1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd September 13, 2011 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility, 42.Xr sysinstall 8 . 43.Pp 44The purpose of 45.Nm 46is not to run commands or perform system startup actions 47directly. 48Instead, it is included by the 49various generic startup scripts in 50.Pa /etc 51which conditionalize their 52internal actions according to the settings found there. 53.Pp 54The 55.Pa /etc/rc.conf 56file is included from the file 57.Pa /etc/defaults/rc.conf , 58which specifies the default settings for all the available options. 59Options need only be specified in 60.Pa /etc/rc.conf 61when the system administrator wishes to override these defaults. 62The file 63.Pa /etc/rc.conf.local 64is used to override settings in 65.Pa /etc/rc.conf 66for historical reasons. 67In addition to 68.Pa /etc/rc.conf.local 69you can also place smaller configuration files for each 70.Xr rc 8 71script in the 72.Pa /etc/rc.conf.d 73directory, which will be included by the 74.Va load_rc_config 75function. 76For jail configurations you could use the file 77.Pa /etc/rc.conf.d/jail 78to store jail specific configuration options. 79Also see the 80.Va rc_conf_files 81variable below. 82.Pp 83Options are set with 84.Dq Ar name Ns Li = Ns Ar value 85assignments that use 86.Xr sh 1 87syntax. 88The following list provides a name and short description for each 89variable that can be set in the 90.Nm 91file: 92.Bl -tag -width indent-two 93.It Va rc_debug 94.Pq Vt bool 95If set to 96.Dq Li YES , 97enable output of debug messages from rc scripts. 98This variable can be helpful in diagnosing mistakes when 99editing or integrating new scripts. 100Beware that this produces copious output to the terminal and 101.Xr syslog 3 . 102.It Va rc_info 103.Pq Vt bool 104If set to 105.Dq Li NO , 106disable informational messages from the rc scripts. 107Informational messages are displayed when 108a condition that is not serious enough to warrant a warning or 109an error occurs. 110.It Va rc_startmsgs 111.Pq Vt bool 112If set to 113.Dq Li YES , 114show 115.Dq Starting foo: 116when faststart is used (e.g., at boot time). 117.It Va early_late_divider 118.Pq Vt str 119The name of the script that should be used as the 120delimiter between the 121.Dq early 122and 123.Dq late 124stages of the boot process. 125The early stage should contain all the services needed to 126get the disks (local or remote) mounted so that the late 127stage can include scripts contained in the directories 128listed in the 129.Va local_startup 130variable (see below). 131Thus, the two likely candidates for this value are 132.Pa mountcritlocal 133for the typical system, and 134.Pa mountcritremote 135if the system needs remote file 136systems mounted to get access to the 137.Va local_startup 138directories; for example when 139.Pa /usr/local 140is NFS mounted. 141For 142.Pa rc.conf 143within a 144.Xr jail 8 145.Pa NETWORKING 146is likely to be an appropriate value. 147Extreme care should be taken when changing this value, 148and before changing it one should ensure that there are 149adequate provisions to recover from a failed boot 150(such as physical contact with the machine, 151or reliable remote console access). 152.It Va swapfile 153.Pq Vt str 154If set to 155.Dq Li NO , 156no swapfile is installed, otherwise the value is used as the full 157pathname to a file to use for additional swap space. 158.It Va apm_enable 159.Pq Vt bool 160If set to 161.Dq Li YES , 162enable support for Automatic Power Management with 163the 164.Xr apm 8 165command. 166.It Va apmd_enable 167.Pq Vt bool 168Run 169.Xr apmd 8 170to handle APM event from userland. 171This also enables support for APM. 172.It Va apmd_flags 173.Pq Vt str 174If 175.Va apmd_enable 176is set to 177.Dq Li YES , 178these are the flags to pass to the 179.Xr apmd 8 180daemon. 181.It Va devd_enable 182.Pq Vt bool 183Run 184.Xr devd 8 185to handle device added, removed or unknown events from the kernel. 186.It Va ddb_enable 187.Pq Vt bool 188Run 189.Xr ddb 8 190to install 191.Xr ddb 4 192scripts at boot time. 193.It Va ddb_config 194.Pq Vt str 195Configuration file for 196.Xr ddb 8 . 197Default 198.Pa /etc/ddb.conf . 199.It Va kld_list 200.Pq Vt str 201A list of kernel modules to load right after the local 202disks are mounted. 203Loading modules at this point in the boot process is 204much faster than doing it via 205.Pa /boot/loader.conf 206for those modules not necessary for mounting local disk. 207.It Va kldxref_enable 208.Pq Vt bool 209Set to 210.Dq Li NO 211by default. 212Set to 213.Dq Li YES 214to automatically rebuild 215.Pa linker.hints 216files with 217.Xr kldxref 8 218at boot time. 219.It Va kldxref_clobber 220.Pq Vt bool 221Set to 222.Dq Li NO 223by default. 224If 225.Va kldxref_enable 226is true, 227setting to 228.Dq Li YES 229will overwrite existing 230.Pa linker.hints 231files at boot time. 232Otherwise, 233only missing 234.Pa linker.hints 235files are generated. 236.It Va kldxref_module_path 237.Pq Vt str 238Empty by default. 239A semi-colon 240.Pq Ql \&; 241delimited list of paths containing 242.Xr kld 4 243modules. 244If empty, 245the contents of the 246.Va kern.module_path 247.Xr sysctl 8 248are used. 249.It Va powerd_enable 250.Pq Vt bool 251If set to 252.Dq Li YES , 253enable the system power control facility with the 254.Xr powerd 8 255daemon. 256.It Va powerd_flags 257.Pq Vt str 258If 259.Va powerd_enable 260is set to 261.Dq Li YES , 262these are the flags to pass to the 263.Xr powerd 8 264daemon. 265.It Va tmpmfs 266Controls the creation of a 267.Pa /tmp 268memory file system. 269Always happens if set to 270.Dq Li YES 271and never happens if set to 272.Dq Li NO . 273If set to anything else, a memory file system is created if 274.Pa /tmp 275is not writable. 276.It Va tmpsize 277Controls the size of a created 278.Pa /tmp 279memory file system. 280.It Va tmpmfs_flags 281Extra options passed to the 282.Xr mdmfs 8 283utility when the memory file system for 284.Pa /tmp 285is created. 286The default is 287.Dq Li "-S" , 288which inhibits the use of softupdates on 289.Pa /tmp 290so that file system space is freed without delay 291after file truncation or deletion. 292See 293.Xr mdmfs 8 294for other options you can use in 295.Va tmpmfs_flags . 296.It Va varmfs 297Controls the creation of a 298.Pa /var 299memory file system. 300Always happens if set to 301.Dq Li YES 302and never happens if set to 303.Dq Li NO . 304If set to anything else, a memory file system is created if 305.Pa /var 306is not writable. 307.It Va varsize 308Controls the size of a created 309.Pa /var 310memory file system. 311.It Va varmfs_flags 312Extra options passed to the 313.Xr mdmfs 8 314utility when the memory file system for 315.Pa /var 316is created. 317The default is 318.Dq Li "-S" , 319which inhibits the use of softupdates on 320.Pa /var 321so that file system space is freed without delay 322after file truncation or deletion. 323See 324.Xr mdmfs 8 325for other options you can use in 326.Va varmfs_flags . 327.It Va populate_var 328Controls the automatic population of the 329.Pa /var 330file system. 331Always happens if set to 332.Dq Li YES 333and never happens if set to 334.Dq Li NO . 335If set to anything else, a memory file system is created if 336.Pa /var 337is not writable. 338Note that this process requires access to certain commands in 339.Pa /usr 340before 341.Pa /usr 342is mounted on normal systems. 343.It Va cleanvar_enable 344.Pq Vt bool 345Clean the 346.Pa /var 347directory. 348.It Va local_startup 349.Pq Vt str 350List of directories to search for startup script files. 351.It Va script_name_sep 352.Pq Vt str 353The field separator to use for breaking down the list of startup script files 354into individual filenames. 355The default is a space. 356It is not necessary to change this unless there are startup scripts with names 357containing spaces. 358.It Va hostapd_enable 359.Pq Vt bool 360Set to 361.Dq Li YES 362to start 363.Xr hostapd 8 364at system boot time. 365.It Va hostname 366.Pq Vt str 367The fully qualified domain name (FQDN) of this host on the network. 368This should almost certainly be set to something meaningful, even if 369there is no network connection. 370If 371.Xr dhclient 8 372is used to set the hostname via DHCP, 373this variable should be set to an empty string. 374If this value remains unset when the system is done booting 375your console login will display the default hostname of 376.Dq Amnesiac. 377.It Va nisdomainname 378.Pq Vt str 379The NIS domain name of this host, or 380.Dq Li NO 381if NIS is not used. 382.It Va dhclient_program 383.Pq Vt str 384Path to the DHCP client program 385.Pa ( /sbin/dhclient , 386the 387.Ox 388DHCP client, 389is the default). 390.It Va dhclient_flags 391.Pq Vt str 392Additional flags to pass to the DHCP client program. 393For the 394.Ox 395DHCP client, see the 396.Xr dhclient 8 397manpage for a description of the command line options available. 398.It Va dhclient_flags_ Ns Aq Ar iface 399Additional flags to pass to the DHCP client program running on 400.Ar iface 401only. 402When specified, this variable overrides 403.Va dhclient_flags . 404.It Va background_dhclient 405.Pq Vt bool 406Set to 407.Dq Li YES 408to start the DHCP client in background. 409This can cause trouble with applications depending on 410a working network, but it will provide a faster startup 411in many cases. 412.It Va background_dhclient_ Ns Aq Ar iface 413When specified, this variable overrides the 414.Va background_dhclient 415variable for interface 416.Ar iface 417only. 418.It Va synchronous_dhclient 419.Pq Vt bool 420Set to 421.Dq Li YES 422to start 423.Xr dhclient 8 424synchronously at startup. 425This behavior can be overridden on a per-interface basis by replacing 426the 427.Dq Li DHCP 428keyword in the 429.Va ifconfig_ Ns Aq Ar interface 430variable with 431.Dq Li SYNCDHCP 432or 433.Dq Li NOSYNCDHCP . 434.It Va defaultroute_delay 435.Pq Vt int 436When set to a positive value, wait up to this long after configuring 437DHCP interfaces at startup to give the interfaces time to receive a lease. 438.It Va firewall_enable 439.Pq Vt bool 440Set to 441.Dq Li YES 442to load firewall rules at startup. 443If the kernel was not built with 444.Cd "options IPFIREWALL" , 445the 446.Pa ipfw.ko 447kernel module will be loaded. 448See also 449.Va ipfilter_enable . 450.It Va firewall_script 451.Pq Vt str 452This variable specifies the full path to the firewall script to run. 453The default is 454.Pa /etc/rc.firewall . 455.It Va firewall_type 456.Pq Vt str 457Names the firewall type from the selection in 458.Pa /etc/rc.firewall , 459or the file which contains the local firewall ruleset. 460Valid selections from 461.Pa /etc/rc.firewall 462are: 463.Pp 464.Bl -tag -width ".Li simple" -compact 465.It Li open 466unrestricted IP access 467.It Li closed 468all IP services disabled, except via 469.Dq Li lo0 470.It Li client 471basic protection for a workstation 472.It Li simple 473basic protection for a LAN. 474.El 475.Pp 476If a filename is specified, the full path 477must be given. 478.It Va firewall_quiet 479.Pq Vt bool 480Set to 481.Dq Li YES 482to disable the display of firewall rules on the console during boot. 483.It Va firewall_logging 484.Pq Vt bool 485Set to 486.Dq Li YES 487to enable firewall event logging. 488This is equivalent to the 489.Dv IPFIREWALL_VERBOSE 490kernel option. 491.It Va firewall_flags 492.Pq Vt str 493Flags passed to 494.Xr ipfw 8 495if 496.Va firewall_type 497specifies a filename. 498.It Va firewall_coscripts 499.Pq Vt str 500List of executables and/or rc scripts to run after firewall starts/stops. 501Default is empty. 502.\" ----- firewall_nat_enable setting -------------------------------- 503.It Va firewall_nat_enable 504.Pq Vt bool 505The 506.Xr ipfw 8 507equivalent of 508.Va natd_enable . 509Setting this to 510.Dq Li YES 511enables kernel NAT. 512.Va firewall_enable 513must also be set to 514.Dq Li YES . 515.It Va firewall_nat_interface 516.Pq Vt str 517The 518.Xr ipfw 8 519equivalent of 520.Va natd_interface . 521This is the name of the public interface or IP address on which 522kernel NAT should run. 523.It Va firewall_nat_flags 524.Pq Vt str 525Additional configuration parameters for kernel NAT should be placed here. 526.It Va dummynet_enable 527.Pq Vt bool 528Setting this to 529.Dq Li YES 530will automatically load the 531.Xr dummynet 4 532module if 533.Va firewall_enable 534is also set to 535.Dq Li YES . 536.\" ------------------------------------------------------------------- 537.It Va natd_program 538.Pq Vt str 539Path to 540.Xr natd 8 . 541.It Va natd_enable 542.Pq Vt bool 543Set to 544.Dq Li YES 545to enable 546.Xr natd 8 . 547.Va firewall_enable 548must also be set to 549.Dq Li YES , 550and 551.Xr divert 4 552sockets must be enabled in the kernel. 553If the kernel was not built with 554.Cd "options IPDIVERT" , 555the 556.Pa ipdivert.ko 557kernel module will be loaded. 558.It Va natd_interface 559.Pq Vt str 560This is the name of the public interface on which 561.Xr natd 8 562should run. 563The interface may be given as an interface name or as an IP address. 564.It Va natd_flags 565.Pq Vt str 566Additional 567.Xr natd 8 568flags should be placed here. 569The 570.Fl n 571or 572.Fl a 573flag is automatically added with the above 574.Va natd_interface 575as an argument. 576.\" ----- ipfilter_enable setting -------------------------------- 577.It Va ipfilter_enable 578.Pq Vt bool 579Set to 580.Dq Li NO 581by default. 582Setting this to 583.Dq Li YES 584enables 585.Xr ipf 8 586packet filtering. 587.Pp 588Typical usage will require putting 589.Bd -literal 590ipfilter_enable="YES" 591ipnat_enable="YES" 592ipmon_enable="YES" 593ipfs_enable="YES" 594.Ed 595.Pp 596into 597.Pa /etc/rc.conf 598and editing 599.Pa /etc/ipf.rules 600and 601.Pa /etc/ipnat.rules 602appropriately. 603.Pp 604Note that 605.Va ipfilter_enable 606and 607.Va ipnat_enable 608can be enabled independently. 609.Va ipmon_enable 610and 611.Va ipfs_enable 612both require at least one of 613.Va ipfilter_enable 614and 615.Va ipnat_enable 616to be enabled. 617.Pp 618Having 619.Bd -literal 620options IPFILTER 621options IPFILTER_LOG 622options IPFILTER_DEFAULT_BLOCK 623.Ed 624.Pp 625in the kernel configuration file is a good idea, too. 626.\" ----- ipfilter_program setting ------------------------------ 627.It Va ipfilter_program 628.Pq Vt str 629Path to 630.Xr ipf 8 631(default 632.Pa /sbin/ipf ) . 633.\" ----- ipfilter_rules setting -------------------------------- 634.It Va ipfilter_rules 635.Pq Vt str 636Set to 637.Pa /etc/ipf.rules 638by default. 639This variable contains the name of the filter rule definition file. 640The file is expected to be readable for the 641.Xr ipf 8 642command to execute. 643.\" ----- ipv6_ipfilter_rules setting --------------------------- 644.It Va ipv6_ipfilter_rules 645.Pq Vt str 646Set to 647.Pa /etc/ipf6.rules 648by default. 649This variable contains the IPv6 filter rule definition file. 650The file is expected to be readable for the 651.Xr ipf 8 652command to execute. 653.\" ----- ipfilter_flags setting -------------------------------- 654.It Va ipfilter_flags 655.Pq Vt str 656Empty by default. 657This variable contains flags passed to the 658.Xr ipf 8 659program. 660.\" ----- ipnat_enable setting ---------------------------------- 661.It Va ipnat_enable 662.Pq Vt bool 663Set to 664.Dq Li NO 665by default. 666Set it to 667.Dq Li YES 668to enable 669.Xr ipnat 8 670network address translation. 671See 672.Va ipfilter_enable 673for a detailed discussion. 674.\" ----- ipnat_program setting --------------------------------- 675.It Va ipnat_program 676.Pq Vt str 677Path to 678.Xr ipnat 8 679(default 680.Pa /sbin/ipnat ) . 681.\" ----- ipnat_rules setting ----------------------------------- 682.It Va ipnat_rules 683.Pq Vt str 684Set to 685.Pa /etc/ipnat.rules 686by default. 687This variable contains the name of the file 688holding the network address translation definition. 689This file is expected to be readable for the 690.Xr ipnat 8 691command to execute. 692.\" ----- ipnat_flags setting ----------------------------------- 693.It Va ipnat_flags 694.Pq Vt str 695Empty by default. 696This variable contains flags passed to the 697.Xr ipnat 8 698program. 699.\" ----- ipmon_enable setting ---------------------------------- 700.It Va ipmon_enable 701.Pq Vt bool 702Set to 703.Dq Li NO 704by default. 705Set it to 706.Dq Li YES 707to enable 708.Xr ipmon 8 709monitoring (logging 710.Xr ipf 8 711and 712.Xr ipnat 8 713events). 714Setting this variable needs setting 715.Va ipfilter_enable 716or 717.Va ipnat_enable 718too. 719See 720.Va ipfilter_enable 721for a detailed discussion. 722.\" ----- ipmon_program setting --------------------------------- 723.It Va ipmon_program 724.Pq Vt str 725Path to 726.Xr ipmon 8 727(default 728.Pa /sbin/ipmon ) . 729.\" ----- ipmon_flags setting ----------------------------------- 730.It Va ipmon_flags 731.Pq Vt str 732Set to 733.Dq Li -Ds 734by default. 735This variable contains flags passed to the 736.Xr ipmon 8 737program. 738Another typical example would be 739.Dq Fl D Pa /var/log/ipflog 740to have 741.Xr ipmon 8 742log directly to a file bypassing 743.Xr syslogd 8 . 744Make sure to adjust 745.Pa /etc/newsyslog.conf 746in such case like this: 747.Bd -literal 748/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 749.Ed 750.\" ----- ipfs_enable setting ----------------------------------- 751.It Va ipfs_enable 752.Pq Vt bool 753Set to 754.Dq Li NO 755by default. 756Set it to 757.Dq Li YES 758to enable 759.Xr ipfs 8 760saving the filter and NAT state tables during shutdown 761and reloading them during startup again. 762Setting this variable needs setting 763.Va ipfilter_enable 764or 765.Va ipnat_enable 766to 767.Dq Li YES 768too. 769See 770.Va ipfilter_enable 771for a detailed discussion. 772Note that if 773.Va kern_securelevel 774is set to 3, 775.Va ipfs_enable 776cannot be used 777because the raised securelevel will prevent 778.Xr ipfs 8 779from saving the state tables at shutdown time. 780.\" ----- ipfs_program setting ---------------------------------- 781.It Va ipfs_program 782.Pq Vt str 783Path to 784.Xr ipfs 8 785(default 786.Pa /sbin/ipfs ) . 787.\" ----- ipfs_flags setting ------------------------------------ 788.It Va ipfs_flags 789.Pq Vt str 790Empty by default. 791This variable contains flags passed to the 792.Xr ipfs 8 793program. 794.\" ----- end of added ipf hook --------------------------------- 795.It Va pf_enable 796.Pq Vt bool 797Set to 798.Dq Li NO 799by default. 800Setting this to 801.Dq Li YES 802enables 803.Xr pf 4 804packet filtering. 805.Pp 806Typical usage will require putting 807.Pp 808.Dl pf_enable="YES" 809.Pp 810into 811.Pa /etc/rc.conf 812and editing 813.Pa /etc/pf.conf 814appropriately. 815Adding 816.Pp 817.Dl "device pf" 818.Pp 819builds support for 820.Xr pf 4 821into the kernel, otherwise the 822kernel module will be loaded. 823.It Va pf_rules 824.Pq Vt str 825Path to 826.Xr pf 4 827ruleset configuration file 828(default 829.Pa /etc/pf.conf ) . 830.It Va pf_program 831.Pq Vt str 832Path to 833.Xr pfctl 8 834(default 835.Pa /sbin/pfctl ) . 836.It Va pf_flags 837.Pq Vt str 838If 839.Va pf_enable 840is set to 841.Dq Li YES , 842these flags are passed to the 843.Xr pfctl 8 844program when loading the ruleset. 845.It Va pflog_enable 846.Pq Vt bool 847Set to 848.Dq Li NO 849by default. 850Setting this to 851.Dq Li YES 852enables 853.Xr pflogd 8 854which logs packets from the 855.Xr pf 4 856packet filter. 857.It Va pflog_logfile 858.Pq Vt str 859If 860.Va pflog_enable 861is set to 862.Dq Li YES 863this controls where 864.Xr pflogd 8 865stores the logfile 866(default 867.Pa /var/log/pflog ) . 868Check 869.Pa /etc/newsyslog.conf 870to adjust logfile rotation for this. 871.It Va pflog_program 872.Pq Vt str 873Path to 874.Xr pflogd 8 875(default 876.Pa /sbin/pflogd ) . 877.It Va pflog_flags 878.Pq Vt str 879Empty by default. 880This variable contains additional flags passed to the 881.Xr pflogd 8 882program. 883.It Va ftpproxy_enable 884.Pq Vt bool 885Set to 886.Dq Li NO 887by default. 888Setting this to 889.Dq Li YES 890enables 891.Xr ftp-proxy 8 892which supports the 893.Xr pf 4 894packet filter in translating ftp connections. 895.It Va ftpproxy_flags 896.Pq Vt str 897Empty by default. 898This variable contains additional flags passed to the 899.Xr ftp-proxy 8 900program. 901.It Va pfsync_enable 902.Pq Vt bool 903Set to 904.Dq Li NO 905by default. 906Setting this to 907.Dq Li YES 908enables exposing 909.Xr pf 4 910state changes to other hosts over the network by means of 911.Xr pfsync 4 . 912The 913.Va pfsync_syncdev 914variable 915must also be set then. 916.It Va pfsync_syncdev 917.Pq Vt str 918Empty by default. 919This variable specifies the name of the network interface 920.Xr pfsync 4 921should operate through. 922It must be set accordingly if 923.Va pfsync_enable 924is set to 925.Dq Li YES . 926.It Va pfsync_syncpeer 927.Pq Vt str 928Empty by default. 929This variable is optional. 930By default, state change messages are sent out on the synchronisation 931interface using IP multicast packets. 932The protocol is IP protocol 240, PFSYNC, and the multicast group used is 933224.0.0.240. 934When a peer address is specified using the 935.Va pfsync_syncpeer 936option, the peer address is used as a destination for the pfsync 937traffic, and the traffic can then be protected using 938.Xr ipsec 4 . 939See the 940.Xr pfsync 4 941manpage for more details about using 942.Xr ipsec 4 943with 944.Xr pfsync 4 945interfaces. 946.It Va pfsync_ifconfig 947.Pq Vt str 948Empty by default. 949This variable can contain additional options to be passed to the 950.Xr ifconfig 8 951command used to set up 952.Xr pfsync 4 . 953.It Va tcp_extensions 954.Pq Vt bool 955Set to 956.Dq Li YES 957by default. 958Setting this to 959.Dq Li NO 960disables certain TCP options as described by 961.Rs 962.%T "RFC 1323" 963.Re 964Setting this to 965.Dq Li NO 966might help remedy such problems with connections as randomly hanging 967or other weird behavior. 968Some network devices are known 969to be broken with respect to these options. 970.It Va log_in_vain 971.Pq Vt int 972Set to 0 by default. 973The 974.Xr sysctl 8 975variables, 976.Va net.inet.tcp.log_in_vain 977and 978.Va net.inet.udp.log_in_vain , 979as described in 980.Xr tcp 4 981and 982.Xr udp 4 , 983are set to the given value. 984.It Va tcp_keepalive 985.Pq Vt bool 986Set to 987.Dq Li YES 988by default. 989Setting to 990.Dq Li NO 991will disable probing idle TCP connections to verify that the 992peer is still up and reachable. 993.It Va tcp_drop_synfin 994.Pq Vt bool 995Set to 996.Dq Li NO 997by default. 998Setting to 999.Dq Li YES 1000will cause the kernel to ignore TCP frames that have both 1001the SYN and FIN flags set. 1002This prevents OS fingerprinting, but may 1003break some legitimate applications. 1004.It Va icmp_drop_redirect 1005.Pq Vt bool 1006Set to 1007.Dq Li NO 1008by default. 1009Setting to 1010.Dq Li YES 1011will cause the kernel to ignore ICMP REDIRECT packets. 1012Refer to 1013.Xr icmp 4 1014for more information. 1015.It Va icmp_log_redirect 1016.Pq Vt bool 1017Set to 1018.Dq Li NO 1019by default. 1020Setting to 1021.Dq Li YES 1022will cause the kernel to log ICMP REDIRECT packets. 1023Note that 1024the log messages are not rate-limited, so this option should only be used 1025for troubleshooting networks. 1026Refer to 1027.Xr icmp 4 1028for more information. 1029.It Va icmp_bmcastecho 1030.Pq Vt bool 1031Set to 1032.Dq Li YES 1033to respond to broadcast or multicast ICMP ping packets. 1034Refer to 1035.Xr icmp 4 1036for more information. 1037.It Va ip_portrange_first 1038.Pq Vt int 1039If not set to 1040.Dq Li NO , 1041this is the first port in the default portrange. 1042Refer to 1043.Xr ip 4 1044for more information. 1045.It Va ip_portrange_last 1046.Pq Vt int 1047If not set to 1048.Dq Li NO , 1049this is the last port in the default portrange. 1050Refer to 1051.Xr ip 4 1052for more information. 1053.It Va network_interfaces 1054.Pq Vt str 1055Set to the list of network interfaces to configure on this host or 1056.Dq Li AUTO 1057(the default) for all current interfaces. 1058Setting the 1059.Va network_interfaces 1060variable to anything other than the default is deprecated. 1061Interfaces that the administrator wishes to store configuration for, 1062but not start at boot should be configured with the 1063.Dq Li NOAUTO 1064keyword in their 1065.Va ifconfig_ Ns Aq Ar interface 1066variables as described below. 1067.Pp 1068An 1069.Va ifconfig_ Ns Aq Ar interface 1070variable is also assumed to exist for each value of 1071.Ar interface . 1072When an interface name contains any of the characters 1073.Dq Li .-/+ 1074they are translated to 1075.Dq Li _ 1076before lookup. 1077The variable can contain arguments to 1078.Xr ifconfig 8 , 1079as well as special case-insensitive keywords described below. 1080Such keywords are removed before passing the value to 1081.Xr ifconfig 8 1082while the order of the other arguments is preserved. 1083.Pp 1084One can configure more than one IPv4 address with the 1085.Va ipv4_addrs_ Ns Aq Ar interface 1086variable. 1087One or more IP addresses must be provided in Classless Inter-Domain 1088Routing (CIDR) address notation, whose last byte can be a range like 1089192.0.2.5-23/24. 1090In this case the address 192.0.2.5 will be configured with the 1091netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1092the non-conflicting netmask /32 as explained in the 1093.Xr ifconfig 8 1094alias section. 1095With the interface in question being 1096.Li ed0 , 1097an example could look like: 1098.Bd -literal 1099ipv4_addrs_ed0="192.0.2.129/27 192.0.2.1-5/28" 1100.Ed 1101.Pp 1102It is also possible to add IP alias entries using 1103.Xr ifconfig 8 1104syntax. 1105Assuming that the interface in question was 1106.Li ed0 , 1107it might look 1108something like this: 1109.Bd -literal 1110ifconfig_ed0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1111ifconfig_ed0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1112.Ed 1113.Pp 1114And so on. 1115For each 1116.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1117entry that is found, 1118its contents are passed to 1119.Xr ifconfig 8 . 1120Execution stops at the first unsuccessful access, so if 1121something like this is present: 1122.Bd -literal 1123ifconfig_ed0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1124ifconfig_ed0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1125ifconfig_ed0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1126ifconfig_ed0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1127.Ed 1128.Pp 1129Then note that alias4 would 1130.Em not 1131be added since the search would 1132stop with the missing 1133.Dq Li alias3 1134entry. 1135Due to this difficult to manage behavior, the 1136.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1137form is deprecated. 1138.Pp 1139If the 1140.Pa /etc/start_if. Ns Aq Ar interface 1141file is present, it is read and executed by the 1142.Xr sh 1 1143interpreter 1144before configuring the interface as specified in the 1145.Va ifconfig_ Ns Aq Ar interface 1146and 1147.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1148variables. 1149.Pp 1150If a 1151.Va vlans_ Ns Aq Ar interface 1152variable is set, 1153a 1154.Xr vlan 4 1155interface will be created for each item in the list with the 1156.Ar vlandev 1157argument set to 1158.Ar interface . 1159If a vlan interface's name is a number, 1160then that number is used as the vlan tag and the new vlan interface is 1161named 1162.Ar interface . Ns Ar tag . 1163Otherwise, 1164the vlan tag must be specified via a 1165.Va vlan 1166parameter in the 1167.Va create_args_ Ns Aq Ar interface 1168variable. 1169.Pp 1170To create a vlan device named 1171.Li em0.101 1172on 1173.Li em0 1174with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1175.Bd -literal 1176vlans_em0="101" 1177ifconfig_em0_101="inet 192.0.2.1/24" 1178.Ed 1179.Pp 1180To create a vlan device named 1181.Li myvlan 1182on 1183.Li em0 1184with the vlan tag 102: 1185.Bd -literal 1186vlans_em0="myvlan" 1187create_args_myvlan="vlan 102" 1188.Ed 1189.Pp 1190If a 1191.Va wlans_ Ns Aq Ar interface 1192variable is set, 1193an 1194.Xr wlan 4 1195interface will be created for each item in the list with the 1196.Ar wlandev 1197argument set to 1198.Ar interface . 1199Further wlan cloning arguments may be passed to the 1200.Xr ifconfig 8 1201.Cm create 1202command by setting the 1203.Va create_args_ Ns Aq Ar interface 1204variable. 1205One or more 1206.Xr wlan 4 1207devices must be created for each wireless devices as of 1208.Fx 8.0 . 1209Debugging flags for 1210.Xr wlan 4 1211devices as set by 1212.Xr wlandebug 8 1213may be specified with an 1214.Va wlandebug_ Ns Aq Ar interface 1215variable. 1216The contents of this variable will be passed directly to 1217.Xr wlandebug 8 . 1218.Pp 1219If the 1220.Va ifconfig_ Ns Aq Ar interface 1221contains the keyword 1222.Dq Li NOAUTO 1223then the interface will not be configured 1224at boot or by 1225.Pa /etc/pccard_ether 1226when 1227.Va network_interfaces 1228is set to 1229.Dq Li AUTO . 1230.Pp 1231It is possible to bring up an interface with DHCP by adding 1232.Dq Li DHCP 1233to the 1234.Va ifconfig_ Ns Aq Ar interface 1235variable. 1236For instance, to initialize the 1237.Li ed0 1238device via DHCP, 1239it is possible to use something like: 1240.Bd -literal 1241ifconfig_ed0="DHCP" 1242.Ed 1243.Pp 1244Also, if you want to configure your wireless interface with 1245.Xr wpa_supplicant 8 1246for use with WPA, EAP/LEAP or WEP, you need to add 1247.Dq Li WPA 1248to the 1249.Va ifconfig_ Ns Aq Ar interface 1250variable. 1251.Pp 1252Finally, you can add 1253.Xr ifconfig 8 1254options in this variable, in addition to the 1255.Pa /etc/start_if. Ns Aq Ar interface 1256file. 1257For instance, to configure an 1258.Xr ath 4 1259wireless device in station mode with an address obtained 1260via DHCP, using WPA authentication and 802.11b mode, it is 1261possible to use something like: 1262.Bd -literal 1263wlans_ath0="wlan0" 1264ifconfig_wlan0="DHCP WPA mode 11b" 1265.Ed 1266.Pp 1267In addition to the 1268.Va ifconfig_ Ns Aq Ar interface 1269form, a fallback variable 1270.Va ifconfig_DEFAULT 1271may be configured. 1272It will be used for all interfaces with no 1273.Va ifconfig_ Ns Aq Ar interface 1274variable. 1275This is intended to replace the no longer supported 1276.Va pccard_ifconfig 1277variable. 1278.Pp 1279It is also possible to rename an interface by doing: 1280.Bd -literal 1281ifconfig_ed0_name="net0" 1282ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1283.Ed 1284.It Va ipv6_enable 1285This variable is deprecated. 1286Use 1287.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1288and 1289.Va ipv6_activate_all_interfaces 1290if necessary. 1291.Pp 1292.Pq Vt bool 1293If the variable is 1294.Dq Li YES , 1295.Dq Li inet6 accept_rtadv 1296is added to all of 1297.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1298and the 1299.Va ipv6_activate_all_interfaces 1300is defined as 1301.Dq Li YES . 1302.It Va ipv6_prefer 1303This variable is deprecated. 1304Use 1305.Va ip6addrctl_policy 1306instead. 1307.Pp 1308.Pq Vt bool 1309If the variable is 1310.Dq Li YES , 1311the default address selection policy table set by 1312.Xr ip6addrctl 8 1313will be IPv6-preferred. 1314.Pp 1315If the variable is 1316.Dq Li NO , 1317the default address selection policy table set by 1318.Xr ip6addrctl 8 1319will be IPv4-preferred. 1320.It Va ipv6_activate_all_interfaces 1321.Pq Vt bool 1322This controls initial configuration on IPv6-capable 1323interfaces with no corresponding 1324.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1325variable. 1326Note that it is not always necessary to set this variable to 1327.Dq YES 1328to use IPv6 functionality on 1329.Fx . 1330In most cases, just configuring 1331.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1332variables works. 1333.Pp 1334If the variable is 1335.Dq Li NO , 1336all interfaces which do not have a corresponding 1337.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1338variable will be marked as 1339.Dq Li IFDISABLED 1340at creation. 1341This means that all of IPv6 functionality on that interface 1342is completely disabled to enforce a security policy. 1343If the variable is set to 1344.Dq YES , 1345the flag will be cleared on all of the interfaces. 1346.Pp 1347In most cases, just defining an 1348.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1349for an IPv6-capable interface should be sufficient. 1350However, if an interface is added dynamically 1351.Pq by some tunneling protocols such as PPP, for example , 1352it is often difficult to define the variable in advance. 1353In such a case, configuring the 1354.Dq Li IFDISABLED 1355flag can be disabled by setting this variable to 1356.Dq YES . 1357.Pp 1358For more details of the 1359.Dq Li IFDISABLED 1360flag and keywords 1361.Dq Li inet6 ifdisabled , 1362see 1363.Xr ifconfig 8 . 1364.Pp 1365Default is 1366.Dq Li NO . 1367.It Va ipv6_privacy 1368.Pq Vt bool 1369If the variable is 1370.Dq Li YES 1371privacy addresses will be generated for each IPv6 1372interface as described in RFC 4941. 1373.It Va ipv6_network_interfaces 1374.Pq Vt str 1375This is the IPv6 equivalent of 1376.Va network_interfaces . 1377Normally manual configuration of this variable is not needed. 1378.Pp 1379.It Va ipv6_cpe_wanif 1380.Pq Vt str 1381If the variable is set to an interface name, 1382the 1383.Xr ifconfig 8 1384options 1385.Dq inet6 -no_radr accept_rtadv 1386will be added to the specified interface automatically before evaluating 1387.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1388and two 1389.Xr sysctl 8 1390variables 1391.Va net.inet6.ip6.rfc6204w3 1392and 1393.Va net.inet6.ip6.no_radr 1394will be set to 1. 1395.Pp 1396This means the specified interface will accept ICMPv6 Router 1397Advertisement messages on that link and add the discovered 1398routers into the Default Router List. 1399While the other interfaces can still accept RA messages if the 1400.Dq inet6 accept_rtadv 1401option is specified, adding 1402routes into the Default Router List will be disabled by 1403.Dq inet6 no_radr 1404option by default. 1405See 1406.Xr ifconfig 8 1407for more details. 1408.Pp 1409Note that ICMPv6 Router Advertisement messages will be 1410accepted even when 1411.Va net.inet6.ip6.forwarding 1412is 1 1413.Pq packet fowarding is enabled 1414when 1415.Va net.inet6.ip6.rfc6204w3 1416is set to 1. 1417.Pp 1418Default is 1419.Dq Li NO . 1420.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1421.Pq Vt str 1422IPv6 functionality on an interface should be configured by 1423.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1424instead of setting ifconfig parameters in 1425.Va ifconfig_ Ns Aq Ar interface . 1426Aliases should be set by 1427.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1428with 1429.Dq Li inet6 1430keyword. For example: 1431.Bd -literal 1432ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1433ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1434.Ed 1435.Pp 1436Note that a link-local address will be automatically configured in 1437addition to the configured global-scope addresses because the IPv6 1438specifications require it on each link. 1439The address is calculated from the MAC address by using an algorithm 1440defined in 1441.Rs 1442.%T "RFC 4862" 1443.%O "Section 5.3" 1444.Re 1445.Pp 1446If only a link-local address is needed on the interface, 1447the following configuration can be used: 1448.Bd -literal 1449ifconfig_ed0_ipv6="inet6 auto_linklocal" 1450.Ed 1451.Pp 1452A link-local address can also be configured manually. 1453This is useful for the default router address of an IPv6 router 1454so that it does not change when the network interface 1455card is replaced. 1456For example: 1457.Bd -literal 1458ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64" 1459.Ed 1460.Pp 1461Interfaces that have an 1462.Dq Li inet6 accept_rtadv 1463keyword in 1464.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1465setting will be automatically configured by 1466.Xr rtsol 8 . 1467.It Va ipv6_prefix_ Ns Aq Ar interface 1468.Pq Vt str 1469If one or more prefixes are defined in 1470.Va ipv6_prefix_ Ns Aq Ar interface 1471addresses based on each prefix and the EUI-64 interface index will be 1472configured on that interface. 1473.It Va ipv6_default_interface 1474.Pq Vt str 1475If not set to 1476.Dq Li NO , 1477this is the default output interface for scoped addresses. 1478This works only with ipv6_gateway_enable="NO". 1479.It Va ip6addrctl_enable 1480.Pq Vt bool 1481This variable is to enable configuring default address selection policy table 1482.Pq RFC 3484 . 1483The table can be specified in another variable 1484.Va ip6addrctl_policy . 1485For 1486.Va ip6addrctl_policy 1487the following keywords can be specified: 1488.Dq Li ipv4_prefer , 1489.Dq Li ipv6_prefer , 1490or 1491.Dq Li AUTO . 1492.Pp 1493If 1494.Dq Li ipv4_prefer 1495or 1496.Dq Li ipv6_prefer 1497is specified, 1498.Xr ip6addrctl 8 1499installs a pre-defined policy table described in Section 2.1 1500.Pq IPv6-preferred 1501or 10.3 1502.Pq IPv4-preferred 1503of RFC 3484. 1504.Pp 1505If 1506.Dq Li AUTO 1507is specified, it attempts to read a file 1508.Pa /etc/ip6addrctl.conf 1509first. If this file is found, 1510.Xr ip6addrctl 8 1511reads and installs it. If not found, a policy is automatically set 1512according to 1513.Va ipv6_activate_all_interfaces 1514variable; if the variable is set to 1515.Dq Li YES 1516the IPv6-preferred one is used. Otherwise IPv4-preferred. 1517.Pp 1518The default value of 1519.Va ip6addrctl_enable 1520and 1521.Va ip6addrctl_policy 1522are 1523.Dq Li YES 1524and 1525.Dq Li AUTO , 1526respectively. 1527.It Va cloned_interfaces 1528.Pq Vt str 1529Set to the list of clonable network interfaces to create on this host. 1530Further cloning arguments may be passed to the 1531.Xr ifconfig 8 1532.Cm create 1533command for each interface by setting the 1534.Va create_args_ Ns Aq Ar interface 1535variable. 1536Entries in 1537.Va cloned_interfaces 1538are automatically appended to 1539.Va network_interfaces 1540for configuration. 1541.It Va fec_interfaces 1542.Pq Vt str 1543Set to the list of 1544.Xr ng_fec 4 1545Fast EtherChannel interfaces to configure on this host. 1546A 1547.Va fecconfig_ Ns Aq Ar interface 1548variable is assumed to exist for each value of 1549.Ar interface . 1550The value of this variable is used to configure link aggregated interfaces 1551according to the syntax of the 1552.Cm NGM_FEC_ADD_IFACE 1553to 1554.Xr ngctl 8 1555msg. 1556Additionally, this option ensures that each listed interface is created 1557via the 1558.Cm mkpeer 1559command to 1560.Xr ngctl 8 1561before attempting to configure it. 1562For example: 1563.Bd -literal 1564fec_interfaces="fec0" 1565fecconfig_fec0="em0 em1" 1566ifconfig_fec0="DHCP" 1567.Ed 1568.It Va gif_interfaces 1569.Pq Vt str 1570Set to the list of 1571.Xr gif 4 1572tunnel interfaces to configure on this host. 1573A 1574.Va gifconfig_ Ns Aq Ar interface 1575variable is assumed to exist for each value of 1576.Ar interface . 1577The value of this variable is used to configure the link layer of the 1578tunnel according to the syntax of the 1579.Cm tunnel 1580option to 1581.Xr ifconfig 8 . 1582Additionally, this option ensures that each listed interface is created 1583via the 1584.Cm create 1585option to 1586.Xr ifconfig 8 1587before attempting to configure it. 1588.It Va sppp_interfaces 1589.Pq Vt str 1590Set to the list of 1591.Xr sppp 4 1592interfaces to configure on this host. 1593A 1594.Va spppconfig_ Ns Aq Ar interface 1595variable is assumed to exist for each value of 1596.Ar interface . 1597Each interface should also be configured by a general 1598.Va ifconfig_ Ns Aq Ar interface 1599setting. 1600Refer to 1601.Xr spppcontrol 8 1602for more information about available options. 1603.It Va ppp_enable 1604.Pq Vt bool 1605If set to 1606.Dq Li YES , 1607run the 1608.Xr ppp 8 1609daemon. 1610.It Va ppp_profile 1611.Pq Vt str 1612The name of the profile to use from 1613.Pa /etc/ppp/ppp.conf . 1614Also used for per-profile overrides of 1615.Va ppp_mode 1616and 1617.Va ppp_nat , 1618and 1619.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1620When the profile name contains any of the characters 1621.Dq Li .-/+ 1622they are translated to 1623.Dq Li _ 1624for the proposes of the override variable names. 1625.It Va ppp_mode 1626.Pq Vt str 1627Mode in which to run the 1628.Xr ppp 8 1629daemon. 1630.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1631.Pq Vt str 1632Overrides the global 1633.Va ppp_mode 1634for 1635.Ar profile . 1636Accepted modes are 1637.Dq Li auto , 1638.Dq Li ddial , 1639.Dq Li direct 1640and 1641.Dq Li dedicated . 1642See the manual for a full description. 1643.It Va ppp_nat 1644.Pq Vt bool 1645If set to 1646.Dq Li YES , 1647enables network address translation. 1648Used in conjunction with 1649.Va gateway_enable 1650allows hosts on private network addresses access to the Internet using 1651this host as a network address translating router. 1652.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1653.Pq Vt str 1654Overrides the global 1655.Va ppp_nat 1656for 1657.Ar profile . 1658.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1659.Pq Vt int 1660Set the unit number to be used for this profile. 1661See the manual description of 1662.Fl unit Ns Ar N 1663for details. 1664.It Va ppp_user 1665.Pq Vt str 1666The name of the user under which 1667.Xr ppp 8 1668should be started. 1669By 1670default, 1671.Xr ppp 8 1672is started as 1673.Dq Li root . 1674.It Va rc_conf_files 1675.Pq Vt str 1676This option is used to specify a list of files that will override 1677the settings in 1678.Pa /etc/defaults/rc.conf . 1679The files will be read in the order in which they are specified and should 1680include the full path to the file. 1681By default, the files specified are 1682.Pa /etc/rc.conf 1683and 1684.Pa /etc/rc.conf.local 1685.It Va zfs_enable 1686.Pq Vt bool 1687If set to 1688.Dq Li YES , 1689.Pa /etc/rc.d/zfs 1690will attempt to automatically mount ZFS file systems and initialize ZFS volumes 1691(ZVOLs). 1692.It Va gptboot_enable 1693.Pq Vt bool 1694If set to 1695.Dq Li YES , 1696.Pa /etc/rc.d/gptboot 1697will log if the system successfully (or not) booted from a GPT partition, 1698which had the 1699.Ar bootonce 1700attribute set using 1701.Xr gpart 8 1702utility. 1703.It Va gbde_autoattach_all 1704.Pq Vt bool 1705If set to 1706.Dq Li YES , 1707.Pa /etc/rc.d/gbde 1708will attempt to automatically initialize your .bde devices in 1709.Pa /etc/fstab . 1710.It Va gbde_devices 1711.Pq Vt str 1712List the devices that the script should try to attach, 1713or 1714.Dq Li AUTO . 1715.It Va gbde_lockdir 1716.Pq Vt str 1717The directory where the 1718.Xr gbde 4 1719lockfiles are located. 1720The default lockfile directory is 1721.Pa /etc . 1722.Pp 1723The lockfile for each individual 1724.Xr gbde 4 1725device can be overridden by setting the variable 1726.Va gbde_lock_ Ns Aq Ar device , 1727where 1728.Ar device 1729is the encrypted device without the 1730.Dq Pa /dev/ 1731and 1732.Dq Pa .bde 1733parts. 1734.It Va gbde_attach_attempts 1735.Pq Vt int 1736Number of times to attempt attaching to a 1737.Xr gbde 4 1738device, i.e., how many times the user is asked for the pass-phrase. 1739Default is 3. 1740.It Va geli_devices 1741.Pq Vt str 1742List of devices to automatically attach on boot. 1743Note that .eli devices from 1744.Pa /etc/fstab 1745are automatically appended to this list. 1746.It Va geli_tries 1747.Pq Vt int 1748Number of times user is asked for the pass-phrase. 1749If empty, it will be taken from 1750.Va kern.geom.eli.tries 1751sysctl variable. 1752.It Va geli_default_flags 1753.Pq Vt str 1754Default flags to use by 1755.Xr geli 8 1756when configuring disk encryption. 1757Flags can be configured for every device separately by defining 1758.Va geli_ Ns Ao Ar device Ac Ns Va _flags 1759variable. 1760.It Va geli_autodetach 1761.Pq Vt str 1762Specifies if GELI devices should be marked for detach on last close after 1763file systems are mounted. 1764Default is 1765.Dq Li YES . 1766This can be changed for every device separately by defining 1767.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 1768variable. 1769.It Va geli_swap_flags 1770Options passed to the 1771.Xr geli 8 1772utility when encrypted GEOM providers for swap partitions are created. 1773The default is 1774.Dq Li "-e aes -l 256 -s 4096 -d" . 1775.It Va root_rw_mount 1776.Pq Vt bool 1777Set to 1778.Dq Li YES 1779by default. 1780After the file systems are checked at boot time, the root file system 1781is remounted as read-write if this is set to 1782.Dq Li YES . 1783Diskless systems that mount their root file system from a read-only remote 1784NFS share should set this to 1785.Dq Li NO 1786in their 1787.Pa rc.conf . 1788.It Va fsck_y_enable 1789.Pq Vt bool 1790If set to 1791.Dq Li YES , 1792.Xr fsck 8 1793will be run with the 1794.Fl y 1795flag if the initial preen 1796of the file systems fails. 1797.It Va background_fsck 1798.Pq Vt bool 1799If set to 1800.Dq Li YES , 1801the system will attempt to run 1802.Xr fsck 8 1803in the background where possible. 1804.It Va background_fsck_delay 1805.Pq Vt int 1806The amount of time in seconds to sleep before starting a background 1807.Xr fsck 8 . 1808It defaults to sixty seconds to allow large applications such as 1809the X server to start before disk I/O bandwidth is monopolized by 1810.Xr fsck 8 . 1811If set to a negative number, the background file system check will be 1812delayed indefinitely to allow the administrator to run it at a more 1813convenient time. 1814For example it may be run from 1815.Xr cron 8 1816by adding a line like 1817.Pp 1818.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 1819.Pp 1820to 1821.Pa /etc/crontab . 1822.It Va netfs_types 1823.Pq Vt str 1824List of file system types that are network-based. 1825This list should generally not be modified by end users. 1826Use 1827.Va extra_netfs_types 1828instead. 1829.It Va extra_netfs_types 1830.Pq Vt str 1831If set to something other than 1832.Dq Li NO 1833(the default), 1834this variable extends the list of file system types 1835for which automatic mounting at startup by 1836.Xr rc 8 1837should be delayed until the network is initialized. 1838It should contain 1839a whitespace-separated list of network file system descriptor pairs, 1840each consisting of a file system type as passed to 1841.Xr mount 8 1842and a human-readable, one-word description, 1843joined with a colon 1844.Pq Ql \&: . 1845Extending the default list in this way is only necessary 1846when third party file system types are used. 1847.It Va syslogd_enable 1848.Pq Vt bool 1849If set to 1850.Dq Li YES , 1851run the 1852.Xr syslogd 8 1853daemon. 1854.It Va syslogd_program 1855.Pq Vt str 1856Path to 1857.Xr syslogd 8 1858(default 1859.Pa /usr/sbin/syslogd ) . 1860.It Va syslogd_flags 1861.Pq Vt str 1862If 1863.Va syslogd_enable 1864is set to 1865.Dq Li YES , 1866these are the flags to pass to 1867.Xr syslogd 8 . 1868.It Va inetd_enable 1869.Pq Vt bool 1870If set to 1871.Dq Li YES , 1872run the 1873.Xr inetd 8 1874daemon. 1875.It Va inetd_program 1876.Pq Vt str 1877Path to 1878.Xr inetd 8 1879(default 1880.Pa /usr/sbin/inetd ) . 1881.It Va inetd_flags 1882.Pq Vt str 1883If 1884.Va inetd_enable 1885is set to 1886.Dq Li YES , 1887these are the flags to pass to 1888.Xr inetd 8 . 1889.It Va hastd_enable 1890.Pq Vt bool 1891If set to 1892.Dq Li YES , 1893run the 1894.Xr hastd 8 1895daemon. 1896.It Va hastd_program 1897.Pq Vt str 1898Path to 1899.Xr hastd 8 1900(default 1901.Pa /sbin/hastd ) . 1902.It Va hastd_flags 1903.Pq Vt str 1904If 1905.Va hastd_enable 1906is set to 1907.Dq Li YES , 1908these are the flags to pass to 1909.Xr hastd 8 . 1910.It Va named_enable 1911.Pq Vt bool 1912If set to 1913.Dq Li YES , 1914run the 1915.Xr named 8 1916daemon. 1917.It Va named_program 1918.Pq Vt str 1919Path to 1920.Xr named 8 1921(default 1922.Pa /usr/sbin/named ) . 1923.It Va named_conf 1924.Pq Vt str 1925Path to 1926.Xr named 8 1927configuration file, (default 1928.Pa /etc/namedb/named.conf ) . 1929.It Va named_flags 1930.Pq Vt str 1931If 1932.Va named_enable 1933is set to 1934.Dq Li YES , 1935these are the flags to pass to 1936.Xr named 8 . 1937.It Va named_uid 1938.Pq Vt str 1939The user that the 1940.Xr named 8 1941process should be run as. 1942.It Va named_chrootdir 1943.Pq Vt str 1944The root directory for a name server run in a 1945.Xr chroot 8 1946environment (default 1947.Pa /var/named ) . 1948If left empty 1949.Xr named 8 1950will not be run in a 1951.Xr chroot 8 1952environment. 1953.It Va named_chroot_autoupdate 1954.Pq Vt bool 1955Set to 1956.Dq Li NO 1957to disable automatic update of the 1958.Xr chroot 8 1959environment. 1960.It Va named_symlink_enable 1961.Pq Vt bool 1962Set to 1963.Dq Li NO 1964to disable symlinking of 1965daemon's PID file 1966into the 1967.Xr chroot 8 1968environment. 1969.It Va named_wait 1970.Pq Vt bool 1971Set to have 1972.Pa /etc/rc.d/named 1973loop until working name service is established. 1974.It Va named_wait_host 1975.Pq Vt str 1976Name of host to lookup for the named_wait option. 1977(Default localhost) 1978.It Va named_auto_forward 1979.Pq Vt bool 1980Set to enable automatic creation of a forwarder 1981configuration file derived from 1982.Pa /etc/resolv.conf . 1983.It Va named_auto_forward_only 1984.Pq Vt bool 1985Set to change the default forwarder configuration from 1986.Dq forward first 1987to 1988.Dq forward only . 1989.It Va kerberos5_server_enable 1990.Pq Vt bool 1991Set to 1992.Dq Li YES 1993to start a Kerberos 5 authentication server 1994at boot time. 1995.It Va kerberos5_server 1996.Pq Vt str 1997If 1998.Va kerberos5_server_enable 1999is set to 2000.Dq Li YES 2001this is the path to Kerberos 5 Authentication Server. 2002.It Va kerberos5_server_flags 2003.Pq Vt str 2004Empty by default. 2005This variable contains additional flags to be passed to the Kerberos 5 2006authentication server. 2007.It Va kadmind5_server_enable 2008.Pq Vt bool 2009Set to 2010.Dq Li YES 2011to start 2012.Xr kadmind 8 , 2013the Kerberos 5 Administration Daemon; set to 2014.Dq Li NO 2015on a slave server. 2016.It Va kadmind5_server 2017.Pq Vt str 2018If 2019.Va kadmind5_server_enable 2020is set to 2021.Dq Li YES 2022this is the path to Kerberos 5 Administration Daemon. 2023.It Va kpasswdd_server_enable 2024.Pq Vt bool 2025Set to 2026.Dq Li YES 2027to start 2028.Xr kpasswdd 8 , 2029the Kerberos 5 Password-Changing Daemon; set to 2030.Dq Li NO 2031on a slave server. 2032.It Va kpasswdd_server 2033.Pq Vt str 2034If 2035.Va kpasswdd_server_enable 2036is set to 2037.Dq Li YES 2038this is the path to Kerberos 5 Password-Changing Daemon. 2039.It Va rwhod_enable 2040.Pq Vt bool 2041If set to 2042.Dq Li YES , 2043run the 2044.Xr rwhod 8 2045daemon at boot time. 2046.It Va rwhod_flags 2047.Pq Vt str 2048If 2049.Va rwhod_enable 2050is set to 2051.Dq Li YES , 2052these are the flags to pass to it. 2053.It Va amd_enable 2054.Pq Vt bool 2055If set to 2056.Dq Li YES , 2057run the 2058.Xr amd 8 2059daemon at boot time. 2060.It Va amd_flags 2061.Pq Vt str 2062If 2063.Va amd_enable 2064is set to 2065.Dq Li YES , 2066these are the flags to pass to it. 2067See the 2068.Xr amd 8 2069manpage for more information. 2070.It Va amd_map_program 2071.Pq Vt str 2072If set, 2073the specified program is run to get the list of 2074.Xr amd 8 2075maps. 2076For example, if the 2077.Xr amd 8 2078maps are stored in NIS, one can set this to 2079run 2080.Xr ypcat 1 2081to get a list of 2082.Xr amd 8 2083maps from the 2084.Pa amd.master 2085NIS map. 2086.It Va update_motd 2087.Pq Vt bool 2088If set to 2089.Dq Li YES , 2090.Pa /etc/motd 2091will be updated at boot time to reflect the kernel release 2092being run. 2093If set to 2094.Dq Li NO , 2095.Pa /etc/motd 2096will not be updated. 2097.It Va nfs_client_enable 2098.Pq Vt bool 2099If set to 2100.Dq Li YES , 2101run the NFS client daemons at boot time. 2102.It Va nfs_access_cache 2103.Pq Vt int 2104If 2105.Va nfs_client_enable 2106is set to 2107.Dq Li YES , 2108this can be set to 2109.Dq Li 0 2110to disable NFS ACCESS RPC caching, or to the number of seconds for which 2111NFS ACCESS 2112results should be cached. 2113A value of 2-10 seconds will substantially reduce network 2114traffic for many NFS operations. 2115.It Va nfs_server_enable 2116.Pq Vt bool 2117If set to 2118.Dq Li YES , 2119run the NFS server daemons at boot time. 2120.It Va nfs_server_flags 2121.Pq Vt str 2122If 2123.Va nfs_server_enable 2124is set to 2125.Dq Li YES , 2126these are the flags to pass to the 2127.Xr nfsd 8 2128daemon. 2129.It Va nfsv4_server_enable 2130.Pq Vt bool 2131If 2132.Va nfs_server_enable 2133is set to 2134.Dq Li YES 2135and 2136.Va nfsv4_server_enable 2137are set to 2138.Dq Li YES , 2139enable the server for NFSv4 as well as NFSv2 and NFSv3. 2140.It Va nfsuserd_enable 2141.Pq Vt bool 2142If 2143.Va nfsuserd_enable 2144is set to 2145.Dq Li YES , 2146run the nfsuserd daemon, which is needed for NFSv4 in order 2147to map between user/group names vs uid/gid numbers. 2148If 2149.Va nfsv4_server_enable 2150is set to 2151.Dq Li YES , 2152this will be forced enabled. 2153.It Va nfsuserd_flags 2154.Pq Vt str 2155If 2156.Va nfsuserd_enable 2157is set to 2158.Dq Li YES , 2159these are the flags to pass to the 2160.Xr nfsuserd 8 2161daemon. 2162.It Va nfscbd_enable 2163.Pq Vt bool 2164If 2165.Va nfscbd_enable 2166is set to 2167.Dq Li YES , 2168run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2169.It Va nfscbd_flags 2170.Pq Vt str 2171If 2172.Va nfscbd_enable 2173is set to 2174.Dq Li YES , 2175these are the flags to pass to the 2176.Xr nfscbd 8 2177daemon. 2178.It Va oldnfs_server_enable 2179.Pq Vt bool 2180If 2181.Va oldnfs_server_enable 2182is set to 2183.Dq Li YES , 2184force the NFS server daemons to run the old NFS server code 2185that does not support NFSv4. 2186.It Va mountd_enable 2187.Pq Vt bool 2188If set to 2189.Dq Li YES , 2190and no 2191.Va nfs_server_enable 2192is set, start 2193.Xr mountd 8 , 2194but not 2195.Xr nfsd 8 2196daemon. 2197It is commonly needed to run CFS without real NFS used. 2198.It Va mountd_flags 2199.Pq Vt str 2200If 2201.Va mountd_enable 2202is set to 2203.Dq Li YES , 2204these are the flags to pass to the 2205.Xr mountd 8 2206daemon. 2207.It Va weak_mountd_authentication 2208.Pq Vt bool 2209If set to 2210.Dq Li YES , 2211allow services like PCNFSD to make non-privileged mount 2212requests. 2213.It Va nfs_reserved_port_only 2214.Pq Vt bool 2215If set to 2216.Dq Li YES , 2217provide NFS services only on a secure port. 2218.It Va nfs_bufpackets 2219.Pq Vt int 2220If set to a number, indicates the number of packets worth of 2221socket buffer space to reserve on an NFS client. 2222The kernel default is typically 4. 2223Using a higher number may be 2224useful on gigabit networks to improve performance. 2225The minimum value is 22262 and the maximum is 64. 2227.It Va rpc_lockd_enable 2228.Pq Vt bool 2229If set to 2230.Dq Li YES 2231and also an NFS server or client, run 2232.Xr rpc.lockd 8 2233at boot time. 2234.It Va rpc_lockd_flags 2235.Pq Vt str 2236If 2237.Va rpc_lockd_enable 2238is set to 2239.Dq Li YES , 2240these are the flags to pass to the 2241.Xr rpc.lockd 8 2242daemon. 2243.It Va rpc_statd_enable 2244.Pq Vt bool 2245If set to 2246.Dq Li YES 2247and also an NFS server or client, run 2248.Xr rpc.statd 8 2249at boot time. 2250.It Va rpc_statd_flags 2251.Pq Vt str 2252If 2253.Va rpc_statd_enable 2254is set to 2255.Dq Li YES , 2256these are the flags to pass to the 2257.Xr rpc.statd 8 2258daemon. 2259.It Va rpcbind_program 2260.Pq Vt str 2261Path to 2262.Xr rpcbind 8 2263(default 2264.Pa /usr/sbin/rpcbind ) . 2265.It Va rpcbind_enable 2266.Pq Vt bool 2267If set to 2268.Dq Li YES , 2269run the 2270.Xr rpcbind 8 2271service at boot time. 2272.It Va rpcbind_flags 2273.Pq Vt str 2274If 2275.Va rpcbind_enable 2276is set to 2277.Dq Li YES , 2278these are the flags to pass to the 2279.Xr rpcbind 8 2280daemon. 2281.It Va keyserv_enable 2282.Pq Vt bool 2283If set to 2284.Dq Li YES , 2285run the 2286.Xr keyserv 8 2287daemon on boot for running Secure RPC. 2288.It Va keyserv_flags 2289.Pq Vt str 2290If 2291.Va keyserv_enable 2292is set to 2293.Dq Li YES , 2294these are the flags to pass to 2295.Xr keyserv 8 2296daemon. 2297.It Va pppoed_enable 2298.Pq Vt bool 2299If set to 2300.Dq Li YES , 2301run the 2302.Xr pppoed 8 2303daemon at boot time to provide PPP over Ethernet services. 2304.It Va pppoed_ Ns Aq Ar provider 2305.Pq Vt str 2306.Xr pppoed 8 2307listens to requests to this 2308.Ar provider 2309and ultimately runs 2310.Xr ppp 8 2311with a 2312.Ar system 2313argument of the same name. 2314.It Va pppoed_flags 2315.Pq Vt str 2316Additional flags to pass to 2317.Xr pppoed 8 . 2318.It Va pppoed_interface 2319.Pq Vt str 2320The network interface to run 2321.Xr pppoed 8 2322on. 2323This is mandatory when 2324.Va pppoed_enable 2325is set to 2326.Dq Li YES . 2327.It Va timed_enable 2328.Pq Vt bool 2329If set to 2330.Dq Li YES , 2331run the 2332.Xr timed 8 2333service at boot time. 2334This command is intended for networks of 2335machines where a consistent 2336.Dq "network time" 2337for all hosts must be established. 2338This is often useful in large NFS 2339environments where time stamps on files are expected to be consistent 2340network-wide. 2341.It Va timed_flags 2342.Pq Vt str 2343If 2344.Va timed_enable 2345is set to 2346.Dq Li YES , 2347these are the flags to pass to the 2348.Xr timed 8 2349service. 2350.It Va ntpdate_enable 2351.Pq Vt bool 2352If set to 2353.Dq Li YES , 2354run 2355.Xr ntpdate 8 2356at system startup. 2357This command is intended to 2358synchronize the system clock only 2359.Em once 2360from some standard reference. 2361An option to set this up initially 2362(from a list of known servers) is also provided by the 2363.Xr sysinstall 8 2364program when the system is first installed. 2365.It Va ntpdate_config 2366.Pq Vt str 2367Configuration file for 2368.Xr ntpdate 8 . 2369Default 2370.Pa /etc/ntp.conf . 2371.It Va ntpdate_hosts 2372.Pq Vt str 2373A whitespace-separated list of NTP servers to synchronize with at startup. 2374The default is to use the servers listed in 2375.Va ntpdate_config , 2376if that file exists. 2377.It Va ntpdate_program 2378.Pq Vt str 2379Path to 2380.Xr ntpdate 8 2381(default 2382.Pa /usr/sbin/ntpdate ) . 2383.It Va ntpdate_flags 2384.Pq Vt str 2385If 2386.Va ntpdate_enable 2387is set to 2388.Dq Li YES , 2389these are the flags to pass to the 2390.Xr ntpdate 8 2391command (typically a hostname). 2392.It Va ntpd_enable 2393.Pq Vt bool 2394If set to 2395.Dq Li YES , 2396run the 2397.Xr ntpd 8 2398command at boot time. 2399.It Va ntpd_program 2400.Pq Vt str 2401Path to 2402.Xr ntpd 8 2403(default 2404.Pa /usr/sbin/ntpd ) . 2405.It Va ntpd_config 2406.Pq Vt str 2407Path to 2408.Xr ntpd 8 2409configuration file. 2410Default 2411.Pa /etc/ntp.conf . 2412.It Va ntpd_flags 2413.Pq Vt str 2414If 2415.Va ntpd_enable 2416is set to 2417.Dq Li YES , 2418these are the flags to pass to the 2419.Xr ntpd 8 2420daemon. 2421.It Va ntpd_sync_on_start 2422.Pq Vt bool 2423If set to 2424.Dq Li YES , 2425.Xr ntpd 8 2426is run with the 2427.Fl g 2428flag, which syncs the system's clock on startup. 2429See 2430.Xr ntpd 8 2431for more information regarding the 2432.Fl g 2433option. 2434This is a preferred alternative to using 2435.Xr ntpdate 8 2436or specifying the 2437.Va ntpdate_enable 2438variable. 2439.It Va nis_client_enable 2440.Pq Vt bool 2441If set to 2442.Dq Li YES , 2443run the 2444.Xr ypbind 8 2445service at system boot time. 2446.It Va nis_client_flags 2447.Pq Vt str 2448If 2449.Va nis_client_enable 2450is set to 2451.Dq Li YES , 2452these are the flags to pass to the 2453.Xr ypbind 8 2454service. 2455.It Va nis_ypset_enable 2456.Pq Vt bool 2457If set to 2458.Dq Li YES , 2459run the 2460.Xr ypset 8 2461daemon at system boot time. 2462.It Va nis_ypset_flags 2463.Pq Vt str 2464If 2465.Va nis_ypset_enable 2466is set to 2467.Dq Li YES , 2468these are the flags to pass to the 2469.Xr ypset 8 2470daemon. 2471.It Va nis_server_enable 2472.Pq Vt bool 2473If set to 2474.Dq Li YES , 2475run the 2476.Xr ypserv 8 2477daemon at system boot time. 2478.It Va nis_server_flags 2479.Pq Vt str 2480If 2481.Va nis_server_enable 2482is set to 2483.Dq Li YES , 2484these are the flags to pass to the 2485.Xr ypserv 8 2486daemon. 2487.It Va nis_ypxfrd_enable 2488.Pq Vt bool 2489If set to 2490.Dq Li YES , 2491run the 2492.Xr rpc.ypxfrd 8 2493daemon at system boot time. 2494.It Va nis_ypxfrd_flags 2495.Pq Vt str 2496If 2497.Va nis_ypxfrd_enable 2498is set to 2499.Dq Li YES , 2500these are the flags to pass to the 2501.Xr rpc.ypxfrd 8 2502daemon. 2503.It Va nis_yppasswdd_enable 2504.Pq Vt bool 2505If set to 2506.Dq Li YES , 2507run the 2508.Xr rpc.yppasswdd 8 2509daemon at system boot time. 2510.It Va nis_yppasswdd_flags 2511.Pq Vt str 2512If 2513.Va nis_yppasswdd_enable 2514is set to 2515.Dq Li YES , 2516these are the flags to pass to the 2517.Xr rpc.yppasswdd 8 2518daemon. 2519.It Va rpc_ypupdated_enable 2520.Pq Vt bool 2521If set to 2522.Dq Li YES , 2523run the 2524.Nm rpc.ypupdated 2525daemon at system boot time. 2526.It Va bsnmpd_enable 2527.Pq Vt bool 2528If set to 2529.Dq Li YES , 2530run the 2531.Xr bsnmpd 1 2532daemon at system boot time. 2533Be sure to understand the security implications of running SNMP daemon 2534on your host. 2535.It Va bsnmpd_flags 2536.Pq Vt str 2537If 2538.Va bsnmpd_enable 2539is set to 2540.Dq Li YES , 2541these are the flags to pass to the 2542.Xr bsnmpd 1 2543daemon. 2544.It Va defaultrouter 2545.Pq Vt str 2546If not set to 2547.Dq Li NO , 2548create a default route to this host name or IP address 2549(use an IP address if this router is also required to get to the 2550name server!). 2551.It Va ipv6_defaultrouter 2552.Pq Vt str 2553The IPv6 equivalent of 2554.Va defaultrouter . 2555.It Va static_arp_pairs 2556.Pq Vt str 2557Set to the list of static ARP pairs that are to be added at system 2558boot time. 2559For each whitespace separated 2560.Ar element 2561in the value, a 2562.Va static_arp_ Ns Aq Ar element 2563variable is assumed to exist whose contents will later be passed to a 2564.Dq Nm arp Cm -S 2565operation. 2566For example 2567.Bd -literal 2568static_arp_pairs="gw" 2569static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2570.Ed 2571.It Va static_routes 2572.Pq Vt str 2573Set to the list of static routes that are to be added at system 2574boot time. 2575If not set to 2576.Dq Li NO 2577then for each whitespace separated 2578.Ar element 2579in the value, a 2580.Va route_ Ns Aq Ar element 2581variable is assumed to exist 2582whose contents will later be passed to a 2583.Dq Nm route Cm add 2584operation. 2585For example: 2586.Bd -literal 2587static_routes="mcast gif0local" 2588route_mcast="-net 224.0.0.0/4 -iface gif0" 2589route_gif0local="-host 169.254.1.1 -iface lo0" 2590.Ed 2591.It Va ipv6_static_routes 2592.Pq Vt str 2593The IPv6 equivalent of 2594.Va static_routes . 2595If not set to 2596.Dq Li NO 2597then for each whitespace separated 2598.Ar element 2599in the value, a 2600.Va ipv6_route_ Ns Aq Ar element 2601variable is assumed to exist 2602whose contents will later be passed to a 2603.Dq Nm route Cm add Fl inet6 2604operation. 2605.It Va natm_static_routes 2606.Pq Vt str 2607The 2608.Xr natmip 4 2609equivalent of 2610.Va static_routes . 2611If not empty then for each whitespace separated 2612.Ar element 2613in the value, a 2614.Va route_ Ns Aq Ar element 2615variable is assumed to exist whose contents will later be passed to a 2616.Dq Nm atmconfig Cm natm Cm add 2617operation. 2618.It Va gateway_enable 2619.Pq Vt bool 2620If set to 2621.Dq Li YES , 2622configure host to act as an IP router, e.g.\& to forward packets 2623between interfaces. 2624.It Va ipv6_gateway_enable 2625.Pq Vt bool 2626The IPv6 equivalent of 2627.Va gateway_enable . 2628.It Va routed_enable 2629.Pq Vt bool 2630If set to 2631.Dq Li YES , 2632run a routing daemon of some sort, based on the 2633settings of 2634.Va routed_program 2635and 2636.Va routed_flags . 2637.It Va route6d_enable 2638.Pq Vt bool 2639The IPv6 equivalent of 2640.Va routed_enable . 2641If set to 2642.Dq Li YES , 2643run a routing daemon of some sort, based on the 2644settings of 2645.Va route6d_program 2646and 2647.Va route6d_flags . 2648.It Va routed_program 2649.Pq Vt str 2650If 2651.Va routed_enable 2652is set to 2653.Dq Li YES , 2654this is the name of the routing daemon to use. 2655.It Va route6d_program 2656.Pq Vt str 2657The IPv6 equivalent of 2658.Va routed_program . 2659.It Va routed_flags 2660.Pq Vt str 2661If 2662.Va routed_enable 2663is set to 2664.Dq Li YES , 2665these are the flags to pass to the routing daemon. 2666.It Va route6d_flags 2667.Pq Vt str 2668The IPv6 equivalent of 2669.Va routed_flags . 2670.It Va mrouted_enable 2671.Pq Vt bool 2672If set to 2673.Dq Li YES , 2674run the multicast routing daemon, 2675.Xr mrouted 8 . 2676.It Va mroute6d_enable 2677.Pq Vt bool 2678The IPv6 equivalent of 2679.Va mrouted_enable . 2680If set to 2681.Dq Li YES , 2682run the IPv6 multicast routing daemon. 2683.Pp 2684Note that multicast routing daemons are no longer included in the 2685.Fx 2686base system, however, both 2687.Xr mrouted 8 2688and 2689.Xr pim6dd 8 2690may be installed from the 2691.Fx 2692Ports Collection. 2693.It Va mrouted_flags 2694.Pq Vt str 2695If 2696.Va mrouted_enable 2697is set to 2698.Dq Li YES , 2699these are the flags to pass to the 2700.Xr mrouted 8 2701daemon. 2702.It Va mroute6d_flags 2703.Pq Vt str 2704The IPv6 equivalent of 2705.Va mrouted_flags . 2706If 2707.Va mroute6d_enable 2708is set to 2709.Dq Li YES , 2710these are the flags passed to the IPv6 multicast routing daemon. 2711.It Va mroute6d_program 2712.Pq Vt str 2713If 2714.Va mroute6d_enable 2715is set to 2716.Dq Li YES , 2717this is the path to the IPv6 multicast routing daemon. 2718.It Va rtadvd_enable 2719.Pq Vt bool 2720If set to 2721.Dq Li YES , 2722run the 2723.Xr rtadvd 8 2724daemon at boot time. 2725The 2726.Xr rtadvd 8 2727utility sends ICMPv6 Router Advertisement messages to 2728the interfaces specified in 2729.Va rtadvd_interfaces . 2730This should only be enabled with great care. 2731You may want to fine-tune 2732.Xr rtadvd.conf 5 . 2733.It Va rtadvd_interfaces 2734.Pq Vt str 2735If 2736.Va rtadvd_enable 2737is set to 2738.Dq Li YES 2739this is the list of interfaces to use. 2740.It Va ipxgateway_enable 2741.Pq Vt bool 2742If set to 2743.Dq Li YES , 2744enable the routing of IPX traffic. 2745.It Va ipxrouted_enable 2746.Pq Vt bool 2747If set to 2748.Dq Li YES , 2749run the 2750.Xr IPXrouted 8 2751daemon at system boot time. 2752.It Va ipxrouted_flags 2753.Pq Vt str 2754If 2755.Va ipxrouted_enable 2756is set to 2757.Dq Li YES , 2758these are the flags to pass to the 2759.Xr IPXrouted 8 2760daemon. 2761.It Va arpproxy_all 2762.Pq Vt bool 2763If set to 2764.Dq Li YES , 2765enable global proxy ARP. 2766.It Va forward_sourceroute 2767.Pq Vt bool 2768If set to 2769.Dq Li YES 2770and 2771.Va gateway_enable 2772is also set to 2773.Dq Li YES , 2774source-routed packets are forwarded. 2775.It Va accept_sourceroute 2776.Pq Vt bool 2777If set to 2778.Dq Li YES , 2779the system will accept source-routed packets directed at it. 2780.It Va rarpd_enable 2781.Pq Vt bool 2782If set to 2783.Dq Li YES , 2784run the 2785.Xr rarpd 8 2786daemon at system boot time. 2787.It Va rarpd_flags 2788.Pq Vt str 2789If 2790.Va rarpd_enable 2791is set to 2792.Dq Li YES , 2793these are the flags to pass to the 2794.Xr rarpd 8 2795daemon. 2796.It Va bootparamd_enable 2797.Pq Vt bool 2798If set to 2799.Dq Li YES , 2800run the 2801.Xr bootparamd 8 2802daemon at system boot time. 2803.It Va bootparamd_flags 2804.Pq Vt str 2805If 2806.Va bootparamd_enable 2807is set to 2808.Dq Li YES , 2809these are the flags to pass to the 2810.Xr bootparamd 8 2811daemon. 2812.It Va stf_interface_ipv4addr 2813.Pq Vt str 2814If not set to 2815.Dq Li NO , 2816this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 2817interface). 2818Specify this entry to enable the 6to4 interface. 2819.It Va stf_interface_ipv4plen 2820.Pq Vt int 2821Prefix length for 6to4 IPv4 addresses, to limit peer address range. 2822An effective value is 0-31. 2823.It Va stf_interface_ipv6_ifid 2824.Pq Vt str 2825IPv6 interface ID for 2826.Xr stf 4 . 2827This can be set to 2828.Dq Li AUTO . 2829.It Va stf_interface_ipv6_slaid 2830.Pq Vt str 2831IPv6 Site Level Aggregator for 2832.Xr stf 4 . 2833.It Va ipv6_faith_prefix 2834.Pq Vt str 2835If not set to 2836.Dq Li NO , 2837this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP 2838translator. 2839You also need 2840.Xr faithd 8 2841setup. 2842.It Va ipv6_ipv4mapping 2843.Pq Vt bool 2844If set to 2845.Dq Li YES 2846this enables IPv4 mapped IPv6 address communication (like 2847.Li ::ffff:a.b.c.d ) . 2848.It Va atm_enable 2849.Pq Vt bool 2850Set to 2851.Dq Li YES 2852to enable the configuration of ATM interfaces at system boot time. 2853For all of the ATM variables described below, please refer to the 2854.Xr atm 8 2855manual page for further details on the available command parameters. 2856Also refer to the files in 2857.Pa /usr/share/examples/atm 2858for more detailed configuration information. 2859.It Va atm_load 2860.Pq Vt str 2861This is a list of physical ATM interface drivers to load. 2862Typical values are 2863.Dq Li hfa_pci 2864and/or 2865.Dq Li hea_pci . 2866.It Va atm_netif_ Ns Aq Ar intf 2867.Pq Vt str 2868For the ATM physical interface 2869.Ar intf , 2870this variable defines the name prefix and count for the ATM network 2871interfaces to be created. 2872The value will be passed as the parameters of an 2873.Dq Nm atm Cm "set netif" Ar intf 2874command. 2875.It Va atm_sigmgr_ Ns Aq Ar intf 2876.Pq Vt str 2877For the ATM physical interface 2878.Ar intf , 2879this variable defines the ATM signalling manager to be used. 2880The value will be passed as the parameters of an 2881.Dq Nm atm Cm attach Ar intf 2882command. 2883.It Va atm_prefix_ Ns Aq Ar intf 2884.Pq Vt str 2885For the ATM physical interface 2886.Ar intf , 2887this variable defines the NSAP prefix for interfaces using a UNI signalling 2888manager. 2889If set to 2890.Dq Li ILMI , 2891the prefix will automatically be set via the 2892.Xr ilmid 8 2893daemon. 2894Otherwise, the value will be passed as the parameters of an 2895.Dq Nm atm Cm "set prefix" Ar intf 2896command. 2897.It Va atm_macaddr_ Ns Aq Ar intf 2898.Pq Vt str 2899For the ATM physical interface 2900.Ar intf , 2901this variable defines the MAC address for interfaces using a UNI signalling 2902manager. 2903If set to 2904.Dq Li NO , 2905the hardware MAC address contained in the ATM interface card will be used. 2906Otherwise, the value will be passed as the parameters of an 2907.Dq Nm atm Cm "set mac" Ar intf 2908command. 2909.It Va atm_arpserver_ Ns Aq Ar netif 2910.Pq Vt str 2911For the ATM network interface 2912.Ar netif , 2913this variable defines the ATM address for a host which is to provide ATMARP 2914service. 2915This variable is only applicable to interfaces using a UNI signalling 2916manager. 2917If set to 2918.Dq Li local , 2919this host will become an ATMARP server. 2920The value will be passed as the parameters of an 2921.Dq Nm atm Cm "set arpserver" Ar netif 2922command. 2923.It Va atm_scsparp_ Ns Aq Ar netif 2924.Pq Vt bool 2925If set to 2926.Dq Li YES , 2927SCSP/ATMARP service for the network interface 2928.Ar netif 2929will be initiated using the 2930.Xr scspd 8 2931and 2932.Xr atmarpd 8 2933daemons. 2934This variable is only applicable if 2935.Va atm_arpserver_ Ns Aq Ar netif 2936is set to 2937.Dq Li local . 2938.It Va atm_pvcs 2939.Pq Vt str 2940Set to the list of ATM PVCs to be added at system 2941boot time. 2942For each whitespace separated 2943.Ar element 2944in the value, an 2945.Va atm_pvc_ Ns Aq Ar element 2946variable is assumed to exist. 2947The value of each of these variables 2948will be passed as the parameters of an 2949.Dq Nm atm Cm "add pvc" 2950command. 2951.It Va atm_arps 2952.Pq Vt str 2953Set to the list of permanent ATM ARP entries to be added 2954at system boot time. 2955For each whitespace separated 2956.Ar element 2957in the value, an 2958.Va atm_arp_ Ns Aq Ar element 2959variable is assumed to exist. 2960The value of each of these variables 2961will be passed as the parameters of an 2962.Dq Nm atm Cm "add arp" 2963command. 2964.It Va natm_interfaces 2965.Pq Vt str 2966Set to the list of 2967.Xr natm 4 2968interfaces that will also be used for HARP through 2969.Xr harp 4 . 2970If this list is not empty all interfaces in the list will be brought up 2971with 2972.Xr ifconfig 8 2973and 2974.Xr harp 4 2975will be loaded. 2976For this to work the interface drivers must be either compiled into the 2977kernel or must reside on the root partition. 2978.It Va keybell 2979.Pq Vt str 2980The keyboard bell sound. 2981Set to 2982.Dq Li normal , 2983.Dq Li visual , 2984.Dq Li off , 2985or 2986.Dq Li NO 2987if the default behavior is desired. 2988For details, refer to the 2989.Xr kbdcontrol 1 2990manpage. 2991.It Va keyboard 2992.Pq Vt str 2993If set to a non-null string, the virtual console's keyboard input is 2994set to this device. 2995.It Va keymap 2996.Pq Vt str 2997If set to 2998.Dq Li NO , 2999no keymap is installed, otherwise the value is used to install 3000the keymap file in 3001.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd . 3002.It Va keyrate 3003.Pq Vt str 3004The keyboard repeat speed. 3005Set to 3006.Dq Li slow , 3007.Dq Li normal , 3008.Dq Li fast , 3009or 3010.Dq Li NO 3011if the default behavior is desired. 3012.It Va keychange 3013.Pq Vt str 3014If not set to 3015.Dq Li NO , 3016attempt to program the function keys with the value. 3017The value should 3018be a single string of the form: 3019.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3020.It Va cursor 3021.Pq Vt str 3022Can be set to the value of 3023.Dq Li normal , 3024.Dq Li blink , 3025.Dq Li destructive , 3026or 3027.Dq Li NO 3028to set the cursor behavior explicitly or choose the default behavior. 3029.It Va scrnmap 3030.Pq Vt str 3031If set to 3032.Dq Li NO , 3033no screen map is installed, otherwise the value is used to install 3034the screen map file in 3035.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3036.It Va font8x16 3037.Pq Vt str 3038If set to 3039.Dq Li NO , 3040the default 8x16 font value is used for screen size requests, otherwise 3041the value in 3042.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3043is used. 3044.It Va font8x14 3045.Pq Vt str 3046If set to 3047.Dq Li NO , 3048the default 8x14 font value is used for screen size requests, otherwise 3049the value in 3050.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3051is used. 3052.It Va font8x8 3053.Pq Vt str 3054If set to 3055.Dq Li NO , 3056the default 8x8 font value is used for screen size requests, otherwise 3057the value in 3058.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3059is used. 3060.It Va blanktime 3061.Pq Vt int 3062If set to 3063.Dq Li NO , 3064the default screen blanking interval is used, otherwise it is set 3065to 3066.Ar value 3067seconds. 3068.It Va saver 3069.Pq Vt str 3070If not set to 3071.Dq Li NO , 3072this is the actual screen saver to use 3073.Li ( blank , snake , daemon , 3074etc). 3075.It Va moused_nondefault_enable 3076.Pq Vt str 3077If set to 3078.Dq Li NO , 3079the mouse device specified on 3080the command line is not automatically treated as enabled by the 3081.Pa /etc/rc.d/moused 3082script. 3083Having this variable set to 3084.Dq Li YES 3085allows a 3086.Xr usb 4 3087mouse, 3088for example, 3089to be enabled as soon as it is plugged in. 3090.It Va moused_enable 3091.Pq Vt str 3092If set to 3093.Dq Li YES , 3094the 3095.Xr moused 8 3096daemon is started for doing cut/paste selection on the console. 3097.It Va moused_type 3098.Pq Vt str 3099This is the protocol type of the mouse connected to this host. 3100This variable must be set if 3101.Va moused_enable 3102is set to 3103.Dq Li YES . 3104The 3105.Xr moused 8 3106daemon 3107is able to detect the appropriate mouse type automatically in many cases. 3108Set this variable to 3109.Dq Li auto 3110to let the daemon detect it, or 3111select one from the following list if the automatic detection fails. 3112.Pp 3113If the mouse is attached to the PS/2 mouse port, choose 3114.Dq Li auto 3115or 3116.Dq Li ps/2 , 3117regardless of the brand and model of the mouse. 3118Likewise, if the 3119mouse is attached to the bus mouse port, choose 3120.Dq Li auto 3121or 3122.Dq Li busmouse . 3123All other protocols are for serial mice and will not work with 3124the PS/2 and bus mice. 3125If this is a USB mouse, 3126.Dq Li auto 3127is the only protocol type which will work. 3128.Pp 3129.Bl -tag -width ".Li x10mouseremote" -compact 3130.It Li microsoft 3131Microsoft mouse (serial) 3132.It Li intellimouse 3133Microsoft IntelliMouse (serial) 3134.It Li mousesystems 3135Mouse systems Corp.\& mouse (serial) 3136.It Li mmseries 3137MM Series mouse (serial) 3138.It Li logitech 3139Logitech mouse (serial) 3140.It Li busmouse 3141A bus mouse 3142.It Li mouseman 3143Logitech MouseMan and TrackMan (serial) 3144.It Li glidepoint 3145ALPS GlidePoint (serial) 3146.It Li thinkingmouse 3147Kensington ThinkingMouse (serial) 3148.It Li ps/2 3149PS/2 mouse 3150.It Li mmhittab 3151MM HitTablet (serial) 3152.It Li x10mouseremote 3153X10 MouseRemote (serial) 3154.It Li versapad 3155Interlink VersaPad (serial) 3156.El 3157.Pp 3158Even if the mouse is not in the above list, it may be compatible 3159with one in the list. 3160Refer to the manual page for 3161.Xr moused 8 3162for compatibility information. 3163.Pp 3164It should also be noted that while this is enabled, any 3165other client of the mouse (such as an X server) should access 3166the mouse through the virtual mouse device, 3167.Pa /dev/sysmouse , 3168and configure it as a 3169.Dq Li sysmouse 3170type mouse, since all 3171mouse data is converted to this single canonical format when 3172using 3173.Xr moused 8 . 3174If the client program does not support the 3175.Dq Li sysmouse 3176type, 3177specify the 3178.Dq Li mousesystems 3179type. 3180It is the second preferred type. 3181.It Va moused_port 3182.Pq Vt str 3183If 3184.Va moused_enable 3185is set to 3186.Dq Li YES , 3187this is the actual port the mouse is on. 3188It might be 3189.Pa /dev/cuad0 3190for a COM1 serial mouse, 3191.Pa /dev/psm0 3192for a PS/2 mouse or 3193.Pa /dev/mse0 3194for a bus mouse, for example. 3195.It Va moused_flags 3196.Pq Vt str 3197If 3198.Va moused_flags 3199is set, its value is used as an additional set of flags to pass to the 3200.Xr moused 8 3201daemon. 3202.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3203When 3204.Va moused_nondefault_enable 3205is enabled, and a 3206.Xr moused 8 3207daemon is started for a non-default port, the 3208.Va "moused_" Ns Ar XXX Ns Va "_flags" 3209set of options has precedence over and replaces the default 3210.Va moused_flags (where 3211.Ar XXX 3212is the name of the non-default port, i.e.\& 3213.Ar ums0 ) . 3214By setting 3215.Va "moused_" Ns Ar XXX Ns Va "_flags" 3216it is possible to set up a different set of default flags for each 3217.Xr moused 8 3218instance. 3219For example, you can use 3220.Dq Li "-3" 3221for the default 3222.Va moused_flags 3223to make your laptop's touchpad more comfortable to use, 3224but an empty set of options for 3225.Va moused_ums0_flags 3226when your 3227.Xr usb 4 3228mouse has three or more buttons. 3229.It Va mousechar_start 3230.Pq Vt int 3231If set to 3232.Dq Li NO , 3233the default mouse cursor character range 3234.Li 0xd0 Ns - Ns Li 0xd3 3235is used, 3236otherwise the range start is set 3237to 3238.Ar value 3239character, see 3240.Xr vidcontrol 1 . 3241Use if the default range is occupied in the language code table. 3242.It Va allscreens_flags 3243.Pq Vt str 3244If set, 3245.Xr vidcontrol 1 3246is run with these options for each of the virtual terminals 3247.Pq Pa /dev/ttyv* . 3248For example, 3249.Dq Fl m Cm on 3250will enable the mouse pointer on all virtual terminals 3251if 3252.Va moused_enable 3253is set to 3254.Dq Li YES . 3255.It Va allscreens_kbdflags 3256.Pq Vt str 3257If set, 3258.Xr kbdcontrol 1 3259is run with these options for each of the virtual terminals 3260.Pq Pa /dev/ttyv* . 3261For example, 3262.Dq Fl h Li 200 3263will set the 3264.Xr syscons 4 3265scrollback (history) buffer to 200 lines. 3266.It Va cron_enable 3267.Pq Vt bool 3268If set to 3269.Dq Li YES , 3270run the 3271.Xr cron 8 3272daemon at system boot time. 3273.It Va cron_program 3274.Pq Vt str 3275Path to 3276.Xr cron 8 3277(default 3278.Pa /usr/sbin/cron ) . 3279.It Va cron_flags 3280.Pq Vt str 3281If 3282.Va cron_enable 3283is set to 3284.Dq Li YES , 3285these are the flags to pass to 3286.Xr cron 8 . 3287.It Va cron_dst 3288.Pq Vt bool 3289If set to 3290.Dq Li YES , 3291enable the special handling of transitions to and from the 3292Daylight Saving Time in 3293.Xr cron 8 3294(equivalent to using the flag 3295.Fl s ) . 3296.It Va lpd_program 3297.Pq Vt str 3298Path to 3299.Xr lpd 8 3300(default 3301.Pa /usr/sbin/lpd ) . 3302.It Va lpd_enable 3303.Pq Vt bool 3304If set to 3305.Dq Li YES , 3306run the 3307.Xr lpd 8 3308daemon at system boot time. 3309.It Va lpd_flags 3310.Pq Vt str 3311If 3312.Va lpd_enable 3313is set to 3314.Dq Li YES , 3315these are the flags to pass to the 3316.Xr lpd 8 3317daemon. 3318.It Va chkprintcap_enable 3319.Pq Vt bool 3320If set to 3321.Dq Li YES , 3322run the 3323.Xr chkprintcap 8 3324command before starting the 3325.Xr lpd 8 3326daemon. 3327.It Va chkprintcap_flags 3328.Pq Vt str 3329If 3330.Va lpd_enable 3331and 3332.Va chkprintcap_enable 3333are set to 3334.Dq Li YES , 3335these are the flags to pass to the 3336.Xr chkprintcap 8 3337program. 3338The default is 3339.Dq Li -d , 3340which causes missing directories to be created. 3341.It Va mta_start_script 3342.Pq Vt str 3343This variable specifies the full path to the script to run to start 3344a mail transfer agent. 3345The default is 3346.Pa /etc/rc.sendmail . 3347The 3348.Va sendmail_* 3349variables which 3350.Pa /etc/rc.sendmail 3351uses are documented in the 3352.Xr rc.sendmail 8 3353manual page. 3354.It Va dumpdev 3355.Pq Vt str 3356Indicates the device (usually a swap partition) to which a crash dump 3357should be written in the event of a system crash. 3358If the value of this variable is 3359.Dq Li AUTO , 3360the first suitable swap device listed in 3361.Pa /etc/fstab 3362will be used as dump device. 3363Otherwise, the value of this variable is passed as the argument to 3364.Xr dumpon 8 . 3365To disable crash dumps, set this variable to 3366.Dq Li NO . 3367.It Va dumpdir 3368.Pq Vt str 3369When the system reboots after a crash and a crash dump is found on the 3370device specified by the 3371.Va dumpdev 3372variable, 3373.Xr savecore 8 3374will save that crash dump and a copy of the kernel to the directory 3375specified by the 3376.Va dumpdir 3377variable. 3378The default value is 3379.Pa /var/crash . 3380Set to 3381.Dq Li NO 3382to not run 3383.Xr savecore 8 3384at boot time when 3385.Va dumpdir 3386is set. 3387.It Va savecore_flags 3388.Pq Vt str 3389If crash dumps are enabled, these are the flags to pass to the 3390.Xr savecore 8 3391utility. 3392.It Va quota_enable 3393.Pq Vt bool 3394Set to 3395.Dq Li YES 3396to turn on user and group disk quotas on system startup via the 3397.Xr quotaon 8 3398command for all file systems marked as having quotas enabled in 3399.Pa /etc/fstab . 3400The kernel must be built with 3401.Cd "options QUOTA" 3402for disk quotas to function. 3403.It Va check_quotas 3404.Pq Vt bool 3405Set to 3406.Dq Li YES 3407to enable user and group disk quota checking via the 3408.Xr quotacheck 8 3409command. 3410.It Va quotacheck_flags 3411.Pq Vt str 3412If 3413.Va quota_enable 3414is set to 3415.Dq Li YES , 3416and 3417.Va check_quotas 3418is set to 3419.Dq Li YES , 3420these are the flags to pass to the 3421.Xr quotacheck 8 3422utility. 3423The default is 3424.Dq Li "-a" , 3425which checks quotas for all file systems with quotas enabled in 3426.Pa /etc/fstab . 3427.It Va quotaon_flags 3428.Pq Vt str 3429If 3430.Va quota_enable 3431is set to 3432.Dq Li YES , 3433these are the flags to pass to the 3434.Xr quotaon 8 3435utility. 3436The default is 3437.Dq Li "-a" , 3438which enables quotas for all file systems with quotas enabled in 3439.Pa /etc/fstab . 3440.It Va quotaoff_flags 3441.Pq Vt str 3442If 3443.Va quota_enable 3444is set to 3445.Dq Li YES , 3446these are the flags to pass to the 3447.Xr quotaoff 8 3448utility when shutting down the quota system. 3449The default is 3450.Dq Li "-a" , 3451which disables quotas for all file systems with quotas enabled in 3452.Pa /etc/fstab . 3453.It Va accounting_enable 3454.Pq Vt bool 3455Set to 3456.Dq Li YES 3457to enable system accounting through the 3458.Xr accton 8 3459facility. 3460.It Va ibcs2_enable 3461.Pq Vt bool 3462Set to 3463.Dq Li YES 3464to enable iBCS2 (SCO) binary emulation at system initial boot 3465time. 3466.It Va ibcs2_loaders 3467.Pq Vt str 3468If not set to 3469.Dq Li NO 3470and if 3471.Va ibcs2_enable 3472is set to 3473.Dq Li YES , 3474this specifies a list of additional iBCS2 loaders to enable. 3475.It Va linux_enable 3476.Pq Vt bool 3477Set to 3478.Dq Li YES 3479to enable Linux/ELF binary emulation at system initial 3480boot time. 3481.It Va svr4_enable 3482.Pq Vt bool 3483If set to 3484.Dq Li YES , 3485enable SysVR4 emulation at boot time. 3486.It Va sysvipc_enable 3487.Pq Vt bool 3488If set to 3489.Dq Li YES , 3490load System V IPC primitives at boot time. 3491.It Va clear_tmp_enable 3492.Pq Vt bool 3493Set to 3494.Dq Li YES 3495to have 3496.Pa /tmp 3497cleaned at startup. 3498.It Va clear_tmp_X 3499.Pq Vt bool 3500Set to 3501.Dq Li NO 3502to disable removing of X11 lock files, 3503and the removal and (secure) recreation 3504of the various socket directories for X11 3505related programs. 3506.It Va ldconfig_paths 3507.Pq Vt str 3508Set to the list of shared library paths to use with 3509.Xr ldconfig 8 . 3510NOTE: 3511.Pa /usr/lib 3512will always be added first, so it need not appear in this list. 3513.It Va ldconfig32_paths 3514.Pq Vt str 3515Set to the list of 32-bit compatibility shared library paths to 3516use with 3517.Xr ldconfig 8 . 3518.It Va ldconfig_paths_aout 3519.Pq Vt str 3520Set to the list of shared library paths to use with 3521.Xr ldconfig 8 3522legacy 3523.Xr a.out 5 3524support. 3525.It Va ldconfig_insecure 3526.Pq Vt bool 3527The 3528.Xr ldconfig 8 3529utility normally refuses to use directories 3530which are writable by anyone except root. 3531Set this variable to 3532.Dq Li YES 3533to disable that security check during system startup. 3534.It Va ldconfig_local_dirs 3535.Pq Vt str 3536Set to the list of local 3537.Xr ldconfig 8 3538directories. 3539The names of all files in the directories listed will be 3540passed as arguments to 3541.Xr ldconfig 8 . 3542.It Va ldconfig_local32_dirs 3543.Pq Vt str 3544Set to the list of local 32-bit compatibility 3545.Xr ldconfig 8 3546directories. 3547The names of all files in the directories listed will be 3548passed as arguments to 3549.Dq Nm ldconfig Fl 32 . 3550.It Va kern_securelevel_enable 3551.Pq Vt bool 3552Set to 3553.Dq Li YES 3554to set the kernel security level at system startup. 3555.It Va kern_securelevel 3556.Pq Vt int 3557The kernel security level to set at startup. 3558The allowed range of 3559.Ar value 3560ranges from \-1 (the compile time default) to 3 (the 3561most secure). 3562See 3563.Xr security 7 3564for the list of possible security levels and their effect 3565on system operation. 3566.It Va sshd_program 3567.Pq Vt str 3568Path to the SSH server program 3569.Pa ( /usr/sbin/sshd 3570is the default). 3571.It Va sshd_enable 3572.Pq Vt bool 3573Set to 3574.Dq Li YES 3575to start 3576.Xr sshd 8 3577at system boot time. 3578.It Va sshd_flags 3579.Pq Vt str 3580If 3581.Va sshd_enable 3582is set to 3583.Dq Li YES , 3584these are the flags to pass to the 3585.Xr sshd 8 3586daemon. 3587.It Va ftpd_program 3588.Pq Vt str 3589Path to the FTP server program 3590.Pa ( /usr/libexec/ftpd 3591is the default). 3592.It Va ftpd_enable 3593.Pq Vt bool 3594Set to 3595.Dq Li YES 3596to start 3597.Xr ftpd 8 3598as a stand-alone daemon at system boot time. 3599.It Va ftpd_flags 3600.Pq Vt str 3601If 3602.Va ftpd_enable 3603is set to 3604.Dq Li YES , 3605these are the additional flags to pass to the 3606.Xr ftpd 8 3607daemon. 3608.It Va watchdogd_enable 3609.Pq Vt bool 3610If set to 3611.Dq Li YES , 3612start the 3613.Xr watchdogd 8 3614daemon at boot time. 3615This requires that the kernel have been compiled with a 3616.Xr watchdog 4 3617compatible device. 3618.It Va watchdogd_flags 3619.Pq Vt str 3620If 3621.Va watchdogd_enable 3622is set to 3623.Dq Li YES , 3624these are the flags passed to the 3625.Xr watchdogd 8 3626daemon. 3627.It Va performance_cx_lowest 3628.Pq Vt str 3629CPU idle state to use while on AC power. 3630The string 3631.Dq Li LOW 3632indicates that 3633.Xr acpi 4 3634should use the lowest power state available while 3635.Dq Li HIGH 3636indicates that the lowest latency state (less power savings) should be used. 3637.It Va performance_cpu_freq 3638.Pq Vt str 3639CPU clock frequency to use while on AC power. 3640The string 3641.Dq Li LOW 3642indicates that 3643.Xr cpufreq 4 3644should use the lowest frequency available while 3645.Dq Li HIGH 3646indicates that the highest frequency (less power savings) should be used. 3647.It Va economy_cx_lowest 3648.Pq Vt str 3649CPU idle state to use when off AC power. 3650The string 3651.Dq Li LOW 3652indicates that 3653.Xr acpi 4 3654should use the lowest power state available while 3655.Dq Li HIGH 3656indicates that the lowest latency state (less power savings) should be used. 3657.It Va economy_cpu_freq 3658.Pq Vt str 3659CPU clock frequency to use when off AC power. 3660The string 3661.Dq Li LOW 3662indicates that 3663.Xr cpufreq 4 3664should use the lowest frequency available while 3665.Dq Li HIGH 3666indicates that the highest frequency (less power savings) should be used. 3667.It Va jail_enable 3668.Pq Vt bool 3669If set to 3670.Dq Li NO , 3671any configured jails will not be started. 3672.It jail_parallel_start 3673.Pq Vt bool 3674If set to 3675.Dq Li YES 3676all configured jails will be started in the background (= in parallel). 3677.It Va jail_list 3678.Pq Vt str 3679A space separated list of names for jails. 3680This is purely a configuration aid to help identify and 3681configure multiple jails. 3682The names specified in this list will be used to 3683identify settings common to an instance of a jail, 3684and should contain alphanumeric characters only. 3685Assuming that the jail in question was named 3686.Li vjail , 3687you would have the following dependent variables: 3688.Bd -literal 3689jail_vjail_hostname="jail.example.com" 3690jail_vjail_ip="192.0.2.100" 3691jail_vjail_rootdir="/var/jails/vjail/root" 3692.Ed 3693.Pp 3694.It Va jail_flags 3695.Pq Vt str 3696Unset by default. 3697When set, use as default value for 3698.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3699for every jail in 3700.Va jail_list . 3701.It Va jail_interface 3702.Pq Vt str 3703Unset by default. 3704When set, use as default value for 3705.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3706for every jail in 3707.Va jail_list . 3708.It Va jail_fstab 3709.Pq Vt str 3710Unset by default. 3711When set, use as default value for 3712.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3713for every jail in 3714.Va jail_list . 3715.It Va jail_mount_enable 3716.Pq Vt bool 3717Set to 3718.Dq Li NO 3719by default. 3720When set to 3721.Dq Li YES , 3722sets 3723.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3724to 3725.Dq Li YES 3726by default for every jail in 3727.Va jail_list . 3728.It Va jail_devfs_ruleset 3729.Pq Vt str 3730Unset by default. 3731When set, sets 3732.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3733to given value for every jail in 3734.Va jail_list . 3735.It Va jail_devfs_enable 3736.Pq Vt bool 3737Set to 3738.Dq Li NO 3739by default. 3740When set to 3741.Dq Li YES , 3742sets 3743.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3744to 3745.Dq Li YES 3746by default for every jail in 3747.Va jail_list . 3748.It Va jail_fdescfs_enable 3749.Pq Vt bool 3750Set to 3751.Dq Li NO 3752by default. 3753When set to 3754.Dq Li YES , 3755sets 3756.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3757to 3758.Dq Li YES 3759by default for every jail in 3760.Va jail_list . 3761.It Va jail_procfs_enable 3762.Pq Vt bool 3763Set to 3764.Dq Li NO 3765by default. 3766When set to 3767.Dq Li YES , 3768sets 3769.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3770to 3771.Dq Li YES 3772by default for every jail in 3773.Va jail_list . 3774.It Va jail_exec_prestart Ns Aq Ar N 3775.Pq Vt str 3776Unset by default. 3777When set, use as default value for 3778.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3779for every jail in 3780.Va jail_list . 3781.It Va jail_exec_start 3782.Pq Vt str 3783Unset by default. 3784When set, use as default value for 3785.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3786for every jail in 3787.Va jail_list . 3788.It Va jail_exec_afterstart Ns Aq Ar N 3789.Pq Vt str 3790Unset by default. 3791When set, use as default value for 3792.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3793for every jail in 3794.Va jail_list . 3795.It Va jail_exec_poststart Ns Aq Ar N 3796.Pq Vt str 3797Unset by default. 3798When set, use as default value for 3799.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3800for every jail in 3801.Va jail_list . 3802.It Va jail_exec_prestop Ns Aq Ar N 3803.Pq Vt str 3804Unset by default. 3805When set, use as default value for 3806.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3807for every jail in 3808.Va jail_list . 3809.It Va jail_exec_stop 3810Unset by default. 3811When set, use as default value for 3812.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3813for every jail in 3814.Va jail_list . 3815.It Va jail_exec_poststop Ns Aq Ar N 3816.Pq Vt str 3817Unset by default. 3818When set, use as default value for 3819.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3820for every jail in 3821.Va jail_list . 3822.It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3823.Pq Vt str 3824Unset by default. 3825Set to the root directory used by jail 3826.Va jname . 3827.It Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3828.Pq Vt str 3829Unset by default. 3830Set to the fully qualified domain name (FQDN) assigned to jail 3831.Va jname . 3832.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3833.Pq Vt str 3834Unset by default. 3835Set to the (primary) IPv4 and/or IPv6 address(es) assigned to the jail. 3836The argument can be a sole address or a comma separated list of addresses. 3837Additionally each address can be prefixed by the name of an interface 3838followed by a pipe to overwrite 3839.Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3840or 3841.Va jail_interface 3842and/or suffixed by a netmask, prefixlen or prefix. 3843In case no netmask, prefixlen or prefix is given, 3844.Sq /32 3845will be used for IPv4 and 3846.Sq /128 3847will be used for an IPv6 address. 3848If no address is given for the jail then the jail will be started with 3849no networking support. 3850.It Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3851.Pq Vt str 3852Unset by default. 3853Set additional IPv4 and/or IPv6 address(es) assigned to the jail. 3854The sequence starts with 3855.Dq Li _multi0 3856and the numbers have to be strictly ascending. 3857These entries follow the same syntax as their primary 3858.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3859entry. 3860The order of the entries can be important as the first address for 3861each address family found will be the primary address of the jail. 3862See 3863.Va ip-addresses 3864option in 3865.Xr jail 8 3866for more details. 3867.It Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3868.Pq Vt str 3869Set to 3870.Dq Li -l -U root 3871by default. 3872These are flags to pass to 3873.Xr jail 8 . 3874.It Va jail_ Ns Ao Ar jname Ac Ns Va _interface 3875.Pq Vt str 3876Unset by default. 3877When set, sets the interface to use when setting IP address alias. 3878Note that the alias is created at jail startup and removed at jail shutdown. 3879.It Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3880.Pq Vt str 3881Unset by default. 3882When set, the jail is started with the specified forwarding table (sometimes 3883referred to as a routing table) via 3884.Xr setfib 1 . 3885.It Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3886.Pq Vt str 3887Set to 3888.Pa /etc/fstab. Ns Aq Ar jname 3889by default. 3890This is the file system information file to use for jail 3891.Va jname . 3892.It Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3893.Pq Vt bool 3894Set to 3895.Dq Li NO 3896by default. 3897When set to 3898.Dq Li YES , 3899mount all file systems from 3900.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3901at jail startup. 3902.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset 3903.Pq Vt str 3904Unset by default. 3905When set, defines the device file system ruleset file to use for jail 3906.Va jname . 3907.It Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3908.Pq Vt bool 3909Set to 3910.Dq Li NO 3911by default. 3912When set to 3913.Dq Li YES , 3914mount the device file system inside jail 3915.Ar jname 3916at jail startup. 3917.It Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 3918.Pq Vt bool 3919Set to 3920.Dq Li NO 3921by default. 3922When set to 3923.Dq Li YES , 3924mount the file-descriptor file system inside jail 3925.Ar jname 3926at jail startup. 3927.It Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable 3928.Pq Vt bool 3929Set to 3930.Dq Li NO 3931by default. 3932When set to 3933.Dq Li YES , 3934mount the process file system inside jail 3935.Ar jname 3936at jail startup. 3937.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart Ns Aq Ar N 3938.Pq Vt str 3939Unset by default. 3940This is the command run as 3941.Ar N Ns 3942th command 3943before jail startup, where 3944.Ar N 3945is 0, 1, and so on. 3946It is run outside the jail. 3947.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start 3948.Pq Vt str 3949Set to 3950.Dq Li /bin/sh /etc/rc 3951by default. 3952This is the command executed in a jail at jail startup. 3953.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_afterstart Ns Aq Ar N 3954.Pq Vt str 3955Unset by default. 3956This is the command run as 3957.Ar N Ns 3958th command 3959in a jail 3960after jail startup, where 3961.Ar N 3962is 1, 2, and so on. 3963.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart Ns Aq Ar N 3964.Pq Vt str 3965Unset by default. 3966This is the command run as 3967.Ar N Ns 3968th command 3969after jail startup, where 3970.Ar N 3971is 0, 1, and so on. 3972It is run outside the jail. 3973.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop Ns Aq Ar N 3974.Pq Vt str 3975Unset by default. 3976This is the command run as 3977.Ar N Ns 3978th command 3979before jail shutdown, where 3980.Ar N 3981is 0, 1, and so on. 3982It is run outside the jail. 3983.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3984.Pq Vt str 3985Set to 3986.Dq Li /bin/sh /etc/rc.shutdown 3987by default. 3988This is the command executed in a jail at jail shutdown. 3989.It Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop Ns Aq Ar N 3990.Pq Vt str 3991Unset by default. 3992This is the command run as 3993.Ar N Ns 3994th command 3995after jail shutdown, where 3996.Ar N 3997is 0, 1, and so on. 3998It is run outside the jail. 3999.It Va jail_set_hostname_allow 4000.Pq Vt bool 4001If set to 4002.Dq Li NO , 4003do not allow the root user in a jail to set its hostname. 4004.It Va jail_socket_unixiproute_only 4005.Pq Vt bool 4006If set to 4007.Dq Li YES , 4008do not allow any sockets, 4009besides UNIX/IP/route sockets, 4010to be used within a jail. 4011.It Va jail_sysvipc_allow 4012.Pq Vt bool 4013If set to 4014.Dq Li YES , 4015allow applications within a jail to use System V IPC. 4016.\" ----------------------------------------------------- 4017.It Va harvest_interrupt 4018.Pq Vt bool 4019Set to 4020.Dq Li YES 4021to use hardware interrupts as an entropy source. 4022Refer to 4023.Xr random 4 4024for more information. 4025.It Va harvest_ethernet 4026.Pq Vt bool 4027Set to 4028.Dq Li YES 4029to use LAN traffic as an entropy source. 4030Refer to 4031.Xr random 4 4032for more information. 4033.It Va harvest_p_to_p 4034.Pq Vt bool 4035Set to 4036.Dq Li YES 4037to use serial line traffic as an entropy source. 4038Refer to 4039.Xr random 4 4040for more information. 4041.It Va entropy_dir 4042.Pq Vt str 4043Set to 4044.Dq Li NO 4045to disable caching entropy via 4046.Xr cron 8 . 4047Otherwise set to the directory used to store entropy files in. 4048.It Va entropy_file 4049.Pq Vt str 4050Set to 4051.Dq Li NO 4052to disable caching entropy through reboots. 4053Otherwise set to the filename used to store cached entropy through 4054reboots. 4055This file should be located on the root file system to seed the 4056.Xr random 4 4057device as early as possible in the boot process. 4058.It Va entropy_save_sz 4059.Pq Vt int 4060Size of the entropy cache files saved by 4061.Nm save-entropy 4062periodically. 4063.It Va entropy_save_num 4064.Pq Vt int 4065Number of entropy cache files to save by 4066.Nm save-entropy 4067periodically. 4068.It Va ipsec_enable 4069.Pq Vt bool 4070Set to 4071.Dq Li YES 4072to run 4073.Xr setkey 8 4074on 4075.Va ipsec_file 4076at boot time. 4077.It Va ipsec_file 4078.Pq Vt str 4079Configuration file for 4080.Xr setkey 8 . 4081.It Va dmesg_enable 4082.Pq Vt bool 4083Set to 4084.Dq Li YES 4085to save 4086.Xr dmesg 8 4087to 4088.Pa /var/run/dmesg.boot 4089on boot. 4090.It Va rcshutdown_timeout 4091.Pq Vt int 4092If set, start a watchdog timer in the background which will terminate 4093.Pa rc.shutdown 4094if 4095.Xr shutdown 8 4096has not completed within the specified time (in seconds). 4097Notice that in addition to this soft timeout, 4098.Xr init 8 4099also applies a hard timeout for the execution of 4100.Pa rc.shutdown . 4101This is configured via 4102.Xr sysctl 8 4103variable 4104.Va kern.init_shutdown_timeout 4105and defaults to 120 seconds. 4106Setting the value of 4107.Va rcshutdown_timeout 4108to more than 120 seconds will have no effect until the 4109.Xr sysctl 8 4110variable 4111.Va kern.init_shutdown_timeout 4112is also increased. 4113.It Va virecover_enable 4114.Pq Vt bool 4115Set to 4116.Dq Li NO 4117to prevent the system from trying to 4118recover pre-maturely terminated 4119.Xr vi 1 4120sessions. 4121.It Va ugidfw_enable 4122.Pq Vt bool 4123Set to 4124.Dq Li YES 4125to load the 4126.Xr mac_bsdextended 4 4127module upon system initialization and load a default 4128ruleset file. 4129.It Va bsdextended_script 4130.Pq Vt str 4131The default 4132.Xr mac_bsdextended 4 4133ruleset file to load. 4134The default value of this variable is 4135.Pa /etc/rc.bsdextended . 4136.It Va newsyslog_enable 4137.Pq Vt bool 4138If set to 4139.Dq Li YES , 4140run 4141.Xr newsyslog 8 4142command at startup. 4143.It Va newsyslog_flags 4144.Pq Vt str 4145If 4146.Va newsyslog_enable 4147is set to 4148.Dq Li YES , 4149these are the flags to pass to the 4150.Xr newsyslog 8 4151program. 4152The default is 4153.Dq Li -CN , 4154which causes log files flagged with a 4155.Cm C 4156to be created. 4157.It Va mdconfig_md Ns Aq Ar X 4158.Pq Vt str 4159Arguments to 4160.Xr mdconfig 8 4161for 4162.Xr md 4 4163device 4164.Ar X . 4165At minimum a 4166.Fl t Ar type 4167must be specified and either a 4168.Fl s Ar size 4169for malloc or swap backed 4170.Xr md 4 4171devices or a 4172.Fl f Ar file 4173for vnode backed 4174.Xr md 4 4175devices. 4176Note that 4177.Va mdconfig_md Ns Aq Ar X 4178variables are evaluated until one variable is unset or null. 4179.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4180.Pq Vt str 4181Optional arguments passed to 4182.Xr newfs 8 4183to initialize 4184.Xr md 4 4185device 4186.Ar X . 4187.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4188.Pq Vt str 4189An ownership specification passed to 4190.Xr chown 8 4191after the specified 4192.Xr md 4 4193device 4194.Ar X 4195has been mounted. 4196Both the 4197.Xr md 4 4198device and the mount point will be changed. 4199.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4200.Pq Vt str 4201A mode string passed to 4202.Xr chmod 1 4203after the specified 4204.Xr md 4 4205device 4206.Ar X 4207has been mounted. 4208Both the 4209.Xr md 4 4210device and the mount point will be changed. 4211.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4212.Pq Vt str 4213Files to be copied to the mount point of the 4214.Xr md 4 4215device 4216.Ar X 4217after it has been mounted. 4218.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4219.Pq Vt str 4220Command to execute after the specified 4221.Xr md 4 4222device 4223.Ar X 4224has been mounted. 4225Note that the command is passed to 4226.Ic eval 4227and that both 4228.Va _dev 4229and 4230.Va _mp 4231variables can be used to reference respectively the 4232.Xr md 4 4233device and the mount point. 4234Assuming that the 4235.Xr md 4 4236device is 4237.Li md0 , 4238one could set the following: 4239.Bd -literal 4240mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4241.Ed 4242.It Va autobridge_interfaces 4243.Pq Vt str 4244Set to the list of bridge interfaces that will have newly arriving interfaces 4245checked against to be automatically added. 4246If not set to 4247.Dq Li NO 4248then for each whitespace separated 4249.Ar element 4250in the value, a 4251.Va autobridge_ Ns Aq Ar element 4252variable is assumed to exist which has a whitespace separated list of interface 4253names to match, these names can use wildcards. 4254For example: 4255.Bd -literal 4256autobridge_interfaces="bridge0" 4257autobridge_bridge0="tap* dc0 vlan[345]" 4258.Ed 4259.It Va mixer_enable 4260.Pq Vt bool 4261If set to 4262.Dq Li YES , 4263enable support for sound mixer. 4264.It Va hcsecd_enable 4265.Pq Vt bool 4266If set to 4267.Dq Li YES , 4268enable Bluetooth security daemon. 4269.It Va hcsecd_config 4270.Pq Vt str 4271Configuration file for 4272.Xr hcsecd 8 . 4273Default 4274.Pa /etc/bluetooth/hcsecd.conf . 4275.It Va sdpd_enable 4276.Pq Vt bool 4277If set to 4278.Dq Li YES , 4279enable Bluetooth Service Discovery Protocol daemon. 4280.It Va sdpd_control 4281.Pq Vt str 4282Path to 4283.Xr sdpd 8 4284control socket. 4285Default 4286.Pa /var/run/sdp . 4287.It Va sdpd_groupname 4288.Pq Vt str 4289Sets 4290.Xr sdpd 8 4291group to run as after it initializes. 4292Default 4293.Dq Li nobody . 4294.It Va sdpd_username 4295.Pq Vt str 4296Sets 4297.Xr sdpd 8 4298user to run as after it initializes. 4299Default 4300.Dq Li nobody . 4301.It Va bthidd_enable 4302.Pq Vt bool 4303If set to 4304.Dq Li YES , 4305enable Bluetooth Human Interface Device daemon. 4306.It Va bthidd_config 4307.Pq Vt str 4308Configuration file for 4309.Xr bthidd 8 . 4310Default 4311.Pa /etc/bluetooth/bthidd.conf . 4312.It Va bthidd_hids 4313.Pq Vt str 4314Path to a file, where 4315.Xr bthidd 8 4316will store information about known HID devices. 4317Default 4318.Pa /var/db/bthidd.hids . 4319.It Va rfcomm_pppd_server_enable 4320.Pq Vt bool 4321If set to 4322.Dq Li YES , 4323enable Bluetooth RFCOMM PPP wrapper daemon. 4324.It Va rfcomm_pppd_server_profile 4325.Pq Vt str 4326The name of the profile to use from 4327.Pa /etc/ppp/ppp.conf . 4328Multiple profiles can be specified here. 4329Also used to specify per-profile overrides. 4330When the profile name contains any of the characters 4331.Dq Li .-/+ 4332they are translated to 4333.Dq Li _ 4334for the proposes of the override variable names. 4335.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4336.Pq Vt str 4337Overrides local address to listen on. 4338By default 4339.Xr rfcomm_pppd 8 4340will listen on 4341.Dq Li ANY 4342address. 4343The address can be specified as BD_ADDR or name. 4344.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4345.Pq Vt str 4346Overrides local RFCOMM channel to listen on. 4347By default 4348.Xr rfcomm_pppd 8 4349will listen on RFCOMM channel 1. 4350Must set properly if multiple profiles used in the same time. 4351.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4352.Pq Vt bool 4353Tells 4354.Xr rfcomm_pppd 8 4355if it should register Serial Port service on the specified RFCOMM channel. 4356Default 4357.Dq Li NO . 4358.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4359.Pq Vt bool 4360Tells 4361.Xr rfcomm_pppd 8 4362if it should register Dial-Up Networking service on the specified 4363RFCOMM channel. 4364Default 4365.Dq Li NO . 4366.It Va ubthidhci_enable 4367.Pq Vt bool 4368If set to 4369.Dq Li YES , 4370change the USB Bluetooth controller from HID mode to HCI mode. 4371You also need to specify the location of USB Bluetooth controller with the 4372.Va ubthidhci_busnum 4373and 4374.Va ubthidhci_addr 4375variables. 4376.It Va ubthidhci_busnum 4377Bus number where the USB Bluetooth controller is located. 4378Check the output of 4379.Xr usbconfig 8 4380on your system to find this information. 4381.It Va ubthidhci_addr 4382Bus address of the USB Bluetooth controller. 4383Check the output of 4384.Xr usbconfig 8 4385on your system to find this information. 4386.It Va netwait_enable 4387.Pq Vt bool 4388If set to 4389.Dq Li YES , 4390delays the start of network-reliant services until 4391.Va netwait_if 4392is up and ICMP packets to a destination defined in 4393.Va netwait_ip 4394are flowing. 4395Link state is examined first, followed by 4396.Dq Li pinging 4397an IP address to verify network usability. 4398If no destination can be reached or timeouts are exceeded, 4399network services are started anyway with no guarantee that 4400the network is usable. 4401Use of this variable requires both 4402.Va netwait_ip 4403and 4404.Va netwait_if 4405to be set. 4406.It Va netwait_ip 4407.Pq Vt str 4408Empty by default. 4409This variable contains a space-delimited list of IP addresses to 4410.Xr ping 8 . 4411DNS hostnames should not be used as resolution is not guaranteed 4412to be functional at this point. 4413If multiple IP addresses are specified, 4414each will be tried until one is successful or the list is exhausted. 4415.It Va netwait_timeout 4416.Pq Vt int 4417Indicates the total number of seconds to perform a 4418.Dq Li ping 4419against each IP address in 4420.Va netwait_ip , 4421at a rate of one ping per second. 4422If any of the pings are successful, 4423full network connectivity is considered reliable. 4424The default is 60. 4425.It Va netwait_if 4426.Pq Vt str 4427Empty by default. 4428Defines the name of the network interface on which watch for link. 4429.Xr ifconfig 8 4430is used to monitor the interface, looking for 4431.Dq Li status: no carrier . 4432Once gone, the link is considered up. 4433This can be a 4434.Xr vlan 4 4435interface if desired. 4436.It Va netwait_if_timeout 4437.Pq Vt int 4438Defines the total number of seconds to wait for link to become usable, 4439polled at a 1-second interval. 4440The default is 30. 4441.El 4442.Sh FILES 4443.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4444.It Pa /etc/defaults/rc.conf 4445.It Pa /etc/rc.conf 4446.It Pa /etc/rc.conf.local 4447.El 4448.Sh SEE ALSO 4449.Xr catman 1 , 4450.Xr chmod 1 , 4451.Xr gdb 1 , 4452.Xr info 1 , 4453.Xr kbdcontrol 1 , 4454.Xr makewhatis 1 , 4455.Xr sh 1 , 4456.Xr vi 1 , 4457.Xr vidcontrol 1 , 4458.Xr bridge 4 , 4459.Xr dummynet 4 , 4460.Xr ip 4 , 4461.Xr ipf 4 , 4462.Xr ipfw 4 , 4463.Xr ipnat 4 , 4464.Xr kld 4 , 4465.Xr pf 4 , 4466.Xr pflog 4 , 4467.Xr pfsync 4 , 4468.Xr tcp 4 , 4469.Xr udp 4 , 4470.Xr exports 5 , 4471.Xr fstab 5 , 4472.Xr ipf 5 , 4473.Xr ipnat 5 , 4474.Xr motd 5 , 4475.Xr newsyslog.conf 5 , 4476.Xr pf.conf 5 , 4477.Xr security 7 , 4478.Xr accton 8 , 4479.Xr amd 8 , 4480.Xr apm 8 , 4481.Xr atm 8 , 4482.Xr bthidd 8 , 4483.Xr chkprintcap 8 , 4484.Xr chown 8 , 4485.Xr cron 8 , 4486.Xr dhclient 8 , 4487.Xr ftpd 8 , 4488.Xr geli 8 , 4489.Xr hcsecd 8 , 4490.Xr ifconfig 8 , 4491.Xr inetd 8 , 4492.Xr ipf 8 , 4493.Xr ipfw 8 , 4494.Xr ipnat 8 , 4495.Xr jail 8 , 4496.Xr kldxref 8 , 4497.Xr lpd 8 , 4498.Xr mdconfig 8 , 4499.Xr mdmfs 8 , 4500.Xr mixer 8 , 4501.Xr mountd 8 , 4502.Xr moused 8 , 4503.Xr mrouted 8 , 4504.Xr named 8 , 4505.Xr newfs 8 , 4506.Xr newsyslog 8 , 4507.Xr nfsd 8 , 4508.Xr ntpd 8 , 4509.Xr ntpdate 8 , 4510.Xr pfctl 8 , 4511.Xr pflogd 8 , 4512.Xr ping 8 , 4513.Xr powerd 8 , 4514.Xr quotacheck 8 , 4515.Xr quotaon 8 , 4516.Xr rc 8 , 4517.Xr rc.sendmail 8 , 4518.Xr rfcomm_pppd 8 , 4519.Xr route 8 , 4520.Xr routed 8 , 4521.Xr rpcbind 8 , 4522.Xr rpc.lockd 8 , 4523.Xr rpc.statd 8 , 4524.Xr rwhod 8 , 4525.Xr savecore 8 , 4526.Xr sdpd 8 , 4527.Xr sshd 8 , 4528.Xr swapon 8 , 4529.Xr sysctl 8 , 4530.Xr syslogd 8 , 4531.Xr timed 8 , 4532.Xr usbconfig 8 , 4533.Xr wlandebug 8 , 4534.Xr yp 8 , 4535.Xr ypbind 8 , 4536.Xr ypserv 8 , 4537.Xr ypset 8 4538.Sh HISTORY 4539The 4540.Nm 4541file appeared in 4542.Fx 2.2.2 . 4543.Sh AUTHORS 4544.An Jordan K. Hubbard . 4545