1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd October 5, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va devmatch_enable 255.Pq Vt bool 256If set to 257.Dq Li NO , 258disable auto-loading of kernel modules with 259.Xr devmatch 8 . 260.It Va devmatch_blocklist 261.Pq Vt str 262A whitespace-separated list of kernel modules to be ignored by 263.Xr devmatch 8 . 264.It Va devmatch_blacklist 265.Pq Vt str 266This variable is deprecated. 267Use 268.Va devmatch_blocklist 269instead. 270A whitespace-separated list of kernel modules to be ignored by 271.Xr devmatch 8 . 272.It Va kld_list 273.Pq Vt str 274A whitespace-separated list of kernel modules to load right after 275the local disks are mounted, without any 276.Pa .ko 277extension or path. 278Loading modules at this point in the boot process is 279much faster than doing it via 280.Pa /boot/loader.conf 281for those modules not necessary for mounting local disks. 282.It Va kldxref_enable 283.Pq Vt bool 284Set to 285.Dq Li NO 286by default. 287Set to 288.Dq Li YES 289to automatically rebuild 290.Pa linker.hints 291files with 292.Xr kldxref 8 293at boot time. 294.It Va kldxref_clobber 295.Pq Vt bool 296Set to 297.Dq Li NO 298by default. 299If 300.Va kldxref_enable 301is true, 302setting to 303.Dq Li YES 304will overwrite existing 305.Pa linker.hints 306files at boot time. 307Otherwise, 308only missing 309.Pa linker.hints 310files are generated. 311.It Va kldxref_module_path 312.Pq Vt str 313Empty by default. 314A semi-colon 315.Pq Ql \&; 316delimited list of paths containing 317.Xr kld 4 318modules. 319If empty, 320the contents of the 321.Va kern.module_path 322.Xr sysctl 8 323are used. 324.It Va powerd_enable 325.Pq Vt bool 326If set to 327.Dq Li YES , 328enable the system power control facility with the 329.Xr powerd 8 330daemon. 331.It Va powerd_flags 332.Pq Vt str 333If 334.Va powerd_enable 335is set to 336.Dq Li YES , 337these are the flags to pass to the 338.Xr powerd 8 339daemon. 340.It Va tmpmfs 341Controls the creation of a 342.Pa /tmp 343memory file system. 344Always happens if set to 345.Dq Li YES 346and never happens if set to 347.Dq Li NO . 348If set to anything else, a memory file system is created if 349.Pa /tmp 350is not writable. 351.It Va tmpsize 352Controls the size of a created 353.Pa /tmp 354memory file system. 355.It Va tmpmfs_flags 356Extra options passed to the 357.Xr mdmfs 8 358utility when the memory file system for 359.Pa /tmp 360is created. 361The default is 362.Dq Li "-S" , 363which inhibits the use of softupdates on 364.Pa /tmp 365so that file system space is freed without delay 366after file truncation or deletion. 367See 368.Xr mdmfs 8 369for other options you can use in 370.Va tmpmfs_flags . 371.It Va varmfs 372Controls the creation of a 373.Pa /var 374memory file system. 375Always happens if set to 376.Dq Li YES 377and never happens if set to 378.Dq Li NO . 379If set to anything else, a memory file system is created if 380.Pa /var 381is not writable. 382.It Va varsize 383Controls the size of a created 384.Pa /var 385memory file system. 386.It Va varmfs_flags 387Extra options passed to the 388.Xr mdmfs 8 389utility when the memory file system for 390.Pa /var 391is created. 392The default is 393.Dq Li "-S" , 394which inhibits the use of softupdates on 395.Pa /var 396so that file system space is freed without delay 397after file truncation or deletion. 398See 399.Xr mdmfs 8 400for other options you can use in 401.Va varmfs_flags . 402.It Va populate_var 403Controls the automatic population of the 404.Pa /var 405file system. 406Always happens if set to 407.Dq Li YES 408and never happens if set to 409.Dq Li NO . 410If set to anything else, a memory file system is created if 411.Pa /var 412is not writable. 413Note that this process requires access to certain commands in 414.Pa /usr 415before 416.Pa /usr 417is mounted on normal systems. 418.It Va cleanvar_enable 419.Pq Vt bool 420Clean the 421.Pa /var 422directory. 423.It Va local_startup 424.Pq Vt str 425List of directories to search for startup script files. 426.It Va script_name_sep 427.Pq Vt str 428The field separator to use for breaking down the list of startup script files 429into individual filenames. 430The default is a space. 431It is not necessary to change this unless there are startup scripts with names 432containing spaces. 433.It Va hostapd_enable 434.Pq Vt bool 435Set to 436.Dq Li YES 437to start 438.Xr hostapd 8 439at system boot time. 440.It Va hostname 441.Pq Vt str 442The fully qualified domain name (FQDN) of this host on the network. 443This should almost certainly be set to something meaningful, even if 444there is no network connection. 445If 446.Xr dhclient 8 447is used to set the hostname via DHCP, 448this variable should be set to an empty string. 449Within a 450.Xr jail 8 451the hostname is generally already set and this variable may be absent. 452If this value remains unset when the system is done booting 453your console login will display the default hostname of 454.Dq Amnesiac . 455.It Va nisdomainname 456.Pq Vt str 457The NIS domain name of this host, or 458.Dq Li NO 459if NIS is not used. 460.It Va dhclient_program 461.Pq Vt str 462Path to the DHCP client program 463.Pa ( /sbin/dhclient , 464the 465.Ox 466DHCP client, 467is the default). 468.It Va dhclient_flags 469.Pq Vt str 470Additional flags to pass to the DHCP client program. 471For the 472.Ox 473DHCP client, see the 474.Xr dhclient 8 475manpage for a description of the command line options available. 476.It Va dhclient_flags_ Ns Aq Ar iface 477Additional flags to pass to the DHCP client program running on 478.Ar iface 479only. 480When specified, this variable overrides 481.Va dhclient_flags . 482.It Va background_dhclient 483.Pq Vt bool 484Set to 485.Dq Li YES 486to start the DHCP client in background. 487This can cause trouble with applications depending on 488a working network, but it will provide a faster startup 489in many cases. 490.It Va background_dhclient_ Ns Aq Ar iface 491When specified, this variable overrides the 492.Va background_dhclient 493variable for interface 494.Ar iface 495only. 496.It Va synchronous_dhclient 497.Pq Vt bool 498Set to 499.Dq Li YES 500to start 501.Xr dhclient 8 502synchronously at startup. 503This behavior can be overridden on a per-interface basis by replacing 504the 505.Dq Li DHCP 506keyword in the 507.Va ifconfig_ Ns Aq Ar interface 508variable with 509.Dq Li SYNCDHCP 510or 511.Dq Li NOSYNCDHCP . 512.It Va defaultroute_delay 513.Pq Vt int 514When set to a positive value, wait up to this long after configuring 515DHCP interfaces at startup to give the interfaces time to receive a lease. 516.It Va firewall_enable 517.Pq Vt bool 518Set to 519.Dq Li YES 520to load firewall rules at startup. 521If the kernel was not built with 522.Cd "options IPFIREWALL" , 523the 524.Pa ipfw.ko 525kernel module will be loaded. 526See also 527.Va ipfilter_enable . 528.It Va firewall_script 529.Pq Vt str 530This variable specifies the full path to the firewall script to run. 531The default is 532.Pa /etc/rc.firewall . 533.It Va firewall_type 534.Pq Vt str 535Names the firewall type from the selection in 536.Pa /etc/rc.firewall , 537or the file which contains the local firewall ruleset. 538Valid selections from 539.Pa /etc/rc.firewall 540are: 541.Pp 542.Bl -tag -width ".Li workstation" -compact 543.It Li open 544unrestricted IP access 545.It Li closed 546all IP services disabled, except via 547.Dq Li lo0 548.It Li client 549basic protection for a workstation 550.It Li workstation 551basic protection for a workstation using stateful firewalling 552.It Li simple 553basic protection for a LAN. 554.El 555.Pp 556If a filename is specified, the full path 557must be given. 558.Pp 559Most of the predefined rulesets define additional configuration variables. 560These are documented in 561.Pa /etc/rc.firewall . 562.It Va firewall_quiet 563.Pq Vt bool 564Set to 565.Dq Li YES 566to disable the display of firewall rules on the console during boot. 567.It Va firewall_logging 568.Pq Vt bool 569Set to 570.Dq Li YES 571to enable firewall event logging. 572This is equivalent to the 573.Dv IPFIREWALL_VERBOSE 574kernel option. 575.It Va firewall_logif 576.Pq Vt bool 577Set to 578.Dq Li YES 579to create pseudo interface 580.Li ipfw0 581for logging. 582For more details, see 583.Xr ipfw 8 584manual page. 585.It Va firewall_flags 586.Pq Vt str 587Flags passed to 588.Xr ipfw 8 589if 590.Va firewall_type 591specifies a filename. 592.It Va firewall_coscripts 593.Pq Vt str 594List of executables and/or rc scripts to run after firewall starts/stops. 595Default is empty. 596.\" ----- firewall_nat_enable setting -------------------------------- 597.It Va firewall_nat_enable 598.Pq Vt bool 599The 600.Xr ipfw 8 601equivalent of 602.Va natd_enable . 603Setting this to 604.Dq Li YES 605will automatically load the 606.Xr ipfw 8 607NAT kernel module if 608.Va firewall_enable 609is also set to 610.Dq Li YES . 611.It Va firewall_nat_interface 612.Pq Vt str 613The 614.Xr ipfw 8 615equivalent of 616.Va natd_interface . 617This is the name of the public interface or IP address on which 618kernel NAT should run. 619.It Va firewall_nat_flags 620.Pq Vt str 621Additional configuration parameters for kernel NAT should be placed here. 622.It Va firewall_nat64_enable 623.Pq Vt bool 624Setting this to 625.Dq Li YES 626will automatically load the 627.Xr ipfw 8 628NAT64 kernel module if 629.Va firewall_enable 630is also set to 631.Dq Li YES . 632.It Va firewall_nptv6_enable 633.Pq Vt bool 634Setting this to 635.Dq Li YES 636will automatically load the 637.Xr ipfw 8 638NPTv6 kernel module if 639.Va firewall_enable 640is also set to 641.Dq Li YES . 642.It Va firewall_pmod_enable 643.Pq Vt bool 644Setting this to 645.Dq Li YES 646will automatically load the 647.Xr ipfw 8 648pmod kernel module if 649.Va firewall_enable 650is also set to 651.Dq Li YES . 652.It Va dummynet_enable 653.Pq Vt bool 654Setting this to 655.Dq Li YES 656will automatically load the 657.Xr dummynet 4 658module if 659.Va firewall_enable 660is also set to 661.Dq Li YES . 662.\" ------------------------------------------------------------------- 663.It Va ipfw_netflow_enable 664.Pq Vt bool 665Setting this to 666.Dq Li YES 667will enable netflow logging via 668.Xr ng_netflow 4 669.Pp 670By default a ipfw rule is inserted and all packets are duplicated with 671the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 672port using protocol version 5. 673.It Va ipfw_netflow_hook 674.Pq Vt int 675netflow hook name, must be numerical 676(default 677.Pa 9995 ) . 678.It Va ipfw_netflow_rule 679.Pq Vt int 680ipfw rule number 681(default 682.Pa 1000 ) . 683.It Va ipfw_netflow_ip 684.Pq Vt str 685Destination server ip for receiving netflow data 686(default 687.Pa 127.0.0.1 ) . 688.It Va ipfw_netflow_port 689.Pq Vt int 690Destination server port for receiving netflow data 691(default 692.Pa 9995 ) . 693.It Va ipfw_netflow_version 694.Pq Vt int 695Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 696.It Va ipfw_netflow_fib 697.Pq Vt int 698Only match packet in FIB 699.Pa ipfw_netflow_fib 700(default is undefined meaning all FIBs). 701.It Va natd_program 702.Pq Vt str 703Path to 704.Xr natd 8 . 705.It Va natd_enable 706.Pq Vt bool 707Set to 708.Dq Li YES 709to enable 710.Xr natd 8 . 711.Va firewall_enable 712must also be set to 713.Dq Li YES , 714and 715.Xr divert 4 716sockets must be enabled in the kernel. 717If the kernel was not built with 718.Cd "options IPDIVERT" , 719the 720.Pa ipdivert.ko 721kernel module will be loaded. 722.It Va natd_interface 723.Pq Vt str 724This is the name of the public interface on which 725.Xr natd 8 726should run. 727The interface may be given as an interface name or as an IP address. 728.It Va natd_flags 729.Pq Vt str 730Additional 731.Xr natd 8 732flags should be placed here. 733The 734.Fl n 735or 736.Fl a 737flag is automatically added with the above 738.Va natd_interface 739as an argument. 740.\" ----- ipfilter_enable setting -------------------------------- 741.It Va ipfilter_enable 742.Pq Vt bool 743Set to 744.Dq Li NO 745by default. 746Setting this to 747.Dq Li YES 748enables 749.Xr ipf 8 750packet filtering. 751.Pp 752Typical usage will require putting 753.Bd -literal 754ipfilter_enable="YES" 755ipnat_enable="YES" 756ipmon_enable="YES" 757ipfs_enable="YES" 758.Ed 759.Pp 760into 761.Pa /etc/rc.conf 762and editing 763.Pa /etc/ipf.rules 764and 765.Pa /etc/ipnat.rules 766appropriately. 767.Pp 768Note that 769.Va ipfilter_enable 770and 771.Va ipnat_enable 772can be enabled independently. 773.Va ipmon_enable 774and 775.Va ipfs_enable 776both require at least one of 777.Va ipfilter_enable 778and 779.Va ipnat_enable 780to be enabled. 781.Pp 782Having 783.Bd -literal 784options IPFILTER 785options IPFILTER_LOG 786options IPFILTER_DEFAULT_BLOCK 787.Ed 788.Pp 789in the kernel configuration file is a good idea, too. 790.\" ----- ipfilter_program setting ------------------------------ 791.It Va ipfilter_program 792.Pq Vt str 793Path to 794.Xr ipf 8 795(default 796.Pa /sbin/ipf ) . 797.\" ----- ipfilter_rules setting -------------------------------- 798.It Va ipfilter_rules 799.Pq Vt str 800Set to 801.Pa /etc/ipf.rules 802by default. 803This variable contains the name of the filter rule definition file. 804The file is expected to be readable for the 805.Xr ipf 8 806command to execute. 807.\" ----- ipfilter_flags setting -------------------------------- 808.It Va ipfilter_flags 809.Pq Vt str 810Empty by default. 811This variable contains flags passed to the 812.Xr ipf 8 813program. 814.\" ----- ipnat_enable setting ---------------------------------- 815.It Va ipnat_enable 816.Pq Vt bool 817Set to 818.Dq Li NO 819by default. 820Set it to 821.Dq Li YES 822to enable 823.Xr ipnat 8 824network address translation. 825See 826.Va ipfilter_enable 827for a detailed discussion. 828.\" ----- ipnat_program setting --------------------------------- 829.It Va ipnat_program 830.Pq Vt str 831Path to 832.Xr ipnat 8 833(default 834.Pa /sbin/ipnat ) . 835.\" ----- ipnat_rules setting ----------------------------------- 836.It Va ipnat_rules 837.Pq Vt str 838Set to 839.Pa /etc/ipnat.rules 840by default. 841This variable contains the name of the file 842holding the network address translation definition. 843This file is expected to be readable for the 844.Xr ipnat 8 845command to execute. 846.\" ----- ipnat_flags setting ----------------------------------- 847.It Va ipnat_flags 848.Pq Vt str 849Empty by default. 850This variable contains flags passed to the 851.Xr ipnat 8 852program. 853.\" ----- ipmon_enable setting ---------------------------------- 854.It Va ipmon_enable 855.Pq Vt bool 856Set to 857.Dq Li NO 858by default. 859Set it to 860.Dq Li YES 861to enable 862.Xr ipmon 8 863monitoring (logging 864.Xr ipf 8 865and 866.Xr ipnat 8 867events). 868Setting this variable needs setting 869.Va ipfilter_enable 870or 871.Va ipnat_enable 872too. 873See 874.Va ipfilter_enable 875for a detailed discussion. 876.\" ----- ipmon_program setting --------------------------------- 877.It Va ipmon_program 878.Pq Vt str 879Path to 880.Xr ipmon 8 881(default 882.Pa /sbin/ipmon ) . 883.\" ----- ipmon_flags setting ----------------------------------- 884.It Va ipmon_flags 885.Pq Vt str 886Set to 887.Dq Li -Ds 888by default. 889This variable contains flags passed to the 890.Xr ipmon 8 891program. 892Another typical example would be 893.Dq Fl D Pa /var/log/ipflog 894to have 895.Xr ipmon 8 896log directly to a file bypassing 897.Xr syslogd 8 . 898Make sure to adjust 899.Pa /etc/newsyslog.conf 900in such case like this: 901.Bd -literal 902/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 903.Ed 904.\" ----- ipfs_enable setting ----------------------------------- 905.It Va ipfs_enable 906.Pq Vt bool 907Set to 908.Dq Li NO 909by default. 910Set it to 911.Dq Li YES 912to enable 913.Xr ipfs 8 914saving the filter and NAT state tables during shutdown 915and reloading them during startup again. 916Setting this variable needs setting 917.Va ipfilter_enable 918or 919.Va ipnat_enable 920to 921.Dq Li YES 922too. 923See 924.Va ipfilter_enable 925for a detailed discussion. 926Note that if 927.Va kern_securelevel 928is set to 3, 929.Va ipfs_enable 930cannot be used 931because the raised securelevel will prevent 932.Xr ipfs 8 933from saving the state tables at shutdown time. 934.\" ----- ipfs_program setting ---------------------------------- 935.It Va ipfs_program 936.Pq Vt str 937Path to 938.Xr ipfs 8 939(default 940.Pa /sbin/ipfs ) . 941.\" ----- ipfs_flags setting ------------------------------------ 942.It Va ipfs_flags 943.Pq Vt str 944Empty by default. 945This variable contains flags passed to the 946.Xr ipfs 8 947program. 948.\" ----- end of added ipf hook --------------------------------- 949.It Va pf_enable 950.Pq Vt bool 951Set to 952.Dq Li NO 953by default. 954Setting this to 955.Dq Li YES 956enables 957.Xr pf 4 958packet filtering. 959.Pp 960Typical usage will require putting 961.Pp 962.Dl pf_enable="YES" 963.Pp 964into 965.Pa /etc/rc.conf 966and editing 967.Pa /etc/pf.conf 968appropriately. 969Adding 970.Pp 971.Dl "device pf" 972.Pp 973builds support for 974.Xr pf 4 975into the kernel, otherwise the 976kernel module will be loaded. 977.It Va pf_rules 978.Pq Vt str 979Path to 980.Xr pf 4 981ruleset configuration file 982(default 983.Pa /etc/pf.conf ) . 984.It Va pf_program 985.Pq Vt str 986Path to 987.Xr pfctl 8 988(default 989.Pa /sbin/pfctl ) . 990.It Va pf_flags 991.Pq Vt str 992If 993.Va pf_enable 994is set to 995.Dq Li YES , 996these flags are passed to the 997.Xr pfctl 8 998program when loading the ruleset. 999.It Va pf_fallback_rules_enable 1000.Pq Vt bool 1001Set to 1002.Dq Li NO 1003by default. 1004Setting this to 1005.Dq Li YES 1006enables loading 1007.Va pf_fallback_rules_file 1008or 1009.Va pf_fallback_rules 1010in case of a problem when loading the ruleset in 1011.Va pf_rules . 1012.It Va pf_fallback_rules_file 1013.Pq Vt str 1014Path to a pf ruleset to load in case of failure when loading the 1015ruleset in 1016.Va pf_rules 1017(default 1018.Pa /etc/pf-fallback.conf ) . 1019.It Va pf_fallback_rules 1020.Pq Vt str 1021A pf ruleset to load in case of failure when loading the ruleset in 1022.Va pf_rules 1023and 1024.Va pf_fallback_rules_file 1025is not found. 1026Multiple rules can be set as follows: 1027.Bd -literal 1028pf_fallback_rules="\\ 1029 block drop log all\\ 1030 pass in quick on em0" 1031.Pp 1032.Ed 1033The default fallback rule is 1034.Dq block drop log all 1035.It Va pflog_enable 1036.Pq Vt bool 1037Set to 1038.Dq Li NO 1039by default. 1040Setting this to 1041.Dq Li YES 1042enables 1043.Xr pflogd 8 1044which logs packets from the 1045.Xr pf 4 1046packet filter. 1047.It Va pflog_logfile 1048.Pq Vt str 1049If 1050.Va pflog_enable 1051is set to 1052.Dq Li YES 1053this controls where 1054.Xr pflogd 8 1055stores the logfile 1056(default 1057.Pa /var/log/pflog ) . 1058Check 1059.Pa /etc/newsyslog.conf 1060to adjust logfile rotation for this. 1061.It Va pflog_program 1062.Pq Vt str 1063Path to 1064.Xr pflogd 8 1065(default 1066.Pa /sbin/pflogd ) . 1067.It Va pflog_flags 1068.Pq Vt str 1069Empty by default. 1070This variable contains additional flags passed to the 1071.Xr pflogd 8 1072program. 1073.It Va pflog_instances 1074.Pq Vt str 1075If logging to more than one 1076.Xr pflog 4 1077interface is desired, 1078.Va pflog_instances 1079is set to the list of 1080.Xr pflogd 8 1081instances that should be started at system boot time. 1082If 1083.Va pflog_instances 1084is set, for each whitespace-separated 1085.Ar element 1086in the list, 1087.Ao Ar element Ac Ns Va _dev 1088and 1089.Ao Ar element Ac Ns Va _logfile 1090elements are assumed to exist. 1091.Ao Ar element Ac Ns Va _dev 1092must contain the 1093.Xr pflog 4 1094interface to be watched by the named 1095.Xr pflogd 8 1096instance. 1097.Ao Ar element Ac Ns Va _logfile 1098must contain the name of the logfile that will be used by the 1099.Xr pflogd 8 1100instance. 1101.It Va ftpproxy_enable 1102.Pq Vt bool 1103Set to 1104.Dq Li NO 1105by default. 1106Setting this to 1107.Dq Li YES 1108enables 1109.Xr ftp-proxy 8 1110which supports the 1111.Xr pf 4 1112packet filter in translating ftp connections. 1113.It Va ftpproxy_flags 1114.Pq Vt str 1115Empty by default. 1116This variable contains additional flags passed to the 1117.Xr ftp-proxy 8 1118program. 1119.It Va ftpproxy_instances 1120.Pq Vt str 1121Empty by default. 1122If multiple instances of 1123.Xr ftp-proxy 8 1124are desired at boot time, 1125.Va ftpproxy_instances 1126should contain a whitespace-separated list of instance names. 1127For each 1128.Ar element 1129in the list, a variable named 1130.Ao Ar element Ac Ns Va _flags 1131should be defined, containing the command-line flags to be passed to the 1132.Xr ftp-proxy 8 1133instance. 1134.It Va pfsync_enable 1135.Pq Vt bool 1136Set to 1137.Dq Li NO 1138by default. 1139Setting this to 1140.Dq Li YES 1141enables exposing 1142.Xr pf 4 1143state changes to other hosts over the network by means of 1144.Xr pfsync 4 . 1145The 1146.Va pfsync_syncdev 1147variable 1148must also be set then. 1149.It Va pfsync_syncdev 1150.Pq Vt str 1151Empty by default. 1152This variable specifies the name of the network interface 1153.Xr pfsync 4 1154should operate through. 1155It must be set accordingly if 1156.Va pfsync_enable 1157is set to 1158.Dq Li YES . 1159.It Va pfsync_syncpeer 1160.Pq Vt str 1161Empty by default. 1162This variable is optional. 1163By default, state change messages are sent out on the synchronisation 1164interface using IP multicast packets. 1165The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1166224.0.0.240. 1167When a peer address is specified using the 1168.Va pfsync_syncpeer 1169option, the peer address is used as a destination for the pfsync 1170traffic, and the traffic can then be protected using 1171.Xr ipsec 4 . 1172See the 1173.Xr pfsync 4 1174manpage for more details about using 1175.Xr ipsec 4 1176with 1177.Xr pfsync 4 1178interfaces. 1179.It Va pfsync_ifconfig 1180.Pq Vt str 1181Empty by default. 1182This variable can contain additional options to be passed to the 1183.Xr ifconfig 8 1184command used to set up 1185.Xr pfsync 4 . 1186.It Va tcp_extensions 1187.Pq Vt bool 1188Set to 1189.Dq Li YES 1190by default. 1191Setting this to 1192.Dq Li NO 1193disables certain TCP options as described by 1194.Rs 1195.%T "RFC 1323" 1196.Re 1197Setting this to 1198.Dq Li NO 1199might help remedy such problems with connections as randomly hanging 1200or other weird behavior. 1201Some network devices are known 1202to be broken with respect to these options. 1203.It Va log_in_vain 1204.Pq Vt int 1205Set to 0 by default. 1206The 1207.Xr sysctl 8 1208variables, 1209.Va net.inet.tcp.log_in_vain 1210and 1211.Va net.inet.udp.log_in_vain , 1212as described in 1213.Xr tcp 4 1214and 1215.Xr udp 4 , 1216are set to the given value. 1217.It Va tcp_keepalive 1218.Pq Vt bool 1219Set to 1220.Dq Li YES 1221by default. 1222Setting to 1223.Dq Li NO 1224will disable probing idle TCP connections to verify that the 1225peer is still up and reachable. 1226.It Va tcp_drop_synfin 1227.Pq Vt bool 1228Set to 1229.Dq Li NO 1230by default. 1231Setting to 1232.Dq Li YES 1233will cause the kernel to ignore TCP frames that have both 1234the SYN and FIN flags set. 1235This prevents OS fingerprinting, but may 1236break some legitimate applications. 1237.It Va icmp_drop_redirect 1238.Pq Vt bool 1239Set to 1240.Dq Li AUTO 1241by default. 1242This setting will be identical to 1243.Dq Li YES , 1244if a dynamicrouting daemon is enabled, because redirect processing may 1245cause performance issues for large routing tables. 1246If no such service is enabled, this setting behaves like a 1247.Dq Li NO . 1248Setting to 1249.Dq Li YES 1250will cause the kernel to ignore ICMP REDIRECT packets. 1251Setting to 1252.Dq Li NO 1253will cause the kernel to process ICMP REDIRECT packets. 1254Refer to 1255.Xr icmp 4 1256for more information. 1257.It Va icmp_log_redirect 1258.Pq Vt bool 1259Set to 1260.Dq Li NO 1261by default. 1262Setting to 1263.Dq Li YES 1264will cause the kernel to log ICMP REDIRECT packets. 1265Note that 1266the log messages are not rate-limited, so this option should only be used 1267for troubleshooting networks. 1268Refer to 1269.Xr icmp 4 1270for more information. 1271.It Va icmp_bmcastecho 1272.Pq Vt bool 1273Set to 1274.Dq Li YES 1275to respond to broadcast or multicast ICMP ping packets. 1276Refer to 1277.Xr icmp 4 1278for more information. 1279.It Va ip_portrange_first 1280.Pq Vt int 1281If not set to 1282.Dq Li NO , 1283this is the first port in the default portrange. 1284Refer to 1285.Xr ip 4 1286for more information. 1287.It Va ip_portrange_last 1288.Pq Vt int 1289If not set to 1290.Dq Li NO , 1291this is the last port in the default portrange. 1292Refer to 1293.Xr ip 4 1294for more information. 1295.It Va network_interfaces 1296.Pq Vt str 1297Set to the list of network interfaces to configure on this host or 1298.Dq Li AUTO 1299(the default) for all current interfaces. 1300Setting the 1301.Va network_interfaces 1302variable to anything other than the default is deprecated. 1303Interfaces that the administrator wishes to store configuration for, 1304but not start at boot should be configured with the 1305.Dq Li NOAUTO 1306keyword in their 1307.Va ifconfig_ Ns Aq Ar interface 1308variables as described below. 1309.Pp 1310An 1311.Va ifconfig_ Ns Aq Ar interface 1312variable is also assumed to exist for each value of 1313.Ar interface . 1314When an interface name contains any of the characters 1315.Dq Li .-/+ 1316they are translated to 1317.Dq Li _ 1318before lookup. 1319The variable can contain arguments to 1320.Xr ifconfig 8 , 1321as well as special case-insensitive keywords described below. 1322Such keywords are removed before passing the value to 1323.Xr ifconfig 8 1324while the order of the other arguments is preserved. 1325.Pp 1326It is possible to add IP alias entries using 1327.Xr ifconfig 8 1328syntax with the address family keyword such as 1329.Li inet . 1330Assuming that the interface in question was 1331.Li em0 , 1332it might look something like this: 1333.Bd -literal 1334ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1335ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1336.Ed 1337.Pp 1338It also possible to configure multiple IP addresses in Classless 1339Inter-Domain Routing 1340.Pq CIDR 1341address notation, 1342whose each address component can be a range like 1343.Li inet 192.0.2.5-23/24 1344or 1345.Li inet6 2001:db8:1-f::1/64 . 1346This notation allows address and prefix length part only, 1347not the other address modifiers. 1348Note that the maximum number of the generated addresses from a range 1349specification is limited to an integer value specified in 1350.Va netif_ipexpand_max 1351in 1352.Nm 1353because a small typo can unexpectedly generate a large number of addresses. 1354The default value is 1355.Li 2048 . 1356It can be increased by adding the following line into 1357.Nm : 1358.Bd -literal 1359netif_ipexpand_max="4096" 1360.Ed 1361.Pp 1362In the case of 1363.Li 192.0.2.5-23/24 , 1364the address 192.0.2.5 will be configured with the 1365netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1366the non-conflicting netmask /32 as explained in the 1367.Xr ifconfig 8 1368alias section. 1369Note that this special netmask handling is only for 1370.Li inet , 1371not for the other address families such as 1372.Li inet6 . 1373.Pp 1374With the interface in question being 1375.Li em0 , 1376an example could look like: 1377.Bd -literal 1378ifconfig_em0_alias2="inet 192.0.2.129/27" 1379ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1380.Ed 1381.Pp 1382and so on. 1383.Pp 1384Note that deprecated 1385.Va ipv4_addrs_ Ns Aq Ar interface 1386variable was supported for IPv4 CIDR address notation. 1387The 1388.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1389variable replaces it, though 1390.Va ipv4_addrs_ Ns Aq Ar interface 1391is still supported for backward compatibility. 1392.Pp 1393For each 1394.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1395entry with an address family keyword, 1396its contents are passed to 1397.Xr ifconfig 8 . 1398Execution stops at the first unsuccessful access, so if 1399something like this is present: 1400.Bd -literal 1401ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1402ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1403ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1404ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1405.Ed 1406.Pp 1407Then note that alias4 would 1408.Em not 1409be added since the search would 1410stop with the missing 1411.Dq Li alias3 1412entry. 1413Because of this difficult to manage behavior, 1414there is 1415.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1416variable, which has the same functionality as 1417.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1418and can have all of entries in a variable like the following: 1419.Bd -literal 1420ifconfig_em0_aliases="\\ 1421 inet 127.0.0.251 netmask 0xffffffff \\ 1422 inet 127.0.0.252 netmask 0xffffffff \\ 1423 inet 127.0.0.253 netmask 0xffffffff \\ 1424 inet 127.0.0.254 netmask 0xffffffff" 1425.Ed 1426.Pp 1427It also supports CIDR notation. 1428.Pp 1429If the 1430.Pa /etc/start_if . Ns Aq Ar interface 1431file is present, it is read and executed by the 1432.Xr sh 1 1433interpreter 1434before configuring the interface as specified in the 1435.Va ifconfig_ Ns Aq Ar interface 1436and 1437.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1438variables. 1439.Pp 1440If a 1441.Va vlans_ Ns Aq Ar interface 1442variable is set, 1443a 1444.Xr vlan 4 1445interface will be created for each item in the list with the 1446.Ar vlandev 1447argument set to 1448.Ar interface . 1449If a vlan interface's name is a number, 1450then that number is used as the vlan tag and the new vlan interface is 1451named 1452.Ar interface . Ns Ar tag . 1453Otherwise, 1454the vlan tag must be specified via a 1455.Va vlan 1456parameter in the 1457.Va create_args_ Ns Aq Ar interface 1458variable. 1459.Pp 1460To create a vlan device named 1461.Li em0.101 1462on 1463.Li em0 1464with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1465.Bd -literal 1466vlans_em0="101" 1467ifconfig_em0_101="inet 192.0.2.1/24" 1468.Ed 1469.Pp 1470To create a vlan device named 1471.Li myvlan 1472on 1473.Li em0 1474with the vlan tag 102: 1475.Bd -literal 1476vlans_em0="myvlan" 1477create_args_myvlan="vlan 102" 1478.Ed 1479.Pp 1480If a 1481.Va wlans_ Ns Aq Ar interface 1482variable is set, 1483an 1484.Xr wlan 4 1485interface will be created for each item in the list with the 1486.Ar wlandev 1487argument set to 1488.Ar interface . 1489Further wlan cloning arguments may be passed to the 1490.Xr ifconfig 8 1491.Cm create 1492command by setting the 1493.Va create_args_ Ns Aq Ar interface 1494variable. 1495One or more 1496.Xr wlan 4 1497devices must be created for each wireless devices as of 1498.Fx 8.0 . 1499Debugging flags for 1500.Xr wlan 4 1501devices as set by 1502.Xr wlandebug 8 1503may be specified with an 1504.Va wlandebug_ Ns Aq Ar interface 1505variable. 1506The contents of this variable will be passed directly to 1507.Xr wlandebug 8 . 1508.Pp 1509If the 1510.Va ifconfig_ Ns Aq Ar interface 1511contains the keyword 1512.Dq Li NOAUTO 1513then the interface will not be configured 1514at boot or by 1515.Pa /etc/pccard_ether 1516when 1517.Va network_interfaces 1518is set to 1519.Dq Li AUTO . 1520.Pp 1521It is possible to bring up an interface with DHCP by adding 1522.Dq Li DHCP 1523to the 1524.Va ifconfig_ Ns Aq Ar interface 1525variable. 1526For instance, to initialize the 1527.Li em0 1528device via DHCP, 1529it is possible to use something like: 1530.Bd -literal 1531ifconfig_em0="DHCP" 1532.Ed 1533.Pp 1534If you want to configure your wireless interface with 1535.Xr wpa_supplicant 8 1536for use with WPA, EAP/LEAP or WEP, you need to add 1537.Dq Li WPA 1538to the 1539.Va ifconfig_ Ns Aq Ar interface 1540variable. 1541.Pp 1542On the other hand, if you want to configure your wireless interface with 1543.Xr hostapd 8 , 1544you need to add 1545.Dq Li HOSTAP 1546to the 1547.Va ifconfig_ Ns Aq Ar interface 1548variable. 1549.Xr hostapd 8 1550will use the settings from 1551.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1552.Pp 1553Finally, you can add 1554.Xr ifconfig 8 1555options in this variable, in addition to the 1556.Pa /etc/start_if . Ns Aq Ar interface 1557file. 1558For instance, to configure an 1559.Xr ath 4 1560wireless device in station mode with an address obtained 1561via DHCP, using WPA authentication and 802.11b mode, it is 1562possible to use something like: 1563.Bd -literal 1564wlans_ath0="wlan0" 1565ifconfig_wlan0="DHCP WPA mode 11b" 1566.Ed 1567.Pp 1568In addition to the 1569.Va ifconfig_ Ns Aq Ar interface 1570form, a fallback variable 1571.Va ifconfig_DEFAULT 1572may be configured. 1573It will be used for all interfaces with no 1574.Va ifconfig_ Ns Aq Ar interface 1575variable. 1576This is intended to replace the no longer supported 1577.Va pccard_ifconfig 1578variable. 1579.Pp 1580It is also possible to rename an interface by doing: 1581.Bd -literal 1582ifconfig_em0_name="net0" 1583ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1584.Ed 1585.It Va ipv6_enable 1586.Pq Vt bool 1587This variable is deprecated. 1588Use 1589.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1590and 1591.Va ipv6_activate_all_interfaces 1592if necessary. 1593.Pp 1594If the variable is 1595.Dq Li YES , 1596.Dq Li inet6 accept_rtadv 1597is added to all of 1598.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1599and the 1600.Va ipv6_activate_all_interfaces 1601is defined as 1602.Dq Li YES . 1603.It Va ipv6_prefer 1604.Pq Vt bool 1605This variable is deprecated. 1606Use 1607.Va ip6addrctl_policy 1608instead. 1609.Pp 1610If the variable is 1611.Dq Li YES , 1612the default address selection policy table set by 1613.Xr ip6addrctl 8 1614will be IPv6-preferred. 1615.Pp 1616If the variable is 1617.Dq Li NO , 1618the default address selection policy table set by 1619.Xr ip6addrctl 8 1620will be IPv4-preferred. 1621.It Va ipv6_activate_all_interfaces 1622.Pq Vt bool 1623This controls initial configuration on IPv6-capable 1624interfaces with no corresponding 1625.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1626variable. 1627Note that it is not always necessary to set this variable to 1628.Dq YES 1629to use IPv6 functionality on 1630.Fx . 1631In most cases, just configuring 1632.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1633variables works. 1634.Pp 1635If the variable is 1636.Dq Li NO , 1637all interfaces which do not have a corresponding 1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1639variable will be marked as 1640.Dq Li IFDISABLED 1641at creation. 1642This means that all of IPv6 functionality on that interface 1643is completely disabled to enforce a security policy. 1644If the variable is set to 1645.Dq YES , 1646the flag will be cleared on all of the interfaces. 1647.Pp 1648In most cases, just defining an 1649.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1650for an IPv6-capable interface should be sufficient. 1651However, if an interface is added dynamically 1652.Pq by some tunneling protocols such as PPP, for example , 1653it is often difficult to define the variable in advance. 1654In such a case, configuring the 1655.Dq Li IFDISABLED 1656flag can be disabled by setting this variable to 1657.Dq YES . 1658.Pp 1659For more details of the 1660.Dq Li IFDISABLED 1661flag and keywords 1662.Dq Li inet6 ifdisabled , 1663see 1664.Xr ifconfig 8 . 1665.Pp 1666Default is 1667.Dq Li NO . 1668.It Va ipv6_privacy 1669.Pq Vt bool 1670If the variable is 1671.Dq Li YES 1672privacy addresses will be generated for each IPv6 1673interface as described in RFC 4941. 1674.It Va ipv6_network_interfaces 1675.Pq Vt str 1676This is the IPv6 equivalent of 1677.Va network_interfaces . 1678Normally manual configuration of this variable is not needed. 1679.It Va ipv6_cpe_wanif 1680.Pq Vt str 1681If the variable is set to an interface name, 1682the 1683.Xr ifconfig 8 1684options 1685.Dq inet6 -no_radr accept_rtadv 1686will be added to the specified interface automatically before evaluating 1687.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1688and two 1689.Xr sysctl 8 1690variables 1691.Va net.inet6.ip6.rfc6204w3 1692and 1693.Va net.inet6.ip6.no_radr 1694will be set to 1. 1695.Pp 1696This means the specified interface will accept ICMPv6 Router 1697Advertisement messages on that link and add the discovered 1698routers into the Default Router List. 1699While the other interfaces can still accept RA messages if the 1700.Dq inet6 accept_rtadv 1701option is specified, adding 1702routes into the Default Router List will be disabled by 1703.Dq inet6 no_radr 1704option by default. 1705See 1706.Xr ifconfig 8 1707for more details. 1708.Pp 1709Note that ICMPv6 Router Advertisement messages will be 1710accepted even when 1711.Va net.inet6.ip6.forwarding 1712is 1 1713.Pq packet forwarding is enabled 1714when 1715.Va net.inet6.ip6.rfc6204w3 1716is set to 1. 1717.Pp 1718Default is 1719.Dq Li NO . 1720.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1721.Pq Vt str 1722This assigns arbitrary description to an interface. 1723The 1724.Xr sysctl 8 1725variable 1726.Va net.ifdescr_maxlen 1727limits its length. 1728This static setting may be overridden by commands 1729started with dynamic interface configuration utilities 1730like 1731.Xr dhclient 8 1732hooks. 1733The description can be seen with 1734.Xr ifconfig 8 1735command and it may be exported with 1736.Xr bsnmpd 1 1737daemon using its MIB-2 module. 1738.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1739.Pq Vt str 1740IPv6 functionality on an interface should be configured by 1741.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1742instead of setting ifconfig parameters in 1743.Va ifconfig_ Ns Aq Ar interface . 1744If this variable is empty, all of IPv6 configurations on the 1745specified interface by other variables such as 1746.Va ipv6_prefix_ Ns Ao Ar interface Ac 1747will be ignored. 1748.Pp 1749Aliases should be set by 1750.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1751with 1752.Dq Li inet6 1753keyword. 1754For example: 1755.Bd -literal 1756ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1757ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1758.Ed 1759.Pp 1760Interfaces that have an 1761.Dq Li inet6 accept_rtadv 1762keyword in 1763.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1764setting will be automatically configured by SLAAC 1765.Pq StateLess Address AutoConfiguration 1766described in 1767.Rs 1768.%T "RFC 4862" 1769.Re 1770.Pp 1771Note that a link-local address will be automatically configured in 1772addition to the configured global-scope addresses because the IPv6 1773specifications require it on each link. 1774The address is calculated from the MAC address by using an algorithm 1775defined in 1776.Rs 1777.%T "RFC 4862" 1778.%O "Section 5.3" 1779.Re 1780.Pp 1781If only a link-local address is needed on the interface, 1782the following configuration can be used: 1783.Bd -literal 1784ifconfig_em0_ipv6="inet6 auto_linklocal" 1785.Ed 1786.Pp 1787A link-local address can also be configured manually. 1788This is useful for the default router address of an IPv6 router 1789so that it does not change when the network interface 1790card is replaced. 1791For example: 1792.Bd -literal 1793ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1794.Ed 1795.It Va ipv6_prefix_ Ns Aq Ar interface 1796.Pq Vt str 1797If one or more prefixes are defined in 1798.Va ipv6_prefix_ Ns Aq Ar interface 1799addresses based on each prefix and the EUI-64 interface index will be 1800configured on that interface. 1801Note that this variable will be ignored when 1802.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1803is empty. 1804.Pp 1805For example, the following configuration 1806.Bd -literal 1807ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1808.Ed 1809.Pp 1810is equivalent to the following: 1811.Bd -literal 1812ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1813ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1814ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1815ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1816.Ed 1817.Pp 1818These Subnet-Router anycast addresses will be added only when 1819.Va ipv6_gateway_enable 1820is YES. 1821.It Va ipv6_default_interface 1822.Pq Vt str 1823If not set to 1824.Dq Li NO , 1825this is the default output interface for scoped addresses. 1826This works only with ipv6_gateway_enable="NO". 1827.It Va ip6addrctl_enable 1828.Pq Vt bool 1829This variable is to enable configuring default address selection policy table 1830.Pq RFC 3484 . 1831The table can be specified in another variable 1832.Va ip6addrctl_policy . 1833For 1834.Va ip6addrctl_policy 1835the following keywords can be specified: 1836.Dq Li ipv4_prefer , 1837.Dq Li ipv6_prefer , 1838or 1839.Dq Li AUTO . 1840.Pp 1841If 1842.Dq Li ipv4_prefer 1843or 1844.Dq Li ipv6_prefer 1845is specified, 1846.Xr ip6addrctl 8 1847installs a pre-defined policy table described in Section 10.3 1848.Pq IPv4-preferred 1849or 2.1 1850.Pq IPv6-preferred 1851of RFC 3484. 1852.Pp 1853If 1854.Dq Li AUTO 1855is specified, it attempts to read a file 1856.Pa /etc/ip6addrctl.conf 1857first. 1858If this file is found, 1859.Xr ip6addrctl 8 1860reads and installs it. 1861If not found, a policy is automatically set 1862according to 1863.Va ipv6_activate_all_interfaces 1864variable; if the variable is set to 1865.Dq Li YES 1866the IPv6-preferred one is used. 1867Otherwise IPv4-preferred. 1868.Pp 1869The default value of 1870.Va ip6addrctl_enable 1871and 1872.Va ip6addrctl_policy 1873are 1874.Dq Li YES 1875and 1876.Dq Li AUTO , 1877respectively. 1878.It Va cloned_interfaces 1879.Pq Vt str 1880Set to the list of clonable network interfaces to create on this host. 1881Further cloning arguments may be passed to the 1882.Xr ifconfig 8 1883.Cm create 1884command for each interface by setting the 1885.Va create_args_ Ns Aq Ar interface 1886variable. 1887If an interface name is specified with 1888.Dq :sticky 1889keyword, 1890the interface will not be destroyed even when 1891.Pa rc.d/netif 1892script is invoked with 1893.Dq stop 1894argument. 1895This is useful when reconfiguring the interface without destroying it. 1896Entries in 1897.Va cloned_interfaces 1898are automatically appended to 1899.Va network_interfaces 1900for configuration. 1901.It Va cloned_interfaces_sticky 1902.Pq Vt bool 1903This variable is to globally enable functionality of 1904.Dq :sticky 1905keyword in 1906.Va cloned_interfaces 1907for all interfaces. 1908The default value is 1909.Dq NO . 1910Even if this variable is specified to 1911.Dq YES , 1912.Dq :nosticky 1913keyword can be used to override it on per interface basis. 1914.It Va gif_interfaces 1915Set to the list of 1916.Xr gif 4 1917tunnel interfaces to configure on this host. 1918A 1919.Va gifconfig_ Ns Aq Ar interface 1920variable is assumed to exist for each value of 1921.Ar interface . 1922The value of this variable is used to configure the link layer of the 1923tunnel using the 1924.Cm tunnel 1925option to 1926.Xr ifconfig 8 . 1927Additionally, this option ensures that each listed interface is created 1928via the 1929.Cm create 1930option to 1931.Xr ifconfig 8 1932before attempting to configure it. 1933.Pp 1934For example, configure two 1935.Xr gif 4 1936interfaces with: 1937.Bd -literal 1938gif_interfaces="gif0 gif1" 1939gifconfig_gif0="100.64.0.1 100.64.0.2" 1940ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1941gifconfig_gif1="inet6 2a00::1 2a01::1" 1942ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1943.Ed 1944.It Va sppp_interfaces 1945.Pq Vt str 1946Set to the list of 1947.Xr sppp 4 1948interfaces to configure on this host. 1949A 1950.Va spppconfig_ Ns Aq Ar interface 1951variable is assumed to exist for each value of 1952.Ar interface . 1953Each interface should also be configured by a general 1954.Va ifconfig_ Ns Aq Ar interface 1955setting. 1956Refer to 1957.Xr spppcontrol 8 1958for more information about available options. 1959.It Va ppp_enable 1960.Pq Vt bool 1961If set to 1962.Dq Li YES , 1963run the 1964.Xr ppp 8 1965daemon. 1966.It Va ppp_profile 1967.Pq Vt str 1968The name of the profile to use from 1969.Pa /etc/ppp/ppp.conf . 1970Also used for per-profile overrides of 1971.Va ppp_mode 1972and 1973.Va ppp_nat , 1974and 1975.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1976When the profile name contains any of the characters 1977.Dq Li .-/+ 1978they are translated to 1979.Dq Li _ 1980for the proposes of the override variable names. 1981.It Va ppp_mode 1982.Pq Vt str 1983Mode in which to run the 1984.Xr ppp 8 1985daemon. 1986.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1987.Pq Vt str 1988Overrides the global 1989.Va ppp_mode 1990for 1991.Ar profile . 1992Accepted modes are 1993.Dq Li auto , 1994.Dq Li ddial , 1995.Dq Li direct 1996and 1997.Dq Li dedicated . 1998See the manual for a full description. 1999.It Va ppp_nat 2000.Pq Vt bool 2001If set to 2002.Dq Li YES , 2003enables network address translation. 2004Used in conjunction with 2005.Va gateway_enable 2006allows hosts on private network addresses access to the Internet using 2007this host as a network address translating router. 2008Default is 2009.Dq Li YES . 2010.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2011.Pq Vt str 2012Overrides the global 2013.Va ppp_nat 2014for 2015.Ar profile . 2016.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2017.Pq Vt int 2018Set the unit number to be used for this profile. 2019See the manual description of 2020.Fl unit Ns Ar N 2021for details. 2022.It Va ppp_user 2023.Pq Vt str 2024The name of the user under which 2025.Xr ppp 8 2026should be started. 2027By 2028default, 2029.Xr ppp 8 2030is started as 2031.Dq Li root . 2032.It Va rc_conf_files 2033.Pq Vt str 2034This option is used to specify a list of files that will override 2035the settings in 2036.Pa /etc/defaults/rc.conf . 2037The files will be read in the order in which they are specified and should 2038include the full path to the file. 2039By default, the files specified are 2040.Pa /etc/rc.conf 2041and 2042.Pa /etc/rc.conf.local 2043.It Va zfs_enable 2044.Pq Vt bool 2045If set to 2046.Dq Li YES , 2047.Pa /etc/rc.d/zfs 2048will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2049(ZVOLs). 2050.It Va gptboot_enable 2051.Pq Vt bool 2052If set to 2053.Dq Li YES , 2054.Pa /etc/rc.d/gptboot 2055will log if the system successfully (or not) booted from a GPT partition, 2056which had the 2057.Ar bootonce 2058attribute set using 2059.Xr gpart 8 2060utility. 2061.It Va gbde_autoattach_all 2062.Pq Vt bool 2063If set to 2064.Dq Li YES , 2065.Pa /etc/rc.d/gbde 2066will attempt to automatically initialize your .bde devices in 2067.Pa /etc/fstab . 2068.It Va gbde_devices 2069.Pq Vt str 2070List the devices that the script should try to attach, 2071or 2072.Dq Li AUTO . 2073.It Va gbde_lockdir 2074.Pq Vt str 2075The directory where the 2076.Xr gbde 4 2077lockfiles are located. 2078The default lockfile directory is 2079.Pa /etc . 2080.Pp 2081The lockfile for each individual 2082.Xr gbde 4 2083device can be overridden by setting the variable 2084.Va gbde_lock_ Ns Aq Ar device , 2085where 2086.Ar device 2087is the encrypted device without the 2088.Dq Pa /dev/ 2089and 2090.Dq Pa .bde 2091parts. 2092.It Va gbde_attach_attempts 2093.Pq Vt int 2094Number of times to attempt attaching to a 2095.Xr gbde 4 2096device, i.e., how many times the user is asked for the pass-phrase. 2097Default is 3. 2098.It Va geli_devices 2099.Pq Vt str 2100List of devices to automatically attach on boot. 2101Note that .eli devices from 2102.Pa /etc/fstab 2103are automatically appended to this list. 2104.It Va geli_groups 2105.Pq Vt str 2106List of groups containing devices to automatically attach on boot with the same 2107keyfiles and passphrase. 2108This must be accompanied with a corresponding 2109.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2110variable. 2111.It Va geli_tries 2112.Pq Vt int 2113Number of times user is asked for the pass-phrase. 2114If empty, it will be taken from 2115.Va kern.geom.eli.tries 2116sysctl variable. 2117.It Va geli_default_flags 2118.Pq Vt str 2119Default flags to use by 2120.Xr geli 8 2121when configuring disk encryption. 2122Flags can be configured for every device separately by defining the 2123.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2124variable, and for every group separately by defining the 2125.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2126variable. 2127.It Va geli_autodetach 2128.Pq Vt str 2129Specifies if GELI devices should be marked for detach on last close after 2130file systems are mounted. 2131Default is 2132.Dq Li YES . 2133This can be changed for every device separately by defining the 2134.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2135variable. 2136.It Va root_rw_mount 2137.Pq Vt bool 2138Set to 2139.Dq Li YES 2140by default. 2141After the file systems are checked at boot time, the root file system 2142is remounted as read-write if this is set to 2143.Dq Li YES . 2144Diskless systems that mount their root file system from a read-only remote 2145NFS share should set this to 2146.Dq Li NO 2147in their 2148.Pa rc.conf . 2149.It Va fsck_y_enable 2150.Pq Vt bool 2151If set to 2152.Dq Li YES , 2153.Xr fsck 8 2154will be run with the 2155.Fl y 2156flag if the initial preen 2157of the file systems fails. 2158.It Va background_fsck 2159.Pq Vt bool 2160If set to 2161.Dq Li NO , 2162the system will not attempt to run 2163.Xr fsck 8 2164in the background where possible. 2165.It Va background_fsck_delay 2166.Pq Vt int 2167The amount of time in seconds to sleep before starting a background 2168.Xr fsck 8 . 2169It defaults to sixty seconds to allow large applications such as 2170the X server to start before disk I/O bandwidth is monopolized by 2171.Xr fsck 8 . 2172If set to a negative number, the background file system check will be 2173delayed indefinitely to allow the administrator to run it at a more 2174convenient time. 2175For example it may be run from 2176.Xr cron 8 2177by adding a line like 2178.Pp 2179.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2180.Pp 2181to 2182.Pa /etc/crontab . 2183.It Va netfs_types 2184.Pq Vt str 2185List of file system types that are network-based. 2186This list should generally not be modified by end users. 2187Use 2188.Va extra_netfs_types 2189instead. 2190.It Va extra_netfs_types 2191.Pq Vt str 2192If set to something other than 2193.Dq Li NO 2194(the default), 2195this variable extends the list of file system types 2196for which automatic mounting at startup by 2197.Xr rc 8 2198should be delayed until the network is initialized. 2199It should contain 2200a whitespace-separated list of network file system descriptor pairs, 2201each consisting of a file system type as passed to 2202.Xr mount 8 2203and a human-readable, one-word description, 2204joined with a colon 2205.Pq Ql \&: . 2206Extending the default list in this way is only necessary 2207when third party file system types are used. 2208.It Va syslogd_enable 2209.Pq Vt bool 2210If set to 2211.Dq Li YES , 2212run the 2213.Xr syslogd 8 2214daemon. 2215.It Va syslogd_program 2216.Pq Vt str 2217Path to 2218.Xr syslogd 8 2219(default 2220.Pa /usr/sbin/syslogd ) . 2221.It Va syslogd_flags 2222.Pq Vt str 2223If 2224.Va syslogd_enable 2225is set to 2226.Dq Li YES , 2227these are the flags to pass to 2228.Xr syslogd 8 . 2229.It Va inetd_enable 2230.Pq Vt bool 2231If set to 2232.Dq Li YES , 2233run the 2234.Xr inetd 8 2235daemon. 2236.It Va inetd_program 2237.Pq Vt str 2238Path to 2239.Xr inetd 8 2240(default 2241.Pa /usr/sbin/inetd ) . 2242.It Va inetd_flags 2243.Pq Vt str 2244If 2245.Va inetd_enable 2246is set to 2247.Dq Li YES , 2248these are the flags to pass to 2249.Xr inetd 8 . 2250.It Va hastd_enable 2251.Pq Vt bool 2252If set to 2253.Dq Li YES , 2254run the 2255.Xr hastd 8 2256daemon. 2257.It Va hastd_program 2258.Pq Vt str 2259Path to 2260.Xr hastd 8 2261(default 2262.Pa /sbin/hastd ) . 2263.It Va hastd_flags 2264.Pq Vt str 2265If 2266.Va hastd_enable 2267is set to 2268.Dq Li YES , 2269these are the flags to pass to 2270.Xr hastd 8 . 2271.It Va local_unbound_enable 2272.Pq Vt bool 2273If set to 2274.Dq Li YES , 2275run the 2276.Xr unbound 8 2277daemon as a local caching resolver. 2278.It Va kdc_enable 2279.Pq Vt bool 2280Set to 2281.Dq Li YES 2282to start a Kerberos 5 authentication server 2283at boot time. 2284.It Va kdc_program 2285.Pq Vt str 2286If 2287.Va kdc_enable 2288is set to 2289.Dq Li YES 2290this is the path to Kerberos 5 Authentication Server. 2291.It Va kdc_flags 2292.Pq Vt str 2293Empty by default. 2294This variable contains additional flags to be passed to the Kerberos 5 2295authentication server. 2296.It Va kadmind_enable 2297.Pq Vt bool 2298Set to 2299.Dq Li YES 2300to start 2301.Xr kadmind 8 , 2302the Kerberos 5 Administration Daemon; set to 2303.Dq Li NO 2304on a slave server. 2305.It Va kadmind_program 2306.Pq Vt str 2307If 2308.Va kadmind_enable 2309is set to 2310.Dq Li YES 2311this is the path to Kerberos 5 Administration Daemon. 2312.It Va kpasswdd_enable 2313.Pq Vt bool 2314Set to 2315.Dq Li YES 2316to start 2317.Xr kpasswdd 8 , 2318the Kerberos 5 Password-Changing Daemon; set to 2319.Dq Li NO 2320on a slave server. 2321.It Va kpasswdd_program 2322.Pq Vt str 2323If 2324.Va kpasswdd_enable 2325is set to 2326.Dq Li YES 2327this is the path to Kerberos 5 Password-Changing Daemon. 2328.It Va kfd_enable 2329.Pq Vt bool 2330Set to 2331.Dq Li YES 2332to start 2333.Xr kfd 8 , 2334the Kerberos 5 ticket forwarding daemon, at the boot time. 2335.It Va kfd_program 2336.Pq Vt str 2337Path to 2338.Xr kfd 8 2339(default 2340.Pa /usr/libexec/kfd ) . 2341.It Va rwhod_enable 2342.Pq Vt bool 2343If set to 2344.Dq Li YES , 2345run the 2346.Xr rwhod 8 2347daemon at boot time. 2348.It Va rwhod_flags 2349.Pq Vt str 2350If 2351.Va rwhod_enable 2352is set to 2353.Dq Li YES , 2354these are the flags to pass to it. 2355.It Va update_motd 2356.Pq Vt bool 2357If set to 2358.Dq Li YES , 2359.Pa /etc/motd 2360will be updated at boot time to reflect the kernel release 2361being run. 2362If set to 2363.Dq Li NO , 2364.Pa /etc/motd 2365will not be updated. 2366.It Va nfs_client_enable 2367.Pq Vt bool 2368If set to 2369.Dq Li YES , 2370run the NFS client daemons at boot time. 2371.It Va nfs_access_cache 2372.Pq Vt int 2373If 2374.Va nfs_client_enable 2375is set to 2376.Dq Li YES , 2377this can be set to 2378.Dq Li 0 2379to disable NFS ACCESS RPC caching, or to the number of seconds for which 2380NFS ACCESS 2381results should be cached. 2382A value of 2-10 seconds will substantially reduce network 2383traffic for many NFS operations. 2384.It Va nfs_server_enable 2385.Pq Vt bool 2386If set to 2387.Dq Li YES , 2388run the NFS server daemons at boot time. 2389.It Va nfs_server_flags 2390.Pq Vt str 2391If 2392.Va nfs_server_enable 2393is set to 2394.Dq Li YES , 2395these are the flags to pass to the 2396.Xr nfsd 8 2397daemon. 2398.It Va nfsv4_server_enable 2399.Pq Vt bool 2400If 2401.Va nfs_server_enable 2402is set to 2403.Dq Li YES 2404and 2405.Va nfsv4_server_enable 2406are set to 2407.Dq Li YES , 2408enable the server for NFSv4 as well as NFSv2 and NFSv3. 2409.It Va nfsuserd_enable 2410.Pq Vt bool 2411If 2412.Va nfsuserd_enable 2413is set to 2414.Dq Li YES , 2415run the nfsuserd daemon, which is needed for NFSv4 in order 2416to map between user/group names vs uid/gid numbers. 2417If 2418.Va nfsv4_server_enable 2419is set to 2420.Dq Li YES , 2421this will be forced enabled. 2422.It Va nfsuserd_flags 2423.Pq Vt str 2424If 2425.Va nfsuserd_enable 2426is set to 2427.Dq Li YES , 2428these are the flags to pass to the 2429.Xr nfsuserd 8 2430daemon. 2431.It Va nfscbd_enable 2432.Pq Vt bool 2433If 2434.Va nfscbd_enable 2435is set to 2436.Dq Li YES , 2437run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2438.It Va nfscbd_flags 2439.Pq Vt str 2440If 2441.Va nfscbd_enable 2442is set to 2443.Dq Li YES , 2444these are the flags to pass to the 2445.Xr nfscbd 8 2446daemon. 2447.It Va mountd_enable 2448.Pq Vt bool 2449If set to 2450.Dq Li YES , 2451and no 2452.Va nfs_server_enable 2453is set, start 2454.Xr mountd 8 , 2455but not 2456.Xr nfsd 8 2457daemon. 2458It is commonly needed to run CFS without real NFS used. 2459.It Va mountd_flags 2460.Pq Vt str 2461If 2462.Va mountd_enable 2463is set to 2464.Dq Li YES , 2465these are the flags to pass to the 2466.Xr mountd 8 2467daemon. 2468.It Va weak_mountd_authentication 2469.Pq Vt bool 2470If set to 2471.Dq Li YES , 2472allow services like PCNFSD to make non-privileged mount 2473requests. 2474.It Va nfs_reserved_port_only 2475.Pq Vt bool 2476If set to 2477.Dq Li YES , 2478provide NFS services only on a secure port. 2479.It Va nfs_bufpackets 2480.Pq Vt int 2481If set to a number, indicates the number of packets worth of 2482socket buffer space to reserve on an NFS client. 2483The kernel default is typically 4. 2484Using a higher number may be 2485useful on gigabit networks to improve performance. 2486The minimum value is 24872 and the maximum is 64. 2488.It Va rpc_lockd_enable 2489.Pq Vt bool 2490If set to 2491.Dq Li YES 2492and also an NFS server or client, run 2493.Xr rpc.lockd 8 2494at boot time. 2495.It Va rpc_lockd_flags 2496.Pq Vt str 2497If 2498.Va rpc_lockd_enable 2499is set to 2500.Dq Li YES , 2501these are the flags to pass to the 2502.Xr rpc.lockd 8 2503daemon. 2504.It Va rpc_statd_enable 2505.Pq Vt bool 2506If set to 2507.Dq Li YES 2508and also an NFS server or client, run 2509.Xr rpc.statd 8 2510at boot time. 2511.It Va rpc_statd_flags 2512.Pq Vt str 2513If 2514.Va rpc_statd_enable 2515is set to 2516.Dq Li YES , 2517these are the flags to pass to the 2518.Xr rpc.statd 8 2519daemon. 2520.It Va rpcbind_program 2521.Pq Vt str 2522Path to 2523.Xr rpcbind 8 2524(default 2525.Pa /usr/sbin/rpcbind ) . 2526.It Va rpcbind_enable 2527.Pq Vt bool 2528If set to 2529.Dq Li YES , 2530run the 2531.Xr rpcbind 8 2532service at boot time. 2533.It Va rpcbind_flags 2534.Pq Vt str 2535If 2536.Va rpcbind_enable 2537is set to 2538.Dq Li YES , 2539these are the flags to pass to the 2540.Xr rpcbind 8 2541daemon. 2542.It Va keyserv_enable 2543.Pq Vt bool 2544If set to 2545.Dq Li YES , 2546run the 2547.Xr keyserv 8 2548daemon on boot for running Secure RPC. 2549.It Va keyserv_flags 2550.Pq Vt str 2551If 2552.Va keyserv_enable 2553is set to 2554.Dq Li YES , 2555these are the flags to pass to 2556.Xr keyserv 8 2557daemon. 2558.It Va pppoed_enable 2559.Pq Vt bool 2560If set to 2561.Dq Li YES , 2562run the 2563.Xr pppoed 8 2564daemon at boot time to provide PPP over Ethernet services. 2565.It Va pppoed_ Ns Aq Ar provider 2566.Pq Vt str 2567.Xr pppoed 8 2568listens to requests to this 2569.Ar provider 2570and ultimately runs 2571.Xr ppp 8 2572with a 2573.Ar system 2574argument of the same name. 2575.It Va pppoed_flags 2576.Pq Vt str 2577Additional flags to pass to 2578.Xr pppoed 8 . 2579.It Va pppoed_interface 2580.Pq Vt str 2581The network interface to run 2582.Xr pppoed 8 2583on. 2584This is mandatory when 2585.Va pppoed_enable 2586is set to 2587.Dq Li YES . 2588.It Va ntpdate_enable 2589.Pq Vt bool 2590If set to 2591.Dq Li YES , 2592run 2593.Xr ntpdate 8 2594at system startup. 2595This command is intended to 2596synchronize the system clock only 2597.Em once 2598from some standard reference. 2599.Pp 2600Note that the use of the 2601.Va ntpd_sync_on_start 2602variable is a preferred alternative to the 2603.Xr ntpdate 8 2604utility as 2605.Xr ntpdate 8 2606is to be retired from the NTP distribution. 2607.It Va ntpdate_config 2608.Pq Vt str 2609Configuration file for 2610.Xr ntpdate 8 . 2611Default 2612.Pa /etc/ntp.conf . 2613.It Va ntpdate_hosts 2614.Pq Vt str 2615A whitespace-separated list of NTP servers to synchronize with at startup. 2616The default is to use the servers listed in 2617.Va ntpdate_config , 2618if that file exists. 2619.It Va ntpdate_program 2620.Pq Vt str 2621Path to 2622.Xr ntpdate 8 2623(default 2624.Pa /usr/sbin/ntpdate ) . 2625.It Va ntpdate_flags 2626.Pq Vt str 2627If 2628.Va ntpdate_enable 2629is set to 2630.Dq Li YES , 2631these are the flags to pass to the 2632.Xr ntpdate 8 2633command (typically a hostname). 2634.It Va ntpd_enable 2635.Pq Vt bool 2636If set to 2637.Dq Li YES , 2638run the 2639.Xr ntpd 8 2640command at boot time. 2641.It Va ntpd_program 2642.Pq Vt str 2643Path to 2644.Xr ntpd 8 2645(default 2646.Pa /usr/sbin/ntpd ) . 2647.It Va ntpd_config 2648.Pq Vt str 2649Path to 2650.Xr ntpd 8 2651configuration file. 2652Default 2653.Pa /etc/ntp.conf . 2654.It Va ntpd_flags 2655.Pq Vt str 2656If 2657.Va ntpd_enable 2658is set to 2659.Dq Li YES , 2660these are the flags to pass to the 2661.Xr ntpd 8 2662daemon. 2663.It Va ntpd_sync_on_start 2664.Pq Vt bool 2665If set to 2666.Dq Li YES , 2667.Xr ntpd 8 2668is run with the 2669.Fl g 2670flag, which syncs the system's clock on startup. 2671See 2672.Xr ntpd 8 2673for more information regarding the 2674.Fl g 2675option. 2676This is a preferred alternative to using 2677.Xr ntpdate 8 2678or specifying the 2679.Va ntpdate_enable 2680variable. 2681.It Va nis_client_enable 2682.Pq Vt bool 2683If set to 2684.Dq Li YES , 2685run the 2686.Xr ypbind 8 2687service at system boot time. 2688.It Va nis_client_flags 2689.Pq Vt str 2690If 2691.Va nis_client_enable 2692is set to 2693.Dq Li YES , 2694these are the flags to pass to the 2695.Xr ypbind 8 2696service. 2697.It Va nis_ypldap_enable 2698.Pq Vt bool 2699If set to 2700.Dq Li YES , 2701run the 2702.Xr ypldap 8 2703daemon at system boot time. 2704.It Va nis_ypldap_flags 2705.Pq Vt str 2706If 2707.Va nis.ypldap_enable 2708is set to 2709.Dq Li YES , 2710these are the flags to pass to the 2711.Xr ypldap 8 2712daemon. 2713.It Va nis_ypset_enable 2714.Pq Vt bool 2715If set to 2716.Dq Li YES , 2717run the 2718.Xr ypset 8 2719daemon at system boot time. 2720.It Va nis_ypset_flags 2721.Pq Vt str 2722If 2723.Va nis_ypset_enable 2724is set to 2725.Dq Li YES , 2726these are the flags to pass to the 2727.Xr ypset 8 2728daemon. 2729.It Va nis_server_enable 2730.Pq Vt bool 2731If set to 2732.Dq Li YES , 2733run the 2734.Xr ypserv 8 2735daemon at system boot time. 2736.It Va nis_server_flags 2737.Pq Vt str 2738If 2739.Va nis_server_enable 2740is set to 2741.Dq Li YES , 2742these are the flags to pass to the 2743.Xr ypserv 8 2744daemon. 2745.It Va nis_ypxfrd_enable 2746.Pq Vt bool 2747If set to 2748.Dq Li YES , 2749run the 2750.Xr rpc.ypxfrd 8 2751daemon at system boot time. 2752.It Va nis_ypxfrd_flags 2753.Pq Vt str 2754If 2755.Va nis_ypxfrd_enable 2756is set to 2757.Dq Li YES , 2758these are the flags to pass to the 2759.Xr rpc.ypxfrd 8 2760daemon. 2761.It Va nis_yppasswdd_enable 2762.Pq Vt bool 2763If set to 2764.Dq Li YES , 2765run the 2766.Xr rpc.yppasswdd 8 2767daemon at system boot time. 2768.It Va nis_yppasswdd_flags 2769.Pq Vt str 2770If 2771.Va nis_yppasswdd_enable 2772is set to 2773.Dq Li YES , 2774these are the flags to pass to the 2775.Xr rpc.yppasswdd 8 2776daemon. 2777.It Va rpc_ypupdated_enable 2778.Pq Vt bool 2779If set to 2780.Dq Li YES , 2781run the 2782.Nm rpc.ypupdated 2783daemon at system boot time. 2784.It Va bsnmpd_enable 2785.Pq Vt bool 2786If set to 2787.Dq Li YES , 2788run the 2789.Xr bsnmpd 1 2790daemon at system boot time. 2791Be sure to understand the security implications of running SNMP daemon 2792on your host. 2793.It Va bsnmpd_flags 2794.Pq Vt str 2795If 2796.Va bsnmpd_enable 2797is set to 2798.Dq Li YES , 2799these are the flags to pass to the 2800.Xr bsnmpd 1 2801daemon. 2802.It Va defaultrouter 2803.Pq Vt str 2804If not set to 2805.Dq Li NO , 2806create a default route to this host name or IP address 2807(use an IP address if this router is also required to get to the 2808name server!). 2809.It Va defaultrouter_fibN 2810.Pq Vt str 2811If not set to 2812.Dq Li NO , 2813create a default route in FIB N to this host name or IP address. 2814.It Va ipv6_defaultrouter 2815.Pq Vt str 2816The IPv6 equivalent of 2817.Va defaultrouter . 2818.It Va ipv6_defaultrouter_fibN 2819.Pq Vt str 2820The IPv6 equivalent of 2821.Va defaultrouter_fibN . 2822.It Va static_arp_pairs 2823.Pq Vt str 2824Set to the list of static ARP pairs that are to be added at system 2825boot time. 2826For each whitespace separated 2827.Ar element 2828in the value, a 2829.Va static_arp_ Ns Aq Ar element 2830variable is assumed to exist whose contents will later be passed to a 2831.Dq Nm arp Cm -S 2832operation. 2833For example 2834.Bd -literal 2835static_arp_pairs="gw" 2836static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2837.Ed 2838.It Va static_ndp_pairs 2839.Pq Vt str 2840Set to the list of static NDP pairs that are to be added at system 2841boot time. 2842For each whitespace separated 2843.Ar element 2844in the value, a 2845.Va static_ndp_ Ns Aq Ar element 2846variable is assumed to exist whose contents will later be passed to a 2847.Dq Nm ndp Cm -s 2848operation. 2849For example 2850.Bd -literal 2851static_ndp_pairs="gw" 2852static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2853.Ed 2854.It Va static_routes 2855.Pq Vt str 2856Set to the list of static routes that are to be added at system 2857boot time. 2858If not set to 2859.Dq Li NO 2860then for each whitespace separated 2861.Ar element 2862in the value, a 2863.Va route_ Ns Aq Ar element 2864variable is assumed to exist 2865whose contents will later be passed to a 2866.Dq Nm route Cm add 2867operation. 2868For example: 2869.Bd -literal 2870static_routes="ext mcast:gif0 gif0local:gif0" 2871route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2872route_mcast="-net 224.0.0.0/4 -iface gif0" 2873route_gif0local="-host 169.254.1.1 -iface lo0" 2874.Ed 2875.Pp 2876When an 2877.Ar element 2878is in the form of 2879.Li name:ifname , 2880the route is specific to the interface 2881.Li ifname . 2882.It Va ipv6_static_routes 2883.Pq Vt str 2884The IPv6 equivalent of 2885.Va static_routes . 2886If not set to 2887.Dq Li NO 2888then for each whitespace separated 2889.Ar element 2890in the value, a 2891.Va ipv6_route_ Ns Aq Ar element 2892variable is assumed to exist 2893whose contents will later be passed to a 2894.Dq Nm route Cm add Fl inet6 2895operation. 2896.It Va gateway_enable 2897.Pq Vt bool 2898If set to 2899.Dq Li YES , 2900configure host to act as an IP router, e.g.\& to forward packets 2901between interfaces. 2902.It Va ipv6_gateway_enable 2903.Pq Vt bool 2904The IPv6 equivalent of 2905.Va gateway_enable . 2906.It Va routed_enable 2907.Pq Vt bool 2908If set to 2909.Dq Li YES , 2910run a routing daemon of some sort, based on the 2911settings of 2912.Va routed_program 2913and 2914.Va routed_flags . 2915.It Va route6d_enable 2916.Pq Vt bool 2917The IPv6 equivalent of 2918.Va routed_enable . 2919If set to 2920.Dq Li YES , 2921run a routing daemon of some sort, based on the 2922settings of 2923.Va route6d_program 2924and 2925.Va route6d_flags . 2926.It Va routed_program 2927.Pq Vt str 2928If 2929.Va routed_enable 2930is set to 2931.Dq Li YES , 2932this is the name of the routing daemon to use. 2933.It Va route6d_program 2934.Pq Vt str 2935The IPv6 equivalent of 2936.Va routed_program . 2937.It Va routed_flags 2938.Pq Vt str 2939If 2940.Va routed_enable 2941is set to 2942.Dq Li YES , 2943these are the flags to pass to the routing daemon. 2944.It Va route6d_flags 2945.Pq Vt str 2946The IPv6 equivalent of 2947.Va routed_flags . 2948.It Va rtadvd_enable 2949.Pq Vt bool 2950If set to 2951.Dq Li YES , 2952run the 2953.Xr rtadvd 8 2954daemon at boot time. 2955The 2956.Xr rtadvd 8 2957utility sends ICMPv6 Router Advertisement messages to 2958the interfaces specified in 2959.Va rtadvd_interfaces . 2960This should only be enabled with great care. 2961You may want to fine-tune 2962.Xr rtadvd.conf 5 . 2963.It Va rtadvd_interfaces 2964.Pq Vt str 2965If 2966.Va rtadvd_enable 2967is set to 2968.Dq Li YES 2969this is the list of interfaces to use. 2970.It Va arpproxy_all 2971.Pq Vt bool 2972If set to 2973.Dq Li YES , 2974enable global proxy ARP. 2975.It Va forward_sourceroute 2976.Pq Vt bool 2977If set to 2978.Dq Li YES 2979and 2980.Va gateway_enable 2981is also set to 2982.Dq Li YES , 2983source-routed packets are forwarded. 2984.It Va accept_sourceroute 2985.Pq Vt bool 2986If set to 2987.Dq Li YES , 2988the system will accept source-routed packets directed at it. 2989.It Va rarpd_enable 2990.Pq Vt bool 2991If set to 2992.Dq Li YES , 2993run the 2994.Xr rarpd 8 2995daemon at system boot time. 2996.It Va rarpd_flags 2997.Pq Vt str 2998If 2999.Va rarpd_enable 3000is set to 3001.Dq Li YES , 3002these are the flags to pass to the 3003.Xr rarpd 8 3004daemon. 3005.It Va bootparamd_enable 3006.Pq Vt bool 3007If set to 3008.Dq Li YES , 3009run the 3010.Xr bootparamd 8 3011daemon at system boot time. 3012.It Va bootparamd_flags 3013.Pq Vt str 3014If 3015.Va bootparamd_enable 3016is set to 3017.Dq Li YES , 3018these are the flags to pass to the 3019.Xr bootparamd 8 3020daemon. 3021.It Va stf_interface_ipv4addr 3022.Pq Vt str 3023If not set to 3024.Dq Li NO , 3025this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3026interface). 3027Specify this entry to enable the 6to4 interface. 3028.It Va stf_interface_ipv4plen 3029.Pq Vt int 3030Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3031An effective value is 0-31. 3032.It Va stf_interface_ipv6_ifid 3033.Pq Vt str 3034IPv6 interface ID for 3035.Xr stf 4 . 3036This can be set to 3037.Dq Li AUTO . 3038.It Va stf_interface_ipv6_slaid 3039.Pq Vt str 3040IPv6 Site Level Aggregator for 3041.Xr stf 4 . 3042.It Va ipv6_ipv4mapping 3043.Pq Vt bool 3044If set to 3045.Dq Li YES 3046this enables IPv4 mapped IPv6 address communication (like 3047.Li ::ffff:a.b.c.d ) . 3048.It Va rtsold_enable 3049.Pq Vt bool 3050Set to 3051.Dq Li YES 3052to enable the 3053.Xr rtsold 8 3054daemon to send ICMPv6 Router Solicitation messages. 3055.It Va rtsold_flags 3056.Pq Vt str 3057If 3058.Va rtsold_enable 3059is set to 3060.Dq Li YES , 3061these are the flags to pass to 3062.Xr rtsold 8 . 3063.It Va rtsol_flags 3064.Pq Vt str 3065For interfaces configured with the 3066.Dq Li inet6 accept_rtadv 3067keyword, these are the flags to pass to 3068.Xr rtsol 8 . 3069.Pp 3070Note that 3071.Va rtsold_enable 3072is mutually exclusive to 3073.Va rtsol_flags ; 3074.Va rtsold_enable 3075takes precedence. 3076.It Va keybell 3077.Pq Vt str 3078The keyboard bell sound. 3079Set to 3080.Dq Li normal , 3081.Dq Li visual , 3082.Dq Li off , 3083or 3084.Dq Li NO 3085if the default behavior is desired. 3086For details, refer to the 3087.Xr kbdcontrol 1 3088manpage. 3089.It Va keyboard 3090.Pq Vt str 3091If set to a non-null string, the virtual console's keyboard input is 3092set to this device. 3093.It Va keymap 3094.Pq Vt str 3095If set to 3096.Dq Li NO , 3097no keymap is installed, otherwise the value is used to install 3098the keymap file found in 3099.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3100(if using 3101.Xr syscons 4 ) or 3102.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3103(if using 3104.Xr vt 4 ) . 3105.It Va keyrate 3106.Pq Vt str 3107The keyboard repeat speed. 3108Set to 3109.Dq Li slow , 3110.Dq Li normal , 3111.Dq Li fast , 3112or 3113.Dq Li NO 3114if the default behavior is desired. 3115.It Va keychange 3116.Pq Vt str 3117If not set to 3118.Dq Li NO , 3119attempt to program the function keys with the value. 3120The value should 3121be a single string of the form: 3122.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3123.It Va cursor 3124.Pq Vt str 3125Can be set to the value of 3126.Dq Li normal , 3127.Dq Li blink , 3128.Dq Li destructive , 3129or 3130.Dq Li NO 3131to set the cursor behavior explicitly or choose the default behavior. 3132.It Va scrnmap 3133.Pq Vt str 3134If set to 3135.Dq Li NO , 3136no screen map is installed, otherwise the value is used to install 3137the screen map file in 3138.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3139This parameter is ignored when using 3140.Xr vt 4 3141as the console driver. 3142.It Va font8x16 3143.Pq Vt str 3144If set to 3145.Dq Li NO , 3146the default 8x16 font value is used for screen size requests, otherwise 3147the value in 3148.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3149or 3150.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3151is used (depending on the console driver being used). 3152.It Va font8x14 3153.Pq Vt str 3154If set to 3155.Dq Li NO , 3156the default 8x14 font value is used for screen size requests, otherwise 3157the value in 3158.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3159or 3160.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3161is used (depending on the console driver being used). 3162.It Va font8x8 3163.Pq Vt str 3164If set to 3165.Dq Li NO , 3166the default 8x8 font value is used for screen size requests, otherwise 3167the value in 3168.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3169or 3170.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3171is used (depending on the console driver being used). 3172.It Va blanktime 3173.Pq Vt int 3174If set to 3175.Dq Li NO , 3176the default screen blanking interval is used, otherwise it is set 3177to 3178.Ar value 3179seconds. 3180.It Va saver 3181.Pq Vt str 3182If not set to 3183.Dq Li NO , 3184this is the actual screen saver to use 3185.Li ( blank , snake , daemon , 3186etc). 3187.It Va moused_nondefault_enable 3188.Pq Vt str 3189If set to 3190.Dq Li NO , 3191the mouse device specified on 3192the command line is not automatically treated as enabled by the 3193.Pa /etc/rc.d/moused 3194script. 3195Having this variable set to 3196.Dq Li YES 3197allows a 3198.Xr usb 4 3199mouse, 3200for example, 3201to be enabled as soon as it is plugged in. 3202.It Va moused_enable 3203.Pq Vt str 3204If set to 3205.Dq Li YES , 3206the 3207.Xr moused 8 3208daemon is started for doing cut/paste selection on the console. 3209.It Va moused_type 3210.Pq Vt str 3211This is the protocol type of the mouse connected to this host. 3212This variable must be set if 3213.Va moused_enable 3214is set to 3215.Dq Li YES . 3216The 3217.Xr moused 8 3218daemon 3219is able to detect the appropriate mouse type automatically in many cases. 3220Set this variable to 3221.Dq Li auto 3222to let the daemon detect it, or 3223select one from the following list if the automatic detection fails. 3224.Pp 3225If the mouse is attached to the PS/2 mouse port, choose 3226.Dq Li auto 3227or 3228.Dq Li ps/2 , 3229regardless of the brand and model of the mouse. 3230Likewise, if the 3231mouse is attached to the bus mouse port, choose 3232.Dq Li auto 3233or 3234.Dq Li busmouse . 3235All other protocols are for serial mice and will not work with 3236the PS/2 and bus mice. 3237If this is a USB mouse, 3238.Dq Li auto 3239is the only protocol type which will work. 3240.Pp 3241.Bl -tag -width ".Li x10mouseremote" -compact 3242.It Li microsoft 3243Microsoft mouse (serial) 3244.It Li intellimouse 3245Microsoft IntelliMouse (serial) 3246.It Li mousesystems 3247Mouse systems Corp.\& mouse (serial) 3248.It Li mmseries 3249MM Series mouse (serial) 3250.It Li logitech 3251Logitech mouse (serial) 3252.It Li busmouse 3253A bus mouse 3254.It Li mouseman 3255Logitech MouseMan and TrackMan (serial) 3256.It Li glidepoint 3257ALPS GlidePoint (serial) 3258.It Li thinkingmouse 3259Kensington ThinkingMouse (serial) 3260.It Li ps/2 3261PS/2 mouse 3262.It Li mmhittab 3263MM HitTablet (serial) 3264.It Li x10mouseremote 3265X10 MouseRemote (serial) 3266.It Li versapad 3267Interlink VersaPad (serial) 3268.El 3269.Pp 3270Even if the mouse is not in the above list, it may be compatible 3271with one in the list. 3272Refer to the manual page for 3273.Xr moused 8 3274for compatibility information. 3275.Pp 3276It should also be noted that while this is enabled, any 3277other client of the mouse (such as an X server) should access 3278the mouse through the virtual mouse device, 3279.Pa /dev/sysmouse , 3280and configure it as a 3281.Dq Li sysmouse 3282type mouse, since all 3283mouse data is converted to this single canonical format when 3284using 3285.Xr moused 8 . 3286If the client program does not support the 3287.Dq Li sysmouse 3288type, 3289specify the 3290.Dq Li mousesystems 3291type. 3292It is the second preferred type. 3293.It Va moused_port 3294.Pq Vt str 3295If 3296.Va moused_enable 3297is set to 3298.Dq Li YES , 3299this is the actual port the mouse is on. 3300It might be 3301.Pa /dev/cuau0 3302for a COM1 serial mouse, or 3303.Pa /dev/psm0 3304for a PS/2 mouse, for example. 3305.It Va moused_flags 3306.Pq Vt str 3307If 3308.Va moused_flags 3309is set, its value is used as an additional set of flags to pass to the 3310.Xr moused 8 3311daemon. 3312.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3313When 3314.Va moused_nondefault_enable 3315is enabled, and a 3316.Xr moused 8 3317daemon is started for a non-default port, the 3318.Va "moused_" Ns Ar XXX Ns Va "_flags" 3319set of options has precedence over and replaces the default 3320.Va moused_flags 3321(where 3322.Ar XXX 3323is the name of the non-default port, i.e.,\& 3324.Ar ums0 ) . 3325By setting 3326.Va "moused_" Ns Ar XXX Ns Va "_flags" 3327it is possible to set up a different set of default flags for each 3328.Xr moused 8 3329instance. 3330For example, you can use 3331.Dq Li "-3" 3332for the default 3333.Va moused_flags 3334to make your laptop's touchpad more comfortable to use, 3335but an empty set of options for 3336.Va moused_ums0_flags 3337when your 3338.Xr usb 4 3339mouse has three or more buttons. 3340.It Va mousechar_start 3341.Pq Vt int 3342If set to 3343.Dq Li NO , 3344the default mouse cursor character range 3345.Li 0xd0 Ns - Ns Li 0xd3 3346is used, 3347otherwise the range start is set 3348to 3349.Ar value 3350character, see 3351.Xr vidcontrol 1 . 3352Use if the default range is occupied in the language code table. 3353.It Va allscreens_flags 3354.Pq Vt str 3355If set, 3356.Xr vidcontrol 1 3357is run with these options for each of the virtual terminals 3358.Pq Pa /dev/ttyv* . 3359For example, 3360.Dq Fl m Cm on 3361will enable the mouse pointer on all virtual terminals 3362if 3363.Va moused_enable 3364is set to 3365.Dq Li YES . 3366.It Va allscreens_kbdflags 3367.Pq Vt str 3368If set, 3369.Xr kbdcontrol 1 3370is run with these options for each of the virtual terminals 3371.Pq Pa /dev/ttyv* . 3372For example, 3373.Dq Fl h Li 200 3374will set the 3375.Xr syscons 4 3376or 3377.Xr vt 4 3378scrollback (history) buffer to 200 lines. 3379.It Va cron_enable 3380.Pq Vt bool 3381If set to 3382.Dq Li YES , 3383run the 3384.Xr cron 8 3385daemon at system boot time. 3386.It Va cron_program 3387.Pq Vt str 3388Path to 3389.Xr cron 8 3390(default 3391.Pa /usr/sbin/cron ) . 3392.It Va cron_flags 3393.Pq Vt str 3394If 3395.Va cron_enable 3396is set to 3397.Dq Li YES , 3398these are the flags to pass to 3399.Xr cron 8 . 3400.It Va cron_dst 3401.Pq Vt bool 3402If set to 3403.Dq Li YES , 3404enable the special handling of transitions to and from the 3405Daylight Saving Time in 3406.Xr cron 8 3407(equivalent to using the flag 3408.Fl s ) . 3409.It Va lpd_program 3410.Pq Vt str 3411Path to 3412.Xr lpd 8 3413(default 3414.Pa /usr/sbin/lpd ) . 3415.It Va lpd_enable 3416.Pq Vt bool 3417If set to 3418.Dq Li YES , 3419run the 3420.Xr lpd 8 3421daemon at system boot time. 3422.It Va lpd_flags 3423.Pq Vt str 3424If 3425.Va lpd_enable 3426is set to 3427.Dq Li YES , 3428these are the flags to pass to the 3429.Xr lpd 8 3430daemon. 3431.It Va chkprintcap_enable 3432.Pq Vt bool 3433If set to 3434.Dq Li YES , 3435run the 3436.Xr chkprintcap 8 3437command before starting the 3438.Xr lpd 8 3439daemon. 3440.It Va chkprintcap_flags 3441.Pq Vt str 3442If 3443.Va lpd_enable 3444and 3445.Va chkprintcap_enable 3446are set to 3447.Dq Li YES , 3448these are the flags to pass to the 3449.Xr chkprintcap 8 3450program. 3451The default is 3452.Dq Li -d , 3453which causes missing directories to be created. 3454.It Va mta_start_script 3455.Pq Vt str 3456This variable specifies the full path to the script to run to start 3457a mail transfer agent. 3458The default is 3459.Pa /etc/rc.sendmail . 3460The 3461.Va sendmail_* 3462variables which 3463.Pa /etc/rc.sendmail 3464uses are documented in the 3465.Xr rc.sendmail 8 3466manual page. 3467.It Va dumpdev 3468.Pq Vt str 3469Indicates the device (usually a swap partition) to which a crash dump 3470should be written in the event of a system crash. 3471If the value of this variable is 3472.Dq Li AUTO , 3473the first suitable swap device listed in 3474.Pa /etc/fstab 3475will be used as dump device. 3476Otherwise, the value of this variable is passed as the argument to 3477.Xr dumpon 8 3478and 3479.Xr savecore 8 . 3480To disable crash dumps, set this variable to 3481.Dq Li NO . 3482.It Va dumpon_flags 3483.Pq Vt str 3484Flags to pass to 3485.Xr dumpon 8 3486when configuring 3487.Va dumpdev 3488as the system dump device. 3489.It Va dumpdir 3490.Pq Vt str 3491When the system reboots after a crash and a crash dump is found on the 3492device specified by the 3493.Va dumpdev 3494variable, 3495.Xr savecore 8 3496will save that crash dump and a copy of the kernel to the directory 3497specified by the 3498.Va dumpdir 3499variable. 3500The default value is 3501.Pa /var/crash . 3502Set to 3503.Dq Li NO 3504to not run 3505.Xr savecore 8 3506at boot time when 3507.Va dumpdir 3508is set. 3509.It Va savecore_enable 3510.Pq Vt bool 3511If set to 3512.Dq Li NO , 3513disable automatic extraction of the crash dump from the 3514.Va dumpdev . 3515.It Va savecore_flags 3516.Pq Vt str 3517If crash dumps are enabled, these are the flags to pass to the 3518.Xr savecore 8 3519utility. 3520.It Va quota_enable 3521.Pq Vt bool 3522Set to 3523.Dq Li YES 3524to turn on user and group disk quotas on system startup via the 3525.Xr quotaon 8 3526command for all file systems marked as having quotas enabled in 3527.Pa /etc/fstab . 3528The kernel must be built with 3529.Cd "options QUOTA" 3530for disk quotas to function. 3531.It Va check_quotas 3532.Pq Vt bool 3533Set to 3534.Dq Li YES 3535to enable user and group disk quota checking via the 3536.Xr quotacheck 8 3537command. 3538.It Va quotacheck_flags 3539.Pq Vt str 3540If 3541.Va quota_enable 3542is set to 3543.Dq Li YES , 3544and 3545.Va check_quotas 3546is set to 3547.Dq Li YES , 3548these are the flags to pass to the 3549.Xr quotacheck 8 3550utility. 3551The default is 3552.Dq Li "-a" , 3553which checks quotas for all file systems with quotas enabled in 3554.Pa /etc/fstab . 3555.It Va quotaon_flags 3556.Pq Vt str 3557If 3558.Va quota_enable 3559is set to 3560.Dq Li YES , 3561these are the flags to pass to the 3562.Xr quotaon 8 3563utility. 3564The default is 3565.Dq Li "-a" , 3566which enables quotas for all file systems with quotas enabled in 3567.Pa /etc/fstab . 3568.It Va quotaoff_flags 3569.Pq Vt str 3570If 3571.Va quota_enable 3572is set to 3573.Dq Li YES , 3574these are the flags to pass to the 3575.Xr quotaoff 8 3576utility when shutting down the quota system. 3577The default is 3578.Dq Li "-a" , 3579which disables quotas for all file systems with quotas enabled in 3580.Pa /etc/fstab . 3581.It Va accounting_enable 3582.Pq Vt bool 3583Set to 3584.Dq Li YES 3585to enable system accounting through the 3586.Xr accton 8 3587facility. 3588.It Va firstboot_sentinel 3589.Pq Vt str 3590This variable specifies the full path to a 3591.Dq first boot 3592sentinel file. 3593If a file exists with this path, 3594.Pa rc.d 3595scripts with the 3596.Dq firstboot 3597keyword will be run on startup and the sentinel file will be deleted 3598after the boot process completes. 3599The sentinel file must be located on a writable file system which is 3600mounted no later than 3601.Va early_late_divider 3602to function properly. 3603The default is 3604.Pa /firstboot . 3605.It Va linux_enable 3606.Pq Vt bool 3607Set to 3608.Dq Li YES 3609to enable Linux/ELF binary emulation at system initial 3610boot time. 3611.It Va sysvipc_enable 3612.Pq Vt bool 3613If set to 3614.Dq Li YES , 3615load System V IPC primitives at boot time. 3616.It Va clear_tmp_enable 3617.Pq Vt bool 3618Set to 3619.Dq Li YES 3620to have 3621.Pa /tmp 3622cleaned at startup. 3623.It Va clear_tmp_X 3624.Pq Vt bool 3625Set to 3626.Dq Li NO 3627to disable removing of X11 lock files, 3628and the removal and (secure) recreation 3629of the various socket directories for X11 3630related programs. 3631.It Va ldconfig_paths 3632.Pq Vt str 3633Set to the list of shared library paths to use with 3634.Xr ldconfig 8 . 3635NOTE: 3636.Pa /lib 3637and 3638.Pa /usr/lib 3639will always be added first, so they need not appear in this list. 3640.It Va ldconfig32_paths 3641.Pq Vt str 3642Set to the list of 32-bit compatibility shared library paths to 3643use with 3644.Xr ldconfig 8 . 3645.It Va ldconfig_insecure 3646.Pq Vt bool 3647The 3648.Xr ldconfig 8 3649utility normally refuses to use directories 3650which are writable by anyone except root. 3651Set this variable to 3652.Dq Li YES 3653to disable that security check during system startup. 3654.It Va ldconfig_local_dirs 3655.Pq Vt str 3656Set to the list of local 3657.Xr ldconfig 8 3658directories. 3659The names of all files in the directories listed will be 3660passed as arguments to 3661.Xr ldconfig 8 . 3662.It Va ldconfig_local32_dirs 3663.Pq Vt str 3664Set to the list of local 32-bit compatibility 3665.Xr ldconfig 8 3666directories. 3667The names of all files in the directories listed will be 3668passed as arguments to 3669.Dq Nm ldconfig Fl 32 . 3670.It Va kern_securelevel_enable 3671.Pq Vt bool 3672Set to 3673.Dq Li YES 3674to set the kernel security level at system startup. 3675.It Va kern_securelevel 3676.Pq Vt int 3677The kernel security level to set at startup. 3678The allowed range of 3679.Ar value 3680ranges from \-1 (the compile time default) to 3 (the 3681most secure). 3682See 3683.Xr security 7 3684for the list of possible security levels and their effect 3685on system operation. 3686.It Va sshd_program 3687.Pq Vt str 3688Path to the SSH server program 3689.Pa ( /usr/sbin/sshd 3690is the default). 3691.It Va sshd_enable 3692.Pq Vt bool 3693Set to 3694.Dq Li YES 3695to start 3696.Xr sshd 8 3697at system boot time. 3698.It Va sshd_flags 3699.Pq Vt str 3700If 3701.Va sshd_enable 3702is set to 3703.Dq Li YES , 3704these are the flags to pass to the 3705.Xr sshd 8 3706daemon. 3707.It Va ftpd_program 3708.Pq Vt str 3709Path to the FTP server program 3710.Pa ( /usr/libexec/ftpd 3711is the default). 3712.It Va ftpd_enable 3713.Pq Vt bool 3714Set to 3715.Dq Li YES 3716to start 3717.Xr ftpd 8 3718as a stand-alone daemon at system boot time. 3719.It Va ftpd_flags 3720.Pq Vt str 3721If 3722.Va ftpd_enable 3723is set to 3724.Dq Li YES , 3725these are the additional flags to pass to the 3726.Xr ftpd 8 3727daemon. 3728.It Va watchdogd_enable 3729.Pq Vt bool 3730If set to 3731.Dq Li YES , 3732start the 3733.Xr watchdogd 8 3734daemon at boot time. 3735This requires that the kernel have been compiled with a 3736.Xr watchdog 4 3737compatible device. 3738.It Va watchdogd_flags 3739.Pq Vt str 3740If 3741.Va watchdogd_enable 3742is set to 3743.Dq Li YES , 3744these are the flags passed to the 3745.Xr watchdogd 8 3746daemon. 3747.It Va watchdogd_timeout 3748.Pq Vt int 3749If 3750.Va watchdogd_enable 3751is set to 3752.Dq Li YES , 3753this is a timeout that will be used by the 3754.Xr watchdogd 8 3755daemon. 3756If this option is set, it overrides 3757.Fl t 3758in 3759.Va watchdogd_flags . 3760.It Va watchdogd_shutdown_timeout 3761.Pq Vt int 3762If 3763.Va watchdogd_enable 3764is set to 3765.Dq Li YES , 3766this is a timeout that will be set by the 3767.Xr watchdogd 8 3768daemon when it exits during the system shutdown. 3769This timeout will not be set when returning to the single-user mode 3770or when the watchdogd service is stopped individually using the 3771.Xr service 8 3772command or the rc.d script. 3773Note that the timeout will be applied if 3774.Xr watchdogd 8 3775is stopped outside of 3776.Xr rc 8 3777framework. 3778If this option is set, it overrides 3779.Fl x 3780in 3781.Va watchdogd_flags . 3782.It Va devfs_rulesets 3783.Pq Vt str 3784List of files containing sets of rules for 3785.Xr devfs 8 . 3786.It Va devfs_system_ruleset 3787.Pq Vt str 3788Rule name(s) to apply to the system 3789.Pa /dev 3790itself. 3791.It Va devfs_set_rulesets 3792.Pq Vt str 3793Pairs of already-mounted 3794.Pa dev 3795directories and rulesets that should be applied to them. 3796For example: /mount/dev=ruleset_name 3797.It Va devfs_load_rulesets 3798.Pq Vt bool 3799If set, always load the default rulesets listed in 3800.Va devfs_rulesets . 3801.It Va performance_cx_lowest 3802.Pq Vt str 3803CPU idle state to use while on AC power. 3804The string 3805.Dq Li LOW 3806indicates that 3807.Xr acpi 4 3808should use the lowest power state available while 3809.Dq Li HIGH 3810indicates that the lowest latency state (less power savings) should be used. 3811.It Va performance_cpu_freq 3812.Pq Vt str 3813CPU clock frequency to use while on AC power. 3814The string 3815.Dq Li LOW 3816indicates that 3817.Xr cpufreq 4 3818should use the lowest frequency available while 3819.Dq Li HIGH 3820indicates that the highest frequency (less power savings) should be used. 3821.It Va economy_cx_lowest 3822.Pq Vt str 3823CPU idle state to use when off AC power. 3824The string 3825.Dq Li LOW 3826indicates that 3827.Xr acpi 4 3828should use the lowest power state available while 3829.Dq Li HIGH 3830indicates that the lowest latency state (less power savings) should be used. 3831.It Va economy_cpu_freq 3832.Pq Vt str 3833CPU clock frequency to use when off AC power. 3834The string 3835.Dq Li LOW 3836indicates that 3837.Xr cpufreq 4 3838should use the lowest frequency available while 3839.Dq Li HIGH 3840indicates that the highest frequency (less power savings) should be used. 3841.It Va jail_enable 3842.Pq Vt bool 3843If set to 3844.Dq Li NO , 3845any configured jails will not be started. 3846.It Va jail_conf 3847.Pq Vt str 3848The configuration filename used by 3849.Xr jail 8 3850utility. 3851The default value is 3852.Pa /etc/jail.conf . 3853.Pa /etc/jail. Ns Ao Ar jname Ac Ns Va .conf 3854and 3855.Pa /etc/jail.conf.d/ Ns Ao Ar jname Ac Ns Va .conf 3856will also be used if 3857.Va Ao Ar jname Ac Va 3858is set in 3859.Va jail_list . 3860.It Va jail_parallel_start 3861.Pq Vt bool 3862If set to 3863.Dq Li YES , 3864all configured jails will be started in the background (in parallel). 3865.It Va jail_flags 3866.Pq Vt str 3867Unset by default. 3868When set, use as default value for 3869.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3870for every jail in 3871.Va jail_list . 3872.It Va jail_list 3873.Pq Vt str 3874A space-delimited list of jail names. 3875When left empty, all of the 3876.Xr jail 8 3877instances defined in the configuration file are started. 3878The names specified in this list control the jail startup order. 3879.Xr jail 8 3880instances missing from 3881.Va jail_list 3882must be started manually. 3883Note that a jail's 3884.Va depend 3885parameter in the configuration file may override this list. 3886.It Va jail_reverse_stop 3887.Pq Vt bool 3888When set to 3889.Dq Li YES , 3890all configured jails in 3891.Va jail_list 3892are stopped in reverse order. 3893.It Va jail_ Ns * variables 3894Note that older releases supported per-jail configuration via 3895.Nm 3896variables. 3897For example, 3898hostname of a jail named 3899.Li vjail 3900was able to be set by 3901.Li jail_vjail_hostname . 3902These per-jail configuration variables are now obsolete in favor of 3903.Xr jail 8 3904configuration file. 3905For backward compatibility, 3906when per-jail configuration variables are defined, 3907.Xr jail 8 3908configuration files are created as 3909.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3910and used. 3911.Pp 3912The following per-jail parameters are handled by 3913.Pa rc.d/jail 3914script out of their corresponding 3915.Nm 3916variables. 3917In addition to them, parameters in 3918.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3919will be added to the configuration file. 3920They must be a semi-colon 3921.Pq Ql \&; 3922delimited list of 3923.Dq key=value . 3924For more details, 3925see 3926.Xr jail 8 3927manual page. 3928.Bl -tag -width "host.hostname" -offset indent 3929.It Li path 3930set from 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3932.It Li host.hostname 3933set from 3934.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3935.It Li exec.consolelog 3936set from 3937.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3938The default value is 3939.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3940.It Li interface 3941set from 3942.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3943.It Li vnet.interface 3944set from 3945.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3946This implies 3947.Li vnet 3948parameter will be enabled and cannot be specified with 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3951and/or 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3953at the same time. 3954.It Li fstab 3955set from 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3957.It Li mount 3958set from 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3960.It Li exec.fib 3961set from 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3963.It Li exec.start 3964set from 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3966The parameter name was 3967.Li command 3968in some older releases. 3969.It Li exec.prestart 3970set from 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3972.It Li exec.poststart 3973set from 3974.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3975.It Li exec.stop 3976set from 3977.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3978.It Li exec.prestop 3979set from 3980.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3981.It Li exec.poststop 3982set from 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3984.It Li ip4.addr 3985set if 3986.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3987or 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3989contain IPv4 addresses 3990.It Li ip6.addr 3991set if 3992.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3993or 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3995contain IPv6 addresses 3996.It Li allow.mount 3997set from 3998.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3999.It Li mount.devfs 4000set from 4001.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4002.It Li devfs_ruleset 4003set from 4004.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4005This must be an integer, 4006not a string. 4007.It Li mount.fdescfs 4008set from 4009.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4010.It Li allow.set_hostname 4011set from 4012.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4013.It Li allow.rawsocket 4014set from 4015.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4016.It Li allow.sysvipc 4017set from 4018.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4019.El 4020.\" ----------------------------------------------------- 4021.It Va harvest_mask 4022.Pq Vt int 4023Set to a bit-mask 4024representing the entropy sources 4025you wish to harvest. 4026Refer to 4027.Xr random 4 4028for more information. 4029.It Va entropy_dir 4030.Pq Vt str 4031Set to 4032.Dq Li NO 4033to disable caching entropy via 4034.Xr cron 8 . 4035Otherwise set to the directory 4036in which the entropy files are stored. 4037To be useful, 4038there must be 4039a system cron job 4040that regularly writes and rotates 4041files here. 4042All files found 4043will be used at boot time. 4044The default is 4045.Pa /var/db/entropy . 4046.It Va entropy_file 4047.Pq Vt str 4048Set to 4049.Dq Li NO 4050to disable caching entropy through reboots. 4051Otherwise set to the name 4052of a file used to store cached entropy. 4053This file should be located 4054on a file system that is readable 4055before all the volumes specified in 4056.Xr fstab 5 4057are mounted. 4058By default, 4059.Pa /entropy 4060is used, 4061but if 4062.Pa /var/db/entropy-file 4063is found it will also be used. 4064This will be of some use to 4065.Xr bsdinstall 8 . 4066.It Va entropy_boot_file 4067.Pq Vt str 4068Set to 4069.Dq Li NO 4070to disable 4071very early caching entropy 4072through reboots. 4073Otherwise set to the filename 4074used to read 4075very early reboot cached entropy. 4076This file should be located where 4077.Xr loader 8 4078can read it. 4079See also 4080.Xr loader.conf 5 . 4081The default location is 4082.Pa /boot/entropy . 4083.It Va entropy_save_sz 4084.Pq Vt int 4085Size of the entropy cache files saved by 4086.Nm save-entropy 4087periodically. 4088.It Va entropy_save_num 4089.Pq Vt int 4090Number of entropy cache files to save by 4091.Nm save-entropy 4092periodically. 4093.It Va ipsec_enable 4094.Pq Vt bool 4095Set to 4096.Dq Li YES 4097to run 4098.Xr setkey 8 4099on 4100.Va ipsec_file 4101at boot time. 4102.It Va ipsec_file 4103.Pq Vt str 4104Configuration file for 4105.Xr setkey 8 . 4106.It Va dmesg_enable 4107.Pq Vt bool 4108Set to 4109.Dq Li YES 4110to save 4111.Xr dmesg 8 4112to 4113.Pa /var/run/dmesg.boot 4114on boot. 4115.It Va rcshutdown_timeout 4116.Pq Vt int 4117If set, start a watchdog timer in the background which will terminate 4118.Pa rc.shutdown 4119if 4120.Xr shutdown 8 4121has not completed within the specified time (in seconds). 4122Notice that in addition to this soft timeout, 4123.Xr init 8 4124also applies a hard timeout for the execution of 4125.Pa rc.shutdown . 4126This is configured via 4127.Xr sysctl 8 4128variable 4129.Va kern.init_shutdown_timeout 4130and defaults to 120 seconds. 4131Setting the value of 4132.Va rcshutdown_timeout 4133to more than 120 seconds will have no effect until the 4134.Xr sysctl 8 4135variable 4136.Va kern.init_shutdown_timeout 4137is also increased. 4138.It Va virecover_enable 4139.Pq Vt bool 4140Set to 4141.Dq Li NO 4142to prevent the system from trying to 4143recover pre-maturely terminated 4144.Xr vi 1 4145sessions. 4146.It Va ugidfw_enable 4147.Pq Vt bool 4148Set to 4149.Dq Li YES 4150to load the 4151.Xr mac_bsdextended 4 4152module upon system initialization and load a default 4153ruleset file. 4154.It Va bsdextended_script 4155.Pq Vt str 4156The default 4157.Xr mac_bsdextended 4 4158ruleset file to load. 4159The default value of this variable is 4160.Pa /etc/rc.bsdextended . 4161.It Va newsyslog_enable 4162.Pq Vt bool 4163If set to 4164.Dq Li YES , 4165run 4166.Xr newsyslog 8 4167command at startup. 4168.It Va newsyslog_flags 4169.Pq Vt str 4170If 4171.Va newsyslog_enable 4172is set to 4173.Dq Li YES , 4174these are the flags to pass to the 4175.Xr newsyslog 8 4176program. 4177The default is 4178.Dq Li -CN , 4179which causes log files flagged with a 4180.Cm C 4181to be created. 4182.It Va mdconfig_md Ns Aq Ar X 4183.Pq Vt str 4184Arguments to 4185.Xr mdconfig 8 4186for 4187.Xr md 4 4188device 4189.Ar X . 4190At minimum a 4191.Fl t Ar type 4192must be specified and either a 4193.Fl s Ar size 4194for malloc or swap backed 4195.Xr md 4 4196devices or a 4197.Fl f Ar file 4198for vnode backed 4199.Xr md 4 4200devices. 4201Note that 4202.Va mdconfig_md Ns Aq Ar X 4203variables are evaluated until one variable is unset or null. 4204.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4205.Pq Vt str 4206Optional arguments passed to 4207.Xr newfs 8 4208to initialize 4209.Xr md 4 4210device 4211.Ar X . 4212.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4213.Pq Vt str 4214An ownership specification passed to 4215.Xr chown 8 4216after the specified 4217.Xr md 4 4218device 4219.Ar X 4220has been mounted. 4221Both the 4222.Xr md 4 4223device and the mount point will be changed. 4224.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4225.Pq Vt str 4226A mode string passed to 4227.Xr chmod 1 4228after the specified 4229.Xr md 4 4230device 4231.Ar X 4232has been mounted. 4233Both the 4234.Xr md 4 4235device and the mount point will be changed. 4236.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4237.Pq Vt str 4238Files to be copied to the mount point of the 4239.Xr md 4 4240device 4241.Ar X 4242after it has been mounted. 4243.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4244.Pq Vt str 4245Command to execute after the specified 4246.Xr md 4 4247device 4248.Ar X 4249has been mounted. 4250Note that the command is passed to 4251.Ic eval 4252and that both 4253.Va _dev 4254and 4255.Va _mp 4256variables can be used to reference respectively the 4257.Xr md 4 4258device and the mount point. 4259Assuming that the 4260.Xr md 4 4261device is 4262.Li md0 , 4263one could set the following: 4264.Bd -literal 4265mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4266.Ed 4267.It Va autobridge_interfaces 4268.Pq Vt str 4269Set to the list of bridge interfaces that will have newly arriving interfaces 4270checked against to be automatically added. 4271If not set to 4272.Dq Li NO 4273then for each whitespace separated 4274.Ar element 4275in the value, a 4276.Va autobridge_ Ns Aq Ar element 4277variable is assumed to exist which has a whitespace separated list of interface 4278names to match, these names can use wildcards. 4279For example: 4280.Bd -literal 4281autobridge_interfaces="bridge0" 4282autobridge_bridge0="tap* dc0 vlan[345]" 4283.Ed 4284.It Va mixer_enable 4285.Pq Vt bool 4286If set to 4287.Dq Li YES , 4288enable support for sound mixer. 4289.It Va hcsecd_enable 4290.Pq Vt bool 4291If set to 4292.Dq Li YES , 4293enable Bluetooth security daemon. 4294.It Va hcsecd_config 4295.Pq Vt str 4296Configuration file for 4297.Xr hcsecd 8 . 4298Default 4299.Pa /etc/bluetooth/hcsecd.conf . 4300.It Va sdpd_enable 4301.Pq Vt bool 4302If set to 4303.Dq Li YES , 4304enable Bluetooth Service Discovery Protocol daemon. 4305.It Va sdpd_control 4306.Pq Vt str 4307Path to 4308.Xr sdpd 8 4309control socket. 4310Default 4311.Pa /var/run/sdp . 4312.It Va sdpd_groupname 4313.Pq Vt str 4314Sets 4315.Xr sdpd 8 4316group to run as after it initializes. 4317Default 4318.Dq Li nobody . 4319.It Va sdpd_username 4320.Pq Vt str 4321Sets 4322.Xr sdpd 8 4323user to run as after it initializes. 4324Default 4325.Dq Li nobody . 4326.It Va bthidd_enable 4327.Pq Vt bool 4328If set to 4329.Dq Li YES , 4330enable Bluetooth Human Interface Device daemon. 4331.It Va bthidd_config 4332.Pq Vt str 4333Configuration file for 4334.Xr bthidd 8 . 4335Default 4336.Pa /etc/bluetooth/bthidd.conf . 4337.It Va bthidd_hids 4338.Pq Vt str 4339Path to a file, where 4340.Xr bthidd 8 4341will store information about known HID devices. 4342Default 4343.Pa /var/db/bthidd.hids . 4344.It Va rfcomm_pppd_server_enable 4345.Pq Vt bool 4346If set to 4347.Dq Li YES , 4348enable Bluetooth RFCOMM PPP wrapper daemon. 4349.It Va rfcomm_pppd_server_profile 4350.Pq Vt str 4351The name of the profile to use from 4352.Pa /etc/ppp/ppp.conf . 4353Multiple profiles can be specified here. 4354Also used to specify per-profile overrides. 4355When the profile name contains any of the characters 4356.Dq Li .-/+ 4357they are translated to 4358.Dq Li _ 4359for the proposes of the override variable names. 4360.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4361.Pq Vt str 4362Overrides local address to listen on. 4363By default 4364.Xr rfcomm_pppd 8 4365will listen on 4366.Dq Li ANY 4367address. 4368The address can be specified as BD_ADDR or name. 4369.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4370.Pq Vt str 4371Overrides local RFCOMM channel to listen on. 4372By default 4373.Xr rfcomm_pppd 8 4374will listen on RFCOMM channel 1. 4375Must set properly if multiple profiles used in the same time. 4376.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4377.Pq Vt bool 4378Tells 4379.Xr rfcomm_pppd 8 4380if it should register Serial Port service on the specified RFCOMM channel. 4381Default 4382.Dq Li NO . 4383.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4384.Pq Vt bool 4385Tells 4386.Xr rfcomm_pppd 8 4387if it should register Dial-Up Networking service on the specified 4388RFCOMM channel. 4389Default 4390.Dq Li NO . 4391.It Va ubthidhci_enable 4392.Pq Vt bool 4393If set to 4394.Dq Li YES , 4395change the USB Bluetooth controller from HID mode to HCI mode. 4396You also need to specify the location of USB Bluetooth controller with the 4397.Va ubthidhci_busnum 4398and 4399.Va ubthidhci_addr 4400variables. 4401.It Va ubthidhci_busnum 4402Bus number where the USB Bluetooth controller is located. 4403Check the output of 4404.Xr usbconfig 8 4405on your system to find this information. 4406.It Va ubthidhci_addr 4407Bus address of the USB Bluetooth controller. 4408Check the output of 4409.Xr usbconfig 8 4410on your system to find this information. 4411.It Va netwait_enable 4412.Pq Vt bool 4413If set to 4414.Dq Li YES , 4415delays the start of network-reliant services until 4416.Va netwait_if 4417is up and ICMP packets to a destination defined in 4418.Va netwait_ip 4419are flowing. 4420Link state is examined first, followed by 4421.Dq Li pinging 4422an IP address to verify network usability. 4423If no destination can be reached or timeouts are exceeded, 4424network services are started anyway with no guarantee that 4425the network is usable. 4426Use of this variable requires both 4427.Va netwait_ip 4428and 4429.Va netwait_if 4430to be set. 4431.It Va netwait_ip 4432.Pq Vt str 4433Empty by default. 4434This variable contains a space-delimited list of IP addresses to 4435.Xr ping 8 . 4436DNS hostnames should not be used as resolution is not guaranteed 4437to be functional at this point. 4438If multiple IP addresses are specified, 4439each will be tried until one is successful or the list is exhausted. 4440.It Va netwait_timeout 4441.Pq Vt int 4442Indicates the total number of seconds to perform a 4443.Dq Li ping 4444against each IP address in 4445.Va netwait_ip , 4446at a rate of one ping per second. 4447If any of the pings are successful, 4448full network connectivity is considered reliable. 4449The default is 60. 4450.It Va netwait_if 4451.Pq Vt str 4452Empty by default. 4453Defines the name of the network interface on which watch for link. 4454.Xr ifconfig 8 4455is used to monitor the interface, looking for 4456.Dq Li status: no carrier . 4457Once gone, the link is considered up. 4458This can be a 4459.Xr vlan 4 4460interface if desired. 4461.It Va netwait_if_timeout 4462.Pq Vt int 4463Defines the total number of seconds to wait for link to become usable, 4464polled at a 1-second interval. 4465The default is 30. 4466.It Va rctl_enable 4467.Pq Vt bool 4468If set to 4469.Dq Li YES , 4470load 4471.Xr rctl 8 4472rules from the defined ruleset. 4473The kernel must be built with 4474.Cd "options RACCT" 4475and 4476.Cd "options RCTL" . 4477.It Va rctl_rules 4478.Pq Vt str 4479Set to 4480.Pa /etc/rctl.conf 4481by default. 4482This variables contains the 4483.Xr rctl.conf 5 4484ruleset to load for 4485.Xr rctl 8 . 4486.It Va iovctl_files 4487.Pq Vt str 4488A space-separated list of configuration files used by 4489.Xr iovctl 8 . 4490The default value is an empty string. 4491.It Va autofs_enable 4492.Pq Vt bool 4493If set to 4494.Dq Li YES , 4495start the 4496.Xr automount 8 4497utility and the 4498.Xr automountd 8 4499and 4500.Xr autounmountd 8 4501daemons at boot time. 4502.It Va automount_flags 4503.Pq Vt str 4504If 4505.Va autofs_enable 4506is set to 4507.Dq Li YES , 4508these are the flags to pass to the 4509.Xr automount 8 4510program. 4511By default no flags are passed. 4512.It Va automountd_flags 4513.Pq Vt str 4514If 4515.Va autofs_enable 4516is set to 4517.Dq Li YES , 4518these are the flags to pass to the 4519.Xr automountd 8 4520daemon. 4521By default no flags are passed. 4522.It Va autounmountd_flags 4523.Pq Vt str 4524If 4525.Va autofs_enable 4526is set to 4527.Dq Li YES , 4528these are the flags to pass to the 4529.Xr autounmountd 8 4530daemon. 4531By default no flags are passed. 4532.It Va ctld_enable 4533.Pq Vt bool 4534If set to 4535.Dq Li YES , 4536start the 4537.Xr ctld 8 4538daemon at boot time. 4539.It Va iscsid_enable 4540.Pq Vt bool 4541If set to 4542.Dq Li YES , 4543start the 4544.Xr iscsid 8 4545daemon at boot time. 4546.It Va iscsictl_enable 4547.Pq Vt bool 4548If set to 4549.Dq Li YES , 4550start the 4551.Xr iscsictl 8 4552utility at boot time. 4553.It Va iscsictl_flags 4554.Pq Vt str 4555If 4556.Va iscsictl_enable 4557is set to 4558.Dq Li YES , 4559these are the flags to pass to the 4560.Xr iscsictl 8 4561program. 4562The default is 4563.Dq Li -Aa , 4564which configures sessions based on the 4565.Pa /etc/iscsi.conf 4566configuration file. 4567.It Va cfumass_enable 4568.Pq Vt bool 4569If set to 4570.Dq Li YES , 4571create and export an USB LUN using 4572.Xr cfumass 4 4573at boot time. 4574.It Va cfumass_dir 4575.Pq Vt str 4576The directory where the files exported by USB LUN are located. 4577The default directory is 4578.Pa /var/cfumass . 4579.It Va service_delete_empty 4580.Pq Vt bool 4581If set to 4582.Dq Li YES , 4583.Ql Li service delete 4584removes empty 4585.Dq Li rc.conf.d 4586files. 4587.It Va zfs_bootonce_activate 4588.Pq Vt bool 4589If set to 4590.Dq Li YES , 4591and a boot environment marked bootonce is successfully booted, 4592it will be made permanently active. 4593.El 4594.Sh FILES 4595.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4596.It Pa /etc/defaults/rc.conf 4597.It Pa /etc/defaults/vendor.conf 4598.It Pa /etc/rc.conf 4599.It Pa /etc/rc.conf.local 4600.El 4601.Sh SEE ALSO 4602.Xr chmod 1 , 4603.Xr gdb 1 , 4604.Xr info 1 , 4605.Xr kbdcontrol 1 , 4606.Xr sh 1 , 4607.Xr vi 1 , 4608.Xr vidcontrol 1 , 4609.Xr bridge 4 , 4610.Xr dummynet 4 , 4611.Xr ip 4 , 4612.Xr ipf 4 , 4613.Xr ipfw 4 , 4614.Xr ipnat 4 , 4615.Xr kld 4 , 4616.Xr pf 4 , 4617.Xr pflog 4 , 4618.Xr pfsync 4 , 4619.Xr tcp 4 , 4620.Xr udp 4 , 4621.Xr exports 5 , 4622.Xr fstab 5 , 4623.Xr ipf 5 , 4624.Xr ipnat 5 , 4625.Xr jail.conf 5 , 4626.Xr loader.conf 5 , 4627.Xr motd 5 , 4628.Xr newsyslog.conf 5 , 4629.Xr pf.conf 5 , 4630.Xr firewall 7 , 4631.Xr growfs 7 , 4632.Xr security 7 , 4633.Xr tuning 7 , 4634.Xr accton 8 , 4635.Xr apm 8 , 4636.Xr bsdinstall 8 , 4637.Xr bthidd 8 , 4638.Xr chkprintcap 8 , 4639.Xr chown 8 , 4640.Xr cron 8 , 4641.Xr devfs 8 , 4642.Xr dhclient 8 , 4643.Xr ftpd 8 , 4644.Xr geli 8 , 4645.Xr hcsecd 8 , 4646.Xr ifconfig 8 , 4647.Xr inetd 8 , 4648.Xr iovctl 8 , 4649.Xr ipf 8 , 4650.Xr ipfw 8 , 4651.Xr ipnat 8 , 4652.Xr jail 8 , 4653.Xr kldxref 8 , 4654.Xr loader 8 , 4655.Xr lpd 8 , 4656.Xr makewhatis 8 , 4657.Xr mdconfig 8 , 4658.Xr mdmfs 8 , 4659.Xr mixer 8 , 4660.Xr mountd 8 , 4661.Xr moused 8 , 4662.Xr newfs 8 , 4663.Xr newsyslog 8 , 4664.Xr nfsd 8 , 4665.Xr ntpd 8 , 4666.Xr ntpdate 8 , 4667.Xr pfctl 8 , 4668.Xr pflogd 8 , 4669.Xr ping 8 , 4670.Xr powerd 8 , 4671.Xr quotacheck 8 , 4672.Xr quotaon 8 , 4673.Xr rc 8 , 4674.Xr rc.sendmail 8 , 4675.Xr rcorder 8 , 4676.Xr rfcomm_pppd 8 , 4677.Xr route 8 , 4678.Xr routed 8 , 4679.Xr rpc.lockd 8 , 4680.Xr rpc.statd 8 , 4681.Xr rpcbind 8 , 4682.Xr rwhod 8 , 4683.Xr savecore 8 , 4684.Xr sdpd 8 , 4685.Xr service 8 , 4686.Xr sshd 8 , 4687.Xr swapon 8 , 4688.Xr sysctl 8 , 4689.Xr syslogd 8 , 4690.Xr sysrc 8 , 4691.Xr unbound 8 , 4692.Xr usbconfig 8 , 4693.Xr wlandebug 8 , 4694.Xr yp 8 , 4695.Xr ypbind 8 , 4696.Xr ypserv 8 , 4697.Xr ypset 8 4698.Sh HISTORY 4699The 4700.Nm 4701file appeared in 4702.Fx 2.2.2 . 4703.Sh AUTHORS 4704.An Jordan K. Hubbard . 4705