1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd May 18, 2024 26.Dt RC.CONF 5 27.Os 28.Sh NAME 29.Nm rc.conf 30.Nd system configuration information 31.Sh DESCRIPTION 32The file 33.Nm 34contains descriptive information about the local host name, configuration 35details for any potential network interfaces and which services should be 36started up at system initial boot time. 37In new installations, the 38.Nm 39file is generally initialized by the system installation utility. 40.Pp 41The purpose of 42.Nm 43is not to run commands or perform system startup actions 44directly. 45Instead, it is included by the 46various generic startup scripts in 47.Pa /etc 48which conditionalize their 49internal actions according to the settings found there. 50.Pp 51The 52.Pa /etc/rc.conf 53file is included from the file 54.Pa /etc/defaults/rc.conf , 55which specifies the default settings for all the available options. 56Options need only be specified in 57.Pa /etc/rc.conf 58when the system administrator wishes to override these defaults. 59The file 60.Pa /etc/defaults/vendor.conf 61allows vendors to override 62.Fx 63defaults. 64The file 65.Pa /etc/rc.conf.local 66is used to override settings in 67.Pa /etc/rc.conf 68for historical reasons. 69.Pp 70The sysrc(8) command provides a scripting interface to modify system 71config files. 72.Pp 73In addition to 74.Pa /etc/rc.conf.local 75you can also place smaller configuration files for each 76.Xr rc 8 77script in the 78.Pa /etc/rc.conf.d 79directory or 80.Ao Ar dir Ac Ns Pa /rc.conf.d 81directories (where 82.Ao Ar dir Ac 83is each entry specified in 84.Va local_startup , 85but with any trailing 86.Pa /rc.d 87stripped), 88which will be included by the 89.Va load_rc_config 90function. 91For jail configurations you could use the file 92.Pa /etc/rc.conf.d/jail 93to store jail-specific configuration options. 94If 95.Va local_startup 96contains 97.Pa /usr/local/etc/rc.d 98and 99.Pa /opt/conf , 100.Pa /usr/local/etc/rc.conf.d/jail 101and 102.Pa /opt/conf/rc.conf.d/jail 103will be loaded. 104If 105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 106is a directory, 107all of the files in the directory will be loaded. 108Also see the 109.Va rc_conf_files 110variable below. 111.Pp 112Options are set with 113.Dq Ar name Ns Li = Ns Ar value 114assignments that use 115.Xr sh 1 116syntax. 117The following list provides a name and short description for each 118variable that can be set in the 119.Nm 120file: 121.Bl -tag -width indent-two 122.It Va rc_debug 123.Pq Vt bool 124If set to 125.Dq Li YES , 126enable output of debug messages from rc scripts. 127This variable can be helpful in diagnosing mistakes when 128editing or integrating new scripts. 129Beware that this produces copious output to the terminal and 130.Xr syslog 3 . 131.It Va rc_info 132.Pq Vt bool 133If set to 134.Dq Li NO , 135disable informational messages from the rc scripts. 136Informational messages are displayed when 137a condition that is not serious enough to warrant a warning or 138an error occurs. 139.It Va rc_startmsgs 140.Pq Vt bool 141If set to 142.Dq Li YES , 143show 144.Dq Starting foo: 145when faststart is used (e.g., at boot time). 146.It Va early_late_divider 147.Pq Vt str 148The name of the script that should be used as the 149delimiter between the 150.Dq early 151and 152.Dq late 153stages of the boot process. 154The early stage should contain all the services needed to 155get the disks (local or remote) mounted so that the late 156stage can include scripts contained in the directories 157listed in the 158.Va local_startup 159variable (see below). 160Thus, the two likely candidates for this value are 161.Pa mountcritlocal 162for the typical system, and 163.Pa mountcritremote 164if the system needs remote file 165systems mounted to get access to the 166.Va local_startup 167directories; for example when 168.Pa /usr/local 169is NFS mounted. 170For 171.Pa rc.conf 172within a 173.Xr jail 8 174.Pa NETWORKING 175is likely to be an appropriate value. 176Extreme care should be taken when changing this value, 177and before changing it one should ensure that there are 178adequate provisions to recover from a failed boot 179(such as physical contact with the machine, 180or reliable remote console access). 181.It Va always_force_depends 182.Pq Vt bool 183Various 184.Pa rc.d 185scripts use the force_depend function to check whether required 186services are already running, and to start them if necessary. 187By default during boot time this check is bypassed if the 188required service is enabled in 189.Pa /etc/rc.conf[.local] . 190Setting this option will bypass that check at boot time and 191always test whether or not the service is actually running. 192Enabling this option is likely to increase your boot time if 193services are enabled that utilize the force_depend check. 194.It Ao Ar name Ac Ns Va _chroot 195.Pq Vt str 196.Xr chroot 8 197to this directory before running the service. 198.It Ao Ar name Ac Ns Va _cpuset 199.Pq Vt str 200A list of CPUs to run the service on. 201Passed to 202.Xr cpuset 1 203using the 204.Fl l 205flag. 206.It Ao Ar name Ac Ns Va _fib 207.Pq Vt int 208The 209.Xr setfib 1 210value to run the service under. 211.It Ao Ar name Ac Ns Va _group 212.Pq Vt str 213Run the chrooted service under this system group. 214Unlike the 215.Ao Ar name Ac Ns Va _user 216setting, this setting has no effect if the service is not chrooted. 217.It Ao Ar name Ac Ns Va _limits 218.Pq Vt str 219Resource limits to apply to the service using 220.Xr limits 1 . 221By default, resource limits are based on the login class defined in 222.Ao Ar name Ac Ns Va _login_class . 223.It Ao Ar name Ac Ns Va _login_class 224.Pq Vt str 225Login class to be used with 226.Ao Ar name Ac Ns Va _limits . 227Defaults to 228.Dq Li daemon . 229.It Ao Ar name Ac Ns Va _nice 230.Pq Vt int 231The 232.Xr nice 1 233value to run the service under. 234.It Ao Ar name Ac Ns Va _oomprotect 235.Pq Vt str 236Use 237.Xr protect 1 238to prevent the service from being killed when swap space 239is exhausted. 240Use 241.Dq Li YES 242to protect only the service itself, and 243.Dq Li ALL 244to protect the service and all its child processes. 245.Pp 246Please note that rc scripts which redefine 247.Dl ${argument}_cmd 248.Pq see Xr rc.subr 8 249such as PostgreSQL will not inherit the OOM killer protection. 250.Pp 251This variable has no effect on services running within a 252.Xr jail 8 . 253.It Ao Ar name Ac Ns Va _setup 254.Pq Vt str 255Run the specified setup script right before starting the actual service 256command. 257Useful for automatic configuration file generation. 258.It Ao Ar name Ac Ns Va _umask 259.Pq Vt int 260Run the service using this 261.Xr umask 1 262value. 263.It Ao Ar name Ac Ns Va _user 264.Pq Vt str 265Run the service under this user account. 266.It Va apm_enable 267.Pq Vt bool 268If set to 269.Dq Li YES , 270enable support for Automatic Power Management with 271the 272.Xr apm 8 273command. 274.It Va apmd_enable 275.Pq Vt bool 276Run 277.Xr apmd 8 278to handle APM event from userland. 279This also enables support for APM. 280.It Va apmd_flags 281.Pq Vt str 282If 283.Va apmd_enable 284is set to 285.Dq Li YES , 286these are the flags to pass to the 287.Xr apmd 8 288daemon. 289.It Va devd_enable 290.Pq Vt bool 291Run 292.Xr devd 8 293to handle device added, removed or unknown events from the kernel. 294.It Va ddb_enable 295.Pq Vt bool 296Run 297.Xr ddb 8 298to install 299.Xr ddb 4 300scripts at boot time. 301.It Va ddb_config 302.Pq Vt str 303Configuration file for 304.Xr ddb 8 . 305Default 306.Pa /etc/ddb.conf . 307.It Va devmatch_enable 308.Pq Vt bool 309If set to 310.Dq Li NO , 311disable auto-loading of kernel modules with 312.Xr devmatch 8 . 313.It Va devmatch_blocklist 314.Pq Vt str 315A whitespace-separated list of kernel modules to be ignored by 316.Xr devmatch 8 . 317In addition, the 318.Xr kenv 1 319.Va devmatch_blocklist 320is appended to this variable to allow disabling of 321.Xr devmatch 8 322loaded modules from the boot loader. 323.It Va devmatch_blacklist 324.Pq Vt str 325This variable is deprecated. 326Use 327.Va devmatch_blocklist 328instead. 329A whitespace-separated list of kernel modules to be ignored by 330.Xr devmatch 8 . 331.It Va kld_list 332.Pq Vt str 333A whitespace-separated list of kernel modules to load right after 334the local disks are mounted, without any 335.Pa .ko 336extension or path. 337.It Va kldxref_enable 338.Pq Vt bool 339Set to 340.Dq Li NO 341by default. 342Set to 343.Dq Li YES 344to automatically rebuild 345.Pa linker.hints 346files with 347.Xr kldxref 8 348at boot time. 349.It Va kldxref_clobber 350.Pq Vt bool 351Set to 352.Dq Li NO 353by default. 354If 355.Va kldxref_enable 356is true, 357setting to 358.Dq Li YES 359will overwrite existing 360.Pa linker.hints 361files at boot time. 362Otherwise, 363only missing 364.Pa linker.hints 365files are generated. 366.It Va kldxref_module_path 367.Pq Vt str 368Empty by default. 369A semi-colon 370.Pq Ql \&; 371delimited list of paths containing 372.Xr kld 4 373modules. 374If empty, 375the contents of the 376.Va kern.module_path 377.Xr sysctl 8 378are used. 379.It Va powerd_enable 380.Pq Vt bool 381If set to 382.Dq Li YES , 383enable the system power control facility with the 384.Xr powerd 8 385daemon. 386.It Va powerd_flags 387.Pq Vt str 388If 389.Va powerd_enable 390is set to 391.Dq Li YES , 392these are the flags to pass to the 393.Xr powerd 8 394daemon. 395.It Va tmpmfs 396Controls the creation of a 397.Pa /tmp 398memory file system. 399Always happens if set to 400.Dq Li YES 401and never happens if set to 402.Dq Li NO . 403If set to anything else, a memory file system is created if 404.Pa /tmp 405is not writable. 406.It Va tmpsize 407Controls the size of a created 408.Pa /tmp 409memory file system. 410.It Va tmpmfs_flags 411Extra options passed to the 412.Xr mdmfs 8 413utility when the memory file system for 414.Pa /tmp 415is created. 416The default is 417.Dq Li "-S" , 418which inhibits the use of softupdates on 419.Pa /tmp 420so that file system space is freed without delay 421after file truncation or deletion. 422See 423.Xr mdmfs 8 424for other options you can use in 425.Va tmpmfs_flags . 426.It Va varmfs 427Controls the creation of a 428.Pa /var 429memory file system. 430Always happens if set to 431.Dq Li YES 432and never happens if set to 433.Dq Li NO . 434If set to anything else, a memory file system is created if 435.Pa /var 436is not writable. 437.It Va varsize 438Controls the size of a created 439.Pa /var 440memory file system. 441.It Va varmfs_flags 442Extra options passed to the 443.Xr mdmfs 8 444utility when the memory file system for 445.Pa /var 446is created. 447The default is 448.Dq Li "-S" , 449which inhibits the use of softupdates on 450.Pa /var 451so that file system space is freed without delay 452after file truncation or deletion. 453See 454.Xr mdmfs 8 455for other options you can use in 456.Va varmfs_flags . 457.It Va populate_var 458Controls the automatic population of the 459.Pa /var 460file system. 461Always happens if set to 462.Dq Li YES 463and never happens if set to 464.Dq Li NO . 465If set to anything else, a memory file system is created if 466.Pa /var 467is not writable. 468Note that this process requires access to certain commands in 469.Pa /usr 470before 471.Pa /usr 472is mounted on normal systems. 473.It Va cleanvar_enable 474.Pq Vt bool 475Clean the 476.Pa /var 477directory. 478.It Va var_run_enable 479.Pq Vt bool 480Set to "YES" to enable saving of the 481.Pa /var/run 482directory structure into an mtree file at shutdown and the reload of the 483.Pa /var/run 484directory structure at boot. 485.It Va var_run_autosave 486.Pq Vt bool 487In some cases it may be undesirable to save 488.Pa /var/run 489at shutdown. 490When set to "NO" 491.Pa /var/run 492is loaded at reboot but not saved at shutdown. 493Typically in this scenario 494.Ql service var_run save 495would be performed to save a copy of the 496.Pa /var/run 497directory structure once, to be reloaded during all subsequent reboots. 498.It Va var_run_mtree 499.Pq Vt str 500Where to save the 501.Pa /var/run 502mtree. 503The default location is 504.Pa /var/db/mtree/BSD.var-run.mtree . 505.It Va local_startup 506.Pq Vt str 507List of directories to search for startup script files. 508.It Va script_name_sep 509.Pq Vt str 510The field separator to use for breaking down the list of startup script files 511into individual filenames. 512The default is a space. 513It is not necessary to change this unless there are startup scripts with names 514containing spaces. 515.It Va hostapd_enable 516.Pq Vt bool 517Set to 518.Dq Li YES 519to start 520.Xr hostapd 8 521at system boot time. 522.It Va hostname 523.Pq Vt str 524The fully qualified domain name (FQDN) of this host on the network. 525This should almost certainly be set to something meaningful, even if 526there is no network connection. 527If 528.Xr dhclient 8 529is used to set the hostname via DHCP, 530this variable should be set to an empty string. 531Within a 532.Xr jail 8 533the hostname is generally already set and this variable may be absent. 534If this value remains unset when the system is done booting 535your console login will display the default hostname of 536.Dq Amnesiac . 537.It Va nisdomainname 538.Pq Vt str 539The NIS domain name of this host, or 540.Dq Li NO 541if NIS is not used. 542.It Va hostid_enable 543.Pq Vt bool 544If set to 545.Dq Li NO , 546disable the generation or saving of the 547.Pa hostid 548and 549.Pa machine-id 550files at system boot and shutdown. 551.It Va hostid_file 552.Pq Vt str 553Path to the 554.Pa hostid 555file, default 556.Pa /etc/hostid . 557.It Va hostid_uuidgen_flags 558.Pq Vt str 559Flags passed to 560.Xr uuidgen 1 561when generating a software host UUID. 562This is used only if the system cannot determine a hardware UUID. 563Set to 564.Dq Li -r 565by default. 566.It Va machine_id_file 567.Pq Vt str 568Path to the 569.Pa machine-id 570file, default 571.Pa /etc/machine-id . 572.It Va dhclient_program 573.Pq Vt str 574Path to the DHCP client program, defaulting to 575.Pa /sbin/dhclient . 576.It Va dhclient_flags 577.Pq Vt str 578Additional flags to pass to the DHCP client program. 579See the 580.Xr dhclient 8 581manpage for a description of the command line options available. 582.It Va dhclient_flags_ Ns Aq Ar iface 583Additional flags to pass to the DHCP client program running on 584.Ar iface 585only. 586When specified, this variable overrides 587.Va dhclient_flags . 588.It Va background_dhclient 589.Pq Vt bool 590Set to 591.Dq Li YES 592to start the DHCP client in background. 593This can cause trouble with applications depending on 594a working network, but it will provide a faster startup 595in many cases. 596.It Va background_dhclient_ Ns Aq Ar iface 597When specified, this variable overrides the 598.Va background_dhclient 599variable for interface 600.Ar iface 601only. 602.It Va synchronous_dhclient 603.Pq Vt bool 604Set to 605.Dq Li YES 606to start 607.Xr dhclient 8 608synchronously at startup. 609This behavior can be overridden on a per-interface basis by replacing 610the 611.Dq Li DHCP 612keyword in the 613.Va ifconfig_ Ns Aq Ar interface 614variable with 615.Dq Li SYNCDHCP 616or 617.Dq Li NOSYNCDHCP . 618.It Va defaultroute_delay 619.Pq Vt int 620When set to a positive value, wait up to this long after configuring 621DHCP interfaces at startup to give the interfaces time to receive a lease. 622.It Va firewall_enable 623.Pq Vt bool 624Set to 625.Dq Li YES 626to load firewall rules at startup. 627If the kernel was not built with 628.Cd "options IPFIREWALL" , 629the 630.Pa ipfw.ko 631kernel module will be loaded. 632See also 633.Va ipfilter_enable . 634.It Va firewall_script 635.Pq Vt str 636This variable specifies the full path to the firewall script to run. 637The default is 638.Pa /etc/rc.firewall . 639.It Va firewall_type 640.Pq Vt str 641Names the firewall type from the selection in 642.Pa /etc/rc.firewall , 643or the file which contains the local firewall ruleset. 644Valid selections from 645.Pa /etc/rc.firewall 646are: 647.Pp 648.Bl -tag -width ".Li workstation" -compact 649.It Li open 650unrestricted IP access 651.It Li closed 652all IP services disabled, except via 653.Dq Li lo0 654.It Li client 655basic protection for a workstation 656.It Li workstation 657basic protection for a workstation using stateful firewalling 658.It Li simple 659basic protection for a LAN. 660.El 661.Pp 662If a filename is specified, the full path 663must be given. 664.Pp 665Most of the predefined rulesets define additional configuration variables. 666These are documented in 667.Pa /etc/rc.firewall . 668.It Va firewall_quiet 669.Pq Vt bool 670Set to 671.Dq Li YES 672to disable the display of firewall rules on the console during boot. 673.It Va firewall_logging 674.Pq Vt bool 675Set to 676.Dq Li YES 677to enable firewall event logging. 678This is equivalent to the 679.Dv IPFIREWALL_VERBOSE 680kernel option. 681.It Va firewall_logif 682.Pq Vt bool 683Set to 684.Dq Li YES 685to create pseudo interface 686.Li ipfw0 687for logging. 688For more details, see 689.Xr ipfw 8 690manual page. 691.It Va firewall_flags 692.Pq Vt str 693Flags passed to 694.Xr ipfw 8 695if 696.Va firewall_type 697specifies a filename. 698.It Va firewall_coscripts 699.Pq Vt str 700List of executables and/or rc scripts to run after firewall starts/stops. 701Default is empty. 702.\" ----- firewall_nat_enable setting -------------------------------- 703.It Va firewall_nat_enable 704.Pq Vt bool 705The 706.Xr ipfw 8 707equivalent of 708.Va natd_enable . 709Setting this to 710.Dq Li YES 711will automatically load the 712.Xr ipfw 8 713NAT kernel module if 714.Va firewall_enable 715is also set to 716.Dq Li YES . 717.It Va firewall_nat_interface 718.Pq Vt str 719The 720.Xr ipfw 8 721equivalent of 722.Va natd_interface . 723This is the name of the public interface or IP address on which 724kernel NAT should run. 725.It Va firewall_nat_flags 726.Pq Vt str 727Additional configuration parameters for kernel NAT should be placed here. 728.It Va firewall_nat64_enable 729.Pq Vt bool 730Setting this to 731.Dq Li YES 732will automatically load the 733.Xr ipfw 8 734NAT64 kernel module if 735.Va firewall_enable 736is also set to 737.Dq Li YES . 738.It Va firewall_nptv6_enable 739.Pq Vt bool 740Setting this to 741.Dq Li YES 742will automatically load the 743.Xr ipfw 8 744NPTv6 kernel module if 745.Va firewall_enable 746is also set to 747.Dq Li YES . 748.It Va firewall_pmod_enable 749.Pq Vt bool 750Setting this to 751.Dq Li YES 752will automatically load the 753.Xr ipfw 8 754pmod kernel module if 755.Va firewall_enable 756is also set to 757.Dq Li YES . 758.It Va dummynet_enable 759.Pq Vt bool 760Setting this to 761.Dq Li YES 762will automatically load the 763.Xr dummynet 4 764module if 765.Va firewall_enable 766is also set to 767.Dq Li YES . 768.\" ------------------------------------------------------------------- 769.It Va ipfw_netflow_enable 770.Pq Vt bool 771Setting this to 772.Dq Li YES 773will enable netflow logging via 774.Xr ng_netflow 4 . 775.Pp 776By default a ipfw rule is inserted and all packets are duplicated with 777the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 778port using protocol version 5. 779.It Va ipfw_netflow_hook 780.Pq Vt int 781netflow hook name, must be numerical 782(default 783.Pa 9995 ) . 784.It Va ipfw_netflow_rule 785.Pq Vt int 786ipfw rule number 787(default 788.Pa 1000 ) . 789.It Va ipfw_netflow_ip 790.Pq Vt str 791Destination server ip for receiving netflow data 792(default 793.Pa 127.0.0.1 ) . 794.It Va ipfw_netflow_port 795.Pq Vt int 796Destination server port for receiving netflow data 797(default 798.Pa 9995 ) . 799.It Va ipfw_netflow_version 800.Pq Vt int 801Do not set for using version 5 of the netflow protocol, set it to 9 for using 802version 9. 803.It Va ipfw_netflow_fib 804.Pq Vt int 805Only match packet in FIB 806.Pa ipfw_netflow_fib 807(default is undefined meaning all FIBs). 808.It Va natd_program 809.Pq Vt str 810Path to 811.Xr natd 8 . 812.It Va natd_enable 813.Pq Vt bool 814Set to 815.Dq Li YES 816to enable 817.Xr natd 8 . 818.Va firewall_enable 819must also be set to 820.Dq Li YES , 821and 822.Xr divert 4 823sockets must be enabled in the kernel. 824If the kernel was not built with 825.Cd "options IPDIVERT" , 826the 827.Pa ipdivert.ko 828kernel module will be loaded. 829.It Va natd_interface 830.Pq Vt str 831This is the name of the public interface on which 832.Xr natd 8 833should run. 834The interface may be given as an interface name or as an IP address. 835.It Va natd_flags 836.Pq Vt str 837Additional 838.Xr natd 8 839flags should be placed here. 840The 841.Fl n 842or 843.Fl a 844flag is automatically added with the above 845.Va natd_interface 846as an argument. 847.\" ----- ipfilter_enable setting -------------------------------- 848.It Va ipfilter_enable 849.Pq Vt bool 850Set to 851.Dq Li NO 852by default. 853Setting this to 854.Dq Li YES 855enables 856.Xr ipf 8 857packet filtering. 858.Pp 859Typical usage will require putting 860.Bd -literal 861ipfilter_enable="YES" 862ipnat_enable="YES" 863ipmon_enable="YES" 864ipfs_enable="YES" 865.Ed 866.Pp 867into 868.Pa /etc/rc.conf 869and editing 870.Pa /etc/ipf.rules 871and 872.Pa /etc/ipnat.rules 873appropriately. 874.Pp 875Note that 876.Va ipfilter_enable 877and 878.Va ipnat_enable 879can be enabled independently. 880.Va ipmon_enable 881and 882.Va ipfs_enable 883both require at least one of 884.Va ipfilter_enable 885and 886.Va ipnat_enable 887to be enabled. 888.Pp 889Having 890.Bd -literal 891options IPFILTER 892options IPFILTER_LOG 893options IPFILTER_DEFAULT_BLOCK 894.Ed 895.Pp 896in the kernel configuration file is a good idea, too. 897.\" ----- ipfilter_program setting ------------------------------ 898.It Va ipfilter_program 899.Pq Vt str 900Path to 901.Xr ipf 8 902(default 903.Pa /sbin/ipf ) . 904.\" ----- ipfilter_rules setting -------------------------------- 905.It Va ipfilter_rules 906.Pq Vt str 907Set to 908.Pa /etc/ipf.rules 909by default. 910This variable contains the name of the filter rule definition file. 911The file is expected to be readable for the 912.Xr ipf 8 913command to execute. 914.\" ----- ipfilter_flags setting -------------------------------- 915.It Va ipfilter_flags 916.Pq Vt str 917Empty by default. 918This variable contains flags passed to the 919.Xr ipf 8 920program. 921.\" ----- ipnat_enable setting ---------------------------------- 922.It Va ipnat_enable 923.Pq Vt bool 924Set to 925.Dq Li NO 926by default. 927Set it to 928.Dq Li YES 929to enable 930.Xr ipnat 8 931network address translation. 932See 933.Va ipfilter_enable 934for a detailed discussion. 935.\" ----- ipnat_program setting --------------------------------- 936.It Va ipnat_program 937.Pq Vt str 938Path to 939.Xr ipnat 8 940(default 941.Pa /sbin/ipnat ) . 942.\" ----- ipnat_rules setting ----------------------------------- 943.It Va ipnat_rules 944.Pq Vt str 945Set to 946.Pa /etc/ipnat.rules 947by default. 948This variable contains the name of the file 949holding the network address translation definition. 950This file is expected to be readable for the 951.Xr ipnat 8 952command to execute. 953.\" ----- ipnat_flags setting ----------------------------------- 954.It Va ipnat_flags 955.Pq Vt str 956Empty by default. 957This variable contains flags passed to the 958.Xr ipnat 8 959program. 960.\" ----- ipmon_enable setting ---------------------------------- 961.It Va ipmon_enable 962.Pq Vt bool 963Set to 964.Dq Li NO 965by default. 966Set it to 967.Dq Li YES 968to enable 969.Xr ipmon 8 970monitoring (logging 971.Xr ipf 8 972and 973.Xr ipnat 8 974events). 975Setting this variable needs setting 976.Va ipfilter_enable 977or 978.Va ipnat_enable 979too. 980See 981.Va ipfilter_enable 982for a detailed discussion. 983.\" ----- ipmon_program setting --------------------------------- 984.It Va ipmon_program 985.Pq Vt str 986Path to 987.Xr ipmon 8 988(default 989.Pa /sbin/ipmon ) . 990.\" ----- ipmon_flags setting ----------------------------------- 991.It Va ipmon_flags 992.Pq Vt str 993Set to 994.Dq Li -Ds 995by default. 996This variable contains flags passed to the 997.Xr ipmon 8 998program. 999Another typical example would be 1000.Dq Fl D Pa /var/log/ipflog 1001to have 1002.Xr ipmon 8 1003log directly to a file bypassing 1004.Xr syslogd 8 . 1005Make sure to adjust 1006.Pa /etc/newsyslog.conf 1007in such case like this: 1008.Bd -literal 1009/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 1010.Ed 1011.\" ----- ipfs_enable setting ----------------------------------- 1012.It Va ipfs_enable 1013.Pq Vt bool 1014Set to 1015.Dq Li NO 1016by default. 1017Set it to 1018.Dq Li YES 1019to enable 1020.Xr ipfs 8 1021saving the filter and NAT state tables during shutdown 1022and reloading them during startup again. 1023Setting this variable needs setting 1024.Va ipfilter_enable 1025or 1026.Va ipnat_enable 1027to 1028.Dq Li YES 1029too. 1030See 1031.Va ipfilter_enable 1032for a detailed discussion. 1033Note that if 1034.Va kern_securelevel 1035is set to 3, 1036.Va ipfs_enable 1037cannot be used 1038because the raised securelevel will prevent 1039.Xr ipfs 8 1040from saving the state tables at shutdown time. 1041.\" ----- ipfs_program setting ---------------------------------- 1042.It Va ipfs_program 1043.Pq Vt str 1044Path to 1045.Xr ipfs 8 1046(default 1047.Pa /sbin/ipfs ) . 1048.\" ----- ipfs_flags setting ------------------------------------ 1049.It Va ipfs_flags 1050.Pq Vt str 1051Empty by default. 1052This variable contains flags passed to the 1053.Xr ipfs 8 1054program. 1055.\" ----- end of added ipf hook --------------------------------- 1056.It Va pf_enable 1057.Pq Vt bool 1058Set to 1059.Dq Li NO 1060by default. 1061Setting this to 1062.Dq Li YES 1063enables 1064.Xr pf 4 1065packet filtering. 1066.Pp 1067Typical usage will require putting 1068.Pp 1069.Dl pf_enable="YES" 1070.Pp 1071into 1072.Pa /etc/rc.conf 1073and editing 1074.Pa /etc/pf.conf 1075appropriately. 1076Adding 1077.Pp 1078.Dl "device pf" 1079.Pp 1080builds support for 1081.Xr pf 4 1082into the kernel, otherwise the 1083kernel module will be loaded. 1084.It Va pf_rules 1085.Pq Vt str 1086Path to 1087.Xr pf 4 1088ruleset configuration file 1089(default 1090.Pa /etc/pf.conf ) . 1091.It Va pf_program 1092.Pq Vt str 1093Path to 1094.Xr pfctl 8 1095(default 1096.Pa /sbin/pfctl ) . 1097.It Va pf_flags 1098.Pq Vt str 1099If 1100.Va pf_enable 1101is set to 1102.Dq Li YES , 1103these flags are passed to the 1104.Xr pfctl 8 1105program when loading the ruleset. 1106.It Va pf_fallback_rules_enable 1107.Pq Vt bool 1108Set to 1109.Dq Li NO 1110by default. 1111Setting this to 1112.Dq Li YES 1113enables loading 1114.Va pf_fallback_rules_file 1115or 1116.Va pf_fallback_rules 1117in case of a problem when loading the ruleset in 1118.Va pf_rules . 1119.It Va pf_fallback_rules_file 1120.Pq Vt str 1121Path to a pf ruleset to load in case of failure when loading the 1122ruleset in 1123.Va pf_rules 1124(default 1125.Pa /etc/pf-fallback.conf ) . 1126.It Va pf_fallback_rules 1127.Pq Vt str 1128A pf ruleset to load in case of failure when loading the ruleset in 1129.Va pf_rules 1130and 1131.Va pf_fallback_rules_file 1132is not found. 1133Multiple rules can be set as follows: 1134.Bd -literal 1135pf_fallback_rules="\\ 1136 block drop log all\\ 1137 pass in quick on em0" 1138.Pp 1139.Ed 1140The default fallback rule is 1141.Dq block drop log all 1142.It Va pflog_enable 1143.Pq Vt bool 1144Set to 1145.Dq Li NO 1146by default. 1147Setting this to 1148.Dq Li YES 1149enables 1150.Xr pflogd 8 1151which logs packets from the 1152.Xr pf 4 1153packet filter. 1154.It Va pflog_logfile 1155.Pq Vt str 1156If 1157.Va pflog_enable 1158is set to 1159.Dq Li YES 1160this controls where 1161.Xr pflogd 8 1162stores the logfile 1163(default 1164.Pa /var/log/pflog ) . 1165Check 1166.Pa /etc/newsyslog.conf 1167to adjust logfile rotation for this. 1168.It Va pflog_program 1169.Pq Vt str 1170Path to 1171.Xr pflogd 8 1172(default 1173.Pa /sbin/pflogd ) . 1174.It Va pflog_flags 1175.Pq Vt str 1176Empty by default. 1177This variable contains additional flags passed to the 1178.Xr pflogd 8 1179program. 1180.It Va pflog_instances 1181.Pq Vt str 1182If logging to more than one 1183.Xr pflog 4 1184interface is desired, 1185.Va pflog_instances 1186is set to the list of 1187.Xr pflogd 8 1188instances that should be started at system boot time. 1189If 1190.Va pflog_instances 1191is set, for each whitespace-separated 1192.Ar element 1193in the list, 1194.Ao Ar element Ac Ns Va _dev 1195and 1196.Ao Ar element Ac Ns Va _logfile 1197elements are assumed to exist. 1198.Ao Ar element Ac Ns Va _dev 1199must contain the 1200.Xr pflog 4 1201interface to be watched by the named 1202.Xr pflogd 8 1203instance. 1204.Ao Ar element Ac Ns Va _logfile 1205must contain the name of the logfile that will be used by the 1206.Xr pflogd 8 1207instance. 1208.It Va ftpproxy_enable 1209.Pq Vt bool 1210Set to 1211.Dq Li NO 1212by default. 1213Setting this to 1214.Dq Li YES 1215enables 1216.Xr ftp-proxy 8 1217which supports the 1218.Xr pf 4 1219packet filter in translating ftp connections. 1220.It Va ftpproxy_flags 1221.Pq Vt str 1222Empty by default. 1223This variable contains additional flags passed to the 1224.Xr ftp-proxy 8 1225program. 1226.It Va ftpproxy_instances 1227.Pq Vt str 1228Empty by default. 1229If multiple instances of 1230.Xr ftp-proxy 8 1231are desired at boot time, 1232.Va ftpproxy_instances 1233should contain a whitespace-separated list of instance names. 1234For each 1235.Ar element 1236in the list, a variable named 1237.Ao Ar element Ac Ns Va _flags 1238should be defined, containing the command-line flags to be passed to the 1239.Xr ftp-proxy 8 1240instance. 1241.It Va pfsync_enable 1242.Pq Vt bool 1243Set to 1244.Dq Li NO 1245by default. 1246Setting this to 1247.Dq Li YES 1248enables exposing 1249.Xr pf 4 1250state changes to other hosts over the network by means of 1251.Xr pfsync 4 . 1252The 1253.Va pfsync_syncdev 1254variable 1255must also be set then. 1256.It Va pfsync_syncdev 1257.Pq Vt str 1258Empty by default. 1259This variable specifies the name of the network interface 1260.Xr pfsync 4 1261should operate through. 1262It must be set accordingly if 1263.Va pfsync_enable 1264is set to 1265.Dq Li YES . 1266.It Va pfsync_syncpeer 1267.Pq Vt str 1268Empty by default. 1269This variable is optional. 1270By default, state change messages are sent out on the synchronisation 1271interface using IP multicast packets. 1272The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1273224.0.0.240. 1274When a peer address is specified using the 1275.Va pfsync_syncpeer 1276option, the peer address is used as a destination for the pfsync 1277traffic, and the traffic can then be protected using 1278.Xr ipsec 4 . 1279See the 1280.Xr pfsync 4 1281manpage for more details about using 1282.Xr ipsec 4 1283with 1284.Xr pfsync 4 1285interfaces. 1286.It Va pfsync_ifconfig 1287.Pq Vt str 1288Empty by default. 1289This variable can contain additional options to be passed to the 1290.Xr ifconfig 8 1291command used to set up 1292.Xr pfsync 4 . 1293.It Va tcp_extensions 1294.Pq Vt bool 1295Set to 1296.Dq Li YES 1297by default. 1298Setting this to 1299.Dq Li NO 1300disables certain TCP options as described by 1301.Rs 1302.%T "RFC 1323" 1303.Re 1304Setting this to 1305.Dq Li NO 1306might help remedy such problems with connections as randomly hanging 1307or other weird behavior. 1308Some network devices are known 1309to be broken with respect to these options. 1310.It Va log_in_vain 1311.Pq Vt int 1312Set to 0 by default. 1313The 1314.Xr sysctl 8 1315variables, 1316.Va net.inet.tcp.log_in_vain 1317and 1318.Va net.inet.udp.log_in_vain , 1319as described in 1320.Xr tcp 4 1321and 1322.Xr udp 4 , 1323are set to the given value. 1324.It Va tcp_keepalive 1325.Pq Vt bool 1326Set to 1327.Dq Li YES 1328by default. 1329Setting to 1330.Dq Li NO 1331will disable probing idle TCP connections to verify that the 1332peer is still up and reachable. 1333.It Va tcp_drop_synfin 1334.Pq Vt bool 1335Set to 1336.Dq Li NO 1337by default. 1338Setting to 1339.Dq Li YES 1340will cause the kernel to ignore TCP frames that have both 1341the SYN and FIN flags set. 1342This prevents OS fingerprinting, but may 1343break some legitimate applications. 1344.It Va icmp_drop_redirect 1345.Pq Vt bool 1346Set to 1347.Dq Li AUTO 1348by default. 1349This setting will be identical to 1350.Dq Li YES , 1351if a dynamic routing daemon is enabled, because redirect processing may 1352cause performance issues for large routing tables. 1353If no such service is enabled, this setting behaves like a 1354.Dq Li NO . 1355Setting to 1356.Dq Li YES 1357will cause the kernel to ignore ICMP REDIRECT packets. 1358Setting to 1359.Dq Li NO 1360will cause the kernel to process ICMP REDIRECT packets. 1361Refer to 1362.Xr icmp 4 1363for more information. 1364.It Va icmp_log_redirect 1365.Pq Vt bool 1366Set to 1367.Dq Li NO 1368by default. 1369Setting to 1370.Dq Li YES 1371will cause the kernel to log ICMP REDIRECT packets. 1372Note that 1373the log messages are not rate-limited, so this option should only be used 1374for troubleshooting networks. 1375Refer to 1376.Xr icmp 4 1377for more information. 1378.It Va icmp_bmcastecho 1379.Pq Vt bool 1380Set to 1381.Dq Li YES 1382to respond to broadcast or multicast ICMP ping packets. 1383Refer to 1384.Xr icmp 4 1385for more information. 1386.It Va ip_portrange_first 1387.Pq Vt int 1388If not set to 1389.Dq Li NO , 1390this is the first port in the default portrange. 1391Refer to 1392.Xr ip 4 1393for more information. 1394.It Va ip_portrange_last 1395.Pq Vt int 1396If not set to 1397.Dq Li NO , 1398this is the last port in the default portrange. 1399Refer to 1400.Xr ip 4 1401for more information. 1402.It Va network_interfaces 1403.Pq Vt str 1404Set to the list of network interfaces to configure on this host or 1405.Dq Li AUTO 1406(the default) for all current interfaces. 1407Setting the 1408.Va network_interfaces 1409variable to anything other than the default is deprecated. 1410Interfaces that the administrator wishes to store configuration for, 1411but not start at boot should be configured with the 1412.Dq Li NOAUTO 1413keyword in their 1414.Va ifconfig_ Ns Aq Ar interface 1415variables as described below. 1416.Pp 1417An 1418.Va ifconfig_ Ns Aq Ar interface 1419variable is assumed to exist for each value of 1420.Ar interface . 1421When an interface name contains any of the characters 1422.Dq Li .-/+ 1423they are translated to 1424.Dq Li _ 1425before lookup. 1426For example, the interface 1427.Va em0.102 1428would be configured using the variable 1429.Va ifconfig_em0_102 . 1430.Pp 1431The variable can contain arguments to 1432.Xr ifconfig 8 , 1433as well as special case-insensitive keywords described below. 1434Such keywords are removed before passing the value to 1435.Xr ifconfig 8 1436while the order of the other arguments is preserved. 1437.Pp 1438For example, to assign the IPv4 address 192.0.2.1/24 to the interface em0: 1439.Bd -literal 1440ifconfig_em0="inet 192.0.2.1/24 up" 1441.Ed 1442.Pp 1443If the variable 1444.Va ifconfig_ Ns Ao Ar interface Ac Ns Pa _ipv6 1445is set, then 1446.Va ifconfig_ Ns Aq Ar interface 1447does not need to be set unless an IPv4 address should also be assigned to 1448the interface. 1449.Pp 1450It is possible to add IP alias entries using 1451.Xr ifconfig 8 1452syntax with the address family keyword such as 1453.Li inet . 1454Assuming that the interface in question was 1455.Li em0 , 1456it might look something like this: 1457.Bd -literal 1458ifconfig_em0_alias0="inet 127.0.0.253/32" 1459ifconfig_em0_alias1="inet 127.0.0.254/32" 1460.Ed 1461.Pp 1462It also possible to configure multiple IP addresses in Classless 1463Inter-Domain Routing 1464.Pq CIDR 1465address notation, 1466whose each address component can be a range like 1467.Li inet 192.0.2.5-23/24 1468or 1469.Li inet6 2001:db8:1-f::1/64 . 1470This notation allows address and prefix length part only, 1471not the other address modifiers. 1472Note that the maximum number of the generated addresses from a range 1473specification is limited to an integer value specified in 1474.Va netif_ipexpand_max 1475in 1476.Nm 1477because a small typo can unexpectedly generate a large number of addresses. 1478The default value is 1479.Li 2048 . 1480It can be increased by adding the following line into 1481.Nm : 1482.Bd -literal 1483netif_ipexpand_max="4096" 1484.Ed 1485.Pp 1486In the case of 1487.Li 192.0.2.5-23/24 , 1488the address 192.0.2.5 will be configured with the prefix length /24 and the 1489addresses 192.0.2.6 to 192.0.2.23 with the non-conflicting prefix length /32 as 1490explained in the 1491.Xr ifconfig 8 1492alias section. 1493Note that this special CIDR handling is only for 1494.Li inet , 1495not for the other address families such as 1496.Li inet6 . 1497.Pp 1498With the interface in question being 1499.Li em0 , 1500an example could look like: 1501.Bd -literal 1502ifconfig_em0_alias2="inet 192.0.2.129/27" 1503ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1504.Ed 1505.Pp 1506and so on. 1507.Pp 1508Note that deprecated 1509.Va ipv4_addrs_ Ns Aq Ar interface 1510variable was supported for IPv4 CIDR address notation. 1511The 1512.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1513variable replaces it, though 1514.Va ipv4_addrs_ Ns Aq Ar interface 1515is still supported for backward compatibility. 1516.Pp 1517For each 1518.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1519entry with an address family keyword, 1520its contents are passed to 1521.Xr ifconfig 8 . 1522Execution stops at the first unsuccessful access, so if 1523something like this is present: 1524.Bd -literal 1525ifconfig_em0_alias0="inet 127.0.0.251/32" 1526ifconfig_em0_alias1="inet 127.0.0.252/32" 1527ifconfig_em0_alias2="inet 127.0.0.253/32" 1528ifconfig_em0_alias4="inet 127.0.0.254/32" 1529.Ed 1530.Pp 1531Then note that alias4 would 1532.Em not 1533be added since the search would 1534stop with the missing 1535.Dq Li alias3 1536entry. 1537Because of this difficult to manage behavior, 1538there is 1539.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1540variable, which has the same functionality as 1541.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1542and can have all of the entries in a variable like the following: 1543.Bd -literal 1544ifconfig_em0_aliases="\\ 1545 inet 127.0.0.251/32 \\ 1546 inet 127.0.0.252/32 \\ 1547 inet 127.0.0.253/32 \\ 1548 inet 127.0.0.254/32" 1549.Ed 1550.Pp 1551It also supports netmask notation for backward compatibility. 1552.Pp 1553If the 1554.Pa /etc/start_if . Ns Aq Ar interface 1555file is present, it is read and executed by the 1556.Xr sh 1 1557interpreter 1558before configuring the interface as specified in the 1559.Va ifconfig_ Ns Aq Ar interface 1560and 1561.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1562variables. 1563.Pp 1564If a 1565.Va vlans_ Ns Aq Ar interface 1566variable is set, 1567a 1568.Xr vlan 4 1569interface will be created for each item in the list with the 1570.Ar vlandev 1571argument set to 1572.Ar interface . 1573If a vlan interface's name is a number, 1574then that number is used as the vlan tag and the new vlan interface is 1575named 1576.Ar interface . Ns Ar tag . 1577Otherwise, 1578the vlan tag must be specified via a 1579.Va vlan 1580parameter in the 1581.Va create_args_ Ns Aq Ar interface 1582variable. 1583.Pp 1584To create a vlan device named 1585.Li em0.101 1586on 1587.Li em0 1588with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24: 1589.Bd -literal 1590vlans_em0="101" 1591ifconfig_em0_101="inet 192.0.2.1/24" 1592.Ed 1593.Pp 1594To create a vlan device named 1595.Li myvlan 1596on 1597.Li em0 1598with the vlan tag 102: 1599.Bd -literal 1600vlans_em0="myvlan" 1601create_args_myvlan="vlan 102" 1602.Ed 1603.Pp 1604If a 1605.Va wlans_ Ns Aq Ar interface 1606variable is set, 1607an 1608.Xr wlan 4 1609interface will be created for each item in the list with the 1610.Ar wlandev 1611argument set to 1612.Ar interface . 1613Further wlan cloning arguments may be passed to the 1614.Xr ifconfig 8 1615.Cm create 1616command by setting the 1617.Va create_args_ Ns Aq Ar interface 1618variable. 1619One or more 1620.Xr wlan 4 1621devices must be created for each wireless device as of 1622.Fx 8.0 . 1623Debugging flags for 1624.Xr wlan 4 1625devices as set by 1626.Xr wlandebug 8 1627may be specified with an 1628.Va wlandebug_ Ns Aq Ar interface 1629variable. 1630The contents of this variable will be passed directly to 1631.Xr wlandebug 8 . 1632.Pp 1633If the 1634.Va ifconfig_ Ns Aq Ar interface 1635contains the keyword 1636.Dq Li NOAUTO 1637then the interface will not be configured 1638at boot or by 1639.Pa /etc/pccard_ether 1640when 1641.Va network_interfaces 1642is set to 1643.Dq Li AUTO . 1644.Pp 1645It is possible to bring up an interface with DHCP by adding 1646.Dq Li DHCP 1647to the 1648.Va ifconfig_ Ns Aq Ar interface 1649variable. 1650For instance, to initialize the 1651.Li em0 1652device via DHCP, 1653it is possible to use something like: 1654.Bd -literal 1655ifconfig_em0="DHCP" 1656.Ed 1657.Pp 1658If you want to configure your wireless interface with 1659.Xr wpa_supplicant 8 1660for use with WPA, EAP/LEAP or WEP, you need to add 1661.Dq Li WPA 1662to the 1663.Va ifconfig_ Ns Aq Ar interface 1664variable. 1665.Pp 1666On the other hand, if you want to configure your wireless interface with 1667.Xr hostapd 8 , 1668you need to add 1669.Dq Li HOSTAP 1670to the 1671.Va ifconfig_ Ns Aq Ar interface 1672variable. 1673.Xr hostapd 8 1674will use the settings from 1675.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1676.Pp 1677Finally, you can add 1678.Xr ifconfig 8 1679options in this variable, in addition to the 1680.Pa /etc/start_if . Ns Aq Ar interface 1681file. 1682For instance, to configure an 1683.Xr ath 4 1684wireless device in station mode with an address obtained 1685via DHCP, using WPA authentication and 802.11b mode, it is 1686possible to use something like: 1687.Bd -literal 1688wlans_ath0="wlan0" 1689ifconfig_wlan0="DHCP WPA mode 11b" 1690.Ed 1691.Pp 1692In addition to the 1693.Va ifconfig_ Ns Aq Ar interface 1694form, a fallback variable 1695.Va ifconfig_DEFAULT 1696may be configured. 1697It will be used for all interfaces with no 1698.Va ifconfig_ Ns Aq Ar interface 1699variable. 1700.Pp 1701It is also possible to rename an interface by doing: 1702.Bd -literal 1703ifconfig_em0_name="net0" 1704ifconfig_net0="inet 192.0.2.1/24" 1705.Ed 1706.It Va ipv6_enable 1707.Pq Vt bool 1708This variable is deprecated. 1709Use 1710.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1711and 1712.Va ipv6_activate_all_interfaces 1713if necessary. 1714.Pp 1715If the variable is 1716.Dq Li YES , 1717.Dq Li inet6 accept_rtadv 1718is added to all of 1719.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1720and the 1721.Va ipv6_activate_all_interfaces 1722is defined as 1723.Dq Li YES . 1724.It Va ipv6_prefer 1725.Pq Vt bool 1726This variable is deprecated. 1727Use 1728.Va ip6addrctl_policy 1729instead. 1730.Pp 1731If the variable is 1732.Dq Li YES , 1733the default address selection policy table set by 1734.Xr ip6addrctl 8 1735will be IPv6-preferred. 1736.Pp 1737If the variable is 1738.Dq Li NO , 1739the default address selection policy table set by 1740.Xr ip6addrctl 8 1741will be IPv4-preferred. 1742.It Va ipv6_activate_all_interfaces 1743.Pq Vt bool 1744This controls initial configuration on IPv6-capable 1745interfaces with no corresponding 1746.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1747variable. 1748Note that it is not always necessary to set this variable to 1749.Dq YES 1750to use IPv6 functionality on 1751.Fx . 1752In most cases, just configuring 1753.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1754variables works. 1755.Pp 1756If the variable is 1757.Dq Li NO , 1758all interfaces which do not have a corresponding 1759.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1760variable will be marked as 1761.Dq Li IFDISABLED 1762at creation. 1763This means that all IPv6 functionality on that interface 1764is completely disabled to enforce a security policy. 1765If the variable is set to 1766.Dq YES , 1767the flag will be cleared on all of the interfaces. 1768.Pp 1769In most cases, just defining an 1770.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1771for an IPv6-capable interface should be sufficient. 1772However, if an interface is added dynamically 1773.Pq by some tunneling protocols such as PPP, for example , 1774it is often difficult to define the variable in advance. 1775In such a case, configuring the 1776.Dq Li IFDISABLED 1777flag can be disabled by setting this variable to 1778.Dq YES . 1779.Pp 1780For more details of the 1781.Dq Li IFDISABLED 1782flag and keywords 1783.Dq Li inet6 ifdisabled , 1784see 1785.Xr ifconfig 8 . 1786.Pp 1787Default is 1788.Dq Li NO . 1789.It Va ipv6_privacy 1790.Pq Vt bool 1791If the variable is 1792.Dq Li YES 1793privacy addresses will be generated for each IPv6 1794interface as described in RFC 4941. 1795.It Va ipv6_network_interfaces 1796.Pq Vt str 1797This is the IPv6 equivalent of 1798.Va network_interfaces . 1799Normally manual configuration of this variable is not needed. 1800.It Va ipv6_cpe_wanif 1801.Pq Vt str 1802If the variable is set to an interface name, 1803the 1804.Xr ifconfig 8 1805options 1806.Dq inet6 -no_radr accept_rtadv 1807will be added to the specified interface automatically before evaluating 1808.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1809and two 1810.Xr sysctl 8 1811variables 1812.Va net.inet6.ip6.rfc6204w3 1813and 1814.Va net.inet6.ip6.no_radr 1815will be set to 1. 1816.Pp 1817This means the specified interface will accept ICMPv6 Router 1818Advertisement messages on that link and add the discovered 1819routers into the Default Router List. 1820While the other interfaces can still accept RA messages if the 1821.Dq inet6 accept_rtadv 1822option is specified, adding 1823routes into the Default Router List will be disabled by 1824.Dq inet6 no_radr 1825option by default. 1826See 1827.Xr ifconfig 8 1828for more details. 1829.Pp 1830Note that ICMPv6 Router Advertisement messages will be 1831accepted even when 1832.Va net.inet6.ip6.forwarding 1833is 1 1834.Pq packet forwarding is enabled 1835when 1836.Va net.inet6.ip6.rfc6204w3 1837is set to 1. 1838.Pp 1839Default is 1840.Dq Li NO . 1841.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1842.Pq Vt str 1843This assigns arbitrary description to an interface. 1844The 1845.Xr sysctl 8 1846variable 1847.Va net.ifdescr_maxlen 1848limits its length. 1849This static setting may be overridden by commands 1850started with dynamic interface configuration utilities 1851like 1852.Xr dhclient 8 1853hooks. 1854The description can be seen with 1855.Xr ifconfig 8 1856command and it may be exported with 1857.Xr bsnmpd 1 1858daemon using its MIB-2 module. 1859.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1860.Pq Vt str 1861IPv6 functionality on an interface should be configured by 1862.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1863instead of setting ifconfig parameters in 1864.Va ifconfig_ Ns Aq Ar interface . 1865If this variable is empty, all IPv6 configurations on the 1866specified interface by other variables such as 1867.Va ipv6_prefix_ Ns Ao Ar interface Ac 1868will be ignored. 1869.Pp 1870Aliases should be set by 1871.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1872with 1873.Dq Li inet6 1874keyword. 1875For example: 1876.Bd -literal 1877ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1878ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1879.Ed 1880.Pp 1881Interfaces that have an 1882.Dq Li inet6 accept_rtadv 1883keyword in 1884.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1885setting will be automatically configured by SLAAC 1886.Pq StateLess Address AutoConfiguration 1887described in 1888.Rs 1889.%T "RFC 4862" 1890.Re 1891.Pp 1892Note that a link-local address will be automatically configured in 1893addition to the configured global-scope addresses because the IPv6 1894specifications require it on each link. 1895The address is calculated from the MAC address by using an algorithm 1896defined in 1897.Rs 1898.%T "RFC 4862" 1899.%O "Section 5.3" 1900.Re 1901.Pp 1902If only a link-local address is needed on the interface, 1903the following configuration can be used: 1904.Bd -literal 1905ifconfig_em0_ipv6="inet6 auto_linklocal" 1906.Ed 1907.Pp 1908A link-local address can also be configured manually. 1909This is useful for the default router address of an IPv6 router 1910so that it does not change when the network interface 1911card is replaced. 1912For example: 1913.Bd -literal 1914ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1915.Ed 1916.It Va ipv6_prefix_ Ns Aq Ar interface 1917.Pq Vt str 1918If one or more prefixes are defined in 1919.Va ipv6_prefix_ Ns Aq Ar interface 1920addresses based on each prefix and the EUI-64 interface index will be 1921configured on that interface. 1922Note that this variable will be ignored when 1923.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1924is empty. 1925.Pp 1926For example, the following configuration 1927.Bd -literal 1928ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1929.Ed 1930.Pp 1931is equivalent to the following: 1932.Bd -literal 1933ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1934ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1935ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1936ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1937.Ed 1938.Pp 1939These Subnet-Router anycast addresses will be added only when 1940.Va ipv6_gateway_enable 1941is YES. 1942.It Va ipv6_default_interface 1943.Pq Vt str 1944If not set to 1945.Dq Li NO , 1946this is the default output interface for scoped addresses. 1947This works only with ipv6_gateway_enable="NO". 1948.It Va ip6addrctl_enable 1949.Pq Vt bool 1950This variable is to enable configuring default address selection policy table 1951.Pq RFC 3484 . 1952The table can be specified in another variable 1953.Va ip6addrctl_policy . 1954For 1955.Va ip6addrctl_policy 1956the following keywords can be specified: 1957.Dq Li ipv4_prefer , 1958.Dq Li ipv6_prefer , 1959or 1960.Dq Li AUTO . 1961.Pp 1962If 1963.Dq Li ipv4_prefer 1964or 1965.Dq Li ipv6_prefer 1966is specified, 1967.Xr ip6addrctl 8 1968installs a pre-defined policy table described in Section 10.3 1969.Pq IPv4-preferred 1970or 2.1 1971.Pq IPv6-preferred 1972of RFC 3484. 1973.Pp 1974If 1975.Dq Li AUTO 1976is specified, it attempts to read a file 1977.Pa /etc/ip6addrctl.conf 1978first. 1979If this file is found, 1980.Xr ip6addrctl 8 1981reads and installs it. 1982If not found, a policy is automatically set 1983according to 1984.Va ipv6_activate_all_interfaces 1985variable; if the variable is set to 1986.Dq Li YES 1987the IPv6-preferred one is used. 1988Otherwise IPv4-preferred. 1989.Pp 1990The default value of 1991.Va ip6addrctl_enable 1992and 1993.Va ip6addrctl_policy 1994are 1995.Dq Li YES 1996and 1997.Dq Li AUTO , 1998respectively. 1999.It Va cloned_interfaces 2000.Pq Vt str 2001Set to the list of clonable network interfaces to create on this host. 2002Further cloning arguments may be passed to the 2003.Xr ifconfig 8 2004.Cm create 2005command for each interface by setting the 2006.Va create_args_ Ns Aq Ar interface 2007variable. 2008If an interface name is specified with 2009.Dq :sticky 2010keyword, 2011the interface will not be destroyed even when 2012.Pa rc.d/netif 2013script is invoked with 2014.Dq stop 2015argument. 2016This is useful when reconfiguring the interface without destroying it. 2017Entries in 2018.Va cloned_interfaces 2019are automatically appended to 2020.Va network_interfaces 2021for configuration. 2022.It Va cloned_interfaces_sticky 2023.Pq Vt bool 2024This variable is to globally enable functionality of 2025.Dq :sticky 2026keyword in 2027.Va cloned_interfaces 2028for all interfaces. 2029The default value is 2030.Dq NO . 2031Even if this variable is specified to 2032.Dq YES , 2033.Dq :nosticky 2034keyword can be used to override it on per interface basis. 2035.It Va gif_interfaces 2036Set to the list of 2037.Xr gif 4 2038tunnel interfaces to configure on this host. 2039A 2040.Va gifconfig_ Ns Aq Ar interface 2041variable is assumed to exist for each value of 2042.Ar interface . 2043The value of this variable is used to configure the link layer of the 2044tunnel using the 2045.Cm tunnel 2046option to 2047.Xr ifconfig 8 . 2048Additionally, this option ensures that each listed interface is created 2049via the 2050.Cm create 2051option to 2052.Xr ifconfig 8 2053before attempting to configure it. 2054.Pp 2055For example, configure two 2056.Xr gif 4 2057interfaces with: 2058.Bd -literal 2059gif_interfaces="gif0 gif1" 2060gifconfig_gif0="100.64.0.1 100.64.0.2" 2061ifconfig_gif0="inet 10.0.0.1/30 10.0.0.2" 2062gifconfig_gif1="inet6 2a00::1 2a01::1" 2063ifconfig_gif1="inet 10.1.0.1/30 10.1.0.2" 2064.Ed 2065.It Va ppp_enable 2066.Pq Vt bool 2067If set to 2068.Dq Li YES , 2069run the 2070.Xr ppp 8 2071daemon. 2072.It Va ppp_profile 2073.Pq Vt str 2074The name of the profile to use from 2075.Pa /etc/ppp/ppp.conf . 2076Also used for per-profile overrides of 2077.Va ppp_mode 2078and 2079.Va ppp_nat , 2080and 2081.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 2082When the profile name contains any of the characters 2083.Dq Li .-/+ 2084they are translated to 2085.Dq Li _ 2086for the proposes of the override variable names. 2087.It Va ppp_mode 2088.Pq Vt str 2089Mode in which to run the 2090.Xr ppp 8 2091daemon. 2092.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2093.Pq Vt str 2094Overrides the global 2095.Va ppp_mode 2096for 2097.Ar profile . 2098Accepted modes are 2099.Dq Li auto , 2100.Dq Li ddial , 2101.Dq Li direct 2102and 2103.Dq Li dedicated . 2104See the manual for a full description. 2105.It Va ppp_nat 2106.Pq Vt bool 2107If set to 2108.Dq Li YES , 2109enables network address translation. 2110Used in conjunction with 2111.Va gateway_enable 2112allows hosts on private network addresses access to the Internet using 2113this host as a network address translating router. 2114Default is 2115.Dq Li YES . 2116.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2117.Pq Vt str 2118Overrides the global 2119.Va ppp_nat 2120for 2121.Ar profile . 2122.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2123.Pq Vt int 2124Set the unit number to be used for this profile. 2125See the manual description of 2126.Fl unit Ns Ar N 2127for details. 2128.It Va ppp_user 2129.Pq Vt str 2130The name of the user under which 2131.Xr ppp 8 2132should be started. 2133By 2134default, 2135.Xr ppp 8 2136is started as 2137.Dq Li root . 2138.It Va rc_conf_files 2139.Pq Vt str 2140This option is used to specify a list of files that will override 2141the settings in 2142.Pa /etc/defaults/rc.conf . 2143The files will be read in the order in which they are specified and should 2144include the full path to the file. 2145By default, the files specified are 2146.Pa /etc/rc.conf 2147and 2148.Pa /etc/rc.conf.local . 2149.It Va zfs_enable 2150.Pq Vt bool 2151If set to 2152.Dq Li YES , 2153.Pa /etc/rc.d/zfs 2154will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2155(ZVOLs). 2156.It Va zpool_reguid 2157.Pq Vt str 2158A space-separated list of ZFS pool names for which new pool GUIDs should be 2159assigned upon first boot. 2160This is useful when using a ZFS pool copied from a template, such as a virtual 2161machine image. 2162.It Va zpool_upgrade 2163.Pq Vt str 2164A space-separated list of ZFS pool names for which the version should be 2165upgraded upon first boot. 2166This is useful when using a ZFS pool generated by the 2167.Xr makefs 8 2168utility. 2169.It Va gptboot_enable 2170.Pq Vt bool 2171If set to 2172.Dq Li YES , 2173.Pa /etc/rc.d/gptboot 2174will log if the system successfully (or not) booted from a GPT partition, 2175which had the 2176.Ar bootonce 2177attribute set using 2178.Xr gpart 8 2179utility. 2180.It Va geli_devices 2181.Pq Vt str 2182List of devices to automatically attach on boot. 2183Note that .eli devices from 2184.Pa /etc/fstab 2185are automatically appended to this list. 2186.It Va geli_groups 2187.Pq Vt str 2188List of groups containing devices to automatically attach on boot with the same 2189keyfiles and passphrase. 2190This must be accompanied with a corresponding 2191.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2192variable. 2193.It Va geli_tries 2194.Pq Vt int 2195Number of times user is asked for the pass-phrase. 2196If empty, it will be taken from 2197.Va kern.geom.eli.tries 2198sysctl variable. 2199.It Va geli_default_flags 2200.Pq Vt str 2201Default flags to use by 2202.Xr geli 8 2203when configuring disk encryption. 2204Flags can be configured for every device separately by defining the 2205.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2206variable, and for every group separately by defining the 2207.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2208variable. 2209.It Va geli_autodetach 2210.Pq Vt str 2211Specifies if GELI devices should be marked for detach on last close after 2212file systems are mounted. 2213Default is 2214.Dq Li YES . 2215This can be changed for every device separately by defining the 2216.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2217variable. 2218.It Va root_rw_mount 2219.Pq Vt bool 2220Set to 2221.Dq Li YES 2222by default. 2223After the file systems are checked at boot time, the root file system 2224is remounted as read-write if this is set to 2225.Dq Li YES . 2226Diskless systems that mount their root file system from a read-only remote 2227NFS share should set this to 2228.Dq Li NO 2229in their 2230.Pa rc.conf . 2231.It Va fsck_y_enable 2232.Pq Vt bool 2233If set to 2234.Dq Li YES , 2235.Xr fsck 8 2236will be run with the 2237.Fl y 2238flag if the initial preen 2239of the file systems fails. 2240.It Va background_fsck 2241.Pq Vt bool 2242If set to 2243.Dq Li NO , 2244the system will not attempt to run 2245.Xr fsck 8 2246in the background where possible. 2247.It Va background_fsck_delay 2248.Pq Vt int 2249The amount of time in seconds to sleep before starting a background 2250.Xr fsck 8 . 2251It defaults to sixty seconds to allow large applications such as 2252the X server to start before disk I/O bandwidth is monopolized by 2253.Xr fsck 8 . 2254If set to a negative number, the background file system check will be 2255delayed indefinitely to allow the administrator to run it at a more 2256convenient time. 2257For example it may be run from 2258.Xr cron 8 2259by adding a line like 2260.Pp 2261.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2262.Pp 2263to 2264.Pa /etc/crontab . 2265.It Va netfs_types 2266.Pq Vt str 2267List of file system types that are network-based. 2268This list should generally not be modified by end users. 2269Use 2270.Va extra_netfs_types 2271instead. 2272.It Va extra_netfs_types 2273.Pq Vt str 2274If set to something other than 2275.Dq Li NO 2276(the default), 2277this variable extends the list of file system types 2278for which automatic mounting at startup by 2279.Xr rc 8 2280should be delayed until the network is initialized. 2281It should contain 2282a whitespace-separated list of network file system descriptor pairs, 2283each consisting of a file system type as passed to 2284.Xr mount 8 2285and a human-readable, one-word description, 2286joined with a colon 2287.Pq Ql \&: . 2288Extending the default list in this way is only necessary 2289when third party file system types are used. 2290.It Va syslogd_enable 2291.Pq Vt bool 2292If set to 2293.Dq Li YES , 2294run the 2295.Xr syslogd 8 2296daemon. 2297Note, the 2298.Va syslogd_oomprotect 2299variable is set to 2300.Dq Li YES 2301by default in 2302.Pa /etc/defaults/rc.conf . 2303.It Va syslogd_program 2304.Pq Vt str 2305Path to 2306.Xr syslogd 8 2307(default 2308.Pa /usr/sbin/syslogd ) . 2309.It Va syslogd_flags 2310.Pq Vt str 2311If 2312.Va syslogd_enable 2313is set to 2314.Dq Li YES , 2315these are the flags to pass to 2316.Xr syslogd 8 . 2317.It Va inetd_enable 2318.Pq Vt bool 2319If set to 2320.Dq Li YES , 2321run the 2322.Xr inetd 8 2323daemon. 2324.It Va inetd_program 2325.Pq Vt str 2326Path to 2327.Xr inetd 8 2328(default 2329.Pa /usr/sbin/inetd ) . 2330.It Va inetd_flags 2331.Pq Vt str 2332If 2333.Va inetd_enable 2334is set to 2335.Dq Li YES , 2336these are the flags to pass to 2337.Xr inetd 8 . 2338.It Va hastd_enable 2339.Pq Vt bool 2340If set to 2341.Dq Li YES , 2342run the 2343.Xr hastd 8 2344daemon. 2345.It Va hastd_program 2346.Pq Vt str 2347Path to 2348.Xr hastd 8 2349(default 2350.Pa /sbin/hastd ) . 2351.It Va hastd_flags 2352.Pq Vt str 2353If 2354.Va hastd_enable 2355is set to 2356.Dq Li YES , 2357these are the flags to pass to 2358.Xr hastd 8 . 2359.It Va local_unbound_enable 2360.Pq Vt bool 2361If set to 2362.Dq Li YES , 2363run the 2364.Xr unbound 8 2365daemon as a local caching DNS resolver. 2366Note, the 2367.Va local_unbound_oomprotect 2368variable is set to 2369.Dq Li YES 2370by default in 2371.Pa /etc/defaults/rc.conf . 2372.It Va nscd_enable 2373.Pq Vt bool 2374Set to 2375.Dq Li YES 2376to start the 2377.Xr nscd 8 2378caching daemon for the 2379.Nm nsswitch 2380subsystem. 2381.It Va nscd_flags 2382.Pq Vt str 2383If 2384.Va nscd_enable 2385is set to 2386.Dq Li YES , 2387these flags are passed to 2388.Xr nscd 8 . 2389.It Va kdc_enable 2390.Pq Vt bool 2391Set to 2392.Dq Li YES 2393to start a Kerberos 5 authentication server 2394at boot time. 2395.It Va kdc_program 2396.Pq Vt str 2397If 2398.Va kdc_enable 2399is set to 2400.Dq Li YES 2401this is the path to Kerberos 5 Authentication Server. 2402.It Va kdc_flags 2403.Pq Vt str 2404Empty by default. 2405This variable contains additional flags to be passed to the Kerberos 5 2406authentication server. 2407.It Va kadmind_enable 2408.Pq Vt bool 2409Set to 2410.Dq Li YES 2411to start 2412.Xr kadmind 8 , 2413the Kerberos 5 Administration Daemon; set to 2414.Dq Li NO 2415on a slave server. 2416.It Va kadmind_program 2417.Pq Vt str 2418If 2419.Va kadmind_enable 2420is set to 2421.Dq Li YES 2422this is the path to Kerberos 5 Administration Daemon. 2423.It Va kpasswdd_enable 2424.Pq Vt bool 2425Set to 2426.Dq Li YES 2427to start 2428.Xr kpasswdd 8 , 2429the Kerberos 5 Password-Changing Daemon; set to 2430.Dq Li NO 2431on a slave server. 2432.It Va kpasswdd_program 2433.Pq Vt str 2434If 2435.Va kpasswdd_enable 2436is set to 2437.Dq Li YES 2438this is the path to Kerberos 5 Password-Changing Daemon. 2439.It Va kfd_enable 2440.Pq Vt bool 2441Set to 2442.Dq Li YES 2443to start 2444.Xr kfd 8 , 2445the Kerberos 5 ticket forwarding daemon, at the boot time. 2446.It Va kfd_program 2447.Pq Vt str 2448Path to 2449.Xr kfd 8 2450(default 2451.Pa /usr/libexec/kfd ) . 2452.It Va rwhod_enable 2453.Pq Vt bool 2454If set to 2455.Dq Li YES , 2456run the 2457.Xr rwhod 8 2458daemon at boot time. 2459.It Va rwhod_flags 2460.Pq Vt str 2461If 2462.Va rwhod_enable 2463is set to 2464.Dq Li YES , 2465these are the flags to pass to it. 2466.It Va update_motd 2467.Pq Vt bool 2468If set to 2469.Dq Li YES , 2470.Pa /var/run/motd 2471will be updated at boot time to reflect the kernel release 2472being run. 2473If set to 2474.Dq Li NO , 2475.Pa /var/run/motd 2476will not be updated. 2477.It Va nfs_client_enable 2478.Pq Vt bool 2479If set to 2480.Dq Li YES , 2481run the NFS client daemons at boot time. 2482.It Va nfs_access_cache 2483.Pq Vt int 2484If 2485.Va nfs_client_enable 2486is set to 2487.Dq Li YES , 2488this can be set to 2489.Dq Li 0 2490to disable NFS ACCESS RPC caching, or to the number of seconds for which 2491NFS ACCESS 2492results should be cached. 2493A value of 2-10 seconds will substantially reduce network 2494traffic for many NFS operations. 2495.It Va nfs_server_enable 2496.Pq Vt bool 2497If set to 2498.Dq Li YES , 2499run the NFS server daemons at boot time. 2500.It Va nfs_server_flags 2501.Pq Vt str 2502If 2503.Va nfs_server_enable 2504is set to 2505.Dq Li YES , 2506these are the flags to pass to the 2507.Xr nfsd 8 2508daemon. 2509.It Va nfsv4_server_enable 2510.Pq Vt bool 2511If 2512.Va nfs_server_enable 2513is set to 2514.Dq Li YES 2515and 2516.Va nfsv4_server_enable 2517is set to 2518.Dq Li YES , 2519enable the server for NFSv4 as well as NFSv2 and NFSv3. 2520.It Va nfsv4_server_only 2521.Pq Vt bool 2522If 2523.Va nfs_server_enable 2524is set to 2525.Dq Li YES 2526and 2527.Va nfsv4_server_only 2528is set to 2529.Dq Li YES , 2530enable the NFS server for NFSv4 only. 2531.It Va nfs_server_maxio 2532.Pq Vt int 2533value to set vfs.nfsd.srvmaxio to, which is the 2534maximum I/O size for the NFS server. 2535.It Va tlsclntd_enable 2536.Pq Vt bool 2537If set to 2538.Dq Li YES , 2539run the 2540.Xr rpc.tlsclntd 8 2541daemon, which is needed for NFS-over-TLS NFS mounts. 2542.It Va tlsservd_enable 2543.Pq Vt bool 2544If set to 2545.Dq Li YES , 2546run the 2547.Xr rpc.tlsservd 8 2548daemon, which is needed for the 2549.Xr nfsd 8 2550to support NFS-over-TLS NFS mounts. 2551.It Va nfsuserd_enable 2552.Pq Vt bool 2553If 2554.Va nfsuserd_enable 2555is set to 2556.Dq Li YES , 2557run the nfsuserd daemon, which is needed for NFSv4 in order 2558to map between user/group names vs uid/gid numbers. 2559If 2560.Va nfsv4_server_enable 2561is set to 2562.Dq Li YES , 2563this will be forced enabled. 2564.It Va nfsuserd_flags 2565.Pq Vt str 2566If 2567.Va nfsuserd_enable 2568is set to 2569.Dq Li YES , 2570these are the flags to pass to the 2571.Xr nfsuserd 8 2572daemon. 2573.It Va nfscbd_enable 2574.Pq Vt bool 2575If 2576.Va nfscbd_enable 2577is set to 2578.Dq Li YES , 2579run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2580.It Va nfscbd_flags 2581.Pq Vt str 2582If 2583.Va nfscbd_enable 2584is set to 2585.Dq Li YES , 2586these are the flags to pass to the 2587.Xr nfscbd 8 2588daemon. 2589.It Va mountd_enable 2590.Pq Vt bool 2591If set to 2592.Dq Li YES , 2593and no 2594.Va nfs_server_enable 2595is set, start 2596.Xr mountd 8 , 2597but not 2598.Xr nfsd 8 2599daemon. 2600It is commonly needed to run CFS without real NFS used. 2601.It Va mountd_flags 2602.Pq Vt str 2603If 2604.Va mountd_enable 2605is set to 2606.Dq Li YES , 2607these are the flags to pass to the 2608.Xr mountd 8 2609daemon. 2610.It Va weak_mountd_authentication 2611.Pq Vt bool 2612If set to 2613.Dq Li YES , 2614allow services like PCNFSD to make non-privileged mount 2615requests. 2616.It Va nfs_reserved_port_only 2617.Pq Vt bool 2618If set to 2619.Dq Li YES , 2620provide NFS services only on a secure port. 2621.It Va nfs_bufpackets 2622.Pq Vt int 2623If set to a number, indicates the number of packets worth of 2624socket buffer space to reserve on an NFS client. 2625The kernel default is typically 4. 2626Using a higher number may be 2627useful on gigabit networks to improve performance. 2628The minimum value is 26292 and the maximum is 64. 2630.It Va rpc_lockd_enable 2631.Pq Vt bool 2632If set to 2633.Dq Li YES 2634and also an NFS server or client, run 2635.Xr rpc.lockd 8 2636at boot time. 2637.It Va rpc_lockd_flags 2638.Pq Vt str 2639If 2640.Va rpc_lockd_enable 2641is set to 2642.Dq Li YES , 2643these are the flags to pass to the 2644.Xr rpc.lockd 8 2645daemon. 2646.It Va rpc_statd_enable 2647.Pq Vt bool 2648If set to 2649.Dq Li YES 2650and also an NFS server or client, run 2651.Xr rpc.statd 8 2652at boot time. 2653.It Va rpc_statd_flags 2654.Pq Vt str 2655If 2656.Va rpc_statd_enable 2657is set to 2658.Dq Li YES , 2659these are the flags to pass to the 2660.Xr rpc.statd 8 2661daemon. 2662.It Va rpcbind_program 2663.Pq Vt str 2664Path to 2665.Xr rpcbind 8 2666(default 2667.Pa /usr/sbin/rpcbind ) . 2668.It Va rpcbind_enable 2669.Pq Vt bool 2670If set to 2671.Dq Li YES , 2672run the 2673.Xr rpcbind 8 2674service at boot time. 2675.It Va rpcbind_flags 2676.Pq Vt str 2677If 2678.Va rpcbind_enable 2679is set to 2680.Dq Li YES , 2681these are the flags to pass to the 2682.Xr rpcbind 8 2683daemon. 2684.It Va keyserv_enable 2685.Pq Vt bool 2686If set to 2687.Dq Li YES , 2688run the 2689.Xr keyserv 8 2690daemon on boot for running Secure RPC. 2691.It Va keyserv_flags 2692.Pq Vt str 2693If 2694.Va keyserv_enable 2695is set to 2696.Dq Li YES , 2697these are the flags to pass to 2698.Xr keyserv 8 2699daemon. 2700.It Va pppoed_enable 2701.Pq Vt bool 2702If set to 2703.Dq Li YES , 2704run the 2705.Xr pppoed 8 2706daemon at boot time to provide PPP over Ethernet services. 2707.It Va pppoed_ Ns Aq Ar provider 2708.Pq Vt str 2709.Xr pppoed 8 2710listens to requests to this 2711.Ar provider 2712and ultimately runs 2713.Xr ppp 8 2714with a 2715.Ar system 2716argument of the same name. 2717.It Va pppoed_flags 2718.Pq Vt str 2719Additional flags to pass to 2720.Xr pppoed 8 . 2721.It Va pppoed_interface 2722.Pq Vt str 2723The network interface to run 2724.Xr pppoed 8 2725on. 2726This is mandatory when 2727.Va pppoed_enable 2728is set to 2729.Dq Li YES . 2730.It Va ntpdate_enable 2731.Pq Vt bool 2732If set to 2733.Dq Li YES , 2734run 2735.Xr ntpdate 8 2736at system startup. 2737This command is intended to 2738synchronize the system clock only 2739.Em once 2740from some standard reference. 2741.Pp 2742Note that the use of the 2743.Va ntpd_sync_on_start 2744variable is a preferred alternative to the 2745.Xr ntpdate 8 2746utility as 2747.Xr ntpdate 8 2748is to be retired from the NTP distribution. 2749.It Va ntpdate_config 2750.Pq Vt str 2751Configuration file for 2752.Xr ntpdate 8 . 2753Default 2754.Pa /etc/ntp.conf . 2755.It Va ntpdate_hosts 2756.Pq Vt str 2757A whitespace-separated list of NTP servers to synchronize with at startup. 2758The default is to use the servers listed in 2759.Va ntpdate_config , 2760if that file exists. 2761.It Va ntpdate_program 2762.Pq Vt str 2763Path to 2764.Xr ntpdate 8 2765(default 2766.Pa /usr/sbin/ntpdate ) . 2767.It Va ntpdate_flags 2768.Pq Vt str 2769If 2770.Va ntpdate_enable 2771is set to 2772.Dq Li YES , 2773these are the flags to pass to the 2774.Xr ntpdate 8 2775command (typically a hostname). 2776.It Va ntpd_enable 2777.Pq Vt bool 2778If set to 2779.Dq Li YES , 2780run the 2781.Xr ntpd 8 2782command at boot time. 2783.It Va ntpd_program 2784.Pq Vt str 2785Path to 2786.Xr ntpd 8 2787(default 2788.Pa /usr/sbin/ntpd ) . 2789.It Va ntpd_config 2790.Pq Vt str 2791Path to 2792.Xr ntpd 8 2793configuration file. 2794Default 2795.Pa /etc/ntp.conf . 2796.It Va ntpd_flags 2797.Pq Vt str 2798If 2799.Va ntpd_enable 2800is set to 2801.Dq Li YES , 2802these are the flags to pass to the 2803.Xr ntpd 8 2804daemon. 2805.It Va ntpd_sync_on_start 2806.Pq Vt bool 2807If set to 2808.Dq Li YES , 2809.Xr ntpd 8 2810is run with the 2811.Fl g 2812flag, which syncs the system's clock on startup. 2813See 2814.Xr ntpd 8 2815for more information regarding the 2816.Fl g 2817option. 2818This is a preferred alternative to using 2819.Xr ntpdate 8 2820or specifying the 2821.Va ntpdate_enable 2822variable. 2823.It Va nis_client_enable 2824.Pq Vt bool 2825If set to 2826.Dq Li YES , 2827run the 2828.Xr ypbind 8 2829service at system boot time. 2830.It Va nis_client_flags 2831.Pq Vt str 2832If 2833.Va nis_client_enable 2834is set to 2835.Dq Li YES , 2836these are the flags to pass to the 2837.Xr ypbind 8 2838service. 2839.It Va nis_ypldap_enable 2840.Pq Vt bool 2841If set to 2842.Dq Li YES , 2843run the 2844.Xr ypldap 8 2845daemon at system boot time. 2846.It Va nis_ypldap_flags 2847.Pq Vt str 2848If 2849.Va nis.ypldap_enable 2850is set to 2851.Dq Li YES , 2852these are the flags to pass to the 2853.Xr ypldap 8 2854daemon. 2855.It Va nis_ypset_enable 2856.Pq Vt bool 2857If set to 2858.Dq Li YES , 2859run the 2860.Xr ypset 8 2861daemon at system boot time. 2862.It Va nis_ypset_flags 2863.Pq Vt str 2864If 2865.Va nis_ypset_enable 2866is set to 2867.Dq Li YES , 2868these are the flags to pass to the 2869.Xr ypset 8 2870daemon. 2871.It Va nis_server_enable 2872.Pq Vt bool 2873If set to 2874.Dq Li YES , 2875run the 2876.Xr ypserv 8 2877daemon at system boot time. 2878.It Va nis_server_flags 2879.Pq Vt str 2880If 2881.Va nis_server_enable 2882is set to 2883.Dq Li YES , 2884these are the flags to pass to the 2885.Xr ypserv 8 2886daemon. 2887.It Va nis_ypxfrd_enable 2888.Pq Vt bool 2889If set to 2890.Dq Li YES , 2891run the 2892.Xr rpc.ypxfrd 8 2893daemon at system boot time. 2894.It Va nis_ypxfrd_flags 2895.Pq Vt str 2896If 2897.Va nis_ypxfrd_enable 2898is set to 2899.Dq Li YES , 2900these are the flags to pass to the 2901.Xr rpc.ypxfrd 8 2902daemon. 2903.It Va nis_yppasswdd_enable 2904.Pq Vt bool 2905If set to 2906.Dq Li YES , 2907run the 2908.Xr rpc.yppasswdd 8 2909daemon at system boot time. 2910.It Va nis_yppasswdd_flags 2911.Pq Vt str 2912If 2913.Va nis_yppasswdd_enable 2914is set to 2915.Dq Li YES , 2916these are the flags to pass to the 2917.Xr rpc.yppasswdd 8 2918daemon. 2919.It Va rpc_ypupdated_enable 2920.Pq Vt bool 2921If set to 2922.Dq Li YES , 2923run the 2924.Nm rpc.ypupdated 2925daemon at system boot time. 2926.It Va bsnmpd_enable 2927.Pq Vt bool 2928If set to 2929.Dq Li YES , 2930run the 2931.Xr bsnmpd 1 2932daemon at system boot time. 2933Be sure to understand the security implications of running an SNMP daemon 2934on your host. 2935.It Va bsnmpd_flags 2936.Pq Vt str 2937If 2938.Va bsnmpd_enable 2939is set to 2940.Dq Li YES , 2941these are the flags to pass to the 2942.Xr bsnmpd 1 2943daemon. 2944.It Va defaultrouter 2945.Pq Vt str 2946If not set to 2947.Dq Li NO , 2948create a default route to this host name or IP address 2949(use an IP address if this router is also required to get to the 2950name server!). 2951.It Va defaultrouter_fibN 2952.Pq Vt str 2953If not set to 2954.Dq Li NO , 2955create a default route in FIB N to this host name or IP address. 2956.It Va ipv6_defaultrouter 2957.Pq Vt str 2958The IPv6 equivalent of 2959.Va defaultrouter . 2960.It Va ipv6_defaultrouter_fibN 2961.Pq Vt str 2962The IPv6 equivalent of 2963.Va defaultrouter_fibN . 2964.It Va static_arp_pairs 2965.Pq Vt str 2966Set to the list of static ARP pairs that are to be added at system 2967boot time. 2968For each whitespace separated 2969.Ar element 2970in the value, a 2971.Va static_arp_ Ns Aq Ar element 2972variable is assumed to exist whose contents will later be passed to a 2973.Dq Nm arp Cm -S 2974operation. 2975For example 2976.Bd -literal 2977static_arp_pairs="gw" 2978static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2979.Ed 2980.It Va static_ndp_pairs 2981.Pq Vt str 2982Set to the list of static NDP pairs that are to be added at system 2983boot time. 2984For each whitespace separated 2985.Ar element 2986in the value, a 2987.Va static_ndp_ Ns Aq Ar element 2988variable is assumed to exist whose contents will later be passed to a 2989.Dq Nm ndp Cm -s 2990operation. 2991For example 2992.Bd -literal 2993static_ndp_pairs="gw" 2994static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2995.Ed 2996.It Va static_routes 2997.Pq Vt str 2998Set to the list of static routes that are to be added at system 2999boot time. 3000If not set to 3001.Dq Li NO 3002then for each whitespace separated 3003.Ar element 3004in the value, a 3005.Va route_ Ns Aq Ar element 3006variable is assumed to exist 3007whose contents will later be passed to a 3008.Dq Nm route Cm add 3009operation. 3010For example: 3011.Bd -literal 3012static_routes="ext mcast:gif0 gif0local:gif0" 3013route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 3014route_mcast="-net 224.0.0.0/4 -iface gif0" 3015route_gif0local="-host 169.254.1.1 -iface lo0" 3016.Ed 3017.Pp 3018When an 3019.Ar element 3020is in the form of 3021.Li name:ifname , 3022the route is specific to the interface 3023.Li ifname . 3024.It Va ipv6_static_routes 3025.Pq Vt str 3026The IPv6 equivalent of 3027.Va static_routes . 3028If not set to 3029.Dq Li NO 3030then for each whitespace separated 3031.Ar element 3032in the value, a 3033.Va ipv6_route_ Ns Aq Ar element 3034variable is assumed to exist 3035whose contents will later be passed to a 3036.Dq Nm route Cm add Fl inet6 3037operation. 3038.It Va gateway_enable 3039.Pq Vt bool 3040If set to 3041.Dq Li YES , 3042configure host to act as an IP router, e.g.\& to forward packets 3043between interfaces. 3044.It Va ipv6_gateway_enable 3045.Pq Vt bool 3046The IPv6 equivalent of 3047.Va gateway_enable . 3048.It Va routed_enable 3049.Pq Vt bool 3050If set to 3051.Dq Li YES , 3052run a routing daemon of some sort, based on the 3053settings of 3054.Va routed_program 3055and 3056.Va routed_flags . 3057.It Va route6d_enable 3058.Pq Vt bool 3059The IPv6 equivalent of 3060.Va routed_enable . 3061If set to 3062.Dq Li YES , 3063run a routing daemon of some sort, based on the 3064settings of 3065.Va route6d_program 3066and 3067.Va route6d_flags . 3068.It Va routed_program 3069.Pq Vt str 3070If 3071.Va routed_enable 3072is set to 3073.Dq Li YES , 3074this is the name of the routing daemon to use. 3075The default is 3076.Xr routed 8 . 3077.It Va route6d_program 3078.Pq Vt str 3079The IPv6 equivalent of 3080.Va routed_program . 3081The default is 3082.Xr route6d 8 . 3083.It Va routed_flags 3084.Pq Vt str 3085If 3086.Va routed_enable 3087is set to 3088.Dq Li YES , 3089these are the flags to pass to the routing daemon. 3090.It Va route6d_flags 3091.Pq Vt str 3092The IPv6 equivalent of 3093.Va routed_flags . 3094.It Va rtadvd_enable 3095.Pq Vt bool 3096If set to 3097.Dq Li YES , 3098run the 3099.Xr rtadvd 8 3100daemon at boot time. 3101The 3102.Xr rtadvd 8 3103utility sends ICMPv6 Router Advertisement messages to 3104the interfaces specified in 3105.Va rtadvd_interfaces . 3106This should only be enabled with great care. 3107You may want to fine-tune 3108.Xr rtadvd.conf 5 . 3109.It Va rtadvd_interfaces 3110.Pq Vt str 3111If 3112.Va rtadvd_enable 3113is set to 3114.Dq Li YES 3115this is the list of interfaces to use. 3116.It Va arpproxy_all 3117.Pq Vt bool 3118If set to 3119.Dq Li YES , 3120enable global proxy ARP. 3121.It Va forward_sourceroute 3122.Pq Vt bool 3123If set to 3124.Dq Li YES 3125and 3126.Va gateway_enable 3127is also set to 3128.Dq Li YES , 3129source-routed packets are forwarded. 3130.It Va accept_sourceroute 3131.Pq Vt bool 3132If set to 3133.Dq Li YES , 3134the system will accept source-routed packets directed at it. 3135.It Va rarpd_enable 3136.Pq Vt bool 3137If set to 3138.Dq Li YES , 3139run the 3140.Xr rarpd 8 3141daemon at system boot time. 3142.It Va rarpd_flags 3143.Pq Vt str 3144If 3145.Va rarpd_enable 3146is set to 3147.Dq Li YES , 3148these are the flags to pass to the 3149.Xr rarpd 8 3150daemon. 3151.It Va bootparamd_enable 3152.Pq Vt bool 3153If set to 3154.Dq Li YES , 3155run the 3156.Xr bootparamd 8 3157daemon at system boot time. 3158.It Va bootparamd_flags 3159.Pq Vt str 3160If 3161.Va bootparamd_enable 3162is set to 3163.Dq Li YES , 3164these are the flags to pass to the 3165.Xr bootparamd 8 3166daemon. 3167.It Va stf_interface_ipv4addr 3168.Pq Vt str 3169If not set to 3170.Dq Li NO , 3171this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3172interface). 3173Specify this entry to enable the 6to4 interface. 3174.It Va stf_interface_ipv4plen 3175.Pq Vt int 3176Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3177An effective value is 0-31. 3178.It Va stf_interface_ipv6_ifid 3179.Pq Vt str 3180IPv6 interface ID for 3181.Xr stf 4 . 3182This can be set to 3183.Dq Li AUTO . 3184.It Va stf_interface_ipv6_slaid 3185.Pq Vt str 3186IPv6 Site Level Aggregator for 3187.Xr stf 4 . 3188.It Va ipv6_ipv4mapping 3189.Pq Vt bool 3190If set to 3191.Dq Li YES 3192this enables IPv4 mapped IPv6 address communication (like 3193.Li ::ffff:a.b.c.d ) . 3194.It Va rtsold_enable 3195.Pq Vt bool 3196Set to 3197.Dq Li YES 3198to enable the 3199.Xr rtsold 8 3200daemon to send ICMPv6 Router Solicitation messages. 3201.It Va rtsold_flags 3202.Pq Vt str 3203If 3204.Va rtsold_enable 3205is set to 3206.Dq Li YES , 3207these are the flags to pass to 3208.Xr rtsold 8 . 3209.It Va rtsol_flags 3210.Pq Vt str 3211For interfaces configured with the 3212.Dq Li inet6 accept_rtadv 3213keyword, these are the flags to pass to 3214.Xr rtsol 8 . 3215.Pp 3216Note that 3217.Va rtsold_enable 3218is mutually exclusive to 3219.Va rtsol_flags ; 3220.Va rtsold_enable 3221takes precedence. 3222.It Va keybell 3223.Pq Vt str 3224The keyboard bell sound. 3225Set to 3226.Dq Li normal , 3227.Dq Li visual , 3228.Dq Li off , 3229or 3230.Dq Li NO 3231if the default behavior is desired. 3232For details, refer to the 3233.Xr kbdcontrol 1 3234manpage. 3235.It Va keyboard 3236.Pq Vt str 3237If set to a non-null string, the virtual console's keyboard input is 3238set to this device. 3239.It Va keymap 3240.Pq Vt str 3241If set to 3242.Dq Li NO , 3243no keymap is installed, otherwise the value is used to install 3244the keymap file found in 3245.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3246(if using 3247.Xr syscons 4 ) or 3248.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3249(if using 3250.Xr vt 4 ) . 3251.It Va keyrate 3252.Pq Vt str 3253The keyboard repeat speed. 3254Set to 3255.Dq Li slow , 3256.Dq Li normal , 3257.Dq Li fast , 3258or 3259.Dq Li NO 3260if the default behavior is desired. 3261.It Va keychange 3262.Pq Vt str 3263If not set to 3264.Dq Li NO , 3265attempt to program the function keys with the value. 3266The value should 3267be a single string of the form: 3268.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3269.It Va cursor 3270.Pq Vt str 3271Can be set to the value of 3272.Dq Li normal , 3273.Dq Li blink , 3274.Dq Li destructive , 3275or 3276.Dq Li NO 3277to set the cursor behavior explicitly or choose the default behavior. 3278.It Va scrnmap 3279.Pq Vt str 3280If set to 3281.Dq Li NO , 3282no screen map is installed, otherwise the value is used to install 3283the screen map file in 3284.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3285This parameter is ignored when using 3286.Xr vt 4 3287as the console driver. 3288.It Va font8x16 3289.Pq Vt str 3290If set to 3291.Dq Li NO , 3292the default 8x16 font value is used for screen size requests, otherwise 3293the value in 3294.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3295or 3296.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3297is used (depending on the console driver being used). 3298.It Va font8x14 3299.Pq Vt str 3300If set to 3301.Dq Li NO , 3302the default 8x14 font value is used for screen size requests, otherwise 3303the value in 3304.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3305or 3306.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3307is used (depending on the console driver being used). 3308.It Va font8x8 3309.Pq Vt str 3310If set to 3311.Dq Li NO , 3312the default 8x8 font value is used for screen size requests, otherwise 3313the value in 3314.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3315or 3316.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3317is used (depending on the console driver being used). 3318.It Va blanktime 3319.Pq Vt int 3320If set to 3321.Dq Li NO , 3322the default screen blanking interval is used, otherwise it is set 3323to 3324.Ar value 3325seconds. 3326.It Va saver 3327.Pq Vt str 3328If not set to 3329.Dq Li NO , 3330this is the actual screen saver to use 3331.Li ( blank , snake , daemon , 3332etc). 3333.It Va moused_nondefault_enable 3334.Pq Vt str 3335If set to 3336.Dq Li NO , 3337the mouse device specified on 3338the command line is not automatically treated as enabled by the 3339.Pa /etc/rc.d/moused 3340script. 3341Having this variable set to 3342.Dq Li YES 3343allows a 3344.Xr usb 4 3345mouse, 3346for example, 3347to be enabled as soon as it is plugged in. 3348.It Va moused_enable 3349.Pq Vt str 3350If set to 3351.Dq Li YES , 3352the 3353.Xr moused 8 3354daemon is started for doing cut/paste selection on the console. 3355.It Va moused_type 3356.Pq Vt str 3357This is the protocol type of the mouse connected to this host. 3358This variable must be set if 3359.Va moused_enable 3360is set to 3361.Dq Li YES , 3362but defaults to 3363.Dq Li auto 3364as the 3365.Xr moused 8 3366daemon 3367is able to detect the appropriate mouse type automatically in many cases. 3368Set this variable to 3369one from the following list if the automatic detection fails. 3370.Pp 3371If the mouse is attached to the PS/2 mouse port, choose 3372.Dq Li auto 3373or 3374.Dq Li ps/2 , 3375regardless of the brand and model of the mouse. 3376Likewise, if the 3377mouse is attached to the bus mouse port, choose 3378.Dq Li auto 3379or 3380.Dq Li busmouse . 3381All other protocols are for serial mice and will not work with 3382the PS/2 and bus mice. 3383If this is a USB mouse, 3384.Dq Li auto 3385is the only protocol type which will work. 3386.Pp 3387.Bl -tag -width ".Li x10mouseremote" -compact 3388.It Li microsoft 3389Microsoft mouse (serial) 3390.It Li intellimouse 3391Microsoft IntelliMouse (serial) 3392.It Li mousesystems 3393Mouse systems Corp.\& mouse (serial) 3394.It Li mmseries 3395MM Series mouse (serial) 3396.It Li logitech 3397Logitech mouse (serial) 3398.It Li busmouse 3399A bus mouse 3400.It Li mouseman 3401Logitech MouseMan and TrackMan (serial) 3402.It Li glidepoint 3403ALPS GlidePoint (serial) 3404.It Li thinkingmouse 3405Kensington ThinkingMouse (serial) 3406.It Li ps/2 3407PS/2 mouse 3408.It Li mmhittab 3409MM HitTablet (serial) 3410.It Li x10mouseremote 3411X10 MouseRemote (serial) 3412.It Li versapad 3413Interlink VersaPad (serial) 3414.El 3415.Pp 3416Even if the mouse is not in the above list, it may be compatible 3417with one in the list. 3418Refer to the manual page for 3419.Xr moused 8 3420for compatibility information. 3421.Pp 3422It should also be noted that while this is enabled, any 3423other client of the mouse (such as an X server) should access 3424the mouse through the virtual mouse device, 3425.Pa /dev/sysmouse , 3426and configure it as a 3427.Dq Li sysmouse 3428type mouse, since all 3429mouse data is converted to this single canonical format when 3430using 3431.Xr moused 8 . 3432If the client program does not support the 3433.Dq Li sysmouse 3434type, 3435specify the 3436.Dq Li mousesystems 3437type. 3438It is the second preferred type. 3439.It Va moused_port 3440.Pq Vt str 3441If 3442.Va moused_enable 3443is set to 3444.Dq Li YES , 3445this is the actual port the mouse is on. 3446It might be 3447.Pa /dev/cuau0 3448for a COM1 serial mouse, or 3449.Pa /dev/psm0 3450for a PS/2 mouse, for example. 3451.It Va moused_flags 3452.Pq Vt str 3453If 3454.Va moused_flags 3455is set, its value is used as an additional set of flags to pass to the 3456.Xr moused 8 3457daemon. 3458.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3459When 3460.Va moused_nondefault_enable 3461is enabled, and a 3462.Xr moused 8 3463daemon is started for a non-default port, the 3464.Va "moused_" Ns Ar XXX Ns Va "_flags" 3465set of options has precedence over and replaces the default 3466.Va moused_flags 3467(where 3468.Ar XXX 3469is the name of the non-default port, i.e.,\& 3470.Ar ums0 ) . 3471By setting 3472.Va "moused_" Ns Ar XXX Ns Va "_flags" 3473it is possible to set up a different set of default flags for each 3474.Xr moused 8 3475instance. 3476For example, you can use 3477.Dq Li "-3" 3478for the default 3479.Va moused_flags 3480to make your laptop's touchpad more comfortable to use, 3481but an empty set of options for 3482.Va moused_ums0_flags 3483when your 3484.Xr usb 4 3485mouse has three or more buttons. 3486.It Va mousechar_start 3487.Pq Vt int 3488If set to 3489.Dq Li NO , 3490the default mouse cursor character range 3491.Li 0xd0 Ns - Ns Li 0xd3 3492is used, 3493otherwise the range start is set 3494to 3495.Ar value 3496character, see 3497.Xr vidcontrol 1 . 3498Use if the default range is occupied in the language code table. 3499.It Va allscreens_flags 3500.Pq Vt str 3501If set, 3502.Xr vidcontrol 1 3503is run with these options for each of the virtual terminals 3504.Pq Pa /dev/ttyv* . 3505For example, 3506.Dq Fl m Cm on 3507will enable the mouse pointer on all virtual terminals 3508if 3509.Va moused_enable 3510is set to 3511.Dq Li YES . 3512.It Va allscreens_kbdflags 3513.Pq Vt str 3514If set, 3515.Xr kbdcontrol 1 3516is run with these options for each of the virtual terminals 3517.Pq Pa /dev/ttyv* . 3518For example, 3519.Dq Fl h Li 200 3520will set the 3521.Xr syscons 4 3522or 3523.Xr vt 4 3524scrollback (history) buffer to 200 lines. 3525.It Va cron_enable 3526.Pq Vt bool 3527If set to 3528.Dq Li YES , 3529run the 3530.Xr cron 8 3531daemon at system boot time. 3532.It Va cron_program 3533.Pq Vt str 3534Path to 3535.Xr cron 8 3536(default 3537.Pa /usr/sbin/cron ) . 3538.It Va cron_flags 3539.Pq Vt str 3540If 3541.Va cron_enable 3542is set to 3543.Dq Li YES , 3544these are the flags to pass to 3545.Xr cron 8 . 3546.It Va cron_dst 3547.Pq Vt bool 3548If set to 3549.Dq Li YES , 3550enable the special handling of transitions to and from the 3551Daylight Saving Time in 3552.Xr cron 8 3553(equivalent to using the flag 3554.Fl s ) . 3555.It Va lpd_program 3556.Pq Vt str 3557Path to 3558.Xr lpd 8 3559(default 3560.Pa /usr/sbin/lpd ) . 3561.It Va lpd_enable 3562.Pq Vt bool 3563If set to 3564.Dq Li YES , 3565run the 3566.Xr lpd 8 3567daemon at system boot time. 3568.It Va lpd_flags 3569.Pq Vt str 3570If 3571.Va lpd_enable 3572is set to 3573.Dq Li YES , 3574these are the flags to pass to the 3575.Xr lpd 8 3576daemon. 3577.It Va chkprintcap_enable 3578.Pq Vt bool 3579If set to 3580.Dq Li YES , 3581run the 3582.Xr chkprintcap 8 3583command before starting the 3584.Xr lpd 8 3585daemon. 3586.It Va chkprintcap_flags 3587.Pq Vt str 3588If 3589.Va lpd_enable 3590and 3591.Va chkprintcap_enable 3592are set to 3593.Dq Li YES , 3594these are the flags to pass to the 3595.Xr chkprintcap 8 3596program. 3597The default is 3598.Dq Li -d , 3599which causes missing directories to be created. 3600.It Va dumpdev 3601.Pq Vt str 3602Indicates the device (usually a swap partition) to which a crash dump 3603should be written in the event of a system crash. 3604If the value of this variable is 3605.Dq Li AUTO , 3606the first suitable swap device listed in 3607.Pa /etc/fstab 3608will be used as dump device. 3609Otherwise, the value of this variable is passed as the argument to 3610.Xr dumpon 8 3611and 3612.Xr savecore 8 . 3613To disable crash dumps, set this variable to 3614.Dq Li NO . 3615.It Va dumpon_flags 3616.Pq Vt str 3617Flags to pass to 3618.Xr dumpon 8 3619when configuring 3620.Va dumpdev 3621as the system dump device. 3622.It Va dumpdir 3623.Pq Vt str 3624When the system reboots after a crash and a crash dump is found on the 3625device specified by the 3626.Va dumpdev 3627variable, 3628.Xr savecore 8 3629will save that crash dump and a copy of the kernel to the directory 3630specified by the 3631.Va dumpdir 3632variable. 3633The default value is 3634.Pa /var/crash . 3635Set to 3636.Dq Li NO 3637to not run 3638.Xr savecore 8 3639at boot time when 3640.Va dumpdir 3641is set. 3642.It Va savecore_enable 3643.Pq Vt bool 3644If set to 3645.Dq Li NO , 3646disable automatic extraction of the crash dump from the 3647.Va dumpdev . 3648.It Va savecore_flags 3649.Pq Vt str 3650If crash dumps are enabled, these are the flags to pass to the 3651.Xr savecore 8 3652utility. 3653.It Va quota_enable 3654.Pq Vt bool 3655Set to 3656.Dq Li YES 3657to turn on user and group disk quotas on system startup via the 3658.Xr quotaon 8 3659command for all file systems marked as having quotas enabled in 3660.Pa /etc/fstab . 3661The kernel must be built with 3662.Cd "options QUOTA" 3663for disk quotas to function. 3664.It Va check_quotas 3665.Pq Vt bool 3666Set to 3667.Dq Li YES 3668to enable user and group disk quota checking via the 3669.Xr quotacheck 8 3670command. 3671.It Va quotacheck_flags 3672.Pq Vt str 3673If 3674.Va quota_enable 3675is set to 3676.Dq Li YES , 3677and 3678.Va check_quotas 3679is set to 3680.Dq Li YES , 3681these are the flags to pass to the 3682.Xr quotacheck 8 3683utility. 3684The default is 3685.Dq Li "-a" , 3686which checks quotas for all file systems with quotas enabled in 3687.Pa /etc/fstab . 3688.It Va quotaon_flags 3689.Pq Vt str 3690If 3691.Va quota_enable 3692is set to 3693.Dq Li YES , 3694these are the flags to pass to the 3695.Xr quotaon 8 3696utility. 3697The default is 3698.Dq Li "-a" , 3699which enables quotas for all file systems with quotas enabled in 3700.Pa /etc/fstab . 3701.It Va quotaoff_flags 3702.Pq Vt str 3703If 3704.Va quota_enable 3705is set to 3706.Dq Li YES , 3707these are the flags to pass to the 3708.Xr quotaoff 8 3709utility when shutting down the quota system. 3710The default is 3711.Dq Li "-a" , 3712which disables quotas for all file systems with quotas enabled in 3713.Pa /etc/fstab . 3714.It Va accounting_enable 3715.Pq Vt bool 3716Set to 3717.Dq Li YES 3718to enable system accounting through the 3719.Xr accton 8 3720facility. 3721.It Va firstboot_sentinel 3722.Pq Vt str 3723This variable specifies the full path to a 3724.Dq first boot 3725sentinel file. 3726If a file exists with this path, 3727.Pa rc.d 3728scripts with the 3729.Dq firstboot 3730keyword will be run on startup and the sentinel file will be deleted 3731after the boot process completes. 3732The sentinel file must be located on a writable file system which is 3733mounted no later than 3734.Va early_late_divider 3735to function properly. 3736The default is 3737.Pa /firstboot . 3738.It Va linux_enable 3739.Pq Vt bool 3740Set to 3741.Dq Li YES 3742to enable Linux/ELF binary emulation at system initial 3743boot time. 3744.It Va sysvipc_enable 3745.Pq Vt bool 3746If set to 3747.Dq Li YES , 3748load System V IPC primitives at boot time. 3749.It Va clear_tmp_enable 3750.Pq Vt bool 3751Set to 3752.Dq Li YES 3753to have 3754.Pa /tmp 3755cleaned at startup. 3756.It Va clear_tmp_X 3757.Pq Vt bool 3758Set to 3759.Dq Li NO 3760to disable removing of X11 lock files, 3761and the removal and (secure) recreation 3762of the various socket directories for X11 3763related programs. 3764.It Va ldconfig_paths 3765.Pq Vt str 3766Set to the list of shared library paths to use with 3767.Xr ldconfig 8 . 3768NOTE: 3769.Pa /lib 3770and 3771.Pa /usr/lib 3772will always be added first, so they need not appear in this list. 3773.It Va ldconfig32_paths 3774.Pq Vt str 3775Set to the list of 32-bit compatibility shared library paths to 3776use with 3777.Xr ldconfig 8 . 3778.It Va ldconfig_insecure 3779.Pq Vt bool 3780The 3781.Xr ldconfig 8 3782utility normally refuses to use directories 3783which are writable by anyone except root. 3784Set this variable to 3785.Dq Li YES 3786to disable that security check during system startup. 3787.It Va ldconfig_local_dirs 3788.Pq Vt str 3789Set to the list of local 3790.Xr ldconfig 8 3791directories. 3792The names of all files in the directories listed will be 3793passed as arguments to 3794.Xr ldconfig 8 . 3795.It Va ldconfig_local32_dirs 3796.Pq Vt str 3797Set to the list of local 32-bit compatibility 3798.Xr ldconfig 8 3799directories. 3800The names of all files in the directories listed will be 3801passed as arguments to 3802.Dq Nm ldconfig Fl 32 . 3803.It Va kern_securelevel_enable 3804.Pq Vt bool 3805Set to 3806.Dq Li YES 3807to set the kernel security level at system startup. 3808.It Va kern_securelevel 3809.Pq Vt int 3810The kernel security level to set at startup. 3811The allowed range of 3812.Ar value 3813ranges from \-1 (the compile time default) to 3 (the 3814most secure). 3815See 3816.Xr security 7 3817for the list of possible security levels and their effect 3818on system operation. 3819.It Va sshd_program 3820.Pq Vt str 3821Path to the SSH server program 3822.Pa ( /usr/sbin/sshd 3823is the default). 3824.It Va sshd_enable 3825.Pq Vt bool 3826Set to 3827.Dq Li YES 3828to start 3829.Xr sshd 8 3830at system boot time. 3831Note, the 3832.Va sshd_oomprotect 3833variable is set to 3834.Dq Li YES 3835by default in 3836.Pa /etc/defaults/rc.conf . 3837.It Va sshd_flags 3838.Pq Vt str 3839If 3840.Va sshd_enable 3841is set to 3842.Dq Li YES , 3843these are the flags to pass to the 3844.Xr sshd 8 3845daemon. 3846.It Va ftpd_program 3847.Pq Vt str 3848Path to the FTP server program 3849.Pa ( /usr/libexec/ftpd 3850is the default). 3851.It Va ftpd_enable 3852.Pq Vt bool 3853Set to 3854.Dq Li YES 3855to start 3856.Xr ftpd 8 3857as a stand-alone daemon at system boot time. 3858.It Va ftpd_flags 3859.Pq Vt str 3860If 3861.Va ftpd_enable 3862is set to 3863.Dq Li YES , 3864these are the additional flags to pass to the 3865.Xr ftpd 8 3866daemon. 3867.It Va watchdogd_enable 3868.Pq Vt bool 3869If set to 3870.Dq Li YES , 3871start the 3872.Xr watchdogd 8 3873daemon at boot time. 3874This requires that the kernel have been compiled with a 3875.Xr watchdog 4 3876compatible device. 3877.It Va watchdogd_flags 3878.Pq Vt str 3879If 3880.Va watchdogd_enable 3881is set to 3882.Dq Li YES , 3883these are the flags passed to the 3884.Xr watchdogd 8 3885daemon. 3886.It Va watchdogd_timeout 3887.Pq Vt int 3888If 3889.Va watchdogd_enable 3890is set to 3891.Dq Li YES , 3892this is a timeout that will be used by the 3893.Xr watchdogd 8 3894daemon. 3895If this option is set, it overrides 3896.Fl t 3897in 3898.Va watchdogd_flags . 3899.It Va watchdogd_shutdown_timeout 3900.Pq Vt int 3901If 3902.Va watchdogd_enable 3903is set to 3904.Dq Li YES , 3905this is a timeout that will be set by the 3906.Xr watchdogd 8 3907daemon when it exits during the system shutdown. 3908This timeout will not be set when returning to the single-user mode 3909or when the watchdogd service is stopped individually using the 3910.Xr service 8 3911command or the rc.d script. 3912Note that the timeout will be applied if 3913.Xr watchdogd 8 3914is stopped outside of 3915.Xr rc 8 3916framework. 3917If this option is set, it overrides 3918.Fl x 3919in 3920.Va watchdogd_flags . 3921.It Va devfs_rulesets 3922.Pq Vt str 3923List of files containing sets of rules for 3924.Xr devfs 8 . 3925.It Va devfs_system_ruleset 3926.Pq Vt str 3927Rule name(s) to apply to the system 3928.Pa /dev 3929itself. 3930.It Va devfs_set_rulesets 3931.Pq Vt str 3932Pairs of already-mounted 3933.Pa dev 3934directories and rulesets that should be applied to them. 3935For example: /mount/dev=ruleset_name 3936.It Va devfs_load_rulesets 3937.Pq Vt bool 3938If set, always load the default rulesets listed in 3939.Va devfs_rulesets . 3940.It Va performance_cx_lowest 3941.Pq Vt str 3942CPU idle state to use while on AC power. 3943The string 3944.Dq Li LOW 3945indicates that 3946.Xr acpi 4 3947should use the lowest power state available while 3948.Dq Li HIGH 3949indicates that the lowest latency state (less power savings) should be used. 3950.It Va performance_cpu_freq 3951.Pq Vt str 3952CPU clock frequency to use while on AC power. 3953The string 3954.Dq Li LOW 3955indicates that 3956.Xr cpufreq 4 3957should use the lowest frequency available while 3958.Dq Li HIGH 3959indicates that the highest frequency (less power savings) should be used. 3960.It Va economy_cx_lowest 3961.Pq Vt str 3962CPU idle state to use when off AC power. 3963The string 3964.Dq Li LOW 3965indicates that 3966.Xr acpi 4 3967should use the lowest power state available while 3968.Dq Li HIGH 3969indicates that the lowest latency state (less power savings) should be used. 3970.It Va economy_cpu_freq 3971.Pq Vt str 3972CPU clock frequency to use when off AC power. 3973The string 3974.Dq Li LOW 3975indicates that 3976.Xr cpufreq 4 3977should use the lowest frequency available while 3978.Dq Li HIGH 3979indicates that the highest frequency (less power savings) should be used. 3980.It Va jail_enable 3981.Pq Vt bool 3982If set to 3983.Dq Li NO , 3984any configured jails will not be started. 3985.It Va jail_conf 3986.Pq Vt str 3987The configuration filename used by 3988.Xr jail 8 3989utility. 3990The default value is 3991.Pa /etc/jail.conf . 3992.Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf 3993and 3994.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf 3995will also be used if 3996.Ao Va jname Ac 3997is set in 3998.Va jail_list . 3999.It Va jail_parallel_start 4000.Pq Vt bool 4001If set to 4002.Dq Li YES , 4003all configured jails will be started in the background (in parallel). 4004.It Va jail_flags 4005.Pq Vt str 4006Unset by default. 4007When set, use as default value for 4008.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4009for every jail in 4010.Va jail_list . 4011.It Va jail_list 4012.Pq Vt str 4013A space-delimited list of jail names. 4014When left empty, all of the 4015.Xr jail 8 4016instances defined in the configuration file are started. 4017The names specified in this list control the jail startup order. 4018.Xr jail 8 4019instances missing from 4020.Va jail_list 4021must be started manually. 4022Note that a jail's 4023.Va depend 4024parameter in the configuration file may override this list. 4025.It Va jail_reverse_stop 4026.Pq Vt bool 4027When set to 4028.Dq Li YES , 4029all configured jails in 4030.Va jail_list 4031are stopped in reverse order. 4032.It Va jail_ Ns * variables 4033Note that older releases supported per-jail configuration via 4034.Nm 4035variables. 4036For example, 4037hostname of a jail named 4038.Li vjail 4039was able to be set by 4040.Li jail_vjail_hostname . 4041These per-jail configuration variables are now obsolete in favor of 4042.Xr jail 8 4043configuration file. 4044For backward compatibility, 4045when per-jail configuration variables are defined, 4046.Xr jail 8 4047configuration files are created as 4048.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 4049and used. 4050.Pp 4051The following per-jail parameters are handled by 4052.Pa rc.d/jail 4053script out of their corresponding 4054.Nm 4055variables. 4056In addition to them, parameters in 4057.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4058will be added to the configuration file. 4059They must be a semi-colon 4060.Pq Ql \&; 4061delimited list of 4062.Dq key=value . 4063For more details, 4064see 4065.Xr jail 8 4066manual page. 4067.Bl -tag -width "host.hostname" -offset indent 4068.It Li path 4069set from 4070.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4071.It Li host.hostname 4072set from 4073.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4074.It Li exec.consolelog 4075set from 4076.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 4077The default value is 4078.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 4079.It Li interface 4080set from 4081.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4082.It Li vnet.interface 4083set from 4084.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4085This implies 4086.Li vnet 4087parameter will be enabled and cannot be specified with 4088.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4089.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4090and/or 4091.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4092at the same time. 4093.It Li fstab 4094set from 4095.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4096.It Li mount 4097set from 4098.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4099.It Li exec.fib 4100set from 4101.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4102.It Li exec.start 4103set from 4104.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4105The parameter name was 4106.Li command 4107in some older releases. 4108.It Li exec.prestart 4109set from 4110.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4111.It Li exec.poststart 4112set from 4113.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4114.It Li exec.stop 4115set from 4116.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4117.It Li exec.prestop 4118set from 4119.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4120.It Li exec.poststop 4121set from 4122.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4123.It Li ip4.addr 4124set if 4125.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4126or 4127.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4128contain IPv4 addresses 4129.It Li ip6.addr 4130set if 4131.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4132or 4133.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4134contain IPv6 addresses 4135.It Li allow.mount 4136set from 4137.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4138.It Li mount.devfs 4139set from 4140.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4141.It Li devfs_ruleset 4142set from 4143.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4144This must be an integer, 4145not a string. 4146.It Li mount.fdescfs 4147set from 4148.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4149.It Li allow.set_hostname 4150set from 4151.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4152.It Li allow.rawsocket 4153set from 4154.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4155.It Li allow.sysvipc 4156set from 4157.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4158.El 4159.\" ----------------------------------------------------- 4160.It Va harvest_mask 4161.Pq Vt int 4162Set to a bit-mask 4163representing the entropy sources 4164you wish to harvest. 4165Refer to 4166.Xr random 4 4167for more information. 4168.It Va entropy_dir 4169.Pq Vt str 4170Set to 4171.Dq Li NO 4172to disable caching entropy via 4173.Xr cron 8 . 4174Otherwise set to the directory 4175in which the entropy files are stored. 4176To be useful, 4177there must be 4178a system cron job 4179that regularly writes and rotates 4180files here. 4181All files found 4182will be used at boot time. 4183The default is 4184.Pa /var/db/entropy . 4185.It Va entropy_file 4186.Pq Vt str 4187Set to 4188.Dq Li NO 4189to disable caching entropy through reboots. 4190Otherwise set to the name 4191of a file used to store cached entropy. 4192This file should be located 4193on a file system that is readable 4194before all the volumes specified in 4195.Xr fstab 5 4196are mounted. 4197By default, 4198.Pa /entropy 4199is used, 4200but if 4201.Pa /var/db/entropy-file 4202is found it will also be used. 4203This will be of some use to 4204.Xr bsdinstall 8 . 4205.It Va entropy_boot_file 4206.Pq Vt str 4207Set to 4208.Dq Li NO 4209to disable 4210very early caching entropy 4211through reboots. 4212Otherwise set to the filename 4213used to read 4214very early reboot cached entropy. 4215This file should be located where 4216.Xr loader 8 4217can read it. 4218See also 4219.Xr loader.conf 5 . 4220The default location is 4221.Pa /boot/entropy . 4222.It Va entropy_save_sz 4223.Pq Vt int 4224Size of the entropy cache files saved by 4225.Nm save-entropy 4226periodically. 4227.It Va entropy_save_num 4228.Pq Vt int 4229Number of entropy cache files to save by 4230.Nm save-entropy 4231periodically. 4232.It Va ipsec_enable 4233.Pq Vt bool 4234Set to 4235.Dq Li YES 4236to run 4237.Xr setkey 8 4238on 4239.Va ipsec_file 4240at boot time. 4241.It Va ipsec_file 4242.Pq Vt str 4243Configuration file for 4244.Xr setkey 8 . 4245.It Va dmesg_enable 4246.Pq Vt bool 4247Set to 4248.Dq Li YES 4249to save 4250.Xr dmesg 8 4251to 4252.Pa /var/run/dmesg.boot 4253on boot. 4254.It Va rcshutdown_timeout 4255.Pq Vt int 4256If set, start a watchdog timer in the background which will terminate 4257.Pa rc.shutdown 4258if 4259.Xr shutdown 8 4260has not completed within the specified time (in seconds). 4261Notice that in addition to this soft timeout, 4262.Xr init 8 4263also applies a hard timeout for the execution of 4264.Pa rc.shutdown . 4265This is configured via 4266.Xr sysctl 8 4267variable 4268.Va kern.init_shutdown_timeout 4269and defaults to 120 seconds. 4270Setting the value of 4271.Va rcshutdown_timeout 4272to more than 120 seconds will have no effect until the 4273.Xr sysctl 8 4274variable 4275.Va kern.init_shutdown_timeout 4276is also increased. 4277.It Va virecover_enable 4278.Pq Vt bool 4279Set to 4280.Dq Li NO 4281to prevent the system from trying to 4282recover prematurely terminated 4283.Xr vi 1 4284sessions. 4285.It Va ugidfw_enable 4286.Pq Vt bool 4287Set to 4288.Dq Li YES 4289to load the 4290.Xr mac_bsdextended 4 4291module upon system initialization and load a default 4292ruleset file. 4293.It Va bsdextended_script 4294.Pq Vt str 4295The default 4296.Xr mac_bsdextended 4 4297ruleset file to load. 4298The default value of this variable is 4299.Pa /etc/rc.bsdextended . 4300.It Va newsyslog_enable 4301.Pq Vt bool 4302If set to 4303.Dq Li YES , 4304run 4305.Xr newsyslog 8 4306command at startup. 4307.It Va newsyslog_flags 4308.Pq Vt str 4309If 4310.Va newsyslog_enable 4311is set to 4312.Dq Li YES , 4313these are the flags to pass to the 4314.Xr newsyslog 8 4315program. 4316The default is 4317.Dq Li -CN , 4318which causes log files flagged with a 4319.Cm C 4320to be created. 4321.It Va mdconfig_md Ns Aq Ar X 4322.Pq Vt str 4323Arguments to 4324.Xr mdconfig 8 4325for 4326.Xr md 4 4327device 4328.Ar X . 4329At minimum a 4330.Fl t Ar type 4331must be specified and either a 4332.Fl s Ar size 4333for malloc or swap backed 4334.Xr md 4 4335devices or a 4336.Fl f Ar file 4337for vnode backed 4338.Xr md 4 4339devices. 4340Note that 4341.Va mdconfig_md Ns Aq Ar X 4342variables are evaluated until one variable is unset or null. 4343.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4344.Pq Vt str 4345Optional arguments passed to 4346.Xr newfs 8 4347to initialize 4348.Xr md 4 4349device 4350.Ar X . 4351.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4352.Pq Vt str 4353An ownership specification passed to 4354.Xr chown 8 4355after the specified 4356.Xr md 4 4357device 4358.Ar X 4359has been mounted. 4360Both the 4361.Xr md 4 4362device and the mount point will be changed. 4363.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4364.Pq Vt str 4365A mode string passed to 4366.Xr chmod 1 4367after the specified 4368.Xr md 4 4369device 4370.Ar X 4371has been mounted. 4372Both the 4373.Xr md 4 4374device and the mount point will be changed. 4375.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4376.Pq Vt str 4377Files to be copied to the mount point of the 4378.Xr md 4 4379device 4380.Ar X 4381after it has been mounted. 4382.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4383.Pq Vt str 4384Command to execute after the specified 4385.Xr md 4 4386device 4387.Ar X 4388has been mounted. 4389Note that the command is passed to 4390.Ic eval 4391and that both 4392.Va _dev 4393and 4394.Va _mp 4395variables can be used to reference respectively the 4396.Xr md 4 4397device and the mount point. 4398Assuming that the 4399.Xr md 4 4400device is 4401.Li md0 , 4402one could set the following: 4403.Bd -literal 4404mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4405.Ed 4406.It Va autobridge_interfaces 4407.Pq Vt str 4408Set to the list of bridge interfaces that will have newly arriving interfaces 4409checked against to be automatically added. 4410If not set to 4411.Dq Li NO 4412then for each whitespace separated 4413.Ar element 4414in the value, a 4415.Va autobridge_ Ns Aq Ar element 4416variable is assumed to exist which has a whitespace separated list of interface 4417names to match, these names can use wildcards. 4418For example: 4419.Bd -literal 4420autobridge_interfaces="bridge0" 4421autobridge_bridge0="tap* dc0 vlan[345]" 4422.Ed 4423.It Va mixer_enable 4424.Pq Vt bool 4425If set to 4426.Dq Li YES , 4427enable support for sound mixer. 4428.It Va hcsecd_enable 4429.Pq Vt bool 4430If set to 4431.Dq Li YES , 4432enable Bluetooth security daemon. 4433.It Va hcsecd_config 4434.Pq Vt str 4435Configuration file for 4436.Xr hcsecd 8 . 4437Default 4438.Pa /etc/bluetooth/hcsecd.conf . 4439.It Va sdpd_enable 4440.Pq Vt bool 4441If set to 4442.Dq Li YES , 4443enable Bluetooth Service Discovery Protocol daemon. 4444.It Va sdpd_control 4445.Pq Vt str 4446Path to 4447.Xr sdpd 8 4448control socket. 4449Default 4450.Pa /var/run/sdp . 4451.It Va sdpd_groupname 4452.Pq Vt str 4453Sets 4454.Xr sdpd 8 4455group to run as after it initializes. 4456Default 4457.Dq Li nobody . 4458.It Va sdpd_username 4459.Pq Vt str 4460Sets 4461.Xr sdpd 8 4462user to run as after it initializes. 4463Default 4464.Dq Li nobody . 4465.It Va bthidd_enable 4466.Pq Vt bool 4467If set to 4468.Dq Li YES , 4469enable Bluetooth Human Interface Device daemon. 4470.It Va bthidd_config 4471.Pq Vt str 4472Configuration file for 4473.Xr bthidd 8 . 4474Default 4475.Pa /etc/bluetooth/bthidd.conf . 4476.It Va bthidd_hids 4477.Pq Vt str 4478Path to a file, where 4479.Xr bthidd 8 4480will store information about known HID devices. 4481Default 4482.Pa /var/db/bthidd.hids . 4483.It Va rfcomm_pppd_server_enable 4484.Pq Vt bool 4485If set to 4486.Dq Li YES , 4487enable Bluetooth RFCOMM PPP wrapper daemon. 4488.It Va rfcomm_pppd_server_profile 4489.Pq Vt str 4490The name of the profile to use from 4491.Pa /etc/ppp/ppp.conf . 4492Multiple profiles can be specified here. 4493Also used to specify per-profile overrides. 4494When the profile name contains any of the characters 4495.Dq Li .-/+ 4496they are translated to 4497.Dq Li _ 4498for the proposes of the override variable names. 4499.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4500.Pq Vt str 4501Overrides local address to listen on. 4502By default 4503.Xr rfcomm_pppd 8 4504will listen on 4505.Dq Li ANY 4506address. 4507The address can be specified as BD_ADDR or name. 4508.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4509.Pq Vt str 4510Overrides local RFCOMM channel to listen on. 4511By default 4512.Xr rfcomm_pppd 8 4513will listen on RFCOMM channel 1. 4514Must set properly if multiple profiles used in the same time. 4515.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4516.Pq Vt bool 4517Tells 4518.Xr rfcomm_pppd 8 4519if it should register Serial Port service on the specified RFCOMM channel. 4520Default 4521.Dq Li NO . 4522.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4523.Pq Vt bool 4524Tells 4525.Xr rfcomm_pppd 8 4526if it should register Dial-Up Networking service on the specified 4527RFCOMM channel. 4528Default 4529.Dq Li NO . 4530.It Va ubthidhci_enable 4531.Pq Vt bool 4532If set to 4533.Dq Li YES , 4534change the USB Bluetooth controller from HID mode to HCI mode. 4535You also need to specify the location of USB Bluetooth controller with the 4536.Va ubthidhci_busnum 4537and 4538.Va ubthidhci_addr 4539variables. 4540.It Va ubthidhci_busnum 4541Bus number where the USB Bluetooth controller is located. 4542Check the output of 4543.Xr usbconfig 8 4544on your system to find this information. 4545.It Va ubthidhci_addr 4546Bus address of the USB Bluetooth controller. 4547Check the output of 4548.Xr usbconfig 8 4549on your system to find this information. 4550.It Va utx_enable 4551.Pq Vt bool 4552Set to 4553.Dq Li YES 4554to enable user accounting through the 4555.Xr utx 8 4556facility. 4557.It Va netwait_enable 4558.Pq Vt bool 4559If set to 4560.Dq Li YES , 4561delays the start of network-reliant services until 4562.Va netwait_if 4563is up and ICMP packets to a destination defined in 4564.Va netwait_ip 4565are flowing. 4566Link state is examined first, followed by 4567.Dq Li pinging 4568an IP address to verify network usability. 4569If no destination can be reached or timeouts are exceeded, 4570network services are started anyway with no guarantee that 4571the network is usable. 4572Use of this variable requires both 4573.Va netwait_ip 4574and 4575.Va netwait_if 4576to be set. 4577.It Va netwait_ip 4578.Pq Vt str 4579Empty by default. 4580This variable contains a space-delimited list of IP addresses to 4581.Xr ping 8 . 4582DNS hostnames should not be used as resolution is not guaranteed 4583to be functional at this point. 4584If multiple IP addresses are specified, 4585each will be tried until one is successful or the list is exhausted. 4586.It Va netwait_timeout 4587.Pq Vt int 4588Indicates the total number of seconds to perform a 4589.Dq Li ping 4590against each IP address in 4591.Va netwait_ip , 4592at a rate of one ping per second. 4593If any of the pings are successful, 4594full network connectivity is considered reliable. 4595The default is 60. 4596.It Va netwait_if 4597.Pq Vt str 4598Empty by default. 4599Defines the name of the network interface on which watch for link. 4600.Xr ifconfig 8 4601is used to monitor the interface, looking for 4602.Dq Li status: no carrier . 4603Once gone, the link is considered up. 4604This can be a 4605.Xr vlan 4 4606interface if desired. 4607.It Va netwait_if_timeout 4608.Pq Vt int 4609Defines the total number of seconds to wait for link to become usable, 4610polled at a 1-second interval. 4611The default is 30. 4612.It Va rctl_enable 4613.Pq Vt bool 4614If set to 4615.Dq Li YES , 4616load 4617.Xr rctl 8 4618rules from the defined ruleset. 4619The kernel must be built with 4620.Cd "options RACCT" 4621and 4622.Cd "options RCTL" . 4623.It Va rctl_rules 4624.Pq Vt str 4625Set to 4626.Pa /etc/rctl.conf 4627by default. 4628This variables contains the 4629.Xr rctl.conf 5 4630ruleset to load for 4631.Xr rctl 8 . 4632.It Va iovctl_files 4633.Pq Vt str 4634A space-separated list of configuration files used by 4635.Xr iovctl 8 . 4636The default value is an empty string. 4637.It Va autofs_enable 4638.Pq Vt bool 4639If set to 4640.Dq Li YES , 4641start the 4642.Xr automount 8 4643utility and the 4644.Xr automountd 8 4645and 4646.Xr autounmountd 8 4647daemons at boot time. 4648.It Va automount_flags 4649.Pq Vt str 4650If 4651.Va autofs_enable 4652is set to 4653.Dq Li YES , 4654these are the flags to pass to the 4655.Xr automount 8 4656program. 4657By default no flags are passed. 4658.It Va automountd_flags 4659.Pq Vt str 4660If 4661.Va autofs_enable 4662is set to 4663.Dq Li YES , 4664these are the flags to pass to the 4665.Xr automountd 8 4666daemon. 4667By default no flags are passed. 4668.It Va autounmountd_flags 4669.Pq Vt str 4670If 4671.Va autofs_enable 4672is set to 4673.Dq Li YES , 4674these are the flags to pass to the 4675.Xr autounmountd 8 4676daemon. 4677By default no flags are passed. 4678.It Va ctld_enable 4679.Pq Vt bool 4680If set to 4681.Dq Li YES , 4682start the 4683.Xr ctld 8 4684daemon at boot time. 4685.It Va iscsid_enable 4686.Pq Vt bool 4687If set to 4688.Dq Li YES , 4689start the 4690.Xr iscsid 8 4691daemon at boot time. 4692.It Va iscsictl_enable 4693.Pq Vt bool 4694If set to 4695.Dq Li YES , 4696start the 4697.Xr iscsictl 8 4698utility at boot time. 4699.It Va iscsictl_flags 4700.Pq Vt str 4701If 4702.Va iscsictl_enable 4703is set to 4704.Dq Li YES , 4705these are the flags to pass to the 4706.Xr iscsictl 8 4707program. 4708The default is 4709.Dq Li -Aa , 4710which configures sessions based on the 4711.Pa /etc/iscsi.conf 4712configuration file. 4713.It Va cfumass_enable 4714.Pq Vt bool 4715If set to 4716.Dq Li YES , 4717create and export an USB LUN using 4718.Xr cfumass 4 4719at boot time. 4720.It Va cfumass_dir 4721.Pq Vt str 4722The directory where the files exported by USB LUN are located. 4723The default directory is 4724.Pa /var/cfumass . 4725.It Va service_delete_empty 4726.Pq Vt bool 4727If set to 4728.Dq Li YES , 4729.Ql Li service delete 4730removes empty 4731.Dq Li rc.conf.d 4732files. 4733.It Va zfs_bootonce_activate 4734.Pq Vt bool 4735If set to 4736.Dq Li YES , 4737and a boot environment marked bootonce is successfully booted, 4738it will be made permanently active. 4739.It Va zfskeys_enable 4740.Pq Vt bool 4741If set to 4742.Dq Li YES , 4743enable auto-loading of encryption keys for encrypted ZFS datasets. 4744For every dataset the script will first load the appropriate encryption key 4745and then attempt to unlock the dataset. 4746.Pp 4747The script operates only on datasets which are encrypted with 4748ZFS native encryption 4749and have a ZFS 4750.Dq Li keylocation 4751dataset property beginning with 4752.Dq Li file:// . 4753.It Va zfskeys_datasets 4754.Pq Vt str 4755A whitespace-separated list of ZFS datasets to unlock. 4756The list is empty by default, 4757which means that the script will attempt to unlock all datasets. 4758.It Va zfskeys_timeout 4759.Pq Vt int 4760Define the total number of seconds to wait for the zfskeys script 4761to unlock an encrypted dataset. 4762The default is 10. 4763.It Va sendmail_enable 4764.Pq Vt str 4765If set to 4766.Dq Li YES , 4767run the 4768.Xr sendmail 8 4769daemon at system boot time. 4770If set to 4771.Dq Li NO , 4772do not run a 4773.Xr sendmail 8 4774daemon to listen for incoming network mail. 4775This does not preclude a 4776.Xr sendmail 8 4777daemon listening on the SMTP port of the loopback interface. 4778The 4779.Dq Li NONE 4780option sets each 4781.Va sendmail_enable , 4782.Va sendmail_submit_enable , 4783.Va sendmail_outbound_enable , 4784.Va sendmail_msp_queue_enable 4785to 4786.Dq Li NO . 4787.It Va sendmail_cert_create 4788.Pq Vt str 4789If 4790.Va sendmail_enable 4791is set to 4792.Dq Li YES , 4793create a signed certificate 4794.Pa /etc/mail/certs/host.cert 4795representing 4796.Pa /etc/mail/certs/host.key 4797by the CA certificate in 4798.Pa /etc/mail/certs/cacert.pem . 4799This will enable connecting hosts to negotiate STARTTLS allowing incoming 4800email to be encrypted in transit. 4801.Xr sendmail 8 4802needs to be configured to use these generated files. 4803The default configuration in 4804.Pa /etc/mail/freebsd.mc 4805has the required options in it. 4806.It Va sendmail_cert_cn 4807.Pq Vt str 4808If 4809.Va sendmail_enable 4810is set to 4811.Dq Li YES 4812and 4813.Va sendmail_cert_create 4814is set to 4815.Dq Li YES , 4816this is the Common Name (CN) of the certificate that will be created. 4817If 4818.Va sendmail_cert_cn 4819is not set, the system's hostname will be used. 4820If there is no hostname set, 4821.Dq Li amnesiac 4822will be used. 4823.It Va sendmail_flags 4824.Pq Vt str 4825If 4826.Va sendmail_enable 4827is set to 4828.Dq Li YES , 4829these are the flags to pass to the 4830.Xr sendmail 8 4831daemon. 4832.It Va sendmail_submit_enable 4833.Pq Vt bool 4834If set to 4835.Dq Li YES 4836and 4837.Va sendmail_enable 4838is set to 4839.Dq Li NO , 4840run 4841.Xr sendmail 8 4842using 4843.Va sendmail_submit_flags 4844instead of 4845.Va sendmail_flags . 4846This is intended to allow local mail submission via 4847a localhost-only listening SMTP service required for running 4848.Xr sendmail 8 4849as a non-set-user-ID binary. 4850Note that this does not work inside 4851.Xr jail 2 4852systems, as jails do not allow binding to just the localhost interface. 4853.It Va sendmail_submit_flags 4854.Pq Vt str 4855If 4856.Va sendmail_enable 4857is set to 4858.Dq Li NO 4859and 4860.Va sendmail_submit_enable 4861is set to 4862.Dq Li YES , 4863these are the flags to pass to the 4864.Xr sendmail 8 4865daemon. 4866.It Va sendmail_outbound_enable 4867.Pq Vt bool 4868If set to 4869.Dq Li YES 4870and both 4871.Va sendmail_enable 4872and 4873.Va sendmail_submit_enable 4874are set to 4875.Dq Li NO , 4876run 4877.Xr sendmail 8 4878using 4879.Va sendmail_outbound_flags 4880instead of 4881.Va sendmail_flags . 4882This is intended to allow local mail queue management 4883for systems that do not offer a listening SMTP service. 4884.It Va sendmail_outbound_flags 4885.Pq Vt str 4886If both 4887.Va sendmail_enable 4888and 4889.Va sendmail_submit_enable 4890are set to 4891.Dq Li NO 4892and 4893.Va sendmail_outbound_enable 4894is set to 4895.Dq Li YES , 4896these are the flags to pass to the 4897.Xr sendmail 8 4898daemon. 4899.It Va sendmail_msp_queue_enable 4900.Pq Vt bool 4901If set to 4902.Dq Li YES , 4903start a client (MSP) queue runner 4904.Xr sendmail 8 4905daemon at system boot time. 4906As of sendmail 8.12, a separate queue is used for command line 4907submissions. 4908The client queue runner ensures that nothing is 4909left behind in the submission queue. 4910.It Va sendmail_msp_queue_flags 4911.Pq Vt str 4912If 4913.Va sendmail_msp_queue_enable 4914is set to 4915daemon. 4916.Dq Li YES , 4917these are the flags to pass to the 4918.Xr sendmail 8 4919.El 4920.Sh FILES 4921.Bl -tag -width "/etc/defaults/rc.conf" -compact 4922.It Pa /etc/defaults/rc.conf 4923.It Pa /etc/defaults/vendor.conf 4924.It Pa /etc/rc.conf 4925.It Pa /etc/rc.conf.local 4926.It Pa /etc/rc.conf.d/ 4927.El 4928.Sh SEE ALSO 4929.Xr chmod 1 , 4930.Xr cpuset 1 , 4931.Xr gdb 1 Pq Pa ports/devel/gdb , 4932.Xr kbdcontrol 1 , 4933.Xr limits 1 , 4934.Xr protect 1 , 4935.Xr sh 1 , 4936.Xr umask 1 , 4937.Xr uuidgen 1 , 4938.Xr vi 1 , 4939.Xr vidcontrol 1 , 4940.Xr bridge 4 , 4941.Xr dummynet 4 , 4942.Xr ip 4 , 4943.Xr ipf 4 , 4944.Xr ipfw 4 , 4945.Xr ipnat 4 , 4946.Xr kld 4 , 4947.Xr pf 4 , 4948.Xr pflog 4 , 4949.Xr pfsync 4 , 4950.Xr tcp 4 , 4951.Xr udp 4 , 4952.Xr exports 5 , 4953.Xr fstab 5 , 4954.Xr ipf 5 , 4955.Xr ipnat 5 , 4956.Xr jail.conf 5 , 4957.Xr loader.conf 5 , 4958.Xr login.conf 5 , 4959.Xr motd 5 , 4960.Xr newsyslog.conf 5 , 4961.Xr pf.conf 5 , 4962.Xr firewall 7 , 4963.Xr growfs 7 , 4964.Xr security 7 , 4965.Xr tuning 7 , 4966.Xr accton 8 , 4967.Xr apm 8 , 4968.Xr bsdinstall 8 , 4969.Xr bthidd 8 , 4970.Xr chkprintcap 8 , 4971.Xr chown 8 , 4972.Xr cron 8 , 4973.Xr devfs 8 , 4974.Xr dhclient 8 , 4975.Xr ftpd 8 , 4976.Xr geli 8 , 4977.Xr hcsecd 8 , 4978.Xr ifconfig 8 , 4979.Xr inetd 8 , 4980.Xr iovctl 8 , 4981.Xr ipf 8 , 4982.Xr ipfw 8 , 4983.Xr ipnat 8 , 4984.Xr jail 8 , 4985.Xr kldxref 8 , 4986.Xr loader 8 , 4987.Xr lpd 8 , 4988.Xr makewhatis 8 , 4989.Xr mdconfig 8 , 4990.Xr mdmfs 8 , 4991.Xr mixer 8 , 4992.Xr mountd 8 , 4993.Xr moused 8 , 4994.Xr newfs 8 , 4995.Xr newsyslog 8 , 4996.Xr nfsd 8 , 4997.Xr ntpd 8 , 4998.Xr ntpdate 8 , 4999.Xr pfctl 8 , 5000.Xr pflogd 8 , 5001.Xr ping 8 , 5002.Xr powerd 8 , 5003.Xr quotacheck 8 , 5004.Xr quotaon 8 , 5005.Xr rc 8 , 5006.Xr rc.subr 8 , 5007.Xr rcorder 8 , 5008.Xr rfcomm_pppd 8 , 5009.Xr route 8 , 5010.Xr route6d 8 , 5011.Xr routed 8 , 5012.Xr rpc.lockd 8 , 5013.Xr rpc.statd 8 , 5014.Xr rpc.tlsclntd 8 , 5015.Xr rpc.tlsservd 8 , 5016.Xr rpcbind 8 , 5017.Xr rwhod 8 , 5018.Xr savecore 8 , 5019.Xr sdpd 8 , 5020.Xr sendmail 8 , 5021.Xr service 8 , 5022.Xr sshd 8 , 5023.Xr swapon 8 , 5024.Xr sysctl 8 , 5025.Xr syslogd 8 , 5026.Xr sysrc 8 , 5027.Xr unbound 8 , 5028.Xr usbconfig 8 , 5029.Xr utx 8 , 5030.Xr wlandebug 8 , 5031.Xr yp 8 , 5032.Xr ypbind 8 , 5033.Xr ypserv 8 , 5034.Xr ypset 8 5035.Sh HISTORY 5036The 5037.Nm 5038file appeared in 5039.Fx 2.2.2 . 5040.Sh AUTHORS 5041.An Jordan K. Hubbard . 5042