstab 5 ,
4710.Xr ipf 5 ,
4711.Xr ipnat 5 ,
4712.Xr jail.conf 5 ,
4713.Xr loader.conf 5 ,
4714.Xr login.conf 5 ,
4715.Xr motd 5 ,
4716.Xr newsyslog.conf 5 ,
4717.Xr pf.conf 5 ,
4718.Xr firewall 7 ,
4719.Xr growfs 7 ,
4720.Xr security 7 ,
4721.Xr tuning 7 ,
4722.Xr accton 8 ,
4723.Xr apm 8 ,
4724.Xr bsdinstall 8 ,
4725.Xr bthidd 8 ,
4726.Xr chkprintcap 8 ,
4727.Xr chown 8 ,
4728.Xr cron 8 ,
4729.Xr devfs 8 ,
4730.Xr dhclient 8 ,
4731.Xr ftpd 8 ,
4732.Xr geli 8 ,
4733.Xr hcsecd 8 ,
4734.Xr ifconfig 8 ,
4735.Xr inetd 8 ,
4736.Xr iovctl 8 ,
4737.Xr ipf 8 ,
4738.Xr ipfw 8 ,
4739.Xr ipnat 8 ,
4740.Xr jail 8 ,
4741.Xr kldxref 8 ,
4742.Xr loader 8 ,
4743.Xr lpd 8 ,
4744.Xr makewhatis 8 ,
4745.Xr mdconfig 8 ,
4746.Xr mdmfs 8 ,
4747.Xr mixer 8 ,
4748.Xr mountd 8 ,
4749.Xr moused 8 ,
4750.Xr newfs 8 ,
4751.Xr newsyslog 8 ,
4752.Xr nfsd 8 ,
4753.Xr ntpd 8 ,
4754.Xr ntpdate 8 ,
4755.Xr pfctl 8 ,
4756.Xr pflogd 8 ,
4757.Xr ping 8 ,
4758.Xr powerd 8 ,
4759.Xr quotacheck 8 ,
4760.Xr quotaon 8 ,
4761.Xr rc 8 ,
4762.Xr rc.sendmail 8 ,
4763.Xr rc.subr 8 ,
4764.Xr rcorder 8 ,
4765.Xr rfcomm_pppd 8 ,
4766.Xr route 8 ,
4767.Xr routed 8 ,
4768.Xr rpc.lockd 8 ,
4769.Xr rpc.statd 8 ,
4770.Xr rpc.tlsclntd 8 ,
4771.Xr rpc.tlsservd 8 ,
4772.Xr rpcbind 8 ,
4773.Xr rwhod 8 ,
4774.Xr savecore 8 ,
4775.Xr sdpd 8 ,
4776.Xr service 8 ,
4777.Xr sshd 8 ,
4778.Xr swapon 8 ,
4779.Xr sysctl 8 ,
4780.Xr syslogd 8 ,
4781.Xr sysrc 8 ,
4782.Xr unbound 8 ,
4783.Xr usbconfig 8 ,
4784.Xr wlandebug 8 ,
4785.Xr yp 8 ,
4786.Xr ypbind 8 ,
4787.Xr ypserv 8 ,
4788.Xr ypset 8
4789.Sh HISTORY
4790The
4791.Nm
4792file appeared in
4793.Fx 2.2.2 .
4794.Sh AUTHORS
4795.An Jordan K. Hubbard .
4796