1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd March 21, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va devmatch_enable 255.Pq Vt bool 256If set to 257.Dq Li NO , 258disable auto-loading of kernel modules with 259.Xr devmatch 8 . 260.It Va devmatch_blacklist 261.Pq Vt str 262A whitespace-separated list of kernel modules to be ignored by 263.Xr devmatch 8 . 264.It Va kld_list 265.Pq Vt str 266A whitespace-separated list of kernel modules to load right after 267the local disks are mounted, without any 268.Pa .ko 269extension or path. 270Loading modules at this point in the boot process is 271much faster than doing it via 272.Pa /boot/loader.conf 273for those modules not necessary for mounting local disks. 274.It Va kldxref_enable 275.Pq Vt bool 276Set to 277.Dq Li NO 278by default. 279Set to 280.Dq Li YES 281to automatically rebuild 282.Pa linker.hints 283files with 284.Xr kldxref 8 285at boot time. 286.It Va kldxref_clobber 287.Pq Vt bool 288Set to 289.Dq Li NO 290by default. 291If 292.Va kldxref_enable 293is true, 294setting to 295.Dq Li YES 296will overwrite existing 297.Pa linker.hints 298files at boot time. 299Otherwise, 300only missing 301.Pa linker.hints 302files are generated. 303.It Va kldxref_module_path 304.Pq Vt str 305Empty by default. 306A semi-colon 307.Pq Ql \&; 308delimited list of paths containing 309.Xr kld 4 310modules. 311If empty, 312the contents of the 313.Va kern.module_path 314.Xr sysctl 8 315are used. 316.It Va powerd_enable 317.Pq Vt bool 318If set to 319.Dq Li YES , 320enable the system power control facility with the 321.Xr powerd 8 322daemon. 323.It Va powerd_flags 324.Pq Vt str 325If 326.Va powerd_enable 327is set to 328.Dq Li YES , 329these are the flags to pass to the 330.Xr powerd 8 331daemon. 332.It Va tmpmfs 333Controls the creation of a 334.Pa /tmp 335memory file system. 336Always happens if set to 337.Dq Li YES 338and never happens if set to 339.Dq Li NO . 340If set to anything else, a memory file system is created if 341.Pa /tmp 342is not writable. 343.It Va tmpsize 344Controls the size of a created 345.Pa /tmp 346memory file system. 347.It Va tmpmfs_flags 348Extra options passed to the 349.Xr mdmfs 8 350utility when the memory file system for 351.Pa /tmp 352is created. 353The default is 354.Dq Li "-S" , 355which inhibits the use of softupdates on 356.Pa /tmp 357so that file system space is freed without delay 358after file truncation or deletion. 359See 360.Xr mdmfs 8 361for other options you can use in 362.Va tmpmfs_flags . 363.It Va varmfs 364Controls the creation of a 365.Pa /var 366memory file system. 367Always happens if set to 368.Dq Li YES 369and never happens if set to 370.Dq Li NO . 371If set to anything else, a memory file system is created if 372.Pa /var 373is not writable. 374.It Va varsize 375Controls the size of a created 376.Pa /var 377memory file system. 378.It Va varmfs_flags 379Extra options passed to the 380.Xr mdmfs 8 381utility when the memory file system for 382.Pa /var 383is created. 384The default is 385.Dq Li "-S" , 386which inhibits the use of softupdates on 387.Pa /var 388so that file system space is freed without delay 389after file truncation or deletion. 390See 391.Xr mdmfs 8 392for other options you can use in 393.Va varmfs_flags . 394.It Va populate_var 395Controls the automatic population of the 396.Pa /var 397file system. 398Always happens if set to 399.Dq Li YES 400and never happens if set to 401.Dq Li NO . 402If set to anything else, a memory file system is created if 403.Pa /var 404is not writable. 405Note that this process requires access to certain commands in 406.Pa /usr 407before 408.Pa /usr 409is mounted on normal systems. 410.It Va cleanvar_enable 411.Pq Vt bool 412Clean the 413.Pa /var 414directory. 415.It Va local_startup 416.Pq Vt str 417List of directories to search for startup script files. 418.It Va script_name_sep 419.Pq Vt str 420The field separator to use for breaking down the list of startup script files 421into individual filenames. 422The default is a space. 423It is not necessary to change this unless there are startup scripts with names 424containing spaces. 425.It Va hostapd_enable 426.Pq Vt bool 427Set to 428.Dq Li YES 429to start 430.Xr hostapd 8 431at system boot time. 432.It Va hostname 433.Pq Vt str 434The fully qualified domain name (FQDN) of this host on the network. 435This should almost certainly be set to something meaningful, even if 436there is no network connection. 437If 438.Xr dhclient 8 439is used to set the hostname via DHCP, 440this variable should be set to an empty string. 441Within a 442.Xr jail 8 443the hostname is generally already set and this variable may be absent. 444If this value remains unset when the system is done booting 445your console login will display the default hostname of 446.Dq Amnesiac . 447.It Va nisdomainname 448.Pq Vt str 449The NIS domain name of this host, or 450.Dq Li NO 451if NIS is not used. 452.It Va dhclient_program 453.Pq Vt str 454Path to the DHCP client program 455.Pa ( /sbin/dhclient , 456the 457.Ox 458DHCP client, 459is the default). 460.It Va dhclient_flags 461.Pq Vt str 462Additional flags to pass to the DHCP client program. 463For the 464.Ox 465DHCP client, see the 466.Xr dhclient 8 467manpage for a description of the command line options available. 468.It Va dhclient_flags_ Ns Aq Ar iface 469Additional flags to pass to the DHCP client program running on 470.Ar iface 471only. 472When specified, this variable overrides 473.Va dhclient_flags . 474.It Va background_dhclient 475.Pq Vt bool 476Set to 477.Dq Li YES 478to start the DHCP client in background. 479This can cause trouble with applications depending on 480a working network, but it will provide a faster startup 481in many cases. 482.It Va background_dhclient_ Ns Aq Ar iface 483When specified, this variable overrides the 484.Va background_dhclient 485variable for interface 486.Ar iface 487only. 488.It Va synchronous_dhclient 489.Pq Vt bool 490Set to 491.Dq Li YES 492to start 493.Xr dhclient 8 494synchronously at startup. 495This behavior can be overridden on a per-interface basis by replacing 496the 497.Dq Li DHCP 498keyword in the 499.Va ifconfig_ Ns Aq Ar interface 500variable with 501.Dq Li SYNCDHCP 502or 503.Dq Li NOSYNCDHCP . 504.It Va defaultroute_delay 505.Pq Vt int 506When set to a positive value, wait up to this long after configuring 507DHCP interfaces at startup to give the interfaces time to receive a lease. 508.It Va firewall_enable 509.Pq Vt bool 510Set to 511.Dq Li YES 512to load firewall rules at startup. 513If the kernel was not built with 514.Cd "options IPFIREWALL" , 515the 516.Pa ipfw.ko 517kernel module will be loaded. 518See also 519.Va ipfilter_enable . 520.It Va firewall_script 521.Pq Vt str 522This variable specifies the full path to the firewall script to run. 523The default is 524.Pa /etc/rc.firewall . 525.It Va firewall_type 526.Pq Vt str 527Names the firewall type from the selection in 528.Pa /etc/rc.firewall , 529or the file which contains the local firewall ruleset. 530Valid selections from 531.Pa /etc/rc.firewall 532are: 533.Pp 534.Bl -tag -width ".Li workstation" -compact 535.It Li open 536unrestricted IP access 537.It Li closed 538all IP services disabled, except via 539.Dq Li lo0 540.It Li client 541basic protection for a workstation 542.It Li workstation 543basic protection for a workstation using stateful firewalling 544.It Li simple 545basic protection for a LAN. 546.El 547.Pp 548If a filename is specified, the full path 549must be given. 550.Pp 551Most of the predefined rulesets define additional configuration variables. 552These are documented in 553.Pa /etc/rc.firewall . 554.It Va firewall_quiet 555.Pq Vt bool 556Set to 557.Dq Li YES 558to disable the display of firewall rules on the console during boot. 559.It Va firewall_logging 560.Pq Vt bool 561Set to 562.Dq Li YES 563to enable firewall event logging. 564This is equivalent to the 565.Dv IPFIREWALL_VERBOSE 566kernel option. 567.It Va firewall_logif 568.Pq Vt bool 569Set to 570.Dq Li YES 571to create pseudo interface 572.Li ipfw0 573for logging. 574For more details, see 575.Xr ipfw 8 576manual page. 577.It Va firewall_flags 578.Pq Vt str 579Flags passed to 580.Xr ipfw 8 581if 582.Va firewall_type 583specifies a filename. 584.It Va firewall_coscripts 585.Pq Vt str 586List of executables and/or rc scripts to run after firewall starts/stops. 587Default is empty. 588.\" ----- firewall_nat_enable setting -------------------------------- 589.It Va firewall_nat_enable 590.Pq Vt bool 591The 592.Xr ipfw 8 593equivalent of 594.Va natd_enable . 595Setting this to 596.Dq Li YES 597will automatically load the 598.Xr ipfw 8 599NAT kernel module if 600.Va firewall_enable 601is also set to 602.Dq Li YES . 603.It Va firewall_nat_interface 604.Pq Vt str 605The 606.Xr ipfw 8 607equivalent of 608.Va natd_interface . 609This is the name of the public interface or IP address on which 610kernel NAT should run. 611.It Va firewall_nat_flags 612.Pq Vt str 613Additional configuration parameters for kernel NAT should be placed here. 614.It Va firewall_nat64_enable 615.Pq Vt bool 616Setting this to 617.Dq Li YES 618will automatically load the 619.Xr ipfw 8 620NAT64 kernel module if 621.Va firewall_enable 622is also set to 623.Dq Li YES . 624.It Va firewall_nptv6_enable 625.Pq Vt bool 626Setting this to 627.Dq Li YES 628will automatically load the 629.Xr ipfw 8 630NPTv6 kernel module if 631.Va firewall_enable 632is also set to 633.Dq Li YES . 634.It Va firewall_pmod_enable 635.Pq Vt bool 636Setting this to 637.Dq Li YES 638will automatically load the 639.Xr ipfw 8 640pmod kernel module if 641.Va firewall_enable 642is also set to 643.Dq Li YES . 644.It Va dummynet_enable 645.Pq Vt bool 646Setting this to 647.Dq Li YES 648will automatically load the 649.Xr dummynet 4 650module if 651.Va firewall_enable 652is also set to 653.Dq Li YES . 654.\" ------------------------------------------------------------------- 655.It Va ipfw_netflow_enable 656.Pq Vt bool 657Setting this to 658.Dq Li YES 659will enable netflow logging via 660.Xr ng_netflow 4 661.Pp 662By default a ipfw rule is inserted and all packets are duplicated with 663the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 664port using protocol version 5. 665.It Va ipfw_netflow_hook 666.Pq Vt int 667netflow hook name, must be numerical 668(default 669.Pa 9995 ) . 670.It Va ipfw_netflow_rule 671.Pq Vt int 672ipfw rule number 673(default 674.Pa 1000 ) . 675.It Va ipfw_netflow_ip 676.Pq Vt str 677Destination server ip for receiving netflow data 678(default 679.Pa 127.0.0.1 ) . 680.It Va ipfw_netflow_port 681.Pq Vt int 682Destination server port for receiving netflow data 683(default 684.Pa 9995 ) . 685.It Va ipfw_netflow_version 686.Pq Vt int 687Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 688.It Va ipfw_netflow_fib 689.Pq Vt int 690Only match packet in FIB 691.Pa ipfw_netflow_fib 692(default is undefined meaning all FIBs). 693.It Va natd_program 694.Pq Vt str 695Path to 696.Xr natd 8 . 697.It Va natd_enable 698.Pq Vt bool 699Set to 700.Dq Li YES 701to enable 702.Xr natd 8 . 703.Va firewall_enable 704must also be set to 705.Dq Li YES , 706and 707.Xr divert 4 708sockets must be enabled in the kernel. 709If the kernel was not built with 710.Cd "options IPDIVERT" , 711the 712.Pa ipdivert.ko 713kernel module will be loaded. 714.It Va natd_interface 715.Pq Vt str 716This is the name of the public interface on which 717.Xr natd 8 718should run. 719The interface may be given as an interface name or as an IP address. 720.It Va natd_flags 721.Pq Vt str 722Additional 723.Xr natd 8 724flags should be placed here. 725The 726.Fl n 727or 728.Fl a 729flag is automatically added with the above 730.Va natd_interface 731as an argument. 732.\" ----- ipfilter_enable setting -------------------------------- 733.It Va ipfilter_enable 734.Pq Vt bool 735Set to 736.Dq Li NO 737by default. 738Setting this to 739.Dq Li YES 740enables 741.Xr ipf 8 742packet filtering. 743.Pp 744Typical usage will require putting 745.Bd -literal 746ipfilter_enable="YES" 747ipnat_enable="YES" 748ipmon_enable="YES" 749ipfs_enable="YES" 750.Ed 751.Pp 752into 753.Pa /etc/rc.conf 754and editing 755.Pa /etc/ipf.rules 756and 757.Pa /etc/ipnat.rules 758appropriately. 759.Pp 760Note that 761.Va ipfilter_enable 762and 763.Va ipnat_enable 764can be enabled independently. 765.Va ipmon_enable 766and 767.Va ipfs_enable 768both require at least one of 769.Va ipfilter_enable 770and 771.Va ipnat_enable 772to be enabled. 773.Pp 774Having 775.Bd -literal 776options IPFILTER 777options IPFILTER_LOG 778options IPFILTER_DEFAULT_BLOCK 779.Ed 780.Pp 781in the kernel configuration file is a good idea, too. 782.\" ----- ipfilter_program setting ------------------------------ 783.It Va ipfilter_program 784.Pq Vt str 785Path to 786.Xr ipf 8 787(default 788.Pa /sbin/ipf ) . 789.\" ----- ipfilter_rules setting -------------------------------- 790.It Va ipfilter_rules 791.Pq Vt str 792Set to 793.Pa /etc/ipf.rules 794by default. 795This variable contains the name of the filter rule definition file. 796The file is expected to be readable for the 797.Xr ipf 8 798command to execute. 799.\" ----- ipfilter_flags setting -------------------------------- 800.It Va ipfilter_flags 801.Pq Vt str 802Empty by default. 803This variable contains flags passed to the 804.Xr ipf 8 805program. 806.\" ----- ipnat_enable setting ---------------------------------- 807.It Va ipnat_enable 808.Pq Vt bool 809Set to 810.Dq Li NO 811by default. 812Set it to 813.Dq Li YES 814to enable 815.Xr ipnat 8 816network address translation. 817See 818.Va ipfilter_enable 819for a detailed discussion. 820.\" ----- ipnat_program setting --------------------------------- 821.It Va ipnat_program 822.Pq Vt str 823Path to 824.Xr ipnat 8 825(default 826.Pa /sbin/ipnat ) . 827.\" ----- ipnat_rules setting ----------------------------------- 828.It Va ipnat_rules 829.Pq Vt str 830Set to 831.Pa /etc/ipnat.rules 832by default. 833This variable contains the name of the file 834holding the network address translation definition. 835This file is expected to be readable for the 836.Xr ipnat 8 837command to execute. 838.\" ----- ipnat_flags setting ----------------------------------- 839.It Va ipnat_flags 840.Pq Vt str 841Empty by default. 842This variable contains flags passed to the 843.Xr ipnat 8 844program. 845.\" ----- ipmon_enable setting ---------------------------------- 846.It Va ipmon_enable 847.Pq Vt bool 848Set to 849.Dq Li NO 850by default. 851Set it to 852.Dq Li YES 853to enable 854.Xr ipmon 8 855monitoring (logging 856.Xr ipf 8 857and 858.Xr ipnat 8 859events). 860Setting this variable needs setting 861.Va ipfilter_enable 862or 863.Va ipnat_enable 864too. 865See 866.Va ipfilter_enable 867for a detailed discussion. 868.\" ----- ipmon_program setting --------------------------------- 869.It Va ipmon_program 870.Pq Vt str 871Path to 872.Xr ipmon 8 873(default 874.Pa /sbin/ipmon ) . 875.\" ----- ipmon_flags setting ----------------------------------- 876.It Va ipmon_flags 877.Pq Vt str 878Set to 879.Dq Li -Ds 880by default. 881This variable contains flags passed to the 882.Xr ipmon 8 883program. 884Another typical example would be 885.Dq Fl D Pa /var/log/ipflog 886to have 887.Xr ipmon 8 888log directly to a file bypassing 889.Xr syslogd 8 . 890Make sure to adjust 891.Pa /etc/newsyslog.conf 892in such case like this: 893.Bd -literal 894/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 895.Ed 896.\" ----- ipfs_enable setting ----------------------------------- 897.It Va ipfs_enable 898.Pq Vt bool 899Set to 900.Dq Li NO 901by default. 902Set it to 903.Dq Li YES 904to enable 905.Xr ipfs 8 906saving the filter and NAT state tables during shutdown 907and reloading them during startup again. 908Setting this variable needs setting 909.Va ipfilter_enable 910or 911.Va ipnat_enable 912to 913.Dq Li YES 914too. 915See 916.Va ipfilter_enable 917for a detailed discussion. 918Note that if 919.Va kern_securelevel 920is set to 3, 921.Va ipfs_enable 922cannot be used 923because the raised securelevel will prevent 924.Xr ipfs 8 925from saving the state tables at shutdown time. 926.\" ----- ipfs_program setting ---------------------------------- 927.It Va ipfs_program 928.Pq Vt str 929Path to 930.Xr ipfs 8 931(default 932.Pa /sbin/ipfs ) . 933.\" ----- ipfs_flags setting ------------------------------------ 934.It Va ipfs_flags 935.Pq Vt str 936Empty by default. 937This variable contains flags passed to the 938.Xr ipfs 8 939program. 940.\" ----- end of added ipf hook --------------------------------- 941.It Va pf_enable 942.Pq Vt bool 943Set to 944.Dq Li NO 945by default. 946Setting this to 947.Dq Li YES 948enables 949.Xr pf 4 950packet filtering. 951.Pp 952Typical usage will require putting 953.Pp 954.Dl pf_enable="YES" 955.Pp 956into 957.Pa /etc/rc.conf 958and editing 959.Pa /etc/pf.conf 960appropriately. 961Adding 962.Pp 963.Dl "device pf" 964.Pp 965builds support for 966.Xr pf 4 967into the kernel, otherwise the 968kernel module will be loaded. 969.It Va pf_rules 970.Pq Vt str 971Path to 972.Xr pf 4 973ruleset configuration file 974(default 975.Pa /etc/pf.conf ) . 976.It Va pf_program 977.Pq Vt str 978Path to 979.Xr pfctl 8 980(default 981.Pa /sbin/pfctl ) . 982.It Va pf_flags 983.Pq Vt str 984If 985.Va pf_enable 986is set to 987.Dq Li YES , 988these flags are passed to the 989.Xr pfctl 8 990program when loading the ruleset. 991.It Va pflog_enable 992.Pq Vt bool 993Set to 994.Dq Li NO 995by default. 996Setting this to 997.Dq Li YES 998enables 999.Xr pflogd 8 1000which logs packets from the 1001.Xr pf 4 1002packet filter. 1003.It Va pflog_logfile 1004.Pq Vt str 1005If 1006.Va pflog_enable 1007is set to 1008.Dq Li YES 1009this controls where 1010.Xr pflogd 8 1011stores the logfile 1012(default 1013.Pa /var/log/pflog ) . 1014Check 1015.Pa /etc/newsyslog.conf 1016to adjust logfile rotation for this. 1017.It Va pflog_program 1018.Pq Vt str 1019Path to 1020.Xr pflogd 8 1021(default 1022.Pa /sbin/pflogd ) . 1023.It Va pflog_flags 1024.Pq Vt str 1025Empty by default. 1026This variable contains additional flags passed to the 1027.Xr pflogd 8 1028program. 1029.It Va pflog_instances 1030.Pq Vt str 1031If logging to more than one 1032.Xr pflog 4 1033interface is desired, 1034.Va pflog_instances 1035is set to the list of 1036.Xr pflogd 8 1037instances that should be started at system boot time. 1038If 1039.Va pflog_instances 1040is set, for each whitespace-separated 1041.Ar element 1042in the list, 1043.Ao Ar element Ac Ns Va _dev 1044and 1045.Ao Ar element Ac Ns Va _logfile 1046elements are assumed to exist. 1047.Ao Ar element Ac Ns Va _dev 1048must contain the 1049.Xr pflog 4 1050interface to be watched by the named 1051.Xr pflogd 8 1052instance. 1053.Ao Ar element Ac Ns Va _logfile 1054must contain the name of the logfile that will be used by the 1055.Xr pflogd 8 1056instance. 1057.It Va ftpproxy_enable 1058.Pq Vt bool 1059Set to 1060.Dq Li NO 1061by default. 1062Setting this to 1063.Dq Li YES 1064enables 1065.Xr ftp-proxy 8 1066which supports the 1067.Xr pf 4 1068packet filter in translating ftp connections. 1069.It Va ftpproxy_flags 1070.Pq Vt str 1071Empty by default. 1072This variable contains additional flags passed to the 1073.Xr ftp-proxy 8 1074program. 1075.It Va ftpproxy_instances 1076.Pq Vt str 1077Empty by default. 1078If multiple instances of 1079.Xr ftp-proxy 8 1080are desired at boot time, 1081.Va ftpproxy_instances 1082should contain a whitespace-separated list of instance names. 1083For each 1084.Ar element 1085in the list, a variable named 1086.Ao Ar element Ac Ns Va _flags 1087should be defined, containing the command-line flags to be passed to the 1088.Xr ftp-proxy 8 1089instance. 1090.It Va pfsync_enable 1091.Pq Vt bool 1092Set to 1093.Dq Li NO 1094by default. 1095Setting this to 1096.Dq Li YES 1097enables exposing 1098.Xr pf 4 1099state changes to other hosts over the network by means of 1100.Xr pfsync 4 . 1101The 1102.Va pfsync_syncdev 1103variable 1104must also be set then. 1105.It Va pfsync_syncdev 1106.Pq Vt str 1107Empty by default. 1108This variable specifies the name of the network interface 1109.Xr pfsync 4 1110should operate through. 1111It must be set accordingly if 1112.Va pfsync_enable 1113is set to 1114.Dq Li YES . 1115.It Va pfsync_syncpeer 1116.Pq Vt str 1117Empty by default. 1118This variable is optional. 1119By default, state change messages are sent out on the synchronisation 1120interface using IP multicast packets. 1121The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1122224.0.0.240. 1123When a peer address is specified using the 1124.Va pfsync_syncpeer 1125option, the peer address is used as a destination for the pfsync 1126traffic, and the traffic can then be protected using 1127.Xr ipsec 4 . 1128See the 1129.Xr pfsync 4 1130manpage for more details about using 1131.Xr ipsec 4 1132with 1133.Xr pfsync 4 1134interfaces. 1135.It Va pfsync_ifconfig 1136.Pq Vt str 1137Empty by default. 1138This variable can contain additional options to be passed to the 1139.Xr ifconfig 8 1140command used to set up 1141.Xr pfsync 4 . 1142.It Va tcp_extensions 1143.Pq Vt bool 1144Set to 1145.Dq Li YES 1146by default. 1147Setting this to 1148.Dq Li NO 1149disables certain TCP options as described by 1150.Rs 1151.%T "RFC 1323" 1152.Re 1153Setting this to 1154.Dq Li NO 1155might help remedy such problems with connections as randomly hanging 1156or other weird behavior. 1157Some network devices are known 1158to be broken with respect to these options. 1159.It Va log_in_vain 1160.Pq Vt int 1161Set to 0 by default. 1162The 1163.Xr sysctl 8 1164variables, 1165.Va net.inet.tcp.log_in_vain 1166and 1167.Va net.inet.udp.log_in_vain , 1168as described in 1169.Xr tcp 4 1170and 1171.Xr udp 4 , 1172are set to the given value. 1173.It Va tcp_keepalive 1174.Pq Vt bool 1175Set to 1176.Dq Li YES 1177by default. 1178Setting to 1179.Dq Li NO 1180will disable probing idle TCP connections to verify that the 1181peer is still up and reachable. 1182.It Va tcp_drop_synfin 1183.Pq Vt bool 1184Set to 1185.Dq Li NO 1186by default. 1187Setting to 1188.Dq Li YES 1189will cause the kernel to ignore TCP frames that have both 1190the SYN and FIN flags set. 1191This prevents OS fingerprinting, but may 1192break some legitimate applications. 1193.It Va icmp_drop_redirect 1194.Pq Vt bool 1195Set to 1196.Dq Li AUTO 1197by default. 1198This setting will be identical to 1199.Dq Li YES , 1200if a dynamicrouting daemon is enabled, because redirect processing may 1201cause performance issues for large routing tables. 1202If no such service is enabled, this setting behaves like a 1203.Dq Li NO . 1204Setting to 1205.Dq Li YES 1206will cause the kernel to ignore ICMP REDIRECT packets. 1207Setting to 1208.Dq Li NO 1209will cause the kernel to process ICMP REDIRECT packets. 1210Refer to 1211.Xr icmp 4 1212for more information. 1213.It Va icmp_log_redirect 1214.Pq Vt bool 1215Set to 1216.Dq Li NO 1217by default. 1218Setting to 1219.Dq Li YES 1220will cause the kernel to log ICMP REDIRECT packets. 1221Note that 1222the log messages are not rate-limited, so this option should only be used 1223for troubleshooting networks. 1224Refer to 1225.Xr icmp 4 1226for more information. 1227.It Va icmp_bmcastecho 1228.Pq Vt bool 1229Set to 1230.Dq Li YES 1231to respond to broadcast or multicast ICMP ping packets. 1232Refer to 1233.Xr icmp 4 1234for more information. 1235.It Va ip_portrange_first 1236.Pq Vt int 1237If not set to 1238.Dq Li NO , 1239this is the first port in the default portrange. 1240Refer to 1241.Xr ip 4 1242for more information. 1243.It Va ip_portrange_last 1244.Pq Vt int 1245If not set to 1246.Dq Li NO , 1247this is the last port in the default portrange. 1248Refer to 1249.Xr ip 4 1250for more information. 1251.It Va network_interfaces 1252.Pq Vt str 1253Set to the list of network interfaces to configure on this host or 1254.Dq Li AUTO 1255(the default) for all current interfaces. 1256Setting the 1257.Va network_interfaces 1258variable to anything other than the default is deprecated. 1259Interfaces that the administrator wishes to store configuration for, 1260but not start at boot should be configured with the 1261.Dq Li NOAUTO 1262keyword in their 1263.Va ifconfig_ Ns Aq Ar interface 1264variables as described below. 1265.Pp 1266An 1267.Va ifconfig_ Ns Aq Ar interface 1268variable is also assumed to exist for each value of 1269.Ar interface . 1270When an interface name contains any of the characters 1271.Dq Li .-/+ 1272they are translated to 1273.Dq Li _ 1274before lookup. 1275The variable can contain arguments to 1276.Xr ifconfig 8 , 1277as well as special case-insensitive keywords described below. 1278Such keywords are removed before passing the value to 1279.Xr ifconfig 8 1280while the order of the other arguments is preserved. 1281.Pp 1282It is possible to add IP alias entries using 1283.Xr ifconfig 8 1284syntax with the address family keyword such as 1285.Li inet . 1286Assuming that the interface in question was 1287.Li em0 , 1288it might look something like this: 1289.Bd -literal 1290ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1291ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1292.Ed 1293.Pp 1294It also possible to configure multiple IP addresses in Classless 1295Inter-Domain Routing 1296.Pq CIDR 1297address notation, 1298whose each address component can be a range like 1299.Li inet 192.0.2.5-23/24 1300or 1301.Li inet6 2001:db8:1-f::1/64 . 1302This notation allows address and prefix length part only, 1303not the other address modifiers. 1304Note that the maximum number of the generated addresses from a range 1305specification is limited to an integer value specified in 1306.Va netif_ipexpand_max 1307in 1308.Nm 1309because a small typo can unexpectedly generate a large number of addresses. 1310The default value is 1311.Li 2048 . 1312It can be increased by adding the following line into 1313.Nm : 1314.Bd -literal 1315netif_ipexpand_max="4096" 1316.Ed 1317.Pp 1318In the case of 1319.Li 192.0.2.5-23/24 , 1320the address 192.0.2.5 will be configured with the 1321netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1322the non-conflicting netmask /32 as explained in the 1323.Xr ifconfig 8 1324alias section. 1325Note that this special netmask handling is only for 1326.Li inet , 1327not for the other address families such as 1328.Li inet6 . 1329.Pp 1330With the interface in question being 1331.Li em0 , 1332an example could look like: 1333.Bd -literal 1334ifconfig_em0_alias2="inet 192.0.2.129/27" 1335ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1336.Ed 1337.Pp 1338and so on. 1339.Pp 1340Note that deprecated 1341.Va ipv4_addrs_ Ns Aq Ar interface 1342variable was supported for IPv4 CIDR address notation. 1343The 1344.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1345variable replaces it, though 1346.Va ipv4_addrs_ Ns Aq Ar interface 1347is still supported for backward compatibility. 1348.Pp 1349For each 1350.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1351entry with an address family keyword, 1352its contents are passed to 1353.Xr ifconfig 8 . 1354Execution stops at the first unsuccessful access, so if 1355something like this is present: 1356.Bd -literal 1357ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1358ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1359ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1360ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1361.Ed 1362.Pp 1363Then note that alias4 would 1364.Em not 1365be added since the search would 1366stop with the missing 1367.Dq Li alias3 1368entry. 1369Because of this difficult to manage behavior, 1370there is 1371.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1372variable, which has the same functionality as 1373.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1374and can have all of entries in a variable like the following: 1375.Bd -literal 1376ifconfig_em0_aliases="\\ 1377 inet 127.0.0.251 netmask 0xffffffff \\ 1378 inet 127.0.0.252 netmask 0xffffffff \\ 1379 inet 127.0.0.253 netmask 0xffffffff \\ 1380 inet 127.0.0.254 netmask 0xffffffff" 1381.Ed 1382.Pp 1383It also supports CIDR notation. 1384.Pp 1385If the 1386.Pa /etc/start_if. Ns Aq Ar interface 1387file is present, it is read and executed by the 1388.Xr sh 1 1389interpreter 1390before configuring the interface as specified in the 1391.Va ifconfig_ Ns Aq Ar interface 1392and 1393.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1394variables. 1395.Pp 1396If a 1397.Va vlans_ Ns Aq Ar interface 1398variable is set, 1399a 1400.Xr vlan 4 1401interface will be created for each item in the list with the 1402.Ar vlandev 1403argument set to 1404.Ar interface . 1405If a vlan interface's name is a number, 1406then that number is used as the vlan tag and the new vlan interface is 1407named 1408.Ar interface . Ns Ar tag . 1409Otherwise, 1410the vlan tag must be specified via a 1411.Va vlan 1412parameter in the 1413.Va create_args_ Ns Aq Ar interface 1414variable. 1415.Pp 1416To create a vlan device named 1417.Li em0.101 1418on 1419.Li em0 1420with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1421.Bd -literal 1422vlans_em0="101" 1423ifconfig_em0_101="inet 192.0.2.1/24" 1424.Ed 1425.Pp 1426To create a vlan device named 1427.Li myvlan 1428on 1429.Li em0 1430with the vlan tag 102: 1431.Bd -literal 1432vlans_em0="myvlan" 1433create_args_myvlan="vlan 102" 1434.Ed 1435.Pp 1436If a 1437.Va wlans_ Ns Aq Ar interface 1438variable is set, 1439an 1440.Xr wlan 4 1441interface will be created for each item in the list with the 1442.Ar wlandev 1443argument set to 1444.Ar interface . 1445Further wlan cloning arguments may be passed to the 1446.Xr ifconfig 8 1447.Cm create 1448command by setting the 1449.Va create_args_ Ns Aq Ar interface 1450variable. 1451One or more 1452.Xr wlan 4 1453devices must be created for each wireless devices as of 1454.Fx 8.0 . 1455Debugging flags for 1456.Xr wlan 4 1457devices as set by 1458.Xr wlandebug 8 1459may be specified with an 1460.Va wlandebug_ Ns Aq Ar interface 1461variable. 1462The contents of this variable will be passed directly to 1463.Xr wlandebug 8 . 1464.Pp 1465If the 1466.Va ifconfig_ Ns Aq Ar interface 1467contains the keyword 1468.Dq Li NOAUTO 1469then the interface will not be configured 1470at boot or by 1471.Pa /etc/pccard_ether 1472when 1473.Va network_interfaces 1474is set to 1475.Dq Li AUTO . 1476.Pp 1477It is possible to bring up an interface with DHCP by adding 1478.Dq Li DHCP 1479to the 1480.Va ifconfig_ Ns Aq Ar interface 1481variable. 1482For instance, to initialize the 1483.Li em0 1484device via DHCP, 1485it is possible to use something like: 1486.Bd -literal 1487ifconfig_em0="DHCP" 1488.Ed 1489.Pp 1490If you want to configure your wireless interface with 1491.Xr wpa_supplicant 8 1492for use with WPA, EAP/LEAP or WEP, you need to add 1493.Dq Li WPA 1494to the 1495.Va ifconfig_ Ns Aq Ar interface 1496variable. 1497.Pp 1498On the other hand, if you want to configure your wireless interface with 1499.Xr hostapd 8 , 1500you need to add 1501.Dq Li HOSTAP 1502to the 1503.Va ifconfig_ Ns Aq Ar interface 1504variable. 1505.Xr hostapd 8 1506will use the settings from 1507.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1508.Pp 1509Finally, you can add 1510.Xr ifconfig 8 1511options in this variable, in addition to the 1512.Pa /etc/start_if. Ns Aq Ar interface 1513file. 1514For instance, to configure an 1515.Xr ath 4 1516wireless device in station mode with an address obtained 1517via DHCP, using WPA authentication and 802.11b mode, it is 1518possible to use something like: 1519.Bd -literal 1520wlans_ath0="wlan0" 1521ifconfig_wlan0="DHCP WPA mode 11b" 1522.Ed 1523.Pp 1524In addition to the 1525.Va ifconfig_ Ns Aq Ar interface 1526form, a fallback variable 1527.Va ifconfig_DEFAULT 1528may be configured. 1529It will be used for all interfaces with no 1530.Va ifconfig_ Ns Aq Ar interface 1531variable. 1532This is intended to replace the no longer supported 1533.Va pccard_ifconfig 1534variable. 1535.Pp 1536It is also possible to rename an interface by doing: 1537.Bd -literal 1538ifconfig_em0_name="net0" 1539ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1540.Ed 1541.It Va ipv6_enable 1542.Pq Vt bool 1543This variable is deprecated. 1544Use 1545.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1546and 1547.Va ipv6_activate_all_interfaces 1548if necessary. 1549.Pp 1550If the variable is 1551.Dq Li YES , 1552.Dq Li inet6 accept_rtadv 1553is added to all of 1554.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1555and the 1556.Va ipv6_activate_all_interfaces 1557is defined as 1558.Dq Li YES . 1559.It Va ipv6_prefer 1560.Pq Vt bool 1561This variable is deprecated. 1562Use 1563.Va ip6addrctl_policy 1564instead. 1565.Pp 1566If the variable is 1567.Dq Li YES , 1568the default address selection policy table set by 1569.Xr ip6addrctl 8 1570will be IPv6-preferred. 1571.Pp 1572If the variable is 1573.Dq Li NO , 1574the default address selection policy table set by 1575.Xr ip6addrctl 8 1576will be IPv4-preferred. 1577.It Va ipv6_activate_all_interfaces 1578.Pq Vt bool 1579This controls initial configuration on IPv6-capable 1580interfaces with no corresponding 1581.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1582variable. 1583Note that it is not always necessary to set this variable to 1584.Dq YES 1585to use IPv6 functionality on 1586.Fx . 1587In most cases, just configuring 1588.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1589variables works. 1590.Pp 1591If the variable is 1592.Dq Li NO , 1593all interfaces which do not have a corresponding 1594.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1595variable will be marked as 1596.Dq Li IFDISABLED 1597at creation. 1598This means that all of IPv6 functionality on that interface 1599is completely disabled to enforce a security policy. 1600If the variable is set to 1601.Dq YES , 1602the flag will be cleared on all of the interfaces. 1603.Pp 1604In most cases, just defining an 1605.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1606for an IPv6-capable interface should be sufficient. 1607However, if an interface is added dynamically 1608.Pq by some tunneling protocols such as PPP, for example , 1609it is often difficult to define the variable in advance. 1610In such a case, configuring the 1611.Dq Li IFDISABLED 1612flag can be disabled by setting this variable to 1613.Dq YES . 1614.Pp 1615For more details of the 1616.Dq Li IFDISABLED 1617flag and keywords 1618.Dq Li inet6 ifdisabled , 1619see 1620.Xr ifconfig 8 . 1621.Pp 1622Default is 1623.Dq Li NO . 1624.It Va ipv6_privacy 1625.Pq Vt bool 1626If the variable is 1627.Dq Li YES 1628privacy addresses will be generated for each IPv6 1629interface as described in RFC 4941. 1630.It Va ipv6_network_interfaces 1631.Pq Vt str 1632This is the IPv6 equivalent of 1633.Va network_interfaces . 1634Normally manual configuration of this variable is not needed. 1635.It Va ipv6_cpe_wanif 1636.Pq Vt str 1637If the variable is set to an interface name, 1638the 1639.Xr ifconfig 8 1640options 1641.Dq inet6 -no_radr accept_rtadv 1642will be added to the specified interface automatically before evaluating 1643.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1644and two 1645.Xr sysctl 8 1646variables 1647.Va net.inet6.ip6.rfc6204w3 1648and 1649.Va net.inet6.ip6.no_radr 1650will be set to 1. 1651.Pp 1652This means the specified interface will accept ICMPv6 Router 1653Advertisement messages on that link and add the discovered 1654routers into the Default Router List. 1655While the other interfaces can still accept RA messages if the 1656.Dq inet6 accept_rtadv 1657option is specified, adding 1658routes into the Default Router List will be disabled by 1659.Dq inet6 no_radr 1660option by default. 1661See 1662.Xr ifconfig 8 1663for more details. 1664.Pp 1665Note that ICMPv6 Router Advertisement messages will be 1666accepted even when 1667.Va net.inet6.ip6.forwarding 1668is 1 1669.Pq packet forwarding is enabled 1670when 1671.Va net.inet6.ip6.rfc6204w3 1672is set to 1. 1673.Pp 1674Default is 1675.Dq Li NO . 1676.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1677.Pq Vt str 1678This assigns arbitrary description to an interface. 1679The 1680.Xr sysctl 8 1681variable 1682.Va net.ifdescr_maxlen 1683limits its length. 1684This static setting may be overridden by commands 1685started with dynamic interface configuration utilities 1686like 1687.Xr dhclient 8 1688hooks. 1689The description can be seen with 1690.Xr ifconfig 8 1691command and it may be exported with 1692.Xr bsnmpd 1 1693daemon using its MIB-2 module. 1694.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1695.Pq Vt str 1696IPv6 functionality on an interface should be configured by 1697.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1698instead of setting ifconfig parameters in 1699.Va ifconfig_ Ns Aq Ar interface . 1700If this variable is empty, all of IPv6 configurations on the 1701specified interface by other variables such as 1702.Va ipv6_prefix_ Ns Ao Ar interface Ac 1703will be ignored. 1704.Pp 1705Aliases should be set by 1706.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1707with 1708.Dq Li inet6 1709keyword. 1710For example: 1711.Bd -literal 1712ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1713ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1714.Ed 1715.Pp 1716Interfaces that have an 1717.Dq Li inet6 accept_rtadv 1718keyword in 1719.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1720setting will be automatically configured by SLAAC 1721.Pq StateLess Address AutoConfiguration 1722described in 1723.Rs 1724.%T "RFC 4862" 1725.Re 1726.Pp 1727Note that a link-local address will be automatically configured in 1728addition to the configured global-scope addresses because the IPv6 1729specifications require it on each link. 1730The address is calculated from the MAC address by using an algorithm 1731defined in 1732.Rs 1733.%T "RFC 4862" 1734.%O "Section 5.3" 1735.Re 1736.Pp 1737If only a link-local address is needed on the interface, 1738the following configuration can be used: 1739.Bd -literal 1740ifconfig_em0_ipv6="inet6 auto_linklocal" 1741.Ed 1742.Pp 1743A link-local address can also be configured manually. 1744This is useful for the default router address of an IPv6 router 1745so that it does not change when the network interface 1746card is replaced. 1747For example: 1748.Bd -literal 1749ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1750.Ed 1751.It Va ipv6_prefix_ Ns Aq Ar interface 1752.Pq Vt str 1753If one or more prefixes are defined in 1754.Va ipv6_prefix_ Ns Aq Ar interface 1755addresses based on each prefix and the EUI-64 interface index will be 1756configured on that interface. 1757Note that this variable will be ignored when 1758.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1759is empty. 1760.Pp 1761For example, the following configuration 1762.Bd -literal 1763ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1764.Ed 1765.Pp 1766is equivalent to the following: 1767.Bd -literal 1768ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1769ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1770ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1771ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1772.Ed 1773.Pp 1774These Subnet-Router anycast addresses will be added only when 1775.Va ipv6_gateway_enable 1776is YES. 1777.It Va ipv6_default_interface 1778.Pq Vt str 1779If not set to 1780.Dq Li NO , 1781this is the default output interface for scoped addresses. 1782This works only with ipv6_gateway_enable="NO". 1783.It Va ip6addrctl_enable 1784.Pq Vt bool 1785This variable is to enable configuring default address selection policy table 1786.Pq RFC 3484 . 1787The table can be specified in another variable 1788.Va ip6addrctl_policy . 1789For 1790.Va ip6addrctl_policy 1791the following keywords can be specified: 1792.Dq Li ipv4_prefer , 1793.Dq Li ipv6_prefer , 1794or 1795.Dq Li AUTO . 1796.Pp 1797If 1798.Dq Li ipv4_prefer 1799or 1800.Dq Li ipv6_prefer 1801is specified, 1802.Xr ip6addrctl 8 1803installs a pre-defined policy table described in Section 10.3 1804.Pq IPv4-preferred 1805or 2.1 1806.Pq IPv6-preferred 1807of RFC 3484. 1808.Pp 1809If 1810.Dq Li AUTO 1811is specified, it attempts to read a file 1812.Pa /etc/ip6addrctl.conf 1813first. 1814If this file is found, 1815.Xr ip6addrctl 8 1816reads and installs it. 1817If not found, a policy is automatically set 1818according to 1819.Va ipv6_activate_all_interfaces 1820variable; if the variable is set to 1821.Dq Li YES 1822the IPv6-preferred one is used. 1823Otherwise IPv4-preferred. 1824.Pp 1825The default value of 1826.Va ip6addrctl_enable 1827and 1828.Va ip6addrctl_policy 1829are 1830.Dq Li YES 1831and 1832.Dq Li AUTO , 1833respectively. 1834.It Va cloned_interfaces 1835.Pq Vt str 1836Set to the list of clonable network interfaces to create on this host. 1837Further cloning arguments may be passed to the 1838.Xr ifconfig 8 1839.Cm create 1840command for each interface by setting the 1841.Va create_args_ Ns Aq Ar interface 1842variable. 1843If an interface name is specified with 1844.Dq :sticky 1845keyword, 1846the interface will not be destroyed even when 1847.Pa rc.d/netif 1848script is invoked with 1849.Dq stop 1850argument. 1851This is useful when reconfiguring the interface without destroying it. 1852Entries in 1853.Va cloned_interfaces 1854are automatically appended to 1855.Va network_interfaces 1856for configuration. 1857.It Va cloned_interfaces_sticky 1858.Pq Vt bool 1859This variable is to globally enable functionality of 1860.Dq :sticky 1861keyword in 1862.Va cloned_interfaces 1863for all interfaces. 1864The default value is 1865.Dq NO . 1866Even if this variable is specified to 1867.Dq YES , 1868.Dq :nosticky 1869keyword can be used to override it on per interface basis. 1870.It Va gif_interfaces 1871Set to the list of 1872.Xr gif 4 1873tunnel interfaces to configure on this host. 1874A 1875.Va gifconfig_ Ns Aq Ar interface 1876variable is assumed to exist for each value of 1877.Ar interface . 1878The value of this variable is used to configure the link layer of the 1879tunnel using the 1880.Cm tunnel 1881option to 1882.Xr ifconfig . 1883Additionally, this option ensures that each listed interface is created 1884via the 1885.Cm create 1886option to 1887.Xr ifconfig 1888before attempting to configure it. 1889.Pp 1890For example, configure two 1891.Xr gif 1892interfaces with: 1893.Bd -literal 1894gif_interfaces="gif0 gif1" 1895gifconfig_gif0="100.64.0.1 100.64.0.2" 1896ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1897gifconfig_gif1="inet6 2a00::1 2a01::1" 1898ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1899.Ed 1900.It Va sppp_interfaces 1901.Pq Vt str 1902Set to the list of 1903.Xr sppp 4 1904interfaces to configure on this host. 1905A 1906.Va spppconfig_ Ns Aq Ar interface 1907variable is assumed to exist for each value of 1908.Ar interface . 1909Each interface should also be configured by a general 1910.Va ifconfig_ Ns Aq Ar interface 1911setting. 1912Refer to 1913.Xr spppcontrol 8 1914for more information about available options. 1915.It Va ppp_enable 1916.Pq Vt bool 1917If set to 1918.Dq Li YES , 1919run the 1920.Xr ppp 8 1921daemon. 1922.It Va ppp_profile 1923.Pq Vt str 1924The name of the profile to use from 1925.Pa /etc/ppp/ppp.conf . 1926Also used for per-profile overrides of 1927.Va ppp_mode 1928and 1929.Va ppp_nat , 1930and 1931.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1932When the profile name contains any of the characters 1933.Dq Li .-/+ 1934they are translated to 1935.Dq Li _ 1936for the proposes of the override variable names. 1937.It Va ppp_mode 1938.Pq Vt str 1939Mode in which to run the 1940.Xr ppp 8 1941daemon. 1942.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1943.Pq Vt str 1944Overrides the global 1945.Va ppp_mode 1946for 1947.Ar profile . 1948Accepted modes are 1949.Dq Li auto , 1950.Dq Li ddial , 1951.Dq Li direct 1952and 1953.Dq Li dedicated . 1954See the manual for a full description. 1955.It Va ppp_nat 1956.Pq Vt bool 1957If set to 1958.Dq Li YES , 1959enables network address translation. 1960Used in conjunction with 1961.Va gateway_enable 1962allows hosts on private network addresses access to the Internet using 1963this host as a network address translating router. 1964Default is 1965.Dq Li YES . 1966.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1967.Pq Vt str 1968Overrides the global 1969.Va ppp_nat 1970for 1971.Ar profile . 1972.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1973.Pq Vt int 1974Set the unit number to be used for this profile. 1975See the manual description of 1976.Fl unit Ns Ar N 1977for details. 1978.It Va ppp_user 1979.Pq Vt str 1980The name of the user under which 1981.Xr ppp 8 1982should be started. 1983By 1984default, 1985.Xr ppp 8 1986is started as 1987.Dq Li root . 1988.It Va rc_conf_files 1989.Pq Vt str 1990This option is used to specify a list of files that will override 1991the settings in 1992.Pa /etc/defaults/rc.conf . 1993The files will be read in the order in which they are specified and should 1994include the full path to the file. 1995By default, the files specified are 1996.Pa /etc/rc.conf 1997and 1998.Pa /etc/rc.conf.local 1999.It Va zfs_enable 2000.Pq Vt bool 2001If set to 2002.Dq Li YES , 2003.Pa /etc/rc.d/zfs 2004will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2005(ZVOLs). 2006.It Va gptboot_enable 2007.Pq Vt bool 2008If set to 2009.Dq Li YES , 2010.Pa /etc/rc.d/gptboot 2011will log if the system successfully (or not) booted from a GPT partition, 2012which had the 2013.Ar bootonce 2014attribute set using 2015.Xr gpart 8 2016utility. 2017.It Va gbde_autoattach_all 2018.Pq Vt bool 2019If set to 2020.Dq Li YES , 2021.Pa /etc/rc.d/gbde 2022will attempt to automatically initialize your .bde devices in 2023.Pa /etc/fstab . 2024.It Va gbde_devices 2025.Pq Vt str 2026List the devices that the script should try to attach, 2027or 2028.Dq Li AUTO . 2029.It Va gbde_lockdir 2030.Pq Vt str 2031The directory where the 2032.Xr gbde 4 2033lockfiles are located. 2034The default lockfile directory is 2035.Pa /etc . 2036.Pp 2037The lockfile for each individual 2038.Xr gbde 4 2039device can be overridden by setting the variable 2040.Va gbde_lock_ Ns Aq Ar device , 2041where 2042.Ar device 2043is the encrypted device without the 2044.Dq Pa /dev/ 2045and 2046.Dq Pa .bde 2047parts. 2048.It Va gbde_attach_attempts 2049.Pq Vt int 2050Number of times to attempt attaching to a 2051.Xr gbde 4 2052device, i.e., how many times the user is asked for the pass-phrase. 2053Default is 3. 2054.It Va geli_devices 2055.Pq Vt str 2056List of devices to automatically attach on boot. 2057Note that .eli devices from 2058.Pa /etc/fstab 2059are automatically appended to this list. 2060.It Va geli_groups 2061.Pq Vt str 2062List of groups containing devices to automatically attach on boot with the same 2063keyfiles and passphrase. 2064This must be accompanied with a corresponding 2065.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2066variable. 2067.It Va geli_tries 2068.Pq Vt int 2069Number of times user is asked for the pass-phrase. 2070If empty, it will be taken from 2071.Va kern.geom.eli.tries 2072sysctl variable. 2073.It Va geli_default_flags 2074.Pq Vt str 2075Default flags to use by 2076.Xr geli 8 2077when configuring disk encryption. 2078Flags can be configured for every device separately by defining the 2079.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2080variable, and for every group separately by defining the 2081.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2082variable. 2083.It Va geli_autodetach 2084.Pq Vt str 2085Specifies if GELI devices should be marked for detach on last close after 2086file systems are mounted. 2087Default is 2088.Dq Li YES . 2089This can be changed for every device separately by defining the 2090.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2091variable. 2092.It Va root_rw_mount 2093.Pq Vt bool 2094Set to 2095.Dq Li YES 2096by default. 2097After the file systems are checked at boot time, the root file system 2098is remounted as read-write if this is set to 2099.Dq Li YES . 2100Diskless systems that mount their root file system from a read-only remote 2101NFS share should set this to 2102.Dq Li NO 2103in their 2104.Pa rc.conf . 2105.It Va fsck_y_enable 2106.Pq Vt bool 2107If set to 2108.Dq Li YES , 2109.Xr fsck 8 2110will be run with the 2111.Fl y 2112flag if the initial preen 2113of the file systems fails. 2114.It Va background_fsck 2115.Pq Vt bool 2116If set to 2117.Dq Li NO , 2118the system will not attempt to run 2119.Xr fsck 8 2120in the background where possible. 2121.It Va background_fsck_delay 2122.Pq Vt int 2123The amount of time in seconds to sleep before starting a background 2124.Xr fsck 8 . 2125It defaults to sixty seconds to allow large applications such as 2126the X server to start before disk I/O bandwidth is monopolized by 2127.Xr fsck 8 . 2128If set to a negative number, the background file system check will be 2129delayed indefinitely to allow the administrator to run it at a more 2130convenient time. 2131For example it may be run from 2132.Xr cron 8 2133by adding a line like 2134.Pp 2135.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2136.Pp 2137to 2138.Pa /etc/crontab . 2139.It Va netfs_types 2140.Pq Vt str 2141List of file system types that are network-based. 2142This list should generally not be modified by end users. 2143Use 2144.Va extra_netfs_types 2145instead. 2146.It Va extra_netfs_types 2147.Pq Vt str 2148If set to something other than 2149.Dq Li NO 2150(the default), 2151this variable extends the list of file system types 2152for which automatic mounting at startup by 2153.Xr rc 8 2154should be delayed until the network is initialized. 2155It should contain 2156a whitespace-separated list of network file system descriptor pairs, 2157each consisting of a file system type as passed to 2158.Xr mount 8 2159and a human-readable, one-word description, 2160joined with a colon 2161.Pq Ql \&: . 2162Extending the default list in this way is only necessary 2163when third party file system types are used. 2164.It Va syslogd_enable 2165.Pq Vt bool 2166If set to 2167.Dq Li YES , 2168run the 2169.Xr syslogd 8 2170daemon. 2171.It Va syslogd_program 2172.Pq Vt str 2173Path to 2174.Xr syslogd 8 2175(default 2176.Pa /usr/sbin/syslogd ) . 2177.It Va syslogd_flags 2178.Pq Vt str 2179If 2180.Va syslogd_enable 2181is set to 2182.Dq Li YES , 2183these are the flags to pass to 2184.Xr syslogd 8 . 2185.It Va inetd_enable 2186.Pq Vt bool 2187If set to 2188.Dq Li YES , 2189run the 2190.Xr inetd 8 2191daemon. 2192.It Va inetd_program 2193.Pq Vt str 2194Path to 2195.Xr inetd 8 2196(default 2197.Pa /usr/sbin/inetd ) . 2198.It Va inetd_flags 2199.Pq Vt str 2200If 2201.Va inetd_enable 2202is set to 2203.Dq Li YES , 2204these are the flags to pass to 2205.Xr inetd 8 . 2206.It Va hastd_enable 2207.Pq Vt bool 2208If set to 2209.Dq Li YES , 2210run the 2211.Xr hastd 8 2212daemon. 2213.It Va hastd_program 2214.Pq Vt str 2215Path to 2216.Xr hastd 8 2217(default 2218.Pa /sbin/hastd ) . 2219.It Va hastd_flags 2220.Pq Vt str 2221If 2222.Va hastd_enable 2223is set to 2224.Dq Li YES , 2225these are the flags to pass to 2226.Xr hastd 8 . 2227.It Va local_unbound_enable 2228.Pq Vt bool 2229If set to 2230.Dq Li YES , 2231run the 2232.Xr unbound 8 2233daemon as a local caching resolver. 2234.It Va kdc_enable 2235.Pq Vt bool 2236Set to 2237.Dq Li YES 2238to start a Kerberos 5 authentication server 2239at boot time. 2240.It Va kdc_program 2241.Pq Vt str 2242If 2243.Va kdc_enable 2244is set to 2245.Dq Li YES 2246this is the path to Kerberos 5 Authentication Server. 2247.It Va kdc_flags 2248.Pq Vt str 2249Empty by default. 2250This variable contains additional flags to be passed to the Kerberos 5 2251authentication server. 2252.It Va kadmind_enable 2253.Pq Vt bool 2254Set to 2255.Dq Li YES 2256to start 2257.Xr kadmind 8 , 2258the Kerberos 5 Administration Daemon; set to 2259.Dq Li NO 2260on a slave server. 2261.It Va kadmind_program 2262.Pq Vt str 2263If 2264.Va kadmind_enable 2265is set to 2266.Dq Li YES 2267this is the path to Kerberos 5 Administration Daemon. 2268.It Va kpasswdd_enable 2269.Pq Vt bool 2270Set to 2271.Dq Li YES 2272to start 2273.Xr kpasswdd 8 , 2274the Kerberos 5 Password-Changing Daemon; set to 2275.Dq Li NO 2276on a slave server. 2277.It Va kpasswdd_program 2278.Pq Vt str 2279If 2280.Va kpasswdd_enable 2281is set to 2282.Dq Li YES 2283this is the path to Kerberos 5 Password-Changing Daemon. 2284.It Va kfd_enable 2285.Pq Vt bool 2286Set to 2287.Dq Li YES 2288to start 2289.Xr kfd 8 , 2290the Kerberos 5 ticket forwarding daemon, at the boot time. 2291.It Va kfd_program 2292.Pq Vt str 2293Path to 2294.Xr kfd 8 2295(default 2296.Pa /usr/libexec/kfd ) . 2297.It Va rwhod_enable 2298.Pq Vt bool 2299If set to 2300.Dq Li YES , 2301run the 2302.Xr rwhod 8 2303daemon at boot time. 2304.It Va rwhod_flags 2305.Pq Vt str 2306If 2307.Va rwhod_enable 2308is set to 2309.Dq Li YES , 2310these are the flags to pass to it. 2311.It Va amd_enable 2312.Pq Vt bool 2313If set to 2314.Dq Li YES , 2315run the 2316.Xr amd 8 2317daemon at boot time. 2318.It Va amd_flags 2319.Pq Vt str 2320If 2321.Va amd_enable 2322is set to 2323.Dq Li YES , 2324these are the flags to pass to it. 2325See the 2326.Xr amd 8 2327manpage for more information. 2328.It Va amd_map_program 2329.Pq Vt str 2330If set, 2331the specified program is run to get the list of 2332.Xr amd 8 2333maps. 2334For example, if the 2335.Xr amd 8 2336maps are stored in NIS, one can set this to 2337run 2338.Xr ypcat 1 2339to get a list of 2340.Xr amd 8 2341maps from the 2342.Pa amd.master 2343NIS map. 2344.It Va update_motd 2345.Pq Vt bool 2346If set to 2347.Dq Li YES , 2348.Pa /etc/motd 2349will be updated at boot time to reflect the kernel release 2350being run. 2351If set to 2352.Dq Li NO , 2353.Pa /etc/motd 2354will not be updated. 2355.It Va nfs_client_enable 2356.Pq Vt bool 2357If set to 2358.Dq Li YES , 2359run the NFS client daemons at boot time. 2360.It Va nfs_access_cache 2361.Pq Vt int 2362If 2363.Va nfs_client_enable 2364is set to 2365.Dq Li YES , 2366this can be set to 2367.Dq Li 0 2368to disable NFS ACCESS RPC caching, or to the number of seconds for which 2369NFS ACCESS 2370results should be cached. 2371A value of 2-10 seconds will substantially reduce network 2372traffic for many NFS operations. 2373.It Va nfs_server_enable 2374.Pq Vt bool 2375If set to 2376.Dq Li YES , 2377run the NFS server daemons at boot time. 2378.It Va nfs_server_flags 2379.Pq Vt str 2380If 2381.Va nfs_server_enable 2382is set to 2383.Dq Li YES , 2384these are the flags to pass to the 2385.Xr nfsd 8 2386daemon. 2387.It Va nfsv4_server_enable 2388.Pq Vt bool 2389If 2390.Va nfs_server_enable 2391is set to 2392.Dq Li YES 2393and 2394.Va nfsv4_server_enable 2395are set to 2396.Dq Li YES , 2397enable the server for NFSv4 as well as NFSv2 and NFSv3. 2398.It Va nfsuserd_enable 2399.Pq Vt bool 2400If 2401.Va nfsuserd_enable 2402is set to 2403.Dq Li YES , 2404run the nfsuserd daemon, which is needed for NFSv4 in order 2405to map between user/group names vs uid/gid numbers. 2406If 2407.Va nfsv4_server_enable 2408is set to 2409.Dq Li YES , 2410this will be forced enabled. 2411.It Va nfsuserd_flags 2412.Pq Vt str 2413If 2414.Va nfsuserd_enable 2415is set to 2416.Dq Li YES , 2417these are the flags to pass to the 2418.Xr nfsuserd 8 2419daemon. 2420.It Va nfscbd_enable 2421.Pq Vt bool 2422If 2423.Va nfscbd_enable 2424is set to 2425.Dq Li YES , 2426run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2427.It Va nfscbd_flags 2428.Pq Vt str 2429If 2430.Va nfscbd_enable 2431is set to 2432.Dq Li YES , 2433these are the flags to pass to the 2434.Xr nfscbd 8 2435daemon. 2436.It Va mountd_enable 2437.Pq Vt bool 2438If set to 2439.Dq Li YES , 2440and no 2441.Va nfs_server_enable 2442is set, start 2443.Xr mountd 8 , 2444but not 2445.Xr nfsd 8 2446daemon. 2447It is commonly needed to run CFS without real NFS used. 2448.It Va mountd_flags 2449.Pq Vt str 2450If 2451.Va mountd_enable 2452is set to 2453.Dq Li YES , 2454these are the flags to pass to the 2455.Xr mountd 8 2456daemon. 2457.It Va weak_mountd_authentication 2458.Pq Vt bool 2459If set to 2460.Dq Li YES , 2461allow services like PCNFSD to make non-privileged mount 2462requests. 2463.It Va nfs_reserved_port_only 2464.Pq Vt bool 2465If set to 2466.Dq Li YES , 2467provide NFS services only on a secure port. 2468.It Va nfs_bufpackets 2469.Pq Vt int 2470If set to a number, indicates the number of packets worth of 2471socket buffer space to reserve on an NFS client. 2472The kernel default is typically 4. 2473Using a higher number may be 2474useful on gigabit networks to improve performance. 2475The minimum value is 24762 and the maximum is 64. 2477.It Va rpc_lockd_enable 2478.Pq Vt bool 2479If set to 2480.Dq Li YES 2481and also an NFS server or client, run 2482.Xr rpc.lockd 8 2483at boot time. 2484.It Va rpc_lockd_flags 2485.Pq Vt str 2486If 2487.Va rpc_lockd_enable 2488is set to 2489.Dq Li YES , 2490these are the flags to pass to the 2491.Xr rpc.lockd 8 2492daemon. 2493.It Va rpc_statd_enable 2494.Pq Vt bool 2495If set to 2496.Dq Li YES 2497and also an NFS server or client, run 2498.Xr rpc.statd 8 2499at boot time. 2500.It Va rpc_statd_flags 2501.Pq Vt str 2502If 2503.Va rpc_statd_enable 2504is set to 2505.Dq Li YES , 2506these are the flags to pass to the 2507.Xr rpc.statd 8 2508daemon. 2509.It Va rpcbind_program 2510.Pq Vt str 2511Path to 2512.Xr rpcbind 8 2513(default 2514.Pa /usr/sbin/rpcbind ) . 2515.It Va rpcbind_enable 2516.Pq Vt bool 2517If set to 2518.Dq Li YES , 2519run the 2520.Xr rpcbind 8 2521service at boot time. 2522.It Va rpcbind_flags 2523.Pq Vt str 2524If 2525.Va rpcbind_enable 2526is set to 2527.Dq Li YES , 2528these are the flags to pass to the 2529.Xr rpcbind 8 2530daemon. 2531.It Va keyserv_enable 2532.Pq Vt bool 2533If set to 2534.Dq Li YES , 2535run the 2536.Xr keyserv 8 2537daemon on boot for running Secure RPC. 2538.It Va keyserv_flags 2539.Pq Vt str 2540If 2541.Va keyserv_enable 2542is set to 2543.Dq Li YES , 2544these are the flags to pass to 2545.Xr keyserv 8 2546daemon. 2547.It Va pppoed_enable 2548.Pq Vt bool 2549If set to 2550.Dq Li YES , 2551run the 2552.Xr pppoed 8 2553daemon at boot time to provide PPP over Ethernet services. 2554.It Va pppoed_ Ns Aq Ar provider 2555.Pq Vt str 2556.Xr pppoed 8 2557listens to requests to this 2558.Ar provider 2559and ultimately runs 2560.Xr ppp 8 2561with a 2562.Ar system 2563argument of the same name. 2564.It Va pppoed_flags 2565.Pq Vt str 2566Additional flags to pass to 2567.Xr pppoed 8 . 2568.It Va pppoed_interface 2569.Pq Vt str 2570The network interface to run 2571.Xr pppoed 8 2572on. 2573This is mandatory when 2574.Va pppoed_enable 2575is set to 2576.Dq Li YES . 2577.It Va timed_enable 2578.Pq Vt bool 2579If set to 2580.Dq Li YES , 2581run the 2582.Xr timed 8 2583service at boot time. 2584This command is intended for networks of 2585machines where a consistent 2586.Dq "network time" 2587for all hosts must be established. 2588This is often useful in large NFS 2589environments where time stamps on files are expected to be consistent 2590network-wide. 2591.It Va timed_flags 2592.Pq Vt str 2593If 2594.Va timed_enable 2595is set to 2596.Dq Li YES , 2597these are the flags to pass to the 2598.Xr timed 8 2599service. 2600.It Va ntpdate_enable 2601.Pq Vt bool 2602If set to 2603.Dq Li YES , 2604run 2605.Xr ntpdate 8 2606at system startup. 2607This command is intended to 2608synchronize the system clock only 2609.Em once 2610from some standard reference. 2611.Pp 2612Note that the use of the 2613.Va ntpd_sync_on_start 2614variable is a preferred alternative to the 2615.Xr ntpdate 8 2616utility as 2617.Xr ntpdate 8 2618is to be retired from the NTP distribution. 2619.It Va ntpdate_config 2620.Pq Vt str 2621Configuration file for 2622.Xr ntpdate 8 . 2623Default 2624.Pa /etc/ntp.conf . 2625.It Va ntpdate_hosts 2626.Pq Vt str 2627A whitespace-separated list of NTP servers to synchronize with at startup. 2628The default is to use the servers listed in 2629.Va ntpdate_config , 2630if that file exists. 2631.It Va ntpdate_program 2632.Pq Vt str 2633Path to 2634.Xr ntpdate 8 2635(default 2636.Pa /usr/sbin/ntpdate ) . 2637.It Va ntpdate_flags 2638.Pq Vt str 2639If 2640.Va ntpdate_enable 2641is set to 2642.Dq Li YES , 2643these are the flags to pass to the 2644.Xr ntpdate 8 2645command (typically a hostname). 2646.It Va ntpd_enable 2647.Pq Vt bool 2648If set to 2649.Dq Li YES , 2650run the 2651.Xr ntpd 8 2652command at boot time. 2653.It Va ntpd_program 2654.Pq Vt str 2655Path to 2656.Xr ntpd 8 2657(default 2658.Pa /usr/sbin/ntpd ) . 2659.It Va ntpd_config 2660.Pq Vt str 2661Path to 2662.Xr ntpd 8 2663configuration file. 2664Default 2665.Pa /etc/ntp.conf . 2666.It Va ntpd_flags 2667.Pq Vt str 2668If 2669.Va ntpd_enable 2670is set to 2671.Dq Li YES , 2672these are the flags to pass to the 2673.Xr ntpd 8 2674daemon. 2675.It Va ntpd_sync_on_start 2676.Pq Vt bool 2677If set to 2678.Dq Li YES , 2679.Xr ntpd 8 2680is run with the 2681.Fl g 2682flag, which syncs the system's clock on startup. 2683See 2684.Xr ntpd 8 2685for more information regarding the 2686.Fl g 2687option. 2688This is a preferred alternative to using 2689.Xr ntpdate 8 2690or specifying the 2691.Va ntpdate_enable 2692variable. 2693.It Va nis_client_enable 2694.Pq Vt bool 2695If set to 2696.Dq Li YES , 2697run the 2698.Xr ypbind 8 2699service at system boot time. 2700.It Va nis_client_flags 2701.Pq Vt str 2702If 2703.Va nis_client_enable 2704is set to 2705.Dq Li YES , 2706these are the flags to pass to the 2707.Xr ypbind 8 2708service. 2709.It Va nis_ypldap_enable 2710.Pq Vt bool 2711If set to 2712.Dq Li YES , 2713run the 2714.Xr ypldap 8 2715daemon at system boot time. 2716.It Va nis_ypldap_flags 2717.Pq Vt str 2718If 2719.Va nis.ypldap_enable 2720is set to 2721.Dq Li YES , 2722these are the flags to pass to the 2723.Xr ypldap 8 2724daemon. 2725.It Va nis_ypset_enable 2726.Pq Vt bool 2727If set to 2728.Dq Li YES , 2729run the 2730.Xr ypset 8 2731daemon at system boot time. 2732.It Va nis_ypset_flags 2733.Pq Vt str 2734If 2735.Va nis_ypset_enable 2736is set to 2737.Dq Li YES , 2738these are the flags to pass to the 2739.Xr ypset 8 2740daemon. 2741.It Va nis_server_enable 2742.Pq Vt bool 2743If set to 2744.Dq Li YES , 2745run the 2746.Xr ypserv 8 2747daemon at system boot time. 2748.It Va nis_server_flags 2749.Pq Vt str 2750If 2751.Va nis_server_enable 2752is set to 2753.Dq Li YES , 2754these are the flags to pass to the 2755.Xr ypserv 8 2756daemon. 2757.It Va nis_ypxfrd_enable 2758.Pq Vt bool 2759If set to 2760.Dq Li YES , 2761run the 2762.Xr rpc.ypxfrd 8 2763daemon at system boot time. 2764.It Va nis_ypxfrd_flags 2765.Pq Vt str 2766If 2767.Va nis_ypxfrd_enable 2768is set to 2769.Dq Li YES , 2770these are the flags to pass to the 2771.Xr rpc.ypxfrd 8 2772daemon. 2773.It Va nis_yppasswdd_enable 2774.Pq Vt bool 2775If set to 2776.Dq Li YES , 2777run the 2778.Xr rpc.yppasswdd 8 2779daemon at system boot time. 2780.It Va nis_yppasswdd_flags 2781.Pq Vt str 2782If 2783.Va nis_yppasswdd_enable 2784is set to 2785.Dq Li YES , 2786these are the flags to pass to the 2787.Xr rpc.yppasswdd 8 2788daemon. 2789.It Va rpc_ypupdated_enable 2790.Pq Vt bool 2791If set to 2792.Dq Li YES , 2793run the 2794.Nm rpc.ypupdated 2795daemon at system boot time. 2796.It Va bsnmpd_enable 2797.Pq Vt bool 2798If set to 2799.Dq Li YES , 2800run the 2801.Xr bsnmpd 1 2802daemon at system boot time. 2803Be sure to understand the security implications of running SNMP daemon 2804on your host. 2805.It Va bsnmpd_flags 2806.Pq Vt str 2807If 2808.Va bsnmpd_enable 2809is set to 2810.Dq Li YES , 2811these are the flags to pass to the 2812.Xr bsnmpd 1 2813daemon. 2814.It Va defaultrouter 2815.Pq Vt str 2816If not set to 2817.Dq Li NO , 2818create a default route to this host name or IP address 2819(use an IP address if this router is also required to get to the 2820name server!). 2821.It Va ipv6_defaultrouter 2822.Pq Vt str 2823The IPv6 equivalent of 2824.Va defaultrouter . 2825.It Va static_arp_pairs 2826.Pq Vt str 2827Set to the list of static ARP pairs that are to be added at system 2828boot time. 2829For each whitespace separated 2830.Ar element 2831in the value, a 2832.Va static_arp_ Ns Aq Ar element 2833variable is assumed to exist whose contents will later be passed to a 2834.Dq Nm arp Cm -S 2835operation. 2836For example 2837.Bd -literal 2838static_arp_pairs="gw" 2839static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2840.Ed 2841.It Va static_ndp_pairs 2842.Pq Vt str 2843Set to the list of static NDP pairs that are to be added at system 2844boot time. 2845For each whitespace separated 2846.Ar element 2847in the value, a 2848.Va static_ndp_ Ns Aq Ar element 2849variable is assumed to exist whose contents will later be passed to a 2850.Dq Nm ndp Cm -s 2851operation. 2852For example 2853.Bd -literal 2854static_ndp_pairs="gw" 2855static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2856.Ed 2857.It Va static_routes 2858.Pq Vt str 2859Set to the list of static routes that are to be added at system 2860boot time. 2861If not set to 2862.Dq Li NO 2863then for each whitespace separated 2864.Ar element 2865in the value, a 2866.Va route_ Ns Aq Ar element 2867variable is assumed to exist 2868whose contents will later be passed to a 2869.Dq Nm route Cm add 2870operation. 2871For example: 2872.Bd -literal 2873static_routes="ext mcast:gif0 gif0local:gif0" 2874route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2875route_mcast="-net 224.0.0.0/4 -iface gif0" 2876route_gif0local="-host 169.254.1.1 -iface lo0" 2877.Ed 2878.Pp 2879When an 2880.Ar element 2881is in the form of 2882.Li name:ifname , 2883the route is specific to the interface 2884.Li ifname . 2885.It Va ipv6_static_routes 2886.Pq Vt str 2887The IPv6 equivalent of 2888.Va static_routes . 2889If not set to 2890.Dq Li NO 2891then for each whitespace separated 2892.Ar element 2893in the value, a 2894.Va ipv6_route_ Ns Aq Ar element 2895variable is assumed to exist 2896whose contents will later be passed to a 2897.Dq Nm route Cm add Fl inet6 2898operation. 2899.It Va gateway_enable 2900.Pq Vt bool 2901If set to 2902.Dq Li YES , 2903configure host to act as an IP router, e.g.\& to forward packets 2904between interfaces. 2905.It Va ipv6_gateway_enable 2906.Pq Vt bool 2907The IPv6 equivalent of 2908.Va gateway_enable . 2909.It Va routed_enable 2910.Pq Vt bool 2911If set to 2912.Dq Li YES , 2913run a routing daemon of some sort, based on the 2914settings of 2915.Va routed_program 2916and 2917.Va routed_flags . 2918.It Va route6d_enable 2919.Pq Vt bool 2920The IPv6 equivalent of 2921.Va routed_enable . 2922If set to 2923.Dq Li YES , 2924run a routing daemon of some sort, based on the 2925settings of 2926.Va route6d_program 2927and 2928.Va route6d_flags . 2929.It Va routed_program 2930.Pq Vt str 2931If 2932.Va routed_enable 2933is set to 2934.Dq Li YES , 2935this is the name of the routing daemon to use. 2936.It Va route6d_program 2937.Pq Vt str 2938The IPv6 equivalent of 2939.Va routed_program . 2940.It Va routed_flags 2941.Pq Vt str 2942If 2943.Va routed_enable 2944is set to 2945.Dq Li YES , 2946these are the flags to pass to the routing daemon. 2947.It Va route6d_flags 2948.Pq Vt str 2949The IPv6 equivalent of 2950.Va routed_flags . 2951.It Va rtadvd_enable 2952.Pq Vt bool 2953If set to 2954.Dq Li YES , 2955run the 2956.Xr rtadvd 8 2957daemon at boot time. 2958The 2959.Xr rtadvd 8 2960utility sends ICMPv6 Router Advertisement messages to 2961the interfaces specified in 2962.Va rtadvd_interfaces . 2963This should only be enabled with great care. 2964You may want to fine-tune 2965.Xr rtadvd.conf 5 . 2966.It Va rtadvd_interfaces 2967.Pq Vt str 2968If 2969.Va rtadvd_enable 2970is set to 2971.Dq Li YES 2972this is the list of interfaces to use. 2973.It Va arpproxy_all 2974.Pq Vt bool 2975If set to 2976.Dq Li YES , 2977enable global proxy ARP. 2978.It Va forward_sourceroute 2979.Pq Vt bool 2980If set to 2981.Dq Li YES 2982and 2983.Va gateway_enable 2984is also set to 2985.Dq Li YES , 2986source-routed packets are forwarded. 2987.It Va accept_sourceroute 2988.Pq Vt bool 2989If set to 2990.Dq Li YES , 2991the system will accept source-routed packets directed at it. 2992.It Va rarpd_enable 2993.Pq Vt bool 2994If set to 2995.Dq Li YES , 2996run the 2997.Xr rarpd 8 2998daemon at system boot time. 2999.It Va rarpd_flags 3000.Pq Vt str 3001If 3002.Va rarpd_enable 3003is set to 3004.Dq Li YES , 3005these are the flags to pass to the 3006.Xr rarpd 8 3007daemon. 3008.It Va bootparamd_enable 3009.Pq Vt bool 3010If set to 3011.Dq Li YES , 3012run the 3013.Xr bootparamd 8 3014daemon at system boot time. 3015.It Va bootparamd_flags 3016.Pq Vt str 3017If 3018.Va bootparamd_enable 3019is set to 3020.Dq Li YES , 3021these are the flags to pass to the 3022.Xr bootparamd 8 3023daemon. 3024.It Va stf_interface_ipv4addr 3025.Pq Vt str 3026If not set to 3027.Dq Li NO , 3028this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3029interface). 3030Specify this entry to enable the 6to4 interface. 3031.It Va stf_interface_ipv4plen 3032.Pq Vt int 3033Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3034An effective value is 0-31. 3035.It Va stf_interface_ipv6_ifid 3036.Pq Vt str 3037IPv6 interface ID for 3038.Xr stf 4 . 3039This can be set to 3040.Dq Li AUTO . 3041.It Va stf_interface_ipv6_slaid 3042.Pq Vt str 3043IPv6 Site Level Aggregator for 3044.Xr stf 4 . 3045.It Va ipv6_ipv4mapping 3046.Pq Vt bool 3047If set to 3048.Dq Li YES 3049this enables IPv4 mapped IPv6 address communication (like 3050.Li ::ffff:a.b.c.d ) . 3051.It Va rtsold_enable 3052.Pq Vt bool 3053Set to 3054.Dq Li YES 3055to enable the 3056.Xr rtsold 8 3057daemon to send ICMPv6 Router Solicitation messages. 3058.It Va rtsold_flags 3059.Pq Vt str 3060If 3061.Va rtsold_enable 3062is set to 3063.Dq Li YES , 3064these are the flags to pass to 3065.Xr rtsold 8 . 3066.It Va rtsol_flags 3067.Pq Vt str 3068For interfaces configured with the 3069.Dq Li inet6 accept_rtadv 3070keyword, these are the flags to pass to 3071.Xr rtsol 8 . 3072.Pp 3073Note that 3074.Va rtsold_enable 3075is mutually exclusive to 3076.Va rtsol_flags ; 3077.Va rtsold_enable 3078takes precedence. 3079.It Va keybell 3080.Pq Vt str 3081The keyboard bell sound. 3082Set to 3083.Dq Li normal , 3084.Dq Li visual , 3085.Dq Li off , 3086or 3087.Dq Li NO 3088if the default behavior is desired. 3089For details, refer to the 3090.Xr kbdcontrol 1 3091manpage. 3092.It Va keyboard 3093.Pq Vt str 3094If set to a non-null string, the virtual console's keyboard input is 3095set to this device. 3096.It Va keymap 3097.Pq Vt str 3098If set to 3099.Dq Li NO , 3100no keymap is installed, otherwise the value is used to install 3101the keymap file found in 3102.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3103(if using 3104.Xr syscons 4 ) or 3105.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3106(if using 3107.Xr vt 4 ) . 3108.It Va keyrate 3109.Pq Vt str 3110The keyboard repeat speed. 3111Set to 3112.Dq Li slow , 3113.Dq Li normal , 3114.Dq Li fast , 3115or 3116.Dq Li NO 3117if the default behavior is desired. 3118.It Va keychange 3119.Pq Vt str 3120If not set to 3121.Dq Li NO , 3122attempt to program the function keys with the value. 3123The value should 3124be a single string of the form: 3125.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3126.It Va cursor 3127.Pq Vt str 3128Can be set to the value of 3129.Dq Li normal , 3130.Dq Li blink , 3131.Dq Li destructive , 3132or 3133.Dq Li NO 3134to set the cursor behavior explicitly or choose the default behavior. 3135.It Va scrnmap 3136.Pq Vt str 3137If set to 3138.Dq Li NO , 3139no screen map is installed, otherwise the value is used to install 3140the screen map file in 3141.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3142This parameter is ignored when using 3143.Xr vt 4 3144as the console driver. 3145.It Va font8x16 3146.Pq Vt str 3147If set to 3148.Dq Li NO , 3149the default 8x16 font value is used for screen size requests, otherwise 3150the value in 3151.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3152or 3153.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3154is used (depending on the console driver being used). 3155.It Va font8x14 3156.Pq Vt str 3157If set to 3158.Dq Li NO , 3159the default 8x14 font value is used for screen size requests, otherwise 3160the value in 3161.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3162or 3163.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3164is used (depending on the console driver being used). 3165.It Va font8x8 3166.Pq Vt str 3167If set to 3168.Dq Li NO , 3169the default 8x8 font value is used for screen size requests, otherwise 3170the value in 3171.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3172or 3173.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3174is used (depending on the console driver being used). 3175.It Va blanktime 3176.Pq Vt int 3177If set to 3178.Dq Li NO , 3179the default screen blanking interval is used, otherwise it is set 3180to 3181.Ar value 3182seconds. 3183.It Va saver 3184.Pq Vt str 3185If not set to 3186.Dq Li NO , 3187this is the actual screen saver to use 3188.Li ( blank , snake , daemon , 3189etc). 3190.It Va moused_nondefault_enable 3191.Pq Vt str 3192If set to 3193.Dq Li NO , 3194the mouse device specified on 3195the command line is not automatically treated as enabled by the 3196.Pa /etc/rc.d/moused 3197script. 3198Having this variable set to 3199.Dq Li YES 3200allows a 3201.Xr usb 4 3202mouse, 3203for example, 3204to be enabled as soon as it is plugged in. 3205.It Va moused_enable 3206.Pq Vt str 3207If set to 3208.Dq Li YES , 3209the 3210.Xr moused 8 3211daemon is started for doing cut/paste selection on the console. 3212.It Va moused_type 3213.Pq Vt str 3214This is the protocol type of the mouse connected to this host. 3215This variable must be set if 3216.Va moused_enable 3217is set to 3218.Dq Li YES . 3219The 3220.Xr moused 8 3221daemon 3222is able to detect the appropriate mouse type automatically in many cases. 3223Set this variable to 3224.Dq Li auto 3225to let the daemon detect it, or 3226select one from the following list if the automatic detection fails. 3227.Pp 3228If the mouse is attached to the PS/2 mouse port, choose 3229.Dq Li auto 3230or 3231.Dq Li ps/2 , 3232regardless of the brand and model of the mouse. 3233Likewise, if the 3234mouse is attached to the bus mouse port, choose 3235.Dq Li auto 3236or 3237.Dq Li busmouse . 3238All other protocols are for serial mice and will not work with 3239the PS/2 and bus mice. 3240If this is a USB mouse, 3241.Dq Li auto 3242is the only protocol type which will work. 3243.Pp 3244.Bl -tag -width ".Li x10mouseremote" -compact 3245.It Li microsoft 3246Microsoft mouse (serial) 3247.It Li intellimouse 3248Microsoft IntelliMouse (serial) 3249.It Li mousesystems 3250Mouse systems Corp.\& mouse (serial) 3251.It Li mmseries 3252MM Series mouse (serial) 3253.It Li logitech 3254Logitech mouse (serial) 3255.It Li busmouse 3256A bus mouse 3257.It Li mouseman 3258Logitech MouseMan and TrackMan (serial) 3259.It Li glidepoint 3260ALPS GlidePoint (serial) 3261.It Li thinkingmouse 3262Kensington ThinkingMouse (serial) 3263.It Li ps/2 3264PS/2 mouse 3265.It Li mmhittab 3266MM HitTablet (serial) 3267.It Li x10mouseremote 3268X10 MouseRemote (serial) 3269.It Li versapad 3270Interlink VersaPad (serial) 3271.El 3272.Pp 3273Even if the mouse is not in the above list, it may be compatible 3274with one in the list. 3275Refer to the manual page for 3276.Xr moused 8 3277for compatibility information. 3278.Pp 3279It should also be noted that while this is enabled, any 3280other client of the mouse (such as an X server) should access 3281the mouse through the virtual mouse device, 3282.Pa /dev/sysmouse , 3283and configure it as a 3284.Dq Li sysmouse 3285type mouse, since all 3286mouse data is converted to this single canonical format when 3287using 3288.Xr moused 8 . 3289If the client program does not support the 3290.Dq Li sysmouse 3291type, 3292specify the 3293.Dq Li mousesystems 3294type. 3295It is the second preferred type. 3296.It Va moused_port 3297.Pq Vt str 3298If 3299.Va moused_enable 3300is set to 3301.Dq Li YES , 3302this is the actual port the mouse is on. 3303It might be 3304.Pa /dev/cuau0 3305for a COM1 serial mouse, or 3306.Pa /dev/psm0 3307for a PS/2 mouse, for example. 3308.It Va moused_flags 3309.Pq Vt str 3310If 3311.Va moused_flags 3312is set, its value is used as an additional set of flags to pass to the 3313.Xr moused 8 3314daemon. 3315.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3316When 3317.Va moused_nondefault_enable 3318is enabled, and a 3319.Xr moused 8 3320daemon is started for a non-default port, the 3321.Va "moused_" Ns Ar XXX Ns Va "_flags" 3322set of options has precedence over and replaces the default 3323.Va moused_flags 3324(where 3325.Ar XXX 3326is the name of the non-default port, i.e.,\& 3327.Ar ums0 ) . 3328By setting 3329.Va "moused_" Ns Ar XXX Ns Va "_flags" 3330it is possible to set up a different set of default flags for each 3331.Xr moused 8 3332instance. 3333For example, you can use 3334.Dq Li "-3" 3335for the default 3336.Va moused_flags 3337to make your laptop's touchpad more comfortable to use, 3338but an empty set of options for 3339.Va moused_ums0_flags 3340when your 3341.Xr usb 4 3342mouse has three or more buttons. 3343.It Va mousechar_start 3344.Pq Vt int 3345If set to 3346.Dq Li NO , 3347the default mouse cursor character range 3348.Li 0xd0 Ns - Ns Li 0xd3 3349is used, 3350otherwise the range start is set 3351to 3352.Ar value 3353character, see 3354.Xr vidcontrol 1 . 3355Use if the default range is occupied in the language code table. 3356.It Va allscreens_flags 3357.Pq Vt str 3358If set, 3359.Xr vidcontrol 1 3360is run with these options for each of the virtual terminals 3361.Pq Pa /dev/ttyv* . 3362For example, 3363.Dq Fl m Cm on 3364will enable the mouse pointer on all virtual terminals 3365if 3366.Va moused_enable 3367is set to 3368.Dq Li YES . 3369.It Va allscreens_kbdflags 3370.Pq Vt str 3371If set, 3372.Xr kbdcontrol 1 3373is run with these options for each of the virtual terminals 3374.Pq Pa /dev/ttyv* . 3375For example, 3376.Dq Fl h Li 200 3377will set the 3378.Xr syscons 4 3379or 3380.Xr vt 4 3381scrollback (history) buffer to 200 lines. 3382.It Va cron_enable 3383.Pq Vt bool 3384If set to 3385.Dq Li YES , 3386run the 3387.Xr cron 8 3388daemon at system boot time. 3389.It Va cron_program 3390.Pq Vt str 3391Path to 3392.Xr cron 8 3393(default 3394.Pa /usr/sbin/cron ) . 3395.It Va cron_flags 3396.Pq Vt str 3397If 3398.Va cron_enable 3399is set to 3400.Dq Li YES , 3401these are the flags to pass to 3402.Xr cron 8 . 3403.It Va cron_dst 3404.Pq Vt bool 3405If set to 3406.Dq Li YES , 3407enable the special handling of transitions to and from the 3408Daylight Saving Time in 3409.Xr cron 8 3410(equivalent to using the flag 3411.Fl s ) . 3412.It Va lpd_program 3413.Pq Vt str 3414Path to 3415.Xr lpd 8 3416(default 3417.Pa /usr/sbin/lpd ) . 3418.It Va lpd_enable 3419.Pq Vt bool 3420If set to 3421.Dq Li YES , 3422run the 3423.Xr lpd 8 3424daemon at system boot time. 3425.It Va lpd_flags 3426.Pq Vt str 3427If 3428.Va lpd_enable 3429is set to 3430.Dq Li YES , 3431these are the flags to pass to the 3432.Xr lpd 8 3433daemon. 3434.It Va chkprintcap_enable 3435.Pq Vt bool 3436If set to 3437.Dq Li YES , 3438run the 3439.Xr chkprintcap 8 3440command before starting the 3441.Xr lpd 8 3442daemon. 3443.It Va chkprintcap_flags 3444.Pq Vt str 3445If 3446.Va lpd_enable 3447and 3448.Va chkprintcap_enable 3449are set to 3450.Dq Li YES , 3451these are the flags to pass to the 3452.Xr chkprintcap 8 3453program. 3454The default is 3455.Dq Li -d , 3456which causes missing directories to be created. 3457.It Va mta_start_script 3458.Pq Vt str 3459This variable specifies the full path to the script to run to start 3460a mail transfer agent. 3461The default is 3462.Pa /etc/rc.sendmail . 3463The 3464.Va sendmail_* 3465variables which 3466.Pa /etc/rc.sendmail 3467uses are documented in the 3468.Xr rc.sendmail 8 3469manual page. 3470.It Va dumpdev 3471.Pq Vt str 3472Indicates the device (usually a swap partition) to which a crash dump 3473should be written in the event of a system crash. 3474If the value of this variable is 3475.Dq Li AUTO , 3476the first suitable swap device listed in 3477.Pa /etc/fstab 3478will be used as dump device. 3479Otherwise, the value of this variable is passed as the argument to 3480.Xr dumpon 8 3481and 3482.Xr savecore 8 . 3483To disable crash dumps, set this variable to 3484.Dq Li NO . 3485.It Va dumpon_flags 3486.Pq Vt str 3487Flags to pass to 3488.Xr dumpon 8 3489when configuring 3490.Va dumpdev 3491as the system dump device. 3492.It Va dumpdir 3493.Pq Vt str 3494When the system reboots after a crash and a crash dump is found on the 3495device specified by the 3496.Va dumpdev 3497variable, 3498.Xr savecore 8 3499will save that crash dump and a copy of the kernel to the directory 3500specified by the 3501.Va dumpdir 3502variable. 3503The default value is 3504.Pa /var/crash . 3505Set to 3506.Dq Li NO 3507to not run 3508.Xr savecore 8 3509at boot time when 3510.Va dumpdir 3511is set. 3512.It Va savecore_enable 3513.Pq Vt bool 3514If set to 3515.Dq Li NO , 3516disable automatic extraction of the crash dump from the 3517.Va dumpdev . 3518.It Va savecore_flags 3519.Pq Vt str 3520If crash dumps are enabled, these are the flags to pass to the 3521.Xr savecore 8 3522utility. 3523.It Va quota_enable 3524.Pq Vt bool 3525Set to 3526.Dq Li YES 3527to turn on user and group disk quotas on system startup via the 3528.Xr quotaon 8 3529command for all file systems marked as having quotas enabled in 3530.Pa /etc/fstab . 3531The kernel must be built with 3532.Cd "options QUOTA" 3533for disk quotas to function. 3534.It Va check_quotas 3535.Pq Vt bool 3536Set to 3537.Dq Li YES 3538to enable user and group disk quota checking via the 3539.Xr quotacheck 8 3540command. 3541.It Va quotacheck_flags 3542.Pq Vt str 3543If 3544.Va quota_enable 3545is set to 3546.Dq Li YES , 3547and 3548.Va check_quotas 3549is set to 3550.Dq Li YES , 3551these are the flags to pass to the 3552.Xr quotacheck 8 3553utility. 3554The default is 3555.Dq Li "-a" , 3556which checks quotas for all file systems with quotas enabled in 3557.Pa /etc/fstab . 3558.It Va quotaon_flags 3559.Pq Vt str 3560If 3561.Va quota_enable 3562is set to 3563.Dq Li YES , 3564these are the flags to pass to the 3565.Xr quotaon 8 3566utility. 3567The default is 3568.Dq Li "-a" , 3569which enables quotas for all file systems with quotas enabled in 3570.Pa /etc/fstab . 3571.It Va quotaoff_flags 3572.Pq Vt str 3573If 3574.Va quota_enable 3575is set to 3576.Dq Li YES , 3577these are the flags to pass to the 3578.Xr quotaoff 8 3579utility when shutting down the quota system. 3580The default is 3581.Dq Li "-a" , 3582which disables quotas for all file systems with quotas enabled in 3583.Pa /etc/fstab . 3584.It Va accounting_enable 3585.Pq Vt bool 3586Set to 3587.Dq Li YES 3588to enable system accounting through the 3589.Xr accton 8 3590facility. 3591.It Va firstboot_sentinel 3592.Pq Vt str 3593This variable specifies the full path to a 3594.Dq first boot 3595sentinel file. 3596If a file exists with this path, 3597.Pa rc.d 3598scripts with the 3599.Dq firstboot 3600keyword will be run on startup and the sentinel file will be deleted 3601after the boot process completes. 3602The sentinel file must be located on a writable file system which is 3603mounted no later than 3604.Va early_late_divider 3605to function properly. 3606The default is 3607.Pa /firstboot . 3608.It Va linux_enable 3609.Pq Vt bool 3610Set to 3611.Dq Li YES 3612to enable Linux/ELF binary emulation at system initial 3613boot time. 3614.It Va sysvipc_enable 3615.Pq Vt bool 3616If set to 3617.Dq Li YES , 3618load System V IPC primitives at boot time. 3619.It Va clear_tmp_enable 3620.Pq Vt bool 3621Set to 3622.Dq Li YES 3623to have 3624.Pa /tmp 3625cleaned at startup. 3626.It Va clear_tmp_X 3627.Pq Vt bool 3628Set to 3629.Dq Li NO 3630to disable removing of X11 lock files, 3631and the removal and (secure) recreation 3632of the various socket directories for X11 3633related programs. 3634.It Va ldconfig_paths 3635.Pq Vt str 3636Set to the list of shared library paths to use with 3637.Xr ldconfig 8 . 3638NOTE: 3639.Pa /lib 3640and 3641.Pa /usr/lib 3642will always be added first, so they need not appear in this list. 3643.It Va ldconfig32_paths 3644.Pq Vt str 3645Set to the list of 32-bit compatibility shared library paths to 3646use with 3647.Xr ldconfig 8 . 3648.It Va ldconfig_insecure 3649.Pq Vt bool 3650The 3651.Xr ldconfig 8 3652utility normally refuses to use directories 3653which are writable by anyone except root. 3654Set this variable to 3655.Dq Li YES 3656to disable that security check during system startup. 3657.It Va ldconfig_local_dirs 3658.Pq Vt str 3659Set to the list of local 3660.Xr ldconfig 8 3661directories. 3662The names of all files in the directories listed will be 3663passed as arguments to 3664.Xr ldconfig 8 . 3665.It Va ldconfig_local32_dirs 3666.Pq Vt str 3667Set to the list of local 32-bit compatibility 3668.Xr ldconfig 8 3669directories. 3670The names of all files in the directories listed will be 3671passed as arguments to 3672.Dq Nm ldconfig Fl 32 . 3673.It Va kern_securelevel_enable 3674.Pq Vt bool 3675Set to 3676.Dq Li YES 3677to set the kernel security level at system startup. 3678.It Va kern_securelevel 3679.Pq Vt int 3680The kernel security level to set at startup. 3681The allowed range of 3682.Ar value 3683ranges from \-1 (the compile time default) to 3 (the 3684most secure). 3685See 3686.Xr security 7 3687for the list of possible security levels and their effect 3688on system operation. 3689.It Va sshd_program 3690.Pq Vt str 3691Path to the SSH server program 3692.Pa ( /usr/sbin/sshd 3693is the default). 3694.It Va sshd_enable 3695.Pq Vt bool 3696Set to 3697.Dq Li YES 3698to start 3699.Xr sshd 8 3700at system boot time. 3701.It Va sshd_flags 3702.Pq Vt str 3703If 3704.Va sshd_enable 3705is set to 3706.Dq Li YES , 3707these are the flags to pass to the 3708.Xr sshd 8 3709daemon. 3710.It Va ftpd_program 3711.Pq Vt str 3712Path to the FTP server program 3713.Pa ( /usr/libexec/ftpd 3714is the default). 3715.It Va ftpd_enable 3716.Pq Vt bool 3717Set to 3718.Dq Li YES 3719to start 3720.Xr ftpd 8 3721as a stand-alone daemon at system boot time. 3722.It Va ftpd_flags 3723.Pq Vt str 3724If 3725.Va ftpd_enable 3726is set to 3727.Dq Li YES , 3728these are the additional flags to pass to the 3729.Xr ftpd 8 3730daemon. 3731.It Va watchdogd_enable 3732.Pq Vt bool 3733If set to 3734.Dq Li YES , 3735start the 3736.Xr watchdogd 8 3737daemon at boot time. 3738This requires that the kernel have been compiled with a 3739.Xr watchdog 4 3740compatible device. 3741.It Va watchdogd_flags 3742.Pq Vt str 3743If 3744.Va watchdogd_enable 3745is set to 3746.Dq Li YES , 3747these are the flags passed to the 3748.Xr watchdogd 8 3749daemon. 3750.It Va watchdogd_timeout 3751.Pq Vt int 3752If 3753.Va watchdogd_enable 3754is set to 3755.Dq Li YES , 3756this is a timeout that will be used by the 3757.Xr watchdogd 8 3758daemon. 3759If this option is set, it overrides 3760.Fl t 3761in 3762.Va watchdogd_flags . 3763.It Va watchdogd_shutdown_timeout 3764.Pq Vt int 3765If 3766.Va watchdogd_enable 3767is set to 3768.Dq Li YES , 3769this is a timeout that will be set by the 3770.Xr watchdogd 8 3771daemon when it exits during the system shutdown. 3772This timeout will not be set when returning to the single-user mode 3773or when the watchdogd service is stopped individually using the 3774.Xr service 8 3775command or the rc.d script. 3776Note that the timeout will be applied if 3777.Xr watchdogd 8 3778is stopped outside of 3779.Xr rc 8 3780framework. 3781If this option is set, it overrides 3782.Fl x 3783in 3784.Va watchdogd_flags . 3785.It Va devfs_rulesets 3786.Pq Vt str 3787List of files containing sets of rules for 3788.Xr devfs 8 . 3789.It Va devfs_system_ruleset 3790.Pq Vt str 3791Rule name(s) to apply to the system 3792.Pa /dev 3793itself. 3794.It Va devfs_set_rulesets 3795.Pq Vt str 3796Pairs of already-mounted 3797.Pa dev 3798directories and rulesets that should be applied to them. 3799For example: /mount/dev=ruleset_name 3800.It Va devfs_load_rulesets 3801.Pq Vt bool 3802If set, always load the default rulesets listed in 3803.Va devfs_rulesets . 3804.It Va performance_cx_lowest 3805.Pq Vt str 3806CPU idle state to use while on AC power. 3807The string 3808.Dq Li LOW 3809indicates that 3810.Xr acpi 4 3811should use the lowest power state available while 3812.Dq Li HIGH 3813indicates that the lowest latency state (less power savings) should be used. 3814.It Va performance_cpu_freq 3815.Pq Vt str 3816CPU clock frequency to use while on AC power. 3817The string 3818.Dq Li LOW 3819indicates that 3820.Xr cpufreq 4 3821should use the lowest frequency available while 3822.Dq Li HIGH 3823indicates that the highest frequency (less power savings) should be used. 3824.It Va economy_cx_lowest 3825.Pq Vt str 3826CPU idle state to use when off AC power. 3827The string 3828.Dq Li LOW 3829indicates that 3830.Xr acpi 4 3831should use the lowest power state available while 3832.Dq Li HIGH 3833indicates that the lowest latency state (less power savings) should be used. 3834.It Va economy_cpu_freq 3835.Pq Vt str 3836CPU clock frequency to use when off AC power. 3837The string 3838.Dq Li LOW 3839indicates that 3840.Xr cpufreq 4 3841should use the lowest frequency available while 3842.Dq Li HIGH 3843indicates that the highest frequency (less power savings) should be used. 3844.It Va jail_enable 3845.Pq Vt bool 3846If set to 3847.Dq Li NO , 3848any configured jails will not be started. 3849.It Va jail_conf 3850.Pq Vt str 3851The configuration filename used by 3852.Xr jail 8 3853utility. 3854The default value is 3855.Pa /etc/jail.conf . 3856.It Va jail_parallel_start 3857.Pq Vt bool 3858If set to 3859.Dq Li YES , 3860all configured jails will be started in the background (in parallel). 3861.It Va jail_flags 3862.Pq Vt str 3863Unset by default. 3864When set, use as default value for 3865.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3866for every jail in 3867.Va jail_list . 3868.It Va jail_list 3869.Pq Vt str 3870A space-delimited list of jail names. 3871When left empty, all of the 3872.Xr jail 8 3873instances defined in the configuration file are started. 3874The names specified in this list control the jail startup order. 3875.Xr jail 8 3876instances missing from 3877.Va jail_list 3878must be started manually. 3879Note that a jail's 3880.Va depend 3881parameter in the configuration file may override this list. 3882.It Va jail_reverse_stop 3883.Pq Vt bool 3884When set to 3885.Dq Li YES , 3886all configured jails in 3887.Va jail_list 3888are stopped in reverse order. 3889.It Va jail_ Ns * variables 3890Note that older releases supported per-jail configuration via 3891.Nm 3892variables. 3893For example, 3894hostname of a jail named 3895.Li vjail 3896was able to be set by 3897.Li jail_vjail_hostname . 3898These per-jail configuration variables are now obsolete in favor of 3899.Xr jail 8 3900configuration file. 3901For backward compatibility, 3902when per-jail configuration variables are defined, 3903.Xr jail 8 3904configuration files are created as 3905.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3906and used. 3907.Pp 3908The following per-jail parameters are handled by 3909.Pa rc.d/jail 3910script out of their corresponding 3911.Nm 3912variables. 3913In addition to them, parameters in 3914.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3915will be added to the configuration file. 3916They must be a semi-colon 3917.Pq Ql \&; 3918delimited list of 3919.Dq key=value . 3920For more details, 3921see 3922.Xr jail 8 3923manual page. 3924.Bl -tag -width "host.hostname" -offset indent 3925.It Li path 3926set from 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3928.It Li host.hostname 3929set from 3930.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3931.It Li exec.consolelog 3932set from 3933.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3934The default value is 3935.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3936.It Li interface 3937set from 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3939.It Li vnet.interface 3940set from 3941.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3942This implies 3943.Li vnet 3944parameter will be enabled and cannot be specified with 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3946.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3947and/or 3948.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3949at the same time. 3950.It Li fstab 3951set from 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3953.It Li mount 3954set from 3955.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3956.It Li exec.fib 3957set from 3958.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3959.It Li exec.start 3960set from 3961.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3962The parameter name was 3963.Li command 3964in some older releases. 3965.It Li exec.prestart 3966set from 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3968.It Li exec.poststart 3969set from 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3971.It Li exec.stop 3972set from 3973.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3974.It Li exec.prestop 3975set from 3976.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3977.It Li exec.poststop 3978set from 3979.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3980.It Li ip4.addr 3981set if 3982.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3983or 3984.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3985contain IPv4 addresses 3986.It Li ip6.addr 3987set if 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3989or 3990.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3991contain IPv6 addresses 3992.It Li allow.mount 3993set from 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3995.It Li mount.devfs 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3998.It Li devfs_ruleset 3999set from 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4001This must be an integer, 4002not a string. 4003.It Li mount.fdescfs 4004set from 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4006.It Li allow.set_hostname 4007set from 4008.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4009.It Li allow.rawsocket 4010set from 4011.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4012.It Li allow.sysvipc 4013set from 4014.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4015.El 4016.\" ----------------------------------------------------- 4017.It Va harvest_mask 4018.Pq Vt int 4019Set to a bit-mask 4020representing the entropy sources 4021you wish to harvest. 4022Refer to 4023.Xr random 4 4024for more information. 4025.It Va entropy_dir 4026.Pq Vt str 4027Set to 4028.Dq Li NO 4029to disable caching entropy via 4030.Xr cron 8 . 4031Otherwise set to the directory 4032in which the entropy files are stored. 4033To be useful, 4034there must be 4035a system cron job 4036that regularly writes and rotates 4037files here. 4038All files found 4039will be used at boot time. 4040The default is 4041.Pa /var/db/entropy . 4042.It Va entropy_file 4043.Pq Vt str 4044Set to 4045.Dq Li NO 4046to disable caching entropy through reboots. 4047Otherwise set to the name 4048of a file used to store cached entropy. 4049This file should be located 4050on a file system that is readable 4051before all the volumes specified in 4052.Xr fstab 5 4053are mounted. 4054By default, 4055.Pa /entropy 4056is used, 4057but if 4058.Pa /var/db/entropy-file 4059is found it will also be used. 4060This will be of some use to 4061.Xr bsdinstall 8 . 4062.It Va entropy_boot_file 4063.Pq Vt str 4064Set to 4065.Dq Li NO 4066to disable 4067very early caching entropy 4068through reboots. 4069Otherwise set to the filename 4070used to read 4071very early reboot cached entropy. 4072This file should be located where 4073.Xr loader 8 4074can read it. 4075See also 4076.Xr loader.conf 5 . 4077The default location is 4078.Pa /boot/entropy . 4079.It Va entropy_save_sz 4080.Pq Vt int 4081Size of the entropy cache files saved by 4082.Nm save-entropy 4083periodically. 4084.It Va entropy_save_num 4085.Pq Vt int 4086Number of entropy cache files to save by 4087.Nm save-entropy 4088periodically. 4089.It Va ipsec_enable 4090.Pq Vt bool 4091Set to 4092.Dq Li YES 4093to run 4094.Xr setkey 8 4095on 4096.Va ipsec_file 4097at boot time. 4098.It Va ipsec_file 4099.Pq Vt str 4100Configuration file for 4101.Xr setkey 8 . 4102.It Va dmesg_enable 4103.Pq Vt bool 4104Set to 4105.Dq Li YES 4106to save 4107.Xr dmesg 8 4108to 4109.Pa /var/run/dmesg.boot 4110on boot. 4111.It Va rcshutdown_timeout 4112.Pq Vt int 4113If set, start a watchdog timer in the background which will terminate 4114.Pa rc.shutdown 4115if 4116.Xr shutdown 8 4117has not completed within the specified time (in seconds). 4118Notice that in addition to this soft timeout, 4119.Xr init 8 4120also applies a hard timeout for the execution of 4121.Pa rc.shutdown . 4122This is configured via 4123.Xr sysctl 8 4124variable 4125.Va kern.init_shutdown_timeout 4126and defaults to 120 seconds. 4127Setting the value of 4128.Va rcshutdown_timeout 4129to more than 120 seconds will have no effect until the 4130.Xr sysctl 8 4131variable 4132.Va kern.init_shutdown_timeout 4133is also increased. 4134.It Va virecover_enable 4135.Pq Vt bool 4136Set to 4137.Dq Li NO 4138to prevent the system from trying to 4139recover pre-maturely terminated 4140.Xr vi 1 4141sessions. 4142.It Va ugidfw_enable 4143.Pq Vt bool 4144Set to 4145.Dq Li YES 4146to load the 4147.Xr mac_bsdextended 4 4148module upon system initialization and load a default 4149ruleset file. 4150.It Va bsdextended_script 4151.Pq Vt str 4152The default 4153.Xr mac_bsdextended 4 4154ruleset file to load. 4155The default value of this variable is 4156.Pa /etc/rc.bsdextended . 4157.It Va newsyslog_enable 4158.Pq Vt bool 4159If set to 4160.Dq Li YES , 4161run 4162.Xr newsyslog 8 4163command at startup. 4164.It Va newsyslog_flags 4165.Pq Vt str 4166If 4167.Va newsyslog_enable 4168is set to 4169.Dq Li YES , 4170these are the flags to pass to the 4171.Xr newsyslog 8 4172program. 4173The default is 4174.Dq Li -CN , 4175which causes log files flagged with a 4176.Cm C 4177to be created. 4178.It Va mdconfig_md Ns Aq Ar X 4179.Pq Vt str 4180Arguments to 4181.Xr mdconfig 8 4182for 4183.Xr md 4 4184device 4185.Ar X . 4186At minimum a 4187.Fl t Ar type 4188must be specified and either a 4189.Fl s Ar size 4190for malloc or swap backed 4191.Xr md 4 4192devices or a 4193.Fl f Ar file 4194for vnode backed 4195.Xr md 4 4196devices. 4197Note that 4198.Va mdconfig_md Ns Aq Ar X 4199variables are evaluated until one variable is unset or null. 4200.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4201.Pq Vt str 4202Optional arguments passed to 4203.Xr newfs 8 4204to initialize 4205.Xr md 4 4206device 4207.Ar X . 4208.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4209.Pq Vt str 4210An ownership specification passed to 4211.Xr chown 8 4212after the specified 4213.Xr md 4 4214device 4215.Ar X 4216has been mounted. 4217Both the 4218.Xr md 4 4219device and the mount point will be changed. 4220.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4221.Pq Vt str 4222A mode string passed to 4223.Xr chmod 1 4224after the specified 4225.Xr md 4 4226device 4227.Ar X 4228has been mounted. 4229Both the 4230.Xr md 4 4231device and the mount point will be changed. 4232.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4233.Pq Vt str 4234Files to be copied to the mount point of the 4235.Xr md 4 4236device 4237.Ar X 4238after it has been mounted. 4239.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4240.Pq Vt str 4241Command to execute after the specified 4242.Xr md 4 4243device 4244.Ar X 4245has been mounted. 4246Note that the command is passed to 4247.Ic eval 4248and that both 4249.Va _dev 4250and 4251.Va _mp 4252variables can be used to reference respectively the 4253.Xr md 4 4254device and the mount point. 4255Assuming that the 4256.Xr md 4 4257device is 4258.Li md0 , 4259one could set the following: 4260.Bd -literal 4261mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4262.Ed 4263.It Va autobridge_interfaces 4264.Pq Vt str 4265Set to the list of bridge interfaces that will have newly arriving interfaces 4266checked against to be automatically added. 4267If not set to 4268.Dq Li NO 4269then for each whitespace separated 4270.Ar element 4271in the value, a 4272.Va autobridge_ Ns Aq Ar element 4273variable is assumed to exist which has a whitespace separated list of interface 4274names to match, these names can use wildcards. 4275For example: 4276.Bd -literal 4277autobridge_interfaces="bridge0" 4278autobridge_bridge0="tap* dc0 vlan[345]" 4279.Ed 4280.It Va mixer_enable 4281.Pq Vt bool 4282If set to 4283.Dq Li YES , 4284enable support for sound mixer. 4285.It Va hcsecd_enable 4286.Pq Vt bool 4287If set to 4288.Dq Li YES , 4289enable Bluetooth security daemon. 4290.It Va hcsecd_config 4291.Pq Vt str 4292Configuration file for 4293.Xr hcsecd 8 . 4294Default 4295.Pa /etc/bluetooth/hcsecd.conf . 4296.It Va sdpd_enable 4297.Pq Vt bool 4298If set to 4299.Dq Li YES , 4300enable Bluetooth Service Discovery Protocol daemon. 4301.It Va sdpd_control 4302.Pq Vt str 4303Path to 4304.Xr sdpd 8 4305control socket. 4306Default 4307.Pa /var/run/sdp . 4308.It Va sdpd_groupname 4309.Pq Vt str 4310Sets 4311.Xr sdpd 8 4312group to run as after it initializes. 4313Default 4314.Dq Li nobody . 4315.It Va sdpd_username 4316.Pq Vt str 4317Sets 4318.Xr sdpd 8 4319user to run as after it initializes. 4320Default 4321.Dq Li nobody . 4322.It Va bthidd_enable 4323.Pq Vt bool 4324If set to 4325.Dq Li YES , 4326enable Bluetooth Human Interface Device daemon. 4327.It Va bthidd_config 4328.Pq Vt str 4329Configuration file for 4330.Xr bthidd 8 . 4331Default 4332.Pa /etc/bluetooth/bthidd.conf . 4333.It Va bthidd_hids 4334.Pq Vt str 4335Path to a file, where 4336.Xr bthidd 8 4337will store information about known HID devices. 4338Default 4339.Pa /var/db/bthidd.hids . 4340.It Va rfcomm_pppd_server_enable 4341.Pq Vt bool 4342If set to 4343.Dq Li YES , 4344enable Bluetooth RFCOMM PPP wrapper daemon. 4345.It Va rfcomm_pppd_server_profile 4346.Pq Vt str 4347The name of the profile to use from 4348.Pa /etc/ppp/ppp.conf . 4349Multiple profiles can be specified here. 4350Also used to specify per-profile overrides. 4351When the profile name contains any of the characters 4352.Dq Li .-/+ 4353they are translated to 4354.Dq Li _ 4355for the proposes of the override variable names. 4356.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4357.Pq Vt str 4358Overrides local address to listen on. 4359By default 4360.Xr rfcomm_pppd 8 4361will listen on 4362.Dq Li ANY 4363address. 4364The address can be specified as BD_ADDR or name. 4365.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4366.Pq Vt str 4367Overrides local RFCOMM channel to listen on. 4368By default 4369.Xr rfcomm_pppd 8 4370will listen on RFCOMM channel 1. 4371Must set properly if multiple profiles used in the same time. 4372.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4373.Pq Vt bool 4374Tells 4375.Xr rfcomm_pppd 8 4376if it should register Serial Port service on the specified RFCOMM channel. 4377Default 4378.Dq Li NO . 4379.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4380.Pq Vt bool 4381Tells 4382.Xr rfcomm_pppd 8 4383if it should register Dial-Up Networking service on the specified 4384RFCOMM channel. 4385Default 4386.Dq Li NO . 4387.It Va ubthidhci_enable 4388.Pq Vt bool 4389If set to 4390.Dq Li YES , 4391change the USB Bluetooth controller from HID mode to HCI mode. 4392You also need to specify the location of USB Bluetooth controller with the 4393.Va ubthidhci_busnum 4394and 4395.Va ubthidhci_addr 4396variables. 4397.It Va ubthidhci_busnum 4398Bus number where the USB Bluetooth controller is located. 4399Check the output of 4400.Xr usbconfig 8 4401on your system to find this information. 4402.It Va ubthidhci_addr 4403Bus address of the USB Bluetooth controller. 4404Check the output of 4405.Xr usbconfig 8 4406on your system to find this information. 4407.It Va netwait_enable 4408.Pq Vt bool 4409If set to 4410.Dq Li YES , 4411delays the start of network-reliant services until 4412.Va netwait_if 4413is up and ICMP packets to a destination defined in 4414.Va netwait_ip 4415are flowing. 4416Link state is examined first, followed by 4417.Dq Li pinging 4418an IP address to verify network usability. 4419If no destination can be reached or timeouts are exceeded, 4420network services are started anyway with no guarantee that 4421the network is usable. 4422Use of this variable requires both 4423.Va netwait_ip 4424and 4425.Va netwait_if 4426to be set. 4427.It Va netwait_ip 4428.Pq Vt str 4429Empty by default. 4430This variable contains a space-delimited list of IP addresses to 4431.Xr ping 8 . 4432DNS hostnames should not be used as resolution is not guaranteed 4433to be functional at this point. 4434If multiple IP addresses are specified, 4435each will be tried until one is successful or the list is exhausted. 4436.It Va netwait_timeout 4437.Pq Vt int 4438Indicates the total number of seconds to perform a 4439.Dq Li ping 4440against each IP address in 4441.Va netwait_ip , 4442at a rate of one ping per second. 4443If any of the pings are successful, 4444full network connectivity is considered reliable. 4445The default is 60. 4446.It Va netwait_if 4447.Pq Vt str 4448Empty by default. 4449Defines the name of the network interface on which watch for link. 4450.Xr ifconfig 8 4451is used to monitor the interface, looking for 4452.Dq Li status: no carrier . 4453Once gone, the link is considered up. 4454This can be a 4455.Xr vlan 4 4456interface if desired. 4457.It Va netwait_if_timeout 4458.Pq Vt int 4459Defines the total number of seconds to wait for link to become usable, 4460polled at a 1-second interval. 4461The default is 30. 4462.It Va rctl_enable 4463.Pq Vt bool 4464If set to 4465.Dq Li YES , 4466load 4467.Xr rctl 8 4468rules from the defined ruleset. 4469The kernel must be built with 4470.Cd "options RACCT" 4471and 4472.Cd "options RCTL" . 4473.It Va rctl_rules 4474.Pq Vt str 4475Set to 4476.Pa /etc/rctl.conf 4477by default. 4478This variables contains the 4479.Xr rctl.conf 5 4480ruleset to load for 4481.Xr rctl 8 . 4482.It Va iovctl_files 4483.Pq Vt str 4484A space-separated list of configuration files used by 4485.Xr iovctl 8 . 4486The default value is an empty string. 4487.It Va autofs_enable 4488.Pq Vt bool 4489If set to 4490.Dq Li YES , 4491start the 4492.Xr automount 8 4493utility and the 4494.Xr automountd 8 4495and 4496.Xr autounmountd 8 4497daemons at boot time. 4498.It Va automount_flags 4499.Pq Vt str 4500If 4501.Va autofs_enable 4502is set to 4503.Dq Li YES , 4504these are the flags to pass to the 4505.Xr automount 8 4506program. 4507By default no flags are passed. 4508.It Va automountd_flags 4509.Pq Vt str 4510If 4511.Va autofs_enable 4512is set to 4513.Dq Li YES , 4514these are the flags to pass to the 4515.Xr automountd 8 4516daemon. 4517By default no flags are passed. 4518.It Va autounmountd_flags 4519.Pq Vt str 4520If 4521.Va autofs_enable 4522is set to 4523.Dq Li YES , 4524these are the flags to pass to the 4525.Xr autounmountd 8 4526daemon. 4527By default no flags are passed. 4528.It Va ctld_enable 4529.Pq Vt bool 4530If set to 4531.Dq Li YES , 4532start the 4533.Xr ctld 8 4534daemon at boot time. 4535.It Va iscsid_enable 4536.Pq Vt bool 4537If set to 4538.Dq Li YES , 4539start the 4540.Xr iscsid 8 4541daemon at boot time. 4542.It Va iscsictl_enable 4543.Pq Vt bool 4544If set to 4545.Dq Li YES , 4546start the 4547.Xr iscsictl 8 4548utility at boot time. 4549.It Va iscsictl_flags 4550.Pq Vt str 4551If 4552.Va iscsictl_enable 4553is set to 4554.Dq Li YES , 4555these are the flags to pass to the 4556.Xr iscsictl 8 4557program. 4558The default is 4559.Dq Li -Aa , 4560which configures sessions based on the 4561.Pa /etc/iscsi.conf 4562configuration file. 4563.It Va cfumass_enable 4564.Pq Vt bool 4565If set to 4566.Dq Li YES , 4567create and export an USB LUN using 4568.Xr cfumass 4 4569at boot time. 4570.It Va cfumass_dir 4571.Pq Vt str 4572The directory where the files exported by USB LUN are located. 4573The default directory is 4574.Pa /var/cfumass . 4575.It Va service_delete_empty 4576.Pq Vt bool 4577If set to 4578.Dq Li YES , 4579.Ql Li service delete 4580removes empty 4581.Dq Li rc.conf.d 4582files. 4583.It Va zfs_bootonce_activate 4584.Pq Vt bool 4585If set to 4586.Dq Li YES , 4587and a boot environment marked bootonce is successfully booted, 4588it will be made permanently active. 4589.El 4590.Sh FILES 4591.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4592.It Pa /etc/defaults/rc.conf 4593.It Pa /etc/defaults/vendor.conf 4594.It Pa /etc/rc.conf 4595.It Pa /etc/rc.conf.local 4596.El 4597.Sh SEE ALSO 4598.Xr chmod 1 , 4599.Xr gdb 1 , 4600.Xr info 1 , 4601.Xr kbdcontrol 1 , 4602.Xr makewhatis 1 , 4603.Xr sh 1 , 4604.Xr vi 1 , 4605.Xr vidcontrol 1 , 4606.Xr bridge 4 , 4607.Xr dummynet 4 , 4608.Xr ip 4 , 4609.Xr ipf 4 , 4610.Xr ipfw 4 , 4611.Xr ipnat 4 , 4612.Xr kld 4 , 4613.Xr pf 4 , 4614.Xr pflog 4 , 4615.Xr pfsync 4 , 4616.Xr tcp 4 , 4617.Xr udp 4 , 4618.Xr exports 5 , 4619.Xr fstab 5 , 4620.Xr ipf 5 , 4621.Xr ipnat 5 , 4622.Xr jail.conf 5 , 4623.Xr loader.conf 5 , 4624.Xr motd 5 , 4625.Xr newsyslog.conf 5 , 4626.Xr pf.conf 5 , 4627.Xr security 7 , 4628.Xr accton 8 , 4629.Xr amd 8 , 4630.Xr apm 8 , 4631.Xr bsdinstall 8 , 4632.Xr bthidd 8 , 4633.Xr chkprintcap 8 , 4634.Xr chown 8 , 4635.Xr cron 8 , 4636.Xr devfs 8 , 4637.Xr dhclient 8 , 4638.Xr ftpd 8 , 4639.Xr geli 8 , 4640.Xr hcsecd 8 , 4641.Xr ifconfig 8 , 4642.Xr inetd 8 , 4643.Xr iovctl 8 , 4644.Xr ipf 8 , 4645.Xr ipfw 8 , 4646.Xr ipnat 8 , 4647.Xr jail 8 , 4648.Xr kldxref 8 , 4649.Xr loader 8 , 4650.Xr lpd 8 , 4651.Xr mdconfig 8 , 4652.Xr mdmfs 8 , 4653.Xr mixer 8 , 4654.Xr mountd 8 , 4655.Xr moused 8 , 4656.Xr newfs 8 , 4657.Xr newsyslog 8 , 4658.Xr nfsd 8 , 4659.Xr ntpd 8 , 4660.Xr ntpdate 8 , 4661.Xr pfctl 8 , 4662.Xr pflogd 8 , 4663.Xr ping 8 , 4664.Xr powerd 8 , 4665.Xr quotacheck 8 , 4666.Xr quotaon 8 , 4667.Xr rc 8 , 4668.Xr rc.sendmail 8 , 4669.Xr rcorder 8 , 4670.Xr rfcomm_pppd 8 , 4671.Xr route 8 , 4672.Xr routed 8 , 4673.Xr rpc.lockd 8 , 4674.Xr rpc.statd 8 , 4675.Xr rpcbind 8 , 4676.Xr rwhod 8 , 4677.Xr savecore 8 , 4678.Xr sdpd 8 , 4679.Xr service 8 , 4680.Xr sshd 8 , 4681.Xr swapon 8 , 4682.Xr sysctl 8 , 4683.Xr syslogd 8 , 4684.Xr sysrc 8 , 4685.Xr timed 8 , 4686.Xr unbound 8 , 4687.Xr usbconfig 8 , 4688.Xr wlandebug 8 , 4689.Xr yp 8 , 4690.Xr ypbind 8 , 4691.Xr ypserv 8 , 4692.Xr ypset 8 4693.Sh HISTORY 4694The 4695.Nm 4696file appeared in 4697.Fx 2.2.2 . 4698.Sh AUTHORS 4699.An Jordan K. Hubbard . 4700