xref: /freebsd/share/man/man5/rc.conf.5 (revision 70f51f0e474ffe1fb74cb427423a2fba3637544d)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd October 5, 2021
28.Dt RC.CONF 5
29.Os
30.Sh NAME
31.Nm rc.conf
32.Nd system configuration information
33.Sh DESCRIPTION
34The file
35.Nm
36contains descriptive information about the local host name, configuration
37details for any potential network interfaces and which services should be
38started up at system initial boot time.
39In new installations, the
40.Nm
41file is generally initialized by the system installation utility.
42.Pp
43The purpose of
44.Nm
45is not to run commands or perform system startup actions
46directly.
47Instead, it is included by the
48various generic startup scripts in
49.Pa /etc
50which conditionalize their
51internal actions according to the settings found there.
52.Pp
53The
54.Pa /etc/rc.conf
55file is included from the file
56.Pa /etc/defaults/rc.conf ,
57which specifies the default settings for all the available options.
58Options need only be specified in
59.Pa /etc/rc.conf
60when the system administrator wishes to override these defaults.
61The file
62.Pa /etc/defaults/vendor.conf
63allows vendors to override
64.Fx
65defaults.
66The file
67.Pa /etc/rc.conf.local
68is used to override settings in
69.Pa /etc/rc.conf
70for historical reasons.
71.Pp
72The sysrc(8) command provides a scripting interface to modify system
73config files.
74.Pp
75In addition to
76.Pa /etc/rc.conf.local
77you can also place smaller configuration files for each
78.Xr rc 8
79script in the
80.Pa /etc/rc.conf.d
81directory or
82.Ao Ar dir Ac Ns Pa /rc.conf.d
83directories specified in
84.Va local_startup ,
85which will be included by the
86.Va load_rc_config
87function.
88For jail configurations you could use the file
89.Pa /etc/rc.conf.d/jail
90to store jail specific configuration options.
91If
92.Va local_startup
93contains
94.Pa /usr/local/etc/rc.d
95and
96.Pa /opt/conf ,
97.Pa /usr/local/rc.conf.d/jail
98and
99.Pa /opt/conf/rc.conf.d/jail
100will be loaded.
101If
102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
103is a directory,
104all of files in the directory will be loaded.
105Also see the
106.Va rc_conf_files
107variable below.
108.Pp
109Options are set with
110.Dq Ar name Ns Li = Ns Ar value
111assignments that use
112.Xr sh 1
113syntax.
114The following list provides a name and short description for each
115variable that can be set in the
116.Nm
117file:
118.Bl -tag -width indent-two
119.It Va rc_debug
120.Pq Vt bool
121If set to
122.Dq Li YES ,
123enable output of debug messages from rc scripts.
124This variable can be helpful in diagnosing mistakes when
125editing or integrating new scripts.
126Beware that this produces copious output to the terminal and
127.Xr syslog 3 .
128.It Va rc_info
129.Pq Vt bool
130If set to
131.Dq Li NO ,
132disable informational messages from the rc scripts.
133Informational messages are displayed when
134a condition that is not serious enough to warrant a warning or
135an error occurs.
136.It Va rc_startmsgs
137.Pq Vt bool
138If set to
139.Dq Li YES ,
140show
141.Dq Starting foo:
142when faststart is used (e.g., at boot time).
143.It Va early_late_divider
144.Pq Vt str
145The name of the script that should be used as the
146delimiter between the
147.Dq early
148and
149.Dq late
150stages of the boot process.
151The early stage should contain all the services needed to
152get the disks (local or remote) mounted so that the late
153stage can include scripts contained in the directories
154listed in the
155.Va local_startup
156variable (see below).
157Thus, the two likely candidates for this value are
158.Pa mountcritlocal
159for the typical system, and
160.Pa mountcritremote
161if the system needs remote file
162systems mounted to get access to the
163.Va local_startup
164directories; for example when
165.Pa /usr/local
166is NFS mounted.
167For
168.Pa rc.conf
169within a
170.Xr jail 8
171.Pa NETWORKING
172is likely to be an appropriate value.
173Extreme care should be taken when changing this value,
174and before changing it one should ensure that there are
175adequate provisions to recover from a failed boot
176(such as physical contact with the machine,
177or reliable remote console access).
178.It Va always_force_depends
179.Pq Vt bool
180Various
181.Pa rc.d
182scripts use the force_depend function to check whether required
183services are already running, and to start them if necessary.
184By default during boot time this check is bypassed if the
185required service is enabled in
186.Pa /etc/rc.conf[.local] .
187Setting this option will bypass that check at boot time and
188always test whether or not the service is actually running.
189Enabling this option is likely to increase your boot time if
190services are enabled that utilize the force_depend check.
191.It Ao Ar name Ac Ns Va _chroot
192.Pq Vt str
193.Xr chroot 8
194to this directory before running the service.
195.It Ao Ar name Ac Ns Va _user
196.Pq Vt str
197Run the service under this user account.
198.It Ao Ar name Ac Ns Va _group
199.Pq Vt str
200Run the chrooted service under this system group.
201Unlike the _user
202setting, this setting has no effect if the service is not chrooted.
203.It Ao Ar name Ac Ns Va _fib
204.Pq Vt int
205The
206.Xr setfib 1
207value to run the service under.
208.It Ao Ar name Ac Ns Va _nice
209.Pq Vt int
210The
211.Xr nice 1
212value to run the service under.
213.It Va apm_enable
214.Pq Vt bool
215If set to
216.Dq Li YES ,
217enable support for Automatic Power Management with
218the
219.Xr apm 8
220command.
221.It Va apmd_enable
222.Pq Vt bool
223Run
224.Xr apmd 8
225to handle APM event from userland.
226This also enables support for APM.
227.It Va apmd_flags
228.Pq Vt str
229If
230.Va apmd_enable
231is set to
232.Dq Li YES ,
233these are the flags to pass to the
234.Xr apmd 8
235daemon.
236.It Va devd_enable
237.Pq Vt bool
238Run
239.Xr devd 8
240to handle device added, removed or unknown events from the kernel.
241.It Va ddb_enable
242.Pq Vt bool
243Run
244.Xr ddb 8
245to install
246.Xr ddb 4
247scripts at boot time.
248.It Va ddb_config
249.Pq Vt str
250Configuration file for
251.Xr ddb 8 .
252Default
253.Pa /etc/ddb.conf .
254.It Va devmatch_enable
255.Pq Vt bool
256If set to
257.Dq Li NO ,
258disable auto-loading of kernel modules with
259.Xr devmatch 8 .
260.It Va devmatch_blocklist
261.Pq Vt str
262A whitespace-separated list of kernel modules to be ignored by
263.Xr devmatch 8 .
264.It Va devmatch_blacklist
265.Pq Vt str
266This variable is deprecated.
267Use
268.Va devmatch_blocklist
269instead.
270A whitespace-separated list of kernel modules to be ignored by
271.Xr devmatch 8 .
272.It Va kld_list
273.Pq Vt str
274A whitespace-separated list of kernel modules to load right after
275the local disks are mounted, without any
276.Pa .ko
277extension or path.
278Loading modules at this point in the boot process is
279much faster than doing it via
280.Pa /boot/loader.conf
281for those modules not necessary for mounting local disks.
282.It Va kldxref_enable
283.Pq Vt bool
284Set to
285.Dq Li NO
286by default.
287Set to
288.Dq Li YES
289to automatically rebuild
290.Pa linker.hints
291files with
292.Xr kldxref 8
293at boot time.
294.It Va kldxref_clobber
295.Pq Vt bool
296Set to
297.Dq Li NO
298by default.
299If
300.Va kldxref_enable
301is true,
302setting to
303.Dq Li YES
304will overwrite existing
305.Pa linker.hints
306files at boot time.
307Otherwise,
308only missing
309.Pa linker.hints
310files are generated.
311.It Va kldxref_module_path
312.Pq Vt str
313Empty by default.
314A semi-colon
315.Pq Ql \&;
316delimited list of paths containing
317.Xr kld 4
318modules.
319If empty,
320the contents of the
321.Va kern.module_path
322.Xr sysctl 8
323are used.
324.It Va powerd_enable
325.Pq Vt bool
326If set to
327.Dq Li YES ,
328enable the system power control facility with the
329.Xr powerd 8
330daemon.
331.It Va powerd_flags
332.Pq Vt str
333If
334.Va powerd_enable
335is set to
336.Dq Li YES ,
337these are the flags to pass to the
338.Xr powerd 8
339daemon.
340.It Va tmpmfs
341Controls the creation of a
342.Pa /tmp
343memory file system.
344Always happens if set to
345.Dq Li YES
346and never happens if set to
347.Dq Li NO .
348If set to anything else, a memory file system is created if
349.Pa /tmp
350is not writable.
351.It Va tmpsize
352Controls the size of a created
353.Pa /tmp
354memory file system.
355.It Va tmpmfs_flags
356Extra options passed to the
357.Xr mdmfs 8
358utility when the memory file system for
359.Pa /tmp
360is created.
361The default is
362.Dq Li "-S" ,
363which inhibits the use of softupdates on
364.Pa /tmp
365so that file system space is freed without delay
366after file truncation or deletion.
367See
368.Xr mdmfs 8
369for other options you can use in
370.Va tmpmfs_flags .
371.It Va varmfs
372Controls the creation of a
373.Pa /var
374memory file system.
375Always happens if set to
376.Dq Li YES
377and never happens if set to
378.Dq Li NO .
379If set to anything else, a memory file system is created if
380.Pa /var
381is not writable.
382.It Va varsize
383Controls the size of a created
384.Pa /var
385memory file system.
386.It Va varmfs_flags
387Extra options passed to the
388.Xr mdmfs 8
389utility when the memory file system for
390.Pa /var
391is created.
392The default is
393.Dq Li "-S" ,
394which inhibits the use of softupdates on
395.Pa /var
396so that file system space is freed without delay
397after file truncation or deletion.
398See
399.Xr mdmfs 8
400for other options you can use in
401.Va varmfs_flags .
402.It Va populate_var
403Controls the automatic population of the
404.Pa /var
405file system.
406Always happens if set to
407.Dq Li YES
408and never happens if set to
409.Dq Li NO .
410If set to anything else, a memory file system is created if
411.Pa /var
412is not writable.
413Note that this process requires access to certain commands in
414.Pa /usr
415before
416.Pa /usr
417is mounted on normal systems.
418.It Va cleanvar_enable
419.Pq Vt bool
420Clean the
421.Pa /var
422directory.
423.It Va local_startup
424.Pq Vt str
425List of directories to search for startup script files.
426.It Va script_name_sep
427.Pq Vt str
428The field separator to use for breaking down the list of startup script files
429into individual filenames.
430The default is a space.
431It is not necessary to change this unless there are startup scripts with names
432containing spaces.
433.It Va hostapd_enable
434.Pq Vt bool
435Set to
436.Dq Li YES
437to start
438.Xr hostapd 8
439at system boot time.
440.It Va hostname
441.Pq Vt str
442The fully qualified domain name (FQDN) of this host on the network.
443This should almost certainly be set to something meaningful, even if
444there is no network connection.
445If
446.Xr dhclient 8
447is used to set the hostname via DHCP,
448this variable should be set to an empty string.
449Within a
450.Xr jail 8
451the hostname is generally already set and this variable may be absent.
452If this value remains unset when the system is done booting
453your console login will display the default hostname of
454.Dq Amnesiac .
455.It Va nisdomainname
456.Pq Vt str
457The NIS domain name of this host, or
458.Dq Li NO
459if NIS is not used.
460.It Va dhclient_program
461.Pq Vt str
462Path to the DHCP client program
463.Pa ( /sbin/dhclient ,
464the
465.Ox
466DHCP client,
467is the default).
468.It Va dhclient_flags
469.Pq Vt str
470Additional flags to pass to the DHCP client program.
471For the
472.Ox
473DHCP client, see the
474.Xr dhclient 8
475manpage for a description of the command line options available.
476.It Va dhclient_flags_ Ns Aq Ar iface
477Additional flags to pass to the DHCP client program running on
478.Ar iface
479only.
480When specified, this variable overrides
481.Va dhclient_flags .
482.It Va background_dhclient
483.Pq Vt bool
484Set to
485.Dq Li YES
486to start the DHCP client in background.
487This can cause trouble with applications depending on
488a working network, but it will provide a faster startup
489in many cases.
490.It Va background_dhclient_ Ns Aq Ar iface
491When specified, this variable overrides the
492.Va background_dhclient
493variable for interface
494.Ar iface
495only.
496.It Va synchronous_dhclient
497.Pq Vt bool
498Set to
499.Dq Li YES
500to start
501.Xr dhclient 8
502synchronously at startup.
503This behavior can be overridden on a per-interface basis by replacing
504the
505.Dq Li DHCP
506keyword in the
507.Va ifconfig_ Ns Aq Ar interface
508variable with
509.Dq Li SYNCDHCP
510or
511.Dq Li NOSYNCDHCP .
512.It Va defaultroute_delay
513.Pq Vt int
514When set to a positive value, wait up to this long after configuring
515DHCP interfaces at startup to give the interfaces time to receive a lease.
516.It Va firewall_enable
517.Pq Vt bool
518Set to
519.Dq Li YES
520to load firewall rules at startup.
521If the kernel was not built with
522.Cd "options IPFIREWALL" ,
523the
524.Pa ipfw.ko
525kernel module will be loaded.
526See also
527.Va ipfilter_enable .
528.It Va firewall_script
529.Pq Vt str
530This variable specifies the full path to the firewall script to run.
531The default is
532.Pa /etc/rc.firewall .
533.It Va firewall_type
534.Pq Vt str
535Names the firewall type from the selection in
536.Pa /etc/rc.firewall ,
537or the file which contains the local firewall ruleset.
538Valid selections from
539.Pa /etc/rc.firewall
540are:
541.Pp
542.Bl -tag -width ".Li workstation" -compact
543.It Li open
544unrestricted IP access
545.It Li closed
546all IP services disabled, except via
547.Dq Li lo0
548.It Li client
549basic protection for a workstation
550.It Li workstation
551basic protection for a workstation using stateful firewalling
552.It Li simple
553basic protection for a LAN.
554.El
555.Pp
556If a filename is specified, the full path
557must be given.
558.Pp
559Most of the predefined rulesets define additional configuration variables.
560These are documented in
561.Pa /etc/rc.firewall .
562.It Va firewall_quiet
563.Pq Vt bool
564Set to
565.Dq Li YES
566to disable the display of firewall rules on the console during boot.
567.It Va firewall_logging
568.Pq Vt bool
569Set to
570.Dq Li YES
571to enable firewall event logging.
572This is equivalent to the
573.Dv IPFIREWALL_VERBOSE
574kernel option.
575.It Va firewall_logif
576.Pq Vt bool
577Set to
578.Dq Li YES
579to create pseudo interface
580.Li ipfw0
581for logging.
582For more details, see
583.Xr ipfw 8
584manual page.
585.It Va firewall_flags
586.Pq Vt str
587Flags passed to
588.Xr ipfw 8
589if
590.Va firewall_type
591specifies a filename.
592.It Va firewall_coscripts
593.Pq Vt str
594List of executables and/or rc scripts to run after firewall starts/stops.
595Default is empty.
596.\" ----- firewall_nat_enable setting --------------------------------
597.It Va firewall_nat_enable
598.Pq Vt bool
599The
600.Xr ipfw 8
601equivalent of
602.Va natd_enable .
603Setting this to
604.Dq Li YES
605will automatically load the
606.Xr ipfw 8
607NAT kernel module if
608.Va firewall_enable
609is also set to
610.Dq Li YES .
611.It Va firewall_nat_interface
612.Pq Vt str
613The
614.Xr ipfw 8
615equivalent of
616.Va natd_interface .
617This is the name of the public interface or IP address on which
618kernel NAT should run.
619.It Va firewall_nat_flags
620.Pq Vt str
621Additional configuration parameters for kernel NAT should be placed here.
622.It Va firewall_nat64_enable
623.Pq Vt bool
624Setting this to
625.Dq Li YES
626will automatically load the
627.Xr ipfw 8
628NAT64 kernel module if
629.Va firewall_enable
630is also set to
631.Dq Li YES .
632.It Va firewall_nptv6_enable
633.Pq Vt bool
634Setting this to
635.Dq Li YES
636will automatically load the
637.Xr ipfw 8
638NPTv6 kernel module if
639.Va firewall_enable
640is also set to
641.Dq Li YES .
642.It Va firewall_pmod_enable
643.Pq Vt bool
644Setting this to
645.Dq Li YES
646will automatically load the
647.Xr ipfw 8
648pmod kernel module if
649.Va firewall_enable
650is also set to
651.Dq Li YES .
652.It Va dummynet_enable
653.Pq Vt bool
654Setting this to
655.Dq Li YES
656will automatically load the
657.Xr dummynet 4
658module if
659.Va firewall_enable
660is also set to
661.Dq Li YES .
662.\" -------------------------------------------------------------------
663.It Va ipfw_netflow_enable
664.Pq Vt bool
665Setting this to
666.Dq Li YES
667will enable netflow logging via
668.Xr ng_netflow 4
669.Pp
670By default a ipfw rule is inserted and all packets are duplicated with
671the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
672port using protocol version 5.
673.It Va ipfw_netflow_hook
674.Pq Vt int
675netflow hook name, must be numerical
676(default
677.Pa 9995 ) .
678.It Va ipfw_netflow_rule
679.Pq Vt int
680ipfw rule number
681(default
682.Pa 1000 ) .
683.It Va ipfw_netflow_ip
684.Pq Vt str
685Destination server ip for receiving netflow data
686(default
687.Pa 127.0.0.1 ) .
688.It Va ipfw_netflow_port
689.Pq Vt int
690Destination server port for receiving netflow data
691(default
692.Pa 9995 ) .
693.It Va ipfw_netflow_version
694.Pq Vt int
695Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
696.It Va ipfw_netflow_fib
697.Pq Vt int
698Only match packet in FIB
699.Pa ipfw_netflow_fib
700(default is undefined meaning all FIBs).
701.It Va natd_program
702.Pq Vt str
703Path to
704.Xr natd 8 .
705.It Va natd_enable
706.Pq Vt bool
707Set to
708.Dq Li YES
709to enable
710.Xr natd 8 .
711.Va firewall_enable
712must also be set to
713.Dq Li YES ,
714and
715.Xr divert 4
716sockets must be enabled in the kernel.
717If the kernel was not built with
718.Cd "options IPDIVERT" ,
719the
720.Pa ipdivert.ko
721kernel module will be loaded.
722.It Va natd_interface
723.Pq Vt str
724This is the name of the public interface on which
725.Xr natd 8
726should run.
727The interface may be given as an interface name or as an IP address.
728.It Va natd_flags
729.Pq Vt str
730Additional
731.Xr natd 8
732flags should be placed here.
733The
734.Fl n
735or
736.Fl a
737flag is automatically added with the above
738.Va natd_interface
739as an argument.
740.\" ----- ipfilter_enable setting --------------------------------
741.It Va ipfilter_enable
742.Pq Vt bool
743Set to
744.Dq Li NO
745by default.
746Setting this to
747.Dq Li YES
748enables
749.Xr ipf 8
750packet filtering.
751.Pp
752Typical usage will require putting
753.Bd -literal
754ipfilter_enable="YES"
755ipnat_enable="YES"
756ipmon_enable="YES"
757ipfs_enable="YES"
758.Ed
759.Pp
760into
761.Pa /etc/rc.conf
762and editing
763.Pa /etc/ipf.rules
764and
765.Pa /etc/ipnat.rules
766appropriately.
767.Pp
768Note that
769.Va ipfilter_enable
770and
771.Va ipnat_enable
772can be enabled independently.
773.Va ipmon_enable
774and
775.Va ipfs_enable
776both require at least one of
777.Va ipfilter_enable
778and
779.Va ipnat_enable
780to be enabled.
781.Pp
782Having
783.Bd -literal
784options IPFILTER
785options IPFILTER_LOG
786options IPFILTER_DEFAULT_BLOCK
787.Ed
788.Pp
789in the kernel configuration file is a good idea, too.
790.\" ----- ipfilter_program setting ------------------------------
791.It Va ipfilter_program
792.Pq Vt str
793Path to
794.Xr ipf 8
795(default
796.Pa /sbin/ipf ) .
797.\" ----- ipfilter_rules setting --------------------------------
798.It Va ipfilter_rules
799.Pq Vt str
800Set to
801.Pa /etc/ipf.rules
802by default.
803This variable contains the name of the filter rule definition file.
804The file is expected to be readable for the
805.Xr ipf 8
806command to execute.
807.\" ----- ipfilter_flags setting --------------------------------
808.It Va ipfilter_flags
809.Pq Vt str
810Empty by default.
811This variable contains flags passed to the
812.Xr ipf 8
813program.
814.\" ----- ipnat_enable setting ----------------------------------
815.It Va ipnat_enable
816.Pq Vt bool
817Set to
818.Dq Li NO
819by default.
820Set it to
821.Dq Li YES
822to enable
823.Xr ipnat 8
824network address translation.
825See
826.Va ipfilter_enable
827for a detailed discussion.
828.\" ----- ipnat_program setting ---------------------------------
829.It Va ipnat_program
830.Pq Vt str
831Path to
832.Xr ipnat 8
833(default
834.Pa /sbin/ipnat ) .
835.\" ----- ipnat_rules setting -----------------------------------
836.It Va ipnat_rules
837.Pq Vt str
838Set to
839.Pa /etc/ipnat.rules
840by default.
841This variable contains the name of the file
842holding the network address translation definition.
843This file is expected to be readable for the
844.Xr ipnat 8
845command to execute.
846.\" ----- ipnat_flags setting -----------------------------------
847.It Va ipnat_flags
848.Pq Vt str
849Empty by default.
850This variable contains flags passed to the
851.Xr ipnat 8
852program.
853.\" ----- ipmon_enable setting ----------------------------------
854.It Va ipmon_enable
855.Pq Vt bool
856Set to
857.Dq Li NO
858by default.
859Set it to
860.Dq Li YES
861to enable
862.Xr ipmon 8
863monitoring (logging
864.Xr ipf 8
865and
866.Xr ipnat 8
867events).
868Setting this variable needs setting
869.Va ipfilter_enable
870or
871.Va ipnat_enable
872too.
873See
874.Va ipfilter_enable
875for a detailed discussion.
876.\" ----- ipmon_program setting ---------------------------------
877.It Va ipmon_program
878.Pq Vt str
879Path to
880.Xr ipmon 8
881(default
882.Pa /sbin/ipmon ) .
883.\" ----- ipmon_flags setting -----------------------------------
884.It Va ipmon_flags
885.Pq Vt str
886Set to
887.Dq Li -Ds
888by default.
889This variable contains flags passed to the
890.Xr ipmon 8
891program.
892Another typical example would be
893.Dq Fl D Pa /var/log/ipflog
894to have
895.Xr ipmon 8
896log directly to a file bypassing
897.Xr syslogd 8 .
898Make sure to adjust
899.Pa /etc/newsyslog.conf
900in such case like this:
901.Bd -literal
902/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
903.Ed
904.\" ----- ipfs_enable setting -----------------------------------
905.It Va ipfs_enable
906.Pq Vt bool
907Set to
908.Dq Li NO
909by default.
910Set it to
911.Dq Li YES
912to enable
913.Xr ipfs 8
914saving the filter and NAT state tables during shutdown
915and reloading them during startup again.
916Setting this variable needs setting
917.Va ipfilter_enable
918or
919.Va ipnat_enable
920to
921.Dq Li YES
922too.
923See
924.Va ipfilter_enable
925for a detailed discussion.
926Note that if
927.Va kern_securelevel
928is set to 3,
929.Va ipfs_enable
930cannot be used
931because the raised securelevel will prevent
932.Xr ipfs 8
933from saving the state tables at shutdown time.
934.\" ----- ipfs_program setting ----------------------------------
935.It Va ipfs_program
936.Pq Vt str
937Path to
938.Xr ipfs 8
939(default
940.Pa /sbin/ipfs ) .
941.\" ----- ipfs_flags setting ------------------------------------
942.It Va ipfs_flags
943.Pq Vt str
944Empty by default.
945This variable contains flags passed to the
946.Xr ipfs 8
947program.
948.\" ----- end of added ipf hook ---------------------------------
949.It Va pf_enable
950.Pq Vt bool
951Set to
952.Dq Li NO
953by default.
954Setting this to
955.Dq Li YES
956enables
957.Xr pf 4
958packet filtering.
959.Pp
960Typical usage will require putting
961.Pp
962.Dl pf_enable="YES"
963.Pp
964into
965.Pa /etc/rc.conf
966and editing
967.Pa /etc/pf.conf
968appropriately.
969Adding
970.Pp
971.Dl "device pf"
972.Pp
973builds support for
974.Xr pf 4
975into the kernel, otherwise the
976kernel module will be loaded.
977.It Va pf_rules
978.Pq Vt str
979Path to
980.Xr pf 4
981ruleset configuration file
982(default
983.Pa /etc/pf.conf ) .
984.It Va pf_program
985.Pq Vt str
986Path to
987.Xr pfctl 8
988(default
989.Pa /sbin/pfctl ) .
990.It Va pf_flags
991.Pq Vt str
992If
993.Va pf_enable
994is set to
995.Dq Li YES ,
996these flags are passed to the
997.Xr pfctl 8
998program when loading the ruleset.
999.It Va pf_fallback_rules_enable
1000.Pq Vt bool
1001Set to
1002.Dq Li NO
1003by default.
1004Setting this to
1005.Dq Li YES
1006enables loading
1007.Va pf_fallback_rules_file
1008or
1009.Va pf_fallback_rules
1010in case of a problem when loading the ruleset in
1011.Va pf_rules .
1012.It Va pf_fallback_rules_file
1013.Pq Vt str
1014Path to a pf ruleset to load in case of failure when loading the
1015ruleset in
1016.Va pf_rules
1017(default
1018.Pa /etc/pf-fallback.conf ) .
1019.It Va pf_fallback_rules
1020.Pq Vt str
1021A pf ruleset to load in case of failure when loading the ruleset in
1022.Va pf_rules
1023and
1024.Va pf_fallback_rules_file
1025is not found.
1026Multiple rules can be set as follows:
1027.Bd -literal
1028pf_fallback_rules="\\
1029	block drop log all\\
1030	pass in quick on em0"
1031.Pp
1032.Ed
1033The default fallback rule is
1034.Dq block drop log all
1035.It Va pflog_enable
1036.Pq Vt bool
1037Set to
1038.Dq Li NO
1039by default.
1040Setting this to
1041.Dq Li YES
1042enables
1043.Xr pflogd 8
1044which logs packets from the
1045.Xr pf 4
1046packet filter.
1047.It Va pflog_logfile
1048.Pq Vt str
1049If
1050.Va pflog_enable
1051is set to
1052.Dq Li YES
1053this controls where
1054.Xr pflogd 8
1055stores the logfile
1056(default
1057.Pa /var/log/pflog ) .
1058Check
1059.Pa /etc/newsyslog.conf
1060to adjust logfile rotation for this.
1061.It Va pflog_program
1062.Pq Vt str
1063Path to
1064.Xr pflogd 8
1065(default
1066.Pa /sbin/pflogd ) .
1067.It Va pflog_flags
1068.Pq Vt str
1069Empty by default.
1070This variable contains additional flags passed to the
1071.Xr pflogd 8
1072program.
1073.It Va pflog_instances
1074.Pq Vt str
1075If logging to more than one
1076.Xr pflog 4
1077interface is desired,
1078.Va pflog_instances
1079is set to the list of
1080.Xr pflogd 8
1081instances that should be started at system boot time.
1082If
1083.Va pflog_instances
1084is set, for each whitespace-separated
1085.Ar element
1086in the list,
1087.Ao Ar element Ac Ns Va _dev
1088and
1089.Ao Ar element Ac Ns Va _logfile
1090elements are assumed to exist.
1091.Ao Ar element Ac Ns Va _dev
1092must contain the
1093.Xr pflog 4
1094interface to be watched by the named
1095.Xr pflogd 8
1096instance.
1097.Ao Ar element Ac Ns Va _logfile
1098must contain the name of the logfile that will be used by the
1099.Xr pflogd 8
1100instance.
1101.It Va ftpproxy_enable
1102.Pq Vt bool
1103Set to
1104.Dq Li NO
1105by default.
1106Setting this to
1107.Dq Li YES
1108enables
1109.Xr ftp-proxy 8
1110which supports the
1111.Xr pf 4
1112packet filter in translating ftp connections.
1113.It Va ftpproxy_flags
1114.Pq Vt str
1115Empty by default.
1116This variable contains additional flags passed to the
1117.Xr ftp-proxy 8
1118program.
1119.It Va ftpproxy_instances
1120.Pq Vt str
1121Empty by default.
1122If multiple instances of
1123.Xr ftp-proxy 8
1124are desired at boot time,
1125.Va ftpproxy_instances
1126should contain a whitespace-separated list of instance names.
1127For each
1128.Ar element
1129in the list, a variable named
1130.Ao Ar element Ac Ns Va _flags
1131should be defined, containing the command-line flags to be passed to the
1132.Xr ftp-proxy 8
1133instance.
1134.It Va pfsync_enable
1135.Pq Vt bool
1136Set to
1137.Dq Li NO
1138by default.
1139Setting this to
1140.Dq Li YES
1141enables exposing
1142.Xr pf 4
1143state changes to other hosts over the network by means of
1144.Xr pfsync 4 .
1145The
1146.Va pfsync_syncdev
1147variable
1148must also be set then.
1149.It Va pfsync_syncdev
1150.Pq Vt str
1151Empty by default.
1152This variable specifies the name of the network interface
1153.Xr pfsync 4
1154should operate through.
1155It must be set accordingly if
1156.Va pfsync_enable
1157is set to
1158.Dq Li YES .
1159.It Va pfsync_syncpeer
1160.Pq Vt str
1161Empty by default.
1162This variable is optional.
1163By default, state change messages are sent out on the synchronisation
1164interface using IP multicast packets.
1165The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1166224.0.0.240.
1167When a peer address is specified using the
1168.Va pfsync_syncpeer
1169option, the peer address is used as a destination for the pfsync
1170traffic, and the traffic can then be protected using
1171.Xr ipsec 4 .
1172See the
1173.Xr pfsync 4
1174manpage for more details about using
1175.Xr ipsec 4
1176with
1177.Xr pfsync 4
1178interfaces.
1179.It Va pfsync_ifconfig
1180.Pq Vt str
1181Empty by default.
1182This variable can contain additional options to be passed to the
1183.Xr ifconfig 8
1184command used to set up
1185.Xr pfsync 4 .
1186.It Va tcp_extensions
1187.Pq Vt bool
1188Set to
1189.Dq Li YES
1190by default.
1191Setting this to
1192.Dq Li NO
1193disables certain TCP options as described by
1194.Rs
1195.%T "RFC 1323"
1196.Re
1197Setting this to
1198.Dq Li NO
1199might help remedy such problems with connections as randomly hanging
1200or other weird behavior.
1201Some network devices are known
1202to be broken with respect to these options.
1203.It Va log_in_vain
1204.Pq Vt int
1205Set to 0 by default.
1206The
1207.Xr sysctl 8
1208variables,
1209.Va net.inet.tcp.log_in_vain
1210and
1211.Va net.inet.udp.log_in_vain ,
1212as described in
1213.Xr tcp 4
1214and
1215.Xr udp 4 ,
1216are set to the given value.
1217.It Va tcp_keepalive
1218.Pq Vt bool
1219Set to
1220.Dq Li YES
1221by default.
1222Setting to
1223.Dq Li NO
1224will disable probing idle TCP connections to verify that the
1225peer is still up and reachable.
1226.It Va tcp_drop_synfin
1227.Pq Vt bool
1228Set to
1229.Dq Li NO
1230by default.
1231Setting to
1232.Dq Li YES
1233will cause the kernel to ignore TCP frames that have both
1234the SYN and FIN flags set.
1235This prevents OS fingerprinting, but may
1236break some legitimate applications.
1237.It Va icmp_drop_redirect
1238.Pq Vt bool
1239Set to
1240.Dq Li AUTO
1241by default.
1242This setting will be identical to
1243.Dq Li YES ,
1244if a dynamicrouting daemon is enabled, because redirect processing may
1245cause performance issues for large routing tables.
1246If no such service is enabled, this setting behaves like a
1247.Dq Li NO .
1248Setting to
1249.Dq Li YES
1250will cause the kernel to ignore ICMP REDIRECT packets.
1251Setting to
1252.Dq Li NO
1253will cause the kernel to process ICMP REDIRECT packets.
1254Refer to
1255.Xr icmp 4
1256for more information.
1257.It Va icmp_log_redirect
1258.Pq Vt bool
1259Set to
1260.Dq Li NO
1261by default.
1262Setting to
1263.Dq Li YES
1264will cause the kernel to log ICMP REDIRECT packets.
1265Note that
1266the log messages are not rate-limited, so this option should only be used
1267for troubleshooting networks.
1268Refer to
1269.Xr icmp 4
1270for more information.
1271.It Va icmp_bmcastecho
1272.Pq Vt bool
1273Set to
1274.Dq Li YES
1275to respond to broadcast or multicast ICMP ping packets.
1276Refer to
1277.Xr icmp 4
1278for more information.
1279.It Va ip_portrange_first
1280.Pq Vt int
1281If not set to
1282.Dq Li NO ,
1283this is the first port in the default portrange.
1284Refer to
1285.Xr ip 4
1286for more information.
1287.It Va ip_portrange_last
1288.Pq Vt int
1289If not set to
1290.Dq Li NO ,
1291this is the last port in the default portrange.
1292Refer to
1293.Xr ip 4
1294for more information.
1295.It Va network_interfaces
1296.Pq Vt str
1297Set to the list of network interfaces to configure on this host or
1298.Dq Li AUTO
1299(the default) for all current interfaces.
1300Setting the
1301.Va network_interfaces
1302variable to anything other than the default is deprecated.
1303Interfaces that the administrator wishes to store configuration for,
1304but not start at boot should be configured with the
1305.Dq Li NOAUTO
1306keyword in their
1307.Va ifconfig_ Ns Aq Ar interface
1308variables as described below.
1309.Pp
1310An
1311.Va ifconfig_ Ns Aq Ar interface
1312variable is also assumed to exist for each value of
1313.Ar interface .
1314When an interface name contains any of the characters
1315.Dq Li .-/+
1316they are translated to
1317.Dq Li _
1318before lookup.
1319The variable can contain arguments to
1320.Xr ifconfig 8 ,
1321as well as special case-insensitive keywords described below.
1322Such keywords are removed before passing the value to
1323.Xr ifconfig 8
1324while the order of the other arguments is preserved.
1325.Pp
1326It is possible to add IP alias entries using
1327.Xr ifconfig 8
1328syntax with the address family keyword such as
1329.Li inet .
1330Assuming that the interface in question was
1331.Li em0 ,
1332it might look something like this:
1333.Bd -literal
1334ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1335ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1336.Ed
1337.Pp
1338It also possible to configure multiple IP addresses in Classless
1339Inter-Domain Routing
1340.Pq CIDR
1341address notation,
1342whose each address component can be a range like
1343.Li inet 192.0.2.5-23/24
1344or
1345.Li inet6 2001:db8:1-f::1/64 .
1346This notation allows address and prefix length part only,
1347not the other address modifiers.
1348Note that the maximum number of the generated addresses from a range
1349specification is limited to an integer value specified in
1350.Va netif_ipexpand_max
1351in
1352.Nm
1353because a small typo can unexpectedly generate a large number of addresses.
1354The default value is
1355.Li 2048 .
1356It can be increased by adding the following line into
1357.Nm :
1358.Bd -literal
1359netif_ipexpand_max="4096"
1360.Ed
1361.Pp
1362In the case of
1363.Li 192.0.2.5-23/24 ,
1364the address 192.0.2.5 will be configured with the
1365netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1366the non-conflicting netmask /32 as explained in the
1367.Xr ifconfig 8
1368alias section.
1369Note that this special netmask handling is only for
1370.Li inet ,
1371not for the other address families such as
1372.Li inet6 .
1373.Pp
1374With the interface in question being
1375.Li em0 ,
1376an example could look like:
1377.Bd -literal
1378ifconfig_em0_alias2="inet 192.0.2.129/27"
1379ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1380.Ed
1381.Pp
1382and so on.
1383.Pp
1384Note that deprecated
1385.Va ipv4_addrs_ Ns Aq Ar interface
1386variable was supported for IPv4 CIDR address notation.
1387The
1388.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1389variable replaces it, though
1390.Va ipv4_addrs_ Ns Aq Ar interface
1391is still supported for backward compatibility.
1392.Pp
1393For each
1394.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1395entry with an address family keyword,
1396its contents are passed to
1397.Xr ifconfig 8 .
1398Execution stops at the first unsuccessful access, so if
1399something like this is present:
1400.Bd -literal
1401ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1402ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1403ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1404ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1405.Ed
1406.Pp
1407Then note that alias4 would
1408.Em not
1409be added since the search would
1410stop with the missing
1411.Dq Li alias3
1412entry.
1413Because of this difficult to manage behavior,
1414there is
1415.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1416variable, which has the same functionality as
1417.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1418and can have all of entries in a variable like the following:
1419.Bd -literal
1420ifconfig_em0_aliases="\\
1421	inet 127.0.0.251 netmask 0xffffffff \\
1422	inet 127.0.0.252 netmask 0xffffffff \\
1423	inet 127.0.0.253 netmask 0xffffffff \\
1424	inet 127.0.0.254 netmask 0xffffffff"
1425.Ed
1426.Pp
1427It also supports CIDR notation.
1428.Pp
1429If the
1430.Pa /etc/start_if . Ns Aq Ar interface
1431file is present, it is read and executed by the
1432.Xr sh 1
1433interpreter
1434before configuring the interface as specified in the
1435.Va ifconfig_ Ns Aq Ar interface
1436and
1437.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1438variables.
1439.Pp
1440If a
1441.Va vlans_ Ns Aq Ar interface
1442variable is set,
1443a
1444.Xr vlan 4
1445interface will be created for each item in the list with the
1446.Ar vlandev
1447argument set to
1448.Ar interface .
1449If a vlan interface's name is a number,
1450then that number is used as the vlan tag and the new vlan interface is
1451named
1452.Ar interface . Ns Ar tag .
1453Otherwise,
1454the vlan tag must be specified via a
1455.Va vlan
1456parameter in the
1457.Va create_args_ Ns Aq Ar interface
1458variable.
1459.Pp
1460To create a vlan device named
1461.Li em0.101
1462on
1463.Li em0
1464with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24:
1465.Bd -literal
1466vlans_em0="101"
1467ifconfig_em0_101="inet 192.0.2.1/24"
1468.Ed
1469.Pp
1470To create a vlan device named
1471.Li myvlan
1472on
1473.Li em0
1474with the vlan tag 102:
1475.Bd -literal
1476vlans_em0="myvlan"
1477create_args_myvlan="vlan 102"
1478.Ed
1479.Pp
1480If a
1481.Va wlans_ Ns Aq Ar interface
1482variable is set,
1483an
1484.Xr wlan 4
1485interface will be created for each item in the list with the
1486.Ar wlandev
1487argument set to
1488.Ar interface .
1489Further wlan cloning arguments may be passed to the
1490.Xr ifconfig 8
1491.Cm create
1492command by setting the
1493.Va create_args_ Ns Aq Ar interface
1494variable.
1495One or more
1496.Xr wlan 4
1497devices must be created for each wireless devices as of
1498.Fx 8.0 .
1499Debugging flags for
1500.Xr wlan 4
1501devices as set by
1502.Xr wlandebug 8
1503may be specified with an
1504.Va wlandebug_ Ns Aq Ar interface
1505variable.
1506The contents of this variable will be passed directly to
1507.Xr wlandebug 8 .
1508.Pp
1509If the
1510.Va ifconfig_ Ns Aq Ar interface
1511contains the keyword
1512.Dq Li NOAUTO
1513then the interface will not be configured
1514at boot or by
1515.Pa /etc/pccard_ether
1516when
1517.Va network_interfaces
1518is set to
1519.Dq Li AUTO .
1520.Pp
1521It is possible to bring up an interface with DHCP by adding
1522.Dq Li DHCP
1523to the
1524.Va ifconfig_ Ns Aq Ar interface
1525variable.
1526For instance, to initialize the
1527.Li em0
1528device via DHCP,
1529it is possible to use something like:
1530.Bd -literal
1531ifconfig_em0="DHCP"
1532.Ed
1533.Pp
1534If you want to configure your wireless interface with
1535.Xr wpa_supplicant 8
1536for use with WPA, EAP/LEAP or WEP, you need to add
1537.Dq Li WPA
1538to the
1539.Va ifconfig_ Ns Aq Ar interface
1540variable.
1541.Pp
1542On the other hand, if you want to configure your wireless interface with
1543.Xr hostapd 8 ,
1544you need to add
1545.Dq Li HOSTAP
1546to the
1547.Va ifconfig_ Ns Aq Ar interface
1548variable.
1549.Xr hostapd 8
1550will use the settings from
1551.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1552.Pp
1553Finally, you can add
1554.Xr ifconfig 8
1555options in this variable, in addition to the
1556.Pa /etc/start_if . Ns Aq Ar interface
1557file.
1558For instance, to configure an
1559.Xr ath 4
1560wireless device in station mode with an address obtained
1561via DHCP, using WPA authentication and 802.11b mode, it is
1562possible to use something like:
1563.Bd -literal
1564wlans_ath0="wlan0"
1565ifconfig_wlan0="DHCP WPA mode 11b"
1566.Ed
1567.Pp
1568In addition to the
1569.Va ifconfig_ Ns Aq Ar interface
1570form, a fallback variable
1571.Va ifconfig_DEFAULT
1572may be configured.
1573It will be used for all interfaces with no
1574.Va ifconfig_ Ns Aq Ar interface
1575variable.
1576This is intended to replace the no longer supported
1577.Va pccard_ifconfig
1578variable.
1579.Pp
1580It is also possible to rename an interface by doing:
1581.Bd -literal
1582ifconfig_em0_name="net0"
1583ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1584.Ed
1585.It Va ipv6_enable
1586.Pq Vt bool
1587This variable is deprecated.
1588Use
1589.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1590and
1591.Va ipv6_activate_all_interfaces
1592if necessary.
1593.Pp
1594If the variable is
1595.Dq Li YES ,
1596.Dq Li inet6 accept_rtadv
1597is added to all of
1598.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1599and the
1600.Va ipv6_activate_all_interfaces
1601is defined as
1602.Dq Li YES .
1603.It Va ipv6_prefer
1604.Pq Vt bool
1605This variable is deprecated.
1606Use
1607.Va ip6addrctl_policy
1608instead.
1609.Pp
1610If the variable is
1611.Dq Li YES ,
1612the default address selection policy table set by
1613.Xr ip6addrctl 8
1614will be IPv6-preferred.
1615.Pp
1616If the variable is
1617.Dq Li NO ,
1618the default address selection policy table set by
1619.Xr ip6addrctl 8
1620will be IPv4-preferred.
1621.It Va ipv6_activate_all_interfaces
1622.Pq Vt bool
1623This controls initial configuration on IPv6-capable
1624interfaces with no corresponding
1625.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1626variable.
1627Note that it is not always necessary to set this variable to
1628.Dq YES
1629to use IPv6 functionality on
1630.Fx .
1631In most cases, just configuring
1632.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1633variables works.
1634.Pp
1635If the variable is
1636.Dq Li NO ,
1637all interfaces which do not have a corresponding
1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1639variable will be marked as
1640.Dq Li IFDISABLED
1641at creation.
1642This means that all of IPv6 functionality on that interface
1643is completely disabled to enforce a security policy.
1644If the variable is set to
1645.Dq YES ,
1646the flag will be cleared on all of the interfaces.
1647.Pp
1648In most cases, just defining an
1649.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1650for an IPv6-capable interface should be sufficient.
1651However, if an interface is added dynamically
1652.Pq by some tunneling protocols such as PPP, for example ,
1653it is often difficult to define the variable in advance.
1654In such a case, configuring the
1655.Dq Li IFDISABLED
1656flag can be disabled by setting this variable to
1657.Dq YES .
1658.Pp
1659For more details of the
1660.Dq Li IFDISABLED
1661flag and keywords
1662.Dq Li inet6 ifdisabled ,
1663see
1664.Xr ifconfig 8 .
1665.Pp
1666Default is
1667.Dq Li NO .
1668.It Va ipv6_privacy
1669.Pq Vt bool
1670If the variable is
1671.Dq Li YES
1672privacy addresses will be generated for each IPv6
1673interface as described in RFC 4941.
1674.It Va ipv6_network_interfaces
1675.Pq Vt str
1676This is the IPv6 equivalent of
1677.Va network_interfaces .
1678Normally manual configuration of this variable is not needed.
1679.It Va ipv6_cpe_wanif
1680.Pq Vt str
1681If the variable is set to an interface name,
1682the
1683.Xr ifconfig 8
1684options
1685.Dq inet6 -no_radr accept_rtadv
1686will be added to the specified interface automatically before evaluating
1687.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1688and two
1689.Xr sysctl 8
1690variables
1691.Va net.inet6.ip6.rfc6204w3
1692and
1693.Va net.inet6.ip6.no_radr
1694will be set to 1.
1695.Pp
1696This means the specified interface will accept ICMPv6 Router
1697Advertisement messages on that link and add the discovered
1698routers into the Default Router List.
1699While the other interfaces can still accept RA messages if the
1700.Dq inet6 accept_rtadv
1701option is specified, adding
1702routes into the Default Router List will be disabled by
1703.Dq inet6 no_radr
1704option by default.
1705See
1706.Xr ifconfig 8
1707for more details.
1708.Pp
1709Note that ICMPv6 Router Advertisement messages will be
1710accepted even when
1711.Va net.inet6.ip6.forwarding
1712is 1
1713.Pq packet forwarding is enabled
1714when
1715.Va net.inet6.ip6.rfc6204w3
1716is set to 1.
1717.Pp
1718Default is
1719.Dq Li NO .
1720.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1721.Pq Vt str
1722This assigns arbitrary description to an interface.
1723The
1724.Xr sysctl 8
1725variable
1726.Va net.ifdescr_maxlen
1727limits its length.
1728This static setting may be overridden by commands
1729started with dynamic interface configuration utilities
1730like
1731.Xr dhclient 8
1732hooks.
1733The description can be seen with
1734.Xr ifconfig 8
1735command and it may be exported with
1736.Xr bsnmpd 1
1737daemon using its MIB-2 module.
1738.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1739.Pq Vt str
1740IPv6 functionality on an interface should be configured by
1741.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1742instead of setting ifconfig parameters in
1743.Va ifconfig_ Ns Aq Ar interface .
1744If this variable is empty, all of IPv6 configurations on the
1745specified interface by other variables such as
1746.Va ipv6_prefix_ Ns Ao Ar interface Ac
1747will be ignored.
1748.Pp
1749Aliases should be set by
1750.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1751with
1752.Dq Li inet6
1753keyword.
1754For example:
1755.Bd -literal
1756ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1757ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1758.Ed
1759.Pp
1760Interfaces that have an
1761.Dq Li inet6 accept_rtadv
1762keyword in
1763.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1764setting will be automatically configured by SLAAC
1765.Pq StateLess Address AutoConfiguration
1766described in
1767.Rs
1768.%T "RFC 4862"
1769.Re
1770.Pp
1771Note that a link-local address will be automatically configured in
1772addition to the configured global-scope addresses because the IPv6
1773specifications require it on each link.
1774The address is calculated from the MAC address by using an algorithm
1775defined in
1776.Rs
1777.%T "RFC 4862"
1778.%O "Section 5.3"
1779.Re
1780.Pp
1781If only a link-local address is needed on the interface,
1782the following configuration can be used:
1783.Bd -literal
1784ifconfig_em0_ipv6="inet6 auto_linklocal"
1785.Ed
1786.Pp
1787A link-local address can also be configured manually.
1788This is useful for the default router address of an IPv6 router
1789so that it does not change when the network interface
1790card is replaced.
1791For example:
1792.Bd -literal
1793ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1794.Ed
1795.It Va ipv6_prefix_ Ns Aq Ar interface
1796.Pq Vt str
1797If one or more prefixes are defined in
1798.Va ipv6_prefix_ Ns Aq Ar interface
1799addresses based on each prefix and the EUI-64 interface index will be
1800configured on that interface.
1801Note that this variable will be ignored when
1802.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1803is empty.
1804.Pp
1805For example, the following configuration
1806.Bd -literal
1807ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1808.Ed
1809.Pp
1810is equivalent to the following:
1811.Bd -literal
1812ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1813ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1814ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1815ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1816.Ed
1817.Pp
1818These Subnet-Router anycast addresses will be added only when
1819.Va ipv6_gateway_enable
1820is YES.
1821.It Va ipv6_default_interface
1822.Pq Vt str
1823If not set to
1824.Dq Li NO ,
1825this is the default output interface for scoped addresses.
1826This works only with ipv6_gateway_enable="NO".
1827.It Va ip6addrctl_enable
1828.Pq Vt bool
1829This variable is to enable configuring default address selection policy table
1830.Pq RFC 3484 .
1831The table can be specified in another variable
1832.Va ip6addrctl_policy .
1833For
1834.Va ip6addrctl_policy
1835the following keywords can be specified:
1836.Dq Li ipv4_prefer ,
1837.Dq Li ipv6_prefer ,
1838or
1839.Dq Li AUTO .
1840.Pp
1841If
1842.Dq Li ipv4_prefer
1843or
1844.Dq Li ipv6_prefer
1845is specified,
1846.Xr ip6addrctl 8
1847installs a pre-defined policy table described in Section 10.3
1848.Pq IPv4-preferred
1849or 2.1
1850.Pq IPv6-preferred
1851of RFC 3484.
1852.Pp
1853If
1854.Dq Li AUTO
1855is specified, it attempts to read a file
1856.Pa /etc/ip6addrctl.conf
1857first.
1858If this file is found,
1859.Xr ip6addrctl 8
1860reads and installs it.
1861If not found, a policy is automatically set
1862according to
1863.Va ipv6_activate_all_interfaces
1864variable; if the variable is set to
1865.Dq Li YES
1866the IPv6-preferred one is used.
1867Otherwise IPv4-preferred.
1868.Pp
1869The default value of
1870.Va ip6addrctl_enable
1871and
1872.Va ip6addrctl_policy
1873are
1874.Dq Li YES
1875and
1876.Dq Li AUTO ,
1877respectively.
1878.It Va cloned_interfaces
1879.Pq Vt str
1880Set to the list of clonable network interfaces to create on this host.
1881Further cloning arguments may be passed to the
1882.Xr ifconfig 8
1883.Cm create
1884command for each interface by setting the
1885.Va create_args_ Ns Aq Ar interface
1886variable.
1887If an interface name is specified with
1888.Dq :sticky
1889keyword,
1890the interface will not be destroyed even when
1891.Pa rc.d/netif
1892script is invoked with
1893.Dq stop
1894argument.
1895This is useful when reconfiguring the interface without destroying it.
1896Entries in
1897.Va cloned_interfaces
1898are automatically appended to
1899.Va network_interfaces
1900for configuration.
1901.It Va cloned_interfaces_sticky
1902.Pq Vt bool
1903This variable is to globally enable functionality of
1904.Dq :sticky
1905keyword in
1906.Va cloned_interfaces
1907for all interfaces.
1908The default value is
1909.Dq NO .
1910Even if this variable is specified to
1911.Dq YES ,
1912.Dq :nosticky
1913keyword can be used to override it on per interface basis.
1914.It Va gif_interfaces
1915Set to the list of
1916.Xr gif 4
1917tunnel interfaces to configure on this host.
1918A
1919.Va gifconfig_ Ns Aq Ar interface
1920variable is assumed to exist for each value of
1921.Ar interface .
1922The value of this variable is used to configure the link layer of the
1923tunnel using the
1924.Cm tunnel
1925option to
1926.Xr ifconfig 8 .
1927Additionally, this option ensures that each listed interface is created
1928via the
1929.Cm create
1930option to
1931.Xr ifconfig 8
1932before attempting to configure it.
1933.Pp
1934For example, configure two
1935.Xr gif 4
1936interfaces with:
1937.Bd -literal
1938gif_interfaces="gif0 gif1"
1939gifconfig_gif0="100.64.0.1 100.64.0.2"
1940ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
1941gifconfig_gif1="inet6 2a00::1 2a01::1"
1942ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
1943.Ed
1944.It Va ppp_enable
1945.Pq Vt bool
1946If set to
1947.Dq Li YES ,
1948run the
1949.Xr ppp 8
1950daemon.
1951.It Va ppp_profile
1952.Pq Vt str
1953The name of the profile to use from
1954.Pa /etc/ppp/ppp.conf .
1955Also used for per-profile overrides of
1956.Va ppp_mode
1957and
1958.Va ppp_nat ,
1959and
1960.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
1961When the profile name contains any of the characters
1962.Dq Li .-/+
1963they are translated to
1964.Dq Li _
1965for the proposes of the override variable names.
1966.It Va ppp_mode
1967.Pq Vt str
1968Mode in which to run the
1969.Xr ppp 8
1970daemon.
1971.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
1972.Pq Vt str
1973Overrides the global
1974.Va ppp_mode
1975for
1976.Ar profile .
1977Accepted modes are
1978.Dq Li auto ,
1979.Dq Li ddial ,
1980.Dq Li direct
1981and
1982.Dq Li dedicated .
1983See the manual for a full description.
1984.It Va ppp_nat
1985.Pq Vt bool
1986If set to
1987.Dq Li YES ,
1988enables network address translation.
1989Used in conjunction with
1990.Va gateway_enable
1991allows hosts on private network addresses access to the Internet using
1992this host as a network address translating router.
1993Default is
1994.Dq Li YES .
1995.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
1996.Pq Vt str
1997Overrides the global
1998.Va ppp_nat
1999for
2000.Ar profile .
2001.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
2002.Pq Vt int
2003Set the unit number to be used for this profile.
2004See the manual description of
2005.Fl unit Ns Ar N
2006for details.
2007.It Va ppp_user
2008.Pq Vt str
2009The name of the user under which
2010.Xr ppp 8
2011should be started.
2012By
2013default,
2014.Xr ppp 8
2015is started as
2016.Dq Li root .
2017.It Va rc_conf_files
2018.Pq Vt str
2019This option is used to specify a list of files that will override
2020the settings in
2021.Pa /etc/defaults/rc.conf .
2022The files will be read in the order in which they are specified and should
2023include the full path to the file.
2024By default, the files specified are
2025.Pa /etc/rc.conf
2026and
2027.Pa /etc/rc.conf.local
2028.It Va zfs_enable
2029.Pq Vt bool
2030If set to
2031.Dq Li YES ,
2032.Pa /etc/rc.d/zfs
2033will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2034(ZVOLs).
2035.It Va gptboot_enable
2036.Pq Vt bool
2037If set to
2038.Dq Li YES ,
2039.Pa /etc/rc.d/gptboot
2040will log if the system successfully (or not) booted from a GPT partition,
2041which had the
2042.Ar bootonce
2043attribute set using
2044.Xr gpart 8
2045utility.
2046.It Va gbde_autoattach_all
2047.Pq Vt bool
2048If set to
2049.Dq Li YES ,
2050.Pa /etc/rc.d/gbde
2051will attempt to automatically initialize your .bde devices in
2052.Pa /etc/fstab .
2053.It Va gbde_devices
2054.Pq Vt str
2055List the devices that the script should try to attach,
2056or
2057.Dq Li AUTO .
2058.It Va gbde_lockdir
2059.Pq Vt str
2060The directory where the
2061.Xr gbde 4
2062lockfiles are located.
2063The default lockfile directory is
2064.Pa /etc .
2065.Pp
2066The lockfile for each individual
2067.Xr gbde 4
2068device can be overridden by setting the variable
2069.Va gbde_lock_ Ns Aq Ar device ,
2070where
2071.Ar device
2072is the encrypted device without the
2073.Dq Pa /dev/
2074and
2075.Dq Pa .bde
2076parts.
2077.It Va gbde_attach_attempts
2078.Pq Vt int
2079Number of times to attempt attaching to a
2080.Xr gbde 4
2081device, i.e., how many times the user is asked for the pass-phrase.
2082Default is 3.
2083.It Va geli_devices
2084.Pq Vt str
2085List of devices to automatically attach on boot.
2086Note that .eli devices from
2087.Pa /etc/fstab
2088are automatically appended to this list.
2089.It Va geli_groups
2090.Pq Vt str
2091List of groups containing devices to automatically attach on boot with the same
2092keyfiles and passphrase.
2093This must be accompanied with a corresponding
2094.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2095variable.
2096.It Va geli_tries
2097.Pq Vt int
2098Number of times user is asked for the pass-phrase.
2099If empty, it will be taken from
2100.Va kern.geom.eli.tries
2101sysctl variable.
2102.It Va geli_default_flags
2103.Pq Vt str
2104Default flags to use by
2105.Xr geli 8
2106when configuring disk encryption.
2107Flags can be configured for every device separately by defining the
2108.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2109variable, and for every group separately by defining the
2110.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2111variable.
2112.It Va geli_autodetach
2113.Pq Vt str
2114Specifies if GELI devices should be marked for detach on last close after
2115file systems are mounted.
2116Default is
2117.Dq Li YES .
2118This can be changed for every device separately by defining the
2119.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2120variable.
2121.It Va root_rw_mount
2122.Pq Vt bool
2123Set to
2124.Dq Li YES
2125by default.
2126After the file systems are checked at boot time, the root file system
2127is remounted as read-write if this is set to
2128.Dq Li YES .
2129Diskless systems that mount their root file system from a read-only remote
2130NFS share should set this to
2131.Dq Li NO
2132in their
2133.Pa rc.conf .
2134.It Va fsck_y_enable
2135.Pq Vt bool
2136If set to
2137.Dq Li YES ,
2138.Xr fsck 8
2139will be run with the
2140.Fl y
2141flag if the initial preen
2142of the file systems fails.
2143.It Va background_fsck
2144.Pq Vt bool
2145If set to
2146.Dq Li NO ,
2147the system will not attempt to run
2148.Xr fsck 8
2149in the background where possible.
2150.It Va background_fsck_delay
2151.Pq Vt int
2152The amount of time in seconds to sleep before starting a background
2153.Xr fsck 8 .
2154It defaults to sixty seconds to allow large applications such as
2155the X server to start before disk I/O bandwidth is monopolized by
2156.Xr fsck 8 .
2157If set to a negative number, the background file system check will be
2158delayed indefinitely to allow the administrator to run it at a more
2159convenient time.
2160For example it may be run from
2161.Xr cron 8
2162by adding a line like
2163.Pp
2164.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2165.Pp
2166to
2167.Pa /etc/crontab .
2168.It Va netfs_types
2169.Pq Vt str
2170List of file system types that are network-based.
2171This list should generally not be modified by end users.
2172Use
2173.Va extra_netfs_types
2174instead.
2175.It Va extra_netfs_types
2176.Pq Vt str
2177If set to something other than
2178.Dq Li NO
2179(the default),
2180this variable extends the list of file system types
2181for which automatic mounting at startup by
2182.Xr rc 8
2183should be delayed until the network is initialized.
2184It should contain
2185a whitespace-separated list of network file system descriptor pairs,
2186each consisting of a file system type as passed to
2187.Xr mount 8
2188and a human-readable, one-word description,
2189joined with a colon
2190.Pq Ql \&: .
2191Extending the default list in this way is only necessary
2192when third party file system types are used.
2193.It Va syslogd_enable
2194.Pq Vt bool
2195If set to
2196.Dq Li YES ,
2197run the
2198.Xr syslogd 8
2199daemon.
2200.It Va syslogd_program
2201.Pq Vt str
2202Path to
2203.Xr syslogd 8
2204(default
2205.Pa /usr/sbin/syslogd ) .
2206.It Va syslogd_flags
2207.Pq Vt str
2208If
2209.Va syslogd_enable
2210is set to
2211.Dq Li YES ,
2212these are the flags to pass to
2213.Xr syslogd 8 .
2214.It Va inetd_enable
2215.Pq Vt bool
2216If set to
2217.Dq Li YES ,
2218run the
2219.Xr inetd 8
2220daemon.
2221.It Va inetd_program
2222.Pq Vt str
2223Path to
2224.Xr inetd 8
2225(default
2226.Pa /usr/sbin/inetd ) .
2227.It Va inetd_flags
2228.Pq Vt str
2229If
2230.Va inetd_enable
2231is set to
2232.Dq Li YES ,
2233these are the flags to pass to
2234.Xr inetd 8 .
2235.It Va hastd_enable
2236.Pq Vt bool
2237If set to
2238.Dq Li YES ,
2239run the
2240.Xr hastd 8
2241daemon.
2242.It Va hastd_program
2243.Pq Vt str
2244Path to
2245.Xr hastd 8
2246(default
2247.Pa /sbin/hastd ) .
2248.It Va hastd_flags
2249.Pq Vt str
2250If
2251.Va hastd_enable
2252is set to
2253.Dq Li YES ,
2254these are the flags to pass to
2255.Xr hastd 8 .
2256.It Va local_unbound_enable
2257.Pq Vt bool
2258If set to
2259.Dq Li YES ,
2260run the
2261.Xr unbound 8
2262daemon as a local caching resolver.
2263.It Va kdc_enable
2264.Pq Vt bool
2265Set to
2266.Dq Li YES
2267to start a Kerberos 5 authentication server
2268at boot time.
2269.It Va kdc_program
2270.Pq Vt str
2271If
2272.Va kdc_enable
2273is set to
2274.Dq Li YES
2275this is the path to Kerberos 5 Authentication Server.
2276.It Va kdc_flags
2277.Pq Vt str
2278Empty by default.
2279This variable contains additional flags to be passed to the Kerberos 5
2280authentication server.
2281.It Va kadmind_enable
2282.Pq Vt bool
2283Set to
2284.Dq Li YES
2285to start
2286.Xr kadmind 8 ,
2287the Kerberos 5 Administration Daemon; set to
2288.Dq Li NO
2289on a slave server.
2290.It Va kadmind_program
2291.Pq Vt str
2292If
2293.Va kadmind_enable
2294is set to
2295.Dq Li YES
2296this is the path to Kerberos 5 Administration Daemon.
2297.It Va kpasswdd_enable
2298.Pq Vt bool
2299Set to
2300.Dq Li YES
2301to start
2302.Xr kpasswdd 8 ,
2303the Kerberos 5 Password-Changing Daemon; set to
2304.Dq Li NO
2305on a slave server.
2306.It Va kpasswdd_program
2307.Pq Vt str
2308If
2309.Va kpasswdd_enable
2310is set to
2311.Dq Li YES
2312this is the path to Kerberos 5 Password-Changing Daemon.
2313.It Va kfd_enable
2314.Pq Vt bool
2315Set to
2316.Dq Li YES
2317to start
2318.Xr kfd 8 ,
2319the Kerberos 5 ticket forwarding daemon, at the boot time.
2320.It Va kfd_program
2321.Pq Vt str
2322Path to
2323.Xr kfd 8
2324(default
2325.Pa /usr/libexec/kfd ) .
2326.It Va rwhod_enable
2327.Pq Vt bool
2328If set to
2329.Dq Li YES ,
2330run the
2331.Xr rwhod 8
2332daemon at boot time.
2333.It Va rwhod_flags
2334.Pq Vt str
2335If
2336.Va rwhod_enable
2337is set to
2338.Dq Li YES ,
2339these are the flags to pass to it.
2340.It Va update_motd
2341.Pq Vt bool
2342If set to
2343.Dq Li YES ,
2344.Pa /etc/motd
2345will be updated at boot time to reflect the kernel release
2346being run.
2347If set to
2348.Dq Li NO ,
2349.Pa /etc/motd
2350will not be updated.
2351.It Va nfs_client_enable
2352.Pq Vt bool
2353If set to
2354.Dq Li YES ,
2355run the NFS client daemons at boot time.
2356.It Va nfs_access_cache
2357.Pq Vt int
2358If
2359.Va nfs_client_enable
2360is set to
2361.Dq Li YES ,
2362this can be set to
2363.Dq Li 0
2364to disable NFS ACCESS RPC caching, or to the number of seconds for which
2365NFS ACCESS
2366results should be cached.
2367A value of 2-10 seconds will substantially reduce network
2368traffic for many NFS operations.
2369.It Va nfs_server_enable
2370.Pq Vt bool
2371If set to
2372.Dq Li YES ,
2373run the NFS server daemons at boot time.
2374.It Va nfs_server_flags
2375.Pq Vt str
2376If
2377.Va nfs_server_enable
2378is set to
2379.Dq Li YES ,
2380these are the flags to pass to the
2381.Xr nfsd 8
2382daemon.
2383.It Va nfsv4_server_enable
2384.Pq Vt bool
2385If
2386.Va nfs_server_enable
2387is set to
2388.Dq Li YES
2389and
2390.Va nfsv4_server_enable
2391are set to
2392.Dq Li YES ,
2393enable the server for NFSv4 as well as NFSv2 and NFSv3.
2394.It Va nfsuserd_enable
2395.Pq Vt bool
2396If
2397.Va nfsuserd_enable
2398is set to
2399.Dq Li YES ,
2400run the nfsuserd daemon, which is needed for NFSv4 in order
2401to map between user/group names vs uid/gid numbers.
2402If
2403.Va nfsv4_server_enable
2404is set to
2405.Dq Li YES ,
2406this will be forced enabled.
2407.It Va nfsuserd_flags
2408.Pq Vt str
2409If
2410.Va nfsuserd_enable
2411is set to
2412.Dq Li YES ,
2413these are the flags to pass to the
2414.Xr nfsuserd 8
2415daemon.
2416.It Va nfscbd_enable
2417.Pq Vt bool
2418If
2419.Va nfscbd_enable
2420is set to
2421.Dq Li YES ,
2422run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2423.It Va nfscbd_flags
2424.Pq Vt str
2425If
2426.Va nfscbd_enable
2427is set to
2428.Dq Li YES ,
2429these are the flags to pass to the
2430.Xr nfscbd 8
2431daemon.
2432.It Va mountd_enable
2433.Pq Vt bool
2434If set to
2435.Dq Li YES ,
2436and no
2437.Va nfs_server_enable
2438is set, start
2439.Xr mountd 8 ,
2440but not
2441.Xr nfsd 8
2442daemon.
2443It is commonly needed to run CFS without real NFS used.
2444.It Va mountd_flags
2445.Pq Vt str
2446If
2447.Va mountd_enable
2448is set to
2449.Dq Li YES ,
2450these are the flags to pass to the
2451.Xr mountd 8
2452daemon.
2453.It Va weak_mountd_authentication
2454.Pq Vt bool
2455If set to
2456.Dq Li YES ,
2457allow services like PCNFSD to make non-privileged mount
2458requests.
2459.It Va nfs_reserved_port_only
2460.Pq Vt bool
2461If set to
2462.Dq Li YES ,
2463provide NFS services only on a secure port.
2464.It Va nfs_bufpackets
2465.Pq Vt int
2466If set to a number, indicates the number of packets worth of
2467socket buffer space to reserve on an NFS client.
2468The kernel default is typically 4.
2469Using a higher number may be
2470useful on gigabit networks to improve performance.
2471The minimum value is
24722 and the maximum is 64.
2473.It Va rpc_lockd_enable
2474.Pq Vt bool
2475If set to
2476.Dq Li YES
2477and also an NFS server or client, run
2478.Xr rpc.lockd 8
2479at boot time.
2480.It Va rpc_lockd_flags
2481.Pq Vt str
2482If
2483.Va rpc_lockd_enable
2484is set to
2485.Dq Li YES ,
2486these are the flags to pass to the
2487.Xr rpc.lockd 8
2488daemon.
2489.It Va rpc_statd_enable
2490.Pq Vt bool
2491If set to
2492.Dq Li YES
2493and also an NFS server or client, run
2494.Xr rpc.statd 8
2495at boot time.
2496.It Va rpc_statd_flags
2497.Pq Vt str
2498If
2499.Va rpc_statd_enable
2500is set to
2501.Dq Li YES ,
2502these are the flags to pass to the
2503.Xr rpc.statd 8
2504daemon.
2505.It Va rpcbind_program
2506.Pq Vt str
2507Path to
2508.Xr rpcbind 8
2509(default
2510.Pa /usr/sbin/rpcbind ) .
2511.It Va rpcbind_enable
2512.Pq Vt bool
2513If set to
2514.Dq Li YES ,
2515run the
2516.Xr rpcbind 8
2517service at boot time.
2518.It Va rpcbind_flags
2519.Pq Vt str
2520If
2521.Va rpcbind_enable
2522is set to
2523.Dq Li YES ,
2524these are the flags to pass to the
2525.Xr rpcbind 8
2526daemon.
2527.It Va keyserv_enable
2528.Pq Vt bool
2529If set to
2530.Dq Li YES ,
2531run the
2532.Xr keyserv 8
2533daemon on boot for running Secure RPC.
2534.It Va keyserv_flags
2535.Pq Vt str
2536If
2537.Va keyserv_enable
2538is set to
2539.Dq Li YES ,
2540these are the flags to pass to
2541.Xr keyserv 8
2542daemon.
2543.It Va pppoed_enable
2544.Pq Vt bool
2545If set to
2546.Dq Li YES ,
2547run the
2548.Xr pppoed 8
2549daemon at boot time to provide PPP over Ethernet services.
2550.It Va pppoed_ Ns Aq Ar provider
2551.Pq Vt str
2552.Xr pppoed 8
2553listens to requests to this
2554.Ar provider
2555and ultimately runs
2556.Xr ppp 8
2557with a
2558.Ar system
2559argument of the same name.
2560.It Va pppoed_flags
2561.Pq Vt str
2562Additional flags to pass to
2563.Xr pppoed 8 .
2564.It Va pppoed_interface
2565.Pq Vt str
2566The network interface to run
2567.Xr pppoed 8
2568on.
2569This is mandatory when
2570.Va pppoed_enable
2571is set to
2572.Dq Li YES .
2573.It Va ntpdate_enable
2574.Pq Vt bool
2575If set to
2576.Dq Li YES ,
2577run
2578.Xr ntpdate 8
2579at system startup.
2580This command is intended to
2581synchronize the system clock only
2582.Em once
2583from some standard reference.
2584.Pp
2585Note that the use of the
2586.Va ntpd_sync_on_start
2587variable is a preferred alternative to the
2588.Xr ntpdate 8
2589utility as
2590.Xr ntpdate 8
2591is to be retired from the NTP distribution.
2592.It Va ntpdate_config
2593.Pq Vt str
2594Configuration file for
2595.Xr ntpdate 8 .
2596Default
2597.Pa /etc/ntp.conf .
2598.It Va ntpdate_hosts
2599.Pq Vt str
2600A whitespace-separated list of NTP servers to synchronize with at startup.
2601The default is to use the servers listed in
2602.Va ntpdate_config ,
2603if that file exists.
2604.It Va ntpdate_program
2605.Pq Vt str
2606Path to
2607.Xr ntpdate 8
2608(default
2609.Pa /usr/sbin/ntpdate ) .
2610.It Va ntpdate_flags
2611.Pq Vt str
2612If
2613.Va ntpdate_enable
2614is set to
2615.Dq Li YES ,
2616these are the flags to pass to the
2617.Xr ntpdate 8
2618command (typically a hostname).
2619.It Va ntpd_enable
2620.Pq Vt bool
2621If set to
2622.Dq Li YES ,
2623run the
2624.Xr ntpd 8
2625command at boot time.
2626.It Va ntpd_program
2627.Pq Vt str
2628Path to
2629.Xr ntpd 8
2630(default
2631.Pa /usr/sbin/ntpd ) .
2632.It Va ntpd_config
2633.Pq Vt str
2634Path to
2635.Xr ntpd 8
2636configuration file.
2637Default
2638.Pa /etc/ntp.conf .
2639.It Va ntpd_flags
2640.Pq Vt str
2641If
2642.Va ntpd_enable
2643is set to
2644.Dq Li YES ,
2645these are the flags to pass to the
2646.Xr ntpd 8
2647daemon.
2648.It Va ntpd_sync_on_start
2649.Pq Vt bool
2650If set to
2651.Dq Li YES ,
2652.Xr ntpd 8
2653is run with the
2654.Fl g
2655flag, which syncs the system's clock on startup.
2656See
2657.Xr ntpd 8
2658for more information regarding the
2659.Fl g
2660option.
2661This is a preferred alternative to using
2662.Xr ntpdate 8
2663or specifying the
2664.Va ntpdate_enable
2665variable.
2666.It Va nis_client_enable
2667.Pq Vt bool
2668If set to
2669.Dq Li YES ,
2670run the
2671.Xr ypbind 8
2672service at system boot time.
2673.It Va nis_client_flags
2674.Pq Vt str
2675If
2676.Va nis_client_enable
2677is set to
2678.Dq Li YES ,
2679these are the flags to pass to the
2680.Xr ypbind 8
2681service.
2682.It Va nis_ypldap_enable
2683.Pq Vt bool
2684If set to
2685.Dq Li YES ,
2686run the
2687.Xr ypldap 8
2688daemon at system boot time.
2689.It Va nis_ypldap_flags
2690.Pq Vt str
2691If
2692.Va nis.ypldap_enable
2693is set to
2694.Dq Li YES ,
2695these are the flags to pass to the
2696.Xr ypldap 8
2697daemon.
2698.It Va nis_ypset_enable
2699.Pq Vt bool
2700If set to
2701.Dq Li YES ,
2702run the
2703.Xr ypset 8
2704daemon at system boot time.
2705.It Va nis_ypset_flags
2706.Pq Vt str
2707If
2708.Va nis_ypset_enable
2709is set to
2710.Dq Li YES ,
2711these are the flags to pass to the
2712.Xr ypset 8
2713daemon.
2714.It Va nis_server_enable
2715.Pq Vt bool
2716If set to
2717.Dq Li YES ,
2718run the
2719.Xr ypserv 8
2720daemon at system boot time.
2721.It Va nis_server_flags
2722.Pq Vt str
2723If
2724.Va nis_server_enable
2725is set to
2726.Dq Li YES ,
2727these are the flags to pass to the
2728.Xr ypserv 8
2729daemon.
2730.It Va nis_ypxfrd_enable
2731.Pq Vt bool
2732If set to
2733.Dq Li YES ,
2734run the
2735.Xr rpc.ypxfrd 8
2736daemon at system boot time.
2737.It Va nis_ypxfrd_flags
2738.Pq Vt str
2739If
2740.Va nis_ypxfrd_enable
2741is set to
2742.Dq Li YES ,
2743these are the flags to pass to the
2744.Xr rpc.ypxfrd 8
2745daemon.
2746.It Va nis_yppasswdd_enable
2747.Pq Vt bool
2748If set to
2749.Dq Li YES ,
2750run the
2751.Xr rpc.yppasswdd 8
2752daemon at system boot time.
2753.It Va nis_yppasswdd_flags
2754.Pq Vt str
2755If
2756.Va nis_yppasswdd_enable
2757is set to
2758.Dq Li YES ,
2759these are the flags to pass to the
2760.Xr rpc.yppasswdd 8
2761daemon.
2762.It Va rpc_ypupdated_enable
2763.Pq Vt bool
2764If set to
2765.Dq Li YES ,
2766run the
2767.Nm rpc.ypupdated
2768daemon at system boot time.
2769.It Va bsnmpd_enable
2770.Pq Vt bool
2771If set to
2772.Dq Li YES ,
2773run the
2774.Xr bsnmpd 1
2775daemon at system boot time.
2776Be sure to understand the security implications of running SNMP daemon
2777on your host.
2778.It Va bsnmpd_flags
2779.Pq Vt str
2780If
2781.Va bsnmpd_enable
2782is set to
2783.Dq Li YES ,
2784these are the flags to pass to the
2785.Xr bsnmpd 1
2786daemon.
2787.It Va defaultrouter
2788.Pq Vt str
2789If not set to
2790.Dq Li NO ,
2791create a default route to this host name or IP address
2792(use an IP address if this router is also required to get to the
2793name server!).
2794.It Va defaultrouter_fibN
2795.Pq Vt str
2796If not set to
2797.Dq Li NO ,
2798create a default route in FIB N to this host name or IP address.
2799.It Va ipv6_defaultrouter
2800.Pq Vt str
2801The IPv6 equivalent of
2802.Va defaultrouter .
2803.It Va ipv6_defaultrouter_fibN
2804.Pq Vt str
2805The IPv6 equivalent of
2806.Va defaultrouter_fibN .
2807.It Va static_arp_pairs
2808.Pq Vt str
2809Set to the list of static ARP pairs that are to be added at system
2810boot time.
2811For each whitespace separated
2812.Ar element
2813in the value, a
2814.Va static_arp_ Ns Aq Ar element
2815variable is assumed to exist whose contents will later be passed to a
2816.Dq Nm arp Cm -S
2817operation.
2818For example
2819.Bd -literal
2820static_arp_pairs="gw"
2821static_arp_gw="192.168.1.1 00:01:02:03:04:05"
2822.Ed
2823.It Va static_ndp_pairs
2824.Pq Vt str
2825Set to the list of static NDP pairs that are to be added at system
2826boot time.
2827For each whitespace separated
2828.Ar element
2829in the value, a
2830.Va static_ndp_ Ns Aq Ar element
2831variable is assumed to exist whose contents will later be passed to a
2832.Dq Nm ndp Cm -s
2833operation.
2834For example
2835.Bd -literal
2836static_ndp_pairs="gw"
2837static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
2838.Ed
2839.It Va static_routes
2840.Pq Vt str
2841Set to the list of static routes that are to be added at system
2842boot time.
2843If not set to
2844.Dq Li NO
2845then for each whitespace separated
2846.Ar element
2847in the value, a
2848.Va route_ Ns Aq Ar element
2849variable is assumed to exist
2850whose contents will later be passed to a
2851.Dq Nm route Cm add
2852operation.
2853For example:
2854.Bd -literal
2855static_routes="ext mcast:gif0 gif0local:gif0"
2856route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
2857route_mcast="-net 224.0.0.0/4 -iface gif0"
2858route_gif0local="-host 169.254.1.1 -iface lo0"
2859.Ed
2860.Pp
2861When an
2862.Ar element
2863is in the form of
2864.Li name:ifname ,
2865the route is specific to the interface
2866.Li ifname .
2867.It Va ipv6_static_routes
2868.Pq Vt str
2869The IPv6 equivalent of
2870.Va static_routes .
2871If not set to
2872.Dq Li NO
2873then for each whitespace separated
2874.Ar element
2875in the value, a
2876.Va ipv6_route_ Ns Aq Ar element
2877variable is assumed to exist
2878whose contents will later be passed to a
2879.Dq Nm route Cm add Fl inet6
2880operation.
2881.It Va gateway_enable
2882.Pq Vt bool
2883If set to
2884.Dq Li YES ,
2885configure host to act as an IP router, e.g.\& to forward packets
2886between interfaces.
2887.It Va ipv6_gateway_enable
2888.Pq Vt bool
2889The IPv6 equivalent of
2890.Va gateway_enable .
2891.It Va routed_enable
2892.Pq Vt bool
2893If set to
2894.Dq Li YES ,
2895run a routing daemon of some sort, based on the
2896settings of
2897.Va routed_program
2898and
2899.Va routed_flags .
2900.It Va route6d_enable
2901.Pq Vt bool
2902The IPv6 equivalent of
2903.Va routed_enable .
2904If set to
2905.Dq Li YES ,
2906run a routing daemon of some sort, based on the
2907settings of
2908.Va route6d_program
2909and
2910.Va route6d_flags .
2911.It Va routed_program
2912.Pq Vt str
2913If
2914.Va routed_enable
2915is set to
2916.Dq Li YES ,
2917this is the name of the routing daemon to use.
2918.It Va route6d_program
2919.Pq Vt str
2920The IPv6 equivalent of
2921.Va routed_program .
2922.It Va routed_flags
2923.Pq Vt str
2924If
2925.Va routed_enable
2926is set to
2927.Dq Li YES ,
2928these are the flags to pass to the routing daemon.
2929.It Va route6d_flags
2930.Pq Vt str
2931The IPv6 equivalent of
2932.Va routed_flags .
2933.It Va rtadvd_enable
2934.Pq Vt bool
2935If set to
2936.Dq Li YES ,
2937run the
2938.Xr rtadvd 8
2939daemon at boot time.
2940The
2941.Xr rtadvd 8
2942utility sends ICMPv6 Router Advertisement messages to
2943the interfaces specified in
2944.Va rtadvd_interfaces .
2945This should only be enabled with great care.
2946You may want to fine-tune
2947.Xr rtadvd.conf 5 .
2948.It Va rtadvd_interfaces
2949.Pq Vt str
2950If
2951.Va rtadvd_enable
2952is set to
2953.Dq Li YES
2954this is the list of interfaces to use.
2955.It Va arpproxy_all
2956.Pq Vt bool
2957If set to
2958.Dq Li YES ,
2959enable global proxy ARP.
2960.It Va forward_sourceroute
2961.Pq Vt bool
2962If set to
2963.Dq Li YES
2964and
2965.Va gateway_enable
2966is also set to
2967.Dq Li YES ,
2968source-routed packets are forwarded.
2969.It Va accept_sourceroute
2970.Pq Vt bool
2971If set to
2972.Dq Li YES ,
2973the system will accept source-routed packets directed at it.
2974.It Va rarpd_enable
2975.Pq Vt bool
2976If set to
2977.Dq Li YES ,
2978run the
2979.Xr rarpd 8
2980daemon at system boot time.
2981.It Va rarpd_flags
2982.Pq Vt str
2983If
2984.Va rarpd_enable
2985is set to
2986.Dq Li YES ,
2987these are the flags to pass to the
2988.Xr rarpd 8
2989daemon.
2990.It Va bootparamd_enable
2991.Pq Vt bool
2992If set to
2993.Dq Li YES ,
2994run the
2995.Xr bootparamd 8
2996daemon at system boot time.
2997.It Va bootparamd_flags
2998.Pq Vt str
2999If
3000.Va bootparamd_enable
3001is set to
3002.Dq Li YES ,
3003these are the flags to pass to the
3004.Xr bootparamd 8
3005daemon.
3006.It Va stf_interface_ipv4addr
3007.Pq Vt str
3008If not set to
3009.Dq Li NO ,
3010this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3011interface).
3012Specify this entry to enable the 6to4 interface.
3013.It Va stf_interface_ipv4plen
3014.Pq Vt int
3015Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3016An effective value is 0-31.
3017.It Va stf_interface_ipv6_ifid
3018.Pq Vt str
3019IPv6 interface ID for
3020.Xr stf 4 .
3021This can be set to
3022.Dq Li AUTO .
3023.It Va stf_interface_ipv6_slaid
3024.Pq Vt str
3025IPv6 Site Level Aggregator for
3026.Xr stf 4 .
3027.It Va ipv6_ipv4mapping
3028.Pq Vt bool
3029If set to
3030.Dq Li YES
3031this enables IPv4 mapped IPv6 address communication (like
3032.Li ::ffff:a.b.c.d ) .
3033.It Va rtsold_enable
3034.Pq Vt bool
3035Set to
3036.Dq Li YES
3037to enable the
3038.Xr rtsold 8
3039daemon to send ICMPv6 Router Solicitation messages.
3040.It Va rtsold_flags
3041.Pq Vt str
3042If
3043.Va rtsold_enable
3044is set to
3045.Dq Li YES ,
3046these are the flags to pass to
3047.Xr rtsold 8 .
3048.It Va rtsol_flags
3049.Pq Vt str
3050For interfaces configured with the
3051.Dq Li inet6 accept_rtadv
3052keyword, these are the flags to pass to
3053.Xr rtsol 8 .
3054.Pp
3055Note that
3056.Va rtsold_enable
3057is mutually exclusive to
3058.Va rtsol_flags ;
3059.Va rtsold_enable
3060takes precedence.
3061.It Va keybell
3062.Pq Vt str
3063The keyboard bell sound.
3064Set to
3065.Dq Li normal ,
3066.Dq Li visual ,
3067.Dq Li off ,
3068or
3069.Dq Li NO
3070if the default behavior is desired.
3071For details, refer to the
3072.Xr kbdcontrol 1
3073manpage.
3074.It Va keyboard
3075.Pq Vt str
3076If set to a non-null string, the virtual console's keyboard input is
3077set to this device.
3078.It Va keymap
3079.Pq Vt str
3080If set to
3081.Dq Li NO ,
3082no keymap is installed, otherwise the value is used to install
3083the keymap file found in
3084.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3085(if using
3086.Xr syscons 4 ) or
3087.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3088(if using
3089.Xr vt 4 ) .
3090.It Va keyrate
3091.Pq Vt str
3092The keyboard repeat speed.
3093Set to
3094.Dq Li slow ,
3095.Dq Li normal ,
3096.Dq Li fast ,
3097or
3098.Dq Li NO
3099if the default behavior is desired.
3100.It Va keychange
3101.Pq Vt str
3102If not set to
3103.Dq Li NO ,
3104attempt to program the function keys with the value.
3105The value should
3106be a single string of the form:
3107.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3108.It Va cursor
3109.Pq Vt str
3110Can be set to the value of
3111.Dq Li normal ,
3112.Dq Li blink ,
3113.Dq Li destructive ,
3114or
3115.Dq Li NO
3116to set the cursor behavior explicitly or choose the default behavior.
3117.It Va scrnmap
3118.Pq Vt str
3119If set to
3120.Dq Li NO ,
3121no screen map is installed, otherwise the value is used to install
3122the screen map file in
3123.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3124This parameter is ignored when using
3125.Xr vt 4
3126as the console driver.
3127.It Va font8x16
3128.Pq Vt str
3129If set to
3130.Dq Li NO ,
3131the default 8x16 font value is used for screen size requests, otherwise
3132the value in
3133.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3134or
3135.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3136is used (depending on the console driver being used).
3137.It Va font8x14
3138.Pq Vt str
3139If set to
3140.Dq Li NO ,
3141the default 8x14 font value is used for screen size requests, otherwise
3142the value in
3143.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3144or
3145.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3146is used (depending on the console driver being used).
3147.It Va font8x8
3148.Pq Vt str
3149If set to
3150.Dq Li NO ,
3151the default 8x8 font value is used for screen size requests, otherwise
3152the value in
3153.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3154or
3155.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3156is used (depending on the console driver being used).
3157.It Va blanktime
3158.Pq Vt int
3159If set to
3160.Dq Li NO ,
3161the default screen blanking interval is used, otherwise it is set
3162to
3163.Ar value
3164seconds.
3165.It Va saver
3166.Pq Vt str
3167If not set to
3168.Dq Li NO ,
3169this is the actual screen saver to use
3170.Li ( blank , snake , daemon ,
3171etc).
3172.It Va moused_nondefault_enable
3173.Pq Vt str
3174If set to
3175.Dq Li NO ,
3176the mouse device specified on
3177the command line is not automatically treated as enabled by the
3178.Pa /etc/rc.d/moused
3179script.
3180Having this variable set to
3181.Dq Li YES
3182allows a
3183.Xr usb 4
3184mouse,
3185for example,
3186to be enabled as soon as it is plugged in.
3187.It Va moused_enable
3188.Pq Vt str
3189If set to
3190.Dq Li YES ,
3191the
3192.Xr moused 8
3193daemon is started for doing cut/paste selection on the console.
3194.It Va moused_type
3195.Pq Vt str
3196This is the protocol type of the mouse connected to this host.
3197This variable must be set if
3198.Va moused_enable
3199is set to
3200.Dq Li YES .
3201The
3202.Xr moused 8
3203daemon
3204is able to detect the appropriate mouse type automatically in many cases.
3205Set this variable to
3206.Dq Li auto
3207to let the daemon detect it, or
3208select one from the following list if the automatic detection fails.
3209.Pp
3210If the mouse is attached to the PS/2 mouse port, choose
3211.Dq Li auto
3212or
3213.Dq Li ps/2 ,
3214regardless of the brand and model of the mouse.
3215Likewise, if the
3216mouse is attached to the bus mouse port, choose
3217.Dq Li auto
3218or
3219.Dq Li busmouse .
3220All other protocols are for serial mice and will not work with
3221the PS/2 and bus mice.
3222If this is a USB mouse,
3223.Dq Li auto
3224is the only protocol type which will work.
3225.Pp
3226.Bl -tag -width ".Li x10mouseremote" -compact
3227.It Li microsoft
3228Microsoft mouse (serial)
3229.It Li intellimouse
3230Microsoft IntelliMouse (serial)
3231.It Li mousesystems
3232Mouse systems Corp.\& mouse (serial)
3233.It Li mmseries
3234MM Series mouse (serial)
3235.It Li logitech
3236Logitech mouse (serial)
3237.It Li busmouse
3238A bus mouse
3239.It Li mouseman
3240Logitech MouseMan and TrackMan (serial)
3241.It Li glidepoint
3242ALPS GlidePoint (serial)
3243.It Li thinkingmouse
3244Kensington ThinkingMouse (serial)
3245.It Li ps/2
3246PS/2 mouse
3247.It Li mmhittab
3248MM HitTablet (serial)
3249.It Li x10mouseremote
3250X10 MouseRemote (serial)
3251.It Li versapad
3252Interlink VersaPad (serial)
3253.El
3254.Pp
3255Even if the mouse is not in the above list, it may be compatible
3256with one in the list.
3257Refer to the manual page for
3258.Xr moused 8
3259for compatibility information.
3260.Pp
3261It should also be noted that while this is enabled, any
3262other client of the mouse (such as an X server) should access
3263the mouse through the virtual mouse device,
3264.Pa /dev/sysmouse ,
3265and configure it as a
3266.Dq Li sysmouse
3267type mouse, since all
3268mouse data is converted to this single canonical format when
3269using
3270.Xr moused 8 .
3271If the client program does not support the
3272.Dq Li sysmouse
3273type,
3274specify the
3275.Dq Li mousesystems
3276type.
3277It is the second preferred type.
3278.It Va moused_port
3279.Pq Vt str
3280If
3281.Va moused_enable
3282is set to
3283.Dq Li YES ,
3284this is the actual port the mouse is on.
3285It might be
3286.Pa /dev/cuau0
3287for a COM1 serial mouse, or
3288.Pa /dev/psm0
3289for a PS/2 mouse, for example.
3290.It Va moused_flags
3291.Pq Vt str
3292If
3293.Va moused_flags
3294is set, its value is used as an additional set of flags to pass to the
3295.Xr moused 8
3296daemon.
3297.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3298When
3299.Va moused_nondefault_enable
3300is enabled, and a
3301.Xr moused 8
3302daemon is started for a non-default port, the
3303.Va "moused_" Ns Ar XXX Ns Va "_flags"
3304set of options has precedence over and replaces the default
3305.Va moused_flags
3306(where
3307.Ar XXX
3308is the name of the non-default port, i.e.,\&
3309.Ar ums0 ) .
3310By setting
3311.Va "moused_" Ns Ar XXX Ns Va "_flags"
3312it is possible to set up a different set of default flags for each
3313.Xr moused 8
3314instance.
3315For example, you can use
3316.Dq Li "-3"
3317for the default
3318.Va moused_flags
3319to make your laptop's touchpad more comfortable to use,
3320but an empty set of options for
3321.Va moused_ums0_flags
3322when your
3323.Xr usb 4
3324mouse has three or more buttons.
3325.It Va mousechar_start
3326.Pq Vt int
3327If set to
3328.Dq Li NO ,
3329the default mouse cursor character range
3330.Li 0xd0 Ns - Ns Li 0xd3
3331is used,
3332otherwise the range start is set
3333to
3334.Ar value
3335character, see
3336.Xr vidcontrol 1 .
3337Use if the default range is occupied in the language code table.
3338.It Va allscreens_flags
3339.Pq Vt str
3340If set,
3341.Xr vidcontrol 1
3342is run with these options for each of the virtual terminals
3343.Pq Pa /dev/ttyv* .
3344For example,
3345.Dq Fl m Cm on
3346will enable the mouse pointer on all virtual terminals
3347if
3348.Va moused_enable
3349is set to
3350.Dq Li YES .
3351.It Va allscreens_kbdflags
3352.Pq Vt str
3353If set,
3354.Xr kbdcontrol 1
3355is run with these options for each of the virtual terminals
3356.Pq Pa /dev/ttyv* .
3357For example,
3358.Dq Fl h Li 200
3359will set the
3360.Xr syscons 4
3361or
3362.Xr vt 4
3363scrollback (history) buffer to 200 lines.
3364.It Va cron_enable
3365.Pq Vt bool
3366If set to
3367.Dq Li YES ,
3368run the
3369.Xr cron 8
3370daemon at system boot time.
3371.It Va cron_program
3372.Pq Vt str
3373Path to
3374.Xr cron 8
3375(default
3376.Pa /usr/sbin/cron ) .
3377.It Va cron_flags
3378.Pq Vt str
3379If
3380.Va cron_enable
3381is set to
3382.Dq Li YES ,
3383these are the flags to pass to
3384.Xr cron 8 .
3385.It Va cron_dst
3386.Pq Vt bool
3387If set to
3388.Dq Li YES ,
3389enable the special handling of transitions to and from the
3390Daylight Saving Time in
3391.Xr cron 8
3392(equivalent to using the flag
3393.Fl s ) .
3394.It Va lpd_program
3395.Pq Vt str
3396Path to
3397.Xr lpd 8
3398(default
3399.Pa /usr/sbin/lpd ) .
3400.It Va lpd_enable
3401.Pq Vt bool
3402If set to
3403.Dq Li YES ,
3404run the
3405.Xr lpd 8
3406daemon at system boot time.
3407.It Va lpd_flags
3408.Pq Vt str
3409If
3410.Va lpd_enable
3411is set to
3412.Dq Li YES ,
3413these are the flags to pass to the
3414.Xr lpd 8
3415daemon.
3416.It Va chkprintcap_enable
3417.Pq Vt bool
3418If set to
3419.Dq Li YES ,
3420run the
3421.Xr chkprintcap 8
3422command before starting the
3423.Xr lpd 8
3424daemon.
3425.It Va chkprintcap_flags
3426.Pq Vt str
3427If
3428.Va lpd_enable
3429and
3430.Va chkprintcap_enable
3431are set to
3432.Dq Li YES ,
3433these are the flags to pass to the
3434.Xr chkprintcap 8
3435program.
3436The default is
3437.Dq Li -d ,
3438which causes missing directories to be created.
3439.It Va mta_start_script
3440.Pq Vt str
3441This variable specifies the full path to the script to run to start
3442a mail transfer agent.
3443The default is
3444.Pa /etc/rc.sendmail .
3445The
3446.Va sendmail_*
3447variables which
3448.Pa /etc/rc.sendmail
3449uses are documented in the
3450.Xr rc.sendmail 8
3451manual page.
3452.It Va dumpdev
3453.Pq Vt str
3454Indicates the device (usually a swap partition) to which a crash dump
3455should be written in the event of a system crash.
3456If the value of this variable is
3457.Dq Li AUTO ,
3458the first suitable swap device listed in
3459.Pa /etc/fstab
3460will be used as dump device.
3461Otherwise, the value of this variable is passed as the argument to
3462.Xr dumpon 8
3463and
3464.Xr savecore 8 .
3465To disable crash dumps, set this variable to
3466.Dq Li NO .
3467.It Va dumpon_flags
3468.Pq Vt str
3469Flags to pass to
3470.Xr dumpon 8
3471when configuring
3472.Va dumpdev
3473as the system dump device.
3474.It Va dumpdir
3475.Pq Vt str
3476When the system reboots after a crash and a crash dump is found on the
3477device specified by the
3478.Va dumpdev
3479variable,
3480.Xr savecore 8
3481will save that crash dump and a copy of the kernel to the directory
3482specified by the
3483.Va dumpdir
3484variable.
3485The default value is
3486.Pa /var/crash .
3487Set to
3488.Dq Li NO
3489to not run
3490.Xr savecore 8
3491at boot time when
3492.Va dumpdir
3493is set.
3494.It Va savecore_enable
3495.Pq Vt bool
3496If set to
3497.Dq Li NO ,
3498disable automatic extraction of the crash dump from the
3499.Va dumpdev .
3500.It Va savecore_flags
3501.Pq Vt str
3502If crash dumps are enabled, these are the flags to pass to the
3503.Xr savecore 8
3504utility.
3505.It Va quota_enable
3506.Pq Vt bool
3507Set to
3508.Dq Li YES
3509to turn on user and group disk quotas on system startup via the
3510.Xr quotaon 8
3511command for all file systems marked as having quotas enabled in
3512.Pa /etc/fstab .
3513The kernel must be built with
3514.Cd "options QUOTA"
3515for disk quotas to function.
3516.It Va check_quotas
3517.Pq Vt bool
3518Set to
3519.Dq Li YES
3520to enable user and group disk quota checking via the
3521.Xr quotacheck 8
3522command.
3523.It Va quotacheck_flags
3524.Pq Vt str
3525If
3526.Va quota_enable
3527is set to
3528.Dq Li YES ,
3529and
3530.Va check_quotas
3531is set to
3532.Dq Li YES ,
3533these are the flags to pass to the
3534.Xr quotacheck 8
3535utility.
3536The default is
3537.Dq Li "-a" ,
3538which checks quotas for all file systems with quotas enabled in
3539.Pa /etc/fstab .
3540.It Va quotaon_flags
3541.Pq Vt str
3542If
3543.Va quota_enable
3544is set to
3545.Dq Li YES ,
3546these are the flags to pass to the
3547.Xr quotaon 8
3548utility.
3549The default is
3550.Dq Li "-a" ,
3551which enables quotas for all file systems with quotas enabled in
3552.Pa /etc/fstab .
3553.It Va quotaoff_flags
3554.Pq Vt str
3555If
3556.Va quota_enable
3557is set to
3558.Dq Li YES ,
3559these are the flags to pass to the
3560.Xr quotaoff 8
3561utility when shutting down the quota system.
3562The default is
3563.Dq Li "-a" ,
3564which disables quotas for all file systems with quotas enabled in
3565.Pa /etc/fstab .
3566.It Va accounting_enable
3567.Pq Vt bool
3568Set to
3569.Dq Li YES
3570to enable system accounting through the
3571.Xr accton 8
3572facility.
3573.It Va firstboot_sentinel
3574.Pq Vt str
3575This variable specifies the full path to a
3576.Dq first boot
3577sentinel file.
3578If a file exists with this path,
3579.Pa rc.d
3580scripts with the
3581.Dq firstboot
3582keyword will be run on startup and the sentinel file will be deleted
3583after the boot process completes.
3584The sentinel file must be located on a writable file system which is
3585mounted no later than
3586.Va early_late_divider
3587to function properly.
3588The default is
3589.Pa /firstboot .
3590.It Va linux_enable
3591.Pq Vt bool
3592Set to
3593.Dq Li YES
3594to enable Linux/ELF binary emulation at system initial
3595boot time.
3596.It Va sysvipc_enable
3597.Pq Vt bool
3598If set to
3599.Dq Li YES ,
3600load System V IPC primitives at boot time.
3601.It Va clear_tmp_enable
3602.Pq Vt bool
3603Set to
3604.Dq Li YES
3605to have
3606.Pa /tmp
3607cleaned at startup.
3608.It Va clear_tmp_X
3609.Pq Vt bool
3610Set to
3611.Dq Li NO
3612to disable removing of X11 lock files,
3613and the removal and (secure) recreation
3614of the various socket directories for X11
3615related programs.
3616.It Va ldconfig_paths
3617.Pq Vt str
3618Set to the list of shared library paths to use with
3619.Xr ldconfig 8 .
3620NOTE:
3621.Pa /lib
3622and
3623.Pa /usr/lib
3624will always be added first, so they need not appear in this list.
3625.It Va ldconfig32_paths
3626.Pq Vt str
3627Set to the list of 32-bit compatibility shared library paths to
3628use with
3629.Xr ldconfig 8 .
3630.It Va ldconfig_insecure
3631.Pq Vt bool
3632The
3633.Xr ldconfig 8
3634utility normally refuses to use directories
3635which are writable by anyone except root.
3636Set this variable to
3637.Dq Li YES
3638to disable that security check during system startup.
3639.It Va ldconfig_local_dirs
3640.Pq Vt str
3641Set to the list of local
3642.Xr ldconfig 8
3643directories.
3644The names of all files in the directories listed will be
3645passed as arguments to
3646.Xr ldconfig 8 .
3647.It Va ldconfig_local32_dirs
3648.Pq Vt str
3649Set to the list of local 32-bit compatibility
3650.Xr ldconfig 8
3651directories.
3652The names of all files in the directories listed will be
3653passed as arguments to
3654.Dq Nm ldconfig Fl 32 .
3655.It Va kern_securelevel_enable
3656.Pq Vt bool
3657Set to
3658.Dq Li YES
3659to set the kernel security level at system startup.
3660.It Va kern_securelevel
3661.Pq Vt int
3662The kernel security level to set at startup.
3663The allowed range of
3664.Ar value
3665ranges from \-1 (the compile time default) to 3 (the
3666most secure).
3667See
3668.Xr security 7
3669for the list of possible security levels and their effect
3670on system operation.
3671.It Va sshd_program
3672.Pq Vt str
3673Path to the SSH server program
3674.Pa ( /usr/sbin/sshd
3675is the default).
3676.It Va sshd_enable
3677.Pq Vt bool
3678Set to
3679.Dq Li YES
3680to start
3681.Xr sshd 8
3682at system boot time.
3683.It Va sshd_flags
3684.Pq Vt str
3685If
3686.Va sshd_enable
3687is set to
3688.Dq Li YES ,
3689these are the flags to pass to the
3690.Xr sshd 8
3691daemon.
3692.It Va ftpd_program
3693.Pq Vt str
3694Path to the FTP server program
3695.Pa ( /usr/libexec/ftpd
3696is the default).
3697.It Va ftpd_enable
3698.Pq Vt bool
3699Set to
3700.Dq Li YES
3701to start
3702.Xr ftpd 8
3703as a stand-alone daemon at system boot time.
3704.It Va ftpd_flags
3705.Pq Vt str
3706If
3707.Va ftpd_enable
3708is set to
3709.Dq Li YES ,
3710these are the additional flags to pass to the
3711.Xr ftpd 8
3712daemon.
3713.It Va watchdogd_enable
3714.Pq Vt bool
3715If set to
3716.Dq Li YES ,
3717start the
3718.Xr watchdogd 8
3719daemon at boot time.
3720This requires that the kernel have been compiled with a
3721.Xr watchdog 4
3722compatible device.
3723.It Va watchdogd_flags
3724.Pq Vt str
3725If
3726.Va watchdogd_enable
3727is set to
3728.Dq Li YES ,
3729these are the flags passed to the
3730.Xr watchdogd 8
3731daemon.
3732.It Va watchdogd_timeout
3733.Pq Vt int
3734If
3735.Va watchdogd_enable
3736is set to
3737.Dq Li YES ,
3738this is a timeout that will be used by the
3739.Xr watchdogd 8
3740daemon.
3741If this option is set, it overrides
3742.Fl t
3743in
3744.Va watchdogd_flags .
3745.It Va watchdogd_shutdown_timeout
3746.Pq Vt int
3747If
3748.Va watchdogd_enable
3749is set to
3750.Dq Li YES ,
3751this is a timeout that will be set by the
3752.Xr watchdogd 8
3753daemon when it exits during the system shutdown.
3754This timeout will not be set when returning to the single-user mode
3755or when the watchdogd service is stopped individually using the
3756.Xr service 8
3757command or the rc.d script.
3758Note that the timeout will be applied if
3759.Xr watchdogd 8
3760is stopped outside of
3761.Xr rc 8
3762framework.
3763If this option is set, it overrides
3764.Fl x
3765in
3766.Va watchdogd_flags .
3767.It Va devfs_rulesets
3768.Pq Vt str
3769List of files containing sets of rules for
3770.Xr devfs 8 .
3771.It Va devfs_system_ruleset
3772.Pq Vt str
3773Rule name(s) to apply to the system
3774.Pa /dev
3775itself.
3776.It Va devfs_set_rulesets
3777.Pq Vt str
3778Pairs of already-mounted
3779.Pa dev
3780directories and rulesets that should be applied to them.
3781For example: /mount/dev=ruleset_name
3782.It Va devfs_load_rulesets
3783.Pq Vt bool
3784If set, always load the default rulesets listed in
3785.Va devfs_rulesets .
3786.It Va performance_cx_lowest
3787.Pq Vt str
3788CPU idle state to use while on AC power.
3789The string
3790.Dq Li LOW
3791indicates that
3792.Xr acpi 4
3793should use the lowest power state available while
3794.Dq Li HIGH
3795indicates that the lowest latency state (less power savings) should be used.
3796.It Va performance_cpu_freq
3797.Pq Vt str
3798CPU clock frequency to use while on AC power.
3799The string
3800.Dq Li LOW
3801indicates that
3802.Xr cpufreq 4
3803should use the lowest frequency available while
3804.Dq Li HIGH
3805indicates that the highest frequency (less power savings) should be used.
3806.It Va economy_cx_lowest
3807.Pq Vt str
3808CPU idle state to use when off AC power.
3809The string
3810.Dq Li LOW
3811indicates that
3812.Xr acpi 4
3813should use the lowest power state available while
3814.Dq Li HIGH
3815indicates that the lowest latency state (less power savings) should be used.
3816.It Va economy_cpu_freq
3817.Pq Vt str
3818CPU clock frequency to use when off AC power.
3819The string
3820.Dq Li LOW
3821indicates that
3822.Xr cpufreq 4
3823should use the lowest frequency available while
3824.Dq Li HIGH
3825indicates that the highest frequency (less power savings) should be used.
3826.It Va jail_enable
3827.Pq Vt bool
3828If set to
3829.Dq Li NO ,
3830any configured jails will not be started.
3831.It Va jail_conf
3832.Pq Vt str
3833The configuration filename used by
3834.Xr jail 8
3835utility.
3836The default value is
3837.Pa /etc/jail.conf .
3838.Pa /etc/jail.  Ns Ao Ar jname Ac Ns Va .conf
3839and
3840.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf
3841will also be used if
3842.Va Ao Ar jname Ac Va
3843is set in
3844.Va jail_list .
3845.It Va jail_parallel_start
3846.Pq Vt bool
3847If set to
3848.Dq Li YES ,
3849all configured jails will be started in the background (in parallel).
3850.It Va jail_flags
3851.Pq Vt str
3852Unset by default.
3853When set, use as default value for
3854.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
3855for every jail in
3856.Va jail_list .
3857.It Va jail_list
3858.Pq Vt str
3859A space-delimited list of jail names.
3860When left empty, all of the
3861.Xr jail 8
3862instances defined in the configuration file are started.
3863The names specified in this list control the jail startup order.
3864.Xr jail 8
3865instances missing from
3866.Va jail_list
3867must be started manually.
3868Note that a jail's
3869.Va depend
3870parameter in the configuration file may override this list.
3871.It Va jail_reverse_stop
3872.Pq Vt bool
3873When set to
3874.Dq Li YES ,
3875all configured jails in
3876.Va jail_list
3877are stopped in reverse order.
3878.It Va jail_ Ns * variables
3879Note that older releases supported per-jail configuration via
3880.Nm
3881variables.
3882For example,
3883hostname of a jail named
3884.Li vjail
3885was able to be set by
3886.Li jail_vjail_hostname .
3887These per-jail configuration variables are now obsolete in favor of
3888.Xr jail 8
3889configuration file.
3890For backward compatibility,
3891when per-jail configuration variables are defined,
3892.Xr jail 8
3893configuration files are created as
3894.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf
3895and used.
3896.Pp
3897The following per-jail parameters are handled by
3898.Pa rc.d/jail
3899script out of their corresponding
3900.Nm
3901variables.
3902In addition to them, parameters in
3903.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
3904will be added to the configuration file.
3905They must be a semi-colon
3906.Pq Ql \&;
3907delimited list of
3908.Dq key=value .
3909For more details,
3910see
3911.Xr jail 8
3912manual page.
3913.Bl  -tag -width "host.hostname" -offset indent
3914.It Li path
3915set from
3916.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
3917.It Li host.hostname
3918set from
3919.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
3920.It Li exec.consolelog
3921set from
3922.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
3923The default value is
3924.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log .
3925.It Li interface
3926set from
3927.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
3928.It Li vnet.interface
3929set from
3930.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
3931This implies
3932.Li vnet
3933parameter will be enabled and cannot be specified with
3934.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
3935.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3936and/or
3937.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3938at the same time.
3939.It Li fstab
3940set from
3941.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
3942.It Li mount
3943set from
3944.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
3945.It Li exec.fib
3946set from
3947.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
3948.It Li exec.start
3949set from
3950.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
3951The parameter name was
3952.Li command
3953in some older releases.
3954.It Li exec.prestart
3955set from
3956.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
3957.It Li exec.poststart
3958set from
3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
3960.It Li exec.stop
3961set from
3962.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
3963.It Li exec.prestop
3964set from
3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
3966.It Li exec.poststop
3967set from
3968.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
3969.It Li ip4.addr
3970set if
3971.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3972or
3973.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3974contain IPv4 addresses
3975.It Li ip6.addr
3976set if
3977.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
3978or
3979.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
3980contain IPv6 addresses
3981.It Li allow.mount
3982set from
3983.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
3984.It Li mount.devfs
3985set from
3986.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
3987.It Li devfs_ruleset
3988set from
3989.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
3990This must be an integer,
3991not a string.
3992.It Li mount.fdescfs
3993set from
3994.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
3995.It Li allow.set_hostname
3996set from
3997.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
3998.It Li allow.rawsocket
3999set from
4000.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4001.It Li allow.sysvipc
4002set from
4003.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4004.El
4005.\" -----------------------------------------------------
4006.It Va harvest_mask
4007.Pq Vt int
4008Set to a bit-mask
4009representing the entropy sources
4010you wish to harvest.
4011Refer to
4012.Xr random 4
4013for more information.
4014.It Va entropy_dir
4015.Pq Vt str
4016Set to
4017.Dq Li NO
4018to disable caching entropy via
4019.Xr cron 8 .
4020Otherwise set to the directory
4021in which the entropy files are stored.
4022To be useful,
4023there must be
4024a system cron job
4025that regularly writes and rotates
4026files here.
4027All files found
4028will be used at boot time.
4029The default is
4030.Pa /var/db/entropy .
4031.It Va entropy_file
4032.Pq Vt str
4033Set to
4034.Dq Li NO
4035to disable caching entropy through reboots.
4036Otherwise set to the name
4037of a file used to store cached entropy.
4038This file should be located
4039on a file system that is readable
4040before all the volumes specified in
4041.Xr fstab 5
4042are mounted.
4043By default,
4044.Pa /entropy
4045is used,
4046but if
4047.Pa /var/db/entropy-file
4048is found it will also be used.
4049This will be of some use to
4050.Xr bsdinstall 8 .
4051.It Va entropy_boot_file
4052.Pq Vt str
4053Set to
4054.Dq Li NO
4055to disable
4056very early caching entropy
4057through reboots.
4058Otherwise set to the filename
4059used to read
4060very early reboot cached entropy.
4061This file should be located where
4062.Xr loader 8
4063can read it.
4064See also
4065.Xr loader.conf 5 .
4066The default location is
4067.Pa /boot/entropy .
4068.It Va entropy_save_sz
4069.Pq Vt int
4070Size of the entropy cache files saved by
4071.Nm save-entropy
4072periodically.
4073.It Va entropy_save_num
4074.Pq Vt int
4075Number of entropy cache files to save by
4076.Nm save-entropy
4077periodically.
4078.It Va ipsec_enable
4079.Pq Vt bool
4080Set to
4081.Dq Li YES
4082to run
4083.Xr setkey 8
4084on
4085.Va ipsec_file
4086at boot time.
4087.It Va ipsec_file
4088.Pq Vt str
4089Configuration file for
4090.Xr setkey 8 .
4091.It Va dmesg_enable
4092.Pq Vt bool
4093Set to
4094.Dq Li YES
4095to save
4096.Xr dmesg 8
4097to
4098.Pa /var/run/dmesg.boot
4099on boot.
4100.It Va rcshutdown_timeout
4101.Pq Vt int
4102If set, start a watchdog timer in the background which will terminate
4103.Pa rc.shutdown
4104if
4105.Xr shutdown 8
4106has not completed within the specified time (in seconds).
4107Notice that in addition to this soft timeout,
4108.Xr init 8
4109also applies a hard timeout for the execution of
4110.Pa rc.shutdown .
4111This is configured via
4112.Xr sysctl 8
4113variable
4114.Va kern.init_shutdown_timeout
4115and defaults to 120 seconds.
4116Setting the value of
4117.Va rcshutdown_timeout
4118to more than 120 seconds will have no effect until the
4119.Xr sysctl 8
4120variable
4121.Va kern.init_shutdown_timeout
4122is also increased.
4123.It Va virecover_enable
4124.Pq Vt bool
4125Set to
4126.Dq Li NO
4127to prevent the system from trying to
4128recover pre-maturely terminated
4129.Xr vi 1
4130sessions.
4131.It Va ugidfw_enable
4132.Pq Vt bool
4133Set to
4134.Dq Li YES
4135to load the
4136.Xr mac_bsdextended 4
4137module upon system initialization and load a default
4138ruleset file.
4139.It Va bsdextended_script
4140.Pq Vt str
4141The default
4142.Xr mac_bsdextended 4
4143ruleset file to load.
4144The default value of this variable is
4145.Pa /etc/rc.bsdextended .
4146.It Va newsyslog_enable
4147.Pq Vt bool
4148If set to
4149.Dq Li YES ,
4150run
4151.Xr newsyslog 8
4152command at startup.
4153.It Va newsyslog_flags
4154.Pq Vt str
4155If
4156.Va newsyslog_enable
4157is set to
4158.Dq Li YES ,
4159these are the flags to pass to the
4160.Xr newsyslog 8
4161program.
4162The default is
4163.Dq Li -CN ,
4164which causes log files flagged with a
4165.Cm C
4166to be created.
4167.It Va mdconfig_md Ns Aq Ar X
4168.Pq Vt str
4169Arguments to
4170.Xr mdconfig 8
4171for
4172.Xr md 4
4173device
4174.Ar X .
4175At minimum a
4176.Fl t Ar type
4177must be specified and either a
4178.Fl s Ar size
4179for malloc or swap backed
4180.Xr md 4
4181devices or a
4182.Fl f Ar file
4183for vnode backed
4184.Xr md 4
4185devices.
4186Note that
4187.Va mdconfig_md Ns Aq Ar X
4188variables are evaluated until one variable is unset or null.
4189.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4190.Pq Vt str
4191Optional arguments passed to
4192.Xr newfs 8
4193to initialize
4194.Xr md 4
4195device
4196.Ar X .
4197.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4198.Pq Vt str
4199An ownership specification passed to
4200.Xr chown 8
4201after the specified
4202.Xr md 4
4203device
4204.Ar X
4205has been mounted.
4206Both the
4207.Xr md 4
4208device and the mount point will be changed.
4209.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4210.Pq Vt str
4211A mode string passed to
4212.Xr chmod 1
4213after the specified
4214.Xr md 4
4215device
4216.Ar X
4217has been mounted.
4218Both the
4219.Xr md 4
4220device and the mount point will be changed.
4221.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4222.Pq Vt str
4223Files to be copied to the mount point of the
4224.Xr md 4
4225device
4226.Ar X
4227after it has been mounted.
4228.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4229.Pq Vt str
4230Command to execute after the specified
4231.Xr md 4
4232device
4233.Ar X
4234has been mounted.
4235Note that the command is passed to
4236.Ic eval
4237and that both
4238.Va _dev
4239and
4240.Va _mp
4241variables can be used to reference respectively the
4242.Xr md 4
4243device and the mount point.
4244Assuming that the
4245.Xr md 4
4246device is
4247.Li md0 ,
4248one could set the following:
4249.Bd -literal
4250mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4251.Ed
4252.It Va autobridge_interfaces
4253.Pq Vt str
4254Set to the list of bridge interfaces that will have newly arriving interfaces
4255checked against to be automatically added.
4256If not set to
4257.Dq Li NO
4258then for each whitespace separated
4259.Ar element
4260in the value, a
4261.Va autobridge_ Ns Aq Ar element
4262variable is assumed to exist which has a whitespace separated list of interface
4263names to match, these names can use wildcards.
4264For example:
4265.Bd -literal
4266autobridge_interfaces="bridge0"
4267autobridge_bridge0="tap* dc0 vlan[345]"
4268.Ed
4269.It Va mixer_enable
4270.Pq Vt bool
4271If set to
4272.Dq Li YES ,
4273enable support for sound mixer.
4274.It Va hcsecd_enable
4275.Pq Vt bool
4276If set to
4277.Dq Li YES ,
4278enable Bluetooth security daemon.
4279.It Va hcsecd_config
4280.Pq Vt str
4281Configuration file for
4282.Xr hcsecd 8 .
4283Default
4284.Pa /etc/bluetooth/hcsecd.conf .
4285.It Va sdpd_enable
4286.Pq Vt bool
4287If set to
4288.Dq Li YES ,
4289enable Bluetooth Service Discovery Protocol daemon.
4290.It Va sdpd_control
4291.Pq Vt str
4292Path to
4293.Xr sdpd 8
4294control socket.
4295Default
4296.Pa /var/run/sdp .
4297.It Va sdpd_groupname
4298.Pq Vt str
4299Sets
4300.Xr sdpd 8
4301group to run as after it initializes.
4302Default
4303.Dq Li nobody .
4304.It Va sdpd_username
4305.Pq Vt str
4306Sets
4307.Xr sdpd 8
4308user to run as after it initializes.
4309Default
4310.Dq Li nobody .
4311.It Va bthidd_enable
4312.Pq Vt bool
4313If set to
4314.Dq Li YES ,
4315enable Bluetooth Human Interface Device daemon.
4316.It Va bthidd_config
4317.Pq Vt str
4318Configuration file for
4319.Xr bthidd 8 .
4320Default
4321.Pa /etc/bluetooth/bthidd.conf .
4322.It Va bthidd_hids
4323.Pq Vt str
4324Path to a file, where
4325.Xr bthidd 8
4326will store information about known HID devices.
4327Default
4328.Pa /var/db/bthidd.hids .
4329.It Va rfcomm_pppd_server_enable
4330.Pq Vt bool
4331If set to
4332.Dq Li YES ,
4333enable Bluetooth RFCOMM PPP wrapper daemon.
4334.It Va rfcomm_pppd_server_profile
4335.Pq Vt str
4336The name of the profile to use from
4337.Pa /etc/ppp/ppp.conf .
4338Multiple profiles can be specified here.
4339Also used to specify per-profile overrides.
4340When the profile name contains any of the characters
4341.Dq Li .-/+
4342they are translated to
4343.Dq Li _
4344for the proposes of the override variable names.
4345.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4346.Pq Vt str
4347Overrides local address to listen on.
4348By default
4349.Xr rfcomm_pppd 8
4350will listen on
4351.Dq Li ANY
4352address.
4353The address can be specified as BD_ADDR or name.
4354.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4355.Pq Vt str
4356Overrides local RFCOMM channel to listen on.
4357By default
4358.Xr rfcomm_pppd 8
4359will listen on RFCOMM channel 1.
4360Must set properly if multiple profiles used in the same time.
4361.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4362.Pq Vt bool
4363Tells
4364.Xr rfcomm_pppd 8
4365if it should register Serial Port service on the specified RFCOMM channel.
4366Default
4367.Dq Li NO .
4368.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4369.Pq Vt bool
4370Tells
4371.Xr rfcomm_pppd 8
4372if it should register Dial-Up Networking service on the specified
4373RFCOMM channel.
4374Default
4375.Dq Li NO .
4376.It Va ubthidhci_enable
4377.Pq Vt bool
4378If set to
4379.Dq Li YES ,
4380change the USB Bluetooth controller from HID mode to HCI mode.
4381You also need to specify the location of USB Bluetooth controller with the
4382.Va ubthidhci_busnum
4383and
4384.Va ubthidhci_addr
4385variables.
4386.It Va ubthidhci_busnum
4387Bus number where the USB Bluetooth controller is located.
4388Check the output of
4389.Xr usbconfig 8
4390on your system to find this information.
4391.It Va ubthidhci_addr
4392Bus address of the USB Bluetooth controller.
4393Check the output of
4394.Xr usbconfig 8
4395on your system to find this information.
4396.It Va netwait_enable
4397.Pq Vt bool
4398If set to
4399.Dq Li YES ,
4400delays the start of network-reliant services until
4401.Va netwait_if
4402is up and ICMP packets to a destination defined in
4403.Va netwait_ip
4404are flowing.
4405Link state is examined first, followed by
4406.Dq Li pinging
4407an IP address to verify network usability.
4408If no destination can be reached or timeouts are exceeded,
4409network services are started anyway with no guarantee that
4410the network is usable.
4411Use of this variable requires both
4412.Va netwait_ip
4413and
4414.Va netwait_if
4415to be set.
4416.It Va netwait_ip
4417.Pq Vt str
4418Empty by default.
4419This variable contains a space-delimited list of IP addresses to
4420.Xr ping 8 .
4421DNS hostnames should not be used as resolution is not guaranteed
4422to be functional at this point.
4423If multiple IP addresses are specified,
4424each will be tried until one is successful or the list is exhausted.
4425.It Va netwait_timeout
4426.Pq Vt int
4427Indicates the total number of seconds to perform a
4428.Dq Li ping
4429against each IP address in
4430.Va netwait_ip ,
4431at a rate of one ping per second.
4432If any of the pings are successful,
4433full network connectivity is considered reliable.
4434The default is 60.
4435.It Va netwait_if
4436.Pq Vt str
4437Empty by default.
4438Defines the name of the network interface on which watch for link.
4439.Xr ifconfig 8
4440is used to monitor the interface, looking for
4441.Dq Li status: no carrier .
4442Once gone, the link is considered up.
4443This can be a
4444.Xr vlan 4
4445interface if desired.
4446.It Va netwait_if_timeout
4447.Pq Vt int
4448Defines the total number of seconds to wait for link to become usable,
4449polled at a 1-second interval.
4450The default is 30.
4451.It Va rctl_enable
4452.Pq Vt bool
4453If set to
4454.Dq Li YES ,
4455load
4456.Xr rctl 8
4457rules from the defined ruleset.
4458The kernel must be built with
4459.Cd "options RACCT"
4460and
4461.Cd "options RCTL" .
4462.It Va rctl_rules
4463.Pq Vt str
4464Set to
4465.Pa /etc/rctl.conf
4466by default.
4467This variables contains the
4468.Xr rctl.conf 5
4469ruleset to load for
4470.Xr rctl 8 .
4471.It Va iovctl_files
4472.Pq Vt str
4473A space-separated list of configuration files used by
4474.Xr iovctl 8 .
4475The default value is an empty string.
4476.It Va autofs_enable
4477.Pq Vt bool
4478If set to
4479.Dq Li YES ,
4480start the
4481.Xr automount 8
4482utility and the
4483.Xr automountd 8
4484and
4485.Xr autounmountd 8
4486daemons at boot time.
4487.It Va automount_flags
4488.Pq Vt str
4489If
4490.Va autofs_enable
4491is set to
4492.Dq Li YES ,
4493these are the flags to pass to the
4494.Xr automount 8
4495program.
4496By default no flags are passed.
4497.It Va automountd_flags
4498.Pq Vt str
4499If
4500.Va autofs_enable
4501is set to
4502.Dq Li YES ,
4503these are the flags to pass to the
4504.Xr automountd 8
4505daemon.
4506By default no flags are passed.
4507.It Va autounmountd_flags
4508.Pq Vt str
4509If
4510.Va autofs_enable
4511is set to
4512.Dq Li YES ,
4513these are the flags to pass to the
4514.Xr autounmountd 8
4515daemon.
4516By default no flags are passed.
4517.It Va ctld_enable
4518.Pq Vt bool
4519If set to
4520.Dq Li YES ,
4521start the
4522.Xr ctld 8
4523daemon at boot time.
4524.It Va iscsid_enable
4525.Pq Vt bool
4526If set to
4527.Dq Li YES ,
4528start the
4529.Xr iscsid 8
4530daemon at boot time.
4531.It Va iscsictl_enable
4532.Pq Vt bool
4533If set to
4534.Dq Li YES ,
4535start the
4536.Xr iscsictl 8
4537utility at boot time.
4538.It Va iscsictl_flags
4539.Pq Vt str
4540If
4541.Va iscsictl_enable
4542is set to
4543.Dq Li YES ,
4544these are the flags to pass to the
4545.Xr iscsictl 8
4546program.
4547The default is
4548.Dq Li -Aa ,
4549which configures sessions based on the
4550.Pa /etc/iscsi.conf
4551configuration file.
4552.It Va cfumass_enable
4553.Pq Vt bool
4554If set to
4555.Dq Li YES ,
4556create and export an USB LUN using
4557.Xr cfumass 4
4558at boot time.
4559.It Va cfumass_dir
4560.Pq Vt str
4561The directory where the files exported by USB LUN are located.
4562The default directory is
4563.Pa /var/cfumass .
4564.It Va service_delete_empty
4565.Pq Vt bool
4566If set to
4567.Dq Li YES ,
4568.Ql Li service delete
4569removes empty
4570.Dq Li rc.conf.d
4571files.
4572.It Va zfs_bootonce_activate
4573.Pq Vt bool
4574If set to
4575.Dq Li YES ,
4576and a boot environment marked bootonce is successfully booted,
4577it will be made permanently active.
4578.El
4579.Sh FILES
4580.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
4581.It Pa /etc/defaults/rc.conf
4582.It Pa /etc/defaults/vendor.conf
4583.It Pa /etc/rc.conf
4584.It Pa /etc/rc.conf.local
4585.El
4586.Sh SEE ALSO
4587.Xr chmod 1 ,
4588.Xr gdb 1 ,
4589.Xr info 1 ,
4590.Xr kbdcontrol 1 ,
4591.Xr sh 1 ,
4592.Xr vi 1 ,
4593.Xr vidcontrol 1 ,
4594.Xr bridge 4 ,
4595.Xr dummynet 4 ,
4596.Xr ip 4 ,
4597.Xr ipf 4 ,
4598.Xr ipfw 4 ,
4599.Xr ipnat 4 ,
4600.Xr kld 4 ,
4601.Xr pf 4 ,
4602.Xr pflog 4 ,
4603.Xr pfsync 4 ,
4604.Xr tcp 4 ,
4605.Xr udp 4 ,
4606.Xr exports 5 ,
4607.Xr fstab 5 ,
4608.Xr ipf 5 ,
4609.Xr ipnat 5 ,
4610.Xr jail.conf 5 ,
4611.Xr loader.conf 5 ,
4612.Xr motd 5 ,
4613.Xr newsyslog.conf 5 ,
4614.Xr pf.conf 5 ,
4615.Xr firewall 7 ,
4616.Xr growfs 7 ,
4617.Xr security 7 ,
4618.Xr tuning 7 ,
4619.Xr accton 8 ,
4620.Xr apm 8 ,
4621.Xr bsdinstall 8 ,
4622.Xr bthidd 8 ,
4623.Xr chkprintcap 8 ,
4624.Xr chown 8 ,
4625.Xr cron 8 ,
4626.Xr devfs 8 ,
4627.Xr dhclient 8 ,
4628.Xr ftpd 8 ,
4629.Xr geli 8 ,
4630.Xr hcsecd 8 ,
4631.Xr ifconfig 8 ,
4632.Xr inetd 8 ,
4633.Xr iovctl 8 ,
4634.Xr ipf 8 ,
4635.Xr ipfw 8 ,
4636.Xr ipnat 8 ,
4637.Xr jail 8 ,
4638.Xr kldxref 8 ,
4639.Xr loader 8 ,
4640.Xr lpd 8 ,
4641.Xr makewhatis 8 ,
4642.Xr mdconfig 8 ,
4643.Xr mdmfs 8 ,
4644.Xr mixer 8 ,
4645.Xr mountd 8 ,
4646.Xr moused 8 ,
4647.Xr newfs 8 ,
4648.Xr newsyslog 8 ,
4649.Xr nfsd 8 ,
4650.Xr ntpd 8 ,
4651.Xr ntpdate 8 ,
4652.Xr pfctl 8 ,
4653.Xr pflogd 8 ,
4654.Xr ping 8 ,
4655.Xr powerd 8 ,
4656.Xr quotacheck 8 ,
4657.Xr quotaon 8 ,
4658.Xr rc 8 ,
4659.Xr rc.sendmail 8 ,
4660.Xr rcorder 8 ,
4661.Xr rfcomm_pppd 8 ,
4662.Xr route 8 ,
4663.Xr routed 8 ,
4664.Xr rpc.lockd 8 ,
4665.Xr rpc.statd 8 ,
4666.Xr rpcbind 8 ,
4667.Xr rwhod 8 ,
4668.Xr savecore 8 ,
4669.Xr sdpd 8 ,
4670.Xr service 8 ,
4671.Xr sshd 8 ,
4672.Xr swapon 8 ,
4673.Xr sysctl 8 ,
4674.Xr syslogd 8 ,
4675.Xr sysrc 8 ,
4676.Xr unbound 8 ,
4677.Xr usbconfig 8 ,
4678.Xr wlandebug 8 ,
4679.Xr yp 8 ,
4680.Xr ypbind 8 ,
4681.Xr ypserv 8 ,
4682.Xr ypset 8
4683.Sh HISTORY
4684The
4685.Nm
4686file appeared in
4687.Fx 2.2.2 .
4688.Sh AUTHORS
4689.An Jordan K. Hubbard .
4690