xref: /freebsd/share/man/man5/rc.conf.5 (revision 6af83ee0d2941d18880b6aaa2b4facd1d30c6106) 
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd November 9, 2004
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility,
42.Xr sysinstall 8 .
43.Pp
44The purpose of
45.Nm
46is not to run commands or perform system startup actions
47directly.
48Instead, it is included by the
49various generic startup scripts in
50.Pa /etc
51which conditionalize their
52internal actions according to the settings found there.
53.Pp
54The
55.Pa /etc/rc.conf
56file is included from the file
57.Pa /etc/defaults/rc.conf ,
58which specifies the default settings for all the available options.
59Options need only be specified in
60.Pa /etc/rc.conf
61when the system administrator wishes to override these defaults.
62The file
63.Pa /etc/rc.conf.local
64is used to override settings in
65.Pa /etc/rc.conf
66for historical reasons.
67See the
68.Va rc_conf_files
69variable below.
70.Pp
71The following list provides a name and short description for each
72variable that can be set in the
73.Nm
74file:
75.Bl -tag -width indent-two
76.It Va rc_debug
77.Pq Vt bool
78If set to
79.Dq Li YES ,
80enable output of debug messages from rc scripts.
81This variable can be helpful in diagnosing mistakes when
82editing or integrating new scripts.
83Beware that this produces copious output to the terminal and
84.Xr syslog 3 .
85.It Va rc_info
86.Pq Vt bool
87If set to
88.Dq Li NO ,
89disable informational messages from the rc scripts.
90Informational messages are displayed when
91a condition that is not serious enough to warrant a warning or
92an error occurs.
93.It Va swapfile
94.Pq Vt str
95If set to
96.Dq Li NO ,
97no swapfile is installed, otherwise the value is used as the full
98pathname to a file to use for additional swap space.
99.It Va apm_enable
100.Pq Vt bool
101If set to
102.Dq Li YES ,
103enable support for Automatic Power Management with
104the
105.Xr apm 8
106command.
107.It Va apmd_enable
108.Pq Vt bool
109Run
110.Xr apmd 8
111to handle APM event from userland.
112This also enables support for APM.
113.It Va apmd_flags
114.Pq Vt str
115If
116.Va apmd_enable
117is set to
118.Dq Li YES ,
119these are the flags to pass to the
120.Xr apmd 8
121daemon.
122.It Va devd_enable
123.Pq Vt bool
124Run
125.Xr devd 8
126to handle device added, removed or unknown events from the kernel.
127.It Va kldxref_enable
128.Pq Vt bool
129Set to
130.Dq Li NO
131by default.
132Set to
133.Dq Li YES
134to automatically rebuild
135.Pa linker.hints
136files with
137.Xr kldxref 8
138at boot time.
139.It Va kldxref_clobber
140.Pq Vt bool
141Set to
142.Dq Li NO
143by default.
144If
145.Va kldxref_enable
146is true,
147setting to
148.Dq Li YES
149will overwrite existing
150.Pa linker.hints
151files at boot time.
152Otherwise,
153only missing
154.Pa linker.hints
155files are generated.
156.It Va kldxref_module_path
157.Pq Vt str
158Empty by default.
159A semi-colon
160.Pq Ql \&;
161delimited list of paths containing
162.Xr kld 4
163modules.
164If empty,
165the contents of the
166.Va kern.module_path
167.Xr sysctl 8
168are used.
169.It Va pccard_enable
170.Pq Vt bool
171If set to
172.Dq Li YES ,
173enable PCCARD support at boot time.
174.It Va pccard_mem
175.Pq Vt str
176Set to PCCARD controller memory address or
177.Dq Li DEFAULT
178for the default value.
179.It Va pccard_ifconfig
180.Pq Vt str
181List of arguments to be passed to
182.Xr ifconfig 8
183at boot time or on
184insertion of the card (e.g.\&
185.Dq Cm inet Li 192.168.1.1 Cm netmask Li 255.255.255.0
186for a fixed address or
187.Dq Li DHCP
188for a DHCP client).
189.It Va pccard_beep
190.Pq Vt int
191If 0,
192set the PCCARD controller to silent mode.
193If 1,
194set it to beep mode.
195If 2,
196set it to melody mode.
197.It Va pccard_conf
198.Pq Vt str
199Path to the configuration file for the
200.Xr pccardd 8
201daemon (e.g.\&
202.Pa /etc/pccard.conf.sample ) .
203.It Va pccardd_flags
204.Pq Vt str
205If
206.Va pccard_enable
207is set to
208.Dq Li YES ,
209these are the flags to pass to the
210.Xr pccardd 8
211daemon.
212.It Va pccard_ether_delay
213.Pq Vt str
214Set the delay before starting
215.Xr dhclient 8
216in the
217.Pa /etc/pccard_ether
218script.
219This defaults to 5 seconds to work around a bug in the
220.Xr ed 4
221driver which can lead to system hangs when using some newer
222.Xr ed 4
223based cards.
224.It Va removable_interfaces
225.Pq Vt str
226List of removable network interfaces to be supported by
227.Pa /etc/pccard_ether .
228.It Va tmpmfs
229Controls the creation of a
230.Pa /tmp
231memory file system.
232Always happens if set to
233.Dq Li YES
234and never happens if set to
235.Dq Li NO .
236If set to anything else, a memory file system is created if
237.Pa /tmp
238is not writable.
239.It Va tmpsize
240Controls the size of a created
241.Pa /tmp
242memory file system.
243.It Va tmpmfs_flags
244Extra options passed to the
245.Xr mdmfs 8
246utility when the memory file system for
247.Pa /tmp
248is created.
249The default is
250.Dq Li -S ,
251which inhibits the use of softupdates on
252.Pa /tmp
253to waste as little space as possible.
254See
255.Xr mdmfs 8
256for other options you can use in
257.Va tmpmfs_flags .
258.It Va varmfs
259Controls the creation of a
260.Pa /var
261memory file system.
262Always happens if set to
263.Dq Li YES
264and never happens if set to
265.Dq Li NO .
266If set to anything else, a memory file system is created if
267.Pa /var
268is not writable.
269.It Va varsize
270Controls the size of a created
271.Pa /var
272memory file system.
273.It Va varmfs_flags
274Extra options passed to the
275.Xr mdmfs 8
276utility when the memory file system for
277.Pa /var
278is created.
279The default is
280.Dq Li -S ,
281which inhibits the use of softupdates on
282.Pa /var
283to waste as little space as possible.
284See
285.Xr mdmfs 8
286for other options you can use in
287.Va varmfs_flags .
288.It Va populate_var
289Controls the automatic population of the
290.Pa /var
291file system.
292Always happens if set to
293.Dq Li YES
294and never happens if set to
295.Dq Li NO .
296If set to anything else, a memory file system is created if
297.Pa /var
298is not writable.
299Note that this process requires access to certain commands in
300.Pa /usr
301before
302.Pa /usr
303is mounted on normal systems.
304.It Va local_startup
305.Pq Vt str
306List of directories to search for startup script files.
307.It Va script_name_sep
308.Pq Vt str
309The field separator to use for breaking down the list of startup script files
310into individual filenames.
311The default is a space.
312It is not necessary to change this unless there are startup scripts with names
313containing spaces.
314.It Va hostname
315.Pq Vt str
316The fully qualified domain name (FQDN) of this host on the network.
317This should almost certainly be set to something meaningful, even if
318there is no network connection.
319If
320.Xr dhclient 8
321is used to set the hostname via DHCP,
322this variable should be set to an empty string.
323.It Va ipv6_enable
324.Pq Vt bool
325Enable support for IPv6 networking.
326Note that this requires that the kernel have been compiled with
327.Cd "options INET6" .
328.It Va nisdomainname
329.Pq Vt str
330The NIS domain name of this host, or
331.Dq Li NO
332if NIS is not used.
333.It Va dhclient_program
334.Pq Vt str
335Path to the DHCP client program
336.Pa ( /sbin/dhclient ,
337the ISC DHCP client,
338is the default).
339.It Va dhclient_flags
340.Pq Vt str
341Additional flags to pass to the DHCP client program.
342For the ISC DHCP client, see the
343.Xr dhclient 8
344manpage for a description of the command line options available.
345.It Va background_dhclient
346.Pq Vt bool
347Set to
348.Dq Li YES
349to start the dhcp client in background.
350This can cause trouble with applications depending on
351a working network, but it will provide a faster startup
352in many cases.
353.It Va firewall_enable
354.Pq Vt bool
355Set to
356.Dq Li YES
357to load firewall rules at startup.
358If the kernel was not built with
359.Cd "options IPFIREWALL" ,
360the
361.Pa ipfw.ko
362kernel module will be loaded.
363See also
364.Va ipfilter_enable .
365.It Va ipv6_firewall_enable
366.Pq Vt bool
367The IPv6 equivalent of
368.Va firewall_enable .
369Set to
370.Dq Li YES
371to load IPv6 firewall rules at startup.
372If the kernel was not built with
373.Cd "options IPV6FIREWALL" ,
374the
375.Pa ip6fw.ko
376kernel module will be loaded.
377.It Va firewall_script
378.Pq Vt str
379This variable specifies the full path to the firewall script to run.
380The default is
381.Pa /etc/rc.firewall .
382.It Va ipv6_firewall_script
383.Pq Vt str
384The IPv6 equivalent of
385.Va firewall_script .
386.It Va firewall_type
387.Pq Vt str
388Names the firewall type from the selection in
389.Pa /etc/rc.firewall ,
390or the file which contains the local firewall ruleset.
391Valid selections from
392.Pa /etc/rc.firewall
393are:
394.Pp
395.Bl -tag -width ".Li simple" -compact
396.It Li open
397unrestricted IP access
398.It Li closed
399all IP services disabled, except via
400.Dq Li lo0
401.It Li client
402basic protection for a workstation
403.It Li simple
404basic protection for a LAN.
405.El
406.Pp
407If a filename is specified, the full path
408must be given.
409.It Va ipv6_firewall_type
410.Pq Vt str
411The IPv6 equivalent of
412.Va firewall_type .
413.It Va firewall_quiet
414.Pq Vt bool
415Set to
416.Dq Li YES
417to disable the display of firewall rules on the console during boot.
418.It Va ipv6_firewall_quiet
419.Pq Vt bool
420The IPv6 equivalent of
421.Va firewall_quiet .
422.It Va firewall_logging
423.Pq Vt bool
424Set to
425.Dq Li YES
426to enable firewall event logging.
427This is equivalent to the
428.Dv IPFIREWALL_VERBOSE
429kernel option.
430.It Va ipv6_firewall_logging
431.Pq Vt bool
432The IPv6 equivalent of
433.Va firewall_logging .
434.It Va firewall_flags
435.Pq Vt str
436Flags passed to
437.Xr ipfw 8
438if
439.Va firewall_type
440specifies a filename.
441.It Va ipv6_firewall_flags
442.Pq Vt str
443The IPv6 equivalent of
444.Va firewall_flags .
445.It Va natd_program
446.Pq Vt str
447Path to
448.Xr natd 8 .
449.It Va natd_enable
450.Pq Vt bool
451Set to
452.Dq Li YES
453to enable
454.Xr natd 8 .
455.Va firewall_enable
456must also be set to
457.Dq Li YES ,
458and
459.Xr divert 4
460sockets must be enabled in the kernel.
461If the kernel was not built with
462.Cd "options IPDIVERT" ,
463the
464.Pa ipdivert.ko
465kernel module will be loaded.
466.It Va natd_interface
467.Pq Vt str
468This is the name of the public interface on which
469.Xr natd 8
470should run.
471The interface may be given as an interface name or as an IP address.
472.It Va natd_flags
473.Pq Vt str
474Additional
475.Xr natd 8
476flags should be placed here.
477The
478.Fl n
479or
480.Fl a
481flag is automatically added with the above
482.Va natd_interface
483as an argument.
484.\" ----- ipfilter_enable setting --------------------------------
485.It Va ipfilter_enable
486.Pq Vt bool
487Set to
488.Dq Li NO
489by default.
490Setting this to
491.Dq Li YES
492enables
493.Xr ipf 8
494packet filtering.
495.Pp
496Typical usage will require putting
497.Bd -literal
498ipfilter_enable="YES"
499ipnat_enable="YES"
500ipmon_enable="YES"
501ipfs_enable="YES"
502.Ed
503.Pp
504into
505.Pa /etc/rc.conf
506and editing
507.Pa /etc/ipf.rules
508and
509.Pa /etc/ipnat.rules
510appropriately.
511.Pp
512Note that
513.Va ipfilter_enable
514and
515.Va ipnat_enable
516can be enabled independently.
517.Va ipmon_enable
518and
519.Va ipfs_enable
520both require at least one of
521.Va ipfilter_enable
522and
523.Va ipnat_enable
524to be enabled.
525.Pp
526Having
527.Bd -literal
528options IPFILTER
529options IPFILTER_LOG
530options IPFILTER_DEFAULT_BLOCK
531.Ed
532.Pp
533in the kernel configuration file is a good idea, too.
534.\" ----- ipfilter_program setting ------------------------------
535.It Va ipfilter_program
536.Pq Vt str
537Path to
538.Xr ipf 8
539(default
540.Pa /sbin/ipf ) .
541.\" ----- ipfilter_rules setting --------------------------------
542.It Va ipfilter_rules
543.Pq Vt str
544Set to
545.Pa /etc/ipf.rules
546by default.
547This variable contains the name of the filter rule definition file.
548The file is expected to be readable for the
549.Xr ipf 8
550command to execute.
551.\" ----- ipv6_ipfilter_rules setting ---------------------------
552.It Va ipv6_ipfilter_rules
553.Pq Vt str
554Set to
555.Pa /etc/ipf6.rules
556by default.
557This variable contains the IPv6 filter rule definition file.
558The file is expected to be readable for the
559.Xr ipf 8
560command to execute.
561.\" ----- ipfilter_flags setting --------------------------------
562.It Va ipfilter_flags
563.Pq Vt str
564Empty by default.
565This variable contains flags passed to the
566.Xr ipf 8
567program.
568.\" ----- ipnat_enable setting ----------------------------------
569.It Va ipnat_enable
570.Pq Vt bool
571Set to
572.Dq Li NO
573by default.
574Set it to
575.Dq Li YES
576to enable
577.Xr ipnat 1
578network address translation.
579See
580.Va ipfilter_enable
581for a detailed discussion.
582.\" ----- ipnat_program setting ---------------------------------
583.It Va ipnat_program
584.Pq Vt str
585Path to
586.Xr ipnat 1
587(default
588.Pa /sbin/ipnat ) .
589.\" ----- ipnat_rules setting -----------------------------------
590.It Va ipnat_rules
591.Pq Vt str
592Set to
593.Pa /etc/ipnat.rules
594by default.
595This variable contains the name of the file
596holding the network address translation definition.
597This file is expected to be readable for the
598.Xr ipnat 1
599command to execute.
600.\" ----- ipnat_flags setting -----------------------------------
601.It Va ipnat_flags
602.Pq Vt str
603Empty by default.
604This variable contains flags passed to the
605.Xr ipnat 1
606program.
607.\" ----- ipmon_enable setting ----------------------------------
608.It Va ipmon_enable
609.Pq Vt bool
610Set to
611.Dq Li NO
612by default.
613Set it to
614.Dq Li YES
615to enable
616.Xr ipmon 8
617monitoring (logging
618.Xr ipf 8
619and
620.Xr ipnat 1
621events).
622Setting this variable needs setting
623.Va ipfilter_enable
624or
625.Va ipnat_enable
626too.
627See
628.Va ipfilter_enable
629for a detailed discussion.
630.\" ----- ipmon_program setting ---------------------------------
631.It Va ipmon_program
632.Pq Vt str
633Path to
634.Xr ipmon 8
635(default
636.Pa /sbin/ipmon ) .
637.\" ----- ipmon_flags setting -----------------------------------
638.It Va ipmon_flags
639.Pq Vt str
640Set to
641.Dq Li -Ds
642by default.
643This variable contains flags passed to the
644.Xr ipmon 8
645program.
646Another typical example would be
647.Dq Fl D Pa /var/log/ipflog
648to have
649.Xr ipmon 8
650log directly to a file bypassing
651.Xr syslogd 8 .
652Make sure to adjust
653.Pa /etc/newsyslog.conf
654in such case like this:
655.Bd -literal
656/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
657.Ed
658.\" ----- ipfs_enable setting -----------------------------------
659.It Va ipfs_enable
660.Pq Vt bool
661Set to
662.Dq Li NO
663by default.
664Set it to
665.Dq Li YES
666to enable
667.Xr ipfs 8
668saving the filter and NAT state tables during shutdown
669and reloading them during startup again.
670Setting this variable needs setting
671.Va ipfilter_enable
672or
673.Va ipnat_enable
674to
675.Dq Li YES
676too.
677See
678.Va ipfilter_enable
679for a detailed discussion.
680Note that if
681.Va kern_securelevel
682is set to 3,
683.Va ipfs_enable
684cannot be used
685because the raised securelevel will prevent
686.Xr ipfs 8
687from saving the state tables at shutdown time.
688.\" ----- ipfs_program setting ----------------------------------
689.It Va ipfs_program
690.Pq Vt str
691Path to
692.Xr ipfs 8
693(default
694.Pa /sbin/ipfs ) .
695.\" ----- ipfs_flags setting ------------------------------------
696.It Va ipfs_flags
697.Pq Vt str
698Empty by default.
699This variable contains flags passed to the
700.Xr ipfs 8
701program.
702.\" ----- end of added ipf hook ---------------------------------
703.It Va pf_enable
704.Pq Vt bool
705Set to
706.Dq Li NO
707by default.
708Setting this to
709.Dq Li YES
710enables
711.Xr pf 4
712packet filtering.
713.Pp
714Typical usage will require putting
715.Pp
716.Dl pf_enable="YES"
717.Pp
718into
719.Pa /etc/rc.conf
720and editing
721.Pa /etc/pf.conf
722appropriately.
723.Pp
724.Dl "device pf"
725.Pp
726builds
727.Xr pf 4
728into the kernel.
729Otherwise it is loaded from a module.
730.It Va pf_rules
731.Pq Vt str
732Path to
733.Xr pf 4
734ruleset configuration file
735(default
736.Pa /etc/pf.conf ) .
737.It Va pf_program
738.Pq Vt str
739Path to
740.Xr pfctl 8
741(default
742.Pa /sbin/pfctl ) .
743.It Va pf_flags
744.Pq Vt str
745If
746.Va pf_enable
747is set to
748.Dq Li YES ,
749these flags are passed to the
750.Xr pfctl 8
751program when loading the ruleset.
752.It Va pflog_enable
753.Pq Vt bool
754Set to
755.Dq Li NO
756by default.
757Setting this to
758.Dq Li YES
759enables
760.Xr pflogd 8
761which logs packtes from the
762.Xr pf 4
763packet filter.
764.It Va pflog_logfile
765.Pq Vt str
766If
767.Va pflog_enable
768is set to
769.Dq Li YES
770this controls where
771.Xr pflogd 8
772stores the logfile
773(default
774.Pa /var/log/pflog ) .
775Check
776.Pa /etc/newsyslog.conf
777to adjust logfile rotation for this.
778.It Va pflog_program
779.Pq Vt str
780Path to
781.Xr pflogd 8
782(default
783.Pa /sbin/pflogd ) .
784.It Va pflog_flags
785.Pq Vt str
786Empty by default.
787This variable contains additional flags passed to the
788.Xr pflogd 8
789program.
790.It Va tcp_extensions
791.Pq Vt bool
792Set to
793.Dq Li YES
794by default.
795Setting this to
796.Dq Li NO
797disables certain TCP options as described by
798.Rs
799.%T "RFC 1323"
800.Re
801Setting this to
802.Dq Li NO
803might help remedy such problems with connections as randomly hanging
804or other weird behavior.
805Some network devices are known
806to be broken with respect to these options.
807.It Va log_in_vain
808.Pq Vt int
809Set to 0 by default.
810The
811.Xr sysctl 8
812variables,
813.Va net.inet.tcp.log_in_vain
814and
815.Va net.inet.udp.log_in_vain ,
816as described in
817.Xr tcp 4
818and
819.Xr udp 4 ,
820are set to the given value.
821.It Va tcp_keepalive
822.Pq Vt bool
823Set to
824.Dq Li YES
825by default.
826Setting to
827.Dq Li NO
828will disable probing idle TCP connections to verify that the
829peer is still up and reachable.
830.It Va tcp_drop_synfin
831.Pq Vt bool
832Set to
833.Dq Li NO
834by default.
835Setting to
836.Dq Li YES
837will cause the kernel to ignore TCP frames that have both
838the SYN and FIN flags set.
839This prevents OS fingerprinting, but may
840break some legitimate applications.
841This option is only available if the
842kernel was built with the
843.Dv TCP_DROP_SYNFIN
844option.
845.It Va icmp_drop_redirect
846.Pq Vt bool
847Set to
848.Dq Li NO
849by default.
850Setting to
851.Dq Li YES
852will cause the kernel to ignore ICMP REDIRECT packets.
853Refer to
854.Xr icmp 4
855for more information.
856.It Va icmp_log_redirect
857.Pq Vt bool
858Set to
859.Dq Li NO
860by default.
861Setting to
862.Dq Li YES
863will cause the kernel to log ICMP REDIRECT packets.
864Note that
865the log messages are not rate-limited, so this option should only be used
866for troubleshooting networks.
867Refer to
868.Xr icmp 4
869for more information.
870.It Va icmp_bmcastecho
871.Pq Vt bool
872Set to
873.Dq Li YES
874to respond to broadcast or multicast ICMP ping packets.
875Refer to
876.Xr icmp 4
877for more information.
878.It Va ip_portrange_first
879.Pq Vt int
880If not set to
881.Dq Li NO ,
882this is the first port in the default portrange.
883Refer to
884.Xr ip 4
885for more information.
886.It Va ip_portrange_last
887.Pq Vt int
888If not set to
889.Dq Li NO ,
890this is the last port in the default portrange.
891Refer to
892.Xr ip 4
893for more information.
894.It Va network_interfaces
895.Pq Vt str
896Set to the list of network interfaces to configure on this host.
897For example, if the only network devices in the system are the loopback
898device
899.Pq Li lo0
900and a NIC using the
901.Xr ed 4
902driver,
903this could be set to
904.Dq Li "lo0 ed0" .
905An
906.Va ifconfig_ Ns Aq Ar interface
907variable is also assumed to exist for each value of
908.Ar interface .
909It is also possible to add IP alias entries here in cases where
910multiple IP addresses registered against a single interface
911are desired.
912Assuming that the interface in question was
913.Li ed0 ,
914it might look
915something like this:
916.Bd -literal
917ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff"
918ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff"
919.Ed
920.Pp
921And so on.
922For each
923.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
924entry that is found,
925its contents are passed to
926.Xr ifconfig 8 .
927Execution stops at the first unsuccessful access, so if
928something like this is present:
929.Bd -literal
930ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff"
931ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff"
932ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff"
933ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff"
934.Ed
935.Pp
936Then note that alias4 would
937.Em not
938be added since the search would
939stop with the missing alias3 entry.
940.Pp
941If the
942.Pa /etc/start_if. Ns Aq Ar interface
943file is present, it is read and executed by the
944.Xr sh 1
945interpreter
946before configuring the interface as specified in the
947.Va ifconfig_ Ns Aq Ar interface
948and
949.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
950variables.
951.Pp
952It is possible to bring up an interface with DHCP by setting the
953.Va ifconfig_ Ns Aq Ar interface
954variable to
955.Dq Li DHCP .
956For instance, to initialize the
957.Li ed0
958device via DHCP,
959it is possible to use something like:
960.Bd -literal
961ifconfig_ed0="DHCP"
962.Ed
963.Pp
964It is also possible to rename interface by doing:
965.Bd -literal
966ifconfig_ed0_name="net0"
967ifconfig_net0="inet 10.0.0.1 netmask 0xffff0000"
968.Ed
969.It Va ipv6_network_interfaces
970.Pq Vt str
971This is the IPv6 equivalent of
972.Va network_interfaces .
973Instead of setting the ifconfig variables as
974.Va ifconfig_ Ns Aq Ar interface
975they should be set as
976.Va ipv6_ifconfig_ Ns Aq Ar interface .
977Aliases should be set as
978.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n .
979.Va ipv6_prefix_ Ns Aq Ar interface
980does something.
981Interfaces that do not have a
982.Va ipv6_ifconfig_ Ns Aq Ar interface
983setting will be auto configured by
984.Xr rtsol 8
985if the
986.Va ipv6_gateway_enable
987is set to
988.Dq Li NO .
989Note that the IPv6 networking code does not support the
990.Pa /etc/start_if. Ns Aq Ar interface
991files.
992.It Va ipv6_default_interface
993.Pq Vt str
994If not set to
995.Dq Li NO ,
996this is the default output interface for scoped addresses.
997Now this works only for IPv6 link local multicast addresses.
998.It Va cloned_interfaces
999.Pq Vt str
1000Set to the list of clonable network interfaces to create on this host.
1001Entries in
1002.Va cloned_interfaces
1003are automatically appended to
1004.Va network_interfaces
1005for configuration.
1006.It Va gif_interfaces
1007.Pq Vt str
1008Set to the list of
1009.Xr gif 4
1010tunnel interfaces to configure on this host.
1011A
1012.Va gifconfig_ Ns Aq Ar interface
1013variable is assumed to exist for each value of
1014.Ar interface .
1015The value of this variable is used to configure the link layer of the
1016tunnel according to the syntax of the
1017.Cm tunnel
1018option to
1019.Xr ifconfig 8 .
1020Additionally, this option ensures that each listed interface is created
1021via the
1022.Cm create
1023option to
1024.Xr ifconfig 8
1025before attempting to configure it.
1026.It Va sppp_interfaces
1027.Pq Vt str
1028Set to the list of
1029.Xr sppp 4
1030interfaces to configure on this host.
1031A
1032.Va spppconfig_ Ns Aq Ar interface
1033variable is assumed to exist for each value of
1034.Ar interface .
1035Each interface should also be configured by a general
1036.Va ifconfig_ Ns Aq Ar interface
1037setting.
1038Refer to
1039.Xr spppcontrol 8
1040for more information about available options.
1041.It Va ppp_enable
1042.Pq Vt bool
1043If set to
1044.Dq Li YES ,
1045run the
1046.Xr ppp 8
1047daemon.
1048.It Va ppp_mode
1049.Pq Vt str
1050Mode in which to run the
1051.Xr ppp 8
1052daemon.
1053Accepted modes are
1054.Dq Li auto ,
1055.Dq Li ddial ,
1056.Dq Li direct
1057and
1058.Dq Li dedicated .
1059See the manual for a full description.
1060.It Va ppp_nat
1061.Pq Vt bool
1062If set to
1063.Dq Li YES ,
1064enables network address translation.
1065Used in conjunction with
1066.Va gateway_enable
1067allows hosts on private network addresses access to the Internet using
1068this host as a network address translating router.
1069.It Va ppp_profile
1070.Pq Vt str
1071The name of the profile to use from
1072.Pa /etc/ppp/ppp.conf .
1073.It Va ppp_user
1074.Pq Vt str
1075The name of the user under which
1076.Xr ppp 8
1077should be started.
1078By
1079default,
1080.Xr ppp 8
1081is started as
1082.Dq Li root .
1083.It Va rc_conf_files
1084.Pq Vt str
1085This option is used to specify a list of files that will override
1086the settings in
1087.Pa /etc/defaults/rc.conf .
1088The files will be read in the order in which they are specified and should
1089include the full path to the file.
1090By default, the files specified are
1091.Pa /etc/rc.conf
1092and
1093.Pa /etc/rc.conf.local
1094.It Va gbde_autoattach_all
1095.Pq Vt bool
1096If set to
1097.Dq Li YES ,
1098.Pa /etc/rc.d/gbde
1099will attempt to automatically initialize your .bde devices in
1100.Pa /etc/fstab .
1101.It Va gbde_devices
1102.Pq Vt str
1103List the devices that the script should try to attach,
1104or
1105.Dq Li AUTO .
1106.It Va gbde_lockdir
1107.Pq Vt str
1108The directory where the
1109.Xr gbde 4
1110lockfiles are located.
1111The default lockfile directory is
1112.Pa /etc .
1113.Pp
1114The lockfile for each individual
1115.Xr gbde 4
1116device can be overridden by setting the variable
1117.Va gbde_lock_ Ns Aq Ar device ,
1118where
1119.Ar device
1120is the encrypted device without the
1121.Dq Pa /dev/
1122and
1123.Dq Pa .bde
1124parts.
1125.It Va gbde_attach_attempts
1126.Pq Vt int
1127Number of times to attempt attaching to a
1128.Xr gbde 4
1129device, i.e., how many times the user is asked for the pass-phrase.
1130Default is 3.
1131.It Va gbde_swap_enable
1132.Pq Vt bool
1133If set to
1134.Dq Li YES ,
1135any .bde swap devices listed in
1136.Pa /etc/fstab
1137will be initialized with a random, one-shot key.
1138Note that this makes recovery of kernel dumps impossible.
1139.It Va root_rw_mount
1140.Pq Vt bool
1141Set to
1142.Dq Li YES
1143by default.
1144After the file systems are checked at boot time, the root file system
1145is remounted as read-write if this is set to
1146.Dq Li YES .
1147Diskless systems that mount their root file system from a read-only remote
1148NFS share should set this to
1149.Dq Li NO
1150in their
1151.Pa rc.conf .
1152.It Va fsck_y_enable
1153.Pq Vt bool
1154If set to
1155.Dq Li YES ,
1156.Xr fsck 8
1157will be run with the
1158.Fl y
1159flag if the initial preen
1160of the file systems fails.
1161.It Va background_fsck
1162.Pq Vt bool
1163If set to
1164.Dq Li YES ,
1165the system will attempt to run
1166.Xr fsck 8
1167in the background where possible.
1168.It Va background_fsck_delay
1169.Pq Vt int
1170The amount of time in seconds to sleep before starting a background
1171.Xr fsck 8 .
1172It defaults to sixty seconds to allow large applications such as
1173the X server to start before disk I/O bandwidth is monopolized by
1174.Xr fsck 8 .
1175.It Va netfs_types
1176.Pq Vt str
1177List of file system types that are network-based.
1178This list should generally not be modified by end users.
1179Use
1180.Va extra_netfs_types
1181instead.
1182.It Va extra_netfs_types
1183.Pq Vt str
1184If set to something other than
1185.Dq Li NO
1186(the default),
1187this variable extends the list of file system types
1188for which automatic mounting at startup by
1189.Xr rc 8
1190should be delayed until the network is initialized.
1191It should contain
1192a whitespace-separated list of network file system descriptor pairs,
1193each consisting of a file system type as passed to
1194.Xr mount 8
1195and a human-readable, one-word description,
1196joined with a colon
1197.Pq Ql \&: .
1198Extending the default list in this way is only necessary
1199when third party file system types are used.
1200.It Va syslogd_enable
1201.Pq Vt bool
1202If set to
1203.Dq Li YES ,
1204run the
1205.Xr syslogd 8
1206daemon.
1207.It Va syslogd_program
1208.Pq Vt str
1209Path to
1210.Xr syslogd 8
1211(default
1212.Pa /usr/sbin/syslogd ) .
1213.It Va syslogd_flags
1214.Pq Vt str
1215If
1216.Va syslogd_enable
1217is set to
1218.Dq Li YES ,
1219these are the flags to pass to
1220.Xr syslogd 8 .
1221.It Va inetd_enable
1222.Pq Vt bool
1223If set to
1224.Dq Li YES ,
1225run the
1226.Xr inetd 8
1227daemon.
1228.It Va inetd_program
1229.Pq Vt str
1230Path to
1231.Xr inetd 8
1232(default
1233.Pa /usr/sbin/inetd ) .
1234.It Va inetd_flags
1235.Pq Vt str
1236If
1237.Va inetd_enable
1238is set to
1239.Dq Li YES ,
1240these are the flags to pass to
1241.Xr inetd 8 .
1242.It Va named_enable
1243.Pq Vt bool
1244If set to
1245.Dq Li YES ,
1246run the
1247.Xr named 8
1248daemon.
1249.It Va named_program
1250.Pq Vt str
1251Path to
1252.Xr named 8
1253(default
1254.Pa /usr/sbin/named ) .
1255.It Va named_flags
1256.Pq Vt str
1257If
1258.Va named_enable
1259is set to
1260.Dq Li YES ,
1261these are the flags to pass to
1262.Xr named 8 .
1263.It Va named_pidfile
1264.Pq Vt str
1265This is the default path to the
1266.Xr named 8
1267daemon's PID file.
1268Change it if you change the location in
1269.Xr named.conf 5 .
1270.It Va named_chrootdir
1271.Pq Vt str
1272The root directory for a name server run in a
1273.Xr chroot 8
1274environment (default
1275.Pa /var/named ) .
1276If left empty
1277.Xr named 8
1278will not be run in a
1279.Xr chroot 8
1280environment.
1281.It Va named_chroot_autoupdate
1282.Pq Vt bool
1283Set to
1284.Dq Li NO
1285to disable automatic update of the
1286.Xr chroot 8
1287environment.
1288.It Va named_symlink_enable
1289.Pq Vt bool
1290Set to
1291.Dq Li NO
1292to disable symlinking of
1293daemon's PID file
1294into the
1295.Xr chroot 8
1296environment.
1297.It Va kerberos5_server_enable
1298.Pq Vt bool
1299Set to
1300.Dq Li YES
1301to start a Kerberos 5 authentication server
1302at boot time.
1303.It Va kerberos5_server
1304.Pq Vt str
1305If
1306.Va kerberos5_server_enable
1307is set to
1308.Dq Li YES
1309this is the path to Kerberos 5 Authentication Server.
1310.It Va kadmind5_server_enable
1311.Pq Vt bool
1312Set to
1313.Dq Li YES
1314to start
1315.Xr kadmind 8 ,
1316the Kerberos 5 Administration Daemon; set to
1317.Dq Li NO
1318on a slave server.
1319.It Va kadmind5_server
1320.Pq Vt str
1321If
1322.Va kadmind5_server_enable
1323is set to
1324.Dq Li YES
1325this is the path to Kerberos 5 Administration Daemon.
1326.It Va kpasswdd_server_enable
1327.Pq Vt bool
1328Set to
1329.Dq Li YES
1330to start
1331.Xr kpasswdd 8 ,
1332the Kerberos 5 Password-Changing Daemon; set to
1333.Dq Li NO
1334on a slave server.
1335.It Va kpasswdd_server
1336.Pq Vt str
1337If
1338.Va kpasswdd_server_enable
1339is set to
1340.Dq Li YES
1341this is the path to Kerberos 5 Password-Changing Daemon.
1342.It Va rwhod_enable
1343.Pq Vt bool
1344If set to
1345.Dq Li YES ,
1346run the
1347.Xr rwhod 8
1348daemon at boot time.
1349.It Va rwhod_flags
1350.Pq Vt str
1351If
1352.Va rwhod_enable
1353is set to
1354.Dq Li YES ,
1355these are the flags to pass to it.
1356.It Va amd_enable
1357.Pq Vt bool
1358If set to
1359.Dq Li YES ,
1360run the
1361.Xr amd 8
1362daemon at boot time.
1363.It Va amd_flags
1364.Pq Vt str
1365If
1366.Va amd_enable
1367is set to
1368.Dq Li YES ,
1369these are the flags to pass to it.
1370See the
1371.Xr amd 8
1372manpage for more information.
1373.It Va amd_map_program
1374.Pq Vt str
1375If set,
1376the specified program is run to get the list of
1377.Xr amd 8
1378maps.
1379For example, if the
1380.Xr amd 8
1381maps are stored in NIS, one can set this to
1382run
1383.Xr ypcat 1
1384to get a list of
1385.Xr amd 8
1386maps from the
1387.Pa amd.master
1388NIS map.
1389.It Va update_motd
1390.Pq Vt bool
1391If set to
1392.Dq Li YES ,
1393.Pa /etc/motd
1394will be updated at boot time to reflect the kernel release
1395being run.
1396If set to
1397.Dq Li NO ,
1398.Pa /etc/motd
1399will not be updated.
1400.It Va nfs_client_enable
1401.Pq Vt bool
1402If set to
1403.Dq Li YES ,
1404run the NFS client daemons at boot time.
1405.It Va nfs_access_cache
1406.Pq Vt int
1407If
1408.Va nfs_client_enable
1409is set to
1410.Dq Li YES ,
1411this can be set to
1412.Dq Li 0
1413to disable NFS ACCESS RPC caching, or to the number of seconds for which
1414NFS ACCESS
1415results should be cached.
1416A value of 2-10 seconds will substantially reduce network
1417traffic for many NFS operations.
1418.It Va nfs_server_enable
1419.Pq Vt bool
1420If set to
1421.Dq Li YES ,
1422run the NFS server daemons at boot time.
1423.It Va nfs_server_flags
1424.Pq Vt str
1425If
1426.Va nfs_server_enable
1427is set to
1428.Dq Li YES ,
1429these are the flags to pass to the
1430.Xr nfsd 8
1431daemon.
1432.It Va mountd_enable
1433.Pq Vt bool
1434If set to
1435.Dq Li YES ,
1436and no
1437.Va nfs_server_enable
1438is set, start
1439.Xr mountd 8 ,
1440but not
1441.Xr nfsd 8
1442daemon.
1443It is commonly needed to run CFS without real NFS used.
1444.It Va mountd_flags
1445.Pq Vt str
1446If
1447.Va mountd_enable
1448is set to
1449.Dq Li YES ,
1450these are the flags to pass to the
1451.Xr mountd 8
1452daemon.
1453.It Va weak_mountd_authentication
1454.Pq Vt bool
1455If set to
1456.Dq Li YES ,
1457allow services like PCNFSD to make non-privileged mount
1458requests.
1459.It Va nfs_reserved_port_only
1460.Pq Vt bool
1461If set to
1462.Dq Li YES ,
1463provide NFS services only on a secure port.
1464.It Va nfs_bufpackets
1465.Pq Vt int
1466If set to a number, indicates the number of packets worth of
1467socket buffer space to reserve on an NFS client.
1468The kernel default is typically 4.
1469Using a higher number may be
1470useful on gigabit networks to improve performance.
1471The minimum value is
14722 and the maximum is 64.
1473.It Va rpc_lockd_enable
1474.Pq Vt bool
1475If set to
1476.Dq Li YES
1477and also an NFS server, run
1478.Xr rpc.lockd 8
1479at boot time.
1480.It Va rpc_statd_enable
1481.Pq Vt bool
1482If set to
1483.Dq Li YES
1484and also an NFS server, run
1485.Xr rpc.statd 8
1486at boot time.
1487.It Va rpcbind_program
1488.Pq Vt str
1489Path to
1490.Xr rpcbind 8
1491(default
1492.Pa /usr/sbin/rpcbind ) .
1493.It Va rpcbind_enable
1494.Pq Vt bool
1495If set to
1496.Dq Li YES ,
1497run the
1498.Xr rpcbind 8
1499service at boot time.
1500.It Va rpcbind_flags
1501.Pq Vt str
1502If
1503.Va rpcbind_enable
1504is set to
1505.Dq Li YES ,
1506these are the flags to pass to the
1507.Xr rpcbind 8
1508daemon.
1509.It Va keyserv_enable
1510.Pq Vt bool
1511If set to
1512.Dq Li YES ,
1513run the
1514.Xr keyserv 8
1515daemon on boot for running Secure RPC.
1516.It Va keyserv_flags
1517.Pq Vt str
1518If
1519.Va keyserv_enable
1520is set to
1521.Dq Li YES ,
1522these are the flags to pass to
1523.Xr keyserv 8
1524daemon.
1525.It Va pppoed_enable
1526.Pq Vt bool
1527If set to
1528.Dq Li YES ,
1529run the
1530.Xr pppoed 8
1531daemon at boot time to provide PPP over Ethernet services.
1532.It Va pppoed_ Ns Ar provider
1533.Pq Vt str
1534.Xr pppoed 8
1535listens to requests to this
1536.Ar provider
1537and ultimately runs
1538.Xr ppp 8
1539with a
1540.Ar system
1541argument of the same name.
1542.It Va pppoed_flags
1543.Pq Vt str
1544Additional flags to pass to
1545.Xr pppoed 8 .
1546.It Va pppoed_interface
1547.Pq Vt str
1548The network interface to run
1549.Xr pppoed 8
1550on.
1551This is mandatory when
1552.Va pppoed_enable
1553is set to
1554.Dq Li YES .
1555.It Va timed_enable
1556.Pq Vt bool
1557If set to
1558.Dq Li YES ,
1559run the
1560.Xr timed 8
1561service at boot time.
1562This command is intended for networks of
1563machines where a consistent
1564.Dq "network time"
1565for all hosts must be established.
1566This is often useful in large NFS
1567environments where time stamps on files are expected to be consistent
1568network-wide.
1569.It Va timed_flags
1570.Pq Vt str
1571If
1572.Va timed_enable
1573is set to
1574.Dq Li YES ,
1575these are the flags to pass to the
1576.Xr timed 8
1577service.
1578.It Va ntpdate_enable
1579.Pq Vt bool
1580If set to
1581.Dq Li YES ,
1582run
1583.Xr ntpdate 8
1584at system startup.
1585This command is intended to
1586synchronize the system clock only
1587.Em once
1588from some standard reference.
1589An option to set this up initially
1590(from a list of known servers) is also provided by the
1591.Xr sysinstall 8
1592program when the system is first installed.
1593.It Va ntpdate_hosts
1594.Pq Vt str
1595A whitespace-separated list of NTP servers to synchronize with at startup.
1596The default is to use the servers listed in
1597.Pa /etc/ntp.conf ,
1598if that file exists.
1599.It Va ntpdate_program
1600.Pq Vt str
1601Path to
1602.Xr ntpdate 8
1603(default
1604.Pa /usr/sbin/ntpdate ) .
1605.It Va ntpdate_flags
1606.Pq Vt str
1607If
1608.Va ntpdate_enable
1609is set to
1610.Dq Li YES ,
1611these are the flags to pass to the
1612.Xr ntpdate 8
1613command (typically a hostname).
1614.It Va ntpd_enable
1615.Pq Vt bool
1616If set to
1617.Dq Li YES ,
1618run the
1619.Xr ntpd 8
1620command at boot time.
1621.It Va ntpd_program
1622.Pq Vt str
1623Path to
1624.Xr ntpd 8
1625(default
1626.Pa /usr/sbin/ntpd ) .
1627.It Va ntpd_flags
1628.Pq Vt str
1629If
1630.Va ntpd_enable
1631is set to
1632.Dq Li YES ,
1633these are the flags to pass to the
1634.Xr ntpd 8
1635daemon.
1636.It Va ntpd_sync_on_start
1637.Pq Vt bool
1638If set to
1639.Dq Li YES ,
1640.Xr ntpd 8
1641is run with the
1642.Fl g
1643flag, which syncs the system's clock on startup.
1644See
1645.Xr ntpd 8
1646for more information regarding the
1647.Fl g
1648option.
1649This is a preferred alternative to using
1650.Xr ntpdate 8
1651or specifying the
1652.Va ntpdate_enable
1653variable.
1654.It Va nis_client_enable
1655.Pq Vt bool
1656If set to
1657.Dq Li YES ,
1658run the
1659.Xr ypbind 8
1660service at system boot time.
1661.It Va nis_client_flags
1662.Pq Vt str
1663If
1664.Va nis_client_enable
1665is set to
1666.Dq Li YES ,
1667these are the flags to pass to the
1668.Xr ypbind 8
1669service.
1670.It Va nis_ypset_enable
1671.Pq Vt bool
1672If set to
1673.Dq Li YES ,
1674run the
1675.Xr ypset 8
1676daemon at system boot time.
1677.It Va nis_ypset_flags
1678.Pq Vt str
1679If
1680.Va nis_ypset_enable
1681is set to
1682.Dq Li YES ,
1683these are the flags to pass to the
1684.Xr ypset 8
1685daemon.
1686.It Va nis_server_enable
1687.Pq Vt bool
1688If set to
1689.Dq Li YES ,
1690run the
1691.Xr ypserv 8
1692daemon at system boot time.
1693.It Va nis_server_flags
1694.Pq Vt str
1695If
1696.Va nis_server_enable
1697is set to
1698.Dq Li YES ,
1699these are the flags to pass to the
1700.Xr ypserv 8
1701daemon.
1702.It Va nis_ypxfrd_enable
1703.Pq Vt bool
1704If set to
1705.Dq Li YES ,
1706run the
1707.Xr rpc.ypxfrd 8
1708daemon at system boot time.
1709.It Va nis_ypxfrd_flags
1710.Pq Vt str
1711If
1712.Va nis_ypxfrd_enable
1713is set to
1714.Dq Li YES ,
1715these are the flags to pass to the
1716.Xr rpc.ypxfrd 8
1717daemon.
1718.It Va nis_yppasswdd_enable
1719.Pq Vt bool
1720If set to
1721.Dq Li YES ,
1722run the
1723.Xr rpc.yppasswdd 8
1724daemon at system boot time.
1725.It Va nis_yppasswdd_flags
1726.Pq Vt str
1727If
1728.Va nis_yppasswdd_enable
1729is set to
1730.Dq Li YES ,
1731these are the flags to pass to the
1732.Xr rpc.yppasswdd 8
1733daemon.
1734.It Va rpc_ypupdated_enable
1735.Pq Vt bool
1736If set to
1737.Dq Li YES ,
1738run the
1739.Nm rpc.ypupdated
1740daemon at system boot time.
1741.It Va defaultrouter
1742.Pq Vt str
1743If not set to
1744.Dq Li NO ,
1745create a default route to this host name or IP address
1746(use an IP address if this router is also required to get to the
1747name server!).
1748.It Va ipv6_defaultrouter
1749.Pq Vt str
1750The IPv6 equivalent of
1751.Va defaultrouter .
1752.It Va static_routes
1753.Pq Vt str
1754Set to the list of static routes that are to be added at system
1755boot time.
1756If not set to
1757.Dq Li NO
1758then for each whitespace separated
1759.Ar element
1760in the value, a
1761.Va route_ Ns Aq Ar element
1762variable is assumed to exist
1763whose contents will later be passed to a
1764.Dq Nm route Cm add
1765operation.
1766For example:
1767.Bd -literal
1768static_routes="mcast gif0local"
1769route_mcast="-net 224.0.0.0/4 -iface gif0"
1770route_gif0local="-host 169.254.1.1 -iface lo0"
1771.Ed
1772.It Va ipv6_static_routes
1773.Pq Vt str
1774The IPv6 equivalent of
1775.Va static_routes .
1776If not set to
1777.Dq Li NO
1778then for each whitespace separated
1779.Ar element
1780in the value, a
1781.Va ipv6_route_ Ns Aq Ar element
1782variable is assumed to exist
1783whose contents will later be passed to a
1784.Dq Nm route Cm add Fl inet6
1785operation.
1786.It Va natm_static_routes
1787.Pq Vt str
1788The
1789.Xr natmip 4
1790equivalent of
1791.Va static_routes .
1792If not empty then for each whitespace separated
1793.Ar element
1794in the value, a
1795.Va route_ Ns Aq Ar element
1796variable is assumed to exist whose contents will later be passed to a
1797.Dq Nm atmconfig Cm natm Cm add
1798operation.
1799.It Va gateway_enable
1800.Pq Vt bool
1801If set to
1802.Dq Li YES ,
1803configure host to act as an IP router, e.g.\& to forward packets
1804between interfaces.
1805.It Va ipv6_gateway_enable
1806.Pq Vt bool
1807The IPv6 equivalent of
1808.Va gateway_enable .
1809.It Va router_enable
1810.Pq Vt bool
1811If set to
1812.Dq Li YES ,
1813run a routing daemon of some sort, based on the
1814settings of
1815.Va router
1816and
1817.Va router_flags .
1818.It Va ipv6_router_enable
1819.Pq Vt bool
1820The IPv6 equivalent of
1821.Va router_enable .
1822If set to
1823.Dq Li YES ,
1824run a routing daemon of some sort, based on the
1825settings of
1826.Va ipv6_router
1827and
1828.Va ipv6_router_flags .
1829.It Va router
1830.Pq Vt str
1831If
1832.Va router_enable
1833is set to
1834.Dq Li YES ,
1835this is the name of the routing daemon to use.
1836.It Va ipv6_router
1837.Pq Vt str
1838The IPv6 equivalent of
1839.Va router .
1840.It Va router_flags
1841.Pq Vt str
1842If
1843.Va router_enable
1844is set to
1845.Dq Li YES ,
1846these are the flags to pass to the routing daemon.
1847.It Va ipv6_router_flags
1848.Pq Vt str
1849The IPv6 equivalent of
1850.Va router_flags .
1851.It Va mrouted_enable
1852.Pq Vt bool
1853If set to
1854.Dq Li YES ,
1855run the multicast routing daemon,
1856.Xr mrouted 8 .
1857.It Va mroute6d_enable
1858.Pq Vt bool
1859The IPv6 equivalent of
1860.Va mrouted_enable .
1861If set to
1862.Dq Li YES ,
1863run the IPv6 multicast routing daemon.
1864Note that no IPv6 multicast routing daemon is included in the
1865.Fx
1866base system but
1867.Xr pim6dd 8
1868can be installed from the
1869.Fx
1870Ports Collection.
1871.It Va mrouted_flags
1872.Pq Vt str
1873If
1874.Va mrouted_enable
1875is set to
1876.Dq Li YES ,
1877these are the flags to pass to the
1878.Xr mrouted 8
1879daemon.
1880.It Va mroute6d_flags
1881.Pq Vt str
1882The IPv6 equivalent of
1883.Va mrouted_flags .
1884If
1885.Va mroute6d_enable
1886is set to
1887.Dq Li YES ,
1888these are the flags passed to the IPv6 multicast routing daemon.
1889.It Va mroute6d_program
1890.Pq Vt str
1891If
1892.Va mroute6d_enable
1893is set to
1894.Dq Li YES ,
1895this is the path to the IPv6 multicast routing daemon.
1896.It Va rtadvd_enable
1897.Pq Vt bool
1898If set to
1899.Dq Li YES ,
1900run the
1901.Xr rtadvd 8
1902daemon at boot time.
1903.Xr rtadvd 8
1904will only run if
1905.Va ipv6_gateway_enable
1906is also set to
1907.Dq Li YES .
1908The
1909.Xr rtadvd 8
1910utility sends router advertisement packets to the interfaces specified in
1911.Va rtadvd_interfaces
1912and should only be enabled with great care.
1913You may want to fine-tune
1914.Xr rtadvd.conf 5 .
1915.It Va rtadvd_interfaces
1916.Pq Vt str
1917If
1918.Va rtadvd_enable
1919is set to
1920.Dq Li YES
1921this is the list of interfaces to use.
1922.It Va ipxgateway_enable
1923.Pq Vt bool
1924If set to
1925.Dq Li YES ,
1926enable the routing of IPX traffic.
1927.It Va ipxrouted_enable
1928.Pq Vt bool
1929If set to
1930.Dq Li YES ,
1931run the
1932.Xr IPXrouted 8
1933daemon at system boot time.
1934.It Va ipxrouted_flags
1935.Pq Vt str
1936If
1937.Va ipxrouted_enable
1938is set to
1939.Dq Li YES ,
1940these are the flags to pass to the
1941.Xr IPXrouted 8
1942daemon.
1943.It Va arpproxy_all
1944.Pq Vt bool
1945If set to
1946.Dq Li YES ,
1947enable global proxy ARP.
1948.It Va forward_sourceroute
1949.Pq Vt bool
1950If set to
1951.Dq Li YES
1952and
1953.Va gateway_enable
1954is also set to
1955.Dq Li YES ,
1956source-routed packets are forwarded.
1957.It Va accept_sourceroute
1958.Pq Vt bool
1959If set to
1960.Dq Li YES ,
1961the system will accept source-routed packets directed at it.
1962.It Va rarpd_enable
1963.Pq Vt bool
1964If set to
1965.Dq Li YES ,
1966run the
1967.Xr rarpd 8
1968daemon at system boot time.
1969.It Va rarpd_flags
1970.Pq Vt str
1971If
1972.Va rarpd_enable
1973is set to
1974.Dq Li YES ,
1975these are the flags to pass to the
1976.Xr rarpd 8
1977daemon.
1978.It Va bootparamd_enable
1979.Pq Vt bool
1980If set to
1981.Dq Li YES ,
1982run the
1983.Xr bootparamd 8
1984daemon at system boot time.
1985.It Va bootparamd_flags
1986.Pq Vt str
1987If
1988.Va bootparamd_enable
1989is set to
1990.Dq Li YES ,
1991these are the flags to pass to the
1992.Xr bootparamd 8
1993daemon.
1994.It Va stf_interface_ipv4addr
1995.Pq Vt str
1996If not set to
1997.Dq Li NO ,
1998this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
1999interface).
2000Specify this entry to enable the 6to4 interface.
2001.It Va stf_interface_ipv4plen
2002.Pq Vt int
2003Prefix length for 6to4 IPv4 addresses, to limit peer address range.
2004An effective value is 0-31.
2005.It Va stf_interface_ipv6_ifid
2006.Pq Vt str
2007IPv6 interface ID for
2008.Xr stf 4 .
2009This can be set to
2010.Dq Li AUTO .
2011.It Va stf_interface_ipv6_slaid
2012.Pq Vt str
2013IPv6 Site Level Aggregator for
2014.Xr stf 4 .
2015.It Va ipv6_faith_prefix
2016.Pq Vt str
2017If not set to
2018.Dq Li NO ,
2019this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP
2020translator.
2021You also need
2022.Xr faithd 8
2023setup.
2024.It Va ipv6_ipv4mapping
2025.Pq Vt bool
2026If set to
2027.Dq Li YES
2028this enables IPv4 mapped IPv6 address communication (like
2029.Li ::ffff:a.b.c.d ) .
2030.It Va atm_enable
2031.Pq Vt bool
2032Set to
2033.Dq Li YES
2034to enable the configuration of ATM interfaces at system boot time.
2035For all of the ATM variables described below, please refer to the
2036.Xr atm 8
2037man page for further details on the available command parameters.
2038Also refer to the files in
2039.Pa /usr/share/examples/atm
2040for more detailed configuration information.
2041.It Va atm_load
2042.Pq Vt str
2043This is a list of physical ATM interface drivers to load.
2044Typical values are
2045.Dq Li hfa_pci
2046and/or
2047.Dq Li hea_pci .
2048.It Va atm_netif_ Ns Aq Ar intf
2049.Pq Vt str
2050For the ATM physical interface
2051.Ar intf ,
2052this variable defines the name prefix and count for the ATM network
2053interfaces to be created.
2054The value will be passed as the parameters of an
2055.Dq Nm atm Cm "set netif" Ar intf
2056command.
2057.It Va atm_sigmgr_ Ns Aq Ar intf
2058.Pq Vt str
2059For the ATM physical interface
2060.Ar intf ,
2061this variable defines the ATM signalling manager to be used.
2062The value will be passed as the parameters of an
2063.Dq Nm atm Cm attach Ar intf
2064command.
2065.It Va atm_prefix_ Ns Aq Ar intf
2066.Pq Vt str
2067For the ATM physical interface
2068.Ar intf ,
2069this variable defines the NSAP prefix for interfaces using a UNI signalling
2070manager.
2071If set to
2072.Dq Li ILMI ,
2073the prefix will automatically be set via the
2074.Xr ilmid 8
2075daemon.
2076Otherwise, the value will be passed as the parameters of an
2077.Dq Nm atm Cm "set prefix" Ar intf
2078command.
2079.It Va atm_macaddr_ Ns Aq Ar intf
2080.Pq Vt str
2081For the ATM physical interface
2082.Ar intf ,
2083this variable defines the MAC address for interfaces using a UNI signalling
2084manager.
2085If set to
2086.Dq Li NO ,
2087the hardware MAC address contained in the ATM interface card will be used.
2088Otherwise, the value will be passed as the parameters of an
2089.Dq Nm atm Cm "set mac" Ar intf
2090command.
2091.It Va atm_arpserver_ Ns Aq Ar netif
2092.Pq Vt str
2093For the ATM network interface
2094.Ar netif ,
2095this variable defines the ATM address for a host which is to provide ATMARP
2096service.
2097This variable is only applicable to interfaces using a UNI signalling
2098manager.
2099If set to
2100.Dq Li local ,
2101this host will become an ATMARP server.
2102The value will be passed as the parameters of an
2103.Dq Nm atm Cm "set arpserver" Ar netif
2104command.
2105.It Va atm_scsparp_ Ns Aq Ar netif
2106.Pq Vt bool
2107If set to
2108.Dq Li YES ,
2109SCSP/ATMARP service for the network interface
2110.Ar netif
2111will be initiated using the
2112.Xr scspd 8
2113and
2114.Xr atmarpd 8
2115daemons.
2116This variable is only applicable if
2117.Va atm_arpserver_ Ns Aq Ar netif
2118is set to
2119.Dq Li local .
2120.It Va atm_pvcs
2121.Pq Vt str
2122Set to the list of ATM PVCs to be added at system
2123boot time.
2124For each whitespace separated
2125.Ar element
2126in the value, an
2127.Va atm_pvc_ Ns Aq Ar element
2128variable is assumed to exist.
2129The value of each of these variables
2130will be passed as the parameters of an
2131.Dq Nm atm Cm "add pvc"
2132command.
2133.It Va atm_arps
2134.Pq Vt str
2135Set to the list of permanent ATM ARP entries to be added
2136at system boot time.
2137For each whitespace separated
2138.Ar element
2139in the value, an
2140.Va atm_arp_ Ns Aq Ar element
2141variable is assumed to exist.
2142The value of each of these variables
2143will be passed as the parameters of an
2144.Dq Nm atm Cm "add arp"
2145command.
2146.It Va natm_interfaces
2147.Pq Vt str
2148Set to the list of
2149.Xr natm 4
2150interfaces that will also be used for HARP through
2151.Xr harp 4 .
2152If this list is not empty all interfaces in the list will be brought up
2153with
2154.Xr ifconfig 8
2155and
2156.Xr harp 4
2157will be loaded.
2158For this to work the interface drivers must be either compiled into the
2159kernel or must reside on the root partition.
2160.It Va keybell
2161.Pq Vt str
2162The keyboard bell sound.
2163Set to
2164.Dq Li normal ,
2165.Dq Li visual ,
2166.Dq Li off ,
2167or
2168.Dq Li NO
2169if the default behavior is desired.
2170For details, refer to the
2171.Xr kbdcontrol 1
2172manpage.
2173.It Va keyboard
2174.Pq Vt str
2175If set to a non-null string, the virtual console's keyboard input is
2176set to this device.
2177.It Va keymap
2178.Pq Vt str
2179If set to
2180.Dq Li NO ,
2181no keymap is installed, otherwise the value is used to install
2182the keymap file in
2183.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd .
2184.It Va keyrate
2185.Pq Vt str
2186The keyboard repeat speed.
2187Set to
2188.Dq Li slow ,
2189.Dq Li normal ,
2190.Dq Li fast ,
2191or
2192.Dq Li NO
2193if the default behavior is desired.
2194.It Va keychange
2195.Pq Vt str
2196If not set to
2197.Dq Li NO ,
2198attempt to program the function keys with the value.
2199The value should
2200be a single string of the form:
2201.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
2202.It Va cursor
2203.Pq Vt str
2204Can be set to the value of
2205.Dq Li normal ,
2206.Dq Li blink ,
2207.Dq Li destructive ,
2208or
2209.Dq Li NO
2210to set the cursor behavior explicitly or choose the default behavior.
2211.It Va scrnmap
2212.Pq Vt str
2213If set to
2214.Dq Li NO ,
2215no screen map is installed, otherwise the value is used to install
2216the screen map file in
2217.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
2218.It Va font8x16
2219.Pq Vt str
2220If set to
2221.Dq Li NO ,
2222the default 8x16 font value is used for screen size requests, otherwise
2223the value in
2224.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2225is used.
2226.It Va font8x14
2227.Pq Vt str
2228If set to
2229.Dq Li NO ,
2230the default 8x14 font value is used for screen size requests, otherwise
2231the value in
2232.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2233is used.
2234.It Va font8x8
2235.Pq Vt str
2236If set to
2237.Dq Li NO ,
2238the default 8x8 font value is used for screen size requests, otherwise
2239the value in
2240.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
2241is used.
2242.It Va blanktime
2243.Pq Vt int
2244If set to
2245.Dq Li NO ,
2246the default screen blanking interval is used, otherwise it is set
2247to
2248.Ar value
2249seconds.
2250.It Va saver
2251.Pq Vt str
2252If not set to
2253.Dq Li NO ,
2254this is the actual screen saver to use
2255.Li ( blank , snake , daemon ,
2256etc).
2257.It Va moused_nondefault_enable
2258.Pq Vt str
2259If set to
2260.Dq Li NO ,
2261the mouse device specified on
2262the command line is not automatically treated as enabled by the
2263.Pa /etc/rc.d/moused
2264script.
2265Having this variable set to
2266.Dq Li YES
2267allows a
2268.Xr usb 4
2269mouse,
2270for example,
2271to be enabled as soon as it is plugged in.
2272.It Va moused_enable
2273.Pq Vt str
2274If set to
2275.Dq Li YES ,
2276the
2277.Xr moused 8
2278daemon is started for doing cut/paste selection on the console.
2279.It Va moused_type
2280.Pq Vt str
2281This is the protocol type of the mouse connected to this host.
2282This variable must be set if
2283.Va moused_enable
2284is set to
2285.Dq Li YES .
2286The
2287.Xr moused 8
2288daemon
2289is able to detect the appropriate mouse type automatically in many cases.
2290Set this variable to
2291.Dq Li auto
2292to let the daemon detect it, or
2293select one from the following list if the automatic detection fails.
2294.Pp
2295If the mouse is attached to the PS/2 mouse port, choose
2296.Dq Li auto
2297or
2298.Dq Li ps/2 ,
2299regardless of the brand and model of the mouse.
2300Likewise, if the
2301mouse is attached to the bus mouse port, choose
2302.Dq Li auto
2303or
2304.Dq Li busmouse .
2305All other protocols are for serial mice and will not work with
2306the PS/2 and bus mice.
2307If this is a USB mouse,
2308.Dq Li auto
2309is the only protocol type which will work.
2310.Pp
2311.Bl -tag -width ".Li x10mouseremote" -compact
2312.It Li microsoft
2313Microsoft mouse (serial)
2314.It Li intellimouse
2315Microsoft IntelliMouse (serial)
2316.It Li mousesystems
2317Mouse systems Corp.\& mouse (serial)
2318.It Li mmseries
2319MM Series mouse (serial)
2320.It Li logitech
2321Logitech mouse (serial)
2322.It Li busmouse
2323A bus mouse
2324.It Li mouseman
2325Logitech MouseMan and TrackMan (serial)
2326.It Li glidepoint
2327ALPS GlidePoint (serial)
2328.It Li thinkingmouse
2329Kensington ThinkingMouse (serial)
2330.It Li ps/2
2331PS/2 mouse
2332.It Li mmhittab
2333MM HitTablet (serial)
2334.It Li x10mouseremote
2335X10 MouseRemote (serial)
2336.It Li versapad
2337Interlink VersaPad (serial)
2338.El
2339.Pp
2340Even if the mouse is not in the above list, it may be compatible
2341with one in the list.
2342Refer to the man page for
2343.Xr moused 8
2344for compatibility information.
2345.Pp
2346It should also be noted that while this is enabled, any
2347other client of the mouse (such as an X server) should access
2348the mouse through the virtual mouse device,
2349.Pa /dev/sysmouse ,
2350and configure it as a
2351.Dq Li sysmouse
2352type mouse, since all
2353mouse data is converted to this single canonical format when
2354using
2355.Xr moused 8 .
2356If the client program does not support the
2357.Dq Li sysmouse
2358type,
2359specify the
2360.Dq Li mousesystems
2361type.
2362It is the second preferred type.
2363.It Va moused_port
2364.Pq Vt str
2365If
2366.Va moused_enable
2367is set to
2368.Dq Li YES ,
2369this is the actual port the mouse is on.
2370It might be
2371.Pa /dev/cuad0
2372for a COM1 serial mouse,
2373.Pa /dev/psm0
2374for a PS/2 mouse or
2375.Pa /dev/mse0
2376for a bus mouse, for example.
2377.It Va moused_flags
2378.Pq Vt str
2379If
2380.Va moused_type
2381is set, these are the additional flags to pass to the
2382.Xr moused 8
2383daemon.
2384.It Va mousechar_start
2385.Pq Vt int
2386If set to
2387.Dq Li NO ,
2388the default mouse cursor character range
2389.Li 0xd0 Ns - Ns Li 0xd3
2390is used,
2391otherwise the range start is set
2392to
2393.Ar value
2394character, see
2395.Xr vidcontrol 1 .
2396Use if the default range is occupied in the language code table.
2397.It Va allscreens_flags
2398.Pq Vt str
2399If set,
2400.Xr vidcontrol 1
2401is run with these options for each of the virtual terminals
2402.Pq Pa /dev/ttyv* .
2403For example,
2404.Dq Fl m Cm on
2405will enable the mouse pointer on all virtual terminals
2406if
2407.Va moused_enable
2408is set to
2409.Dq Li YES .
2410.It Va allscreens_kbdflags
2411.Pq Vt str
2412If set,
2413.Xr kbdcontrol 1
2414is run with these options for each of the virtual terminals
2415.Pq Pa /dev/ttyv* .
2416For example,
2417.Dq Fl h Li 200
2418will set the
2419.Xr syscons 4
2420scrollback (history) buffer to 200 lines.
2421.It Va cron_enable
2422.Pq Vt bool
2423If set to
2424.Dq Li YES ,
2425run the
2426.Xr cron 8
2427daemon at system boot time.
2428.It Va cron_program
2429.Pq Vt str
2430Path to
2431.Xr cron 8
2432(default
2433.Pa /usr/sbin/cron ) .
2434.It Va cron_flags
2435.Pq Vt str
2436If
2437.Va cron_enable
2438is set to
2439.Dq Li YES ,
2440these are the flags to pass to
2441.Xr cron 8 .
2442.It Va cron_dst
2443.Pq Vt bool
2444If set to
2445.Dq Li YES ,
2446enable the special handling of transitions to and from the
2447Daylight Saving Time in
2448.Xr cron 8
2449(equivalent to using the flag
2450.Fl s ) .
2451.It Va lpd_program
2452.Pq Vt str
2453Path to
2454.Xr lpd 8
2455(default
2456.Pa /usr/sbin/lpd ) .
2457.It Va lpd_enable
2458.Pq Vt bool
2459If set to
2460.Dq Li YES ,
2461run the
2462.Xr lpd 8
2463daemon at system boot time.
2464.It Va lpd_flags
2465.Pq Vt str
2466If
2467.Va lpd_enable
2468is set to
2469.Dq Li YES ,
2470these are the flags to pass to the
2471.Xr lpd 8
2472daemon.
2473.It Va mta_start_script
2474.Pq Vt str
2475This variable specifies the full path to the script to run to start
2476a mail transfer agent.
2477The default is
2478.Pa /etc/rc.sendmail .
2479The
2480.Va sendmail_*
2481variables which
2482.Pa /etc/rc.sendmail
2483uses are documented in the
2484.Xr rc.sendmail 8
2485man page.
2486.It Va dumpdev
2487.Pq Vt str
2488Indicates the device (usually a swap partition) to which a crash dump
2489should be written in the event of a system crash.
2490If the value of this variable is
2491.Dq Li AUTO ,
2492the first suitable swap device listed in
2493.Pa /etc/fstab
2494will be used as dump device.
2495Otherwise, the value of this variable is passed as the argument to
2496.Xr dumpon 8 .
2497To disable crash dumps, set this variable to
2498.Dq Li NO .
2499.It Va dumpdir
2500.Pq Vt str
2501When the system reboots after a crash and a crash dump is found on the
2502device specified by the
2503.Va dumpdev
2504variable,
2505.Xr savecore 8
2506will save that crash dump and a copy of the kernel to the directory
2507specified by the
2508.Va dumpdir
2509variable.
2510The default value is
2511.Pa /var/crash .
2512Set to
2513.Dq Li NO
2514to not run
2515.Xr savecore 8
2516at boot time when
2517.Va dumpdir
2518is set.
2519.It Va savecore_flags
2520.Pq Vt str
2521If crash dumps are enabled, these are the flags to pass to the
2522.Xr savecore 8
2523utility.
2524.It Va enable_quotas
2525.Pq Vt bool
2526Set to
2527.Dq Li YES
2528to turn on user disk quotas on system startup via the
2529.Xr quotaon 8
2530command.
2531.It Va check_quotas
2532.Pq Vt bool
2533Set to
2534.Dq Li YES
2535to enable user disk quota checking via the
2536.Xr quotacheck 8
2537command.
2538.It Va accounting_enable
2539.Pq Vt bool
2540Set to
2541.Dq Li YES
2542to enable system accounting through the
2543.Xr accton 8
2544facility.
2545.It Va ibcs2_enable
2546.Pq Vt bool
2547Set to
2548.Dq Li YES
2549to enable iBCS2 (SCO) binary emulation at system initial boot
2550time.
2551.It Va ibcs2_loaders
2552.Pq Vt str
2553If not set to
2554.Dq Li NO
2555and if
2556.Va ibcs2_enable
2557is set to
2558.Dq Li YES ,
2559this specifies a list of additional iBCS2 loaders to enable.
2560.It Va linux_enable
2561.Pq Vt bool
2562Set to
2563.Dq Li YES
2564to enable Linux/ELF binary emulation at system initial
2565boot time.
2566.It Va osf1_enable
2567.Pq Vt bool
2568Set to
2569.Dq Li YES
2570to enable OSF/1 (Digital UNIX) binary emulation at system
2571initial boot time.
2572(alpha)
2573.It Va svr4_enable
2574.Pq Vt bool
2575If set to
2576.Dq Li YES ,
2577enable SysVR4 emulation at boot time.
2578.It Va sysvipc_enable
2579.Pq Vt bool
2580If set to
2581.Dq Li YES ,
2582load System V IPC primitives at boot time.
2583.It Va clear_tmp_enable
2584.Pq Vt bool
2585Set to
2586.Dq Li YES
2587to have
2588.Pa /tmp
2589cleaned at startup.
2590.It Va ldconfig_paths
2591.Pq Vt str
2592Set to the list of shared library paths to use with
2593.Xr ldconfig 8 .
2594NOTE:
2595.Pa /usr/lib
2596will always be added first, so it need not appear in this list.
2597.It Va ldconfig_paths_aout
2598.Pq Vt str
2599Set to the list of shared library paths to use with
2600.Xr ldconfig 8
2601legacy
2602.Xr a.out 5
2603support.
2604.It Va ldconfig_insecure
2605.Pq Vt bool
2606The
2607.Xr ldconfig 8
2608utility normally refuses to use directories
2609which are writable by anyone except root.
2610Set this variable to
2611.Dq Li YES
2612to disable that security check during system startup.
2613.It Va kern_securelevel_enable
2614.Pq Vt bool
2615Set to
2616.Dq Li YES
2617to set the kernel security level at system startup.
2618.It Va kern_securelevel
2619.Pq Vt int
2620The kernel security level to set at startup.
2621The allowed range of
2622.Ar value
2623ranges from \-1 (the compile time default) to 3 (the
2624most secure).
2625See
2626.Xr init 8
2627for the list of possible security levels and their effect
2628on system operation.
2629.It Va lomac_enable
2630.Pq Vt bool
2631Set to
2632.Dq Li YES
2633to enable Low Watermark Mandatory Access Control (LOMAC) at boot time.
2634This security model enforces integrity constraints for system processes;
2635see
2636.Xr mac_lomac 4
2637for a complete description of the LOMAC model, as well as its impact
2638on system operation.
2639.It Va sshd_program
2640.Pq Vt str
2641Path to the SSH server program
2642.Pa ( /usr/sbin/sshd
2643is the default).
2644.It Va sshd_enable
2645.Pq Vt bool
2646Set to
2647.Dq Li YES
2648to start
2649.Xr sshd 8
2650at system boot time.
2651.It Va sshd_flags
2652.Pq Vt str
2653If
2654.Va sshd_enable
2655is set to
2656.Dq Li YES ,
2657these are the flags to pass to the
2658.Xr sshd 8
2659daemon.
2660.It Va usbd_enable
2661.Pq Vt bool
2662If set to
2663.Dq Li YES ,
2664run the
2665.Xr usbd 8
2666daemon at boot time.
2667.It Va usbd_flags
2668.Pq Vt str
2669If
2670.Va usbd_enable
2671is set to
2672.Dq Li YES ,
2673these are the flags passed to the
2674.Xr usbd 8
2675daemon.
2676.It Va watchdogd_enable
2677.Pq Vt bool
2678If set to
2679.Dq Li YES ,
2680start the
2681.Xr watchdogd 8
2682daemon at boot time.
2683This requires that the kernel have been compiled with a
2684.Xr watchdog 4
2685compatible device.
2686.It Va watchdogd_flags
2687.Pq Vt str
2688If
2689.Va watchdogd_enable
2690is set to
2691.Dq Li YES ,
2692these are the flags passed to the
2693.Xr watchdogd 8
2694daemon.
2695.It Va performance_cx_lowest
2696.Pq Vt str
2697CPU idle state to use while on AC power.
2698The string
2699.Dq Li LOW
2700indicates that
2701.Xr acpi 4
2702should use the lowest power state available while
2703.Dq Li HIGH
2704indicates that the lowest latency state (less power savings) should be used.
2705.It Va performance_cpu_freq
2706.Pq Vt str
2707CPU clock frequency to use while on AC power.
2708The string
2709.Dq Li LOW
2710indicates that
2711.Xr cpufreq 4
2712should use the lowest frequency available while
2713.Dq Li HIGH
2714indicates that the highest frequency (less power savings) should be used.
2715.It Va economy_cx_lowest
2716.Pq Vt str
2717CPU idle state to use when off AC power.
2718The string
2719.Dq Li LOW
2720indicates that
2721.Xr acpi 4
2722should use the lowest power state available while
2723.Dq Li HIGH
2724indicates that the lowest latency state (less power savings) should be used.
2725.It Va economy_cpu_freq
2726.Pq Vt str
2727CPU clock frequency to use when off AC power.
2728The string
2729.Dq Li LOW
2730indicates that
2731.Xr cpufreq 4
2732should use the lowest frequency available while
2733.Dq Li HIGH
2734indicates that the highest frequency (less power savings) should be used.
2735.It Va jail_enable
2736.Pq Vt bool
2737If set to
2738.Dq Li NO ,
2739any configured jails will not be started.
2740.It Va jail_list
2741.Pq Vt str
2742A space separated list of names for jails.
2743This is purely a configuration aid to help identify and
2744configure multiple jails.
2745The names specified in this list will be used to
2746identify settings common to an instance of a jail.
2747Assuming that the jail in question was named
2748.Li vjail ,
2749you would have the following dependant variables:
2750.Bd -literal
2751jail_vjail_hostname="jail.example.com"
2752jail_vjail_ip="192.168.1.100"
2753jail_vjail_rootdir="/var/jails/vjail/root"
2754jail_vjail_exec="/bin/sh /etc/rc"
2755.Ed
2756.Pp
2757The last one is optional.
2758It defaults to
2759.Pa /etc/rc
2760if it is not set.
2761.It Va jail_set_hostname_allow
2762.Pq Vt bool
2763If set to
2764.Dq Li NO ,
2765do not allow the root user in a jail to set its hostname.
2766.It Va jail_socket_unixiproute_only
2767.Pq Vt bool
2768If set to
2769.Dq Li NO ,
2770do not allow any protocol,
2771besides TCP/IP,
2772to be used within a jail.
2773.It Va jail_sysvipc_allow
2774.Pq Vt bool
2775If set to
2776.Dq Li YES ,
2777allow applications within a jail to use System V IPC.
2778.It Va unaligned_print
2779.Pq Vt bool
2780If set to
2781.Dq Li NO ,
2782unaligned access warnings will not be printed.
2783(alpha)
2784.\" ----- isdn settings ---------------------------------
2785.It Va isdn_enable
2786.Pq Vt bool
2787Set to
2788.Dq Li NO
2789by default.
2790When set to
2791.Dq Li YES ,
2792starts the
2793.Xr isdnd 8
2794daemon
2795at system boot time.
2796.It Va isdn_flags
2797.Pq Vt str
2798Set to
2799.Dq Fl d Ns Cm n Fl d Ns Li 0x1f9
2800by default.
2801Additional flags to pass to
2802.Xr isdnd 8
2803(but see
2804.Va isdn_fsdev
2805and
2806.Va isdn_ttype
2807for certain tunable parameters).
2808.It Va isdn_ttype
2809.Pq Vt str
2810Set to
2811.Dq Li cons25
2812by default.
2813The terminal type of the output device when
2814.Xr isdnd 8
2815operates in full-screen mode.
2816.It Va isdn_screenflags
2817.Pq Vt str
2818Set to
2819.Dq Li NO
2820by default.
2821The video mode for full-screen mode (only for
2822.Xr syscons 4
2823console driver, see
2824.Xr vidcontrol 1
2825for valid modes).
2826.It Va isdn_fsdev
2827.Pq Vt str
2828Set to
2829.Dq Li NO
2830by default.
2831The output device for
2832.Xr isdnd 8
2833in full-screen mode (or
2834.Dq Li NO
2835for daemon mode).
2836.It Va isdn_trace
2837.Pq Vt bool
2838Set to
2839.Dq Li NO
2840by default.
2841When set to
2842.Dq Li YES ,
2843enables the ISDN protocol trace utility
2844.Xr isdntrace 8
2845at system boot time.
2846.It Va isdn_traceflags
2847.Pq Vt str
2848Set to
2849.Dq Fl f Pa /var/tmp/isdntrace0
2850by default.
2851Flags for
2852.Xr isdntrace 8 .
2853.\" -----------------------------------------------------
2854.It Va pcvt_verbose
2855.Pq Vt bool
2856Set to
2857.Dq Li NO
2858by default.
2859When set to
2860.Dq Li YES ,
2861verbose messages about the actions done by the start script are displayed.
2862.Em Note :
2863the
2864.Xr pcvt 4
2865driver must be compiled into the kernel before the
2866.Xr pcvt 4
2867related
2868options described here take any effect.
2869.It Va pcvt_keymap
2870.Pq Vt str
2871Set to
2872.Dq Li NO
2873by default.
2874Use this to configure a national keyboard mapping found in the
2875.Pa /usr/share/misc/keycap.pcvt
2876file of keyboard mappings.
2877(See also the manual pages
2878.Xr keycap 5
2879and
2880.Xr keycap 3
2881for usage of
2882.Xr pcvt 4 Ns 's
2883keycap database and the manual page
2884.Xr kcon 1
2885option
2886.Fl m
2887for national keyboard mapping configuration.)
2888.It Va pcvt_keydel
2889.Pq Vt int
2890Set to
2891.Dq Li NO
2892by default.
2893Used to set the keyboard key repeat delay value.
2894Valid values are
2895in the range 0..3 for delay values of 250, 500, 750 and 1000 msec.
2896(See also the
2897.Xr kcon 1
2898manual page.)
2899.It Va pcvt_keyrate
2900.Pq Vt int
2901Set to
2902.Dq Li NO
2903by default.
2904Used to set the keyboard key repetition rate value.
2905Valid values are
2906in the range 0..31 for repetition values of 2..30 characters per second.
2907.It Va pcvt_keyrepeat
2908.Pq Vt bool
2909Set to
2910.Dq Li NO
2911by default.
2912Set to
2913.Dq Li YES
2914to enable automatic keyboard key repeating.
2915.It Va pcvt_force24
2916.Pq Vt bool
2917Set to
2918.Dq Li NO
2919by default.
2920Set to
2921.Dq Li YES
2922to force
2923.Xr pcvt 4
2924to use 24 lines only (in 25 lines mode) for compatibility
2925with the original
2926.Tn VT220
2927terminal.
2928.It Va pcvt_hpext
2929.Pq Vt bool
2930Set to
2931.Dq Li NO
2932by default.
2933Set to
2934.Dq Li YES
2935to enable the display and functionality of function key labels (as found
2936on
2937.Tn Hewlett-Packard
2938terminals such as the
2939.Tn HP2392A
2940and the
2941.Tn HP700/92
2942in
2943.Tn ANSI
2944mode).
2945.It Va pcvt_lines
2946.Pq Vt int
2947Set to
2948.Dq Li NO
2949by default resulting in a value of 25.
2950Used to set the number of lines on the screen.
2951For VGA displays, valid
2952values are 25, 28, 40 and 50 lines.
2953(See also the
2954.Xr scon 1
2955manual page.)
2956.It Va pcvt_blanktime
2957.Pq Vt int
2958Set to
2959.Dq Li NO
2960by default.
2961Used to set the screen saver timeout in seconds for values greater than
2962zero.
2963.It Va pcvt_cursorh
2964.Pq Vt int
2965Set to
2966.Dq Li NO
2967by default.
2968Used to set the cursor top scanline.
2969(See also the
2970.Xr cursor 1
2971manual page.)
2972.It Va pcvt_cursorl
2973.Pq Vt int
2974Set to
2975.Dq Li NO
2976by default.
2977Used to set the cursor bottom scanline.
2978.It Va pcvt_monohigh
2979.Pq Vt bool
2980Set to
2981.Dq Li NO
2982by default.
2983Set to
2984.Dq Li YES
2985to set intensity to high on monochrome monitors.
2986(See also the
2987.Xr scon 1
2988manual page, option
2989.Fl p ,
2990for more information on changing VGA palette
2991values.)
2992.It Va harvest_interrupt
2993.Pq Vt bool
2994Set to
2995.Dq Li YES
2996to use hardware interrupts as an entropy source.
2997Refer to
2998.Xr random 4
2999for more information.
3000.It Va harvest_ethernet
3001.Pq Vt bool
3002Set to
3003.Dq Li YES
3004to use LAN traffic as an entropy source.
3005Refer to
3006.Xr random 4
3007for more information.
3008.It Va harvest_p_to_p
3009.Pq Vt bool
3010Set to
3011.Dq Li YES
3012to use serial line traffic as an entropy source.
3013Refer to
3014.Xr random 4
3015for more information.
3016.It Va entropy_dir
3017.Pq Vt str
3018Set to
3019.Dq Li NO
3020to disable caching entropy via
3021.Xr cron 8 .
3022Otherwise set to the directory used to store entropy files in.
3023.It Va entropy_file
3024.Pq Vt str
3025Set to
3026.Dq Li NO
3027to disable caching entropy through reboots.
3028Otherwise set to the filename used to store cached entropy through
3029reboots.
3030This file should be located on the root file system to seed the
3031.Xr random 4
3032device as early as possible in the boot process.
3033.It Va entropy_save_sz
3034.Pq Vt int
3035Size of the entropy cache files saved by
3036.Nm save-entropy
3037periodically.
3038.It Va entropy_save_num
3039.Pq Vt int
3040Number of entropy cache files to save by
3041.Nm save-entropy
3042periodically.
3043.It Va ipsec_enable
3044.Pq Vt bool
3045Set to
3046.Dq Li YES
3047to run
3048.Xr setkey 8
3049on
3050.Va ipsec_file
3051at boot time.
3052.It Va ipsec_file
3053.Pq Vt str
3054Configuration file for
3055.Xr setkey 8 .
3056.It Va dmesg_enable
3057.Pq Vt bool
3058Set to
3059.Dq Li YES
3060to save
3061.Xr dmesg 8
3062to
3063.Pa /var/run/dmesg.boot
3064on boot.
3065.It Va rcshutdown_timeout
3066.Pq Vt int
3067If set, start a watchdog timer in the background which will terminate
3068.Pa rc.shutdown
3069if
3070.Xr shutdown 8
3071has not completed within the specified time (in seconds).
3072.It Va virecover_enable
3073.Pq Vt bool
3074Set to
3075.Dq Li NO
3076to prevent the system from trying to
3077recover pre-maturely terminated
3078.Xr vi 1
3079sessions.
3080.It Va ugidfw_enable
3081.Pq Vt bool
3082Set to
3083.Dq Li YES
3084to load the
3085.Xr mac_bsdextended 4
3086module upon system initialization and load a default
3087ruleset file.
3088.It Va bsdextended_script
3089.Pq Vt str
3090The default
3091.Xr mac_bsdextended 4
3092ruleset file to load.
3093The default value of this variable is
3094.Pa /etc/rc.bsdextended .
3095.It Va ramdisk_units
3096.Pq Vt str
3097A list of one or more ramdisk units to configure with
3098.Xr mdconfig 8
3099and
3100.Xr newfs 8
3101in time to be mounted from
3102.Xr fstab 5 .
3103Each listed unit
3104.Ar X
3105must specify at least a
3106.Ar type
3107in a
3108.Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3109variable.
3110.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _config
3111.Pq Vt str
3112Arguments to
3113.Xr mdconfig 8
3114for ramdisk
3115.Ar X .
3116At minimum a
3117.Fl t Ar type
3118must be specified, where
3119.Ar type
3120must be one of
3121.Cm malloc
3122or
3123.Cm swap .
3124.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _newfs
3125.Pq Vt str
3126Optional arguments passed to
3127.Xr newfs 8
3128to initialize ramdisk
3129.Ar X .
3130.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _owner
3131.Pq Vt str
3132An ownership specification passed to
3133.Xr chown 8
3134after the specified ramdisk unit
3135.Ar X
3136has been mounted.
3137Both the
3138.Xr md 4
3139device and the mount point will be changed.
3140.It Va ramdisk_ Ns Ao Ar X Ac Ns Va _perms
3141.Pq Vt str
3142A mode string passed to
3143.Xr chmod 1
3144after the specified ramdisk unit
3145.Ar X
3146has been mounted.
3147Both the
3148.Xr md 4
3149device and the mount point will be changed.
3150.El
3151.Sh FILES
3152.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
3153.It Pa /etc/defaults/rc.conf
3154.It Pa /etc/rc.conf
3155.It Pa /etc/rc.conf.local
3156.El
3157.Sh SEE ALSO
3158.Xr catman 1 ,
3159.Xr chmod 1 ,
3160.Xr gdb 1 ,
3161.Xr info 1 ,
3162.Xr kbdcontrol 1 ,
3163.Xr makewhatis 1 ,
3164.Xr vi 1 ,
3165.Xr vidcontrol 1 ,
3166.Xr ip 4 ,
3167.Xr kld 4 ,
3168.Xr tcp 4 ,
3169.Xr udp 4 ,
3170.Xr exports 5 ,
3171.Xr motd 5 ,
3172.Xr newsyslog.conf 5 ,
3173.Xr accton 8 ,
3174.Xr amd 8 ,
3175.Xr apm 8 ,
3176.Xr atm 8 ,
3177.Xr chown 8 ,
3178.Xr cron 8 ,
3179.Xr dhclient 8 ,
3180.Xr ifconfig 8 ,
3181.Xr inetd 8 ,
3182.Xr isdnd 8 ,
3183.Xr isdntrace 8 ,
3184.Xr kldxref 8 ,
3185.Xr lpd 8 ,
3186.Xr mdconfig 8 ,
3187.Xr mdmfs 8 ,
3188.Xr mountd 8 ,
3189.Xr moused 8 ,
3190.Xr mrouted 8 ,
3191.Xr named 8 ,
3192.Xr newfs 8 ,
3193.Xr nfsd 8 ,
3194.Xr ntpd 8 ,
3195.Xr ntpdate 8 ,
3196.Xr pcnfsd 8 ,
3197.Xr quotacheck 8 ,
3198.Xr quotaon 8 ,
3199.Xr rc 8 ,
3200.Xr rc.sendmail 8 ,
3201.Xr route 8 ,
3202.Xr routed 8 ,
3203.Xr rpcbind 8 ,
3204.Xr rpc.lockd 8 ,
3205.Xr rpc.statd 8 ,
3206.Xr rwhod 8 ,
3207.Xr savecore 8 ,
3208.Xr sshd 8 ,
3209.Xr swapon 8 ,
3210.Xr sysctl 8 ,
3211.Xr syslogd 8 ,
3212.Xr timed 8 ,
3213.Xr usbd 8 ,
3214.Xr yp 8 ,
3215.Xr ypbind 8 ,
3216.Xr ypserv 8 ,
3217.Xr ypset 8
3218.Sh HISTORY
3219The
3220.Nm
3221file appeared in
3222.Fx 2.2.2 .
3223.Sh AUTHORS
3224.An Jordan K. Hubbard .
3225