1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd July 13, 2016 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory or 74.Ao Ar dir Ac Ns Pa /rc.conf.d 75directories specified in 76.Va local_startup , 77which will be included by the 78.Va load_rc_config 79function. 80For jail configurations you could use the file 81.Pa /etc/rc.conf.d/jail 82to store jail specific configuration options. 83If 84.Va local_startup 85contains 86.Pa /usr/local/etc/rc.d 87and 88.Pa /opt/conf , 89.Pa /usr/local/rc.conf.d/jail 90and 91.Pa /opt/conf/rc.conf.d/jail 92will be loaded. 93If 94.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 95is a directory, 96all of files in the directory will be loaded. 97Also see the 98.Va rc_conf_files 99variable below. 100.Pp 101Options are set with 102.Dq Ar name Ns Li = Ns Ar value 103assignments that use 104.Xr sh 1 105syntax. 106The following list provides a name and short description for each 107variable that can be set in the 108.Nm 109file: 110.Bl -tag -width indent-two 111.It Va rc_debug 112.Pq Vt bool 113If set to 114.Dq Li YES , 115enable output of debug messages from rc scripts. 116This variable can be helpful in diagnosing mistakes when 117editing or integrating new scripts. 118Beware that this produces copious output to the terminal and 119.Xr syslog 3 . 120.It Va rc_info 121.Pq Vt bool 122If set to 123.Dq Li NO , 124disable informational messages from the rc scripts. 125Informational messages are displayed when 126a condition that is not serious enough to warrant a warning or 127an error occurs. 128.It Va rc_startmsgs 129.Pq Vt bool 130If set to 131.Dq Li YES , 132show 133.Dq Starting foo: 134when faststart is used (e.g., at boot time). 135.It Va early_late_divider 136.Pq Vt str 137The name of the script that should be used as the 138delimiter between the 139.Dq early 140and 141.Dq late 142stages of the boot process. 143The early stage should contain all the services needed to 144get the disks (local or remote) mounted so that the late 145stage can include scripts contained in the directories 146listed in the 147.Va local_startup 148variable (see below). 149Thus, the two likely candidates for this value are 150.Pa mountcritlocal 151for the typical system, and 152.Pa mountcritremote 153if the system needs remote file 154systems mounted to get access to the 155.Va local_startup 156directories; for example when 157.Pa /usr/local 158is NFS mounted. 159For 160.Pa rc.conf 161within a 162.Xr jail 8 163.Pa NETWORKING 164is likely to be an appropriate value. 165Extreme care should be taken when changing this value, 166and before changing it one should ensure that there are 167adequate provisions to recover from a failed boot 168(such as physical contact with the machine, 169or reliable remote console access). 170.It Va always_force_depends 171.Pq Vt bool 172Various 173.Pa rc.d 174scripts use the force_depend function to check whether required 175services are already running, and to start them if necessary. 176By default during boot time this check is bypassed if the 177required service is enabled in 178.Pa /etc/rc.conf[.local] . 179Setting this option will bypass that check at boot time and 180always test whether or not the service is actually running. 181Enabling this option is likely to increase your boot time if 182services are enabled that utilize the force_depend check. 183.It Ao Ar name Ac Ns Va _chroot 184.Pq Vt str 185.Xr chroot 186to this directory before running the service. 187.It Ao Ar name Ac Ns Va _user 188.Pq Vt str 189Run the service under this user account. 190.It Ao Ar name Ac Ns Va _group 191.Pq Vt str 192Run the chrooted service under this system group. 193Unlike the _user 194setting, this setting has no effect if the service is not chrooted. 195.It Ao Ar name Ac Ns Va _fib 196.Pq Vt int 197The 198.Xr setfib 1 199value to run the service under. 200.It Ao Ar name Ac Ns Va _nice 201.Pq Vt int 202The 203.Xr nice 1 204value to run the service under. 205.It Va apm_enable 206.Pq Vt bool 207If set to 208.Dq Li YES , 209enable support for Automatic Power Management with 210the 211.Xr apm 8 212command. 213.It Va apmd_enable 214.Pq Vt bool 215Run 216.Xr apmd 8 217to handle APM event from userland. 218This also enables support for APM. 219.It Va apmd_flags 220.Pq Vt str 221If 222.Va apmd_enable 223is set to 224.Dq Li YES , 225these are the flags to pass to the 226.Xr apmd 8 227daemon. 228.It Va devd_enable 229.Pq Vt bool 230Run 231.Xr devd 8 232to handle device added, removed or unknown events from the kernel. 233.It Va ddb_enable 234.Pq Vt bool 235Run 236.Xr ddb 8 237to install 238.Xr ddb 4 239scripts at boot time. 240.It Va ddb_config 241.Pq Vt str 242Configuration file for 243.Xr ddb 8 . 244Default 245.Pa /etc/ddb.conf . 246.It Va kld_list 247.Pq Vt str 248A list of kernel modules to load right after the local 249disks are mounted. 250Loading modules at this point in the boot process is 251much faster than doing it via 252.Pa /boot/loader.conf 253for those modules not necessary for mounting local disk. 254.It Va kldxref_enable 255.Pq Vt bool 256Set to 257.Dq Li NO 258by default. 259Set to 260.Dq Li YES 261to automatically rebuild 262.Pa linker.hints 263files with 264.Xr kldxref 8 265at boot time. 266.It Va kldxref_clobber 267.Pq Vt bool 268Set to 269.Dq Li NO 270by default. 271If 272.Va kldxref_enable 273is true, 274setting to 275.Dq Li YES 276will overwrite existing 277.Pa linker.hints 278files at boot time. 279Otherwise, 280only missing 281.Pa linker.hints 282files are generated. 283.It Va kldxref_module_path 284.Pq Vt str 285Empty by default. 286A semi-colon 287.Pq Ql \&; 288delimited list of paths containing 289.Xr kld 4 290modules. 291If empty, 292the contents of the 293.Va kern.module_path 294.Xr sysctl 8 295are used. 296.It Va powerd_enable 297.Pq Vt bool 298If set to 299.Dq Li YES , 300enable the system power control facility with the 301.Xr powerd 8 302daemon. 303.It Va powerd_flags 304.Pq Vt str 305If 306.Va powerd_enable 307is set to 308.Dq Li YES , 309these are the flags to pass to the 310.Xr powerd 8 311daemon. 312.It Va tmpmfs 313Controls the creation of a 314.Pa /tmp 315memory file system. 316Always happens if set to 317.Dq Li YES 318and never happens if set to 319.Dq Li NO . 320If set to anything else, a memory file system is created if 321.Pa /tmp 322is not writable. 323.It Va tmpsize 324Controls the size of a created 325.Pa /tmp 326memory file system. 327.It Va tmpmfs_flags 328Extra options passed to the 329.Xr mdmfs 8 330utility when the memory file system for 331.Pa /tmp 332is created. 333The default is 334.Dq Li "-S" , 335which inhibits the use of softupdates on 336.Pa /tmp 337so that file system space is freed without delay 338after file truncation or deletion. 339See 340.Xr mdmfs 8 341for other options you can use in 342.Va tmpmfs_flags . 343.It Va varmfs 344Controls the creation of a 345.Pa /var 346memory file system. 347Always happens if set to 348.Dq Li YES 349and never happens if set to 350.Dq Li NO . 351If set to anything else, a memory file system is created if 352.Pa /var 353is not writable. 354.It Va varsize 355Controls the size of a created 356.Pa /var 357memory file system. 358.It Va varmfs_flags 359Extra options passed to the 360.Xr mdmfs 8 361utility when the memory file system for 362.Pa /var 363is created. 364The default is 365.Dq Li "-S" , 366which inhibits the use of softupdates on 367.Pa /var 368so that file system space is freed without delay 369after file truncation or deletion. 370See 371.Xr mdmfs 8 372for other options you can use in 373.Va varmfs_flags . 374.It Va populate_var 375Controls the automatic population of the 376.Pa /var 377file system. 378Always happens if set to 379.Dq Li YES 380and never happens if set to 381.Dq Li NO . 382If set to anything else, a memory file system is created if 383.Pa /var 384is not writable. 385Note that this process requires access to certain commands in 386.Pa /usr 387before 388.Pa /usr 389is mounted on normal systems. 390.It Va cleanvar_enable 391.Pq Vt bool 392Clean the 393.Pa /var 394directory. 395.It Va local_startup 396.Pq Vt str 397List of directories to search for startup script files. 398.It Va script_name_sep 399.Pq Vt str 400The field separator to use for breaking down the list of startup script files 401into individual filenames. 402The default is a space. 403It is not necessary to change this unless there are startup scripts with names 404containing spaces. 405.It Va hostapd_enable 406.Pq Vt bool 407Set to 408.Dq Li YES 409to start 410.Xr hostapd 8 411at system boot time. 412.It Va hostname 413.Pq Vt str 414The fully qualified domain name (FQDN) of this host on the network. 415This should almost certainly be set to something meaningful, even if 416there is no network connection. 417If 418.Xr dhclient 8 419is used to set the hostname via DHCP, 420this variable should be set to an empty string. 421If this value remains unset when the system is done booting 422your console login will display the default hostname of 423.Dq Amnesiac . 424.It Va nisdomainname 425.Pq Vt str 426The NIS domain name of this host, or 427.Dq Li NO 428if NIS is not used. 429.It Va dhclient_program 430.Pq Vt str 431Path to the DHCP client program 432.Pa ( /sbin/dhclient , 433the 434.Ox 435DHCP client, 436is the default). 437.It Va dhclient_flags 438.Pq Vt str 439Additional flags to pass to the DHCP client program. 440For the 441.Ox 442DHCP client, see the 443.Xr dhclient 8 444manpage for a description of the command line options available. 445.It Va dhclient_flags_ Ns Aq Ar iface 446Additional flags to pass to the DHCP client program running on 447.Ar iface 448only. 449When specified, this variable overrides 450.Va dhclient_flags . 451.It Va background_dhclient 452.Pq Vt bool 453Set to 454.Dq Li YES 455to start the DHCP client in background. 456This can cause trouble with applications depending on 457a working network, but it will provide a faster startup 458in many cases. 459.It Va background_dhclient_ Ns Aq Ar iface 460When specified, this variable overrides the 461.Va background_dhclient 462variable for interface 463.Ar iface 464only. 465.It Va synchronous_dhclient 466.Pq Vt bool 467Set to 468.Dq Li YES 469to start 470.Xr dhclient 8 471synchronously at startup. 472This behavior can be overridden on a per-interface basis by replacing 473the 474.Dq Li DHCP 475keyword in the 476.Va ifconfig_ Ns Aq Ar interface 477variable with 478.Dq Li SYNCDHCP 479or 480.Dq Li NOSYNCDHCP . 481.It Va defaultroute_delay 482.Pq Vt int 483When set to a positive value, wait up to this long after configuring 484DHCP interfaces at startup to give the interfaces time to receive a lease. 485.It Va firewall_enable 486.Pq Vt bool 487Set to 488.Dq Li YES 489to load firewall rules at startup. 490If the kernel was not built with 491.Cd "options IPFIREWALL" , 492the 493.Pa ipfw.ko 494kernel module will be loaded. 495See also 496.Va ipfilter_enable . 497.It Va firewall_script 498.Pq Vt str 499This variable specifies the full path to the firewall script to run. 500The default is 501.Pa /etc/rc.firewall . 502.It Va firewall_type 503.Pq Vt str 504Names the firewall type from the selection in 505.Pa /etc/rc.firewall , 506or the file which contains the local firewall ruleset. 507Valid selections from 508.Pa /etc/rc.firewall 509are: 510.Pp 511.Bl -tag -width ".Li simple" -compact 512.It Li open 513unrestricted IP access 514.It Li closed 515all IP services disabled, except via 516.Dq Li lo0 517.It Li client 518basic protection for a workstation 519.It Li simple 520basic protection for a LAN. 521.El 522.Pp 523If a filename is specified, the full path 524must be given. 525.It Va firewall_quiet 526.Pq Vt bool 527Set to 528.Dq Li YES 529to disable the display of firewall rules on the console during boot. 530.It Va firewall_logging 531.Pq Vt bool 532Set to 533.Dq Li YES 534to enable firewall event logging. 535This is equivalent to the 536.Dv IPFIREWALL_VERBOSE 537kernel option. 538.It Va firewall_logif 539.Pq Vt bool 540Set to 541.Dq Li YES 542to create pseudo interface 543.Li ipfw0 544for logging. 545For more details, see 546.Xr ipfw 8 547manual page. 548.It Va firewall_flags 549.Pq Vt str 550Flags passed to 551.Xr ipfw 8 552if 553.Va firewall_type 554specifies a filename. 555.It Va firewall_coscripts 556.Pq Vt str 557List of executables and/or rc scripts to run after firewall starts/stops. 558Default is empty. 559.\" ----- firewall_nat_enable setting -------------------------------- 560.It Va firewall_nat_enable 561.Pq Vt bool 562The 563.Xr ipfw 8 564equivalent of 565.Va natd_enable . 566Setting this to 567.Dq Li YES 568enables kernel NAT. 569.Va firewall_enable 570must also be set to 571.Dq Li YES . 572.It Va firewall_nat_interface 573.Pq Vt str 574The 575.Xr ipfw 8 576equivalent of 577.Va natd_interface . 578This is the name of the public interface or IP address on which 579kernel NAT should run. 580.It Va firewall_nat_flags 581.Pq Vt str 582Additional configuration parameters for kernel NAT should be placed here. 583.It Va dummynet_enable 584.Pq Vt bool 585Setting this to 586.Dq Li YES 587will automatically load the 588.Xr dummynet 4 589module if 590.Va firewall_enable 591is also set to 592.Dq Li YES . 593.\" ------------------------------------------------------------------- 594.It Va natd_program 595.Pq Vt str 596Path to 597.Xr natd 8 . 598.It Va natd_enable 599.Pq Vt bool 600Set to 601.Dq Li YES 602to enable 603.Xr natd 8 . 604.Va firewall_enable 605must also be set to 606.Dq Li YES , 607and 608.Xr divert 4 609sockets must be enabled in the kernel. 610If the kernel was not built with 611.Cd "options IPDIVERT" , 612the 613.Pa ipdivert.ko 614kernel module will be loaded. 615.It Va natd_interface 616.Pq Vt str 617This is the name of the public interface on which 618.Xr natd 8 619should run. 620The interface may be given as an interface name or as an IP address. 621.It Va natd_flags 622.Pq Vt str 623Additional 624.Xr natd 8 625flags should be placed here. 626The 627.Fl n 628or 629.Fl a 630flag is automatically added with the above 631.Va natd_interface 632as an argument. 633.\" ----- ipfilter_enable setting -------------------------------- 634.It Va ipfilter_enable 635.Pq Vt bool 636Set to 637.Dq Li NO 638by default. 639Setting this to 640.Dq Li YES 641enables 642.Xr ipf 8 643packet filtering. 644.Pp 645Typical usage will require putting 646.Bd -literal 647ipfilter_enable="YES" 648ipnat_enable="YES" 649ipmon_enable="YES" 650ipfs_enable="YES" 651.Ed 652.Pp 653into 654.Pa /etc/rc.conf 655and editing 656.Pa /etc/ipf.rules 657and 658.Pa /etc/ipnat.rules 659appropriately. 660.Pp 661Note that 662.Va ipfilter_enable 663and 664.Va ipnat_enable 665can be enabled independently. 666.Va ipmon_enable 667and 668.Va ipfs_enable 669both require at least one of 670.Va ipfilter_enable 671and 672.Va ipnat_enable 673to be enabled. 674.Pp 675Having 676.Bd -literal 677options IPFILTER 678options IPFILTER_LOG 679options IPFILTER_DEFAULT_BLOCK 680.Ed 681.Pp 682in the kernel configuration file is a good idea, too. 683.\" ----- ipfilter_program setting ------------------------------ 684.It Va ipfilter_program 685.Pq Vt str 686Path to 687.Xr ipf 8 688(default 689.Pa /sbin/ipf ) . 690.\" ----- ipfilter_rules setting -------------------------------- 691.It Va ipfilter_rules 692.Pq Vt str 693Set to 694.Pa /etc/ipf.rules 695by default. 696This variable contains the name of the filter rule definition file. 697The file is expected to be readable for the 698.Xr ipf 8 699command to execute. 700.\" ----- ipv6_ipfilter_rules setting --------------------------- 701.It Va ipv6_ipfilter_rules 702.Pq Vt str 703Set to 704.Pa /etc/ipf6.rules 705by default. 706This variable contains the IPv6 filter rule definition file. 707The file is expected to be readable for the 708.Xr ipf 8 709command to execute. 710.\" ----- ipfilter_flags setting -------------------------------- 711.It Va ipfilter_flags 712.Pq Vt str 713Empty by default. 714This variable contains flags passed to the 715.Xr ipf 8 716program. 717.\" ----- ipnat_enable setting ---------------------------------- 718.It Va ipnat_enable 719.Pq Vt bool 720Set to 721.Dq Li NO 722by default. 723Set it to 724.Dq Li YES 725to enable 726.Xr ipnat 8 727network address translation. 728See 729.Va ipfilter_enable 730for a detailed discussion. 731.\" ----- ipnat_program setting --------------------------------- 732.It Va ipnat_program 733.Pq Vt str 734Path to 735.Xr ipnat 8 736(default 737.Pa /sbin/ipnat ) . 738.\" ----- ipnat_rules setting ----------------------------------- 739.It Va ipnat_rules 740.Pq Vt str 741Set to 742.Pa /etc/ipnat.rules 743by default. 744This variable contains the name of the file 745holding the network address translation definition. 746This file is expected to be readable for the 747.Xr ipnat 8 748command to execute. 749.\" ----- ipnat_flags setting ----------------------------------- 750.It Va ipnat_flags 751.Pq Vt str 752Empty by default. 753This variable contains flags passed to the 754.Xr ipnat 8 755program. 756.\" ----- ipmon_enable setting ---------------------------------- 757.It Va ipmon_enable 758.Pq Vt bool 759Set to 760.Dq Li NO 761by default. 762Set it to 763.Dq Li YES 764to enable 765.Xr ipmon 8 766monitoring (logging 767.Xr ipf 8 768and 769.Xr ipnat 8 770events). 771Setting this variable needs setting 772.Va ipfilter_enable 773or 774.Va ipnat_enable 775too. 776See 777.Va ipfilter_enable 778for a detailed discussion. 779.\" ----- ipmon_program setting --------------------------------- 780.It Va ipmon_program 781.Pq Vt str 782Path to 783.Xr ipmon 8 784(default 785.Pa /sbin/ipmon ) . 786.\" ----- ipmon_flags setting ----------------------------------- 787.It Va ipmon_flags 788.Pq Vt str 789Set to 790.Dq Li -Ds 791by default. 792This variable contains flags passed to the 793.Xr ipmon 8 794program. 795Another typical example would be 796.Dq Fl D Pa /var/log/ipflog 797to have 798.Xr ipmon 8 799log directly to a file bypassing 800.Xr syslogd 8 . 801Make sure to adjust 802.Pa /etc/newsyslog.conf 803in such case like this: 804.Bd -literal 805/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 806.Ed 807.\" ----- ipfs_enable setting ----------------------------------- 808.It Va ipfs_enable 809.Pq Vt bool 810Set to 811.Dq Li NO 812by default. 813Set it to 814.Dq Li YES 815to enable 816.Xr ipfs 8 817saving the filter and NAT state tables during shutdown 818and reloading them during startup again. 819Setting this variable needs setting 820.Va ipfilter_enable 821or 822.Va ipnat_enable 823to 824.Dq Li YES 825too. 826See 827.Va ipfilter_enable 828for a detailed discussion. 829Note that if 830.Va kern_securelevel 831is set to 3, 832.Va ipfs_enable 833cannot be used 834because the raised securelevel will prevent 835.Xr ipfs 8 836from saving the state tables at shutdown time. 837.\" ----- ipfs_program setting ---------------------------------- 838.It Va ipfs_program 839.Pq Vt str 840Path to 841.Xr ipfs 8 842(default 843.Pa /sbin/ipfs ) . 844.\" ----- ipfs_flags setting ------------------------------------ 845.It Va ipfs_flags 846.Pq Vt str 847Empty by default. 848This variable contains flags passed to the 849.Xr ipfs 8 850program. 851.\" ----- end of added ipf hook --------------------------------- 852.It Va pf_enable 853.Pq Vt bool 854Set to 855.Dq Li NO 856by default. 857Setting this to 858.Dq Li YES 859enables 860.Xr pf 4 861packet filtering. 862.Pp 863Typical usage will require putting 864.Pp 865.Dl pf_enable="YES" 866.Pp 867into 868.Pa /etc/rc.conf 869and editing 870.Pa /etc/pf.conf 871appropriately. 872Adding 873.Pp 874.Dl "device pf" 875.Pp 876builds support for 877.Xr pf 4 878into the kernel, otherwise the 879kernel module will be loaded. 880.It Va pf_rules 881.Pq Vt str 882Path to 883.Xr pf 4 884ruleset configuration file 885(default 886.Pa /etc/pf.conf ) . 887.It Va pf_program 888.Pq Vt str 889Path to 890.Xr pfctl 8 891(default 892.Pa /sbin/pfctl ) . 893.It Va pf_flags 894.Pq Vt str 895If 896.Va pf_enable 897is set to 898.Dq Li YES , 899these flags are passed to the 900.Xr pfctl 8 901program when loading the ruleset. 902.It Va pflog_enable 903.Pq Vt bool 904Set to 905.Dq Li NO 906by default. 907Setting this to 908.Dq Li YES 909enables 910.Xr pflogd 8 911which logs packets from the 912.Xr pf 4 913packet filter. 914.It Va pflog_logfile 915.Pq Vt str 916If 917.Va pflog_enable 918is set to 919.Dq Li YES 920this controls where 921.Xr pflogd 8 922stores the logfile 923(default 924.Pa /var/log/pflog ) . 925Check 926.Pa /etc/newsyslog.conf 927to adjust logfile rotation for this. 928.It Va pflog_program 929.Pq Vt str 930Path to 931.Xr pflogd 8 932(default 933.Pa /sbin/pflogd ) . 934.It Va pflog_flags 935.Pq Vt str 936Empty by default. 937This variable contains additional flags passed to the 938.Xr pflogd 8 939program. 940.It Va pflog_instances 941.Pq Vt str 942If logging to more than one 943.Xr pflog 4 944interface is desired, 945.Va pflog_instances 946is set to the list of 947.Xr pflogd 8 948instances that should be started at system boot time. 949If 950.Va pflog_instances 951is set, for each whitespace-seperated 952.Ar element 953in the list, 954.Ao Ar element Ac Ns Va _dev 955and 956.Ao Ar element Ac Ns Va _logfile 957elements are assumed to exist. 958.Ao Ar element Ac Ns Va _dev 959must contain the 960.Xr pflog 4 961interface to be watched by the named 962.Xr pflogd 8 963instance. 964.Ao Ar element Ac Ns Va _logfile 965must contain the name of the logfile that will be used by the 966.Xr pflogd 8 967instance. 968.It Va ftpproxy_enable 969.Pq Vt bool 970Set to 971.Dq Li NO 972by default. 973Setting this to 974.Dq Li YES 975enables 976.Xr ftp-proxy 8 977which supports the 978.Xr pf 4 979packet filter in translating ftp connections. 980.It Va ftpproxy_flags 981.Pq Vt str 982Empty by default. 983This variable contains additional flags passed to the 984.Xr ftp-proxy 8 985program. 986.It Va ftpproxy_instances 987.Pq Vt str 988Empty by default. 989If multiple instances of 990.Xr ftp-proxy 8 991are desired at boot time, 992.Va ftpproxy_instances 993should contain a whitespace-seperated list of instance names. 994For each 995.Ar element 996in the list, a variable named 997.Ao Ar element Ac Ns Va _flags 998should be defined, containing the command-line flags to be passed to the 999.Xr ftp-proxy 8 1000instance. 1001.It Va pfsync_enable 1002.Pq Vt bool 1003Set to 1004.Dq Li NO 1005by default. 1006Setting this to 1007.Dq Li YES 1008enables exposing 1009.Xr pf 4 1010state changes to other hosts over the network by means of 1011.Xr pfsync 4 . 1012The 1013.Va pfsync_syncdev 1014variable 1015must also be set then. 1016.It Va pfsync_syncdev 1017.Pq Vt str 1018Empty by default. 1019This variable specifies the name of the network interface 1020.Xr pfsync 4 1021should operate through. 1022It must be set accordingly if 1023.Va pfsync_enable 1024is set to 1025.Dq Li YES . 1026.It Va pfsync_syncpeer 1027.Pq Vt str 1028Empty by default. 1029This variable is optional. 1030By default, state change messages are sent out on the synchronisation 1031interface using IP multicast packets. 1032The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1033224.0.0.240. 1034When a peer address is specified using the 1035.Va pfsync_syncpeer 1036option, the peer address is used as a destination for the pfsync 1037traffic, and the traffic can then be protected using 1038.Xr ipsec 4 . 1039See the 1040.Xr pfsync 4 1041manpage for more details about using 1042.Xr ipsec 4 1043with 1044.Xr pfsync 4 1045interfaces. 1046.It Va pfsync_ifconfig 1047.Pq Vt str 1048Empty by default. 1049This variable can contain additional options to be passed to the 1050.Xr ifconfig 8 1051command used to set up 1052.Xr pfsync 4 . 1053.It Va tcp_extensions 1054.Pq Vt bool 1055Set to 1056.Dq Li YES 1057by default. 1058Setting this to 1059.Dq Li NO 1060disables certain TCP options as described by 1061.Rs 1062.%T "RFC 1323" 1063.Re 1064Setting this to 1065.Dq Li NO 1066might help remedy such problems with connections as randomly hanging 1067or other weird behavior. 1068Some network devices are known 1069to be broken with respect to these options. 1070.It Va log_in_vain 1071.Pq Vt int 1072Set to 0 by default. 1073The 1074.Xr sysctl 8 1075variables, 1076.Va net.inet.tcp.log_in_vain 1077and 1078.Va net.inet.udp.log_in_vain , 1079as described in 1080.Xr tcp 4 1081and 1082.Xr udp 4 , 1083are set to the given value. 1084.It Va tcp_keepalive 1085.Pq Vt bool 1086Set to 1087.Dq Li YES 1088by default. 1089Setting to 1090.Dq Li NO 1091will disable probing idle TCP connections to verify that the 1092peer is still up and reachable. 1093.It Va tcp_drop_synfin 1094.Pq Vt bool 1095Set to 1096.Dq Li NO 1097by default. 1098Setting to 1099.Dq Li YES 1100will cause the kernel to ignore TCP frames that have both 1101the SYN and FIN flags set. 1102This prevents OS fingerprinting, but may 1103break some legitimate applications. 1104.It Va icmp_drop_redirect 1105.Pq Vt bool 1106Set to 1107.Dq Li NO 1108by default. 1109Setting to 1110.Dq Li YES 1111will cause the kernel to ignore ICMP REDIRECT packets. 1112Refer to 1113.Xr icmp 4 1114for more information. 1115.It Va icmp_log_redirect 1116.Pq Vt bool 1117Set to 1118.Dq Li NO 1119by default. 1120Setting to 1121.Dq Li YES 1122will cause the kernel to log ICMP REDIRECT packets. 1123Note that 1124the log messages are not rate-limited, so this option should only be used 1125for troubleshooting networks. 1126Refer to 1127.Xr icmp 4 1128for more information. 1129.It Va icmp_bmcastecho 1130.Pq Vt bool 1131Set to 1132.Dq Li YES 1133to respond to broadcast or multicast ICMP ping packets. 1134Refer to 1135.Xr icmp 4 1136for more information. 1137.It Va ip_portrange_first 1138.Pq Vt int 1139If not set to 1140.Dq Li NO , 1141this is the first port in the default portrange. 1142Refer to 1143.Xr ip 4 1144for more information. 1145.It Va ip_portrange_last 1146.Pq Vt int 1147If not set to 1148.Dq Li NO , 1149this is the last port in the default portrange. 1150Refer to 1151.Xr ip 4 1152for more information. 1153.It Va network_interfaces 1154.Pq Vt str 1155Set to the list of network interfaces to configure on this host or 1156.Dq Li AUTO 1157(the default) for all current interfaces. 1158Setting the 1159.Va network_interfaces 1160variable to anything other than the default is deprecated. 1161Interfaces that the administrator wishes to store configuration for, 1162but not start at boot should be configured with the 1163.Dq Li NOAUTO 1164keyword in their 1165.Va ifconfig_ Ns Aq Ar interface 1166variables as described below. 1167.Pp 1168An 1169.Va ifconfig_ Ns Aq Ar interface 1170variable is also assumed to exist for each value of 1171.Ar interface . 1172When an interface name contains any of the characters 1173.Dq Li .-/+ 1174they are translated to 1175.Dq Li _ 1176before lookup. 1177The variable can contain arguments to 1178.Xr ifconfig 8 , 1179as well as special case-insensitive keywords described below. 1180Such keywords are removed before passing the value to 1181.Xr ifconfig 8 1182while the order of the other arguments is preserved. 1183.Pp 1184It is possible to add IP alias entries using 1185.Xr ifconfig 8 1186syntax with the address family keyword such as 1187.Li inet . 1188Assuming that the interface in question was 1189.Li ed0 , 1190it might look something like this: 1191.Bd -literal 1192ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1193ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1194.Ed 1195.Pp 1196It also possible to configure multiple IP addresses in Classless 1197Inter-Domain Routing 1198.Pq CIDR 1199address notation, 1200whose each address component can be a range like 1201.Li inet 192.0.2.5-23/24 1202or 1203.Li inet6 2001:db8:1-f::1/64 . 1204This notation allows address and prefix length part only, 1205not the other address modifiers. 1206Note that the maximum number of the generated addresses from a range 1207specification is limited to an integer value specified in 1208.Va netif_ipexpand_max 1209in 1210.Nm 1211because a small typo can unexpectedly generate a large number of addresses. 1212The default value is 1213.Li 2048 . 1214It can be increased by adding the following line into 1215.Nm : 1216.Bd -literal 1217netif_ipexpand_max="4096" 1218.Ed 1219.Pp 1220In the case of 1221.Li 192.0.2.5-23/24 , 1222the address 192.0.2.5 will be configured with the 1223netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1224the non-conflicting netmask /32 as explained in the 1225.Xr ifconfig 8 1226alias section. 1227Note that this special netmask handling is only for 1228.Li inet , 1229not for the other address families such as 1230.Li inet6 . 1231.Pp 1232With the interface in question being 1233.Li ed0 , 1234an example could look like: 1235.Bd -literal 1236ifconfig_ed0_alias2="inet 192.0.2.129/27" 1237ifconfig_ed0_alias3="inet 192.0.2.1-5/28" 1238.Ed 1239.Pp 1240and so on. 1241.Pp 1242Note that 1243.Va ipv4_addrs_ Ns Aq Ar interface 1244variable was supported for IPv4 CIDR address notation. 1245It is now deprecated because the functionality was integrated into 1246.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1247though 1248.Va ipv4_addrs_ Ns Aq Ar interface 1249is still supported for backward compatibility. 1250.Pp 1251For each 1252.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1253entry with an address family keyword, 1254its contents are passed to 1255.Xr ifconfig 8 . 1256Execution stops at the first unsuccessful access, so if 1257something like this is present: 1258.Bd -literal 1259ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1260ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1261ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1262ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1263.Ed 1264.Pp 1265Then note that alias4 would 1266.Em not 1267be added since the search would 1268stop with the missing 1269.Dq Li alias3 1270entry. 1271Because of this difficult to manage behavior, 1272there is 1273.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1274variable, which has the same functionality as 1275.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1276and can have all of entries in a variable like the following: 1277.Bd -literal 1278ifconfig_ed0_aliases="\\ 1279 inet 127.0.0.251 netmask 0xffffffff \\ 1280 inet 127.0.0.252 netmask 0xffffffff \\ 1281 inet 127.0.0.253 netmask 0xffffffff \\ 1282 inet 127.0.0.254 netmask 0xffffffff" 1283.Ed 1284.Pp 1285It also supports CIDR notation. 1286.Pp 1287If the 1288.Pa /etc/start_if. Ns Aq Ar interface 1289file is present, it is read and executed by the 1290.Xr sh 1 1291interpreter 1292before configuring the interface as specified in the 1293.Va ifconfig_ Ns Aq Ar interface 1294and 1295.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1296variables. 1297.Pp 1298If a 1299.Va vlans_ Ns Aq Ar interface 1300variable is set, 1301a 1302.Xr vlan 4 1303interface will be created for each item in the list with the 1304.Ar vlandev 1305argument set to 1306.Ar interface . 1307If a vlan interface's name is a number, 1308then that number is used as the vlan tag and the new vlan interface is 1309named 1310.Ar interface . Ns Ar tag . 1311Otherwise, 1312the vlan tag must be specified via a 1313.Va vlan 1314parameter in the 1315.Va create_args_ Ns Aq Ar interface 1316variable. 1317.Pp 1318To create a vlan device named 1319.Li em0.101 1320on 1321.Li em0 1322with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1323.Bd -literal 1324vlans_em0="101" 1325ifconfig_em0_101="inet 192.0.2.1/24" 1326.Ed 1327.Pp 1328To create a vlan device named 1329.Li myvlan 1330on 1331.Li em0 1332with the vlan tag 102: 1333.Bd -literal 1334vlans_em0="myvlan" 1335create_args_myvlan="vlan 102" 1336.Ed 1337.Pp 1338If a 1339.Va wlans_ Ns Aq Ar interface 1340variable is set, 1341an 1342.Xr wlan 4 1343interface will be created for each item in the list with the 1344.Ar wlandev 1345argument set to 1346.Ar interface . 1347Further wlan cloning arguments may be passed to the 1348.Xr ifconfig 8 1349.Cm create 1350command by setting the 1351.Va create_args_ Ns Aq Ar interface 1352variable. 1353One or more 1354.Xr wlan 4 1355devices must be created for each wireless devices as of 1356.Fx 8.0 . 1357Debugging flags for 1358.Xr wlan 4 1359devices as set by 1360.Xr wlandebug 8 1361may be specified with an 1362.Va wlandebug_ Ns Aq Ar interface 1363variable. 1364The contents of this variable will be passed directly to 1365.Xr wlandebug 8 . 1366.Pp 1367If the 1368.Va ifconfig_ Ns Aq Ar interface 1369contains the keyword 1370.Dq Li NOAUTO 1371then the interface will not be configured 1372at boot or by 1373.Pa /etc/pccard_ether 1374when 1375.Va network_interfaces 1376is set to 1377.Dq Li AUTO . 1378.Pp 1379It is possible to bring up an interface with DHCP by adding 1380.Dq Li DHCP 1381to the 1382.Va ifconfig_ Ns Aq Ar interface 1383variable. 1384For instance, to initialize the 1385.Li ed0 1386device via DHCP, 1387it is possible to use something like: 1388.Bd -literal 1389ifconfig_ed0="DHCP" 1390.Ed 1391.Pp 1392If you want to configure your wireless interface with 1393.Xr wpa_supplicant 8 1394for use with WPA, EAP/LEAP or WEP, you need to add 1395.Dq Li WPA 1396to the 1397.Va ifconfig_ Ns Aq Ar interface 1398variable. 1399.Pp 1400On the other hand, if you want to configure your wireless interface with 1401.Xr hostapd 8 , 1402you need to add 1403.Dq Li HOSTAP 1404to the 1405.Va ifconfig_ Ns Aq Ar interface 1406variable. 1407.Xr hostapd 8 1408will use the settings from 1409.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1410.Pp 1411Finally, you can add 1412.Xr ifconfig 8 1413options in this variable, in addition to the 1414.Pa /etc/start_if. Ns Aq Ar interface 1415file. 1416For instance, to configure an 1417.Xr ath 4 1418wireless device in station mode with an address obtained 1419via DHCP, using WPA authentication and 802.11b mode, it is 1420possible to use something like: 1421.Bd -literal 1422wlans_ath0="wlan0" 1423ifconfig_wlan0="DHCP WPA mode 11b" 1424.Ed 1425.Pp 1426In addition to the 1427.Va ifconfig_ Ns Aq Ar interface 1428form, a fallback variable 1429.Va ifconfig_DEFAULT 1430may be configured. 1431It will be used for all interfaces with no 1432.Va ifconfig_ Ns Aq Ar interface 1433variable. 1434This is intended to replace the no longer supported 1435.Va pccard_ifconfig 1436variable. 1437.Pp 1438It is also possible to rename an interface by doing: 1439.Bd -literal 1440ifconfig_ed0_name="net0" 1441ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1442.Ed 1443.It Va ipv6_enable 1444.Pq Vt bool 1445This variable is deprecated. 1446Use 1447.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1448and 1449.Va ipv6_activate_all_interfaces 1450if necessary. 1451.Pp 1452If the variable is 1453.Dq Li YES , 1454.Dq Li inet6 accept_rtadv 1455is added to all of 1456.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1457and the 1458.Va ipv6_activate_all_interfaces 1459is defined as 1460.Dq Li YES . 1461.It Va ipv6_prefer 1462.Pq Vt bool 1463This variable is deprecated. 1464Use 1465.Va ip6addrctl_policy 1466instead. 1467.Pp 1468If the variable is 1469.Dq Li YES , 1470the default address selection policy table set by 1471.Xr ip6addrctl 8 1472will be IPv6-preferred. 1473.Pp 1474If the variable is 1475.Dq Li NO , 1476the default address selection policy table set by 1477.Xr ip6addrctl 8 1478will be IPv4-preferred. 1479.It Va ipv6_activate_all_interfaces 1480.Pq Vt bool 1481This controls initial configuration on IPv6-capable 1482interfaces with no corresponding 1483.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1484variable. 1485Note that it is not always necessary to set this variable to 1486.Dq YES 1487to use IPv6 functionality on 1488.Fx . 1489In most cases, just configuring 1490.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1491variables works. 1492.Pp 1493If the variable is 1494.Dq Li NO , 1495all interfaces which do not have a corresponding 1496.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1497variable will be marked as 1498.Dq Li IFDISABLED 1499at creation. 1500This means that all of IPv6 functionality on that interface 1501is completely disabled to enforce a security policy. 1502If the variable is set to 1503.Dq YES , 1504the flag will be cleared on all of the interfaces. 1505.Pp 1506In most cases, just defining an 1507.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1508for an IPv6-capable interface should be sufficient. 1509However, if an interface is added dynamically 1510.Pq by some tunneling protocols such as PPP, for example , 1511it is often difficult to define the variable in advance. 1512In such a case, configuring the 1513.Dq Li IFDISABLED 1514flag can be disabled by setting this variable to 1515.Dq YES . 1516.Pp 1517For more details of the 1518.Dq Li IFDISABLED 1519flag and keywords 1520.Dq Li inet6 ifdisabled , 1521see 1522.Xr ifconfig 8 . 1523.Pp 1524Default is 1525.Dq Li NO . 1526.It Va ipv6_privacy 1527.Pq Vt bool 1528If the variable is 1529.Dq Li YES 1530privacy addresses will be generated for each IPv6 1531interface as described in RFC 4941. 1532.It Va ipv6_network_interfaces 1533.Pq Vt str 1534This is the IPv6 equivalent of 1535.Va network_interfaces . 1536Normally manual configuration of this variable is not needed. 1537.It Va ipv6_cpe_wanif 1538.Pq Vt str 1539If the variable is set to an interface name, 1540the 1541.Xr ifconfig 8 1542options 1543.Dq inet6 -no_radr accept_rtadv 1544will be added to the specified interface automatically before evaluating 1545.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1546and two 1547.Xr sysctl 8 1548variables 1549.Va net.inet6.ip6.rfc6204w3 1550and 1551.Va net.inet6.ip6.no_radr 1552will be set to 1. 1553.Pp 1554This means the specified interface will accept ICMPv6 Router 1555Advertisement messages on that link and add the discovered 1556routers into the Default Router List. 1557While the other interfaces can still accept RA messages if the 1558.Dq inet6 accept_rtadv 1559option is specified, adding 1560routes into the Default Router List will be disabled by 1561.Dq inet6 no_radr 1562option by default. 1563See 1564.Xr ifconfig 8 1565for more details. 1566.Pp 1567Note that ICMPv6 Router Advertisement messages will be 1568accepted even when 1569.Va net.inet6.ip6.forwarding 1570is 1 1571.Pq packet forwarding is enabled 1572when 1573.Va net.inet6.ip6.rfc6204w3 1574is set to 1. 1575.Pp 1576Default is 1577.Dq Li NO . 1578.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1579.Pq Vt str 1580IPv6 functionality on an interface should be configured by 1581.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1582instead of setting ifconfig parameters in 1583.Va ifconfig_ Ns Aq Ar interface . 1584If this variable is empty, all of IPv6 configurations on the 1585specified interface by other variables such as 1586.Va ipv6_prefix_ Ns Ao Ar interface Ac 1587will be ignored. 1588.Pp 1589Aliases should be set by 1590.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1591with 1592.Dq Li inet6 1593keyword. 1594For example: 1595.Bd -literal 1596ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1597ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1598.Ed 1599.Pp 1600Interfaces that have an 1601.Dq Li inet6 accept_rtadv 1602keyword in 1603.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1604setting will be automatically configured by SLAAC 1605.Pq StateLess Address AutoConfiguration 1606described in 1607.Rs 1608.%T "RFC 4862" 1609.Re 1610.Pp 1611Note that a link-local address will be automatically configured in 1612addition to the configured global-scope addresses because the IPv6 1613specifications require it on each link. 1614The address is calculated from the MAC address by using an algorithm 1615defined in 1616.Rs 1617.%T "RFC 4862" 1618.%O "Section 5.3" 1619.Re 1620.Pp 1621If only a link-local address is needed on the interface, 1622the following configuration can be used: 1623.Bd -literal 1624ifconfig_ed0_ipv6="inet6 auto_linklocal" 1625.Ed 1626.Pp 1627A link-local address can also be configured manually. 1628This is useful for the default router address of an IPv6 router 1629so that it does not change when the network interface 1630card is replaced. 1631For example: 1632.Bd -literal 1633ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1634.Ed 1635.It Va ipv6_prefix_ Ns Aq Ar interface 1636.Pq Vt str 1637If one or more prefixes are defined in 1638.Va ipv6_prefix_ Ns Aq Ar interface 1639addresses based on each prefix and the EUI-64 interface index will be 1640configured on that interface. 1641Note that this variable will be ignored when 1642.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1643is empty. 1644.Pp 1645For example, the following configuration 1646.Bd -literal 1647ipv6_prefix_ed0="2001:db8:1:0 2001:db8:2:0" 1648.Ed 1649.Pp 1650is equivalent to the following: 1651.Bd -literal 1652ifconfig_ed0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1653ifconfig_ed0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1654ifconfig_ed0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1655ifconfig_ed0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1656.Ed 1657.Pp 1658These Subnet-Router anycast addresses will be added only when 1659.Va ipv6_gateway_enable 1660is YES. 1661.It Va ipv6_default_interface 1662.Pq Vt str 1663If not set to 1664.Dq Li NO , 1665this is the default output interface for scoped addresses. 1666This works only with ipv6_gateway_enable="NO". 1667.It Va ip6addrctl_enable 1668.Pq Vt bool 1669This variable is to enable configuring default address selection policy table 1670.Pq RFC 3484 . 1671The table can be specified in another variable 1672.Va ip6addrctl_policy . 1673For 1674.Va ip6addrctl_policy 1675the following keywords can be specified: 1676.Dq Li ipv4_prefer , 1677.Dq Li ipv6_prefer , 1678or 1679.Dq Li AUTO . 1680.Pp 1681If 1682.Dq Li ipv4_prefer 1683or 1684.Dq Li ipv6_prefer 1685is specified, 1686.Xr ip6addrctl 8 1687installs a pre-defined policy table described in Section 2.1 1688.Pq IPv6-preferred 1689or 10.3 1690.Pq IPv4-preferred 1691of RFC 3484. 1692.Pp 1693If 1694.Dq Li AUTO 1695is specified, it attempts to read a file 1696.Pa /etc/ip6addrctl.conf 1697first. 1698If this file is found, 1699.Xr ip6addrctl 8 1700reads and installs it. 1701If not found, a policy is automatically set 1702according to 1703.Va ipv6_activate_all_interfaces 1704variable; if the variable is set to 1705.Dq Li YES 1706the IPv6-preferred one is used. 1707Otherwise IPv4-preferred. 1708.Pp 1709The default value of 1710.Va ip6addrctl_enable 1711and 1712.Va ip6addrctl_policy 1713are 1714.Dq Li YES 1715and 1716.Dq Li AUTO , 1717respectively. 1718.It Va cloned_interfaces 1719.Pq Vt str 1720Set to the list of clonable network interfaces to create on this host. 1721Further cloning arguments may be passed to the 1722.Xr ifconfig 8 1723.Cm create 1724command for each interface by setting the 1725.Va create_args_ Ns Aq Ar interface 1726variable. 1727If an interface name is specified with 1728.Dq :sticky 1729keyword, 1730the interface will not be destroyed even when 1731.Pa rc.d/netif 1732script is invoked with 1733.Dq stop 1734argument. 1735This is useful when reconfiguring the interface without destroying it. 1736Entries in 1737.Va cloned_interfaces 1738are automatically appended to 1739.Va network_interfaces 1740for configuration. 1741.It Va cloned_interfaces_sticky 1742.Pq Vt bool 1743This variable is to globally enable functionality of 1744.Dq :sticky 1745keyword in 1746.Va cloned_interfaces 1747for all interfaces. 1748The default value is 1749.Dq NO . 1750Even if this variable is specified to 1751.Dq YES , 1752.Dq :nosticky 1753keyword can be used to override it on per interface basis. 1754.It Va gif_interfaces 1755.Pq Vt str 1756This variable is deprecated in favor of 1757.Va cloned_interfaces . 1758Set to the list of 1759.Xr gif 4 1760tunnel interfaces to configure on this host. 1761A 1762.Va gifconfig_ Ns Aq Ar interface 1763variable is assumed to exist for each value of 1764.Ar interface . 1765The value of this variable is used to configure the link layer of the 1766tunnel according to the syntax of the 1767.Cm tunnel 1768option to 1769.Xr ifconfig 8 . 1770Additionally, this option ensures that each listed interface is created 1771via the 1772.Cm create 1773option to 1774.Xr ifconfig 8 1775before attempting to configure it. 1776.It Va sppp_interfaces 1777.Pq Vt str 1778Set to the list of 1779.Xr sppp 4 1780interfaces to configure on this host. 1781A 1782.Va spppconfig_ Ns Aq Ar interface 1783variable is assumed to exist for each value of 1784.Ar interface . 1785Each interface should also be configured by a general 1786.Va ifconfig_ Ns Aq Ar interface 1787setting. 1788Refer to 1789.Xr spppcontrol 8 1790for more information about available options. 1791.It Va ppp_enable 1792.Pq Vt bool 1793If set to 1794.Dq Li YES , 1795run the 1796.Xr ppp 8 1797daemon. 1798.It Va ppp_profile 1799.Pq Vt str 1800The name of the profile to use from 1801.Pa /etc/ppp/ppp.conf . 1802Also used for per-profile overrides of 1803.Va ppp_mode 1804and 1805.Va ppp_nat , 1806and 1807.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1808When the profile name contains any of the characters 1809.Dq Li .-/+ 1810they are translated to 1811.Dq Li _ 1812for the proposes of the override variable names. 1813.It Va ppp_mode 1814.Pq Vt str 1815Mode in which to run the 1816.Xr ppp 8 1817daemon. 1818.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1819.Pq Vt str 1820Overrides the global 1821.Va ppp_mode 1822for 1823.Ar profile . 1824Accepted modes are 1825.Dq Li auto , 1826.Dq Li ddial , 1827.Dq Li direct 1828and 1829.Dq Li dedicated . 1830See the manual for a full description. 1831.It Va ppp_nat 1832.Pq Vt bool 1833If set to 1834.Dq Li YES , 1835enables network address translation. 1836Used in conjunction with 1837.Va gateway_enable 1838allows hosts on private network addresses access to the Internet using 1839this host as a network address translating router. 1840.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1841.Pq Vt str 1842Overrides the global 1843.Va ppp_nat 1844for 1845.Ar profile . 1846.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1847.Pq Vt int 1848Set the unit number to be used for this profile. 1849See the manual description of 1850.Fl unit Ns Ar N 1851for details. 1852.It Va ppp_user 1853.Pq Vt str 1854The name of the user under which 1855.Xr ppp 8 1856should be started. 1857By 1858default, 1859.Xr ppp 8 1860is started as 1861.Dq Li root . 1862.It Va rc_conf_files 1863.Pq Vt str 1864This option is used to specify a list of files that will override 1865the settings in 1866.Pa /etc/defaults/rc.conf . 1867The files will be read in the order in which they are specified and should 1868include the full path to the file. 1869By default, the files specified are 1870.Pa /etc/rc.conf 1871and 1872.Pa /etc/rc.conf.local 1873.It Va zfs_enable 1874.Pq Vt bool 1875If set to 1876.Dq Li YES , 1877.Pa /etc/rc.d/zfs 1878will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1879(ZVOLs). 1880.It Va gptboot_enable 1881.Pq Vt bool 1882If set to 1883.Dq Li YES , 1884.Pa /etc/rc.d/gptboot 1885will log if the system successfully (or not) booted from a GPT partition, 1886which had the 1887.Ar bootonce 1888attribute set using 1889.Xr gpart 8 1890utility. 1891.It Va gbde_autoattach_all 1892.Pq Vt bool 1893If set to 1894.Dq Li YES , 1895.Pa /etc/rc.d/gbde 1896will attempt to automatically initialize your .bde devices in 1897.Pa /etc/fstab . 1898.It Va gbde_devices 1899.Pq Vt str 1900List the devices that the script should try to attach, 1901or 1902.Dq Li AUTO . 1903.It Va gbde_lockdir 1904.Pq Vt str 1905The directory where the 1906.Xr gbde 4 1907lockfiles are located. 1908The default lockfile directory is 1909.Pa /etc . 1910.Pp 1911The lockfile for each individual 1912.Xr gbde 4 1913device can be overridden by setting the variable 1914.Va gbde_lock_ Ns Aq Ar device , 1915where 1916.Ar device 1917is the encrypted device without the 1918.Dq Pa /dev/ 1919and 1920.Dq Pa .bde 1921parts. 1922.It Va gbde_attach_attempts 1923.Pq Vt int 1924Number of times to attempt attaching to a 1925.Xr gbde 4 1926device, i.e., how many times the user is asked for the pass-phrase. 1927Default is 3. 1928.It Va geli_devices 1929.Pq Vt str 1930List of devices to automatically attach on boot. 1931Note that .eli devices from 1932.Pa /etc/fstab 1933are automatically appended to this list. 1934.It Va geli_tries 1935.Pq Vt int 1936Number of times user is asked for the pass-phrase. 1937If empty, it will be taken from 1938.Va kern.geom.eli.tries 1939sysctl variable. 1940.It Va geli_default_flags 1941.Pq Vt str 1942Default flags to use by 1943.Xr geli 8 1944when configuring disk encryption. 1945Flags can be configured for every device separately by defining 1946.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1947variable. 1948.It Va geli_autodetach 1949.Pq Vt str 1950Specifies if GELI devices should be marked for detach on last close after 1951file systems are mounted. 1952Default is 1953.Dq Li YES . 1954This can be changed for every device separately by defining 1955.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1956variable. 1957.It Va root_rw_mount 1958.Pq Vt bool 1959Set to 1960.Dq Li YES 1961by default. 1962After the file systems are checked at boot time, the root file system 1963is remounted as read-write if this is set to 1964.Dq Li YES . 1965Diskless systems that mount their root file system from a read-only remote 1966NFS share should set this to 1967.Dq Li NO 1968in their 1969.Pa rc.conf . 1970.It Va fsck_y_enable 1971.Pq Vt bool 1972If set to 1973.Dq Li YES , 1974.Xr fsck 8 1975will be run with the 1976.Fl y 1977flag if the initial preen 1978of the file systems fails. 1979.It Va background_fsck 1980.Pq Vt bool 1981If set to 1982.Dq Li YES , 1983the system will attempt to run 1984.Xr fsck 8 1985in the background where possible. 1986.It Va background_fsck_delay 1987.Pq Vt int 1988The amount of time in seconds to sleep before starting a background 1989.Xr fsck 8 . 1990It defaults to sixty seconds to allow large applications such as 1991the X server to start before disk I/O bandwidth is monopolized by 1992.Xr fsck 8 . 1993If set to a negative number, the background file system check will be 1994delayed indefinitely to allow the administrator to run it at a more 1995convenient time. 1996For example it may be run from 1997.Xr cron 8 1998by adding a line like 1999.Pp 2000.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2001.Pp 2002to 2003.Pa /etc/crontab . 2004.It Va netfs_types 2005.Pq Vt str 2006List of file system types that are network-based. 2007This list should generally not be modified by end users. 2008Use 2009.Va extra_netfs_types 2010instead. 2011.It Va extra_netfs_types 2012.Pq Vt str 2013If set to something other than 2014.Dq Li NO 2015(the default), 2016this variable extends the list of file system types 2017for which automatic mounting at startup by 2018.Xr rc 8 2019should be delayed until the network is initialized. 2020It should contain 2021a whitespace-separated list of network file system descriptor pairs, 2022each consisting of a file system type as passed to 2023.Xr mount 8 2024and a human-readable, one-word description, 2025joined with a colon 2026.Pq Ql \&: . 2027Extending the default list in this way is only necessary 2028when third party file system types are used. 2029.It Va syslogd_enable 2030.Pq Vt bool 2031If set to 2032.Dq Li YES , 2033run the 2034.Xr syslogd 8 2035daemon. 2036.It Va syslogd_program 2037.Pq Vt str 2038Path to 2039.Xr syslogd 8 2040(default 2041.Pa /usr/sbin/syslogd ) . 2042.It Va syslogd_flags 2043.Pq Vt str 2044If 2045.Va syslogd_enable 2046is set to 2047.Dq Li YES , 2048these are the flags to pass to 2049.Xr syslogd 8 . 2050.It Va inetd_enable 2051.Pq Vt bool 2052If set to 2053.Dq Li YES , 2054run the 2055.Xr inetd 8 2056daemon. 2057.It Va inetd_program 2058.Pq Vt str 2059Path to 2060.Xr inetd 8 2061(default 2062.Pa /usr/sbin/inetd ) . 2063.It Va inetd_flags 2064.Pq Vt str 2065If 2066.Va inetd_enable 2067is set to 2068.Dq Li YES , 2069these are the flags to pass to 2070.Xr inetd 8 . 2071.It Va hastd_enable 2072.Pq Vt bool 2073If set to 2074.Dq Li YES , 2075run the 2076.Xr hastd 8 2077daemon. 2078.It Va hastd_program 2079.Pq Vt str 2080Path to 2081.Xr hastd 8 2082(default 2083.Pa /sbin/hastd ) . 2084.It Va hastd_flags 2085.Pq Vt str 2086If 2087.Va hastd_enable 2088is set to 2089.Dq Li YES , 2090these are the flags to pass to 2091.Xr hastd 8 . 2092.It Va local_unbound_enable 2093.Pq Vt bool 2094If set to 2095.Dq Li YES , 2096run the 2097.Xr unbound 8 2098daemon as a local caching resolver. 2099.It Va kdc_enable 2100.Pq Vt bool 2101Set to 2102.Dq Li YES 2103to start a Kerberos 5 authentication server 2104at boot time. 2105.It Va kdc_program 2106.Pq Vt str 2107If 2108.Va kdc_enable 2109is set to 2110.Dq Li YES 2111this is the path to Kerberos 5 Authentication Server. 2112.It Va kdc_flags 2113.Pq Vt str 2114Empty by default. 2115This variable contains additional flags to be passed to the Kerberos 5 2116authentication server. 2117.It Va kadmind_enable 2118.Pq Vt bool 2119Set to 2120.Dq Li YES 2121to start 2122.Xr kadmind 8 , 2123the Kerberos 5 Administration Daemon; set to 2124.Dq Li NO 2125on a slave server. 2126.It Va kadmind_program 2127.Pq Vt str 2128If 2129.Va kadmind_enable 2130is set to 2131.Dq Li YES 2132this is the path to Kerberos 5 Administration Daemon. 2133.It Va kpasswdd_enable 2134.Pq Vt bool 2135Set to 2136.Dq Li YES 2137to start 2138.Xr kpasswdd 8 , 2139the Kerberos 5 Password-Changing Daemon; set to 2140.Dq Li NO 2141on a slave server. 2142.It Va kpasswdd_program 2143.Pq Vt str 2144If 2145.Va kpasswdd_enable 2146is set to 2147.Dq Li YES 2148this is the path to Kerberos 5 Password-Changing Daemon. 2149.It Va kfd_enable 2150.Pq Vt bool 2151Set to 2152.Dq Li YES 2153to start 2154.Xr kfd 8 , 2155the Kerberos 5 ticket forwarding daemon, at the boot time. 2156.It Va kfd_program 2157.Pq Vt str 2158Path to 2159.Xr kfd 8 2160(default 2161.Pa /usr/libexec/kfd ) . 2162.It Va rwhod_enable 2163.Pq Vt bool 2164If set to 2165.Dq Li YES , 2166run the 2167.Xr rwhod 8 2168daemon at boot time. 2169.It Va rwhod_flags 2170.Pq Vt str 2171If 2172.Va rwhod_enable 2173is set to 2174.Dq Li YES , 2175these are the flags to pass to it. 2176.It Va amd_enable 2177.Pq Vt bool 2178If set to 2179.Dq Li YES , 2180run the 2181.Xr amd 8 2182daemon at boot time. 2183.It Va amd_flags 2184.Pq Vt str 2185If 2186.Va amd_enable 2187is set to 2188.Dq Li YES , 2189these are the flags to pass to it. 2190See the 2191.Xr amd 8 2192manpage for more information. 2193.It Va amd_map_program 2194.Pq Vt str 2195If set, 2196the specified program is run to get the list of 2197.Xr amd 8 2198maps. 2199For example, if the 2200.Xr amd 8 2201maps are stored in NIS, one can set this to 2202run 2203.Xr ypcat 1 2204to get a list of 2205.Xr amd 8 2206maps from the 2207.Pa amd.master 2208NIS map. 2209.It Va update_motd 2210.Pq Vt bool 2211If set to 2212.Dq Li YES , 2213.Pa /etc/motd 2214will be updated at boot time to reflect the kernel release 2215being run. 2216If set to 2217.Dq Li NO , 2218.Pa /etc/motd 2219will not be updated. 2220.It Va nfs_client_enable 2221.Pq Vt bool 2222If set to 2223.Dq Li YES , 2224run the NFS client daemons at boot time. 2225.It Va nfs_access_cache 2226.Pq Vt int 2227If 2228.Va nfs_client_enable 2229is set to 2230.Dq Li YES , 2231this can be set to 2232.Dq Li 0 2233to disable NFS ACCESS RPC caching, or to the number of seconds for which 2234NFS ACCESS 2235results should be cached. 2236A value of 2-10 seconds will substantially reduce network 2237traffic for many NFS operations. 2238.It Va nfs_server_enable 2239.Pq Vt bool 2240If set to 2241.Dq Li YES , 2242run the NFS server daemons at boot time. 2243.It Va nfs_server_flags 2244.Pq Vt str 2245If 2246.Va nfs_server_enable 2247is set to 2248.Dq Li YES , 2249these are the flags to pass to the 2250.Xr nfsd 8 2251daemon. 2252.It Va nfsv4_server_enable 2253.Pq Vt bool 2254If 2255.Va nfs_server_enable 2256is set to 2257.Dq Li YES 2258and 2259.Va nfsv4_server_enable 2260are set to 2261.Dq Li YES , 2262enable the server for NFSv4 as well as NFSv2 and NFSv3. 2263.It Va nfsuserd_enable 2264.Pq Vt bool 2265If 2266.Va nfsuserd_enable 2267is set to 2268.Dq Li YES , 2269run the nfsuserd daemon, which is needed for NFSv4 in order 2270to map between user/group names vs uid/gid numbers. 2271If 2272.Va nfsv4_server_enable 2273is set to 2274.Dq Li YES , 2275this will be forced enabled. 2276.It Va nfsuserd_flags 2277.Pq Vt str 2278If 2279.Va nfsuserd_enable 2280is set to 2281.Dq Li YES , 2282these are the flags to pass to the 2283.Xr nfsuserd 8 2284daemon. 2285.It Va nfscbd_enable 2286.Pq Vt bool 2287If 2288.Va nfscbd_enable 2289is set to 2290.Dq Li YES , 2291run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2292.It Va nfscbd_flags 2293.Pq Vt str 2294If 2295.Va nfscbd_enable 2296is set to 2297.Dq Li YES , 2298these are the flags to pass to the 2299.Xr nfscbd 8 2300daemon. 2301.It Va mountd_enable 2302.Pq Vt bool 2303If set to 2304.Dq Li YES , 2305and no 2306.Va nfs_server_enable 2307is set, start 2308.Xr mountd 8 , 2309but not 2310.Xr nfsd 8 2311daemon. 2312It is commonly needed to run CFS without real NFS used. 2313.It Va mountd_flags 2314.Pq Vt str 2315If 2316.Va mountd_enable 2317is set to 2318.Dq Li YES , 2319these are the flags to pass to the 2320.Xr mountd 8 2321daemon. 2322.It Va weak_mountd_authentication 2323.Pq Vt bool 2324If set to 2325.Dq Li YES , 2326allow services like PCNFSD to make non-privileged mount 2327requests. 2328.It Va nfs_reserved_port_only 2329.Pq Vt bool 2330If set to 2331.Dq Li YES , 2332provide NFS services only on a secure port. 2333.It Va nfs_bufpackets 2334.Pq Vt int 2335If set to a number, indicates the number of packets worth of 2336socket buffer space to reserve on an NFS client. 2337The kernel default is typically 4. 2338Using a higher number may be 2339useful on gigabit networks to improve performance. 2340The minimum value is 23412 and the maximum is 64. 2342.It Va rpc_lockd_enable 2343.Pq Vt bool 2344If set to 2345.Dq Li YES 2346and also an NFS server or client, run 2347.Xr rpc.lockd 8 2348at boot time. 2349.It Va rpc_lockd_flags 2350.Pq Vt str 2351If 2352.Va rpc_lockd_enable 2353is set to 2354.Dq Li YES , 2355these are the flags to pass to the 2356.Xr rpc.lockd 8 2357daemon. 2358.It Va rpc_statd_enable 2359.Pq Vt bool 2360If set to 2361.Dq Li YES 2362and also an NFS server or client, run 2363.Xr rpc.statd 8 2364at boot time. 2365.It Va rpc_statd_flags 2366.Pq Vt str 2367If 2368.Va rpc_statd_enable 2369is set to 2370.Dq Li YES , 2371these are the flags to pass to the 2372.Xr rpc.statd 8 2373daemon. 2374.It Va rpcbind_program 2375.Pq Vt str 2376Path to 2377.Xr rpcbind 8 2378(default 2379.Pa /usr/sbin/rpcbind ) . 2380.It Va rpcbind_enable 2381.Pq Vt bool 2382If set to 2383.Dq Li YES , 2384run the 2385.Xr rpcbind 8 2386service at boot time. 2387.It Va rpcbind_flags 2388.Pq Vt str 2389If 2390.Va rpcbind_enable 2391is set to 2392.Dq Li YES , 2393these are the flags to pass to the 2394.Xr rpcbind 8 2395daemon. 2396.It Va keyserv_enable 2397.Pq Vt bool 2398If set to 2399.Dq Li YES , 2400run the 2401.Xr keyserv 8 2402daemon on boot for running Secure RPC. 2403.It Va keyserv_flags 2404.Pq Vt str 2405If 2406.Va keyserv_enable 2407is set to 2408.Dq Li YES , 2409these are the flags to pass to 2410.Xr keyserv 8 2411daemon. 2412.It Va pppoed_enable 2413.Pq Vt bool 2414If set to 2415.Dq Li YES , 2416run the 2417.Xr pppoed 8 2418daemon at boot time to provide PPP over Ethernet services. 2419.It Va pppoed_ Ns Aq Ar provider 2420.Pq Vt str 2421.Xr pppoed 8 2422listens to requests to this 2423.Ar provider 2424and ultimately runs 2425.Xr ppp 8 2426with a 2427.Ar system 2428argument of the same name. 2429.It Va pppoed_flags 2430.Pq Vt str 2431Additional flags to pass to 2432.Xr pppoed 8 . 2433.It Va pppoed_interface 2434.Pq Vt str 2435The network interface to run 2436.Xr pppoed 8 2437on. 2438This is mandatory when 2439.Va pppoed_enable 2440is set to 2441.Dq Li YES . 2442.It Va timed_enable 2443.Pq Vt bool 2444If set to 2445.Dq Li YES , 2446run the 2447.Xr timed 8 2448service at boot time. 2449This command is intended for networks of 2450machines where a consistent 2451.Dq "network time" 2452for all hosts must be established. 2453This is often useful in large NFS 2454environments where time stamps on files are expected to be consistent 2455network-wide. 2456.It Va timed_flags 2457.Pq Vt str 2458If 2459.Va timed_enable 2460is set to 2461.Dq Li YES , 2462these are the flags to pass to the 2463.Xr timed 8 2464service. 2465.It Va ntpdate_enable 2466.Pq Vt bool 2467If set to 2468.Dq Li YES , 2469run 2470.Xr ntpdate 8 2471at system startup. 2472This command is intended to 2473synchronize the system clock only 2474.Em once 2475from some standard reference. 2476.It Va ntpdate_config 2477.Pq Vt str 2478Configuration file for 2479.Xr ntpdate 8 . 2480Default 2481.Pa /etc/ntp.conf . 2482.It Va ntpdate_hosts 2483.Pq Vt str 2484A whitespace-separated list of NTP servers to synchronize with at startup. 2485The default is to use the servers listed in 2486.Va ntpdate_config , 2487if that file exists. 2488.It Va ntpdate_program 2489.Pq Vt str 2490Path to 2491.Xr ntpdate 8 2492(default 2493.Pa /usr/sbin/ntpdate ) . 2494.It Va ntpdate_flags 2495.Pq Vt str 2496If 2497.Va ntpdate_enable 2498is set to 2499.Dq Li YES , 2500these are the flags to pass to the 2501.Xr ntpdate 8 2502command (typically a hostname). 2503.It Va ntpd_enable 2504.Pq Vt bool 2505If set to 2506.Dq Li YES , 2507run the 2508.Xr ntpd 8 2509command at boot time. 2510.It Va ntpd_program 2511.Pq Vt str 2512Path to 2513.Xr ntpd 8 2514(default 2515.Pa /usr/sbin/ntpd ) . 2516.It Va ntpd_config 2517.Pq Vt str 2518Path to 2519.Xr ntpd 8 2520configuration file. 2521Default 2522.Pa /etc/ntp.conf . 2523.It Va ntpd_flags 2524.Pq Vt str 2525If 2526.Va ntpd_enable 2527is set to 2528.Dq Li YES , 2529these are the flags to pass to the 2530.Xr ntpd 8 2531daemon. 2532.It Va ntpd_sync_on_start 2533.Pq Vt bool 2534If set to 2535.Dq Li YES , 2536.Xr ntpd 8 2537is run with the 2538.Fl g 2539flag, which syncs the system's clock on startup. 2540See 2541.Xr ntpd 8 2542for more information regarding the 2543.Fl g 2544option. 2545This is a preferred alternative to using 2546.Xr ntpdate 8 2547or specifying the 2548.Va ntpdate_enable 2549variable. 2550.It Va nis_client_enable 2551.Pq Vt bool 2552If set to 2553.Dq Li YES , 2554run the 2555.Xr ypbind 8 2556service at system boot time. 2557.It Va nis_client_flags 2558.Pq Vt str 2559If 2560.Va nis_client_enable 2561is set to 2562.Dq Li YES , 2563these are the flags to pass to the 2564.Xr ypbind 8 2565service. 2566.It Va nis_ypldap_enable 2567.Pq Vt bool 2568If set to 2569.Dq Li YES , 2570run the 2571.Xr ypldap 8 2572daemon at system boot time. 2573.It Va nis_ypldap_flags 2574.Pq Vt str 2575If 2576.Va nis.ypldap_enable 2577is set to 2578.Dq Li YES , 2579these are the flags to pass to the 2580.Xr ypldap 8 2581daemon. 2582.It Va nis_ypset_enable 2583.Pq Vt bool 2584If set to 2585.Dq Li YES , 2586run the 2587.Xr ypset 8 2588daemon at system boot time. 2589.It Va nis_ypset_flags 2590.Pq Vt str 2591If 2592.Va nis_ypset_enable 2593is set to 2594.Dq Li YES , 2595these are the flags to pass to the 2596.Xr ypset 8 2597daemon. 2598.It Va nis_server_enable 2599.Pq Vt bool 2600If set to 2601.Dq Li YES , 2602run the 2603.Xr ypserv 8 2604daemon at system boot time. 2605.It Va nis_server_flags 2606.Pq Vt str 2607If 2608.Va nis_server_enable 2609is set to 2610.Dq Li YES , 2611these are the flags to pass to the 2612.Xr ypserv 8 2613daemon. 2614.It Va nis_ypxfrd_enable 2615.Pq Vt bool 2616If set to 2617.Dq Li YES , 2618run the 2619.Xr rpc.ypxfrd 8 2620daemon at system boot time. 2621.It Va nis_ypxfrd_flags 2622.Pq Vt str 2623If 2624.Va nis_ypxfrd_enable 2625is set to 2626.Dq Li YES , 2627these are the flags to pass to the 2628.Xr rpc.ypxfrd 8 2629daemon. 2630.It Va nis_yppasswdd_enable 2631.Pq Vt bool 2632If set to 2633.Dq Li YES , 2634run the 2635.Xr rpc.yppasswdd 8 2636daemon at system boot time. 2637.It Va nis_yppasswdd_flags 2638.Pq Vt str 2639If 2640.Va nis_yppasswdd_enable 2641is set to 2642.Dq Li YES , 2643these are the flags to pass to the 2644.Xr rpc.yppasswdd 8 2645daemon. 2646.It Va rpc_ypupdated_enable 2647.Pq Vt bool 2648If set to 2649.Dq Li YES , 2650run the 2651.Nm rpc.ypupdated 2652daemon at system boot time. 2653.It Va bsnmpd_enable 2654.Pq Vt bool 2655If set to 2656.Dq Li YES , 2657run the 2658.Xr bsnmpd 1 2659daemon at system boot time. 2660Be sure to understand the security implications of running SNMP daemon 2661on your host. 2662.It Va bsnmpd_flags 2663.Pq Vt str 2664If 2665.Va bsnmpd_enable 2666is set to 2667.Dq Li YES , 2668these are the flags to pass to the 2669.Xr bsnmpd 1 2670daemon. 2671.It Va defaultrouter 2672.Pq Vt str 2673If not set to 2674.Dq Li NO , 2675create a default route to this host name or IP address 2676(use an IP address if this router is also required to get to the 2677name server!). 2678.It Va ipv6_defaultrouter 2679.Pq Vt str 2680The IPv6 equivalent of 2681.Va defaultrouter . 2682.It Va static_arp_pairs 2683.Pq Vt str 2684Set to the list of static ARP pairs that are to be added at system 2685boot time. 2686For each whitespace separated 2687.Ar element 2688in the value, a 2689.Va static_arp_ Ns Aq Ar element 2690variable is assumed to exist whose contents will later be passed to a 2691.Dq Nm arp Cm -S 2692operation. 2693For example 2694.Bd -literal 2695static_arp_pairs="gw" 2696static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2697.Ed 2698.It Va static_ndp_pairs 2699.Pq Vt str 2700Set to the list of static NDP pairs that are to be added at system 2701boot time. 2702For each whitespace separated 2703.Ar element 2704in the value, a 2705.Va static_ndp_ Ns Aq Ar element 2706variable is assumed to exist whose contents will later be passed to a 2707.Dq Nm ndp Cm -s 2708operation. 2709For example 2710.Bd -literal 2711static_ndp_pairs="gw" 2712static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2713.Ed 2714.It Va static_routes 2715.Pq Vt str 2716Set to the list of static routes that are to be added at system 2717boot time. 2718If not set to 2719.Dq Li NO 2720then for each whitespace separated 2721.Ar element 2722in the value, a 2723.Va route_ Ns Aq Ar element 2724variable is assumed to exist 2725whose contents will later be passed to a 2726.Dq Nm route Cm add 2727operation. 2728For example: 2729.Bd -literal 2730static_routes="ext mcast:gif0 gif0local:gif0" 2731route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2732route_mcast="-net 224.0.0.0/4 -iface gif0" 2733route_gif0local="-host 169.254.1.1 -iface lo0" 2734.Ed 2735.Pp 2736When an 2737.Ar element 2738is in the form of 2739.Li name:ifname , 2740the route is specific to the interface 2741.Li ifname . 2742.It Va ipv6_static_routes 2743.Pq Vt str 2744The IPv6 equivalent of 2745.Va static_routes . 2746If not set to 2747.Dq Li NO 2748then for each whitespace separated 2749.Ar element 2750in the value, a 2751.Va ipv6_route_ Ns Aq Ar element 2752variable is assumed to exist 2753whose contents will later be passed to a 2754.Dq Nm route Cm add Fl inet6 2755operation. 2756.It Va natm_static_routes 2757.Pq Vt str 2758The 2759.Xr natmip 4 2760equivalent of 2761.Va static_routes . 2762If not empty then for each whitespace separated 2763.Ar element 2764in the value, a 2765.Va route_ Ns Aq Ar element 2766variable is assumed to exist whose contents will later be passed to a 2767.Dq Nm atmconfig Cm natm Cm add 2768operation. 2769.It Va gateway_enable 2770.Pq Vt bool 2771If set to 2772.Dq Li YES , 2773configure host to act as an IP router, e.g.\& to forward packets 2774between interfaces. 2775.It Va ipv6_gateway_enable 2776.Pq Vt bool 2777The IPv6 equivalent of 2778.Va gateway_enable . 2779.It Va routed_enable 2780.Pq Vt bool 2781If set to 2782.Dq Li YES , 2783run a routing daemon of some sort, based on the 2784settings of 2785.Va routed_program 2786and 2787.Va routed_flags . 2788.It Va route6d_enable 2789.Pq Vt bool 2790The IPv6 equivalent of 2791.Va routed_enable . 2792If set to 2793.Dq Li YES , 2794run a routing daemon of some sort, based on the 2795settings of 2796.Va route6d_program 2797and 2798.Va route6d_flags . 2799.It Va routed_program 2800.Pq Vt str 2801If 2802.Va routed_enable 2803is set to 2804.Dq Li YES , 2805this is the name of the routing daemon to use. 2806.It Va route6d_program 2807.Pq Vt str 2808The IPv6 equivalent of 2809.Va routed_program . 2810.It Va routed_flags 2811.Pq Vt str 2812If 2813.Va routed_enable 2814is set to 2815.Dq Li YES , 2816these are the flags to pass to the routing daemon. 2817.It Va route6d_flags 2818.Pq Vt str 2819The IPv6 equivalent of 2820.Va routed_flags . 2821.It Va rtadvd_enable 2822.Pq Vt bool 2823If set to 2824.Dq Li YES , 2825run the 2826.Xr rtadvd 8 2827daemon at boot time. 2828The 2829.Xr rtadvd 8 2830utility sends ICMPv6 Router Advertisement messages to 2831the interfaces specified in 2832.Va rtadvd_interfaces . 2833This should only be enabled with great care. 2834You may want to fine-tune 2835.Xr rtadvd.conf 5 . 2836.It Va rtadvd_interfaces 2837.Pq Vt str 2838If 2839.Va rtadvd_enable 2840is set to 2841.Dq Li YES 2842this is the list of interfaces to use. 2843.It Va arpproxy_all 2844.Pq Vt bool 2845If set to 2846.Dq Li YES , 2847enable global proxy ARP. 2848.It Va forward_sourceroute 2849.Pq Vt bool 2850If set to 2851.Dq Li YES 2852and 2853.Va gateway_enable 2854is also set to 2855.Dq Li YES , 2856source-routed packets are forwarded. 2857.It Va accept_sourceroute 2858.Pq Vt bool 2859If set to 2860.Dq Li YES , 2861the system will accept source-routed packets directed at it. 2862.It Va rarpd_enable 2863.Pq Vt bool 2864If set to 2865.Dq Li YES , 2866run the 2867.Xr rarpd 8 2868daemon at system boot time. 2869.It Va rarpd_flags 2870.Pq Vt str 2871If 2872.Va rarpd_enable 2873is set to 2874.Dq Li YES , 2875these are the flags to pass to the 2876.Xr rarpd 8 2877daemon. 2878.It Va bootparamd_enable 2879.Pq Vt bool 2880If set to 2881.Dq Li YES , 2882run the 2883.Xr bootparamd 8 2884daemon at system boot time. 2885.It Va bootparamd_flags 2886.Pq Vt str 2887If 2888.Va bootparamd_enable 2889is set to 2890.Dq Li YES , 2891these are the flags to pass to the 2892.Xr bootparamd 8 2893daemon. 2894.It Va stf_interface_ipv4addr 2895.Pq Vt str 2896If not set to 2897.Dq Li NO , 2898this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2899interface). 2900Specify this entry to enable the 6to4 interface. 2901.It Va stf_interface_ipv4plen 2902.Pq Vt int 2903Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2904An effective value is 0-31. 2905.It Va stf_interface_ipv6_ifid 2906.Pq Vt str 2907IPv6 interface ID for 2908.Xr stf 4 . 2909This can be set to 2910.Dq Li AUTO . 2911.It Va stf_interface_ipv6_slaid 2912.Pq Vt str 2913IPv6 Site Level Aggregator for 2914.Xr stf 4 . 2915.It Va ipv6_ipv4mapping 2916.Pq Vt bool 2917If set to 2918.Dq Li YES 2919this enables IPv4 mapped IPv6 address communication (like 2920.Li ::ffff:a.b.c.d ) . 2921.It Va rtsold_enable 2922.Pq Vt bool 2923Set to 2924.Dq Li YES 2925to enable the 2926.Xr rtsold 8 2927daemon to send ICMPv6 Router Solicitation messages. 2928.It Va rtsold_flags 2929.Pq Vt str 2930If 2931.Va rtsold_enable 2932is set to 2933.Dq Li YES , 2934these are the flags to pass to 2935.Xr rtsold 8 . 2936.It Va rtsol_flags 2937.Pq Vt str 2938For interfaces configured with the 2939.Dq Li inet6 accept_rtadv 2940keyword, these are the flags to pass to 2941.Xr rtsol 8 . 2942.Pp 2943Note that 2944.Va rtsold_enable 2945is mutually exclusive to 2946.Va rtsol_flags ; 2947.Va rtsold_enable 2948takes precedence. 2949.It Va atm_enable 2950.Pq Vt bool 2951Set to 2952.Dq Li YES 2953to enable the configuration of ATM interfaces at system boot time. 2954For all of the ATM variables described below, please refer to the 2955.Xr atm 8 2956manual page for further details on the available command parameters. 2957Also refer to the files in 2958.Pa /usr/share/examples/atm 2959for more detailed configuration information. 2960.It Va atm_load 2961.Pq Vt str 2962This is a list of physical ATM interface drivers to load. 2963Typical values are 2964.Dq Li hfa_pci 2965and/or 2966.Dq Li hea_pci . 2967.It Va atm_netif_ Ns Aq Ar intf 2968.Pq Vt str 2969For the ATM physical interface 2970.Ar intf , 2971this variable defines the name prefix and count for the ATM network 2972interfaces to be created. 2973The value will be passed as the parameters of an 2974.Dq Nm atm Cm "set netif" Ar intf 2975command. 2976.It Va atm_sigmgr_ Ns Aq Ar intf 2977.Pq Vt str 2978For the ATM physical interface 2979.Ar intf , 2980this variable defines the ATM signalling manager to be used. 2981The value will be passed as the parameters of an 2982.Dq Nm atm Cm attach Ar intf 2983command. 2984.It Va atm_prefix_ Ns Aq Ar intf 2985.Pq Vt str 2986For the ATM physical interface 2987.Ar intf , 2988this variable defines the NSAP prefix for interfaces using a UNI signalling 2989manager. 2990If set to 2991.Dq Li ILMI , 2992the prefix will automatically be set via the 2993.Xr ilmid 8 2994daemon. 2995Otherwise, the value will be passed as the parameters of an 2996.Dq Nm atm Cm "set prefix" Ar intf 2997command. 2998.It Va atm_macaddr_ Ns Aq Ar intf 2999.Pq Vt str 3000For the ATM physical interface 3001.Ar intf , 3002this variable defines the MAC address for interfaces using a UNI signalling 3003manager. 3004If set to 3005.Dq Li NO , 3006the hardware MAC address contained in the ATM interface card will be used. 3007Otherwise, the value will be passed as the parameters of an 3008.Dq Nm atm Cm "set mac" Ar intf 3009command. 3010.It Va atm_arpserver_ Ns Aq Ar netif 3011.Pq Vt str 3012For the ATM network interface 3013.Ar netif , 3014this variable defines the ATM address for a host which is to provide ATMARP 3015service. 3016This variable is only applicable to interfaces using a UNI signalling 3017manager. 3018If set to 3019.Dq Li local , 3020this host will become an ATMARP server. 3021The value will be passed as the parameters of an 3022.Dq Nm atm Cm "set arpserver" Ar netif 3023command. 3024.It Va atm_scsparp_ Ns Aq Ar netif 3025.Pq Vt bool 3026If set to 3027.Dq Li YES , 3028SCSP/ATMARP service for the network interface 3029.Ar netif 3030will be initiated using the 3031.Xr scspd 8 3032and 3033.Xr atmarpd 8 3034daemons. 3035This variable is only applicable if 3036.Va atm_arpserver_ Ns Aq Ar netif 3037is set to 3038.Dq Li local . 3039.It Va atm_pvcs 3040.Pq Vt str 3041Set to the list of ATM PVCs to be added at system 3042boot time. 3043For each whitespace separated 3044.Ar element 3045in the value, an 3046.Va atm_pvc_ Ns Aq Ar element 3047variable is assumed to exist. 3048The value of each of these variables 3049will be passed as the parameters of an 3050.Dq Nm atm Cm "add pvc" 3051command. 3052.It Va atm_arps 3053.Pq Vt str 3054Set to the list of permanent ATM ARP entries to be added 3055at system boot time. 3056For each whitespace separated 3057.Ar element 3058in the value, an 3059.Va atm_arp_ Ns Aq Ar element 3060variable is assumed to exist. 3061The value of each of these variables 3062will be passed as the parameters of an 3063.Dq Nm atm Cm "add arp" 3064command. 3065.It Va natm_interfaces 3066.Pq Vt str 3067Set to the list of 3068.Xr natm 4 3069interfaces that will also be used for HARP through 3070.Xr harp 4 . 3071If this list is not empty all interfaces in the list will be brought up 3072with 3073.Xr ifconfig 8 3074and 3075.Xr harp 4 3076will be loaded. 3077For this to work the interface drivers must be either compiled into the 3078kernel or must reside on the root partition. 3079.It Va keybell 3080.Pq Vt str 3081The keyboard bell sound. 3082Set to 3083.Dq Li normal , 3084.Dq Li visual , 3085.Dq Li off , 3086or 3087.Dq Li NO 3088if the default behavior is desired. 3089For details, refer to the 3090.Xr kbdcontrol 1 3091manpage. 3092.It Va keyboard 3093.Pq Vt str 3094If set to a non-null string, the virtual console's keyboard input is 3095set to this device. 3096.It Va keymap 3097.Pq Vt str 3098If set to 3099.Dq Li NO , 3100no keymap is installed, otherwise the value is used to install 3101the keymap file found in 3102.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3103(if using 3104.Xr syscons 4 ) or 3105.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3106(if using 3107.Xr vt 4 ) . 3108.It Va keyrate 3109.Pq Vt str 3110The keyboard repeat speed. 3111Set to 3112.Dq Li slow , 3113.Dq Li normal , 3114.Dq Li fast , 3115or 3116.Dq Li NO 3117if the default behavior is desired. 3118.It Va keychange 3119.Pq Vt str 3120If not set to 3121.Dq Li NO , 3122attempt to program the function keys with the value. 3123The value should 3124be a single string of the form: 3125.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3126.It Va cursor 3127.Pq Vt str 3128Can be set to the value of 3129.Dq Li normal , 3130.Dq Li blink , 3131.Dq Li destructive , 3132or 3133.Dq Li NO 3134to set the cursor behavior explicitly or choose the default behavior. 3135.It Va scrnmap 3136.Pq Vt str 3137If set to 3138.Dq Li NO , 3139no screen map is installed, otherwise the value is used to install 3140the screen map file in 3141.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3142This parameter is ignored when using 3143.Xr vt 4 3144as the console driver. 3145.It Va font8x16 3146.Pq Vt str 3147If set to 3148.Dq Li NO , 3149the default 8x16 font value is used for screen size requests, otherwise 3150the value in 3151.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3152or 3153.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3154is used (depending on the console driver being used). 3155.It Va font8x14 3156.Pq Vt str 3157If set to 3158.Dq Li NO , 3159the default 8x14 font value is used for screen size requests, otherwise 3160the value in 3161.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3162or 3163.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3164is used (depending on the console driver being used). 3165.It Va font8x8 3166.Pq Vt str 3167If set to 3168.Dq Li NO , 3169the default 8x8 font value is used for screen size requests, otherwise 3170the value in 3171.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3172or 3173.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3174is used (depending on the console driver being used). 3175.It Va blanktime 3176.Pq Vt int 3177If set to 3178.Dq Li NO , 3179the default screen blanking interval is used, otherwise it is set 3180to 3181.Ar value 3182seconds. 3183.It Va saver 3184.Pq Vt str 3185If not set to 3186.Dq Li NO , 3187this is the actual screen saver to use 3188.Li ( blank , snake , daemon , 3189etc). 3190.It Va moused_nondefault_enable 3191.Pq Vt str 3192If set to 3193.Dq Li NO , 3194the mouse device specified on 3195the command line is not automatically treated as enabled by the 3196.Pa /etc/rc.d/moused 3197script. 3198Having this variable set to 3199.Dq Li YES 3200allows a 3201.Xr usb 4 3202mouse, 3203for example, 3204to be enabled as soon as it is plugged in. 3205.It Va moused_enable 3206.Pq Vt str 3207If set to 3208.Dq Li YES , 3209the 3210.Xr moused 8 3211daemon is started for doing cut/paste selection on the console. 3212.It Va moused_type 3213.Pq Vt str 3214This is the protocol type of the mouse connected to this host. 3215This variable must be set if 3216.Va moused_enable 3217is set to 3218.Dq Li YES . 3219The 3220.Xr moused 8 3221daemon 3222is able to detect the appropriate mouse type automatically in many cases. 3223Set this variable to 3224.Dq Li auto 3225to let the daemon detect it, or 3226select one from the following list if the automatic detection fails. 3227.Pp 3228If the mouse is attached to the PS/2 mouse port, choose 3229.Dq Li auto 3230or 3231.Dq Li ps/2 , 3232regardless of the brand and model of the mouse. 3233Likewise, if the 3234mouse is attached to the bus mouse port, choose 3235.Dq Li auto 3236or 3237.Dq Li busmouse . 3238All other protocols are for serial mice and will not work with 3239the PS/2 and bus mice. 3240If this is a USB mouse, 3241.Dq Li auto 3242is the only protocol type which will work. 3243.Pp 3244.Bl -tag -width ".Li x10mouseremote" -compact 3245.It Li microsoft 3246Microsoft mouse (serial) 3247.It Li intellimouse 3248Microsoft IntelliMouse (serial) 3249.It Li mousesystems 3250Mouse systems Corp.\& mouse (serial) 3251.It Li mmseries 3252MM Series mouse (serial) 3253.It Li logitech 3254Logitech mouse (serial) 3255.It Li busmouse 3256A bus mouse 3257.It Li mouseman 3258Logitech MouseMan and TrackMan (serial) 3259.It Li glidepoint 3260ALPS GlidePoint (serial) 3261.It Li thinkingmouse 3262Kensington ThinkingMouse (serial) 3263.It Li ps/2 3264PS/2 mouse 3265.It Li mmhittab 3266MM HitTablet (serial) 3267.It Li x10mouseremote 3268X10 MouseRemote (serial) 3269.It Li versapad 3270Interlink VersaPad (serial) 3271.El 3272.Pp 3273Even if the mouse is not in the above list, it may be compatible 3274with one in the list. 3275Refer to the manual page for 3276.Xr moused 8 3277for compatibility information. 3278.Pp 3279It should also be noted that while this is enabled, any 3280other client of the mouse (such as an X server) should access 3281the mouse through the virtual mouse device, 3282.Pa /dev/sysmouse , 3283and configure it as a 3284.Dq Li sysmouse 3285type mouse, since all 3286mouse data is converted to this single canonical format when 3287using 3288.Xr moused 8 . 3289If the client program does not support the 3290.Dq Li sysmouse 3291type, 3292specify the 3293.Dq Li mousesystems 3294type. 3295It is the second preferred type. 3296.It Va moused_port 3297.Pq Vt str 3298If 3299.Va moused_enable 3300is set to 3301.Dq Li YES , 3302this is the actual port the mouse is on. 3303It might be 3304.Pa /dev/cuau0 3305for a COM1 serial mouse, 3306.Pa /dev/psm0 3307for a PS/2 mouse or 3308.Pa /dev/mse0 3309for a bus mouse, for example. 3310.It Va moused_flags 3311.Pq Vt str 3312If 3313.Va moused_flags 3314is set, its value is used as an additional set of flags to pass to the 3315.Xr moused 8 3316daemon. 3317.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3318When 3319.Va moused_nondefault_enable 3320is enabled, and a 3321.Xr moused 8 3322daemon is started for a non-default port, the 3323.Va "moused_" Ns Ar XXX Ns Va "_flags" 3324set of options has precedence over and replaces the default 3325.Va moused_flags 3326(where 3327.Ar XXX 3328is the name of the non-default port, i.e.,\& 3329.Ar ums0 ) . 3330By setting 3331.Va "moused_" Ns Ar XXX Ns Va "_flags" 3332it is possible to set up a different set of default flags for each 3333.Xr moused 8 3334instance. 3335For example, you can use 3336.Dq Li "-3" 3337for the default 3338.Va moused_flags 3339to make your laptop's touchpad more comfortable to use, 3340but an empty set of options for 3341.Va moused_ums0_flags 3342when your 3343.Xr usb 4 3344mouse has three or more buttons. 3345.It Va mousechar_start 3346.Pq Vt int 3347If set to 3348.Dq Li NO , 3349the default mouse cursor character range 3350.Li 0xd0 Ns - Ns Li 0xd3 3351is used, 3352otherwise the range start is set 3353to 3354.Ar value 3355character, see 3356.Xr vidcontrol 1 . 3357Use if the default range is occupied in the language code table. 3358.It Va allscreens_flags 3359.Pq Vt str 3360If set, 3361.Xr vidcontrol 1 3362is run with these options for each of the virtual terminals 3363.Pq Pa /dev/ttyv* . 3364For example, 3365.Dq Fl m Cm on 3366will enable the mouse pointer on all virtual terminals 3367if 3368.Va moused_enable 3369is set to 3370.Dq Li YES . 3371.It Va allscreens_kbdflags 3372.Pq Vt str 3373If set, 3374.Xr kbdcontrol 1 3375is run with these options for each of the virtual terminals 3376.Pq Pa /dev/ttyv* . 3377For example, 3378.Dq Fl h Li 200 3379will set the 3380.Xr syscons 4 3381or 3382.Xr vt 4 3383scrollback (history) buffer to 200 lines. 3384.It Va cron_enable 3385.Pq Vt bool 3386If set to 3387.Dq Li YES , 3388run the 3389.Xr cron 8 3390daemon at system boot time. 3391.It Va cron_program 3392.Pq Vt str 3393Path to 3394.Xr cron 8 3395(default 3396.Pa /usr/sbin/cron ) . 3397.It Va cron_flags 3398.Pq Vt str 3399If 3400.Va cron_enable 3401is set to 3402.Dq Li YES , 3403these are the flags to pass to 3404.Xr cron 8 . 3405.It Va cron_dst 3406.Pq Vt bool 3407If set to 3408.Dq Li YES , 3409enable the special handling of transitions to and from the 3410Daylight Saving Time in 3411.Xr cron 8 3412(equivalent to using the flag 3413.Fl s ) . 3414.It Va lpd_program 3415.Pq Vt str 3416Path to 3417.Xr lpd 8 3418(default 3419.Pa /usr/sbin/lpd ) . 3420.It Va lpd_enable 3421.Pq Vt bool 3422If set to 3423.Dq Li YES , 3424run the 3425.Xr lpd 8 3426daemon at system boot time. 3427.It Va lpd_flags 3428.Pq Vt str 3429If 3430.Va lpd_enable 3431is set to 3432.Dq Li YES , 3433these are the flags to pass to the 3434.Xr lpd 8 3435daemon. 3436.It Va chkprintcap_enable 3437.Pq Vt bool 3438If set to 3439.Dq Li YES , 3440run the 3441.Xr chkprintcap 8 3442command before starting the 3443.Xr lpd 8 3444daemon. 3445.It Va chkprintcap_flags 3446.Pq Vt str 3447If 3448.Va lpd_enable 3449and 3450.Va chkprintcap_enable 3451are set to 3452.Dq Li YES , 3453these are the flags to pass to the 3454.Xr chkprintcap 8 3455program. 3456The default is 3457.Dq Li -d , 3458which causes missing directories to be created. 3459.It Va mta_start_script 3460.Pq Vt str 3461This variable specifies the full path to the script to run to start 3462a mail transfer agent. 3463The default is 3464.Pa /etc/rc.sendmail . 3465The 3466.Va sendmail_* 3467variables which 3468.Pa /etc/rc.sendmail 3469uses are documented in the 3470.Xr rc.sendmail 8 3471manual page. 3472.It Va dumpdev 3473.Pq Vt str 3474Indicates the device (usually a swap partition) to which a crash dump 3475should be written in the event of a system crash. 3476If the value of this variable is 3477.Dq Li AUTO , 3478the first suitable swap device listed in 3479.Pa /etc/fstab 3480will be used as dump device. 3481Otherwise, the value of this variable is passed as the argument to 3482.Xr dumpon 8 . 3483To disable crash dumps, set this variable to 3484.Dq Li NO . 3485.It Va dumpdir 3486.Pq Vt str 3487When the system reboots after a crash and a crash dump is found on the 3488device specified by the 3489.Va dumpdev 3490variable, 3491.Xr savecore 8 3492will save that crash dump and a copy of the kernel to the directory 3493specified by the 3494.Va dumpdir 3495variable. 3496The default value is 3497.Pa /var/crash . 3498Set to 3499.Dq Li NO 3500to not run 3501.Xr savecore 8 3502at boot time when 3503.Va dumpdir 3504is set. 3505.It Va savecore_enable 3506.Pq Vt bool 3507If set to 3508.Dq Li NO , 3509disable automatic extraction of the crash dump from the 3510.Va dumpdev . 3511.It Va savecore_flags 3512.Pq Vt str 3513If crash dumps are enabled, these are the flags to pass to the 3514.Xr savecore 8 3515utility. 3516.It Va quota_enable 3517.Pq Vt bool 3518Set to 3519.Dq Li YES 3520to turn on user and group disk quotas on system startup via the 3521.Xr quotaon 8 3522command for all file systems marked as having quotas enabled in 3523.Pa /etc/fstab . 3524The kernel must be built with 3525.Cd "options QUOTA" 3526for disk quotas to function. 3527.It Va check_quotas 3528.Pq Vt bool 3529Set to 3530.Dq Li YES 3531to enable user and group disk quota checking via the 3532.Xr quotacheck 8 3533command. 3534.It Va quotacheck_flags 3535.Pq Vt str 3536If 3537.Va quota_enable 3538is set to 3539.Dq Li YES , 3540and 3541.Va check_quotas 3542is set to 3543.Dq Li YES , 3544these are the flags to pass to the 3545.Xr quotacheck 8 3546utility. 3547The default is 3548.Dq Li "-a" , 3549which checks quotas for all file systems with quotas enabled in 3550.Pa /etc/fstab . 3551.It Va quotaon_flags 3552.Pq Vt str 3553If 3554.Va quota_enable 3555is set to 3556.Dq Li YES , 3557these are the flags to pass to the 3558.Xr quotaon 8 3559utility. 3560The default is 3561.Dq Li "-a" , 3562which enables quotas for all file systems with quotas enabled in 3563.Pa /etc/fstab . 3564.It Va quotaoff_flags 3565.Pq Vt str 3566If 3567.Va quota_enable 3568is set to 3569.Dq Li YES , 3570these are the flags to pass to the 3571.Xr quotaoff 8 3572utility when shutting down the quota system. 3573The default is 3574.Dq Li "-a" , 3575which disables quotas for all file systems with quotas enabled in 3576.Pa /etc/fstab . 3577.It Va accounting_enable 3578.Pq Vt bool 3579Set to 3580.Dq Li YES 3581to enable system accounting through the 3582.Xr accton 8 3583facility. 3584.It Va ibcs2_enable 3585.Pq Vt bool 3586Set to 3587.Dq Li YES 3588to enable iBCS2 (SCO) binary emulation at system initial boot 3589time. 3590.It Va ibcs2_loaders 3591.Pq Vt str 3592If not set to 3593.Dq Li NO 3594and if 3595.Va ibcs2_enable 3596is set to 3597.Dq Li YES , 3598this specifies a list of additional iBCS2 loaders to enable. 3599.It Va firstboot_sentinel 3600.Pq Vt str 3601This variable specifies the full path to a 3602.Dq first boot 3603sentinel file. 3604If a file exists with this path, 3605.Pa rc.d 3606scripts with the 3607.Dq firstboot 3608keyword will be run on startup and the sentinel file will be deleted 3609after the boot process completes. 3610The sentinel file must be located on a writable file system which is 3611mounted no later than 3612.Va early_late_divider 3613to function properly. 3614The default is 3615.Pa /firstboot . 3616.It Va linux_enable 3617.Pq Vt bool 3618Set to 3619.Dq Li YES 3620to enable Linux/ELF binary emulation at system initial 3621boot time. 3622.It Va svr4_enable 3623.Pq Vt bool 3624If set to 3625.Dq Li YES , 3626enable SysVR4 emulation at boot time. 3627.It Va sysvipc_enable 3628.Pq Vt bool 3629If set to 3630.Dq Li YES , 3631load System V IPC primitives at boot time. 3632.It Va clear_tmp_enable 3633.Pq Vt bool 3634Set to 3635.Dq Li YES 3636to have 3637.Pa /tmp 3638cleaned at startup. 3639.It Va clear_tmp_X 3640.Pq Vt bool 3641Set to 3642.Dq Li NO 3643to disable removing of X11 lock files, 3644and the removal and (secure) recreation 3645of the various socket directories for X11 3646related programs. 3647.It Va ldconfig_paths 3648.Pq Vt str 3649Set to the list of shared library paths to use with 3650.Xr ldconfig 8 . 3651NOTE: 3652.Pa /usr/lib 3653will always be added first, so it need not appear in this list. 3654.It Va ldconfig32_paths 3655.Pq Vt str 3656Set to the list of 32-bit compatibility shared library paths to 3657use with 3658.Xr ldconfig 8 . 3659.It Va ldconfig_paths_aout 3660.Pq Vt str 3661Set to the list of shared library paths to use with 3662.Xr ldconfig 8 3663legacy 3664.Xr a.out 5 3665support. 3666.It Va ldconfig_insecure 3667.Pq Vt bool 3668The 3669.Xr ldconfig 8 3670utility normally refuses to use directories 3671which are writable by anyone except root. 3672Set this variable to 3673.Dq Li YES 3674to disable that security check during system startup. 3675.It Va ldconfig_local_dirs 3676.Pq Vt str 3677Set to the list of local 3678.Xr ldconfig 8 3679directories. 3680The names of all files in the directories listed will be 3681passed as arguments to 3682.Xr ldconfig 8 . 3683.It Va ldconfig_local32_dirs 3684.Pq Vt str 3685Set to the list of local 32-bit compatibility 3686.Xr ldconfig 8 3687directories. 3688The names of all files in the directories listed will be 3689passed as arguments to 3690.Dq Nm ldconfig Fl 32 . 3691.It Va kern_securelevel_enable 3692.Pq Vt bool 3693Set to 3694.Dq Li YES 3695to set the kernel security level at system startup. 3696.It Va kern_securelevel 3697.Pq Vt int 3698The kernel security level to set at startup. 3699The allowed range of 3700.Ar value 3701ranges from \-1 (the compile time default) to 3 (the 3702most secure). 3703See 3704.Xr security 7 3705for the list of possible security levels and their effect 3706on system operation. 3707.It Va sshd_program 3708.Pq Vt str 3709Path to the SSH server program 3710.Pa ( /usr/sbin/sshd 3711is the default). 3712.It Va sshd_enable 3713.Pq Vt bool 3714Set to 3715.Dq Li YES 3716to start 3717.Xr sshd 8 3718at system boot time. 3719.It Va sshd_flags 3720.Pq Vt str 3721If 3722.Va sshd_enable 3723is set to 3724.Dq Li YES , 3725these are the flags to pass to the 3726.Xr sshd 8 3727daemon. 3728.It Va ftpd_program 3729.Pq Vt str 3730Path to the FTP server program 3731.Pa ( /usr/libexec/ftpd 3732is the default). 3733.It Va ftpd_enable 3734.Pq Vt bool 3735Set to 3736.Dq Li YES 3737to start 3738.Xr ftpd 8 3739as a stand-alone daemon at system boot time. 3740.It Va ftpd_flags 3741.Pq Vt str 3742If 3743.Va ftpd_enable 3744is set to 3745.Dq Li YES , 3746these are the additional flags to pass to the 3747.Xr ftpd 8 3748daemon. 3749.It Va watchdogd_enable 3750.Pq Vt bool 3751If set to 3752.Dq Li YES , 3753start the 3754.Xr watchdogd 8 3755daemon at boot time. 3756This requires that the kernel have been compiled with a 3757.Xr watchdog 4 3758compatible device. 3759.It Va watchdogd_flags 3760.Pq Vt str 3761If 3762.Va watchdogd_enable 3763is set to 3764.Dq Li YES , 3765these are the flags passed to the 3766.Xr watchdogd 8 3767daemon. 3768.It Va devfs_rulesets 3769.Pq Vt str 3770List of files containing sets of rules for 3771.Xr devfs 8 . 3772.It Va devfs_system_ruleset 3773.Pq Vt str 3774Rule name(s) to apply to the system 3775.Pa /dev 3776itself. 3777.It Va devfs_set_rulesets 3778.Pq Vt str 3779Pairs of already-mounted 3780.Pa dev 3781directories and rulesets that should be applied to them. 3782For example: /mount/dev=ruleset_name 3783.It Va devfs_load_rulesets 3784.Pq Vt bool 3785If set, always load the default rulesets listed in 3786.Va devfs_rulesets . 3787.It Va performance_cx_lowest 3788.Pq Vt str 3789CPU idle state to use while on AC power. 3790The string 3791.Dq Li LOW 3792indicates that 3793.Xr acpi 4 3794should use the lowest power state available while 3795.Dq Li HIGH 3796indicates that the lowest latency state (less power savings) should be used. 3797.It Va performance_cpu_freq 3798.Pq Vt str 3799CPU clock frequency to use while on AC power. 3800The string 3801.Dq Li LOW 3802indicates that 3803.Xr cpufreq 4 3804should use the lowest frequency available while 3805.Dq Li HIGH 3806indicates that the highest frequency (less power savings) should be used. 3807.It Va economy_cx_lowest 3808.Pq Vt str 3809CPU idle state to use when off AC power. 3810The string 3811.Dq Li LOW 3812indicates that 3813.Xr acpi 4 3814should use the lowest power state available while 3815.Dq Li HIGH 3816indicates that the lowest latency state (less power savings) should be used. 3817.It Va economy_cpu_freq 3818.Pq Vt str 3819CPU clock frequency to use when off AC power. 3820The string 3821.Dq Li LOW 3822indicates that 3823.Xr cpufreq 4 3824should use the lowest frequency available while 3825.Dq Li HIGH 3826indicates that the highest frequency (less power savings) should be used. 3827.It Va jail_enable 3828.Pq Vt bool 3829If set to 3830.Dq Li NO , 3831any configured jails will not be started. 3832.It Va jail_conf 3833.Pq Vt str 3834The configuration filename used by 3835.Xr jail 8 3836utility. 3837The default value is 3838.Pa /etc/jail.conf . 3839.It Va jail_parallel_start 3840.Pq Vt bool 3841If set to 3842.Dq Li YES , 3843all configured jails will be started in the background (in parallel). 3844.It Va jail_flags 3845.Pq Vt str 3846Unset by default. 3847When set, use as default value for 3848.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3849for every jail in 3850.Va jail_list . 3851.It Va jail_list 3852.Pq Vt str 3853A space-delimited list of jail names. 3854When left empty, all of the 3855.Xr jail 8 3856instances defined in the configuration file are started. 3857The names specified in this list control the jail startup order. 3858.Xr jail 8 3859instances missing from 3860.Va jail_list 3861must be started manually. 3862Note that a jail's 3863.Va depend 3864parameter in the configuration file may override this list. 3865.It Va jail_reverse_stop 3866.Pq Vt bool 3867When set to 3868.Dq Li YES , 3869all configured jails in 3870.Va jail_list 3871are stopped in reverse order. 3872.It Va jail_* variables 3873Note that older releases supported per-jail configuration via 3874.Nm 3875variables. 3876For example, 3877hostname of a jail named 3878.Li vjail 3879was able to be set by 3880.Li jail_vjail_hostname . 3881These per-jail configuration variables are now obsolete in favor of 3882.Xr jail 8 3883configuration file. 3884For backward compatibility, 3885when per-jail configuration variables are defined, 3886.Xr jail 8 3887configuration files are created as 3888.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3889and used. 3890.Pp 3891The following per-jail parameters are handled by 3892.Pa rc.d/jail 3893script out of their corresponding 3894.Nm 3895variables. 3896In addition to them, parameters in 3897.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3898will be added to the configuration file. 3899They must be a semi-colon 3900.Pq Ql \&; 3901delimited list of 3902.Dq key=value . 3903For more details, 3904see 3905.Xr jail 8 3906manual page. 3907.Bl -tag -width "host.hostname" -offset indent 3908.It Li path 3909set from 3910.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3911.It Li host.hostname 3912set from 3913.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3914.It Li exec.consolelog 3915set from 3916.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3917The default value is 3918.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3919.It Li interface 3920set from 3921.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3922.It Li vnet.interface 3923set from 3924.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3925This implies 3926.Li vnet 3927parameter will be enabled and cannot be specified with 3928.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3929.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3930and/or 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3932at the same time. 3933.It Li fstab 3934set from 3935.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3936.It Li mount 3937set from 3938.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3939.It Li exec.fib 3940set from 3941.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3942.It Li exec.start 3943set from 3944.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3945The parameter name was 3946.Li command 3947in some older releases. 3948.It Li exec.prestart 3949set from 3950.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3951.It Li exec.poststart 3952set from 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3954.It Li exec.stop 3955set from 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3957.It Li exec.prestop 3958set from 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3960.It Li exec.poststop 3961set from 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3963.It Li ip4.addr 3964set if 3965.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3966or 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3968contain IPv4 addresses 3969.It Li ip6.addr 3970set if 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3972or 3973.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3974contain IPv6 addresses 3975.It Li allow.mount 3976set from 3977.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3978.It Li mount.devfs 3979set from 3980.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3981.It Li devfs_ruleset 3982set from 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3984This must be an integer, 3985not a string. 3986.It Li mount.fdescfs 3987set from 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3989.It Li allow.set_hostname 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 3992.It Li allow.rawsocket 3993set from 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 3995.It Li allow.sysvipc 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 3998.El 3999.\" ----------------------------------------------------- 4000.It Va harvest_mask 4001.Pq Vt int 4002Set to a bit-mask 4003representing the entropy sources 4004you wish to harvest. 4005Refer to 4006.Xr random 4 4007for more information. 4008.It Va entropy_dir 4009.Pq Vt str 4010Set to 4011.Dq Li NO 4012to disable caching entropy via 4013.Xr cron 8 . 4014Otherwise set to the directory 4015in which the entropy files are stored. 4016To be useful, 4017there must be 4018a system cron job 4019that regularly writes and rotates 4020files here. 4021All files found 4022will be used at boot time. 4023The default is 4024.Pa /var/db/entropy . 4025.It Va entropy_file 4026.Pq Vt str 4027Set to 4028.Dq Li NO 4029to disable caching entropy through reboots. 4030Otherwise set to the name 4031of a file used to store cached entropy. 4032This file should be located 4033on a file system that is readable 4034before all the volumes specified in 4035.Xr fstab 5 4036are mounted. 4037By default, 4038.Pa /entropy 4039is used, 4040but if 4041.Pa /var/db/entropy-file 4042is found it will also be used. 4043This will be of some use to 4044.Xr bsdinstall 8 . 4045.It Va entropy_boot_file 4046.Pq Vt str 4047Set to 4048.Dq Li NO 4049to disable 4050very early caching entropy 4051through reboots. 4052Otherwise set to the filename 4053used to read 4054very early reboot cached entropy. 4055This file should be located where 4056.Xr loader 8 4057can read it. 4058See also 4059.Xr loader.conf 5 . 4060The default location is 4061.Pa /boot/entropy . 4062.It Va entropy_save_sz 4063.Pq Vt int 4064Size of the entropy cache files saved by 4065.Nm save-entropy 4066periodically. 4067.It Va entropy_save_num 4068.Pq Vt int 4069Number of entropy cache files to save by 4070.Nm save-entropy 4071periodically. 4072.It Va ipsec_enable 4073.Pq Vt bool 4074Set to 4075.Dq Li YES 4076to run 4077.Xr setkey 8 4078on 4079.Va ipsec_file 4080at boot time. 4081.It Va ipsec_file 4082.Pq Vt str 4083Configuration file for 4084.Xr setkey 8 . 4085.It Va dmesg_enable 4086.Pq Vt bool 4087Set to 4088.Dq Li YES 4089to save 4090.Xr dmesg 8 4091to 4092.Pa /var/run/dmesg.boot 4093on boot. 4094.It Va rcshutdown_timeout 4095.Pq Vt int 4096If set, start a watchdog timer in the background which will terminate 4097.Pa rc.shutdown 4098if 4099.Xr shutdown 8 4100has not completed within the specified time (in seconds). 4101Notice that in addition to this soft timeout, 4102.Xr init 8 4103also applies a hard timeout for the execution of 4104.Pa rc.shutdown . 4105This is configured via 4106.Xr sysctl 8 4107variable 4108.Va kern.init_shutdown_timeout 4109and defaults to 120 seconds. 4110Setting the value of 4111.Va rcshutdown_timeout 4112to more than 120 seconds will have no effect until the 4113.Xr sysctl 8 4114variable 4115.Va kern.init_shutdown_timeout 4116is also increased. 4117.It Va virecover_enable 4118.Pq Vt bool 4119Set to 4120.Dq Li NO 4121to prevent the system from trying to 4122recover pre-maturely terminated 4123.Xr vi 1 4124sessions. 4125.It Va ugidfw_enable 4126.Pq Vt bool 4127Set to 4128.Dq Li YES 4129to load the 4130.Xr mac_bsdextended 4 4131module upon system initialization and load a default 4132ruleset file. 4133.It Va bsdextended_script 4134.Pq Vt str 4135The default 4136.Xr mac_bsdextended 4 4137ruleset file to load. 4138The default value of this variable is 4139.Pa /etc/rc.bsdextended . 4140.It Va newsyslog_enable 4141.Pq Vt bool 4142If set to 4143.Dq Li YES , 4144run 4145.Xr newsyslog 8 4146command at startup. 4147.It Va newsyslog_flags 4148.Pq Vt str 4149If 4150.Va newsyslog_enable 4151is set to 4152.Dq Li YES , 4153these are the flags to pass to the 4154.Xr newsyslog 8 4155program. 4156The default is 4157.Dq Li -CN , 4158which causes log files flagged with a 4159.Cm C 4160to be created. 4161.It Va mdconfig_md Ns Aq Ar X 4162.Pq Vt str 4163Arguments to 4164.Xr mdconfig 8 4165for 4166.Xr md 4 4167device 4168.Ar X . 4169At minimum a 4170.Fl t Ar type 4171must be specified and either a 4172.Fl s Ar size 4173for malloc or swap backed 4174.Xr md 4 4175devices or a 4176.Fl f Ar file 4177for vnode backed 4178.Xr md 4 4179devices. 4180Note that 4181.Va mdconfig_md Ns Aq Ar X 4182variables are evaluated until one variable is unset or null. 4183.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4184.Pq Vt str 4185Optional arguments passed to 4186.Xr newfs 8 4187to initialize 4188.Xr md 4 4189device 4190.Ar X . 4191.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4192.Pq Vt str 4193An ownership specification passed to 4194.Xr chown 8 4195after the specified 4196.Xr md 4 4197device 4198.Ar X 4199has been mounted. 4200Both the 4201.Xr md 4 4202device and the mount point will be changed. 4203.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4204.Pq Vt str 4205A mode string passed to 4206.Xr chmod 1 4207after the specified 4208.Xr md 4 4209device 4210.Ar X 4211has been mounted. 4212Both the 4213.Xr md 4 4214device and the mount point will be changed. 4215.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4216.Pq Vt str 4217Files to be copied to the mount point of the 4218.Xr md 4 4219device 4220.Ar X 4221after it has been mounted. 4222.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4223.Pq Vt str 4224Command to execute after the specified 4225.Xr md 4 4226device 4227.Ar X 4228has been mounted. 4229Note that the command is passed to 4230.Ic eval 4231and that both 4232.Va _dev 4233and 4234.Va _mp 4235variables can be used to reference respectively the 4236.Xr md 4 4237device and the mount point. 4238Assuming that the 4239.Xr md 4 4240device is 4241.Li md0 , 4242one could set the following: 4243.Bd -literal 4244mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4245.Ed 4246.It Va autobridge_interfaces 4247.Pq Vt str 4248Set to the list of bridge interfaces that will have newly arriving interfaces 4249checked against to be automatically added. 4250If not set to 4251.Dq Li NO 4252then for each whitespace separated 4253.Ar element 4254in the value, a 4255.Va autobridge_ Ns Aq Ar element 4256variable is assumed to exist which has a whitespace separated list of interface 4257names to match, these names can use wildcards. 4258For example: 4259.Bd -literal 4260autobridge_interfaces="bridge0" 4261autobridge_bridge0="tap* dc0 vlan[345]" 4262.Ed 4263.It Va mixer_enable 4264.Pq Vt bool 4265If set to 4266.Dq Li YES , 4267enable support for sound mixer. 4268.It Va hcsecd_enable 4269.Pq Vt bool 4270If set to 4271.Dq Li YES , 4272enable Bluetooth security daemon. 4273.It Va hcsecd_config 4274.Pq Vt str 4275Configuration file for 4276.Xr hcsecd 8 . 4277Default 4278.Pa /etc/bluetooth/hcsecd.conf . 4279.It Va sdpd_enable 4280.Pq Vt bool 4281If set to 4282.Dq Li YES , 4283enable Bluetooth Service Discovery Protocol daemon. 4284.It Va sdpd_control 4285.Pq Vt str 4286Path to 4287.Xr sdpd 8 4288control socket. 4289Default 4290.Pa /var/run/sdp . 4291.It Va sdpd_groupname 4292.Pq Vt str 4293Sets 4294.Xr sdpd 8 4295group to run as after it initializes. 4296Default 4297.Dq Li nobody . 4298.It Va sdpd_username 4299.Pq Vt str 4300Sets 4301.Xr sdpd 8 4302user to run as after it initializes. 4303Default 4304.Dq Li nobody . 4305.It Va bthidd_enable 4306.Pq Vt bool 4307If set to 4308.Dq Li YES , 4309enable Bluetooth Human Interface Device daemon. 4310.It Va bthidd_config 4311.Pq Vt str 4312Configuration file for 4313.Xr bthidd 8 . 4314Default 4315.Pa /etc/bluetooth/bthidd.conf . 4316.It Va bthidd_hids 4317.Pq Vt str 4318Path to a file, where 4319.Xr bthidd 8 4320will store information about known HID devices. 4321Default 4322.Pa /var/db/bthidd.hids . 4323.It Va rfcomm_pppd_server_enable 4324.Pq Vt bool 4325If set to 4326.Dq Li YES , 4327enable Bluetooth RFCOMM PPP wrapper daemon. 4328.It Va rfcomm_pppd_server_profile 4329.Pq Vt str 4330The name of the profile to use from 4331.Pa /etc/ppp/ppp.conf . 4332Multiple profiles can be specified here. 4333Also used to specify per-profile overrides. 4334When the profile name contains any of the characters 4335.Dq Li .-/+ 4336they are translated to 4337.Dq Li _ 4338for the proposes of the override variable names. 4339.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4340.Pq Vt str 4341Overrides local address to listen on. 4342By default 4343.Xr rfcomm_pppd 8 4344will listen on 4345.Dq Li ANY 4346address. 4347The address can be specified as BD_ADDR or name. 4348.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4349.Pq Vt str 4350Overrides local RFCOMM channel to listen on. 4351By default 4352.Xr rfcomm_pppd 8 4353will listen on RFCOMM channel 1. 4354Must set properly if multiple profiles used in the same time. 4355.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4356.Pq Vt bool 4357Tells 4358.Xr rfcomm_pppd 8 4359if it should register Serial Port service on the specified RFCOMM channel. 4360Default 4361.Dq Li NO . 4362.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4363.Pq Vt bool 4364Tells 4365.Xr rfcomm_pppd 8 4366if it should register Dial-Up Networking service on the specified 4367RFCOMM channel. 4368Default 4369.Dq Li NO . 4370.It Va ubthidhci_enable 4371.Pq Vt bool 4372If set to 4373.Dq Li YES , 4374change the USB Bluetooth controller from HID mode to HCI mode. 4375You also need to specify the location of USB Bluetooth controller with the 4376.Va ubthidhci_busnum 4377and 4378.Va ubthidhci_addr 4379variables. 4380.It Va ubthidhci_busnum 4381Bus number where the USB Bluetooth controller is located. 4382Check the output of 4383.Xr usbconfig 8 4384on your system to find this information. 4385.It Va ubthidhci_addr 4386Bus address of the USB Bluetooth controller. 4387Check the output of 4388.Xr usbconfig 8 4389on your system to find this information. 4390.It Va netwait_enable 4391.Pq Vt bool 4392If set to 4393.Dq Li YES , 4394delays the start of network-reliant services until 4395.Va netwait_if 4396is up and ICMP packets to a destination defined in 4397.Va netwait_ip 4398are flowing. 4399Link state is examined first, followed by 4400.Dq Li pinging 4401an IP address to verify network usability. 4402If no destination can be reached or timeouts are exceeded, 4403network services are started anyway with no guarantee that 4404the network is usable. 4405Use of this variable requires both 4406.Va netwait_ip 4407and 4408.Va netwait_if 4409to be set. 4410.It Va netwait_ip 4411.Pq Vt str 4412Empty by default. 4413This variable contains a space-delimited list of IP addresses to 4414.Xr ping 8 . 4415DNS hostnames should not be used as resolution is not guaranteed 4416to be functional at this point. 4417If multiple IP addresses are specified, 4418each will be tried until one is successful or the list is exhausted. 4419.It Va netwait_timeout 4420.Pq Vt int 4421Indicates the total number of seconds to perform a 4422.Dq Li ping 4423against each IP address in 4424.Va netwait_ip , 4425at a rate of one ping per second. 4426If any of the pings are successful, 4427full network connectivity is considered reliable. 4428The default is 60. 4429.It Va netwait_if 4430.Pq Vt str 4431Empty by default. 4432Defines the name of the network interface on which watch for link. 4433.Xr ifconfig 8 4434is used to monitor the interface, looking for 4435.Dq Li status: no carrier . 4436Once gone, the link is considered up. 4437This can be a 4438.Xr vlan 4 4439interface if desired. 4440.It Va netwait_if_timeout 4441.Pq Vt int 4442Defines the total number of seconds to wait for link to become usable, 4443polled at a 1-second interval. 4444The default is 30. 4445.It Va rctl_enable 4446.Pq Vt bool 4447If set to 4448.Dq Li YES , 4449load 4450.Xr rctl 8 4451rules from the defined ruleset. 4452The kernel must be built with 4453.Cd "options RACCT" 4454and 4455.Cd "options RCTL" . 4456.It Va rctl_rules 4457.Pq Vt str 4458Set to 4459.Pa /etc/rctl.conf 4460by default. 4461This variables contains the 4462.Xr rctl.conf 5 4463ruleset to load for 4464.Xr rctl 8 . 4465.It Va iovctl_files 4466.Pq Vt str 4467A space-separated list of configuration files used by 4468.Xr iovctl 8 . 4469The default value is an empty string. 4470.It Va autofs_enable 4471.Pq Vt bool 4472If set to 4473.Dq Li YES , 4474start the 4475.Xr automount 8 4476utility and the 4477.Xr automountd 8 4478and 4479.Xr autounmountd 8 4480daemons at boot time. 4481.It Va automount_flags 4482.Pq Vt str 4483If 4484.Va autofs_enable 4485is set to 4486.Dq Li YES , 4487these are the flags to pass to the 4488.Xr automount 8 4489program. 4490By default no flags are passed. 4491.It Va automountd_flags 4492.Pq Vt str 4493If 4494.Va autofs_enable 4495is set to 4496.Dq Li YES , 4497these are the flags to pass to the 4498.Xr automountd 8 4499daemon. 4500By default no flags are passed. 4501.It Va autounmountd_flags 4502.Pq Vt str 4503If 4504.Va autofs_enable 4505is set to 4506.Dq Li YES , 4507these are the flags to pass to the 4508.Xr autounmountd 8 4509daemon. 4510By default no flags are passed. 4511.It Va ctld_enable 4512.Pq Vt bool 4513If set to 4514.Dq Li YES , 4515start the 4516.Xr ctld 8 4517daemon at boot time. 4518.It Va iscsid_enable 4519.Pq Vt bool 4520If set to 4521.Dq Li YES , 4522start the 4523.Xr iscsid 8 4524daemon at boot time. 4525.It Va iscsictl_enable 4526.Pq Vt bool 4527If set to 4528.Dq Li YES , 4529start the 4530.Xr iscsictl 8 4531utility at boot time. 4532.It Va iscsictl_flags 4533.Pq Vt str 4534If 4535.Va iscsictl_enable 4536is set to 4537.Dq Li YES , 4538these are the flags to pass to the 4539.Xr iscsictl 8 4540program. 4541The default is 4542.Dq Li -Aa , 4543which configures sessions based on the 4544.Pa /etc/iscsi.conf 4545configuration file. 4546.El 4547.Sh FILES 4548.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4549.It Pa /etc/defaults/rc.conf 4550.It Pa /etc/rc.conf 4551.It Pa /etc/rc.conf.local 4552.El 4553.Sh SEE ALSO 4554.Xr catman 1 , 4555.Xr chmod 1 , 4556.Xr gdb 1 , 4557.Xr info 1 , 4558.Xr kbdcontrol 1 , 4559.Xr makewhatis 1 , 4560.Xr sh 1 , 4561.Xr vi 1 , 4562.Xr vidcontrol 1 , 4563.Xr bridge 4 , 4564.Xr dummynet 4 , 4565.Xr ip 4 , 4566.Xr ipf 4 , 4567.Xr ipfw 4 , 4568.Xr ipnat 4 , 4569.Xr kld 4 , 4570.Xr pf 4 , 4571.Xr pflog 4 , 4572.Xr pfsync 4 , 4573.Xr tcp 4 , 4574.Xr udp 4 , 4575.Xr exports 5 , 4576.Xr fstab 5 , 4577.Xr ipf 5 , 4578.Xr ipnat 5 , 4579.Xr jail.conf 5 , 4580.Xr loader.conf 5 , 4581.Xr motd 5 , 4582.Xr newsyslog.conf 5 , 4583.Xr pf.conf 5 , 4584.Xr security 7 , 4585.Xr accton 8 , 4586.Xr amd 8 , 4587.Xr apm 8 , 4588.Xr atm 8 , 4589.Xr bsdinstall 8 , 4590.Xr bthidd 8 , 4591.Xr chkprintcap 8 , 4592.Xr chown 8 , 4593.Xr cron 8 , 4594.Xr devfs 8 , 4595.Xr dhclient 8 , 4596.Xr ftpd 8 , 4597.Xr geli 8 , 4598.Xr hcsecd 8 , 4599.Xr ifconfig 8 , 4600.Xr inetd 8 , 4601.Xr iovctl 8 , 4602.Xr ipf 8 , 4603.Xr ipfw 8 , 4604.Xr ipnat 8 , 4605.Xr jail 8 , 4606.Xr kldxref 8 , 4607.Xr loader 8 , 4608.Xr lpd 8 , 4609.Xr mdconfig 8 , 4610.Xr mdmfs 8 , 4611.Xr mixer 8 , 4612.Xr mountd 8 , 4613.Xr moused 8 , 4614.Xr newfs 8 , 4615.Xr newsyslog 8 , 4616.Xr nfsd 8 , 4617.Xr ntpd 8 , 4618.Xr ntpdate 8 , 4619.Xr pfctl 8 , 4620.Xr pflogd 8 , 4621.Xr ping 8 , 4622.Xr powerd 8 , 4623.Xr quotacheck 8 , 4624.Xr quotaon 8 , 4625.Xr rc 8 , 4626.Xr rc.sendmail 8 , 4627.Xr rfcomm_pppd 8 , 4628.Xr route 8 , 4629.Xr routed 8 , 4630.Xr rpc.lockd 8 , 4631.Xr rpc.statd 8 , 4632.Xr rpcbind 8 , 4633.Xr rwhod 8 , 4634.Xr savecore 8 , 4635.Xr sdpd 8 , 4636.Xr sshd 8 , 4637.Xr swapon 8 , 4638.Xr sysctl 8 , 4639.Xr syslogd 8 , 4640.Xr timed 8 , 4641.Xr unbound 8 , 4642.Xr usbconfig 8 , 4643.Xr wlandebug 8 , 4644.Xr yp 8 , 4645.Xr ypbind 8 , 4646.Xr ypserv 8 , 4647.Xr ypset 8 4648.Sh HISTORY 4649The 4650.Nm 4651file appeared in 4652.Fx 2.2.2 . 4653.Sh AUTHORS 4654.An Jordan K. Hubbard . 4655