xref: /freebsd/share/man/man5/rc.conf.5 (revision 78cd75393ec79565c63927bf200f06f839a1dc05)
1.\" Copyright (c) 1995
2.\"	Jordan K. Hubbard
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.Dd November 13, 2023
26.Dt RC.CONF 5
27.Os
28.Sh NAME
29.Nm rc.conf
30.Nd system configuration information
31.Sh DESCRIPTION
32The file
33.Nm
34contains descriptive information about the local host name, configuration
35details for any potential network interfaces and which services should be
36started up at system initial boot time.
37In new installations, the
38.Nm
39file is generally initialized by the system installation utility.
40.Pp
41The purpose of
42.Nm
43is not to run commands or perform system startup actions
44directly.
45Instead, it is included by the
46various generic startup scripts in
47.Pa /etc
48which conditionalize their
49internal actions according to the settings found there.
50.Pp
51The
52.Pa /etc/rc.conf
53file is included from the file
54.Pa /etc/defaults/rc.conf ,
55which specifies the default settings for all the available options.
56Options need only be specified in
57.Pa /etc/rc.conf
58when the system administrator wishes to override these defaults.
59The file
60.Pa /etc/defaults/vendor.conf
61allows vendors to override
62.Fx
63defaults.
64The file
65.Pa /etc/rc.conf.local
66is used to override settings in
67.Pa /etc/rc.conf
68for historical reasons.
69.Pp
70The sysrc(8) command provides a scripting interface to modify system
71config files.
72.Pp
73In addition to
74.Pa /etc/rc.conf.local
75you can also place smaller configuration files for each
76.Xr rc 8
77script in the
78.Pa /etc/rc.conf.d
79directory or
80.Ao Ar dir Ac Ns Pa /rc.conf.d
81directories (where
82.Ao Ar dir Ac
83is each entry specified in
84.Va local_startup ,
85but with any trailing
86.Pa /rc.d
87stripped),
88which will be included by the
89.Va load_rc_config
90function.
91For jail configurations you could use the file
92.Pa /etc/rc.conf.d/jail
93to store jail-specific configuration options.
94If
95.Va local_startup
96contains
97.Pa /usr/local/etc/rc.d
98and
99.Pa /opt/conf ,
100.Pa /usr/local/etc/rc.conf.d/jail
101and
102.Pa /opt/conf/rc.conf.d/jail
103will be loaded.
104If
105.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac
106is a directory,
107all of the files in the directory will be loaded.
108Also see the
109.Va rc_conf_files
110variable below.
111.Pp
112Options are set with
113.Dq Ar name Ns Li = Ns Ar value
114assignments that use
115.Xr sh 1
116syntax.
117The following list provides a name and short description for each
118variable that can be set in the
119.Nm
120file:
121.Bl -tag -width indent-two
122.It Va rc_debug
123.Pq Vt bool
124If set to
125.Dq Li YES ,
126enable output of debug messages from rc scripts.
127This variable can be helpful in diagnosing mistakes when
128editing or integrating new scripts.
129Beware that this produces copious output to the terminal and
130.Xr syslog 3 .
131.It Va rc_info
132.Pq Vt bool
133If set to
134.Dq Li NO ,
135disable informational messages from the rc scripts.
136Informational messages are displayed when
137a condition that is not serious enough to warrant a warning or
138an error occurs.
139.It Va rc_startmsgs
140.Pq Vt bool
141If set to
142.Dq Li YES ,
143show
144.Dq Starting foo:
145when faststart is used (e.g., at boot time).
146.It Va early_late_divider
147.Pq Vt str
148The name of the script that should be used as the
149delimiter between the
150.Dq early
151and
152.Dq late
153stages of the boot process.
154The early stage should contain all the services needed to
155get the disks (local or remote) mounted so that the late
156stage can include scripts contained in the directories
157listed in the
158.Va local_startup
159variable (see below).
160Thus, the two likely candidates for this value are
161.Pa mountcritlocal
162for the typical system, and
163.Pa mountcritremote
164if the system needs remote file
165systems mounted to get access to the
166.Va local_startup
167directories; for example when
168.Pa /usr/local
169is NFS mounted.
170For
171.Pa rc.conf
172within a
173.Xr jail 8
174.Pa NETWORKING
175is likely to be an appropriate value.
176Extreme care should be taken when changing this value,
177and before changing it one should ensure that there are
178adequate provisions to recover from a failed boot
179(such as physical contact with the machine,
180or reliable remote console access).
181.It Va always_force_depends
182.Pq Vt bool
183Various
184.Pa rc.d
185scripts use the force_depend function to check whether required
186services are already running, and to start them if necessary.
187By default during boot time this check is bypassed if the
188required service is enabled in
189.Pa /etc/rc.conf[.local] .
190Setting this option will bypass that check at boot time and
191always test whether or not the service is actually running.
192Enabling this option is likely to increase your boot time if
193services are enabled that utilize the force_depend check.
194.It Ao Ar name Ac Ns Va _chroot
195.Pq Vt str
196.Xr chroot 8
197to this directory before running the service.
198.It Ao Ar name Ac Ns Va _cpuset
199.Pq Vt str
200A list of CPUs to run the service on.
201Passed to
202.Xr cpuset 1
203using the
204.Fl l
205flag.
206.It Ao Ar name Ac Ns Va _fib
207.Pq Vt int
208The
209.Xr setfib 1
210value to run the service under.
211.It Ao Ar name Ac Ns Va _group
212.Pq Vt str
213Run the chrooted service under this system group.
214Unlike the
215.Ao Ar name Ac Ns Va _user
216setting, this setting has no effect if the service is not chrooted.
217.It Ao Ar name Ac Ns Va _limits
218.Pq Vt str
219Resource limits to apply to the service using
220.Xr limits 1 .
221By default, resource limits are based on the login class defined in
222.Ao Ar name Ac Ns Va _login_class .
223.It Ao Ar name Ac Ns Va _login_class
224.Pq Vt str
225Login class to be used with
226.Ao Ar name Ac Ns Va _limits .
227Defaults to
228.Dq Li daemon .
229.It Ao Ar name Ac Ns Va _nice
230.Pq Vt int
231The
232.Xr nice 1
233value to run the service under.
234.It Ao Ar name Ac Ns Va _oomprotect
235.Pq Vt str
236Use
237.Xr protect 1
238to prevent the service from being killed when swap space
239is exhausted.
240Use
241.Dq Li YES
242to protect only the service itself, and
243.Dq Li ALL
244to protect the service and all its child processes.
245.Pp
246Please note that rc scripts which redefine
247.Dl ${argument}_cmd
248.Pq see Xr rc.subr 8
249such as PostgreSQL will not inherit the OOM killer protection.
250.Pp
251This variable has no effect on services running within a
252.Xr jail 8 .
253.It Ao Ar name Ac Ns Va _setup
254.Pq Vt str
255Run the specified setup script right before starting the actual service
256command.
257Useful for automatic configuration file generation.
258.It Ao Ar name Ac Ns Va _umask
259.Pq Vt int
260Run the service using this
261.Xr umask 1
262value.
263.It Ao Ar name Ac Ns Va _user
264.Pq Vt str
265Run the service under this user account.
266.It Va apm_enable
267.Pq Vt bool
268If set to
269.Dq Li YES ,
270enable support for Automatic Power Management with
271the
272.Xr apm 8
273command.
274.It Va apmd_enable
275.Pq Vt bool
276Run
277.Xr apmd 8
278to handle APM event from userland.
279This also enables support for APM.
280.It Va apmd_flags
281.Pq Vt str
282If
283.Va apmd_enable
284is set to
285.Dq Li YES ,
286these are the flags to pass to the
287.Xr apmd 8
288daemon.
289.It Va devd_enable
290.Pq Vt bool
291Run
292.Xr devd 8
293to handle device added, removed or unknown events from the kernel.
294.It Va ddb_enable
295.Pq Vt bool
296Run
297.Xr ddb 8
298to install
299.Xr ddb 4
300scripts at boot time.
301.It Va ddb_config
302.Pq Vt str
303Configuration file for
304.Xr ddb 8 .
305Default
306.Pa /etc/ddb.conf .
307.It Va devmatch_enable
308.Pq Vt bool
309If set to
310.Dq Li NO ,
311disable auto-loading of kernel modules with
312.Xr devmatch 8 .
313.It Va devmatch_blocklist
314.Pq Vt str
315A whitespace-separated list of kernel modules to be ignored by
316.Xr devmatch 8 .
317In addition, the
318.Xr kenv 1
319.Va devmatch_blocklist
320is appended to this variable to allow disabling of
321.Xr devmatch 8
322loaded modules from the boot loader.
323.It Va devmatch_blacklist
324.Pq Vt str
325This variable is deprecated.
326Use
327.Va devmatch_blocklist
328instead.
329A whitespace-separated list of kernel modules to be ignored by
330.Xr devmatch 8 .
331.It Va kld_list
332.Pq Vt str
333A whitespace-separated list of kernel modules to load right after
334the local disks are mounted, without any
335.Pa .ko
336extension or path.
337Loading modules at this point in the boot process is
338much faster than doing it via
339.Pa /boot/loader.conf
340for those modules not necessary for mounting local disks.
341.It Va kldxref_enable
342.Pq Vt bool
343Set to
344.Dq Li NO
345by default.
346Set to
347.Dq Li YES
348to automatically rebuild
349.Pa linker.hints
350files with
351.Xr kldxref 8
352at boot time.
353.It Va kldxref_clobber
354.Pq Vt bool
355Set to
356.Dq Li NO
357by default.
358If
359.Va kldxref_enable
360is true,
361setting to
362.Dq Li YES
363will overwrite existing
364.Pa linker.hints
365files at boot time.
366Otherwise,
367only missing
368.Pa linker.hints
369files are generated.
370.It Va kldxref_module_path
371.Pq Vt str
372Empty by default.
373A semi-colon
374.Pq Ql \&;
375delimited list of paths containing
376.Xr kld 4
377modules.
378If empty,
379the contents of the
380.Va kern.module_path
381.Xr sysctl 8
382are used.
383.It Va powerd_enable
384.Pq Vt bool
385If set to
386.Dq Li YES ,
387enable the system power control facility with the
388.Xr powerd 8
389daemon.
390.It Va powerd_flags
391.Pq Vt str
392If
393.Va powerd_enable
394is set to
395.Dq Li YES ,
396these are the flags to pass to the
397.Xr powerd 8
398daemon.
399.It Va tmpmfs
400Controls the creation of a
401.Pa /tmp
402memory file system.
403Always happens if set to
404.Dq Li YES
405and never happens if set to
406.Dq Li NO .
407If set to anything else, a memory file system is created if
408.Pa /tmp
409is not writable.
410.It Va tmpsize
411Controls the size of a created
412.Pa /tmp
413memory file system.
414.It Va tmpmfs_flags
415Extra options passed to the
416.Xr mdmfs 8
417utility when the memory file system for
418.Pa /tmp
419is created.
420The default is
421.Dq Li "-S" ,
422which inhibits the use of softupdates on
423.Pa /tmp
424so that file system space is freed without delay
425after file truncation or deletion.
426See
427.Xr mdmfs 8
428for other options you can use in
429.Va tmpmfs_flags .
430.It Va varmfs
431Controls the creation of a
432.Pa /var
433memory file system.
434Always happens if set to
435.Dq Li YES
436and never happens if set to
437.Dq Li NO .
438If set to anything else, a memory file system is created if
439.Pa /var
440is not writable.
441.It Va varsize
442Controls the size of a created
443.Pa /var
444memory file system.
445.It Va varmfs_flags
446Extra options passed to the
447.Xr mdmfs 8
448utility when the memory file system for
449.Pa /var
450is created.
451The default is
452.Dq Li "-S" ,
453which inhibits the use of softupdates on
454.Pa /var
455so that file system space is freed without delay
456after file truncation or deletion.
457See
458.Xr mdmfs 8
459for other options you can use in
460.Va varmfs_flags .
461.It Va populate_var
462Controls the automatic population of the
463.Pa /var
464file system.
465Always happens if set to
466.Dq Li YES
467and never happens if set to
468.Dq Li NO .
469If set to anything else, a memory file system is created if
470.Pa /var
471is not writable.
472Note that this process requires access to certain commands in
473.Pa /usr
474before
475.Pa /usr
476is mounted on normal systems.
477.It Va cleanvar_enable
478.Pq Vt bool
479Clean the
480.Pa /var
481directory.
482.It Va var_run_enable
483.Pq Vt bool
484Set to "YES" to enable saving of the
485.Pa /var/run
486directory structure into an mtree file at shutdown and the reload of the
487.Pa /var/run
488directory structure at boot.
489.It Va var_run_autosave
490.Pq Vt bool
491In some cases it may be undesirable to save
492.Pa /var/run
493at shutdown.
494When set to "NO"
495.Pa /var/run
496is loaded at reboot but not saved at shutdown.
497Typically in this scenario
498.Ql service var_run save
499would be performed to save a copy of the
500.Pa /var/run
501directory structure once, to be reloaded during all subsequent reboots.
502.It Va var_run_mtree
503.Pq Vt str
504Where to save the
505.Pa /var/run
506mtree.
507The default location is
508.Pa /var/db/mtree/BSD.var-run.mtree .
509.It Va local_startup
510.Pq Vt str
511List of directories to search for startup script files.
512.It Va script_name_sep
513.Pq Vt str
514The field separator to use for breaking down the list of startup script files
515into individual filenames.
516The default is a space.
517It is not necessary to change this unless there are startup scripts with names
518containing spaces.
519.It Va hostapd_enable
520.Pq Vt bool
521Set to
522.Dq Li YES
523to start
524.Xr hostapd 8
525at system boot time.
526.It Va hostname
527.Pq Vt str
528The fully qualified domain name (FQDN) of this host on the network.
529This should almost certainly be set to something meaningful, even if
530there is no network connection.
531If
532.Xr dhclient 8
533is used to set the hostname via DHCP,
534this variable should be set to an empty string.
535Within a
536.Xr jail 8
537the hostname is generally already set and this variable may be absent.
538If this value remains unset when the system is done booting
539your console login will display the default hostname of
540.Dq Amnesiac .
541.It Va nisdomainname
542.Pq Vt str
543The NIS domain name of this host, or
544.Dq Li NO
545if NIS is not used.
546.It Va hostid_enable
547.Pq Vt bool
548If set to
549.Dq Li NO ,
550disable the generation or saving of the
551.Pa hostid
552and
553.Pa machine-id
554files at system boot and shutdown.
555.It Va hostid_file
556.Pq Vt str
557Path to the
558.Pa hostid
559file, default
560.Pa /etc/hostid .
561.It Va hostid_uuidgen_flags
562.Pq Vt str
563Flags passed to
564.Xr uuidgen 1
565when generating a software host UUID.
566This is used only if the system cannot determine a hardware UUID.
567Set to
568.Dq Li -r
569by default.
570.It Va machine_id_file
571.Pq Vt str
572Path to the
573.Pa machine-id
574file, default
575.Pa /etc/machine-id .
576.It Va dhclient_program
577.Pq Vt str
578Path to the DHCP client program, defaulting to
579.Pa /sbin/dhclient .
580.It Va dhclient_flags
581.Pq Vt str
582Additional flags to pass to the DHCP client program.
583See the
584.Xr dhclient 8
585manpage for a description of the command line options available.
586.It Va dhclient_flags_ Ns Aq Ar iface
587Additional flags to pass to the DHCP client program running on
588.Ar iface
589only.
590When specified, this variable overrides
591.Va dhclient_flags .
592.It Va background_dhclient
593.Pq Vt bool
594Set to
595.Dq Li YES
596to start the DHCP client in background.
597This can cause trouble with applications depending on
598a working network, but it will provide a faster startup
599in many cases.
600.It Va background_dhclient_ Ns Aq Ar iface
601When specified, this variable overrides the
602.Va background_dhclient
603variable for interface
604.Ar iface
605only.
606.It Va synchronous_dhclient
607.Pq Vt bool
608Set to
609.Dq Li YES
610to start
611.Xr dhclient 8
612synchronously at startup.
613This behavior can be overridden on a per-interface basis by replacing
614the
615.Dq Li DHCP
616keyword in the
617.Va ifconfig_ Ns Aq Ar interface
618variable with
619.Dq Li SYNCDHCP
620or
621.Dq Li NOSYNCDHCP .
622.It Va defaultroute_delay
623.Pq Vt int
624When set to a positive value, wait up to this long after configuring
625DHCP interfaces at startup to give the interfaces time to receive a lease.
626.It Va firewall_enable
627.Pq Vt bool
628Set to
629.Dq Li YES
630to load firewall rules at startup.
631If the kernel was not built with
632.Cd "options IPFIREWALL" ,
633the
634.Pa ipfw.ko
635kernel module will be loaded.
636See also
637.Va ipfilter_enable .
638.It Va firewall_script
639.Pq Vt str
640This variable specifies the full path to the firewall script to run.
641The default is
642.Pa /etc/rc.firewall .
643.It Va firewall_type
644.Pq Vt str
645Names the firewall type from the selection in
646.Pa /etc/rc.firewall ,
647or the file which contains the local firewall ruleset.
648Valid selections from
649.Pa /etc/rc.firewall
650are:
651.Pp
652.Bl -tag -width ".Li workstation" -compact
653.It Li open
654unrestricted IP access
655.It Li closed
656all IP services disabled, except via
657.Dq Li lo0
658.It Li client
659basic protection for a workstation
660.It Li workstation
661basic protection for a workstation using stateful firewalling
662.It Li simple
663basic protection for a LAN.
664.El
665.Pp
666If a filename is specified, the full path
667must be given.
668.Pp
669Most of the predefined rulesets define additional configuration variables.
670These are documented in
671.Pa /etc/rc.firewall .
672.It Va firewall_quiet
673.Pq Vt bool
674Set to
675.Dq Li YES
676to disable the display of firewall rules on the console during boot.
677.It Va firewall_logging
678.Pq Vt bool
679Set to
680.Dq Li YES
681to enable firewall event logging.
682This is equivalent to the
683.Dv IPFIREWALL_VERBOSE
684kernel option.
685.It Va firewall_logif
686.Pq Vt bool
687Set to
688.Dq Li YES
689to create pseudo interface
690.Li ipfw0
691for logging.
692For more details, see
693.Xr ipfw 8
694manual page.
695.It Va firewall_flags
696.Pq Vt str
697Flags passed to
698.Xr ipfw 8
699if
700.Va firewall_type
701specifies a filename.
702.It Va firewall_coscripts
703.Pq Vt str
704List of executables and/or rc scripts to run after firewall starts/stops.
705Default is empty.
706.\" ----- firewall_nat_enable setting --------------------------------
707.It Va firewall_nat_enable
708.Pq Vt bool
709The
710.Xr ipfw 8
711equivalent of
712.Va natd_enable .
713Setting this to
714.Dq Li YES
715will automatically load the
716.Xr ipfw 8
717NAT kernel module if
718.Va firewall_enable
719is also set to
720.Dq Li YES .
721.It Va firewall_nat_interface
722.Pq Vt str
723The
724.Xr ipfw 8
725equivalent of
726.Va natd_interface .
727This is the name of the public interface or IP address on which
728kernel NAT should run.
729.It Va firewall_nat_flags
730.Pq Vt str
731Additional configuration parameters for kernel NAT should be placed here.
732.It Va firewall_nat64_enable
733.Pq Vt bool
734Setting this to
735.Dq Li YES
736will automatically load the
737.Xr ipfw 8
738NAT64 kernel module if
739.Va firewall_enable
740is also set to
741.Dq Li YES .
742.It Va firewall_nptv6_enable
743.Pq Vt bool
744Setting this to
745.Dq Li YES
746will automatically load the
747.Xr ipfw 8
748NPTv6 kernel module if
749.Va firewall_enable
750is also set to
751.Dq Li YES .
752.It Va firewall_pmod_enable
753.Pq Vt bool
754Setting this to
755.Dq Li YES
756will automatically load the
757.Xr ipfw 8
758pmod kernel module if
759.Va firewall_enable
760is also set to
761.Dq Li YES .
762.It Va dummynet_enable
763.Pq Vt bool
764Setting this to
765.Dq Li YES
766will automatically load the
767.Xr dummynet 4
768module if
769.Va firewall_enable
770is also set to
771.Dq Li YES .
772.\" -------------------------------------------------------------------
773.It Va ipfw_netflow_enable
774.Pq Vt bool
775Setting this to
776.Dq Li YES
777will enable netflow logging via
778.Xr ng_netflow 4 .
779.Pp
780By default a ipfw rule is inserted and all packets are duplicated with
781the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
782port using protocol version 5.
783.It Va ipfw_netflow_hook
784.Pq Vt int
785netflow hook name, must be numerical
786(default
787.Pa 9995 ) .
788.It Va ipfw_netflow_rule
789.Pq Vt int
790ipfw rule number
791(default
792.Pa 1000 ) .
793.It Va ipfw_netflow_ip
794.Pq Vt str
795Destination server ip for receiving netflow data
796(default
797.Pa 127.0.0.1 ) .
798.It Va ipfw_netflow_port
799.Pq Vt int
800Destination server port for receiving netflow data
801(default
802.Pa 9995 ) .
803.It Va ipfw_netflow_version
804.Pq Vt int
805Do not set for using version 5 of the netflow protocol, set it to 9 for using
806version 9.
807.It Va ipfw_netflow_fib
808.Pq Vt int
809Only match packet in FIB
810.Pa ipfw_netflow_fib
811(default is undefined meaning all FIBs).
812.It Va natd_program
813.Pq Vt str
814Path to
815.Xr natd 8 .
816.It Va natd_enable
817.Pq Vt bool
818Set to
819.Dq Li YES
820to enable
821.Xr natd 8 .
822.Va firewall_enable
823must also be set to
824.Dq Li YES ,
825and
826.Xr divert 4
827sockets must be enabled in the kernel.
828If the kernel was not built with
829.Cd "options IPDIVERT" ,
830the
831.Pa ipdivert.ko
832kernel module will be loaded.
833.It Va natd_interface
834.Pq Vt str
835This is the name of the public interface on which
836.Xr natd 8
837should run.
838The interface may be given as an interface name or as an IP address.
839.It Va natd_flags
840.Pq Vt str
841Additional
842.Xr natd 8
843flags should be placed here.
844The
845.Fl n
846or
847.Fl a
848flag is automatically added with the above
849.Va natd_interface
850as an argument.
851.\" ----- ipfilter_enable setting --------------------------------
852.It Va ipfilter_enable
853.Pq Vt bool
854Set to
855.Dq Li NO
856by default.
857Setting this to
858.Dq Li YES
859enables
860.Xr ipf 8
861packet filtering.
862.Pp
863Typical usage will require putting
864.Bd -literal
865ipfilter_enable="YES"
866ipnat_enable="YES"
867ipmon_enable="YES"
868ipfs_enable="YES"
869.Ed
870.Pp
871into
872.Pa /etc/rc.conf
873and editing
874.Pa /etc/ipf.rules
875and
876.Pa /etc/ipnat.rules
877appropriately.
878.Pp
879Note that
880.Va ipfilter_enable
881and
882.Va ipnat_enable
883can be enabled independently.
884.Va ipmon_enable
885and
886.Va ipfs_enable
887both require at least one of
888.Va ipfilter_enable
889and
890.Va ipnat_enable
891to be enabled.
892.Pp
893Having
894.Bd -literal
895options IPFILTER
896options IPFILTER_LOG
897options IPFILTER_DEFAULT_BLOCK
898.Ed
899.Pp
900in the kernel configuration file is a good idea, too.
901.\" ----- ipfilter_program setting ------------------------------
902.It Va ipfilter_program
903.Pq Vt str
904Path to
905.Xr ipf 8
906(default
907.Pa /sbin/ipf ) .
908.\" ----- ipfilter_rules setting --------------------------------
909.It Va ipfilter_rules
910.Pq Vt str
911Set to
912.Pa /etc/ipf.rules
913by default.
914This variable contains the name of the filter rule definition file.
915The file is expected to be readable for the
916.Xr ipf 8
917command to execute.
918.\" ----- ipfilter_flags setting --------------------------------
919.It Va ipfilter_flags
920.Pq Vt str
921Empty by default.
922This variable contains flags passed to the
923.Xr ipf 8
924program.
925.\" ----- ipnat_enable setting ----------------------------------
926.It Va ipnat_enable
927.Pq Vt bool
928Set to
929.Dq Li NO
930by default.
931Set it to
932.Dq Li YES
933to enable
934.Xr ipnat 8
935network address translation.
936See
937.Va ipfilter_enable
938for a detailed discussion.
939.\" ----- ipnat_program setting ---------------------------------
940.It Va ipnat_program
941.Pq Vt str
942Path to
943.Xr ipnat 8
944(default
945.Pa /sbin/ipnat ) .
946.\" ----- ipnat_rules setting -----------------------------------
947.It Va ipnat_rules
948.Pq Vt str
949Set to
950.Pa /etc/ipnat.rules
951by default.
952This variable contains the name of the file
953holding the network address translation definition.
954This file is expected to be readable for the
955.Xr ipnat 8
956command to execute.
957.\" ----- ipnat_flags setting -----------------------------------
958.It Va ipnat_flags
959.Pq Vt str
960Empty by default.
961This variable contains flags passed to the
962.Xr ipnat 8
963program.
964.\" ----- ipmon_enable setting ----------------------------------
965.It Va ipmon_enable
966.Pq Vt bool
967Set to
968.Dq Li NO
969by default.
970Set it to
971.Dq Li YES
972to enable
973.Xr ipmon 8
974monitoring (logging
975.Xr ipf 8
976and
977.Xr ipnat 8
978events).
979Setting this variable needs setting
980.Va ipfilter_enable
981or
982.Va ipnat_enable
983too.
984See
985.Va ipfilter_enable
986for a detailed discussion.
987.\" ----- ipmon_program setting ---------------------------------
988.It Va ipmon_program
989.Pq Vt str
990Path to
991.Xr ipmon 8
992(default
993.Pa /sbin/ipmon ) .
994.\" ----- ipmon_flags setting -----------------------------------
995.It Va ipmon_flags
996.Pq Vt str
997Set to
998.Dq Li -Ds
999by default.
1000This variable contains flags passed to the
1001.Xr ipmon 8
1002program.
1003Another typical example would be
1004.Dq Fl D Pa /var/log/ipflog
1005to have
1006.Xr ipmon 8
1007log directly to a file bypassing
1008.Xr syslogd 8 .
1009Make sure to adjust
1010.Pa /etc/newsyslog.conf
1011in such case like this:
1012.Bd -literal
1013/var/log/ipflog  640  10  100  *  Z  /var/run/ipmon.pid
1014.Ed
1015.\" ----- ipfs_enable setting -----------------------------------
1016.It Va ipfs_enable
1017.Pq Vt bool
1018Set to
1019.Dq Li NO
1020by default.
1021Set it to
1022.Dq Li YES
1023to enable
1024.Xr ipfs 8
1025saving the filter and NAT state tables during shutdown
1026and reloading them during startup again.
1027Setting this variable needs setting
1028.Va ipfilter_enable
1029or
1030.Va ipnat_enable
1031to
1032.Dq Li YES
1033too.
1034See
1035.Va ipfilter_enable
1036for a detailed discussion.
1037Note that if
1038.Va kern_securelevel
1039is set to 3,
1040.Va ipfs_enable
1041cannot be used
1042because the raised securelevel will prevent
1043.Xr ipfs 8
1044from saving the state tables at shutdown time.
1045.\" ----- ipfs_program setting ----------------------------------
1046.It Va ipfs_program
1047.Pq Vt str
1048Path to
1049.Xr ipfs 8
1050(default
1051.Pa /sbin/ipfs ) .
1052.\" ----- ipfs_flags setting ------------------------------------
1053.It Va ipfs_flags
1054.Pq Vt str
1055Empty by default.
1056This variable contains flags passed to the
1057.Xr ipfs 8
1058program.
1059.\" ----- end of added ipf hook ---------------------------------
1060.It Va pf_enable
1061.Pq Vt bool
1062Set to
1063.Dq Li NO
1064by default.
1065Setting this to
1066.Dq Li YES
1067enables
1068.Xr pf 4
1069packet filtering.
1070.Pp
1071Typical usage will require putting
1072.Pp
1073.Dl pf_enable="YES"
1074.Pp
1075into
1076.Pa /etc/rc.conf
1077and editing
1078.Pa /etc/pf.conf
1079appropriately.
1080Adding
1081.Pp
1082.Dl "device pf"
1083.Pp
1084builds support for
1085.Xr pf 4
1086into the kernel, otherwise the
1087kernel module will be loaded.
1088.It Va pf_rules
1089.Pq Vt str
1090Path to
1091.Xr pf 4
1092ruleset configuration file
1093(default
1094.Pa /etc/pf.conf ) .
1095.It Va pf_program
1096.Pq Vt str
1097Path to
1098.Xr pfctl 8
1099(default
1100.Pa /sbin/pfctl ) .
1101.It Va pf_flags
1102.Pq Vt str
1103If
1104.Va pf_enable
1105is set to
1106.Dq Li YES ,
1107these flags are passed to the
1108.Xr pfctl 8
1109program when loading the ruleset.
1110.It Va pf_fallback_rules_enable
1111.Pq Vt bool
1112Set to
1113.Dq Li NO
1114by default.
1115Setting this to
1116.Dq Li YES
1117enables loading
1118.Va pf_fallback_rules_file
1119or
1120.Va pf_fallback_rules
1121in case of a problem when loading the ruleset in
1122.Va pf_rules .
1123.It Va pf_fallback_rules_file
1124.Pq Vt str
1125Path to a pf ruleset to load in case of failure when loading the
1126ruleset in
1127.Va pf_rules
1128(default
1129.Pa /etc/pf-fallback.conf ) .
1130.It Va pf_fallback_rules
1131.Pq Vt str
1132A pf ruleset to load in case of failure when loading the ruleset in
1133.Va pf_rules
1134and
1135.Va pf_fallback_rules_file
1136is not found.
1137Multiple rules can be set as follows:
1138.Bd -literal
1139pf_fallback_rules="\\
1140	block drop log all\\
1141	pass in quick on em0"
1142.Pp
1143.Ed
1144The default fallback rule is
1145.Dq block drop log all
1146.It Va pflog_enable
1147.Pq Vt bool
1148Set to
1149.Dq Li NO
1150by default.
1151Setting this to
1152.Dq Li YES
1153enables
1154.Xr pflogd 8
1155which logs packets from the
1156.Xr pf 4
1157packet filter.
1158.It Va pflog_logfile
1159.Pq Vt str
1160If
1161.Va pflog_enable
1162is set to
1163.Dq Li YES
1164this controls where
1165.Xr pflogd 8
1166stores the logfile
1167(default
1168.Pa /var/log/pflog ) .
1169Check
1170.Pa /etc/newsyslog.conf
1171to adjust logfile rotation for this.
1172.It Va pflog_program
1173.Pq Vt str
1174Path to
1175.Xr pflogd 8
1176(default
1177.Pa /sbin/pflogd ) .
1178.It Va pflog_flags
1179.Pq Vt str
1180Empty by default.
1181This variable contains additional flags passed to the
1182.Xr pflogd 8
1183program.
1184.It Va pflog_instances
1185.Pq Vt str
1186If logging to more than one
1187.Xr pflog 4
1188interface is desired,
1189.Va pflog_instances
1190is set to the list of
1191.Xr pflogd 8
1192instances that should be started at system boot time.
1193If
1194.Va pflog_instances
1195is set, for each whitespace-separated
1196.Ar element
1197in the list,
1198.Ao Ar element Ac Ns Va _dev
1199and
1200.Ao Ar element Ac Ns Va _logfile
1201elements are assumed to exist.
1202.Ao Ar element Ac Ns Va _dev
1203must contain the
1204.Xr pflog 4
1205interface to be watched by the named
1206.Xr pflogd 8
1207instance.
1208.Ao Ar element Ac Ns Va _logfile
1209must contain the name of the logfile that will be used by the
1210.Xr pflogd 8
1211instance.
1212.It Va ftpproxy_enable
1213.Pq Vt bool
1214Set to
1215.Dq Li NO
1216by default.
1217Setting this to
1218.Dq Li YES
1219enables
1220.Xr ftp-proxy 8
1221which supports the
1222.Xr pf 4
1223packet filter in translating ftp connections.
1224.It Va ftpproxy_flags
1225.Pq Vt str
1226Empty by default.
1227This variable contains additional flags passed to the
1228.Xr ftp-proxy 8
1229program.
1230.It Va ftpproxy_instances
1231.Pq Vt str
1232Empty by default.
1233If multiple instances of
1234.Xr ftp-proxy 8
1235are desired at boot time,
1236.Va ftpproxy_instances
1237should contain a whitespace-separated list of instance names.
1238For each
1239.Ar element
1240in the list, a variable named
1241.Ao Ar element Ac Ns Va _flags
1242should be defined, containing the command-line flags to be passed to the
1243.Xr ftp-proxy 8
1244instance.
1245.It Va pfsync_enable
1246.Pq Vt bool
1247Set to
1248.Dq Li NO
1249by default.
1250Setting this to
1251.Dq Li YES
1252enables exposing
1253.Xr pf 4
1254state changes to other hosts over the network by means of
1255.Xr pfsync 4 .
1256The
1257.Va pfsync_syncdev
1258variable
1259must also be set then.
1260.It Va pfsync_syncdev
1261.Pq Vt str
1262Empty by default.
1263This variable specifies the name of the network interface
1264.Xr pfsync 4
1265should operate through.
1266It must be set accordingly if
1267.Va pfsync_enable
1268is set to
1269.Dq Li YES .
1270.It Va pfsync_syncpeer
1271.Pq Vt str
1272Empty by default.
1273This variable is optional.
1274By default, state change messages are sent out on the synchronisation
1275interface using IP multicast packets.
1276The protocol is IP protocol 240, PFSYNC, and the multicast group used is
1277224.0.0.240.
1278When a peer address is specified using the
1279.Va pfsync_syncpeer
1280option, the peer address is used as a destination for the pfsync
1281traffic, and the traffic can then be protected using
1282.Xr ipsec 4 .
1283See the
1284.Xr pfsync 4
1285manpage for more details about using
1286.Xr ipsec 4
1287with
1288.Xr pfsync 4
1289interfaces.
1290.It Va pfsync_ifconfig
1291.Pq Vt str
1292Empty by default.
1293This variable can contain additional options to be passed to the
1294.Xr ifconfig 8
1295command used to set up
1296.Xr pfsync 4 .
1297.It Va tcp_extensions
1298.Pq Vt bool
1299Set to
1300.Dq Li YES
1301by default.
1302Setting this to
1303.Dq Li NO
1304disables certain TCP options as described by
1305.Rs
1306.%T "RFC 1323"
1307.Re
1308Setting this to
1309.Dq Li NO
1310might help remedy such problems with connections as randomly hanging
1311or other weird behavior.
1312Some network devices are known
1313to be broken with respect to these options.
1314.It Va log_in_vain
1315.Pq Vt int
1316Set to 0 by default.
1317The
1318.Xr sysctl 8
1319variables,
1320.Va net.inet.tcp.log_in_vain
1321and
1322.Va net.inet.udp.log_in_vain ,
1323as described in
1324.Xr tcp 4
1325and
1326.Xr udp 4 ,
1327are set to the given value.
1328.It Va tcp_keepalive
1329.Pq Vt bool
1330Set to
1331.Dq Li YES
1332by default.
1333Setting to
1334.Dq Li NO
1335will disable probing idle TCP connections to verify that the
1336peer is still up and reachable.
1337.It Va tcp_drop_synfin
1338.Pq Vt bool
1339Set to
1340.Dq Li NO
1341by default.
1342Setting to
1343.Dq Li YES
1344will cause the kernel to ignore TCP frames that have both
1345the SYN and FIN flags set.
1346This prevents OS fingerprinting, but may
1347break some legitimate applications.
1348.It Va icmp_drop_redirect
1349.Pq Vt bool
1350Set to
1351.Dq Li AUTO
1352by default.
1353This setting will be identical to
1354.Dq Li YES ,
1355if a dynamic routing daemon is enabled, because redirect processing may
1356cause performance issues for large routing tables.
1357If no such service is enabled, this setting behaves like a
1358.Dq Li NO .
1359Setting to
1360.Dq Li YES
1361will cause the kernel to ignore ICMP REDIRECT packets.
1362Setting to
1363.Dq Li NO
1364will cause the kernel to process ICMP REDIRECT packets.
1365Refer to
1366.Xr icmp 4
1367for more information.
1368.It Va icmp_log_redirect
1369.Pq Vt bool
1370Set to
1371.Dq Li NO
1372by default.
1373Setting to
1374.Dq Li YES
1375will cause the kernel to log ICMP REDIRECT packets.
1376Note that
1377the log messages are not rate-limited, so this option should only be used
1378for troubleshooting networks.
1379Refer to
1380.Xr icmp 4
1381for more information.
1382.It Va icmp_bmcastecho
1383.Pq Vt bool
1384Set to
1385.Dq Li YES
1386to respond to broadcast or multicast ICMP ping packets.
1387Refer to
1388.Xr icmp 4
1389for more information.
1390.It Va ip_portrange_first
1391.Pq Vt int
1392If not set to
1393.Dq Li NO ,
1394this is the first port in the default portrange.
1395Refer to
1396.Xr ip 4
1397for more information.
1398.It Va ip_portrange_last
1399.Pq Vt int
1400If not set to
1401.Dq Li NO ,
1402this is the last port in the default portrange.
1403Refer to
1404.Xr ip 4
1405for more information.
1406.It Va network_interfaces
1407.Pq Vt str
1408Set to the list of network interfaces to configure on this host or
1409.Dq Li AUTO
1410(the default) for all current interfaces.
1411Setting the
1412.Va network_interfaces
1413variable to anything other than the default is deprecated.
1414Interfaces that the administrator wishes to store configuration for,
1415but not start at boot should be configured with the
1416.Dq Li NOAUTO
1417keyword in their
1418.Va ifconfig_ Ns Aq Ar interface
1419variables as described below.
1420.Pp
1421An
1422.Va ifconfig_ Ns Aq Ar interface
1423variable is also assumed to exist for each value of
1424.Ar interface .
1425When an interface name contains any of the characters
1426.Dq Li .-/+
1427they are translated to
1428.Dq Li _
1429before lookup.
1430The variable can contain arguments to
1431.Xr ifconfig 8 ,
1432as well as special case-insensitive keywords described below.
1433Such keywords are removed before passing the value to
1434.Xr ifconfig 8
1435while the order of the other arguments is preserved.
1436.Pp
1437It is possible to add IP alias entries using
1438.Xr ifconfig 8
1439syntax with the address family keyword such as
1440.Li inet .
1441Assuming that the interface in question was
1442.Li em0 ,
1443it might look something like this:
1444.Bd -literal
1445ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff"
1446ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff"
1447.Ed
1448.Pp
1449It also possible to configure multiple IP addresses in Classless
1450Inter-Domain Routing
1451.Pq CIDR
1452address notation,
1453whose each address component can be a range like
1454.Li inet 192.0.2.5-23/24
1455or
1456.Li inet6 2001:db8:1-f::1/64 .
1457This notation allows address and prefix length part only,
1458not the other address modifiers.
1459Note that the maximum number of the generated addresses from a range
1460specification is limited to an integer value specified in
1461.Va netif_ipexpand_max
1462in
1463.Nm
1464because a small typo can unexpectedly generate a large number of addresses.
1465The default value is
1466.Li 2048 .
1467It can be increased by adding the following line into
1468.Nm :
1469.Bd -literal
1470netif_ipexpand_max="4096"
1471.Ed
1472.Pp
1473In the case of
1474.Li 192.0.2.5-23/24 ,
1475the address 192.0.2.5 will be configured with the
1476netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with
1477the non-conflicting netmask /32 as explained in the
1478.Xr ifconfig 8
1479alias section.
1480Note that this special netmask handling is only for
1481.Li inet ,
1482not for the other address families such as
1483.Li inet6 .
1484.Pp
1485With the interface in question being
1486.Li em0 ,
1487an example could look like:
1488.Bd -literal
1489ifconfig_em0_alias2="inet 192.0.2.129/27"
1490ifconfig_em0_alias3="inet 192.0.2.1-5/28"
1491.Ed
1492.Pp
1493and so on.
1494.Pp
1495Note that deprecated
1496.Va ipv4_addrs_ Ns Aq Ar interface
1497variable was supported for IPv4 CIDR address notation.
1498The
1499.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1500variable replaces it, though
1501.Va ipv4_addrs_ Ns Aq Ar interface
1502is still supported for backward compatibility.
1503.Pp
1504For each
1505.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1506entry with an address family keyword,
1507its contents are passed to
1508.Xr ifconfig 8 .
1509Execution stops at the first unsuccessful access, so if
1510something like this is present:
1511.Bd -literal
1512ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff"
1513ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff"
1514ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff"
1515ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff"
1516.Ed
1517.Pp
1518Then note that alias4 would
1519.Em not
1520be added since the search would
1521stop with the missing
1522.Dq Li alias3
1523entry.
1524Because of this difficult to manage behavior,
1525there is
1526.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases
1527variable, which has the same functionality as
1528.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1529and can have all of the entries in a variable like the following:
1530.Bd -literal
1531ifconfig_em0_aliases="\\
1532	inet 127.0.0.251 netmask 0xffffffff \\
1533	inet 127.0.0.252 netmask 0xffffffff \\
1534	inet 127.0.0.253 netmask 0xffffffff \\
1535	inet 127.0.0.254 netmask 0xffffffff"
1536.Ed
1537.Pp
1538It also supports CIDR notation.
1539.Pp
1540If the
1541.Pa /etc/start_if . Ns Aq Ar interface
1542file is present, it is read and executed by the
1543.Xr sh 1
1544interpreter
1545before configuring the interface as specified in the
1546.Va ifconfig_ Ns Aq Ar interface
1547and
1548.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1549variables.
1550.Pp
1551If a
1552.Va vlans_ Ns Aq Ar interface
1553variable is set,
1554a
1555.Xr vlan 4
1556interface will be created for each item in the list with the
1557.Ar vlandev
1558argument set to
1559.Ar interface .
1560If a vlan interface's name is a number,
1561then that number is used as the vlan tag and the new vlan interface is
1562named
1563.Ar interface . Ns Ar tag .
1564Otherwise,
1565the vlan tag must be specified via a
1566.Va vlan
1567parameter in the
1568.Va create_args_ Ns Aq Ar interface
1569variable.
1570.Pp
1571To create a vlan device named
1572.Li em0.101
1573on
1574.Li em0
1575with the vlan tag 101 and the optional IPv4 address 192.0.2.1/24:
1576.Bd -literal
1577vlans_em0="101"
1578ifconfig_em0_101="inet 192.0.2.1/24"
1579.Ed
1580.Pp
1581To create a vlan device named
1582.Li myvlan
1583on
1584.Li em0
1585with the vlan tag 102:
1586.Bd -literal
1587vlans_em0="myvlan"
1588create_args_myvlan="vlan 102"
1589.Ed
1590.Pp
1591If a
1592.Va wlans_ Ns Aq Ar interface
1593variable is set,
1594an
1595.Xr wlan 4
1596interface will be created for each item in the list with the
1597.Ar wlandev
1598argument set to
1599.Ar interface .
1600Further wlan cloning arguments may be passed to the
1601.Xr ifconfig 8
1602.Cm create
1603command by setting the
1604.Va create_args_ Ns Aq Ar interface
1605variable.
1606One or more
1607.Xr wlan 4
1608devices must be created for each wireless device as of
1609.Fx 8.0 .
1610Debugging flags for
1611.Xr wlan 4
1612devices as set by
1613.Xr wlandebug 8
1614may be specified with an
1615.Va wlandebug_ Ns Aq Ar interface
1616variable.
1617The contents of this variable will be passed directly to
1618.Xr wlandebug 8 .
1619.Pp
1620If the
1621.Va ifconfig_ Ns Aq Ar interface
1622contains the keyword
1623.Dq Li NOAUTO
1624then the interface will not be configured
1625at boot or by
1626.Pa /etc/pccard_ether
1627when
1628.Va network_interfaces
1629is set to
1630.Dq Li AUTO .
1631.Pp
1632It is possible to bring up an interface with DHCP by adding
1633.Dq Li DHCP
1634to the
1635.Va ifconfig_ Ns Aq Ar interface
1636variable.
1637For instance, to initialize the
1638.Li em0
1639device via DHCP,
1640it is possible to use something like:
1641.Bd -literal
1642ifconfig_em0="DHCP"
1643.Ed
1644.Pp
1645If you want to configure your wireless interface with
1646.Xr wpa_supplicant 8
1647for use with WPA, EAP/LEAP or WEP, you need to add
1648.Dq Li WPA
1649to the
1650.Va ifconfig_ Ns Aq Ar interface
1651variable.
1652.Pp
1653On the other hand, if you want to configure your wireless interface with
1654.Xr hostapd 8 ,
1655you need to add
1656.Dq Li HOSTAP
1657to the
1658.Va ifconfig_ Ns Aq Ar interface
1659variable.
1660.Xr hostapd 8
1661will use the settings from
1662.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf
1663.Pp
1664Finally, you can add
1665.Xr ifconfig 8
1666options in this variable, in addition to the
1667.Pa /etc/start_if . Ns Aq Ar interface
1668file.
1669For instance, to configure an
1670.Xr ath 4
1671wireless device in station mode with an address obtained
1672via DHCP, using WPA authentication and 802.11b mode, it is
1673possible to use something like:
1674.Bd -literal
1675wlans_ath0="wlan0"
1676ifconfig_wlan0="DHCP WPA mode 11b"
1677.Ed
1678.Pp
1679In addition to the
1680.Va ifconfig_ Ns Aq Ar interface
1681form, a fallback variable
1682.Va ifconfig_DEFAULT
1683may be configured.
1684It will be used for all interfaces with no
1685.Va ifconfig_ Ns Aq Ar interface
1686variable.
1687.Pp
1688It is also possible to rename an interface by doing:
1689.Bd -literal
1690ifconfig_em0_name="net0"
1691ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
1692.Ed
1693.It Va ipv6_enable
1694.Pq Vt bool
1695This variable is deprecated.
1696Use
1697.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1698and
1699.Va ipv6_activate_all_interfaces
1700if necessary.
1701.Pp
1702If the variable is
1703.Dq Li YES ,
1704.Dq Li inet6 accept_rtadv
1705is added to all of
1706.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1707and the
1708.Va ipv6_activate_all_interfaces
1709is defined as
1710.Dq Li YES .
1711.It Va ipv6_prefer
1712.Pq Vt bool
1713This variable is deprecated.
1714Use
1715.Va ip6addrctl_policy
1716instead.
1717.Pp
1718If the variable is
1719.Dq Li YES ,
1720the default address selection policy table set by
1721.Xr ip6addrctl 8
1722will be IPv6-preferred.
1723.Pp
1724If the variable is
1725.Dq Li NO ,
1726the default address selection policy table set by
1727.Xr ip6addrctl 8
1728will be IPv4-preferred.
1729.It Va ipv6_activate_all_interfaces
1730.Pq Vt bool
1731This controls initial configuration on IPv6-capable
1732interfaces with no corresponding
1733.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1734variable.
1735Note that it is not always necessary to set this variable to
1736.Dq YES
1737to use IPv6 functionality on
1738.Fx .
1739In most cases, just configuring
1740.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1741variables works.
1742.Pp
1743If the variable is
1744.Dq Li NO ,
1745all interfaces which do not have a corresponding
1746.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1747variable will be marked as
1748.Dq Li IFDISABLED
1749at creation.
1750This means that all IPv6 functionality on that interface
1751is completely disabled to enforce a security policy.
1752If the variable is set to
1753.Dq YES ,
1754the flag will be cleared on all of the interfaces.
1755.Pp
1756In most cases, just defining an
1757.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1758for an IPv6-capable interface should be sufficient.
1759However, if an interface is added dynamically
1760.Pq by some tunneling protocols such as PPP, for example ,
1761it is often difficult to define the variable in advance.
1762In such a case, configuring the
1763.Dq Li IFDISABLED
1764flag can be disabled by setting this variable to
1765.Dq YES .
1766.Pp
1767For more details of the
1768.Dq Li IFDISABLED
1769flag and keywords
1770.Dq Li inet6 ifdisabled ,
1771see
1772.Xr ifconfig 8 .
1773.Pp
1774Default is
1775.Dq Li NO .
1776.It Va ipv6_privacy
1777.Pq Vt bool
1778If the variable is
1779.Dq Li YES
1780privacy addresses will be generated for each IPv6
1781interface as described in RFC 4941.
1782.It Va ipv6_network_interfaces
1783.Pq Vt str
1784This is the IPv6 equivalent of
1785.Va network_interfaces .
1786Normally manual configuration of this variable is not needed.
1787.It Va ipv6_cpe_wanif
1788.Pq Vt str
1789If the variable is set to an interface name,
1790the
1791.Xr ifconfig 8
1792options
1793.Dq inet6 -no_radr accept_rtadv
1794will be added to the specified interface automatically before evaluating
1795.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1796and two
1797.Xr sysctl 8
1798variables
1799.Va net.inet6.ip6.rfc6204w3
1800and
1801.Va net.inet6.ip6.no_radr
1802will be set to 1.
1803.Pp
1804This means the specified interface will accept ICMPv6 Router
1805Advertisement messages on that link and add the discovered
1806routers into the Default Router List.
1807While the other interfaces can still accept RA messages if the
1808.Dq inet6 accept_rtadv
1809option is specified, adding
1810routes into the Default Router List will be disabled by
1811.Dq inet6 no_radr
1812option by default.
1813See
1814.Xr ifconfig 8
1815for more details.
1816.Pp
1817Note that ICMPv6 Router Advertisement messages will be
1818accepted even when
1819.Va net.inet6.ip6.forwarding
1820is 1
1821.Pq packet forwarding is enabled
1822when
1823.Va net.inet6.ip6.rfc6204w3
1824is set to 1.
1825.Pp
1826Default is
1827.Dq Li NO .
1828.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr
1829.Pq Vt str
1830This assigns arbitrary description to an interface.
1831The
1832.Xr sysctl 8
1833variable
1834.Va net.ifdescr_maxlen
1835limits its length.
1836This static setting may be overridden by commands
1837started with dynamic interface configuration utilities
1838like
1839.Xr dhclient 8
1840hooks.
1841The description can be seen with
1842.Xr ifconfig 8
1843command and it may be exported with
1844.Xr bsnmpd 1
1845daemon using its MIB-2 module.
1846.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1847.Pq Vt str
1848IPv6 functionality on an interface should be configured by
1849.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
1850instead of setting ifconfig parameters in
1851.Va ifconfig_ Ns Aq Ar interface .
1852If this variable is empty, all IPv6 configurations on the
1853specified interface by other variables such as
1854.Va ipv6_prefix_ Ns Ao Ar interface Ac
1855will be ignored.
1856.Pp
1857Aliases should be set by
1858.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
1859with
1860.Dq Li inet6
1861keyword.
1862For example:
1863.Bd -literal
1864ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
1865ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64"
1866.Ed
1867.Pp
1868Interfaces that have an
1869.Dq Li inet6 accept_rtadv
1870keyword in
1871.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1872setting will be automatically configured by SLAAC
1873.Pq StateLess Address AutoConfiguration
1874described in
1875.Rs
1876.%T "RFC 4862"
1877.Re
1878.Pp
1879Note that a link-local address will be automatically configured in
1880addition to the configured global-scope addresses because the IPv6
1881specifications require it on each link.
1882The address is calculated from the MAC address by using an algorithm
1883defined in
1884.Rs
1885.%T "RFC 4862"
1886.%O "Section 5.3"
1887.Re
1888.Pp
1889If only a link-local address is needed on the interface,
1890the following configuration can be used:
1891.Bd -literal
1892ifconfig_em0_ipv6="inet6 auto_linklocal"
1893.Ed
1894.Pp
1895A link-local address can also be configured manually.
1896This is useful for the default router address of an IPv6 router
1897so that it does not change when the network interface
1898card is replaced.
1899For example:
1900.Bd -literal
1901ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64"
1902.Ed
1903.It Va ipv6_prefix_ Ns Aq Ar interface
1904.Pq Vt str
1905If one or more prefixes are defined in
1906.Va ipv6_prefix_ Ns Aq Ar interface
1907addresses based on each prefix and the EUI-64 interface index will be
1908configured on that interface.
1909Note that this variable will be ignored when
1910.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
1911is empty.
1912.Pp
1913For example, the following configuration
1914.Bd -literal
1915ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
1916.Ed
1917.Pp
1918is equivalent to the following:
1919.Bd -literal
1920ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64"
1921ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast"
1922ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64"
1923ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast"
1924.Ed
1925.Pp
1926These Subnet-Router anycast addresses will be added only when
1927.Va ipv6_gateway_enable
1928is YES.
1929.It Va ipv6_default_interface
1930.Pq Vt str
1931If not set to
1932.Dq Li NO ,
1933this is the default output interface for scoped addresses.
1934This works only with ipv6_gateway_enable="NO".
1935.It Va ip6addrctl_enable
1936.Pq Vt bool
1937This variable is to enable configuring default address selection policy table
1938.Pq RFC 3484 .
1939The table can be specified in another variable
1940.Va ip6addrctl_policy .
1941For
1942.Va ip6addrctl_policy
1943the following keywords can be specified:
1944.Dq Li ipv4_prefer ,
1945.Dq Li ipv6_prefer ,
1946or
1947.Dq Li AUTO .
1948.Pp
1949If
1950.Dq Li ipv4_prefer
1951or
1952.Dq Li ipv6_prefer
1953is specified,
1954.Xr ip6addrctl 8
1955installs a pre-defined policy table described in Section 10.3
1956.Pq IPv4-preferred
1957or 2.1
1958.Pq IPv6-preferred
1959of RFC 3484.
1960.Pp
1961If
1962.Dq Li AUTO
1963is specified, it attempts to read a file
1964.Pa /etc/ip6addrctl.conf
1965first.
1966If this file is found,
1967.Xr ip6addrctl 8
1968reads and installs it.
1969If not found, a policy is automatically set
1970according to
1971.Va ipv6_activate_all_interfaces
1972variable; if the variable is set to
1973.Dq Li YES
1974the IPv6-preferred one is used.
1975Otherwise IPv4-preferred.
1976.Pp
1977The default value of
1978.Va ip6addrctl_enable
1979and
1980.Va ip6addrctl_policy
1981are
1982.Dq Li YES
1983and
1984.Dq Li AUTO ,
1985respectively.
1986.It Va cloned_interfaces
1987.Pq Vt str
1988Set to the list of clonable network interfaces to create on this host.
1989Further cloning arguments may be passed to the
1990.Xr ifconfig 8
1991.Cm create
1992command for each interface by setting the
1993.Va create_args_ Ns Aq Ar interface
1994variable.
1995If an interface name is specified with
1996.Dq :sticky
1997keyword,
1998the interface will not be destroyed even when
1999.Pa rc.d/netif
2000script is invoked with
2001.Dq stop
2002argument.
2003This is useful when reconfiguring the interface without destroying it.
2004Entries in
2005.Va cloned_interfaces
2006are automatically appended to
2007.Va network_interfaces
2008for configuration.
2009.It Va cloned_interfaces_sticky
2010.Pq Vt bool
2011This variable is to globally enable functionality of
2012.Dq :sticky
2013keyword in
2014.Va cloned_interfaces
2015for all interfaces.
2016The default value is
2017.Dq NO .
2018Even if this variable is specified to
2019.Dq YES ,
2020.Dq :nosticky
2021keyword can be used to override it on per interface basis.
2022.It Va gif_interfaces
2023Set to the list of
2024.Xr gif 4
2025tunnel interfaces to configure on this host.
2026A
2027.Va gifconfig_ Ns Aq Ar interface
2028variable is assumed to exist for each value of
2029.Ar interface .
2030The value of this variable is used to configure the link layer of the
2031tunnel using the
2032.Cm tunnel
2033option to
2034.Xr ifconfig 8 .
2035Additionally, this option ensures that each listed interface is created
2036via the
2037.Cm create
2038option to
2039.Xr ifconfig 8
2040before attempting to configure it.
2041.Pp
2042For example, configure two
2043.Xr gif 4
2044interfaces with:
2045.Bd -literal
2046gif_interfaces="gif0 gif1"
2047gifconfig_gif0="100.64.0.1 100.64.0.2"
2048ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"
2049gifconfig_gif1="inet6 2a00::1 2a01::1"
2050ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252"
2051.Ed
2052.It Va ppp_enable
2053.Pq Vt bool
2054If set to
2055.Dq Li YES ,
2056run the
2057.Xr ppp 8
2058daemon.
2059.It Va ppp_profile
2060.Pq Vt str
2061The name of the profile to use from
2062.Pa /etc/ppp/ppp.conf .
2063Also used for per-profile overrides of
2064.Va ppp_mode
2065and
2066.Va ppp_nat ,
2067and
2068.Va ppp_ Ns Ao Ar profile Ac Ns _unit .
2069When the profile name contains any of the characters
2070.Dq Li .-/+
2071they are translated to
2072.Dq Li _
2073for the proposes of the override variable names.
2074.It Va ppp_mode
2075.Pq Vt str
2076Mode in which to run the
2077.Xr ppp 8
2078daemon.
2079.It Va ppp_ Ns Ao Ar profile Ac Ns _mode
2080.Pq Vt str
2081Overrides the global
2082.Va ppp_mode
2083for
2084.Ar profile .
2085Accepted modes are
2086.Dq Li auto ,
2087.Dq Li ddial ,
2088.Dq Li direct
2089and
2090.Dq Li dedicated .
2091See the manual for a full description.
2092.It Va ppp_nat
2093.Pq Vt bool
2094If set to
2095.Dq Li YES ,
2096enables network address translation.
2097Used in conjunction with
2098.Va gateway_enable
2099allows hosts on private network addresses access to the Internet using
2100this host as a network address translating router.
2101Default is
2102.Dq Li YES .
2103.It Va ppp_ Ns Ao Ar profile Ac Ns _nat
2104.Pq Vt str
2105Overrides the global
2106.Va ppp_nat
2107for
2108.Ar profile .
2109.It Va ppp_ Ns Ao Ar profile Ac Ns _unit
2110.Pq Vt int
2111Set the unit number to be used for this profile.
2112See the manual description of
2113.Fl unit Ns Ar N
2114for details.
2115.It Va ppp_user
2116.Pq Vt str
2117The name of the user under which
2118.Xr ppp 8
2119should be started.
2120By
2121default,
2122.Xr ppp 8
2123is started as
2124.Dq Li root .
2125.It Va rc_conf_files
2126.Pq Vt str
2127This option is used to specify a list of files that will override
2128the settings in
2129.Pa /etc/defaults/rc.conf .
2130The files will be read in the order in which they are specified and should
2131include the full path to the file.
2132By default, the files specified are
2133.Pa /etc/rc.conf
2134and
2135.Pa /etc/rc.conf.local .
2136.It Va zfs_enable
2137.Pq Vt bool
2138If set to
2139.Dq Li YES ,
2140.Pa /etc/rc.d/zfs
2141will attempt to automatically mount ZFS file systems and initialize ZFS volumes
2142(ZVOLs).
2143.It Va zpool_reguid
2144.Pq Vt str
2145A space-separated list of ZFS pool names for which new pool GUIDs should be
2146assigned upon first boot.
2147This is useful when using a ZFS pool copied from a template, such as a virtual
2148machine image.
2149.It Va zpool_upgrade
2150.Pq Vt str
2151A space-separated list of ZFS pool names for which the version should be
2152upgraded upon first boot.
2153This is useful when using a ZFS pool generated by the
2154.Xr makefs 8
2155utility.
2156.It Va gptboot_enable
2157.Pq Vt bool
2158If set to
2159.Dq Li YES ,
2160.Pa /etc/rc.d/gptboot
2161will log if the system successfully (or not) booted from a GPT partition,
2162which had the
2163.Ar bootonce
2164attribute set using
2165.Xr gpart 8
2166utility.
2167.It Va gbde_autoattach_all
2168.Pq Vt bool
2169If set to
2170.Dq Li YES ,
2171.Pa /etc/rc.d/gbde
2172will attempt to automatically initialize the .bde devices specified in
2173.Pa /etc/fstab .
2174.It Va gbde_devices
2175.Pq Vt str
2176List the devices that the script should try to attach,
2177or
2178.Dq Li AUTO .
2179.It Va gbde_lockdir
2180.Pq Vt str
2181The directory where the
2182.Xr gbde 4
2183lockfiles are located.
2184The default lockfile directory is
2185.Pa /etc .
2186.Pp
2187The lockfile for each individual
2188.Xr gbde 4
2189device can be overridden by setting the variable
2190.Va gbde_lock_ Ns Aq Ar device ,
2191where
2192.Ar device
2193is the encrypted device without the
2194.Dq Pa /dev/
2195and
2196.Dq Pa .bde
2197parts.
2198.It Va gbde_attach_attempts
2199.Pq Vt int
2200Number of times to attempt attaching to a
2201.Xr gbde 4
2202device, i.e., how many times the user is asked for the pass-phrase.
2203Default is 3.
2204.It Va geli_devices
2205.Pq Vt str
2206List of devices to automatically attach on boot.
2207Note that .eli devices from
2208.Pa /etc/fstab
2209are automatically appended to this list.
2210.It Va geli_groups
2211.Pq Vt str
2212List of groups containing devices to automatically attach on boot with the same
2213keyfiles and passphrase.
2214This must be accompanied with a corresponding
2215.Va geli_ Ns Ao Ar group Ac Ns Va _devices
2216variable.
2217.It Va geli_tries
2218.Pq Vt int
2219Number of times user is asked for the pass-phrase.
2220If empty, it will be taken from
2221.Va kern.geom.eli.tries
2222sysctl variable.
2223.It Va geli_default_flags
2224.Pq Vt str
2225Default flags to use by
2226.Xr geli 8
2227when configuring disk encryption.
2228Flags can be configured for every device separately by defining the
2229.Va geli_ Ns Ao Ar device Ac Ns Va _flags
2230variable, and for every group separately by defining the
2231.Va geli_ Ns Ao Ar group Ac Ns Va _flags
2232variable.
2233.It Va geli_autodetach
2234.Pq Vt str
2235Specifies if GELI devices should be marked for detach on last close after
2236file systems are mounted.
2237Default is
2238.Dq Li YES .
2239This can be changed for every device separately by defining the
2240.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach
2241variable.
2242.It Va root_rw_mount
2243.Pq Vt bool
2244Set to
2245.Dq Li YES
2246by default.
2247After the file systems are checked at boot time, the root file system
2248is remounted as read-write if this is set to
2249.Dq Li YES .
2250Diskless systems that mount their root file system from a read-only remote
2251NFS share should set this to
2252.Dq Li NO
2253in their
2254.Pa rc.conf .
2255.It Va fsck_y_enable
2256.Pq Vt bool
2257If set to
2258.Dq Li YES ,
2259.Xr fsck 8
2260will be run with the
2261.Fl y
2262flag if the initial preen
2263of the file systems fails.
2264.It Va background_fsck
2265.Pq Vt bool
2266If set to
2267.Dq Li NO ,
2268the system will not attempt to run
2269.Xr fsck 8
2270in the background where possible.
2271.It Va background_fsck_delay
2272.Pq Vt int
2273The amount of time in seconds to sleep before starting a background
2274.Xr fsck 8 .
2275It defaults to sixty seconds to allow large applications such as
2276the X server to start before disk I/O bandwidth is monopolized by
2277.Xr fsck 8 .
2278If set to a negative number, the background file system check will be
2279delayed indefinitely to allow the administrator to run it at a more
2280convenient time.
2281For example it may be run from
2282.Xr cron 8
2283by adding a line like
2284.Pp
2285.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart"
2286.Pp
2287to
2288.Pa /etc/crontab .
2289.It Va netfs_types
2290.Pq Vt str
2291List of file system types that are network-based.
2292This list should generally not be modified by end users.
2293Use
2294.Va extra_netfs_types
2295instead.
2296.It Va extra_netfs_types
2297.Pq Vt str
2298If set to something other than
2299.Dq Li NO
2300(the default),
2301this variable extends the list of file system types
2302for which automatic mounting at startup by
2303.Xr rc 8
2304should be delayed until the network is initialized.
2305It should contain
2306a whitespace-separated list of network file system descriptor pairs,
2307each consisting of a file system type as passed to
2308.Xr mount 8
2309and a human-readable, one-word description,
2310joined with a colon
2311.Pq Ql \&: .
2312Extending the default list in this way is only necessary
2313when third party file system types are used.
2314.It Va syslogd_enable
2315.Pq Vt bool
2316If set to
2317.Dq Li YES ,
2318run the
2319.Xr syslogd 8
2320daemon.
2321Note, the
2322.Va syslogd_oomprotect
2323variable is set to
2324.Dq Li YES
2325by default in
2326.Pa /etc/defaults/rc.conf .
2327.It Va syslogd_program
2328.Pq Vt str
2329Path to
2330.Xr syslogd 8
2331(default
2332.Pa /usr/sbin/syslogd ) .
2333.It Va syslogd_flags
2334.Pq Vt str
2335If
2336.Va syslogd_enable
2337is set to
2338.Dq Li YES ,
2339these are the flags to pass to
2340.Xr syslogd 8 .
2341.It Va inetd_enable
2342.Pq Vt bool
2343If set to
2344.Dq Li YES ,
2345run the
2346.Xr inetd 8
2347daemon.
2348.It Va inetd_program
2349.Pq Vt str
2350Path to
2351.Xr inetd 8
2352(default
2353.Pa /usr/sbin/inetd ) .
2354.It Va inetd_flags
2355.Pq Vt str
2356If
2357.Va inetd_enable
2358is set to
2359.Dq Li YES ,
2360these are the flags to pass to
2361.Xr inetd 8 .
2362.It Va hastd_enable
2363.Pq Vt bool
2364If set to
2365.Dq Li YES ,
2366run the
2367.Xr hastd 8
2368daemon.
2369.It Va hastd_program
2370.Pq Vt str
2371Path to
2372.Xr hastd 8
2373(default
2374.Pa /sbin/hastd ) .
2375.It Va hastd_flags
2376.Pq Vt str
2377If
2378.Va hastd_enable
2379is set to
2380.Dq Li YES ,
2381these are the flags to pass to
2382.Xr hastd 8 .
2383.It Va local_unbound_enable
2384.Pq Vt bool
2385If set to
2386.Dq Li YES ,
2387run the
2388.Xr unbound 8
2389daemon as a local caching DNS resolver.
2390Note, the
2391.Va local_unbound_oomprotect
2392variable is set to
2393.Dq Li YES
2394by default in
2395.Pa /etc/defaults/rc.conf .
2396.It Va nscd_enable
2397.Pq Vt bool
2398Set to
2399.Dq Li YES
2400to start the
2401.Xr nscd 8
2402caching daemon for the
2403.Nm nsswitch
2404subsystem.
2405.It Va nscd_flags
2406.Pq Vt str
2407If
2408.Va nscd_enable
2409is set to
2410.Dq Li YES ,
2411these flags are passed to
2412.Xr nscd 8 .
2413.It Va kdc_enable
2414.Pq Vt bool
2415Set to
2416.Dq Li YES
2417to start a Kerberos 5 authentication server
2418at boot time.
2419.It Va kdc_program
2420.Pq Vt str
2421If
2422.Va kdc_enable
2423is set to
2424.Dq Li YES
2425this is the path to Kerberos 5 Authentication Server.
2426.It Va kdc_flags
2427.Pq Vt str
2428Empty by default.
2429This variable contains additional flags to be passed to the Kerberos 5
2430authentication server.
2431.It Va kadmind_enable
2432.Pq Vt bool
2433Set to
2434.Dq Li YES
2435to start
2436.Xr kadmind 8 ,
2437the Kerberos 5 Administration Daemon; set to
2438.Dq Li NO
2439on a slave server.
2440.It Va kadmind_program
2441.Pq Vt str
2442If
2443.Va kadmind_enable
2444is set to
2445.Dq Li YES
2446this is the path to Kerberos 5 Administration Daemon.
2447.It Va kpasswdd_enable
2448.Pq Vt bool
2449Set to
2450.Dq Li YES
2451to start
2452.Xr kpasswdd 8 ,
2453the Kerberos 5 Password-Changing Daemon; set to
2454.Dq Li NO
2455on a slave server.
2456.It Va kpasswdd_program
2457.Pq Vt str
2458If
2459.Va kpasswdd_enable
2460is set to
2461.Dq Li YES
2462this is the path to Kerberos 5 Password-Changing Daemon.
2463.It Va kfd_enable
2464.Pq Vt bool
2465Set to
2466.Dq Li YES
2467to start
2468.Xr kfd 8 ,
2469the Kerberos 5 ticket forwarding daemon, at the boot time.
2470.It Va kfd_program
2471.Pq Vt str
2472Path to
2473.Xr kfd 8
2474(default
2475.Pa /usr/libexec/kfd ) .
2476.It Va rwhod_enable
2477.Pq Vt bool
2478If set to
2479.Dq Li YES ,
2480run the
2481.Xr rwhod 8
2482daemon at boot time.
2483.It Va rwhod_flags
2484.Pq Vt str
2485If
2486.Va rwhod_enable
2487is set to
2488.Dq Li YES ,
2489these are the flags to pass to it.
2490.It Va update_motd
2491.Pq Vt bool
2492If set to
2493.Dq Li YES ,
2494.Pa /var/run/motd
2495will be updated at boot time to reflect the kernel release
2496being run.
2497If set to
2498.Dq Li NO ,
2499.Pa /var/run/motd
2500will not be updated.
2501.It Va nfs_client_enable
2502.Pq Vt bool
2503If set to
2504.Dq Li YES ,
2505run the NFS client daemons at boot time.
2506.It Va nfs_access_cache
2507.Pq Vt int
2508If
2509.Va nfs_client_enable
2510is set to
2511.Dq Li YES ,
2512this can be set to
2513.Dq Li 0
2514to disable NFS ACCESS RPC caching, or to the number of seconds for which
2515NFS ACCESS
2516results should be cached.
2517A value of 2-10 seconds will substantially reduce network
2518traffic for many NFS operations.
2519.It Va nfs_server_enable
2520.Pq Vt bool
2521If set to
2522.Dq Li YES ,
2523run the NFS server daemons at boot time.
2524.It Va nfs_server_flags
2525.Pq Vt str
2526If
2527.Va nfs_server_enable
2528is set to
2529.Dq Li YES ,
2530these are the flags to pass to the
2531.Xr nfsd 8
2532daemon.
2533.It Va nfsv4_server_enable
2534.Pq Vt bool
2535If
2536.Va nfs_server_enable
2537is set to
2538.Dq Li YES
2539and
2540.Va nfsv4_server_enable
2541is set to
2542.Dq Li YES ,
2543enable the server for NFSv4 as well as NFSv2 and NFSv3.
2544.It Va nfsv4_server_only
2545.Pq Vt bool
2546If
2547.Va nfs_server_enable
2548is set to
2549.Dq Li YES
2550and
2551.Va nfsv4_server_only
2552is set to
2553.Dq Li YES ,
2554enable the NFS server for NFSv4 only.
2555.It Va nfs_server_maxio
2556.Pq Vt int
2557value to set vfs.nfsd.srvmaxio to, which is the
2558maximum I/O size for the NFS server.
2559.It Va tlsclntd_enable
2560.Pq Vt bool
2561If set to
2562.Dq Li YES ,
2563run the
2564.Xr rpc.tlsclntd 8
2565daemon, which is needed for NFS-over-TLS NFS mounts.
2566.It Va tlsservd_enable
2567.Pq Vt bool
2568If set to
2569.Dq Li YES ,
2570run the
2571.Xr rpc.tlsservd 8
2572daemon, which is needed for the
2573.Xr nfsd 8
2574to support NFS-over-TLS NFS mounts.
2575.It Va nfsuserd_enable
2576.Pq Vt bool
2577If
2578.Va nfsuserd_enable
2579is set to
2580.Dq Li YES ,
2581run the nfsuserd daemon, which is needed for NFSv4 in order
2582to map between user/group names vs uid/gid numbers.
2583If
2584.Va nfsv4_server_enable
2585is set to
2586.Dq Li YES ,
2587this will be forced enabled.
2588.It Va nfsuserd_flags
2589.Pq Vt str
2590If
2591.Va nfsuserd_enable
2592is set to
2593.Dq Li YES ,
2594these are the flags to pass to the
2595.Xr nfsuserd 8
2596daemon.
2597.It Va nfscbd_enable
2598.Pq Vt bool
2599If
2600.Va nfscbd_enable
2601is set to
2602.Dq Li YES ,
2603run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client.
2604.It Va nfscbd_flags
2605.Pq Vt str
2606If
2607.Va nfscbd_enable
2608is set to
2609.Dq Li YES ,
2610these are the flags to pass to the
2611.Xr nfscbd 8
2612daemon.
2613.It Va mountd_enable
2614.Pq Vt bool
2615If set to
2616.Dq Li YES ,
2617and no
2618.Va nfs_server_enable
2619is set, start
2620.Xr mountd 8 ,
2621but not
2622.Xr nfsd 8
2623daemon.
2624It is commonly needed to run CFS without real NFS used.
2625.It Va mountd_flags
2626.Pq Vt str
2627If
2628.Va mountd_enable
2629is set to
2630.Dq Li YES ,
2631these are the flags to pass to the
2632.Xr mountd 8
2633daemon.
2634.It Va weak_mountd_authentication
2635.Pq Vt bool
2636If set to
2637.Dq Li YES ,
2638allow services like PCNFSD to make non-privileged mount
2639requests.
2640.It Va nfs_reserved_port_only
2641.Pq Vt bool
2642If set to
2643.Dq Li YES ,
2644provide NFS services only on a secure port.
2645.It Va nfs_bufpackets
2646.Pq Vt int
2647If set to a number, indicates the number of packets worth of
2648socket buffer space to reserve on an NFS client.
2649The kernel default is typically 4.
2650Using a higher number may be
2651useful on gigabit networks to improve performance.
2652The minimum value is
26532 and the maximum is 64.
2654.It Va rpc_lockd_enable
2655.Pq Vt bool
2656If set to
2657.Dq Li YES
2658and also an NFS server or client, run
2659.Xr rpc.lockd 8
2660at boot time.
2661.It Va rpc_lockd_flags
2662.Pq Vt str
2663If
2664.Va rpc_lockd_enable
2665is set to
2666.Dq Li YES ,
2667these are the flags to pass to the
2668.Xr rpc.lockd 8
2669daemon.
2670.It Va rpc_statd_enable
2671.Pq Vt bool
2672If set to
2673.Dq Li YES
2674and also an NFS server or client, run
2675.Xr rpc.statd 8
2676at boot time.
2677.It Va rpc_statd_flags
2678.Pq Vt str
2679If
2680.Va rpc_statd_enable
2681is set to
2682.Dq Li YES ,
2683these are the flags to pass to the
2684.Xr rpc.statd 8
2685daemon.
2686.It Va rpcbind_program
2687.Pq Vt str
2688Path to
2689.Xr rpcbind 8
2690(default
2691.Pa /usr/sbin/rpcbind ) .
2692.It Va rpcbind_enable
2693.Pq Vt bool
2694If set to
2695.Dq Li YES ,
2696run the
2697.Xr rpcbind 8
2698service at boot time.
2699.It Va rpcbind_flags
2700.Pq Vt str
2701If
2702.Va rpcbind_enable
2703is set to
2704.Dq Li YES ,
2705these are the flags to pass to the
2706.Xr rpcbind 8
2707daemon.
2708.It Va keyserv_enable
2709.Pq Vt bool
2710If set to
2711.Dq Li YES ,
2712run the
2713.Xr keyserv 8
2714daemon on boot for running Secure RPC.
2715.It Va keyserv_flags
2716.Pq Vt str
2717If
2718.Va keyserv_enable
2719is set to
2720.Dq Li YES ,
2721these are the flags to pass to
2722.Xr keyserv 8
2723daemon.
2724.It Va pppoed_enable
2725.Pq Vt bool
2726If set to
2727.Dq Li YES ,
2728run the
2729.Xr pppoed 8
2730daemon at boot time to provide PPP over Ethernet services.
2731.It Va pppoed_ Ns Aq Ar provider
2732.Pq Vt str
2733.Xr pppoed 8
2734listens to requests to this
2735.Ar provider
2736and ultimately runs
2737.Xr ppp 8
2738with a
2739.Ar system
2740argument of the same name.
2741.It Va pppoed_flags
2742.Pq Vt str
2743Additional flags to pass to
2744.Xr pppoed 8 .
2745.It Va pppoed_interface
2746.Pq Vt str
2747The network interface to run
2748.Xr pppoed 8
2749on.
2750This is mandatory when
2751.Va pppoed_enable
2752is set to
2753.Dq Li YES .
2754.It Va ntpdate_enable
2755.Pq Vt bool
2756If set to
2757.Dq Li YES ,
2758run
2759.Xr ntpdate 8
2760at system startup.
2761This command is intended to
2762synchronize the system clock only
2763.Em once
2764from some standard reference.
2765.Pp
2766Note that the use of the
2767.Va ntpd_sync_on_start
2768variable is a preferred alternative to the
2769.Xr ntpdate 8
2770utility as
2771.Xr ntpdate 8
2772is to be retired from the NTP distribution.
2773.It Va ntpdate_config
2774.Pq Vt str
2775Configuration file for
2776.Xr ntpdate 8 .
2777Default
2778.Pa /etc/ntp.conf .
2779.It Va ntpdate_hosts
2780.Pq Vt str
2781A whitespace-separated list of NTP servers to synchronize with at startup.
2782The default is to use the servers listed in
2783.Va ntpdate_config ,
2784if that file exists.
2785.It Va ntpdate_program
2786.Pq Vt str
2787Path to
2788.Xr ntpdate 8
2789(default
2790.Pa /usr/sbin/ntpdate ) .
2791.It Va ntpdate_flags
2792.Pq Vt str
2793If
2794.Va ntpdate_enable
2795is set to
2796.Dq Li YES ,
2797these are the flags to pass to the
2798.Xr ntpdate 8
2799command (typically a hostname).
2800.It Va ntpd_enable
2801.Pq Vt bool
2802If set to
2803.Dq Li YES ,
2804run the
2805.Xr ntpd 8
2806command at boot time.
2807.It Va ntpd_program
2808.Pq Vt str
2809Path to
2810.Xr ntpd 8
2811(default
2812.Pa /usr/sbin/ntpd ) .
2813.It Va ntpd_config
2814.Pq Vt str
2815Path to
2816.Xr ntpd 8
2817configuration file.
2818Default
2819.Pa /etc/ntp.conf .
2820.It Va ntpd_flags
2821.Pq Vt str
2822If
2823.Va ntpd_enable
2824is set to
2825.Dq Li YES ,
2826these are the flags to pass to the
2827.Xr ntpd 8
2828daemon.
2829.It Va ntpd_sync_on_start
2830.Pq Vt bool
2831If set to
2832.Dq Li YES ,
2833.Xr ntpd 8
2834is run with the
2835.Fl g
2836flag, which syncs the system's clock on startup.
2837See
2838.Xr ntpd 8
2839for more information regarding the
2840.Fl g
2841option.
2842This is a preferred alternative to using
2843.Xr ntpdate 8
2844or specifying the
2845.Va ntpdate_enable
2846variable.
2847.It Va nis_client_enable
2848.Pq Vt bool
2849If set to
2850.Dq Li YES ,
2851run the
2852.Xr ypbind 8
2853service at system boot time.
2854.It Va nis_client_flags
2855.Pq Vt str
2856If
2857.Va nis_client_enable
2858is set to
2859.Dq Li YES ,
2860these are the flags to pass to the
2861.Xr ypbind 8
2862service.
2863.It Va nis_ypldap_enable
2864.Pq Vt bool
2865If set to
2866.Dq Li YES ,
2867run the
2868.Xr ypldap 8
2869daemon at system boot time.
2870.It Va nis_ypldap_flags
2871.Pq Vt str
2872If
2873.Va nis.ypldap_enable
2874is set to
2875.Dq Li YES ,
2876these are the flags to pass to the
2877.Xr ypldap 8
2878daemon.
2879.It Va nis_ypset_enable
2880.Pq Vt bool
2881If set to
2882.Dq Li YES ,
2883run the
2884.Xr ypset 8
2885daemon at system boot time.
2886.It Va nis_ypset_flags
2887.Pq Vt str
2888If
2889.Va nis_ypset_enable
2890is set to
2891.Dq Li YES ,
2892these are the flags to pass to the
2893.Xr ypset 8
2894daemon.
2895.It Va nis_server_enable
2896.Pq Vt bool
2897If set to
2898.Dq Li YES ,
2899run the
2900.Xr ypserv 8
2901daemon at system boot time.
2902.It Va nis_server_flags
2903.Pq Vt str
2904If
2905.Va nis_server_enable
2906is set to
2907.Dq Li YES ,
2908these are the flags to pass to the
2909.Xr ypserv 8
2910daemon.
2911.It Va nis_ypxfrd_enable
2912.Pq Vt bool
2913If set to
2914.Dq Li YES ,
2915run the
2916.Xr rpc.ypxfrd 8
2917daemon at system boot time.
2918.It Va nis_ypxfrd_flags
2919.Pq Vt str
2920If
2921.Va nis_ypxfrd_enable
2922is set to
2923.Dq Li YES ,
2924these are the flags to pass to the
2925.Xr rpc.ypxfrd 8
2926daemon.
2927.It Va nis_yppasswdd_enable
2928.Pq Vt bool
2929If set to
2930.Dq Li YES ,
2931run the
2932.Xr rpc.yppasswdd 8
2933daemon at system boot time.
2934.It Va nis_yppasswdd_flags
2935.Pq Vt str
2936If
2937.Va nis_yppasswdd_enable
2938is set to
2939.Dq Li YES ,
2940these are the flags to pass to the
2941.Xr rpc.yppasswdd 8
2942daemon.
2943.It Va rpc_ypupdated_enable
2944.Pq Vt bool
2945If set to
2946.Dq Li YES ,
2947run the
2948.Nm rpc.ypupdated
2949daemon at system boot time.
2950.It Va bsnmpd_enable
2951.Pq Vt bool
2952If set to
2953.Dq Li YES ,
2954run the
2955.Xr bsnmpd 1
2956daemon at system boot time.
2957Be sure to understand the security implications of running an SNMP daemon
2958on your host.
2959.It Va bsnmpd_flags
2960.Pq Vt str
2961If
2962.Va bsnmpd_enable
2963is set to
2964.Dq Li YES ,
2965these are the flags to pass to the
2966.Xr bsnmpd 1
2967daemon.
2968.It Va defaultrouter
2969.Pq Vt str
2970If not set to
2971.Dq Li NO ,
2972create a default route to this host name or IP address
2973(use an IP address if this router is also required to get to the
2974name server!).
2975.It Va defaultrouter_fibN
2976.Pq Vt str
2977If not set to
2978.Dq Li NO ,
2979create a default route in FIB N to this host name or IP address.
2980.It Va ipv6_defaultrouter
2981.Pq Vt str
2982The IPv6 equivalent of
2983.Va defaultrouter .
2984.It Va ipv6_defaultrouter_fibN
2985.Pq Vt str
2986The IPv6 equivalent of
2987.Va defaultrouter_fibN .
2988.It Va static_arp_pairs
2989.Pq Vt str
2990Set to the list of static ARP pairs that are to be added at system
2991boot time.
2992For each whitespace separated
2993.Ar element
2994in the value, a
2995.Va static_arp_ Ns Aq Ar element
2996variable is assumed to exist whose contents will later be passed to a
2997.Dq Nm arp Cm -S
2998operation.
2999For example
3000.Bd -literal
3001static_arp_pairs="gw"
3002static_arp_gw="192.168.1.1 00:01:02:03:04:05"
3003.Ed
3004.It Va static_ndp_pairs
3005.Pq Vt str
3006Set to the list of static NDP pairs that are to be added at system
3007boot time.
3008For each whitespace separated
3009.Ar element
3010in the value, a
3011.Va static_ndp_ Ns Aq Ar element
3012variable is assumed to exist whose contents will later be passed to a
3013.Dq Nm ndp Cm -s
3014operation.
3015For example
3016.Bd -literal
3017static_ndp_pairs="gw"
3018static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05"
3019.Ed
3020.It Va static_routes
3021.Pq Vt str
3022Set to the list of static routes that are to be added at system
3023boot time.
3024If not set to
3025.Dq Li NO
3026then for each whitespace separated
3027.Ar element
3028in the value, a
3029.Va route_ Ns Aq Ar element
3030variable is assumed to exist
3031whose contents will later be passed to a
3032.Dq Nm route Cm add
3033operation.
3034For example:
3035.Bd -literal
3036static_routes="ext mcast:gif0 gif0local:gif0"
3037route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1"
3038route_mcast="-net 224.0.0.0/4 -iface gif0"
3039route_gif0local="-host 169.254.1.1 -iface lo0"
3040.Ed
3041.Pp
3042When an
3043.Ar element
3044is in the form of
3045.Li name:ifname ,
3046the route is specific to the interface
3047.Li ifname .
3048.It Va ipv6_static_routes
3049.Pq Vt str
3050The IPv6 equivalent of
3051.Va static_routes .
3052If not set to
3053.Dq Li NO
3054then for each whitespace separated
3055.Ar element
3056in the value, a
3057.Va ipv6_route_ Ns Aq Ar element
3058variable is assumed to exist
3059whose contents will later be passed to a
3060.Dq Nm route Cm add Fl inet6
3061operation.
3062.It Va gateway_enable
3063.Pq Vt bool
3064If set to
3065.Dq Li YES ,
3066configure host to act as an IP router, e.g.\& to forward packets
3067between interfaces.
3068.It Va ipv6_gateway_enable
3069.Pq Vt bool
3070The IPv6 equivalent of
3071.Va gateway_enable .
3072.It Va routed_enable
3073.Pq Vt bool
3074If set to
3075.Dq Li YES ,
3076run a routing daemon of some sort, based on the
3077settings of
3078.Va routed_program
3079and
3080.Va routed_flags .
3081.It Va route6d_enable
3082.Pq Vt bool
3083The IPv6 equivalent of
3084.Va routed_enable .
3085If set to
3086.Dq Li YES ,
3087run a routing daemon of some sort, based on the
3088settings of
3089.Va route6d_program
3090and
3091.Va route6d_flags .
3092.It Va routed_program
3093.Pq Vt str
3094If
3095.Va routed_enable
3096is set to
3097.Dq Li YES ,
3098this is the name of the routing daemon to use.
3099The default is
3100.Xr routed 8 .
3101.It Va route6d_program
3102.Pq Vt str
3103The IPv6 equivalent of
3104.Va routed_program .
3105The default is
3106.Xr route6d 8 .
3107.It Va routed_flags
3108.Pq Vt str
3109If
3110.Va routed_enable
3111is set to
3112.Dq Li YES ,
3113these are the flags to pass to the routing daemon.
3114.It Va route6d_flags
3115.Pq Vt str
3116The IPv6 equivalent of
3117.Va routed_flags .
3118.It Va rtadvd_enable
3119.Pq Vt bool
3120If set to
3121.Dq Li YES ,
3122run the
3123.Xr rtadvd 8
3124daemon at boot time.
3125The
3126.Xr rtadvd 8
3127utility sends ICMPv6 Router Advertisement messages to
3128the interfaces specified in
3129.Va rtadvd_interfaces .
3130This should only be enabled with great care.
3131You may want to fine-tune
3132.Xr rtadvd.conf 5 .
3133.It Va rtadvd_interfaces
3134.Pq Vt str
3135If
3136.Va rtadvd_enable
3137is set to
3138.Dq Li YES
3139this is the list of interfaces to use.
3140.It Va arpproxy_all
3141.Pq Vt bool
3142If set to
3143.Dq Li YES ,
3144enable global proxy ARP.
3145.It Va forward_sourceroute
3146.Pq Vt bool
3147If set to
3148.Dq Li YES
3149and
3150.Va gateway_enable
3151is also set to
3152.Dq Li YES ,
3153source-routed packets are forwarded.
3154.It Va accept_sourceroute
3155.Pq Vt bool
3156If set to
3157.Dq Li YES ,
3158the system will accept source-routed packets directed at it.
3159.It Va rarpd_enable
3160.Pq Vt bool
3161If set to
3162.Dq Li YES ,
3163run the
3164.Xr rarpd 8
3165daemon at system boot time.
3166.It Va rarpd_flags
3167.Pq Vt str
3168If
3169.Va rarpd_enable
3170is set to
3171.Dq Li YES ,
3172these are the flags to pass to the
3173.Xr rarpd 8
3174daemon.
3175.It Va bootparamd_enable
3176.Pq Vt bool
3177If set to
3178.Dq Li YES ,
3179run the
3180.Xr bootparamd 8
3181daemon at system boot time.
3182.It Va bootparamd_flags
3183.Pq Vt str
3184If
3185.Va bootparamd_enable
3186is set to
3187.Dq Li YES ,
3188these are the flags to pass to the
3189.Xr bootparamd 8
3190daemon.
3191.It Va stf_interface_ipv4addr
3192.Pq Vt str
3193If not set to
3194.Dq Li NO ,
3195this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling
3196interface).
3197Specify this entry to enable the 6to4 interface.
3198.It Va stf_interface_ipv4plen
3199.Pq Vt int
3200Prefix length for 6to4 IPv4 addresses, to limit peer address range.
3201An effective value is 0-31.
3202.It Va stf_interface_ipv6_ifid
3203.Pq Vt str
3204IPv6 interface ID for
3205.Xr stf 4 .
3206This can be set to
3207.Dq Li AUTO .
3208.It Va stf_interface_ipv6_slaid
3209.Pq Vt str
3210IPv6 Site Level Aggregator for
3211.Xr stf 4 .
3212.It Va ipv6_ipv4mapping
3213.Pq Vt bool
3214If set to
3215.Dq Li YES
3216this enables IPv4 mapped IPv6 address communication (like
3217.Li ::ffff:a.b.c.d ) .
3218.It Va rtsold_enable
3219.Pq Vt bool
3220Set to
3221.Dq Li YES
3222to enable the
3223.Xr rtsold 8
3224daemon to send ICMPv6 Router Solicitation messages.
3225.It Va rtsold_flags
3226.Pq Vt str
3227If
3228.Va rtsold_enable
3229is set to
3230.Dq Li YES ,
3231these are the flags to pass to
3232.Xr rtsold 8 .
3233.It Va rtsol_flags
3234.Pq Vt str
3235For interfaces configured with the
3236.Dq Li inet6 accept_rtadv
3237keyword, these are the flags to pass to
3238.Xr rtsol 8 .
3239.Pp
3240Note that
3241.Va rtsold_enable
3242is mutually exclusive to
3243.Va rtsol_flags ;
3244.Va rtsold_enable
3245takes precedence.
3246.It Va keybell
3247.Pq Vt str
3248The keyboard bell sound.
3249Set to
3250.Dq Li normal ,
3251.Dq Li visual ,
3252.Dq Li off ,
3253or
3254.Dq Li NO
3255if the default behavior is desired.
3256For details, refer to the
3257.Xr kbdcontrol 1
3258manpage.
3259.It Va keyboard
3260.Pq Vt str
3261If set to a non-null string, the virtual console's keyboard input is
3262set to this device.
3263.It Va keymap
3264.Pq Vt str
3265If set to
3266.Dq Li NO ,
3267no keymap is installed, otherwise the value is used to install
3268the keymap file found in
3269.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3270(if using
3271.Xr syscons 4 ) or
3272.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd
3273(if using
3274.Xr vt 4 ) .
3275.It Va keyrate
3276.Pq Vt str
3277The keyboard repeat speed.
3278Set to
3279.Dq Li slow ,
3280.Dq Li normal ,
3281.Dq Li fast ,
3282or
3283.Dq Li NO
3284if the default behavior is desired.
3285.It Va keychange
3286.Pq Vt str
3287If not set to
3288.Dq Li NO ,
3289attempt to program the function keys with the value.
3290The value should
3291be a single string of the form:
3292.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... .
3293.It Va cursor
3294.Pq Vt str
3295Can be set to the value of
3296.Dq Li normal ,
3297.Dq Li blink ,
3298.Dq Li destructive ,
3299or
3300.Dq Li NO
3301to set the cursor behavior explicitly or choose the default behavior.
3302.It Va scrnmap
3303.Pq Vt str
3304If set to
3305.Dq Li NO ,
3306no screen map is installed, otherwise the value is used to install
3307the screen map file in
3308.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value .
3309This parameter is ignored when using
3310.Xr vt 4
3311as the console driver.
3312.It Va font8x16
3313.Pq Vt str
3314If set to
3315.Dq Li NO ,
3316the default 8x16 font value is used for screen size requests, otherwise
3317the value in
3318.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3319or
3320.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3321is used (depending on the console driver being used).
3322.It Va font8x14
3323.Pq Vt str
3324If set to
3325.Dq Li NO ,
3326the default 8x14 font value is used for screen size requests, otherwise
3327the value in
3328.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3329or
3330.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3331is used (depending on the console driver being used).
3332.It Va font8x8
3333.Pq Vt str
3334If set to
3335.Dq Li NO ,
3336the default 8x8 font value is used for screen size requests, otherwise
3337the value in
3338.Pa /usr/share/syscons/fonts/ Ns Aq Ar value
3339or
3340.Pa /usr/share/vt/fonts/ Ns Aq Ar value
3341is used (depending on the console driver being used).
3342.It Va blanktime
3343.Pq Vt int
3344If set to
3345.Dq Li NO ,
3346the default screen blanking interval is used, otherwise it is set
3347to
3348.Ar value
3349seconds.
3350.It Va saver
3351.Pq Vt str
3352If not set to
3353.Dq Li NO ,
3354this is the actual screen saver to use
3355.Li ( blank , snake , daemon ,
3356etc).
3357.It Va moused_nondefault_enable
3358.Pq Vt str
3359If set to
3360.Dq Li NO ,
3361the mouse device specified on
3362the command line is not automatically treated as enabled by the
3363.Pa /etc/rc.d/moused
3364script.
3365Having this variable set to
3366.Dq Li YES
3367allows a
3368.Xr usb 4
3369mouse,
3370for example,
3371to be enabled as soon as it is plugged in.
3372.It Va moused_enable
3373.Pq Vt str
3374If set to
3375.Dq Li YES ,
3376the
3377.Xr moused 8
3378daemon is started for doing cut/paste selection on the console.
3379.It Va moused_type
3380.Pq Vt str
3381This is the protocol type of the mouse connected to this host.
3382This variable must be set if
3383.Va moused_enable
3384is set to
3385.Dq Li YES ,
3386but defaults to
3387.Dq Li auto
3388as the
3389.Xr moused 8
3390daemon
3391is able to detect the appropriate mouse type automatically in many cases.
3392Set this variable to
3393one from the following list if the automatic detection fails.
3394.Pp
3395If the mouse is attached to the PS/2 mouse port, choose
3396.Dq Li auto
3397or
3398.Dq Li ps/2 ,
3399regardless of the brand and model of the mouse.
3400Likewise, if the
3401mouse is attached to the bus mouse port, choose
3402.Dq Li auto
3403or
3404.Dq Li busmouse .
3405All other protocols are for serial mice and will not work with
3406the PS/2 and bus mice.
3407If this is a USB mouse,
3408.Dq Li auto
3409is the only protocol type which will work.
3410.Pp
3411.Bl -tag -width ".Li x10mouseremote" -compact
3412.It Li microsoft
3413Microsoft mouse (serial)
3414.It Li intellimouse
3415Microsoft IntelliMouse (serial)
3416.It Li mousesystems
3417Mouse systems Corp.\& mouse (serial)
3418.It Li mmseries
3419MM Series mouse (serial)
3420.It Li logitech
3421Logitech mouse (serial)
3422.It Li busmouse
3423A bus mouse
3424.It Li mouseman
3425Logitech MouseMan and TrackMan (serial)
3426.It Li glidepoint
3427ALPS GlidePoint (serial)
3428.It Li thinkingmouse
3429Kensington ThinkingMouse (serial)
3430.It Li ps/2
3431PS/2 mouse
3432.It Li mmhittab
3433MM HitTablet (serial)
3434.It Li x10mouseremote
3435X10 MouseRemote (serial)
3436.It Li versapad
3437Interlink VersaPad (serial)
3438.El
3439.Pp
3440Even if the mouse is not in the above list, it may be compatible
3441with one in the list.
3442Refer to the manual page for
3443.Xr moused 8
3444for compatibility information.
3445.Pp
3446It should also be noted that while this is enabled, any
3447other client of the mouse (such as an X server) should access
3448the mouse through the virtual mouse device,
3449.Pa /dev/sysmouse ,
3450and configure it as a
3451.Dq Li sysmouse
3452type mouse, since all
3453mouse data is converted to this single canonical format when
3454using
3455.Xr moused 8 .
3456If the client program does not support the
3457.Dq Li sysmouse
3458type,
3459specify the
3460.Dq Li mousesystems
3461type.
3462It is the second preferred type.
3463.It Va moused_port
3464.Pq Vt str
3465If
3466.Va moused_enable
3467is set to
3468.Dq Li YES ,
3469this is the actual port the mouse is on.
3470It might be
3471.Pa /dev/cuau0
3472for a COM1 serial mouse, or
3473.Pa /dev/psm0
3474for a PS/2 mouse, for example.
3475.It Va moused_flags
3476.Pq Vt str
3477If
3478.Va moused_flags
3479is set, its value is used as an additional set of flags to pass to the
3480.Xr moused 8
3481daemon.
3482.It Va "moused_" Ns Ar XXX Ns Va "_flags"
3483When
3484.Va moused_nondefault_enable
3485is enabled, and a
3486.Xr moused 8
3487daemon is started for a non-default port, the
3488.Va "moused_" Ns Ar XXX Ns Va "_flags"
3489set of options has precedence over and replaces the default
3490.Va moused_flags
3491(where
3492.Ar XXX
3493is the name of the non-default port, i.e.,\&
3494.Ar ums0 ) .
3495By setting
3496.Va "moused_" Ns Ar XXX Ns Va "_flags"
3497it is possible to set up a different set of default flags for each
3498.Xr moused 8
3499instance.
3500For example, you can use
3501.Dq Li "-3"
3502for the default
3503.Va moused_flags
3504to make your laptop's touchpad more comfortable to use,
3505but an empty set of options for
3506.Va moused_ums0_flags
3507when your
3508.Xr usb 4
3509mouse has three or more buttons.
3510.It Va mousechar_start
3511.Pq Vt int
3512If set to
3513.Dq Li NO ,
3514the default mouse cursor character range
3515.Li 0xd0 Ns - Ns Li 0xd3
3516is used,
3517otherwise the range start is set
3518to
3519.Ar value
3520character, see
3521.Xr vidcontrol 1 .
3522Use if the default range is occupied in the language code table.
3523.It Va allscreens_flags
3524.Pq Vt str
3525If set,
3526.Xr vidcontrol 1
3527is run with these options for each of the virtual terminals
3528.Pq Pa /dev/ttyv* .
3529For example,
3530.Dq Fl m Cm on
3531will enable the mouse pointer on all virtual terminals
3532if
3533.Va moused_enable
3534is set to
3535.Dq Li YES .
3536.It Va allscreens_kbdflags
3537.Pq Vt str
3538If set,
3539.Xr kbdcontrol 1
3540is run with these options for each of the virtual terminals
3541.Pq Pa /dev/ttyv* .
3542For example,
3543.Dq Fl h Li 200
3544will set the
3545.Xr syscons 4
3546or
3547.Xr vt 4
3548scrollback (history) buffer to 200 lines.
3549.It Va cron_enable
3550.Pq Vt bool
3551If set to
3552.Dq Li YES ,
3553run the
3554.Xr cron 8
3555daemon at system boot time.
3556.It Va cron_program
3557.Pq Vt str
3558Path to
3559.Xr cron 8
3560(default
3561.Pa /usr/sbin/cron ) .
3562.It Va cron_flags
3563.Pq Vt str
3564If
3565.Va cron_enable
3566is set to
3567.Dq Li YES ,
3568these are the flags to pass to
3569.Xr cron 8 .
3570.It Va cron_dst
3571.Pq Vt bool
3572If set to
3573.Dq Li YES ,
3574enable the special handling of transitions to and from the
3575Daylight Saving Time in
3576.Xr cron 8
3577(equivalent to using the flag
3578.Fl s ) .
3579.It Va lpd_program
3580.Pq Vt str
3581Path to
3582.Xr lpd 8
3583(default
3584.Pa /usr/sbin/lpd ) .
3585.It Va lpd_enable
3586.Pq Vt bool
3587If set to
3588.Dq Li YES ,
3589run the
3590.Xr lpd 8
3591daemon at system boot time.
3592.It Va lpd_flags
3593.Pq Vt str
3594If
3595.Va lpd_enable
3596is set to
3597.Dq Li YES ,
3598these are the flags to pass to the
3599.Xr lpd 8
3600daemon.
3601.It Va chkprintcap_enable
3602.Pq Vt bool
3603If set to
3604.Dq Li YES ,
3605run the
3606.Xr chkprintcap 8
3607command before starting the
3608.Xr lpd 8
3609daemon.
3610.It Va chkprintcap_flags
3611.Pq Vt str
3612If
3613.Va lpd_enable
3614and
3615.Va chkprintcap_enable
3616are set to
3617.Dq Li YES ,
3618these are the flags to pass to the
3619.Xr chkprintcap 8
3620program.
3621The default is
3622.Dq Li -d ,
3623which causes missing directories to be created.
3624.It Va dumpdev
3625.Pq Vt str
3626Indicates the device (usually a swap partition) to which a crash dump
3627should be written in the event of a system crash.
3628If the value of this variable is
3629.Dq Li AUTO ,
3630the first suitable swap device listed in
3631.Pa /etc/fstab
3632will be used as dump device.
3633Otherwise, the value of this variable is passed as the argument to
3634.Xr dumpon 8
3635and
3636.Xr savecore 8 .
3637To disable crash dumps, set this variable to
3638.Dq Li NO .
3639.It Va dumpon_flags
3640.Pq Vt str
3641Flags to pass to
3642.Xr dumpon 8
3643when configuring
3644.Va dumpdev
3645as the system dump device.
3646.It Va dumpdir
3647.Pq Vt str
3648When the system reboots after a crash and a crash dump is found on the
3649device specified by the
3650.Va dumpdev
3651variable,
3652.Xr savecore 8
3653will save that crash dump and a copy of the kernel to the directory
3654specified by the
3655.Va dumpdir
3656variable.
3657The default value is
3658.Pa /var/crash .
3659Set to
3660.Dq Li NO
3661to not run
3662.Xr savecore 8
3663at boot time when
3664.Va dumpdir
3665is set.
3666.It Va savecore_enable
3667.Pq Vt bool
3668If set to
3669.Dq Li NO ,
3670disable automatic extraction of the crash dump from the
3671.Va dumpdev .
3672.It Va savecore_flags
3673.Pq Vt str
3674If crash dumps are enabled, these are the flags to pass to the
3675.Xr savecore 8
3676utility.
3677.It Va quota_enable
3678.Pq Vt bool
3679Set to
3680.Dq Li YES
3681to turn on user and group disk quotas on system startup via the
3682.Xr quotaon 8
3683command for all file systems marked as having quotas enabled in
3684.Pa /etc/fstab .
3685The kernel must be built with
3686.Cd "options QUOTA"
3687for disk quotas to function.
3688.It Va check_quotas
3689.Pq Vt bool
3690Set to
3691.Dq Li YES
3692to enable user and group disk quota checking via the
3693.Xr quotacheck 8
3694command.
3695.It Va quotacheck_flags
3696.Pq Vt str
3697If
3698.Va quota_enable
3699is set to
3700.Dq Li YES ,
3701and
3702.Va check_quotas
3703is set to
3704.Dq Li YES ,
3705these are the flags to pass to the
3706.Xr quotacheck 8
3707utility.
3708The default is
3709.Dq Li "-a" ,
3710which checks quotas for all file systems with quotas enabled in
3711.Pa /etc/fstab .
3712.It Va quotaon_flags
3713.Pq Vt str
3714If
3715.Va quota_enable
3716is set to
3717.Dq Li YES ,
3718these are the flags to pass to the
3719.Xr quotaon 8
3720utility.
3721The default is
3722.Dq Li "-a" ,
3723which enables quotas for all file systems with quotas enabled in
3724.Pa /etc/fstab .
3725.It Va quotaoff_flags
3726.Pq Vt str
3727If
3728.Va quota_enable
3729is set to
3730.Dq Li YES ,
3731these are the flags to pass to the
3732.Xr quotaoff 8
3733utility when shutting down the quota system.
3734The default is
3735.Dq Li "-a" ,
3736which disables quotas for all file systems with quotas enabled in
3737.Pa /etc/fstab .
3738.It Va accounting_enable
3739.Pq Vt bool
3740Set to
3741.Dq Li YES
3742to enable system accounting through the
3743.Xr accton 8
3744facility.
3745.It Va firstboot_sentinel
3746.Pq Vt str
3747This variable specifies the full path to a
3748.Dq first boot
3749sentinel file.
3750If a file exists with this path,
3751.Pa rc.d
3752scripts with the
3753.Dq firstboot
3754keyword will be run on startup and the sentinel file will be deleted
3755after the boot process completes.
3756The sentinel file must be located on a writable file system which is
3757mounted no later than
3758.Va early_late_divider
3759to function properly.
3760The default is
3761.Pa /firstboot .
3762.It Va linux_enable
3763.Pq Vt bool
3764Set to
3765.Dq Li YES
3766to enable Linux/ELF binary emulation at system initial
3767boot time.
3768.It Va sysvipc_enable
3769.Pq Vt bool
3770If set to
3771.Dq Li YES ,
3772load System V IPC primitives at boot time.
3773.It Va clear_tmp_enable
3774.Pq Vt bool
3775Set to
3776.Dq Li YES
3777to have
3778.Pa /tmp
3779cleaned at startup.
3780.It Va clear_tmp_X
3781.Pq Vt bool
3782Set to
3783.Dq Li NO
3784to disable removing of X11 lock files,
3785and the removal and (secure) recreation
3786of the various socket directories for X11
3787related programs.
3788.It Va ldconfig_paths
3789.Pq Vt str
3790Set to the list of shared library paths to use with
3791.Xr ldconfig 8 .
3792NOTE:
3793.Pa /lib
3794and
3795.Pa /usr/lib
3796will always be added first, so they need not appear in this list.
3797.It Va ldconfig32_paths
3798.Pq Vt str
3799Set to the list of 32-bit compatibility shared library paths to
3800use with
3801.Xr ldconfig 8 .
3802.It Va ldconfig_insecure
3803.Pq Vt bool
3804The
3805.Xr ldconfig 8
3806utility normally refuses to use directories
3807which are writable by anyone except root.
3808Set this variable to
3809.Dq Li YES
3810to disable that security check during system startup.
3811.It Va ldconfig_local_dirs
3812.Pq Vt str
3813Set to the list of local
3814.Xr ldconfig 8
3815directories.
3816The names of all files in the directories listed will be
3817passed as arguments to
3818.Xr ldconfig 8 .
3819.It Va ldconfig_local32_dirs
3820.Pq Vt str
3821Set to the list of local 32-bit compatibility
3822.Xr ldconfig 8
3823directories.
3824The names of all files in the directories listed will be
3825passed as arguments to
3826.Dq Nm ldconfig Fl 32 .
3827.It Va kern_securelevel_enable
3828.Pq Vt bool
3829Set to
3830.Dq Li YES
3831to set the kernel security level at system startup.
3832.It Va kern_securelevel
3833.Pq Vt int
3834The kernel security level to set at startup.
3835The allowed range of
3836.Ar value
3837ranges from \-1 (the compile time default) to 3 (the
3838most secure).
3839See
3840.Xr security 7
3841for the list of possible security levels and their effect
3842on system operation.
3843.It Va sshd_program
3844.Pq Vt str
3845Path to the SSH server program
3846.Pa ( /usr/sbin/sshd
3847is the default).
3848.It Va sshd_enable
3849.Pq Vt bool
3850Set to
3851.Dq Li YES
3852to start
3853.Xr sshd 8
3854at system boot time.
3855Note, the
3856.Va sshd_oomprotect
3857variable is set to
3858.Dq Li YES
3859by default in
3860.Pa /etc/defaults/rc.conf .
3861.It Va sshd_flags
3862.Pq Vt str
3863If
3864.Va sshd_enable
3865is set to
3866.Dq Li YES ,
3867these are the flags to pass to the
3868.Xr sshd 8
3869daemon.
3870.It Va ftpd_program
3871.Pq Vt str
3872Path to the FTP server program
3873.Pa ( /usr/libexec/ftpd
3874is the default).
3875.It Va ftpd_enable
3876.Pq Vt bool
3877Set to
3878.Dq Li YES
3879to start
3880.Xr ftpd 8
3881as a stand-alone daemon at system boot time.
3882.It Va ftpd_flags
3883.Pq Vt str
3884If
3885.Va ftpd_enable
3886is set to
3887.Dq Li YES ,
3888these are the additional flags to pass to the
3889.Xr ftpd 8
3890daemon.
3891.It Va watchdogd_enable
3892.Pq Vt bool
3893If set to
3894.Dq Li YES ,
3895start the
3896.Xr watchdogd 8
3897daemon at boot time.
3898This requires that the kernel have been compiled with a
3899.Xr watchdog 4
3900compatible device.
3901.It Va watchdogd_flags
3902.Pq Vt str
3903If
3904.Va watchdogd_enable
3905is set to
3906.Dq Li YES ,
3907these are the flags passed to the
3908.Xr watchdogd 8
3909daemon.
3910.It Va watchdogd_timeout
3911.Pq Vt int
3912If
3913.Va watchdogd_enable
3914is set to
3915.Dq Li YES ,
3916this is a timeout that will be used by the
3917.Xr watchdogd 8
3918daemon.
3919If this option is set, it overrides
3920.Fl t
3921in
3922.Va watchdogd_flags .
3923.It Va watchdogd_shutdown_timeout
3924.Pq Vt int
3925If
3926.Va watchdogd_enable
3927is set to
3928.Dq Li YES ,
3929this is a timeout that will be set by the
3930.Xr watchdogd 8
3931daemon when it exits during the system shutdown.
3932This timeout will not be set when returning to the single-user mode
3933or when the watchdogd service is stopped individually using the
3934.Xr service 8
3935command or the rc.d script.
3936Note that the timeout will be applied if
3937.Xr watchdogd 8
3938is stopped outside of
3939.Xr rc 8
3940framework.
3941If this option is set, it overrides
3942.Fl x
3943in
3944.Va watchdogd_flags .
3945.It Va devfs_rulesets
3946.Pq Vt str
3947List of files containing sets of rules for
3948.Xr devfs 8 .
3949.It Va devfs_system_ruleset
3950.Pq Vt str
3951Rule name(s) to apply to the system
3952.Pa /dev
3953itself.
3954.It Va devfs_set_rulesets
3955.Pq Vt str
3956Pairs of already-mounted
3957.Pa dev
3958directories and rulesets that should be applied to them.
3959For example: /mount/dev=ruleset_name
3960.It Va devfs_load_rulesets
3961.Pq Vt bool
3962If set, always load the default rulesets listed in
3963.Va devfs_rulesets .
3964.It Va performance_cx_lowest
3965.Pq Vt str
3966CPU idle state to use while on AC power.
3967The string
3968.Dq Li LOW
3969indicates that
3970.Xr acpi 4
3971should use the lowest power state available while
3972.Dq Li HIGH
3973indicates that the lowest latency state (less power savings) should be used.
3974.It Va performance_cpu_freq
3975.Pq Vt str
3976CPU clock frequency to use while on AC power.
3977The string
3978.Dq Li LOW
3979indicates that
3980.Xr cpufreq 4
3981should use the lowest frequency available while
3982.Dq Li HIGH
3983indicates that the highest frequency (less power savings) should be used.
3984.It Va economy_cx_lowest
3985.Pq Vt str
3986CPU idle state to use when off AC power.
3987The string
3988.Dq Li LOW
3989indicates that
3990.Xr acpi 4
3991should use the lowest power state available while
3992.Dq Li HIGH
3993indicates that the lowest latency state (less power savings) should be used.
3994.It Va economy_cpu_freq
3995.Pq Vt str
3996CPU clock frequency to use when off AC power.
3997The string
3998.Dq Li LOW
3999indicates that
4000.Xr cpufreq 4
4001should use the lowest frequency available while
4002.Dq Li HIGH
4003indicates that the highest frequency (less power savings) should be used.
4004.It Va jail_enable
4005.Pq Vt bool
4006If set to
4007.Dq Li NO ,
4008any configured jails will not be started.
4009.It Va jail_conf
4010.Pq Vt str
4011The configuration filename used by
4012.Xr jail 8
4013utility.
4014The default value is
4015.Pa /etc/jail.conf .
4016.Pa /etc/jail\&. Ns Ao Va jname Ac Ns Pa .conf
4017and
4018.Pa /etc/jail.conf.d/ Ns Ao Va jname Ac Ns Pa .conf
4019will also be used if
4020.Ao Va jname Ac
4021is set in
4022.Va jail_list .
4023.It Va jail_parallel_start
4024.Pq Vt bool
4025If set to
4026.Dq Li YES ,
4027all configured jails will be started in the background (in parallel).
4028.It Va jail_flags
4029.Pq Vt str
4030Unset by default.
4031When set, use as default value for
4032.Va jail_ Ns Ao Ar jname Ac Ns Va _flags
4033for every jail in
4034.Va jail_list .
4035.It Va jail_list
4036.Pq Vt str
4037A space-delimited list of jail names.
4038When left empty, all of the
4039.Xr jail 8
4040instances defined in the configuration file are started.
4041The names specified in this list control the jail startup order.
4042.Xr jail 8
4043instances missing from
4044.Va jail_list
4045must be started manually.
4046Note that a jail's
4047.Va depend
4048parameter in the configuration file may override this list.
4049.It Va jail_reverse_stop
4050.Pq Vt bool
4051When set to
4052.Dq Li YES ,
4053all configured jails in
4054.Va jail_list
4055are stopped in reverse order.
4056.It Va jail_ Ns * variables
4057Note that older releases supported per-jail configuration via
4058.Nm
4059variables.
4060For example,
4061hostname of a jail named
4062.Li vjail
4063was able to be set by
4064.Li jail_vjail_hostname .
4065These per-jail configuration variables are now obsolete in favor of
4066.Xr jail 8
4067configuration file.
4068For backward compatibility,
4069when per-jail configuration variables are defined,
4070.Xr jail 8
4071configuration files are created as
4072.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf
4073and used.
4074.Pp
4075The following per-jail parameters are handled by
4076.Pa rc.d/jail
4077script out of their corresponding
4078.Nm
4079variables.
4080In addition to them, parameters in
4081.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters
4082will be added to the configuration file.
4083They must be a semi-colon
4084.Pq Ql \&;
4085delimited list of
4086.Dq key=value .
4087For more details,
4088see
4089.Xr jail 8
4090manual page.
4091.Bl  -tag -width "host.hostname" -offset indent
4092.It Li path
4093set from
4094.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
4095.It Li host.hostname
4096set from
4097.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname
4098.It Li exec.consolelog
4099set from
4100.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog .
4101The default value is
4102.Pa /var/log/jail_ Ns Ao Ar jname Ac Ns Pa _console.log .
4103.It Li interface
4104set from
4105.Va jail_ Ns Ao Ar jname Ac Ns Va _interface .
4106.It Li vnet.interface
4107set from
4108.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface .
4109This implies
4110.Li vnet
4111parameter will be enabled and cannot be specified with
4112.Va jail_ Ns Ao Ar jname Ac Ns Va _interface ,
4113.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4114and/or
4115.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4116at the same time.
4117.It Li fstab
4118set from
4119.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
4120.It Li mount
4121set from
4122.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
4123.It Li exec.fib
4124set from
4125.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
4126.It Li exec.start
4127set from
4128.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start .
4129The parameter name was
4130.Li command
4131in some older releases.
4132.It Li exec.prestart
4133set from
4134.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart
4135.It Li exec.poststart
4136set from
4137.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart
4138.It Li exec.stop
4139set from
4140.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
4141.It Li exec.prestop
4142set from
4143.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop
4144.It Li exec.poststop
4145set from
4146.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop
4147.It Li ip4.addr
4148set if
4149.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4150or
4151.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4152contain IPv4 addresses
4153.It Li ip6.addr
4154set if
4155.Va jail_ Ns Ao Ar jname Ac Ns Va _ip
4156or
4157.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n
4158contain IPv6 addresses
4159.It Li allow.mount
4160set from
4161.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable
4162.It Li mount.devfs
4163set from
4164.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable
4165.It Li devfs_ruleset
4166set from
4167.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
4168This must be an integer,
4169not a string.
4170.It Li mount.fdescfs
4171set from
4172.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
4173.It Li allow.set_hostname
4174set from
4175.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
4176.It Li allow.rawsocket
4177set from
4178.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only
4179.It Li allow.sysvipc
4180set from
4181.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
4182.El
4183.\" -----------------------------------------------------
4184.It Va harvest_mask
4185.Pq Vt int
4186Set to a bit-mask
4187representing the entropy sources
4188you wish to harvest.
4189Refer to
4190.Xr random 4
4191for more information.
4192.It Va entropy_dir
4193.Pq Vt str
4194Set to
4195.Dq Li NO
4196to disable caching entropy via
4197.Xr cron 8 .
4198Otherwise set to the directory
4199in which the entropy files are stored.
4200To be useful,
4201there must be
4202a system cron job
4203that regularly writes and rotates
4204files here.
4205All files found
4206will be used at boot time.
4207The default is
4208.Pa /var/db/entropy .
4209.It Va entropy_file
4210.Pq Vt str
4211Set to
4212.Dq Li NO
4213to disable caching entropy through reboots.
4214Otherwise set to the name
4215of a file used to store cached entropy.
4216This file should be located
4217on a file system that is readable
4218before all the volumes specified in
4219.Xr fstab 5
4220are mounted.
4221By default,
4222.Pa /entropy
4223is used,
4224but if
4225.Pa /var/db/entropy-file
4226is found it will also be used.
4227This will be of some use to
4228.Xr bsdinstall 8 .
4229.It Va entropy_boot_file
4230.Pq Vt str
4231Set to
4232.Dq Li NO
4233to disable
4234very early caching entropy
4235through reboots.
4236Otherwise set to the filename
4237used to read
4238very early reboot cached entropy.
4239This file should be located where
4240.Xr loader 8
4241can read it.
4242See also
4243.Xr loader.conf 5 .
4244The default location is
4245.Pa /boot/entropy .
4246.It Va entropy_save_sz
4247.Pq Vt int
4248Size of the entropy cache files saved by
4249.Nm save-entropy
4250periodically.
4251.It Va entropy_save_num
4252.Pq Vt int
4253Number of entropy cache files to save by
4254.Nm save-entropy
4255periodically.
4256.It Va ipsec_enable
4257.Pq Vt bool
4258Set to
4259.Dq Li YES
4260to run
4261.Xr setkey 8
4262on
4263.Va ipsec_file
4264at boot time.
4265.It Va ipsec_file
4266.Pq Vt str
4267Configuration file for
4268.Xr setkey 8 .
4269.It Va dmesg_enable
4270.Pq Vt bool
4271Set to
4272.Dq Li YES
4273to save
4274.Xr dmesg 8
4275to
4276.Pa /var/run/dmesg.boot
4277on boot.
4278.It Va rcshutdown_timeout
4279.Pq Vt int
4280If set, start a watchdog timer in the background which will terminate
4281.Pa rc.shutdown
4282if
4283.Xr shutdown 8
4284has not completed within the specified time (in seconds).
4285Notice that in addition to this soft timeout,
4286.Xr init 8
4287also applies a hard timeout for the execution of
4288.Pa rc.shutdown .
4289This is configured via
4290.Xr sysctl 8
4291variable
4292.Va kern.init_shutdown_timeout
4293and defaults to 120 seconds.
4294Setting the value of
4295.Va rcshutdown_timeout
4296to more than 120 seconds will have no effect until the
4297.Xr sysctl 8
4298variable
4299.Va kern.init_shutdown_timeout
4300is also increased.
4301.It Va virecover_enable
4302.Pq Vt bool
4303Set to
4304.Dq Li NO
4305to prevent the system from trying to
4306recover prematurely terminated
4307.Xr vi 1
4308sessions.
4309.It Va ugidfw_enable
4310.Pq Vt bool
4311Set to
4312.Dq Li YES
4313to load the
4314.Xr mac_bsdextended 4
4315module upon system initialization and load a default
4316ruleset file.
4317.It Va bsdextended_script
4318.Pq Vt str
4319The default
4320.Xr mac_bsdextended 4
4321ruleset file to load.
4322The default value of this variable is
4323.Pa /etc/rc.bsdextended .
4324.It Va newsyslog_enable
4325.Pq Vt bool
4326If set to
4327.Dq Li YES ,
4328run
4329.Xr newsyslog 8
4330command at startup.
4331.It Va newsyslog_flags
4332.Pq Vt str
4333If
4334.Va newsyslog_enable
4335is set to
4336.Dq Li YES ,
4337these are the flags to pass to the
4338.Xr newsyslog 8
4339program.
4340The default is
4341.Dq Li -CN ,
4342which causes log files flagged with a
4343.Cm C
4344to be created.
4345.It Va mdconfig_md Ns Aq Ar X
4346.Pq Vt str
4347Arguments to
4348.Xr mdconfig 8
4349for
4350.Xr md 4
4351device
4352.Ar X .
4353At minimum a
4354.Fl t Ar type
4355must be specified and either a
4356.Fl s Ar size
4357for malloc or swap backed
4358.Xr md 4
4359devices or a
4360.Fl f Ar file
4361for vnode backed
4362.Xr md 4
4363devices.
4364Note that
4365.Va mdconfig_md Ns Aq Ar X
4366variables are evaluated until one variable is unset or null.
4367.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs
4368.Pq Vt str
4369Optional arguments passed to
4370.Xr newfs 8
4371to initialize
4372.Xr md 4
4373device
4374.Ar X .
4375.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner
4376.Pq Vt str
4377An ownership specification passed to
4378.Xr chown 8
4379after the specified
4380.Xr md 4
4381device
4382.Ar X
4383has been mounted.
4384Both the
4385.Xr md 4
4386device and the mount point will be changed.
4387.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms
4388.Pq Vt str
4389A mode string passed to
4390.Xr chmod 1
4391after the specified
4392.Xr md 4
4393device
4394.Ar X
4395has been mounted.
4396Both the
4397.Xr md 4
4398device and the mount point will be changed.
4399.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files
4400.Pq Vt str
4401Files to be copied to the mount point of the
4402.Xr md 4
4403device
4404.Ar X
4405after it has been mounted.
4406.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd
4407.Pq Vt str
4408Command to execute after the specified
4409.Xr md 4
4410device
4411.Ar X
4412has been mounted.
4413Note that the command is passed to
4414.Ic eval
4415and that both
4416.Va _dev
4417and
4418.Va _mp
4419variables can be used to reference respectively the
4420.Xr md 4
4421device and the mount point.
4422Assuming that the
4423.Xr md 4
4424device is
4425.Li md0 ,
4426one could set the following:
4427.Bd -literal
4428mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}"
4429.Ed
4430.It Va autobridge_interfaces
4431.Pq Vt str
4432Set to the list of bridge interfaces that will have newly arriving interfaces
4433checked against to be automatically added.
4434If not set to
4435.Dq Li NO
4436then for each whitespace separated
4437.Ar element
4438in the value, a
4439.Va autobridge_ Ns Aq Ar element
4440variable is assumed to exist which has a whitespace separated list of interface
4441names to match, these names can use wildcards.
4442For example:
4443.Bd -literal
4444autobridge_interfaces="bridge0"
4445autobridge_bridge0="tap* dc0 vlan[345]"
4446.Ed
4447.It Va mixer_enable
4448.Pq Vt bool
4449If set to
4450.Dq Li YES ,
4451enable support for sound mixer.
4452.It Va hcsecd_enable
4453.Pq Vt bool
4454If set to
4455.Dq Li YES ,
4456enable Bluetooth security daemon.
4457.It Va hcsecd_config
4458.Pq Vt str
4459Configuration file for
4460.Xr hcsecd 8 .
4461Default
4462.Pa /etc/bluetooth/hcsecd.conf .
4463.It Va sdpd_enable
4464.Pq Vt bool
4465If set to
4466.Dq Li YES ,
4467enable Bluetooth Service Discovery Protocol daemon.
4468.It Va sdpd_control
4469.Pq Vt str
4470Path to
4471.Xr sdpd 8
4472control socket.
4473Default
4474.Pa /var/run/sdp .
4475.It Va sdpd_groupname
4476.Pq Vt str
4477Sets
4478.Xr sdpd 8
4479group to run as after it initializes.
4480Default
4481.Dq Li nobody .
4482.It Va sdpd_username
4483.Pq Vt str
4484Sets
4485.Xr sdpd 8
4486user to run as after it initializes.
4487Default
4488.Dq Li nobody .
4489.It Va bthidd_enable
4490.Pq Vt bool
4491If set to
4492.Dq Li YES ,
4493enable Bluetooth Human Interface Device daemon.
4494.It Va bthidd_config
4495.Pq Vt str
4496Configuration file for
4497.Xr bthidd 8 .
4498Default
4499.Pa /etc/bluetooth/bthidd.conf .
4500.It Va bthidd_hids
4501.Pq Vt str
4502Path to a file, where
4503.Xr bthidd 8
4504will store information about known HID devices.
4505Default
4506.Pa /var/db/bthidd.hids .
4507.It Va rfcomm_pppd_server_enable
4508.Pq Vt bool
4509If set to
4510.Dq Li YES ,
4511enable Bluetooth RFCOMM PPP wrapper daemon.
4512.It Va rfcomm_pppd_server_profile
4513.Pq Vt str
4514The name of the profile to use from
4515.Pa /etc/ppp/ppp.conf .
4516Multiple profiles can be specified here.
4517Also used to specify per-profile overrides.
4518When the profile name contains any of the characters
4519.Dq Li .-/+
4520they are translated to
4521.Dq Li _
4522for the proposes of the override variable names.
4523.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr
4524.Pq Vt str
4525Overrides local address to listen on.
4526By default
4527.Xr rfcomm_pppd 8
4528will listen on
4529.Dq Li ANY
4530address.
4531The address can be specified as BD_ADDR or name.
4532.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel
4533.Pq Vt str
4534Overrides local RFCOMM channel to listen on.
4535By default
4536.Xr rfcomm_pppd 8
4537will listen on RFCOMM channel 1.
4538Must set properly if multiple profiles used in the same time.
4539.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp
4540.Pq Vt bool
4541Tells
4542.Xr rfcomm_pppd 8
4543if it should register Serial Port service on the specified RFCOMM channel.
4544Default
4545.Dq Li NO .
4546.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun
4547.Pq Vt bool
4548Tells
4549.Xr rfcomm_pppd 8
4550if it should register Dial-Up Networking service on the specified
4551RFCOMM channel.
4552Default
4553.Dq Li NO .
4554.It Va ubthidhci_enable
4555.Pq Vt bool
4556If set to
4557.Dq Li YES ,
4558change the USB Bluetooth controller from HID mode to HCI mode.
4559You also need to specify the location of USB Bluetooth controller with the
4560.Va ubthidhci_busnum
4561and
4562.Va ubthidhci_addr
4563variables.
4564.It Va ubthidhci_busnum
4565Bus number where the USB Bluetooth controller is located.
4566Check the output of
4567.Xr usbconfig 8
4568on your system to find this information.
4569.It Va ubthidhci_addr
4570Bus address of the USB Bluetooth controller.
4571Check the output of
4572.Xr usbconfig 8
4573on your system to find this information.
4574.It Va utx_enable
4575.Pq Vt bool
4576Set to
4577.Dq Li YES
4578to enable user accounting through the
4579.Xr utx 8
4580facility.
4581.It Va netwait_enable
4582.Pq Vt bool
4583If set to
4584.Dq Li YES ,
4585delays the start of network-reliant services until
4586.Va netwait_if
4587is up and ICMP packets to a destination defined in
4588.Va netwait_ip
4589are flowing.
4590Link state is examined first, followed by
4591.Dq Li pinging
4592an IP address to verify network usability.
4593If no destination can be reached or timeouts are exceeded,
4594network services are started anyway with no guarantee that
4595the network is usable.
4596Use of this variable requires both
4597.Va netwait_ip
4598and
4599.Va netwait_if
4600to be set.
4601.It Va netwait_ip
4602.Pq Vt str
4603Empty by default.
4604This variable contains a space-delimited list of IP addresses to
4605.Xr ping 8 .
4606DNS hostnames should not be used as resolution is not guaranteed
4607to be functional at this point.
4608If multiple IP addresses are specified,
4609each will be tried until one is successful or the list is exhausted.
4610.It Va netwait_timeout
4611.Pq Vt int
4612Indicates the total number of seconds to perform a
4613.Dq Li ping
4614against each IP address in
4615.Va netwait_ip ,
4616at a rate of one ping per second.
4617If any of the pings are successful,
4618full network connectivity is considered reliable.
4619The default is 60.
4620.It Va netwait_if
4621.Pq Vt str
4622Empty by default.
4623Defines the name of the network interface on which watch for link.
4624.Xr ifconfig 8
4625is used to monitor the interface, looking for
4626.Dq Li status: no carrier .
4627Once gone, the link is considered up.
4628This can be a
4629.Xr vlan 4
4630interface if desired.
4631.It Va netwait_if_timeout
4632.Pq Vt int
4633Defines the total number of seconds to wait for link to become usable,
4634polled at a 1-second interval.
4635The default is 30.
4636.It Va rctl_enable
4637.Pq Vt bool
4638If set to
4639.Dq Li YES ,
4640load
4641.Xr rctl 8
4642rules from the defined ruleset.
4643The kernel must be built with
4644.Cd "options RACCT"
4645and
4646.Cd "options RCTL" .
4647.It Va rctl_rules
4648.Pq Vt str
4649Set to
4650.Pa /etc/rctl.conf
4651by default.
4652This variables contains the
4653.Xr rctl.conf 5
4654ruleset to load for
4655.Xr rctl 8 .
4656.It Va iovctl_files
4657.Pq Vt str
4658A space-separated list of configuration files used by
4659.Xr iovctl 8 .
4660The default value is an empty string.
4661.It Va autofs_enable
4662.Pq Vt bool
4663If set to
4664.Dq Li YES ,
4665start the
4666.Xr automount 8
4667utility and the
4668.Xr automountd 8
4669and
4670.Xr autounmountd 8
4671daemons at boot time.
4672.It Va automount_flags
4673.Pq Vt str
4674If
4675.Va autofs_enable
4676is set to
4677.Dq Li YES ,
4678these are the flags to pass to the
4679.Xr automount 8
4680program.
4681By default no flags are passed.
4682.It Va automountd_flags
4683.Pq Vt str
4684If
4685.Va autofs_enable
4686is set to
4687.Dq Li YES ,
4688these are the flags to pass to the
4689.Xr automountd 8
4690daemon.
4691By default no flags are passed.
4692.It Va autounmountd_flags
4693.Pq Vt str
4694If
4695.Va autofs_enable
4696is set to
4697.Dq Li YES ,
4698these are the flags to pass to the
4699.Xr autounmountd 8
4700daemon.
4701By default no flags are passed.
4702.It Va ctld_enable
4703.Pq Vt bool
4704If set to
4705.Dq Li YES ,
4706start the
4707.Xr ctld 8
4708daemon at boot time.
4709.It Va iscsid_enable
4710.Pq Vt bool
4711If set to
4712.Dq Li YES ,
4713start the
4714.Xr iscsid 8
4715daemon at boot time.
4716.It Va iscsictl_enable
4717.Pq Vt bool
4718If set to
4719.Dq Li YES ,
4720start the
4721.Xr iscsictl 8
4722utility at boot time.
4723.It Va iscsictl_flags
4724.Pq Vt str
4725If
4726.Va iscsictl_enable
4727is set to
4728.Dq Li YES ,
4729these are the flags to pass to the
4730.Xr iscsictl 8
4731program.
4732The default is
4733.Dq Li -Aa ,
4734which configures sessions based on the
4735.Pa /etc/iscsi.conf
4736configuration file.
4737.It Va cfumass_enable
4738.Pq Vt bool
4739If set to
4740.Dq Li YES ,
4741create and export an USB LUN using
4742.Xr cfumass 4
4743at boot time.
4744.It Va cfumass_dir
4745.Pq Vt str
4746The directory where the files exported by USB LUN are located.
4747The default directory is
4748.Pa /var/cfumass .
4749.It Va service_delete_empty
4750.Pq Vt bool
4751If set to
4752.Dq Li YES ,
4753.Ql Li service delete
4754removes empty
4755.Dq Li rc.conf.d
4756files.
4757.It Va zfs_bootonce_activate
4758.Pq Vt bool
4759If set to
4760.Dq Li YES ,
4761and a boot environment marked bootonce is successfully booted,
4762it will be made permanently active.
4763.It Va zfskeys_enable
4764.Pq Vt bool
4765If set to
4766.Dq Li YES ,
4767enable auto-loading of encryption keys for encrypted ZFS datasets.
4768For every dataset the script will first load the appropriate encryption key
4769and then attempt to unlock the dataset.
4770.Pp
4771The script operates only on datasets which are encrypted with
4772ZFS native encryption
4773and have a ZFS
4774.Dq Li keylocation
4775dataset property beginning with
4776.Dq Li file:// .
4777.It Va zfskeys_datasets
4778.Pq Vt str
4779A whitespace-separated list of ZFS datasets to unlock.
4780The list is empty by default,
4781which means that the script will attempt to unlock all datasets.
4782.It Va zfskeys_timeout
4783.Pq Vt int
4784Define the total number of seconds to wait for the zfskeys script
4785to unlock an encrypted dataset.
4786The default is 10.
4787.It Va sendmail_enable
4788.Pq Vt str
4789If set to
4790.Dq Li YES ,
4791run the
4792.Xr sendmail 8
4793daemon at system boot time.
4794If set to
4795.Dq Li NO ,
4796do not run a
4797.Xr sendmail 8
4798daemon to listen for incoming network mail.
4799This does not preclude a
4800.Xr sendmail 8
4801daemon listening on the SMTP port of the loopback interface.
4802The
4803.Dq Li NONE
4804option sets each
4805.Va sendmail_enable ,
4806.Va sendmail_submit_enable ,
4807.Va sendmail_outbound_enable ,
4808.Va sendmail_msp_queue_enable
4809to
4810.Dq Li NO .
4811.It Va sendmail_cert_create
4812.Pq Vt str
4813If
4814.Va sendmail_enable
4815is set to
4816.Dq Li YES ,
4817create a signed certificate
4818.Pa /etc/mail/certs/host.cert
4819representing
4820.Pa /etc/mail/certs/host.key
4821by the CA certificate in
4822.Pa /etc/mail/certs/cacert.pem .
4823This will enable connecting hosts to negotiate STARTTLS allowing incoming
4824email to be encrypted in transit.
4825.Xr sendmail 8
4826needs to be configured to use these generated files.
4827The default configuration in
4828.Pa /etc/mail/freebsd.mc
4829has the required options in it.
4830.It Va sendmail_cert_cn
4831.Pq Vt str
4832If
4833.Va sendmail_enable
4834is set to
4835.Dq Li YES
4836and
4837.Va sendmail_cert_create
4838is set to
4839.Dq Li YES ,
4840this is the Common Name (CN) of the certificate that will be created.
4841If
4842.Va sendmail_cert_cn
4843is not set, the system's hostname will be used.
4844If there is no hostname set,
4845.Dq Li amnesiac
4846will be used.
4847.It Va sendmail_flags
4848.Pq Vt str
4849If
4850.Va sendmail_enable
4851is set to
4852.Dq Li YES ,
4853these are the flags to pass to the
4854.Xr sendmail 8
4855daemon.
4856.It Va sendmail_submit_enable
4857.Pq Vt bool
4858If set to
4859.Dq Li YES
4860and
4861.Va sendmail_enable
4862is set to
4863.Dq Li NO ,
4864run
4865.Xr sendmail 8
4866using
4867.Va sendmail_submit_flags
4868instead of
4869.Va sendmail_flags .
4870This is intended to allow local mail submission via
4871a localhost-only listening SMTP service required for running
4872.Xr sendmail 8
4873as a non-set-user-ID binary.
4874Note that this does not work inside
4875.Xr jail 2
4876systems, as jails do not allow binding to just the localhost interface.
4877.It Va sendmail_submit_flags
4878.Pq Vt str
4879If
4880.Va sendmail_enable
4881is set to
4882.Dq Li NO
4883and
4884.Va sendmail_submit_enable
4885is set to
4886.Dq Li YES ,
4887these are the flags to pass to the
4888.Xr sendmail 8
4889daemon.
4890.It Va sendmail_outbound_enable
4891.Pq Vt bool
4892If set to
4893.Dq Li YES
4894and both
4895.Va sendmail_enable
4896and
4897.Va sendmail_submit_enable
4898are set to
4899.Dq Li NO ,
4900run
4901.Xr sendmail 8
4902using
4903.Va sendmail_outbound_flags
4904instead of
4905.Va sendmail_flags .
4906This is intended to allow local mail queue management
4907for systems that do not offer a listening SMTP service.
4908.It Va sendmail_outbound_flags
4909.Pq Vt str
4910If both
4911.Va sendmail_enable
4912and
4913.Va sendmail_submit_enable
4914are set to
4915.Dq Li NO
4916and
4917.Va sendmail_outbound_enable
4918is set to
4919.Dq Li YES ,
4920these are the flags to pass to the
4921.Xr sendmail 8
4922daemon.
4923.It Va sendmail_msp_queue_enable
4924.Pq Vt bool
4925If set to
4926.Dq Li YES ,
4927start a client (MSP) queue runner
4928.Xr sendmail 8
4929daemon at system boot time.
4930As of sendmail 8.12, a separate queue is used for command line
4931submissions.
4932The client queue runner ensures that nothing is
4933left behind in the submission queue.
4934.It Va sendmail_msp_queue_flags
4935.Pq Vt str
4936If
4937.Va sendmail_msp_queue_enable
4938is set to
4939daemon.
4940.Dq Li YES ,
4941these are the flags to pass to the
4942.Xr sendmail 8
4943.El
4944.Sh FILES
4945.Bl -tag -width "/etc/defaults/rc.conf" -compact
4946.It Pa /etc/defaults/rc.conf
4947.It Pa /etc/defaults/vendor.conf
4948.It Pa /etc/rc.conf
4949.It Pa /etc/rc.conf.local
4950.It Pa /etc/rc.conf.d/
4951.El
4952.Sh SEE ALSO
4953.Xr chmod 1 ,
4954.Xr cpuset 1 ,
4955.Xr gdb 1 Pq Pa ports/devel/gdb ,
4956.Xr kbdcontrol 1 ,
4957.Xr limits 1 ,
4958.Xr protect 1 ,
4959.Xr sh 1 ,
4960.Xr umask 1 ,
4961.Xr uuidgen 1 ,
4962.Xr vi 1 ,
4963.Xr vidcontrol 1 ,
4964.Xr bridge 4 ,
4965.Xr dummynet 4 ,
4966.Xr ip 4 ,
4967.Xr ipf 4 ,
4968.Xr ipfw 4 ,
4969.Xr ipnat 4 ,
4970.Xr kld 4 ,
4971.Xr pf 4 ,
4972.Xr pflog 4 ,
4973.Xr pfsync 4 ,
4974.Xr tcp 4 ,
4975.Xr udp 4 ,
4976.Xr exports 5 ,
4977.Xr fstab 5 ,
4978.Xr ipf 5 ,
4979.Xr ipnat 5 ,
4980.Xr jail.conf 5 ,
4981.Xr loader.conf 5 ,
4982.Xr login.conf 5 ,
4983.Xr motd 5 ,
4984.Xr newsyslog.conf 5 ,
4985.Xr pf.conf 5 ,
4986.Xr firewall 7 ,
4987.Xr growfs 7 ,
4988.Xr security 7 ,
4989.Xr tuning 7 ,
4990.Xr accton 8 ,
4991.Xr apm 8 ,
4992.Xr bsdinstall 8 ,
4993.Xr bthidd 8 ,
4994.Xr chkprintcap 8 ,
4995.Xr chown 8 ,
4996.Xr cron 8 ,
4997.Xr devfs 8 ,
4998.Xr dhclient 8 ,
4999.Xr ftpd 8 ,
5000.Xr geli 8 ,
5001.Xr hcsecd 8 ,
5002.Xr ifconfig 8 ,
5003.Xr inetd 8 ,
5004.Xr iovctl 8 ,
5005.Xr ipf 8 ,
5006.Xr ipfw 8 ,
5007.Xr ipnat 8 ,
5008.Xr jail 8 ,
5009.Xr kldxref 8 ,
5010.Xr loader 8 ,
5011.Xr lpd 8 ,
5012.Xr makewhatis 8 ,
5013.Xr mdconfig 8 ,
5014.Xr mdmfs 8 ,
5015.Xr mixer 8 ,
5016.Xr mountd 8 ,
5017.Xr moused 8 ,
5018.Xr newfs 8 ,
5019.Xr newsyslog 8 ,
5020.Xr nfsd 8 ,
5021.Xr ntpd 8 ,
5022.Xr ntpdate 8 ,
5023.Xr pfctl 8 ,
5024.Xr pflogd 8 ,
5025.Xr ping 8 ,
5026.Xr powerd 8 ,
5027.Xr quotacheck 8 ,
5028.Xr quotaon 8 ,
5029.Xr rc 8 ,
5030.Xr rc.subr 8 ,
5031.Xr rcorder 8 ,
5032.Xr rfcomm_pppd 8 ,
5033.Xr route 8 ,
5034.Xr route6d 8 ,
5035.Xr routed 8 ,
5036.Xr rpc.lockd 8 ,
5037.Xr rpc.statd 8 ,
5038.Xr rpc.tlsclntd 8 ,
5039.Xr rpc.tlsservd 8 ,
5040.Xr rpcbind 8 ,
5041.Xr rwhod 8 ,
5042.Xr savecore 8 ,
5043.Xr sdpd 8 ,
5044.Xr sendmail 8 ,
5045.Xr service 8 ,
5046.Xr sshd 8 ,
5047.Xr swapon 8 ,
5048.Xr sysctl 8 ,
5049.Xr syslogd 8 ,
5050.Xr sysrc 8 ,
5051.Xr unbound 8 ,
5052.Xr usbconfig 8 ,
5053.Xr utx 8 ,
5054.Xr wlandebug 8 ,
5055.Xr yp 8 ,
5056.Xr ypbind 8 ,
5057.Xr ypserv 8 ,
5058.Xr ypset 8
5059.Sh HISTORY
5060The
5061.Nm
5062file appeared in
5063.Fx 2.2.2 .
5064.Sh AUTHORS
5065.An Jordan K. Hubbard .
5066