1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd May 18, 2019 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67The sysrc(8) command provides a scripting interface to modify system 68config files. 69.Pp 70In addition to 71.Pa /etc/rc.conf.local 72you can also place smaller configuration files for each 73.Xr rc 8 74script in the 75.Pa /etc/rc.conf.d 76directory or 77.Ao Ar dir Ac Ns Pa /rc.conf.d 78directories specified in 79.Va local_startup , 80which will be included by the 81.Va load_rc_config 82function. 83For jail configurations you could use the file 84.Pa /etc/rc.conf.d/jail 85to store jail specific configuration options. 86If 87.Va local_startup 88contains 89.Pa /usr/local/etc/rc.d 90and 91.Pa /opt/conf , 92.Pa /usr/local/rc.conf.d/jail 93and 94.Pa /opt/conf/rc.conf.d/jail 95will be loaded. 96If 97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 98is a directory, 99all of files in the directory will be loaded. 100Also see the 101.Va rc_conf_files 102variable below. 103.Pp 104Options are set with 105.Dq Ar name Ns Li = Ns Ar value 106assignments that use 107.Xr sh 1 108syntax. 109The following list provides a name and short description for each 110variable that can be set in the 111.Nm 112file: 113.Bl -tag -width indent-two 114.It Va rc_debug 115.Pq Vt bool 116If set to 117.Dq Li YES , 118enable output of debug messages from rc scripts. 119This variable can be helpful in diagnosing mistakes when 120editing or integrating new scripts. 121Beware that this produces copious output to the terminal and 122.Xr syslog 3 . 123.It Va rc_info 124.Pq Vt bool 125If set to 126.Dq Li NO , 127disable informational messages from the rc scripts. 128Informational messages are displayed when 129a condition that is not serious enough to warrant a warning or 130an error occurs. 131.It Va rc_startmsgs 132.Pq Vt bool 133If set to 134.Dq Li YES , 135show 136.Dq Starting foo: 137when faststart is used (e.g., at boot time). 138.It Va early_late_divider 139.Pq Vt str 140The name of the script that should be used as the 141delimiter between the 142.Dq early 143and 144.Dq late 145stages of the boot process. 146The early stage should contain all the services needed to 147get the disks (local or remote) mounted so that the late 148stage can include scripts contained in the directories 149listed in the 150.Va local_startup 151variable (see below). 152Thus, the two likely candidates for this value are 153.Pa mountcritlocal 154for the typical system, and 155.Pa mountcritremote 156if the system needs remote file 157systems mounted to get access to the 158.Va local_startup 159directories; for example when 160.Pa /usr/local 161is NFS mounted. 162For 163.Pa rc.conf 164within a 165.Xr jail 8 166.Pa NETWORKING 167is likely to be an appropriate value. 168Extreme care should be taken when changing this value, 169and before changing it one should ensure that there are 170adequate provisions to recover from a failed boot 171(such as physical contact with the machine, 172or reliable remote console access). 173.It Va always_force_depends 174.Pq Vt bool 175Various 176.Pa rc.d 177scripts use the force_depend function to check whether required 178services are already running, and to start them if necessary. 179By default during boot time this check is bypassed if the 180required service is enabled in 181.Pa /etc/rc.conf[.local] . 182Setting this option will bypass that check at boot time and 183always test whether or not the service is actually running. 184Enabling this option is likely to increase your boot time if 185services are enabled that utilize the force_depend check. 186.It Ao Ar name Ac Ns Va _chroot 187.Pq Vt str 188.Xr chroot 8 189to this directory before running the service. 190.It Ao Ar name Ac Ns Va _user 191.Pq Vt str 192Run the service under this user account. 193.It Ao Ar name Ac Ns Va _group 194.Pq Vt str 195Run the chrooted service under this system group. 196Unlike the _user 197setting, this setting has no effect if the service is not chrooted. 198.It Ao Ar name Ac Ns Va _fib 199.Pq Vt int 200The 201.Xr setfib 1 202value to run the service under. 203.It Ao Ar name Ac Ns Va _nice 204.Pq Vt int 205The 206.Xr nice 1 207value to run the service under. 208.It Va apm_enable 209.Pq Vt bool 210If set to 211.Dq Li YES , 212enable support for Automatic Power Management with 213the 214.Xr apm 8 215command. 216.It Va apmd_enable 217.Pq Vt bool 218Run 219.Xr apmd 8 220to handle APM event from userland. 221This also enables support for APM. 222.It Va apmd_flags 223.Pq Vt str 224If 225.Va apmd_enable 226is set to 227.Dq Li YES , 228these are the flags to pass to the 229.Xr apmd 8 230daemon. 231.It Va devd_enable 232.Pq Vt bool 233Run 234.Xr devd 8 235to handle device added, removed or unknown events from the kernel. 236.It Va ddb_enable 237.Pq Vt bool 238Run 239.Xr ddb 8 240to install 241.Xr ddb 4 242scripts at boot time. 243.It Va ddb_config 244.Pq Vt str 245Configuration file for 246.Xr ddb 8 . 247Default 248.Pa /etc/ddb.conf . 249.It Va kld_list 250.Pq Vt str 251A whitespace-separated list of kernel modules to load right after 252the local disks are mounted, without any 253.Pa .ko 254extension or path. 255Loading modules at this point in the boot process is 256much faster than doing it via 257.Pa /boot/loader.conf 258for those modules not necessary for mounting local disks. 259.It Va kldxref_enable 260.Pq Vt bool 261Set to 262.Dq Li NO 263by default. 264Set to 265.Dq Li YES 266to automatically rebuild 267.Pa linker.hints 268files with 269.Xr kldxref 8 270at boot time. 271.It Va kldxref_clobber 272.Pq Vt bool 273Set to 274.Dq Li NO 275by default. 276If 277.Va kldxref_enable 278is true, 279setting to 280.Dq Li YES 281will overwrite existing 282.Pa linker.hints 283files at boot time. 284Otherwise, 285only missing 286.Pa linker.hints 287files are generated. 288.It Va kldxref_module_path 289.Pq Vt str 290Empty by default. 291A semi-colon 292.Pq Ql \&; 293delimited list of paths containing 294.Xr kld 4 295modules. 296If empty, 297the contents of the 298.Va kern.module_path 299.Xr sysctl 8 300are used. 301.It Va powerd_enable 302.Pq Vt bool 303If set to 304.Dq Li YES , 305enable the system power control facility with the 306.Xr powerd 8 307daemon. 308.It Va powerd_flags 309.Pq Vt str 310If 311.Va powerd_enable 312is set to 313.Dq Li YES , 314these are the flags to pass to the 315.Xr powerd 8 316daemon. 317.It Va tmpmfs 318Controls the creation of a 319.Pa /tmp 320memory file system. 321Always happens if set to 322.Dq Li YES 323and never happens if set to 324.Dq Li NO . 325If set to anything else, a memory file system is created if 326.Pa /tmp 327is not writable. 328.It Va tmpsize 329Controls the size of a created 330.Pa /tmp 331memory file system. 332.It Va tmpmfs_flags 333Extra options passed to the 334.Xr mdmfs 8 335utility when the memory file system for 336.Pa /tmp 337is created. 338The default is 339.Dq Li "-S" , 340which inhibits the use of softupdates on 341.Pa /tmp 342so that file system space is freed without delay 343after file truncation or deletion. 344See 345.Xr mdmfs 8 346for other options you can use in 347.Va tmpmfs_flags . 348.It Va varmfs 349Controls the creation of a 350.Pa /var 351memory file system. 352Always happens if set to 353.Dq Li YES 354and never happens if set to 355.Dq Li NO . 356If set to anything else, a memory file system is created if 357.Pa /var 358is not writable. 359.It Va varsize 360Controls the size of a created 361.Pa /var 362memory file system. 363.It Va varmfs_flags 364Extra options passed to the 365.Xr mdmfs 8 366utility when the memory file system for 367.Pa /var 368is created. 369The default is 370.Dq Li "-S" , 371which inhibits the use of softupdates on 372.Pa /var 373so that file system space is freed without delay 374after file truncation or deletion. 375See 376.Xr mdmfs 8 377for other options you can use in 378.Va varmfs_flags . 379.It Va populate_var 380Controls the automatic population of the 381.Pa /var 382file system. 383Always happens if set to 384.Dq Li YES 385and never happens if set to 386.Dq Li NO . 387If set to anything else, a memory file system is created if 388.Pa /var 389is not writable. 390Note that this process requires access to certain commands in 391.Pa /usr 392before 393.Pa /usr 394is mounted on normal systems. 395.It Va cleanvar_enable 396.Pq Vt bool 397Clean the 398.Pa /var 399directory. 400.It Va local_startup 401.Pq Vt str 402List of directories to search for startup script files. 403.It Va script_name_sep 404.Pq Vt str 405The field separator to use for breaking down the list of startup script files 406into individual filenames. 407The default is a space. 408It is not necessary to change this unless there are startup scripts with names 409containing spaces. 410.It Va hostapd_enable 411.Pq Vt bool 412Set to 413.Dq Li YES 414to start 415.Xr hostapd 8 416at system boot time. 417.It Va hostname 418.Pq Vt str 419The fully qualified domain name (FQDN) of this host on the network. 420This should almost certainly be set to something meaningful, even if 421there is no network connection. 422If 423.Xr dhclient 8 424is used to set the hostname via DHCP, 425this variable should be set to an empty string. 426Within a 427.Xr jail 8 428the hostname is generally already set and this variable may absent. 429If this value remains unset when the system is done booting 430your console login will display the default hostname of 431.Dq Amnesiac . 432.It Va nisdomainname 433.Pq Vt str 434The NIS domain name of this host, or 435.Dq Li NO 436if NIS is not used. 437.It Va dhclient_program 438.Pq Vt str 439Path to the DHCP client program 440.Pa ( /sbin/dhclient , 441the 442.Ox 443DHCP client, 444is the default). 445.It Va dhclient_flags 446.Pq Vt str 447Additional flags to pass to the DHCP client program. 448For the 449.Ox 450DHCP client, see the 451.Xr dhclient 8 452manpage for a description of the command line options available. 453.It Va dhclient_flags_ Ns Aq Ar iface 454Additional flags to pass to the DHCP client program running on 455.Ar iface 456only. 457When specified, this variable overrides 458.Va dhclient_flags . 459.It Va background_dhclient 460.Pq Vt bool 461Set to 462.Dq Li YES 463to start the DHCP client in background. 464This can cause trouble with applications depending on 465a working network, but it will provide a faster startup 466in many cases. 467.It Va background_dhclient_ Ns Aq Ar iface 468When specified, this variable overrides the 469.Va background_dhclient 470variable for interface 471.Ar iface 472only. 473.It Va synchronous_dhclient 474.Pq Vt bool 475Set to 476.Dq Li YES 477to start 478.Xr dhclient 8 479synchronously at startup. 480This behavior can be overridden on a per-interface basis by replacing 481the 482.Dq Li DHCP 483keyword in the 484.Va ifconfig_ Ns Aq Ar interface 485variable with 486.Dq Li SYNCDHCP 487or 488.Dq Li NOSYNCDHCP . 489.It Va defaultroute_delay 490.Pq Vt int 491When set to a positive value, wait up to this long after configuring 492DHCP interfaces at startup to give the interfaces time to receive a lease. 493.It Va firewall_enable 494.Pq Vt bool 495Set to 496.Dq Li YES 497to load firewall rules at startup. 498If the kernel was not built with 499.Cd "options IPFIREWALL" , 500the 501.Pa ipfw.ko 502kernel module will be loaded. 503See also 504.Va ipfilter_enable . 505.It Va firewall_script 506.Pq Vt str 507This variable specifies the full path to the firewall script to run. 508The default is 509.Pa /etc/rc.firewall . 510.It Va firewall_type 511.Pq Vt str 512Names the firewall type from the selection in 513.Pa /etc/rc.firewall , 514or the file which contains the local firewall ruleset. 515Valid selections from 516.Pa /etc/rc.firewall 517are: 518.Pp 519.Bl -tag -width ".Li simple" -compact 520.It Li open 521unrestricted IP access 522.It Li closed 523all IP services disabled, except via 524.Dq Li lo0 525.It Li client 526basic protection for a workstation 527.It Li simple 528basic protection for a LAN. 529.El 530.Pp 531If a filename is specified, the full path 532must be given. 533.It Va firewall_quiet 534.Pq Vt bool 535Set to 536.Dq Li YES 537to disable the display of firewall rules on the console during boot. 538.It Va firewall_logging 539.Pq Vt bool 540Set to 541.Dq Li YES 542to enable firewall event logging. 543This is equivalent to the 544.Dv IPFIREWALL_VERBOSE 545kernel option. 546.It Va firewall_logif 547.Pq Vt bool 548Set to 549.Dq Li YES 550to create pseudo interface 551.Li ipfw0 552for logging. 553For more details, see 554.Xr ipfw 8 555manual page. 556.It Va firewall_flags 557.Pq Vt str 558Flags passed to 559.Xr ipfw 8 560if 561.Va firewall_type 562specifies a filename. 563.It Va firewall_coscripts 564.Pq Vt str 565List of executables and/or rc scripts to run after firewall starts/stops. 566Default is empty. 567.\" ----- firewall_nat_enable setting -------------------------------- 568.It Va firewall_nat_enable 569.Pq Vt bool 570The 571.Xr ipfw 8 572equivalent of 573.Va natd_enable . 574Setting this to 575.Dq Li YES 576will automatically load the 577.Xr ipfw 8 578NAT kernel module if 579.Va firewall_enable 580is also set to 581.Dq Li YES . 582.It Va firewall_nat_interface 583.Pq Vt str 584The 585.Xr ipfw 8 586equivalent of 587.Va natd_interface . 588This is the name of the public interface or IP address on which 589kernel NAT should run. 590.It Va firewall_nat_flags 591.Pq Vt str 592Additional configuration parameters for kernel NAT should be placed here. 593.It Va firewall_nat64_enable 594.Pq Vt bool 595Setting this to 596.Dq Li YES 597will automatically load the 598.Xr ipfw 8 599NAT64 kernel module if 600.Va firewall_enable 601is also set to 602.Dq Li YES . 603.It Va firewall_nptv6_enable 604.Pq Vt bool 605Setting this to 606.Dq Li YES 607will automatically load the 608.Xr ipfw 8 609NPTv6 kernel module if 610.Va firewall_enable 611is also set to 612.Dq Li YES . 613.It Va firewall_pmod_enable 614.Pq Vt bool 615Setting this to 616.Dq Li YES 617will automatically load the 618.Xr ipfw 8 619pmod kernel module if 620.Va firewall_enable 621is also set to 622.Dq Li YES . 623.It Va dummynet_enable 624.Pq Vt bool 625Setting this to 626.Dq Li YES 627will automatically load the 628.Xr dummynet 4 629module if 630.Va firewall_enable 631is also set to 632.Dq Li YES . 633.\" ------------------------------------------------------------------- 634.It Va ipfw_netflow_enable 635.Pq Vt bool 636Setting this to 637.Dq Li YES 638will enable netflow logging via 639.Xr ng_netflow 4 640.Pp 641By default a ipfw rule is inserted and all packets are duplicated with 642the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 643port using protocol version 5. 644.It Va ipfw_netflow_hook 645.Pq Vt int 646netflow hook name, must be numerical 647(default 648.Pa 9995 ) . 649.It Va ipfw_netflow_rule 650.Pq Vt int 651ipfw rule number 652(default 653.Pa 1000 ) . 654.It Va ipfw_netflow_ip 655.Pq Vt str 656Destination server ip for receiving netflow data 657(default 658.Pa 127.0.0.1 ) . 659.It Va ipfw_netflow_port 660.Pq Vt int 661Destination server port for receiving netflow data 662(default 663.Pa 9995 ) . 664.It Va ipfw_netflow_version 665.Pq Vt int 666Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 667.It Va ipfw_netflow_fib 668.Pq Vt int 669Only match packet in FIB 670.Pa ipfw_netflow_fib 671(default is undefined meaning all FIBs). 672.It Va natd_program 673.Pq Vt str 674Path to 675.Xr natd 8 . 676.It Va natd_enable 677.Pq Vt bool 678Set to 679.Dq Li YES 680to enable 681.Xr natd 8 . 682.Va firewall_enable 683must also be set to 684.Dq Li YES , 685and 686.Xr divert 4 687sockets must be enabled in the kernel. 688If the kernel was not built with 689.Cd "options IPDIVERT" , 690the 691.Pa ipdivert.ko 692kernel module will be loaded. 693.It Va natd_interface 694.Pq Vt str 695This is the name of the public interface on which 696.Xr natd 8 697should run. 698The interface may be given as an interface name or as an IP address. 699.It Va natd_flags 700.Pq Vt str 701Additional 702.Xr natd 8 703flags should be placed here. 704The 705.Fl n 706or 707.Fl a 708flag is automatically added with the above 709.Va natd_interface 710as an argument. 711.\" ----- ipfilter_enable setting -------------------------------- 712.It Va ipfilter_enable 713.Pq Vt bool 714Set to 715.Dq Li NO 716by default. 717Setting this to 718.Dq Li YES 719enables 720.Xr ipf 8 721packet filtering. 722.Pp 723Typical usage will require putting 724.Bd -literal 725ipfilter_enable="YES" 726ipnat_enable="YES" 727ipmon_enable="YES" 728ipfs_enable="YES" 729.Ed 730.Pp 731into 732.Pa /etc/rc.conf 733and editing 734.Pa /etc/ipf.rules 735and 736.Pa /etc/ipnat.rules 737appropriately. 738.Pp 739Note that 740.Va ipfilter_enable 741and 742.Va ipnat_enable 743can be enabled independently. 744.Va ipmon_enable 745and 746.Va ipfs_enable 747both require at least one of 748.Va ipfilter_enable 749and 750.Va ipnat_enable 751to be enabled. 752.Pp 753Having 754.Bd -literal 755options IPFILTER 756options IPFILTER_LOG 757options IPFILTER_DEFAULT_BLOCK 758.Ed 759.Pp 760in the kernel configuration file is a good idea, too. 761.\" ----- ipfilter_program setting ------------------------------ 762.It Va ipfilter_program 763.Pq Vt str 764Path to 765.Xr ipf 8 766(default 767.Pa /sbin/ipf ) . 768.\" ----- ipfilter_rules setting -------------------------------- 769.It Va ipfilter_rules 770.Pq Vt str 771Set to 772.Pa /etc/ipf.rules 773by default. 774This variable contains the name of the filter rule definition file. 775The file is expected to be readable for the 776.Xr ipf 8 777command to execute. 778.\" ----- ipv6_ipfilter_rules setting --------------------------- 779.It Va ipv6_ipfilter_rules 780.Pq Vt str 781Set to 782.Pa /etc/ipf6.rules 783by default. 784This variable contains the IPv6 filter rule definition file. 785The file is expected to be readable for the 786.Xr ipf 8 787command to execute. 788.\" ----- ipfilter_flags setting -------------------------------- 789.It Va ipfilter_flags 790.Pq Vt str 791Empty by default. 792This variable contains flags passed to the 793.Xr ipf 8 794program. 795.\" ----- ipnat_enable setting ---------------------------------- 796.It Va ipnat_enable 797.Pq Vt bool 798Set to 799.Dq Li NO 800by default. 801Set it to 802.Dq Li YES 803to enable 804.Xr ipnat 8 805network address translation. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809.\" ----- ipnat_program setting --------------------------------- 810.It Va ipnat_program 811.Pq Vt str 812Path to 813.Xr ipnat 8 814(default 815.Pa /sbin/ipnat ) . 816.\" ----- ipnat_rules setting ----------------------------------- 817.It Va ipnat_rules 818.Pq Vt str 819Set to 820.Pa /etc/ipnat.rules 821by default. 822This variable contains the name of the file 823holding the network address translation definition. 824This file is expected to be readable for the 825.Xr ipnat 8 826command to execute. 827.\" ----- ipnat_flags setting ----------------------------------- 828.It Va ipnat_flags 829.Pq Vt str 830Empty by default. 831This variable contains flags passed to the 832.Xr ipnat 8 833program. 834.\" ----- ipmon_enable setting ---------------------------------- 835.It Va ipmon_enable 836.Pq Vt bool 837Set to 838.Dq Li NO 839by default. 840Set it to 841.Dq Li YES 842to enable 843.Xr ipmon 8 844monitoring (logging 845.Xr ipf 8 846and 847.Xr ipnat 8 848events). 849Setting this variable needs setting 850.Va ipfilter_enable 851or 852.Va ipnat_enable 853too. 854See 855.Va ipfilter_enable 856for a detailed discussion. 857.\" ----- ipmon_program setting --------------------------------- 858.It Va ipmon_program 859.Pq Vt str 860Path to 861.Xr ipmon 8 862(default 863.Pa /sbin/ipmon ) . 864.\" ----- ipmon_flags setting ----------------------------------- 865.It Va ipmon_flags 866.Pq Vt str 867Set to 868.Dq Li -Ds 869by default. 870This variable contains flags passed to the 871.Xr ipmon 8 872program. 873Another typical example would be 874.Dq Fl D Pa /var/log/ipflog 875to have 876.Xr ipmon 8 877log directly to a file bypassing 878.Xr syslogd 8 . 879Make sure to adjust 880.Pa /etc/newsyslog.conf 881in such case like this: 882.Bd -literal 883/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 884.Ed 885.\" ----- ipfs_enable setting ----------------------------------- 886.It Va ipfs_enable 887.Pq Vt bool 888Set to 889.Dq Li NO 890by default. 891Set it to 892.Dq Li YES 893to enable 894.Xr ipfs 8 895saving the filter and NAT state tables during shutdown 896and reloading them during startup again. 897Setting this variable needs setting 898.Va ipfilter_enable 899or 900.Va ipnat_enable 901to 902.Dq Li YES 903too. 904See 905.Va ipfilter_enable 906for a detailed discussion. 907Note that if 908.Va kern_securelevel 909is set to 3, 910.Va ipfs_enable 911cannot be used 912because the raised securelevel will prevent 913.Xr ipfs 8 914from saving the state tables at shutdown time. 915.\" ----- ipfs_program setting ---------------------------------- 916.It Va ipfs_program 917.Pq Vt str 918Path to 919.Xr ipfs 8 920(default 921.Pa /sbin/ipfs ) . 922.\" ----- ipfs_flags setting ------------------------------------ 923.It Va ipfs_flags 924.Pq Vt str 925Empty by default. 926This variable contains flags passed to the 927.Xr ipfs 8 928program. 929.\" ----- end of added ipf hook --------------------------------- 930.It Va pf_enable 931.Pq Vt bool 932Set to 933.Dq Li NO 934by default. 935Setting this to 936.Dq Li YES 937enables 938.Xr pf 4 939packet filtering. 940.Pp 941Typical usage will require putting 942.Pp 943.Dl pf_enable="YES" 944.Pp 945into 946.Pa /etc/rc.conf 947and editing 948.Pa /etc/pf.conf 949appropriately. 950Adding 951.Pp 952.Dl "device pf" 953.Pp 954builds support for 955.Xr pf 4 956into the kernel, otherwise the 957kernel module will be loaded. 958.It Va pf_rules 959.Pq Vt str 960Path to 961.Xr pf 4 962ruleset configuration file 963(default 964.Pa /etc/pf.conf ) . 965.It Va pf_program 966.Pq Vt str 967Path to 968.Xr pfctl 8 969(default 970.Pa /sbin/pfctl ) . 971.It Va pf_flags 972.Pq Vt str 973If 974.Va pf_enable 975is set to 976.Dq Li YES , 977these flags are passed to the 978.Xr pfctl 8 979program when loading the ruleset. 980.It Va pflog_enable 981.Pq Vt bool 982Set to 983.Dq Li NO 984by default. 985Setting this to 986.Dq Li YES 987enables 988.Xr pflogd 8 989which logs packets from the 990.Xr pf 4 991packet filter. 992.It Va pflog_logfile 993.Pq Vt str 994If 995.Va pflog_enable 996is set to 997.Dq Li YES 998this controls where 999.Xr pflogd 8 1000stores the logfile 1001(default 1002.Pa /var/log/pflog ) . 1003Check 1004.Pa /etc/newsyslog.conf 1005to adjust logfile rotation for this. 1006.It Va pflog_program 1007.Pq Vt str 1008Path to 1009.Xr pflogd 8 1010(default 1011.Pa /sbin/pflogd ) . 1012.It Va pflog_flags 1013.Pq Vt str 1014Empty by default. 1015This variable contains additional flags passed to the 1016.Xr pflogd 8 1017program. 1018.It Va pflog_instances 1019.Pq Vt str 1020If logging to more than one 1021.Xr pflog 4 1022interface is desired, 1023.Va pflog_instances 1024is set to the list of 1025.Xr pflogd 8 1026instances that should be started at system boot time. 1027If 1028.Va pflog_instances 1029is set, for each whitespace-separated 1030.Ar element 1031in the list, 1032.Ao Ar element Ac Ns Va _dev 1033and 1034.Ao Ar element Ac Ns Va _logfile 1035elements are assumed to exist. 1036.Ao Ar element Ac Ns Va _dev 1037must contain the 1038.Xr pflog 4 1039interface to be watched by the named 1040.Xr pflogd 8 1041instance. 1042.Ao Ar element Ac Ns Va _logfile 1043must contain the name of the logfile that will be used by the 1044.Xr pflogd 8 1045instance. 1046.It Va ftpproxy_enable 1047.Pq Vt bool 1048Set to 1049.Dq Li NO 1050by default. 1051Setting this to 1052.Dq Li YES 1053enables 1054.Xr ftp-proxy 8 1055which supports the 1056.Xr pf 4 1057packet filter in translating ftp connections. 1058.It Va ftpproxy_flags 1059.Pq Vt str 1060Empty by default. 1061This variable contains additional flags passed to the 1062.Xr ftp-proxy 8 1063program. 1064.It Va ftpproxy_instances 1065.Pq Vt str 1066Empty by default. 1067If multiple instances of 1068.Xr ftp-proxy 8 1069are desired at boot time, 1070.Va ftpproxy_instances 1071should contain a whitespace-separated list of instance names. 1072For each 1073.Ar element 1074in the list, a variable named 1075.Ao Ar element Ac Ns Va _flags 1076should be defined, containing the command-line flags to be passed to the 1077.Xr ftp-proxy 8 1078instance. 1079.It Va pfsync_enable 1080.Pq Vt bool 1081Set to 1082.Dq Li NO 1083by default. 1084Setting this to 1085.Dq Li YES 1086enables exposing 1087.Xr pf 4 1088state changes to other hosts over the network by means of 1089.Xr pfsync 4 . 1090The 1091.Va pfsync_syncdev 1092variable 1093must also be set then. 1094.It Va pfsync_syncdev 1095.Pq Vt str 1096Empty by default. 1097This variable specifies the name of the network interface 1098.Xr pfsync 4 1099should operate through. 1100It must be set accordingly if 1101.Va pfsync_enable 1102is set to 1103.Dq Li YES . 1104.It Va pfsync_syncpeer 1105.Pq Vt str 1106Empty by default. 1107This variable is optional. 1108By default, state change messages are sent out on the synchronisation 1109interface using IP multicast packets. 1110The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1111224.0.0.240. 1112When a peer address is specified using the 1113.Va pfsync_syncpeer 1114option, the peer address is used as a destination for the pfsync 1115traffic, and the traffic can then be protected using 1116.Xr ipsec 4 . 1117See the 1118.Xr pfsync 4 1119manpage for more details about using 1120.Xr ipsec 4 1121with 1122.Xr pfsync 4 1123interfaces. 1124.It Va pfsync_ifconfig 1125.Pq Vt str 1126Empty by default. 1127This variable can contain additional options to be passed to the 1128.Xr ifconfig 8 1129command used to set up 1130.Xr pfsync 4 . 1131.It Va tcp_extensions 1132.Pq Vt bool 1133Set to 1134.Dq Li YES 1135by default. 1136Setting this to 1137.Dq Li NO 1138disables certain TCP options as described by 1139.Rs 1140.%T "RFC 1323" 1141.Re 1142Setting this to 1143.Dq Li NO 1144might help remedy such problems with connections as randomly hanging 1145or other weird behavior. 1146Some network devices are known 1147to be broken with respect to these options. 1148.It Va log_in_vain 1149.Pq Vt int 1150Set to 0 by default. 1151The 1152.Xr sysctl 8 1153variables, 1154.Va net.inet.tcp.log_in_vain 1155and 1156.Va net.inet.udp.log_in_vain , 1157as described in 1158.Xr tcp 4 1159and 1160.Xr udp 4 , 1161are set to the given value. 1162.It Va tcp_keepalive 1163.Pq Vt bool 1164Set to 1165.Dq Li YES 1166by default. 1167Setting to 1168.Dq Li NO 1169will disable probing idle TCP connections to verify that the 1170peer is still up and reachable. 1171.It Va tcp_drop_synfin 1172.Pq Vt bool 1173Set to 1174.Dq Li NO 1175by default. 1176Setting to 1177.Dq Li YES 1178will cause the kernel to ignore TCP frames that have both 1179the SYN and FIN flags set. 1180This prevents OS fingerprinting, but may 1181break some legitimate applications. 1182.It Va icmp_drop_redirect 1183.Pq Vt bool 1184Set to 1185.Dq Li NO 1186by default. 1187Setting to 1188.Dq Li YES 1189will cause the kernel to ignore ICMP REDIRECT packets. 1190Refer to 1191.Xr icmp 4 1192for more information. 1193.It Va icmp_log_redirect 1194.Pq Vt bool 1195Set to 1196.Dq Li NO 1197by default. 1198Setting to 1199.Dq Li YES 1200will cause the kernel to log ICMP REDIRECT packets. 1201Note that 1202the log messages are not rate-limited, so this option should only be used 1203for troubleshooting networks. 1204Refer to 1205.Xr icmp 4 1206for more information. 1207.It Va icmp_bmcastecho 1208.Pq Vt bool 1209Set to 1210.Dq Li YES 1211to respond to broadcast or multicast ICMP ping packets. 1212Refer to 1213.Xr icmp 4 1214for more information. 1215.It Va ip_portrange_first 1216.Pq Vt int 1217If not set to 1218.Dq Li NO , 1219this is the first port in the default portrange. 1220Refer to 1221.Xr ip 4 1222for more information. 1223.It Va ip_portrange_last 1224.Pq Vt int 1225If not set to 1226.Dq Li NO , 1227this is the last port in the default portrange. 1228Refer to 1229.Xr ip 4 1230for more information. 1231.It Va network_interfaces 1232.Pq Vt str 1233Set to the list of network interfaces to configure on this host or 1234.Dq Li AUTO 1235(the default) for all current interfaces. 1236Setting the 1237.Va network_interfaces 1238variable to anything other than the default is deprecated. 1239Interfaces that the administrator wishes to store configuration for, 1240but not start at boot should be configured with the 1241.Dq Li NOAUTO 1242keyword in their 1243.Va ifconfig_ Ns Aq Ar interface 1244variables as described below. 1245.Pp 1246An 1247.Va ifconfig_ Ns Aq Ar interface 1248variable is also assumed to exist for each value of 1249.Ar interface . 1250When an interface name contains any of the characters 1251.Dq Li .-/+ 1252they are translated to 1253.Dq Li _ 1254before lookup. 1255The variable can contain arguments to 1256.Xr ifconfig 8 , 1257as well as special case-insensitive keywords described below. 1258Such keywords are removed before passing the value to 1259.Xr ifconfig 8 1260while the order of the other arguments is preserved. 1261.Pp 1262It is possible to add IP alias entries using 1263.Xr ifconfig 8 1264syntax with the address family keyword such as 1265.Li inet . 1266Assuming that the interface in question was 1267.Li em0 , 1268it might look something like this: 1269.Bd -literal 1270ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1271ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1272.Ed 1273.Pp 1274It also possible to configure multiple IP addresses in Classless 1275Inter-Domain Routing 1276.Pq CIDR 1277address notation, 1278whose each address component can be a range like 1279.Li inet 192.0.2.5-23/24 1280or 1281.Li inet6 2001:db8:1-f::1/64 . 1282This notation allows address and prefix length part only, 1283not the other address modifiers. 1284Note that the maximum number of the generated addresses from a range 1285specification is limited to an integer value specified in 1286.Va netif_ipexpand_max 1287in 1288.Nm 1289because a small typo can unexpectedly generate a large number of addresses. 1290The default value is 1291.Li 2048 . 1292It can be increased by adding the following line into 1293.Nm : 1294.Bd -literal 1295netif_ipexpand_max="4096" 1296.Ed 1297.Pp 1298In the case of 1299.Li 192.0.2.5-23/24 , 1300the address 192.0.2.5 will be configured with the 1301netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1302the non-conflicting netmask /32 as explained in the 1303.Xr ifconfig 8 1304alias section. 1305Note that this special netmask handling is only for 1306.Li inet , 1307not for the other address families such as 1308.Li inet6 . 1309.Pp 1310With the interface in question being 1311.Li em0 , 1312an example could look like: 1313.Bd -literal 1314ifconfig_em0_alias2="inet 192.0.2.129/27" 1315ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1316.Ed 1317.Pp 1318and so on. 1319.Pp 1320Note that 1321.Va ipv4_addrs_ Ns Aq Ar interface 1322variable was supported for IPv4 CIDR address notation. 1323It is now deprecated because the functionality was integrated into 1324.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1325though 1326.Va ipv4_addrs_ Ns Aq Ar interface 1327is still supported for backward compatibility. 1328.Pp 1329For each 1330.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1331entry with an address family keyword, 1332its contents are passed to 1333.Xr ifconfig 8 . 1334Execution stops at the first unsuccessful access, so if 1335something like this is present: 1336.Bd -literal 1337ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1338ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1339ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1340ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1341.Ed 1342.Pp 1343Then note that alias4 would 1344.Em not 1345be added since the search would 1346stop with the missing 1347.Dq Li alias3 1348entry. 1349Because of this difficult to manage behavior, 1350there is 1351.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1352variable, which has the same functionality as 1353.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1354and can have all of entries in a variable like the following: 1355.Bd -literal 1356ifconfig_em0_aliases="\\ 1357 inet 127.0.0.251 netmask 0xffffffff \\ 1358 inet 127.0.0.252 netmask 0xffffffff \\ 1359 inet 127.0.0.253 netmask 0xffffffff \\ 1360 inet 127.0.0.254 netmask 0xffffffff" 1361.Ed 1362.Pp 1363It also supports CIDR notation. 1364.Pp 1365If the 1366.Pa /etc/start_if. Ns Aq Ar interface 1367file is present, it is read and executed by the 1368.Xr sh 1 1369interpreter 1370before configuring the interface as specified in the 1371.Va ifconfig_ Ns Aq Ar interface 1372and 1373.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1374variables. 1375.Pp 1376If a 1377.Va vlans_ Ns Aq Ar interface 1378variable is set, 1379a 1380.Xr vlan 4 1381interface will be created for each item in the list with the 1382.Ar vlandev 1383argument set to 1384.Ar interface . 1385If a vlan interface's name is a number, 1386then that number is used as the vlan tag and the new vlan interface is 1387named 1388.Ar interface . Ns Ar tag . 1389Otherwise, 1390the vlan tag must be specified via a 1391.Va vlan 1392parameter in the 1393.Va create_args_ Ns Aq Ar interface 1394variable. 1395.Pp 1396To create a vlan device named 1397.Li em0.101 1398on 1399.Li em0 1400with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1401.Bd -literal 1402vlans_em0="101" 1403ifconfig_em0_101="inet 192.0.2.1/24" 1404.Ed 1405.Pp 1406To create a vlan device named 1407.Li myvlan 1408on 1409.Li em0 1410with the vlan tag 102: 1411.Bd -literal 1412vlans_em0="myvlan" 1413create_args_myvlan="vlan 102" 1414.Ed 1415.Pp 1416If a 1417.Va wlans_ Ns Aq Ar interface 1418variable is set, 1419an 1420.Xr wlan 4 1421interface will be created for each item in the list with the 1422.Ar wlandev 1423argument set to 1424.Ar interface . 1425Further wlan cloning arguments may be passed to the 1426.Xr ifconfig 8 1427.Cm create 1428command by setting the 1429.Va create_args_ Ns Aq Ar interface 1430variable. 1431One or more 1432.Xr wlan 4 1433devices must be created for each wireless devices as of 1434.Fx 8.0 . 1435Debugging flags for 1436.Xr wlan 4 1437devices as set by 1438.Xr wlandebug 8 1439may be specified with an 1440.Va wlandebug_ Ns Aq Ar interface 1441variable. 1442The contents of this variable will be passed directly to 1443.Xr wlandebug 8 . 1444.Pp 1445If the 1446.Va ifconfig_ Ns Aq Ar interface 1447contains the keyword 1448.Dq Li NOAUTO 1449then the interface will not be configured 1450at boot or by 1451.Pa /etc/pccard_ether 1452when 1453.Va network_interfaces 1454is set to 1455.Dq Li AUTO . 1456.Pp 1457It is possible to bring up an interface with DHCP by adding 1458.Dq Li DHCP 1459to the 1460.Va ifconfig_ Ns Aq Ar interface 1461variable. 1462For instance, to initialize the 1463.Li em0 1464device via DHCP, 1465it is possible to use something like: 1466.Bd -literal 1467ifconfig_em0="DHCP" 1468.Ed 1469.Pp 1470If you want to configure your wireless interface with 1471.Xr wpa_supplicant 8 1472for use with WPA, EAP/LEAP or WEP, you need to add 1473.Dq Li WPA 1474to the 1475.Va ifconfig_ Ns Aq Ar interface 1476variable. 1477.Pp 1478On the other hand, if you want to configure your wireless interface with 1479.Xr hostapd 8 , 1480you need to add 1481.Dq Li HOSTAP 1482to the 1483.Va ifconfig_ Ns Aq Ar interface 1484variable. 1485.Xr hostapd 8 1486will use the settings from 1487.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1488.Pp 1489Finally, you can add 1490.Xr ifconfig 8 1491options in this variable, in addition to the 1492.Pa /etc/start_if. Ns Aq Ar interface 1493file. 1494For instance, to configure an 1495.Xr ath 4 1496wireless device in station mode with an address obtained 1497via DHCP, using WPA authentication and 802.11b mode, it is 1498possible to use something like: 1499.Bd -literal 1500wlans_ath0="wlan0" 1501ifconfig_wlan0="DHCP WPA mode 11b" 1502.Ed 1503.Pp 1504In addition to the 1505.Va ifconfig_ Ns Aq Ar interface 1506form, a fallback variable 1507.Va ifconfig_DEFAULT 1508may be configured. 1509It will be used for all interfaces with no 1510.Va ifconfig_ Ns Aq Ar interface 1511variable. 1512This is intended to replace the no longer supported 1513.Va pccard_ifconfig 1514variable. 1515.Pp 1516It is also possible to rename an interface by doing: 1517.Bd -literal 1518ifconfig_em0_name="net0" 1519ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1520.Ed 1521.It Va ipv6_enable 1522.Pq Vt bool 1523This variable is deprecated. 1524Use 1525.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1526and 1527.Va ipv6_activate_all_interfaces 1528if necessary. 1529.Pp 1530If the variable is 1531.Dq Li YES , 1532.Dq Li inet6 accept_rtadv 1533is added to all of 1534.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1535and the 1536.Va ipv6_activate_all_interfaces 1537is defined as 1538.Dq Li YES . 1539.It Va ipv6_prefer 1540.Pq Vt bool 1541This variable is deprecated. 1542Use 1543.Va ip6addrctl_policy 1544instead. 1545.Pp 1546If the variable is 1547.Dq Li YES , 1548the default address selection policy table set by 1549.Xr ip6addrctl 8 1550will be IPv6-preferred. 1551.Pp 1552If the variable is 1553.Dq Li NO , 1554the default address selection policy table set by 1555.Xr ip6addrctl 8 1556will be IPv4-preferred. 1557.It Va ipv6_activate_all_interfaces 1558.Pq Vt bool 1559This controls initial configuration on IPv6-capable 1560interfaces with no corresponding 1561.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1562variable. 1563Note that it is not always necessary to set this variable to 1564.Dq YES 1565to use IPv6 functionality on 1566.Fx . 1567In most cases, just configuring 1568.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1569variables works. 1570.Pp 1571If the variable is 1572.Dq Li NO , 1573all interfaces which do not have a corresponding 1574.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1575variable will be marked as 1576.Dq Li IFDISABLED 1577at creation. 1578This means that all of IPv6 functionality on that interface 1579is completely disabled to enforce a security policy. 1580If the variable is set to 1581.Dq YES , 1582the flag will be cleared on all of the interfaces. 1583.Pp 1584In most cases, just defining an 1585.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1586for an IPv6-capable interface should be sufficient. 1587However, if an interface is added dynamically 1588.Pq by some tunneling protocols such as PPP, for example , 1589it is often difficult to define the variable in advance. 1590In such a case, configuring the 1591.Dq Li IFDISABLED 1592flag can be disabled by setting this variable to 1593.Dq YES . 1594.Pp 1595For more details of the 1596.Dq Li IFDISABLED 1597flag and keywords 1598.Dq Li inet6 ifdisabled , 1599see 1600.Xr ifconfig 8 . 1601.Pp 1602Default is 1603.Dq Li NO . 1604.It Va ipv6_privacy 1605.Pq Vt bool 1606If the variable is 1607.Dq Li YES 1608privacy addresses will be generated for each IPv6 1609interface as described in RFC 4941. 1610.It Va ipv6_network_interfaces 1611.Pq Vt str 1612This is the IPv6 equivalent of 1613.Va network_interfaces . 1614Normally manual configuration of this variable is not needed. 1615.It Va ipv6_cpe_wanif 1616.Pq Vt str 1617If the variable is set to an interface name, 1618the 1619.Xr ifconfig 8 1620options 1621.Dq inet6 -no_radr accept_rtadv 1622will be added to the specified interface automatically before evaluating 1623.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1624and two 1625.Xr sysctl 8 1626variables 1627.Va net.inet6.ip6.rfc6204w3 1628and 1629.Va net.inet6.ip6.no_radr 1630will be set to 1. 1631.Pp 1632This means the specified interface will accept ICMPv6 Router 1633Advertisement messages on that link and add the discovered 1634routers into the Default Router List. 1635While the other interfaces can still accept RA messages if the 1636.Dq inet6 accept_rtadv 1637option is specified, adding 1638routes into the Default Router List will be disabled by 1639.Dq inet6 no_radr 1640option by default. 1641See 1642.Xr ifconfig 8 1643for more details. 1644.Pp 1645Note that ICMPv6 Router Advertisement messages will be 1646accepted even when 1647.Va net.inet6.ip6.forwarding 1648is 1 1649.Pq packet forwarding is enabled 1650when 1651.Va net.inet6.ip6.rfc6204w3 1652is set to 1. 1653.Pp 1654Default is 1655.Dq Li NO . 1656.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1657.Pq Vt str 1658This assigns arbitrary description to an interface. 1659The 1660.Xr sysctl 8 1661variable 1662.Va net.ifdescr_maxlen 1663limits its length. 1664This static setting may be overridden by commands 1665started with dynamic interface configuration utilities 1666like 1667.Xr dhclient 8 1668hooks. The description can be seen with 1669.Xr ifconfig 8 1670command and it may be exported with 1671.Xr bsnmpd 1 1672daemon using its MIB-2 module. 1673.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1674.Pq Vt str 1675IPv6 functionality on an interface should be configured by 1676.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1677instead of setting ifconfig parameters in 1678.Va ifconfig_ Ns Aq Ar interface . 1679If this variable is empty, all of IPv6 configurations on the 1680specified interface by other variables such as 1681.Va ipv6_prefix_ Ns Ao Ar interface Ac 1682will be ignored. 1683.Pp 1684Aliases should be set by 1685.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1686with 1687.Dq Li inet6 1688keyword. 1689For example: 1690.Bd -literal 1691ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1692ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1693.Ed 1694.Pp 1695Interfaces that have an 1696.Dq Li inet6 accept_rtadv 1697keyword in 1698.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1699setting will be automatically configured by SLAAC 1700.Pq StateLess Address AutoConfiguration 1701described in 1702.Rs 1703.%T "RFC 4862" 1704.Re 1705.Pp 1706Note that a link-local address will be automatically configured in 1707addition to the configured global-scope addresses because the IPv6 1708specifications require it on each link. 1709The address is calculated from the MAC address by using an algorithm 1710defined in 1711.Rs 1712.%T "RFC 4862" 1713.%O "Section 5.3" 1714.Re 1715.Pp 1716If only a link-local address is needed on the interface, 1717the following configuration can be used: 1718.Bd -literal 1719ifconfig_em0_ipv6="inet6 auto_linklocal" 1720.Ed 1721.Pp 1722A link-local address can also be configured manually. 1723This is useful for the default router address of an IPv6 router 1724so that it does not change when the network interface 1725card is replaced. 1726For example: 1727.Bd -literal 1728ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1729.Ed 1730.It Va ipv6_prefix_ Ns Aq Ar interface 1731.Pq Vt str 1732If one or more prefixes are defined in 1733.Va ipv6_prefix_ Ns Aq Ar interface 1734addresses based on each prefix and the EUI-64 interface index will be 1735configured on that interface. 1736Note that this variable will be ignored when 1737.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1738is empty. 1739.Pp 1740For example, the following configuration 1741.Bd -literal 1742ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1743.Ed 1744.Pp 1745is equivalent to the following: 1746.Bd -literal 1747ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1748ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1749ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1750ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1751.Ed 1752.Pp 1753These Subnet-Router anycast addresses will be added only when 1754.Va ipv6_gateway_enable 1755is YES. 1756.It Va ipv6_default_interface 1757.Pq Vt str 1758If not set to 1759.Dq Li NO , 1760this is the default output interface for scoped addresses. 1761This works only with ipv6_gateway_enable="NO". 1762.It Va ip6addrctl_enable 1763.Pq Vt bool 1764This variable is to enable configuring default address selection policy table 1765.Pq RFC 3484 . 1766The table can be specified in another variable 1767.Va ip6addrctl_policy . 1768For 1769.Va ip6addrctl_policy 1770the following keywords can be specified: 1771.Dq Li ipv4_prefer , 1772.Dq Li ipv6_prefer , 1773or 1774.Dq Li AUTO . 1775.Pp 1776If 1777.Dq Li ipv4_prefer 1778or 1779.Dq Li ipv6_prefer 1780is specified, 1781.Xr ip6addrctl 8 1782installs a pre-defined policy table described in Section 2.1 1783.Pq IPv6-preferred 1784or 10.3 1785.Pq IPv4-preferred 1786of RFC 3484. 1787.Pp 1788If 1789.Dq Li AUTO 1790is specified, it attempts to read a file 1791.Pa /etc/ip6addrctl.conf 1792first. 1793If this file is found, 1794.Xr ip6addrctl 8 1795reads and installs it. 1796If not found, a policy is automatically set 1797according to 1798.Va ipv6_activate_all_interfaces 1799variable; if the variable is set to 1800.Dq Li YES 1801the IPv6-preferred one is used. 1802Otherwise IPv4-preferred. 1803.Pp 1804The default value of 1805.Va ip6addrctl_enable 1806and 1807.Va ip6addrctl_policy 1808are 1809.Dq Li YES 1810and 1811.Dq Li AUTO , 1812respectively. 1813.It Va cloned_interfaces 1814.Pq Vt str 1815Set to the list of clonable network interfaces to create on this host. 1816Further cloning arguments may be passed to the 1817.Xr ifconfig 8 1818.Cm create 1819command for each interface by setting the 1820.Va create_args_ Ns Aq Ar interface 1821variable. 1822If an interface name is specified with 1823.Dq :sticky 1824keyword, 1825the interface will not be destroyed even when 1826.Pa rc.d/netif 1827script is invoked with 1828.Dq stop 1829argument. 1830This is useful when reconfiguring the interface without destroying it. 1831Entries in 1832.Va cloned_interfaces 1833are automatically appended to 1834.Va network_interfaces 1835for configuration. 1836.It Va cloned_interfaces_sticky 1837.Pq Vt bool 1838This variable is to globally enable functionality of 1839.Dq :sticky 1840keyword in 1841.Va cloned_interfaces 1842for all interfaces. 1843The default value is 1844.Dq NO . 1845Even if this variable is specified to 1846.Dq YES , 1847.Dq :nosticky 1848keyword can be used to override it on per interface basis. 1849.It Va gif_interfaces 1850.Pq Vt str 1851This variable is deprecated in favor of 1852.Va cloned_interfaces . 1853Set to the list of 1854.Xr gif 4 1855tunnel interfaces to configure on this host. 1856For each 1857.Xr gif 1858tunnel interface, set a variable named 1859.Va ifconfig_ Ns Aq Ar interface 1860with the parameters for the 1861.Xr ifconfig 8 1862command to configure the link level for 1863.Ar interface 1864with the 1865.Cm tunnel 1866option. 1867The value of this variable is used to configure the link layer of the 1868tunnel using the 1869.Cm tunnel 1870option to 1871.Xr ifconfig . 1872For example, configure two 1873.Xr gif 1874interfaces with: 1875.Bd -literal -offset indent 1876gif_interfaces="gif0 gif1" 1877ifconfig_gif0="tunnel src_addr0 dst_addr0" 1878ifconfig_gif1="tunnel src_addr1 dst_addr1" 1879.Ed 1880.Pp 1881Additionally, this option ensures that each listed interface is created 1882via the 1883.Cm create 1884option to 1885.Xr ifconfig . 1886This example also works with 1887.Va cloned_interfaces 1888instead of 1889.Va gif_interfaces . 1890.It Va sppp_interfaces 1891.Pq Vt str 1892Set to the list of 1893.Xr sppp 4 1894interfaces to configure on this host. 1895A 1896.Va spppconfig_ Ns Aq Ar interface 1897variable is assumed to exist for each value of 1898.Ar interface . 1899Each interface should also be configured by a general 1900.Va ifconfig_ Ns Aq Ar interface 1901setting. 1902Refer to 1903.Xr spppcontrol 8 1904for more information about available options. 1905.It Va ppp_enable 1906.Pq Vt bool 1907If set to 1908.Dq Li YES , 1909run the 1910.Xr ppp 8 1911daemon. 1912.It Va ppp_profile 1913.Pq Vt str 1914The name of the profile to use from 1915.Pa /etc/ppp/ppp.conf . 1916Also used for per-profile overrides of 1917.Va ppp_mode 1918and 1919.Va ppp_nat , 1920and 1921.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1922When the profile name contains any of the characters 1923.Dq Li .-/+ 1924they are translated to 1925.Dq Li _ 1926for the proposes of the override variable names. 1927.It Va ppp_mode 1928.Pq Vt str 1929Mode in which to run the 1930.Xr ppp 8 1931daemon. 1932.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1933.Pq Vt str 1934Overrides the global 1935.Va ppp_mode 1936for 1937.Ar profile . 1938Accepted modes are 1939.Dq Li auto , 1940.Dq Li ddial , 1941.Dq Li direct 1942and 1943.Dq Li dedicated . 1944See the manual for a full description. 1945.It Va ppp_nat 1946.Pq Vt bool 1947If set to 1948.Dq Li YES , 1949enables network address translation. 1950Used in conjunction with 1951.Va gateway_enable 1952allows hosts on private network addresses access to the Internet using 1953this host as a network address translating router. 1954.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1955.Pq Vt str 1956Overrides the global 1957.Va ppp_nat 1958for 1959.Ar profile . 1960.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1961.Pq Vt int 1962Set the unit number to be used for this profile. 1963See the manual description of 1964.Fl unit Ns Ar N 1965for details. 1966.It Va ppp_user 1967.Pq Vt str 1968The name of the user under which 1969.Xr ppp 8 1970should be started. 1971By 1972default, 1973.Xr ppp 8 1974is started as 1975.Dq Li root . 1976.It Va rc_conf_files 1977.Pq Vt str 1978This option is used to specify a list of files that will override 1979the settings in 1980.Pa /etc/defaults/rc.conf . 1981The files will be read in the order in which they are specified and should 1982include the full path to the file. 1983By default, the files specified are 1984.Pa /etc/rc.conf 1985and 1986.Pa /etc/rc.conf.local 1987.It Va zfs_enable 1988.Pq Vt bool 1989If set to 1990.Dq Li YES , 1991.Pa /etc/rc.d/zfs 1992will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1993(ZVOLs). 1994.It Va gptboot_enable 1995.Pq Vt bool 1996If set to 1997.Dq Li YES , 1998.Pa /etc/rc.d/gptboot 1999will log if the system successfully (or not) booted from a GPT partition, 2000which had the 2001.Ar bootonce 2002attribute set using 2003.Xr gpart 8 2004utility. 2005.It Va gbde_autoattach_all 2006.Pq Vt bool 2007If set to 2008.Dq Li YES , 2009.Pa /etc/rc.d/gbde 2010will attempt to automatically initialize your .bde devices in 2011.Pa /etc/fstab . 2012.It Va gbde_devices 2013.Pq Vt str 2014List the devices that the script should try to attach, 2015or 2016.Dq Li AUTO . 2017.It Va gbde_lockdir 2018.Pq Vt str 2019The directory where the 2020.Xr gbde 4 2021lockfiles are located. 2022The default lockfile directory is 2023.Pa /etc . 2024.Pp 2025The lockfile for each individual 2026.Xr gbde 4 2027device can be overridden by setting the variable 2028.Va gbde_lock_ Ns Aq Ar device , 2029where 2030.Ar device 2031is the encrypted device without the 2032.Dq Pa /dev/ 2033and 2034.Dq Pa .bde 2035parts. 2036.It Va gbde_attach_attempts 2037.Pq Vt int 2038Number of times to attempt attaching to a 2039.Xr gbde 4 2040device, i.e., how many times the user is asked for the pass-phrase. 2041Default is 3. 2042.It Va geli_devices 2043.Pq Vt str 2044List of devices to automatically attach on boot. 2045Note that .eli devices from 2046.Pa /etc/fstab 2047are automatically appended to this list. 2048.It Va geli_groups 2049.Pq Vt str 2050List of groups containing devices to automatically attach on boot with the same 2051keyfiles and passphrase. 2052This must be accompanied with a corresponding 2053.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2054variable. 2055.It Va geli_tries 2056.Pq Vt int 2057Number of times user is asked for the pass-phrase. 2058If empty, it will be taken from 2059.Va kern.geom.eli.tries 2060sysctl variable. 2061.It Va geli_default_flags 2062.Pq Vt str 2063Default flags to use by 2064.Xr geli 8 2065when configuring disk encryption. 2066Flags can be configured for every device separately by defining the 2067.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2068variable, and for every group separately by defining the 2069.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2070variable. 2071.It Va geli_autodetach 2072.Pq Vt str 2073Specifies if GELI devices should be marked for detach on last close after 2074file systems are mounted. 2075Default is 2076.Dq Li YES . 2077This can be changed for every device separately by defining the 2078.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2079variable. 2080.It Va root_rw_mount 2081.Pq Vt bool 2082Set to 2083.Dq Li YES 2084by default. 2085After the file systems are checked at boot time, the root file system 2086is remounted as read-write if this is set to 2087.Dq Li YES . 2088Diskless systems that mount their root file system from a read-only remote 2089NFS share should set this to 2090.Dq Li NO 2091in their 2092.Pa rc.conf . 2093.It Va fsck_y_enable 2094.Pq Vt bool 2095If set to 2096.Dq Li YES , 2097.Xr fsck 8 2098will be run with the 2099.Fl y 2100flag if the initial preen 2101of the file systems fails. 2102.It Va background_fsck 2103.Pq Vt bool 2104If set to 2105.Dq Li NO , 2106the system will not attempt to run 2107.Xr fsck 8 2108in the background where possible. 2109.It Va background_fsck_delay 2110.Pq Vt int 2111The amount of time in seconds to sleep before starting a background 2112.Xr fsck 8 . 2113It defaults to sixty seconds to allow large applications such as 2114the X server to start before disk I/O bandwidth is monopolized by 2115.Xr fsck 8 . 2116If set to a negative number, the background file system check will be 2117delayed indefinitely to allow the administrator to run it at a more 2118convenient time. 2119For example it may be run from 2120.Xr cron 8 2121by adding a line like 2122.Pp 2123.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2124.Pp 2125to 2126.Pa /etc/crontab . 2127.It Va netfs_types 2128.Pq Vt str 2129List of file system types that are network-based. 2130This list should generally not be modified by end users. 2131Use 2132.Va extra_netfs_types 2133instead. 2134.It Va extra_netfs_types 2135.Pq Vt str 2136If set to something other than 2137.Dq Li NO 2138(the default), 2139this variable extends the list of file system types 2140for which automatic mounting at startup by 2141.Xr rc 8 2142should be delayed until the network is initialized. 2143It should contain 2144a whitespace-separated list of network file system descriptor pairs, 2145each consisting of a file system type as passed to 2146.Xr mount 8 2147and a human-readable, one-word description, 2148joined with a colon 2149.Pq Ql \&: . 2150Extending the default list in this way is only necessary 2151when third party file system types are used. 2152.It Va syslogd_enable 2153.Pq Vt bool 2154If set to 2155.Dq Li YES , 2156run the 2157.Xr syslogd 8 2158daemon. 2159.It Va syslogd_program 2160.Pq Vt str 2161Path to 2162.Xr syslogd 8 2163(default 2164.Pa /usr/sbin/syslogd ) . 2165.It Va syslogd_flags 2166.Pq Vt str 2167If 2168.Va syslogd_enable 2169is set to 2170.Dq Li YES , 2171these are the flags to pass to 2172.Xr syslogd 8 . 2173.It Va inetd_enable 2174.Pq Vt bool 2175If set to 2176.Dq Li YES , 2177run the 2178.Xr inetd 8 2179daemon. 2180.It Va inetd_program 2181.Pq Vt str 2182Path to 2183.Xr inetd 8 2184(default 2185.Pa /usr/sbin/inetd ) . 2186.It Va inetd_flags 2187.Pq Vt str 2188If 2189.Va inetd_enable 2190is set to 2191.Dq Li YES , 2192these are the flags to pass to 2193.Xr inetd 8 . 2194.It Va hastd_enable 2195.Pq Vt bool 2196If set to 2197.Dq Li YES , 2198run the 2199.Xr hastd 8 2200daemon. 2201.It Va hastd_program 2202.Pq Vt str 2203Path to 2204.Xr hastd 8 2205(default 2206.Pa /sbin/hastd ) . 2207.It Va hastd_flags 2208.Pq Vt str 2209If 2210.Va hastd_enable 2211is set to 2212.Dq Li YES , 2213these are the flags to pass to 2214.Xr hastd 8 . 2215.It Va local_unbound_enable 2216.Pq Vt bool 2217If set to 2218.Dq Li YES , 2219run the 2220.Xr unbound 8 2221daemon as a local caching resolver. 2222.It Va kdc_enable 2223.Pq Vt bool 2224Set to 2225.Dq Li YES 2226to start a Kerberos 5 authentication server 2227at boot time. 2228.It Va kdc_program 2229.Pq Vt str 2230If 2231.Va kdc_enable 2232is set to 2233.Dq Li YES 2234this is the path to Kerberos 5 Authentication Server. 2235.It Va kdc_flags 2236.Pq Vt str 2237Empty by default. 2238This variable contains additional flags to be passed to the Kerberos 5 2239authentication server. 2240.It Va kadmind_enable 2241.Pq Vt bool 2242Set to 2243.Dq Li YES 2244to start 2245.Xr kadmind 8 , 2246the Kerberos 5 Administration Daemon; set to 2247.Dq Li NO 2248on a slave server. 2249.It Va kadmind_program 2250.Pq Vt str 2251If 2252.Va kadmind_enable 2253is set to 2254.Dq Li YES 2255this is the path to Kerberos 5 Administration Daemon. 2256.It Va kpasswdd_enable 2257.Pq Vt bool 2258Set to 2259.Dq Li YES 2260to start 2261.Xr kpasswdd 8 , 2262the Kerberos 5 Password-Changing Daemon; set to 2263.Dq Li NO 2264on a slave server. 2265.It Va kpasswdd_program 2266.Pq Vt str 2267If 2268.Va kpasswdd_enable 2269is set to 2270.Dq Li YES 2271this is the path to Kerberos 5 Password-Changing Daemon. 2272.It Va kfd_enable 2273.Pq Vt bool 2274Set to 2275.Dq Li YES 2276to start 2277.Xr kfd 8 , 2278the Kerberos 5 ticket forwarding daemon, at the boot time. 2279.It Va kfd_program 2280.Pq Vt str 2281Path to 2282.Xr kfd 8 2283(default 2284.Pa /usr/libexec/kfd ) . 2285.It Va rwhod_enable 2286.Pq Vt bool 2287If set to 2288.Dq Li YES , 2289run the 2290.Xr rwhod 8 2291daemon at boot time. 2292.It Va rwhod_flags 2293.Pq Vt str 2294If 2295.Va rwhod_enable 2296is set to 2297.Dq Li YES , 2298these are the flags to pass to it. 2299.It Va amd_enable 2300.Pq Vt bool 2301If set to 2302.Dq Li YES , 2303run the 2304.Xr amd 8 2305daemon at boot time. 2306.It Va amd_flags 2307.Pq Vt str 2308If 2309.Va amd_enable 2310is set to 2311.Dq Li YES , 2312these are the flags to pass to it. 2313See the 2314.Xr amd 8 2315manpage for more information. 2316.It Va amd_map_program 2317.Pq Vt str 2318If set, 2319the specified program is run to get the list of 2320.Xr amd 8 2321maps. 2322For example, if the 2323.Xr amd 8 2324maps are stored in NIS, one can set this to 2325run 2326.Xr ypcat 1 2327to get a list of 2328.Xr amd 8 2329maps from the 2330.Pa amd.master 2331NIS map. 2332.It Va update_motd 2333.Pq Vt bool 2334If set to 2335.Dq Li YES , 2336.Pa /etc/motd 2337will be updated at boot time to reflect the kernel release 2338being run. 2339If set to 2340.Dq Li NO , 2341.Pa /etc/motd 2342will not be updated. 2343.It Va nfs_client_enable 2344.Pq Vt bool 2345If set to 2346.Dq Li YES , 2347run the NFS client daemons at boot time. 2348.It Va nfs_access_cache 2349.Pq Vt int 2350If 2351.Va nfs_client_enable 2352is set to 2353.Dq Li YES , 2354this can be set to 2355.Dq Li 0 2356to disable NFS ACCESS RPC caching, or to the number of seconds for which 2357NFS ACCESS 2358results should be cached. 2359A value of 2-10 seconds will substantially reduce network 2360traffic for many NFS operations. 2361.It Va nfs_server_enable 2362.Pq Vt bool 2363If set to 2364.Dq Li YES , 2365run the NFS server daemons at boot time. 2366.It Va nfs_server_flags 2367.Pq Vt str 2368If 2369.Va nfs_server_enable 2370is set to 2371.Dq Li YES , 2372these are the flags to pass to the 2373.Xr nfsd 8 2374daemon. 2375.It Va nfsv4_server_enable 2376.Pq Vt bool 2377If 2378.Va nfs_server_enable 2379is set to 2380.Dq Li YES 2381and 2382.Va nfsv4_server_enable 2383are set to 2384.Dq Li YES , 2385enable the server for NFSv4 as well as NFSv2 and NFSv3. 2386.It Va nfsuserd_enable 2387.Pq Vt bool 2388If 2389.Va nfsuserd_enable 2390is set to 2391.Dq Li YES , 2392run the nfsuserd daemon, which is needed for NFSv4 in order 2393to map between user/group names vs uid/gid numbers. 2394If 2395.Va nfsv4_server_enable 2396is set to 2397.Dq Li YES , 2398this will be forced enabled. 2399.It Va nfsuserd_flags 2400.Pq Vt str 2401If 2402.Va nfsuserd_enable 2403is set to 2404.Dq Li YES , 2405these are the flags to pass to the 2406.Xr nfsuserd 8 2407daemon. 2408.It Va nfscbd_enable 2409.Pq Vt bool 2410If 2411.Va nfscbd_enable 2412is set to 2413.Dq Li YES , 2414run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2415.It Va nfscbd_flags 2416.Pq Vt str 2417If 2418.Va nfscbd_enable 2419is set to 2420.Dq Li YES , 2421these are the flags to pass to the 2422.Xr nfscbd 8 2423daemon. 2424.It Va mountd_enable 2425.Pq Vt bool 2426If set to 2427.Dq Li YES , 2428and no 2429.Va nfs_server_enable 2430is set, start 2431.Xr mountd 8 , 2432but not 2433.Xr nfsd 8 2434daemon. 2435It is commonly needed to run CFS without real NFS used. 2436.It Va mountd_flags 2437.Pq Vt str 2438If 2439.Va mountd_enable 2440is set to 2441.Dq Li YES , 2442these are the flags to pass to the 2443.Xr mountd 8 2444daemon. 2445.It Va weak_mountd_authentication 2446.Pq Vt bool 2447If set to 2448.Dq Li YES , 2449allow services like PCNFSD to make non-privileged mount 2450requests. 2451.It Va nfs_reserved_port_only 2452.Pq Vt bool 2453If set to 2454.Dq Li YES , 2455provide NFS services only on a secure port. 2456.It Va nfs_bufpackets 2457.Pq Vt int 2458If set to a number, indicates the number of packets worth of 2459socket buffer space to reserve on an NFS client. 2460The kernel default is typically 4. 2461Using a higher number may be 2462useful on gigabit networks to improve performance. 2463The minimum value is 24642 and the maximum is 64. 2465.It Va rpc_lockd_enable 2466.Pq Vt bool 2467If set to 2468.Dq Li YES 2469and also an NFS server or client, run 2470.Xr rpc.lockd 8 2471at boot time. 2472.It Va rpc_lockd_flags 2473.Pq Vt str 2474If 2475.Va rpc_lockd_enable 2476is set to 2477.Dq Li YES , 2478these are the flags to pass to the 2479.Xr rpc.lockd 8 2480daemon. 2481.It Va rpc_statd_enable 2482.Pq Vt bool 2483If set to 2484.Dq Li YES 2485and also an NFS server or client, run 2486.Xr rpc.statd 8 2487at boot time. 2488.It Va rpc_statd_flags 2489.Pq Vt str 2490If 2491.Va rpc_statd_enable 2492is set to 2493.Dq Li YES , 2494these are the flags to pass to the 2495.Xr rpc.statd 8 2496daemon. 2497.It Va rpcbind_program 2498.Pq Vt str 2499Path to 2500.Xr rpcbind 8 2501(default 2502.Pa /usr/sbin/rpcbind ) . 2503.It Va rpcbind_enable 2504.Pq Vt bool 2505If set to 2506.Dq Li YES , 2507run the 2508.Xr rpcbind 8 2509service at boot time. 2510.It Va rpcbind_flags 2511.Pq Vt str 2512If 2513.Va rpcbind_enable 2514is set to 2515.Dq Li YES , 2516these are the flags to pass to the 2517.Xr rpcbind 8 2518daemon. 2519.It Va keyserv_enable 2520.Pq Vt bool 2521If set to 2522.Dq Li YES , 2523run the 2524.Xr keyserv 8 2525daemon on boot for running Secure RPC. 2526.It Va keyserv_flags 2527.Pq Vt str 2528If 2529.Va keyserv_enable 2530is set to 2531.Dq Li YES , 2532these are the flags to pass to 2533.Xr keyserv 8 2534daemon. 2535.It Va pppoed_enable 2536.Pq Vt bool 2537If set to 2538.Dq Li YES , 2539run the 2540.Xr pppoed 8 2541daemon at boot time to provide PPP over Ethernet services. 2542.It Va pppoed_ Ns Aq Ar provider 2543.Pq Vt str 2544.Xr pppoed 8 2545listens to requests to this 2546.Ar provider 2547and ultimately runs 2548.Xr ppp 8 2549with a 2550.Ar system 2551argument of the same name. 2552.It Va pppoed_flags 2553.Pq Vt str 2554Additional flags to pass to 2555.Xr pppoed 8 . 2556.It Va pppoed_interface 2557.Pq Vt str 2558The network interface to run 2559.Xr pppoed 8 2560on. 2561This is mandatory when 2562.Va pppoed_enable 2563is set to 2564.Dq Li YES . 2565.It Va timed_enable 2566.Pq Vt bool 2567If set to 2568.Dq Li YES , 2569run the 2570.Xr timed 8 2571service at boot time. 2572This command is intended for networks of 2573machines where a consistent 2574.Dq "network time" 2575for all hosts must be established. 2576This is often useful in large NFS 2577environments where time stamps on files are expected to be consistent 2578network-wide. 2579.It Va timed_flags 2580.Pq Vt str 2581If 2582.Va timed_enable 2583is set to 2584.Dq Li YES , 2585these are the flags to pass to the 2586.Xr timed 8 2587service. 2588.It Va ntpdate_enable 2589.Pq Vt bool 2590If set to 2591.Dq Li YES , 2592run 2593.Xr ntpdate 8 2594at system startup. 2595This command is intended to 2596synchronize the system clock only 2597.Em once 2598from some standard reference. 2599.Pp 2600Note that the use of the 2601.Va ntpd_sync_on_start 2602variable is a preferred alternative to the 2603.Xr ntpdate 8 2604utility as 2605.Xr ntpdate 8 2606is to be retired from the NTP distribution. 2607.It Va ntpdate_config 2608.Pq Vt str 2609Configuration file for 2610.Xr ntpdate 8 . 2611Default 2612.Pa /etc/ntp.conf . 2613.It Va ntpdate_hosts 2614.Pq Vt str 2615A whitespace-separated list of NTP servers to synchronize with at startup. 2616The default is to use the servers listed in 2617.Va ntpdate_config , 2618if that file exists. 2619.It Va ntpdate_program 2620.Pq Vt str 2621Path to 2622.Xr ntpdate 8 2623(default 2624.Pa /usr/sbin/ntpdate ) . 2625.It Va ntpdate_flags 2626.Pq Vt str 2627If 2628.Va ntpdate_enable 2629is set to 2630.Dq Li YES , 2631these are the flags to pass to the 2632.Xr ntpdate 8 2633command (typically a hostname). 2634.It Va ntpd_enable 2635.Pq Vt bool 2636If set to 2637.Dq Li YES , 2638run the 2639.Xr ntpd 8 2640command at boot time. 2641.It Va ntpd_program 2642.Pq Vt str 2643Path to 2644.Xr ntpd 8 2645(default 2646.Pa /usr/sbin/ntpd ) . 2647.It Va ntpd_config 2648.Pq Vt str 2649Path to 2650.Xr ntpd 8 2651configuration file. 2652Default 2653.Pa /etc/ntp.conf . 2654.It Va ntpd_flags 2655.Pq Vt str 2656If 2657.Va ntpd_enable 2658is set to 2659.Dq Li YES , 2660these are the flags to pass to the 2661.Xr ntpd 8 2662daemon. 2663.It Va ntpd_sync_on_start 2664.Pq Vt bool 2665If set to 2666.Dq Li YES , 2667.Xr ntpd 8 2668is run with the 2669.Fl g 2670flag, which syncs the system's clock on startup. 2671See 2672.Xr ntpd 8 2673for more information regarding the 2674.Fl g 2675option. 2676This is a preferred alternative to using 2677.Xr ntpdate 8 2678or specifying the 2679.Va ntpdate_enable 2680variable. 2681.It Va nis_client_enable 2682.Pq Vt bool 2683If set to 2684.Dq Li YES , 2685run the 2686.Xr ypbind 8 2687service at system boot time. 2688.It Va nis_client_flags 2689.Pq Vt str 2690If 2691.Va nis_client_enable 2692is set to 2693.Dq Li YES , 2694these are the flags to pass to the 2695.Xr ypbind 8 2696service. 2697.It Va nis_ypldap_enable 2698.Pq Vt bool 2699If set to 2700.Dq Li YES , 2701run the 2702.Xr ypldap 8 2703daemon at system boot time. 2704.It Va nis_ypldap_flags 2705.Pq Vt str 2706If 2707.Va nis.ypldap_enable 2708is set to 2709.Dq Li YES , 2710these are the flags to pass to the 2711.Xr ypldap 8 2712daemon. 2713.It Va nis_ypset_enable 2714.Pq Vt bool 2715If set to 2716.Dq Li YES , 2717run the 2718.Xr ypset 8 2719daemon at system boot time. 2720.It Va nis_ypset_flags 2721.Pq Vt str 2722If 2723.Va nis_ypset_enable 2724is set to 2725.Dq Li YES , 2726these are the flags to pass to the 2727.Xr ypset 8 2728daemon. 2729.It Va nis_server_enable 2730.Pq Vt bool 2731If set to 2732.Dq Li YES , 2733run the 2734.Xr ypserv 8 2735daemon at system boot time. 2736.It Va nis_server_flags 2737.Pq Vt str 2738If 2739.Va nis_server_enable 2740is set to 2741.Dq Li YES , 2742these are the flags to pass to the 2743.Xr ypserv 8 2744daemon. 2745.It Va nis_ypxfrd_enable 2746.Pq Vt bool 2747If set to 2748.Dq Li YES , 2749run the 2750.Xr rpc.ypxfrd 8 2751daemon at system boot time. 2752.It Va nis_ypxfrd_flags 2753.Pq Vt str 2754If 2755.Va nis_ypxfrd_enable 2756is set to 2757.Dq Li YES , 2758these are the flags to pass to the 2759.Xr rpc.ypxfrd 8 2760daemon. 2761.It Va nis_yppasswdd_enable 2762.Pq Vt bool 2763If set to 2764.Dq Li YES , 2765run the 2766.Xr rpc.yppasswdd 8 2767daemon at system boot time. 2768.It Va nis_yppasswdd_flags 2769.Pq Vt str 2770If 2771.Va nis_yppasswdd_enable 2772is set to 2773.Dq Li YES , 2774these are the flags to pass to the 2775.Xr rpc.yppasswdd 8 2776daemon. 2777.It Va rpc_ypupdated_enable 2778.Pq Vt bool 2779If set to 2780.Dq Li YES , 2781run the 2782.Nm rpc.ypupdated 2783daemon at system boot time. 2784.It Va bsnmpd_enable 2785.Pq Vt bool 2786If set to 2787.Dq Li YES , 2788run the 2789.Xr bsnmpd 1 2790daemon at system boot time. 2791Be sure to understand the security implications of running SNMP daemon 2792on your host. 2793.It Va bsnmpd_flags 2794.Pq Vt str 2795If 2796.Va bsnmpd_enable 2797is set to 2798.Dq Li YES , 2799these are the flags to pass to the 2800.Xr bsnmpd 1 2801daemon. 2802.It Va defaultrouter 2803.Pq Vt str 2804If not set to 2805.Dq Li NO , 2806create a default route to this host name or IP address 2807(use an IP address if this router is also required to get to the 2808name server!). 2809.It Va ipv6_defaultrouter 2810.Pq Vt str 2811The IPv6 equivalent of 2812.Va defaultrouter . 2813.It Va static_arp_pairs 2814.Pq Vt str 2815Set to the list of static ARP pairs that are to be added at system 2816boot time. 2817For each whitespace separated 2818.Ar element 2819in the value, a 2820.Va static_arp_ Ns Aq Ar element 2821variable is assumed to exist whose contents will later be passed to a 2822.Dq Nm arp Cm -S 2823operation. 2824For example 2825.Bd -literal 2826static_arp_pairs="gw" 2827static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2828.Ed 2829.It Va static_ndp_pairs 2830.Pq Vt str 2831Set to the list of static NDP pairs that are to be added at system 2832boot time. 2833For each whitespace separated 2834.Ar element 2835in the value, a 2836.Va static_ndp_ Ns Aq Ar element 2837variable is assumed to exist whose contents will later be passed to a 2838.Dq Nm ndp Cm -s 2839operation. 2840For example 2841.Bd -literal 2842static_ndp_pairs="gw" 2843static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2844.Ed 2845.It Va static_routes 2846.Pq Vt str 2847Set to the list of static routes that are to be added at system 2848boot time. 2849If not set to 2850.Dq Li NO 2851then for each whitespace separated 2852.Ar element 2853in the value, a 2854.Va route_ Ns Aq Ar element 2855variable is assumed to exist 2856whose contents will later be passed to a 2857.Dq Nm route Cm add 2858operation. 2859For example: 2860.Bd -literal 2861static_routes="ext mcast:gif0 gif0local:gif0" 2862route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2863route_mcast="-net 224.0.0.0/4 -iface gif0" 2864route_gif0local="-host 169.254.1.1 -iface lo0" 2865.Ed 2866.Pp 2867When an 2868.Ar element 2869is in the form of 2870.Li name:ifname , 2871the route is specific to the interface 2872.Li ifname . 2873.It Va ipv6_static_routes 2874.Pq Vt str 2875The IPv6 equivalent of 2876.Va static_routes . 2877If not set to 2878.Dq Li NO 2879then for each whitespace separated 2880.Ar element 2881in the value, a 2882.Va ipv6_route_ Ns Aq Ar element 2883variable is assumed to exist 2884whose contents will later be passed to a 2885.Dq Nm route Cm add Fl inet6 2886operation. 2887.It Va gateway_enable 2888.Pq Vt bool 2889If set to 2890.Dq Li YES , 2891configure host to act as an IP router, e.g.\& to forward packets 2892between interfaces. 2893.It Va ipv6_gateway_enable 2894.Pq Vt bool 2895The IPv6 equivalent of 2896.Va gateway_enable . 2897.It Va routed_enable 2898.Pq Vt bool 2899If set to 2900.Dq Li YES , 2901run a routing daemon of some sort, based on the 2902settings of 2903.Va routed_program 2904and 2905.Va routed_flags . 2906.It Va route6d_enable 2907.Pq Vt bool 2908The IPv6 equivalent of 2909.Va routed_enable . 2910If set to 2911.Dq Li YES , 2912run a routing daemon of some sort, based on the 2913settings of 2914.Va route6d_program 2915and 2916.Va route6d_flags . 2917.It Va routed_program 2918.Pq Vt str 2919If 2920.Va routed_enable 2921is set to 2922.Dq Li YES , 2923this is the name of the routing daemon to use. 2924.It Va route6d_program 2925.Pq Vt str 2926The IPv6 equivalent of 2927.Va routed_program . 2928.It Va routed_flags 2929.Pq Vt str 2930If 2931.Va routed_enable 2932is set to 2933.Dq Li YES , 2934these are the flags to pass to the routing daemon. 2935.It Va route6d_flags 2936.Pq Vt str 2937The IPv6 equivalent of 2938.Va routed_flags . 2939.It Va rtadvd_enable 2940.Pq Vt bool 2941If set to 2942.Dq Li YES , 2943run the 2944.Xr rtadvd 8 2945daemon at boot time. 2946The 2947.Xr rtadvd 8 2948utility sends ICMPv6 Router Advertisement messages to 2949the interfaces specified in 2950.Va rtadvd_interfaces . 2951This should only be enabled with great care. 2952You may want to fine-tune 2953.Xr rtadvd.conf 5 . 2954.It Va rtadvd_interfaces 2955.Pq Vt str 2956If 2957.Va rtadvd_enable 2958is set to 2959.Dq Li YES 2960this is the list of interfaces to use. 2961.It Va arpproxy_all 2962.Pq Vt bool 2963If set to 2964.Dq Li YES , 2965enable global proxy ARP. 2966.It Va forward_sourceroute 2967.Pq Vt bool 2968If set to 2969.Dq Li YES 2970and 2971.Va gateway_enable 2972is also set to 2973.Dq Li YES , 2974source-routed packets are forwarded. 2975.It Va accept_sourceroute 2976.Pq Vt bool 2977If set to 2978.Dq Li YES , 2979the system will accept source-routed packets directed at it. 2980.It Va rarpd_enable 2981.Pq Vt bool 2982If set to 2983.Dq Li YES , 2984run the 2985.Xr rarpd 8 2986daemon at system boot time. 2987.It Va rarpd_flags 2988.Pq Vt str 2989If 2990.Va rarpd_enable 2991is set to 2992.Dq Li YES , 2993these are the flags to pass to the 2994.Xr rarpd 8 2995daemon. 2996.It Va bootparamd_enable 2997.Pq Vt bool 2998If set to 2999.Dq Li YES , 3000run the 3001.Xr bootparamd 8 3002daemon at system boot time. 3003.It Va bootparamd_flags 3004.Pq Vt str 3005If 3006.Va bootparamd_enable 3007is set to 3008.Dq Li YES , 3009these are the flags to pass to the 3010.Xr bootparamd 8 3011daemon. 3012.It Va stf_interface_ipv4addr 3013.Pq Vt str 3014If not set to 3015.Dq Li NO , 3016this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3017interface). 3018Specify this entry to enable the 6to4 interface. 3019.It Va stf_interface_ipv4plen 3020.Pq Vt int 3021Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3022An effective value is 0-31. 3023.It Va stf_interface_ipv6_ifid 3024.Pq Vt str 3025IPv6 interface ID for 3026.Xr stf 4 . 3027This can be set to 3028.Dq Li AUTO . 3029.It Va stf_interface_ipv6_slaid 3030.Pq Vt str 3031IPv6 Site Level Aggregator for 3032.Xr stf 4 . 3033.It Va ipv6_ipv4mapping 3034.Pq Vt bool 3035If set to 3036.Dq Li YES 3037this enables IPv4 mapped IPv6 address communication (like 3038.Li ::ffff:a.b.c.d ) . 3039.It Va rtsold_enable 3040.Pq Vt bool 3041Set to 3042.Dq Li YES 3043to enable the 3044.Xr rtsold 8 3045daemon to send ICMPv6 Router Solicitation messages. 3046.It Va rtsold_flags 3047.Pq Vt str 3048If 3049.Va rtsold_enable 3050is set to 3051.Dq Li YES , 3052these are the flags to pass to 3053.Xr rtsold 8 . 3054.It Va rtsol_flags 3055.Pq Vt str 3056For interfaces configured with the 3057.Dq Li inet6 accept_rtadv 3058keyword, these are the flags to pass to 3059.Xr rtsol 8 . 3060.Pp 3061Note that 3062.Va rtsold_enable 3063is mutually exclusive to 3064.Va rtsol_flags ; 3065.Va rtsold_enable 3066takes precedence. 3067.It Va keybell 3068.Pq Vt str 3069The keyboard bell sound. 3070Set to 3071.Dq Li normal , 3072.Dq Li visual , 3073.Dq Li off , 3074or 3075.Dq Li NO 3076if the default behavior is desired. 3077For details, refer to the 3078.Xr kbdcontrol 1 3079manpage. 3080.It Va keyboard 3081.Pq Vt str 3082If set to a non-null string, the virtual console's keyboard input is 3083set to this device. 3084.It Va keymap 3085.Pq Vt str 3086If set to 3087.Dq Li NO , 3088no keymap is installed, otherwise the value is used to install 3089the keymap file found in 3090.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3091(if using 3092.Xr syscons 4 ) or 3093.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3094(if using 3095.Xr vt 4 ) . 3096.It Va keyrate 3097.Pq Vt str 3098The keyboard repeat speed. 3099Set to 3100.Dq Li slow , 3101.Dq Li normal , 3102.Dq Li fast , 3103or 3104.Dq Li NO 3105if the default behavior is desired. 3106.It Va keychange 3107.Pq Vt str 3108If not set to 3109.Dq Li NO , 3110attempt to program the function keys with the value. 3111The value should 3112be a single string of the form: 3113.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3114.It Va cursor 3115.Pq Vt str 3116Can be set to the value of 3117.Dq Li normal , 3118.Dq Li blink , 3119.Dq Li destructive , 3120or 3121.Dq Li NO 3122to set the cursor behavior explicitly or choose the default behavior. 3123.It Va scrnmap 3124.Pq Vt str 3125If set to 3126.Dq Li NO , 3127no screen map is installed, otherwise the value is used to install 3128the screen map file in 3129.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3130This parameter is ignored when using 3131.Xr vt 4 3132as the console driver. 3133.It Va font8x16 3134.Pq Vt str 3135If set to 3136.Dq Li NO , 3137the default 8x16 font value is used for screen size requests, otherwise 3138the value in 3139.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3140or 3141.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3142is used (depending on the console driver being used). 3143.It Va font8x14 3144.Pq Vt str 3145If set to 3146.Dq Li NO , 3147the default 8x14 font value is used for screen size requests, otherwise 3148the value in 3149.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3150or 3151.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3152is used (depending on the console driver being used). 3153.It Va font8x8 3154.Pq Vt str 3155If set to 3156.Dq Li NO , 3157the default 8x8 font value is used for screen size requests, otherwise 3158the value in 3159.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3160or 3161.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3162is used (depending on the console driver being used). 3163.It Va blanktime 3164.Pq Vt int 3165If set to 3166.Dq Li NO , 3167the default screen blanking interval is used, otherwise it is set 3168to 3169.Ar value 3170seconds. 3171.It Va saver 3172.Pq Vt str 3173If not set to 3174.Dq Li NO , 3175this is the actual screen saver to use 3176.Li ( blank , snake , daemon , 3177etc). 3178.It Va moused_nondefault_enable 3179.Pq Vt str 3180If set to 3181.Dq Li NO , 3182the mouse device specified on 3183the command line is not automatically treated as enabled by the 3184.Pa /etc/rc.d/moused 3185script. 3186Having this variable set to 3187.Dq Li YES 3188allows a 3189.Xr usb 4 3190mouse, 3191for example, 3192to be enabled as soon as it is plugged in. 3193.It Va moused_enable 3194.Pq Vt str 3195If set to 3196.Dq Li YES , 3197the 3198.Xr moused 8 3199daemon is started for doing cut/paste selection on the console. 3200.It Va moused_type 3201.Pq Vt str 3202This is the protocol type of the mouse connected to this host. 3203This variable must be set if 3204.Va moused_enable 3205is set to 3206.Dq Li YES . 3207The 3208.Xr moused 8 3209daemon 3210is able to detect the appropriate mouse type automatically in many cases. 3211Set this variable to 3212.Dq Li auto 3213to let the daemon detect it, or 3214select one from the following list if the automatic detection fails. 3215.Pp 3216If the mouse is attached to the PS/2 mouse port, choose 3217.Dq Li auto 3218or 3219.Dq Li ps/2 , 3220regardless of the brand and model of the mouse. 3221Likewise, if the 3222mouse is attached to the bus mouse port, choose 3223.Dq Li auto 3224or 3225.Dq Li busmouse . 3226All other protocols are for serial mice and will not work with 3227the PS/2 and bus mice. 3228If this is a USB mouse, 3229.Dq Li auto 3230is the only protocol type which will work. 3231.Pp 3232.Bl -tag -width ".Li x10mouseremote" -compact 3233.It Li microsoft 3234Microsoft mouse (serial) 3235.It Li intellimouse 3236Microsoft IntelliMouse (serial) 3237.It Li mousesystems 3238Mouse systems Corp.\& mouse (serial) 3239.It Li mmseries 3240MM Series mouse (serial) 3241.It Li logitech 3242Logitech mouse (serial) 3243.It Li busmouse 3244A bus mouse 3245.It Li mouseman 3246Logitech MouseMan and TrackMan (serial) 3247.It Li glidepoint 3248ALPS GlidePoint (serial) 3249.It Li thinkingmouse 3250Kensington ThinkingMouse (serial) 3251.It Li ps/2 3252PS/2 mouse 3253.It Li mmhittab 3254MM HitTablet (serial) 3255.It Li x10mouseremote 3256X10 MouseRemote (serial) 3257.It Li versapad 3258Interlink VersaPad (serial) 3259.El 3260.Pp 3261Even if the mouse is not in the above list, it may be compatible 3262with one in the list. 3263Refer to the manual page for 3264.Xr moused 8 3265for compatibility information. 3266.Pp 3267It should also be noted that while this is enabled, any 3268other client of the mouse (such as an X server) should access 3269the mouse through the virtual mouse device, 3270.Pa /dev/sysmouse , 3271and configure it as a 3272.Dq Li sysmouse 3273type mouse, since all 3274mouse data is converted to this single canonical format when 3275using 3276.Xr moused 8 . 3277If the client program does not support the 3278.Dq Li sysmouse 3279type, 3280specify the 3281.Dq Li mousesystems 3282type. 3283It is the second preferred type. 3284.It Va moused_port 3285.Pq Vt str 3286If 3287.Va moused_enable 3288is set to 3289.Dq Li YES , 3290this is the actual port the mouse is on. 3291It might be 3292.Pa /dev/cuau0 3293for a COM1 serial mouse, or 3294.Pa /dev/psm0 3295for a PS/2 mouse, for example. 3296.It Va moused_flags 3297.Pq Vt str 3298If 3299.Va moused_flags 3300is set, its value is used as an additional set of flags to pass to the 3301.Xr moused 8 3302daemon. 3303.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3304When 3305.Va moused_nondefault_enable 3306is enabled, and a 3307.Xr moused 8 3308daemon is started for a non-default port, the 3309.Va "moused_" Ns Ar XXX Ns Va "_flags" 3310set of options has precedence over and replaces the default 3311.Va moused_flags 3312(where 3313.Ar XXX 3314is the name of the non-default port, i.e.,\& 3315.Ar ums0 ) . 3316By setting 3317.Va "moused_" Ns Ar XXX Ns Va "_flags" 3318it is possible to set up a different set of default flags for each 3319.Xr moused 8 3320instance. 3321For example, you can use 3322.Dq Li "-3" 3323for the default 3324.Va moused_flags 3325to make your laptop's touchpad more comfortable to use, 3326but an empty set of options for 3327.Va moused_ums0_flags 3328when your 3329.Xr usb 4 3330mouse has three or more buttons. 3331.It Va mousechar_start 3332.Pq Vt int 3333If set to 3334.Dq Li NO , 3335the default mouse cursor character range 3336.Li 0xd0 Ns - Ns Li 0xd3 3337is used, 3338otherwise the range start is set 3339to 3340.Ar value 3341character, see 3342.Xr vidcontrol 1 . 3343Use if the default range is occupied in the language code table. 3344.It Va allscreens_flags 3345.Pq Vt str 3346If set, 3347.Xr vidcontrol 1 3348is run with these options for each of the virtual terminals 3349.Pq Pa /dev/ttyv* . 3350For example, 3351.Dq Fl m Cm on 3352will enable the mouse pointer on all virtual terminals 3353if 3354.Va moused_enable 3355is set to 3356.Dq Li YES . 3357.It Va allscreens_kbdflags 3358.Pq Vt str 3359If set, 3360.Xr kbdcontrol 1 3361is run with these options for each of the virtual terminals 3362.Pq Pa /dev/ttyv* . 3363For example, 3364.Dq Fl h Li 200 3365will set the 3366.Xr syscons 4 3367or 3368.Xr vt 4 3369scrollback (history) buffer to 200 lines. 3370.It Va cron_enable 3371.Pq Vt bool 3372If set to 3373.Dq Li YES , 3374run the 3375.Xr cron 8 3376daemon at system boot time. 3377.It Va cron_program 3378.Pq Vt str 3379Path to 3380.Xr cron 8 3381(default 3382.Pa /usr/sbin/cron ) . 3383.It Va cron_flags 3384.Pq Vt str 3385If 3386.Va cron_enable 3387is set to 3388.Dq Li YES , 3389these are the flags to pass to 3390.Xr cron 8 . 3391.It Va cron_dst 3392.Pq Vt bool 3393If set to 3394.Dq Li YES , 3395enable the special handling of transitions to and from the 3396Daylight Saving Time in 3397.Xr cron 8 3398(equivalent to using the flag 3399.Fl s ) . 3400.It Va lpd_program 3401.Pq Vt str 3402Path to 3403.Xr lpd 8 3404(default 3405.Pa /usr/sbin/lpd ) . 3406.It Va lpd_enable 3407.Pq Vt bool 3408If set to 3409.Dq Li YES , 3410run the 3411.Xr lpd 8 3412daemon at system boot time. 3413.It Va lpd_flags 3414.Pq Vt str 3415If 3416.Va lpd_enable 3417is set to 3418.Dq Li YES , 3419these are the flags to pass to the 3420.Xr lpd 8 3421daemon. 3422.It Va chkprintcap_enable 3423.Pq Vt bool 3424If set to 3425.Dq Li YES , 3426run the 3427.Xr chkprintcap 8 3428command before starting the 3429.Xr lpd 8 3430daemon. 3431.It Va chkprintcap_flags 3432.Pq Vt str 3433If 3434.Va lpd_enable 3435and 3436.Va chkprintcap_enable 3437are set to 3438.Dq Li YES , 3439these are the flags to pass to the 3440.Xr chkprintcap 8 3441program. 3442The default is 3443.Dq Li -d , 3444which causes missing directories to be created. 3445.It Va mta_start_script 3446.Pq Vt str 3447This variable specifies the full path to the script to run to start 3448a mail transfer agent. 3449The default is 3450.Pa /etc/rc.sendmail . 3451The 3452.Va sendmail_* 3453variables which 3454.Pa /etc/rc.sendmail 3455uses are documented in the 3456.Xr rc.sendmail 8 3457manual page. 3458.It Va dumpdev 3459.Pq Vt str 3460Indicates the device (usually a swap partition) to which a crash dump 3461should be written in the event of a system crash. 3462If the value of this variable is 3463.Dq Li AUTO , 3464the first suitable swap device listed in 3465.Pa /etc/fstab 3466will be used as dump device. 3467Otherwise, the value of this variable is passed as the argument to 3468.Xr dumpon 8 . 3469To disable crash dumps, set this variable to 3470.Dq Li NO . 3471.It Va dumpon_flags 3472.Pq Vt str 3473Flags to pass to 3474.Xr dumpon 8 3475when configuring 3476.Va dumpdev 3477as the system dump device. 3478.It Va dumpdir 3479.Pq Vt str 3480When the system reboots after a crash and a crash dump is found on the 3481device specified by the 3482.Va dumpdev 3483variable, 3484.Xr savecore 8 3485will save that crash dump and a copy of the kernel to the directory 3486specified by the 3487.Va dumpdir 3488variable. 3489The default value is 3490.Pa /var/crash . 3491Set to 3492.Dq Li NO 3493to not run 3494.Xr savecore 8 3495at boot time when 3496.Va dumpdir 3497is set. 3498.It Va savecore_enable 3499.Pq Vt bool 3500If set to 3501.Dq Li NO , 3502disable automatic extraction of the crash dump from the 3503.Va dumpdev . 3504.It Va savecore_flags 3505.Pq Vt str 3506If crash dumps are enabled, these are the flags to pass to the 3507.Xr savecore 8 3508utility. 3509.It Va quota_enable 3510.Pq Vt bool 3511Set to 3512.Dq Li YES 3513to turn on user and group disk quotas on system startup via the 3514.Xr quotaon 8 3515command for all file systems marked as having quotas enabled in 3516.Pa /etc/fstab . 3517The kernel must be built with 3518.Cd "options QUOTA" 3519for disk quotas to function. 3520.It Va check_quotas 3521.Pq Vt bool 3522Set to 3523.Dq Li YES 3524to enable user and group disk quota checking via the 3525.Xr quotacheck 8 3526command. 3527.It Va quotacheck_flags 3528.Pq Vt str 3529If 3530.Va quota_enable 3531is set to 3532.Dq Li YES , 3533and 3534.Va check_quotas 3535is set to 3536.Dq Li YES , 3537these are the flags to pass to the 3538.Xr quotacheck 8 3539utility. 3540The default is 3541.Dq Li "-a" , 3542which checks quotas for all file systems with quotas enabled in 3543.Pa /etc/fstab . 3544.It Va quotaon_flags 3545.Pq Vt str 3546If 3547.Va quota_enable 3548is set to 3549.Dq Li YES , 3550these are the flags to pass to the 3551.Xr quotaon 8 3552utility. 3553The default is 3554.Dq Li "-a" , 3555which enables quotas for all file systems with quotas enabled in 3556.Pa /etc/fstab . 3557.It Va quotaoff_flags 3558.Pq Vt str 3559If 3560.Va quota_enable 3561is set to 3562.Dq Li YES , 3563these are the flags to pass to the 3564.Xr quotaoff 8 3565utility when shutting down the quota system. 3566The default is 3567.Dq Li "-a" , 3568which disables quotas for all file systems with quotas enabled in 3569.Pa /etc/fstab . 3570.It Va accounting_enable 3571.Pq Vt bool 3572Set to 3573.Dq Li YES 3574to enable system accounting through the 3575.Xr accton 8 3576facility. 3577.It Va firstboot_sentinel 3578.Pq Vt str 3579This variable specifies the full path to a 3580.Dq first boot 3581sentinel file. 3582If a file exists with this path, 3583.Pa rc.d 3584scripts with the 3585.Dq firstboot 3586keyword will be run on startup and the sentinel file will be deleted 3587after the boot process completes. 3588The sentinel file must be located on a writable file system which is 3589mounted no later than 3590.Va early_late_divider 3591to function properly. 3592The default is 3593.Pa /firstboot . 3594.It Va linux_enable 3595.Pq Vt bool 3596Set to 3597.Dq Li YES 3598to enable Linux/ELF binary emulation at system initial 3599boot time. 3600.It Va sysvipc_enable 3601.Pq Vt bool 3602If set to 3603.Dq Li YES , 3604load System V IPC primitives at boot time. 3605.It Va clear_tmp_enable 3606.Pq Vt bool 3607Set to 3608.Dq Li YES 3609to have 3610.Pa /tmp 3611cleaned at startup. 3612.It Va clear_tmp_X 3613.Pq Vt bool 3614Set to 3615.Dq Li NO 3616to disable removing of X11 lock files, 3617and the removal and (secure) recreation 3618of the various socket directories for X11 3619related programs. 3620.It Va ldconfig_paths 3621.Pq Vt str 3622Set to the list of shared library paths to use with 3623.Xr ldconfig 8 . 3624NOTE: 3625.Pa /usr/lib 3626will always be added first, so it need not appear in this list. 3627.It Va ldconfig32_paths 3628.Pq Vt str 3629Set to the list of 32-bit compatibility shared library paths to 3630use with 3631.Xr ldconfig 8 . 3632.It Va ldconfig_paths_aout 3633.Pq Vt str 3634Set to the list of shared library paths to use with 3635.Xr ldconfig 8 3636legacy 3637.Xr a.out 5 3638support. 3639.It Va ldconfig_insecure 3640.Pq Vt bool 3641The 3642.Xr ldconfig 8 3643utility normally refuses to use directories 3644which are writable by anyone except root. 3645Set this variable to 3646.Dq Li YES 3647to disable that security check during system startup. 3648.It Va ldconfig_local_dirs 3649.Pq Vt str 3650Set to the list of local 3651.Xr ldconfig 8 3652directories. 3653The names of all files in the directories listed will be 3654passed as arguments to 3655.Xr ldconfig 8 . 3656.It Va ldconfig_local32_dirs 3657.Pq Vt str 3658Set to the list of local 32-bit compatibility 3659.Xr ldconfig 8 3660directories. 3661The names of all files in the directories listed will be 3662passed as arguments to 3663.Dq Nm ldconfig Fl 32 . 3664.It Va kern_securelevel_enable 3665.Pq Vt bool 3666Set to 3667.Dq Li YES 3668to set the kernel security level at system startup. 3669.It Va kern_securelevel 3670.Pq Vt int 3671The kernel security level to set at startup. 3672The allowed range of 3673.Ar value 3674ranges from \-1 (the compile time default) to 3 (the 3675most secure). 3676See 3677.Xr security 7 3678for the list of possible security levels and their effect 3679on system operation. 3680.It Va sshd_program 3681.Pq Vt str 3682Path to the SSH server program 3683.Pa ( /usr/sbin/sshd 3684is the default). 3685.It Va sshd_enable 3686.Pq Vt bool 3687Set to 3688.Dq Li YES 3689to start 3690.Xr sshd 8 3691at system boot time. 3692.It Va sshd_flags 3693.Pq Vt str 3694If 3695.Va sshd_enable 3696is set to 3697.Dq Li YES , 3698these are the flags to pass to the 3699.Xr sshd 8 3700daemon. 3701.It Va ftpd_program 3702.Pq Vt str 3703Path to the FTP server program 3704.Pa ( /usr/libexec/ftpd 3705is the default). 3706.It Va ftpd_enable 3707.Pq Vt bool 3708Set to 3709.Dq Li YES 3710to start 3711.Xr ftpd 8 3712as a stand-alone daemon at system boot time. 3713.It Va ftpd_flags 3714.Pq Vt str 3715If 3716.Va ftpd_enable 3717is set to 3718.Dq Li YES , 3719these are the additional flags to pass to the 3720.Xr ftpd 8 3721daemon. 3722.It Va watchdogd_enable 3723.Pq Vt bool 3724If set to 3725.Dq Li YES , 3726start the 3727.Xr watchdogd 8 3728daemon at boot time. 3729This requires that the kernel have been compiled with a 3730.Xr watchdog 4 3731compatible device. 3732.It Va watchdogd_flags 3733.Pq Vt str 3734If 3735.Va watchdogd_enable 3736is set to 3737.Dq Li YES , 3738these are the flags passed to the 3739.Xr watchdogd 8 3740daemon. 3741.It Va devfs_rulesets 3742.Pq Vt str 3743List of files containing sets of rules for 3744.Xr devfs 8 . 3745.It Va devfs_system_ruleset 3746.Pq Vt str 3747Rule name(s) to apply to the system 3748.Pa /dev 3749itself. 3750.It Va devfs_set_rulesets 3751.Pq Vt str 3752Pairs of already-mounted 3753.Pa dev 3754directories and rulesets that should be applied to them. 3755For example: /mount/dev=ruleset_name 3756.It Va devfs_load_rulesets 3757.Pq Vt bool 3758If set, always load the default rulesets listed in 3759.Va devfs_rulesets . 3760.It Va performance_cx_lowest 3761.Pq Vt str 3762CPU idle state to use while on AC power. 3763The string 3764.Dq Li LOW 3765indicates that 3766.Xr acpi 4 3767should use the lowest power state available while 3768.Dq Li HIGH 3769indicates that the lowest latency state (less power savings) should be used. 3770.It Va performance_cpu_freq 3771.Pq Vt str 3772CPU clock frequency to use while on AC power. 3773The string 3774.Dq Li LOW 3775indicates that 3776.Xr cpufreq 4 3777should use the lowest frequency available while 3778.Dq Li HIGH 3779indicates that the highest frequency (less power savings) should be used. 3780.It Va economy_cx_lowest 3781.Pq Vt str 3782CPU idle state to use when off AC power. 3783The string 3784.Dq Li LOW 3785indicates that 3786.Xr acpi 4 3787should use the lowest power state available while 3788.Dq Li HIGH 3789indicates that the lowest latency state (less power savings) should be used. 3790.It Va economy_cpu_freq 3791.Pq Vt str 3792CPU clock frequency to use when off AC power. 3793The string 3794.Dq Li LOW 3795indicates that 3796.Xr cpufreq 4 3797should use the lowest frequency available while 3798.Dq Li HIGH 3799indicates that the highest frequency (less power savings) should be used. 3800.It Va jail_enable 3801.Pq Vt bool 3802If set to 3803.Dq Li NO , 3804any configured jails will not be started. 3805.It Va jail_conf 3806.Pq Vt str 3807The configuration filename used by 3808.Xr jail 8 3809utility. 3810The default value is 3811.Pa /etc/jail.conf . 3812.It Va jail_parallel_start 3813.Pq Vt bool 3814If set to 3815.Dq Li YES , 3816all configured jails will be started in the background (in parallel). 3817.It Va jail_flags 3818.Pq Vt str 3819Unset by default. 3820When set, use as default value for 3821.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3822for every jail in 3823.Va jail_list . 3824.It Va jail_list 3825.Pq Vt str 3826A space-delimited list of jail names. 3827When left empty, all of the 3828.Xr jail 8 3829instances defined in the configuration file are started. 3830The names specified in this list control the jail startup order. 3831.Xr jail 8 3832instances missing from 3833.Va jail_list 3834must be started manually. 3835Note that a jail's 3836.Va depend 3837parameter in the configuration file may override this list. 3838.It Va jail_reverse_stop 3839.Pq Vt bool 3840When set to 3841.Dq Li YES , 3842all configured jails in 3843.Va jail_list 3844are stopped in reverse order. 3845.It Va jail_* variables 3846Note that older releases supported per-jail configuration via 3847.Nm 3848variables. 3849For example, 3850hostname of a jail named 3851.Li vjail 3852was able to be set by 3853.Li jail_vjail_hostname . 3854These per-jail configuration variables are now obsolete in favor of 3855.Xr jail 8 3856configuration file. 3857For backward compatibility, 3858when per-jail configuration variables are defined, 3859.Xr jail 8 3860configuration files are created as 3861.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3862and used. 3863.Pp 3864The following per-jail parameters are handled by 3865.Pa rc.d/jail 3866script out of their corresponding 3867.Nm 3868variables. 3869In addition to them, parameters in 3870.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3871will be added to the configuration file. 3872They must be a semi-colon 3873.Pq Ql \&; 3874delimited list of 3875.Dq key=value . 3876For more details, 3877see 3878.Xr jail 8 3879manual page. 3880.Bl -tag -width "host.hostname" -offset indent 3881.It Li path 3882set from 3883.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3884.It Li host.hostname 3885set from 3886.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3887.It Li exec.consolelog 3888set from 3889.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3890The default value is 3891.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3892.It Li interface 3893set from 3894.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3895.It Li vnet.interface 3896set from 3897.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3898This implies 3899.Li vnet 3900parameter will be enabled and cannot be specified with 3901.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3902.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3903and/or 3904.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3905at the same time. 3906.It Li fstab 3907set from 3908.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3909.It Li mount 3910set from 3911.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3912.It Li exec.fib 3913set from 3914.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3915.It Li exec.start 3916set from 3917.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3918The parameter name was 3919.Li command 3920in some older releases. 3921.It Li exec.prestart 3922set from 3923.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3924.It Li exec.poststart 3925set from 3926.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3927.It Li exec.stop 3928set from 3929.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3930.It Li exec.prestop 3931set from 3932.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3933.It Li exec.poststop 3934set from 3935.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3936.It Li ip4.addr 3937set if 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3939or 3940.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3941contain IPv4 addresses 3942.It Li ip6.addr 3943set if 3944.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3945or 3946.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3947contain IPv6 addresses 3948.It Li allow.mount 3949set from 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3951.It Li mount.devfs 3952set from 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3954.It Li devfs_ruleset 3955set from 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3957This must be an integer, 3958not a string. 3959.It Li mount.fdescfs 3960set from 3961.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3962.It Li allow.set_hostname 3963set from 3964.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3965.It Li allow.rawsocket 3966set from 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3968.It Li allow.sysvipc 3969set from 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3971.El 3972.\" ----------------------------------------------------- 3973.It Va harvest_mask 3974.Pq Vt int 3975Set to a bit-mask 3976representing the entropy sources 3977you wish to harvest. 3978Refer to 3979.Xr random 4 3980for more information. 3981.It Va entropy_dir 3982.Pq Vt str 3983Set to 3984.Dq Li NO 3985to disable caching entropy via 3986.Xr cron 8 . 3987Otherwise set to the directory 3988in which the entropy files are stored. 3989To be useful, 3990there must be 3991a system cron job 3992that regularly writes and rotates 3993files here. 3994All files found 3995will be used at boot time. 3996The default is 3997.Pa /var/db/entropy . 3998.It Va entropy_file 3999.Pq Vt str 4000Set to 4001.Dq Li NO 4002to disable caching entropy through reboots. 4003Otherwise set to the name 4004of a file used to store cached entropy. 4005This file should be located 4006on a file system that is readable 4007before all the volumes specified in 4008.Xr fstab 5 4009are mounted. 4010By default, 4011.Pa /entropy 4012is used, 4013but if 4014.Pa /var/db/entropy-file 4015is found it will also be used. 4016This will be of some use to 4017.Xr bsdinstall 8 . 4018.It Va entropy_boot_file 4019.Pq Vt str 4020Set to 4021.Dq Li NO 4022to disable 4023very early caching entropy 4024through reboots. 4025Otherwise set to the filename 4026used to read 4027very early reboot cached entropy. 4028This file should be located where 4029.Xr loader 8 4030can read it. 4031See also 4032.Xr loader.conf 5 . 4033The default location is 4034.Pa /boot/entropy . 4035.It Va entropy_save_sz 4036.Pq Vt int 4037Size of the entropy cache files saved by 4038.Nm save-entropy 4039periodically. 4040.It Va entropy_save_num 4041.Pq Vt int 4042Number of entropy cache files to save by 4043.Nm save-entropy 4044periodically. 4045.It Va ipsec_enable 4046.Pq Vt bool 4047Set to 4048.Dq Li YES 4049to run 4050.Xr setkey 8 4051on 4052.Va ipsec_file 4053at boot time. 4054.It Va ipsec_file 4055.Pq Vt str 4056Configuration file for 4057.Xr setkey 8 . 4058.It Va dmesg_enable 4059.Pq Vt bool 4060Set to 4061.Dq Li YES 4062to save 4063.Xr dmesg 8 4064to 4065.Pa /var/run/dmesg.boot 4066on boot. 4067.It Va rcshutdown_timeout 4068.Pq Vt int 4069If set, start a watchdog timer in the background which will terminate 4070.Pa rc.shutdown 4071if 4072.Xr shutdown 8 4073has not completed within the specified time (in seconds). 4074Notice that in addition to this soft timeout, 4075.Xr init 8 4076also applies a hard timeout for the execution of 4077.Pa rc.shutdown . 4078This is configured via 4079.Xr sysctl 8 4080variable 4081.Va kern.init_shutdown_timeout 4082and defaults to 120 seconds. 4083Setting the value of 4084.Va rcshutdown_timeout 4085to more than 120 seconds will have no effect until the 4086.Xr sysctl 8 4087variable 4088.Va kern.init_shutdown_timeout 4089is also increased. 4090.It Va virecover_enable 4091.Pq Vt bool 4092Set to 4093.Dq Li NO 4094to prevent the system from trying to 4095recover pre-maturely terminated 4096.Xr vi 1 4097sessions. 4098.It Va ugidfw_enable 4099.Pq Vt bool 4100Set to 4101.Dq Li YES 4102to load the 4103.Xr mac_bsdextended 4 4104module upon system initialization and load a default 4105ruleset file. 4106.It Va bsdextended_script 4107.Pq Vt str 4108The default 4109.Xr mac_bsdextended 4 4110ruleset file to load. 4111The default value of this variable is 4112.Pa /etc/rc.bsdextended . 4113.It Va newsyslog_enable 4114.Pq Vt bool 4115If set to 4116.Dq Li YES , 4117run 4118.Xr newsyslog 8 4119command at startup. 4120.It Va newsyslog_flags 4121.Pq Vt str 4122If 4123.Va newsyslog_enable 4124is set to 4125.Dq Li YES , 4126these are the flags to pass to the 4127.Xr newsyslog 8 4128program. 4129The default is 4130.Dq Li -CN , 4131which causes log files flagged with a 4132.Cm C 4133to be created. 4134.It Va mdconfig_md Ns Aq Ar X 4135.Pq Vt str 4136Arguments to 4137.Xr mdconfig 8 4138for 4139.Xr md 4 4140device 4141.Ar X . 4142At minimum a 4143.Fl t Ar type 4144must be specified and either a 4145.Fl s Ar size 4146for malloc or swap backed 4147.Xr md 4 4148devices or a 4149.Fl f Ar file 4150for vnode backed 4151.Xr md 4 4152devices. 4153Note that 4154.Va mdconfig_md Ns Aq Ar X 4155variables are evaluated until one variable is unset or null. 4156.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4157.Pq Vt str 4158Optional arguments passed to 4159.Xr newfs 8 4160to initialize 4161.Xr md 4 4162device 4163.Ar X . 4164.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4165.Pq Vt str 4166An ownership specification passed to 4167.Xr chown 8 4168after the specified 4169.Xr md 4 4170device 4171.Ar X 4172has been mounted. 4173Both the 4174.Xr md 4 4175device and the mount point will be changed. 4176.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4177.Pq Vt str 4178A mode string passed to 4179.Xr chmod 1 4180after the specified 4181.Xr md 4 4182device 4183.Ar X 4184has been mounted. 4185Both the 4186.Xr md 4 4187device and the mount point will be changed. 4188.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4189.Pq Vt str 4190Files to be copied to the mount point of the 4191.Xr md 4 4192device 4193.Ar X 4194after it has been mounted. 4195.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4196.Pq Vt str 4197Command to execute after the specified 4198.Xr md 4 4199device 4200.Ar X 4201has been mounted. 4202Note that the command is passed to 4203.Ic eval 4204and that both 4205.Va _dev 4206and 4207.Va _mp 4208variables can be used to reference respectively the 4209.Xr md 4 4210device and the mount point. 4211Assuming that the 4212.Xr md 4 4213device is 4214.Li md0 , 4215one could set the following: 4216.Bd -literal 4217mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4218.Ed 4219.It Va autobridge_interfaces 4220.Pq Vt str 4221Set to the list of bridge interfaces that will have newly arriving interfaces 4222checked against to be automatically added. 4223If not set to 4224.Dq Li NO 4225then for each whitespace separated 4226.Ar element 4227in the value, a 4228.Va autobridge_ Ns Aq Ar element 4229variable is assumed to exist which has a whitespace separated list of interface 4230names to match, these names can use wildcards. 4231For example: 4232.Bd -literal 4233autobridge_interfaces="bridge0" 4234autobridge_bridge0="tap* dc0 vlan[345]" 4235.Ed 4236.It Va mixer_enable 4237.Pq Vt bool 4238If set to 4239.Dq Li YES , 4240enable support for sound mixer. 4241.It Va hcsecd_enable 4242.Pq Vt bool 4243If set to 4244.Dq Li YES , 4245enable Bluetooth security daemon. 4246.It Va hcsecd_config 4247.Pq Vt str 4248Configuration file for 4249.Xr hcsecd 8 . 4250Default 4251.Pa /etc/bluetooth/hcsecd.conf . 4252.It Va sdpd_enable 4253.Pq Vt bool 4254If set to 4255.Dq Li YES , 4256enable Bluetooth Service Discovery Protocol daemon. 4257.It Va sdpd_control 4258.Pq Vt str 4259Path to 4260.Xr sdpd 8 4261control socket. 4262Default 4263.Pa /var/run/sdp . 4264.It Va sdpd_groupname 4265.Pq Vt str 4266Sets 4267.Xr sdpd 8 4268group to run as after it initializes. 4269Default 4270.Dq Li nobody . 4271.It Va sdpd_username 4272.Pq Vt str 4273Sets 4274.Xr sdpd 8 4275user to run as after it initializes. 4276Default 4277.Dq Li nobody . 4278.It Va bthidd_enable 4279.Pq Vt bool 4280If set to 4281.Dq Li YES , 4282enable Bluetooth Human Interface Device daemon. 4283.It Va bthidd_config 4284.Pq Vt str 4285Configuration file for 4286.Xr bthidd 8 . 4287Default 4288.Pa /etc/bluetooth/bthidd.conf . 4289.It Va bthidd_hids 4290.Pq Vt str 4291Path to a file, where 4292.Xr bthidd 8 4293will store information about known HID devices. 4294Default 4295.Pa /var/db/bthidd.hids . 4296.It Va rfcomm_pppd_server_enable 4297.Pq Vt bool 4298If set to 4299.Dq Li YES , 4300enable Bluetooth RFCOMM PPP wrapper daemon. 4301.It Va rfcomm_pppd_server_profile 4302.Pq Vt str 4303The name of the profile to use from 4304.Pa /etc/ppp/ppp.conf . 4305Multiple profiles can be specified here. 4306Also used to specify per-profile overrides. 4307When the profile name contains any of the characters 4308.Dq Li .-/+ 4309they are translated to 4310.Dq Li _ 4311for the proposes of the override variable names. 4312.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4313.Pq Vt str 4314Overrides local address to listen on. 4315By default 4316.Xr rfcomm_pppd 8 4317will listen on 4318.Dq Li ANY 4319address. 4320The address can be specified as BD_ADDR or name. 4321.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4322.Pq Vt str 4323Overrides local RFCOMM channel to listen on. 4324By default 4325.Xr rfcomm_pppd 8 4326will listen on RFCOMM channel 1. 4327Must set properly if multiple profiles used in the same time. 4328.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4329.Pq Vt bool 4330Tells 4331.Xr rfcomm_pppd 8 4332if it should register Serial Port service on the specified RFCOMM channel. 4333Default 4334.Dq Li NO . 4335.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4336.Pq Vt bool 4337Tells 4338.Xr rfcomm_pppd 8 4339if it should register Dial-Up Networking service on the specified 4340RFCOMM channel. 4341Default 4342.Dq Li NO . 4343.It Va ubthidhci_enable 4344.Pq Vt bool 4345If set to 4346.Dq Li YES , 4347change the USB Bluetooth controller from HID mode to HCI mode. 4348You also need to specify the location of USB Bluetooth controller with the 4349.Va ubthidhci_busnum 4350and 4351.Va ubthidhci_addr 4352variables. 4353.It Va ubthidhci_busnum 4354Bus number where the USB Bluetooth controller is located. 4355Check the output of 4356.Xr usbconfig 8 4357on your system to find this information. 4358.It Va ubthidhci_addr 4359Bus address of the USB Bluetooth controller. 4360Check the output of 4361.Xr usbconfig 8 4362on your system to find this information. 4363.It Va netwait_enable 4364.Pq Vt bool 4365If set to 4366.Dq Li YES , 4367delays the start of network-reliant services until 4368.Va netwait_if 4369is up and ICMP packets to a destination defined in 4370.Va netwait_ip 4371are flowing. 4372Link state is examined first, followed by 4373.Dq Li pinging 4374an IP address to verify network usability. 4375If no destination can be reached or timeouts are exceeded, 4376network services are started anyway with no guarantee that 4377the network is usable. 4378Use of this variable requires both 4379.Va netwait_ip 4380and 4381.Va netwait_if 4382to be set. 4383.It Va netwait_ip 4384.Pq Vt str 4385Empty by default. 4386This variable contains a space-delimited list of IP addresses to 4387.Xr ping 8 . 4388DNS hostnames should not be used as resolution is not guaranteed 4389to be functional at this point. 4390If multiple IP addresses are specified, 4391each will be tried until one is successful or the list is exhausted. 4392.It Va netwait_timeout 4393.Pq Vt int 4394Indicates the total number of seconds to perform a 4395.Dq Li ping 4396against each IP address in 4397.Va netwait_ip , 4398at a rate of one ping per second. 4399If any of the pings are successful, 4400full network connectivity is considered reliable. 4401The default is 60. 4402.It Va netwait_if 4403.Pq Vt str 4404Empty by default. 4405Defines the name of the network interface on which watch for link. 4406.Xr ifconfig 8 4407is used to monitor the interface, looking for 4408.Dq Li status: no carrier . 4409Once gone, the link is considered up. 4410This can be a 4411.Xr vlan 4 4412interface if desired. 4413.It Va netwait_if_timeout 4414.Pq Vt int 4415Defines the total number of seconds to wait for link to become usable, 4416polled at a 1-second interval. 4417The default is 30. 4418.It Va rctl_enable 4419.Pq Vt bool 4420If set to 4421.Dq Li YES , 4422load 4423.Xr rctl 8 4424rules from the defined ruleset. 4425The kernel must be built with 4426.Cd "options RACCT" 4427and 4428.Cd "options RCTL" . 4429.It Va rctl_rules 4430.Pq Vt str 4431Set to 4432.Pa /etc/rctl.conf 4433by default. 4434This variables contains the 4435.Xr rctl.conf 5 4436ruleset to load for 4437.Xr rctl 8 . 4438.It Va iovctl_files 4439.Pq Vt str 4440A space-separated list of configuration files used by 4441.Xr iovctl 8 . 4442The default value is an empty string. 4443.It Va autofs_enable 4444.Pq Vt bool 4445If set to 4446.Dq Li YES , 4447start the 4448.Xr automount 8 4449utility and the 4450.Xr automountd 8 4451and 4452.Xr autounmountd 8 4453daemons at boot time. 4454.It Va automount_flags 4455.Pq Vt str 4456If 4457.Va autofs_enable 4458is set to 4459.Dq Li YES , 4460these are the flags to pass to the 4461.Xr automount 8 4462program. 4463By default no flags are passed. 4464.It Va automountd_flags 4465.Pq Vt str 4466If 4467.Va autofs_enable 4468is set to 4469.Dq Li YES , 4470these are the flags to pass to the 4471.Xr automountd 8 4472daemon. 4473By default no flags are passed. 4474.It Va autounmountd_flags 4475.Pq Vt str 4476If 4477.Va autofs_enable 4478is set to 4479.Dq Li YES , 4480these are the flags to pass to the 4481.Xr autounmountd 8 4482daemon. 4483By default no flags are passed. 4484.It Va ctld_enable 4485.Pq Vt bool 4486If set to 4487.Dq Li YES , 4488start the 4489.Xr ctld 8 4490daemon at boot time. 4491.It Va iscsid_enable 4492.Pq Vt bool 4493If set to 4494.Dq Li YES , 4495start the 4496.Xr iscsid 8 4497daemon at boot time. 4498.It Va iscsictl_enable 4499.Pq Vt bool 4500If set to 4501.Dq Li YES , 4502start the 4503.Xr iscsictl 8 4504utility at boot time. 4505.It Va iscsictl_flags 4506.Pq Vt str 4507If 4508.Va iscsictl_enable 4509is set to 4510.Dq Li YES , 4511these are the flags to pass to the 4512.Xr iscsictl 8 4513program. 4514The default is 4515.Dq Li -Aa , 4516which configures sessions based on the 4517.Pa /etc/iscsi.conf 4518configuration file. 4519.It Va cfumass_enable 4520.Pq Vt bool 4521If set to 4522.Dq Li YES , 4523create and export an USB LUN using 4524.Xr cfumass 4 4525at boot time. 4526.It Va cfumass_dir 4527.Pq Vt str 4528The directory where the files exported by USB LUN are located. 4529The default directory is 4530.Pa /var/cfumass . 4531.It Va service_delete_empty 4532.Pq Vt bool 4533If set to 4534.Dq Li YES , 4535.Ql Li service delete 4536removes empty 4537.Dq Li rc.conf.d 4538files. 4539.El 4540.Sh FILES 4541.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4542.It Pa /etc/defaults/rc.conf 4543.It Pa /etc/rc.conf 4544.It Pa /etc/rc.conf.local 4545.El 4546.Sh SEE ALSO 4547.Xr chmod 1 , 4548.Xr gdb 1 , 4549.Xr info 1 , 4550.Xr kbdcontrol 1 , 4551.Xr makewhatis 1 , 4552.Xr sh 1 , 4553.Xr vi 1 , 4554.Xr vidcontrol 1 , 4555.Xr bridge 4 , 4556.Xr dummynet 4 , 4557.Xr ip 4 , 4558.Xr ipf 4 , 4559.Xr ipfw 4 , 4560.Xr ipnat 4 , 4561.Xr kld 4 , 4562.Xr pf 4 , 4563.Xr pflog 4 , 4564.Xr pfsync 4 , 4565.Xr tcp 4 , 4566.Xr udp 4 , 4567.Xr exports 5 , 4568.Xr fstab 5 , 4569.Xr ipf 5 , 4570.Xr ipnat 5 , 4571.Xr jail.conf 5 , 4572.Xr loader.conf 5 , 4573.Xr motd 5 , 4574.Xr newsyslog.conf 5 , 4575.Xr pf.conf 5 , 4576.Xr security 7 , 4577.Xr accton 8 , 4578.Xr amd 8 , 4579.Xr apm 8 , 4580.Xr bsdinstall 8 , 4581.Xr bthidd 8 , 4582.Xr chkprintcap 8 , 4583.Xr chown 8 , 4584.Xr cron 8 , 4585.Xr devfs 8 , 4586.Xr dhclient 8 , 4587.Xr ftpd 8 , 4588.Xr geli 8 , 4589.Xr hcsecd 8 , 4590.Xr ifconfig 8 , 4591.Xr inetd 8 , 4592.Xr iovctl 8 , 4593.Xr ipf 8 , 4594.Xr ipfw 8 , 4595.Xr ipnat 8 , 4596.Xr jail 8 , 4597.Xr kldxref 8 , 4598.Xr loader 8 , 4599.Xr lpd 8 , 4600.Xr mdconfig 8 , 4601.Xr mdmfs 8 , 4602.Xr mixer 8 , 4603.Xr mountd 8 , 4604.Xr moused 8 , 4605.Xr newfs 8 , 4606.Xr newsyslog 8 , 4607.Xr nfsd 8 , 4608.Xr ntpd 8 , 4609.Xr ntpdate 8 , 4610.Xr pfctl 8 , 4611.Xr pflogd 8 , 4612.Xr ping 8 , 4613.Xr powerd 8 , 4614.Xr quotacheck 8 , 4615.Xr quotaon 8 , 4616.Xr rc 8 , 4617.Xr rc.sendmail 8 , 4618.Xr rfcomm_pppd 8 , 4619.Xr route 8 , 4620.Xr routed 8 , 4621.Xr rpc.lockd 8 , 4622.Xr rpc.statd 8 , 4623.Xr rpcbind 8 , 4624.Xr rwhod 8 , 4625.Xr savecore 8 , 4626.Xr sdpd 8 , 4627.Xr service 8 , 4628.Xr sshd 8 , 4629.Xr swapon 8 , 4630.Xr sysctl 8 , 4631.Xr syslogd 8 , 4632.Xr sysrc 8 , 4633.Xr timed 8 , 4634.Xr unbound 8 , 4635.Xr usbconfig 8 , 4636.Xr wlandebug 8 , 4637.Xr yp 8 , 4638.Xr ypbind 8 , 4639.Xr ypserv 8 , 4640.Xr ypset 8 4641.Sh HISTORY 4642The 4643.Nm 4644file appeared in 4645.Fx 2.2.2 . 4646.Sh AUTHORS 4647.An Jordan K. Hubbard . 4648