1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd March 25, 2020 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/rc.conf.local 63is used to override settings in 64.Pa /etc/rc.conf 65for historical reasons. 66.Pp 67The sysrc(8) command provides a scripting interface to modify system 68config files. 69.Pp 70In addition to 71.Pa /etc/rc.conf.local 72you can also place smaller configuration files for each 73.Xr rc 8 74script in the 75.Pa /etc/rc.conf.d 76directory or 77.Ao Ar dir Ac Ns Pa /rc.conf.d 78directories specified in 79.Va local_startup , 80which will be included by the 81.Va load_rc_config 82function. 83For jail configurations you could use the file 84.Pa /etc/rc.conf.d/jail 85to store jail specific configuration options. 86If 87.Va local_startup 88contains 89.Pa /usr/local/etc/rc.d 90and 91.Pa /opt/conf , 92.Pa /usr/local/rc.conf.d/jail 93and 94.Pa /opt/conf/rc.conf.d/jail 95will be loaded. 96If 97.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 98is a directory, 99all of files in the directory will be loaded. 100Also see the 101.Va rc_conf_files 102variable below. 103.Pp 104Options are set with 105.Dq Ar name Ns Li = Ns Ar value 106assignments that use 107.Xr sh 1 108syntax. 109The following list provides a name and short description for each 110variable that can be set in the 111.Nm 112file: 113.Bl -tag -width indent-two 114.It Va rc_debug 115.Pq Vt bool 116If set to 117.Dq Li YES , 118enable output of debug messages from rc scripts. 119This variable can be helpful in diagnosing mistakes when 120editing or integrating new scripts. 121Beware that this produces copious output to the terminal and 122.Xr syslog 3 . 123.It Va rc_info 124.Pq Vt bool 125If set to 126.Dq Li NO , 127disable informational messages from the rc scripts. 128Informational messages are displayed when 129a condition that is not serious enough to warrant a warning or 130an error occurs. 131.It Va rc_startmsgs 132.Pq Vt bool 133If set to 134.Dq Li YES , 135show 136.Dq Starting foo: 137when faststart is used (e.g., at boot time). 138.It Va early_late_divider 139.Pq Vt str 140The name of the script that should be used as the 141delimiter between the 142.Dq early 143and 144.Dq late 145stages of the boot process. 146The early stage should contain all the services needed to 147get the disks (local or remote) mounted so that the late 148stage can include scripts contained in the directories 149listed in the 150.Va local_startup 151variable (see below). 152Thus, the two likely candidates for this value are 153.Pa mountcritlocal 154for the typical system, and 155.Pa mountcritremote 156if the system needs remote file 157systems mounted to get access to the 158.Va local_startup 159directories; for example when 160.Pa /usr/local 161is NFS mounted. 162For 163.Pa rc.conf 164within a 165.Xr jail 8 166.Pa NETWORKING 167is likely to be an appropriate value. 168Extreme care should be taken when changing this value, 169and before changing it one should ensure that there are 170adequate provisions to recover from a failed boot 171(such as physical contact with the machine, 172or reliable remote console access). 173.It Va always_force_depends 174.Pq Vt bool 175Various 176.Pa rc.d 177scripts use the force_depend function to check whether required 178services are already running, and to start them if necessary. 179By default during boot time this check is bypassed if the 180required service is enabled in 181.Pa /etc/rc.conf[.local] . 182Setting this option will bypass that check at boot time and 183always test whether or not the service is actually running. 184Enabling this option is likely to increase your boot time if 185services are enabled that utilize the force_depend check. 186.It Ao Ar name Ac Ns Va _chroot 187.Pq Vt str 188.Xr chroot 8 189to this directory before running the service. 190.It Ao Ar name Ac Ns Va _user 191.Pq Vt str 192Run the service under this user account. 193.It Ao Ar name Ac Ns Va _group 194.Pq Vt str 195Run the chrooted service under this system group. 196Unlike the _user 197setting, this setting has no effect if the service is not chrooted. 198.It Ao Ar name Ac Ns Va _fib 199.Pq Vt int 200The 201.Xr setfib 1 202value to run the service under. 203.It Ao Ar name Ac Ns Va _nice 204.Pq Vt int 205The 206.Xr nice 1 207value to run the service under. 208.It Va apm_enable 209.Pq Vt bool 210If set to 211.Dq Li YES , 212enable support for Automatic Power Management with 213the 214.Xr apm 8 215command. 216.It Va apmd_enable 217.Pq Vt bool 218Run 219.Xr apmd 8 220to handle APM event from userland. 221This also enables support for APM. 222.It Va apmd_flags 223.Pq Vt str 224If 225.Va apmd_enable 226is set to 227.Dq Li YES , 228these are the flags to pass to the 229.Xr apmd 8 230daemon. 231.It Va devd_enable 232.Pq Vt bool 233Run 234.Xr devd 8 235to handle device added, removed or unknown events from the kernel. 236.It Va ddb_enable 237.Pq Vt bool 238Run 239.Xr ddb 8 240to install 241.Xr ddb 4 242scripts at boot time. 243.It Va ddb_config 244.Pq Vt str 245Configuration file for 246.Xr ddb 8 . 247Default 248.Pa /etc/ddb.conf . 249.It Va kld_list 250.Pq Vt str 251A whitespace-separated list of kernel modules to load right after 252the local disks are mounted, without any 253.Pa .ko 254extension or path. 255Loading modules at this point in the boot process is 256much faster than doing it via 257.Pa /boot/loader.conf 258for those modules not necessary for mounting local disks. 259.It Va kldxref_enable 260.Pq Vt bool 261Set to 262.Dq Li NO 263by default. 264Set to 265.Dq Li YES 266to automatically rebuild 267.Pa linker.hints 268files with 269.Xr kldxref 8 270at boot time. 271.It Va kldxref_clobber 272.Pq Vt bool 273Set to 274.Dq Li NO 275by default. 276If 277.Va kldxref_enable 278is true, 279setting to 280.Dq Li YES 281will overwrite existing 282.Pa linker.hints 283files at boot time. 284Otherwise, 285only missing 286.Pa linker.hints 287files are generated. 288.It Va kldxref_module_path 289.Pq Vt str 290Empty by default. 291A semi-colon 292.Pq Ql \&; 293delimited list of paths containing 294.Xr kld 4 295modules. 296If empty, 297the contents of the 298.Va kern.module_path 299.Xr sysctl 8 300are used. 301.It Va powerd_enable 302.Pq Vt bool 303If set to 304.Dq Li YES , 305enable the system power control facility with the 306.Xr powerd 8 307daemon. 308.It Va powerd_flags 309.Pq Vt str 310If 311.Va powerd_enable 312is set to 313.Dq Li YES , 314these are the flags to pass to the 315.Xr powerd 8 316daemon. 317.It Va tmpmfs 318Controls the creation of a 319.Pa /tmp 320memory file system. 321Always happens if set to 322.Dq Li YES 323and never happens if set to 324.Dq Li NO . 325If set to anything else, a memory file system is created if 326.Pa /tmp 327is not writable. 328.It Va tmpsize 329Controls the size of a created 330.Pa /tmp 331memory file system. 332.It Va tmpmfs_flags 333Extra options passed to the 334.Xr mdmfs 8 335utility when the memory file system for 336.Pa /tmp 337is created. 338The default is 339.Dq Li "-S" , 340which inhibits the use of softupdates on 341.Pa /tmp 342so that file system space is freed without delay 343after file truncation or deletion. 344See 345.Xr mdmfs 8 346for other options you can use in 347.Va tmpmfs_flags . 348.It Va varmfs 349Controls the creation of a 350.Pa /var 351memory file system. 352Always happens if set to 353.Dq Li YES 354and never happens if set to 355.Dq Li NO . 356If set to anything else, a memory file system is created if 357.Pa /var 358is not writable. 359.It Va varsize 360Controls the size of a created 361.Pa /var 362memory file system. 363.It Va varmfs_flags 364Extra options passed to the 365.Xr mdmfs 8 366utility when the memory file system for 367.Pa /var 368is created. 369The default is 370.Dq Li "-S" , 371which inhibits the use of softupdates on 372.Pa /var 373so that file system space is freed without delay 374after file truncation or deletion. 375See 376.Xr mdmfs 8 377for other options you can use in 378.Va varmfs_flags . 379.It Va populate_var 380Controls the automatic population of the 381.Pa /var 382file system. 383Always happens if set to 384.Dq Li YES 385and never happens if set to 386.Dq Li NO . 387If set to anything else, a memory file system is created if 388.Pa /var 389is not writable. 390Note that this process requires access to certain commands in 391.Pa /usr 392before 393.Pa /usr 394is mounted on normal systems. 395.It Va cleanvar_enable 396.Pq Vt bool 397Clean the 398.Pa /var 399directory. 400.It Va local_startup 401.Pq Vt str 402List of directories to search for startup script files. 403.It Va script_name_sep 404.Pq Vt str 405The field separator to use for breaking down the list of startup script files 406into individual filenames. 407The default is a space. 408It is not necessary to change this unless there are startup scripts with names 409containing spaces. 410.It Va hostapd_enable 411.Pq Vt bool 412Set to 413.Dq Li YES 414to start 415.Xr hostapd 8 416at system boot time. 417.It Va hostname 418.Pq Vt str 419The fully qualified domain name (FQDN) of this host on the network. 420This should almost certainly be set to something meaningful, even if 421there is no network connection. 422If 423.Xr dhclient 8 424is used to set the hostname via DHCP, 425this variable should be set to an empty string. 426Within a 427.Xr jail 8 428the hostname is generally already set and this variable may be absent. 429If this value remains unset when the system is done booting 430your console login will display the default hostname of 431.Dq Amnesiac . 432.It Va nisdomainname 433.Pq Vt str 434The NIS domain name of this host, or 435.Dq Li NO 436if NIS is not used. 437.It Va dhclient_program 438.Pq Vt str 439Path to the DHCP client program 440.Pa ( /sbin/dhclient , 441the 442.Ox 443DHCP client, 444is the default). 445.It Va dhclient_flags 446.Pq Vt str 447Additional flags to pass to the DHCP client program. 448For the 449.Ox 450DHCP client, see the 451.Xr dhclient 8 452manpage for a description of the command line options available. 453.It Va dhclient_flags_ Ns Aq Ar iface 454Additional flags to pass to the DHCP client program running on 455.Ar iface 456only. 457When specified, this variable overrides 458.Va dhclient_flags . 459.It Va background_dhclient 460.Pq Vt bool 461Set to 462.Dq Li YES 463to start the DHCP client in background. 464This can cause trouble with applications depending on 465a working network, but it will provide a faster startup 466in many cases. 467.It Va background_dhclient_ Ns Aq Ar iface 468When specified, this variable overrides the 469.Va background_dhclient 470variable for interface 471.Ar iface 472only. 473.It Va synchronous_dhclient 474.Pq Vt bool 475Set to 476.Dq Li YES 477to start 478.Xr dhclient 8 479synchronously at startup. 480This behavior can be overridden on a per-interface basis by replacing 481the 482.Dq Li DHCP 483keyword in the 484.Va ifconfig_ Ns Aq Ar interface 485variable with 486.Dq Li SYNCDHCP 487or 488.Dq Li NOSYNCDHCP . 489.It Va defaultroute_delay 490.Pq Vt int 491When set to a positive value, wait up to this long after configuring 492DHCP interfaces at startup to give the interfaces time to receive a lease. 493.It Va firewall_enable 494.Pq Vt bool 495Set to 496.Dq Li YES 497to load firewall rules at startup. 498If the kernel was not built with 499.Cd "options IPFIREWALL" , 500the 501.Pa ipfw.ko 502kernel module will be loaded. 503See also 504.Va ipfilter_enable . 505.It Va firewall_script 506.Pq Vt str 507This variable specifies the full path to the firewall script to run. 508The default is 509.Pa /etc/rc.firewall . 510.It Va firewall_type 511.Pq Vt str 512Names the firewall type from the selection in 513.Pa /etc/rc.firewall , 514or the file which contains the local firewall ruleset. 515Valid selections from 516.Pa /etc/rc.firewall 517are: 518.Pp 519.Bl -tag -width ".Li simple" -compact 520.It Li open 521unrestricted IP access 522.It Li closed 523all IP services disabled, except via 524.Dq Li lo0 525.It Li client 526basic protection for a workstation 527.It Li simple 528basic protection for a LAN. 529.El 530.Pp 531If a filename is specified, the full path 532must be given. 533.It Va firewall_quiet 534.Pq Vt bool 535Set to 536.Dq Li YES 537to disable the display of firewall rules on the console during boot. 538.It Va firewall_logging 539.Pq Vt bool 540Set to 541.Dq Li YES 542to enable firewall event logging. 543This is equivalent to the 544.Dv IPFIREWALL_VERBOSE 545kernel option. 546.It Va firewall_logif 547.Pq Vt bool 548Set to 549.Dq Li YES 550to create pseudo interface 551.Li ipfw0 552for logging. 553For more details, see 554.Xr ipfw 8 555manual page. 556.It Va firewall_flags 557.Pq Vt str 558Flags passed to 559.Xr ipfw 8 560if 561.Va firewall_type 562specifies a filename. 563.It Va firewall_coscripts 564.Pq Vt str 565List of executables and/or rc scripts to run after firewall starts/stops. 566Default is empty. 567.\" ----- firewall_nat_enable setting -------------------------------- 568.It Va firewall_nat_enable 569.Pq Vt bool 570The 571.Xr ipfw 8 572equivalent of 573.Va natd_enable . 574Setting this to 575.Dq Li YES 576will automatically load the 577.Xr ipfw 8 578NAT kernel module if 579.Va firewall_enable 580is also set to 581.Dq Li YES . 582.It Va firewall_nat_interface 583.Pq Vt str 584The 585.Xr ipfw 8 586equivalent of 587.Va natd_interface . 588This is the name of the public interface or IP address on which 589kernel NAT should run. 590.It Va firewall_nat_flags 591.Pq Vt str 592Additional configuration parameters for kernel NAT should be placed here. 593.It Va firewall_nat64_enable 594.Pq Vt bool 595Setting this to 596.Dq Li YES 597will automatically load the 598.Xr ipfw 8 599NAT64 kernel module if 600.Va firewall_enable 601is also set to 602.Dq Li YES . 603.It Va firewall_nptv6_enable 604.Pq Vt bool 605Setting this to 606.Dq Li YES 607will automatically load the 608.Xr ipfw 8 609NPTv6 kernel module if 610.Va firewall_enable 611is also set to 612.Dq Li YES . 613.It Va firewall_pmod_enable 614.Pq Vt bool 615Setting this to 616.Dq Li YES 617will automatically load the 618.Xr ipfw 8 619pmod kernel module if 620.Va firewall_enable 621is also set to 622.Dq Li YES . 623.It Va dummynet_enable 624.Pq Vt bool 625Setting this to 626.Dq Li YES 627will automatically load the 628.Xr dummynet 4 629module if 630.Va firewall_enable 631is also set to 632.Dq Li YES . 633.\" ------------------------------------------------------------------- 634.It Va ipfw_netflow_enable 635.Pq Vt bool 636Setting this to 637.Dq Li YES 638will enable netflow logging via 639.Xr ng_netflow 4 640.Pp 641By default a ipfw rule is inserted and all packets are duplicated with 642the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 643port using protocol version 5. 644.It Va ipfw_netflow_hook 645.Pq Vt int 646netflow hook name, must be numerical 647(default 648.Pa 9995 ) . 649.It Va ipfw_netflow_rule 650.Pq Vt int 651ipfw rule number 652(default 653.Pa 1000 ) . 654.It Va ipfw_netflow_ip 655.Pq Vt str 656Destination server ip for receiving netflow data 657(default 658.Pa 127.0.0.1 ) . 659.It Va ipfw_netflow_port 660.Pq Vt int 661Destination server port for receiving netflow data 662(default 663.Pa 9995 ) . 664.It Va ipfw_netflow_version 665.Pq Vt int 666Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 667.It Va ipfw_netflow_fib 668.Pq Vt int 669Only match packet in FIB 670.Pa ipfw_netflow_fib 671(default is undefined meaning all FIBs). 672.It Va natd_program 673.Pq Vt str 674Path to 675.Xr natd 8 . 676.It Va natd_enable 677.Pq Vt bool 678Set to 679.Dq Li YES 680to enable 681.Xr natd 8 . 682.Va firewall_enable 683must also be set to 684.Dq Li YES , 685and 686.Xr divert 4 687sockets must be enabled in the kernel. 688If the kernel was not built with 689.Cd "options IPDIVERT" , 690the 691.Pa ipdivert.ko 692kernel module will be loaded. 693.It Va natd_interface 694.Pq Vt str 695This is the name of the public interface on which 696.Xr natd 8 697should run. 698The interface may be given as an interface name or as an IP address. 699.It Va natd_flags 700.Pq Vt str 701Additional 702.Xr natd 8 703flags should be placed here. 704The 705.Fl n 706or 707.Fl a 708flag is automatically added with the above 709.Va natd_interface 710as an argument. 711.\" ----- ipfilter_enable setting -------------------------------- 712.It Va ipfilter_enable 713.Pq Vt bool 714Set to 715.Dq Li NO 716by default. 717Setting this to 718.Dq Li YES 719enables 720.Xr ipf 8 721packet filtering. 722.Pp 723Typical usage will require putting 724.Bd -literal 725ipfilter_enable="YES" 726ipnat_enable="YES" 727ipmon_enable="YES" 728ipfs_enable="YES" 729.Ed 730.Pp 731into 732.Pa /etc/rc.conf 733and editing 734.Pa /etc/ipf.rules 735and 736.Pa /etc/ipnat.rules 737appropriately. 738.Pp 739Note that 740.Va ipfilter_enable 741and 742.Va ipnat_enable 743can be enabled independently. 744.Va ipmon_enable 745and 746.Va ipfs_enable 747both require at least one of 748.Va ipfilter_enable 749and 750.Va ipnat_enable 751to be enabled. 752.Pp 753Having 754.Bd -literal 755options IPFILTER 756options IPFILTER_LOG 757options IPFILTER_DEFAULT_BLOCK 758.Ed 759.Pp 760in the kernel configuration file is a good idea, too. 761.\" ----- ipfilter_program setting ------------------------------ 762.It Va ipfilter_program 763.Pq Vt str 764Path to 765.Xr ipf 8 766(default 767.Pa /sbin/ipf ) . 768.\" ----- ipfilter_rules setting -------------------------------- 769.It Va ipfilter_rules 770.Pq Vt str 771Set to 772.Pa /etc/ipf.rules 773by default. 774This variable contains the name of the filter rule definition file. 775The file is expected to be readable for the 776.Xr ipf 8 777command to execute. 778.\" ----- ipv6_ipfilter_rules setting --------------------------- 779.It Va ipv6_ipfilter_rules 780.Pq Vt str 781Set to 782.Pa /etc/ipf6.rules 783by default. 784This variable contains the IPv6 filter rule definition file. 785The file is expected to be readable for the 786.Xr ipf 8 787command to execute. 788.\" ----- ipfilter_flags setting -------------------------------- 789.It Va ipfilter_flags 790.Pq Vt str 791Empty by default. 792This variable contains flags passed to the 793.Xr ipf 8 794program. 795.\" ----- ipnat_enable setting ---------------------------------- 796.It Va ipnat_enable 797.Pq Vt bool 798Set to 799.Dq Li NO 800by default. 801Set it to 802.Dq Li YES 803to enable 804.Xr ipnat 8 805network address translation. 806See 807.Va ipfilter_enable 808for a detailed discussion. 809.\" ----- ipnat_program setting --------------------------------- 810.It Va ipnat_program 811.Pq Vt str 812Path to 813.Xr ipnat 8 814(default 815.Pa /sbin/ipnat ) . 816.\" ----- ipnat_rules setting ----------------------------------- 817.It Va ipnat_rules 818.Pq Vt str 819Set to 820.Pa /etc/ipnat.rules 821by default. 822This variable contains the name of the file 823holding the network address translation definition. 824This file is expected to be readable for the 825.Xr ipnat 8 826command to execute. 827.\" ----- ipnat_flags setting ----------------------------------- 828.It Va ipnat_flags 829.Pq Vt str 830Empty by default. 831This variable contains flags passed to the 832.Xr ipnat 8 833program. 834.\" ----- ipmon_enable setting ---------------------------------- 835.It Va ipmon_enable 836.Pq Vt bool 837Set to 838.Dq Li NO 839by default. 840Set it to 841.Dq Li YES 842to enable 843.Xr ipmon 8 844monitoring (logging 845.Xr ipf 8 846and 847.Xr ipnat 8 848events). 849Setting this variable needs setting 850.Va ipfilter_enable 851or 852.Va ipnat_enable 853too. 854See 855.Va ipfilter_enable 856for a detailed discussion. 857.\" ----- ipmon_program setting --------------------------------- 858.It Va ipmon_program 859.Pq Vt str 860Path to 861.Xr ipmon 8 862(default 863.Pa /sbin/ipmon ) . 864.\" ----- ipmon_flags setting ----------------------------------- 865.It Va ipmon_flags 866.Pq Vt str 867Set to 868.Dq Li -Ds 869by default. 870This variable contains flags passed to the 871.Xr ipmon 8 872program. 873Another typical example would be 874.Dq Fl D Pa /var/log/ipflog 875to have 876.Xr ipmon 8 877log directly to a file bypassing 878.Xr syslogd 8 . 879Make sure to adjust 880.Pa /etc/newsyslog.conf 881in such case like this: 882.Bd -literal 883/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 884.Ed 885.\" ----- ipfs_enable setting ----------------------------------- 886.It Va ipfs_enable 887.Pq Vt bool 888Set to 889.Dq Li NO 890by default. 891Set it to 892.Dq Li YES 893to enable 894.Xr ipfs 8 895saving the filter and NAT state tables during shutdown 896and reloading them during startup again. 897Setting this variable needs setting 898.Va ipfilter_enable 899or 900.Va ipnat_enable 901to 902.Dq Li YES 903too. 904See 905.Va ipfilter_enable 906for a detailed discussion. 907Note that if 908.Va kern_securelevel 909is set to 3, 910.Va ipfs_enable 911cannot be used 912because the raised securelevel will prevent 913.Xr ipfs 8 914from saving the state tables at shutdown time. 915.\" ----- ipfs_program setting ---------------------------------- 916.It Va ipfs_program 917.Pq Vt str 918Path to 919.Xr ipfs 8 920(default 921.Pa /sbin/ipfs ) . 922.\" ----- ipfs_flags setting ------------------------------------ 923.It Va ipfs_flags 924.Pq Vt str 925Empty by default. 926This variable contains flags passed to the 927.Xr ipfs 8 928program. 929.\" ----- end of added ipf hook --------------------------------- 930.It Va pf_enable 931.Pq Vt bool 932Set to 933.Dq Li NO 934by default. 935Setting this to 936.Dq Li YES 937enables 938.Xr pf 4 939packet filtering. 940.Pp 941Typical usage will require putting 942.Pp 943.Dl pf_enable="YES" 944.Pp 945into 946.Pa /etc/rc.conf 947and editing 948.Pa /etc/pf.conf 949appropriately. 950Adding 951.Pp 952.Dl "device pf" 953.Pp 954builds support for 955.Xr pf 4 956into the kernel, otherwise the 957kernel module will be loaded. 958.It Va pf_rules 959.Pq Vt str 960Path to 961.Xr pf 4 962ruleset configuration file 963(default 964.Pa /etc/pf.conf ) . 965.It Va pf_program 966.Pq Vt str 967Path to 968.Xr pfctl 8 969(default 970.Pa /sbin/pfctl ) . 971.It Va pf_flags 972.Pq Vt str 973If 974.Va pf_enable 975is set to 976.Dq Li YES , 977these flags are passed to the 978.Xr pfctl 8 979program when loading the ruleset. 980.It Va pflog_enable 981.Pq Vt bool 982Set to 983.Dq Li NO 984by default. 985Setting this to 986.Dq Li YES 987enables 988.Xr pflogd 8 989which logs packets from the 990.Xr pf 4 991packet filter. 992.It Va pflog_logfile 993.Pq Vt str 994If 995.Va pflog_enable 996is set to 997.Dq Li YES 998this controls where 999.Xr pflogd 8 1000stores the logfile 1001(default 1002.Pa /var/log/pflog ) . 1003Check 1004.Pa /etc/newsyslog.conf 1005to adjust logfile rotation for this. 1006.It Va pflog_program 1007.Pq Vt str 1008Path to 1009.Xr pflogd 8 1010(default 1011.Pa /sbin/pflogd ) . 1012.It Va pflog_flags 1013.Pq Vt str 1014Empty by default. 1015This variable contains additional flags passed to the 1016.Xr pflogd 8 1017program. 1018.It Va pflog_instances 1019.Pq Vt str 1020If logging to more than one 1021.Xr pflog 4 1022interface is desired, 1023.Va pflog_instances 1024is set to the list of 1025.Xr pflogd 8 1026instances that should be started at system boot time. 1027If 1028.Va pflog_instances 1029is set, for each whitespace-separated 1030.Ar element 1031in the list, 1032.Ao Ar element Ac Ns Va _dev 1033and 1034.Ao Ar element Ac Ns Va _logfile 1035elements are assumed to exist. 1036.Ao Ar element Ac Ns Va _dev 1037must contain the 1038.Xr pflog 4 1039interface to be watched by the named 1040.Xr pflogd 8 1041instance. 1042.Ao Ar element Ac Ns Va _logfile 1043must contain the name of the logfile that will be used by the 1044.Xr pflogd 8 1045instance. 1046.It Va ftpproxy_enable 1047.Pq Vt bool 1048Set to 1049.Dq Li NO 1050by default. 1051Setting this to 1052.Dq Li YES 1053enables 1054.Xr ftp-proxy 8 1055which supports the 1056.Xr pf 4 1057packet filter in translating ftp connections. 1058.It Va ftpproxy_flags 1059.Pq Vt str 1060Empty by default. 1061This variable contains additional flags passed to the 1062.Xr ftp-proxy 8 1063program. 1064.It Va ftpproxy_instances 1065.Pq Vt str 1066Empty by default. 1067If multiple instances of 1068.Xr ftp-proxy 8 1069are desired at boot time, 1070.Va ftpproxy_instances 1071should contain a whitespace-separated list of instance names. 1072For each 1073.Ar element 1074in the list, a variable named 1075.Ao Ar element Ac Ns Va _flags 1076should be defined, containing the command-line flags to be passed to the 1077.Xr ftp-proxy 8 1078instance. 1079.It Va pfsync_enable 1080.Pq Vt bool 1081Set to 1082.Dq Li NO 1083by default. 1084Setting this to 1085.Dq Li YES 1086enables exposing 1087.Xr pf 4 1088state changes to other hosts over the network by means of 1089.Xr pfsync 4 . 1090The 1091.Va pfsync_syncdev 1092variable 1093must also be set then. 1094.It Va pfsync_syncdev 1095.Pq Vt str 1096Empty by default. 1097This variable specifies the name of the network interface 1098.Xr pfsync 4 1099should operate through. 1100It must be set accordingly if 1101.Va pfsync_enable 1102is set to 1103.Dq Li YES . 1104.It Va pfsync_syncpeer 1105.Pq Vt str 1106Empty by default. 1107This variable is optional. 1108By default, state change messages are sent out on the synchronisation 1109interface using IP multicast packets. 1110The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1111224.0.0.240. 1112When a peer address is specified using the 1113.Va pfsync_syncpeer 1114option, the peer address is used as a destination for the pfsync 1115traffic, and the traffic can then be protected using 1116.Xr ipsec 4 . 1117See the 1118.Xr pfsync 4 1119manpage for more details about using 1120.Xr ipsec 4 1121with 1122.Xr pfsync 4 1123interfaces. 1124.It Va pfsync_ifconfig 1125.Pq Vt str 1126Empty by default. 1127This variable can contain additional options to be passed to the 1128.Xr ifconfig 8 1129command used to set up 1130.Xr pfsync 4 . 1131.It Va tcp_extensions 1132.Pq Vt bool 1133Set to 1134.Dq Li YES 1135by default. 1136Setting this to 1137.Dq Li NO 1138disables certain TCP options as described by 1139.Rs 1140.%T "RFC 1323" 1141.Re 1142Setting this to 1143.Dq Li NO 1144might help remedy such problems with connections as randomly hanging 1145or other weird behavior. 1146Some network devices are known 1147to be broken with respect to these options. 1148.It Va log_in_vain 1149.Pq Vt int 1150Set to 0 by default. 1151The 1152.Xr sysctl 8 1153variables, 1154.Va net.inet.tcp.log_in_vain 1155and 1156.Va net.inet.udp.log_in_vain , 1157as described in 1158.Xr tcp 4 1159and 1160.Xr udp 4 , 1161are set to the given value. 1162.It Va tcp_keepalive 1163.Pq Vt bool 1164Set to 1165.Dq Li YES 1166by default. 1167Setting to 1168.Dq Li NO 1169will disable probing idle TCP connections to verify that the 1170peer is still up and reachable. 1171.It Va tcp_drop_synfin 1172.Pq Vt bool 1173Set to 1174.Dq Li NO 1175by default. 1176Setting to 1177.Dq Li YES 1178will cause the kernel to ignore TCP frames that have both 1179the SYN and FIN flags set. 1180This prevents OS fingerprinting, but may 1181break some legitimate applications. 1182.It Va icmp_drop_redirect 1183.Pq Vt bool 1184Set to 1185.Dq Li AUTO 1186by default. 1187This setting will be identical to 1188.Dq Li YES , 1189if a dynamicrouting daemon is enabled, because redirect processing may 1190cause perfomance issues for large routing tables. 1191If no such service is enabled, this setting behaves like a 1192.Dq Li NO . 1193Setting to 1194.Dq Li YES 1195will cause the kernel to ignore ICMP REDIRECT packets. 1196Setting to 1197.Dq Li NO 1198will cause the kernel to process ICMP REDIRECT packets. 1199Refer to 1200.Xr icmp 4 1201for more information. 1202.It Va icmp_log_redirect 1203.Pq Vt bool 1204Set to 1205.Dq Li NO 1206by default. 1207Setting to 1208.Dq Li YES 1209will cause the kernel to log ICMP REDIRECT packets. 1210Note that 1211the log messages are not rate-limited, so this option should only be used 1212for troubleshooting networks. 1213Refer to 1214.Xr icmp 4 1215for more information. 1216.It Va icmp_bmcastecho 1217.Pq Vt bool 1218Set to 1219.Dq Li YES 1220to respond to broadcast or multicast ICMP ping packets. 1221Refer to 1222.Xr icmp 4 1223for more information. 1224.It Va ip_portrange_first 1225.Pq Vt int 1226If not set to 1227.Dq Li NO , 1228this is the first port in the default portrange. 1229Refer to 1230.Xr ip 4 1231for more information. 1232.It Va ip_portrange_last 1233.Pq Vt int 1234If not set to 1235.Dq Li NO , 1236this is the last port in the default portrange. 1237Refer to 1238.Xr ip 4 1239for more information. 1240.It Va network_interfaces 1241.Pq Vt str 1242Set to the list of network interfaces to configure on this host or 1243.Dq Li AUTO 1244(the default) for all current interfaces. 1245Setting the 1246.Va network_interfaces 1247variable to anything other than the default is deprecated. 1248Interfaces that the administrator wishes to store configuration for, 1249but not start at boot should be configured with the 1250.Dq Li NOAUTO 1251keyword in their 1252.Va ifconfig_ Ns Aq Ar interface 1253variables as described below. 1254.Pp 1255An 1256.Va ifconfig_ Ns Aq Ar interface 1257variable is also assumed to exist for each value of 1258.Ar interface . 1259When an interface name contains any of the characters 1260.Dq Li .-/+ 1261they are translated to 1262.Dq Li _ 1263before lookup. 1264The variable can contain arguments to 1265.Xr ifconfig 8 , 1266as well as special case-insensitive keywords described below. 1267Such keywords are removed before passing the value to 1268.Xr ifconfig 8 1269while the order of the other arguments is preserved. 1270.Pp 1271It is possible to add IP alias entries using 1272.Xr ifconfig 8 1273syntax with the address family keyword such as 1274.Li inet . 1275Assuming that the interface in question was 1276.Li em0 , 1277it might look something like this: 1278.Bd -literal 1279ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1280ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1281.Ed 1282.Pp 1283It also possible to configure multiple IP addresses in Classless 1284Inter-Domain Routing 1285.Pq CIDR 1286address notation, 1287whose each address component can be a range like 1288.Li inet 192.0.2.5-23/24 1289or 1290.Li inet6 2001:db8:1-f::1/64 . 1291This notation allows address and prefix length part only, 1292not the other address modifiers. 1293Note that the maximum number of the generated addresses from a range 1294specification is limited to an integer value specified in 1295.Va netif_ipexpand_max 1296in 1297.Nm 1298because a small typo can unexpectedly generate a large number of addresses. 1299The default value is 1300.Li 2048 . 1301It can be increased by adding the following line into 1302.Nm : 1303.Bd -literal 1304netif_ipexpand_max="4096" 1305.Ed 1306.Pp 1307In the case of 1308.Li 192.0.2.5-23/24 , 1309the address 192.0.2.5 will be configured with the 1310netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1311the non-conflicting netmask /32 as explained in the 1312.Xr ifconfig 8 1313alias section. 1314Note that this special netmask handling is only for 1315.Li inet , 1316not for the other address families such as 1317.Li inet6 . 1318.Pp 1319With the interface in question being 1320.Li em0 , 1321an example could look like: 1322.Bd -literal 1323ifconfig_em0_alias2="inet 192.0.2.129/27" 1324ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1325.Ed 1326.Pp 1327and so on. 1328.Pp 1329Note that deprecated 1330.Va ipv4_addrs_ Ns Aq Ar interface 1331variable was supported for IPv4 CIDR address notation. 1332The 1333.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1334variable replaces it, though 1335.Va ipv4_addrs_ Ns Aq Ar interface 1336is still supported for backward compatibility. 1337.Pp 1338For each 1339.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1340entry with an address family keyword, 1341its contents are passed to 1342.Xr ifconfig 8 . 1343Execution stops at the first unsuccessful access, so if 1344something like this is present: 1345.Bd -literal 1346ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1347ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1348ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1349ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1350.Ed 1351.Pp 1352Then note that alias4 would 1353.Em not 1354be added since the search would 1355stop with the missing 1356.Dq Li alias3 1357entry. 1358Because of this difficult to manage behavior, 1359there is 1360.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1361variable, which has the same functionality as 1362.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1363and can have all of entries in a variable like the following: 1364.Bd -literal 1365ifconfig_em0_aliases="\\ 1366 inet 127.0.0.251 netmask 0xffffffff \\ 1367 inet 127.0.0.252 netmask 0xffffffff \\ 1368 inet 127.0.0.253 netmask 0xffffffff \\ 1369 inet 127.0.0.254 netmask 0xffffffff" 1370.Ed 1371.Pp 1372It also supports CIDR notation. 1373.Pp 1374If the 1375.Pa /etc/start_if. Ns Aq Ar interface 1376file is present, it is read and executed by the 1377.Xr sh 1 1378interpreter 1379before configuring the interface as specified in the 1380.Va ifconfig_ Ns Aq Ar interface 1381and 1382.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1383variables. 1384.Pp 1385If a 1386.Va vlans_ Ns Aq Ar interface 1387variable is set, 1388a 1389.Xr vlan 4 1390interface will be created for each item in the list with the 1391.Ar vlandev 1392argument set to 1393.Ar interface . 1394If a vlan interface's name is a number, 1395then that number is used as the vlan tag and the new vlan interface is 1396named 1397.Ar interface . Ns Ar tag . 1398Otherwise, 1399the vlan tag must be specified via a 1400.Va vlan 1401parameter in the 1402.Va create_args_ Ns Aq Ar interface 1403variable. 1404.Pp 1405To create a vlan device named 1406.Li em0.101 1407on 1408.Li em0 1409with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1410.Bd -literal 1411vlans_em0="101" 1412ifconfig_em0_101="inet 192.0.2.1/24" 1413.Ed 1414.Pp 1415To create a vlan device named 1416.Li myvlan 1417on 1418.Li em0 1419with the vlan tag 102: 1420.Bd -literal 1421vlans_em0="myvlan" 1422create_args_myvlan="vlan 102" 1423.Ed 1424.Pp 1425If a 1426.Va wlans_ Ns Aq Ar interface 1427variable is set, 1428an 1429.Xr wlan 4 1430interface will be created for each item in the list with the 1431.Ar wlandev 1432argument set to 1433.Ar interface . 1434Further wlan cloning arguments may be passed to the 1435.Xr ifconfig 8 1436.Cm create 1437command by setting the 1438.Va create_args_ Ns Aq Ar interface 1439variable. 1440One or more 1441.Xr wlan 4 1442devices must be created for each wireless devices as of 1443.Fx 8.0 . 1444Debugging flags for 1445.Xr wlan 4 1446devices as set by 1447.Xr wlandebug 8 1448may be specified with an 1449.Va wlandebug_ Ns Aq Ar interface 1450variable. 1451The contents of this variable will be passed directly to 1452.Xr wlandebug 8 . 1453.Pp 1454If the 1455.Va ifconfig_ Ns Aq Ar interface 1456contains the keyword 1457.Dq Li NOAUTO 1458then the interface will not be configured 1459at boot or by 1460.Pa /etc/pccard_ether 1461when 1462.Va network_interfaces 1463is set to 1464.Dq Li AUTO . 1465.Pp 1466It is possible to bring up an interface with DHCP by adding 1467.Dq Li DHCP 1468to the 1469.Va ifconfig_ Ns Aq Ar interface 1470variable. 1471For instance, to initialize the 1472.Li em0 1473device via DHCP, 1474it is possible to use something like: 1475.Bd -literal 1476ifconfig_em0="DHCP" 1477.Ed 1478.Pp 1479If you want to configure your wireless interface with 1480.Xr wpa_supplicant 8 1481for use with WPA, EAP/LEAP or WEP, you need to add 1482.Dq Li WPA 1483to the 1484.Va ifconfig_ Ns Aq Ar interface 1485variable. 1486.Pp 1487On the other hand, if you want to configure your wireless interface with 1488.Xr hostapd 8 , 1489you need to add 1490.Dq Li HOSTAP 1491to the 1492.Va ifconfig_ Ns Aq Ar interface 1493variable. 1494.Xr hostapd 8 1495will use the settings from 1496.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1497.Pp 1498Finally, you can add 1499.Xr ifconfig 8 1500options in this variable, in addition to the 1501.Pa /etc/start_if. Ns Aq Ar interface 1502file. 1503For instance, to configure an 1504.Xr ath 4 1505wireless device in station mode with an address obtained 1506via DHCP, using WPA authentication and 802.11b mode, it is 1507possible to use something like: 1508.Bd -literal 1509wlans_ath0="wlan0" 1510ifconfig_wlan0="DHCP WPA mode 11b" 1511.Ed 1512.Pp 1513In addition to the 1514.Va ifconfig_ Ns Aq Ar interface 1515form, a fallback variable 1516.Va ifconfig_DEFAULT 1517may be configured. 1518It will be used for all interfaces with no 1519.Va ifconfig_ Ns Aq Ar interface 1520variable. 1521This is intended to replace the no longer supported 1522.Va pccard_ifconfig 1523variable. 1524.Pp 1525It is also possible to rename an interface by doing: 1526.Bd -literal 1527ifconfig_em0_name="net0" 1528ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1529.Ed 1530.It Va ipv6_enable 1531.Pq Vt bool 1532This variable is deprecated. 1533Use 1534.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1535and 1536.Va ipv6_activate_all_interfaces 1537if necessary. 1538.Pp 1539If the variable is 1540.Dq Li YES , 1541.Dq Li inet6 accept_rtadv 1542is added to all of 1543.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1544and the 1545.Va ipv6_activate_all_interfaces 1546is defined as 1547.Dq Li YES . 1548.It Va ipv6_prefer 1549.Pq Vt bool 1550This variable is deprecated. 1551Use 1552.Va ip6addrctl_policy 1553instead. 1554.Pp 1555If the variable is 1556.Dq Li YES , 1557the default address selection policy table set by 1558.Xr ip6addrctl 8 1559will be IPv6-preferred. 1560.Pp 1561If the variable is 1562.Dq Li NO , 1563the default address selection policy table set by 1564.Xr ip6addrctl 8 1565will be IPv4-preferred. 1566.It Va ipv6_activate_all_interfaces 1567.Pq Vt bool 1568This controls initial configuration on IPv6-capable 1569interfaces with no corresponding 1570.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1571variable. 1572Note that it is not always necessary to set this variable to 1573.Dq YES 1574to use IPv6 functionality on 1575.Fx . 1576In most cases, just configuring 1577.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1578variables works. 1579.Pp 1580If the variable is 1581.Dq Li NO , 1582all interfaces which do not have a corresponding 1583.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1584variable will be marked as 1585.Dq Li IFDISABLED 1586at creation. 1587This means that all of IPv6 functionality on that interface 1588is completely disabled to enforce a security policy. 1589If the variable is set to 1590.Dq YES , 1591the flag will be cleared on all of the interfaces. 1592.Pp 1593In most cases, just defining an 1594.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1595for an IPv6-capable interface should be sufficient. 1596However, if an interface is added dynamically 1597.Pq by some tunneling protocols such as PPP, for example , 1598it is often difficult to define the variable in advance. 1599In such a case, configuring the 1600.Dq Li IFDISABLED 1601flag can be disabled by setting this variable to 1602.Dq YES . 1603.Pp 1604For more details of the 1605.Dq Li IFDISABLED 1606flag and keywords 1607.Dq Li inet6 ifdisabled , 1608see 1609.Xr ifconfig 8 . 1610.Pp 1611Default is 1612.Dq Li NO . 1613.It Va ipv6_privacy 1614.Pq Vt bool 1615If the variable is 1616.Dq Li YES 1617privacy addresses will be generated for each IPv6 1618interface as described in RFC 4941. 1619.It Va ipv6_network_interfaces 1620.Pq Vt str 1621This is the IPv6 equivalent of 1622.Va network_interfaces . 1623Normally manual configuration of this variable is not needed. 1624.It Va ipv6_cpe_wanif 1625.Pq Vt str 1626If the variable is set to an interface name, 1627the 1628.Xr ifconfig 8 1629options 1630.Dq inet6 -no_radr accept_rtadv 1631will be added to the specified interface automatically before evaluating 1632.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1633and two 1634.Xr sysctl 8 1635variables 1636.Va net.inet6.ip6.rfc6204w3 1637and 1638.Va net.inet6.ip6.no_radr 1639will be set to 1. 1640.Pp 1641This means the specified interface will accept ICMPv6 Router 1642Advertisement messages on that link and add the discovered 1643routers into the Default Router List. 1644While the other interfaces can still accept RA messages if the 1645.Dq inet6 accept_rtadv 1646option is specified, adding 1647routes into the Default Router List will be disabled by 1648.Dq inet6 no_radr 1649option by default. 1650See 1651.Xr ifconfig 8 1652for more details. 1653.Pp 1654Note that ICMPv6 Router Advertisement messages will be 1655accepted even when 1656.Va net.inet6.ip6.forwarding 1657is 1 1658.Pq packet forwarding is enabled 1659when 1660.Va net.inet6.ip6.rfc6204w3 1661is set to 1. 1662.Pp 1663Default is 1664.Dq Li NO . 1665.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1666.Pq Vt str 1667This assigns arbitrary description to an interface. 1668The 1669.Xr sysctl 8 1670variable 1671.Va net.ifdescr_maxlen 1672limits its length. 1673This static setting may be overridden by commands 1674started with dynamic interface configuration utilities 1675like 1676.Xr dhclient 8 1677hooks. 1678The description can be seen with 1679.Xr ifconfig 8 1680command and it may be exported with 1681.Xr bsnmpd 1 1682daemon using its MIB-2 module. 1683.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1684.Pq Vt str 1685IPv6 functionality on an interface should be configured by 1686.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1687instead of setting ifconfig parameters in 1688.Va ifconfig_ Ns Aq Ar interface . 1689If this variable is empty, all of IPv6 configurations on the 1690specified interface by other variables such as 1691.Va ipv6_prefix_ Ns Ao Ar interface Ac 1692will be ignored. 1693.Pp 1694Aliases should be set by 1695.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1696with 1697.Dq Li inet6 1698keyword. 1699For example: 1700.Bd -literal 1701ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1702ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1703.Ed 1704.Pp 1705Interfaces that have an 1706.Dq Li inet6 accept_rtadv 1707keyword in 1708.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1709setting will be automatically configured by SLAAC 1710.Pq StateLess Address AutoConfiguration 1711described in 1712.Rs 1713.%T "RFC 4862" 1714.Re 1715.Pp 1716Note that a link-local address will be automatically configured in 1717addition to the configured global-scope addresses because the IPv6 1718specifications require it on each link. 1719The address is calculated from the MAC address by using an algorithm 1720defined in 1721.Rs 1722.%T "RFC 4862" 1723.%O "Section 5.3" 1724.Re 1725.Pp 1726If only a link-local address is needed on the interface, 1727the following configuration can be used: 1728.Bd -literal 1729ifconfig_em0_ipv6="inet6 auto_linklocal" 1730.Ed 1731.Pp 1732A link-local address can also be configured manually. 1733This is useful for the default router address of an IPv6 router 1734so that it does not change when the network interface 1735card is replaced. 1736For example: 1737.Bd -literal 1738ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1739.Ed 1740.It Va ipv6_prefix_ Ns Aq Ar interface 1741.Pq Vt str 1742If one or more prefixes are defined in 1743.Va ipv6_prefix_ Ns Aq Ar interface 1744addresses based on each prefix and the EUI-64 interface index will be 1745configured on that interface. 1746Note that this variable will be ignored when 1747.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1748is empty. 1749.Pp 1750For example, the following configuration 1751.Bd -literal 1752ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1753.Ed 1754.Pp 1755is equivalent to the following: 1756.Bd -literal 1757ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1758ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1759ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1760ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1761.Ed 1762.Pp 1763These Subnet-Router anycast addresses will be added only when 1764.Va ipv6_gateway_enable 1765is YES. 1766.It Va ipv6_default_interface 1767.Pq Vt str 1768If not set to 1769.Dq Li NO , 1770this is the default output interface for scoped addresses. 1771This works only with ipv6_gateway_enable="NO". 1772.It Va ip6addrctl_enable 1773.Pq Vt bool 1774This variable is to enable configuring default address selection policy table 1775.Pq RFC 3484 . 1776The table can be specified in another variable 1777.Va ip6addrctl_policy . 1778For 1779.Va ip6addrctl_policy 1780the following keywords can be specified: 1781.Dq Li ipv4_prefer , 1782.Dq Li ipv6_prefer , 1783or 1784.Dq Li AUTO . 1785.Pp 1786If 1787.Dq Li ipv4_prefer 1788or 1789.Dq Li ipv6_prefer 1790is specified, 1791.Xr ip6addrctl 8 1792installs a pre-defined policy table described in Section 10.3 1793.Pq IPv4-preferred 1794or 2.1 1795.Pq IPv6-preferred 1796of RFC 3484. 1797.Pp 1798If 1799.Dq Li AUTO 1800is specified, it attempts to read a file 1801.Pa /etc/ip6addrctl.conf 1802first. 1803If this file is found, 1804.Xr ip6addrctl 8 1805reads and installs it. 1806If not found, a policy is automatically set 1807according to 1808.Va ipv6_activate_all_interfaces 1809variable; if the variable is set to 1810.Dq Li YES 1811the IPv6-preferred one is used. 1812Otherwise IPv4-preferred. 1813.Pp 1814The default value of 1815.Va ip6addrctl_enable 1816and 1817.Va ip6addrctl_policy 1818are 1819.Dq Li YES 1820and 1821.Dq Li AUTO , 1822respectively. 1823.It Va cloned_interfaces 1824.Pq Vt str 1825Set to the list of clonable network interfaces to create on this host. 1826Further cloning arguments may be passed to the 1827.Xr ifconfig 8 1828.Cm create 1829command for each interface by setting the 1830.Va create_args_ Ns Aq Ar interface 1831variable. 1832If an interface name is specified with 1833.Dq :sticky 1834keyword, 1835the interface will not be destroyed even when 1836.Pa rc.d/netif 1837script is invoked with 1838.Dq stop 1839argument. 1840This is useful when reconfiguring the interface without destroying it. 1841Entries in 1842.Va cloned_interfaces 1843are automatically appended to 1844.Va network_interfaces 1845for configuration. 1846.It Va cloned_interfaces_sticky 1847.Pq Vt bool 1848This variable is to globally enable functionality of 1849.Dq :sticky 1850keyword in 1851.Va cloned_interfaces 1852for all interfaces. 1853The default value is 1854.Dq NO . 1855Even if this variable is specified to 1856.Dq YES , 1857.Dq :nosticky 1858keyword can be used to override it on per interface basis. 1859.It Va gif_interfaces 1860.Pq Vt str 1861This variable is deprecated in favor of 1862.Va cloned_interfaces . 1863Set to the list of 1864.Xr gif 4 1865tunnel interfaces to configure on this host. 1866For each 1867.Xr gif 1868tunnel interface, set a variable named 1869.Va ifconfig_ Ns Aq Ar interface 1870with the parameters for the 1871.Xr ifconfig 8 1872command to configure the link level for 1873.Ar interface 1874with the 1875.Cm tunnel 1876option. 1877The value of this variable is used to configure the link layer of the 1878tunnel using the 1879.Cm tunnel 1880option to 1881.Xr ifconfig . 1882For example, configure two 1883.Xr gif 1884interfaces with: 1885.Bd -literal -offset indent 1886gif_interfaces="gif0 gif1" 1887ifconfig_gif0="tunnel src_addr0 dst_addr0" 1888ifconfig_gif1="tunnel src_addr1 dst_addr1" 1889.Ed 1890.Pp 1891Additionally, this option ensures that each listed interface is created 1892via the 1893.Cm create 1894option to 1895.Xr ifconfig . 1896This example also works with 1897.Va cloned_interfaces 1898instead of 1899.Va gif_interfaces . 1900.It Va sppp_interfaces 1901.Pq Vt str 1902Set to the list of 1903.Xr sppp 4 1904interfaces to configure on this host. 1905A 1906.Va spppconfig_ Ns Aq Ar interface 1907variable is assumed to exist for each value of 1908.Ar interface . 1909Each interface should also be configured by a general 1910.Va ifconfig_ Ns Aq Ar interface 1911setting. 1912Refer to 1913.Xr spppcontrol 8 1914for more information about available options. 1915.It Va ppp_enable 1916.Pq Vt bool 1917If set to 1918.Dq Li YES , 1919run the 1920.Xr ppp 8 1921daemon. 1922.It Va ppp_profile 1923.Pq Vt str 1924The name of the profile to use from 1925.Pa /etc/ppp/ppp.conf . 1926Also used for per-profile overrides of 1927.Va ppp_mode 1928and 1929.Va ppp_nat , 1930and 1931.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1932When the profile name contains any of the characters 1933.Dq Li .-/+ 1934they are translated to 1935.Dq Li _ 1936for the proposes of the override variable names. 1937.It Va ppp_mode 1938.Pq Vt str 1939Mode in which to run the 1940.Xr ppp 8 1941daemon. 1942.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1943.Pq Vt str 1944Overrides the global 1945.Va ppp_mode 1946for 1947.Ar profile . 1948Accepted modes are 1949.Dq Li auto , 1950.Dq Li ddial , 1951.Dq Li direct 1952and 1953.Dq Li dedicated . 1954See the manual for a full description. 1955.It Va ppp_nat 1956.Pq Vt bool 1957If set to 1958.Dq Li YES , 1959enables network address translation. 1960Used in conjunction with 1961.Va gateway_enable 1962allows hosts on private network addresses access to the Internet using 1963this host as a network address translating router. 1964.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1965.Pq Vt str 1966Overrides the global 1967.Va ppp_nat 1968for 1969.Ar profile . 1970.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1971.Pq Vt int 1972Set the unit number to be used for this profile. 1973See the manual description of 1974.Fl unit Ns Ar N 1975for details. 1976.It Va ppp_user 1977.Pq Vt str 1978The name of the user under which 1979.Xr ppp 8 1980should be started. 1981By 1982default, 1983.Xr ppp 8 1984is started as 1985.Dq Li root . 1986.It Va rc_conf_files 1987.Pq Vt str 1988This option is used to specify a list of files that will override 1989the settings in 1990.Pa /etc/defaults/rc.conf . 1991The files will be read in the order in which they are specified and should 1992include the full path to the file. 1993By default, the files specified are 1994.Pa /etc/rc.conf 1995and 1996.Pa /etc/rc.conf.local 1997.It Va zfs_enable 1998.Pq Vt bool 1999If set to 2000.Dq Li YES , 2001.Pa /etc/rc.d/zfs 2002will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2003(ZVOLs). 2004.It Va gptboot_enable 2005.Pq Vt bool 2006If set to 2007.Dq Li YES , 2008.Pa /etc/rc.d/gptboot 2009will log if the system successfully (or not) booted from a GPT partition, 2010which had the 2011.Ar bootonce 2012attribute set using 2013.Xr gpart 8 2014utility. 2015.It Va gbde_autoattach_all 2016.Pq Vt bool 2017If set to 2018.Dq Li YES , 2019.Pa /etc/rc.d/gbde 2020will attempt to automatically initialize your .bde devices in 2021.Pa /etc/fstab . 2022.It Va gbde_devices 2023.Pq Vt str 2024List the devices that the script should try to attach, 2025or 2026.Dq Li AUTO . 2027.It Va gbde_lockdir 2028.Pq Vt str 2029The directory where the 2030.Xr gbde 4 2031lockfiles are located. 2032The default lockfile directory is 2033.Pa /etc . 2034.Pp 2035The lockfile for each individual 2036.Xr gbde 4 2037device can be overridden by setting the variable 2038.Va gbde_lock_ Ns Aq Ar device , 2039where 2040.Ar device 2041is the encrypted device without the 2042.Dq Pa /dev/ 2043and 2044.Dq Pa .bde 2045parts. 2046.It Va gbde_attach_attempts 2047.Pq Vt int 2048Number of times to attempt attaching to a 2049.Xr gbde 4 2050device, i.e., how many times the user is asked for the pass-phrase. 2051Default is 3. 2052.It Va geli_devices 2053.Pq Vt str 2054List of devices to automatically attach on boot. 2055Note that .eli devices from 2056.Pa /etc/fstab 2057are automatically appended to this list. 2058.It Va geli_groups 2059.Pq Vt str 2060List of groups containing devices to automatically attach on boot with the same 2061keyfiles and passphrase. 2062This must be accompanied with a corresponding 2063.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2064variable. 2065.It Va geli_tries 2066.Pq Vt int 2067Number of times user is asked for the pass-phrase. 2068If empty, it will be taken from 2069.Va kern.geom.eli.tries 2070sysctl variable. 2071.It Va geli_default_flags 2072.Pq Vt str 2073Default flags to use by 2074.Xr geli 8 2075when configuring disk encryption. 2076Flags can be configured for every device separately by defining the 2077.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2078variable, and for every group separately by defining the 2079.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2080variable. 2081.It Va geli_autodetach 2082.Pq Vt str 2083Specifies if GELI devices should be marked for detach on last close after 2084file systems are mounted. 2085Default is 2086.Dq Li YES . 2087This can be changed for every device separately by defining the 2088.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2089variable. 2090.It Va root_rw_mount 2091.Pq Vt bool 2092Set to 2093.Dq Li YES 2094by default. 2095After the file systems are checked at boot time, the root file system 2096is remounted as read-write if this is set to 2097.Dq Li YES . 2098Diskless systems that mount their root file system from a read-only remote 2099NFS share should set this to 2100.Dq Li NO 2101in their 2102.Pa rc.conf . 2103.It Va fsck_y_enable 2104.Pq Vt bool 2105If set to 2106.Dq Li YES , 2107.Xr fsck 8 2108will be run with the 2109.Fl y 2110flag if the initial preen 2111of the file systems fails. 2112.It Va background_fsck 2113.Pq Vt bool 2114If set to 2115.Dq Li NO , 2116the system will not attempt to run 2117.Xr fsck 8 2118in the background where possible. 2119.It Va background_fsck_delay 2120.Pq Vt int 2121The amount of time in seconds to sleep before starting a background 2122.Xr fsck 8 . 2123It defaults to sixty seconds to allow large applications such as 2124the X server to start before disk I/O bandwidth is monopolized by 2125.Xr fsck 8 . 2126If set to a negative number, the background file system check will be 2127delayed indefinitely to allow the administrator to run it at a more 2128convenient time. 2129For example it may be run from 2130.Xr cron 8 2131by adding a line like 2132.Pp 2133.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2134.Pp 2135to 2136.Pa /etc/crontab . 2137.It Va netfs_types 2138.Pq Vt str 2139List of file system types that are network-based. 2140This list should generally not be modified by end users. 2141Use 2142.Va extra_netfs_types 2143instead. 2144.It Va extra_netfs_types 2145.Pq Vt str 2146If set to something other than 2147.Dq Li NO 2148(the default), 2149this variable extends the list of file system types 2150for which automatic mounting at startup by 2151.Xr rc 8 2152should be delayed until the network is initialized. 2153It should contain 2154a whitespace-separated list of network file system descriptor pairs, 2155each consisting of a file system type as passed to 2156.Xr mount 8 2157and a human-readable, one-word description, 2158joined with a colon 2159.Pq Ql \&: . 2160Extending the default list in this way is only necessary 2161when third party file system types are used. 2162.It Va syslogd_enable 2163.Pq Vt bool 2164If set to 2165.Dq Li YES , 2166run the 2167.Xr syslogd 8 2168daemon. 2169.It Va syslogd_program 2170.Pq Vt str 2171Path to 2172.Xr syslogd 8 2173(default 2174.Pa /usr/sbin/syslogd ) . 2175.It Va syslogd_flags 2176.Pq Vt str 2177If 2178.Va syslogd_enable 2179is set to 2180.Dq Li YES , 2181these are the flags to pass to 2182.Xr syslogd 8 . 2183.It Va inetd_enable 2184.Pq Vt bool 2185If set to 2186.Dq Li YES , 2187run the 2188.Xr inetd 8 2189daemon. 2190.It Va inetd_program 2191.Pq Vt str 2192Path to 2193.Xr inetd 8 2194(default 2195.Pa /usr/sbin/inetd ) . 2196.It Va inetd_flags 2197.Pq Vt str 2198If 2199.Va inetd_enable 2200is set to 2201.Dq Li YES , 2202these are the flags to pass to 2203.Xr inetd 8 . 2204.It Va hastd_enable 2205.Pq Vt bool 2206If set to 2207.Dq Li YES , 2208run the 2209.Xr hastd 8 2210daemon. 2211.It Va hastd_program 2212.Pq Vt str 2213Path to 2214.Xr hastd 8 2215(default 2216.Pa /sbin/hastd ) . 2217.It Va hastd_flags 2218.Pq Vt str 2219If 2220.Va hastd_enable 2221is set to 2222.Dq Li YES , 2223these are the flags to pass to 2224.Xr hastd 8 . 2225.It Va local_unbound_enable 2226.Pq Vt bool 2227If set to 2228.Dq Li YES , 2229run the 2230.Xr unbound 8 2231daemon as a local caching resolver. 2232.It Va kdc_enable 2233.Pq Vt bool 2234Set to 2235.Dq Li YES 2236to start a Kerberos 5 authentication server 2237at boot time. 2238.It Va kdc_program 2239.Pq Vt str 2240If 2241.Va kdc_enable 2242is set to 2243.Dq Li YES 2244this is the path to Kerberos 5 Authentication Server. 2245.It Va kdc_flags 2246.Pq Vt str 2247Empty by default. 2248This variable contains additional flags to be passed to the Kerberos 5 2249authentication server. 2250.It Va kadmind_enable 2251.Pq Vt bool 2252Set to 2253.Dq Li YES 2254to start 2255.Xr kadmind 8 , 2256the Kerberos 5 Administration Daemon; set to 2257.Dq Li NO 2258on a slave server. 2259.It Va kadmind_program 2260.Pq Vt str 2261If 2262.Va kadmind_enable 2263is set to 2264.Dq Li YES 2265this is the path to Kerberos 5 Administration Daemon. 2266.It Va kpasswdd_enable 2267.Pq Vt bool 2268Set to 2269.Dq Li YES 2270to start 2271.Xr kpasswdd 8 , 2272the Kerberos 5 Password-Changing Daemon; set to 2273.Dq Li NO 2274on a slave server. 2275.It Va kpasswdd_program 2276.Pq Vt str 2277If 2278.Va kpasswdd_enable 2279is set to 2280.Dq Li YES 2281this is the path to Kerberos 5 Password-Changing Daemon. 2282.It Va kfd_enable 2283.Pq Vt bool 2284Set to 2285.Dq Li YES 2286to start 2287.Xr kfd 8 , 2288the Kerberos 5 ticket forwarding daemon, at the boot time. 2289.It Va kfd_program 2290.Pq Vt str 2291Path to 2292.Xr kfd 8 2293(default 2294.Pa /usr/libexec/kfd ) . 2295.It Va rwhod_enable 2296.Pq Vt bool 2297If set to 2298.Dq Li YES , 2299run the 2300.Xr rwhod 8 2301daemon at boot time. 2302.It Va rwhod_flags 2303.Pq Vt str 2304If 2305.Va rwhod_enable 2306is set to 2307.Dq Li YES , 2308these are the flags to pass to it. 2309.It Va amd_enable 2310.Pq Vt bool 2311If set to 2312.Dq Li YES , 2313run the 2314.Xr amd 8 2315daemon at boot time. 2316.It Va amd_flags 2317.Pq Vt str 2318If 2319.Va amd_enable 2320is set to 2321.Dq Li YES , 2322these are the flags to pass to it. 2323See the 2324.Xr amd 8 2325manpage for more information. 2326.It Va amd_map_program 2327.Pq Vt str 2328If set, 2329the specified program is run to get the list of 2330.Xr amd 8 2331maps. 2332For example, if the 2333.Xr amd 8 2334maps are stored in NIS, one can set this to 2335run 2336.Xr ypcat 1 2337to get a list of 2338.Xr amd 8 2339maps from the 2340.Pa amd.master 2341NIS map. 2342.It Va update_motd 2343.Pq Vt bool 2344If set to 2345.Dq Li YES , 2346.Pa /etc/motd 2347will be updated at boot time to reflect the kernel release 2348being run. 2349If set to 2350.Dq Li NO , 2351.Pa /etc/motd 2352will not be updated. 2353.It Va nfs_client_enable 2354.Pq Vt bool 2355If set to 2356.Dq Li YES , 2357run the NFS client daemons at boot time. 2358.It Va nfs_access_cache 2359.Pq Vt int 2360If 2361.Va nfs_client_enable 2362is set to 2363.Dq Li YES , 2364this can be set to 2365.Dq Li 0 2366to disable NFS ACCESS RPC caching, or to the number of seconds for which 2367NFS ACCESS 2368results should be cached. 2369A value of 2-10 seconds will substantially reduce network 2370traffic for many NFS operations. 2371.It Va nfs_server_enable 2372.Pq Vt bool 2373If set to 2374.Dq Li YES , 2375run the NFS server daemons at boot time. 2376.It Va nfs_server_flags 2377.Pq Vt str 2378If 2379.Va nfs_server_enable 2380is set to 2381.Dq Li YES , 2382these are the flags to pass to the 2383.Xr nfsd 8 2384daemon. 2385.It Va nfsv4_server_enable 2386.Pq Vt bool 2387If 2388.Va nfs_server_enable 2389is set to 2390.Dq Li YES 2391and 2392.Va nfsv4_server_enable 2393are set to 2394.Dq Li YES , 2395enable the server for NFSv4 as well as NFSv2 and NFSv3. 2396.It Va nfsuserd_enable 2397.Pq Vt bool 2398If 2399.Va nfsuserd_enable 2400is set to 2401.Dq Li YES , 2402run the nfsuserd daemon, which is needed for NFSv4 in order 2403to map between user/group names vs uid/gid numbers. 2404If 2405.Va nfsv4_server_enable 2406is set to 2407.Dq Li YES , 2408this will be forced enabled. 2409.It Va nfsuserd_flags 2410.Pq Vt str 2411If 2412.Va nfsuserd_enable 2413is set to 2414.Dq Li YES , 2415these are the flags to pass to the 2416.Xr nfsuserd 8 2417daemon. 2418.It Va nfscbd_enable 2419.Pq Vt bool 2420If 2421.Va nfscbd_enable 2422is set to 2423.Dq Li YES , 2424run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2425.It Va nfscbd_flags 2426.Pq Vt str 2427If 2428.Va nfscbd_enable 2429is set to 2430.Dq Li YES , 2431these are the flags to pass to the 2432.Xr nfscbd 8 2433daemon. 2434.It Va mountd_enable 2435.Pq Vt bool 2436If set to 2437.Dq Li YES , 2438and no 2439.Va nfs_server_enable 2440is set, start 2441.Xr mountd 8 , 2442but not 2443.Xr nfsd 8 2444daemon. 2445It is commonly needed to run CFS without real NFS used. 2446.It Va mountd_flags 2447.Pq Vt str 2448If 2449.Va mountd_enable 2450is set to 2451.Dq Li YES , 2452these are the flags to pass to the 2453.Xr mountd 8 2454daemon. 2455.It Va weak_mountd_authentication 2456.Pq Vt bool 2457If set to 2458.Dq Li YES , 2459allow services like PCNFSD to make non-privileged mount 2460requests. 2461.It Va nfs_reserved_port_only 2462.Pq Vt bool 2463If set to 2464.Dq Li YES , 2465provide NFS services only on a secure port. 2466.It Va nfs_bufpackets 2467.Pq Vt int 2468If set to a number, indicates the number of packets worth of 2469socket buffer space to reserve on an NFS client. 2470The kernel default is typically 4. 2471Using a higher number may be 2472useful on gigabit networks to improve performance. 2473The minimum value is 24742 and the maximum is 64. 2475.It Va rpc_lockd_enable 2476.Pq Vt bool 2477If set to 2478.Dq Li YES 2479and also an NFS server or client, run 2480.Xr rpc.lockd 8 2481at boot time. 2482.It Va rpc_lockd_flags 2483.Pq Vt str 2484If 2485.Va rpc_lockd_enable 2486is set to 2487.Dq Li YES , 2488these are the flags to pass to the 2489.Xr rpc.lockd 8 2490daemon. 2491.It Va rpc_statd_enable 2492.Pq Vt bool 2493If set to 2494.Dq Li YES 2495and also an NFS server or client, run 2496.Xr rpc.statd 8 2497at boot time. 2498.It Va rpc_statd_flags 2499.Pq Vt str 2500If 2501.Va rpc_statd_enable 2502is set to 2503.Dq Li YES , 2504these are the flags to pass to the 2505.Xr rpc.statd 8 2506daemon. 2507.It Va rpcbind_program 2508.Pq Vt str 2509Path to 2510.Xr rpcbind 8 2511(default 2512.Pa /usr/sbin/rpcbind ) . 2513.It Va rpcbind_enable 2514.Pq Vt bool 2515If set to 2516.Dq Li YES , 2517run the 2518.Xr rpcbind 8 2519service at boot time. 2520.It Va rpcbind_flags 2521.Pq Vt str 2522If 2523.Va rpcbind_enable 2524is set to 2525.Dq Li YES , 2526these are the flags to pass to the 2527.Xr rpcbind 8 2528daemon. 2529.It Va keyserv_enable 2530.Pq Vt bool 2531If set to 2532.Dq Li YES , 2533run the 2534.Xr keyserv 8 2535daemon on boot for running Secure RPC. 2536.It Va keyserv_flags 2537.Pq Vt str 2538If 2539.Va keyserv_enable 2540is set to 2541.Dq Li YES , 2542these are the flags to pass to 2543.Xr keyserv 8 2544daemon. 2545.It Va pppoed_enable 2546.Pq Vt bool 2547If set to 2548.Dq Li YES , 2549run the 2550.Xr pppoed 8 2551daemon at boot time to provide PPP over Ethernet services. 2552.It Va pppoed_ Ns Aq Ar provider 2553.Pq Vt str 2554.Xr pppoed 8 2555listens to requests to this 2556.Ar provider 2557and ultimately runs 2558.Xr ppp 8 2559with a 2560.Ar system 2561argument of the same name. 2562.It Va pppoed_flags 2563.Pq Vt str 2564Additional flags to pass to 2565.Xr pppoed 8 . 2566.It Va pppoed_interface 2567.Pq Vt str 2568The network interface to run 2569.Xr pppoed 8 2570on. 2571This is mandatory when 2572.Va pppoed_enable 2573is set to 2574.Dq Li YES . 2575.It Va timed_enable 2576.Pq Vt bool 2577If set to 2578.Dq Li YES , 2579run the 2580.Xr timed 8 2581service at boot time. 2582This command is intended for networks of 2583machines where a consistent 2584.Dq "network time" 2585for all hosts must be established. 2586This is often useful in large NFS 2587environments where time stamps on files are expected to be consistent 2588network-wide. 2589.It Va timed_flags 2590.Pq Vt str 2591If 2592.Va timed_enable 2593is set to 2594.Dq Li YES , 2595these are the flags to pass to the 2596.Xr timed 8 2597service. 2598.It Va ntpdate_enable 2599.Pq Vt bool 2600If set to 2601.Dq Li YES , 2602run 2603.Xr ntpdate 8 2604at system startup. 2605This command is intended to 2606synchronize the system clock only 2607.Em once 2608from some standard reference. 2609.Pp 2610Note that the use of the 2611.Va ntpd_sync_on_start 2612variable is a preferred alternative to the 2613.Xr ntpdate 8 2614utility as 2615.Xr ntpdate 8 2616is to be retired from the NTP distribution. 2617.It Va ntpdate_config 2618.Pq Vt str 2619Configuration file for 2620.Xr ntpdate 8 . 2621Default 2622.Pa /etc/ntp.conf . 2623.It Va ntpdate_hosts 2624.Pq Vt str 2625A whitespace-separated list of NTP servers to synchronize with at startup. 2626The default is to use the servers listed in 2627.Va ntpdate_config , 2628if that file exists. 2629.It Va ntpdate_program 2630.Pq Vt str 2631Path to 2632.Xr ntpdate 8 2633(default 2634.Pa /usr/sbin/ntpdate ) . 2635.It Va ntpdate_flags 2636.Pq Vt str 2637If 2638.Va ntpdate_enable 2639is set to 2640.Dq Li YES , 2641these are the flags to pass to the 2642.Xr ntpdate 8 2643command (typically a hostname). 2644.It Va ntpd_enable 2645.Pq Vt bool 2646If set to 2647.Dq Li YES , 2648run the 2649.Xr ntpd 8 2650command at boot time. 2651.It Va ntpd_program 2652.Pq Vt str 2653Path to 2654.Xr ntpd 8 2655(default 2656.Pa /usr/sbin/ntpd ) . 2657.It Va ntpd_config 2658.Pq Vt str 2659Path to 2660.Xr ntpd 8 2661configuration file. 2662Default 2663.Pa /etc/ntp.conf . 2664.It Va ntpd_flags 2665.Pq Vt str 2666If 2667.Va ntpd_enable 2668is set to 2669.Dq Li YES , 2670these are the flags to pass to the 2671.Xr ntpd 8 2672daemon. 2673.It Va ntpd_sync_on_start 2674.Pq Vt bool 2675If set to 2676.Dq Li YES , 2677.Xr ntpd 8 2678is run with the 2679.Fl g 2680flag, which syncs the system's clock on startup. 2681See 2682.Xr ntpd 8 2683for more information regarding the 2684.Fl g 2685option. 2686This is a preferred alternative to using 2687.Xr ntpdate 8 2688or specifying the 2689.Va ntpdate_enable 2690variable. 2691.It Va nis_client_enable 2692.Pq Vt bool 2693If set to 2694.Dq Li YES , 2695run the 2696.Xr ypbind 8 2697service at system boot time. 2698.It Va nis_client_flags 2699.Pq Vt str 2700If 2701.Va nis_client_enable 2702is set to 2703.Dq Li YES , 2704these are the flags to pass to the 2705.Xr ypbind 8 2706service. 2707.It Va nis_ypldap_enable 2708.Pq Vt bool 2709If set to 2710.Dq Li YES , 2711run the 2712.Xr ypldap 8 2713daemon at system boot time. 2714.It Va nis_ypldap_flags 2715.Pq Vt str 2716If 2717.Va nis.ypldap_enable 2718is set to 2719.Dq Li YES , 2720these are the flags to pass to the 2721.Xr ypldap 8 2722daemon. 2723.It Va nis_ypset_enable 2724.Pq Vt bool 2725If set to 2726.Dq Li YES , 2727run the 2728.Xr ypset 8 2729daemon at system boot time. 2730.It Va nis_ypset_flags 2731.Pq Vt str 2732If 2733.Va nis_ypset_enable 2734is set to 2735.Dq Li YES , 2736these are the flags to pass to the 2737.Xr ypset 8 2738daemon. 2739.It Va nis_server_enable 2740.Pq Vt bool 2741If set to 2742.Dq Li YES , 2743run the 2744.Xr ypserv 8 2745daemon at system boot time. 2746.It Va nis_server_flags 2747.Pq Vt str 2748If 2749.Va nis_server_enable 2750is set to 2751.Dq Li YES , 2752these are the flags to pass to the 2753.Xr ypserv 8 2754daemon. 2755.It Va nis_ypxfrd_enable 2756.Pq Vt bool 2757If set to 2758.Dq Li YES , 2759run the 2760.Xr rpc.ypxfrd 8 2761daemon at system boot time. 2762.It Va nis_ypxfrd_flags 2763.Pq Vt str 2764If 2765.Va nis_ypxfrd_enable 2766is set to 2767.Dq Li YES , 2768these are the flags to pass to the 2769.Xr rpc.ypxfrd 8 2770daemon. 2771.It Va nis_yppasswdd_enable 2772.Pq Vt bool 2773If set to 2774.Dq Li YES , 2775run the 2776.Xr rpc.yppasswdd 8 2777daemon at system boot time. 2778.It Va nis_yppasswdd_flags 2779.Pq Vt str 2780If 2781.Va nis_yppasswdd_enable 2782is set to 2783.Dq Li YES , 2784these are the flags to pass to the 2785.Xr rpc.yppasswdd 8 2786daemon. 2787.It Va rpc_ypupdated_enable 2788.Pq Vt bool 2789If set to 2790.Dq Li YES , 2791run the 2792.Nm rpc.ypupdated 2793daemon at system boot time. 2794.It Va bsnmpd_enable 2795.Pq Vt bool 2796If set to 2797.Dq Li YES , 2798run the 2799.Xr bsnmpd 1 2800daemon at system boot time. 2801Be sure to understand the security implications of running SNMP daemon 2802on your host. 2803.It Va bsnmpd_flags 2804.Pq Vt str 2805If 2806.Va bsnmpd_enable 2807is set to 2808.Dq Li YES , 2809these are the flags to pass to the 2810.Xr bsnmpd 1 2811daemon. 2812.It Va defaultrouter 2813.Pq Vt str 2814If not set to 2815.Dq Li NO , 2816create a default route to this host name or IP address 2817(use an IP address if this router is also required to get to the 2818name server!). 2819.It Va ipv6_defaultrouter 2820.Pq Vt str 2821The IPv6 equivalent of 2822.Va defaultrouter . 2823.It Va static_arp_pairs 2824.Pq Vt str 2825Set to the list of static ARP pairs that are to be added at system 2826boot time. 2827For each whitespace separated 2828.Ar element 2829in the value, a 2830.Va static_arp_ Ns Aq Ar element 2831variable is assumed to exist whose contents will later be passed to a 2832.Dq Nm arp Cm -S 2833operation. 2834For example 2835.Bd -literal 2836static_arp_pairs="gw" 2837static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2838.Ed 2839.It Va static_ndp_pairs 2840.Pq Vt str 2841Set to the list of static NDP pairs that are to be added at system 2842boot time. 2843For each whitespace separated 2844.Ar element 2845in the value, a 2846.Va static_ndp_ Ns Aq Ar element 2847variable is assumed to exist whose contents will later be passed to a 2848.Dq Nm ndp Cm -s 2849operation. 2850For example 2851.Bd -literal 2852static_ndp_pairs="gw" 2853static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2854.Ed 2855.It Va static_routes 2856.Pq Vt str 2857Set to the list of static routes that are to be added at system 2858boot time. 2859If not set to 2860.Dq Li NO 2861then for each whitespace separated 2862.Ar element 2863in the value, a 2864.Va route_ Ns Aq Ar element 2865variable is assumed to exist 2866whose contents will later be passed to a 2867.Dq Nm route Cm add 2868operation. 2869For example: 2870.Bd -literal 2871static_routes="ext mcast:gif0 gif0local:gif0" 2872route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2873route_mcast="-net 224.0.0.0/4 -iface gif0" 2874route_gif0local="-host 169.254.1.1 -iface lo0" 2875.Ed 2876.Pp 2877When an 2878.Ar element 2879is in the form of 2880.Li name:ifname , 2881the route is specific to the interface 2882.Li ifname . 2883.It Va ipv6_static_routes 2884.Pq Vt str 2885The IPv6 equivalent of 2886.Va static_routes . 2887If not set to 2888.Dq Li NO 2889then for each whitespace separated 2890.Ar element 2891in the value, a 2892.Va ipv6_route_ Ns Aq Ar element 2893variable is assumed to exist 2894whose contents will later be passed to a 2895.Dq Nm route Cm add Fl inet6 2896operation. 2897.It Va gateway_enable 2898.Pq Vt bool 2899If set to 2900.Dq Li YES , 2901configure host to act as an IP router, e.g.\& to forward packets 2902between interfaces. 2903.It Va ipv6_gateway_enable 2904.Pq Vt bool 2905The IPv6 equivalent of 2906.Va gateway_enable . 2907.It Va routed_enable 2908.Pq Vt bool 2909If set to 2910.Dq Li YES , 2911run a routing daemon of some sort, based on the 2912settings of 2913.Va routed_program 2914and 2915.Va routed_flags . 2916.It Va route6d_enable 2917.Pq Vt bool 2918The IPv6 equivalent of 2919.Va routed_enable . 2920If set to 2921.Dq Li YES , 2922run a routing daemon of some sort, based on the 2923settings of 2924.Va route6d_program 2925and 2926.Va route6d_flags . 2927.It Va routed_program 2928.Pq Vt str 2929If 2930.Va routed_enable 2931is set to 2932.Dq Li YES , 2933this is the name of the routing daemon to use. 2934.It Va route6d_program 2935.Pq Vt str 2936The IPv6 equivalent of 2937.Va routed_program . 2938.It Va routed_flags 2939.Pq Vt str 2940If 2941.Va routed_enable 2942is set to 2943.Dq Li YES , 2944these are the flags to pass to the routing daemon. 2945.It Va route6d_flags 2946.Pq Vt str 2947The IPv6 equivalent of 2948.Va routed_flags . 2949.It Va rtadvd_enable 2950.Pq Vt bool 2951If set to 2952.Dq Li YES , 2953run the 2954.Xr rtadvd 8 2955daemon at boot time. 2956The 2957.Xr rtadvd 8 2958utility sends ICMPv6 Router Advertisement messages to 2959the interfaces specified in 2960.Va rtadvd_interfaces . 2961This should only be enabled with great care. 2962You may want to fine-tune 2963.Xr rtadvd.conf 5 . 2964.It Va rtadvd_interfaces 2965.Pq Vt str 2966If 2967.Va rtadvd_enable 2968is set to 2969.Dq Li YES 2970this is the list of interfaces to use. 2971.It Va arpproxy_all 2972.Pq Vt bool 2973If set to 2974.Dq Li YES , 2975enable global proxy ARP. 2976.It Va forward_sourceroute 2977.Pq Vt bool 2978If set to 2979.Dq Li YES 2980and 2981.Va gateway_enable 2982is also set to 2983.Dq Li YES , 2984source-routed packets are forwarded. 2985.It Va accept_sourceroute 2986.Pq Vt bool 2987If set to 2988.Dq Li YES , 2989the system will accept source-routed packets directed at it. 2990.It Va rarpd_enable 2991.Pq Vt bool 2992If set to 2993.Dq Li YES , 2994run the 2995.Xr rarpd 8 2996daemon at system boot time. 2997.It Va rarpd_flags 2998.Pq Vt str 2999If 3000.Va rarpd_enable 3001is set to 3002.Dq Li YES , 3003these are the flags to pass to the 3004.Xr rarpd 8 3005daemon. 3006.It Va bootparamd_enable 3007.Pq Vt bool 3008If set to 3009.Dq Li YES , 3010run the 3011.Xr bootparamd 8 3012daemon at system boot time. 3013.It Va bootparamd_flags 3014.Pq Vt str 3015If 3016.Va bootparamd_enable 3017is set to 3018.Dq Li YES , 3019these are the flags to pass to the 3020.Xr bootparamd 8 3021daemon. 3022.It Va stf_interface_ipv4addr 3023.Pq Vt str 3024If not set to 3025.Dq Li NO , 3026this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3027interface). 3028Specify this entry to enable the 6to4 interface. 3029.It Va stf_interface_ipv4plen 3030.Pq Vt int 3031Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3032An effective value is 0-31. 3033.It Va stf_interface_ipv6_ifid 3034.Pq Vt str 3035IPv6 interface ID for 3036.Xr stf 4 . 3037This can be set to 3038.Dq Li AUTO . 3039.It Va stf_interface_ipv6_slaid 3040.Pq Vt str 3041IPv6 Site Level Aggregator for 3042.Xr stf 4 . 3043.It Va ipv6_ipv4mapping 3044.Pq Vt bool 3045If set to 3046.Dq Li YES 3047this enables IPv4 mapped IPv6 address communication (like 3048.Li ::ffff:a.b.c.d ) . 3049.It Va rtsold_enable 3050.Pq Vt bool 3051Set to 3052.Dq Li YES 3053to enable the 3054.Xr rtsold 8 3055daemon to send ICMPv6 Router Solicitation messages. 3056.It Va rtsold_flags 3057.Pq Vt str 3058If 3059.Va rtsold_enable 3060is set to 3061.Dq Li YES , 3062these are the flags to pass to 3063.Xr rtsold 8 . 3064.It Va rtsol_flags 3065.Pq Vt str 3066For interfaces configured with the 3067.Dq Li inet6 accept_rtadv 3068keyword, these are the flags to pass to 3069.Xr rtsol 8 . 3070.Pp 3071Note that 3072.Va rtsold_enable 3073is mutually exclusive to 3074.Va rtsol_flags ; 3075.Va rtsold_enable 3076takes precedence. 3077.It Va keybell 3078.Pq Vt str 3079The keyboard bell sound. 3080Set to 3081.Dq Li normal , 3082.Dq Li visual , 3083.Dq Li off , 3084or 3085.Dq Li NO 3086if the default behavior is desired. 3087For details, refer to the 3088.Xr kbdcontrol 1 3089manpage. 3090.It Va keyboard 3091.Pq Vt str 3092If set to a non-null string, the virtual console's keyboard input is 3093set to this device. 3094.It Va keymap 3095.Pq Vt str 3096If set to 3097.Dq Li NO , 3098no keymap is installed, otherwise the value is used to install 3099the keymap file found in 3100.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3101(if using 3102.Xr syscons 4 ) or 3103.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3104(if using 3105.Xr vt 4 ) . 3106.It Va keyrate 3107.Pq Vt str 3108The keyboard repeat speed. 3109Set to 3110.Dq Li slow , 3111.Dq Li normal , 3112.Dq Li fast , 3113or 3114.Dq Li NO 3115if the default behavior is desired. 3116.It Va keychange 3117.Pq Vt str 3118If not set to 3119.Dq Li NO , 3120attempt to program the function keys with the value. 3121The value should 3122be a single string of the form: 3123.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3124.It Va cursor 3125.Pq Vt str 3126Can be set to the value of 3127.Dq Li normal , 3128.Dq Li blink , 3129.Dq Li destructive , 3130or 3131.Dq Li NO 3132to set the cursor behavior explicitly or choose the default behavior. 3133.It Va scrnmap 3134.Pq Vt str 3135If set to 3136.Dq Li NO , 3137no screen map is installed, otherwise the value is used to install 3138the screen map file in 3139.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3140This parameter is ignored when using 3141.Xr vt 4 3142as the console driver. 3143.It Va font8x16 3144.Pq Vt str 3145If set to 3146.Dq Li NO , 3147the default 8x16 font value is used for screen size requests, otherwise 3148the value in 3149.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3150or 3151.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3152is used (depending on the console driver being used). 3153.It Va font8x14 3154.Pq Vt str 3155If set to 3156.Dq Li NO , 3157the default 8x14 font value is used for screen size requests, otherwise 3158the value in 3159.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3160or 3161.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3162is used (depending on the console driver being used). 3163.It Va font8x8 3164.Pq Vt str 3165If set to 3166.Dq Li NO , 3167the default 8x8 font value is used for screen size requests, otherwise 3168the value in 3169.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3170or 3171.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3172is used (depending on the console driver being used). 3173.It Va blanktime 3174.Pq Vt int 3175If set to 3176.Dq Li NO , 3177the default screen blanking interval is used, otherwise it is set 3178to 3179.Ar value 3180seconds. 3181.It Va saver 3182.Pq Vt str 3183If not set to 3184.Dq Li NO , 3185this is the actual screen saver to use 3186.Li ( blank , snake , daemon , 3187etc). 3188.It Va moused_nondefault_enable 3189.Pq Vt str 3190If set to 3191.Dq Li NO , 3192the mouse device specified on 3193the command line is not automatically treated as enabled by the 3194.Pa /etc/rc.d/moused 3195script. 3196Having this variable set to 3197.Dq Li YES 3198allows a 3199.Xr usb 4 3200mouse, 3201for example, 3202to be enabled as soon as it is plugged in. 3203.It Va moused_enable 3204.Pq Vt str 3205If set to 3206.Dq Li YES , 3207the 3208.Xr moused 8 3209daemon is started for doing cut/paste selection on the console. 3210.It Va moused_type 3211.Pq Vt str 3212This is the protocol type of the mouse connected to this host. 3213This variable must be set if 3214.Va moused_enable 3215is set to 3216.Dq Li YES . 3217The 3218.Xr moused 8 3219daemon 3220is able to detect the appropriate mouse type automatically in many cases. 3221Set this variable to 3222.Dq Li auto 3223to let the daemon detect it, or 3224select one from the following list if the automatic detection fails. 3225.Pp 3226If the mouse is attached to the PS/2 mouse port, choose 3227.Dq Li auto 3228or 3229.Dq Li ps/2 , 3230regardless of the brand and model of the mouse. 3231Likewise, if the 3232mouse is attached to the bus mouse port, choose 3233.Dq Li auto 3234or 3235.Dq Li busmouse . 3236All other protocols are for serial mice and will not work with 3237the PS/2 and bus mice. 3238If this is a USB mouse, 3239.Dq Li auto 3240is the only protocol type which will work. 3241.Pp 3242.Bl -tag -width ".Li x10mouseremote" -compact 3243.It Li microsoft 3244Microsoft mouse (serial) 3245.It Li intellimouse 3246Microsoft IntelliMouse (serial) 3247.It Li mousesystems 3248Mouse systems Corp.\& mouse (serial) 3249.It Li mmseries 3250MM Series mouse (serial) 3251.It Li logitech 3252Logitech mouse (serial) 3253.It Li busmouse 3254A bus mouse 3255.It Li mouseman 3256Logitech MouseMan and TrackMan (serial) 3257.It Li glidepoint 3258ALPS GlidePoint (serial) 3259.It Li thinkingmouse 3260Kensington ThinkingMouse (serial) 3261.It Li ps/2 3262PS/2 mouse 3263.It Li mmhittab 3264MM HitTablet (serial) 3265.It Li x10mouseremote 3266X10 MouseRemote (serial) 3267.It Li versapad 3268Interlink VersaPad (serial) 3269.El 3270.Pp 3271Even if the mouse is not in the above list, it may be compatible 3272with one in the list. 3273Refer to the manual page for 3274.Xr moused 8 3275for compatibility information. 3276.Pp 3277It should also be noted that while this is enabled, any 3278other client of the mouse (such as an X server) should access 3279the mouse through the virtual mouse device, 3280.Pa /dev/sysmouse , 3281and configure it as a 3282.Dq Li sysmouse 3283type mouse, since all 3284mouse data is converted to this single canonical format when 3285using 3286.Xr moused 8 . 3287If the client program does not support the 3288.Dq Li sysmouse 3289type, 3290specify the 3291.Dq Li mousesystems 3292type. 3293It is the second preferred type. 3294.It Va moused_port 3295.Pq Vt str 3296If 3297.Va moused_enable 3298is set to 3299.Dq Li YES , 3300this is the actual port the mouse is on. 3301It might be 3302.Pa /dev/cuau0 3303for a COM1 serial mouse, or 3304.Pa /dev/psm0 3305for a PS/2 mouse, for example. 3306.It Va moused_flags 3307.Pq Vt str 3308If 3309.Va moused_flags 3310is set, its value is used as an additional set of flags to pass to the 3311.Xr moused 8 3312daemon. 3313.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3314When 3315.Va moused_nondefault_enable 3316is enabled, and a 3317.Xr moused 8 3318daemon is started for a non-default port, the 3319.Va "moused_" Ns Ar XXX Ns Va "_flags" 3320set of options has precedence over and replaces the default 3321.Va moused_flags 3322(where 3323.Ar XXX 3324is the name of the non-default port, i.e.,\& 3325.Ar ums0 ) . 3326By setting 3327.Va "moused_" Ns Ar XXX Ns Va "_flags" 3328it is possible to set up a different set of default flags for each 3329.Xr moused 8 3330instance. 3331For example, you can use 3332.Dq Li "-3" 3333for the default 3334.Va moused_flags 3335to make your laptop's touchpad more comfortable to use, 3336but an empty set of options for 3337.Va moused_ums0_flags 3338when your 3339.Xr usb 4 3340mouse has three or more buttons. 3341.It Va mousechar_start 3342.Pq Vt int 3343If set to 3344.Dq Li NO , 3345the default mouse cursor character range 3346.Li 0xd0 Ns - Ns Li 0xd3 3347is used, 3348otherwise the range start is set 3349to 3350.Ar value 3351character, see 3352.Xr vidcontrol 1 . 3353Use if the default range is occupied in the language code table. 3354.It Va allscreens_flags 3355.Pq Vt str 3356If set, 3357.Xr vidcontrol 1 3358is run with these options for each of the virtual terminals 3359.Pq Pa /dev/ttyv* . 3360For example, 3361.Dq Fl m Cm on 3362will enable the mouse pointer on all virtual terminals 3363if 3364.Va moused_enable 3365is set to 3366.Dq Li YES . 3367.It Va allscreens_kbdflags 3368.Pq Vt str 3369If set, 3370.Xr kbdcontrol 1 3371is run with these options for each of the virtual terminals 3372.Pq Pa /dev/ttyv* . 3373For example, 3374.Dq Fl h Li 200 3375will set the 3376.Xr syscons 4 3377or 3378.Xr vt 4 3379scrollback (history) buffer to 200 lines. 3380.It Va cron_enable 3381.Pq Vt bool 3382If set to 3383.Dq Li YES , 3384run the 3385.Xr cron 8 3386daemon at system boot time. 3387.It Va cron_program 3388.Pq Vt str 3389Path to 3390.Xr cron 8 3391(default 3392.Pa /usr/sbin/cron ) . 3393.It Va cron_flags 3394.Pq Vt str 3395If 3396.Va cron_enable 3397is set to 3398.Dq Li YES , 3399these are the flags to pass to 3400.Xr cron 8 . 3401.It Va cron_dst 3402.Pq Vt bool 3403If set to 3404.Dq Li YES , 3405enable the special handling of transitions to and from the 3406Daylight Saving Time in 3407.Xr cron 8 3408(equivalent to using the flag 3409.Fl s ) . 3410.It Va lpd_program 3411.Pq Vt str 3412Path to 3413.Xr lpd 8 3414(default 3415.Pa /usr/sbin/lpd ) . 3416.It Va lpd_enable 3417.Pq Vt bool 3418If set to 3419.Dq Li YES , 3420run the 3421.Xr lpd 8 3422daemon at system boot time. 3423.It Va lpd_flags 3424.Pq Vt str 3425If 3426.Va lpd_enable 3427is set to 3428.Dq Li YES , 3429these are the flags to pass to the 3430.Xr lpd 8 3431daemon. 3432.It Va chkprintcap_enable 3433.Pq Vt bool 3434If set to 3435.Dq Li YES , 3436run the 3437.Xr chkprintcap 8 3438command before starting the 3439.Xr lpd 8 3440daemon. 3441.It Va chkprintcap_flags 3442.Pq Vt str 3443If 3444.Va lpd_enable 3445and 3446.Va chkprintcap_enable 3447are set to 3448.Dq Li YES , 3449these are the flags to pass to the 3450.Xr chkprintcap 8 3451program. 3452The default is 3453.Dq Li -d , 3454which causes missing directories to be created. 3455.It Va mta_start_script 3456.Pq Vt str 3457This variable specifies the full path to the script to run to start 3458a mail transfer agent. 3459The default is 3460.Pa /etc/rc.sendmail . 3461The 3462.Va sendmail_* 3463variables which 3464.Pa /etc/rc.sendmail 3465uses are documented in the 3466.Xr rc.sendmail 8 3467manual page. 3468.It Va dumpdev 3469.Pq Vt str 3470Indicates the device (usually a swap partition) to which a crash dump 3471should be written in the event of a system crash. 3472If the value of this variable is 3473.Dq Li AUTO , 3474the first suitable swap device listed in 3475.Pa /etc/fstab 3476will be used as dump device. 3477Otherwise, the value of this variable is passed as the argument to 3478.Xr dumpon 8 . 3479To disable crash dumps, set this variable to 3480.Dq Li NO . 3481.It Va dumpon_flags 3482.Pq Vt str 3483Flags to pass to 3484.Xr dumpon 8 3485when configuring 3486.Va dumpdev 3487as the system dump device. 3488.It Va dumpdir 3489.Pq Vt str 3490When the system reboots after a crash and a crash dump is found on the 3491device specified by the 3492.Va dumpdev 3493variable, 3494.Xr savecore 8 3495will save that crash dump and a copy of the kernel to the directory 3496specified by the 3497.Va dumpdir 3498variable. 3499The default value is 3500.Pa /var/crash . 3501Set to 3502.Dq Li NO 3503to not run 3504.Xr savecore 8 3505at boot time when 3506.Va dumpdir 3507is set. 3508.It Va savecore_enable 3509.Pq Vt bool 3510If set to 3511.Dq Li NO , 3512disable automatic extraction of the crash dump from the 3513.Va dumpdev . 3514.It Va savecore_flags 3515.Pq Vt str 3516If crash dumps are enabled, these are the flags to pass to the 3517.Xr savecore 8 3518utility. 3519.It Va quota_enable 3520.Pq Vt bool 3521Set to 3522.Dq Li YES 3523to turn on user and group disk quotas on system startup via the 3524.Xr quotaon 8 3525command for all file systems marked as having quotas enabled in 3526.Pa /etc/fstab . 3527The kernel must be built with 3528.Cd "options QUOTA" 3529for disk quotas to function. 3530.It Va check_quotas 3531.Pq Vt bool 3532Set to 3533.Dq Li YES 3534to enable user and group disk quota checking via the 3535.Xr quotacheck 8 3536command. 3537.It Va quotacheck_flags 3538.Pq Vt str 3539If 3540.Va quota_enable 3541is set to 3542.Dq Li YES , 3543and 3544.Va check_quotas 3545is set to 3546.Dq Li YES , 3547these are the flags to pass to the 3548.Xr quotacheck 8 3549utility. 3550The default is 3551.Dq Li "-a" , 3552which checks quotas for all file systems with quotas enabled in 3553.Pa /etc/fstab . 3554.It Va quotaon_flags 3555.Pq Vt str 3556If 3557.Va quota_enable 3558is set to 3559.Dq Li YES , 3560these are the flags to pass to the 3561.Xr quotaon 8 3562utility. 3563The default is 3564.Dq Li "-a" , 3565which enables quotas for all file systems with quotas enabled in 3566.Pa /etc/fstab . 3567.It Va quotaoff_flags 3568.Pq Vt str 3569If 3570.Va quota_enable 3571is set to 3572.Dq Li YES , 3573these are the flags to pass to the 3574.Xr quotaoff 8 3575utility when shutting down the quota system. 3576The default is 3577.Dq Li "-a" , 3578which disables quotas for all file systems with quotas enabled in 3579.Pa /etc/fstab . 3580.It Va accounting_enable 3581.Pq Vt bool 3582Set to 3583.Dq Li YES 3584to enable system accounting through the 3585.Xr accton 8 3586facility. 3587.It Va firstboot_sentinel 3588.Pq Vt str 3589This variable specifies the full path to a 3590.Dq first boot 3591sentinel file. 3592If a file exists with this path, 3593.Pa rc.d 3594scripts with the 3595.Dq firstboot 3596keyword will be run on startup and the sentinel file will be deleted 3597after the boot process completes. 3598The sentinel file must be located on a writable file system which is 3599mounted no later than 3600.Va early_late_divider 3601to function properly. 3602The default is 3603.Pa /firstboot . 3604.It Va linux_enable 3605.Pq Vt bool 3606Set to 3607.Dq Li YES 3608to enable Linux/ELF binary emulation at system initial 3609boot time. 3610.It Va sysvipc_enable 3611.Pq Vt bool 3612If set to 3613.Dq Li YES , 3614load System V IPC primitives at boot time. 3615.It Va clear_tmp_enable 3616.Pq Vt bool 3617Set to 3618.Dq Li YES 3619to have 3620.Pa /tmp 3621cleaned at startup. 3622.It Va clear_tmp_X 3623.Pq Vt bool 3624Set to 3625.Dq Li NO 3626to disable removing of X11 lock files, 3627and the removal and (secure) recreation 3628of the various socket directories for X11 3629related programs. 3630.It Va ldconfig_paths 3631.Pq Vt str 3632Set to the list of shared library paths to use with 3633.Xr ldconfig 8 . 3634NOTE: 3635.Pa /usr/lib 3636will always be added first, so it need not appear in this list. 3637.It Va ldconfig32_paths 3638.Pq Vt str 3639Set to the list of 32-bit compatibility shared library paths to 3640use with 3641.Xr ldconfig 8 . 3642.It Va ldconfig_paths_aout 3643.Pq Vt str 3644Set to the list of shared library paths to use with 3645.Xr ldconfig 8 3646legacy 3647.Xr a.out 5 3648support. 3649.It Va ldconfig_insecure 3650.Pq Vt bool 3651The 3652.Xr ldconfig 8 3653utility normally refuses to use directories 3654which are writable by anyone except root. 3655Set this variable to 3656.Dq Li YES 3657to disable that security check during system startup. 3658.It Va ldconfig_local_dirs 3659.Pq Vt str 3660Set to the list of local 3661.Xr ldconfig 8 3662directories. 3663The names of all files in the directories listed will be 3664passed as arguments to 3665.Xr ldconfig 8 . 3666.It Va ldconfig_local32_dirs 3667.Pq Vt str 3668Set to the list of local 32-bit compatibility 3669.Xr ldconfig 8 3670directories. 3671The names of all files in the directories listed will be 3672passed as arguments to 3673.Dq Nm ldconfig Fl 32 . 3674.It Va kern_securelevel_enable 3675.Pq Vt bool 3676Set to 3677.Dq Li YES 3678to set the kernel security level at system startup. 3679.It Va kern_securelevel 3680.Pq Vt int 3681The kernel security level to set at startup. 3682The allowed range of 3683.Ar value 3684ranges from \-1 (the compile time default) to 3 (the 3685most secure). 3686See 3687.Xr security 7 3688for the list of possible security levels and their effect 3689on system operation. 3690.It Va sshd_program 3691.Pq Vt str 3692Path to the SSH server program 3693.Pa ( /usr/sbin/sshd 3694is the default). 3695.It Va sshd_enable 3696.Pq Vt bool 3697Set to 3698.Dq Li YES 3699to start 3700.Xr sshd 8 3701at system boot time. 3702.It Va sshd_flags 3703.Pq Vt str 3704If 3705.Va sshd_enable 3706is set to 3707.Dq Li YES , 3708these are the flags to pass to the 3709.Xr sshd 8 3710daemon. 3711.It Va ftpd_program 3712.Pq Vt str 3713Path to the FTP server program 3714.Pa ( /usr/libexec/ftpd 3715is the default). 3716.It Va ftpd_enable 3717.Pq Vt bool 3718Set to 3719.Dq Li YES 3720to start 3721.Xr ftpd 8 3722as a stand-alone daemon at system boot time. 3723.It Va ftpd_flags 3724.Pq Vt str 3725If 3726.Va ftpd_enable 3727is set to 3728.Dq Li YES , 3729these are the additional flags to pass to the 3730.Xr ftpd 8 3731daemon. 3732.It Va watchdogd_enable 3733.Pq Vt bool 3734If set to 3735.Dq Li YES , 3736start the 3737.Xr watchdogd 8 3738daemon at boot time. 3739This requires that the kernel have been compiled with a 3740.Xr watchdog 4 3741compatible device. 3742.It Va watchdogd_flags 3743.Pq Vt str 3744If 3745.Va watchdogd_enable 3746is set to 3747.Dq Li YES , 3748these are the flags passed to the 3749.Xr watchdogd 8 3750daemon. 3751.It Va watchdogd_timeout 3752.Pq Vt int 3753If 3754.Va watchdogd_enable 3755is set to 3756.Dq Li YES , 3757this is a timeout that will be used by the 3758.Xr watchdogd 8 3759daemon. 3760If this option is set, it overrides 3761.Fl t 3762in 3763.Va watchdogd_flags . 3764.It Va watchdogd_shutdown_timeout 3765.Pq Vt int 3766If 3767.Va watchdogd_enable 3768is set to 3769.Dq Li YES , 3770this is a timeout that will be set by the 3771.Xr watchdogd 8 3772daemon when it exits during the system shutdown. 3773This timeout will not be set when returning to the single-user mode 3774or when the watchdogd service is stopped individually using the 3775.Xr service 8 3776command or the rc.d script. 3777Note that the timeout will be applied if 3778.Xr watchdogd 8 3779is stopped outside of 3780.Xr rc 8 3781framework. 3782If this option is set, it overrides 3783.Fl x 3784in 3785.Va watchdogd_flags . 3786.It Va devfs_rulesets 3787.Pq Vt str 3788List of files containing sets of rules for 3789.Xr devfs 8 . 3790.It Va devfs_system_ruleset 3791.Pq Vt str 3792Rule name(s) to apply to the system 3793.Pa /dev 3794itself. 3795.It Va devfs_set_rulesets 3796.Pq Vt str 3797Pairs of already-mounted 3798.Pa dev 3799directories and rulesets that should be applied to them. 3800For example: /mount/dev=ruleset_name 3801.It Va devfs_load_rulesets 3802.Pq Vt bool 3803If set, always load the default rulesets listed in 3804.Va devfs_rulesets . 3805.It Va performance_cx_lowest 3806.Pq Vt str 3807CPU idle state to use while on AC power. 3808The string 3809.Dq Li LOW 3810indicates that 3811.Xr acpi 4 3812should use the lowest power state available while 3813.Dq Li HIGH 3814indicates that the lowest latency state (less power savings) should be used. 3815.It Va performance_cpu_freq 3816.Pq Vt str 3817CPU clock frequency to use while on AC power. 3818The string 3819.Dq Li LOW 3820indicates that 3821.Xr cpufreq 4 3822should use the lowest frequency available while 3823.Dq Li HIGH 3824indicates that the highest frequency (less power savings) should be used. 3825.It Va economy_cx_lowest 3826.Pq Vt str 3827CPU idle state to use when off AC power. 3828The string 3829.Dq Li LOW 3830indicates that 3831.Xr acpi 4 3832should use the lowest power state available while 3833.Dq Li HIGH 3834indicates that the lowest latency state (less power savings) should be used. 3835.It Va economy_cpu_freq 3836.Pq Vt str 3837CPU clock frequency to use when off AC power. 3838The string 3839.Dq Li LOW 3840indicates that 3841.Xr cpufreq 4 3842should use the lowest frequency available while 3843.Dq Li HIGH 3844indicates that the highest frequency (less power savings) should be used. 3845.It Va jail_enable 3846.Pq Vt bool 3847If set to 3848.Dq Li NO , 3849any configured jails will not be started. 3850.It Va jail_conf 3851.Pq Vt str 3852The configuration filename used by 3853.Xr jail 8 3854utility. 3855The default value is 3856.Pa /etc/jail.conf . 3857.It Va jail_parallel_start 3858.Pq Vt bool 3859If set to 3860.Dq Li YES , 3861all configured jails will be started in the background (in parallel). 3862.It Va jail_flags 3863.Pq Vt str 3864Unset by default. 3865When set, use as default value for 3866.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3867for every jail in 3868.Va jail_list . 3869.It Va jail_list 3870.Pq Vt str 3871A space-delimited list of jail names. 3872When left empty, all of the 3873.Xr jail 8 3874instances defined in the configuration file are started. 3875The names specified in this list control the jail startup order. 3876.Xr jail 8 3877instances missing from 3878.Va jail_list 3879must be started manually. 3880Note that a jail's 3881.Va depend 3882parameter in the configuration file may override this list. 3883.It Va jail_reverse_stop 3884.Pq Vt bool 3885When set to 3886.Dq Li YES , 3887all configured jails in 3888.Va jail_list 3889are stopped in reverse order. 3890.It Va jail_ Ns * variables 3891Note that older releases supported per-jail configuration via 3892.Nm 3893variables. 3894For example, 3895hostname of a jail named 3896.Li vjail 3897was able to be set by 3898.Li jail_vjail_hostname . 3899These per-jail configuration variables are now obsolete in favor of 3900.Xr jail 8 3901configuration file. 3902For backward compatibility, 3903when per-jail configuration variables are defined, 3904.Xr jail 8 3905configuration files are created as 3906.Pa /var/run/jail. Ns Ao Ar jname Ac Ns Pa .conf 3907and used. 3908.Pp 3909The following per-jail parameters are handled by 3910.Pa rc.d/jail 3911script out of their corresponding 3912.Nm 3913variables. 3914In addition to them, parameters in 3915.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3916will be added to the configuration file. 3917They must be a semi-colon 3918.Pq Ql \&; 3919delimited list of 3920.Dq key=value . 3921For more details, 3922see 3923.Xr jail 8 3924manual page. 3925.Bl -tag -width "host.hostname" -offset indent 3926.It Li path 3927set from 3928.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3929.It Li host.hostname 3930set from 3931.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3932.It Li exec.consolelog 3933set from 3934.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3935The default value is 3936.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3937.It Li interface 3938set from 3939.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3940.It Li vnet.interface 3941set from 3942.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3943This implies 3944.Li vnet 3945parameter will be enabled and cannot be specified with 3946.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3947.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3948and/or 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3950at the same time. 3951.It Li fstab 3952set from 3953.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3954.It Li mount 3955set from 3956.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3957.It Li exec.fib 3958set from 3959.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3960.It Li exec.start 3961set from 3962.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3963The parameter name was 3964.Li command 3965in some older releases. 3966.It Li exec.prestart 3967set from 3968.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3969.It Li exec.poststart 3970set from 3971.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3972.It Li exec.stop 3973set from 3974.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3975.It Li exec.prestop 3976set from 3977.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3978.It Li exec.poststop 3979set from 3980.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3981.It Li ip4.addr 3982set if 3983.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3984or 3985.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3986contain IPv4 addresses 3987.It Li ip6.addr 3988set if 3989.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3990or 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3992contain IPv6 addresses 3993.It Li allow.mount 3994set from 3995.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3996.It Li mount.devfs 3997set from 3998.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3999.It Li devfs_ruleset 4000set from 4001.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 4002This must be an integer, 4003not a string. 4004.It Li mount.fdescfs 4005set from 4006.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4007.It Li allow.set_hostname 4008set from 4009.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4010.It Li allow.rawsocket 4011set from 4012.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4013.It Li allow.sysvipc 4014set from 4015.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4016.El 4017.\" ----------------------------------------------------- 4018.It Va harvest_mask 4019.Pq Vt int 4020Set to a bit-mask 4021representing the entropy sources 4022you wish to harvest. 4023Refer to 4024.Xr random 4 4025for more information. 4026.It Va entropy_dir 4027.Pq Vt str 4028Set to 4029.Dq Li NO 4030to disable caching entropy via 4031.Xr cron 8 . 4032Otherwise set to the directory 4033in which the entropy files are stored. 4034To be useful, 4035there must be 4036a system cron job 4037that regularly writes and rotates 4038files here. 4039All files found 4040will be used at boot time. 4041The default is 4042.Pa /var/db/entropy . 4043.It Va entropy_file 4044.Pq Vt str 4045Set to 4046.Dq Li NO 4047to disable caching entropy through reboots. 4048Otherwise set to the name 4049of a file used to store cached entropy. 4050This file should be located 4051on a file system that is readable 4052before all the volumes specified in 4053.Xr fstab 5 4054are mounted. 4055By default, 4056.Pa /entropy 4057is used, 4058but if 4059.Pa /var/db/entropy-file 4060is found it will also be used. 4061This will be of some use to 4062.Xr bsdinstall 8 . 4063.It Va entropy_boot_file 4064.Pq Vt str 4065Set to 4066.Dq Li NO 4067to disable 4068very early caching entropy 4069through reboots. 4070Otherwise set to the filename 4071used to read 4072very early reboot cached entropy. 4073This file should be located where 4074.Xr loader 8 4075can read it. 4076See also 4077.Xr loader.conf 5 . 4078The default location is 4079.Pa /boot/entropy . 4080.It Va entropy_save_sz 4081.Pq Vt int 4082Size of the entropy cache files saved by 4083.Nm save-entropy 4084periodically. 4085.It Va entropy_save_num 4086.Pq Vt int 4087Number of entropy cache files to save by 4088.Nm save-entropy 4089periodically. 4090.It Va ipsec_enable 4091.Pq Vt bool 4092Set to 4093.Dq Li YES 4094to run 4095.Xr setkey 8 4096on 4097.Va ipsec_file 4098at boot time. 4099.It Va ipsec_file 4100.Pq Vt str 4101Configuration file for 4102.Xr setkey 8 . 4103.It Va dmesg_enable 4104.Pq Vt bool 4105Set to 4106.Dq Li YES 4107to save 4108.Xr dmesg 8 4109to 4110.Pa /var/run/dmesg.boot 4111on boot. 4112.It Va rcshutdown_timeout 4113.Pq Vt int 4114If set, start a watchdog timer in the background which will terminate 4115.Pa rc.shutdown 4116if 4117.Xr shutdown 8 4118has not completed within the specified time (in seconds). 4119Notice that in addition to this soft timeout, 4120.Xr init 8 4121also applies a hard timeout for the execution of 4122.Pa rc.shutdown . 4123This is configured via 4124.Xr sysctl 8 4125variable 4126.Va kern.init_shutdown_timeout 4127and defaults to 120 seconds. 4128Setting the value of 4129.Va rcshutdown_timeout 4130to more than 120 seconds will have no effect until the 4131.Xr sysctl 8 4132variable 4133.Va kern.init_shutdown_timeout 4134is also increased. 4135.It Va virecover_enable 4136.Pq Vt bool 4137Set to 4138.Dq Li NO 4139to prevent the system from trying to 4140recover pre-maturely terminated 4141.Xr vi 1 4142sessions. 4143.It Va ugidfw_enable 4144.Pq Vt bool 4145Set to 4146.Dq Li YES 4147to load the 4148.Xr mac_bsdextended 4 4149module upon system initialization and load a default 4150ruleset file. 4151.It Va bsdextended_script 4152.Pq Vt str 4153The default 4154.Xr mac_bsdextended 4 4155ruleset file to load. 4156The default value of this variable is 4157.Pa /etc/rc.bsdextended . 4158.It Va newsyslog_enable 4159.Pq Vt bool 4160If set to 4161.Dq Li YES , 4162run 4163.Xr newsyslog 8 4164command at startup. 4165.It Va newsyslog_flags 4166.Pq Vt str 4167If 4168.Va newsyslog_enable 4169is set to 4170.Dq Li YES , 4171these are the flags to pass to the 4172.Xr newsyslog 8 4173program. 4174The default is 4175.Dq Li -CN , 4176which causes log files flagged with a 4177.Cm C 4178to be created. 4179.It Va mdconfig_md Ns Aq Ar X 4180.Pq Vt str 4181Arguments to 4182.Xr mdconfig 8 4183for 4184.Xr md 4 4185device 4186.Ar X . 4187At minimum a 4188.Fl t Ar type 4189must be specified and either a 4190.Fl s Ar size 4191for malloc or swap backed 4192.Xr md 4 4193devices or a 4194.Fl f Ar file 4195for vnode backed 4196.Xr md 4 4197devices. 4198Note that 4199.Va mdconfig_md Ns Aq Ar X 4200variables are evaluated until one variable is unset or null. 4201.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4202.Pq Vt str 4203Optional arguments passed to 4204.Xr newfs 8 4205to initialize 4206.Xr md 4 4207device 4208.Ar X . 4209.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4210.Pq Vt str 4211An ownership specification passed to 4212.Xr chown 8 4213after the specified 4214.Xr md 4 4215device 4216.Ar X 4217has been mounted. 4218Both the 4219.Xr md 4 4220device and the mount point will be changed. 4221.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4222.Pq Vt str 4223A mode string passed to 4224.Xr chmod 1 4225after the specified 4226.Xr md 4 4227device 4228.Ar X 4229has been mounted. 4230Both the 4231.Xr md 4 4232device and the mount point will be changed. 4233.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4234.Pq Vt str 4235Files to be copied to the mount point of the 4236.Xr md 4 4237device 4238.Ar X 4239after it has been mounted. 4240.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4241.Pq Vt str 4242Command to execute after the specified 4243.Xr md 4 4244device 4245.Ar X 4246has been mounted. 4247Note that the command is passed to 4248.Ic eval 4249and that both 4250.Va _dev 4251and 4252.Va _mp 4253variables can be used to reference respectively the 4254.Xr md 4 4255device and the mount point. 4256Assuming that the 4257.Xr md 4 4258device is 4259.Li md0 , 4260one could set the following: 4261.Bd -literal 4262mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4263.Ed 4264.It Va autobridge_interfaces 4265.Pq Vt str 4266Set to the list of bridge interfaces that will have newly arriving interfaces 4267checked against to be automatically added. 4268If not set to 4269.Dq Li NO 4270then for each whitespace separated 4271.Ar element 4272in the value, a 4273.Va autobridge_ Ns Aq Ar element 4274variable is assumed to exist which has a whitespace separated list of interface 4275names to match, these names can use wildcards. 4276For example: 4277.Bd -literal 4278autobridge_interfaces="bridge0" 4279autobridge_bridge0="tap* dc0 vlan[345]" 4280.Ed 4281.It Va mixer_enable 4282.Pq Vt bool 4283If set to 4284.Dq Li YES , 4285enable support for sound mixer. 4286.It Va hcsecd_enable 4287.Pq Vt bool 4288If set to 4289.Dq Li YES , 4290enable Bluetooth security daemon. 4291.It Va hcsecd_config 4292.Pq Vt str 4293Configuration file for 4294.Xr hcsecd 8 . 4295Default 4296.Pa /etc/bluetooth/hcsecd.conf . 4297.It Va sdpd_enable 4298.Pq Vt bool 4299If set to 4300.Dq Li YES , 4301enable Bluetooth Service Discovery Protocol daemon. 4302.It Va sdpd_control 4303.Pq Vt str 4304Path to 4305.Xr sdpd 8 4306control socket. 4307Default 4308.Pa /var/run/sdp . 4309.It Va sdpd_groupname 4310.Pq Vt str 4311Sets 4312.Xr sdpd 8 4313group to run as after it initializes. 4314Default 4315.Dq Li nobody . 4316.It Va sdpd_username 4317.Pq Vt str 4318Sets 4319.Xr sdpd 8 4320user to run as after it initializes. 4321Default 4322.Dq Li nobody . 4323.It Va bthidd_enable 4324.Pq Vt bool 4325If set to 4326.Dq Li YES , 4327enable Bluetooth Human Interface Device daemon. 4328.It Va bthidd_config 4329.Pq Vt str 4330Configuration file for 4331.Xr bthidd 8 . 4332Default 4333.Pa /etc/bluetooth/bthidd.conf . 4334.It Va bthidd_hids 4335.Pq Vt str 4336Path to a file, where 4337.Xr bthidd 8 4338will store information about known HID devices. 4339Default 4340.Pa /var/db/bthidd.hids . 4341.It Va rfcomm_pppd_server_enable 4342.Pq Vt bool 4343If set to 4344.Dq Li YES , 4345enable Bluetooth RFCOMM PPP wrapper daemon. 4346.It Va rfcomm_pppd_server_profile 4347.Pq Vt str 4348The name of the profile to use from 4349.Pa /etc/ppp/ppp.conf . 4350Multiple profiles can be specified here. 4351Also used to specify per-profile overrides. 4352When the profile name contains any of the characters 4353.Dq Li .-/+ 4354they are translated to 4355.Dq Li _ 4356for the proposes of the override variable names. 4357.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4358.Pq Vt str 4359Overrides local address to listen on. 4360By default 4361.Xr rfcomm_pppd 8 4362will listen on 4363.Dq Li ANY 4364address. 4365The address can be specified as BD_ADDR or name. 4366.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4367.Pq Vt str 4368Overrides local RFCOMM channel to listen on. 4369By default 4370.Xr rfcomm_pppd 8 4371will listen on RFCOMM channel 1. 4372Must set properly if multiple profiles used in the same time. 4373.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4374.Pq Vt bool 4375Tells 4376.Xr rfcomm_pppd 8 4377if it should register Serial Port service on the specified RFCOMM channel. 4378Default 4379.Dq Li NO . 4380.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4381.Pq Vt bool 4382Tells 4383.Xr rfcomm_pppd 8 4384if it should register Dial-Up Networking service on the specified 4385RFCOMM channel. 4386Default 4387.Dq Li NO . 4388.It Va ubthidhci_enable 4389.Pq Vt bool 4390If set to 4391.Dq Li YES , 4392change the USB Bluetooth controller from HID mode to HCI mode. 4393You also need to specify the location of USB Bluetooth controller with the 4394.Va ubthidhci_busnum 4395and 4396.Va ubthidhci_addr 4397variables. 4398.It Va ubthidhci_busnum 4399Bus number where the USB Bluetooth controller is located. 4400Check the output of 4401.Xr usbconfig 8 4402on your system to find this information. 4403.It Va ubthidhci_addr 4404Bus address of the USB Bluetooth controller. 4405Check the output of 4406.Xr usbconfig 8 4407on your system to find this information. 4408.It Va netwait_enable 4409.Pq Vt bool 4410If set to 4411.Dq Li YES , 4412delays the start of network-reliant services until 4413.Va netwait_if 4414is up and ICMP packets to a destination defined in 4415.Va netwait_ip 4416are flowing. 4417Link state is examined first, followed by 4418.Dq Li pinging 4419an IP address to verify network usability. 4420If no destination can be reached or timeouts are exceeded, 4421network services are started anyway with no guarantee that 4422the network is usable. 4423Use of this variable requires both 4424.Va netwait_ip 4425and 4426.Va netwait_if 4427to be set. 4428.It Va netwait_ip 4429.Pq Vt str 4430Empty by default. 4431This variable contains a space-delimited list of IP addresses to 4432.Xr ping 8 . 4433DNS hostnames should not be used as resolution is not guaranteed 4434to be functional at this point. 4435If multiple IP addresses are specified, 4436each will be tried until one is successful or the list is exhausted. 4437.It Va netwait_timeout 4438.Pq Vt int 4439Indicates the total number of seconds to perform a 4440.Dq Li ping 4441against each IP address in 4442.Va netwait_ip , 4443at a rate of one ping per second. 4444If any of the pings are successful, 4445full network connectivity is considered reliable. 4446The default is 60. 4447.It Va netwait_if 4448.Pq Vt str 4449Empty by default. 4450Defines the name of the network interface on which watch for link. 4451.Xr ifconfig 8 4452is used to monitor the interface, looking for 4453.Dq Li status: no carrier . 4454Once gone, the link is considered up. 4455This can be a 4456.Xr vlan 4 4457interface if desired. 4458.It Va netwait_if_timeout 4459.Pq Vt int 4460Defines the total number of seconds to wait for link to become usable, 4461polled at a 1-second interval. 4462The default is 30. 4463.It Va rctl_enable 4464.Pq Vt bool 4465If set to 4466.Dq Li YES , 4467load 4468.Xr rctl 8 4469rules from the defined ruleset. 4470The kernel must be built with 4471.Cd "options RACCT" 4472and 4473.Cd "options RCTL" . 4474.It Va rctl_rules 4475.Pq Vt str 4476Set to 4477.Pa /etc/rctl.conf 4478by default. 4479This variables contains the 4480.Xr rctl.conf 5 4481ruleset to load for 4482.Xr rctl 8 . 4483.It Va iovctl_files 4484.Pq Vt str 4485A space-separated list of configuration files used by 4486.Xr iovctl 8 . 4487The default value is an empty string. 4488.It Va autofs_enable 4489.Pq Vt bool 4490If set to 4491.Dq Li YES , 4492start the 4493.Xr automount 8 4494utility and the 4495.Xr automountd 8 4496and 4497.Xr autounmountd 8 4498daemons at boot time. 4499.It Va automount_flags 4500.Pq Vt str 4501If 4502.Va autofs_enable 4503is set to 4504.Dq Li YES , 4505these are the flags to pass to the 4506.Xr automount 8 4507program. 4508By default no flags are passed. 4509.It Va automountd_flags 4510.Pq Vt str 4511If 4512.Va autofs_enable 4513is set to 4514.Dq Li YES , 4515these are the flags to pass to the 4516.Xr automountd 8 4517daemon. 4518By default no flags are passed. 4519.It Va autounmountd_flags 4520.Pq Vt str 4521If 4522.Va autofs_enable 4523is set to 4524.Dq Li YES , 4525these are the flags to pass to the 4526.Xr autounmountd 8 4527daemon. 4528By default no flags are passed. 4529.It Va ctld_enable 4530.Pq Vt bool 4531If set to 4532.Dq Li YES , 4533start the 4534.Xr ctld 8 4535daemon at boot time. 4536.It Va iscsid_enable 4537.Pq Vt bool 4538If set to 4539.Dq Li YES , 4540start the 4541.Xr iscsid 8 4542daemon at boot time. 4543.It Va iscsictl_enable 4544.Pq Vt bool 4545If set to 4546.Dq Li YES , 4547start the 4548.Xr iscsictl 8 4549utility at boot time. 4550.It Va iscsictl_flags 4551.Pq Vt str 4552If 4553.Va iscsictl_enable 4554is set to 4555.Dq Li YES , 4556these are the flags to pass to the 4557.Xr iscsictl 8 4558program. 4559The default is 4560.Dq Li -Aa , 4561which configures sessions based on the 4562.Pa /etc/iscsi.conf 4563configuration file. 4564.It Va cfumass_enable 4565.Pq Vt bool 4566If set to 4567.Dq Li YES , 4568create and export an USB LUN using 4569.Xr cfumass 4 4570at boot time. 4571.It Va cfumass_dir 4572.Pq Vt str 4573The directory where the files exported by USB LUN are located. 4574The default directory is 4575.Pa /var/cfumass . 4576.It Va service_delete_empty 4577.Pq Vt bool 4578If set to 4579.Dq Li YES , 4580.Ql Li service delete 4581removes empty 4582.Dq Li rc.conf.d 4583files. 4584.El 4585.Sh FILES 4586.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4587.It Pa /etc/defaults/rc.conf 4588.It Pa /etc/rc.conf 4589.It Pa /etc/rc.conf.local 4590.El 4591.Sh SEE ALSO 4592.Xr chmod 1 , 4593.Xr gdb 1 , 4594.Xr info 1 , 4595.Xr kbdcontrol 1 , 4596.Xr makewhatis 1 , 4597.Xr sh 1 , 4598.Xr vi 1 , 4599.Xr vidcontrol 1 , 4600.Xr bridge 4 , 4601.Xr dummynet 4 , 4602.Xr ip 4 , 4603.Xr ipf 4 , 4604.Xr ipfw 4 , 4605.Xr ipnat 4 , 4606.Xr kld 4 , 4607.Xr pf 4 , 4608.Xr pflog 4 , 4609.Xr pfsync 4 , 4610.Xr tcp 4 , 4611.Xr udp 4 , 4612.Xr exports 5 , 4613.Xr fstab 5 , 4614.Xr ipf 5 , 4615.Xr ipnat 5 , 4616.Xr jail.conf 5 , 4617.Xr loader.conf 5 , 4618.Xr motd 5 , 4619.Xr newsyslog.conf 5 , 4620.Xr pf.conf 5 , 4621.Xr security 7 , 4622.Xr accton 8 , 4623.Xr amd 8 , 4624.Xr apm 8 , 4625.Xr bsdinstall 8 , 4626.Xr bthidd 8 , 4627.Xr chkprintcap 8 , 4628.Xr chown 8 , 4629.Xr cron 8 , 4630.Xr devfs 8 , 4631.Xr dhclient 8 , 4632.Xr ftpd 8 , 4633.Xr geli 8 , 4634.Xr hcsecd 8 , 4635.Xr ifconfig 8 , 4636.Xr inetd 8 , 4637.Xr iovctl 8 , 4638.Xr ipf 8 , 4639.Xr ipfw 8 , 4640.Xr ipnat 8 , 4641.Xr jail 8 , 4642.Xr kldxref 8 , 4643.Xr loader 8 , 4644.Xr lpd 8 , 4645.Xr mdconfig 8 , 4646.Xr mdmfs 8 , 4647.Xr mixer 8 , 4648.Xr mountd 8 , 4649.Xr moused 8 , 4650.Xr newfs 8 , 4651.Xr newsyslog 8 , 4652.Xr nfsd 8 , 4653.Xr ntpd 8 , 4654.Xr ntpdate 8 , 4655.Xr pfctl 8 , 4656.Xr pflogd 8 , 4657.Xr ping 8 , 4658.Xr powerd 8 , 4659.Xr quotacheck 8 , 4660.Xr quotaon 8 , 4661.Xr rc 8 , 4662.Xr rc.sendmail 8 , 4663.Xr rfcomm_pppd 8 , 4664.Xr route 8 , 4665.Xr routed 8 , 4666.Xr rpc.lockd 8 , 4667.Xr rpc.statd 8 , 4668.Xr rpcbind 8 , 4669.Xr rwhod 8 , 4670.Xr savecore 8 , 4671.Xr sdpd 8 , 4672.Xr service 8 , 4673.Xr sshd 8 , 4674.Xr swapon 8 , 4675.Xr sysctl 8 , 4676.Xr syslogd 8 , 4677.Xr sysrc 8 , 4678.Xr timed 8 , 4679.Xr unbound 8 , 4680.Xr usbconfig 8 , 4681.Xr wlandebug 8 , 4682.Xr yp 8 , 4683.Xr ypbind 8 , 4684.Xr ypserv 8 , 4685.Xr ypset 8 4686.Sh HISTORY 4687The 4688.Nm 4689file appeared in 4690.Fx 2.2.2 . 4691.Sh AUTHORS 4692.An Jordan K. Hubbard . 4693