1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd July 8, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va devmatch_enable 255.Pq Vt bool 256If set to 257.Dq Li NO , 258disable auto-loading of kernel modules with 259.Xr devmatch 8 . 260.It Va devmatch_blocklist 261.Pq Vt str 262A whitespace-separated list of kernel modules to be ignored by 263.Xr devmatch 8 . 264.It Va devmatch_blacklist 265.Pq Vt str 266This variable is deprecated. 267Use 268.Va devmatch_blocklist 269instead. 270A whitespace-separated list of kernel modules to be ignored by 271.Xr devmatch 8 . 272.It Va kld_list 273.Pq Vt str 274A whitespace-separated list of kernel modules to load right after 275the local disks are mounted, without any 276.Pa .ko 277extension or path. 278Loading modules at this point in the boot process is 279much faster than doing it via 280.Pa /boot/loader.conf 281for those modules not necessary for mounting local disks. 282.It Va kldxref_enable 283.Pq Vt bool 284Set to 285.Dq Li NO 286by default. 287Set to 288.Dq Li YES 289to automatically rebuild 290.Pa linker.hints 291files with 292.Xr kldxref 8 293at boot time. 294.It Va kldxref_clobber 295.Pq Vt bool 296Set to 297.Dq Li NO 298by default. 299If 300.Va kldxref_enable 301is true, 302setting to 303.Dq Li YES 304will overwrite existing 305.Pa linker.hints 306files at boot time. 307Otherwise, 308only missing 309.Pa linker.hints 310files are generated. 311.It Va kldxref_module_path 312.Pq Vt str 313Empty by default. 314A semi-colon 315.Pq Ql \&; 316delimited list of paths containing 317.Xr kld 4 318modules. 319If empty, 320the contents of the 321.Va kern.module_path 322.Xr sysctl 8 323are used. 324.It Va powerd_enable 325.Pq Vt bool 326If set to 327.Dq Li YES , 328enable the system power control facility with the 329.Xr powerd 8 330daemon. 331.It Va powerd_flags 332.Pq Vt str 333If 334.Va powerd_enable 335is set to 336.Dq Li YES , 337these are the flags to pass to the 338.Xr powerd 8 339daemon. 340.It Va tmpmfs 341Controls the creation of a 342.Pa /tmp 343memory file system. 344Always happens if set to 345.Dq Li YES 346and never happens if set to 347.Dq Li NO . 348If set to anything else, a memory file system is created if 349.Pa /tmp 350is not writable. 351.It Va tmpsize 352Controls the size of a created 353.Pa /tmp 354memory file system. 355.It Va tmpmfs_flags 356Extra options passed to the 357.Xr mdmfs 8 358utility when the memory file system for 359.Pa /tmp 360is created. 361The default is 362.Dq Li "-S" , 363which inhibits the use of softupdates on 364.Pa /tmp 365so that file system space is freed without delay 366after file truncation or deletion. 367See 368.Xr mdmfs 8 369for other options you can use in 370.Va tmpmfs_flags . 371.It Va varmfs 372Controls the creation of a 373.Pa /var 374memory file system. 375Always happens if set to 376.Dq Li YES 377and never happens if set to 378.Dq Li NO . 379If set to anything else, a memory file system is created if 380.Pa /var 381is not writable. 382.It Va varsize 383Controls the size of a created 384.Pa /var 385memory file system. 386.It Va varmfs_flags 387Extra options passed to the 388.Xr mdmfs 8 389utility when the memory file system for 390.Pa /var 391is created. 392The default is 393.Dq Li "-S" , 394which inhibits the use of softupdates on 395.Pa /var 396so that file system space is freed without delay 397after file truncation or deletion. 398See 399.Xr mdmfs 8 400for other options you can use in 401.Va varmfs_flags . 402.It Va populate_var 403Controls the automatic population of the 404.Pa /var 405file system. 406Always happens if set to 407.Dq Li YES 408and never happens if set to 409.Dq Li NO . 410If set to anything else, a memory file system is created if 411.Pa /var 412is not writable. 413Note that this process requires access to certain commands in 414.Pa /usr 415before 416.Pa /usr 417is mounted on normal systems. 418.It Va cleanvar_enable 419.Pq Vt bool 420Clean the 421.Pa /var 422directory. 423.It Va local_startup 424.Pq Vt str 425List of directories to search for startup script files. 426.It Va script_name_sep 427.Pq Vt str 428The field separator to use for breaking down the list of startup script files 429into individual filenames. 430The default is a space. 431It is not necessary to change this unless there are startup scripts with names 432containing spaces. 433.It Va hostapd_enable 434.Pq Vt bool 435Set to 436.Dq Li YES 437to start 438.Xr hostapd 8 439at system boot time. 440.It Va hostname 441.Pq Vt str 442The fully qualified domain name (FQDN) of this host on the network. 443This should almost certainly be set to something meaningful, even if 444there is no network connection. 445If 446.Xr dhclient 8 447is used to set the hostname via DHCP, 448this variable should be set to an empty string. 449Within a 450.Xr jail 8 451the hostname is generally already set and this variable may be absent. 452If this value remains unset when the system is done booting 453your console login will display the default hostname of 454.Dq Amnesiac . 455.It Va nisdomainname 456.Pq Vt str 457The NIS domain name of this host, or 458.Dq Li NO 459if NIS is not used. 460.It Va dhclient_program 461.Pq Vt str 462Path to the DHCP client program 463.Pa ( /sbin/dhclient , 464the 465.Ox 466DHCP client, 467is the default). 468.It Va dhclient_flags 469.Pq Vt str 470Additional flags to pass to the DHCP client program. 471For the 472.Ox 473DHCP client, see the 474.Xr dhclient 8 475manpage for a description of the command line options available. 476.It Va dhclient_flags_ Ns Aq Ar iface 477Additional flags to pass to the DHCP client program running on 478.Ar iface 479only. 480When specified, this variable overrides 481.Va dhclient_flags . 482.It Va background_dhclient 483.Pq Vt bool 484Set to 485.Dq Li YES 486to start the DHCP client in background. 487This can cause trouble with applications depending on 488a working network, but it will provide a faster startup 489in many cases. 490.It Va background_dhclient_ Ns Aq Ar iface 491When specified, this variable overrides the 492.Va background_dhclient 493variable for interface 494.Ar iface 495only. 496.It Va synchronous_dhclient 497.Pq Vt bool 498Set to 499.Dq Li YES 500to start 501.Xr dhclient 8 502synchronously at startup. 503This behavior can be overridden on a per-interface basis by replacing 504the 505.Dq Li DHCP 506keyword in the 507.Va ifconfig_ Ns Aq Ar interface 508variable with 509.Dq Li SYNCDHCP 510or 511.Dq Li NOSYNCDHCP . 512.It Va defaultroute_delay 513.Pq Vt int 514When set to a positive value, wait up to this long after configuring 515DHCP interfaces at startup to give the interfaces time to receive a lease. 516.It Va firewall_enable 517.Pq Vt bool 518Set to 519.Dq Li YES 520to load firewall rules at startup. 521If the kernel was not built with 522.Cd "options IPFIREWALL" , 523the 524.Pa ipfw.ko 525kernel module will be loaded. 526See also 527.Va ipfilter_enable . 528.It Va firewall_script 529.Pq Vt str 530This variable specifies the full path to the firewall script to run. 531The default is 532.Pa /etc/rc.firewall . 533.It Va firewall_type 534.Pq Vt str 535Names the firewall type from the selection in 536.Pa /etc/rc.firewall , 537or the file which contains the local firewall ruleset. 538Valid selections from 539.Pa /etc/rc.firewall 540are: 541.Pp 542.Bl -tag -width ".Li workstation" -compact 543.It Li open 544unrestricted IP access 545.It Li closed 546all IP services disabled, except via 547.Dq Li lo0 548.It Li client 549basic protection for a workstation 550.It Li workstation 551basic protection for a workstation using stateful firewalling 552.It Li simple 553basic protection for a LAN. 554.El 555.Pp 556If a filename is specified, the full path 557must be given. 558.Pp 559Most of the predefined rulesets define additional configuration variables. 560These are documented in 561.Pa /etc/rc.firewall . 562.It Va firewall_quiet 563.Pq Vt bool 564Set to 565.Dq Li YES 566to disable the display of firewall rules on the console during boot. 567.It Va firewall_logging 568.Pq Vt bool 569Set to 570.Dq Li YES 571to enable firewall event logging. 572This is equivalent to the 573.Dv IPFIREWALL_VERBOSE 574kernel option. 575.It Va firewall_logif 576.Pq Vt bool 577Set to 578.Dq Li YES 579to create pseudo interface 580.Li ipfw0 581for logging. 582For more details, see 583.Xr ipfw 8 584manual page. 585.It Va firewall_flags 586.Pq Vt str 587Flags passed to 588.Xr ipfw 8 589if 590.Va firewall_type 591specifies a filename. 592.It Va firewall_coscripts 593.Pq Vt str 594List of executables and/or rc scripts to run after firewall starts/stops. 595Default is empty. 596.\" ----- firewall_nat_enable setting -------------------------------- 597.It Va firewall_nat_enable 598.Pq Vt bool 599The 600.Xr ipfw 8 601equivalent of 602.Va natd_enable . 603Setting this to 604.Dq Li YES 605will automatically load the 606.Xr ipfw 8 607NAT kernel module if 608.Va firewall_enable 609is also set to 610.Dq Li YES . 611.It Va firewall_nat_interface 612.Pq Vt str 613The 614.Xr ipfw 8 615equivalent of 616.Va natd_interface . 617This is the name of the public interface or IP address on which 618kernel NAT should run. 619.It Va firewall_nat_flags 620.Pq Vt str 621Additional configuration parameters for kernel NAT should be placed here. 622.It Va firewall_nat64_enable 623.Pq Vt bool 624Setting this to 625.Dq Li YES 626will automatically load the 627.Xr ipfw 8 628NAT64 kernel module if 629.Va firewall_enable 630is also set to 631.Dq Li YES . 632.It Va firewall_nptv6_enable 633.Pq Vt bool 634Setting this to 635.Dq Li YES 636will automatically load the 637.Xr ipfw 8 638NPTv6 kernel module if 639.Va firewall_enable 640is also set to 641.Dq Li YES . 642.It Va firewall_pmod_enable 643.Pq Vt bool 644Setting this to 645.Dq Li YES 646will automatically load the 647.Xr ipfw 8 648pmod kernel module if 649.Va firewall_enable 650is also set to 651.Dq Li YES . 652.It Va dummynet_enable 653.Pq Vt bool 654Setting this to 655.Dq Li YES 656will automatically load the 657.Xr dummynet 4 658module if 659.Va firewall_enable 660is also set to 661.Dq Li YES . 662.\" ------------------------------------------------------------------- 663.It Va ipfw_netflow_enable 664.Pq Vt bool 665Setting this to 666.Dq Li YES 667will enable netflow logging via 668.Xr ng_netflow 4 669.Pp 670By default a ipfw rule is inserted and all packets are duplicated with 671the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 672port using protocol version 5. 673.It Va ipfw_netflow_hook 674.Pq Vt int 675netflow hook name, must be numerical 676(default 677.Pa 9995 ) . 678.It Va ipfw_netflow_rule 679.Pq Vt int 680ipfw rule number 681(default 682.Pa 1000 ) . 683.It Va ipfw_netflow_ip 684.Pq Vt str 685Destination server ip for receiving netflow data 686(default 687.Pa 127.0.0.1 ) . 688.It Va ipfw_netflow_port 689.Pq Vt int 690Destination server port for receiving netflow data 691(default 692.Pa 9995 ) . 693.It Va ipfw_netflow_version 694.Pq Vt int 695Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 696.It Va ipfw_netflow_fib 697.Pq Vt int 698Only match packet in FIB 699.Pa ipfw_netflow_fib 700(default is undefined meaning all FIBs). 701.It Va natd_program 702.Pq Vt str 703Path to 704.Xr natd 8 . 705.It Va natd_enable 706.Pq Vt bool 707Set to 708.Dq Li YES 709to enable 710.Xr natd 8 . 711.Va firewall_enable 712must also be set to 713.Dq Li YES , 714and 715.Xr divert 4 716sockets must be enabled in the kernel. 717If the kernel was not built with 718.Cd "options IPDIVERT" , 719the 720.Pa ipdivert.ko 721kernel module will be loaded. 722.It Va natd_interface 723.Pq Vt str 724This is the name of the public interface on which 725.Xr natd 8 726should run. 727The interface may be given as an interface name or as an IP address. 728.It Va natd_flags 729.Pq Vt str 730Additional 731.Xr natd 8 732flags should be placed here. 733The 734.Fl n 735or 736.Fl a 737flag is automatically added with the above 738.Va natd_interface 739as an argument. 740.\" ----- ipfilter_enable setting -------------------------------- 741.It Va ipfilter_enable 742.Pq Vt bool 743Set to 744.Dq Li NO 745by default. 746Setting this to 747.Dq Li YES 748enables 749.Xr ipf 8 750packet filtering. 751.Pp 752Typical usage will require putting 753.Bd -literal 754ipfilter_enable="YES" 755ipnat_enable="YES" 756ipmon_enable="YES" 757ipfs_enable="YES" 758.Ed 759.Pp 760into 761.Pa /etc/rc.conf 762and editing 763.Pa /etc/ipf.rules 764and 765.Pa /etc/ipnat.rules 766appropriately. 767.Pp 768Note that 769.Va ipfilter_enable 770and 771.Va ipnat_enable 772can be enabled independently. 773.Va ipmon_enable 774and 775.Va ipfs_enable 776both require at least one of 777.Va ipfilter_enable 778and 779.Va ipnat_enable 780to be enabled. 781.Pp 782Having 783.Bd -literal 784options IPFILTER 785options IPFILTER_LOG 786options IPFILTER_DEFAULT_BLOCK 787.Ed 788.Pp 789in the kernel configuration file is a good idea, too. 790.\" ----- ipfilter_program setting ------------------------------ 791.It Va ipfilter_program 792.Pq Vt str 793Path to 794.Xr ipf 8 795(default 796.Pa /sbin/ipf ) . 797.\" ----- ipfilter_rules setting -------------------------------- 798.It Va ipfilter_rules 799.Pq Vt str 800Set to 801.Pa /etc/ipf.rules 802by default. 803This variable contains the name of the filter rule definition file. 804The file is expected to be readable for the 805.Xr ipf 8 806command to execute. 807.\" ----- ipfilter_flags setting -------------------------------- 808.It Va ipfilter_flags 809.Pq Vt str 810Empty by default. 811This variable contains flags passed to the 812.Xr ipf 8 813program. 814.\" ----- ipnat_enable setting ---------------------------------- 815.It Va ipnat_enable 816.Pq Vt bool 817Set to 818.Dq Li NO 819by default. 820Set it to 821.Dq Li YES 822to enable 823.Xr ipnat 8 824network address translation. 825See 826.Va ipfilter_enable 827for a detailed discussion. 828.\" ----- ipnat_program setting --------------------------------- 829.It Va ipnat_program 830.Pq Vt str 831Path to 832.Xr ipnat 8 833(default 834.Pa /sbin/ipnat ) . 835.\" ----- ipnat_rules setting ----------------------------------- 836.It Va ipnat_rules 837.Pq Vt str 838Set to 839.Pa /etc/ipnat.rules 840by default. 841This variable contains the name of the file 842holding the network address translation definition. 843This file is expected to be readable for the 844.Xr ipnat 8 845command to execute. 846.\" ----- ipnat_flags setting ----------------------------------- 847.It Va ipnat_flags 848.Pq Vt str 849Empty by default. 850This variable contains flags passed to the 851.Xr ipnat 8 852program. 853.\" ----- ipmon_enable setting ---------------------------------- 854.It Va ipmon_enable 855.Pq Vt bool 856Set to 857.Dq Li NO 858by default. 859Set it to 860.Dq Li YES 861to enable 862.Xr ipmon 8 863monitoring (logging 864.Xr ipf 8 865and 866.Xr ipnat 8 867events). 868Setting this variable needs setting 869.Va ipfilter_enable 870or 871.Va ipnat_enable 872too. 873See 874.Va ipfilter_enable 875for a detailed discussion. 876.\" ----- ipmon_program setting --------------------------------- 877.It Va ipmon_program 878.Pq Vt str 879Path to 880.Xr ipmon 8 881(default 882.Pa /sbin/ipmon ) . 883.\" ----- ipmon_flags setting ----------------------------------- 884.It Va ipmon_flags 885.Pq Vt str 886Set to 887.Dq Li -Ds 888by default. 889This variable contains flags passed to the 890.Xr ipmon 8 891program. 892Another typical example would be 893.Dq Fl D Pa /var/log/ipflog 894to have 895.Xr ipmon 8 896log directly to a file bypassing 897.Xr syslogd 8 . 898Make sure to adjust 899.Pa /etc/newsyslog.conf 900in such case like this: 901.Bd -literal 902/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 903.Ed 904.\" ----- ipfs_enable setting ----------------------------------- 905.It Va ipfs_enable 906.Pq Vt bool 907Set to 908.Dq Li NO 909by default. 910Set it to 911.Dq Li YES 912to enable 913.Xr ipfs 8 914saving the filter and NAT state tables during shutdown 915and reloading them during startup again. 916Setting this variable needs setting 917.Va ipfilter_enable 918or 919.Va ipnat_enable 920to 921.Dq Li YES 922too. 923See 924.Va ipfilter_enable 925for a detailed discussion. 926Note that if 927.Va kern_securelevel 928is set to 3, 929.Va ipfs_enable 930cannot be used 931because the raised securelevel will prevent 932.Xr ipfs 8 933from saving the state tables at shutdown time. 934.\" ----- ipfs_program setting ---------------------------------- 935.It Va ipfs_program 936.Pq Vt str 937Path to 938.Xr ipfs 8 939(default 940.Pa /sbin/ipfs ) . 941.\" ----- ipfs_flags setting ------------------------------------ 942.It Va ipfs_flags 943.Pq Vt str 944Empty by default. 945This variable contains flags passed to the 946.Xr ipfs 8 947program. 948.\" ----- end of added ipf hook --------------------------------- 949.It Va pf_enable 950.Pq Vt bool 951Set to 952.Dq Li NO 953by default. 954Setting this to 955.Dq Li YES 956enables 957.Xr pf 4 958packet filtering. 959.Pp 960Typical usage will require putting 961.Pp 962.Dl pf_enable="YES" 963.Pp 964into 965.Pa /etc/rc.conf 966and editing 967.Pa /etc/pf.conf 968appropriately. 969Adding 970.Pp 971.Dl "device pf" 972.Pp 973builds support for 974.Xr pf 4 975into the kernel, otherwise the 976kernel module will be loaded. 977.It Va pf_rules 978.Pq Vt str 979Path to 980.Xr pf 4 981ruleset configuration file 982(default 983.Pa /etc/pf.conf ) . 984.It Va pf_program 985.Pq Vt str 986Path to 987.Xr pfctl 8 988(default 989.Pa /sbin/pfctl ) . 990.It Va pf_flags 991.Pq Vt str 992If 993.Va pf_enable 994is set to 995.Dq Li YES , 996these flags are passed to the 997.Xr pfctl 8 998program when loading the ruleset. 999.It Va pf_fallback_rules_enable 1000.Pq Vt bool 1001Set to 1002.Dq Li NO 1003by default. 1004Setting this to 1005.Dq Li YES 1006enables loading 1007.Va pf_fallback_rules_file 1008or 1009.Va pf_fallback_rules 1010in case of a problem when loading the ruleset in 1011.Va pf_rules . 1012.It Va pf_fallback_rules_file 1013.Pq Vt str 1014Path to a pf ruleset to load in case of failure when loading the 1015ruleset in 1016.Va pf_rules 1017(default 1018.Pa /etc/pf-fallback.conf ) . 1019.It Va pf_fallback_rules 1020.Pq Vt str 1021A pf ruleset to load in case of failure when loading the ruleset in 1022.Va pf_rules 1023and 1024.Va pf_fallback_rules_file 1025is not found. 1026Multiple rules can be set as follows: 1027.Bd -literal 1028pf_fallback_rules="\\ 1029 block drop log all\\ 1030 pass in quick on em0" 1031.Pp 1032.Ed 1033The default fallback rule is 1034.Dq block drop log all 1035.It Va pflog_enable 1036.Pq Vt bool 1037Set to 1038.Dq Li NO 1039by default. 1040Setting this to 1041.Dq Li YES 1042enables 1043.Xr pflogd 8 1044which logs packets from the 1045.Xr pf 4 1046packet filter. 1047.It Va pflog_logfile 1048.Pq Vt str 1049If 1050.Va pflog_enable 1051is set to 1052.Dq Li YES 1053this controls where 1054.Xr pflogd 8 1055stores the logfile 1056(default 1057.Pa /var/log/pflog ) . 1058Check 1059.Pa /etc/newsyslog.conf 1060to adjust logfile rotation for this. 1061.It Va pflog_program 1062.Pq Vt str 1063Path to 1064.Xr pflogd 8 1065(default 1066.Pa /sbin/pflogd ) . 1067.It Va pflog_flags 1068.Pq Vt str 1069Empty by default. 1070This variable contains additional flags passed to the 1071.Xr pflogd 8 1072program. 1073.It Va pflog_instances 1074.Pq Vt str 1075If logging to more than one 1076.Xr pflog 4 1077interface is desired, 1078.Va pflog_instances 1079is set to the list of 1080.Xr pflogd 8 1081instances that should be started at system boot time. 1082If 1083.Va pflog_instances 1084is set, for each whitespace-separated 1085.Ar element 1086in the list, 1087.Ao Ar element Ac Ns Va _dev 1088and 1089.Ao Ar element Ac Ns Va _logfile 1090elements are assumed to exist. 1091.Ao Ar element Ac Ns Va _dev 1092must contain the 1093.Xr pflog 4 1094interface to be watched by the named 1095.Xr pflogd 8 1096instance. 1097.Ao Ar element Ac Ns Va _logfile 1098must contain the name of the logfile that will be used by the 1099.Xr pflogd 8 1100instance. 1101.It Va ftpproxy_enable 1102.Pq Vt bool 1103Set to 1104.Dq Li NO 1105by default. 1106Setting this to 1107.Dq Li YES 1108enables 1109.Xr ftp-proxy 8 1110which supports the 1111.Xr pf 4 1112packet filter in translating ftp connections. 1113.It Va ftpproxy_flags 1114.Pq Vt str 1115Empty by default. 1116This variable contains additional flags passed to the 1117.Xr ftp-proxy 8 1118program. 1119.It Va ftpproxy_instances 1120.Pq Vt str 1121Empty by default. 1122If multiple instances of 1123.Xr ftp-proxy 8 1124are desired at boot time, 1125.Va ftpproxy_instances 1126should contain a whitespace-separated list of instance names. 1127For each 1128.Ar element 1129in the list, a variable named 1130.Ao Ar element Ac Ns Va _flags 1131should be defined, containing the command-line flags to be passed to the 1132.Xr ftp-proxy 8 1133instance. 1134.It Va pfsync_enable 1135.Pq Vt bool 1136Set to 1137.Dq Li NO 1138by default. 1139Setting this to 1140.Dq Li YES 1141enables exposing 1142.Xr pf 4 1143state changes to other hosts over the network by means of 1144.Xr pfsync 4 . 1145The 1146.Va pfsync_syncdev 1147variable 1148must also be set then. 1149.It Va pfsync_syncdev 1150.Pq Vt str 1151Empty by default. 1152This variable specifies the name of the network interface 1153.Xr pfsync 4 1154should operate through. 1155It must be set accordingly if 1156.Va pfsync_enable 1157is set to 1158.Dq Li YES . 1159.It Va pfsync_syncpeer 1160.Pq Vt str 1161Empty by default. 1162This variable is optional. 1163By default, state change messages are sent out on the synchronisation 1164interface using IP multicast packets. 1165The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1166224.0.0.240. 1167When a peer address is specified using the 1168.Va pfsync_syncpeer 1169option, the peer address is used as a destination for the pfsync 1170traffic, and the traffic can then be protected using 1171.Xr ipsec 4 . 1172See the 1173.Xr pfsync 4 1174manpage for more details about using 1175.Xr ipsec 4 1176with 1177.Xr pfsync 4 1178interfaces. 1179.It Va pfsync_ifconfig 1180.Pq Vt str 1181Empty by default. 1182This variable can contain additional options to be passed to the 1183.Xr ifconfig 8 1184command used to set up 1185.Xr pfsync 4 . 1186.It Va tcp_extensions 1187.Pq Vt bool 1188Set to 1189.Dq Li YES 1190by default. 1191Setting this to 1192.Dq Li NO 1193disables certain TCP options as described by 1194.Rs 1195.%T "RFC 1323" 1196.Re 1197Setting this to 1198.Dq Li NO 1199might help remedy such problems with connections as randomly hanging 1200or other weird behavior. 1201Some network devices are known 1202to be broken with respect to these options. 1203.It Va log_in_vain 1204.Pq Vt int 1205Set to 0 by default. 1206The 1207.Xr sysctl 8 1208variables, 1209.Va net.inet.tcp.log_in_vain 1210and 1211.Va net.inet.udp.log_in_vain , 1212as described in 1213.Xr tcp 4 1214and 1215.Xr udp 4 , 1216are set to the given value. 1217.It Va tcp_keepalive 1218.Pq Vt bool 1219Set to 1220.Dq Li YES 1221by default. 1222Setting to 1223.Dq Li NO 1224will disable probing idle TCP connections to verify that the 1225peer is still up and reachable. 1226.It Va tcp_drop_synfin 1227.Pq Vt bool 1228Set to 1229.Dq Li NO 1230by default. 1231Setting to 1232.Dq Li YES 1233will cause the kernel to ignore TCP frames that have both 1234the SYN and FIN flags set. 1235This prevents OS fingerprinting, but may 1236break some legitimate applications. 1237.It Va icmp_drop_redirect 1238.Pq Vt bool 1239Set to 1240.Dq Li AUTO 1241by default. 1242This setting will be identical to 1243.Dq Li YES , 1244if a dynamicrouting daemon is enabled, because redirect processing may 1245cause performance issues for large routing tables. 1246If no such service is enabled, this setting behaves like a 1247.Dq Li NO . 1248Setting to 1249.Dq Li YES 1250will cause the kernel to ignore ICMP REDIRECT packets. 1251Setting to 1252.Dq Li NO 1253will cause the kernel to process ICMP REDIRECT packets. 1254Refer to 1255.Xr icmp 4 1256for more information. 1257.It Va icmp_log_redirect 1258.Pq Vt bool 1259Set to 1260.Dq Li NO 1261by default. 1262Setting to 1263.Dq Li YES 1264will cause the kernel to log ICMP REDIRECT packets. 1265Note that 1266the log messages are not rate-limited, so this option should only be used 1267for troubleshooting networks. 1268Refer to 1269.Xr icmp 4 1270for more information. 1271.It Va icmp_bmcastecho 1272.Pq Vt bool 1273Set to 1274.Dq Li YES 1275to respond to broadcast or multicast ICMP ping packets. 1276Refer to 1277.Xr icmp 4 1278for more information. 1279.It Va ip_portrange_first 1280.Pq Vt int 1281If not set to 1282.Dq Li NO , 1283this is the first port in the default portrange. 1284Refer to 1285.Xr ip 4 1286for more information. 1287.It Va ip_portrange_last 1288.Pq Vt int 1289If not set to 1290.Dq Li NO , 1291this is the last port in the default portrange. 1292Refer to 1293.Xr ip 4 1294for more information. 1295.It Va network_interfaces 1296.Pq Vt str 1297Set to the list of network interfaces to configure on this host or 1298.Dq Li AUTO 1299(the default) for all current interfaces. 1300Setting the 1301.Va network_interfaces 1302variable to anything other than the default is deprecated. 1303Interfaces that the administrator wishes to store configuration for, 1304but not start at boot should be configured with the 1305.Dq Li NOAUTO 1306keyword in their 1307.Va ifconfig_ Ns Aq Ar interface 1308variables as described below. 1309.Pp 1310An 1311.Va ifconfig_ Ns Aq Ar interface 1312variable is also assumed to exist for each value of 1313.Ar interface . 1314When an interface name contains any of the characters 1315.Dq Li .-/+ 1316they are translated to 1317.Dq Li _ 1318before lookup. 1319The variable can contain arguments to 1320.Xr ifconfig 8 , 1321as well as special case-insensitive keywords described below. 1322Such keywords are removed before passing the value to 1323.Xr ifconfig 8 1324while the order of the other arguments is preserved. 1325.Pp 1326It is possible to add IP alias entries using 1327.Xr ifconfig 8 1328syntax with the address family keyword such as 1329.Li inet . 1330Assuming that the interface in question was 1331.Li em0 , 1332it might look something like this: 1333.Bd -literal 1334ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1335ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1336.Ed 1337.Pp 1338It also possible to configure multiple IP addresses in Classless 1339Inter-Domain Routing 1340.Pq CIDR 1341address notation, 1342whose each address component can be a range like 1343.Li inet 192.0.2.5-23/24 1344or 1345.Li inet6 2001:db8:1-f::1/64 . 1346This notation allows address and prefix length part only, 1347not the other address modifiers. 1348Note that the maximum number of the generated addresses from a range 1349specification is limited to an integer value specified in 1350.Va netif_ipexpand_max 1351in 1352.Nm 1353because a small typo can unexpectedly generate a large number of addresses. 1354The default value is 1355.Li 2048 . 1356It can be increased by adding the following line into 1357.Nm : 1358.Bd -literal 1359netif_ipexpand_max="4096" 1360.Ed 1361.Pp 1362In the case of 1363.Li 192.0.2.5-23/24 , 1364the address 192.0.2.5 will be configured with the 1365netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1366the non-conflicting netmask /32 as explained in the 1367.Xr ifconfig 8 1368alias section. 1369Note that this special netmask handling is only for 1370.Li inet , 1371not for the other address families such as 1372.Li inet6 . 1373.Pp 1374With the interface in question being 1375.Li em0 , 1376an example could look like: 1377.Bd -literal 1378ifconfig_em0_alias2="inet 192.0.2.129/27" 1379ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1380.Ed 1381.Pp 1382and so on. 1383.Pp 1384Note that deprecated 1385.Va ipv4_addrs_ Ns Aq Ar interface 1386variable was supported for IPv4 CIDR address notation. 1387The 1388.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1389variable replaces it, though 1390.Va ipv4_addrs_ Ns Aq Ar interface 1391is still supported for backward compatibility. 1392.Pp 1393For each 1394.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1395entry with an address family keyword, 1396its contents are passed to 1397.Xr ifconfig 8 . 1398Execution stops at the first unsuccessful access, so if 1399something like this is present: 1400.Bd -literal 1401ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1402ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1403ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1404ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1405.Ed 1406.Pp 1407Then note that alias4 would 1408.Em not 1409be added since the search would 1410stop with the missing 1411.Dq Li alias3 1412entry. 1413Because of this difficult to manage behavior, 1414there is 1415.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1416variable, which has the same functionality as 1417.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1418and can have all of entries in a variable like the following: 1419.Bd -literal 1420ifconfig_em0_aliases="\\ 1421 inet 127.0.0.251 netmask 0xffffffff \\ 1422 inet 127.0.0.252 netmask 0xffffffff \\ 1423 inet 127.0.0.253 netmask 0xffffffff \\ 1424 inet 127.0.0.254 netmask 0xffffffff" 1425.Ed 1426.Pp 1427It also supports CIDR notation. 1428.Pp 1429If the 1430.Pa /etc/start_if . Ns Aq Ar interface 1431file is present, it is read and executed by the 1432.Xr sh 1 1433interpreter 1434before configuring the interface as specified in the 1435.Va ifconfig_ Ns Aq Ar interface 1436and 1437.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1438variables. 1439.Pp 1440If a 1441.Va vlans_ Ns Aq Ar interface 1442variable is set, 1443a 1444.Xr vlan 4 1445interface will be created for each item in the list with the 1446.Ar vlandev 1447argument set to 1448.Ar interface . 1449If a vlan interface's name is a number, 1450then that number is used as the vlan tag and the new vlan interface is 1451named 1452.Ar interface . Ns Ar tag . 1453Otherwise, 1454the vlan tag must be specified via a 1455.Va vlan 1456parameter in the 1457.Va create_args_ Ns Aq Ar interface 1458variable. 1459.Pp 1460To create a vlan device named 1461.Li em0.101 1462on 1463.Li em0 1464with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1465.Bd -literal 1466vlans_em0="101" 1467ifconfig_em0_101="inet 192.0.2.1/24" 1468.Ed 1469.Pp 1470To create a vlan device named 1471.Li myvlan 1472on 1473.Li em0 1474with the vlan tag 102: 1475.Bd -literal 1476vlans_em0="myvlan" 1477create_args_myvlan="vlan 102" 1478.Ed 1479.Pp 1480If a 1481.Va wlans_ Ns Aq Ar interface 1482variable is set, 1483an 1484.Xr wlan 4 1485interface will be created for each item in the list with the 1486.Ar wlandev 1487argument set to 1488.Ar interface . 1489Further wlan cloning arguments may be passed to the 1490.Xr ifconfig 8 1491.Cm create 1492command by setting the 1493.Va create_args_ Ns Aq Ar interface 1494variable. 1495One or more 1496.Xr wlan 4 1497devices must be created for each wireless devices as of 1498.Fx 8.0 . 1499Debugging flags for 1500.Xr wlan 4 1501devices as set by 1502.Xr wlandebug 8 1503may be specified with an 1504.Va wlandebug_ Ns Aq Ar interface 1505variable. 1506The contents of this variable will be passed directly to 1507.Xr wlandebug 8 . 1508.Pp 1509If the 1510.Va ifconfig_ Ns Aq Ar interface 1511contains the keyword 1512.Dq Li NOAUTO 1513then the interface will not be configured 1514at boot or by 1515.Pa /etc/pccard_ether 1516when 1517.Va network_interfaces 1518is set to 1519.Dq Li AUTO . 1520.Pp 1521It is possible to bring up an interface with DHCP by adding 1522.Dq Li DHCP 1523to the 1524.Va ifconfig_ Ns Aq Ar interface 1525variable. 1526For instance, to initialize the 1527.Li em0 1528device via DHCP, 1529it is possible to use something like: 1530.Bd -literal 1531ifconfig_em0="DHCP" 1532.Ed 1533.Pp 1534If you want to configure your wireless interface with 1535.Xr wpa_supplicant 8 1536for use with WPA, EAP/LEAP or WEP, you need to add 1537.Dq Li WPA 1538to the 1539.Va ifconfig_ Ns Aq Ar interface 1540variable. 1541.Pp 1542On the other hand, if you want to configure your wireless interface with 1543.Xr hostapd 8 , 1544you need to add 1545.Dq Li HOSTAP 1546to the 1547.Va ifconfig_ Ns Aq Ar interface 1548variable. 1549.Xr hostapd 8 1550will use the settings from 1551.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1552.Pp 1553Finally, you can add 1554.Xr ifconfig 8 1555options in this variable, in addition to the 1556.Pa /etc/start_if . Ns Aq Ar interface 1557file. 1558For instance, to configure an 1559.Xr ath 4 1560wireless device in station mode with an address obtained 1561via DHCP, using WPA authentication and 802.11b mode, it is 1562possible to use something like: 1563.Bd -literal 1564wlans_ath0="wlan0" 1565ifconfig_wlan0="DHCP WPA mode 11b" 1566.Ed 1567.Pp 1568In addition to the 1569.Va ifconfig_ Ns Aq Ar interface 1570form, a fallback variable 1571.Va ifconfig_DEFAULT 1572may be configured. 1573It will be used for all interfaces with no 1574.Va ifconfig_ Ns Aq Ar interface 1575variable. 1576This is intended to replace the no longer supported 1577.Va pccard_ifconfig 1578variable. 1579.Pp 1580It is also possible to rename an interface by doing: 1581.Bd -literal 1582ifconfig_em0_name="net0" 1583ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1584.Ed 1585.It Va ipv6_enable 1586.Pq Vt bool 1587This variable is deprecated. 1588Use 1589.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1590and 1591.Va ipv6_activate_all_interfaces 1592if necessary. 1593.Pp 1594If the variable is 1595.Dq Li YES , 1596.Dq Li inet6 accept_rtadv 1597is added to all of 1598.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1599and the 1600.Va ipv6_activate_all_interfaces 1601is defined as 1602.Dq Li YES . 1603.It Va ipv6_prefer 1604.Pq Vt bool 1605This variable is deprecated. 1606Use 1607.Va ip6addrctl_policy 1608instead. 1609.Pp 1610If the variable is 1611.Dq Li YES , 1612the default address selection policy table set by 1613.Xr ip6addrctl 8 1614will be IPv6-preferred. 1615.Pp 1616If the variable is 1617.Dq Li NO , 1618the default address selection policy table set by 1619.Xr ip6addrctl 8 1620will be IPv4-preferred. 1621.It Va ipv6_activate_all_interfaces 1622.Pq Vt bool 1623This controls initial configuration on IPv6-capable 1624interfaces with no corresponding 1625.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1626variable. 1627Note that it is not always necessary to set this variable to 1628.Dq YES 1629to use IPv6 functionality on 1630.Fx . 1631In most cases, just configuring 1632.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1633variables works. 1634.Pp 1635If the variable is 1636.Dq Li NO , 1637all interfaces which do not have a corresponding 1638.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1639variable will be marked as 1640.Dq Li IFDISABLED 1641at creation. 1642This means that all of IPv6 functionality on that interface 1643is completely disabled to enforce a security policy. 1644If the variable is set to 1645.Dq YES , 1646the flag will be cleared on all of the interfaces. 1647.Pp 1648In most cases, just defining an 1649.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1650for an IPv6-capable interface should be sufficient. 1651However, if an interface is added dynamically 1652.Pq by some tunneling protocols such as PPP, for example , 1653it is often difficult to define the variable in advance. 1654In such a case, configuring the 1655.Dq Li IFDISABLED 1656flag can be disabled by setting this variable to 1657.Dq YES . 1658.Pp 1659For more details of the 1660.Dq Li IFDISABLED 1661flag and keywords 1662.Dq Li inet6 ifdisabled , 1663see 1664.Xr ifconfig 8 . 1665.Pp 1666Default is 1667.Dq Li NO . 1668.It Va ipv6_privacy 1669.Pq Vt bool 1670If the variable is 1671.Dq Li YES 1672privacy addresses will be generated for each IPv6 1673interface as described in RFC 4941. 1674.It Va ipv6_network_interfaces 1675.Pq Vt str 1676This is the IPv6 equivalent of 1677.Va network_interfaces . 1678Normally manual configuration of this variable is not needed. 1679.It Va ipv6_cpe_wanif 1680.Pq Vt str 1681If the variable is set to an interface name, 1682the 1683.Xr ifconfig 8 1684options 1685.Dq inet6 -no_radr accept_rtadv 1686will be added to the specified interface automatically before evaluating 1687.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1688and two 1689.Xr sysctl 8 1690variables 1691.Va net.inet6.ip6.rfc6204w3 1692and 1693.Va net.inet6.ip6.no_radr 1694will be set to 1. 1695.Pp 1696This means the specified interface will accept ICMPv6 Router 1697Advertisement messages on that link and add the discovered 1698routers into the Default Router List. 1699While the other interfaces can still accept RA messages if the 1700.Dq inet6 accept_rtadv 1701option is specified, adding 1702routes into the Default Router List will be disabled by 1703.Dq inet6 no_radr 1704option by default. 1705See 1706.Xr ifconfig 8 1707for more details. 1708.Pp 1709Note that ICMPv6 Router Advertisement messages will be 1710accepted even when 1711.Va net.inet6.ip6.forwarding 1712is 1 1713.Pq packet forwarding is enabled 1714when 1715.Va net.inet6.ip6.rfc6204w3 1716is set to 1. 1717.Pp 1718Default is 1719.Dq Li NO . 1720.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1721.Pq Vt str 1722This assigns arbitrary description to an interface. 1723The 1724.Xr sysctl 8 1725variable 1726.Va net.ifdescr_maxlen 1727limits its length. 1728This static setting may be overridden by commands 1729started with dynamic interface configuration utilities 1730like 1731.Xr dhclient 8 1732hooks. 1733The description can be seen with 1734.Xr ifconfig 8 1735command and it may be exported with 1736.Xr bsnmpd 1 1737daemon using its MIB-2 module. 1738.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1739.Pq Vt str 1740IPv6 functionality on an interface should be configured by 1741.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1742instead of setting ifconfig parameters in 1743.Va ifconfig_ Ns Aq Ar interface . 1744If this variable is empty, all of IPv6 configurations on the 1745specified interface by other variables such as 1746.Va ipv6_prefix_ Ns Ao Ar interface Ac 1747will be ignored. 1748.Pp 1749Aliases should be set by 1750.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1751with 1752.Dq Li inet6 1753keyword. 1754For example: 1755.Bd -literal 1756ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1757ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1758.Ed 1759.Pp 1760Interfaces that have an 1761.Dq Li inet6 accept_rtadv 1762keyword in 1763.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1764setting will be automatically configured by SLAAC 1765.Pq StateLess Address AutoConfiguration 1766described in 1767.Rs 1768.%T "RFC 4862" 1769.Re 1770.Pp 1771Note that a link-local address will be automatically configured in 1772addition to the configured global-scope addresses because the IPv6 1773specifications require it on each link. 1774The address is calculated from the MAC address by using an algorithm 1775defined in 1776.Rs 1777.%T "RFC 4862" 1778.%O "Section 5.3" 1779.Re 1780.Pp 1781If only a link-local address is needed on the interface, 1782the following configuration can be used: 1783.Bd -literal 1784ifconfig_em0_ipv6="inet6 auto_linklocal" 1785.Ed 1786.Pp 1787A link-local address can also be configured manually. 1788This is useful for the default router address of an IPv6 router 1789so that it does not change when the network interface 1790card is replaced. 1791For example: 1792.Bd -literal 1793ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1794.Ed 1795.It Va ipv6_prefix_ Ns Aq Ar interface 1796.Pq Vt str 1797If one or more prefixes are defined in 1798.Va ipv6_prefix_ Ns Aq Ar interface 1799addresses based on each prefix and the EUI-64 interface index will be 1800configured on that interface. 1801Note that this variable will be ignored when 1802.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1803is empty. 1804.Pp 1805For example, the following configuration 1806.Bd -literal 1807ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1808.Ed 1809.Pp 1810is equivalent to the following: 1811.Bd -literal 1812ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1813ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1814ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1815ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1816.Ed 1817.Pp 1818These Subnet-Router anycast addresses will be added only when 1819.Va ipv6_gateway_enable 1820is YES. 1821.It Va ipv6_default_interface 1822.Pq Vt str 1823If not set to 1824.Dq Li NO , 1825this is the default output interface for scoped addresses. 1826This works only with ipv6_gateway_enable="NO". 1827.It Va ip6addrctl_enable 1828.Pq Vt bool 1829This variable is to enable configuring default address selection policy table 1830.Pq RFC 3484 . 1831The table can be specified in another variable 1832.Va ip6addrctl_policy . 1833For 1834.Va ip6addrctl_policy 1835the following keywords can be specified: 1836.Dq Li ipv4_prefer , 1837.Dq Li ipv6_prefer , 1838or 1839.Dq Li AUTO . 1840.Pp 1841If 1842.Dq Li ipv4_prefer 1843or 1844.Dq Li ipv6_prefer 1845is specified, 1846.Xr ip6addrctl 8 1847installs a pre-defined policy table described in Section 10.3 1848.Pq IPv4-preferred 1849or 2.1 1850.Pq IPv6-preferred 1851of RFC 3484. 1852.Pp 1853If 1854.Dq Li AUTO 1855is specified, it attempts to read a file 1856.Pa /etc/ip6addrctl.conf 1857first. 1858If this file is found, 1859.Xr ip6addrctl 8 1860reads and installs it. 1861If not found, a policy is automatically set 1862according to 1863.Va ipv6_activate_all_interfaces 1864variable; if the variable is set to 1865.Dq Li YES 1866the IPv6-preferred one is used. 1867Otherwise IPv4-preferred. 1868.Pp 1869The default value of 1870.Va ip6addrctl_enable 1871and 1872.Va ip6addrctl_policy 1873are 1874.Dq Li YES 1875and 1876.Dq Li AUTO , 1877respectively. 1878.It Va cloned_interfaces 1879.Pq Vt str 1880Set to the list of clonable network interfaces to create on this host. 1881Further cloning arguments may be passed to the 1882.Xr ifconfig 8 1883.Cm create 1884command for each interface by setting the 1885.Va create_args_ Ns Aq Ar interface 1886variable. 1887If an interface name is specified with 1888.Dq :sticky 1889keyword, 1890the interface will not be destroyed even when 1891.Pa rc.d/netif 1892script is invoked with 1893.Dq stop 1894argument. 1895This is useful when reconfiguring the interface without destroying it. 1896Entries in 1897.Va cloned_interfaces 1898are automatically appended to 1899.Va network_interfaces 1900for configuration. 1901.It Va cloned_interfaces_sticky 1902.Pq Vt bool 1903This variable is to globally enable functionality of 1904.Dq :sticky 1905keyword in 1906.Va cloned_interfaces 1907for all interfaces. 1908The default value is 1909.Dq NO . 1910Even if this variable is specified to 1911.Dq YES , 1912.Dq :nosticky 1913keyword can be used to override it on per interface basis. 1914.It Va gif_interfaces 1915Set to the list of 1916.Xr gif 4 1917tunnel interfaces to configure on this host. 1918A 1919.Va gifconfig_ Ns Aq Ar interface 1920variable is assumed to exist for each value of 1921.Ar interface . 1922The value of this variable is used to configure the link layer of the 1923tunnel using the 1924.Cm tunnel 1925option to 1926.Xr ifconfig 8 . 1927Additionally, this option ensures that each listed interface is created 1928via the 1929.Cm create 1930option to 1931.Xr ifconfig 8 1932before attempting to configure it. 1933.Pp 1934For example, configure two 1935.Xr gif 4 1936interfaces with: 1937.Bd -literal 1938gif_interfaces="gif0 gif1" 1939gifconfig_gif0="100.64.0.1 100.64.0.2" 1940ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1941gifconfig_gif1="inet6 2a00::1 2a01::1" 1942ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1943.Ed 1944.It Va sppp_interfaces 1945.Pq Vt str 1946Set to the list of 1947.Xr sppp 4 1948interfaces to configure on this host. 1949A 1950.Va spppconfig_ Ns Aq Ar interface 1951variable is assumed to exist for each value of 1952.Ar interface . 1953Each interface should also be configured by a general 1954.Va ifconfig_ Ns Aq Ar interface 1955setting. 1956Refer to 1957.Xr spppcontrol 8 1958for more information about available options. 1959.It Va ppp_enable 1960.Pq Vt bool 1961If set to 1962.Dq Li YES , 1963run the 1964.Xr ppp 8 1965daemon. 1966.It Va ppp_profile 1967.Pq Vt str 1968The name of the profile to use from 1969.Pa /etc/ppp/ppp.conf . 1970Also used for per-profile overrides of 1971.Va ppp_mode 1972and 1973.Va ppp_nat , 1974and 1975.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1976When the profile name contains any of the characters 1977.Dq Li .-/+ 1978they are translated to 1979.Dq Li _ 1980for the proposes of the override variable names. 1981.It Va ppp_mode 1982.Pq Vt str 1983Mode in which to run the 1984.Xr ppp 8 1985daemon. 1986.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1987.Pq Vt str 1988Overrides the global 1989.Va ppp_mode 1990for 1991.Ar profile . 1992Accepted modes are 1993.Dq Li auto , 1994.Dq Li ddial , 1995.Dq Li direct 1996and 1997.Dq Li dedicated . 1998See the manual for a full description. 1999.It Va ppp_nat 2000.Pq Vt bool 2001If set to 2002.Dq Li YES , 2003enables network address translation. 2004Used in conjunction with 2005.Va gateway_enable 2006allows hosts on private network addresses access to the Internet using 2007this host as a network address translating router. 2008Default is 2009.Dq Li YES . 2010.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 2011.Pq Vt str 2012Overrides the global 2013.Va ppp_nat 2014for 2015.Ar profile . 2016.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 2017.Pq Vt int 2018Set the unit number to be used for this profile. 2019See the manual description of 2020.Fl unit Ns Ar N 2021for details. 2022.It Va ppp_user 2023.Pq Vt str 2024The name of the user under which 2025.Xr ppp 8 2026should be started. 2027By 2028default, 2029.Xr ppp 8 2030is started as 2031.Dq Li root . 2032.It Va rc_conf_files 2033.Pq Vt str 2034This option is used to specify a list of files that will override 2035the settings in 2036.Pa /etc/defaults/rc.conf . 2037The files will be read in the order in which they are specified and should 2038include the full path to the file. 2039By default, the files specified are 2040.Pa /etc/rc.conf 2041and 2042.Pa /etc/rc.conf.local 2043.It Va zfs_enable 2044.Pq Vt bool 2045If set to 2046.Dq Li YES , 2047.Pa /etc/rc.d/zfs 2048will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2049(ZVOLs). 2050.It Va gptboot_enable 2051.Pq Vt bool 2052If set to 2053.Dq Li YES , 2054.Pa /etc/rc.d/gptboot 2055will log if the system successfully (or not) booted from a GPT partition, 2056which had the 2057.Ar bootonce 2058attribute set using 2059.Xr gpart 8 2060utility. 2061.It Va gbde_autoattach_all 2062.Pq Vt bool 2063If set to 2064.Dq Li YES , 2065.Pa /etc/rc.d/gbde 2066will attempt to automatically initialize your .bde devices in 2067.Pa /etc/fstab . 2068.It Va gbde_devices 2069.Pq Vt str 2070List the devices that the script should try to attach, 2071or 2072.Dq Li AUTO . 2073.It Va gbde_lockdir 2074.Pq Vt str 2075The directory where the 2076.Xr gbde 4 2077lockfiles are located. 2078The default lockfile directory is 2079.Pa /etc . 2080.Pp 2081The lockfile for each individual 2082.Xr gbde 4 2083device can be overridden by setting the variable 2084.Va gbde_lock_ Ns Aq Ar device , 2085where 2086.Ar device 2087is the encrypted device without the 2088.Dq Pa /dev/ 2089and 2090.Dq Pa .bde 2091parts. 2092.It Va gbde_attach_attempts 2093.Pq Vt int 2094Number of times to attempt attaching to a 2095.Xr gbde 4 2096device, i.e., how many times the user is asked for the pass-phrase. 2097Default is 3. 2098.It Va geli_devices 2099.Pq Vt str 2100List of devices to automatically attach on boot. 2101Note that .eli devices from 2102.Pa /etc/fstab 2103are automatically appended to this list. 2104.It Va geli_groups 2105.Pq Vt str 2106List of groups containing devices to automatically attach on boot with the same 2107keyfiles and passphrase. 2108This must be accompanied with a corresponding 2109.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2110variable. 2111.It Va geli_tries 2112.Pq Vt int 2113Number of times user is asked for the pass-phrase. 2114If empty, it will be taken from 2115.Va kern.geom.eli.tries 2116sysctl variable. 2117.It Va geli_default_flags 2118.Pq Vt str 2119Default flags to use by 2120.Xr geli 8 2121when configuring disk encryption. 2122Flags can be configured for every device separately by defining the 2123.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2124variable, and for every group separately by defining the 2125.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2126variable. 2127.It Va geli_autodetach 2128.Pq Vt str 2129Specifies if GELI devices should be marked for detach on last close after 2130file systems are mounted. 2131Default is 2132.Dq Li YES . 2133This can be changed for every device separately by defining the 2134.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2135variable. 2136.It Va root_rw_mount 2137.Pq Vt bool 2138Set to 2139.Dq Li YES 2140by default. 2141After the file systems are checked at boot time, the root file system 2142is remounted as read-write if this is set to 2143.Dq Li YES . 2144Diskless systems that mount their root file system from a read-only remote 2145NFS share should set this to 2146.Dq Li NO 2147in their 2148.Pa rc.conf . 2149.It Va fsck_y_enable 2150.Pq Vt bool 2151If set to 2152.Dq Li YES , 2153.Xr fsck 8 2154will be run with the 2155.Fl y 2156flag if the initial preen 2157of the file systems fails. 2158.It Va background_fsck 2159.Pq Vt bool 2160If set to 2161.Dq Li NO , 2162the system will not attempt to run 2163.Xr fsck 8 2164in the background where possible. 2165.It Va background_fsck_delay 2166.Pq Vt int 2167The amount of time in seconds to sleep before starting a background 2168.Xr fsck 8 . 2169It defaults to sixty seconds to allow large applications such as 2170the X server to start before disk I/O bandwidth is monopolized by 2171.Xr fsck 8 . 2172If set to a negative number, the background file system check will be 2173delayed indefinitely to allow the administrator to run it at a more 2174convenient time. 2175For example it may be run from 2176.Xr cron 8 2177by adding a line like 2178.Pp 2179.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2180.Pp 2181to 2182.Pa /etc/crontab . 2183.It Va netfs_types 2184.Pq Vt str 2185List of file system types that are network-based. 2186This list should generally not be modified by end users. 2187Use 2188.Va extra_netfs_types 2189instead. 2190.It Va extra_netfs_types 2191.Pq Vt str 2192If set to something other than 2193.Dq Li NO 2194(the default), 2195this variable extends the list of file system types 2196for which automatic mounting at startup by 2197.Xr rc 8 2198should be delayed until the network is initialized. 2199It should contain 2200a whitespace-separated list of network file system descriptor pairs, 2201each consisting of a file system type as passed to 2202.Xr mount 8 2203and a human-readable, one-word description, 2204joined with a colon 2205.Pq Ql \&: . 2206Extending the default list in this way is only necessary 2207when third party file system types are used. 2208.It Va syslogd_enable 2209.Pq Vt bool 2210If set to 2211.Dq Li YES , 2212run the 2213.Xr syslogd 8 2214daemon. 2215.It Va syslogd_program 2216.Pq Vt str 2217Path to 2218.Xr syslogd 8 2219(default 2220.Pa /usr/sbin/syslogd ) . 2221.It Va syslogd_flags 2222.Pq Vt str 2223If 2224.Va syslogd_enable 2225is set to 2226.Dq Li YES , 2227these are the flags to pass to 2228.Xr syslogd 8 . 2229.It Va inetd_enable 2230.Pq Vt bool 2231If set to 2232.Dq Li YES , 2233run the 2234.Xr inetd 8 2235daemon. 2236.It Va inetd_program 2237.Pq Vt str 2238Path to 2239.Xr inetd 8 2240(default 2241.Pa /usr/sbin/inetd ) . 2242.It Va inetd_flags 2243.Pq Vt str 2244If 2245.Va inetd_enable 2246is set to 2247.Dq Li YES , 2248these are the flags to pass to 2249.Xr inetd 8 . 2250.It Va hastd_enable 2251.Pq Vt bool 2252If set to 2253.Dq Li YES , 2254run the 2255.Xr hastd 8 2256daemon. 2257.It Va hastd_program 2258.Pq Vt str 2259Path to 2260.Xr hastd 8 2261(default 2262.Pa /sbin/hastd ) . 2263.It Va hastd_flags 2264.Pq Vt str 2265If 2266.Va hastd_enable 2267is set to 2268.Dq Li YES , 2269these are the flags to pass to 2270.Xr hastd 8 . 2271.It Va local_unbound_enable 2272.Pq Vt bool 2273If set to 2274.Dq Li YES , 2275run the 2276.Xr unbound 8 2277daemon as a local caching resolver. 2278.It Va kdc_enable 2279.Pq Vt bool 2280Set to 2281.Dq Li YES 2282to start a Kerberos 5 authentication server 2283at boot time. 2284.It Va kdc_program 2285.Pq Vt str 2286If 2287.Va kdc_enable 2288is set to 2289.Dq Li YES 2290this is the path to Kerberos 5 Authentication Server. 2291.It Va kdc_flags 2292.Pq Vt str 2293Empty by default. 2294This variable contains additional flags to be passed to the Kerberos 5 2295authentication server. 2296.It Va kadmind_enable 2297.Pq Vt bool 2298Set to 2299.Dq Li YES 2300to start 2301.Xr kadmind 8 , 2302the Kerberos 5 Administration Daemon; set to 2303.Dq Li NO 2304on a slave server. 2305.It Va kadmind_program 2306.Pq Vt str 2307If 2308.Va kadmind_enable 2309is set to 2310.Dq Li YES 2311this is the path to Kerberos 5 Administration Daemon. 2312.It Va kpasswdd_enable 2313.Pq Vt bool 2314Set to 2315.Dq Li YES 2316to start 2317.Xr kpasswdd 8 , 2318the Kerberos 5 Password-Changing Daemon; set to 2319.Dq Li NO 2320on a slave server. 2321.It Va kpasswdd_program 2322.Pq Vt str 2323If 2324.Va kpasswdd_enable 2325is set to 2326.Dq Li YES 2327this is the path to Kerberos 5 Password-Changing Daemon. 2328.It Va kfd_enable 2329.Pq Vt bool 2330Set to 2331.Dq Li YES 2332to start 2333.Xr kfd 8 , 2334the Kerberos 5 ticket forwarding daemon, at the boot time. 2335.It Va kfd_program 2336.Pq Vt str 2337Path to 2338.Xr kfd 8 2339(default 2340.Pa /usr/libexec/kfd ) . 2341.It Va rwhod_enable 2342.Pq Vt bool 2343If set to 2344.Dq Li YES , 2345run the 2346.Xr rwhod 8 2347daemon at boot time. 2348.It Va rwhod_flags 2349.Pq Vt str 2350If 2351.Va rwhod_enable 2352is set to 2353.Dq Li YES , 2354these are the flags to pass to it. 2355.It Va amd_enable 2356.Pq Vt bool 2357If set to 2358.Dq Li YES , 2359run the 2360.Xr amd 8 2361daemon at boot time. 2362.It Va amd_flags 2363.Pq Vt str 2364If 2365.Va amd_enable 2366is set to 2367.Dq Li YES , 2368these are the flags to pass to it. 2369See the 2370.Xr amd 8 2371manpage for more information. 2372.It Va amd_map_program 2373.Pq Vt str 2374If set, 2375the specified program is run to get the list of 2376.Xr amd 8 2377maps. 2378For example, if the 2379.Xr amd 8 2380maps are stored in NIS, one can set this to 2381run 2382.Xr ypcat 1 2383to get a list of 2384.Xr amd 8 2385maps from the 2386.Pa amd.master 2387NIS map. 2388.It Va update_motd 2389.Pq Vt bool 2390If set to 2391.Dq Li YES , 2392.Pa /etc/motd 2393will be updated at boot time to reflect the kernel release 2394being run. 2395If set to 2396.Dq Li NO , 2397.Pa /etc/motd 2398will not be updated. 2399.It Va nfs_client_enable 2400.Pq Vt bool 2401If set to 2402.Dq Li YES , 2403run the NFS client daemons at boot time. 2404.It Va nfs_access_cache 2405.Pq Vt int 2406If 2407.Va nfs_client_enable 2408is set to 2409.Dq Li YES , 2410this can be set to 2411.Dq Li 0 2412to disable NFS ACCESS RPC caching, or to the number of seconds for which 2413NFS ACCESS 2414results should be cached. 2415A value of 2-10 seconds will substantially reduce network 2416traffic for many NFS operations. 2417.It Va nfs_server_enable 2418.Pq Vt bool 2419If set to 2420.Dq Li YES , 2421run the NFS server daemons at boot time. 2422.It Va nfs_server_flags 2423.Pq Vt str 2424If 2425.Va nfs_server_enable 2426is set to 2427.Dq Li YES , 2428these are the flags to pass to the 2429.Xr nfsd 8 2430daemon. 2431.It Va nfsv4_server_enable 2432.Pq Vt bool 2433If 2434.Va nfs_server_enable 2435is set to 2436.Dq Li YES 2437and 2438.Va nfsv4_server_enable 2439are set to 2440.Dq Li YES , 2441enable the server for NFSv4 as well as NFSv2 and NFSv3. 2442.It Va nfsuserd_enable 2443.Pq Vt bool 2444If 2445.Va nfsuserd_enable 2446is set to 2447.Dq Li YES , 2448run the nfsuserd daemon, which is needed for NFSv4 in order 2449to map between user/group names vs uid/gid numbers. 2450If 2451.Va nfsv4_server_enable 2452is set to 2453.Dq Li YES , 2454this will be forced enabled. 2455.It Va nfsuserd_flags 2456.Pq Vt str 2457If 2458.Va nfsuserd_enable 2459is set to 2460.Dq Li YES , 2461these are the flags to pass to the 2462.Xr nfsuserd 8 2463daemon. 2464.It Va nfscbd_enable 2465.Pq Vt bool 2466If 2467.Va nfscbd_enable 2468is set to 2469.Dq Li YES , 2470run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2471.It Va nfscbd_flags 2472.Pq Vt str 2473If 2474.Va nfscbd_enable 2475is set to 2476.Dq Li YES , 2477these are the flags to pass to the 2478.Xr nfscbd 8 2479daemon. 2480.It Va mountd_enable 2481.Pq Vt bool 2482If set to 2483.Dq Li YES , 2484and no 2485.Va nfs_server_enable 2486is set, start 2487.Xr mountd 8 , 2488but not 2489.Xr nfsd 8 2490daemon. 2491It is commonly needed to run CFS without real NFS used. 2492.It Va mountd_flags 2493.Pq Vt str 2494If 2495.Va mountd_enable 2496is set to 2497.Dq Li YES , 2498these are the flags to pass to the 2499.Xr mountd 8 2500daemon. 2501.It Va weak_mountd_authentication 2502.Pq Vt bool 2503If set to 2504.Dq Li YES , 2505allow services like PCNFSD to make non-privileged mount 2506requests. 2507.It Va nfs_reserved_port_only 2508.Pq Vt bool 2509If set to 2510.Dq Li YES , 2511provide NFS services only on a secure port. 2512.It Va nfs_bufpackets 2513.Pq Vt int 2514If set to a number, indicates the number of packets worth of 2515socket buffer space to reserve on an NFS client. 2516The kernel default is typically 4. 2517Using a higher number may be 2518useful on gigabit networks to improve performance. 2519The minimum value is 25202 and the maximum is 64. 2521.It Va rpc_lockd_enable 2522.Pq Vt bool 2523If set to 2524.Dq Li YES 2525and also an NFS server or client, run 2526.Xr rpc.lockd 8 2527at boot time. 2528.It Va rpc_lockd_flags 2529.Pq Vt str 2530If 2531.Va rpc_lockd_enable 2532is set to 2533.Dq Li YES , 2534these are the flags to pass to the 2535.Xr rpc.lockd 8 2536daemon. 2537.It Va rpc_statd_enable 2538.Pq Vt bool 2539If set to 2540.Dq Li YES 2541and also an NFS server or client, run 2542.Xr rpc.statd 8 2543at boot time. 2544.It Va rpc_statd_flags 2545.Pq Vt str 2546If 2547.Va rpc_statd_enable 2548is set to 2549.Dq Li YES , 2550these are the flags to pass to the 2551.Xr rpc.statd 8 2552daemon. 2553.It Va rpcbind_program 2554.Pq Vt str 2555Path to 2556.Xr rpcbind 8 2557(default 2558.Pa /usr/sbin/rpcbind ) . 2559.It Va rpcbind_enable 2560.Pq Vt bool 2561If set to 2562.Dq Li YES , 2563run the 2564.Xr rpcbind 8 2565service at boot time. 2566.It Va rpcbind_flags 2567.Pq Vt str 2568If 2569.Va rpcbind_enable 2570is set to 2571.Dq Li YES , 2572these are the flags to pass to the 2573.Xr rpcbind 8 2574daemon. 2575.It Va keyserv_enable 2576.Pq Vt bool 2577If set to 2578.Dq Li YES , 2579run the 2580.Xr keyserv 8 2581daemon on boot for running Secure RPC. 2582.It Va keyserv_flags 2583.Pq Vt str 2584If 2585.Va keyserv_enable 2586is set to 2587.Dq Li YES , 2588these are the flags to pass to 2589.Xr keyserv 8 2590daemon. 2591.It Va pppoed_enable 2592.Pq Vt bool 2593If set to 2594.Dq Li YES , 2595run the 2596.Xr pppoed 8 2597daemon at boot time to provide PPP over Ethernet services. 2598.It Va pppoed_ Ns Aq Ar provider 2599.Pq Vt str 2600.Xr pppoed 8 2601listens to requests to this 2602.Ar provider 2603and ultimately runs 2604.Xr ppp 8 2605with a 2606.Ar system 2607argument of the same name. 2608.It Va pppoed_flags 2609.Pq Vt str 2610Additional flags to pass to 2611.Xr pppoed 8 . 2612.It Va pppoed_interface 2613.Pq Vt str 2614The network interface to run 2615.Xr pppoed 8 2616on. 2617This is mandatory when 2618.Va pppoed_enable 2619is set to 2620.Dq Li YES . 2621.It Va ntpdate_enable 2622.Pq Vt bool 2623If set to 2624.Dq Li YES , 2625run 2626.Xr ntpdate 8 2627at system startup. 2628This command is intended to 2629synchronize the system clock only 2630.Em once 2631from some standard reference. 2632.Pp 2633Note that the use of the 2634.Va ntpd_sync_on_start 2635variable is a preferred alternative to the 2636.Xr ntpdate 8 2637utility as 2638.Xr ntpdate 8 2639is to be retired from the NTP distribution. 2640.It Va ntpdate_config 2641.Pq Vt str 2642Configuration file for 2643.Xr ntpdate 8 . 2644Default 2645.Pa /etc/ntp.conf . 2646.It Va ntpdate_hosts 2647.Pq Vt str 2648A whitespace-separated list of NTP servers to synchronize with at startup. 2649The default is to use the servers listed in 2650.Va ntpdate_config , 2651if that file exists. 2652.It Va ntpdate_program 2653.Pq Vt str 2654Path to 2655.Xr ntpdate 8 2656(default 2657.Pa /usr/sbin/ntpdate ) . 2658.It Va ntpdate_flags 2659.Pq Vt str 2660If 2661.Va ntpdate_enable 2662is set to 2663.Dq Li YES , 2664these are the flags to pass to the 2665.Xr ntpdate 8 2666command (typically a hostname). 2667.It Va ntpd_enable 2668.Pq Vt bool 2669If set to 2670.Dq Li YES , 2671run the 2672.Xr ntpd 8 2673command at boot time. 2674.It Va ntpd_program 2675.Pq Vt str 2676Path to 2677.Xr ntpd 8 2678(default 2679.Pa /usr/sbin/ntpd ) . 2680.It Va ntpd_config 2681.Pq Vt str 2682Path to 2683.Xr ntpd 8 2684configuration file. 2685Default 2686.Pa /etc/ntp.conf . 2687.It Va ntpd_flags 2688.Pq Vt str 2689If 2690.Va ntpd_enable 2691is set to 2692.Dq Li YES , 2693these are the flags to pass to the 2694.Xr ntpd 8 2695daemon. 2696.It Va ntpd_sync_on_start 2697.Pq Vt bool 2698If set to 2699.Dq Li YES , 2700.Xr ntpd 8 2701is run with the 2702.Fl g 2703flag, which syncs the system's clock on startup. 2704See 2705.Xr ntpd 8 2706for more information regarding the 2707.Fl g 2708option. 2709This is a preferred alternative to using 2710.Xr ntpdate 8 2711or specifying the 2712.Va ntpdate_enable 2713variable. 2714.It Va nis_client_enable 2715.Pq Vt bool 2716If set to 2717.Dq Li YES , 2718run the 2719.Xr ypbind 8 2720service at system boot time. 2721.It Va nis_client_flags 2722.Pq Vt str 2723If 2724.Va nis_client_enable 2725is set to 2726.Dq Li YES , 2727these are the flags to pass to the 2728.Xr ypbind 8 2729service. 2730.It Va nis_ypldap_enable 2731.Pq Vt bool 2732If set to 2733.Dq Li YES , 2734run the 2735.Xr ypldap 8 2736daemon at system boot time. 2737.It Va nis_ypldap_flags 2738.Pq Vt str 2739If 2740.Va nis.ypldap_enable 2741is set to 2742.Dq Li YES , 2743these are the flags to pass to the 2744.Xr ypldap 8 2745daemon. 2746.It Va nis_ypset_enable 2747.Pq Vt bool 2748If set to 2749.Dq Li YES , 2750run the 2751.Xr ypset 8 2752daemon at system boot time. 2753.It Va nis_ypset_flags 2754.Pq Vt str 2755If 2756.Va nis_ypset_enable 2757is set to 2758.Dq Li YES , 2759these are the flags to pass to the 2760.Xr ypset 8 2761daemon. 2762.It Va nis_server_enable 2763.Pq Vt bool 2764If set to 2765.Dq Li YES , 2766run the 2767.Xr ypserv 8 2768daemon at system boot time. 2769.It Va nis_server_flags 2770.Pq Vt str 2771If 2772.Va nis_server_enable 2773is set to 2774.Dq Li YES , 2775these are the flags to pass to the 2776.Xr ypserv 8 2777daemon. 2778.It Va nis_ypxfrd_enable 2779.Pq Vt bool 2780If set to 2781.Dq Li YES , 2782run the 2783.Xr rpc.ypxfrd 8 2784daemon at system boot time. 2785.It Va nis_ypxfrd_flags 2786.Pq Vt str 2787If 2788.Va nis_ypxfrd_enable 2789is set to 2790.Dq Li YES , 2791these are the flags to pass to the 2792.Xr rpc.ypxfrd 8 2793daemon. 2794.It Va nis_yppasswdd_enable 2795.Pq Vt bool 2796If set to 2797.Dq Li YES , 2798run the 2799.Xr rpc.yppasswdd 8 2800daemon at system boot time. 2801.It Va nis_yppasswdd_flags 2802.Pq Vt str 2803If 2804.Va nis_yppasswdd_enable 2805is set to 2806.Dq Li YES , 2807these are the flags to pass to the 2808.Xr rpc.yppasswdd 8 2809daemon. 2810.It Va rpc_ypupdated_enable 2811.Pq Vt bool 2812If set to 2813.Dq Li YES , 2814run the 2815.Nm rpc.ypupdated 2816daemon at system boot time. 2817.It Va bsnmpd_enable 2818.Pq Vt bool 2819If set to 2820.Dq Li YES , 2821run the 2822.Xr bsnmpd 1 2823daemon at system boot time. 2824Be sure to understand the security implications of running SNMP daemon 2825on your host. 2826.It Va bsnmpd_flags 2827.Pq Vt str 2828If 2829.Va bsnmpd_enable 2830is set to 2831.Dq Li YES , 2832these are the flags to pass to the 2833.Xr bsnmpd 1 2834daemon. 2835.It Va defaultrouter 2836.Pq Vt str 2837If not set to 2838.Dq Li NO , 2839create a default route to this host name or IP address 2840(use an IP address if this router is also required to get to the 2841name server!). 2842.It Va defaultrouter_fibN 2843.Pq Vt str 2844If not set to 2845.Dq Li NO , 2846create a default route in FIB N to this host name or IP address. 2847.It Va ipv6_defaultrouter 2848.Pq Vt str 2849The IPv6 equivalent of 2850.Va defaultrouter . 2851.It Va ipv6_defaultrouter_fibN 2852.Pq Vt str 2853The IPv6 equivalent of 2854.Va defaultrouter_fibN . 2855.It Va static_arp_pairs 2856.Pq Vt str 2857Set to the list of static ARP pairs that are to be added at system 2858boot time. 2859For each whitespace separated 2860.Ar element 2861in the value, a 2862.Va static_arp_ Ns Aq Ar element 2863variable is assumed to exist whose contents will later be passed to a 2864.Dq Nm arp Cm -S 2865operation. 2866For example 2867.Bd -literal 2868static_arp_pairs="gw" 2869static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2870.Ed 2871.It Va static_ndp_pairs 2872.Pq Vt str 2873Set to the list of static NDP pairs that are to be added at system 2874boot time. 2875For each whitespace separated 2876.Ar element 2877in the value, a 2878.Va static_ndp_ Ns Aq Ar element 2879variable is assumed to exist whose contents will later be passed to a 2880.Dq Nm ndp Cm -s 2881operation. 2882For example 2883.Bd -literal 2884static_ndp_pairs="gw" 2885static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2886.Ed 2887.It Va static_routes 2888.Pq Vt str 2889Set to the list of static routes that are to be added at system 2890boot time. 2891If not set to 2892.Dq Li NO 2893then for each whitespace separated 2894.Ar element 2895in the value, a 2896.Va route_ Ns Aq Ar element 2897variable is assumed to exist 2898whose contents will later be passed to a 2899.Dq Nm route Cm add 2900operation. 2901For example: 2902.Bd -literal 2903static_routes="ext mcast:gif0 gif0local:gif0" 2904route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2905route_mcast="-net 224.0.0.0/4 -iface gif0" 2906route_gif0local="-host 169.254.1.1 -iface lo0" 2907.Ed 2908.Pp 2909When an 2910.Ar element 2911is in the form of 2912.Li name:ifname , 2913the route is specific to the interface 2914.Li ifname . 2915.It Va ipv6_static_routes 2916.Pq Vt str 2917The IPv6 equivalent of 2918.Va static_routes . 2919If not set to 2920.Dq Li NO 2921then for each whitespace separated 2922.Ar element 2923in the value, a 2924.Va ipv6_route_ Ns Aq Ar element 2925variable is assumed to exist 2926whose contents will later be passed to a 2927.Dq Nm route Cm add Fl inet6 2928operation. 2929.It Va gateway_enable 2930.Pq Vt bool 2931If set to 2932.Dq Li YES , 2933configure host to act as an IP router, e.g.\& to forward packets 2934between interfaces. 2935.It Va ipv6_gateway_enable 2936.Pq Vt bool 2937The IPv6 equivalent of 2938.Va gateway_enable . 2939.It Va routed_enable 2940.Pq Vt bool 2941If set to 2942.Dq Li YES , 2943run a routing daemon of some sort, based on the 2944settings of 2945.Va routed_program 2946and 2947.Va routed_flags . 2948.It Va route6d_enable 2949.Pq Vt bool 2950The IPv6 equivalent of 2951.Va routed_enable . 2952If set to 2953.Dq Li YES , 2954run a routing daemon of some sort, based on the 2955settings of 2956.Va route6d_program 2957and 2958.Va route6d_flags . 2959.It Va routed_program 2960.Pq Vt str 2961If 2962.Va routed_enable 2963is set to 2964.Dq Li YES , 2965this is the name of the routing daemon to use. 2966.It Va route6d_program 2967.Pq Vt str 2968The IPv6 equivalent of 2969.Va routed_program . 2970.It Va routed_flags 2971.Pq Vt str 2972If 2973.Va routed_enable 2974is set to 2975.Dq Li YES , 2976these are the flags to pass to the routing daemon. 2977.It Va route6d_flags 2978.Pq Vt str 2979The IPv6 equivalent of 2980.Va routed_flags . 2981.It Va rtadvd_enable 2982.Pq Vt bool 2983If set to 2984.Dq Li YES , 2985run the 2986.Xr rtadvd 8 2987daemon at boot time. 2988The 2989.Xr rtadvd 8 2990utility sends ICMPv6 Router Advertisement messages to 2991the interfaces specified in 2992.Va rtadvd_interfaces . 2993This should only be enabled with great care. 2994You may want to fine-tune 2995.Xr rtadvd.conf 5 . 2996.It Va rtadvd_interfaces 2997.Pq Vt str 2998If 2999.Va rtadvd_enable 3000is set to 3001.Dq Li YES 3002this is the list of interfaces to use. 3003.It Va arpproxy_all 3004.Pq Vt bool 3005If set to 3006.Dq Li YES , 3007enable global proxy ARP. 3008.It Va forward_sourceroute 3009.Pq Vt bool 3010If set to 3011.Dq Li YES 3012and 3013.Va gateway_enable 3014is also set to 3015.Dq Li YES , 3016source-routed packets are forwarded. 3017.It Va accept_sourceroute 3018.Pq Vt bool 3019If set to 3020.Dq Li YES , 3021the system will accept source-routed packets directed at it. 3022.It Va rarpd_enable 3023.Pq Vt bool 3024If set to 3025.Dq Li YES , 3026run the 3027.Xr rarpd 8 3028daemon at system boot time. 3029.It Va rarpd_flags 3030.Pq Vt str 3031If 3032.Va rarpd_enable 3033is set to 3034.Dq Li YES , 3035these are the flags to pass to the 3036.Xr rarpd 8 3037daemon. 3038.It Va bootparamd_enable 3039.Pq Vt bool 3040If set to 3041.Dq Li YES , 3042run the 3043.Xr bootparamd 8 3044daemon at system boot time. 3045.It Va bootparamd_flags 3046.Pq Vt str 3047If 3048.Va bootparamd_enable 3049is set to 3050.Dq Li YES , 3051these are the flags to pass to the 3052.Xr bootparamd 8 3053daemon. 3054.It Va stf_interface_ipv4addr 3055.Pq Vt str 3056If not set to 3057.Dq Li NO , 3058this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3059interface). 3060Specify this entry to enable the 6to4 interface. 3061.It Va stf_interface_ipv4plen 3062.Pq Vt int 3063Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3064An effective value is 0-31. 3065.It Va stf_interface_ipv6_ifid 3066.Pq Vt str 3067IPv6 interface ID for 3068.Xr stf 4 . 3069This can be set to 3070.Dq Li AUTO . 3071.It Va stf_interface_ipv6_slaid 3072.Pq Vt str 3073IPv6 Site Level Aggregator for 3074.Xr stf 4 . 3075.It Va ipv6_ipv4mapping 3076.Pq Vt bool 3077If set to 3078.Dq Li YES 3079this enables IPv4 mapped IPv6 address communication (like 3080.Li ::ffff:a.b.c.d ) . 3081.It Va rtsold_enable 3082.Pq Vt bool 3083Set to 3084.Dq Li YES 3085to enable the 3086.Xr rtsold 8 3087daemon to send ICMPv6 Router Solicitation messages. 3088.It Va rtsold_flags 3089.Pq Vt str 3090If 3091.Va rtsold_enable 3092is set to 3093.Dq Li YES , 3094these are the flags to pass to 3095.Xr rtsold 8 . 3096.It Va rtsol_flags 3097.Pq Vt str 3098For interfaces configured with the 3099.Dq Li inet6 accept_rtadv 3100keyword, these are the flags to pass to 3101.Xr rtsol 8 . 3102.Pp 3103Note that 3104.Va rtsold_enable 3105is mutually exclusive to 3106.Va rtsol_flags ; 3107.Va rtsold_enable 3108takes precedence. 3109.It Va keybell 3110.Pq Vt str 3111The keyboard bell sound. 3112Set to 3113.Dq Li normal , 3114.Dq Li visual , 3115.Dq Li off , 3116or 3117.Dq Li NO 3118if the default behavior is desired. 3119For details, refer to the 3120.Xr kbdcontrol 1 3121manpage. 3122.It Va keyboard 3123.Pq Vt str 3124If set to a non-null string, the virtual console's keyboard input is 3125set to this device. 3126.It Va keymap 3127.Pq Vt str 3128If set to 3129.Dq Li NO , 3130no keymap is installed, otherwise the value is used to install 3131the keymap file found in 3132.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3133(if using 3134.Xr syscons 4 ) or 3135.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3136(if using 3137.Xr vt 4 ) . 3138.It Va keyrate 3139.Pq Vt str 3140The keyboard repeat speed. 3141Set to 3142.Dq Li slow , 3143.Dq Li normal , 3144.Dq Li fast , 3145or 3146.Dq Li NO 3147if the default behavior is desired. 3148.It Va keychange 3149.Pq Vt str 3150If not set to 3151.Dq Li NO , 3152attempt to program the function keys with the value. 3153The value should 3154be a single string of the form: 3155.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3156.It Va cursor 3157.Pq Vt str 3158Can be set to the value of 3159.Dq Li normal , 3160.Dq Li blink , 3161.Dq Li destructive , 3162or 3163.Dq Li NO 3164to set the cursor behavior explicitly or choose the default behavior. 3165.It Va scrnmap 3166.Pq Vt str 3167If set to 3168.Dq Li NO , 3169no screen map is installed, otherwise the value is used to install 3170the screen map file in 3171.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3172This parameter is ignored when using 3173.Xr vt 4 3174as the console driver. 3175.It Va font8x16 3176.Pq Vt str 3177If set to 3178.Dq Li NO , 3179the default 8x16 font value is used for screen size requests, otherwise 3180the value in 3181.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3182or 3183.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3184is used (depending on the console driver being used). 3185.It Va font8x14 3186.Pq Vt str 3187If set to 3188.Dq Li NO , 3189the default 8x14 font value is used for screen size requests, otherwise 3190the value in 3191.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3192or 3193.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3194is used (depending on the console driver being used). 3195.It Va font8x8 3196.Pq Vt str 3197If set to 3198.Dq Li NO , 3199the default 8x8 font value is used for screen size requests, otherwise 3200the value in 3201.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3202or 3203.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3204is used (depending on the console driver being used). 3205.It Va blanktime 3206.Pq Vt int 3207If set to 3208.Dq Li NO , 3209the default screen blanking interval is used, otherwise it is set 3210to 3211.Ar value 3212seconds. 3213.It Va saver 3214.Pq Vt str 3215If not set to 3216.Dq Li NO , 3217this is the actual screen saver to use 3218.Li ( blank , snake , daemon , 3219etc). 3220.It Va moused_nondefault_enable 3221.Pq Vt str 3222If set to 3223.Dq Li NO , 3224the mouse device specified on 3225the command line is not automatically treated as enabled by the 3226.Pa /etc/rc.d/moused 3227script. 3228Having this variable set to 3229.Dq Li YES 3230allows a 3231.Xr usb 4 3232mouse, 3233for example, 3234to be enabled as soon as it is plugged in. 3235.It Va moused_enable 3236.Pq Vt str 3237If set to 3238.Dq Li YES , 3239the 3240.Xr moused 8 3241daemon is started for doing cut/paste selection on the console. 3242.It Va moused_type 3243.Pq Vt str 3244This is the protocol type of the mouse connected to this host. 3245This variable must be set if 3246.Va moused_enable 3247is set to 3248.Dq Li YES . 3249The 3250.Xr moused 8 3251daemon 3252is able to detect the appropriate mouse type automatically in many cases. 3253Set this variable to 3254.Dq Li auto 3255to let the daemon detect it, or 3256select one from the following list if the automatic detection fails. 3257.Pp 3258If the mouse is attached to the PS/2 mouse port, choose 3259.Dq Li auto 3260or 3261.Dq Li ps/2 , 3262regardless of the brand and model of the mouse. 3263Likewise, if the 3264mouse is attached to the bus mouse port, choose 3265.Dq Li auto 3266or 3267.Dq Li busmouse . 3268All other protocols are for serial mice and will not work with 3269the PS/2 and bus mice. 3270If this is a USB mouse, 3271.Dq Li auto 3272is the only protocol type which will work. 3273.Pp 3274.Bl -tag -width ".Li x10mouseremote" -compact 3275.It Li microsoft 3276Microsoft mouse (serial) 3277.It Li intellimouse 3278Microsoft IntelliMouse (serial) 3279.It Li mousesystems 3280Mouse systems Corp.\& mouse (serial) 3281.It Li mmseries 3282MM Series mouse (serial) 3283.It Li logitech 3284Logitech mouse (serial) 3285.It Li busmouse 3286A bus mouse 3287.It Li mouseman 3288Logitech MouseMan and TrackMan (serial) 3289.It Li glidepoint 3290ALPS GlidePoint (serial) 3291.It Li thinkingmouse 3292Kensington ThinkingMouse (serial) 3293.It Li ps/2 3294PS/2 mouse 3295.It Li mmhittab 3296MM HitTablet (serial) 3297.It Li x10mouseremote 3298X10 MouseRemote (serial) 3299.It Li versapad 3300Interlink VersaPad (serial) 3301.El 3302.Pp 3303Even if the mouse is not in the above list, it may be compatible 3304with one in the list. 3305Refer to the manual page for 3306.Xr moused 8 3307for compatibility information. 3308.Pp 3309It should also be noted that while this is enabled, any 3310other client of the mouse (such as an X server) should access 3311the mouse through the virtual mouse device, 3312.Pa /dev/sysmouse , 3313and configure it as a 3314.Dq Li sysmouse 3315type mouse, since all 3316mouse data is converted to this single canonical format when 3317using 3318.Xr moused 8 . 3319If the client program does not support the 3320.Dq Li sysmouse 3321type, 3322specify the 3323.Dq Li mousesystems 3324type. 3325It is the second preferred type. 3326.It Va moused_port 3327.Pq Vt str 3328If 3329.Va moused_enable 3330is set to 3331.Dq Li YES , 3332this is the actual port the mouse is on. 3333It might be 3334.Pa /dev/cuau0 3335for a COM1 serial mouse, or 3336.Pa /dev/psm0 3337for a PS/2 mouse, for example. 3338.It Va moused_flags 3339.Pq Vt str 3340If 3341.Va moused_flags 3342is set, its value is used as an additional set of flags to pass to the 3343.Xr moused 8 3344daemon. 3345.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3346When 3347.Va moused_nondefault_enable 3348is enabled, and a 3349.Xr moused 8 3350daemon is started for a non-default port, the 3351.Va "moused_" Ns Ar XXX Ns Va "_flags" 3352set of options has precedence over and replaces the default 3353.Va moused_flags 3354(where 3355.Ar XXX 3356is the name of the non-default port, i.e.,\& 3357.Ar ums0 ) . 3358By setting 3359.Va "moused_" Ns Ar XXX Ns Va "_flags" 3360it is possible to set up a different set of default flags for each 3361.Xr moused 8 3362instance. 3363For example, you can use 3364.Dq Li "-3" 3365for the default 3366.Va moused_flags 3367to make your laptop's touchpad more comfortable to use, 3368but an empty set of options for 3369.Va moused_ums0_flags 3370when your 3371.Xr usb 4 3372mouse has three or more buttons. 3373.It Va mousechar_start 3374.Pq Vt int 3375If set to 3376.Dq Li NO , 3377the default mouse cursor character range 3378.Li 0xd0 Ns - Ns Li 0xd3 3379is used, 3380otherwise the range start is set 3381to 3382.Ar value 3383character, see 3384.Xr vidcontrol 1 . 3385Use if the default range is occupied in the language code table. 3386.It Va allscreens_flags 3387.Pq Vt str 3388If set, 3389.Xr vidcontrol 1 3390is run with these options for each of the virtual terminals 3391.Pq Pa /dev/ttyv* . 3392For example, 3393.Dq Fl m Cm on 3394will enable the mouse pointer on all virtual terminals 3395if 3396.Va moused_enable 3397is set to 3398.Dq Li YES . 3399.It Va allscreens_kbdflags 3400.Pq Vt str 3401If set, 3402.Xr kbdcontrol 1 3403is run with these options for each of the virtual terminals 3404.Pq Pa /dev/ttyv* . 3405For example, 3406.Dq Fl h Li 200 3407will set the 3408.Xr syscons 4 3409or 3410.Xr vt 4 3411scrollback (history) buffer to 200 lines. 3412.It Va cron_enable 3413.Pq Vt bool 3414If set to 3415.Dq Li YES , 3416run the 3417.Xr cron 8 3418daemon at system boot time. 3419.It Va cron_program 3420.Pq Vt str 3421Path to 3422.Xr cron 8 3423(default 3424.Pa /usr/sbin/cron ) . 3425.It Va cron_flags 3426.Pq Vt str 3427If 3428.Va cron_enable 3429is set to 3430.Dq Li YES , 3431these are the flags to pass to 3432.Xr cron 8 . 3433.It Va cron_dst 3434.Pq Vt bool 3435If set to 3436.Dq Li YES , 3437enable the special handling of transitions to and from the 3438Daylight Saving Time in 3439.Xr cron 8 3440(equivalent to using the flag 3441.Fl s ) . 3442.It Va lpd_program 3443.Pq Vt str 3444Path to 3445.Xr lpd 8 3446(default 3447.Pa /usr/sbin/lpd ) . 3448.It Va lpd_enable 3449.Pq Vt bool 3450If set to 3451.Dq Li YES , 3452run the 3453.Xr lpd 8 3454daemon at system boot time. 3455.It Va lpd_flags 3456.Pq Vt str 3457If 3458.Va lpd_enable 3459is set to 3460.Dq Li YES , 3461these are the flags to pass to the 3462.Xr lpd 8 3463daemon. 3464.It Va chkprintcap_enable 3465.Pq Vt bool 3466If set to 3467.Dq Li YES , 3468run the 3469.Xr chkprintcap 8 3470command before starting the 3471.Xr lpd 8 3472daemon. 3473.It Va chkprintcap_flags 3474.Pq Vt str 3475If 3476.Va lpd_enable 3477and 3478.Va chkprintcap_enable 3479are set to 3480.Dq Li YES , 3481these are the flags to pass to the 3482.Xr chkprintcap 8 3483program. 3484The default is 3485.Dq Li -d , 3486which causes missing directories to be created. 3487.It Va mta_start_script 3488.Pq Vt str 3489This variable specifies the full path to the script to run to start 3490a mail transfer agent. 3491The default is 3492.Pa /etc/rc.sendmail . 3493The 3494.Va sendmail_* 3495variables which 3496.Pa /etc/rc.sendmail 3497uses are documented in the 3498.Xr rc.sendmail 8 3499manual page. 3500.It Va dumpdev 3501.Pq Vt str 3502Indicates the device (usually a swap partition) to which a crash dump 3503should be written in the event of a system crash. 3504If the value of this variable is 3505.Dq Li AUTO , 3506the first suitable swap device listed in 3507.Pa /etc/fstab 3508will be used as dump device. 3509Otherwise, the value of this variable is passed as the argument to 3510.Xr dumpon 8 3511and 3512.Xr savecore 8 . 3513To disable crash dumps, set this variable to 3514.Dq Li NO . 3515.It Va dumpon_flags 3516.Pq Vt str 3517Flags to pass to 3518.Xr dumpon 8 3519when configuring 3520.Va dumpdev 3521as the system dump device. 3522.It Va dumpdir 3523.Pq Vt str 3524When the system reboots after a crash and a crash dump is found on the 3525device specified by the 3526.Va dumpdev 3527variable, 3528.Xr savecore 8 3529will save that crash dump and a copy of the kernel to the directory 3530specified by the 3531.Va dumpdir 3532variable. 3533The default value is 3534.Pa /var/crash . 3535Set to 3536.Dq Li NO 3537to not run 3538.Xr savecore 8 3539at boot time when 3540.Va dumpdir 3541is set. 3542.It Va savecore_enable 3543.Pq Vt bool 3544If set to 3545.Dq Li NO , 3546disable automatic extraction of the crash dump from the 3547.Va dumpdev . 3548.It Va savecore_flags 3549.Pq Vt str 3550If crash dumps are enabled, these are the flags to pass to the 3551.Xr savecore 8 3552utility. 3553.It Va quota_enable 3554.Pq Vt bool 3555Set to 3556.Dq Li YES 3557to turn on user and group disk quotas on system startup via the 3558.Xr quotaon 8 3559command for all file systems marked as having quotas enabled in 3560.Pa /etc/fstab . 3561The kernel must be built with 3562.Cd "options QUOTA" 3563for disk quotas to function. 3564.It Va check_quotas 3565.Pq Vt bool 3566Set to 3567.Dq Li YES 3568to enable user and group disk quota checking via the 3569.Xr quotacheck 8 3570command. 3571.It Va quotacheck_flags 3572.Pq Vt str 3573If 3574.Va quota_enable 3575is set to 3576.Dq Li YES , 3577and 3578.Va check_quotas 3579is set to 3580.Dq Li YES , 3581these are the flags to pass to the 3582.Xr quotacheck 8 3583utility. 3584The default is 3585.Dq Li "-a" , 3586which checks quotas for all file systems with quotas enabled in 3587.Pa /etc/fstab . 3588.It Va quotaon_flags 3589.Pq Vt str 3590If 3591.Va quota_enable 3592is set to 3593.Dq Li YES , 3594these are the flags to pass to the 3595.Xr quotaon 8 3596utility. 3597The default is 3598.Dq Li "-a" , 3599which enables quotas for all file systems with quotas enabled in 3600.Pa /etc/fstab . 3601.It Va quotaoff_flags 3602.Pq Vt str 3603If 3604.Va quota_enable 3605is set to 3606.Dq Li YES , 3607these are the flags to pass to the 3608.Xr quotaoff 8 3609utility when shutting down the quota system. 3610The default is 3611.Dq Li "-a" , 3612which disables quotas for all file systems with quotas enabled in 3613.Pa /etc/fstab . 3614.It Va accounting_enable 3615.Pq Vt bool 3616Set to 3617.Dq Li YES 3618to enable system accounting through the 3619.Xr accton 8 3620facility. 3621.It Va firstboot_sentinel 3622.Pq Vt str 3623This variable specifies the full path to a 3624.Dq first boot 3625sentinel file. 3626If a file exists with this path, 3627.Pa rc.d 3628scripts with the 3629.Dq firstboot 3630keyword will be run on startup and the sentinel file will be deleted 3631after the boot process completes. 3632The sentinel file must be located on a writable file system which is 3633mounted no later than 3634.Va early_late_divider 3635to function properly. 3636The default is 3637.Pa /firstboot . 3638.It Va linux_enable 3639.Pq Vt bool 3640Set to 3641.Dq Li YES 3642to enable Linux/ELF binary emulation at system initial 3643boot time. 3644.It Va sysvipc_enable 3645.Pq Vt bool 3646If set to 3647.Dq Li YES , 3648load System V IPC primitives at boot time. 3649.It Va clear_tmp_enable 3650.Pq Vt bool 3651Set to 3652.Dq Li YES 3653to have 3654.Pa /tmp 3655cleaned at startup. 3656.It Va clear_tmp_X 3657.Pq Vt bool 3658Set to 3659.Dq Li NO 3660to disable removing of X11 lock files, 3661and the removal and (secure) recreation 3662of the various socket directories for X11 3663related programs. 3664.It Va ldconfig_paths 3665.Pq Vt str 3666Set to the list of shared library paths to use with 3667.Xr ldconfig 8 . 3668NOTE: 3669.Pa /lib 3670and 3671.Pa /usr/lib 3672will always be added first, so they need not appear in this list. 3673.It Va ldconfig32_paths 3674.Pq Vt str 3675Set to the list of 32-bit compatibility shared library paths to 3676use with 3677.Xr ldconfig 8 . 3678.It Va ldconfig_insecure 3679.Pq Vt bool 3680The 3681.Xr ldconfig 8 3682utility normally refuses to use directories 3683which are writable by anyone except root. 3684Set this variable to 3685.Dq Li YES 3686to disable that security check during system startup. 3687.It Va ldconfig_local_dirs 3688.Pq Vt str 3689Set to the list of local 3690.Xr ldconfig 8 3691directories. 3692The names of all files in the directories listed will be 3693passed as arguments to 3694.Xr ldconfig 8 . 3695.It Va ldconfig_local32_dirs 3696.Pq Vt str 3697Set to the list of local 32-bit compatibility 3698.Xr ldconfig 8 3699directories. 3700The names of all files in the directories listed will be 3701passed as arguments to 3702.Dq Nm ldconfig Fl 32 . 3703.It Va kern_securelevel_enable 3704.Pq Vt bool 3705Set to 3706.Dq Li YES 3707to set the kernel security level at system startup. 3708.It Va kern_securelevel 3709.Pq Vt int 3710The kernel security level to set at startup. 3711The allowed range of 3712.Ar value 3713ranges from \-1 (the compile time default) to 3 (the 3714most secure). 3715See 3716.Xr security 7 3717for the list of possible security levels and their effect 3718on system operation. 3719.It Va sshd_program 3720.Pq Vt str 3721Path to the SSH server program 3722.Pa ( /usr/sbin/sshd 3723is the default). 3724.It Va sshd_enable 3725.Pq Vt bool 3726Set to 3727.Dq Li YES 3728to start 3729.Xr sshd 8 3730at system boot time. 3731.It Va sshd_flags 3732.Pq Vt str 3733If 3734.Va sshd_enable 3735is set to 3736.Dq Li YES , 3737these are the flags to pass to the 3738.Xr sshd 8 3739daemon. 3740.It Va ftpd_program 3741.Pq Vt str 3742Path to the FTP server program 3743.Pa ( /usr/libexec/ftpd 3744is the default). 3745.It Va ftpd_enable 3746.Pq Vt bool 3747Set to 3748.Dq Li YES 3749to start 3750.Xr ftpd 8 3751as a stand-alone daemon at system boot time. 3752.It Va ftpd_flags 3753.Pq Vt str 3754If 3755.Va ftpd_enable 3756is set to 3757.Dq Li YES , 3758these are the additional flags to pass to the 3759.Xr ftpd 8 3760daemon. 3761.It Va watchdogd_enable 3762.Pq Vt bool 3763If set to 3764.Dq Li YES , 3765start the 3766.Xr watchdogd 8 3767daemon at boot time. 3768This requires that the kernel have been compiled with a 3769.Xr watchdog 4 3770compatible device. 3771.It Va watchdogd_flags 3772.Pq Vt str 3773If 3774.Va watchdogd_enable 3775is set to 3776.Dq Li YES , 3777these are the flags passed to the 3778.Xr watchdogd 8 3779daemon. 3780.It Va watchdogd_timeout 3781.Pq Vt int 3782If 3783.Va watchdogd_enable 3784is set to 3785.Dq Li YES , 3786this is a timeout that will be used by the 3787.Xr watchdogd 8 3788daemon. 3789If this option is set, it overrides 3790.Fl t 3791in 3792.Va watchdogd_flags . 3793.It Va watchdogd_shutdown_timeout 3794.Pq Vt int 3795If 3796.Va watchdogd_enable 3797is set to 3798.Dq Li YES , 3799this is a timeout that will be set by the 3800.Xr watchdogd 8 3801daemon when it exits during the system shutdown. 3802This timeout will not be set when returning to the single-user mode 3803or when the watchdogd service is stopped individually using the 3804.Xr service 8 3805command or the rc.d script. 3806Note that the timeout will be applied if 3807.Xr watchdogd 8 3808is stopped outside of 3809.Xr rc 8 3810framework. 3811If this option is set, it overrides 3812.Fl x 3813in 3814.Va watchdogd_flags . 3815.It Va devfs_rulesets 3816.Pq Vt str 3817List of files containing sets of rules for 3818.Xr devfs 8 . 3819.It Va devfs_system_ruleset 3820.Pq Vt str 3821Rule name(s) to apply to the system 3822.Pa /dev 3823itself. 3824.It Va devfs_set_rulesets 3825.Pq Vt str 3826Pairs of already-mounted 3827.Pa dev 3828directories and rulesets that should be applied to them. 3829For example: /mount/dev=ruleset_name 3830.It Va devfs_load_rulesets 3831.Pq Vt bool 3832If set, always load the default rulesets listed in 3833.Va devfs_rulesets . 3834.It Va performance_cx_lowest 3835.Pq Vt str 3836CPU idle state to use while on AC power. 3837The string 3838.Dq Li LOW 3839indicates that 3840.Xr acpi 4 3841should use the lowest power state available while 3842.Dq Li HIGH 3843indicates that the lowest latency state (less power savings) should be used. 3844.It Va performance_cpu_freq 3845.Pq Vt str 3846CPU clock frequency to use while on AC power. 3847The string 3848.Dq Li LOW 3849indicates that 3850.Xr cpufreq 4 3851should use the lowest frequency available while 3852.Dq Li HIGH 3853indicates that the highest frequency (less power savings) should be used. 3854.It Va economy_cx_lowest 3855.Pq Vt str 3856CPU idle state to use when off AC power. 3857The string 3858.Dq Li LOW 3859indicates that 3860.Xr acpi 4 3861should use the lowest power state available while 3862.Dq Li HIGH 3863indicates that the lowest latency state (less power savings) should be used. 3864.It Va economy_cpu_freq 3865.Pq Vt str 3866CPU clock frequency to use when off AC power. 3867The string 3868.Dq Li LOW 3869indicates that 3870.Xr cpufreq 4 3871should use the lowest frequency available while 3872.Dq Li HIGH 3873indicates that the highest frequency (less power savings) should be used. 3874.It Va jail_enable 3875.Pq Vt bool 3876If set to 3877.Dq Li NO , 3878any configured jails will not be started. 3879.It Va jail_conf 3880.Pq Vt str 3881The configuration filename used by 3882.Xr jail 8 3883utility. 3884The default value is 3885.Pa /etc/jail.conf . 3886.It Va jail_parallel_start 3887.Pq Vt bool 3888If set to 3889.Dq Li YES , 3890all configured jails will be started in the background (in parallel). 3891.It Va jail_flags 3892.Pq Vt str 3893Unset by default. 3894When set, use as default value for 3895.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3896for every jail in 3897.Va jail_list . 3898.It Va jail_list 3899.Pq Vt str 3900A space-delimited list of jail names. 3901When left empty, all of the 3902.Xr jail 8 3903instances defined in the configuration file are started. 3904The names specified in this list control the jail startup order. 3905.Xr jail 8 3906instances missing from 3907.Va jail_list 3908must be started manually. 3909Note that a jail's 3910.Va depend 3911parameter in the configuration file may override this list. 3912.It Va jail_reverse_stop 3913.Pq Vt bool 3914When set to 3915.Dq Li YES , 3916all configured jails in 3917.Va jail_list 3918are stopped in reverse order. 3919.It Va jail_ Ns * variables 3920Note that older releases supported per-jail configuration via 3921.Nm 3922variables. 3923For example, 3924hostname of a jail named 3925.Li vjail 3926was able to be set by 3927.Li jail_vjail_hostname . 3928These per-jail configuration variables are now obsolete in favor of 3929.Xr jail 8 3930configuration file. 3931For backward compatibility, 3932when per-jail configuration variables are defined, 3933.Xr jail 8 3934configuration files are created as 3935.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3936and used. 3937.Pp 3938The following per-jail parameters are handled by 3939.Pa rc.d/jail 3940script out of their corresponding 3941.Nm 3942variables. 3943In addition to them, parameters in 3944.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3945will be added to the configuration file. 3946They must be a semi-colon 3947.Pq Ql \&; 3948delimited list of 3949.Dq key=value . 3950For more details, 3951see 3952.Xr jail 8 3953manual page. 3954.Bl -tag -width "host.hostname" -offset indent 3955.It Li path 3956set from 3957.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3958.It Li host.hostname 3959set from 3960.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3961.It Li exec.consolelog 3962set from 3963.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3964The default value is 3965.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3966.It Li interface 3967set from 3968.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3969.It Li vnet.interface 3970set from 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3972This implies 3973.Li vnet 3974parameter will be enabled and cannot be specified with 3975.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3976.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3977and/or 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3979at the same time. 3980.It Li fstab 3981set from 3982.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3983.It Li mount 3984set from 3985.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3986.It Li exec.fib 3987set from 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3989.It Li exec.start 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3992The parameter name was 3993.Li command 3994in some older releases. 3995.It Li exec.prestart 3996set from 3997.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3998.It Li exec.poststart 3999set from 4000.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 4001.It Li exec.stop 4002set from 4003.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 4004.It Li exec.prestop 4005set from 4006.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 4007.It Li exec.poststop 4008set from 4009.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 4010.It Li ip4.addr 4011set if 4012.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4013or 4014.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4015contain IPv4 addresses 4016.It Li ip6.addr 4017set if 4018.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 4019or 4020.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 4021contain IPv6 addresses 4022.It Li allow.mount 4023set from 4024.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 4025.It Li mount.devfs 4026set from 4027.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 4028.It Li devfs_ruleset 4029set from 4030.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4031This must be an integer, 4032not a string. 4033.It Li mount.fdescfs 4034set from 4035.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4036.It Li allow.set_hostname 4037set from 4038.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4039.It Li allow.rawsocket 4040set from 4041.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4042.It Li allow.sysvipc 4043set from 4044.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4045.El 4046.\" ----------------------------------------------------- 4047.It Va harvest_mask 4048.Pq Vt int 4049Set to a bit-mask 4050representing the entropy sources 4051you wish to harvest. 4052Refer to 4053.Xr random 4 4054for more information. 4055.It Va entropy_dir 4056.Pq Vt str 4057Set to 4058.Dq Li NO 4059to disable caching entropy via 4060.Xr cron 8 . 4061Otherwise set to the directory 4062in which the entropy files are stored. 4063To be useful, 4064there must be 4065a system cron job 4066that regularly writes and rotates 4067files here. 4068All files found 4069will be used at boot time. 4070The default is 4071.Pa /var/db/entropy . 4072.It Va entropy_file 4073.Pq Vt str 4074Set to 4075.Dq Li NO 4076to disable caching entropy through reboots. 4077Otherwise set to the name 4078of a file used to store cached entropy. 4079This file should be located 4080on a file system that is readable 4081before all the volumes specified in 4082.Xr fstab 5 4083are mounted. 4084By default, 4085.Pa /entropy 4086is used, 4087but if 4088.Pa /var/db/entropy-file 4089is found it will also be used. 4090This will be of some use to 4091.Xr bsdinstall 8 . 4092.It Va entropy_boot_file 4093.Pq Vt str 4094Set to 4095.Dq Li NO 4096to disable 4097very early caching entropy 4098through reboots. 4099Otherwise set to the filename 4100used to read 4101very early reboot cached entropy. 4102This file should be located where 4103.Xr loader 8 4104can read it. 4105See also 4106.Xr loader.conf 5 . 4107The default location is 4108.Pa /boot/entropy . 4109.It Va entropy_save_sz 4110.Pq Vt int 4111Size of the entropy cache files saved by 4112.Nm save-entropy 4113periodically. 4114.It Va entropy_save_num 4115.Pq Vt int 4116Number of entropy cache files to save by 4117.Nm save-entropy 4118periodically. 4119.It Va ipsec_enable 4120.Pq Vt bool 4121Set to 4122.Dq Li YES 4123to run 4124.Xr setkey 8 4125on 4126.Va ipsec_file 4127at boot time. 4128.It Va ipsec_file 4129.Pq Vt str 4130Configuration file for 4131.Xr setkey 8 . 4132.It Va dmesg_enable 4133.Pq Vt bool 4134Set to 4135.Dq Li YES 4136to save 4137.Xr dmesg 8 4138to 4139.Pa /var/run/dmesg.boot 4140on boot. 4141.It Va rcshutdown_timeout 4142.Pq Vt int 4143If set, start a watchdog timer in the background which will terminate 4144.Pa rc.shutdown 4145if 4146.Xr shutdown 8 4147has not completed within the specified time (in seconds). 4148Notice that in addition to this soft timeout, 4149.Xr init 8 4150also applies a hard timeout for the execution of 4151.Pa rc.shutdown . 4152This is configured via 4153.Xr sysctl 8 4154variable 4155.Va kern.init_shutdown_timeout 4156and defaults to 120 seconds. 4157Setting the value of 4158.Va rcshutdown_timeout 4159to more than 120 seconds will have no effect until the 4160.Xr sysctl 8 4161variable 4162.Va kern.init_shutdown_timeout 4163is also increased. 4164.It Va virecover_enable 4165.Pq Vt bool 4166Set to 4167.Dq Li NO 4168to prevent the system from trying to 4169recover pre-maturely terminated 4170.Xr vi 1 4171sessions. 4172.It Va ugidfw_enable 4173.Pq Vt bool 4174Set to 4175.Dq Li YES 4176to load the 4177.Xr mac_bsdextended 4 4178module upon system initialization and load a default 4179ruleset file. 4180.It Va bsdextended_script 4181.Pq Vt str 4182The default 4183.Xr mac_bsdextended 4 4184ruleset file to load. 4185The default value of this variable is 4186.Pa /etc/rc.bsdextended . 4187.It Va newsyslog_enable 4188.Pq Vt bool 4189If set to 4190.Dq Li YES , 4191run 4192.Xr newsyslog 8 4193command at startup. 4194.It Va newsyslog_flags 4195.Pq Vt str 4196If 4197.Va newsyslog_enable 4198is set to 4199.Dq Li YES , 4200these are the flags to pass to the 4201.Xr newsyslog 8 4202program. 4203The default is 4204.Dq Li -CN , 4205which causes log files flagged with a 4206.Cm C 4207to be created. 4208.It Va mdconfig_md Ns Aq Ar X 4209.Pq Vt str 4210Arguments to 4211.Xr mdconfig 8 4212for 4213.Xr md 4 4214device 4215.Ar X . 4216At minimum a 4217.Fl t Ar type 4218must be specified and either a 4219.Fl s Ar size 4220for malloc or swap backed 4221.Xr md 4 4222devices or a 4223.Fl f Ar file 4224for vnode backed 4225.Xr md 4 4226devices. 4227Note that 4228.Va mdconfig_md Ns Aq Ar X 4229variables are evaluated until one variable is unset or null. 4230.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4231.Pq Vt str 4232Optional arguments passed to 4233.Xr newfs 8 4234to initialize 4235.Xr md 4 4236device 4237.Ar X . 4238.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4239.Pq Vt str 4240An ownership specification passed to 4241.Xr chown 8 4242after the specified 4243.Xr md 4 4244device 4245.Ar X 4246has been mounted. 4247Both the 4248.Xr md 4 4249device and the mount point will be changed. 4250.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4251.Pq Vt str 4252A mode string passed to 4253.Xr chmod 1 4254after the specified 4255.Xr md 4 4256device 4257.Ar X 4258has been mounted. 4259Both the 4260.Xr md 4 4261device and the mount point will be changed. 4262.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4263.Pq Vt str 4264Files to be copied to the mount point of the 4265.Xr md 4 4266device 4267.Ar X 4268after it has been mounted. 4269.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4270.Pq Vt str 4271Command to execute after the specified 4272.Xr md 4 4273device 4274.Ar X 4275has been mounted. 4276Note that the command is passed to 4277.Ic eval 4278and that both 4279.Va _dev 4280and 4281.Va _mp 4282variables can be used to reference respectively the 4283.Xr md 4 4284device and the mount point. 4285Assuming that the 4286.Xr md 4 4287device is 4288.Li md0 , 4289one could set the following: 4290.Bd -literal 4291mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4292.Ed 4293.It Va autobridge_interfaces 4294.Pq Vt str 4295Set to the list of bridge interfaces that will have newly arriving interfaces 4296checked against to be automatically added. 4297If not set to 4298.Dq Li NO 4299then for each whitespace separated 4300.Ar element 4301in the value, a 4302.Va autobridge_ Ns Aq Ar element 4303variable is assumed to exist which has a whitespace separated list of interface 4304names to match, these names can use wildcards. 4305For example: 4306.Bd -literal 4307autobridge_interfaces="bridge0" 4308autobridge_bridge0="tap* dc0 vlan[345]" 4309.Ed 4310.It Va mixer_enable 4311.Pq Vt bool 4312If set to 4313.Dq Li YES , 4314enable support for sound mixer. 4315.It Va hcsecd_enable 4316.Pq Vt bool 4317If set to 4318.Dq Li YES , 4319enable Bluetooth security daemon. 4320.It Va hcsecd_config 4321.Pq Vt str 4322Configuration file for 4323.Xr hcsecd 8 . 4324Default 4325.Pa /etc/bluetooth/hcsecd.conf . 4326.It Va sdpd_enable 4327.Pq Vt bool 4328If set to 4329.Dq Li YES , 4330enable Bluetooth Service Discovery Protocol daemon. 4331.It Va sdpd_control 4332.Pq Vt str 4333Path to 4334.Xr sdpd 8 4335control socket. 4336Default 4337.Pa /var/run/sdp . 4338.It Va sdpd_groupname 4339.Pq Vt str 4340Sets 4341.Xr sdpd 8 4342group to run as after it initializes. 4343Default 4344.Dq Li nobody . 4345.It Va sdpd_username 4346.Pq Vt str 4347Sets 4348.Xr sdpd 8 4349user to run as after it initializes. 4350Default 4351.Dq Li nobody . 4352.It Va bthidd_enable 4353.Pq Vt bool 4354If set to 4355.Dq Li YES , 4356enable Bluetooth Human Interface Device daemon. 4357.It Va bthidd_config 4358.Pq Vt str 4359Configuration file for 4360.Xr bthidd 8 . 4361Default 4362.Pa /etc/bluetooth/bthidd.conf . 4363.It Va bthidd_hids 4364.Pq Vt str 4365Path to a file, where 4366.Xr bthidd 8 4367will store information about known HID devices. 4368Default 4369.Pa /var/db/bthidd.hids . 4370.It Va rfcomm_pppd_server_enable 4371.Pq Vt bool 4372If set to 4373.Dq Li YES , 4374enable Bluetooth RFCOMM PPP wrapper daemon. 4375.It Va rfcomm_pppd_server_profile 4376.Pq Vt str 4377The name of the profile to use from 4378.Pa /etc/ppp/ppp.conf . 4379Multiple profiles can be specified here. 4380Also used to specify per-profile overrides. 4381When the profile name contains any of the characters 4382.Dq Li .-/+ 4383they are translated to 4384.Dq Li _ 4385for the proposes of the override variable names. 4386.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4387.Pq Vt str 4388Overrides local address to listen on. 4389By default 4390.Xr rfcomm_pppd 8 4391will listen on 4392.Dq Li ANY 4393address. 4394The address can be specified as BD_ADDR or name. 4395.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4396.Pq Vt str 4397Overrides local RFCOMM channel to listen on. 4398By default 4399.Xr rfcomm_pppd 8 4400will listen on RFCOMM channel 1. 4401Must set properly if multiple profiles used in the same time. 4402.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4403.Pq Vt bool 4404Tells 4405.Xr rfcomm_pppd 8 4406if it should register Serial Port service on the specified RFCOMM channel. 4407Default 4408.Dq Li NO . 4409.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4410.Pq Vt bool 4411Tells 4412.Xr rfcomm_pppd 8 4413if it should register Dial-Up Networking service on the specified 4414RFCOMM channel. 4415Default 4416.Dq Li NO . 4417.It Va ubthidhci_enable 4418.Pq Vt bool 4419If set to 4420.Dq Li YES , 4421change the USB Bluetooth controller from HID mode to HCI mode. 4422You also need to specify the location of USB Bluetooth controller with the 4423.Va ubthidhci_busnum 4424and 4425.Va ubthidhci_addr 4426variables. 4427.It Va ubthidhci_busnum 4428Bus number where the USB Bluetooth controller is located. 4429Check the output of 4430.Xr usbconfig 8 4431on your system to find this information. 4432.It Va ubthidhci_addr 4433Bus address of the USB Bluetooth controller. 4434Check the output of 4435.Xr usbconfig 8 4436on your system to find this information. 4437.It Va netwait_enable 4438.Pq Vt bool 4439If set to 4440.Dq Li YES , 4441delays the start of network-reliant services until 4442.Va netwait_if 4443is up and ICMP packets to a destination defined in 4444.Va netwait_ip 4445are flowing. 4446Link state is examined first, followed by 4447.Dq Li pinging 4448an IP address to verify network usability. 4449If no destination can be reached or timeouts are exceeded, 4450network services are started anyway with no guarantee that 4451the network is usable. 4452Use of this variable requires both 4453.Va netwait_ip 4454and 4455.Va netwait_if 4456to be set. 4457.It Va netwait_ip 4458.Pq Vt str 4459Empty by default. 4460This variable contains a space-delimited list of IP addresses to 4461.Xr ping 8 . 4462DNS hostnames should not be used as resolution is not guaranteed 4463to be functional at this point. 4464If multiple IP addresses are specified, 4465each will be tried until one is successful or the list is exhausted. 4466.It Va netwait_timeout 4467.Pq Vt int 4468Indicates the total number of seconds to perform a 4469.Dq Li ping 4470against each IP address in 4471.Va netwait_ip , 4472at a rate of one ping per second. 4473If any of the pings are successful, 4474full network connectivity is considered reliable. 4475The default is 60. 4476.It Va netwait_if 4477.Pq Vt str 4478Empty by default. 4479Defines the name of the network interface on which watch for link. 4480.Xr ifconfig 8 4481is used to monitor the interface, looking for 4482.Dq Li status: no carrier . 4483Once gone, the link is considered up. 4484This can be a 4485.Xr vlan 4 4486interface if desired. 4487.It Va netwait_if_timeout 4488.Pq Vt int 4489Defines the total number of seconds to wait for link to become usable, 4490polled at a 1-second interval. 4491The default is 30. 4492.It Va rctl_enable 4493.Pq Vt bool 4494If set to 4495.Dq Li YES , 4496load 4497.Xr rctl 8 4498rules from the defined ruleset. 4499The kernel must be built with 4500.Cd "options RACCT" 4501and 4502.Cd "options RCTL" . 4503.It Va rctl_rules 4504.Pq Vt str 4505Set to 4506.Pa /etc/rctl.conf 4507by default. 4508This variables contains the 4509.Xr rctl.conf 5 4510ruleset to load for 4511.Xr rctl 8 . 4512.It Va iovctl_files 4513.Pq Vt str 4514A space-separated list of configuration files used by 4515.Xr iovctl 8 . 4516The default value is an empty string. 4517.It Va autofs_enable 4518.Pq Vt bool 4519If set to 4520.Dq Li YES , 4521start the 4522.Xr automount 8 4523utility and the 4524.Xr automountd 8 4525and 4526.Xr autounmountd 8 4527daemons at boot time. 4528.It Va automount_flags 4529.Pq Vt str 4530If 4531.Va autofs_enable 4532is set to 4533.Dq Li YES , 4534these are the flags to pass to the 4535.Xr automount 8 4536program. 4537By default no flags are passed. 4538.It Va automountd_flags 4539.Pq Vt str 4540If 4541.Va autofs_enable 4542is set to 4543.Dq Li YES , 4544these are the flags to pass to the 4545.Xr automountd 8 4546daemon. 4547By default no flags are passed. 4548.It Va autounmountd_flags 4549.Pq Vt str 4550If 4551.Va autofs_enable 4552is set to 4553.Dq Li YES , 4554these are the flags to pass to the 4555.Xr autounmountd 8 4556daemon. 4557By default no flags are passed. 4558.It Va ctld_enable 4559.Pq Vt bool 4560If set to 4561.Dq Li YES , 4562start the 4563.Xr ctld 8 4564daemon at boot time. 4565.It Va iscsid_enable 4566.Pq Vt bool 4567If set to 4568.Dq Li YES , 4569start the 4570.Xr iscsid 8 4571daemon at boot time. 4572.It Va iscsictl_enable 4573.Pq Vt bool 4574If set to 4575.Dq Li YES , 4576start the 4577.Xr iscsictl 8 4578utility at boot time. 4579.It Va iscsictl_flags 4580.Pq Vt str 4581If 4582.Va iscsictl_enable 4583is set to 4584.Dq Li YES , 4585these are the flags to pass to the 4586.Xr iscsictl 8 4587program. 4588The default is 4589.Dq Li -Aa , 4590which configures sessions based on the 4591.Pa /etc/iscsi.conf 4592configuration file. 4593.It Va cfumass_enable 4594.Pq Vt bool 4595If set to 4596.Dq Li YES , 4597create and export an USB LUN using 4598.Xr cfumass 4 4599at boot time. 4600.It Va cfumass_dir 4601.Pq Vt str 4602The directory where the files exported by USB LUN are located. 4603The default directory is 4604.Pa /var/cfumass . 4605.It Va service_delete_empty 4606.Pq Vt bool 4607If set to 4608.Dq Li YES , 4609.Ql Li service delete 4610removes empty 4611.Dq Li rc.conf.d 4612files. 4613.It Va zfs_bootonce_activate 4614.Pq Vt bool 4615If set to 4616.Dq Li YES , 4617and a boot environment marked bootonce is successfully booted, 4618it will be made permanently active. 4619.El 4620.Sh FILES 4621.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4622.It Pa /etc/defaults/rc.conf 4623.It Pa /etc/defaults/vendor.conf 4624.It Pa /etc/rc.conf 4625.It Pa /etc/rc.conf.local 4626.El 4627.Sh SEE ALSO 4628.Xr chmod 1 , 4629.Xr gdb 1 , 4630.Xr info 1 , 4631.Xr kbdcontrol 1 , 4632.Xr sh 1 , 4633.Xr vi 1 , 4634.Xr vidcontrol 1 , 4635.Xr bridge 4 , 4636.Xr dummynet 4 , 4637.Xr ip 4 , 4638.Xr ipf 4 , 4639.Xr ipfw 4 , 4640.Xr ipnat 4 , 4641.Xr kld 4 , 4642.Xr pf 4 , 4643.Xr pflog 4 , 4644.Xr pfsync 4 , 4645.Xr tcp 4 , 4646.Xr udp 4 , 4647.Xr exports 5 , 4648.Xr fstab 5 , 4649.Xr ipf 5 , 4650.Xr ipnat 5 , 4651.Xr jail.conf 5 , 4652.Xr loader.conf 5 , 4653.Xr motd 5 , 4654.Xr newsyslog.conf 5 , 4655.Xr pf.conf 5 , 4656.Xr firewall 7 , 4657.Xr growfs 7 , 4658.Xr security 7 , 4659.Xr tuning 7 , 4660.Xr accton 8 , 4661.Xr amd 8 , 4662.Xr apm 8 , 4663.Xr bsdinstall 8 , 4664.Xr bthidd 8 , 4665.Xr chkprintcap 8 , 4666.Xr chown 8 , 4667.Xr cron 8 , 4668.Xr devfs 8 , 4669.Xr dhclient 8 , 4670.Xr ftpd 8 , 4671.Xr geli 8 , 4672.Xr hcsecd 8 , 4673.Xr ifconfig 8 , 4674.Xr inetd 8 , 4675.Xr iovctl 8 , 4676.Xr ipf 8 , 4677.Xr ipfw 8 , 4678.Xr ipnat 8 , 4679.Xr jail 8 , 4680.Xr kldxref 8 , 4681.Xr loader 8 , 4682.Xr lpd 8 , 4683.Xr makewhatis 8 , 4684.Xr mdconfig 8 , 4685.Xr mdmfs 8 , 4686.Xr mixer 8 , 4687.Xr mountd 8 , 4688.Xr moused 8 , 4689.Xr newfs 8 , 4690.Xr newsyslog 8 , 4691.Xr nfsd 8 , 4692.Xr ntpd 8 , 4693.Xr ntpdate 8 , 4694.Xr pfctl 8 , 4695.Xr pflogd 8 , 4696.Xr ping 8 , 4697.Xr powerd 8 , 4698.Xr quotacheck 8 , 4699.Xr quotaon 8 , 4700.Xr rc 8 , 4701.Xr rc.sendmail 8 , 4702.Xr rcorder 8 , 4703.Xr rfcomm_pppd 8 , 4704.Xr route 8 , 4705.Xr routed 8 , 4706.Xr rpc.lockd 8 , 4707.Xr rpc.statd 8 , 4708.Xr rpcbind 8 , 4709.Xr rwhod 8 , 4710.Xr savecore 8 , 4711.Xr sdpd 8 , 4712.Xr service 8 , 4713.Xr sshd 8 , 4714.Xr swapon 8 , 4715.Xr sysctl 8 , 4716.Xr syslogd 8 , 4717.Xr sysrc 8 , 4718.Xr unbound 8 , 4719.Xr usbconfig 8 , 4720.Xr wlandebug 8 , 4721.Xr yp 8 , 4722.Xr ypbind 8 , 4723.Xr ypserv 8 , 4724.Xr ypset 8 4725.Sh HISTORY 4726The 4727.Nm 4728file appeared in 4729.Fx 2.2.2 . 4730.Sh AUTHORS 4731.An Jordan K. Hubbard . 4732