1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd June 28, 2022 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail-specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/etc/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _fib 196.Pq Vt int 197The 198.Xr setfib 1 199value to run the service under. 200.It Ao Ar name Ac Ns Va _group 201.Pq Vt str 202Run the chrooted service under this system group. 203Unlike the 204.Ao Ar name Ac Ns Va _user 205setting, this setting has no effect if the service is not chrooted. 206.It Ao Ar name Ac Ns Va _limits 207.Pq Vt str 208Resource limits to apply to the service using 209.Xr limits 1 . 210By default, resource limits are based on the login class defined in 211.Ao Ar name Ac Ns Va _login_class . 212.It Ao Ar name Ac Ns Va _login_class 213.Pq Vt str 214Login class to be used with 215.Ao Ar name Ac Ns Va _limits . 216Defaults to 217.Dq Li daemon . 218.It Ao Ar name Ac Ns Va _nice 219.Pq Vt int 220The 221.Xr nice 1 222value to run the service under. 223.It Ao Ar name Ac Ns Va _oomprotect 224Use 225.Xr protect 1 226to prevent the service from being killed when swap space 227is exhausted. 228Use 229.Dq Li YES 230to protect only the service itself, and 231.Dq Li ALL 232to protect the service and all child processes. 233.Pp 234Please note rc scripts that redefine 235.Bd -literal 236${name}_cmd 237.Ed 238such as PostgreSQL will not inherit the OOM killer protection. 239.It Ao Ar name Ac Ns Va _user 240.Pq Vt str 241Run the service under this user account. 242.It Va apm_enable 243.Pq Vt bool 244If set to 245.Dq Li YES , 246enable support for Automatic Power Management with 247the 248.Xr apm 8 249command. 250.It Va apmd_enable 251.Pq Vt bool 252Run 253.Xr apmd 8 254to handle APM event from userland. 255This also enables support for APM. 256.It Va apmd_flags 257.Pq Vt str 258If 259.Va apmd_enable 260is set to 261.Dq Li YES , 262these are the flags to pass to the 263.Xr apmd 8 264daemon. 265.It Va devd_enable 266.Pq Vt bool 267Run 268.Xr devd 8 269to handle device added, removed or unknown events from the kernel. 270.It Va ddb_enable 271.Pq Vt bool 272Run 273.Xr ddb 8 274to install 275.Xr ddb 4 276scripts at boot time. 277.It Va ddb_config 278.Pq Vt str 279Configuration file for 280.Xr ddb 8 . 281Default 282.Pa /etc/ddb.conf . 283.It Va devmatch_enable 284.Pq Vt bool 285If set to 286.Dq Li NO , 287disable auto-loading of kernel modules with 288.Xr devmatch 8 . 289.It Va devmatch_blocklist 290.Pq Vt str 291A whitespace-separated list of kernel modules to be ignored by 292.Xr devmatch 8 . 293In addition, the 294.Xr kenv 1 295.Va devmatch_blocklist 296is appended to this variable to allow disabling of 297.Xr devmatch 8 298loaded modules from the boot loader. 299.It Va devmatch_blacklist 300.Pq Vt str 301This variable is deprecated. 302Use 303.Va devmatch_blocklist 304instead. 305A whitespace-separated list of kernel modules to be ignored by 306.Xr devmatch 8 . 307.It Va kld_list 308.Pq Vt str 309A whitespace-separated list of kernel modules to load right after 310the local disks are mounted, without any 311.Pa .ko 312extension or path. 313Loading modules at this point in the boot process is 314much faster than doing it via 315.Pa /boot/loader.conf 316for those modules not necessary for mounting local disks. 317.It Va kldxref_enable 318.Pq Vt bool 319Set to 320.Dq Li NO 321by default. 322Set to 323.Dq Li YES 324to automatically rebuild 325.Pa linker.hints 326files with 327.Xr kldxref 8 328at boot time. 329.It Va kldxref_clobber 330.Pq Vt bool 331Set to 332.Dq Li NO 333by default. 334If 335.Va kldxref_enable 336is true, 337setting to 338.Dq Li YES 339will overwrite existing 340.Pa linker.hints 341files at boot time. 342Otherwise, 343only missing 344.Pa linker.hints 345files are generated. 346.It Va kldxref_module_path 347.Pq Vt str 348Empty by default. 349A semi-colon 350.Pq Ql \&; 351delimited list of paths containing 352.Xr kld 4 353modules. 354If empty, 355the contents of the 356.Va kern.module_path 357.Xr sysctl 8 358are used. 359.It Va powerd_enable 360.Pq Vt bool 361If set to 362.Dq Li YES , 363enable the system power control facility with the 364.Xr powerd 8 365daemon. 366.It Va powerd_flags 367.Pq Vt str 368If 369.Va powerd_enable 370is set to 371.Dq Li YES , 372these are the flags to pass to the 373.Xr powerd 8 374daemon. 375.It Va tmpmfs 376Controls the creation of a 377.Pa /tmp 378memory file system. 379Always happens if set to 380.Dq Li YES 381and never happens if set to 382.Dq Li NO . 383If set to anything else, a memory file system is created if 384.Pa /tmp 385is not writable. 386.It Va tmpsize 387Controls the size of a created 388.Pa /tmp 389memory file system. 390.It Va tmpmfs_flags 391Extra options passed to the 392.Xr mdmfs 8 393utility when the memory file system for 394.Pa /tmp 395is created. 396The default is 397.Dq Li "-S" , 398which inhibits the use of softupdates on 399.Pa /tmp 400so that file system space is freed without delay 401after file truncation or deletion. 402See 403.Xr mdmfs 8 404for other options you can use in 405.Va tmpmfs_flags . 406.It Va varmfs 407Controls the creation of a 408.Pa /var 409memory file system. 410Always happens if set to 411.Dq Li YES 412and never happens if set to 413.Dq Li NO . 414If set to anything else, a memory file system is created if 415.Pa /var 416is not writable. 417.It Va varsize 418Controls the size of a created 419.Pa /var 420memory file system. 421.It Va varmfs_flags 422Extra options passed to the 423.Xr mdmfs 8 424utility when the memory file system for 425.Pa /var 426is created. 427The default is 428.Dq Li "-S" , 429which inhibits the use of softupdates on 430.Pa /var 431so that file system space is freed without delay 432after file truncation or deletion. 433See 434.Xr mdmfs 8 435for other options you can use in 436.Va varmfs_flags . 437.It Va populate_var 438Controls the automatic population of the 439.Pa /var 440file system. 441Always happens if set to 442.Dq Li YES 443and never happens if set to 444.Dq Li NO . 445If set to anything else, a memory file system is created if 446.Pa /var 447is not writable. 448Note that this process requires access to certain commands in 449.Pa /usr 450before 451.Pa /usr 452is mounted on normal systems. 453.It Va cleanvar_enable 454.Pq Vt bool 455Clean the 456.Pa /var 457directory. 458.It Va local_startup 459.Pq Vt str 460List of directories to search for startup script files. 461.It Va script_name_sep 462.Pq Vt str 463The field separator to use for breaking down the list of startup script files 464into individual filenames. 465The default is a space. 466It is not necessary to change this unless there are startup scripts with names 467containing spaces. 468.It Va hostapd_enable 469.Pq Vt bool 470Set to 471.Dq Li YES 472to start 473.Xr hostapd 8 474at system boot time. 475.It Va hostname 476.Pq Vt str 477The fully qualified domain name (FQDN) of this host on the network. 478This should almost certainly be set to something meaningful, even if 479there is no network connection. 480If 481.Xr dhclient 8 482is used to set the hostname via DHCP, 483this variable should be set to an empty string. 484Within a 485.Xr jail 8 486the hostname is generally already set and this variable may be absent. 487If this value remains unset when the system is done booting 488your console login will display the default hostname of 489.Dq Amnesiac . 490.It Va nisdomainname 491.Pq Vt str 492The NIS domain name of this host, or 493.Dq Li NO 494if NIS is not used. 495.It Va dhclient_program 496.Pq Vt str 497Path to the DHCP client program 498.Pa ( /sbin/dhclient , 499the 500.Ox 501DHCP client, 502is the default). 503.It Va dhclient_flags 504.Pq Vt str 505Additional flags to pass to the DHCP client program. 506For the 507.Ox 508DHCP client, see the 509.Xr dhclient 8 510manpage for a description of the command line options available. 511.It Va dhclient_flags_ Ns Aq Ar iface 512Additional flags to pass to the DHCP client program running on 513.Ar iface 514only. 515When specified, this variable overrides 516.Va dhclient_flags . 517.It Va background_dhclient 518.Pq Vt bool 519Set to 520.Dq Li YES 521to start the DHCP client in background. 522This can cause trouble with applications depending on 523a working network, but it will provide a faster startup 524in many cases. 525.It Va background_dhclient_ Ns Aq Ar iface 526When specified, this variable overrides the 527.Va background_dhclient 528variable for interface 529.Ar iface 530only. 531.It Va synchronous_dhclient 532.Pq Vt bool 533Set to 534.Dq Li YES 535to start 536.Xr dhclient 8 537synchronously at startup. 538This behavior can be overridden on a per-interface basis by replacing 539the 540.Dq Li DHCP 541keyword in the 542.Va ifconfig_ Ns Aq Ar interface 543variable with 544.Dq Li SYNCDHCP 545or 546.Dq Li NOSYNCDHCP . 547.It Va defaultroute_delay 548.Pq Vt int 549When set to a positive value, wait up to this long after configuring 550DHCP interfaces at startup to give the interfaces time to receive a lease. 551.It Va firewall_enable 552.Pq Vt bool 553Set to 554.Dq Li YES 555to load firewall rules at startup. 556If the kernel was not built with 557.Cd "options IPFIREWALL" , 558the 559.Pa ipfw.ko 560kernel module will be loaded. 561See also 562.Va ipfilter_enable . 563.It Va firewall_script 564.Pq Vt str 565This variable specifies the full path to the firewall script to run. 566The default is 567.Pa /etc/rc.firewall . 568.It Va firewall_type 569.Pq Vt str 570Names the firewall type from the selection in 571.Pa /etc/rc.firewall , 572or the file which contains the local firewall ruleset. 573Valid selections from 574.Pa /etc/rc.firewall 575are: 576.Pp 577.Bl -tag -width ".Li workstation" -compact 578.It Li open 579unrestricted IP access 580.It Li closed 581all IP services disabled, except via 582.Dq Li lo0 583.It Li client 584basic protection for a workstation 585.It Li workstation 586basic protection for a workstation using stateful firewalling 587.It Li simple 588basic protection for a LAN. 589.El 590.Pp 591If a filename is specified, the full path 592must be given. 593.Pp 594Most of the predefined rulesets define additional configuration variables. 595These are documented in 596.Pa /etc/rc.firewall . 597.It Va firewall_quiet 598.Pq Vt bool 599Set to 600.Dq Li YES 601to disable the display of firewall rules on the console during boot. 602.It Va firewall_logging 603.Pq Vt bool 604Set to 605.Dq Li YES 606to enable firewall event logging. 607This is equivalent to the 608.Dv IPFIREWALL_VERBOSE 609kernel option. 610.It Va firewall_logif 611.Pq Vt bool 612Set to 613.Dq Li YES 614to create pseudo interface 615.Li ipfw0 616for logging. 617For more details, see 618.Xr ipfw 8 619manual page. 620.It Va firewall_flags 621.Pq Vt str 622Flags passed to 623.Xr ipfw 8 624if 625.Va firewall_type 626specifies a filename. 627.It Va firewall_coscripts 628.Pq Vt str 629List of executables and/or rc scripts to run after firewall starts/stops. 630Default is empty. 631.\" ----- firewall_nat_enable setting -------------------------------- 632.It Va firewall_nat_enable 633.Pq Vt bool 634The 635.Xr ipfw 8 636equivalent of 637.Va natd_enable . 638Setting this to 639.Dq Li YES 640will automatically load the 641.Xr ipfw 8 642NAT kernel module if 643.Va firewall_enable 644is also set to 645.Dq Li YES . 646.It Va firewall_nat_interface 647.Pq Vt str 648The 649.Xr ipfw 8 650equivalent of 651.Va natd_interface . 652This is the name of the public interface or IP address on which 653kernel NAT should run. 654.It Va firewall_nat_flags 655.Pq Vt str 656Additional configuration parameters for kernel NAT should be placed here. 657.It Va firewall_nat64_enable 658.Pq Vt bool 659Setting this to 660.Dq Li YES 661will automatically load the 662.Xr ipfw 8 663NAT64 kernel module if 664.Va firewall_enable 665is also set to 666.Dq Li YES . 667.It Va firewall_nptv6_enable 668.Pq Vt bool 669Setting this to 670.Dq Li YES 671will automatically load the 672.Xr ipfw 8 673NPTv6 kernel module if 674.Va firewall_enable 675is also set to 676.Dq Li YES . 677.It Va firewall_pmod_enable 678.Pq Vt bool 679Setting this to 680.Dq Li YES 681will automatically load the 682.Xr ipfw 8 683pmod kernel module if 684.Va firewall_enable 685is also set to 686.Dq Li YES . 687.It Va dummynet_enable 688.Pq Vt bool 689Setting this to 690.Dq Li YES 691will automatically load the 692.Xr dummynet 4 693module if 694.Va firewall_enable 695is also set to 696.Dq Li YES . 697.\" ------------------------------------------------------------------- 698.It Va ipfw_netflow_enable 699.Pq Vt bool 700Setting this to 701.Dq Li YES 702will enable netflow logging via 703.Xr ng_netflow 4 704.Pp 705By default a ipfw rule is inserted and all packets are duplicated with 706the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 707port using protocol version 5. 708.It Va ipfw_netflow_hook 709.Pq Vt int 710netflow hook name, must be numerical 711(default 712.Pa 9995 ) . 713.It Va ipfw_netflow_rule 714.Pq Vt int 715ipfw rule number 716(default 717.Pa 1000 ) . 718.It Va ipfw_netflow_ip 719.Pq Vt str 720Destination server ip for receiving netflow data 721(default 722.Pa 127.0.0.1 ) . 723.It Va ipfw_netflow_port 724.Pq Vt int 725Destination server port for receiving netflow data 726(default 727.Pa 9995 ) . 728.It Va ipfw_netflow_version 729.Pq Vt int 730Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 731.It Va ipfw_netflow_fib 732.Pq Vt int 733Only match packet in FIB 734.Pa ipfw_netflow_fib 735(default is undefined meaning all FIBs). 736.It Va natd_program 737.Pq Vt str 738Path to 739.Xr natd 8 . 740.It Va natd_enable 741.Pq Vt bool 742Set to 743.Dq Li YES 744to enable 745.Xr natd 8 . 746.Va firewall_enable 747must also be set to 748.Dq Li YES , 749and 750.Xr divert 4 751sockets must be enabled in the kernel. 752If the kernel was not built with 753.Cd "options IPDIVERT" , 754the 755.Pa ipdivert.ko 756kernel module will be loaded. 757.It Va natd_interface 758.Pq Vt str 759This is the name of the public interface on which 760.Xr natd 8 761should run. 762The interface may be given as an interface name or as an IP address. 763.It Va natd_flags 764.Pq Vt str 765Additional 766.Xr natd 8 767flags should be placed here. 768The 769.Fl n 770or 771.Fl a 772flag is automatically added with the above 773.Va natd_interface 774as an argument. 775.\" ----- ipfilter_enable setting -------------------------------- 776.It Va ipfilter_enable 777.Pq Vt bool 778Set to 779.Dq Li NO 780by default. 781Setting this to 782.Dq Li YES 783enables 784.Xr ipf 8 785packet filtering. 786.Pp 787Typical usage will require putting 788.Bd -literal 789ipfilter_enable="YES" 790ipnat_enable="YES" 791ipmon_enable="YES" 792ipfs_enable="YES" 793.Ed 794.Pp 795into 796.Pa /etc/rc.conf 797and editing 798.Pa /etc/ipf.rules 799and 800.Pa /etc/ipnat.rules 801appropriately. 802.Pp 803Note that 804.Va ipfilter_enable 805and 806.Va ipnat_enable 807can be enabled independently. 808.Va ipmon_enable 809and 810.Va ipfs_enable 811both require at least one of 812.Va ipfilter_enable 813and 814.Va ipnat_enable 815to be enabled. 816.Pp 817Having 818.Bd -literal 819options IPFILTER 820options IPFILTER_LOG 821options IPFILTER_DEFAULT_BLOCK 822.Ed 823.Pp 824in the kernel configuration file is a good idea, too. 825.\" ----- ipfilter_program setting ------------------------------ 826.It Va ipfilter_program 827.Pq Vt str 828Path to 829.Xr ipf 8 830(default 831.Pa /sbin/ipf ) . 832.\" ----- ipfilter_rules setting -------------------------------- 833.It Va ipfilter_rules 834.Pq Vt str 835Set to 836.Pa /etc/ipf.rules 837by default. 838This variable contains the name of the filter rule definition file. 839The file is expected to be readable for the 840.Xr ipf 8 841command to execute. 842.\" ----- ipfilter_flags setting -------------------------------- 843.It Va ipfilter_flags 844.Pq Vt str 845Empty by default. 846This variable contains flags passed to the 847.Xr ipf 8 848program. 849.\" ----- ipnat_enable setting ---------------------------------- 850.It Va ipnat_enable 851.Pq Vt bool 852Set to 853.Dq Li NO 854by default. 855Set it to 856.Dq Li YES 857to enable 858.Xr ipnat 8 859network address translation. 860See 861.Va ipfilter_enable 862for a detailed discussion. 863.\" ----- ipnat_program setting --------------------------------- 864.It Va ipnat_program 865.Pq Vt str 866Path to 867.Xr ipnat 8 868(default 869.Pa /sbin/ipnat ) . 870.\" ----- ipnat_rules setting ----------------------------------- 871.It Va ipnat_rules 872.Pq Vt str 873Set to 874.Pa /etc/ipnat.rules 875by default. 876This variable contains the name of the file 877holding the network address translation definition. 878This file is expected to be readable for the 879.Xr ipnat 8 880command to execute. 881.\" ----- ipnat_flags setting ----------------------------------- 882.It Va ipnat_flags 883.Pq Vt str 884Empty by default. 885This variable contains flags passed to the 886.Xr ipnat 8 887program. 888.\" ----- ipmon_enable setting ---------------------------------- 889.It Va ipmon_enable 890.Pq Vt bool 891Set to 892.Dq Li NO 893by default. 894Set it to 895.Dq Li YES 896to enable 897.Xr ipmon 8 898monitoring (logging 899.Xr ipf 8 900and 901.Xr ipnat 8 902events). 903Setting this variable needs setting 904.Va ipfilter_enable 905or 906.Va ipnat_enable 907too. 908See 909.Va ipfilter_enable 910for a detailed discussion. 911.\" ----- ipmon_program setting --------------------------------- 912.It Va ipmon_program 913.Pq Vt str 914Path to 915.Xr ipmon 8 916(default 917.Pa /sbin/ipmon ) . 918.\" ----- ipmon_flags setting ----------------------------------- 919.It Va ipmon_flags 920.Pq Vt str 921Set to 922.Dq Li -Ds 923by default. 924This variable contains flags passed to the 925.Xr ipmon 8 926program. 927Another typical example would be 928.Dq Fl D Pa /var/log/ipflog 929to have 930.Xr ipmon 8 931log directly to a file bypassing 932.Xr syslogd 8 . 933Make sure to adjust 934.Pa /etc/newsyslog.conf 935in such case like this: 936.Bd -literal 937/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 938.Ed 939.\" ----- ipfs_enable setting ----------------------------------- 940.It Va ipfs_enable 941.Pq Vt bool 942Set to 943.Dq Li NO 944by default. 945Set it to 946.Dq Li YES 947to enable 948.Xr ipfs 8 949saving the filter and NAT state tables during shutdown 950and reloading them during startup again. 951Setting this variable needs setting 952.Va ipfilter_enable 953or 954.Va ipnat_enable 955to 956.Dq Li YES 957too. 958See 959.Va ipfilter_enable 960for a detailed discussion. 961Note that if 962.Va kern_securelevel 963is set to 3, 964.Va ipfs_enable 965cannot be used 966because the raised securelevel will prevent 967.Xr ipfs 8 968from saving the state tables at shutdown time. 969.\" ----- ipfs_program setting ---------------------------------- 970.It Va ipfs_program 971.Pq Vt str 972Path to 973.Xr ipfs 8 974(default 975.Pa /sbin/ipfs ) . 976.\" ----- ipfs_flags setting ------------------------------------ 977.It Va ipfs_flags 978.Pq Vt str 979Empty by default. 980This variable contains flags passed to the 981.Xr ipfs 8 982program. 983.\" ----- end of added ipf hook --------------------------------- 984.It Va pf_enable 985.Pq Vt bool 986Set to 987.Dq Li NO 988by default. 989Setting this to 990.Dq Li YES 991enables 992.Xr pf 4 993packet filtering. 994.Pp 995Typical usage will require putting 996.Pp 997.Dl pf_enable="YES" 998.Pp 999into 1000.Pa /etc/rc.conf 1001and editing 1002.Pa /etc/pf.conf 1003appropriately. 1004Adding 1005.Pp 1006.Dl "device pf" 1007.Pp 1008builds support for 1009.Xr pf 4 1010into the kernel, otherwise the 1011kernel module will be loaded. 1012.It Va pf_rules 1013.Pq Vt str 1014Path to 1015.Xr pf 4 1016ruleset configuration file 1017(default 1018.Pa /etc/pf.conf ) . 1019.It Va pf_program 1020.Pq Vt str 1021Path to 1022.Xr pfctl 8 1023(default 1024.Pa /sbin/pfctl ) . 1025.It Va pf_flags 1026.Pq Vt str 1027If 1028.Va pf_enable 1029is set to 1030.Dq Li YES , 1031these flags are passed to the 1032.Xr pfctl 8 1033program when loading the ruleset. 1034.It Va pf_fallback_rules_enable 1035.Pq Vt bool 1036Set to 1037.Dq Li NO 1038by default. 1039Setting this to 1040.Dq Li YES 1041enables loading 1042.Va pf_fallback_rules_file 1043or 1044.Va pf_fallback_rules 1045in case of a problem when loading the ruleset in 1046.Va pf_rules . 1047.It Va pf_fallback_rules_file 1048.Pq Vt str 1049Path to a pf ruleset to load in case of failure when loading the 1050ruleset in 1051.Va pf_rules 1052(default 1053.Pa /etc/pf-fallback.conf ) . 1054.It Va pf_fallback_rules 1055.Pq Vt str 1056A pf ruleset to load in case of failure when loading the ruleset in 1057.Va pf_rules 1058and 1059.Va pf_fallback_rules_file 1060is not found. 1061Multiple rules can be set as follows: 1062.Bd -literal 1063pf_fallback_rules="\\ 1064 block drop log all\\ 1065 pass in quick on em0" 1066.Pp 1067.Ed 1068The default fallback rule is 1069.Dq block drop log all 1070.It Va pflog_enable 1071.Pq Vt bool 1072Set to 1073.Dq Li NO 1074by default. 1075Setting this to 1076.Dq Li YES 1077enables 1078.Xr pflogd 8 1079which logs packets from the 1080.Xr pf 4 1081packet filter. 1082.It Va pflog_logfile 1083.Pq Vt str 1084If 1085.Va pflog_enable 1086is set to 1087.Dq Li YES 1088this controls where 1089.Xr pflogd 8 1090stores the logfile 1091(default 1092.Pa /var/log/pflog ) . 1093Check 1094.Pa /etc/newsyslog.conf 1095to adjust logfile rotation for this. 1096.It Va pflog_program 1097.Pq Vt str 1098Path to 1099.Xr pflogd 8 1100(default 1101.Pa /sbin/pflogd ) . 1102.It Va pflog_flags 1103.Pq Vt str 1104Empty by default. 1105This variable contains additional flags passed to the 1106.Xr pflogd 8 1107program. 1108.It Va pflog_instances 1109.Pq Vt str 1110If logging to more than one 1111.Xr pflog 4 1112interface is desired, 1113.Va pflog_instances 1114is set to the list of 1115.Xr pflogd 8 1116instances that should be started at system boot time. 1117If 1118.Va pflog_instances 1119is set, for each whitespace-separated 1120.Ar element 1121in the list, 1122.Ao Ar element Ac Ns Va _dev 1123and 1124.Ao Ar element Ac Ns Va _logfile 1125elements are assumed to exist. 1126.Ao Ar element Ac Ns Va _dev 1127must contain the 1128.Xr pflog 4 1129interface to be watched by the named 1130.Xr pflogd 8 1131instance. 1132.Ao Ar element Ac Ns Va _logfile 1133must contain the name of the logfile that will be used by the 1134.Xr pflogd 8 1135instance. 1136.It Va ftpproxy_enable 1137.Pq Vt bool 1138Set to 1139.Dq Li NO 1140by default. 1141Setting this to 1142.Dq Li YES 1143enables 1144.Xr ftp-proxy 8 1145which supports the 1146.Xr pf 4 1147packet filter in translating ftp connections. 1148.It Va ftpproxy_flags 1149.Pq Vt str 1150Empty by default. 1151This variable contains additional flags passed to the 1152.Xr ftp-proxy 8 1153program. 1154.It Va ftpproxy_instances 1155.Pq Vt str 1156Empty by default. 1157If multiple instances of 1158.Xr ftp-proxy 8 1159are desired at boot time, 1160.Va ftpproxy_instances 1161should contain a whitespace-separated list of instance names. 1162For each 1163.Ar element 1164in the list, a variable named 1165.Ao Ar element Ac Ns Va _flags 1166should be defined, containing the command-line flags to be passed to the 1167.Xr ftp-proxy 8 1168instance. 1169.It Va pfsync_enable 1170.Pq Vt bool 1171Set to 1172.Dq Li NO 1173by default. 1174Setting this to 1175.Dq Li YES 1176enables exposing 1177.Xr pf 4 1178state changes to other hosts over the network by means of 1179.Xr pfsync 4 . 1180The 1181.Va pfsync_syncdev 1182variable 1183must also be set then. 1184.It Va pfsync_syncdev 1185.Pq Vt str 1186Empty by default. 1187This variable specifies the name of the network interface 1188.Xr pfsync 4 1189should operate through. 1190It must be set accordingly if 1191.Va pfsync_enable 1192is set to 1193.Dq Li YES . 1194.It Va pfsync_syncpeer 1195.Pq Vt str 1196Empty by default. 1197This variable is optional. 1198By default, state change messages are sent out on the synchronisation 1199interface using IP multicast packets. 1200The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1201224.0.0.240. 1202When a peer address is specified using the 1203.Va pfsync_syncpeer 1204option, the peer address is used as a destination for the pfsync 1205traffic, and the traffic can then be protected using 1206.Xr ipsec 4 . 1207See the 1208.Xr pfsync 4 1209manpage for more details about using 1210.Xr ipsec 4 1211with 1212.Xr pfsync 4 1213interfaces. 1214.It Va pfsync_ifconfig 1215.Pq Vt str 1216Empty by default. 1217This variable can contain additional options to be passed to the 1218.Xr ifconfig 8 1219command used to set up 1220.Xr pfsync 4 . 1221.It Va tcp_extensions 1222.Pq Vt bool 1223Set to 1224.Dq Li YES 1225by default. 1226Setting this to 1227.Dq Li NO 1228disables certain TCP options as described by 1229.Rs 1230.%T "RFC 1323" 1231.Re 1232Setting this to 1233.Dq Li NO 1234might help remedy such problems with connections as randomly hanging 1235or other weird behavior. 1236Some network devices are known 1237to be broken with respect to these options. 1238.It Va log_in_vain 1239.Pq Vt int 1240Set to 0 by default. 1241The 1242.Xr sysctl 8 1243variables, 1244.Va net.inet.tcp.log_in_vain 1245and 1246.Va net.inet.udp.log_in_vain , 1247as described in 1248.Xr tcp 4 1249and 1250.Xr udp 4 , 1251are set to the given value. 1252.It Va tcp_keepalive 1253.Pq Vt bool 1254Set to 1255.Dq Li YES 1256by default. 1257Setting to 1258.Dq Li NO 1259will disable probing idle TCP connections to verify that the 1260peer is still up and reachable. 1261.It Va tcp_drop_synfin 1262.Pq Vt bool 1263Set to 1264.Dq Li NO 1265by default. 1266Setting to 1267.Dq Li YES 1268will cause the kernel to ignore TCP frames that have both 1269the SYN and FIN flags set. 1270This prevents OS fingerprinting, but may 1271break some legitimate applications. 1272.It Va icmp_drop_redirect 1273.Pq Vt bool 1274Set to 1275.Dq Li AUTO 1276by default. 1277This setting will be identical to 1278.Dq Li YES , 1279if a dynamicrouting daemon is enabled, because redirect processing may 1280cause performance issues for large routing tables. 1281If no such service is enabled, this setting behaves like a 1282.Dq Li NO . 1283Setting to 1284.Dq Li YES 1285will cause the kernel to ignore ICMP REDIRECT packets. 1286Setting to 1287.Dq Li NO 1288will cause the kernel to process ICMP REDIRECT packets. 1289Refer to 1290.Xr icmp 4 1291for more information. 1292.It Va icmp_log_redirect 1293.Pq Vt bool 1294Set to 1295.Dq Li NO 1296by default. 1297Setting to 1298.Dq Li YES 1299will cause the kernel to log ICMP REDIRECT packets. 1300Note that 1301the log messages are not rate-limited, so this option should only be used 1302for troubleshooting networks. 1303Refer to 1304.Xr icmp 4 1305for more information. 1306.It Va icmp_bmcastecho 1307.Pq Vt bool 1308Set to 1309.Dq Li YES 1310to respond to broadcast or multicast ICMP ping packets. 1311Refer to 1312.Xr icmp 4 1313for more information. 1314.It Va ip_portrange_first 1315.Pq Vt int 1316If not set to 1317.Dq Li NO , 1318this is the first port in the default portrange. 1319Refer to 1320.Xr ip 4 1321for more information. 1322.It Va ip_portrange_last 1323.Pq Vt int 1324If not set to 1325.Dq Li NO , 1326this is the last port in the default portrange. 1327Refer to 1328.Xr ip 4 1329for more information. 1330.It Va network_interfaces 1331.Pq Vt str 1332Set to the list of network interfaces to configure on this host or 1333.Dq Li AUTO 1334(the default) for all current interfaces. 1335Setting the 1336.Va network_interfaces 1337variable to anything other than the default is deprecated. 1338Interfaces that the administrator wishes to store configuration for, 1339but not start at boot should be configured with the 1340.Dq Li NOAUTO 1341keyword in their 1342.Va ifconfig_ Ns Aq Ar interface 1343variables as described below. 1344.Pp 1345An 1346.Va ifconfig_ Ns Aq Ar interface 1347variable is also assumed to exist for each value of 1348.Ar interface . 1349When an interface name contains any of the characters 1350.Dq Li .-/+ 1351they are translated to 1352.Dq Li _ 1353before lookup. 1354The variable can contain arguments to 1355.Xr ifconfig 8 , 1356as well as special case-insensitive keywords described below. 1357Such keywords are removed before passing the value to 1358.Xr ifconfig 8 1359while the order of the other arguments is preserved. 1360.Pp 1361It is possible to add IP alias entries using 1362.Xr ifconfig 8 1363syntax with the address family keyword such as 1364.Li inet . 1365Assuming that the interface in question was 1366.Li em0 , 1367it might look something like this: 1368.Bd -literal 1369ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1370ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1371.Ed 1372.Pp 1373It also possible to configure multiple IP addresses in Classless 1374Inter-Domain Routing 1375.Pq CIDR 1376address notation, 1377whose each address component can be a range like 1378.Li inet 192.0.2.5-23/24 1379or 1380.Li inet6 2001:db8:1-f::1/64 . 1381This notation allows address and prefix length part only, 1382not the other address modifiers. 1383Note that the maximum number of the generated addresses from a range 1384specification is limited to an integer value specified in 1385.Va netif_ipexpand_max 1386in 1387.Nm 1388because a small typo can unexpectedly generate a large number of addresses. 1389The default value is 1390.Li 2048 . 1391It can be increased by adding the following line into 1392.Nm : 1393.Bd -literal 1394netif_ipexpand_max="4096" 1395.Ed 1396.Pp 1397In the case of 1398.Li 192.0.2.5-23/24 , 1399the address 192.0.2.5 will be configured with the 1400netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1401the non-conflicting netmask /32 as explained in the 1402.Xr ifconfig 8 1403alias section. 1404Note that this special netmask handling is only for 1405.Li inet , 1406not for the other address families such as 1407.Li inet6 . 1408.Pp 1409With the interface in question being 1410.Li em0 , 1411an example could look like: 1412.Bd -literal 1413ifconfig_em0_alias2="inet 192.0.2.129/27" 1414ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1415.Ed 1416.Pp 1417and so on. 1418.Pp 1419Note that deprecated 1420.Va ipv4_addrs_ Ns Aq Ar interface 1421variable was supported for IPv4 CIDR address notation. 1422The 1423.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1424variable replaces it, though 1425.Va ipv4_addrs_ Ns Aq Ar interface 1426is still supported for backward compatibility. 1427.Pp 1428For each 1429.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1430entry with an address family keyword, 1431its contents are passed to 1432.Xr ifconfig 8 . 1433Execution stops at the first unsuccessful access, so if 1434something like this is present: 1435.Bd -literal 1436ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1437ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1438ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1439ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1440.Ed 1441.Pp 1442Then note that alias4 would 1443.Em not 1444be added since the search would 1445stop with the missing 1446.Dq Li alias3 1447entry. 1448Because of this difficult to manage behavior, 1449there is 1450.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1451variable, which has the same functionality as 1452.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1453and can have all of entries in a variable like the following: 1454.Bd -literal 1455ifconfig_em0_aliases="\\ 1456 inet 127.0.0.251 netmask 0xffffffff \\ 1457 inet 127.0.0.252 netmask 0xffffffff \\ 1458 inet 127.0.0.253 netmask 0xffffffff \\ 1459 inet 127.0.0.254 netmask 0xffffffff" 1460.Ed 1461.Pp 1462It also supports CIDR notation. 1463.Pp 1464If the 1465.Pa /etc/start_if . Ns Aq Ar interface 1466file is present, it is read and executed by the 1467.Xr sh 1 1468interpreter 1469before configuring the interface as specified in the 1470.Va ifconfig_ Ns Aq Ar interface 1471and 1472.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1473variables. 1474.Pp 1475If a 1476.Va vlans_ Ns Aq Ar interface 1477variable is set, 1478a 1479.Xr vlan 4 1480interface will be created for each item in the list with the 1481.Ar vlandev 1482argument set to 1483.Ar interface . 1484If a vlan interface's name is a number, 1485then that number is used as the vlan tag and the new vlan interface is 1486named 1487.Ar interface . Ns Ar tag . 1488Otherwise, 1489the vlan tag must be specified via a 1490.Va vlan 1491parameter in the 1492.Va create_args_ Ns Aq Ar interface 1493variable. 1494.Pp 1495To create a vlan device named 1496.Li em0.101 1497on 1498.Li em0 1499with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1500.Bd -literal 1501vlans_em0="101" 1502ifconfig_em0_101="inet 192.0.2.1/24" 1503.Ed 1504.Pp 1505To create a vlan device named 1506.Li myvlan 1507on 1508.Li em0 1509with the vlan tag 102: 1510.Bd -literal 1511vlans_em0="myvlan" 1512create_args_myvlan="vlan 102" 1513.Ed 1514.Pp 1515If a 1516.Va wlans_ Ns Aq Ar interface 1517variable is set, 1518an 1519.Xr wlan 4 1520interface will be created for each item in the list with the 1521.Ar wlandev 1522argument set to 1523.Ar interface . 1524Further wlan cloning arguments may be passed to the 1525.Xr ifconfig 8 1526.Cm create 1527command by setting the 1528.Va create_args_ Ns Aq Ar interface 1529variable. 1530One or more 1531.Xr wlan 4 1532devices must be created for each wireless devices as of 1533.Fx 8.0 . 1534Debugging flags for 1535.Xr wlan 4 1536devices as set by 1537.Xr wlandebug 8 1538may be specified with an 1539.Va wlandebug_ Ns Aq Ar interface 1540variable. 1541The contents of this variable will be passed directly to 1542.Xr wlandebug 8 . 1543.Pp 1544If the 1545.Va ifconfig_ Ns Aq Ar interface 1546contains the keyword 1547.Dq Li NOAUTO 1548then the interface will not be configured 1549at boot or by 1550.Pa /etc/pccard_ether 1551when 1552.Va network_interfaces 1553is set to 1554.Dq Li AUTO . 1555.Pp 1556It is possible to bring up an interface with DHCP by adding 1557.Dq Li DHCP 1558to the 1559.Va ifconfig_ Ns Aq Ar interface 1560variable. 1561For instance, to initialize the 1562.Li em0 1563device via DHCP, 1564it is possible to use something like: 1565.Bd -literal 1566ifconfig_em0="DHCP" 1567.Ed 1568.Pp 1569If you want to configure your wireless interface with 1570.Xr wpa_supplicant 8 1571for use with WPA, EAP/LEAP or WEP, you need to add 1572.Dq Li WPA 1573to the 1574.Va ifconfig_ Ns Aq Ar interface 1575variable. 1576.Pp 1577On the other hand, if you want to configure your wireless interface with 1578.Xr hostapd 8 , 1579you need to add 1580.Dq Li HOSTAP 1581to the 1582.Va ifconfig_ Ns Aq Ar interface 1583variable. 1584.Xr hostapd 8 1585will use the settings from 1586.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1587.Pp 1588Finally, you can add 1589.Xr ifconfig 8 1590options in this variable, in addition to the 1591.Pa /etc/start_if . Ns Aq Ar interface 1592file. 1593For instance, to configure an 1594.Xr ath 4 1595wireless device in station mode with an address obtained 1596via DHCP, using WPA authentication and 802.11b mode, it is 1597possible to use something like: 1598.Bd -literal 1599wlans_ath0="wlan0" 1600ifconfig_wlan0="DHCP WPA mode 11b" 1601.Ed 1602.Pp 1603In addition to the 1604.Va ifconfig_ Ns Aq Ar interface 1605form, a fallback variable 1606.Va ifconfig_DEFAULT 1607may be configured. 1608It will be used for all interfaces with no 1609.Va ifconfig_ Ns Aq Ar interface 1610variable. 1611This is intended to replace the no longer supported 1612.Va pccard_ifconfig 1613variable. 1614.Pp 1615It is also possible to rename an interface by doing: 1616.Bd -literal 1617ifconfig_em0_name="net0" 1618ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1619.Ed 1620.It Va ipv6_enable 1621.Pq Vt bool 1622This variable is deprecated. 1623Use 1624.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1625and 1626.Va ipv6_activate_all_interfaces 1627if necessary. 1628.Pp 1629If the variable is 1630.Dq Li YES , 1631.Dq Li inet6 accept_rtadv 1632is added to all of 1633.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1634and the 1635.Va ipv6_activate_all_interfaces 1636is defined as 1637.Dq Li YES . 1638.It Va ipv6_prefer 1639.Pq Vt bool 1640This variable is deprecated. 1641Use 1642.Va ip6addrctl_policy 1643instead. 1644.Pp 1645If the variable is 1646.Dq Li YES , 1647the default address selection policy table set by 1648.Xr ip6addrctl 8 1649will be IPv6-preferred. 1650.Pp 1651If the variable is 1652.Dq Li NO , 1653the default address selection policy table set by 1654.Xr ip6addrctl 8 1655will be IPv4-preferred. 1656.It Va ipv6_activate_all_interfaces 1657.Pq Vt bool 1658This controls initial configuration on IPv6-capable 1659interfaces with no corresponding 1660.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1661variable. 1662Note that it is not always necessary to set this variable to 1663.Dq YES 1664to use IPv6 functionality on 1665.Fx . 1666In most cases, just configuring 1667.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1668variables works. 1669.Pp 1670If the variable is 1671.Dq Li NO , 1672all interfaces which do not have a corresponding 1673.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1674variable will be marked as 1675.Dq Li IFDISABLED 1676at creation. 1677This means that all of IPv6 functionality on that interface 1678is completely disabled to enforce a security policy. 1679If the variable is set to 1680.Dq YES , 1681the flag will be cleared on all of the interfaces. 1682.Pp 1683In most cases, just defining an 1684.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1685for an IPv6-capable interface should be sufficient. 1686However, if an interface is added dynamically 1687.Pq by some tunneling protocols such as PPP, for example , 1688it is often difficult to define the variable in advance. 1689In such a case, configuring the 1690.Dq Li IFDISABLED 1691flag can be disabled by setting this variable to 1692.Dq YES . 1693.Pp 1694For more details of the 1695.Dq Li IFDISABLED 1696flag and keywords 1697.Dq Li inet6 ifdisabled , 1698see 1699.Xr ifconfig 8 . 1700.Pp 1701Default is 1702.Dq Li NO . 1703.It Va ipv6_privacy 1704.Pq Vt bool 1705If the variable is 1706.Dq Li YES 1707privacy addresses will be generated for each IPv6 1708interface as described in RFC 4941. 1709.It Va ipv6_network_interfaces 1710.Pq Vt str 1711This is the IPv6 equivalent of 1712.Va network_interfaces . 1713Normally manual configuration of this variable is not needed. 1714.It Va ipv6_cpe_wanif 1715.Pq Vt str 1716If the variable is set to an interface name, 1717the 1718.Xr ifconfig 8 1719options 1720.Dq inet6 -no_radr accept_rtadv 1721will be added to the specified interface automatically before evaluating 1722.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1723and two 1724.Xr sysctl 8 1725variables 1726.Va net.inet6.ip6.rfc6204w3 1727and 1728.Va net.inet6.ip6.no_radr 1729will be set to 1. 1730.Pp 1731This means the specified interface will accept ICMPv6 Router 1732Advertisement messages on that link and add the discovered 1733routers into the Default Router List. 1734While the other interfaces can still accept RA messages if the 1735.Dq inet6 accept_rtadv 1736option is specified, adding 1737routes into the Default Router List will be disabled by 1738.Dq inet6 no_radr 1739option by default. 1740See 1741.Xr ifconfig 8 1742for more details. 1743.Pp 1744Note that ICMPv6 Router Advertisement messages will be 1745accepted even when 1746.Va net.inet6.ip6.forwarding 1747is 1 1748.Pq packet forwarding is enabled 1749when 1750.Va net.inet6.ip6.rfc6204w3 1751is set to 1. 1752.Pp 1753Default is 1754.Dq Li NO . 1755.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1756.Pq Vt str 1757This assigns arbitrary description to an interface. 1758The 1759.Xr sysctl 8 1760variable 1761.Va net.ifdescr_maxlen 1762limits its length. 1763This static setting may be overridden by commands 1764started with dynamic interface configuration utilities 1765like 1766.Xr dhclient 8 1767hooks. 1768The description can be seen with 1769.Xr ifconfig 8 1770command and it may be exported with 1771.Xr bsnmpd 1 1772daemon using its MIB-2 module. 1773.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1774.Pq Vt str 1775IPv6 functionality on an interface should be configured by 1776.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1777instead of setting ifconfig parameters in 1778.Va ifconfig_ Ns Aq Ar interface . 1779If this variable is empty, all of IPv6 configurations on the 1780specified interface by other variables such as 1781.Va ipv6_prefix_ Ns Ao Ar interface Ac 1782will be ignored. 1783.Pp 1784Aliases should be set by 1785.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1786with 1787.Dq Li inet6 1788keyword. 1789For example: 1790.Bd -literal 1791ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1792ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1793.Ed 1794.Pp 1795Interfaces that have an 1796.Dq Li inet6 accept_rtadv 1797keyword in 1798.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1799setting will be automatically configured by SLAAC 1800.Pq StateLess Address AutoConfiguration 1801described in 1802.Rs 1803.%T "RFC 4862" 1804.Re 1805.Pp 1806Note that a link-local address will be automatically configured in 1807addition to the configured global-scope addresses because the IPv6 1808specifications require it on each link. 1809The address is calculated from the MAC address by using an algorithm 1810defined in 1811.Rs 1812.%T "RFC 4862" 1813.%O "Section 5.3" 1814.Re 1815.Pp 1816If only a link-local address is needed on the interface, 1817the following configuration can be used: 1818.Bd -literal 1819ifconfig_em0_ipv6="inet6 auto_linklocal" 1820.Ed 1821.Pp 1822A link-local address can also be configured manually. 1823This is useful for the default router address of an IPv6 router 1824so that it does not change when the network interface 1825card is replaced. 1826For example: 1827.Bd -literal 1828ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1829.Ed 1830.It Va ipv6_prefix_ Ns Aq Ar interface 1831.Pq Vt str 1832If one or more prefixes are defined in 1833.Va ipv6_prefix_ Ns Aq Ar interface 1834addresses based on each prefix and the EUI-64 interface index will be 1835configured on that interface. 1836Note that this variable will be ignored when 1837.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1838is empty. 1839.Pp 1840For example, the following configuration 1841.Bd -literal 1842ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1843.Ed 1844.Pp 1845is equivalent to the following: 1846.Bd -literal 1847ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1848ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1849ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1850ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1851.Ed 1852.Pp 1853These Subnet-Router anycast addresses will be added only when 1854.Va ipv6_gateway_enable 1855is YES. 1856.It Va ipv6_default_interface 1857.Pq Vt str 1858If not set to 1859.Dq Li NO , 1860this is the default output interface for scoped addresses. 1861This works only with ipv6_gateway_enable="NO". 1862.It Va ip6addrctl_enable 1863.Pq Vt bool 1864This variable is to enable configuring default address selection policy table 1865.Pq RFC 3484 . 1866The table can be specified in another variable 1867.Va ip6addrctl_policy . 1868For 1869.Va ip6addrctl_policy 1870the following keywords can be specified: 1871.Dq Li ipv4_prefer , 1872.Dq Li ipv6_prefer , 1873or 1874.Dq Li AUTO . 1875.Pp 1876If 1877.Dq Li ipv4_prefer 1878or 1879.Dq Li ipv6_prefer 1880is specified, 1881.Xr ip6addrctl 8 1882installs a pre-defined policy table described in Section 10.3 1883.Pq IPv4-preferred 1884or 2.1 1885.Pq IPv6-preferred 1886of RFC 3484. 1887.Pp 1888If 1889.Dq Li AUTO 1890is specified, it attempts to read a file 1891.Pa /etc/ip6addrctl.conf 1892first. 1893If this file is found, 1894.Xr ip6addrctl 8 1895reads and installs it. 1896If not found, a policy is automatically set 1897according to 1898.Va ipv6_activate_all_interfaces 1899variable; if the variable is set to 1900.Dq Li YES 1901the IPv6-preferred one is used. 1902Otherwise IPv4-preferred. 1903.Pp 1904The default value of 1905.Va ip6addrctl_enable 1906and 1907.Va ip6addrctl_policy 1908are 1909.Dq Li YES 1910and 1911.Dq Li AUTO , 1912respectively. 1913.It Va cloned_interfaces 1914.Pq Vt str 1915Set to the list of clonable network interfaces to create on this host. 1916Further cloning arguments may be passed to the 1917.Xr ifconfig 8 1918.Cm create 1919command for each interface by setting the 1920.Va create_args_ Ns Aq Ar interface 1921variable. 1922If an interface name is specified with 1923.Dq :sticky 1924keyword, 1925the interface will not be destroyed even when 1926.Pa rc.d/netif 1927script is invoked with 1928.Dq stop 1929argument. 1930This is useful when reconfiguring the interface without destroying it. 1931Entries in 1932.Va cloned_interfaces 1933are automatically appended to 1934.Va network_interfaces 1935for configuration. 1936.It Va cloned_interfaces_sticky 1937.Pq Vt bool 1938This variable is to globally enable functionality of 1939.Dq :sticky 1940keyword in 1941.Va cloned_interfaces 1942for all interfaces. 1943The default value is 1944.Dq NO . 1945Even if this variable is specified to 1946.Dq YES , 1947.Dq :nosticky 1948keyword can be used to override it on per interface basis. 1949.It Va gif_interfaces 1950Set to the list of 1951.Xr gif 4 1952tunnel interfaces to configure on this host. 1953A 1954.Va gifconfig_ Ns Aq Ar interface 1955variable is assumed to exist for each value of 1956.Ar interface . 1957The value of this variable is used to configure the link layer of the 1958tunnel using the 1959.Cm tunnel 1960option to 1961.Xr ifconfig 8 . 1962Additionally, this option ensures that each listed interface is created 1963via the 1964.Cm create 1965option to 1966.Xr ifconfig 8 1967before attempting to configure it. 1968.Pp 1969For example, configure two 1970.Xr gif 4 1971interfaces with: 1972.Bd -literal 1973gif_interfaces="gif0 gif1" 1974gifconfig_gif0="100.64.0.1 100.64.0.2" 1975ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1976gifconfig_gif1="inet6 2a00::1 2a01::1" 1977ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1978.Ed 1979.It Va ppp_enable 1980.Pq Vt bool 1981If set to 1982.Dq Li YES , 1983run the 1984.Xr ppp 8 1985daemon. 1986.It Va ppp_profile 1987.Pq Vt str 1988The name of the profile to use from 1989.Pa /etc/ppp/ppp.conf . 1990Also used for per-profile overrides of 1991.Va ppp_mode 1992and 1993.Va ppp_nat , 1994and 1995.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1996When the profile name contains any of the characters 1997.Dq Li .-/+ 1998they are translated to 1999.Dq Li _ 2000for the proposes of the override variable names. 2001.It Va ppp_mode 2002.Pq Vt str 2003Mode in which to run the 2004.Xr ppp 8 2005daemon. 2006.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 2007.Pq Vt str 2008Overrides the global 2009.Va ppp_mode 2010for 2011.Ar profile . 2012Accepted modes are 2013.Dq Li auto , 2014.Dq Li ddial , 2015.Dq Li direct 2016and 2017.Dq Li dedicated . 2018See the manual for a full description. 2019.It Va ppp_nat 2020.Pq Vt bool 2021If set to 2022.Dq Li YES , 2023enables network address translation. 2024Used in conjunction with 2025.Va gateway_enable 2026allows hosts on private network addresses access to the Internet using 2027this host as a network address translating router. 2028Default is 2029.Dq Li YES . 2030.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2031.Pq Vt str 2032Overrides the global 2033.Va ppp_nat 2034for 2035.Ar profile . 2036.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2037.Pq Vt int 2038Set the unit number to be used for this profile. 2039See the manual description of 2040.Fl unit Ns Ar N 2041for details. 2042.It Va ppp_user 2043.Pq Vt str 2044The name of the user under which 2045.Xr ppp 8 2046should be started. 2047By 2048default, 2049.Xr ppp 8 2050is started as 2051.Dq Li root . 2052.It Va rc_conf_files 2053.Pq Vt str 2054This option is used to specify a list of files that will override 2055the settings in 2056.Pa /etc/defaults/rc.conf . 2057The files will be read in the order in which they are specified and should 2058include the full path to the file. 2059By default, the files specified are 2060.Pa /etc/rc.conf 2061and 2062.Pa /etc/rc.conf.local 2063.It Va zfs_enable 2064.Pq Vt bool 2065If set to 2066.Dq Li YES , 2067.Pa /etc/rc.d/zfs 2068will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2069(ZVOLs). 2070.It Va zpool_reguid 2071.Pq Vt str 2072A space-separated list of ZFS pool names for which new pool GUIDs should be 2073assigned upon first boot. 2074This is useful when using a ZFS pool copied from a template, such as a virtual 2075machine image. 2076.It Va gptboot_enable 2077.Pq Vt bool 2078If set to 2079.Dq Li YES , 2080.Pa /etc/rc.d/gptboot 2081will log if the system successfully (or not) booted from a GPT partition, 2082which had the 2083.Ar bootonce 2084attribute set using 2085.Xr gpart 8 2086utility. 2087.It Va gbde_autoattach_all 2088.Pq Vt bool 2089If set to 2090.Dq Li YES , 2091.Pa /etc/rc.d/gbde 2092will attempt to automatically initialize your .bde devices in 2093.Pa /etc/fstab . 2094.It Va gbde_devices 2095.Pq Vt str 2096List the devices that the script should try to attach, 2097or 2098.Dq Li AUTO . 2099.It Va gbde_lockdir 2100.Pq Vt str 2101The directory where the 2102.Xr gbde 4 2103lockfiles are located. 2104The default lockfile directory is 2105.Pa /etc . 2106.Pp 2107The lockfile for each individual 2108.Xr gbde 4 2109device can be overridden by setting the variable 2110.Va gbde_lock_ Ns Aq Ar device , 2111where 2112.Ar device 2113is the encrypted device without the 2114.Dq Pa /dev/ 2115and 2116.Dq Pa .bde 2117parts. 2118.It Va gbde_attach_attempts 2119.Pq Vt int 2120Number of times to attempt attaching to a 2121.Xr gbde 4 2122device, i.e., how many times the user is asked for the pass-phrase. 2123Default is 3. 2124.It Va geli_devices 2125.Pq Vt str 2126List of devices to automatically attach on boot. 2127Note that .eli devices from 2128.Pa /etc/fstab 2129are automatically appended to this list. 2130.It Va geli_groups 2131.Pq Vt str 2132List of groups containing devices to automatically attach on boot with the same 2133keyfiles and passphrase. 2134This must be accompanied with a corresponding 2135.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2136variable. 2137.It Va geli_tries 2138.Pq Vt int 2139Number of times user is asked for the pass-phrase. 2140If empty, it will be taken from 2141.Va kern.geom.eli.tries 2142sysctl variable. 2143.It Va geli_default_flags 2144.Pq Vt str 2145Default flags to use by 2146.Xr geli 8 2147when configuring disk encryption. 2148Flags can be configured for every device separately by defining the 2149.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2150variable, and for every group separately by defining the 2151.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2152variable. 2153.It Va geli_autodetach 2154.Pq Vt str 2155Specifies if GELI devices should be marked for detach on last close after 2156file systems are mounted. 2157Default is 2158.Dq Li YES . 2159This can be changed for every device separately by defining the 2160.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2161variable. 2162.It Va root_rw_mount 2163.Pq Vt bool 2164Set to 2165.Dq Li YES 2166by default. 2167After the file systems are checked at boot time, the root file system 2168is remounted as read-write if this is set to 2169.Dq Li YES . 2170Diskless systems that mount their root file system from a read-only remote 2171NFS share should set this to 2172.Dq Li NO 2173in their 2174.Pa rc.conf . 2175.It Va fsck_y_enable 2176.Pq Vt bool 2177If set to 2178.Dq Li YES , 2179.Xr fsck 8 2180will be run with the 2181.Fl y 2182flag if the initial preen 2183of the file systems fails. 2184.It Va background_fsck 2185.Pq Vt bool 2186If set to 2187.Dq Li NO , 2188the system will not attempt to run 2189.Xr fsck 8 2190in the background where possible. 2191.It Va background_fsck_delay 2192.Pq Vt int 2193The amount of time in seconds to sleep before starting a background 2194.Xr fsck 8 . 2195It defaults to sixty seconds to allow large applications such as 2196the X server to start before disk I/O bandwidth is monopolized by 2197.Xr fsck 8 . 2198If set to a negative number, the background file system check will be 2199delayed indefinitely to allow the administrator to run it at a more 2200convenient time. 2201For example it may be run from 2202.Xr cron 8 2203by adding a line like 2204.Pp 2205.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2206.Pp 2207to 2208.Pa /etc/crontab . 2209.It Va netfs_types 2210.Pq Vt str 2211List of file system types that are network-based. 2212This list should generally not be modified by end users. 2213Use 2214.Va extra_netfs_types 2215instead. 2216.It Va extra_netfs_types 2217.Pq Vt str 2218If set to something other than 2219.Dq Li NO 2220(the default), 2221this variable extends the list of file system types 2222for which automatic mounting at startup by 2223.Xr rc 8 2224should be delayed until the network is initialized. 2225It should contain 2226a whitespace-separated list of network file system descriptor pairs, 2227each consisting of a file system type as passed to 2228.Xr mount 8 2229and a human-readable, one-word description, 2230joined with a colon 2231.Pq Ql \&: . 2232Extending the default list in this way is only necessary 2233when third party file system types are used. 2234.It Va syslogd_enable 2235.Pq Vt bool 2236If set to 2237.Dq Li YES , 2238run the 2239.Xr syslogd 8 2240daemon. 2241.It Va syslogd_program 2242.Pq Vt str 2243Path to 2244.Xr syslogd 8 2245(default 2246.Pa /usr/sbin/syslogd ) . 2247.It Va syslogd_flags 2248.Pq Vt str 2249If 2250.Va syslogd_enable 2251is set to 2252.Dq Li YES , 2253these are the flags to pass to 2254.Xr syslogd 8 . 2255.It Va inetd_enable 2256.Pq Vt bool 2257If set to 2258.Dq Li YES , 2259run the 2260.Xr inetd 8 2261daemon. 2262.It Va inetd_program 2263.Pq Vt str 2264Path to 2265.Xr inetd 8 2266(default 2267.Pa /usr/sbin/inetd ) . 2268.It Va inetd_flags 2269.Pq Vt str 2270If 2271.Va inetd_enable 2272is set to 2273.Dq Li YES , 2274these are the flags to pass to 2275.Xr inetd 8 . 2276.It Va hastd_enable 2277.Pq Vt bool 2278If set to 2279.Dq Li YES , 2280run the 2281.Xr hastd 8 2282daemon. 2283.It Va hastd_program 2284.Pq Vt str 2285Path to 2286.Xr hastd 8 2287(default 2288.Pa /sbin/hastd ) . 2289.It Va hastd_flags 2290.Pq Vt str 2291If 2292.Va hastd_enable 2293is set to 2294.Dq Li YES , 2295these are the flags to pass to 2296.Xr hastd 8 . 2297.It Va local_unbound_enable 2298.Pq Vt bool 2299If set to 2300.Dq Li YES , 2301run the 2302.Xr unbound 8 2303daemon as a local caching resolver. 2304.It Va kdc_enable 2305.Pq Vt bool 2306Set to 2307.Dq Li YES 2308to start a Kerberos 5 authentication server 2309at boot time. 2310.It Va kdc_program 2311.Pq Vt str 2312If 2313.Va kdc_enable 2314is set to 2315.Dq Li YES 2316this is the path to Kerberos 5 Authentication Server. 2317.It Va kdc_flags 2318.Pq Vt str 2319Empty by default. 2320This variable contains additional flags to be passed to the Kerberos 5 2321authentication server. 2322.It Va kadmind_enable 2323.Pq Vt bool 2324Set to 2325.Dq Li YES 2326to start 2327.Xr kadmind 8 , 2328the Kerberos 5 Administration Daemon; set to 2329.Dq Li NO 2330on a slave server. 2331.It Va kadmind_program 2332.Pq Vt str 2333If 2334.Va kadmind_enable 2335is set to 2336.Dq Li YES 2337this is the path to Kerberos 5 Administration Daemon. 2338.It Va kpasswdd_enable 2339.Pq Vt bool 2340Set to 2341.Dq Li YES 2342to start 2343.Xr kpasswdd 8 , 2344the Kerberos 5 Password-Changing Daemon; set to 2345.Dq Li NO 2346on a slave server. 2347.It Va kpasswdd_program 2348.Pq Vt str 2349If 2350.Va kpasswdd_enable 2351is set to 2352.Dq Li YES 2353this is the path to Kerberos 5 Password-Changing Daemon. 2354.It Va kfd_enable 2355.Pq Vt bool 2356Set to 2357.Dq Li YES 2358to start 2359.Xr kfd 8 , 2360the Kerberos 5 ticket forwarding daemon, at the boot time. 2361.It Va kfd_program 2362.Pq Vt str 2363Path to 2364.Xr kfd 8 2365(default 2366.Pa /usr/libexec/kfd ) . 2367.It Va rwhod_enable 2368.Pq Vt bool 2369If set to 2370.Dq Li YES , 2371run the 2372.Xr rwhod 8 2373daemon at boot time. 2374.It Va rwhod_flags 2375.Pq Vt str 2376If 2377.Va rwhod_enable 2378is set to 2379.Dq Li YES , 2380these are the flags to pass to it. 2381.It Va update_motd 2382.Pq Vt bool 2383If set to 2384.Dq Li YES , 2385.Pa /etc/motd 2386will be updated at boot time to reflect the kernel release 2387being run. 2388If set to 2389.Dq Li NO , 2390.Pa /etc/motd 2391will not be updated. 2392.It Va nfs_client_enable 2393.Pq Vt bool 2394If set to 2395.Dq Li YES , 2396run the NFS client daemons at boot time. 2397.It Va nfs_access_cache 2398.Pq Vt int 2399If 2400.Va nfs_client_enable 2401is set to 2402.Dq Li YES , 2403this can be set to 2404.Dq Li 0 2405to disable NFS ACCESS RPC caching, or to the number of seconds for which 2406NFS ACCESS 2407results should be cached. 2408A value of 2-10 seconds will substantially reduce network 2409traffic for many NFS operations. 2410.It Va nfs_server_enable 2411.Pq Vt bool 2412If set to 2413.Dq Li YES , 2414run the NFS server daemons at boot time. 2415.It Va nfs_server_flags 2416.Pq Vt str 2417If 2418.Va nfs_server_enable 2419is set to 2420.Dq Li YES , 2421these are the flags to pass to the 2422.Xr nfsd 8 2423daemon. 2424.It Va nfsv4_server_enable 2425.Pq Vt bool 2426If 2427.Va nfs_server_enable 2428is set to 2429.Dq Li YES 2430and 2431.Va nfsv4_server_enable 2432is set to 2433.Dq Li YES , 2434enable the server for NFSv4 as well as NFSv2 and NFSv3. 2435.It Va nfsv4_server_only 2436.Pq Vt bool 2437If 2438.Va nfs_server_enable 2439is set to 2440.Dq Li YES 2441and 2442.Va nfsv4_server_only 2443is set to 2444.Dq Li YES , 2445enable the NFS server for NFSv4 only. 2446.It Va nfs_server_maxio 2447.Pq Vt int 2448value to set vfs.nfsd.srvmaxio to, which is the 2449maximum I/O size for the NFS server. 2450.It Va tlsclntd_enable 2451.Pq Vt bool 2452If set to 2453.Dq Li YES , 2454run the 2455.Xr rpc.tlsclntd 8 2456daemon, which is needed for NFS-over-TLS NFS mounts. 2457.It Va tlsservd_enable 2458.Pq Vt bool 2459If set to 2460.Dq Li YES , 2461run the 2462.Xr rpc.tlsservd 8 2463daemon, which is needed for the 2464.Xr nfsd 8 2465to support NFS-over-TLS NFS mounts. 2466.It Va nfsuserd_enable 2467.Pq Vt bool 2468If 2469.Va nfsuserd_enable 2470is set to 2471.Dq Li YES , 2472run the nfsuserd daemon, which is needed for NFSv4 in order 2473to map between user/group names vs uid/gid numbers. 2474If 2475.Va nfsv4_server_enable 2476is set to 2477.Dq Li YES , 2478this will be forced enabled. 2479.It Va nfsuserd_flags 2480.Pq Vt str 2481If 2482.Va nfsuserd_enable 2483is set to 2484.Dq Li YES , 2485these are the flags to pass to the 2486.Xr nfsuserd 8 2487daemon. 2488.It Va nfscbd_enable 2489.Pq Vt bool 2490If 2491.Va nfscbd_enable 2492is set to 2493.Dq Li YES , 2494run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2495.It Va nfscbd_flags 2496.Pq Vt str 2497If 2498.Va nfscbd_enable 2499is set to 2500.Dq Li YES , 2501these are the flags to pass to the 2502.Xr nfscbd 8 2503daemon. 2504.It Va mountd_enable 2505.Pq Vt bool 2506If set to 2507.Dq Li YES , 2508and no 2509.Va nfs_server_enable 2510is set, start 2511.Xr mountd 8 , 2512but not 2513.Xr nfsd 8 2514daemon. 2515It is commonly needed to run CFS without real NFS used. 2516.It Va mountd_flags 2517.Pq Vt str 2518If 2519.Va mountd_enable 2520is set to 2521.Dq Li YES , 2522these are the flags to pass to the 2523.Xr mountd 8 2524daemon. 2525.It Va weak_mountd_authentication 2526.Pq Vt bool 2527If set to 2528.Dq Li YES , 2529allow services like PCNFSD to make non-privileged mount 2530requests. 2531.It Va nfs_reserved_port_only 2532.Pq Vt bool 2533If set to 2534.Dq Li YES , 2535provide NFS services only on a secure port. 2536.It Va nfs_bufpackets 2537.Pq Vt int 2538If set to a number, indicates the number of packets worth of 2539socket buffer space to reserve on an NFS client. 2540The kernel default is typically 4. 2541Using a higher number may be 2542useful on gigabit networks to improve performance. 2543The minimum value is 25442 and the maximum is 64. 2545.It Va rpc_lockd_enable 2546.Pq Vt bool 2547If set to 2548.Dq Li YES 2549and also an NFS server or client, run 2550.Xr rpc.lockd 8 2551at boot time. 2552.It Va rpc_lockd_flags 2553.Pq Vt str 2554If 2555.Va rpc_lockd_enable 2556is set to 2557.Dq Li YES , 2558these are the flags to pass to the 2559.Xr rpc.lockd 8 2560daemon. 2561.It Va rpc_statd_enable 2562.Pq Vt bool 2563If set to 2564.Dq Li YES 2565and also an NFS server or client, run 2566.Xr rpc.statd 8 2567at boot time. 2568.It Va rpc_statd_flags 2569.Pq Vt str 2570If 2571.Va rpc_statd_enable 2572is set to 2573.Dq Li YES , 2574these are the flags to pass to the 2575.Xr rpc.statd 8 2576daemon. 2577.It Va rpcbind_program 2578.Pq Vt str 2579Path to 2580.Xr rpcbind 8 2581(default 2582.Pa /usr/sbin/rpcbind ) . 2583.It Va rpcbind_enable 2584.Pq Vt bool 2585If set to 2586.Dq Li YES , 2587run the 2588.Xr rpcbind 8 2589service at boot time. 2590.It Va rpcbind_flags 2591.Pq Vt str 2592If 2593.Va rpcbind_enable 2594is set to 2595.Dq Li YES , 2596these are the flags to pass to the 2597.Xr rpcbind 8 2598daemon. 2599.It Va keyserv_enable 2600.Pq Vt bool 2601If set to 2602.Dq Li YES , 2603run the 2604.Xr keyserv 8 2605daemon on boot for running Secure RPC. 2606.It Va keyserv_flags 2607.Pq Vt str 2608If 2609.Va keyserv_enable 2610is set to 2611.Dq Li YES , 2612these are the flags to pass to 2613.Xr keyserv 8 2614daemon. 2615.It Va pppoed_enable 2616.Pq Vt bool 2617If set to 2618.Dq Li YES , 2619run the 2620.Xr pppoed 8 2621daemon at boot time to provide PPP over Ethernet services. 2622.It Va pppoed_ Ns Aq Ar provider 2623.Pq Vt str 2624.Xr pppoed 8 2625listens to requests to this 2626.Ar provider 2627and ultimately runs 2628.Xr ppp 8 2629with a 2630.Ar system 2631argument of the same name. 2632.It Va pppoed_flags 2633.Pq Vt str 2634Additional flags to pass to 2635.Xr pppoed 8 . 2636.It Va pppoed_interface 2637.Pq Vt str 2638The network interface to run 2639.Xr pppoed 8 2640on. 2641This is mandatory when 2642.Va pppoed_enable 2643is set to 2644.Dq Li YES . 2645.It Va ntpdate_enable 2646.Pq Vt bool 2647If set to 2648.Dq Li YES , 2649run 2650.Xr ntpdate 8 2651at system startup. 2652This command is intended to 2653synchronize the system clock only 2654.Em once 2655from some standard reference. 2656.Pp 2657Note that the use of the 2658.Va ntpd_sync_on_start 2659variable is a preferred alternative to the 2660.Xr ntpdate 8 2661utility as 2662.Xr ntpdate 8 2663is to be retired from the NTP distribution. 2664.It Va ntpdate_config 2665.Pq Vt str 2666Configuration file for 2667.Xr ntpdate 8 . 2668Default 2669.Pa /etc/ntp.conf . 2670.It Va ntpdate_hosts 2671.Pq Vt str 2672A whitespace-separated list of NTP servers to synchronize with at startup. 2673The default is to use the servers listed in 2674.Va ntpdate_config , 2675if that file exists. 2676.It Va ntpdate_program 2677.Pq Vt str 2678Path to 2679.Xr ntpdate 8 2680(default 2681.Pa /usr/sbin/ntpdate ) . 2682.It Va ntpdate_flags 2683.Pq Vt str 2684If 2685.Va ntpdate_enable 2686is set to 2687.Dq Li YES , 2688these are the flags to pass to the 2689.Xr ntpdate 8 2690command (typically a hostname). 2691.It Va ntpd_enable 2692.Pq Vt bool 2693If set to 2694.Dq Li YES , 2695run the 2696.Xr ntpd 8 2697command at boot time. 2698.It Va ntpd_program 2699.Pq Vt str 2700Path to 2701.Xr ntpd 8 2702(default 2703.Pa /usr/sbin/ntpd ) . 2704.It Va ntpd_config 2705.Pq Vt str 2706Path to 2707.Xr ntpd 8 2708configuration file. 2709Default 2710.Pa /etc/ntp.conf . 2711.It Va ntpd_flags 2712.Pq Vt str 2713If 2714.Va ntpd_enable 2715is set to 2716.Dq Li YES , 2717these are the flags to pass to the 2718.Xr ntpd 8 2719daemon. 2720.It Va ntpd_sync_on_start 2721.Pq Vt bool 2722If set to 2723.Dq Li YES , 2724.Xr ntpd 8 2725is run with the 2726.Fl g 2727flag, which syncs the system's clock on startup. 2728See 2729.Xr ntpd 8 2730for more information regarding the 2731.Fl g 2732option. 2733This is a preferred alternative to using 2734.Xr ntpdate 8 2735or specifying the 2736.Va ntpdate_enable 2737variable. 2738.It Va nis_client_enable 2739.Pq Vt bool 2740If set to 2741.Dq Li YES , 2742run the 2743.Xr ypbind 8 2744service at system boot time. 2745.It Va nis_client_flags 2746.Pq Vt str 2747If 2748.Va nis_client_enable 2749is set to 2750.Dq Li YES , 2751these are the flags to pass to the 2752.Xr ypbind 8 2753service. 2754.It Va nis_ypldap_enable 2755.Pq Vt bool 2756If set to 2757.Dq Li YES , 2758run the 2759.Xr ypldap 8 2760daemon at system boot time. 2761.It Va nis_ypldap_flags 2762.Pq Vt str 2763If 2764.Va nis.ypldap_enable 2765is set to 2766.Dq Li YES , 2767these are the flags to pass to the 2768.Xr ypldap 8 2769daemon. 2770.It Va nis_ypset_enable 2771.Pq Vt bool 2772If set to 2773.Dq Li YES , 2774run the 2775.Xr ypset 8 2776daemon at system boot time. 2777.It Va nis_ypset_flags 2778.Pq Vt str 2779If 2780.Va nis_ypset_enable 2781is set to 2782.Dq Li YES , 2783these are the flags to pass to the 2784.Xr ypset 8 2785daemon. 2786.It Va nis_server_enable 2787.Pq Vt bool 2788If set to 2789.Dq Li YES , 2790run the 2791.Xr ypserv 8 2792daemon at system boot time. 2793.It Va nis_server_flags 2794.Pq Vt str 2795If 2796.Va nis_server_enable 2797is set to 2798.Dq Li YES , 2799these are the flags to pass to the 2800.Xr ypserv 8 2801daemon. 2802.It Va nis_ypxfrd_enable 2803.Pq Vt bool 2804If set to 2805.Dq Li YES , 2806run the 2807.Xr rpc.ypxfrd 8 2808daemon at system boot time. 2809.It Va nis_ypxfrd_flags 2810.Pq Vt str 2811If 2812.Va nis_ypxfrd_enable 2813is set to 2814.Dq Li YES , 2815these are the flags to pass to the 2816.Xr rpc.ypxfrd 8 2817daemon. 2818.It Va nis_yppasswdd_enable 2819.Pq Vt bool 2820If set to 2821.Dq Li YES , 2822run the 2823.Xr rpc.yppasswdd 8 2824daemon at system boot time. 2825.It Va nis_yppasswdd_flags 2826.Pq Vt str 2827If 2828.Va nis_yppasswdd_enable 2829is set to 2830.Dq Li YES , 2831these are the flags to pass to the 2832.Xr rpc.yppasswdd 8 2833daemon. 2834.It Va rpc_ypupdated_enable 2835.Pq Vt bool 2836If set to 2837.Dq Li YES , 2838run the 2839.Nm rpc.ypupdated 2840daemon at system boot time. 2841.It Va bsnmpd_enable 2842.Pq Vt bool 2843If set to 2844.Dq Li YES , 2845run the 2846.Xr bsnmpd 1 2847daemon at system boot time. 2848Be sure to understand the security implications of running SNMP daemon 2849on your host. 2850.It Va bsnmpd_flags 2851.Pq Vt str 2852If 2853.Va bsnmpd_enable 2854is set to 2855.Dq Li YES , 2856these are the flags to pass to the 2857.Xr bsnmpd 1 2858daemon. 2859.It Va defaultrouter 2860.Pq Vt str 2861If not set to 2862.Dq Li NO , 2863create a default route to this host name or IP address 2864(use an IP address if this router is also required to get to the 2865name server!). 2866.It Va defaultrouter_fibN 2867.Pq Vt str 2868If not set to 2869.Dq Li NO , 2870create a default route in FIB N to this host name or IP address. 2871.It Va ipv6_defaultrouter 2872.Pq Vt str 2873The IPv6 equivalent of 2874.Va defaultrouter . 2875.It Va ipv6_defaultrouter_fibN 2876.Pq Vt str 2877The IPv6 equivalent of 2878.Va defaultrouter_fibN . 2879.It Va static_arp_pairs 2880.Pq Vt str 2881Set to the list of static ARP pairs that are to be added at system 2882boot time. 2883For each whitespace separated 2884.Ar element 2885in the value, a 2886.Va static_arp_ Ns Aq Ar element 2887variable is assumed to exist whose contents will later be passed to a 2888.Dq Nm arp Cm -S 2889operation. 2890For example 2891.Bd -literal 2892static_arp_pairs="gw" 2893static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2894.Ed 2895.It Va static_ndp_pairs 2896.Pq Vt str 2897Set to the list of static NDP pairs that are to be added at system 2898boot time. 2899For each whitespace separated 2900.Ar element 2901in the value, a 2902.Va static_ndp_ Ns Aq Ar element 2903variable is assumed to exist whose contents will later be passed to a 2904.Dq Nm ndp Cm -s 2905operation. 2906For example 2907.Bd -literal 2908static_ndp_pairs="gw" 2909static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2910.Ed 2911.It Va static_routes 2912.Pq Vt str 2913Set to the list of static routes that are to be added at system 2914boot time. 2915If not set to 2916.Dq Li NO 2917then for each whitespace separated 2918.Ar element 2919in the value, a 2920.Va route_ Ns Aq Ar element 2921variable is assumed to exist 2922whose contents will later be passed to a 2923.Dq Nm route Cm add 2924operation. 2925For example: 2926.Bd -literal 2927static_routes="ext mcast:gif0 gif0local:gif0" 2928route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2929route_mcast="-net 224.0.0.0/4 -iface gif0" 2930route_gif0local="-host 169.254.1.1 -iface lo0" 2931.Ed 2932.Pp 2933When an 2934.Ar element 2935is in the form of 2936.Li name:ifname , 2937the route is specific to the interface 2938.Li ifname . 2939.It Va ipv6_static_routes 2940.Pq Vt str 2941The IPv6 equivalent of 2942.Va static_routes . 2943If not set to 2944.Dq Li NO 2945then for each whitespace separated 2946.Ar element 2947in the value, a 2948.Va ipv6_route_ Ns Aq Ar element 2949variable is assumed to exist 2950whose contents will later be passed to a 2951.Dq Nm route Cm add Fl inet6 2952operation. 2953.It Va gateway_enable 2954.Pq Vt bool 2955If set to 2956.Dq Li YES , 2957configure host to act as an IP router, e.g.\& to forward packets 2958between interfaces. 2959.It Va ipv6_gateway_enable 2960.Pq Vt bool 2961The IPv6 equivalent of 2962.Va gateway_enable . 2963.It Va routed_enable 2964.Pq Vt bool 2965If set to 2966.Dq Li YES , 2967run a routing daemon of some sort, based on the 2968settings of 2969.Va routed_program 2970and 2971.Va routed_flags . 2972.It Va route6d_enable 2973.Pq Vt bool 2974The IPv6 equivalent of 2975.Va routed_enable . 2976If set to 2977.Dq Li YES , 2978run a routing daemon of some sort, based on the 2979settings of 2980.Va route6d_program 2981and 2982.Va route6d_flags . 2983.It Va routed_program 2984.Pq Vt str 2985If 2986.Va routed_enable 2987is set to 2988.Dq Li YES , 2989this is the name of the routing daemon to use. 2990.It Va route6d_program 2991.Pq Vt str 2992The IPv6 equivalent of 2993.Va routed_program . 2994.It Va routed_flags 2995.Pq Vt str 2996If 2997.Va routed_enable 2998is set to 2999.Dq Li YES , 3000these are the flags to pass to the routing daemon. 3001.It Va route6d_flags 3002.Pq Vt str 3003The IPv6 equivalent of 3004.Va routed_flags . 3005.It Va rtadvd_enable 3006.Pq Vt bool 3007If set to 3008.Dq Li YES , 3009run the 3010.Xr rtadvd 8 3011daemon at boot time. 3012The 3013.Xr rtadvd 8 3014utility sends ICMPv6 Router Advertisement messages to 3015the interfaces specified in 3016.Va rtadvd_interfaces . 3017This should only be enabled with great care. 3018You may want to fine-tune 3019.Xr rtadvd.conf 5 . 3020.It Va rtadvd_interfaces 3021.Pq Vt str 3022If 3023.Va rtadvd_enable 3024is set to 3025.Dq Li YES 3026this is the list of interfaces to use. 3027.It Va arpproxy_all 3028.Pq Vt bool 3029If set to 3030.Dq Li YES , 3031enable global proxy ARP. 3032.It Va forward_sourceroute 3033.Pq Vt bool 3034If set to 3035.Dq Li YES 3036and 3037.Va gateway_enable 3038is also set to 3039.Dq Li YES , 3040source-routed packets are forwarded. 3041.It Va accept_sourceroute 3042.Pq Vt bool 3043If set to 3044.Dq Li YES , 3045the system will accept source-routed packets directed at it. 3046.It Va rarpd_enable 3047.Pq Vt bool 3048If set to 3049.Dq Li YES , 3050run the 3051.Xr rarpd 8 3052daemon at system boot time. 3053.It Va rarpd_flags 3054.Pq Vt str 3055If 3056.Va rarpd_enable 3057is set to 3058.Dq Li YES , 3059these are the flags to pass to the 3060.Xr rarpd 8 3061daemon. 3062.It Va bootparamd_enable 3063.Pq Vt bool 3064If set to 3065.Dq Li YES , 3066run the 3067.Xr bootparamd 8 3068daemon at system boot time. 3069.It Va bootparamd_flags 3070.Pq Vt str 3071If 3072.Va bootparamd_enable 3073is set to 3074.Dq Li YES , 3075these are the flags to pass to the 3076.Xr bootparamd 8 3077daemon. 3078.It Va stf_interface_ipv4addr 3079.Pq Vt str 3080If not set to 3081.Dq Li NO , 3082this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3083interface). 3084Specify this entry to enable the 6to4 interface. 3085.It Va stf_interface_ipv4plen 3086.Pq Vt int 3087Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3088An effective value is 0-31. 3089.It Va stf_interface_ipv6_ifid 3090.Pq Vt str 3091IPv6 interface ID for 3092.Xr stf 4 . 3093This can be set to 3094.Dq Li AUTO . 3095.It Va stf_interface_ipv6_slaid 3096.Pq Vt str 3097IPv6 Site Level Aggregator for 3098.Xr stf 4 . 3099.It Va ipv6_ipv4mapping 3100.Pq Vt bool 3101If set to 3102.Dq Li YES 3103this enables IPv4 mapped IPv6 address communication (like 3104.Li ::ffff:a.b.c.d ) . 3105.It Va rtsold_enable 3106.Pq Vt bool 3107Set to 3108.Dq Li YES 3109to enable the 3110.Xr rtsold 8 3111daemon to send ICMPv6 Router Solicitation messages. 3112.It Va rtsold_flags 3113.Pq Vt str 3114If 3115.Va rtsold_enable 3116is set to 3117.Dq Li YES , 3118these are the flags to pass to 3119.Xr rtsold 8 . 3120.It Va rtsol_flags 3121.Pq Vt str 3122For interfaces configured with the 3123.Dq Li inet6 accept_rtadv 3124keyword, these are the flags to pass to 3125.Xr rtsol 8 . 3126.Pp 3127Note that 3128.Va rtsold_enable 3129is mutually exclusive to 3130.Va rtsol_flags ; 3131.Va rtsold_enable 3132takes precedence. 3133.It Va keybell 3134.Pq Vt str 3135The keyboard bell sound. 3136Set to 3137.Dq Li normal , 3138.Dq Li visual , 3139.Dq Li off , 3140or 3141.Dq Li NO 3142if the default behavior is desired. 3143For details, refer to the 3144.Xr kbdcontrol 1 3145manpage. 3146.It Va keyboard 3147.Pq Vt str 3148If set to a non-null string, the virtual console's keyboard input is 3149set to this device. 3150.It Va keymap 3151.Pq Vt str 3152If set to 3153.Dq Li NO , 3154no keymap is installed, otherwise the value is used to install 3155the keymap file found in 3156.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3157(if using 3158.Xr syscons 4 ) or 3159.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3160(if using 3161.Xr vt 4 ) . 3162.It Va keyrate 3163.Pq Vt str 3164The keyboard repeat speed. 3165Set to 3166.Dq Li slow , 3167.Dq Li normal , 3168.Dq Li fast , 3169or 3170.Dq Li NO 3171if the default behavior is desired. 3172.It Va keychange 3173.Pq Vt str 3174If not set to 3175.Dq Li NO , 3176attempt to program the function keys with the value. 3177The value should 3178be a single string of the form: 3179.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3180.It Va cursor 3181.Pq Vt str 3182Can be set to the value of 3183.Dq Li normal , 3184.Dq Li blink , 3185.Dq Li destructive , 3186or 3187.Dq Li NO 3188to set the cursor behavior explicitly or choose the default behavior. 3189.It Va scrnmap 3190.Pq Vt str 3191If set to 3192.Dq Li NO , 3193no screen map is installed, otherwise the value is used to install 3194the screen map file in 3195.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3196This parameter is ignored when using 3197.Xr vt 4 3198as the console driver. 3199.It Va font8x16 3200.Pq Vt str 3201If set to 3202.Dq Li NO , 3203the default 8x16 font value is used for screen size requests, otherwise 3204the value in 3205.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3206or 3207.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3208is used (depending on the console driver being used). 3209.It Va font8x14 3210.Pq Vt str 3211If set to 3212.Dq Li NO , 3213the default 8x14 font value is used for screen size requests, otherwise 3214the value in 3215.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3216or 3217.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3218is used (depending on the console driver being used). 3219.It Va font8x8 3220.Pq Vt str 3221If set to 3222.Dq Li NO , 3223the default 8x8 font value is used for screen size requests, otherwise 3224the value in 3225.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3226or 3227.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3228is used (depending on the console driver being used). 3229.It Va blanktime 3230.Pq Vt int 3231If set to 3232.Dq Li NO , 3233the default screen blanking interval is used, otherwise it is set 3234to 3235.Ar value 3236seconds. 3237.It Va saver 3238.Pq Vt str 3239If not set to 3240.Dq Li NO , 3241this is the actual screen saver to use 3242.Li ( blank , snake , daemon , 3243etc). 3244.It Va moused_nondefault_enable 3245.Pq Vt str 3246If set to 3247.Dq Li NO , 3248the mouse device specified on 3249the command line is not automatically treated as enabled by the 3250.Pa /etc/rc.d/moused 3251script. 3252Having this variable set to 3253.Dq Li YES 3254allows a 3255.Xr usb 4 3256mouse, 3257for example, 3258to be enabled as soon as it is plugged in. 3259.It Va moused_enable 3260.Pq Vt str 3261If set to 3262.Dq Li YES , 3263the 3264.Xr moused 8 3265daemon is started for doing cut/paste selection on the console. 3266.It Va moused_type 3267.Pq Vt str 3268This is the protocol type of the mouse connected to this host. 3269This variable must be set if 3270.Va moused_enable 3271is set to 3272.Dq Li YES . 3273The 3274.Xr moused 8 3275daemon 3276is able to detect the appropriate mouse type automatically in many cases. 3277Set this variable to 3278.Dq Li auto 3279to let the daemon detect it, or 3280select one from the following list if the automatic detection fails. 3281.Pp 3282If the mouse is attached to the PS/2 mouse port, choose 3283.Dq Li auto 3284or 3285.Dq Li ps/2 , 3286regardless of the brand and model of the mouse. 3287Likewise, if the 3288mouse is attached to the bus mouse port, choose 3289.Dq Li auto 3290or 3291.Dq Li busmouse . 3292All other protocols are for serial mice and will not work with 3293the PS/2 and bus mice. 3294If this is a USB mouse, 3295.Dq Li auto 3296is the only protocol type which will work. 3297.Pp 3298.Bl -tag -width ".Li x10mouseremote" -compact 3299.It Li microsoft 3300Microsoft mouse (serial) 3301.It Li intellimouse 3302Microsoft IntelliMouse (serial) 3303.It Li mousesystems 3304Mouse systems Corp.\& mouse (serial) 3305.It Li mmseries 3306MM Series mouse (serial) 3307.It Li logitech 3308Logitech mouse (serial) 3309.It Li busmouse 3310A bus mouse 3311.It Li mouseman 3312Logitech MouseMan and TrackMan (serial) 3313.It Li glidepoint 3314ALPS GlidePoint (serial) 3315.It Li thinkingmouse 3316Kensington ThinkingMouse (serial) 3317.It Li ps/2 3318PS/2 mouse 3319.It Li mmhittab 3320MM HitTablet (serial) 3321.It Li x10mouseremote 3322X10 MouseRemote (serial) 3323.It Li versapad 3324Interlink VersaPad (serial) 3325.El 3326.Pp 3327Even if the mouse is not in the above list, it may be compatible 3328with one in the list. 3329Refer to the manual page for 3330.Xr moused 8 3331for compatibility information. 3332.Pp 3333It should also be noted that while this is enabled, any 3334other client of the mouse (such as an X server) should access 3335the mouse through the virtual mouse device, 3336.Pa /dev/sysmouse , 3337and configure it as a 3338.Dq Li sysmouse 3339type mouse, since all 3340mouse data is converted to this single canonical format when 3341using 3342.Xr moused 8 . 3343If the client program does not support the 3344.Dq Li sysmouse 3345type, 3346specify the 3347.Dq Li mousesystems 3348type. 3349It is the second preferred type. 3350.It Va moused_port 3351.Pq Vt str 3352If 3353.Va moused_enable 3354is set to 3355.Dq Li YES , 3356this is the actual port the mouse is on. 3357It might be 3358.Pa /dev/cuau0 3359for a COM1 serial mouse, or 3360.Pa /dev/psm0 3361for a PS/2 mouse, for example. 3362.It Va moused_flags 3363.Pq Vt str 3364If 3365.Va moused_flags 3366is set, its value is used as an additional set of flags to pass to the 3367.Xr moused 8 3368daemon. 3369.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3370When 3371.Va moused_nondefault_enable 3372is enabled, and a 3373.Xr moused 8 3374daemon is started for a non-default port, the 3375.Va "moused_" Ns Ar XXX Ns Va "_flags" 3376set of options has precedence over and replaces the default 3377.Va moused_flags 3378(where 3379.Ar XXX 3380is the name of the non-default port, i.e.,\& 3381.Ar ums0 ) . 3382By setting 3383.Va "moused_" Ns Ar XXX Ns Va "_flags" 3384it is possible to set up a different set of default flags for each 3385.Xr moused 8 3386instance. 3387For example, you can use 3388.Dq Li "-3" 3389for the default 3390.Va moused_flags 3391to make your laptop's touchpad more comfortable to use, 3392but an empty set of options for 3393.Va moused_ums0_flags 3394when your 3395.Xr usb 4 3396mouse has three or more buttons. 3397.It Va mousechar_start 3398.Pq Vt int 3399If set to 3400.Dq Li NO , 3401the default mouse cursor character range 3402.Li 0xd0 Ns - Ns Li 0xd3 3403is used, 3404otherwise the range start is set 3405to 3406.Ar value 3407character, see 3408.Xr vidcontrol 1 . 3409Use if the default range is occupied in the language code table. 3410.It Va allscreens_flags 3411.Pq Vt str 3412If set, 3413.Xr vidcontrol 1 3414is run with these options for each of the virtual terminals 3415.Pq Pa /dev/ttyv* . 3416For example, 3417.Dq Fl m Cm on 3418will enable the mouse pointer on all virtual terminals 3419if 3420.Va moused_enable 3421is set to 3422.Dq Li YES . 3423.It Va allscreens_kbdflags 3424.Pq Vt str 3425If set, 3426.Xr kbdcontrol 1 3427is run with these options for each of the virtual terminals 3428.Pq Pa /dev/ttyv* . 3429For example, 3430.Dq Fl h Li 200 3431will set the 3432.Xr syscons 4 3433or 3434.Xr vt 4 3435scrollback (history) buffer to 200 lines. 3436.It Va cron_enable 3437.Pq Vt bool 3438If set to 3439.Dq Li YES , 3440run the 3441.Xr cron 8 3442daemon at system boot time. 3443.It Va cron_program 3444.Pq Vt str 3445Path to 3446.Xr cron 8 3447(default 3448.Pa /usr/sbin/cron ) . 3449.It Va cron_flags 3450.Pq Vt str 3451If 3452.Va cron_enable 3453is set to 3454.Dq Li YES , 3455these are the flags to pass to 3456.Xr cron 8 . 3457.It Va cron_dst 3458.Pq Vt bool 3459If set to 3460.Dq Li YES , 3461enable the special handling of transitions to and from the 3462Daylight Saving Time in 3463.Xr cron 8 3464(equivalent to using the flag 3465.Fl s ) . 3466.It Va lpd_program 3467.Pq Vt str 3468Path to 3469.Xr lpd 8 3470(default 3471.Pa /usr/sbin/lpd ) . 3472.It Va lpd_enable 3473.Pq Vt bool 3474If set to 3475.Dq Li YES , 3476run the 3477.Xr lpd 8 3478daemon at system boot time. 3479.It Va lpd_flags 3480.Pq Vt str 3481If 3482.Va lpd_enable 3483is set to 3484.Dq Li YES , 3485these are the flags to pass to the 3486.Xr lpd 8 3487daemon. 3488.It Va chkprintcap_enable 3489.Pq Vt bool 3490If set to 3491.Dq Li YES , 3492run the 3493.Xr chkprintcap 8 3494command before starting the 3495.Xr lpd 8 3496daemon. 3497.It Va chkprintcap_flags 3498.Pq Vt str 3499If 3500.Va lpd_enable 3501and 3502.Va chkprintcap_enable 3503are set to 3504.Dq Li YES , 3505these are the flags to pass to the 3506.Xr chkprintcap 8 3507program. 3508The default is 3509.Dq Li -d , 3510which causes missing directories to be created. 3511.It Va mta_start_script 3512.Pq Vt str 3513This variable specifies the full path to the script to run to start 3514a mail transfer agent. 3515The default is 3516.Pa /etc/rc.sendmail . 3517The 3518.Va sendmail_* 3519variables which 3520.Pa /etc/rc.sendmail 3521uses are documented in the 3522.Xr rc.sendmail 8 3523manual page. 3524.It Va dumpdev 3525.Pq Vt str 3526Indicates the device (usually a swap partition) to which a crash dump 3527should be written in the event of a system crash. 3528If the value of this variable is 3529.Dq Li AUTO , 3530the first suitable swap device listed in 3531.Pa /etc/fstab 3532will be used as dump device. 3533Otherwise, the value of this variable is passed as the argument to 3534.Xr dumpon 8 3535and 3536.Xr savecore 8 . 3537To disable crash dumps, set this variable to 3538.Dq Li NO . 3539.It Va dumpon_flags 3540.Pq Vt str 3541Flags to pass to 3542.Xr dumpon 8 3543when configuring 3544.Va dumpdev 3545as the system dump device. 3546.It Va dumpdir 3547.Pq Vt str 3548When the system reboots after a crash and a crash dump is found on the 3549device specified by the 3550.Va dumpdev 3551variable, 3552.Xr savecore 8 3553will save that crash dump and a copy of the kernel to the directory 3554specified by the 3555.Va dumpdir 3556variable. 3557The default value is 3558.Pa /var/crash . 3559Set to 3560.Dq Li NO 3561to not run 3562.Xr savecore 8 3563at boot time when 3564.Va dumpdir 3565is set. 3566.It Va savecore_enable 3567.Pq Vt bool 3568If set to 3569.Dq Li NO , 3570disable automatic extraction of the crash dump from the 3571.Va dumpdev . 3572.It Va savecore_flags 3573.Pq Vt str 3574If crash dumps are enabled, these are the flags to pass to the 3575.Xr savecore 8 3576utility. 3577.It Va quota_enable 3578.Pq Vt bool 3579Set to 3580.Dq Li YES 3581to turn on user and group disk quotas on system startup via the 3582.Xr quotaon 8 3583command for all file systems marked as having quotas enabled in 3584.Pa /etc/fstab . 3585The kernel must be built with 3586.Cd "options QUOTA" 3587for disk quotas to function. 3588.It Va check_quotas 3589.Pq Vt bool 3590Set to 3591.Dq Li YES 3592to enable user and group disk quota checking via the 3593.Xr quotacheck 8 3594command. 3595.It Va quotacheck_flags 3596.Pq Vt str 3597If 3598.Va quota_enable 3599is set to 3600.Dq Li YES , 3601and 3602.Va check_quotas 3603is set to 3604.Dq Li YES , 3605these are the flags to pass to the 3606.Xr quotacheck 8 3607utility. 3608The default is 3609.Dq Li "-a" , 3610which checks quotas for all file systems with quotas enabled in 3611.Pa /etc/fstab . 3612.It Va quotaon_flags 3613.Pq Vt str 3614If 3615.Va quota_enable 3616is set to 3617.Dq Li YES , 3618these are the flags to pass to the 3619.Xr quotaon 8 3620utility. 3621The default is 3622.Dq Li "-a" , 3623which enables quotas for all file systems with quotas enabled in 3624.Pa /etc/fstab . 3625.It Va quotaoff_flags 3626.Pq Vt str 3627If 3628.Va quota_enable 3629is set to 3630.Dq Li YES , 3631these are the flags to pass to the 3632.Xr quotaoff 8 3633utility when shutting down the quota system. 3634The default is 3635.Dq Li "-a" , 3636which disables quotas for all file systems with quotas enabled in 3637.Pa /etc/fstab . 3638.It Va accounting_enable 3639.Pq Vt bool 3640Set to 3641.Dq Li YES 3642to enable system accounting through the 3643.Xr accton 8 3644facility. 3645.It Va firstboot_sentinel 3646.Pq Vt str 3647This variable specifies the full path to a 3648.Dq first boot 3649sentinel file. 3650If a file exists with this path, 3651.Pa rc.d 3652scripts with the 3653.Dq firstboot 3654keyword will be run on startup and the sentinel file will be deleted 3655after the boot process completes. 3656The sentinel file must be located on a writable file system which is 3657mounted no later than 3658.Va early_late_divider 3659to function properly. 3660The default is 3661.Pa /firstboot . 3662.It Va linux_enable 3663.Pq Vt bool 3664Set to 3665.Dq Li YES 3666to enable Linux/ELF binary emulation at system initial 3667boot time. 3668.It Va sysvipc_enable 3669.Pq Vt bool 3670If set to 3671.Dq Li YES , 3672load System V IPC primitives at boot time. 3673.It Va clear_tmp_enable 3674.Pq Vt bool 3675Set to 3676.Dq Li YES 3677to have 3678.Pa /tmp 3679cleaned at startup. 3680.It Va clear_tmp_X 3681.Pq Vt bool 3682Set to 3683.Dq Li NO 3684to disable removing of X11 lock files, 3685and the removal and (secure) recreation 3686of the various socket directories for X11 3687related programs. 3688.It Va ldconfig_paths 3689.Pq Vt str 3690Set to the list of shared library paths to use with 3691.Xr ldconfig 8 . 3692NOTE: 3693.Pa /lib 3694and 3695.Pa /usr/lib 3696will always be added first, so they need not appear in this list. 3697.It Va ldconfig32_paths 3698.Pq Vt str 3699Set to the list of 32-bit compatibility shared library paths to 3700use with 3701.Xr ldconfig 8 . 3702.It Va ldconfig_insecure 3703.Pq Vt bool 3704The 3705.Xr ldconfig 8 3706utility normally refuses to use directories 3707which are writable by anyone except root. 3708Set this variable to 3709.Dq Li YES 3710to disable that security check during system startup. 3711.It Va ldconfig_local_dirs 3712.Pq Vt str 3713Set to the list of local 3714.Xr ldconfig 8 3715directories. 3716The names of all files in the directories listed will be 3717passed as arguments to 3718.Xr ldconfig 8 . 3719.It Va ldconfig_local32_dirs 3720.Pq Vt str 3721Set to the list of local 32-bit compatibility 3722.Xr ldconfig 8 3723directories. 3724The names of all files in the directories listed will be 3725passed as arguments to 3726.Dq Nm ldconfig Fl 32 . 3727.It Va kern_securelevel_enable 3728.Pq Vt bool 3729Set to 3730.Dq Li YES 3731to set the kernel security level at system startup. 3732.It Va kern_securelevel 3733.Pq Vt int 3734The kernel security level to set at startup. 3735The allowed range of 3736.Ar value 3737ranges from \-1 (the compile time default) to 3 (the 3738most secure). 3739See 3740.Xr security 7 3741for the list of possible security levels and their effect 3742on system operation. 3743.It Va sshd_program 3744.Pq Vt str 3745Path to the SSH server program 3746.Pa ( /usr/sbin/sshd 3747is the default). 3748.It Va sshd_enable 3749.Pq Vt bool 3750Set to 3751.Dq Li YES 3752to start 3753.Xr sshd 8 3754at system boot time. 3755.It Va sshd_flags 3756.Pq Vt str 3757If 3758.Va sshd_enable 3759is set to 3760.Dq Li YES , 3761these are the flags to pass to the 3762.Xr sshd 8 3763daemon. 3764.It Va ftpd_program 3765.Pq Vt str 3766Path to the FTP server program 3767.Pa ( /usr/libexec/ftpd 3768is the default). 3769.It Va ftpd_enable 3770.Pq Vt bool 3771Set to 3772.Dq Li YES 3773to start 3774.Xr ftpd 8 3775as a stand-alone daemon at system boot time. 3776.It Va ftpd_flags 3777.Pq Vt str 3778If 3779.Va ftpd_enable 3780is set to 3781.Dq Li YES , 3782these are the additional flags to pass to the 3783.Xr ftpd 8 3784daemon. 3785.It Va watchdogd_enable 3786.Pq Vt bool 3787If set to 3788.Dq Li YES , 3789start the 3790.Xr watchdogd 8 3791daemon at boot time. 3792This requires that the kernel have been compiled with a 3793.Xr watchdog 4 3794compatible device. 3795.It Va watchdogd_flags 3796.Pq Vt str 3797If 3798.Va watchdogd_enable 3799is set to 3800.Dq Li YES , 3801these are the flags passed to the 3802.Xr watchdogd 8 3803daemon. 3804.It Va watchdogd_timeout 3805.Pq Vt int 3806If 3807.Va watchdogd_enable 3808is set to 3809.Dq Li YES , 3810this is a timeout that will be used by the 3811.Xr watchdogd 8 3812daemon. 3813If this option is set, it overrides 3814.Fl t 3815in 3816.Va watchdogd_flags . 3817.It Va watchdogd_shutdown_timeout 3818.Pq Vt int 3819If 3820.Va watchdogd_enable 3821is set to 3822.Dq Li YES , 3823this is a timeout that will be set by the 3824.Xr watchdogd 8 3825daemon when it exits during the system shutdown. 3826This timeout will not be set when returning to the single-user mode 3827or when the watchdogd service is stopped individually using the 3828.Xr service 8 3829command or the rc.d script. 3830Note that the timeout will be applied if 3831.Xr watchdogd 8 3832is stopped outside of 3833.Xr rc 8 3834framework. 3835If this option is set, it overrides 3836.Fl x 3837in 3838.Va watchdogd_flags . 3839.It Va devfs_rulesets 3840.Pq Vt str 3841List of files containing sets of rules for 3842.Xr devfs 8 . 3843.It Va devfs_system_ruleset 3844.Pq Vt str 3845Rule name(s) to apply to the system 3846.Pa /dev 3847itself. 3848.It Va devfs_set_rulesets 3849.Pq Vt str 3850Pairs of already-mounted 3851.Pa dev 3852directories and rulesets that should be applied to them. 3853For example: /mount/dev=ruleset_name 3854.It Va devfs_load_rulesets 3855.Pq Vt bool 3856If set, always load the default rulesets listed in 3857.Va devfs_rulesets . 3858.It Va performance_cx_lowest 3859.Pq Vt str 3860CPU idle state to use while on AC power. 3861The string 3862.Dq Li LOW 3863indicates that 3864.Xr acpi 4 3865should use the lowest power state available while 3866.Dq Li HIGH 3867indicates that the lowest latency state (less power savings) should be used. 3868.It Va performance_cpu_freq 3869.Pq Vt str 3870CPU clock frequency to use while on AC power. 3871The string 3872.Dq Li LOW 3873indicates that 3874.Xr cpufreq 4 3875should use the lowest frequency available while 3876.Dq Li HIGH 3877indicates that the highest frequency (less power savings) should be used. 3878.It Va economy_cx_lowest 3879.Pq Vt str 3880CPU idle state to use when off AC power. 3881The string 3882.Dq Li LOW 3883indicates that 3884.Xr acpi 4 3885should use the lowest power state available while 3886.Dq Li HIGH 3887indicates that the lowest latency state (less power savings) should be used. 3888.It Va economy_cpu_freq 3889.Pq Vt str 3890CPU clock frequency to use when off AC power. 3891The string 3892.Dq Li LOW 3893indicates that 3894.Xr cpufreq 4 3895should use the lowest frequency available while 3896.Dq Li HIGH 3897indicates that the highest frequency (less power savings) should be used. 3898.It Va jail_enable 3899.Pq Vt bool 3900If set to 3901.Dq Li NO , 3902any configured jails will not be started. 3903.It Va jail_conf 3904.Pq Vt str 3905The configuration filename used by 3906.Xr jail 8 3907utility. 3908The default value is 3909.Pa /etc/jail.conf . 3910.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3911and 3912.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3913will also be used if 3914.Va Ao Ar jname Ac Va 3915is set in 3916.Va jail_list . 3917.It Va jail_parallel_start 3918.Pq Vt bool 3919If set to 3920.Dq Li YES , 3921all configured jails will be started in the background (in parallel). 3922.It Va jail_flags 3923.Pq Vt str 3924Unset by default. 3925When set, use as default value for 3926.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3927for every jail in 3928.Va jail_list . 3929.It Va jail_list 3930.Pq Vt str 3931A space-delimited list of jail names. 3932When left empty, all of the 3933.Xr jail 8 3934instances defined in the configuration file are started. 3935The names specified in this list control the jail startup order. 3936.Xr jail 8 3937instances missing from 3938.Va jail_list 3939must be started manually. 3940Note that a jail's 3941.Va depend 3942parameter in the configuration file may override this list. 3943.It Va jail_reverse_stop 3944.Pq Vt bool 3945When set to 3946.Dq Li YES , 3947all configured jails in 3948.Va jail_list 3949are stopped in reverse order. 3950.It Va jail_ Ns * variables 3951Note that older releases supported per-jail configuration via 3952.Nm 3953variables. 3954For example, 3955hostname of a jail named 3956.Li vjail 3957was able to be set by 3958.Li jail_vjail_hostname . 3959These per-jail configuration variables are now obsolete in favor of 3960.Xr jail 8 3961configuration file. 3962For backward compatibility, 3963when per-jail configuration variables are defined, 3964.Xr jail 8 3965configuration files are created as 3966.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3967and used. 3968.Pp 3969The following per-jail parameters are handled by 3970.Pa rc.d/jail 3971script out of their corresponding 3972.Nm 3973variables. 3974In addition to them, parameters in 3975.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3976will be added to the configuration file. 3977They must be a semi-colon 3978.Pq Ql \&; 3979delimited list of 3980.Dq key=value . 3981For more details, 3982see 3983.Xr jail 8 3984manual page. 3985.Bl -tag -width "host.hostname" -offset indent 3986.It Li path 3987set from 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3989.It Li host.hostname 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3992.It Li exec.consolelog 3993set from 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3995The default value is 3996.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log . 3997.It Li interface 3998set from 3999.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 4000.It Li vnet.interface 4001set from 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 4003This implies 4004.Li vnet 4005parameter will be enabled and cannot be specified with 4006.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 4007.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4008and/or 4009.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4010at the same time. 4011.It Li fstab 4012set from 4013.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 4014.It Li mount 4015set from 4016.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 4017.It Li exec.fib 4018set from 4019.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 4020.It Li exec.start 4021set from 4022.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 4023The parameter name was 4024.Li command 4025in some older releases. 4026.It Li exec.prestart 4027set from 4028.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 4029.It Li exec.poststart 4030set from 4031.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4032.It Li exec.stop 4033set from 4034.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4035.It Li exec.prestop 4036set from 4037.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4038.It Li exec.poststop 4039set from 4040.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4041.It Li ip4.addr 4042set if 4043.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4044or 4045.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4046contain IPv4 addresses 4047.It Li ip6.addr 4048set if 4049.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4050or 4051.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4052contain IPv6 addresses 4053.It Li allow.mount 4054set from 4055.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4056.It Li mount.devfs 4057set from 4058.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4059.It Li devfs_ruleset 4060set from 4061.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4062This must be an integer, 4063not a string. 4064.It Li mount.fdescfs 4065set from 4066.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4067.It Li allow.set_hostname 4068set from 4069.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4070.It Li allow.rawsocket 4071set from 4072.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4073.It Li allow.sysvipc 4074set from 4075.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4076.El 4077.\" ----------------------------------------------------- 4078.It Va harvest_mask 4079.Pq Vt int 4080Set to a bit-mask 4081representing the entropy sources 4082you wish to harvest. 4083Refer to 4084.Xr random 4 4085for more information. 4086.It Va entropy_dir 4087.Pq Vt str 4088Set to 4089.Dq Li NO 4090to disable caching entropy via 4091.Xr cron 8 . 4092Otherwise set to the directory 4093in which the entropy files are stored. 4094To be useful, 4095there must be 4096a system cron job 4097that regularly writes and rotates 4098files here. 4099All files found 4100will be used at boot time. 4101The default is 4102.Pa /var/db/entropy . 4103.It Va entropy_file 4104.Pq Vt str 4105Set to 4106.Dq Li NO 4107to disable caching entropy through reboots. 4108Otherwise set to the name 4109of a file used to store cached entropy. 4110This file should be located 4111on a file system that is readable 4112before all the volumes specified in 4113.Xr fstab 5 4114are mounted. 4115By default, 4116.Pa /entropy 4117is used, 4118but if 4119.Pa /var/db/entropy-file 4120is found it will also be used. 4121This will be of some use to 4122.Xr bsdinstall 8 . 4123.It Va entropy_boot_file 4124.Pq Vt str 4125Set to 4126.Dq Li NO 4127to disable 4128very early caching entropy 4129through reboots. 4130Otherwise set to the filename 4131used to read 4132very early reboot cached entropy. 4133This file should be located where 4134.Xr loader 8 4135can read it. 4136See also 4137.Xr loader.conf 5 . 4138The default location is 4139.Pa /boot/entropy . 4140.It Va entropy_save_sz 4141.Pq Vt int 4142Size of the entropy cache files saved by 4143.Nm save-entropy 4144periodically. 4145.It Va entropy_save_num 4146.Pq Vt int 4147Number of entropy cache files to save by 4148.Nm save-entropy 4149periodically. 4150.It Va ipsec_enable 4151.Pq Vt bool 4152Set to 4153.Dq Li YES 4154to run 4155.Xr setkey 8 4156on 4157.Va ipsec_file 4158at boot time. 4159.It Va ipsec_file 4160.Pq Vt str 4161Configuration file for 4162.Xr setkey 8 . 4163.It Va dmesg_enable 4164.Pq Vt bool 4165Set to 4166.Dq Li YES 4167to save 4168.Xr dmesg 8 4169to 4170.Pa /var/run/dmesg.boot 4171on boot. 4172.It Va rcshutdown_timeout 4173.Pq Vt int 4174If set, start a watchdog timer in the background which will terminate 4175.Pa rc.shutdown 4176if 4177.Xr shutdown 8 4178has not completed within the specified time (in seconds). 4179Notice that in addition to this soft timeout, 4180.Xr init 8 4181also applies a hard timeout for the execution of 4182.Pa rc.shutdown . 4183This is configured via 4184.Xr sysctl 8 4185variable 4186.Va kern.init_shutdown_timeout 4187and defaults to 120 seconds. 4188Setting the value of 4189.Va rcshutdown_timeout 4190to more than 120 seconds will have no effect until the 4191.Xr sysctl 8 4192variable 4193.Va kern.init_shutdown_timeout 4194is also increased. 4195.It Va virecover_enable 4196.Pq Vt bool 4197Set to 4198.Dq Li NO 4199to prevent the system from trying to 4200recover pre-maturely terminated 4201.Xr vi 1 4202sessions. 4203.It Va ugidfw_enable 4204.Pq Vt bool 4205Set to 4206.Dq Li YES 4207to load the 4208.Xr mac_bsdextended 4 4209module upon system initialization and load a default 4210ruleset file. 4211.It Va bsdextended_script 4212.Pq Vt str 4213The default 4214.Xr mac_bsdextended 4 4215ruleset file to load. 4216The default value of this variable is 4217.Pa /etc/rc.bsdextended . 4218.It Va newsyslog_enable 4219.Pq Vt bool 4220If set to 4221.Dq Li YES , 4222run 4223.Xr newsyslog 8 4224command at startup. 4225.It Va newsyslog_flags 4226.Pq Vt str 4227If 4228.Va newsyslog_enable 4229is set to 4230.Dq Li YES , 4231these are the flags to pass to the 4232.Xr newsyslog 8 4233program. 4234The default is 4235.Dq Li -CN , 4236which causes log files flagged with a 4237.Cm C 4238to be created. 4239.It Va mdconfig_md Ns Aq Ar X 4240.Pq Vt str 4241Arguments to 4242.Xr mdconfig 8 4243for 4244.Xr md 4 4245device 4246.Ar X . 4247At minimum a 4248.Fl t Ar type 4249must be specified and either a 4250.Fl s Ar size 4251for malloc or swap backed 4252.Xr md 4 4253devices or a 4254.Fl f Ar file 4255for vnode backed 4256.Xr md 4 4257devices. 4258Note that 4259.Va mdconfig_md Ns Aq Ar X 4260variables are evaluated until one variable is unset or null. 4261.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4262.Pq Vt str 4263Optional arguments passed to 4264.Xr newfs 8 4265to initialize 4266.Xr md 4 4267device 4268.Ar X . 4269.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4270.Pq Vt str 4271An ownership specification passed to 4272.Xr chown 8 4273after the specified 4274.Xr md 4 4275device 4276.Ar X 4277has been mounted. 4278Both the 4279.Xr md 4 4280device and the mount point will be changed. 4281.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4282.Pq Vt str 4283A mode string passed to 4284.Xr chmod 1 4285after the specified 4286.Xr md 4 4287device 4288.Ar X 4289has been mounted. 4290Both the 4291.Xr md 4 4292device and the mount point will be changed. 4293.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4294.Pq Vt str 4295Files to be copied to the mount point of the 4296.Xr md 4 4297device 4298.Ar X 4299after it has been mounted. 4300.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4301.Pq Vt str 4302Command to execute after the specified 4303.Xr md 4 4304device 4305.Ar X 4306has been mounted. 4307Note that the command is passed to 4308.Ic eval 4309and that both 4310.Va _dev 4311and 4312.Va _mp 4313variables can be used to reference respectively the 4314.Xr md 4 4315device and the mount point. 4316Assuming that the 4317.Xr md 4 4318device is 4319.Li md0 , 4320one could set the following: 4321.Bd -literal 4322mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4323.Ed 4324.It Va autobridge_interfaces 4325.Pq Vt str 4326Set to the list of bridge interfaces that will have newly arriving interfaces 4327checked against to be automatically added. 4328If not set to 4329.Dq Li NO 4330then for each whitespace separated 4331.Ar element 4332in the value, a 4333.Va autobridge_ Ns Aq Ar element 4334variable is assumed to exist which has a whitespace separated list of interface 4335names to match, these names can use wildcards. 4336For example: 4337.Bd -literal 4338autobridge_interfaces="bridge0" 4339autobridge_bridge0="tap* dc0 vlan[345]" 4340.Ed 4341.It Va mixer_enable 4342.Pq Vt bool 4343If set to 4344.Dq Li YES , 4345enable support for sound mixer. 4346.It Va hcsecd_enable 4347.Pq Vt bool 4348If set to 4349.Dq Li YES , 4350enable Bluetooth security daemon. 4351.It Va hcsecd_config 4352.Pq Vt str 4353Configuration file for 4354.Xr hcsecd 8 . 4355Default 4356.Pa /etc/bluetooth/hcsecd.conf . 4357.It Va sdpd_enable 4358.Pq Vt bool 4359If set to 4360.Dq Li YES , 4361enable Bluetooth Service Discovery Protocol daemon. 4362.It Va sdpd_control 4363.Pq Vt str 4364Path to 4365.Xr sdpd 8 4366control socket. 4367Default 4368.Pa /var/run/sdp . 4369.It Va sdpd_groupname 4370.Pq Vt str 4371Sets 4372.Xr sdpd 8 4373group to run as after it initializes. 4374Default 4375.Dq Li nobody . 4376.It Va sdpd_username 4377.Pq Vt str 4378Sets 4379.Xr sdpd 8 4380user to run as after it initializes. 4381Default 4382.Dq Li nobody . 4383.It Va bthidd_enable 4384.Pq Vt bool 4385If set to 4386.Dq Li YES , 4387enable Bluetooth Human Interface Device daemon. 4388.It Va bthidd_config 4389.Pq Vt str 4390Configuration file for 4391.Xr bthidd 8 . 4392Default 4393.Pa /etc/bluetooth/bthidd.conf . 4394.It Va bthidd_hids 4395.Pq Vt str 4396Path to a file, where 4397.Xr bthidd 8 4398will store information about known HID devices. 4399Default 4400.Pa /var/db/bthidd.hids . 4401.It Va rfcomm_pppd_server_enable 4402.Pq Vt bool 4403If set to 4404.Dq Li YES , 4405enable Bluetooth RFCOMM PPP wrapper daemon. 4406.It Va rfcomm_pppd_server_profile 4407.Pq Vt str 4408The name of the profile to use from 4409.Pa /etc/ppp/ppp.conf . 4410Multiple profiles can be specified here. 4411Also used to specify per-profile overrides. 4412When the profile name contains any of the characters 4413.Dq Li .-/+ 4414they are translated to 4415.Dq Li _ 4416for the proposes of the override variable names. 4417.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4418.Pq Vt str 4419Overrides local address to listen on. 4420By default 4421.Xr rfcomm_pppd 8 4422will listen on 4423.Dq Li ANY 4424address. 4425The address can be specified as BD_ADDR or name. 4426.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4427.Pq Vt str 4428Overrides local RFCOMM channel to listen on. 4429By default 4430.Xr rfcomm_pppd 8 4431will listen on RFCOMM channel 1. 4432Must set properly if multiple profiles used in the same time. 4433.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4434.Pq Vt bool 4435Tells 4436.Xr rfcomm_pppd 8 4437if it should register Serial Port service on the specified RFCOMM channel. 4438Default 4439.Dq Li NO . 4440.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4441.Pq Vt bool 4442Tells 4443.Xr rfcomm_pppd 8 4444if it should register Dial-Up Networking service on the specified 4445RFCOMM channel. 4446Default 4447.Dq Li NO . 4448.It Va ubthidhci_enable 4449.Pq Vt bool 4450If set to 4451.Dq Li YES , 4452change the USB Bluetooth controller from HID mode to HCI mode. 4453You also need to specify the location of USB Bluetooth controller with the 4454.Va ubthidhci_busnum 4455and 4456.Va ubthidhci_addr 4457variables. 4458.It Va ubthidhci_busnum 4459Bus number where the USB Bluetooth controller is located. 4460Check the output of 4461.Xr usbconfig 8 4462on your system to find this information. 4463.It Va ubthidhci_addr 4464Bus address of the USB Bluetooth controller. 4465Check the output of 4466.Xr usbconfig 8 4467on your system to find this information. 4468.It Va netwait_enable 4469.Pq Vt bool 4470If set to 4471.Dq Li YES , 4472delays the start of network-reliant services until 4473.Va netwait_if 4474is up and ICMP packets to a destination defined in 4475.Va netwait_ip 4476are flowing. 4477Link state is examined first, followed by 4478.Dq Li pinging 4479an IP address to verify network usability. 4480If no destination can be reached or timeouts are exceeded, 4481network services are started anyway with no guarantee that 4482the network is usable. 4483Use of this variable requires both 4484.Va netwait_ip 4485and 4486.Va netwait_if 4487to be set. 4488.It Va netwait_ip 4489.Pq Vt str 4490Empty by default. 4491This variable contains a space-delimited list of IP addresses to 4492.Xr ping 8 . 4493DNS hostnames should not be used as resolution is not guaranteed 4494to be functional at this point. 4495If multiple IP addresses are specified, 4496each will be tried until one is successful or the list is exhausted. 4497.It Va netwait_timeout 4498.Pq Vt int 4499Indicates the total number of seconds to perform a 4500.Dq Li ping 4501against each IP address in 4502.Va netwait_ip , 4503at a rate of one ping per second. 4504If any of the pings are successful, 4505full network connectivity is considered reliable. 4506The default is 60. 4507.It Va netwait_if 4508.Pq Vt str 4509Empty by default. 4510Defines the name of the network interface on which watch for link. 4511.Xr ifconfig 8 4512is used to monitor the interface, looking for 4513.Dq Li status: no carrier . 4514Once gone, the link is considered up. 4515This can be a 4516.Xr vlan 4 4517interface if desired. 4518.It Va netwait_if_timeout 4519.Pq Vt int 4520Defines the total number of seconds to wait for link to become usable, 4521polled at a 1-second interval. 4522The default is 30. 4523.It Va rctl_enable 4524.Pq Vt bool 4525If set to 4526.Dq Li YES , 4527load 4528.Xr rctl 8 4529rules from the defined ruleset. 4530The kernel must be built with 4531.Cd "options RACCT" 4532and 4533.Cd "options RCTL" . 4534.It Va rctl_rules 4535.Pq Vt str 4536Set to 4537.Pa /etc/rctl.conf 4538by default. 4539This variables contains the 4540.Xr rctl.conf 5 4541ruleset to load for 4542.Xr rctl 8 . 4543.It Va iovctl_files 4544.Pq Vt str 4545A space-separated list of configuration files used by 4546.Xr iovctl 8 . 4547The default value is an empty string. 4548.It Va autofs_enable 4549.Pq Vt bool 4550If set to 4551.Dq Li YES , 4552start the 4553.Xr automount 8 4554utility and the 4555.Xr automountd 8 4556and 4557.Xr autounmountd 8 4558daemons at boot time. 4559.It Va automount_flags 4560.Pq Vt str 4561If 4562.Va autofs_enable 4563is set to 4564.Dq Li YES , 4565these are the flags to pass to the 4566.Xr automount 8 4567program. 4568By default no flags are passed. 4569.It Va automountd_flags 4570.Pq Vt str 4571If 4572.Va autofs_enable 4573is set to 4574.Dq Li YES , 4575these are the flags to pass to the 4576.Xr automountd 8 4577daemon. 4578By default no flags are passed. 4579.It Va autounmountd_flags 4580.Pq Vt str 4581If 4582.Va autofs_enable 4583is set to 4584.Dq Li YES , 4585these are the flags to pass to the 4586.Xr autounmountd 8 4587daemon. 4588By default no flags are passed. 4589.It Va ctld_enable 4590.Pq Vt bool 4591If set to 4592.Dq Li YES , 4593start the 4594.Xr ctld 8 4595daemon at boot time. 4596.It Va iscsid_enable 4597.Pq Vt bool 4598If set to 4599.Dq Li YES , 4600start the 4601.Xr iscsid 8 4602daemon at boot time. 4603.It Va iscsictl_enable 4604.Pq Vt bool 4605If set to 4606.Dq Li YES , 4607start the 4608.Xr iscsictl 8 4609utility at boot time. 4610.It Va iscsictl_flags 4611.Pq Vt str 4612If 4613.Va iscsictl_enable 4614is set to 4615.Dq Li YES , 4616these are the flags to pass to the 4617.Xr iscsictl 8 4618program. 4619The default is 4620.Dq Li -Aa , 4621which configures sessions based on the 4622.Pa /etc/iscsi.conf 4623configuration file. 4624.It Va cfumass_enable 4625.Pq Vt bool 4626If set to 4627.Dq Li YES , 4628create and export an USB LUN using 4629.Xr cfumass 4 4630at boot time. 4631.It Va cfumass_dir 4632.Pq Vt str 4633The directory where the files exported by USB LUN are located. 4634The default directory is 4635.Pa /var/cfumass . 4636.It Va service_delete_empty 4637.Pq Vt bool 4638If set to 4639.Dq Li YES , 4640.Ql Li service delete 4641removes empty 4642.Dq Li rc.conf.d 4643files. 4644.It Va zfs_bootonce_activate 4645.Pq Vt bool 4646If set to 4647.Dq Li YES , 4648and a boot environment marked bootonce is successfully booted, 4649it will be made permanently active. 4650.It Va zfskeys_enable 4651.Pq Vt bool 4652If set to 4653.Dq Li YES , 4654enable auto-loading of encryption keys for encrypted ZFS datasets. 4655For every dataset the script will first load the appropriate encryption key 4656and then attempt to unlock the dataset. 4657.Pp 4658The script operates only on datasets which are encrypted with 4659ZFS native encryption 4660and have a ZFS 4661.Dq Li keylocation 4662dataset property beginning with 4663.Dq Li file:// . 4664.It Va zfskeys_datasets 4665.Pq Vt str 4666A whitespace-separated list of ZFS datasets to unlock. 4667The list is empty by default, 4668which means that the script will attempt to unlock all datasets. 4669.It Va zfskeys_timeout 4670.Pq Vt int 4671Define the total number of seconds to wait for the zfskeys script 4672to unlock an encrypted dataset. 4673The default is 10. 4674.El 4675.Sh FILES 4676.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4677.It Pa /etc/defaults/rc.conf 4678.It Pa /etc/defaults/vendor.conf 4679.It Pa /etc/rc.conf 4680.It Pa /etc/rc.conf.local 4681.El 4682.Sh SEE ALSO 4683.Xr chmod 1 , 4684.Xr gdb 1 , 4685.Xr info 1 , 4686.Xr kbdcontrol 1 , 4687.Xr limits 1 , 4688.Xr protect 1 , 4689.Xr sh 1 , 4690.Xr vi 1 , 4691.Xr vidcontrol 1 , 4692.Xr bridge 4 , 4693.Xr dummynet 4 , 4694.Xr ip 4 , 4695.Xr ipf 4 , 4696.Xr ipfw 4 , 4697.Xr ipnat 4 , 4698.Xr kld 4 , 4699.Xr pf 4 , 4700.Xr pflog 4 , 4701.Xr pfsync 4 , 4702.Xr tcp 4 , 4703.Xr udp 4 , 4704.Xr exports 5 , 4705.Xr fstab 5 , 4706.Xr ipf 5 , 4707.Xr ipnat 5 , 4708.Xr jail.conf 5 , 4709.Xr loader.conf 5 , 4710.Xr login.conf 5 , 4711.Xr motd 5 , 4712.Xr newsyslog.conf 5 , 4713.Xr pf.conf 5 , 4714.Xr firewall 7 , 4715.Xr growfs 7 , 4716.Xr security 7 , 4717.Xr tuning 7 , 4718.Xr accton 8 , 4719.Xr apm 8 , 4720.Xr bsdinstall 8 , 4721.Xr bthidd 8 , 4722.Xr chkprintcap 8 , 4723.Xr chown 8 , 4724.Xr cron 8 , 4725.Xr devfs 8 , 4726.Xr dhclient 8 , 4727.Xr ftpd 8 , 4728.Xr geli 8 , 4729.Xr hcsecd 8 , 4730.Xr ifconfig 8 , 4731.Xr inetd 8 , 4732.Xr iovctl 8 , 4733.Xr ipf 8 , 4734.Xr ipfw 8 , 4735.Xr ipnat 8 , 4736.Xr jail 8 , 4737.Xr kldxref 8 , 4738.Xr loader 8 , 4739.Xr lpd 8 , 4740.Xr makewhatis 8 , 4741.Xr mdconfig 8 , 4742.Xr mdmfs 8 , 4743.Xr mixer 8 , 4744.Xr mountd 8 , 4745.Xr moused 8 , 4746.Xr newfs 8 , 4747.Xr newsyslog 8 , 4748.Xr nfsd 8 , 4749.Xr ntpd 8 , 4750.Xr ntpdate 8 , 4751.Xr pfctl 8 , 4752.Xr pflogd 8 , 4753.Xr ping 8 , 4754.Xr powerd 8 , 4755.Xr quotacheck 8 , 4756.Xr quotaon 8 , 4757.Xr rc 8 , 4758.Xr rc.sendmail 8 , 4759.Xr rc.subr 8 , 4760.Xr rcorder 8 , 4761.Xr rfcomm_pppd 8 , 4762.Xr route 8 , 4763.Xr routed 8 , 4764.Xr rpc.lockd 8 , 4765.Xr rpc.statd 8 , 4766.Xr rpc.tlsclntd 8 , 4767.Xr rpc.tlsservd 8 , 4768.Xr rpcbind 8 , 4769.Xr rwhod 8 , 4770.Xr savecore 8 , 4771.Xr sdpd 8 , 4772.Xr service 8 , 4773.Xr sshd 8 , 4774.Xr swapon 8 , 4775.Xr sysctl 8 , 4776.Xr syslogd 8 , 4777.Xr sysrc 8 , 4778.Xr unbound 8 , 4779.Xr usbconfig 8 , 4780.Xr wlandebug 8 , 4781.Xr yp 8 , 4782.Xr ypbind 8 , 4783.Xr ypserv 8 , 4784.Xr ypset 8 4785.Sh HISTORY 4786The 4787.Nm 4788file appeared in 4789.Fx 2.2.2 . 4790.Sh AUTHORS 4791.An Jordan K. Hubbard . 4792