1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd July 12, 2013 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66In addition to 67.Pa /etc/rc.conf.local 68you can also place smaller configuration files for each 69.Xr rc 8 70script in the 71.Pa /etc/rc.conf.d 72directory, which will be included by the 73.Va load_rc_config 74function. 75For jail configurations you could use the file 76.Pa /etc/rc.conf.d/jail 77to store jail specific configuration options. 78Also see the 79.Va rc_conf_files 80variable below. 81.Pp 82Options are set with 83.Dq Ar name Ns Li = Ns Ar value 84assignments that use 85.Xr sh 1 86syntax. 87The following list provides a name and short description for each 88variable that can be set in the 89.Nm 90file: 91.Bl -tag -width indent-two 92.It Va rc_debug 93.Pq Vt bool 94If set to 95.Dq Li YES , 96enable output of debug messages from rc scripts. 97This variable can be helpful in diagnosing mistakes when 98editing or integrating new scripts. 99Beware that this produces copious output to the terminal and 100.Xr syslog 3 . 101.It Va rc_info 102.Pq Vt bool 103If set to 104.Dq Li NO , 105disable informational messages from the rc scripts. 106Informational messages are displayed when 107a condition that is not serious enough to warrant a warning or 108an error occurs. 109.It Va rc_startmsgs 110.Pq Vt bool 111If set to 112.Dq Li YES , 113show 114.Dq Starting foo: 115when faststart is used (e.g., at boot time). 116.It Va early_late_divider 117.Pq Vt str 118The name of the script that should be used as the 119delimiter between the 120.Dq early 121and 122.Dq late 123stages of the boot process. 124The early stage should contain all the services needed to 125get the disks (local or remote) mounted so that the late 126stage can include scripts contained in the directories 127listed in the 128.Va local_startup 129variable (see below). 130Thus, the two likely candidates for this value are 131.Pa mountcritlocal 132for the typical system, and 133.Pa mountcritremote 134if the system needs remote file 135systems mounted to get access to the 136.Va local_startup 137directories; for example when 138.Pa /usr/local 139is NFS mounted. 140For 141.Pa rc.conf 142within a 143.Xr jail 8 144.Pa NETWORKING 145is likely to be an appropriate value. 146Extreme care should be taken when changing this value, 147and before changing it one should ensure that there are 148adequate provisions to recover from a failed boot 149(such as physical contact with the machine, 150or reliable remote console access). 151.It Va always_force_depends 152.Pq Vt bool 153Various 154.Pa rc.d 155scripts use the force_depend function to check whether required 156services are already running, and to start them if necessary. 157By default during boot time this check is bypassed if the 158required service is enabled in 159.Pa /etc/rc.conf[.local] . 160Setting this option will bypass that check at boot time and 161always test whether or not the service is actually running. 162Enabling this option is likely to increase your boot time if 163services are enabled that utilize the force_depend check. 164.It Ao Ar name Ac Ns Va _chroot 165.Pq Vt str 166.Xr chroot 167to this directory before running the service. 168.It Ao Ar name Ac Ns Va _user 169.Pq Vt str 170Run the service under this user account. 171.It Ao Ar name Ac Ns Va _group 172.Pq Vt str 173Run the chrooted service under this system group. Unlike the _user 174setting, this setting has no effect if the service is not chrooted. 175.It Ao Ar name Ac Ns Va _fib 176.Pq Vt int 177The 178.Xr setfib 1 179value to run the service under. 180.It Ao Ar name Ac Ns Va _nice 181.Pq Vt int 182The 183.Xr nice 1 184value to run the service under. 185.It Va apm_enable 186.Pq Vt bool 187If set to 188.Dq Li YES , 189enable support for Automatic Power Management with 190the 191.Xr apm 8 192command. 193.It Va apmd_enable 194.Pq Vt bool 195Run 196.Xr apmd 8 197to handle APM event from userland. 198This also enables support for APM. 199.It Va apmd_flags 200.Pq Vt str 201If 202.Va apmd_enable 203is set to 204.Dq Li YES , 205these are the flags to pass to the 206.Xr apmd 8 207daemon. 208.It Va devd_enable 209.Pq Vt bool 210Run 211.Xr devd 8 212to handle device added, removed or unknown events from the kernel. 213.It Va ddb_enable 214.Pq Vt bool 215Run 216.Xr ddb 8 217to install 218.Xr ddb 4 219scripts at boot time. 220.It Va ddb_config 221.Pq Vt str 222Configuration file for 223.Xr ddb 8 . 224Default 225.Pa /etc/ddb.conf . 226.It Va kld_list 227.Pq Vt str 228A list of kernel modules to load right after the local 229disks are mounted. 230Loading modules at this point in the boot process is 231much faster than doing it via 232.Pa /boot/loader.conf 233for those modules not necessary for mounting local disk. 234.It Va kldxref_enable 235.Pq Vt bool 236Set to 237.Dq Li NO 238by default. 239Set to 240.Dq Li YES 241to automatically rebuild 242.Pa linker.hints 243files with 244.Xr kldxref 8 245at boot time. 246.It Va kldxref_clobber 247.Pq Vt bool 248Set to 249.Dq Li NO 250by default. 251If 252.Va kldxref_enable 253is true, 254setting to 255.Dq Li YES 256will overwrite existing 257.Pa linker.hints 258files at boot time. 259Otherwise, 260only missing 261.Pa linker.hints 262files are generated. 263.It Va kldxref_module_path 264.Pq Vt str 265Empty by default. 266A semi-colon 267.Pq Ql \&; 268delimited list of paths containing 269.Xr kld 4 270modules. 271If empty, 272the contents of the 273.Va kern.module_path 274.Xr sysctl 8 275are used. 276.It Va powerd_enable 277.Pq Vt bool 278If set to 279.Dq Li YES , 280enable the system power control facility with the 281.Xr powerd 8 282daemon. 283.It Va powerd_flags 284.Pq Vt str 285If 286.Va powerd_enable 287is set to 288.Dq Li YES , 289these are the flags to pass to the 290.Xr powerd 8 291daemon. 292.It Va tmpmfs 293Controls the creation of a 294.Pa /tmp 295memory file system. 296Always happens if set to 297.Dq Li YES 298and never happens if set to 299.Dq Li NO . 300If set to anything else, a memory file system is created if 301.Pa /tmp 302is not writable. 303.It Va tmpsize 304Controls the size of a created 305.Pa /tmp 306memory file system. 307.It Va tmpmfs_flags 308Extra options passed to the 309.Xr mdmfs 8 310utility when the memory file system for 311.Pa /tmp 312is created. 313The default is 314.Dq Li "-S" , 315which inhibits the use of softupdates on 316.Pa /tmp 317so that file system space is freed without delay 318after file truncation or deletion. 319See 320.Xr mdmfs 8 321for other options you can use in 322.Va tmpmfs_flags . 323.It Va varmfs 324Controls the creation of a 325.Pa /var 326memory file system. 327Always happens if set to 328.Dq Li YES 329and never happens if set to 330.Dq Li NO . 331If set to anything else, a memory file system is created if 332.Pa /var 333is not writable. 334.It Va varsize 335Controls the size of a created 336.Pa /var 337memory file system. 338.It Va varmfs_flags 339Extra options passed to the 340.Xr mdmfs 8 341utility when the memory file system for 342.Pa /var 343is created. 344The default is 345.Dq Li "-S" , 346which inhibits the use of softupdates on 347.Pa /var 348so that file system space is freed without delay 349after file truncation or deletion. 350See 351.Xr mdmfs 8 352for other options you can use in 353.Va varmfs_flags . 354.It Va populate_var 355Controls the automatic population of the 356.Pa /var 357file system. 358Always happens if set to 359.Dq Li YES 360and never happens if set to 361.Dq Li NO . 362If set to anything else, a memory file system is created if 363.Pa /var 364is not writable. 365Note that this process requires access to certain commands in 366.Pa /usr 367before 368.Pa /usr 369is mounted on normal systems. 370.It Va cleanvar_enable 371.Pq Vt bool 372Clean the 373.Pa /var 374directory. 375.It Va local_startup 376.Pq Vt str 377List of directories to search for startup script files. 378.It Va script_name_sep 379.Pq Vt str 380The field separator to use for breaking down the list of startup script files 381into individual filenames. 382The default is a space. 383It is not necessary to change this unless there are startup scripts with names 384containing spaces. 385.It Va hostapd_enable 386.Pq Vt bool 387Set to 388.Dq Li YES 389to start 390.Xr hostapd 8 391at system boot time. 392.It Va hostname 393.Pq Vt str 394The fully qualified domain name (FQDN) of this host on the network. 395This should almost certainly be set to something meaningful, even if 396there is no network connection. 397If 398.Xr dhclient 8 399is used to set the hostname via DHCP, 400this variable should be set to an empty string. 401If this value remains unset when the system is done booting 402your console login will display the default hostname of 403.Dq Amnesiac . 404.It Va nisdomainname 405.Pq Vt str 406The NIS domain name of this host, or 407.Dq Li NO 408if NIS is not used. 409.It Va dhclient_program 410.Pq Vt str 411Path to the DHCP client program 412.Pa ( /sbin/dhclient , 413the 414.Ox 415DHCP client, 416is the default). 417.It Va dhclient_flags 418.Pq Vt str 419Additional flags to pass to the DHCP client program. 420For the 421.Ox 422DHCP client, see the 423.Xr dhclient 8 424manpage for a description of the command line options available. 425.It Va dhclient_flags_ Ns Aq Ar iface 426Additional flags to pass to the DHCP client program running on 427.Ar iface 428only. 429When specified, this variable overrides 430.Va dhclient_flags . 431.It Va background_dhclient 432.Pq Vt bool 433Set to 434.Dq Li YES 435to start the DHCP client in background. 436This can cause trouble with applications depending on 437a working network, but it will provide a faster startup 438in many cases. 439.It Va background_dhclient_ Ns Aq Ar iface 440When specified, this variable overrides the 441.Va background_dhclient 442variable for interface 443.Ar iface 444only. 445.It Va synchronous_dhclient 446.Pq Vt bool 447Set to 448.Dq Li YES 449to start 450.Xr dhclient 8 451synchronously at startup. 452This behavior can be overridden on a per-interface basis by replacing 453the 454.Dq Li DHCP 455keyword in the 456.Va ifconfig_ Ns Aq Ar interface 457variable with 458.Dq Li SYNCDHCP 459or 460.Dq Li NOSYNCDHCP . 461.It Va defaultroute_delay 462.Pq Vt int 463When set to a positive value, wait up to this long after configuring 464DHCP interfaces at startup to give the interfaces time to receive a lease. 465.It Va firewall_enable 466.Pq Vt bool 467Set to 468.Dq Li YES 469to load firewall rules at startup. 470If the kernel was not built with 471.Cd "options IPFIREWALL" , 472the 473.Pa ipfw.ko 474kernel module will be loaded. 475See also 476.Va ipfilter_enable . 477.It Va firewall_script 478.Pq Vt str 479This variable specifies the full path to the firewall script to run. 480The default is 481.Pa /etc/rc.firewall . 482.It Va firewall_type 483.Pq Vt str 484Names the firewall type from the selection in 485.Pa /etc/rc.firewall , 486or the file which contains the local firewall ruleset. 487Valid selections from 488.Pa /etc/rc.firewall 489are: 490.Pp 491.Bl -tag -width ".Li simple" -compact 492.It Li open 493unrestricted IP access 494.It Li closed 495all IP services disabled, except via 496.Dq Li lo0 497.It Li client 498basic protection for a workstation 499.It Li simple 500basic protection for a LAN. 501.El 502.Pp 503If a filename is specified, the full path 504must be given. 505.It Va firewall_quiet 506.Pq Vt bool 507Set to 508.Dq Li YES 509to disable the display of firewall rules on the console during boot. 510.It Va firewall_logging 511.Pq Vt bool 512Set to 513.Dq Li YES 514to enable firewall event logging. 515This is equivalent to the 516.Dv IPFIREWALL_VERBOSE 517kernel option. 518.It Va firewall_logif 519.Pq Vt bool 520Set to 521.Dq Li YES 522to create pseudo interface 523.Li ipfw0 524for logging. 525For more details, see 526.Xr ipfw 8 527manual page. 528.It Va firewall_flags 529.Pq Vt str 530Flags passed to 531.Xr ipfw 8 532if 533.Va firewall_type 534specifies a filename. 535.It Va firewall_coscripts 536.Pq Vt str 537List of executables and/or rc scripts to run after firewall starts/stops. 538Default is empty. 539.\" ----- firewall_nat_enable setting -------------------------------- 540.It Va firewall_nat_enable 541.Pq Vt bool 542The 543.Xr ipfw 8 544equivalent of 545.Va natd_enable . 546Setting this to 547.Dq Li YES 548enables kernel NAT. 549.Va firewall_enable 550must also be set to 551.Dq Li YES . 552.It Va firewall_nat_interface 553.Pq Vt str 554The 555.Xr ipfw 8 556equivalent of 557.Va natd_interface . 558This is the name of the public interface or IP address on which 559kernel NAT should run. 560.It Va firewall_nat_flags 561.Pq Vt str 562Additional configuration parameters for kernel NAT should be placed here. 563.It Va dummynet_enable 564.Pq Vt bool 565Setting this to 566.Dq Li YES 567will automatically load the 568.Xr dummynet 4 569module if 570.Va firewall_enable 571is also set to 572.Dq Li YES . 573.\" ------------------------------------------------------------------- 574.It Va natd_program 575.Pq Vt str 576Path to 577.Xr natd 8 . 578.It Va natd_enable 579.Pq Vt bool 580Set to 581.Dq Li YES 582to enable 583.Xr natd 8 . 584.Va firewall_enable 585must also be set to 586.Dq Li YES , 587and 588.Xr divert 4 589sockets must be enabled in the kernel. 590If the kernel was not built with 591.Cd "options IPDIVERT" , 592the 593.Pa ipdivert.ko 594kernel module will be loaded. 595.It Va natd_interface 596.Pq Vt str 597This is the name of the public interface on which 598.Xr natd 8 599should run. 600The interface may be given as an interface name or as an IP address. 601.It Va natd_flags 602.Pq Vt str 603Additional 604.Xr natd 8 605flags should be placed here. 606The 607.Fl n 608or 609.Fl a 610flag is automatically added with the above 611.Va natd_interface 612as an argument. 613.\" ----- ipfilter_enable setting -------------------------------- 614.It Va ipfilter_enable 615.Pq Vt bool 616Set to 617.Dq Li NO 618by default. 619Setting this to 620.Dq Li YES 621enables 622.Xr ipf 8 623packet filtering. 624.Pp 625Typical usage will require putting 626.Bd -literal 627ipfilter_enable="YES" 628ipnat_enable="YES" 629ipmon_enable="YES" 630ipfs_enable="YES" 631.Ed 632.Pp 633into 634.Pa /etc/rc.conf 635and editing 636.Pa /etc/ipf.rules 637and 638.Pa /etc/ipnat.rules 639appropriately. 640.Pp 641Note that 642.Va ipfilter_enable 643and 644.Va ipnat_enable 645can be enabled independently. 646.Va ipmon_enable 647and 648.Va ipfs_enable 649both require at least one of 650.Va ipfilter_enable 651and 652.Va ipnat_enable 653to be enabled. 654.Pp 655Having 656.Bd -literal 657options IPFILTER 658options IPFILTER_LOG 659options IPFILTER_DEFAULT_BLOCK 660.Ed 661.Pp 662in the kernel configuration file is a good idea, too. 663.\" ----- ipfilter_program setting ------------------------------ 664.It Va ipfilter_program 665.Pq Vt str 666Path to 667.Xr ipf 8 668(default 669.Pa /sbin/ipf ) . 670.\" ----- ipfilter_rules setting -------------------------------- 671.It Va ipfilter_rules 672.Pq Vt str 673Set to 674.Pa /etc/ipf.rules 675by default. 676This variable contains the name of the filter rule definition file. 677The file is expected to be readable for the 678.Xr ipf 8 679command to execute. 680.\" ----- ipv6_ipfilter_rules setting --------------------------- 681.It Va ipv6_ipfilter_rules 682.Pq Vt str 683Set to 684.Pa /etc/ipf6.rules 685by default. 686This variable contains the IPv6 filter rule definition file. 687The file is expected to be readable for the 688.Xr ipf 8 689command to execute. 690.\" ----- ipfilter_flags setting -------------------------------- 691.It Va ipfilter_flags 692.Pq Vt str 693Empty by default. 694This variable contains flags passed to the 695.Xr ipf 8 696program. 697.\" ----- ipnat_enable setting ---------------------------------- 698.It Va ipnat_enable 699.Pq Vt bool 700Set to 701.Dq Li NO 702by default. 703Set it to 704.Dq Li YES 705to enable 706.Xr ipnat 8 707network address translation. 708See 709.Va ipfilter_enable 710for a detailed discussion. 711.\" ----- ipnat_program setting --------------------------------- 712.It Va ipnat_program 713.Pq Vt str 714Path to 715.Xr ipnat 8 716(default 717.Pa /sbin/ipnat ) . 718.\" ----- ipnat_rules setting ----------------------------------- 719.It Va ipnat_rules 720.Pq Vt str 721Set to 722.Pa /etc/ipnat.rules 723by default. 724This variable contains the name of the file 725holding the network address translation definition. 726This file is expected to be readable for the 727.Xr ipnat 8 728command to execute. 729.\" ----- ipnat_flags setting ----------------------------------- 730.It Va ipnat_flags 731.Pq Vt str 732Empty by default. 733This variable contains flags passed to the 734.Xr ipnat 8 735program. 736.\" ----- ipmon_enable setting ---------------------------------- 737.It Va ipmon_enable 738.Pq Vt bool 739Set to 740.Dq Li NO 741by default. 742Set it to 743.Dq Li YES 744to enable 745.Xr ipmon 8 746monitoring (logging 747.Xr ipf 8 748and 749.Xr ipnat 8 750events). 751Setting this variable needs setting 752.Va ipfilter_enable 753or 754.Va ipnat_enable 755too. 756See 757.Va ipfilter_enable 758for a detailed discussion. 759.\" ----- ipmon_program setting --------------------------------- 760.It Va ipmon_program 761.Pq Vt str 762Path to 763.Xr ipmon 8 764(default 765.Pa /sbin/ipmon ) . 766.\" ----- ipmon_flags setting ----------------------------------- 767.It Va ipmon_flags 768.Pq Vt str 769Set to 770.Dq Li -Ds 771by default. 772This variable contains flags passed to the 773.Xr ipmon 8 774program. 775Another typical example would be 776.Dq Fl D Pa /var/log/ipflog 777to have 778.Xr ipmon 8 779log directly to a file bypassing 780.Xr syslogd 8 . 781Make sure to adjust 782.Pa /etc/newsyslog.conf 783in such case like this: 784.Bd -literal 785/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 786.Ed 787.\" ----- ipfs_enable setting ----------------------------------- 788.It Va ipfs_enable 789.Pq Vt bool 790Set to 791.Dq Li NO 792by default. 793Set it to 794.Dq Li YES 795to enable 796.Xr ipfs 8 797saving the filter and NAT state tables during shutdown 798and reloading them during startup again. 799Setting this variable needs setting 800.Va ipfilter_enable 801or 802.Va ipnat_enable 803to 804.Dq Li YES 805too. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809Note that if 810.Va kern_securelevel 811is set to 3, 812.Va ipfs_enable 813cannot be used 814because the raised securelevel will prevent 815.Xr ipfs 8 816from saving the state tables at shutdown time. 817.\" ----- ipfs_program setting ---------------------------------- 818.It Va ipfs_program 819.Pq Vt str 820Path to 821.Xr ipfs 8 822(default 823.Pa /sbin/ipfs ) . 824.\" ----- ipfs_flags setting ------------------------------------ 825.It Va ipfs_flags 826.Pq Vt str 827Empty by default. 828This variable contains flags passed to the 829.Xr ipfs 8 830program. 831.\" ----- end of added ipf hook --------------------------------- 832.It Va pf_enable 833.Pq Vt bool 834Set to 835.Dq Li NO 836by default. 837Setting this to 838.Dq Li YES 839enables 840.Xr pf 4 841packet filtering. 842.Pp 843Typical usage will require putting 844.Pp 845.Dl pf_enable="YES" 846.Pp 847into 848.Pa /etc/rc.conf 849and editing 850.Pa /etc/pf.conf 851appropriately. 852Adding 853.Pp 854.Dl "device pf" 855.Pp 856builds support for 857.Xr pf 4 858into the kernel, otherwise the 859kernel module will be loaded. 860.It Va pf_rules 861.Pq Vt str 862Path to 863.Xr pf 4 864ruleset configuration file 865(default 866.Pa /etc/pf.conf ) . 867.It Va pf_program 868.Pq Vt str 869Path to 870.Xr pfctl 8 871(default 872.Pa /sbin/pfctl ) . 873.It Va pf_flags 874.Pq Vt str 875If 876.Va pf_enable 877is set to 878.Dq Li YES , 879these flags are passed to the 880.Xr pfctl 8 881program when loading the ruleset. 882.It Va pflog_enable 883.Pq Vt bool 884Set to 885.Dq Li NO 886by default. 887Setting this to 888.Dq Li YES 889enables 890.Xr pflogd 8 891which logs packets from the 892.Xr pf 4 893packet filter. 894.It Va pflog_logfile 895.Pq Vt str 896If 897.Va pflog_enable 898is set to 899.Dq Li YES 900this controls where 901.Xr pflogd 8 902stores the logfile 903(default 904.Pa /var/log/pflog ) . 905Check 906.Pa /etc/newsyslog.conf 907to adjust logfile rotation for this. 908.It Va pflog_program 909.Pq Vt str 910Path to 911.Xr pflogd 8 912(default 913.Pa /sbin/pflogd ) . 914.It Va pflog_flags 915.Pq Vt str 916Empty by default. 917This variable contains additional flags passed to the 918.Xr pflogd 8 919program. 920.It Va ftpproxy_enable 921.Pq Vt bool 922Set to 923.Dq Li NO 924by default. 925Setting this to 926.Dq Li YES 927enables 928.Xr ftp-proxy 8 929which supports the 930.Xr pf 4 931packet filter in translating ftp connections. 932.It Va ftpproxy_flags 933.Pq Vt str 934Empty by default. 935This variable contains additional flags passed to the 936.Xr ftp-proxy 8 937program. 938.It Va pfsync_enable 939.Pq Vt bool 940Set to 941.Dq Li NO 942by default. 943Setting this to 944.Dq Li YES 945enables exposing 946.Xr pf 4 947state changes to other hosts over the network by means of 948.Xr pfsync 4 . 949The 950.Va pfsync_syncdev 951variable 952must also be set then. 953.It Va pfsync_syncdev 954.Pq Vt str 955Empty by default. 956This variable specifies the name of the network interface 957.Xr pfsync 4 958should operate through. 959It must be set accordingly if 960.Va pfsync_enable 961is set to 962.Dq Li YES . 963.It Va pfsync_syncpeer 964.Pq Vt str 965Empty by default. 966This variable is optional. 967By default, state change messages are sent out on the synchronisation 968interface using IP multicast packets. 969The protocol is IP protocol 240, PFSYNC, and the multicast group used is 970224.0.0.240. 971When a peer address is specified using the 972.Va pfsync_syncpeer 973option, the peer address is used as a destination for the pfsync 974traffic, and the traffic can then be protected using 975.Xr ipsec 4 . 976See the 977.Xr pfsync 4 978manpage for more details about using 979.Xr ipsec 4 980with 981.Xr pfsync 4 982interfaces. 983.It Va pfsync_ifconfig 984.Pq Vt str 985Empty by default. 986This variable can contain additional options to be passed to the 987.Xr ifconfig 8 988command used to set up 989.Xr pfsync 4 . 990.It Va tcp_extensions 991.Pq Vt bool 992Set to 993.Dq Li YES 994by default. 995Setting this to 996.Dq Li NO 997disables certain TCP options as described by 998.Rs 999.%T "RFC 1323" 1000.Re 1001Setting this to 1002.Dq Li NO 1003might help remedy such problems with connections as randomly hanging 1004or other weird behavior. 1005Some network devices are known 1006to be broken with respect to these options. 1007.It Va log_in_vain 1008.Pq Vt int 1009Set to 0 by default. 1010The 1011.Xr sysctl 8 1012variables, 1013.Va net.inet.tcp.log_in_vain 1014and 1015.Va net.inet.udp.log_in_vain , 1016as described in 1017.Xr tcp 4 1018and 1019.Xr udp 4 , 1020are set to the given value. 1021.It Va tcp_keepalive 1022.Pq Vt bool 1023Set to 1024.Dq Li YES 1025by default. 1026Setting to 1027.Dq Li NO 1028will disable probing idle TCP connections to verify that the 1029peer is still up and reachable. 1030.It Va tcp_drop_synfin 1031.Pq Vt bool 1032Set to 1033.Dq Li NO 1034by default. 1035Setting to 1036.Dq Li YES 1037will cause the kernel to ignore TCP frames that have both 1038the SYN and FIN flags set. 1039This prevents OS fingerprinting, but may 1040break some legitimate applications. 1041.It Va icmp_drop_redirect 1042.Pq Vt bool 1043Set to 1044.Dq Li NO 1045by default. 1046Setting to 1047.Dq Li YES 1048will cause the kernel to ignore ICMP REDIRECT packets. 1049Refer to 1050.Xr icmp 4 1051for more information. 1052.It Va icmp_log_redirect 1053.Pq Vt bool 1054Set to 1055.Dq Li NO 1056by default. 1057Setting to 1058.Dq Li YES 1059will cause the kernel to log ICMP REDIRECT packets. 1060Note that 1061the log messages are not rate-limited, so this option should only be used 1062for troubleshooting networks. 1063Refer to 1064.Xr icmp 4 1065for more information. 1066.It Va icmp_bmcastecho 1067.Pq Vt bool 1068Set to 1069.Dq Li YES 1070to respond to broadcast or multicast ICMP ping packets. 1071Refer to 1072.Xr icmp 4 1073for more information. 1074.It Va ip_portrange_first 1075.Pq Vt int 1076If not set to 1077.Dq Li NO , 1078this is the first port in the default portrange. 1079Refer to 1080.Xr ip 4 1081for more information. 1082.It Va ip_portrange_last 1083.Pq Vt int 1084If not set to 1085.Dq Li NO , 1086this is the last port in the default portrange. 1087Refer to 1088.Xr ip 4 1089for more information. 1090.It Va network_interfaces 1091.Pq Vt str 1092Set to the list of network interfaces to configure on this host or 1093.Dq Li AUTO 1094(the default) for all current interfaces. 1095Setting the 1096.Va network_interfaces 1097variable to anything other than the default is deprecated. 1098Interfaces that the administrator wishes to store configuration for, 1099but not start at boot should be configured with the 1100.Dq Li NOAUTO 1101keyword in their 1102.Va ifconfig_ Ns Aq Ar interface 1103variables as described below. 1104.Pp 1105An 1106.Va ifconfig_ Ns Aq Ar interface 1107variable is also assumed to exist for each value of 1108.Ar interface . 1109When an interface name contains any of the characters 1110.Dq Li .-/+ 1111they are translated to 1112.Dq Li _ 1113before lookup. 1114The variable can contain arguments to 1115.Xr ifconfig 8 , 1116as well as special case-insensitive keywords described below. 1117Such keywords are removed before passing the value to 1118.Xr ifconfig 8 1119while the order of the other arguments is preserved. 1120.Pp 1121It is possible to add IP alias entries using 1122.Xr ifconfig 8 1123syntax with the address family keyword such as 1124.Li inet . 1125Assuming that the interface in question was 1126.Li ed0 , 1127it might look something like this: 1128.Bd -literal 1129ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1130ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1131.Ed 1132.Pp 1133It also possible to configure multiple IP addresses in Classless 1134Inter-Domain Routing 1135.Pq CIDR 1136address notation, 1137whose each address component can be a range like 1138.Li inet 192.0.2.5-23/24 1139or 1140.Li inet6 2001:db8:1-f::1/64 . 1141This notation allows address and prefix length part only, 1142not the other address modifiers. 1143.Pp 1144In the case of 1145.Li 192.0.2.5-23/24 , 1146the address 192.0.2.5 will be configured with the 1147netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1148the non-conflicting netmask /32 as explained in the 1149.Xr ifconfig 8 1150alias section. 1151Note that this special netmask handling is only for 1152.Li inet , 1153not for the other address families such as 1154.Li inet6 . 1155.Pp 1156With the interface in question being 1157.Li ed0 , 1158an example could look like: 1159.Bd -literal 1160ifconfig_ed0_alias2="inet 192.0.2.129/27" 1161ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1162.Ed 1163.Pp 1164and so on. 1165.Pp 1166Note that 1167.Va ipv4_addrs_ Ns Aq Ar interface 1168variable was supported for IPv4 CIDR address notation. 1169It is now deprecated because the functionality was integrated into 1170.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1171though 1172.Va ipv4_addrs_ Ns Aq Ar interface 1173is still supported for backward compatibility. 1174.Pp 1175For each 1176.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1177entry with an address family keyword, 1178its contents are passed to 1179.Xr ifconfig 8 . 1180Execution stops at the first unsuccessful access, so if 1181something like this is present: 1182.Bd -literal 1183ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1184ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1185ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1186ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1187.Ed 1188.Pp 1189Then note that alias4 would 1190.Em not 1191be added since the search would 1192stop with the missing 1193.Dq Li alias3 1194entry. 1195Due to this difficult to manage behavior, the 1196.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1197form is deprecated. 1198There is 1199.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1200variable, which has the same functionality as 1201.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1202and can have all of entries in a variable like the following: 1203.Bd -literal 1204ifconfig_ed0_aliases="\\ 1205 inet 127.0.0.251 netmask 0xffffffff \\ 1206 inet 127.0.0.252 netmask 0xffffffff \\ 1207 inet 127.0.0.253 netmask 0xffffffff \\ 1208 inet 127.0.0.254 netmask 0xffffffff" 1209.Ed 1210.Pp 1211It also supports CIDR notation. 1212.Pp 1213If the 1214.Pa /etc/start_if. Ns Aq Ar interface 1215file is present, it is read and executed by the 1216.Xr sh 1 1217interpreter 1218before configuring the interface as specified in the 1219.Va ifconfig_ Ns Aq Ar interface 1220and 1221.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1222variables. 1223.Pp 1224If a 1225.Va vlans_ Ns Aq Ar interface 1226variable is set, 1227a 1228.Xr vlan 4 1229interface will be created for each item in the list with the 1230.Ar vlandev 1231argument set to 1232.Ar interface . 1233If a vlan interface's name is a number, 1234then that number is used as the vlan tag and the new vlan interface is 1235named 1236.Ar interface . Ns Ar tag . 1237Otherwise, 1238the vlan tag must be specified via a 1239.Va vlan 1240parameter in the 1241.Va create_args_ Ns Aq Ar interface 1242variable. 1243.Pp 1244To create a vlan device named 1245.Li em0.101 1246on 1247.Li em0 1248with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1249.Bd -literal 1250vlans_em0="101" 1251ifconfig_em0_101="inet 192.0.2.1/24" 1252.Ed 1253.Pp 1254To create a vlan device named 1255.Li myvlan 1256on 1257.Li em0 1258with the vlan tag 102: 1259.Bd -literal 1260vlans_em0="myvlan" 1261create_args_myvlan="vlan 102" 1262.Ed 1263.Pp 1264If a 1265.Va wlans_ Ns Aq Ar interface 1266variable is set, 1267an 1268.Xr wlan 4 1269interface will be created for each item in the list with the 1270.Ar wlandev 1271argument set to 1272.Ar interface . 1273Further wlan cloning arguments may be passed to the 1274.Xr ifconfig 8 1275.Cm create 1276command by setting the 1277.Va create_args_ Ns Aq Ar interface 1278variable. 1279One or more 1280.Xr wlan 4 1281devices must be created for each wireless devices as of 1282.Fx 8.0 . 1283Debugging flags for 1284.Xr wlan 4 1285devices as set by 1286.Xr wlandebug 8 1287may be specified with an 1288.Va wlandebug_ Ns Aq Ar interface 1289variable. 1290The contents of this variable will be passed directly to 1291.Xr wlandebug 8 . 1292.Pp 1293If the 1294.Va ifconfig_ Ns Aq Ar interface 1295contains the keyword 1296.Dq Li NOAUTO 1297then the interface will not be configured 1298at boot or by 1299.Pa /etc/pccard_ether 1300when 1301.Va network_interfaces 1302is set to 1303.Dq Li AUTO . 1304.Pp 1305It is possible to bring up an interface with DHCP by adding 1306.Dq Li DHCP 1307to the 1308.Va ifconfig_ Ns Aq Ar interface 1309variable. 1310For instance, to initialize the 1311.Li ed0 1312device via DHCP, 1313it is possible to use something like: 1314.Bd -literal 1315ifconfig_ed0="DHCP" 1316.Ed 1317.Pp 1318If you want to configure your wireless interface with 1319.Xr wpa_supplicant 8 1320for use with WPA, EAP/LEAP or WEP, you need to add 1321.Dq Li WPA 1322to the 1323.Va ifconfig_ Ns Aq Ar interface 1324variable. 1325.Pp 1326On the other hand, if you want to configure your wireless interface with 1327.Xr hostapd 8 , 1328you need to add 1329.Dq Li HOSTAP 1330to the 1331.Va ifconfig_ Ns Aq Ar interface 1332variable. 1333.Xr hostapd 8 1334will use the settings from 1335.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1336.Pp 1337Finally, you can add 1338.Xr ifconfig 8 1339options in this variable, in addition to the 1340.Pa /etc/start_if. Ns Aq Ar interface 1341file. 1342For instance, to configure an 1343.Xr ath 4 1344wireless device in station mode with an address obtained 1345via DHCP, using WPA authentication and 802.11b mode, it is 1346possible to use something like: 1347.Bd -literal 1348wlans_ath0="wlan0" 1349ifconfig_wlan0="DHCP WPA mode 11b" 1350.Ed 1351.Pp 1352In addition to the 1353.Va ifconfig_ Ns Aq Ar interface 1354form, a fallback variable 1355.Va ifconfig_DEFAULT 1356may be configured. 1357It will be used for all interfaces with no 1358.Va ifconfig_ Ns Aq Ar interface 1359variable. 1360This is intended to replace the no longer supported 1361.Va pccard_ifconfig 1362variable. 1363.Pp 1364It is also possible to rename an interface by doing: 1365.Bd -literal 1366ifconfig_ed0_name="net0" 1367ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1368.Ed 1369.It Va ipv6_enable 1370.Pq Vt bool 1371This variable is deprecated. 1372Use 1373.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1374and 1375.Va ipv6_activate_all_interfaces 1376if necessary. 1377.Pp 1378If the variable is 1379.Dq Li YES , 1380.Dq Li inet6 accept_rtadv 1381is added to all of 1382.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1383and the 1384.Va ipv6_activate_all_interfaces 1385is defined as 1386.Dq Li YES . 1387.It Va ipv6_prefer 1388.Pq Vt bool 1389This variable is deprecated. 1390Use 1391.Va ip6addrctl_policy 1392instead. 1393.Pp 1394If the variable is 1395.Dq Li YES , 1396the default address selection policy table set by 1397.Xr ip6addrctl 8 1398will be IPv6-preferred. 1399.Pp 1400If the variable is 1401.Dq Li NO , 1402the default address selection policy table set by 1403.Xr ip6addrctl 8 1404will be IPv4-preferred. 1405.It Va ipv6_activate_all_interfaces 1406.Pq Vt bool 1407This controls initial configuration on IPv6-capable 1408interfaces with no corresponding 1409.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1410variable. 1411Note that it is not always necessary to set this variable to 1412.Dq YES 1413to use IPv6 functionality on 1414.Fx . 1415In most cases, just configuring 1416.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1417variables works. 1418.Pp 1419If the variable is 1420.Dq Li NO , 1421all interfaces which do not have a corresponding 1422.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1423variable will be marked as 1424.Dq Li IFDISABLED 1425at creation. 1426This means that all of IPv6 functionality on that interface 1427is completely disabled to enforce a security policy. 1428If the variable is set to 1429.Dq YES , 1430the flag will be cleared on all of the interfaces. 1431.Pp 1432In most cases, just defining an 1433.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1434for an IPv6-capable interface should be sufficient. 1435However, if an interface is added dynamically 1436.Pq by some tunneling protocols such as PPP, for example , 1437it is often difficult to define the variable in advance. 1438In such a case, configuring the 1439.Dq Li IFDISABLED 1440flag can be disabled by setting this variable to 1441.Dq YES . 1442.Pp 1443For more details of the 1444.Dq Li IFDISABLED 1445flag and keywords 1446.Dq Li inet6 ifdisabled , 1447see 1448.Xr ifconfig 8 . 1449.Pp 1450Default is 1451.Dq Li NO . 1452.It Va ipv6_privacy 1453.Pq Vt bool 1454If the variable is 1455.Dq Li YES 1456privacy addresses will be generated for each IPv6 1457interface as described in RFC 4941. 1458.It Va ipv6_network_interfaces 1459.Pq Vt str 1460This is the IPv6 equivalent of 1461.Va network_interfaces . 1462Normally manual configuration of this variable is not needed. 1463.Pp 1464.It Va ipv6_cpe_wanif 1465.Pq Vt str 1466If the variable is set to an interface name, 1467the 1468.Xr ifconfig 8 1469options 1470.Dq inet6 -no_radr accept_rtadv 1471will be added to the specified interface automatically before evaluating 1472.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1473and two 1474.Xr sysctl 8 1475variables 1476.Va net.inet6.ip6.rfc6204w3 1477and 1478.Va net.inet6.ip6.no_radr 1479will be set to 1. 1480.Pp 1481This means the specified interface will accept ICMPv6 Router 1482Advertisement messages on that link and add the discovered 1483routers into the Default Router List. 1484While the other interfaces can still accept RA messages if the 1485.Dq inet6 accept_rtadv 1486option is specified, adding 1487routes into the Default Router List will be disabled by 1488.Dq inet6 no_radr 1489option by default. 1490See 1491.Xr ifconfig 8 1492for more details. 1493.Pp 1494Note that ICMPv6 Router Advertisement messages will be 1495accepted even when 1496.Va net.inet6.ip6.forwarding 1497is 1 1498.Pq packet forwarding is enabled 1499when 1500.Va net.inet6.ip6.rfc6204w3 1501is set to 1. 1502.Pp 1503Default is 1504.Dq Li NO . 1505.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1506.Pq Vt str 1507IPv6 functionality on an interface should be configured by 1508.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1509instead of setting ifconfig parameters in 1510.Va ifconfig_ Ns Aq Ar interface . 1511If this variable is empty, all of IPv6 configurations on the 1512specified interface by other variables such as 1513.Va ipv6_prefix_ Ns Ao Ar interface Ac 1514will be ignored. 1515.Pp 1516Aliases should be set by 1517.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1518with 1519.Dq Li inet6 1520keyword. 1521For example: 1522.Bd -literal 1523ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1524ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1525.Ed 1526.Pp 1527Interfaces that have an 1528.Dq Li inet6 accept_rtadv 1529keyword in 1530.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1531setting will be automatically configured by SLAAC 1532.Pq StateLess Address AutoConfiguration 1533described in 1534.Rs 1535.%T "RFC 4862" 1536.Re 1537.Pp 1538Note that a link-local address will be automatically configured in 1539addition to the configured global-scope addresses because the IPv6 1540specifications require it on each link. 1541The address is calculated from the MAC address by using an algorithm 1542defined in 1543.Rs 1544.%T "RFC 4862" 1545.%O "Section 5.3" 1546.Re 1547.Pp 1548If only a link-local address is needed on the interface, 1549the following configuration can be used: 1550.Bd -literal 1551ifconfig_ed0_ipv6="inet6 auto_linklocal" 1552.Ed 1553.Pp 1554A link-local address can also be configured manually. 1555This is useful for the default router address of an IPv6 router 1556so that it does not change when the network interface 1557card is replaced. 1558For example: 1559.Bd -literal 1560ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1561.Ed 1562.It Va ipv6_prefix_ Ns Aq Ar interface 1563.Pq Vt str 1564If one or more prefixes are defined in 1565.Va ipv6_prefix_ Ns Aq Ar interface 1566addresses based on each prefix and the EUI-64 interface index will be 1567configured on that interface. 1568Note that this variable will be ignored when 1569.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1570is empty. 1571.Pp 1572For example, the following configuration 1573.Bd -literal 1574ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1575.Ed 1576.Pp 1577is equivalent to the following: 1578.Bd -literal 1579ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1580ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1581ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1582ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1583.Ed 1584.Pp 1585These Subnet-Router anycast addresses will be added only when 1586.Va ipv6_gateway_enable 1587is YES. 1588.It Va ipv6_default_interface 1589.Pq Vt str 1590If not set to 1591.Dq Li NO , 1592this is the default output interface for scoped addresses. 1593This works only with ipv6_gateway_enable="NO". 1594.It Va ip6addrctl_enable 1595.Pq Vt bool 1596This variable is to enable configuring default address selection policy table 1597.Pq RFC 3484 . 1598The table can be specified in another variable 1599.Va ip6addrctl_policy . 1600For 1601.Va ip6addrctl_policy 1602the following keywords can be specified: 1603.Dq Li ipv4_prefer , 1604.Dq Li ipv6_prefer , 1605or 1606.Dq Li AUTO . 1607.Pp 1608If 1609.Dq Li ipv4_prefer 1610or 1611.Dq Li ipv6_prefer 1612is specified, 1613.Xr ip6addrctl 8 1614installs a pre-defined policy table described in Section 2.1 1615.Pq IPv6-preferred 1616or 10.3 1617.Pq IPv4-preferred 1618of RFC 3484. 1619.Pp 1620If 1621.Dq Li AUTO 1622is specified, it attempts to read a file 1623.Pa /etc/ip6addrctl.conf 1624first. 1625If this file is found, 1626.Xr ip6addrctl 8 1627reads and installs it. 1628If not found, a policy is automatically set 1629according to 1630.Va ipv6_activate_all_interfaces 1631variable; if the variable is set to 1632.Dq Li YES 1633the IPv6-preferred one is used. 1634Otherwise IPv4-preferred. 1635.Pp 1636The default value of 1637.Va ip6addrctl_enable 1638and 1639.Va ip6addrctl_policy 1640are 1641.Dq Li YES 1642and 1643.Dq Li AUTO , 1644respectively. 1645.It Va cloned_interfaces 1646.Pq Vt str 1647Set to the list of clonable network interfaces to create on this host. 1648Further cloning arguments may be passed to the 1649.Xr ifconfig 8 1650.Cm create 1651command for each interface by setting the 1652.Va create_args_ Ns Aq Ar interface 1653variable. 1654Entries in 1655.Va cloned_interfaces 1656are automatically appended to 1657.Va network_interfaces 1658for configuration. 1659.It Va fec_interfaces 1660.Pq Vt str 1661Set to the list of 1662.Xr ng_fec 4 1663Fast EtherChannel interfaces to configure on this host. 1664A 1665.Va fecconfig_ Ns Aq Ar interface 1666variable is assumed to exist for each value of 1667.Ar interface . 1668The value of this variable is used to configure link aggregated interfaces 1669according to the syntax of the 1670.Cm NGM_FEC_ADD_IFACE 1671to 1672.Xr ngctl 8 1673msg. 1674Additionally, this option ensures that each listed interface is created 1675via the 1676.Cm mkpeer 1677command to 1678.Xr ngctl 8 1679before attempting to configure it. 1680For example: 1681.Bd -literal 1682fec_interfaces="fec0" 1683fecconfig_fec0="em0 em1" 1684ifconfig_fec0="DHCP" 1685.Ed 1686.It Va gif_interfaces 1687.Pq Vt str 1688Set to the list of 1689.Xr gif 4 1690tunnel interfaces to configure on this host. 1691A 1692.Va gifconfig_ Ns Aq Ar interface 1693variable is assumed to exist for each value of 1694.Ar interface . 1695The value of this variable is used to configure the link layer of the 1696tunnel according to the syntax of the 1697.Cm tunnel 1698option to 1699.Xr ifconfig 8 . 1700Additionally, this option ensures that each listed interface is created 1701via the 1702.Cm create 1703option to 1704.Xr ifconfig 8 1705before attempting to configure it. 1706.It Va sppp_interfaces 1707.Pq Vt str 1708Set to the list of 1709.Xr sppp 4 1710interfaces to configure on this host. 1711A 1712.Va spppconfig_ Ns Aq Ar interface 1713variable is assumed to exist for each value of 1714.Ar interface . 1715Each interface should also be configured by a general 1716.Va ifconfig_ Ns Aq Ar interface 1717setting. 1718Refer to 1719.Xr spppcontrol 8 1720for more information about available options. 1721.It Va ppp_enable 1722.Pq Vt bool 1723If set to 1724.Dq Li YES , 1725run the 1726.Xr ppp 8 1727daemon. 1728.It Va ppp_profile 1729.Pq Vt str 1730The name of the profile to use from 1731.Pa /etc/ppp/ppp.conf . 1732Also used for per-profile overrides of 1733.Va ppp_mode 1734and 1735.Va ppp_nat , 1736and 1737.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1738When the profile name contains any of the characters 1739.Dq Li .-/+ 1740they are translated to 1741.Dq Li _ 1742for the proposes of the override variable names. 1743.It Va ppp_mode 1744.Pq Vt str 1745Mode in which to run the 1746.Xr ppp 8 1747daemon. 1748.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1749.Pq Vt str 1750Overrides the global 1751.Va ppp_mode 1752for 1753.Ar profile . 1754Accepted modes are 1755.Dq Li auto , 1756.Dq Li ddial , 1757.Dq Li direct 1758and 1759.Dq Li dedicated . 1760See the manual for a full description. 1761.It Va ppp_nat 1762.Pq Vt bool 1763If set to 1764.Dq Li YES , 1765enables network address translation. 1766Used in conjunction with 1767.Va gateway_enable 1768allows hosts on private network addresses access to the Internet using 1769this host as a network address translating router. 1770.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1771.Pq Vt str 1772Overrides the global 1773.Va ppp_nat 1774for 1775.Ar profile . 1776.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1777.Pq Vt int 1778Set the unit number to be used for this profile. 1779See the manual description of 1780.Fl unit Ns Ar N 1781for details. 1782.It Va ppp_user 1783.Pq Vt str 1784The name of the user under which 1785.Xr ppp 8 1786should be started. 1787By 1788default, 1789.Xr ppp 8 1790is started as 1791.Dq Li root . 1792.It Va rc_conf_files 1793.Pq Vt str 1794This option is used to specify a list of files that will override 1795the settings in 1796.Pa /etc/defaults/rc.conf . 1797The files will be read in the order in which they are specified and should 1798include the full path to the file. 1799By default, the files specified are 1800.Pa /etc/rc.conf 1801and 1802.Pa /etc/rc.conf.local 1803.It Va zfs_enable 1804.Pq Vt bool 1805If set to 1806.Dq Li YES , 1807.Pa /etc/rc.d/zfs 1808will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1809(ZVOLs). 1810.It Va gptboot_enable 1811.Pq Vt bool 1812If set to 1813.Dq Li YES , 1814.Pa /etc/rc.d/gptboot 1815will log if the system successfully (or not) booted from a GPT partition, 1816which had the 1817.Ar bootonce 1818attribute set using 1819.Xr gpart 8 1820utility. 1821.It Va gbde_autoattach_all 1822.Pq Vt bool 1823If set to 1824.Dq Li YES , 1825.Pa /etc/rc.d/gbde 1826will attempt to automatically initialize your .bde devices in 1827.Pa /etc/fstab . 1828.It Va gbde_devices 1829.Pq Vt str 1830List the devices that the script should try to attach, 1831or 1832.Dq Li AUTO . 1833.It Va gbde_lockdir 1834.Pq Vt str 1835The directory where the 1836.Xr gbde 4 1837lockfiles are located. 1838The default lockfile directory is 1839.Pa /etc . 1840.Pp 1841The lockfile for each individual 1842.Xr gbde 4 1843device can be overridden by setting the variable 1844.Va gbde_lock_ Ns Aq Ar device , 1845where 1846.Ar device 1847is the encrypted device without the 1848.Dq Pa /dev/ 1849and 1850.Dq Pa .bde 1851parts. 1852.It Va gbde_attach_attempts 1853.Pq Vt int 1854Number of times to attempt attaching to a 1855.Xr gbde 4 1856device, i.e., how many times the user is asked for the pass-phrase. 1857Default is 3. 1858.It Va geli_devices 1859.Pq Vt str 1860List of devices to automatically attach on boot. 1861Note that .eli devices from 1862.Pa /etc/fstab 1863are automatically appended to this list. 1864.It Va geli_tries 1865.Pq Vt int 1866Number of times user is asked for the pass-phrase. 1867If empty, it will be taken from 1868.Va kern.geom.eli.tries 1869sysctl variable. 1870.It Va geli_default_flags 1871.Pq Vt str 1872Default flags to use by 1873.Xr geli 8 1874when configuring disk encryption. 1875Flags can be configured for every device separately by defining 1876.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1877variable. 1878.It Va geli_autodetach 1879.Pq Vt str 1880Specifies if GELI devices should be marked for detach on last close after 1881file systems are mounted. 1882Default is 1883.Dq Li YES . 1884This can be changed for every device separately by defining 1885.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1886variable. 1887.It Va root_rw_mount 1888.Pq Vt bool 1889Set to 1890.Dq Li YES 1891by default. 1892After the file systems are checked at boot time, the root file system 1893is remounted as read-write if this is set to 1894.Dq Li YES . 1895Diskless systems that mount their root file system from a read-only remote 1896NFS share should set this to 1897.Dq Li NO 1898in their 1899.Pa rc.conf . 1900.It Va fsck_y_enable 1901.Pq Vt bool 1902If set to 1903.Dq Li YES , 1904.Xr fsck 8 1905will be run with the 1906.Fl y 1907flag if the initial preen 1908of the file systems fails. 1909.It Va background_fsck 1910.Pq Vt bool 1911If set to 1912.Dq Li YES , 1913the system will attempt to run 1914.Xr fsck 8 1915in the background where possible. 1916.It Va background_fsck_delay 1917.Pq Vt int 1918The amount of time in seconds to sleep before starting a background 1919.Xr fsck 8 . 1920It defaults to sixty seconds to allow large applications such as 1921the X server to start before disk I/O bandwidth is monopolized by 1922.Xr fsck 8 . 1923If set to a negative number, the background file system check will be 1924delayed indefinitely to allow the administrator to run it at a more 1925convenient time. 1926For example it may be run from 1927.Xr cron 8 1928by adding a line like 1929.Pp 1930.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1931.Pp 1932to 1933.Pa /etc/crontab . 1934.It Va netfs_types 1935.Pq Vt str 1936List of file system types that are network-based. 1937This list should generally not be modified by end users. 1938Use 1939.Va extra_netfs_types 1940instead. 1941.It Va extra_netfs_types 1942.Pq Vt str 1943If set to something other than 1944.Dq Li NO 1945(the default), 1946this variable extends the list of file system types 1947for which automatic mounting at startup by 1948.Xr rc 8 1949should be delayed until the network is initialized. 1950It should contain 1951a whitespace-separated list of network file system descriptor pairs, 1952each consisting of a file system type as passed to 1953.Xr mount 8 1954and a human-readable, one-word description, 1955joined with a colon 1956.Pq Ql \&: . 1957Extending the default list in this way is only necessary 1958when third party file system types are used. 1959.It Va syslogd_enable 1960.Pq Vt bool 1961If set to 1962.Dq Li YES , 1963run the 1964.Xr syslogd 8 1965daemon. 1966.It Va syslogd_program 1967.Pq Vt str 1968Path to 1969.Xr syslogd 8 1970(default 1971.Pa /usr/sbin/syslogd ) . 1972.It Va syslogd_flags 1973.Pq Vt str 1974If 1975.Va syslogd_enable 1976is set to 1977.Dq Li YES , 1978these are the flags to pass to 1979.Xr syslogd 8 . 1980.It Va inetd_enable 1981.Pq Vt bool 1982If set to 1983.Dq Li YES , 1984run the 1985.Xr inetd 8 1986daemon. 1987.It Va inetd_program 1988.Pq Vt str 1989Path to 1990.Xr inetd 8 1991(default 1992.Pa /usr/sbin/inetd ) . 1993.It Va inetd_flags 1994.Pq Vt str 1995If 1996.Va inetd_enable 1997is set to 1998.Dq Li YES , 1999these are the flags to pass to 2000.Xr inetd 8 . 2001.It Va hastd_enable 2002.Pq Vt bool 2003If set to 2004.Dq Li YES , 2005run the 2006.Xr hastd 8 2007daemon. 2008.It Va hastd_program 2009.Pq Vt str 2010Path to 2011.Xr hastd 8 2012(default 2013.Pa /sbin/hastd ) . 2014.It Va hastd_flags 2015.Pq Vt str 2016If 2017.Va hastd_enable 2018is set to 2019.Dq Li YES , 2020these are the flags to pass to 2021.Xr hastd 8 . 2022.It Va named_enable 2023.Pq Vt bool 2024If set to 2025.Dq Li YES , 2026run the 2027.Xr named 8 2028daemon. 2029.It Va named_program 2030.Pq Vt str 2031Path to 2032.Xr named 8 2033(default 2034.Pa /usr/sbin/named ) . 2035.It Va named_conf 2036.Pq Vt str 2037Path to 2038.Xr named 8 2039configuration file, (default 2040.Pa /etc/namedb/named.conf ) . 2041.It Va named_flags 2042.Pq Vt str 2043If 2044.Va named_enable 2045is set to 2046.Dq Li YES , 2047these are the flags to pass to 2048.Xr named 8 . 2049.It Va named_uid 2050.Pq Vt str 2051The user that the 2052.Xr named 8 2053process should be run as. 2054.It Va named_chrootdir 2055.Pq Vt str 2056The root directory for a name server run in a 2057.Xr chroot 8 2058environment (default 2059.Pa /var/named ) . 2060If left empty 2061.Xr named 8 2062will not be run in a 2063.Xr chroot 8 2064environment. 2065.It Va named_chroot_autoupdate 2066.Pq Vt bool 2067Set to 2068.Dq Li NO 2069to disable automatic update of the 2070.Xr chroot 8 2071environment. 2072.It Va named_symlink_enable 2073.Pq Vt bool 2074Set to 2075.Dq Li NO 2076to disable symlinking of 2077daemon's PID file 2078into the 2079.Xr chroot 8 2080environment. 2081.It Va named_wait 2082.Pq Vt bool 2083Set to have 2084.Pa /etc/rc.d/named 2085loop until working name service is established. 2086.It Va named_wait_host 2087.Pq Vt str 2088Name of host to lookup for the named_wait option. 2089(Default localhost) 2090.It Va named_auto_forward 2091.Pq Vt bool 2092Set to enable automatic creation of a forwarder 2093configuration file derived from 2094.Pa /etc/resolv.conf . 2095.It Va named_auto_forward_only 2096.Pq Vt bool 2097Set to change the default forwarder configuration from 2098.Dq forward first 2099to 2100.Dq forward only . 2101.It Va kerberos5_server_enable 2102.Pq Vt bool 2103Set to 2104.Dq Li YES 2105to start a Kerberos 5 authentication server 2106at boot time. 2107.It Va kerberos5_server 2108.Pq Vt str 2109If 2110.Va kerberos5_server_enable 2111is set to 2112.Dq Li YES 2113this is the path to Kerberos 5 Authentication Server. 2114.It Va kerberos5_server_flags 2115.Pq Vt str 2116Empty by default. 2117This variable contains additional flags to be passed to the Kerberos 5 2118authentication server. 2119.It Va kadmind5_server_enable 2120.Pq Vt bool 2121Set to 2122.Dq Li YES 2123to start 2124.Xr kadmind 8 , 2125the Kerberos 5 Administration Daemon; set to 2126.Dq Li NO 2127on a slave server. 2128.It Va kadmind5_server 2129.Pq Vt str 2130If 2131.Va kadmind5_server_enable 2132is set to 2133.Dq Li YES 2134this is the path to Kerberos 5 Administration Daemon. 2135.It Va kpasswdd_server_enable 2136.Pq Vt bool 2137Set to 2138.Dq Li YES 2139to start 2140.Xr kpasswdd 8 , 2141the Kerberos 5 Password-Changing Daemon; set to 2142.Dq Li NO 2143on a slave server. 2144.It Va kpasswdd_server 2145.Pq Vt str 2146If 2147.Va kpasswdd_server_enable 2148is set to 2149.Dq Li YES 2150this is the path to Kerberos 5 Password-Changing Daemon. 2151.It Va kfd_enable 2152.Pq Vt bool 2153Set to 2154.Dq Li YES 2155to start 2156.Xr kfd 8 , 2157the Kerberos 5 ticket forwarding daemon, at the boot time. 2158.It Va kfd_program 2159.Pq Vt str 2160Path to 2161.Xr kfd 8 2162(default 2163.Pa /usr/libexec/kfd ) . 2164.It Va rwhod_enable 2165.Pq Vt bool 2166If set to 2167.Dq Li YES , 2168run the 2169.Xr rwhod 8 2170daemon at boot time. 2171.It Va rwhod_flags 2172.Pq Vt str 2173If 2174.Va rwhod_enable 2175is set to 2176.Dq Li YES , 2177these are the flags to pass to it. 2178.It Va amd_enable 2179.Pq Vt bool 2180If set to 2181.Dq Li YES , 2182run the 2183.Xr amd 8 2184daemon at boot time. 2185.It Va amd_flags 2186.Pq Vt str 2187If 2188.Va amd_enable 2189is set to 2190.Dq Li YES , 2191these are the flags to pass to it. 2192See the 2193.Xr amd 8 2194manpage for more information. 2195.It Va amd_map_program 2196.Pq Vt str 2197If set, 2198the specified program is run to get the list of 2199.Xr amd 8 2200maps. 2201For example, if the 2202.Xr amd 8 2203maps are stored in NIS, one can set this to 2204run 2205.Xr ypcat 1 2206to get a list of 2207.Xr amd 8 2208maps from the 2209.Pa amd.master 2210NIS map. 2211.It Va update_motd 2212.Pq Vt bool 2213If set to 2214.Dq Li YES , 2215.Pa /etc/motd 2216will be updated at boot time to reflect the kernel release 2217being run. 2218If set to 2219.Dq Li NO , 2220.Pa /etc/motd 2221will not be updated. 2222.It Va nfs_client_enable 2223.Pq Vt bool 2224If set to 2225.Dq Li YES , 2226run the NFS client daemons at boot time. 2227.It Va nfs_access_cache 2228.Pq Vt int 2229If 2230.Va nfs_client_enable 2231is set to 2232.Dq Li YES , 2233this can be set to 2234.Dq Li 0 2235to disable NFS ACCESS RPC caching, or to the number of seconds for which 2236NFS ACCESS 2237results should be cached. 2238A value of 2-10 seconds will substantially reduce network 2239traffic for many NFS operations. 2240.It Va nfs_server_enable 2241.Pq Vt bool 2242If set to 2243.Dq Li YES , 2244run the NFS server daemons at boot time. 2245.It Va nfs_server_flags 2246.Pq Vt str 2247If 2248.Va nfs_server_enable 2249is set to 2250.Dq Li YES , 2251these are the flags to pass to the 2252.Xr nfsd 8 2253daemon. 2254.It Va nfsv4_server_enable 2255.Pq Vt bool 2256If 2257.Va nfs_server_enable 2258is set to 2259.Dq Li YES 2260and 2261.Va nfsv4_server_enable 2262are set to 2263.Dq Li YES , 2264enable the server for NFSv4 as well as NFSv2 and NFSv3. 2265.It Va nfsuserd_enable 2266.Pq Vt bool 2267If 2268.Va nfsuserd_enable 2269is set to 2270.Dq Li YES , 2271run the nfsuserd daemon, which is needed for NFSv4 in order 2272to map between user/group names vs uid/gid numbers. 2273If 2274.Va nfsv4_server_enable 2275is set to 2276.Dq Li YES , 2277this will be forced enabled. 2278.It Va nfsuserd_flags 2279.Pq Vt str 2280If 2281.Va nfsuserd_enable 2282is set to 2283.Dq Li YES , 2284these are the flags to pass to the 2285.Xr nfsuserd 8 2286daemon. 2287.It Va nfscbd_enable 2288.Pq Vt bool 2289If 2290.Va nfscbd_enable 2291is set to 2292.Dq Li YES , 2293run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2294.It Va nfscbd_flags 2295.Pq Vt str 2296If 2297.Va nfscbd_enable 2298is set to 2299.Dq Li YES , 2300these are the flags to pass to the 2301.Xr nfscbd 8 2302daemon. 2303.It Va oldnfs_server_enable 2304.Pq Vt bool 2305If 2306.Va oldnfs_server_enable 2307is set to 2308.Dq Li YES , 2309force the NFS server daemons to run the old NFS server code 2310that does not support NFSv4. 2311.It Va mountd_enable 2312.Pq Vt bool 2313If set to 2314.Dq Li YES , 2315and no 2316.Va nfs_server_enable 2317is set, start 2318.Xr mountd 8 , 2319but not 2320.Xr nfsd 8 2321daemon. 2322It is commonly needed to run CFS without real NFS used. 2323.It Va mountd_flags 2324.Pq Vt str 2325If 2326.Va mountd_enable 2327is set to 2328.Dq Li YES , 2329these are the flags to pass to the 2330.Xr mountd 8 2331daemon. 2332.It Va weak_mountd_authentication 2333.Pq Vt bool 2334If set to 2335.Dq Li YES , 2336allow services like PCNFSD to make non-privileged mount 2337requests. 2338.It Va nfs_reserved_port_only 2339.Pq Vt bool 2340If set to 2341.Dq Li YES , 2342provide NFS services only on a secure port. 2343.It Va nfs_bufpackets 2344.Pq Vt int 2345If set to a number, indicates the number of packets worth of 2346socket buffer space to reserve on an NFS client. 2347The kernel default is typically 4. 2348Using a higher number may be 2349useful on gigabit networks to improve performance. 2350The minimum value is 23512 and the maximum is 64. 2352.It Va rpc_lockd_enable 2353.Pq Vt bool 2354If set to 2355.Dq Li YES 2356and also an NFS server or client, run 2357.Xr rpc.lockd 8 2358at boot time. 2359.It Va rpc_lockd_flags 2360.Pq Vt str 2361If 2362.Va rpc_lockd_enable 2363is set to 2364.Dq Li YES , 2365these are the flags to pass to the 2366.Xr rpc.lockd 8 2367daemon. 2368.It Va rpc_statd_enable 2369.Pq Vt bool 2370If set to 2371.Dq Li YES 2372and also an NFS server or client, run 2373.Xr rpc.statd 8 2374at boot time. 2375.It Va rpc_statd_flags 2376.Pq Vt str 2377If 2378.Va rpc_statd_enable 2379is set to 2380.Dq Li YES , 2381these are the flags to pass to the 2382.Xr rpc.statd 8 2383daemon. 2384.It Va rpcbind_program 2385.Pq Vt str 2386Path to 2387.Xr rpcbind 8 2388(default 2389.Pa /usr/sbin/rpcbind ) . 2390.It Va rpcbind_enable 2391.Pq Vt bool 2392If set to 2393.Dq Li YES , 2394run the 2395.Xr rpcbind 8 2396service at boot time. 2397.It Va rpcbind_flags 2398.Pq Vt str 2399If 2400.Va rpcbind_enable 2401is set to 2402.Dq Li YES , 2403these are the flags to pass to the 2404.Xr rpcbind 8 2405daemon. 2406.It Va keyserv_enable 2407.Pq Vt bool 2408If set to 2409.Dq Li YES , 2410run the 2411.Xr keyserv 8 2412daemon on boot for running Secure RPC. 2413.It Va keyserv_flags 2414.Pq Vt str 2415If 2416.Va keyserv_enable 2417is set to 2418.Dq Li YES , 2419these are the flags to pass to 2420.Xr keyserv 8 2421daemon. 2422.It Va pppoed_enable 2423.Pq Vt bool 2424If set to 2425.Dq Li YES , 2426run the 2427.Xr pppoed 8 2428daemon at boot time to provide PPP over Ethernet services. 2429.It Va pppoed_ Ns Aq Ar provider 2430.Pq Vt str 2431.Xr pppoed 8 2432listens to requests to this 2433.Ar provider 2434and ultimately runs 2435.Xr ppp 8 2436with a 2437.Ar system 2438argument of the same name. 2439.It Va pppoed_flags 2440.Pq Vt str 2441Additional flags to pass to 2442.Xr pppoed 8 . 2443.It Va pppoed_interface 2444.Pq Vt str 2445The network interface to run 2446.Xr pppoed 8 2447on. 2448This is mandatory when 2449.Va pppoed_enable 2450is set to 2451.Dq Li YES . 2452.It Va timed_enable 2453.Pq Vt bool 2454If set to 2455.Dq Li YES , 2456run the 2457.Xr timed 8 2458service at boot time. 2459This command is intended for networks of 2460machines where a consistent 2461.Dq "network time" 2462for all hosts must be established. 2463This is often useful in large NFS 2464environments where time stamps on files are expected to be consistent 2465network-wide. 2466.It Va timed_flags 2467.Pq Vt str 2468If 2469.Va timed_enable 2470is set to 2471.Dq Li YES , 2472these are the flags to pass to the 2473.Xr timed 8 2474service. 2475.It Va ntpdate_enable 2476.Pq Vt bool 2477If set to 2478.Dq Li YES , 2479run 2480.Xr ntpdate 8 2481at system startup. 2482This command is intended to 2483synchronize the system clock only 2484.Em once 2485from some standard reference. 2486.It Va ntpdate_config 2487.Pq Vt str 2488Configuration file for 2489.Xr ntpdate 8 . 2490Default 2491.Pa /etc/ntp.conf . 2492.It Va ntpdate_hosts 2493.Pq Vt str 2494A whitespace-separated list of NTP servers to synchronize with at startup. 2495The default is to use the servers listed in 2496.Va ntpdate_config , 2497if that file exists. 2498.It Va ntpdate_program 2499.Pq Vt str 2500Path to 2501.Xr ntpdate 8 2502(default 2503.Pa /usr/sbin/ntpdate ) . 2504.It Va ntpdate_flags 2505.Pq Vt str 2506If 2507.Va ntpdate_enable 2508is set to 2509.Dq Li YES , 2510these are the flags to pass to the 2511.Xr ntpdate 8 2512command (typically a hostname). 2513.It Va ntpd_enable 2514.Pq Vt bool 2515If set to 2516.Dq Li YES , 2517run the 2518.Xr ntpd 8 2519command at boot time. 2520.It Va ntpd_program 2521.Pq Vt str 2522Path to 2523.Xr ntpd 8 2524(default 2525.Pa /usr/sbin/ntpd ) . 2526.It Va ntpd_config 2527.Pq Vt str 2528Path to 2529.Xr ntpd 8 2530configuration file. 2531Default 2532.Pa /etc/ntp.conf . 2533.It Va ntpd_flags 2534.Pq Vt str 2535If 2536.Va ntpd_enable 2537is set to 2538.Dq Li YES , 2539these are the flags to pass to the 2540.Xr ntpd 8 2541daemon. 2542.It Va ntpd_sync_on_start 2543.Pq Vt bool 2544If set to 2545.Dq Li YES , 2546.Xr ntpd 8 2547is run with the 2548.Fl g 2549flag, which syncs the system's clock on startup. 2550See 2551.Xr ntpd 8 2552for more information regarding the 2553.Fl g 2554option. 2555This is a preferred alternative to using 2556.Xr ntpdate 8 2557or specifying the 2558.Va ntpdate_enable 2559variable. 2560.It Va nis_client_enable 2561.Pq Vt bool 2562If set to 2563.Dq Li YES , 2564run the 2565.Xr ypbind 8 2566service at system boot time. 2567.It Va nis_client_flags 2568.Pq Vt str 2569If 2570.Va nis_client_enable 2571is set to 2572.Dq Li YES , 2573these are the flags to pass to the 2574.Xr ypbind 8 2575service. 2576.It Va nis_ypset_enable 2577.Pq Vt bool 2578If set to 2579.Dq Li YES , 2580run the 2581.Xr ypset 8 2582daemon at system boot time. 2583.It Va nis_ypset_flags 2584.Pq Vt str 2585If 2586.Va nis_ypset_enable 2587is set to 2588.Dq Li YES , 2589these are the flags to pass to the 2590.Xr ypset 8 2591daemon. 2592.It Va nis_server_enable 2593.Pq Vt bool 2594If set to 2595.Dq Li YES , 2596run the 2597.Xr ypserv 8 2598daemon at system boot time. 2599.It Va nis_server_flags 2600.Pq Vt str 2601If 2602.Va nis_server_enable 2603is set to 2604.Dq Li YES , 2605these are the flags to pass to the 2606.Xr ypserv 8 2607daemon. 2608.It Va nis_ypxfrd_enable 2609.Pq Vt bool 2610If set to 2611.Dq Li YES , 2612run the 2613.Xr rpc.ypxfrd 8 2614daemon at system boot time. 2615.It Va nis_ypxfrd_flags 2616.Pq Vt str 2617If 2618.Va nis_ypxfrd_enable 2619is set to 2620.Dq Li YES , 2621these are the flags to pass to the 2622.Xr rpc.ypxfrd 8 2623daemon. 2624.It Va nis_yppasswdd_enable 2625.Pq Vt bool 2626If set to 2627.Dq Li YES , 2628run the 2629.Xr rpc.yppasswdd 8 2630daemon at system boot time. 2631.It Va nis_yppasswdd_flags 2632.Pq Vt str 2633If 2634.Va nis_yppasswdd_enable 2635is set to 2636.Dq Li YES , 2637these are the flags to pass to the 2638.Xr rpc.yppasswdd 8 2639daemon. 2640.It Va rpc_ypupdated_enable 2641.Pq Vt bool 2642If set to 2643.Dq Li YES , 2644run the 2645.Nm rpc.ypupdated 2646daemon at system boot time. 2647.It Va bsnmpd_enable 2648.Pq Vt bool 2649If set to 2650.Dq Li YES , 2651run the 2652.Xr bsnmpd 1 2653daemon at system boot time. 2654Be sure to understand the security implications of running SNMP daemon 2655on your host. 2656.It Va bsnmpd_flags 2657.Pq Vt str 2658If 2659.Va bsnmpd_enable 2660is set to 2661.Dq Li YES , 2662these are the flags to pass to the 2663.Xr bsnmpd 1 2664daemon. 2665.It Va defaultrouter 2666.Pq Vt str 2667If not set to 2668.Dq Li NO , 2669create a default route to this host name or IP address 2670(use an IP address if this router is also required to get to the 2671name server!). 2672.It Va ipv6_defaultrouter 2673.Pq Vt str 2674The IPv6 equivalent of 2675.Va defaultrouter . 2676.It Va static_arp_pairs 2677.Pq Vt str 2678Set to the list of static ARP pairs that are to be added at system 2679boot time. 2680For each whitespace separated 2681.Ar element 2682in the value, a 2683.Va static_arp_ Ns Aq Ar element 2684variable is assumed to exist whose contents will later be passed to a 2685.Dq Nm arp Cm -S 2686operation. 2687For example 2688.Bd -literal 2689static_arp_pairs="gw" 2690static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2691.Ed 2692.It Va static_ndp_pairs 2693.Pq Vt str 2694Set to the list of static NDP pairs that are to be added at system 2695boot time. 2696For each whitespace separated 2697.Ar element 2698in the value, a 2699.Va static_ndp_ Ns Aq Ar element 2700variable is assumed to exist whose contents will later be passed to a 2701.Dq Nm ndp Cm -s 2702operation. 2703For example 2704.Bd -literal 2705static_ndp_pairs="gw" 2706static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2707.Ed 2708.It Va static_routes 2709.Pq Vt str 2710Set to the list of static routes that are to be added at system 2711boot time. 2712If not set to 2713.Dq Li NO 2714then for each whitespace separated 2715.Ar element 2716in the value, a 2717.Va route_ Ns Aq Ar element 2718variable is assumed to exist 2719whose contents will later be passed to a 2720.Dq Nm route Cm add 2721operation. 2722For example: 2723.Bd -literal 2724static_routes="ext mcast:gif0 gif0local:gif0" 2725route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2726route_mcast="-net 224.0.0.0/4 -iface gif0" 2727route_gif0local="-host 169.254.1.1 -iface lo0" 2728.Ed 2729.Pp 2730When an 2731.Ar element 2732is in the form of 2733.Li name:ifname , 2734the route is specific to the interface 2735.Li ifname . 2736.It Va ipv6_static_routes 2737.Pq Vt str 2738The IPv6 equivalent of 2739.Va static_routes . 2740If not set to 2741.Dq Li NO 2742then for each whitespace separated 2743.Ar element 2744in the value, a 2745.Va ipv6_route_ Ns Aq Ar element 2746variable is assumed to exist 2747whose contents will later be passed to a 2748.Dq Nm route Cm add Fl inet6 2749operation. 2750.It Va natm_static_routes 2751.Pq Vt str 2752The 2753.Xr natmip 4 2754equivalent of 2755.Va static_routes . 2756If not empty then for each whitespace separated 2757.Ar element 2758in the value, a 2759.Va route_ Ns Aq Ar element 2760variable is assumed to exist whose contents will later be passed to a 2761.Dq Nm atmconfig Cm natm Cm add 2762operation. 2763.It Va gateway_enable 2764.Pq Vt bool 2765If set to 2766.Dq Li YES , 2767configure host to act as an IP router, e.g.\& to forward packets 2768between interfaces. 2769.It Va ipv6_gateway_enable 2770.Pq Vt bool 2771The IPv6 equivalent of 2772.Va gateway_enable . 2773.It Va routed_enable 2774.Pq Vt bool 2775If set to 2776.Dq Li YES , 2777run a routing daemon of some sort, based on the 2778settings of 2779.Va routed_program 2780and 2781.Va routed_flags . 2782.It Va route6d_enable 2783.Pq Vt bool 2784The IPv6 equivalent of 2785.Va routed_enable . 2786If set to 2787.Dq Li YES , 2788run a routing daemon of some sort, based on the 2789settings of 2790.Va route6d_program 2791and 2792.Va route6d_flags . 2793.It Va routed_program 2794.Pq Vt str 2795If 2796.Va routed_enable 2797is set to 2798.Dq Li YES , 2799this is the name of the routing daemon to use. 2800.It Va route6d_program 2801.Pq Vt str 2802The IPv6 equivalent of 2803.Va routed_program . 2804.It Va routed_flags 2805.Pq Vt str 2806If 2807.Va routed_enable 2808is set to 2809.Dq Li YES , 2810these are the flags to pass to the routing daemon. 2811.It Va route6d_flags 2812.Pq Vt str 2813The IPv6 equivalent of 2814.Va routed_flags . 2815.It Va mrouted_enable 2816.Pq Vt bool 2817If set to 2818.Dq Li YES , 2819run the multicast routing daemon, 2820.Xr mrouted 8 . 2821.It Va mroute6d_enable 2822.Pq Vt bool 2823The IPv6 equivalent of 2824.Va mrouted_enable . 2825If set to 2826.Dq Li YES , 2827run the IPv6 multicast routing daemon. 2828.Pp 2829Note that multicast routing daemons are no longer included in the 2830.Fx 2831base system, however, both 2832.Xr mrouted 8 2833and 2834.Xr pim6dd 8 2835may be installed from the 2836.Fx 2837Ports Collection. 2838.It Va mrouted_flags 2839.Pq Vt str 2840If 2841.Va mrouted_enable 2842is set to 2843.Dq Li YES , 2844these are the flags to pass to the 2845.Xr mrouted 8 2846daemon. 2847.It Va mroute6d_flags 2848.Pq Vt str 2849The IPv6 equivalent of 2850.Va mrouted_flags . 2851If 2852.Va mroute6d_enable 2853is set to 2854.Dq Li YES , 2855these are the flags passed to the IPv6 multicast routing daemon. 2856.It Va mroute6d_program 2857.Pq Vt str 2858If 2859.Va mroute6d_enable 2860is set to 2861.Dq Li YES , 2862this is the path to the IPv6 multicast routing daemon. 2863.It Va rtadvd_enable 2864.Pq Vt bool 2865If set to 2866.Dq Li YES , 2867run the 2868.Xr rtadvd 8 2869daemon at boot time. 2870The 2871.Xr rtadvd 8 2872utility sends ICMPv6 Router Advertisement messages to 2873the interfaces specified in 2874.Va rtadvd_interfaces . 2875This should only be enabled with great care. 2876You may want to fine-tune 2877.Xr rtadvd.conf 5 . 2878.It Va rtadvd_interfaces 2879.Pq Vt str 2880If 2881.Va rtadvd_enable 2882is set to 2883.Dq Li YES 2884this is the list of interfaces to use. 2885.It Va ipxgateway_enable 2886.Pq Vt bool 2887If set to 2888.Dq Li YES , 2889enable the routing of IPX traffic. 2890.It Va ipxrouted_enable 2891.Pq Vt bool 2892If set to 2893.Dq Li YES , 2894run the 2895.Xr IPXrouted 8 2896daemon at system boot time. 2897.It Va ipxrouted_flags 2898.Pq Vt str 2899If 2900.Va ipxrouted_enable 2901is set to 2902.Dq Li YES , 2903these are the flags to pass to the 2904.Xr IPXrouted 8 2905daemon. 2906.It Va arpproxy_all 2907.Pq Vt bool 2908If set to 2909.Dq Li YES , 2910enable global proxy ARP. 2911.It Va forward_sourceroute 2912.Pq Vt bool 2913If set to 2914.Dq Li YES 2915and 2916.Va gateway_enable 2917is also set to 2918.Dq Li YES , 2919source-routed packets are forwarded. 2920.It Va accept_sourceroute 2921.Pq Vt bool 2922If set to 2923.Dq Li YES , 2924the system will accept source-routed packets directed at it. 2925.It Va rarpd_enable 2926.Pq Vt bool 2927If set to 2928.Dq Li YES , 2929run the 2930.Xr rarpd 8 2931daemon at system boot time. 2932.It Va rarpd_flags 2933.Pq Vt str 2934If 2935.Va rarpd_enable 2936is set to 2937.Dq Li YES , 2938these are the flags to pass to the 2939.Xr rarpd 8 2940daemon. 2941.It Va bootparamd_enable 2942.Pq Vt bool 2943If set to 2944.Dq Li YES , 2945run the 2946.Xr bootparamd 8 2947daemon at system boot time. 2948.It Va bootparamd_flags 2949.Pq Vt str 2950If 2951.Va bootparamd_enable 2952is set to 2953.Dq Li YES , 2954these are the flags to pass to the 2955.Xr bootparamd 8 2956daemon. 2957.It Va stf_interface_ipv4addr 2958.Pq Vt str 2959If not set to 2960.Dq Li NO , 2961this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2962interface). 2963Specify this entry to enable the 6to4 interface. 2964.It Va stf_interface_ipv4plen 2965.Pq Vt int 2966Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2967An effective value is 0-31. 2968.It Va stf_interface_ipv6_ifid 2969.Pq Vt str 2970IPv6 interface ID for 2971.Xr stf 4 . 2972This can be set to 2973.Dq Li AUTO . 2974.It Va stf_interface_ipv6_slaid 2975.Pq Vt str 2976IPv6 Site Level Aggregator for 2977.Xr stf 4 . 2978.It Va ipv6_faith_prefix 2979.Pq Vt str 2980If not set to 2981.Dq Li NO , 2982this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2983translator. 2984You also need 2985.Xr faithd 8 2986setup. 2987.It Va ipv6_ipv4mapping 2988.Pq Vt bool 2989If set to 2990.Dq Li YES 2991this enables IPv4 mapped IPv6 address communication (like 2992.Li ::ffff:a.b.c.d ) . 2993.It Va rtsold_enable 2994.Pq Vt bool 2995Set to 2996.Dq Li YES 2997to enable the 2998.Xr rtsold 8 2999daemon to send ICMPv6 Router Solicitation messages. 3000.It Va rtsold_flags 3001.Pq Vt str 3002If 3003.Va rtsold_enable 3004is set to 3005.Dq Li YES , 3006these are the flags to pass to 3007.Xr rtsold 8 . 3008.It Va rtsol_flags 3009.Pq Vt str 3010For interfaces configured with the 3011.Dq Li inet6 accept_rtadv 3012keyword, these are the flags to pass to 3013.Xr rtsol 8 . 3014.Pp 3015Note that 3016.Va rtsold_enable 3017is mutually exclusive to 3018.Va rtsol_flags ; 3019.Va rtsold_enable 3020takes precedence. 3021.It Va atm_enable 3022.Pq Vt bool 3023Set to 3024.Dq Li YES 3025to enable the configuration of ATM interfaces at system boot time. 3026For all of the ATM variables described below, please refer to the 3027.Xr atm 8 3028manual page for further details on the available command parameters. 3029Also refer to the files in 3030.Pa /usr/share/examples/atm 3031for more detailed configuration information. 3032.It Va atm_load 3033.Pq Vt str 3034This is a list of physical ATM interface drivers to load. 3035Typical values are 3036.Dq Li hfa_pci 3037and/or 3038.Dq Li hea_pci . 3039.It Va atm_netif_ Ns Aq Ar intf 3040.Pq Vt str 3041For the ATM physical interface 3042.Ar intf , 3043this variable defines the name prefix and count for the ATM network 3044interfaces to be created. 3045The value will be passed as the parameters of an 3046.Dq Nm atm Cm "set netif" Ar intf 3047command. 3048.It Va atm_sigmgr_ Ns Aq Ar intf 3049.Pq Vt str 3050For the ATM physical interface 3051.Ar intf , 3052this variable defines the ATM signalling manager to be used. 3053The value will be passed as the parameters of an 3054.Dq Nm atm Cm attach Ar intf 3055command. 3056.It Va atm_prefix_ Ns Aq Ar intf 3057.Pq Vt str 3058For the ATM physical interface 3059.Ar intf , 3060this variable defines the NSAP prefix for interfaces using a UNI signalling 3061manager. 3062If set to 3063.Dq Li ILMI , 3064the prefix will automatically be set via the 3065.Xr ilmid 8 3066daemon. 3067Otherwise, the value will be passed as the parameters of an 3068.Dq Nm atm Cm "set prefix" Ar intf 3069command. 3070.It Va atm_macaddr_ Ns Aq Ar intf 3071.Pq Vt str 3072For the ATM physical interface 3073.Ar intf , 3074this variable defines the MAC address for interfaces using a UNI signalling 3075manager. 3076If set to 3077.Dq Li NO , 3078the hardware MAC address contained in the ATM interface card will be used. 3079Otherwise, the value will be passed as the parameters of an 3080.Dq Nm atm Cm "set mac" Ar intf 3081command. 3082.It Va atm_arpserver_ Ns Aq Ar netif 3083.Pq Vt str 3084For the ATM network interface 3085.Ar netif , 3086this variable defines the ATM address for a host which is to provide ATMARP 3087service. 3088This variable is only applicable to interfaces using a UNI signalling 3089manager. 3090If set to 3091.Dq Li local , 3092this host will become an ATMARP server. 3093The value will be passed as the parameters of an 3094.Dq Nm atm Cm "set arpserver" Ar netif 3095command. 3096.It Va atm_scsparp_ Ns Aq Ar netif 3097.Pq Vt bool 3098If set to 3099.Dq Li YES , 3100SCSP/ATMARP service for the network interface 3101.Ar netif 3102will be initiated using the 3103.Xr scspd 8 3104and 3105.Xr atmarpd 8 3106daemons. 3107This variable is only applicable if 3108.Va atm_arpserver_ Ns Aq Ar netif 3109is set to 3110.Dq Li local . 3111.It Va atm_pvcs 3112.Pq Vt str 3113Set to the list of ATM PVCs to be added at system 3114boot time. 3115For each whitespace separated 3116.Ar element 3117in the value, an 3118.Va atm_pvc_ Ns Aq Ar element 3119variable is assumed to exist. 3120The value of each of these variables 3121will be passed as the parameters of an 3122.Dq Nm atm Cm "add pvc" 3123command. 3124.It Va atm_arps 3125.Pq Vt str 3126Set to the list of permanent ATM ARP entries to be added 3127at system boot time. 3128For each whitespace separated 3129.Ar element 3130in the value, an 3131.Va atm_arp_ Ns Aq Ar element 3132variable is assumed to exist. 3133The value of each of these variables 3134will be passed as the parameters of an 3135.Dq Nm atm Cm "add arp" 3136command. 3137.It Va natm_interfaces 3138.Pq Vt str 3139Set to the list of 3140.Xr natm 4 3141interfaces that will also be used for HARP through 3142.Xr harp 4 . 3143If this list is not empty all interfaces in the list will be brought up 3144with 3145.Xr ifconfig 8 3146and 3147.Xr harp 4 3148will be loaded. 3149For this to work the interface drivers must be either compiled into the 3150kernel or must reside on the root partition. 3151.It Va keybell 3152.Pq Vt str 3153The keyboard bell sound. 3154Set to 3155.Dq Li normal , 3156.Dq Li visual , 3157.Dq Li off , 3158or 3159.Dq Li NO 3160if the default behavior is desired. 3161For details, refer to the 3162.Xr kbdcontrol 1 3163manpage. 3164.It Va keyboard 3165.Pq Vt str 3166If set to a non-null string, the virtual console's keyboard input is 3167set to this device. 3168.It Va keymap 3169.Pq Vt str 3170If set to 3171.Dq Li NO , 3172no keymap is installed, otherwise the value is used to install 3173the keymap file in 3174.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3175.It Va keyrate 3176.Pq Vt str 3177The keyboard repeat speed. 3178Set to 3179.Dq Li slow , 3180.Dq Li normal , 3181.Dq Li fast , 3182or 3183.Dq Li NO 3184if the default behavior is desired. 3185.It Va keychange 3186.Pq Vt str 3187If not set to 3188.Dq Li NO , 3189attempt to program the function keys with the value. 3190The value should 3191be a single string of the form: 3192.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3193.It Va cursor 3194.Pq Vt str 3195Can be set to the value of 3196.Dq Li normal , 3197.Dq Li blink , 3198.Dq Li destructive , 3199or 3200.Dq Li NO 3201to set the cursor behavior explicitly or choose the default behavior. 3202.It Va scrnmap 3203.Pq Vt str 3204If set to 3205.Dq Li NO , 3206no screen map is installed, otherwise the value is used to install 3207the screen map file in 3208.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3209.It Va font8x16 3210.Pq Vt str 3211If set to 3212.Dq Li NO , 3213the default 8x16 font value is used for screen size requests, otherwise 3214the value in 3215.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3216is used. 3217.It Va font8x14 3218.Pq Vt str 3219If set to 3220.Dq Li NO , 3221the default 8x14 font value is used for screen size requests, otherwise 3222the value in 3223.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3224is used. 3225.It Va font8x8 3226.Pq Vt str 3227If set to 3228.Dq Li NO , 3229the default 8x8 font value is used for screen size requests, otherwise 3230the value in 3231.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3232is used. 3233.It Va blanktime 3234.Pq Vt int 3235If set to 3236.Dq Li NO , 3237the default screen blanking interval is used, otherwise it is set 3238to 3239.Ar value 3240seconds. 3241.It Va saver 3242.Pq Vt str 3243If not set to 3244.Dq Li NO , 3245this is the actual screen saver to use 3246.Li ( blank , snake , daemon , 3247etc). 3248.It Va moused_nondefault_enable 3249.Pq Vt str 3250If set to 3251.Dq Li NO , 3252the mouse device specified on 3253the command line is not automatically treated as enabled by the 3254.Pa /etc/rc.d/moused 3255script. 3256Having this variable set to 3257.Dq Li YES 3258allows a 3259.Xr usb 4 3260mouse, 3261for example, 3262to be enabled as soon as it is plugged in. 3263.It Va moused_enable 3264.Pq Vt str 3265If set to 3266.Dq Li YES , 3267the 3268.Xr moused 8 3269daemon is started for doing cut/paste selection on the console. 3270.It Va moused_type 3271.Pq Vt str 3272This is the protocol type of the mouse connected to this host. 3273This variable must be set if 3274.Va moused_enable 3275is set to 3276.Dq Li YES . 3277The 3278.Xr moused 8 3279daemon 3280is able to detect the appropriate mouse type automatically in many cases. 3281Set this variable to 3282.Dq Li auto 3283to let the daemon detect it, or 3284select one from the following list if the automatic detection fails. 3285.Pp 3286If the mouse is attached to the PS/2 mouse port, choose 3287.Dq Li auto 3288or 3289.Dq Li ps/2 , 3290regardless of the brand and model of the mouse. 3291Likewise, if the 3292mouse is attached to the bus mouse port, choose 3293.Dq Li auto 3294or 3295.Dq Li busmouse . 3296All other protocols are for serial mice and will not work with 3297the PS/2 and bus mice. 3298If this is a USB mouse, 3299.Dq Li auto 3300is the only protocol type which will work. 3301.Pp 3302.Bl -tag -width ".Li x10mouseremote" -compact 3303.It Li microsoft 3304Microsoft mouse (serial) 3305.It Li intellimouse 3306Microsoft IntelliMouse (serial) 3307.It Li mousesystems 3308Mouse systems Corp.\& mouse (serial) 3309.It Li mmseries 3310MM Series mouse (serial) 3311.It Li logitech 3312Logitech mouse (serial) 3313.It Li busmouse 3314A bus mouse 3315.It Li mouseman 3316Logitech MouseMan and TrackMan (serial) 3317.It Li glidepoint 3318ALPS GlidePoint (serial) 3319.It Li thinkingmouse 3320Kensington ThinkingMouse (serial) 3321.It Li ps/2 3322PS/2 mouse 3323.It Li mmhittab 3324MM HitTablet (serial) 3325.It Li x10mouseremote 3326X10 MouseRemote (serial) 3327.It Li versapad 3328Interlink VersaPad (serial) 3329.El 3330.Pp 3331Even if the mouse is not in the above list, it may be compatible 3332with one in the list. 3333Refer to the manual page for 3334.Xr moused 8 3335for compatibility information. 3336.Pp 3337It should also be noted that while this is enabled, any 3338other client of the mouse (such as an X server) should access 3339the mouse through the virtual mouse device, 3340.Pa /dev/sysmouse , 3341and configure it as a 3342.Dq Li sysmouse 3343type mouse, since all 3344mouse data is converted to this single canonical format when 3345using 3346.Xr moused 8 . 3347If the client program does not support the 3348.Dq Li sysmouse 3349type, 3350specify the 3351.Dq Li mousesystems 3352type. 3353It is the second preferred type. 3354.It Va moused_port 3355.Pq Vt str 3356If 3357.Va moused_enable 3358is set to 3359.Dq Li YES , 3360this is the actual port the mouse is on. 3361It might be 3362.Pa /dev/cuau0 3363for a COM1 serial mouse, 3364.Pa /dev/psm0 3365for a PS/2 mouse or 3366.Pa /dev/mse0 3367for a bus mouse, for example. 3368.It Va moused_flags 3369.Pq Vt str 3370If 3371.Va moused_flags 3372is set, its value is used as an additional set of flags to pass to the 3373.Xr moused 8 3374daemon. 3375.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3376When 3377.Va moused_nondefault_enable 3378is enabled, and a 3379.Xr moused 8 3380daemon is started for a non-default port, the 3381.Va "moused_" Ns Ar XXX Ns Va "_flags" 3382set of options has precedence over and replaces the default 3383.Va moused_flags 3384(where 3385.Ar XXX 3386is the name of the non-default port, i.e.,\& 3387.Ar ums0 ) . 3388By setting 3389.Va "moused_" Ns Ar XXX Ns Va "_flags" 3390it is possible to set up a different set of default flags for each 3391.Xr moused 8 3392instance. 3393For example, you can use 3394.Dq Li "-3" 3395for the default 3396.Va moused_flags 3397to make your laptop's touchpad more comfortable to use, 3398but an empty set of options for 3399.Va moused_ums0_flags 3400when your 3401.Xr usb 4 3402mouse has three or more buttons. 3403.It Va mousechar_start 3404.Pq Vt int 3405If set to 3406.Dq Li NO , 3407the default mouse cursor character range 3408.Li 0xd0 Ns - Ns Li 0xd3 3409is used, 3410otherwise the range start is set 3411to 3412.Ar value 3413character, see 3414.Xr vidcontrol 1 . 3415Use if the default range is occupied in the language code table. 3416.It Va allscreens_flags 3417.Pq Vt str 3418If set, 3419.Xr vidcontrol 1 3420is run with these options for each of the virtual terminals 3421.Pq Pa /dev/ttyv* . 3422For example, 3423.Dq Fl m Cm on 3424will enable the mouse pointer on all virtual terminals 3425if 3426.Va moused_enable 3427is set to 3428.Dq Li YES . 3429.It Va allscreens_kbdflags 3430.Pq Vt str 3431If set, 3432.Xr kbdcontrol 1 3433is run with these options for each of the virtual terminals 3434.Pq Pa /dev/ttyv* . 3435For example, 3436.Dq Fl h Li 200 3437will set the 3438.Xr syscons 4 3439scrollback (history) buffer to 200 lines. 3440.It Va cron_enable 3441.Pq Vt bool 3442If set to 3443.Dq Li YES , 3444run the 3445.Xr cron 8 3446daemon at system boot time. 3447.It Va cron_program 3448.Pq Vt str 3449Path to 3450.Xr cron 8 3451(default 3452.Pa /usr/sbin/cron ) . 3453.It Va cron_flags 3454.Pq Vt str 3455If 3456.Va cron_enable 3457is set to 3458.Dq Li YES , 3459these are the flags to pass to 3460.Xr cron 8 . 3461.It Va cron_dst 3462.Pq Vt bool 3463If set to 3464.Dq Li YES , 3465enable the special handling of transitions to and from the 3466Daylight Saving Time in 3467.Xr cron 8 3468(equivalent to using the flag 3469.Fl s ) . 3470.It Va lpd_program 3471.Pq Vt str 3472Path to 3473.Xr lpd 8 3474(default 3475.Pa /usr/sbin/lpd ) . 3476.It Va lpd_enable 3477.Pq Vt bool 3478If set to 3479.Dq Li YES , 3480run the 3481.Xr lpd 8 3482daemon at system boot time. 3483.It Va lpd_flags 3484.Pq Vt str 3485If 3486.Va lpd_enable 3487is set to 3488.Dq Li YES , 3489these are the flags to pass to the 3490.Xr lpd 8 3491daemon. 3492.It Va chkprintcap_enable 3493.Pq Vt bool 3494If set to 3495.Dq Li YES , 3496run the 3497.Xr chkprintcap 8 3498command before starting the 3499.Xr lpd 8 3500daemon. 3501.It Va chkprintcap_flags 3502.Pq Vt str 3503If 3504.Va lpd_enable 3505and 3506.Va chkprintcap_enable 3507are set to 3508.Dq Li YES , 3509these are the flags to pass to the 3510.Xr chkprintcap 8 3511program. 3512The default is 3513.Dq Li -d , 3514which causes missing directories to be created. 3515.It Va mta_start_script 3516.Pq Vt str 3517This variable specifies the full path to the script to run to start 3518a mail transfer agent. 3519The default is 3520.Pa /etc/rc.sendmail . 3521The 3522.Va sendmail_* 3523variables which 3524.Pa /etc/rc.sendmail 3525uses are documented in the 3526.Xr rc.sendmail 8 3527manual page. 3528.It Va dumpdev 3529.Pq Vt str 3530Indicates the device (usually a swap partition) to which a crash dump 3531should be written in the event of a system crash. 3532If the value of this variable is 3533.Dq Li AUTO , 3534the first suitable swap device listed in 3535.Pa /etc/fstab 3536will be used as dump device. 3537Otherwise, the value of this variable is passed as the argument to 3538.Xr dumpon 8 . 3539To disable crash dumps, set this variable to 3540.Dq Li NO . 3541.It Va dumpdir 3542.Pq Vt str 3543When the system reboots after a crash and a crash dump is found on the 3544device specified by the 3545.Va dumpdev 3546variable, 3547.Xr savecore 8 3548will save that crash dump and a copy of the kernel to the directory 3549specified by the 3550.Va dumpdir 3551variable. 3552The default value is 3553.Pa /var/crash . 3554Set to 3555.Dq Li NO 3556to not run 3557.Xr savecore 8 3558at boot time when 3559.Va dumpdir 3560is set. 3561.It Va savecore_flags 3562.Pq Vt str 3563If crash dumps are enabled, these are the flags to pass to the 3564.Xr savecore 8 3565utility. 3566.It Va quota_enable 3567.Pq Vt bool 3568Set to 3569.Dq Li YES 3570to turn on user and group disk quotas on system startup via the 3571.Xr quotaon 8 3572command for all file systems marked as having quotas enabled in 3573.Pa /etc/fstab . 3574The kernel must be built with 3575.Cd "options QUOTA" 3576for disk quotas to function. 3577.It Va check_quotas 3578.Pq Vt bool 3579Set to 3580.Dq Li YES 3581to enable user and group disk quota checking via the 3582.Xr quotacheck 8 3583command. 3584.It Va quotacheck_flags 3585.Pq Vt str 3586If 3587.Va quota_enable 3588is set to 3589.Dq Li YES , 3590and 3591.Va check_quotas 3592is set to 3593.Dq Li YES , 3594these are the flags to pass to the 3595.Xr quotacheck 8 3596utility. 3597The default is 3598.Dq Li "-a" , 3599which checks quotas for all file systems with quotas enabled in 3600.Pa /etc/fstab . 3601.It Va quotaon_flags 3602.Pq Vt str 3603If 3604.Va quota_enable 3605is set to 3606.Dq Li YES , 3607these are the flags to pass to the 3608.Xr quotaon 8 3609utility. 3610The default is 3611.Dq Li "-a" , 3612which enables quotas for all file systems with quotas enabled in 3613.Pa /etc/fstab . 3614.It Va quotaoff_flags 3615.Pq Vt str 3616If 3617.Va quota_enable 3618is set to 3619.Dq Li YES , 3620these are the flags to pass to the 3621.Xr quotaoff 8 3622utility when shutting down the quota system. 3623The default is 3624.Dq Li "-a" , 3625which disables quotas for all file systems with quotas enabled in 3626.Pa /etc/fstab . 3627.It Va accounting_enable 3628.Pq Vt bool 3629Set to 3630.Dq Li YES 3631to enable system accounting through the 3632.Xr accton 8 3633facility. 3634.It Va ibcs2_enable 3635.Pq Vt bool 3636Set to 3637.Dq Li YES 3638to enable iBCS2 (SCO) binary emulation at system initial boot 3639time. 3640.It Va ibcs2_loaders 3641.Pq Vt str 3642If not set to 3643.Dq Li NO 3644and if 3645.Va ibcs2_enable 3646is set to 3647.Dq Li YES , 3648this specifies a list of additional iBCS2 loaders to enable. 3649.It Va linux_enable 3650.Pq Vt bool 3651Set to 3652.Dq Li YES 3653to enable Linux/ELF binary emulation at system initial 3654boot time. 3655.It Va svr4_enable 3656.Pq Vt bool 3657If set to 3658.Dq Li YES , 3659enable SysVR4 emulation at boot time. 3660.It Va sysvipc_enable 3661.Pq Vt bool 3662If set to 3663.Dq Li YES , 3664load System V IPC primitives at boot time. 3665.It Va clear_tmp_enable 3666.Pq Vt bool 3667Set to 3668.Dq Li YES 3669to have 3670.Pa /tmp 3671cleaned at startup. 3672.It Va clear_tmp_X 3673.Pq Vt bool 3674Set to 3675.Dq Li NO 3676to disable removing of X11 lock files, 3677and the removal and (secure) recreation 3678of the various socket directories for X11 3679related programs. 3680.It Va ldconfig_paths 3681.Pq Vt str 3682Set to the list of shared library paths to use with 3683.Xr ldconfig 8 . 3684NOTE: 3685.Pa /usr/lib 3686will always be added first, so it need not appear in this list. 3687.It Va ldconfig32_paths 3688.Pq Vt str 3689Set to the list of 32-bit compatibility shared library paths to 3690use with 3691.Xr ldconfig 8 . 3692.It Va ldconfig_paths_aout 3693.Pq Vt str 3694Set to the list of shared library paths to use with 3695.Xr ldconfig 8 3696legacy 3697.Xr a.out 5 3698support. 3699.It Va ldconfig_insecure 3700.Pq Vt bool 3701The 3702.Xr ldconfig 8 3703utility normally refuses to use directories 3704which are writable by anyone except root. 3705Set this variable to 3706.Dq Li YES 3707to disable that security check during system startup. 3708.It Va ldconfig_local_dirs 3709.Pq Vt str 3710Set to the list of local 3711.Xr ldconfig 8 3712directories. 3713The names of all files in the directories listed will be 3714passed as arguments to 3715.Xr ldconfig 8 . 3716.It Va ldconfig_local32_dirs 3717.Pq Vt str 3718Set to the list of local 32-bit compatibility 3719.Xr ldconfig 8 3720directories. 3721The names of all files in the directories listed will be 3722passed as arguments to 3723.Dq Nm ldconfig Fl 32 . 3724.It Va kern_securelevel_enable 3725.Pq Vt bool 3726Set to 3727.Dq Li YES 3728to set the kernel security level at system startup. 3729.It Va kern_securelevel 3730.Pq Vt int 3731The kernel security level to set at startup. 3732The allowed range of 3733.Ar value 3734ranges from \-1 (the compile time default) to 3 (the 3735most secure). 3736See 3737.Xr security 7 3738for the list of possible security levels and their effect 3739on system operation. 3740.It Va sshd_program 3741.Pq Vt str 3742Path to the SSH server program 3743.Pa ( /usr/sbin/sshd 3744is the default). 3745.It Va sshd_enable 3746.Pq Vt bool 3747Set to 3748.Dq Li YES 3749to start 3750.Xr sshd 8 3751at system boot time. 3752.It Va sshd_flags 3753.Pq Vt str 3754If 3755.Va sshd_enable 3756is set to 3757.Dq Li YES , 3758these are the flags to pass to the 3759.Xr sshd 8 3760daemon. 3761.It Va ftpd_program 3762.Pq Vt str 3763Path to the FTP server program 3764.Pa ( /usr/libexec/ftpd 3765is the default). 3766.It Va ftpd_enable 3767.Pq Vt bool 3768Set to 3769.Dq Li YES 3770to start 3771.Xr ftpd 8 3772as a stand-alone daemon at system boot time. 3773.It Va ftpd_flags 3774.Pq Vt str 3775If 3776.Va ftpd_enable 3777is set to 3778.Dq Li YES , 3779these are the additional flags to pass to the 3780.Xr ftpd 8 3781daemon. 3782.It Va watchdogd_enable 3783.Pq Vt bool 3784If set to 3785.Dq Li YES , 3786start the 3787.Xr watchdogd 8 3788daemon at boot time. 3789This requires that the kernel have been compiled with a 3790.Xr watchdog 4 3791compatible device. 3792.It Va watchdogd_flags 3793.Pq Vt str 3794If 3795.Va watchdogd_enable 3796is set to 3797.Dq Li YES , 3798these are the flags passed to the 3799.Xr watchdogd 8 3800daemon. 3801.It Va devfs_rulesets 3802.Pq Vt str 3803List of files containing sets of rules for 3804.Xr devfs 8 . 3805.It Va devfs_system_ruleset 3806.Pq Vt str 3807Rule name(s) to apply to the system 3808.Pa /dev 3809itself. 3810.It Va devfs_set_rulesets 3811.Pq Vt str 3812Pairs of already-mounted 3813.Pa dev 3814directories and rulesets that should be applied to them. 3815For example: /mount/dev=ruleset_name 3816.It Va devfs_load_rulesets 3817.Pq Vt bool 3818If set, always load the default rulesets listed in 3819.Va devfs_rulesets . 3820.It Va performance_cx_lowest 3821.Pq Vt str 3822CPU idle state to use while on AC power. 3823The string 3824.Dq Li LOW 3825indicates that 3826.Xr acpi 4 3827should use the lowest power state available while 3828.Dq Li HIGH 3829indicates that the lowest latency state (less power savings) should be used. 3830.It Va performance_cpu_freq 3831.Pq Vt str 3832CPU clock frequency to use while on AC power. 3833The string 3834.Dq Li LOW 3835indicates that 3836.Xr cpufreq 4 3837should use the lowest frequency available while 3838.Dq Li HIGH 3839indicates that the highest frequency (less power savings) should be used. 3840.It Va economy_cx_lowest 3841.Pq Vt str 3842CPU idle state to use when off AC power. 3843The string 3844.Dq Li LOW 3845indicates that 3846.Xr acpi 4 3847should use the lowest power state available while 3848.Dq Li HIGH 3849indicates that the lowest latency state (less power savings) should be used. 3850.It Va economy_cpu_freq 3851.Pq Vt str 3852CPU clock frequency to use when off AC power. 3853The string 3854.Dq Li LOW 3855indicates that 3856.Xr cpufreq 4 3857should use the lowest frequency available while 3858.Dq Li HIGH 3859indicates that the highest frequency (less power savings) should be used. 3860.It Va jail_enable 3861.Pq Vt bool 3862If set to 3863.Dq Li NO , 3864any configured jails will not be started. 3865.It Va jail_parallel_start 3866.Pq Vt bool 3867If set to 3868.Dq Li YES , 3869all configured jails will be started in the background (in parallel). 3870.It Va jail_list 3871.Pq Vt str 3872A space separated list of names for jails. 3873This is purely a configuration aid to help identify and 3874configure multiple jails. 3875The names specified in this list will be used to 3876identify settings common to an instance of a jail, 3877and should contain alphanumeric characters only. 3878The literal jail name of 3879.Dq Li 0 3880.Pq zero 3881is not allowed. 3882.Pp 3883Assuming that the jail in question was named 3884.Li vjail , 3885you would have the following dependent variables: 3886.Bd -literal 3887jail_vjail_hostname="jail.example.com" 3888jail_vjail_ip="192.0.2.100" 3889jail_vjail_rootdir="/var/jails/vjail/root" 3890.Ed 3891.Pp 3892.It Va jail_flags 3893.Pq Vt str 3894Unset by default. 3895When set, use as default value for 3896.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3897for every jail in 3898.Va jail_list . 3899.It Va jail_interface 3900.Pq Vt str 3901Unset by default. 3902When set, use as default value for 3903.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3904for every jail in 3905.Va jail_list . 3906.It Va jail_fstab 3907.Pq Vt str 3908Unset by default. 3909When set, use as default value for 3910.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3911for every jail in 3912.Va jail_list . 3913.It Va jail_mount_enable 3914.Pq Vt bool 3915Set to 3916.Dq Li NO 3917by default. 3918When set to 3919.Dq Li YES , 3920sets 3921.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3922to 3923.Dq Li YES 3924by default for every jail in 3925.Va jail_list . 3926.It Va jail_devfs_ruleset 3927.Pq Vt str 3928Unset by default. 3929When set, sets 3930.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3931to given value for every jail in 3932.Va jail_list . 3933.It Va jail_devfs_enable 3934.Pq Vt bool 3935Set to 3936.Dq Li NO 3937by default. 3938When set to 3939.Dq Li YES , 3940sets 3941.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3942to 3943.Dq Li YES 3944by default for every jail in 3945.Va jail_list . 3946.It Va jail_fdescfs_enable 3947.Pq Vt bool 3948Set to 3949.Dq Li NO 3950by default. 3951When set to 3952.Dq Li YES , 3953sets 3954.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3955to 3956.Dq Li YES 3957by default for every jail in 3958.Va jail_list . 3959.It Va jail_procfs_enable 3960.Pq Vt bool 3961Set to 3962.Dq Li NO 3963by default. 3964When set to 3965.Dq Li YES , 3966sets 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3968to 3969.Dq Li YES 3970by default for every jail in 3971.Va jail_list . 3972.It Va jail_exec_prestart Ns Aq Ar N 3973.Pq Vt str 3974Unset by default. 3975When set, use as default value for 3976.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3977for every jail in 3978.Va jail_list . 3979.It Va jail_exec_start 3980.Pq Vt str 3981Unset by default. 3982When set, use as default value for 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3984for every jail in 3985.Va jail_list . 3986.It Va jail_exec_afterstart Ns Aq Ar N 3987.Pq Vt str 3988Unset by default. 3989When set, use as default value for 3990.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3991for every jail in 3992.Va jail_list . 3993.It Va jail_exec_poststart Ns Aq Ar N 3994.Pq Vt str 3995Unset by default. 3996When set, use as default value for 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3998for every jail in 3999.Va jail_list . 4000.It Va jail_exec_prestop Ns Aq Ar N 4001.Pq Vt str 4002Unset by default. 4003When set, use as default value for 4004.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4005for every jail in 4006.Va jail_list . 4007.It Va jail_exec_stop 4008Unset by default. 4009When set, use as default value for 4010.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4011for every jail in 4012.Va jail_list . 4013.It Va jail_exec_poststop Ns Aq Ar N 4014.Pq Vt str 4015Unset by default. 4016When set, use as default value for 4017.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4018for every jail in 4019.Va jail_list . 4020.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4021.Pq Vt str 4022Unset by default. 4023Set to the root directory used by jail 4024.Va jname . 4025.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4026.Pq Vt str 4027Unset by default. 4028Set to the fully qualified domain name (FQDN) assigned to jail 4029.Va jname . 4030.It Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 4031.Pq Vt str 4032Unset by default. 4033Set extra parameters for jail 4034.Va jname , 4035such as 4036.Dq Li allow.chflags 4037or 4038.Dq Li children.max . 4039See 4040.Xr jail 8 4041for a list of available parameters. 4042Note that the following parameters are already defined by 4043.Pa rc.d/jail 4044script out of their corresponding 4045.Nm 4046variables: 4047.Bl -tag -width "host.hostname" -offset indent 4048.It Li path 4049set from 4050.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 4051.It Li host.hostname 4052set from 4053.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 4054.It Li command 4055set from 4056.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4057.It Li ip4.addr 4058set if 4059.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4060contains IPv4 addresses 4061.It Li ip6.addr 4062set if 4063.Va jail_ Ns Ao Ar jname Ac Ns Va _ip6 4064contains IPv6 addresses 4065.El 4066.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4067.Pq Vt str 4068Unset by default. 4069Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 4070The argument can be a sole address or a comma separated list of addresses. 4071Additionally each address can be prefixed by the name of an interface 4072followed by a pipe to overwrite 4073.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4074or 4075.Va jail_interface 4076and/or suffixed by a netmask, prefixlen or prefix. 4077In case no netmask, prefixlen or prefix is given, 4078.Sq /32 4079will be used for IPv4 and 4080.Sq /128 4081will be used for an IPv6 address. 4082If no address is given for the jail then the jail will be started with 4083no networking support. 4084.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4085.Pq Vt str 4086Unset by default. 4087Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 4088The sequence starts with 4089.Dq Li _multi0 4090and the numbers have to be strictly ascending. 4091These entries follow the same syntax as their primary 4092.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4093entry. 4094The order of the entries can be important as the first address for 4095each address family found will be the primary address of the jail. 4096See 4097.Va ip-addresses 4098option in 4099.Xr jail 8 4100for more details. 4101.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 4102.Pq Vt str 4103Set to 4104.Dq Li -l -U root 4105by default. 4106These are flags to pass to 4107.Xr jail 8 . 4108.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 4109.Pq Vt str 4110Unset by default. 4111When set, sets the interface to use when setting IP address alias. 4112Note that the alias is created at jail startup and removed at jail shutdown. 4113.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4114.Pq Vt str 4115Unset by default. 4116When set, the jail is started with the specified forwarding table (sometimes 4117referred to as a routing table) via 4118.Xr setfib 1 . 4119.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4120.Pq Vt str 4121Set to 4122.Pa /etc/fstab. Ns Aq Ar jname 4123by default. 4124This is the file system information file to use for jail 4125.Va jname . 4126.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4127.Pq Vt bool 4128Set to 4129.Dq Li NO 4130by default. 4131When set to 4132.Dq Li YES , 4133mount all file systems from 4134.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4135at jail startup. 4136.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 4137.Pq Vt str 4138Unset by default. 4139When set, defines the device file system ruleset file to use for jail 4140.Va jname . 4141.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4142.Pq Vt bool 4143Set to 4144.Dq Li NO 4145by default. 4146When set to 4147.Dq Li YES , 4148mount the device file system inside jail 4149.Ar jname 4150at jail startup. 4151.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4152.Pq Vt bool 4153Set to 4154.Dq Li NO 4155by default. 4156When set to 4157.Dq Li YES , 4158mount the file-descriptor file system inside jail 4159.Ar jname 4160at jail startup. 4161.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 4162.Pq Vt bool 4163Set to 4164.Dq Li NO 4165by default. 4166When set to 4167.Dq Li YES , 4168mount the process file system inside jail 4169.Ar jname 4170at jail startup. 4171.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 4172.Pq Vt str 4173Unset by default. 4174This is the command run as 4175.Ar N Ns 4176th command 4177before jail startup, where 4178.Ar N 4179is 0, 1, and so on. 4180It is run outside the jail. 4181.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 4182.Pq Vt str 4183Set to 4184.Dq Li /bin/sh /etc/rc 4185by default. 4186This is the command executed in a jail at jail startup. 4187.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 4188.Pq Vt str 4189Unset by default. 4190This is the command run as 4191.Ar N Ns 4192th command 4193in a jail 4194after jail startup, where 4195.Ar N 4196is 1, 2, and so on. 4197.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 4198.Pq Vt str 4199Unset by default. 4200This is the command run as 4201.Ar N Ns 4202th command 4203after jail startup, where 4204.Ar N 4205is 0, 1, and so on. 4206It is run outside the jail. 4207.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 4208.Pq Vt str 4209Unset by default. 4210This is the command run as 4211.Ar N Ns 4212th command 4213before jail shutdown, where 4214.Ar N 4215is 0, 1, and so on. 4216It is run outside the jail. 4217.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4218.Pq Vt str 4219Set to 4220.Dq Li /bin/sh /etc/rc.shutdown 4221by default. 4222This is the command executed in a jail at jail shutdown. 4223.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 4224.Pq Vt str 4225Unset by default. 4226This is the command run as 4227.Ar N Ns 4228th command 4229after jail shutdown, where 4230.Ar N 4231is 0, 1, and so on. 4232It is run outside the jail. 4233.It Va jail_set_hostname_allow 4234.Pq Vt bool 4235If set to 4236.Dq Li NO , 4237do not allow the root user in a jail to set its hostname. 4238.It Va jail_socket_unixiproute_only 4239.Pq Vt bool 4240If set to 4241.Dq Li YES , 4242do not allow any sockets, 4243besides UNIX/IP/route sockets, 4244to be used within a jail. 4245.It Va jail_sysvipc_allow 4246.Pq Vt bool 4247If set to 4248.Dq Li YES , 4249allow applications within a jail to use System V IPC. 4250.\" ----------------------------------------------------- 4251.It Va harvest_interrupt 4252.Pq Vt bool 4253Set to 4254.Dq Li YES 4255to use hardware interrupts as an entropy source. 4256Refer to 4257.Xr random 4 4258for more information. 4259.It Va harvest_ethernet 4260.Pq Vt bool 4261Set to 4262.Dq Li YES 4263to use LAN traffic as an entropy source. 4264Refer to 4265.Xr random 4 4266for more information. 4267.It Va harvest_p_to_p 4268.Pq Vt bool 4269Set to 4270.Dq Li YES 4271to use serial line traffic as an entropy source. 4272Refer to 4273.Xr random 4 4274for more information. 4275.It Va entropy_dir 4276.Pq Vt str 4277Set to 4278.Dq Li NO 4279to disable caching entropy via 4280.Xr cron 8 . 4281Otherwise set to the directory used to store entropy files in. 4282.It Va entropy_file 4283.Pq Vt str 4284Set to 4285.Dq Li NO 4286to disable caching entropy through reboots. 4287Otherwise set to the filename used to store cached entropy through 4288reboots. 4289This file should be located on the root file system to seed the 4290.Xr random 4 4291device as early as possible in the boot process. 4292.It Va entropy_save_sz 4293.Pq Vt int 4294Size of the entropy cache files saved by 4295.Nm save-entropy 4296periodically. 4297.It Va entropy_save_num 4298.Pq Vt int 4299Number of entropy cache files to save by 4300.Nm save-entropy 4301periodically. 4302.It Va ipsec_enable 4303.Pq Vt bool 4304Set to 4305.Dq Li YES 4306to run 4307.Xr setkey 8 4308on 4309.Va ipsec_file 4310at boot time. 4311.It Va ipsec_file 4312.Pq Vt str 4313Configuration file for 4314.Xr setkey 8 . 4315.It Va dmesg_enable 4316.Pq Vt bool 4317Set to 4318.Dq Li YES 4319to save 4320.Xr dmesg 8 4321to 4322.Pa /var/run/dmesg.boot 4323on boot. 4324.It Va rcshutdown_timeout 4325.Pq Vt int 4326If set, start a watchdog timer in the background which will terminate 4327.Pa rc.shutdown 4328if 4329.Xr shutdown 8 4330has not completed within the specified time (in seconds). 4331Notice that in addition to this soft timeout, 4332.Xr init 8 4333also applies a hard timeout for the execution of 4334.Pa rc.shutdown . 4335This is configured via 4336.Xr sysctl 8 4337variable 4338.Va kern.init_shutdown_timeout 4339and defaults to 120 seconds. 4340Setting the value of 4341.Va rcshutdown_timeout 4342to more than 120 seconds will have no effect until the 4343.Xr sysctl 8 4344variable 4345.Va kern.init_shutdown_timeout 4346is also increased. 4347.It Va virecover_enable 4348.Pq Vt bool 4349Set to 4350.Dq Li NO 4351to prevent the system from trying to 4352recover pre-maturely terminated 4353.Xr vi 1 4354sessions. 4355.It Va ugidfw_enable 4356.Pq Vt bool 4357Set to 4358.Dq Li YES 4359to load the 4360.Xr mac_bsdextended 4 4361module upon system initialization and load a default 4362ruleset file. 4363.It Va bsdextended_script 4364.Pq Vt str 4365The default 4366.Xr mac_bsdextended 4 4367ruleset file to load. 4368The default value of this variable is 4369.Pa /etc/rc.bsdextended . 4370.It Va newsyslog_enable 4371.Pq Vt bool 4372If set to 4373.Dq Li YES , 4374run 4375.Xr newsyslog 8 4376command at startup. 4377.It Va newsyslog_flags 4378.Pq Vt str 4379If 4380.Va newsyslog_enable 4381is set to 4382.Dq Li YES , 4383these are the flags to pass to the 4384.Xr newsyslog 8 4385program. 4386The default is 4387.Dq Li -CN , 4388which causes log files flagged with a 4389.Cm C 4390to be created. 4391.It Va mdconfig_md Ns Aq Ar X 4392.Pq Vt str 4393Arguments to 4394.Xr mdconfig 8 4395for 4396.Xr md 4 4397device 4398.Ar X . 4399At minimum a 4400.Fl t Ar type 4401must be specified and either a 4402.Fl s Ar size 4403for malloc or swap backed 4404.Xr md 4 4405devices or a 4406.Fl f Ar file 4407for vnode backed 4408.Xr md 4 4409devices. 4410Note that 4411.Va mdconfig_md Ns Aq Ar X 4412variables are evaluated until one variable is unset or null. 4413.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4414.Pq Vt str 4415Optional arguments passed to 4416.Xr newfs 8 4417to initialize 4418.Xr md 4 4419device 4420.Ar X . 4421.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4422.Pq Vt str 4423An ownership specification passed to 4424.Xr chown 8 4425after the specified 4426.Xr md 4 4427device 4428.Ar X 4429has been mounted. 4430Both the 4431.Xr md 4 4432device and the mount point will be changed. 4433.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4434.Pq Vt str 4435A mode string passed to 4436.Xr chmod 1 4437after the specified 4438.Xr md 4 4439device 4440.Ar X 4441has been mounted. 4442Both the 4443.Xr md 4 4444device and the mount point will be changed. 4445.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4446.Pq Vt str 4447Files to be copied to the mount point of the 4448.Xr md 4 4449device 4450.Ar X 4451after it has been mounted. 4452.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4453.Pq Vt str 4454Command to execute after the specified 4455.Xr md 4 4456device 4457.Ar X 4458has been mounted. 4459Note that the command is passed to 4460.Ic eval 4461and that both 4462.Va _dev 4463and 4464.Va _mp 4465variables can be used to reference respectively the 4466.Xr md 4 4467device and the mount point. 4468Assuming that the 4469.Xr md 4 4470device is 4471.Li md0 , 4472one could set the following: 4473.Bd -literal 4474mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4475.Ed 4476.It Va autobridge_interfaces 4477.Pq Vt str 4478Set to the list of bridge interfaces that will have newly arriving interfaces 4479checked against to be automatically added. 4480If not set to 4481.Dq Li NO 4482then for each whitespace separated 4483.Ar element 4484in the value, a 4485.Va autobridge_ Ns Aq Ar element 4486variable is assumed to exist which has a whitespace separated list of interface 4487names to match, these names can use wildcards. 4488For example: 4489.Bd -literal 4490autobridge_interfaces="bridge0" 4491autobridge_bridge0="tap* dc0 vlan[345]" 4492.Ed 4493.It Va mixer_enable 4494.Pq Vt bool 4495If set to 4496.Dq Li YES , 4497enable support for sound mixer. 4498.It Va hcsecd_enable 4499.Pq Vt bool 4500If set to 4501.Dq Li YES , 4502enable Bluetooth security daemon. 4503.It Va hcsecd_config 4504.Pq Vt str 4505Configuration file for 4506.Xr hcsecd 8 . 4507Default 4508.Pa /etc/bluetooth/hcsecd.conf . 4509.It Va sdpd_enable 4510.Pq Vt bool 4511If set to 4512.Dq Li YES , 4513enable Bluetooth Service Discovery Protocol daemon. 4514.It Va sdpd_control 4515.Pq Vt str 4516Path to 4517.Xr sdpd 8 4518control socket. 4519Default 4520.Pa /var/run/sdp . 4521.It Va sdpd_groupname 4522.Pq Vt str 4523Sets 4524.Xr sdpd 8 4525group to run as after it initializes. 4526Default 4527.Dq Li nobody . 4528.It Va sdpd_username 4529.Pq Vt str 4530Sets 4531.Xr sdpd 8 4532user to run as after it initializes. 4533Default 4534.Dq Li nobody . 4535.It Va bthidd_enable 4536.Pq Vt bool 4537If set to 4538.Dq Li YES , 4539enable Bluetooth Human Interface Device daemon. 4540.It Va bthidd_config 4541.Pq Vt str 4542Configuration file for 4543.Xr bthidd 8 . 4544Default 4545.Pa /etc/bluetooth/bthidd.conf . 4546.It Va bthidd_hids 4547.Pq Vt str 4548Path to a file, where 4549.Xr bthidd 8 4550will store information about known HID devices. 4551Default 4552.Pa /var/db/bthidd.hids . 4553.It Va rfcomm_pppd_server_enable 4554.Pq Vt bool 4555If set to 4556.Dq Li YES , 4557enable Bluetooth RFCOMM PPP wrapper daemon. 4558.It Va rfcomm_pppd_server_profile 4559.Pq Vt str 4560The name of the profile to use from 4561.Pa /etc/ppp/ppp.conf . 4562Multiple profiles can be specified here. 4563Also used to specify per-profile overrides. 4564When the profile name contains any of the characters 4565.Dq Li .-/+ 4566they are translated to 4567.Dq Li _ 4568for the proposes of the override variable names. 4569.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4570.Pq Vt str 4571Overrides local address to listen on. 4572By default 4573.Xr rfcomm_pppd 8 4574will listen on 4575.Dq Li ANY 4576address. 4577The address can be specified as BD_ADDR or name. 4578.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4579.Pq Vt str 4580Overrides local RFCOMM channel to listen on. 4581By default 4582.Xr rfcomm_pppd 8 4583will listen on RFCOMM channel 1. 4584Must set properly if multiple profiles used in the same time. 4585.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4586.Pq Vt bool 4587Tells 4588.Xr rfcomm_pppd 8 4589if it should register Serial Port service on the specified RFCOMM channel. 4590Default 4591.Dq Li NO . 4592.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4593.Pq Vt bool 4594Tells 4595.Xr rfcomm_pppd 8 4596if it should register Dial-Up Networking service on the specified 4597RFCOMM channel. 4598Default 4599.Dq Li NO . 4600.It Va ubthidhci_enable 4601.Pq Vt bool 4602If set to 4603.Dq Li YES , 4604change the USB Bluetooth controller from HID mode to HCI mode. 4605You also need to specify the location of USB Bluetooth controller with the 4606.Va ubthidhci_busnum 4607and 4608.Va ubthidhci_addr 4609variables. 4610.It Va ubthidhci_busnum 4611Bus number where the USB Bluetooth controller is located. 4612Check the output of 4613.Xr usbconfig 8 4614on your system to find this information. 4615.It Va ubthidhci_addr 4616Bus address of the USB Bluetooth controller. 4617Check the output of 4618.Xr usbconfig 8 4619on your system to find this information. 4620.It Va netwait_enable 4621.Pq Vt bool 4622If set to 4623.Dq Li YES , 4624delays the start of network-reliant services until 4625.Va netwait_if 4626is up and ICMP packets to a destination defined in 4627.Va netwait_ip 4628are flowing. 4629Link state is examined first, followed by 4630.Dq Li pinging 4631an IP address to verify network usability. 4632If no destination can be reached or timeouts are exceeded, 4633network services are started anyway with no guarantee that 4634the network is usable. 4635Use of this variable requires both 4636.Va netwait_ip 4637and 4638.Va netwait_if 4639to be set. 4640.It Va netwait_ip 4641.Pq Vt str 4642Empty by default. 4643This variable contains a space-delimited list of IP addresses to 4644.Xr ping 8 . 4645DNS hostnames should not be used as resolution is not guaranteed 4646to be functional at this point. 4647If multiple IP addresses are specified, 4648each will be tried until one is successful or the list is exhausted. 4649.It Va netwait_timeout 4650.Pq Vt int 4651Indicates the total number of seconds to perform a 4652.Dq Li ping 4653against each IP address in 4654.Va netwait_ip , 4655at a rate of one ping per second. 4656If any of the pings are successful, 4657full network connectivity is considered reliable. 4658The default is 60. 4659.It Va netwait_if 4660.Pq Vt str 4661Empty by default. 4662Defines the name of the network interface on which watch for link. 4663.Xr ifconfig 8 4664is used to monitor the interface, looking for 4665.Dq Li status: no carrier . 4666Once gone, the link is considered up. 4667This can be a 4668.Xr vlan 4 4669interface if desired. 4670.It Va netwait_if_timeout 4671.Pq Vt int 4672Defines the total number of seconds to wait for link to become usable, 4673polled at a 1-second interval. 4674The default is 30. 4675.El 4676.Sh FILES 4677.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4678.It Pa /etc/defaults/rc.conf 4679.It Pa /etc/rc.conf 4680.It Pa /etc/rc.conf.local 4681.El 4682.Sh SEE ALSO 4683.Xr catman 1 , 4684.Xr chmod 1 , 4685.Xr gdb 1 , 4686.Xr info 1 , 4687.Xr kbdcontrol 1 , 4688.Xr makewhatis 1 , 4689.Xr sh 1 , 4690.Xr vi 1 , 4691.Xr vidcontrol 1 , 4692.Xr bridge 4 , 4693.Xr dummynet 4 , 4694.Xr ip 4 , 4695.Xr ipf 4 , 4696.Xr ipfw 4 , 4697.Xr ipnat 4 , 4698.Xr kld 4 , 4699.Xr pf 4 , 4700.Xr pflog 4 , 4701.Xr pfsync 4 , 4702.Xr tcp 4 , 4703.Xr udp 4 , 4704.Xr exports 5 , 4705.Xr fstab 5 , 4706.Xr ipf 5 , 4707.Xr ipnat 5 , 4708.Xr motd 5 , 4709.Xr newsyslog.conf 5 , 4710.Xr pf.conf 5 , 4711.Xr security 7 , 4712.Xr accton 8 , 4713.Xr amd 8 , 4714.Xr apm 8 , 4715.Xr atm 8 , 4716.Xr bthidd 8 , 4717.Xr chkprintcap 8 , 4718.Xr chown 8 , 4719.Xr cron 8 , 4720.Xr devfs 8 , 4721.Xr dhclient 8 , 4722.Xr ftpd 8 , 4723.Xr geli 8 , 4724.Xr hcsecd 8 , 4725.Xr ifconfig 8 , 4726.Xr inetd 8 , 4727.Xr ipf 8 , 4728.Xr ipfw 8 , 4729.Xr ipnat 8 , 4730.Xr jail 8 , 4731.Xr kldxref 8 , 4732.Xr lpd 8 , 4733.Xr mdconfig 8 , 4734.Xr mdmfs 8 , 4735.Xr mixer 8 , 4736.Xr mountd 8 , 4737.Xr moused 8 , 4738.Xr mrouted 8 , 4739.Xr named 8 , 4740.Xr newfs 8 , 4741.Xr newsyslog 8 , 4742.Xr nfsd 8 , 4743.Xr ntpd 8 , 4744.Xr ntpdate 8 , 4745.Xr pfctl 8 , 4746.Xr pflogd 8 , 4747.Xr ping 8 , 4748.Xr powerd 8 , 4749.Xr quotacheck 8 , 4750.Xr quotaon 8 , 4751.Xr rc 8 , 4752.Xr rc.sendmail 8 , 4753.Xr rfcomm_pppd 8 , 4754.Xr route 8 , 4755.Xr routed 8 , 4756.Xr rpcbind 8 , 4757.Xr rpc.lockd 8 , 4758.Xr rpc.statd 8 , 4759.Xr rwhod 8 , 4760.Xr savecore 8 , 4761.Xr sdpd 8 , 4762.Xr sshd 8 , 4763.Xr swapon 8 , 4764.Xr sysctl 8 , 4765.Xr syslogd 8 , 4766.Xr timed 8 , 4767.Xr usbconfig 8 , 4768.Xr wlandebug 8 , 4769.Xr yp 8 , 4770.Xr ypbind 8 , 4771.Xr ypserv 8 , 4772.Xr ypset 8 4773.Sh HISTORY 4774The 4775.Nm 4776file appeared in 4777.Fx 2.2.2 . 4778.Sh AUTHORS 4779.An Jordan K. Hubbard . 4780