1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd July 1, 2021 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information 33.Sh DESCRIPTION 34The file 35.Nm 36contains descriptive information about the local host name, configuration 37details for any potential network interfaces and which services should be 38started up at system initial boot time. 39In new installations, the 40.Nm 41file is generally initialized by the system installation utility. 42.Pp 43The purpose of 44.Nm 45is not to run commands or perform system startup actions 46directly. 47Instead, it is included by the 48various generic startup scripts in 49.Pa /etc 50which conditionalize their 51internal actions according to the settings found there. 52.Pp 53The 54.Pa /etc/rc.conf 55file is included from the file 56.Pa /etc/defaults/rc.conf , 57which specifies the default settings for all the available options. 58Options need only be specified in 59.Pa /etc/rc.conf 60when the system administrator wishes to override these defaults. 61The file 62.Pa /etc/defaults/vendor.conf 63allows vendors to override 64.Fx 65defaults. 66The file 67.Pa /etc/rc.conf.local 68is used to override settings in 69.Pa /etc/rc.conf 70for historical reasons. 71.Pp 72The sysrc(8) command provides a scripting interface to modify system 73config files. 74.Pp 75In addition to 76.Pa /etc/rc.conf.local 77you can also place smaller configuration files for each 78.Xr rc 8 79script in the 80.Pa /etc/rc.conf.d 81directory or 82.Ao Ar dir Ac Ns Pa /rc.conf.d 83directories specified in 84.Va local_startup , 85which will be included by the 86.Va load_rc_config 87function. 88For jail configurations you could use the file 89.Pa /etc/rc.conf.d/jail 90to store jail specific configuration options. 91If 92.Va local_startup 93contains 94.Pa /usr/local/etc/rc.d 95and 96.Pa /opt/conf , 97.Pa /usr/local/rc.conf.d/jail 98and 99.Pa /opt/conf/rc.conf.d/jail 100will be loaded. 101If 102.Ao Ar dir Ac Ns Pa /rc.conf.d/ Ns Ao Ar name Ac 103is a directory, 104all of files in the directory will be loaded. 105Also see the 106.Va rc_conf_files 107variable below. 108.Pp 109Options are set with 110.Dq Ar name Ns Li = Ns Ar value 111assignments that use 112.Xr sh 1 113syntax. 114The following list provides a name and short description for each 115variable that can be set in the 116.Nm 117file: 118.Bl -tag -width indent-two 119.It Va rc_debug 120.Pq Vt bool 121If set to 122.Dq Li YES , 123enable output of debug messages from rc scripts. 124This variable can be helpful in diagnosing mistakes when 125editing or integrating new scripts. 126Beware that this produces copious output to the terminal and 127.Xr syslog 3 . 128.It Va rc_info 129.Pq Vt bool 130If set to 131.Dq Li NO , 132disable informational messages from the rc scripts. 133Informational messages are displayed when 134a condition that is not serious enough to warrant a warning or 135an error occurs. 136.It Va rc_startmsgs 137.Pq Vt bool 138If set to 139.Dq Li YES , 140show 141.Dq Starting foo: 142when faststart is used (e.g., at boot time). 143.It Va early_late_divider 144.Pq Vt str 145The name of the script that should be used as the 146delimiter between the 147.Dq early 148and 149.Dq late 150stages of the boot process. 151The early stage should contain all the services needed to 152get the disks (local or remote) mounted so that the late 153stage can include scripts contained in the directories 154listed in the 155.Va local_startup 156variable (see below). 157Thus, the two likely candidates for this value are 158.Pa mountcritlocal 159for the typical system, and 160.Pa mountcritremote 161if the system needs remote file 162systems mounted to get access to the 163.Va local_startup 164directories; for example when 165.Pa /usr/local 166is NFS mounted. 167For 168.Pa rc.conf 169within a 170.Xr jail 8 171.Pa NETWORKING 172is likely to be an appropriate value. 173Extreme care should be taken when changing this value, 174and before changing it one should ensure that there are 175adequate provisions to recover from a failed boot 176(such as physical contact with the machine, 177or reliable remote console access). 178.It Va always_force_depends 179.Pq Vt bool 180Various 181.Pa rc.d 182scripts use the force_depend function to check whether required 183services are already running, and to start them if necessary. 184By default during boot time this check is bypassed if the 185required service is enabled in 186.Pa /etc/rc.conf[.local] . 187Setting this option will bypass that check at boot time and 188always test whether or not the service is actually running. 189Enabling this option is likely to increase your boot time if 190services are enabled that utilize the force_depend check. 191.It Ao Ar name Ac Ns Va _chroot 192.Pq Vt str 193.Xr chroot 8 194to this directory before running the service. 195.It Ao Ar name Ac Ns Va _user 196.Pq Vt str 197Run the service under this user account. 198.It Ao Ar name Ac Ns Va _group 199.Pq Vt str 200Run the chrooted service under this system group. 201Unlike the _user 202setting, this setting has no effect if the service is not chrooted. 203.It Ao Ar name Ac Ns Va _fib 204.Pq Vt int 205The 206.Xr setfib 1 207value to run the service under. 208.It Ao Ar name Ac Ns Va _nice 209.Pq Vt int 210The 211.Xr nice 1 212value to run the service under. 213.It Va apm_enable 214.Pq Vt bool 215If set to 216.Dq Li YES , 217enable support for Automatic Power Management with 218the 219.Xr apm 8 220command. 221.It Va apmd_enable 222.Pq Vt bool 223Run 224.Xr apmd 8 225to handle APM event from userland. 226This also enables support for APM. 227.It Va apmd_flags 228.Pq Vt str 229If 230.Va apmd_enable 231is set to 232.Dq Li YES , 233these are the flags to pass to the 234.Xr apmd 8 235daemon. 236.It Va devd_enable 237.Pq Vt bool 238Run 239.Xr devd 8 240to handle device added, removed or unknown events from the kernel. 241.It Va ddb_enable 242.Pq Vt bool 243Run 244.Xr ddb 8 245to install 246.Xr ddb 4 247scripts at boot time. 248.It Va ddb_config 249.Pq Vt str 250Configuration file for 251.Xr ddb 8 . 252Default 253.Pa /etc/ddb.conf . 254.It Va devmatch_enable 255.Pq Vt bool 256If set to 257.Dq Li NO , 258disable auto-loading of kernel modules with 259.Xr devmatch 8 . 260.It Va devmatch_blocklist 261.Pq Vt str 262A whitespace-separated list of kernel modules to be ignored by 263.Xr devmatch 8 . 264.It Va devmatch_blacklist 265.Pq Vt str 266This variable is deprecated. 267Use 268.Va devmatch_blocklist 269instead. 270A whitespace-separated list of kernel modules to be ignored by 271.Xr devmatch 8 . 272.It Va kld_list 273.Pq Vt str 274A whitespace-separated list of kernel modules to load right after 275the local disks are mounted, without any 276.Pa .ko 277extension or path. 278Loading modules at this point in the boot process is 279much faster than doing it via 280.Pa /boot/loader.conf 281for those modules not necessary for mounting local disks. 282.It Va kldxref_enable 283.Pq Vt bool 284Set to 285.Dq Li NO 286by default. 287Set to 288.Dq Li YES 289to automatically rebuild 290.Pa linker.hints 291files with 292.Xr kldxref 8 293at boot time. 294.It Va kldxref_clobber 295.Pq Vt bool 296Set to 297.Dq Li NO 298by default. 299If 300.Va kldxref_enable 301is true, 302setting to 303.Dq Li YES 304will overwrite existing 305.Pa linker.hints 306files at boot time. 307Otherwise, 308only missing 309.Pa linker.hints 310files are generated. 311.It Va kldxref_module_path 312.Pq Vt str 313Empty by default. 314A semi-colon 315.Pq Ql \&; 316delimited list of paths containing 317.Xr kld 4 318modules. 319If empty, 320the contents of the 321.Va kern.module_path 322.Xr sysctl 8 323are used. 324.It Va powerd_enable 325.Pq Vt bool 326If set to 327.Dq Li YES , 328enable the system power control facility with the 329.Xr powerd 8 330daemon. 331.It Va powerd_flags 332.Pq Vt str 333If 334.Va powerd_enable 335is set to 336.Dq Li YES , 337these are the flags to pass to the 338.Xr powerd 8 339daemon. 340.It Va tmpmfs 341Controls the creation of a 342.Pa /tmp 343memory file system. 344Always happens if set to 345.Dq Li YES 346and never happens if set to 347.Dq Li NO . 348If set to anything else, a memory file system is created if 349.Pa /tmp 350is not writable. 351.It Va tmpsize 352Controls the size of a created 353.Pa /tmp 354memory file system. 355.It Va tmpmfs_flags 356Extra options passed to the 357.Xr mdmfs 8 358utility when the memory file system for 359.Pa /tmp 360is created. 361The default is 362.Dq Li "-S" , 363which inhibits the use of softupdates on 364.Pa /tmp 365so that file system space is freed without delay 366after file truncation or deletion. 367See 368.Xr mdmfs 8 369for other options you can use in 370.Va tmpmfs_flags . 371.It Va varmfs 372Controls the creation of a 373.Pa /var 374memory file system. 375Always happens if set to 376.Dq Li YES 377and never happens if set to 378.Dq Li NO . 379If set to anything else, a memory file system is created if 380.Pa /var 381is not writable. 382.It Va varsize 383Controls the size of a created 384.Pa /var 385memory file system. 386.It Va varmfs_flags 387Extra options passed to the 388.Xr mdmfs 8 389utility when the memory file system for 390.Pa /var 391is created. 392The default is 393.Dq Li "-S" , 394which inhibits the use of softupdates on 395.Pa /var 396so that file system space is freed without delay 397after file truncation or deletion. 398See 399.Xr mdmfs 8 400for other options you can use in 401.Va varmfs_flags . 402.It Va populate_var 403Controls the automatic population of the 404.Pa /var 405file system. 406Always happens if set to 407.Dq Li YES 408and never happens if set to 409.Dq Li NO . 410If set to anything else, a memory file system is created if 411.Pa /var 412is not writable. 413Note that this process requires access to certain commands in 414.Pa /usr 415before 416.Pa /usr 417is mounted on normal systems. 418.It Va cleanvar_enable 419.Pq Vt bool 420Clean the 421.Pa /var 422directory. 423.It Va local_startup 424.Pq Vt str 425List of directories to search for startup script files. 426.It Va script_name_sep 427.Pq Vt str 428The field separator to use for breaking down the list of startup script files 429into individual filenames. 430The default is a space. 431It is not necessary to change this unless there are startup scripts with names 432containing spaces. 433.It Va hostapd_enable 434.Pq Vt bool 435Set to 436.Dq Li YES 437to start 438.Xr hostapd 8 439at system boot time. 440.It Va hostname 441.Pq Vt str 442The fully qualified domain name (FQDN) of this host on the network. 443This should almost certainly be set to something meaningful, even if 444there is no network connection. 445If 446.Xr dhclient 8 447is used to set the hostname via DHCP, 448this variable should be set to an empty string. 449Within a 450.Xr jail 8 451the hostname is generally already set and this variable may be absent. 452If this value remains unset when the system is done booting 453your console login will display the default hostname of 454.Dq Amnesiac . 455.It Va nisdomainname 456.Pq Vt str 457The NIS domain name of this host, or 458.Dq Li NO 459if NIS is not used. 460.It Va dhclient_program 461.Pq Vt str 462Path to the DHCP client program 463.Pa ( /sbin/dhclient , 464the 465.Ox 466DHCP client, 467is the default). 468.It Va dhclient_flags 469.Pq Vt str 470Additional flags to pass to the DHCP client program. 471For the 472.Ox 473DHCP client, see the 474.Xr dhclient 8 475manpage for a description of the command line options available. 476.It Va dhclient_flags_ Ns Aq Ar iface 477Additional flags to pass to the DHCP client program running on 478.Ar iface 479only. 480When specified, this variable overrides 481.Va dhclient_flags . 482.It Va background_dhclient 483.Pq Vt bool 484Set to 485.Dq Li YES 486to start the DHCP client in background. 487This can cause trouble with applications depending on 488a working network, but it will provide a faster startup 489in many cases. 490.It Va background_dhclient_ Ns Aq Ar iface 491When specified, this variable overrides the 492.Va background_dhclient 493variable for interface 494.Ar iface 495only. 496.It Va synchronous_dhclient 497.Pq Vt bool 498Set to 499.Dq Li YES 500to start 501.Xr dhclient 8 502synchronously at startup. 503This behavior can be overridden on a per-interface basis by replacing 504the 505.Dq Li DHCP 506keyword in the 507.Va ifconfig_ Ns Aq Ar interface 508variable with 509.Dq Li SYNCDHCP 510or 511.Dq Li NOSYNCDHCP . 512.It Va defaultroute_delay 513.Pq Vt int 514When set to a positive value, wait up to this long after configuring 515DHCP interfaces at startup to give the interfaces time to receive a lease. 516.It Va firewall_enable 517.Pq Vt bool 518Set to 519.Dq Li YES 520to load firewall rules at startup. 521If the kernel was not built with 522.Cd "options IPFIREWALL" , 523the 524.Pa ipfw.ko 525kernel module will be loaded. 526See also 527.Va ipfilter_enable . 528.It Va firewall_script 529.Pq Vt str 530This variable specifies the full path to the firewall script to run. 531The default is 532.Pa /etc/rc.firewall . 533.It Va firewall_type 534.Pq Vt str 535Names the firewall type from the selection in 536.Pa /etc/rc.firewall , 537or the file which contains the local firewall ruleset. 538Valid selections from 539.Pa /etc/rc.firewall 540are: 541.Pp 542.Bl -tag -width ".Li workstation" -compact 543.It Li open 544unrestricted IP access 545.It Li closed 546all IP services disabled, except via 547.Dq Li lo0 548.It Li client 549basic protection for a workstation 550.It Li workstation 551basic protection for a workstation using stateful firewalling 552.It Li simple 553basic protection for a LAN. 554.El 555.Pp 556If a filename is specified, the full path 557must be given. 558.Pp 559Most of the predefined rulesets define additional configuration variables. 560These are documented in 561.Pa /etc/rc.firewall . 562.It Va firewall_quiet 563.Pq Vt bool 564Set to 565.Dq Li YES 566to disable the display of firewall rules on the console during boot. 567.It Va firewall_logging 568.Pq Vt bool 569Set to 570.Dq Li YES 571to enable firewall event logging. 572This is equivalent to the 573.Dv IPFIREWALL_VERBOSE 574kernel option. 575.It Va firewall_logif 576.Pq Vt bool 577Set to 578.Dq Li YES 579to create pseudo interface 580.Li ipfw0 581for logging. 582For more details, see 583.Xr ipfw 8 584manual page. 585.It Va firewall_flags 586.Pq Vt str 587Flags passed to 588.Xr ipfw 8 589if 590.Va firewall_type 591specifies a filename. 592.It Va firewall_coscripts 593.Pq Vt str 594List of executables and/or rc scripts to run after firewall starts/stops. 595Default is empty. 596.\" ----- firewall_nat_enable setting -------------------------------- 597.It Va firewall_nat_enable 598.Pq Vt bool 599The 600.Xr ipfw 8 601equivalent of 602.Va natd_enable . 603Setting this to 604.Dq Li YES 605will automatically load the 606.Xr ipfw 8 607NAT kernel module if 608.Va firewall_enable 609is also set to 610.Dq Li YES . 611.It Va firewall_nat_interface 612.Pq Vt str 613The 614.Xr ipfw 8 615equivalent of 616.Va natd_interface . 617This is the name of the public interface or IP address on which 618kernel NAT should run. 619.It Va firewall_nat_flags 620.Pq Vt str 621Additional configuration parameters for kernel NAT should be placed here. 622.It Va firewall_nat64_enable 623.Pq Vt bool 624Setting this to 625.Dq Li YES 626will automatically load the 627.Xr ipfw 8 628NAT64 kernel module if 629.Va firewall_enable 630is also set to 631.Dq Li YES . 632.It Va firewall_nptv6_enable 633.Pq Vt bool 634Setting this to 635.Dq Li YES 636will automatically load the 637.Xr ipfw 8 638NPTv6 kernel module if 639.Va firewall_enable 640is also set to 641.Dq Li YES . 642.It Va firewall_pmod_enable 643.Pq Vt bool 644Setting this to 645.Dq Li YES 646will automatically load the 647.Xr ipfw 8 648pmod kernel module if 649.Va firewall_enable 650is also set to 651.Dq Li YES . 652.It Va dummynet_enable 653.Pq Vt bool 654Setting this to 655.Dq Li YES 656will automatically load the 657.Xr dummynet 4 658module if 659.Va firewall_enable 660is also set to 661.Dq Li YES . 662.\" ------------------------------------------------------------------- 663.It Va ipfw_netflow_enable 664.Pq Vt bool 665Setting this to 666.Dq Li YES 667will enable netflow logging via 668.Xr ng_netflow 4 669.Pp 670By default a ipfw rule is inserted and all packets are duplicated with 671the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow 672port using protocol version 5. 673.It Va ipfw_netflow_hook 674.Pq Vt int 675netflow hook name, must be numerical 676(default 677.Pa 9995 ) . 678.It Va ipfw_netflow_rule 679.Pq Vt int 680ipfw rule number 681(default 682.Pa 1000 ) . 683.It Va ipfw_netflow_ip 684.Pq Vt str 685Destination server ip for receiving netflow data 686(default 687.Pa 127.0.0.1 ) . 688.It Va ipfw_netflow_port 689.Pq Vt int 690Destination server port for receiving netflow data 691(default 692.Pa 9995 ) . 693.It Va ipfw_netflow_version 694.Pq Vt int 695Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. 696.It Va ipfw_netflow_fib 697.Pq Vt int 698Only match packet in FIB 699.Pa ipfw_netflow_fib 700(default is undefined meaning all FIBs). 701.It Va natd_program 702.Pq Vt str 703Path to 704.Xr natd 8 . 705.It Va natd_enable 706.Pq Vt bool 707Set to 708.Dq Li YES 709to enable 710.Xr natd 8 . 711.Va firewall_enable 712must also be set to 713.Dq Li YES , 714and 715.Xr divert 4 716sockets must be enabled in the kernel. 717If the kernel was not built with 718.Cd "options IPDIVERT" , 719the 720.Pa ipdivert.ko 721kernel module will be loaded. 722.It Va natd_interface 723.Pq Vt str 724This is the name of the public interface on which 725.Xr natd 8 726should run. 727The interface may be given as an interface name or as an IP address. 728.It Va natd_flags 729.Pq Vt str 730Additional 731.Xr natd 8 732flags should be placed here. 733The 734.Fl n 735or 736.Fl a 737flag is automatically added with the above 738.Va natd_interface 739as an argument. 740.\" ----- ipfilter_enable setting -------------------------------- 741.It Va ipfilter_enable 742.Pq Vt bool 743Set to 744.Dq Li NO 745by default. 746Setting this to 747.Dq Li YES 748enables 749.Xr ipf 8 750packet filtering. 751.Pp 752Typical usage will require putting 753.Bd -literal 754ipfilter_enable="YES" 755ipnat_enable="YES" 756ipmon_enable="YES" 757ipfs_enable="YES" 758.Ed 759.Pp 760into 761.Pa /etc/rc.conf 762and editing 763.Pa /etc/ipf.rules 764and 765.Pa /etc/ipnat.rules 766appropriately. 767.Pp 768Note that 769.Va ipfilter_enable 770and 771.Va ipnat_enable 772can be enabled independently. 773.Va ipmon_enable 774and 775.Va ipfs_enable 776both require at least one of 777.Va ipfilter_enable 778and 779.Va ipnat_enable 780to be enabled. 781.Pp 782Having 783.Bd -literal 784options IPFILTER 785options IPFILTER_LOG 786options IPFILTER_DEFAULT_BLOCK 787.Ed 788.Pp 789in the kernel configuration file is a good idea, too. 790.\" ----- ipfilter_program setting ------------------------------ 791.It Va ipfilter_program 792.Pq Vt str 793Path to 794.Xr ipf 8 795(default 796.Pa /sbin/ipf ) . 797.\" ----- ipfilter_rules setting -------------------------------- 798.It Va ipfilter_rules 799.Pq Vt str 800Set to 801.Pa /etc/ipf.rules 802by default. 803This variable contains the name of the filter rule definition file. 804The file is expected to be readable for the 805.Xr ipf 8 806command to execute. 807.\" ----- ipfilter_flags setting -------------------------------- 808.It Va ipfilter_flags 809.Pq Vt str 810Empty by default. 811This variable contains flags passed to the 812.Xr ipf 8 813program. 814.\" ----- ipnat_enable setting ---------------------------------- 815.It Va ipnat_enable 816.Pq Vt bool 817Set to 818.Dq Li NO 819by default. 820Set it to 821.Dq Li YES 822to enable 823.Xr ipnat 8 824network address translation. 825See 826.Va ipfilter_enable 827for a detailed discussion. 828.\" ----- ipnat_program setting --------------------------------- 829.It Va ipnat_program 830.Pq Vt str 831Path to 832.Xr ipnat 8 833(default 834.Pa /sbin/ipnat ) . 835.\" ----- ipnat_rules setting ----------------------------------- 836.It Va ipnat_rules 837.Pq Vt str 838Set to 839.Pa /etc/ipnat.rules 840by default. 841This variable contains the name of the file 842holding the network address translation definition. 843This file is expected to be readable for the 844.Xr ipnat 8 845command to execute. 846.\" ----- ipnat_flags setting ----------------------------------- 847.It Va ipnat_flags 848.Pq Vt str 849Empty by default. 850This variable contains flags passed to the 851.Xr ipnat 8 852program. 853.\" ----- ipmon_enable setting ---------------------------------- 854.It Va ipmon_enable 855.Pq Vt bool 856Set to 857.Dq Li NO 858by default. 859Set it to 860.Dq Li YES 861to enable 862.Xr ipmon 8 863monitoring (logging 864.Xr ipf 8 865and 866.Xr ipnat 8 867events). 868Setting this variable needs setting 869.Va ipfilter_enable 870or 871.Va ipnat_enable 872too. 873See 874.Va ipfilter_enable 875for a detailed discussion. 876.\" ----- ipmon_program setting --------------------------------- 877.It Va ipmon_program 878.Pq Vt str 879Path to 880.Xr ipmon 8 881(default 882.Pa /sbin/ipmon ) . 883.\" ----- ipmon_flags setting ----------------------------------- 884.It Va ipmon_flags 885.Pq Vt str 886Set to 887.Dq Li -Ds 888by default. 889This variable contains flags passed to the 890.Xr ipmon 8 891program. 892Another typical example would be 893.Dq Fl D Pa /var/log/ipflog 894to have 895.Xr ipmon 8 896log directly to a file bypassing 897.Xr syslogd 8 . 898Make sure to adjust 899.Pa /etc/newsyslog.conf 900in such case like this: 901.Bd -literal 902/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 903.Ed 904.\" ----- ipfs_enable setting ----------------------------------- 905.It Va ipfs_enable 906.Pq Vt bool 907Set to 908.Dq Li NO 909by default. 910Set it to 911.Dq Li YES 912to enable 913.Xr ipfs 8 914saving the filter and NAT state tables during shutdown 915and reloading them during startup again. 916Setting this variable needs setting 917.Va ipfilter_enable 918or 919.Va ipnat_enable 920to 921.Dq Li YES 922too. 923See 924.Va ipfilter_enable 925for a detailed discussion. 926Note that if 927.Va kern_securelevel 928is set to 3, 929.Va ipfs_enable 930cannot be used 931because the raised securelevel will prevent 932.Xr ipfs 8 933from saving the state tables at shutdown time. 934.\" ----- ipfs_program setting ---------------------------------- 935.It Va ipfs_program 936.Pq Vt str 937Path to 938.Xr ipfs 8 939(default 940.Pa /sbin/ipfs ) . 941.\" ----- ipfs_flags setting ------------------------------------ 942.It Va ipfs_flags 943.Pq Vt str 944Empty by default. 945This variable contains flags passed to the 946.Xr ipfs 8 947program. 948.\" ----- end of added ipf hook --------------------------------- 949.It Va pf_enable 950.Pq Vt bool 951Set to 952.Dq Li NO 953by default. 954Setting this to 955.Dq Li YES 956enables 957.Xr pf 4 958packet filtering. 959.Pp 960Typical usage will require putting 961.Pp 962.Dl pf_enable="YES" 963.Pp 964into 965.Pa /etc/rc.conf 966and editing 967.Pa /etc/pf.conf 968appropriately. 969Adding 970.Pp 971.Dl "device pf" 972.Pp 973builds support for 974.Xr pf 4 975into the kernel, otherwise the 976kernel module will be loaded. 977.It Va pf_rules 978.Pq Vt str 979Path to 980.Xr pf 4 981ruleset configuration file 982(default 983.Pa /etc/pf.conf ) . 984.It Va pf_program 985.Pq Vt str 986Path to 987.Xr pfctl 8 988(default 989.Pa /sbin/pfctl ) . 990.It Va pf_flags 991.Pq Vt str 992If 993.Va pf_enable 994is set to 995.Dq Li YES , 996these flags are passed to the 997.Xr pfctl 8 998program when loading the ruleset. 999.It Va pflog_enable 1000.Pq Vt bool 1001Set to 1002.Dq Li NO 1003by default. 1004Setting this to 1005.Dq Li YES 1006enables 1007.Xr pflogd 8 1008which logs packets from the 1009.Xr pf 4 1010packet filter. 1011.It Va pflog_logfile 1012.Pq Vt str 1013If 1014.Va pflog_enable 1015is set to 1016.Dq Li YES 1017this controls where 1018.Xr pflogd 8 1019stores the logfile 1020(default 1021.Pa /var/log/pflog ) . 1022Check 1023.Pa /etc/newsyslog.conf 1024to adjust logfile rotation for this. 1025.It Va pflog_program 1026.Pq Vt str 1027Path to 1028.Xr pflogd 8 1029(default 1030.Pa /sbin/pflogd ) . 1031.It Va pflog_flags 1032.Pq Vt str 1033Empty by default. 1034This variable contains additional flags passed to the 1035.Xr pflogd 8 1036program. 1037.It Va pflog_instances 1038.Pq Vt str 1039If logging to more than one 1040.Xr pflog 4 1041interface is desired, 1042.Va pflog_instances 1043is set to the list of 1044.Xr pflogd 8 1045instances that should be started at system boot time. 1046If 1047.Va pflog_instances 1048is set, for each whitespace-separated 1049.Ar element 1050in the list, 1051.Ao Ar element Ac Ns Va _dev 1052and 1053.Ao Ar element Ac Ns Va _logfile 1054elements are assumed to exist. 1055.Ao Ar element Ac Ns Va _dev 1056must contain the 1057.Xr pflog 4 1058interface to be watched by the named 1059.Xr pflogd 8 1060instance. 1061.Ao Ar element Ac Ns Va _logfile 1062must contain the name of the logfile that will be used by the 1063.Xr pflogd 8 1064instance. 1065.It Va ftpproxy_enable 1066.Pq Vt bool 1067Set to 1068.Dq Li NO 1069by default. 1070Setting this to 1071.Dq Li YES 1072enables 1073.Xr ftp-proxy 8 1074which supports the 1075.Xr pf 4 1076packet filter in translating ftp connections. 1077.It Va ftpproxy_flags 1078.Pq Vt str 1079Empty by default. 1080This variable contains additional flags passed to the 1081.Xr ftp-proxy 8 1082program. 1083.It Va ftpproxy_instances 1084.Pq Vt str 1085Empty by default. 1086If multiple instances of 1087.Xr ftp-proxy 8 1088are desired at boot time, 1089.Va ftpproxy_instances 1090should contain a whitespace-separated list of instance names. 1091For each 1092.Ar element 1093in the list, a variable named 1094.Ao Ar element Ac Ns Va _flags 1095should be defined, containing the command-line flags to be passed to the 1096.Xr ftp-proxy 8 1097instance. 1098.It Va pfsync_enable 1099.Pq Vt bool 1100Set to 1101.Dq Li NO 1102by default. 1103Setting this to 1104.Dq Li YES 1105enables exposing 1106.Xr pf 4 1107state changes to other hosts over the network by means of 1108.Xr pfsync 4 . 1109The 1110.Va pfsync_syncdev 1111variable 1112must also be set then. 1113.It Va pfsync_syncdev 1114.Pq Vt str 1115Empty by default. 1116This variable specifies the name of the network interface 1117.Xr pfsync 4 1118should operate through. 1119It must be set accordingly if 1120.Va pfsync_enable 1121is set to 1122.Dq Li YES . 1123.It Va pfsync_syncpeer 1124.Pq Vt str 1125Empty by default. 1126This variable is optional. 1127By default, state change messages are sent out on the synchronisation 1128interface using IP multicast packets. 1129The protocol is IP protocol 240, PFSYNC, and the multicast group used is 1130224.0.0.240. 1131When a peer address is specified using the 1132.Va pfsync_syncpeer 1133option, the peer address is used as a destination for the pfsync 1134traffic, and the traffic can then be protected using 1135.Xr ipsec 4 . 1136See the 1137.Xr pfsync 4 1138manpage for more details about using 1139.Xr ipsec 4 1140with 1141.Xr pfsync 4 1142interfaces. 1143.It Va pfsync_ifconfig 1144.Pq Vt str 1145Empty by default. 1146This variable can contain additional options to be passed to the 1147.Xr ifconfig 8 1148command used to set up 1149.Xr pfsync 4 . 1150.It Va tcp_extensions 1151.Pq Vt bool 1152Set to 1153.Dq Li YES 1154by default. 1155Setting this to 1156.Dq Li NO 1157disables certain TCP options as described by 1158.Rs 1159.%T "RFC 1323" 1160.Re 1161Setting this to 1162.Dq Li NO 1163might help remedy such problems with connections as randomly hanging 1164or other weird behavior. 1165Some network devices are known 1166to be broken with respect to these options. 1167.It Va log_in_vain 1168.Pq Vt int 1169Set to 0 by default. 1170The 1171.Xr sysctl 8 1172variables, 1173.Va net.inet.tcp.log_in_vain 1174and 1175.Va net.inet.udp.log_in_vain , 1176as described in 1177.Xr tcp 4 1178and 1179.Xr udp 4 , 1180are set to the given value. 1181.It Va tcp_keepalive 1182.Pq Vt bool 1183Set to 1184.Dq Li YES 1185by default. 1186Setting to 1187.Dq Li NO 1188will disable probing idle TCP connections to verify that the 1189peer is still up and reachable. 1190.It Va tcp_drop_synfin 1191.Pq Vt bool 1192Set to 1193.Dq Li NO 1194by default. 1195Setting to 1196.Dq Li YES 1197will cause the kernel to ignore TCP frames that have both 1198the SYN and FIN flags set. 1199This prevents OS fingerprinting, but may 1200break some legitimate applications. 1201.It Va icmp_drop_redirect 1202.Pq Vt bool 1203Set to 1204.Dq Li AUTO 1205by default. 1206This setting will be identical to 1207.Dq Li YES , 1208if a dynamicrouting daemon is enabled, because redirect processing may 1209cause performance issues for large routing tables. 1210If no such service is enabled, this setting behaves like a 1211.Dq Li NO . 1212Setting to 1213.Dq Li YES 1214will cause the kernel to ignore ICMP REDIRECT packets. 1215Setting to 1216.Dq Li NO 1217will cause the kernel to process ICMP REDIRECT packets. 1218Refer to 1219.Xr icmp 4 1220for more information. 1221.It Va icmp_log_redirect 1222.Pq Vt bool 1223Set to 1224.Dq Li NO 1225by default. 1226Setting to 1227.Dq Li YES 1228will cause the kernel to log ICMP REDIRECT packets. 1229Note that 1230the log messages are not rate-limited, so this option should only be used 1231for troubleshooting networks. 1232Refer to 1233.Xr icmp 4 1234for more information. 1235.It Va icmp_bmcastecho 1236.Pq Vt bool 1237Set to 1238.Dq Li YES 1239to respond to broadcast or multicast ICMP ping packets. 1240Refer to 1241.Xr icmp 4 1242for more information. 1243.It Va ip_portrange_first 1244.Pq Vt int 1245If not set to 1246.Dq Li NO , 1247this is the first port in the default portrange. 1248Refer to 1249.Xr ip 4 1250for more information. 1251.It Va ip_portrange_last 1252.Pq Vt int 1253If not set to 1254.Dq Li NO , 1255this is the last port in the default portrange. 1256Refer to 1257.Xr ip 4 1258for more information. 1259.It Va network_interfaces 1260.Pq Vt str 1261Set to the list of network interfaces to configure on this host or 1262.Dq Li AUTO 1263(the default) for all current interfaces. 1264Setting the 1265.Va network_interfaces 1266variable to anything other than the default is deprecated. 1267Interfaces that the administrator wishes to store configuration for, 1268but not start at boot should be configured with the 1269.Dq Li NOAUTO 1270keyword in their 1271.Va ifconfig_ Ns Aq Ar interface 1272variables as described below. 1273.Pp 1274An 1275.Va ifconfig_ Ns Aq Ar interface 1276variable is also assumed to exist for each value of 1277.Ar interface . 1278When an interface name contains any of the characters 1279.Dq Li .-/+ 1280they are translated to 1281.Dq Li _ 1282before lookup. 1283The variable can contain arguments to 1284.Xr ifconfig 8 , 1285as well as special case-insensitive keywords described below. 1286Such keywords are removed before passing the value to 1287.Xr ifconfig 8 1288while the order of the other arguments is preserved. 1289.Pp 1290It is possible to add IP alias entries using 1291.Xr ifconfig 8 1292syntax with the address family keyword such as 1293.Li inet . 1294Assuming that the interface in question was 1295.Li em0 , 1296it might look something like this: 1297.Bd -literal 1298ifconfig_em0_alias0="inet 127.0.0.253 netmask 0xffffffff" 1299ifconfig_em0_alias1="inet 127.0.0.254 netmask 0xffffffff" 1300.Ed 1301.Pp 1302It also possible to configure multiple IP addresses in Classless 1303Inter-Domain Routing 1304.Pq CIDR 1305address notation, 1306whose each address component can be a range like 1307.Li inet 192.0.2.5-23/24 1308or 1309.Li inet6 2001:db8:1-f::1/64 . 1310This notation allows address and prefix length part only, 1311not the other address modifiers. 1312Note that the maximum number of the generated addresses from a range 1313specification is limited to an integer value specified in 1314.Va netif_ipexpand_max 1315in 1316.Nm 1317because a small typo can unexpectedly generate a large number of addresses. 1318The default value is 1319.Li 2048 . 1320It can be increased by adding the following line into 1321.Nm : 1322.Bd -literal 1323netif_ipexpand_max="4096" 1324.Ed 1325.Pp 1326In the case of 1327.Li 192.0.2.5-23/24 , 1328the address 192.0.2.5 will be configured with the 1329netmask /24 and the addresses 192.0.2.6 to 192.0.2.23 with 1330the non-conflicting netmask /32 as explained in the 1331.Xr ifconfig 8 1332alias section. 1333Note that this special netmask handling is only for 1334.Li inet , 1335not for the other address families such as 1336.Li inet6 . 1337.Pp 1338With the interface in question being 1339.Li em0 , 1340an example could look like: 1341.Bd -literal 1342ifconfig_em0_alias2="inet 192.0.2.129/27" 1343ifconfig_em0_alias3="inet 192.0.2.1-5/28" 1344.Ed 1345.Pp 1346and so on. 1347.Pp 1348Note that deprecated 1349.Va ipv4_addrs_ Ns Aq Ar interface 1350variable was supported for IPv4 CIDR address notation. 1351The 1352.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1353variable replaces it, though 1354.Va ipv4_addrs_ Ns Aq Ar interface 1355is still supported for backward compatibility. 1356.Pp 1357For each 1358.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1359entry with an address family keyword, 1360its contents are passed to 1361.Xr ifconfig 8 . 1362Execution stops at the first unsuccessful access, so if 1363something like this is present: 1364.Bd -literal 1365ifconfig_em0_alias0="inet 127.0.0.251 netmask 0xffffffff" 1366ifconfig_em0_alias1="inet 127.0.0.252 netmask 0xffffffff" 1367ifconfig_em0_alias2="inet 127.0.0.253 netmask 0xffffffff" 1368ifconfig_em0_alias4="inet 127.0.0.254 netmask 0xffffffff" 1369.Ed 1370.Pp 1371Then note that alias4 would 1372.Em not 1373be added since the search would 1374stop with the missing 1375.Dq Li alias3 1376entry. 1377Because of this difficult to manage behavior, 1378there is 1379.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _aliases 1380variable, which has the same functionality as 1381.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1382and can have all of entries in a variable like the following: 1383.Bd -literal 1384ifconfig_em0_aliases="\\ 1385 inet 127.0.0.251 netmask 0xffffffff \\ 1386 inet 127.0.0.252 netmask 0xffffffff \\ 1387 inet 127.0.0.253 netmask 0xffffffff \\ 1388 inet 127.0.0.254 netmask 0xffffffff" 1389.Ed 1390.Pp 1391It also supports CIDR notation. 1392.Pp 1393If the 1394.Pa /etc/start_if . Ns Aq Ar interface 1395file is present, it is read and executed by the 1396.Xr sh 1 1397interpreter 1398before configuring the interface as specified in the 1399.Va ifconfig_ Ns Aq Ar interface 1400and 1401.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1402variables. 1403.Pp 1404If a 1405.Va vlans_ Ns Aq Ar interface 1406variable is set, 1407a 1408.Xr vlan 4 1409interface will be created for each item in the list with the 1410.Ar vlandev 1411argument set to 1412.Ar interface . 1413If a vlan interface's name is a number, 1414then that number is used as the vlan tag and the new vlan interface is 1415named 1416.Ar interface . Ns Ar tag . 1417Otherwise, 1418the vlan tag must be specified via a 1419.Va vlan 1420parameter in the 1421.Va create_args_ Ns Aq Ar interface 1422variable. 1423.Pp 1424To create a vlan device named 1425.Li em0.101 1426on 1427.Li em0 1428with the vlan tag 101 and the optional the IPv4 address 192.0.2.1/24: 1429.Bd -literal 1430vlans_em0="101" 1431ifconfig_em0_101="inet 192.0.2.1/24" 1432.Ed 1433.Pp 1434To create a vlan device named 1435.Li myvlan 1436on 1437.Li em0 1438with the vlan tag 102: 1439.Bd -literal 1440vlans_em0="myvlan" 1441create_args_myvlan="vlan 102" 1442.Ed 1443.Pp 1444If a 1445.Va wlans_ Ns Aq Ar interface 1446variable is set, 1447an 1448.Xr wlan 4 1449interface will be created for each item in the list with the 1450.Ar wlandev 1451argument set to 1452.Ar interface . 1453Further wlan cloning arguments may be passed to the 1454.Xr ifconfig 8 1455.Cm create 1456command by setting the 1457.Va create_args_ Ns Aq Ar interface 1458variable. 1459One or more 1460.Xr wlan 4 1461devices must be created for each wireless devices as of 1462.Fx 8.0 . 1463Debugging flags for 1464.Xr wlan 4 1465devices as set by 1466.Xr wlandebug 8 1467may be specified with an 1468.Va wlandebug_ Ns Aq Ar interface 1469variable. 1470The contents of this variable will be passed directly to 1471.Xr wlandebug 8 . 1472.Pp 1473If the 1474.Va ifconfig_ Ns Aq Ar interface 1475contains the keyword 1476.Dq Li NOAUTO 1477then the interface will not be configured 1478at boot or by 1479.Pa /etc/pccard_ether 1480when 1481.Va network_interfaces 1482is set to 1483.Dq Li AUTO . 1484.Pp 1485It is possible to bring up an interface with DHCP by adding 1486.Dq Li DHCP 1487to the 1488.Va ifconfig_ Ns Aq Ar interface 1489variable. 1490For instance, to initialize the 1491.Li em0 1492device via DHCP, 1493it is possible to use something like: 1494.Bd -literal 1495ifconfig_em0="DHCP" 1496.Ed 1497.Pp 1498If you want to configure your wireless interface with 1499.Xr wpa_supplicant 8 1500for use with WPA, EAP/LEAP or WEP, you need to add 1501.Dq Li WPA 1502to the 1503.Va ifconfig_ Ns Aq Ar interface 1504variable. 1505.Pp 1506On the other hand, if you want to configure your wireless interface with 1507.Xr hostapd 8 , 1508you need to add 1509.Dq Li HOSTAP 1510to the 1511.Va ifconfig_ Ns Aq Ar interface 1512variable. 1513.Xr hostapd 8 1514will use the settings from 1515.Pa /etc/hostapd- Ns Ao Ar interface Ac Ns .conf 1516.Pp 1517Finally, you can add 1518.Xr ifconfig 8 1519options in this variable, in addition to the 1520.Pa /etc/start_if . Ns Aq Ar interface 1521file. 1522For instance, to configure an 1523.Xr ath 4 1524wireless device in station mode with an address obtained 1525via DHCP, using WPA authentication and 802.11b mode, it is 1526possible to use something like: 1527.Bd -literal 1528wlans_ath0="wlan0" 1529ifconfig_wlan0="DHCP WPA mode 11b" 1530.Ed 1531.Pp 1532In addition to the 1533.Va ifconfig_ Ns Aq Ar interface 1534form, a fallback variable 1535.Va ifconfig_DEFAULT 1536may be configured. 1537It will be used for all interfaces with no 1538.Va ifconfig_ Ns Aq Ar interface 1539variable. 1540This is intended to replace the no longer supported 1541.Va pccard_ifconfig 1542variable. 1543.Pp 1544It is also possible to rename an interface by doing: 1545.Bd -literal 1546ifconfig_em0_name="net0" 1547ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" 1548.Ed 1549.It Va ipv6_enable 1550.Pq Vt bool 1551This variable is deprecated. 1552Use 1553.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1554and 1555.Va ipv6_activate_all_interfaces 1556if necessary. 1557.Pp 1558If the variable is 1559.Dq Li YES , 1560.Dq Li inet6 accept_rtadv 1561is added to all of 1562.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1563and the 1564.Va ipv6_activate_all_interfaces 1565is defined as 1566.Dq Li YES . 1567.It Va ipv6_prefer 1568.Pq Vt bool 1569This variable is deprecated. 1570Use 1571.Va ip6addrctl_policy 1572instead. 1573.Pp 1574If the variable is 1575.Dq Li YES , 1576the default address selection policy table set by 1577.Xr ip6addrctl 8 1578will be IPv6-preferred. 1579.Pp 1580If the variable is 1581.Dq Li NO , 1582the default address selection policy table set by 1583.Xr ip6addrctl 8 1584will be IPv4-preferred. 1585.It Va ipv6_activate_all_interfaces 1586.Pq Vt bool 1587This controls initial configuration on IPv6-capable 1588interfaces with no corresponding 1589.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1590variable. 1591Note that it is not always necessary to set this variable to 1592.Dq YES 1593to use IPv6 functionality on 1594.Fx . 1595In most cases, just configuring 1596.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1597variables works. 1598.Pp 1599If the variable is 1600.Dq Li NO , 1601all interfaces which do not have a corresponding 1602.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1603variable will be marked as 1604.Dq Li IFDISABLED 1605at creation. 1606This means that all of IPv6 functionality on that interface 1607is completely disabled to enforce a security policy. 1608If the variable is set to 1609.Dq YES , 1610the flag will be cleared on all of the interfaces. 1611.Pp 1612In most cases, just defining an 1613.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1614for an IPv6-capable interface should be sufficient. 1615However, if an interface is added dynamically 1616.Pq by some tunneling protocols such as PPP, for example , 1617it is often difficult to define the variable in advance. 1618In such a case, configuring the 1619.Dq Li IFDISABLED 1620flag can be disabled by setting this variable to 1621.Dq YES . 1622.Pp 1623For more details of the 1624.Dq Li IFDISABLED 1625flag and keywords 1626.Dq Li inet6 ifdisabled , 1627see 1628.Xr ifconfig 8 . 1629.Pp 1630Default is 1631.Dq Li NO . 1632.It Va ipv6_privacy 1633.Pq Vt bool 1634If the variable is 1635.Dq Li YES 1636privacy addresses will be generated for each IPv6 1637interface as described in RFC 4941. 1638.It Va ipv6_network_interfaces 1639.Pq Vt str 1640This is the IPv6 equivalent of 1641.Va network_interfaces . 1642Normally manual configuration of this variable is not needed. 1643.It Va ipv6_cpe_wanif 1644.Pq Vt str 1645If the variable is set to an interface name, 1646the 1647.Xr ifconfig 8 1648options 1649.Dq inet6 -no_radr accept_rtadv 1650will be added to the specified interface automatically before evaluating 1651.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1652and two 1653.Xr sysctl 8 1654variables 1655.Va net.inet6.ip6.rfc6204w3 1656and 1657.Va net.inet6.ip6.no_radr 1658will be set to 1. 1659.Pp 1660This means the specified interface will accept ICMPv6 Router 1661Advertisement messages on that link and add the discovered 1662routers into the Default Router List. 1663While the other interfaces can still accept RA messages if the 1664.Dq inet6 accept_rtadv 1665option is specified, adding 1666routes into the Default Router List will be disabled by 1667.Dq inet6 no_radr 1668option by default. 1669See 1670.Xr ifconfig 8 1671for more details. 1672.Pp 1673Note that ICMPv6 Router Advertisement messages will be 1674accepted even when 1675.Va net.inet6.ip6.forwarding 1676is 1 1677.Pq packet forwarding is enabled 1678when 1679.Va net.inet6.ip6.rfc6204w3 1680is set to 1. 1681.Pp 1682Default is 1683.Dq Li NO . 1684.It Va ifconfig_ Ns Ao Ar interface Ac Ns _descr 1685.Pq Vt str 1686This assigns arbitrary description to an interface. 1687The 1688.Xr sysctl 8 1689variable 1690.Va net.ifdescr_maxlen 1691limits its length. 1692This static setting may be overridden by commands 1693started with dynamic interface configuration utilities 1694like 1695.Xr dhclient 8 1696hooks. 1697The description can be seen with 1698.Xr ifconfig 8 1699command and it may be exported with 1700.Xr bsnmpd 1 1701daemon using its MIB-2 module. 1702.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1703.Pq Vt str 1704IPv6 functionality on an interface should be configured by 1705.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , 1706instead of setting ifconfig parameters in 1707.Va ifconfig_ Ns Aq Ar interface . 1708If this variable is empty, all of IPv6 configurations on the 1709specified interface by other variables such as 1710.Va ipv6_prefix_ Ns Ao Ar interface Ac 1711will be ignored. 1712.Pp 1713Aliases should be set by 1714.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n 1715with 1716.Dq Li inet6 1717keyword. 1718For example: 1719.Bd -literal 1720ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" 1721ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" 1722.Ed 1723.Pp 1724Interfaces that have an 1725.Dq Li inet6 accept_rtadv 1726keyword in 1727.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1728setting will be automatically configured by SLAAC 1729.Pq StateLess Address AutoConfiguration 1730described in 1731.Rs 1732.%T "RFC 4862" 1733.Re 1734.Pp 1735Note that a link-local address will be automatically configured in 1736addition to the configured global-scope addresses because the IPv6 1737specifications require it on each link. 1738The address is calculated from the MAC address by using an algorithm 1739defined in 1740.Rs 1741.%T "RFC 4862" 1742.%O "Section 5.3" 1743.Re 1744.Pp 1745If only a link-local address is needed on the interface, 1746the following configuration can be used: 1747.Bd -literal 1748ifconfig_em0_ipv6="inet6 auto_linklocal" 1749.Ed 1750.Pp 1751A link-local address can also be configured manually. 1752This is useful for the default router address of an IPv6 router 1753so that it does not change when the network interface 1754card is replaced. 1755For example: 1756.Bd -literal 1757ifconfig_em0_ipv6="inet6 fe80::1 prefixlen 64" 1758.Ed 1759.It Va ipv6_prefix_ Ns Aq Ar interface 1760.Pq Vt str 1761If one or more prefixes are defined in 1762.Va ipv6_prefix_ Ns Aq Ar interface 1763addresses based on each prefix and the EUI-64 interface index will be 1764configured on that interface. 1765Note that this variable will be ignored when 1766.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 1767is empty. 1768.Pp 1769For example, the following configuration 1770.Bd -literal 1771ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" 1772.Ed 1773.Pp 1774is equivalent to the following: 1775.Bd -literal 1776ifconfig_em0_alias0="inet6 2001:db8:1:: eui64 prefixlen 64" 1777ifconfig_em0_alias1="inet6 2001:db8:1:: prefixlen 64 anycast" 1778ifconfig_em0_alias2="inet6 2001:db8:2:: eui64 prefixlen 64" 1779ifconfig_em0_alias3="inet6 2001:db8:2:: prefixlen 64 anycast" 1780.Ed 1781.Pp 1782These Subnet-Router anycast addresses will be added only when 1783.Va ipv6_gateway_enable 1784is YES. 1785.It Va ipv6_default_interface 1786.Pq Vt str 1787If not set to 1788.Dq Li NO , 1789this is the default output interface for scoped addresses. 1790This works only with ipv6_gateway_enable="NO". 1791.It Va ip6addrctl_enable 1792.Pq Vt bool 1793This variable is to enable configuring default address selection policy table 1794.Pq RFC 3484 . 1795The table can be specified in another variable 1796.Va ip6addrctl_policy . 1797For 1798.Va ip6addrctl_policy 1799the following keywords can be specified: 1800.Dq Li ipv4_prefer , 1801.Dq Li ipv6_prefer , 1802or 1803.Dq Li AUTO . 1804.Pp 1805If 1806.Dq Li ipv4_prefer 1807or 1808.Dq Li ipv6_prefer 1809is specified, 1810.Xr ip6addrctl 8 1811installs a pre-defined policy table described in Section 10.3 1812.Pq IPv4-preferred 1813or 2.1 1814.Pq IPv6-preferred 1815of RFC 3484. 1816.Pp 1817If 1818.Dq Li AUTO 1819is specified, it attempts to read a file 1820.Pa /etc/ip6addrctl.conf 1821first. 1822If this file is found, 1823.Xr ip6addrctl 8 1824reads and installs it. 1825If not found, a policy is automatically set 1826according to 1827.Va ipv6_activate_all_interfaces 1828variable; if the variable is set to 1829.Dq Li YES 1830the IPv6-preferred one is used. 1831Otherwise IPv4-preferred. 1832.Pp 1833The default value of 1834.Va ip6addrctl_enable 1835and 1836.Va ip6addrctl_policy 1837are 1838.Dq Li YES 1839and 1840.Dq Li AUTO , 1841respectively. 1842.It Va cloned_interfaces 1843.Pq Vt str 1844Set to the list of clonable network interfaces to create on this host. 1845Further cloning arguments may be passed to the 1846.Xr ifconfig 8 1847.Cm create 1848command for each interface by setting the 1849.Va create_args_ Ns Aq Ar interface 1850variable. 1851If an interface name is specified with 1852.Dq :sticky 1853keyword, 1854the interface will not be destroyed even when 1855.Pa rc.d/netif 1856script is invoked with 1857.Dq stop 1858argument. 1859This is useful when reconfiguring the interface without destroying it. 1860Entries in 1861.Va cloned_interfaces 1862are automatically appended to 1863.Va network_interfaces 1864for configuration. 1865.It Va cloned_interfaces_sticky 1866.Pq Vt bool 1867This variable is to globally enable functionality of 1868.Dq :sticky 1869keyword in 1870.Va cloned_interfaces 1871for all interfaces. 1872The default value is 1873.Dq NO . 1874Even if this variable is specified to 1875.Dq YES , 1876.Dq :nosticky 1877keyword can be used to override it on per interface basis. 1878.It Va gif_interfaces 1879Set to the list of 1880.Xr gif 4 1881tunnel interfaces to configure on this host. 1882A 1883.Va gifconfig_ Ns Aq Ar interface 1884variable is assumed to exist for each value of 1885.Ar interface . 1886The value of this variable is used to configure the link layer of the 1887tunnel using the 1888.Cm tunnel 1889option to 1890.Xr ifconfig 8 . 1891Additionally, this option ensures that each listed interface is created 1892via the 1893.Cm create 1894option to 1895.Xr ifconfig 8 1896before attempting to configure it. 1897.Pp 1898For example, configure two 1899.Xr gif 4 1900interfaces with: 1901.Bd -literal 1902gif_interfaces="gif0 gif1" 1903gifconfig_gif0="100.64.0.1 100.64.0.2" 1904ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252" 1905gifconfig_gif1="inet6 2a00::1 2a01::1" 1906ifconfig_gif1="inet 10.1.0.1 10.1.0.2 netmask 255.255.255.252" 1907.Ed 1908.It Va sppp_interfaces 1909.Pq Vt str 1910Set to the list of 1911.Xr sppp 4 1912interfaces to configure on this host. 1913A 1914.Va spppconfig_ Ns Aq Ar interface 1915variable is assumed to exist for each value of 1916.Ar interface . 1917Each interface should also be configured by a general 1918.Va ifconfig_ Ns Aq Ar interface 1919setting. 1920Refer to 1921.Xr spppcontrol 8 1922for more information about available options. 1923.It Va ppp_enable 1924.Pq Vt bool 1925If set to 1926.Dq Li YES , 1927run the 1928.Xr ppp 8 1929daemon. 1930.It Va ppp_profile 1931.Pq Vt str 1932The name of the profile to use from 1933.Pa /etc/ppp/ppp.conf . 1934Also used for per-profile overrides of 1935.Va ppp_mode 1936and 1937.Va ppp_nat , 1938and 1939.Va ppp_ Ns Ao Ar profile Ac Ns _unit . 1940When the profile name contains any of the characters 1941.Dq Li .-/+ 1942they are translated to 1943.Dq Li _ 1944for the proposes of the override variable names. 1945.It Va ppp_mode 1946.Pq Vt str 1947Mode in which to run the 1948.Xr ppp 8 1949daemon. 1950.It Va ppp_ Ns Ao Ar profile Ac Ns _mode 1951.Pq Vt str 1952Overrides the global 1953.Va ppp_mode 1954for 1955.Ar profile . 1956Accepted modes are 1957.Dq Li auto , 1958.Dq Li ddial , 1959.Dq Li direct 1960and 1961.Dq Li dedicated . 1962See the manual for a full description. 1963.It Va ppp_nat 1964.Pq Vt bool 1965If set to 1966.Dq Li YES , 1967enables network address translation. 1968Used in conjunction with 1969.Va gateway_enable 1970allows hosts on private network addresses access to the Internet using 1971this host as a network address translating router. 1972Default is 1973.Dq Li YES . 1974.It Va ppp_ Ns Ao Ar profile Ac Ns _nat 1975.Pq Vt str 1976Overrides the global 1977.Va ppp_nat 1978for 1979.Ar profile . 1980.It Va ppp_ Ns Ao Ar profile Ac Ns _unit 1981.Pq Vt int 1982Set the unit number to be used for this profile. 1983See the manual description of 1984.Fl unit Ns Ar N 1985for details. 1986.It Va ppp_user 1987.Pq Vt str 1988The name of the user under which 1989.Xr ppp 8 1990should be started. 1991By 1992default, 1993.Xr ppp 8 1994is started as 1995.Dq Li root . 1996.It Va rc_conf_files 1997.Pq Vt str 1998This option is used to specify a list of files that will override 1999the settings in 2000.Pa /etc/defaults/rc.conf . 2001The files will be read in the order in which they are specified and should 2002include the full path to the file. 2003By default, the files specified are 2004.Pa /etc/rc.conf 2005and 2006.Pa /etc/rc.conf.local 2007.It Va zfs_enable 2008.Pq Vt bool 2009If set to 2010.Dq Li YES , 2011.Pa /etc/rc.d/zfs 2012will attempt to automatically mount ZFS file systems and initialize ZFS volumes 2013(ZVOLs). 2014.It Va gptboot_enable 2015.Pq Vt bool 2016If set to 2017.Dq Li YES , 2018.Pa /etc/rc.d/gptboot 2019will log if the system successfully (or not) booted from a GPT partition, 2020which had the 2021.Ar bootonce 2022attribute set using 2023.Xr gpart 8 2024utility. 2025.It Va gbde_autoattach_all 2026.Pq Vt bool 2027If set to 2028.Dq Li YES , 2029.Pa /etc/rc.d/gbde 2030will attempt to automatically initialize your .bde devices in 2031.Pa /etc/fstab . 2032.It Va gbde_devices 2033.Pq Vt str 2034List the devices that the script should try to attach, 2035or 2036.Dq Li AUTO . 2037.It Va gbde_lockdir 2038.Pq Vt str 2039The directory where the 2040.Xr gbde 4 2041lockfiles are located. 2042The default lockfile directory is 2043.Pa /etc . 2044.Pp 2045The lockfile for each individual 2046.Xr gbde 4 2047device can be overridden by setting the variable 2048.Va gbde_lock_ Ns Aq Ar device , 2049where 2050.Ar device 2051is the encrypted device without the 2052.Dq Pa /dev/ 2053and 2054.Dq Pa .bde 2055parts. 2056.It Va gbde_attach_attempts 2057.Pq Vt int 2058Number of times to attempt attaching to a 2059.Xr gbde 4 2060device, i.e., how many times the user is asked for the pass-phrase. 2061Default is 3. 2062.It Va geli_devices 2063.Pq Vt str 2064List of devices to automatically attach on boot. 2065Note that .eli devices from 2066.Pa /etc/fstab 2067are automatically appended to this list. 2068.It Va geli_groups 2069.Pq Vt str 2070List of groups containing devices to automatically attach on boot with the same 2071keyfiles and passphrase. 2072This must be accompanied with a corresponding 2073.Va geli_ Ns Ao Ar group Ac Ns Va _devices 2074variable. 2075.It Va geli_tries 2076.Pq Vt int 2077Number of times user is asked for the pass-phrase. 2078If empty, it will be taken from 2079.Va kern.geom.eli.tries 2080sysctl variable. 2081.It Va geli_default_flags 2082.Pq Vt str 2083Default flags to use by 2084.Xr geli 8 2085when configuring disk encryption. 2086Flags can be configured for every device separately by defining the 2087.Va geli_ Ns Ao Ar device Ac Ns Va _flags 2088variable, and for every group separately by defining the 2089.Va geli_ Ns Ao Ar group Ac Ns Va _flags 2090variable. 2091.It Va geli_autodetach 2092.Pq Vt str 2093Specifies if GELI devices should be marked for detach on last close after 2094file systems are mounted. 2095Default is 2096.Dq Li YES . 2097This can be changed for every device separately by defining the 2098.Va geli_ Ns Ao Ar device Ac Ns Va _autodetach 2099variable. 2100.It Va root_rw_mount 2101.Pq Vt bool 2102Set to 2103.Dq Li YES 2104by default. 2105After the file systems are checked at boot time, the root file system 2106is remounted as read-write if this is set to 2107.Dq Li YES . 2108Diskless systems that mount their root file system from a read-only remote 2109NFS share should set this to 2110.Dq Li NO 2111in their 2112.Pa rc.conf . 2113.It Va fsck_y_enable 2114.Pq Vt bool 2115If set to 2116.Dq Li YES , 2117.Xr fsck 8 2118will be run with the 2119.Fl y 2120flag if the initial preen 2121of the file systems fails. 2122.It Va background_fsck 2123.Pq Vt bool 2124If set to 2125.Dq Li NO , 2126the system will not attempt to run 2127.Xr fsck 8 2128in the background where possible. 2129.It Va background_fsck_delay 2130.Pq Vt int 2131The amount of time in seconds to sleep before starting a background 2132.Xr fsck 8 . 2133It defaults to sixty seconds to allow large applications such as 2134the X server to start before disk I/O bandwidth is monopolized by 2135.Xr fsck 8 . 2136If set to a negative number, the background file system check will be 2137delayed indefinitely to allow the administrator to run it at a more 2138convenient time. 2139For example it may be run from 2140.Xr cron 8 2141by adding a line like 2142.Pp 2143.Dl "0 4 * * * root /etc/rc.d/bgfsck forcestart" 2144.Pp 2145to 2146.Pa /etc/crontab . 2147.It Va netfs_types 2148.Pq Vt str 2149List of file system types that are network-based. 2150This list should generally not be modified by end users. 2151Use 2152.Va extra_netfs_types 2153instead. 2154.It Va extra_netfs_types 2155.Pq Vt str 2156If set to something other than 2157.Dq Li NO 2158(the default), 2159this variable extends the list of file system types 2160for which automatic mounting at startup by 2161.Xr rc 8 2162should be delayed until the network is initialized. 2163It should contain 2164a whitespace-separated list of network file system descriptor pairs, 2165each consisting of a file system type as passed to 2166.Xr mount 8 2167and a human-readable, one-word description, 2168joined with a colon 2169.Pq Ql \&: . 2170Extending the default list in this way is only necessary 2171when third party file system types are used. 2172.It Va syslogd_enable 2173.Pq Vt bool 2174If set to 2175.Dq Li YES , 2176run the 2177.Xr syslogd 8 2178daemon. 2179.It Va syslogd_program 2180.Pq Vt str 2181Path to 2182.Xr syslogd 8 2183(default 2184.Pa /usr/sbin/syslogd ) . 2185.It Va syslogd_flags 2186.Pq Vt str 2187If 2188.Va syslogd_enable 2189is set to 2190.Dq Li YES , 2191these are the flags to pass to 2192.Xr syslogd 8 . 2193.It Va inetd_enable 2194.Pq Vt bool 2195If set to 2196.Dq Li YES , 2197run the 2198.Xr inetd 8 2199daemon. 2200.It Va inetd_program 2201.Pq Vt str 2202Path to 2203.Xr inetd 8 2204(default 2205.Pa /usr/sbin/inetd ) . 2206.It Va inetd_flags 2207.Pq Vt str 2208If 2209.Va inetd_enable 2210is set to 2211.Dq Li YES , 2212these are the flags to pass to 2213.Xr inetd 8 . 2214.It Va hastd_enable 2215.Pq Vt bool 2216If set to 2217.Dq Li YES , 2218run the 2219.Xr hastd 8 2220daemon. 2221.It Va hastd_program 2222.Pq Vt str 2223Path to 2224.Xr hastd 8 2225(default 2226.Pa /sbin/hastd ) . 2227.It Va hastd_flags 2228.Pq Vt str 2229If 2230.Va hastd_enable 2231is set to 2232.Dq Li YES , 2233these are the flags to pass to 2234.Xr hastd 8 . 2235.It Va local_unbound_enable 2236.Pq Vt bool 2237If set to 2238.Dq Li YES , 2239run the 2240.Xr unbound 8 2241daemon as a local caching resolver. 2242.It Va kdc_enable 2243.Pq Vt bool 2244Set to 2245.Dq Li YES 2246to start a Kerberos 5 authentication server 2247at boot time. 2248.It Va kdc_program 2249.Pq Vt str 2250If 2251.Va kdc_enable 2252is set to 2253.Dq Li YES 2254this is the path to Kerberos 5 Authentication Server. 2255.It Va kdc_flags 2256.Pq Vt str 2257Empty by default. 2258This variable contains additional flags to be passed to the Kerberos 5 2259authentication server. 2260.It Va kadmind_enable 2261.Pq Vt bool 2262Set to 2263.Dq Li YES 2264to start 2265.Xr kadmind 8 , 2266the Kerberos 5 Administration Daemon; set to 2267.Dq Li NO 2268on a slave server. 2269.It Va kadmind_program 2270.Pq Vt str 2271If 2272.Va kadmind_enable 2273is set to 2274.Dq Li YES 2275this is the path to Kerberos 5 Administration Daemon. 2276.It Va kpasswdd_enable 2277.Pq Vt bool 2278Set to 2279.Dq Li YES 2280to start 2281.Xr kpasswdd 8 , 2282the Kerberos 5 Password-Changing Daemon; set to 2283.Dq Li NO 2284on a slave server. 2285.It Va kpasswdd_program 2286.Pq Vt str 2287If 2288.Va kpasswdd_enable 2289is set to 2290.Dq Li YES 2291this is the path to Kerberos 5 Password-Changing Daemon. 2292.It Va kfd_enable 2293.Pq Vt bool 2294Set to 2295.Dq Li YES 2296to start 2297.Xr kfd 8 , 2298the Kerberos 5 ticket forwarding daemon, at the boot time. 2299.It Va kfd_program 2300.Pq Vt str 2301Path to 2302.Xr kfd 8 2303(default 2304.Pa /usr/libexec/kfd ) . 2305.It Va rwhod_enable 2306.Pq Vt bool 2307If set to 2308.Dq Li YES , 2309run the 2310.Xr rwhod 8 2311daemon at boot time. 2312.It Va rwhod_flags 2313.Pq Vt str 2314If 2315.Va rwhod_enable 2316is set to 2317.Dq Li YES , 2318these are the flags to pass to it. 2319.It Va amd_enable 2320.Pq Vt bool 2321If set to 2322.Dq Li YES , 2323run the 2324.Xr amd 8 2325daemon at boot time. 2326.It Va amd_flags 2327.Pq Vt str 2328If 2329.Va amd_enable 2330is set to 2331.Dq Li YES , 2332these are the flags to pass to it. 2333See the 2334.Xr amd 8 2335manpage for more information. 2336.It Va amd_map_program 2337.Pq Vt str 2338If set, 2339the specified program is run to get the list of 2340.Xr amd 8 2341maps. 2342For example, if the 2343.Xr amd 8 2344maps are stored in NIS, one can set this to 2345run 2346.Xr ypcat 1 2347to get a list of 2348.Xr amd 8 2349maps from the 2350.Pa amd.master 2351NIS map. 2352.It Va update_motd 2353.Pq Vt bool 2354If set to 2355.Dq Li YES , 2356.Pa /etc/motd 2357will be updated at boot time to reflect the kernel release 2358being run. 2359If set to 2360.Dq Li NO , 2361.Pa /etc/motd 2362will not be updated. 2363.It Va nfs_client_enable 2364.Pq Vt bool 2365If set to 2366.Dq Li YES , 2367run the NFS client daemons at boot time. 2368.It Va nfs_access_cache 2369.Pq Vt int 2370If 2371.Va nfs_client_enable 2372is set to 2373.Dq Li YES , 2374this can be set to 2375.Dq Li 0 2376to disable NFS ACCESS RPC caching, or to the number of seconds for which 2377NFS ACCESS 2378results should be cached. 2379A value of 2-10 seconds will substantially reduce network 2380traffic for many NFS operations. 2381.It Va nfs_server_enable 2382.Pq Vt bool 2383If set to 2384.Dq Li YES , 2385run the NFS server daemons at boot time. 2386.It Va nfs_server_flags 2387.Pq Vt str 2388If 2389.Va nfs_server_enable 2390is set to 2391.Dq Li YES , 2392these are the flags to pass to the 2393.Xr nfsd 8 2394daemon. 2395.It Va nfsv4_server_enable 2396.Pq Vt bool 2397If 2398.Va nfs_server_enable 2399is set to 2400.Dq Li YES 2401and 2402.Va nfsv4_server_enable 2403are set to 2404.Dq Li YES , 2405enable the server for NFSv4 as well as NFSv2 and NFSv3. 2406.It Va nfsuserd_enable 2407.Pq Vt bool 2408If 2409.Va nfsuserd_enable 2410is set to 2411.Dq Li YES , 2412run the nfsuserd daemon, which is needed for NFSv4 in order 2413to map between user/group names vs uid/gid numbers. 2414If 2415.Va nfsv4_server_enable 2416is set to 2417.Dq Li YES , 2418this will be forced enabled. 2419.It Va nfsuserd_flags 2420.Pq Vt str 2421If 2422.Va nfsuserd_enable 2423is set to 2424.Dq Li YES , 2425these are the flags to pass to the 2426.Xr nfsuserd 8 2427daemon. 2428.It Va nfscbd_enable 2429.Pq Vt bool 2430If 2431.Va nfscbd_enable 2432is set to 2433.Dq Li YES , 2434run the nfscbd daemon, which enables callbacks/delegations for the NFSv4 client. 2435.It Va nfscbd_flags 2436.Pq Vt str 2437If 2438.Va nfscbd_enable 2439is set to 2440.Dq Li YES , 2441these are the flags to pass to the 2442.Xr nfscbd 8 2443daemon. 2444.It Va mountd_enable 2445.Pq Vt bool 2446If set to 2447.Dq Li YES , 2448and no 2449.Va nfs_server_enable 2450is set, start 2451.Xr mountd 8 , 2452but not 2453.Xr nfsd 8 2454daemon. 2455It is commonly needed to run CFS without real NFS used. 2456.It Va mountd_flags 2457.Pq Vt str 2458If 2459.Va mountd_enable 2460is set to 2461.Dq Li YES , 2462these are the flags to pass to the 2463.Xr mountd 8 2464daemon. 2465.It Va weak_mountd_authentication 2466.Pq Vt bool 2467If set to 2468.Dq Li YES , 2469allow services like PCNFSD to make non-privileged mount 2470requests. 2471.It Va nfs_reserved_port_only 2472.Pq Vt bool 2473If set to 2474.Dq Li YES , 2475provide NFS services only on a secure port. 2476.It Va nfs_bufpackets 2477.Pq Vt int 2478If set to a number, indicates the number of packets worth of 2479socket buffer space to reserve on an NFS client. 2480The kernel default is typically 4. 2481Using a higher number may be 2482useful on gigabit networks to improve performance. 2483The minimum value is 24842 and the maximum is 64. 2485.It Va rpc_lockd_enable 2486.Pq Vt bool 2487If set to 2488.Dq Li YES 2489and also an NFS server or client, run 2490.Xr rpc.lockd 8 2491at boot time. 2492.It Va rpc_lockd_flags 2493.Pq Vt str 2494If 2495.Va rpc_lockd_enable 2496is set to 2497.Dq Li YES , 2498these are the flags to pass to the 2499.Xr rpc.lockd 8 2500daemon. 2501.It Va rpc_statd_enable 2502.Pq Vt bool 2503If set to 2504.Dq Li YES 2505and also an NFS server or client, run 2506.Xr rpc.statd 8 2507at boot time. 2508.It Va rpc_statd_flags 2509.Pq Vt str 2510If 2511.Va rpc_statd_enable 2512is set to 2513.Dq Li YES , 2514these are the flags to pass to the 2515.Xr rpc.statd 8 2516daemon. 2517.It Va rpcbind_program 2518.Pq Vt str 2519Path to 2520.Xr rpcbind 8 2521(default 2522.Pa /usr/sbin/rpcbind ) . 2523.It Va rpcbind_enable 2524.Pq Vt bool 2525If set to 2526.Dq Li YES , 2527run the 2528.Xr rpcbind 8 2529service at boot time. 2530.It Va rpcbind_flags 2531.Pq Vt str 2532If 2533.Va rpcbind_enable 2534is set to 2535.Dq Li YES , 2536these are the flags to pass to the 2537.Xr rpcbind 8 2538daemon. 2539.It Va keyserv_enable 2540.Pq Vt bool 2541If set to 2542.Dq Li YES , 2543run the 2544.Xr keyserv 8 2545daemon on boot for running Secure RPC. 2546.It Va keyserv_flags 2547.Pq Vt str 2548If 2549.Va keyserv_enable 2550is set to 2551.Dq Li YES , 2552these are the flags to pass to 2553.Xr keyserv 8 2554daemon. 2555.It Va pppoed_enable 2556.Pq Vt bool 2557If set to 2558.Dq Li YES , 2559run the 2560.Xr pppoed 8 2561daemon at boot time to provide PPP over Ethernet services. 2562.It Va pppoed_ Ns Aq Ar provider 2563.Pq Vt str 2564.Xr pppoed 8 2565listens to requests to this 2566.Ar provider 2567and ultimately runs 2568.Xr ppp 8 2569with a 2570.Ar system 2571argument of the same name. 2572.It Va pppoed_flags 2573.Pq Vt str 2574Additional flags to pass to 2575.Xr pppoed 8 . 2576.It Va pppoed_interface 2577.Pq Vt str 2578The network interface to run 2579.Xr pppoed 8 2580on. 2581This is mandatory when 2582.Va pppoed_enable 2583is set to 2584.Dq Li YES . 2585.It Va ntpdate_enable 2586.Pq Vt bool 2587If set to 2588.Dq Li YES , 2589run 2590.Xr ntpdate 8 2591at system startup. 2592This command is intended to 2593synchronize the system clock only 2594.Em once 2595from some standard reference. 2596.Pp 2597Note that the use of the 2598.Va ntpd_sync_on_start 2599variable is a preferred alternative to the 2600.Xr ntpdate 8 2601utility as 2602.Xr ntpdate 8 2603is to be retired from the NTP distribution. 2604.It Va ntpdate_config 2605.Pq Vt str 2606Configuration file for 2607.Xr ntpdate 8 . 2608Default 2609.Pa /etc/ntp.conf . 2610.It Va ntpdate_hosts 2611.Pq Vt str 2612A whitespace-separated list of NTP servers to synchronize with at startup. 2613The default is to use the servers listed in 2614.Va ntpdate_config , 2615if that file exists. 2616.It Va ntpdate_program 2617.Pq Vt str 2618Path to 2619.Xr ntpdate 8 2620(default 2621.Pa /usr/sbin/ntpdate ) . 2622.It Va ntpdate_flags 2623.Pq Vt str 2624If 2625.Va ntpdate_enable 2626is set to 2627.Dq Li YES , 2628these are the flags to pass to the 2629.Xr ntpdate 8 2630command (typically a hostname). 2631.It Va ntpd_enable 2632.Pq Vt bool 2633If set to 2634.Dq Li YES , 2635run the 2636.Xr ntpd 8 2637command at boot time. 2638.It Va ntpd_program 2639.Pq Vt str 2640Path to 2641.Xr ntpd 8 2642(default 2643.Pa /usr/sbin/ntpd ) . 2644.It Va ntpd_config 2645.Pq Vt str 2646Path to 2647.Xr ntpd 8 2648configuration file. 2649Default 2650.Pa /etc/ntp.conf . 2651.It Va ntpd_flags 2652.Pq Vt str 2653If 2654.Va ntpd_enable 2655is set to 2656.Dq Li YES , 2657these are the flags to pass to the 2658.Xr ntpd 8 2659daemon. 2660.It Va ntpd_sync_on_start 2661.Pq Vt bool 2662If set to 2663.Dq Li YES , 2664.Xr ntpd 8 2665is run with the 2666.Fl g 2667flag, which syncs the system's clock on startup. 2668See 2669.Xr ntpd 8 2670for more information regarding the 2671.Fl g 2672option. 2673This is a preferred alternative to using 2674.Xr ntpdate 8 2675or specifying the 2676.Va ntpdate_enable 2677variable. 2678.It Va nis_client_enable 2679.Pq Vt bool 2680If set to 2681.Dq Li YES , 2682run the 2683.Xr ypbind 8 2684service at system boot time. 2685.It Va nis_client_flags 2686.Pq Vt str 2687If 2688.Va nis_client_enable 2689is set to 2690.Dq Li YES , 2691these are the flags to pass to the 2692.Xr ypbind 8 2693service. 2694.It Va nis_ypldap_enable 2695.Pq Vt bool 2696If set to 2697.Dq Li YES , 2698run the 2699.Xr ypldap 8 2700daemon at system boot time. 2701.It Va nis_ypldap_flags 2702.Pq Vt str 2703If 2704.Va nis.ypldap_enable 2705is set to 2706.Dq Li YES , 2707these are the flags to pass to the 2708.Xr ypldap 8 2709daemon. 2710.It Va nis_ypset_enable 2711.Pq Vt bool 2712If set to 2713.Dq Li YES , 2714run the 2715.Xr ypset 8 2716daemon at system boot time. 2717.It Va nis_ypset_flags 2718.Pq Vt str 2719If 2720.Va nis_ypset_enable 2721is set to 2722.Dq Li YES , 2723these are the flags to pass to the 2724.Xr ypset 8 2725daemon. 2726.It Va nis_server_enable 2727.Pq Vt bool 2728If set to 2729.Dq Li YES , 2730run the 2731.Xr ypserv 8 2732daemon at system boot time. 2733.It Va nis_server_flags 2734.Pq Vt str 2735If 2736.Va nis_server_enable 2737is set to 2738.Dq Li YES , 2739these are the flags to pass to the 2740.Xr ypserv 8 2741daemon. 2742.It Va nis_ypxfrd_enable 2743.Pq Vt bool 2744If set to 2745.Dq Li YES , 2746run the 2747.Xr rpc.ypxfrd 8 2748daemon at system boot time. 2749.It Va nis_ypxfrd_flags 2750.Pq Vt str 2751If 2752.Va nis_ypxfrd_enable 2753is set to 2754.Dq Li YES , 2755these are the flags to pass to the 2756.Xr rpc.ypxfrd 8 2757daemon. 2758.It Va nis_yppasswdd_enable 2759.Pq Vt bool 2760If set to 2761.Dq Li YES , 2762run the 2763.Xr rpc.yppasswdd 8 2764daemon at system boot time. 2765.It Va nis_yppasswdd_flags 2766.Pq Vt str 2767If 2768.Va nis_yppasswdd_enable 2769is set to 2770.Dq Li YES , 2771these are the flags to pass to the 2772.Xr rpc.yppasswdd 8 2773daemon. 2774.It Va rpc_ypupdated_enable 2775.Pq Vt bool 2776If set to 2777.Dq Li YES , 2778run the 2779.Nm rpc.ypupdated 2780daemon at system boot time. 2781.It Va bsnmpd_enable 2782.Pq Vt bool 2783If set to 2784.Dq Li YES , 2785run the 2786.Xr bsnmpd 1 2787daemon at system boot time. 2788Be sure to understand the security implications of running SNMP daemon 2789on your host. 2790.It Va bsnmpd_flags 2791.Pq Vt str 2792If 2793.Va bsnmpd_enable 2794is set to 2795.Dq Li YES , 2796these are the flags to pass to the 2797.Xr bsnmpd 1 2798daemon. 2799.It Va defaultrouter 2800.Pq Vt str 2801If not set to 2802.Dq Li NO , 2803create a default route to this host name or IP address 2804(use an IP address if this router is also required to get to the 2805name server!). 2806.It Va defaultrouter_fibN 2807.Pq Vt str 2808If not set to 2809.Dq Li NO , 2810create a default route in FIB N to this host name or IP address. 2811.It Va ipv6_defaultrouter 2812.Pq Vt str 2813The IPv6 equivalent of 2814.Va defaultrouter . 2815.It Va ipv6_defaultrouter_fibN 2816.Pq Vt str 2817The IPv6 equivalent of 2818.Va defaultrouter_fibN . 2819.It Va static_arp_pairs 2820.Pq Vt str 2821Set to the list of static ARP pairs that are to be added at system 2822boot time. 2823For each whitespace separated 2824.Ar element 2825in the value, a 2826.Va static_arp_ Ns Aq Ar element 2827variable is assumed to exist whose contents will later be passed to a 2828.Dq Nm arp Cm -S 2829operation. 2830For example 2831.Bd -literal 2832static_arp_pairs="gw" 2833static_arp_gw="192.168.1.1 00:01:02:03:04:05" 2834.Ed 2835.It Va static_ndp_pairs 2836.Pq Vt str 2837Set to the list of static NDP pairs that are to be added at system 2838boot time. 2839For each whitespace separated 2840.Ar element 2841in the value, a 2842.Va static_ndp_ Ns Aq Ar element 2843variable is assumed to exist whose contents will later be passed to a 2844.Dq Nm ndp Cm -s 2845operation. 2846For example 2847.Bd -literal 2848static_ndp_pairs="gw" 2849static_ndp_gw="2001:db8:3::1 00:01:02:03:04:05" 2850.Ed 2851.It Va static_routes 2852.Pq Vt str 2853Set to the list of static routes that are to be added at system 2854boot time. 2855If not set to 2856.Dq Li NO 2857then for each whitespace separated 2858.Ar element 2859in the value, a 2860.Va route_ Ns Aq Ar element 2861variable is assumed to exist 2862whose contents will later be passed to a 2863.Dq Nm route Cm add 2864operation. 2865For example: 2866.Bd -literal 2867static_routes="ext mcast:gif0 gif0local:gif0" 2868route_ext="-net 10.0.0.0/24 -gateway 192.168.0.1" 2869route_mcast="-net 224.0.0.0/4 -iface gif0" 2870route_gif0local="-host 169.254.1.1 -iface lo0" 2871.Ed 2872.Pp 2873When an 2874.Ar element 2875is in the form of 2876.Li name:ifname , 2877the route is specific to the interface 2878.Li ifname . 2879.It Va ipv6_static_routes 2880.Pq Vt str 2881The IPv6 equivalent of 2882.Va static_routes . 2883If not set to 2884.Dq Li NO 2885then for each whitespace separated 2886.Ar element 2887in the value, a 2888.Va ipv6_route_ Ns Aq Ar element 2889variable is assumed to exist 2890whose contents will later be passed to a 2891.Dq Nm route Cm add Fl inet6 2892operation. 2893.It Va gateway_enable 2894.Pq Vt bool 2895If set to 2896.Dq Li YES , 2897configure host to act as an IP router, e.g.\& to forward packets 2898between interfaces. 2899.It Va ipv6_gateway_enable 2900.Pq Vt bool 2901The IPv6 equivalent of 2902.Va gateway_enable . 2903.It Va routed_enable 2904.Pq Vt bool 2905If set to 2906.Dq Li YES , 2907run a routing daemon of some sort, based on the 2908settings of 2909.Va routed_program 2910and 2911.Va routed_flags . 2912.It Va route6d_enable 2913.Pq Vt bool 2914The IPv6 equivalent of 2915.Va routed_enable . 2916If set to 2917.Dq Li YES , 2918run a routing daemon of some sort, based on the 2919settings of 2920.Va route6d_program 2921and 2922.Va route6d_flags . 2923.It Va routed_program 2924.Pq Vt str 2925If 2926.Va routed_enable 2927is set to 2928.Dq Li YES , 2929this is the name of the routing daemon to use. 2930.It Va route6d_program 2931.Pq Vt str 2932The IPv6 equivalent of 2933.Va routed_program . 2934.It Va routed_flags 2935.Pq Vt str 2936If 2937.Va routed_enable 2938is set to 2939.Dq Li YES , 2940these are the flags to pass to the routing daemon. 2941.It Va route6d_flags 2942.Pq Vt str 2943The IPv6 equivalent of 2944.Va routed_flags . 2945.It Va rtadvd_enable 2946.Pq Vt bool 2947If set to 2948.Dq Li YES , 2949run the 2950.Xr rtadvd 8 2951daemon at boot time. 2952The 2953.Xr rtadvd 8 2954utility sends ICMPv6 Router Advertisement messages to 2955the interfaces specified in 2956.Va rtadvd_interfaces . 2957This should only be enabled with great care. 2958You may want to fine-tune 2959.Xr rtadvd.conf 5 . 2960.It Va rtadvd_interfaces 2961.Pq Vt str 2962If 2963.Va rtadvd_enable 2964is set to 2965.Dq Li YES 2966this is the list of interfaces to use. 2967.It Va arpproxy_all 2968.Pq Vt bool 2969If set to 2970.Dq Li YES , 2971enable global proxy ARP. 2972.It Va forward_sourceroute 2973.Pq Vt bool 2974If set to 2975.Dq Li YES 2976and 2977.Va gateway_enable 2978is also set to 2979.Dq Li YES , 2980source-routed packets are forwarded. 2981.It Va accept_sourceroute 2982.Pq Vt bool 2983If set to 2984.Dq Li YES , 2985the system will accept source-routed packets directed at it. 2986.It Va rarpd_enable 2987.Pq Vt bool 2988If set to 2989.Dq Li YES , 2990run the 2991.Xr rarpd 8 2992daemon at system boot time. 2993.It Va rarpd_flags 2994.Pq Vt str 2995If 2996.Va rarpd_enable 2997is set to 2998.Dq Li YES , 2999these are the flags to pass to the 3000.Xr rarpd 8 3001daemon. 3002.It Va bootparamd_enable 3003.Pq Vt bool 3004If set to 3005.Dq Li YES , 3006run the 3007.Xr bootparamd 8 3008daemon at system boot time. 3009.It Va bootparamd_flags 3010.Pq Vt str 3011If 3012.Va bootparamd_enable 3013is set to 3014.Dq Li YES , 3015these are the flags to pass to the 3016.Xr bootparamd 8 3017daemon. 3018.It Va stf_interface_ipv4addr 3019.Pq Vt str 3020If not set to 3021.Dq Li NO , 3022this is the local IPv4 address for 6to4 (IPv6 over IPv4 tunneling 3023interface). 3024Specify this entry to enable the 6to4 interface. 3025.It Va stf_interface_ipv4plen 3026.Pq Vt int 3027Prefix length for 6to4 IPv4 addresses, to limit peer address range. 3028An effective value is 0-31. 3029.It Va stf_interface_ipv6_ifid 3030.Pq Vt str 3031IPv6 interface ID for 3032.Xr stf 4 . 3033This can be set to 3034.Dq Li AUTO . 3035.It Va stf_interface_ipv6_slaid 3036.Pq Vt str 3037IPv6 Site Level Aggregator for 3038.Xr stf 4 . 3039.It Va ipv6_ipv4mapping 3040.Pq Vt bool 3041If set to 3042.Dq Li YES 3043this enables IPv4 mapped IPv6 address communication (like 3044.Li ::ffff:a.b.c.d ) . 3045.It Va rtsold_enable 3046.Pq Vt bool 3047Set to 3048.Dq Li YES 3049to enable the 3050.Xr rtsold 8 3051daemon to send ICMPv6 Router Solicitation messages. 3052.It Va rtsold_flags 3053.Pq Vt str 3054If 3055.Va rtsold_enable 3056is set to 3057.Dq Li YES , 3058these are the flags to pass to 3059.Xr rtsold 8 . 3060.It Va rtsol_flags 3061.Pq Vt str 3062For interfaces configured with the 3063.Dq Li inet6 accept_rtadv 3064keyword, these are the flags to pass to 3065.Xr rtsol 8 . 3066.Pp 3067Note that 3068.Va rtsold_enable 3069is mutually exclusive to 3070.Va rtsol_flags ; 3071.Va rtsold_enable 3072takes precedence. 3073.It Va keybell 3074.Pq Vt str 3075The keyboard bell sound. 3076Set to 3077.Dq Li normal , 3078.Dq Li visual , 3079.Dq Li off , 3080or 3081.Dq Li NO 3082if the default behavior is desired. 3083For details, refer to the 3084.Xr kbdcontrol 1 3085manpage. 3086.It Va keyboard 3087.Pq Vt str 3088If set to a non-null string, the virtual console's keyboard input is 3089set to this device. 3090.It Va keymap 3091.Pq Vt str 3092If set to 3093.Dq Li NO , 3094no keymap is installed, otherwise the value is used to install 3095the keymap file found in 3096.Pa /usr/share/syscons/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3097(if using 3098.Xr syscons 4 ) or 3099.Pa /usr/share/vt/keymaps/ Ns Ao Ar value Ac Ns Pa .kbd 3100(if using 3101.Xr vt 4 ) . 3102.It Va keyrate 3103.Pq Vt str 3104The keyboard repeat speed. 3105Set to 3106.Dq Li slow , 3107.Dq Li normal , 3108.Dq Li fast , 3109or 3110.Dq Li NO 3111if the default behavior is desired. 3112.It Va keychange 3113.Pq Vt str 3114If not set to 3115.Dq Li NO , 3116attempt to program the function keys with the value. 3117The value should 3118be a single string of the form: 3119.Dq Ar funkey_number new_value Op Ar funkey_number new_value ... . 3120.It Va cursor 3121.Pq Vt str 3122Can be set to the value of 3123.Dq Li normal , 3124.Dq Li blink , 3125.Dq Li destructive , 3126or 3127.Dq Li NO 3128to set the cursor behavior explicitly or choose the default behavior. 3129.It Va scrnmap 3130.Pq Vt str 3131If set to 3132.Dq Li NO , 3133no screen map is installed, otherwise the value is used to install 3134the screen map file in 3135.Pa /usr/share/syscons/scrnmaps/ Ns Aq Ar value . 3136This parameter is ignored when using 3137.Xr vt 4 3138as the console driver. 3139.It Va font8x16 3140.Pq Vt str 3141If set to 3142.Dq Li NO , 3143the default 8x16 font value is used for screen size requests, otherwise 3144the value in 3145.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3146or 3147.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3148is used (depending on the console driver being used). 3149.It Va font8x14 3150.Pq Vt str 3151If set to 3152.Dq Li NO , 3153the default 8x14 font value is used for screen size requests, otherwise 3154the value in 3155.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3156or 3157.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3158is used (depending on the console driver being used). 3159.It Va font8x8 3160.Pq Vt str 3161If set to 3162.Dq Li NO , 3163the default 8x8 font value is used for screen size requests, otherwise 3164the value in 3165.Pa /usr/share/syscons/fonts/ Ns Aq Ar value 3166or 3167.Pa /usr/share/vt/fonts/ Ns Aq Ar value 3168is used (depending on the console driver being used). 3169.It Va blanktime 3170.Pq Vt int 3171If set to 3172.Dq Li NO , 3173the default screen blanking interval is used, otherwise it is set 3174to 3175.Ar value 3176seconds. 3177.It Va saver 3178.Pq Vt str 3179If not set to 3180.Dq Li NO , 3181this is the actual screen saver to use 3182.Li ( blank , snake , daemon , 3183etc). 3184.It Va moused_nondefault_enable 3185.Pq Vt str 3186If set to 3187.Dq Li NO , 3188the mouse device specified on 3189the command line is not automatically treated as enabled by the 3190.Pa /etc/rc.d/moused 3191script. 3192Having this variable set to 3193.Dq Li YES 3194allows a 3195.Xr usb 4 3196mouse, 3197for example, 3198to be enabled as soon as it is plugged in. 3199.It Va moused_enable 3200.Pq Vt str 3201If set to 3202.Dq Li YES , 3203the 3204.Xr moused 8 3205daemon is started for doing cut/paste selection on the console. 3206.It Va moused_type 3207.Pq Vt str 3208This is the protocol type of the mouse connected to this host. 3209This variable must be set if 3210.Va moused_enable 3211is set to 3212.Dq Li YES . 3213The 3214.Xr moused 8 3215daemon 3216is able to detect the appropriate mouse type automatically in many cases. 3217Set this variable to 3218.Dq Li auto 3219to let the daemon detect it, or 3220select one from the following list if the automatic detection fails. 3221.Pp 3222If the mouse is attached to the PS/2 mouse port, choose 3223.Dq Li auto 3224or 3225.Dq Li ps/2 , 3226regardless of the brand and model of the mouse. 3227Likewise, if the 3228mouse is attached to the bus mouse port, choose 3229.Dq Li auto 3230or 3231.Dq Li busmouse . 3232All other protocols are for serial mice and will not work with 3233the PS/2 and bus mice. 3234If this is a USB mouse, 3235.Dq Li auto 3236is the only protocol type which will work. 3237.Pp 3238.Bl -tag -width ".Li x10mouseremote" -compact 3239.It Li microsoft 3240Microsoft mouse (serial) 3241.It Li intellimouse 3242Microsoft IntelliMouse (serial) 3243.It Li mousesystems 3244Mouse systems Corp.\& mouse (serial) 3245.It Li mmseries 3246MM Series mouse (serial) 3247.It Li logitech 3248Logitech mouse (serial) 3249.It Li busmouse 3250A bus mouse 3251.It Li mouseman 3252Logitech MouseMan and TrackMan (serial) 3253.It Li glidepoint 3254ALPS GlidePoint (serial) 3255.It Li thinkingmouse 3256Kensington ThinkingMouse (serial) 3257.It Li ps/2 3258PS/2 mouse 3259.It Li mmhittab 3260MM HitTablet (serial) 3261.It Li x10mouseremote 3262X10 MouseRemote (serial) 3263.It Li versapad 3264Interlink VersaPad (serial) 3265.El 3266.Pp 3267Even if the mouse is not in the above list, it may be compatible 3268with one in the list. 3269Refer to the manual page for 3270.Xr moused 8 3271for compatibility information. 3272.Pp 3273It should also be noted that while this is enabled, any 3274other client of the mouse (such as an X server) should access 3275the mouse through the virtual mouse device, 3276.Pa /dev/sysmouse , 3277and configure it as a 3278.Dq Li sysmouse 3279type mouse, since all 3280mouse data is converted to this single canonical format when 3281using 3282.Xr moused 8 . 3283If the client program does not support the 3284.Dq Li sysmouse 3285type, 3286specify the 3287.Dq Li mousesystems 3288type. 3289It is the second preferred type. 3290.It Va moused_port 3291.Pq Vt str 3292If 3293.Va moused_enable 3294is set to 3295.Dq Li YES , 3296this is the actual port the mouse is on. 3297It might be 3298.Pa /dev/cuau0 3299for a COM1 serial mouse, or 3300.Pa /dev/psm0 3301for a PS/2 mouse, for example. 3302.It Va moused_flags 3303.Pq Vt str 3304If 3305.Va moused_flags 3306is set, its value is used as an additional set of flags to pass to the 3307.Xr moused 8 3308daemon. 3309.It Va "moused_" Ns Ar XXX Ns Va "_flags" 3310When 3311.Va moused_nondefault_enable 3312is enabled, and a 3313.Xr moused 8 3314daemon is started for a non-default port, the 3315.Va "moused_" Ns Ar XXX Ns Va "_flags" 3316set of options has precedence over and replaces the default 3317.Va moused_flags 3318(where 3319.Ar XXX 3320is the name of the non-default port, i.e.,\& 3321.Ar ums0 ) . 3322By setting 3323.Va "moused_" Ns Ar XXX Ns Va "_flags" 3324it is possible to set up a different set of default flags for each 3325.Xr moused 8 3326instance. 3327For example, you can use 3328.Dq Li "-3" 3329for the default 3330.Va moused_flags 3331to make your laptop's touchpad more comfortable to use, 3332but an empty set of options for 3333.Va moused_ums0_flags 3334when your 3335.Xr usb 4 3336mouse has three or more buttons. 3337.It Va mousechar_start 3338.Pq Vt int 3339If set to 3340.Dq Li NO , 3341the default mouse cursor character range 3342.Li 0xd0 Ns - Ns Li 0xd3 3343is used, 3344otherwise the range start is set 3345to 3346.Ar value 3347character, see 3348.Xr vidcontrol 1 . 3349Use if the default range is occupied in the language code table. 3350.It Va allscreens_flags 3351.Pq Vt str 3352If set, 3353.Xr vidcontrol 1 3354is run with these options for each of the virtual terminals 3355.Pq Pa /dev/ttyv* . 3356For example, 3357.Dq Fl m Cm on 3358will enable the mouse pointer on all virtual terminals 3359if 3360.Va moused_enable 3361is set to 3362.Dq Li YES . 3363.It Va allscreens_kbdflags 3364.Pq Vt str 3365If set, 3366.Xr kbdcontrol 1 3367is run with these options for each of the virtual terminals 3368.Pq Pa /dev/ttyv* . 3369For example, 3370.Dq Fl h Li 200 3371will set the 3372.Xr syscons 4 3373or 3374.Xr vt 4 3375scrollback (history) buffer to 200 lines. 3376.It Va cron_enable 3377.Pq Vt bool 3378If set to 3379.Dq Li YES , 3380run the 3381.Xr cron 8 3382daemon at system boot time. 3383.It Va cron_program 3384.Pq Vt str 3385Path to 3386.Xr cron 8 3387(default 3388.Pa /usr/sbin/cron ) . 3389.It Va cron_flags 3390.Pq Vt str 3391If 3392.Va cron_enable 3393is set to 3394.Dq Li YES , 3395these are the flags to pass to 3396.Xr cron 8 . 3397.It Va cron_dst 3398.Pq Vt bool 3399If set to 3400.Dq Li YES , 3401enable the special handling of transitions to and from the 3402Daylight Saving Time in 3403.Xr cron 8 3404(equivalent to using the flag 3405.Fl s ) . 3406.It Va lpd_program 3407.Pq Vt str 3408Path to 3409.Xr lpd 8 3410(default 3411.Pa /usr/sbin/lpd ) . 3412.It Va lpd_enable 3413.Pq Vt bool 3414If set to 3415.Dq Li YES , 3416run the 3417.Xr lpd 8 3418daemon at system boot time. 3419.It Va lpd_flags 3420.Pq Vt str 3421If 3422.Va lpd_enable 3423is set to 3424.Dq Li YES , 3425these are the flags to pass to the 3426.Xr lpd 8 3427daemon. 3428.It Va chkprintcap_enable 3429.Pq Vt bool 3430If set to 3431.Dq Li YES , 3432run the 3433.Xr chkprintcap 8 3434command before starting the 3435.Xr lpd 8 3436daemon. 3437.It Va chkprintcap_flags 3438.Pq Vt str 3439If 3440.Va lpd_enable 3441and 3442.Va chkprintcap_enable 3443are set to 3444.Dq Li YES , 3445these are the flags to pass to the 3446.Xr chkprintcap 8 3447program. 3448The default is 3449.Dq Li -d , 3450which causes missing directories to be created. 3451.It Va mta_start_script 3452.Pq Vt str 3453This variable specifies the full path to the script to run to start 3454a mail transfer agent. 3455The default is 3456.Pa /etc/rc.sendmail . 3457The 3458.Va sendmail_* 3459variables which 3460.Pa /etc/rc.sendmail 3461uses are documented in the 3462.Xr rc.sendmail 8 3463manual page. 3464.It Va dumpdev 3465.Pq Vt str 3466Indicates the device (usually a swap partition) to which a crash dump 3467should be written in the event of a system crash. 3468If the value of this variable is 3469.Dq Li AUTO , 3470the first suitable swap device listed in 3471.Pa /etc/fstab 3472will be used as dump device. 3473Otherwise, the value of this variable is passed as the argument to 3474.Xr dumpon 8 3475and 3476.Xr savecore 8 . 3477To disable crash dumps, set this variable to 3478.Dq Li NO . 3479.It Va dumpon_flags 3480.Pq Vt str 3481Flags to pass to 3482.Xr dumpon 8 3483when configuring 3484.Va dumpdev 3485as the system dump device. 3486.It Va dumpdir 3487.Pq Vt str 3488When the system reboots after a crash and a crash dump is found on the 3489device specified by the 3490.Va dumpdev 3491variable, 3492.Xr savecore 8 3493will save that crash dump and a copy of the kernel to the directory 3494specified by the 3495.Va dumpdir 3496variable. 3497The default value is 3498.Pa /var/crash . 3499Set to 3500.Dq Li NO 3501to not run 3502.Xr savecore 8 3503at boot time when 3504.Va dumpdir 3505is set. 3506.It Va savecore_enable 3507.Pq Vt bool 3508If set to 3509.Dq Li NO , 3510disable automatic extraction of the crash dump from the 3511.Va dumpdev . 3512.It Va savecore_flags 3513.Pq Vt str 3514If crash dumps are enabled, these are the flags to pass to the 3515.Xr savecore 8 3516utility. 3517.It Va quota_enable 3518.Pq Vt bool 3519Set to 3520.Dq Li YES 3521to turn on user and group disk quotas on system startup via the 3522.Xr quotaon 8 3523command for all file systems marked as having quotas enabled in 3524.Pa /etc/fstab . 3525The kernel must be built with 3526.Cd "options QUOTA" 3527for disk quotas to function. 3528.It Va check_quotas 3529.Pq Vt bool 3530Set to 3531.Dq Li YES 3532to enable user and group disk quota checking via the 3533.Xr quotacheck 8 3534command. 3535.It Va quotacheck_flags 3536.Pq Vt str 3537If 3538.Va quota_enable 3539is set to 3540.Dq Li YES , 3541and 3542.Va check_quotas 3543is set to 3544.Dq Li YES , 3545these are the flags to pass to the 3546.Xr quotacheck 8 3547utility. 3548The default is 3549.Dq Li "-a" , 3550which checks quotas for all file systems with quotas enabled in 3551.Pa /etc/fstab . 3552.It Va quotaon_flags 3553.Pq Vt str 3554If 3555.Va quota_enable 3556is set to 3557.Dq Li YES , 3558these are the flags to pass to the 3559.Xr quotaon 8 3560utility. 3561The default is 3562.Dq Li "-a" , 3563which enables quotas for all file systems with quotas enabled in 3564.Pa /etc/fstab . 3565.It Va quotaoff_flags 3566.Pq Vt str 3567If 3568.Va quota_enable 3569is set to 3570.Dq Li YES , 3571these are the flags to pass to the 3572.Xr quotaoff 8 3573utility when shutting down the quota system. 3574The default is 3575.Dq Li "-a" , 3576which disables quotas for all file systems with quotas enabled in 3577.Pa /etc/fstab . 3578.It Va accounting_enable 3579.Pq Vt bool 3580Set to 3581.Dq Li YES 3582to enable system accounting through the 3583.Xr accton 8 3584facility. 3585.It Va firstboot_sentinel 3586.Pq Vt str 3587This variable specifies the full path to a 3588.Dq first boot 3589sentinel file. 3590If a file exists with this path, 3591.Pa rc.d 3592scripts with the 3593.Dq firstboot 3594keyword will be run on startup and the sentinel file will be deleted 3595after the boot process completes. 3596The sentinel file must be located on a writable file system which is 3597mounted no later than 3598.Va early_late_divider 3599to function properly. 3600The default is 3601.Pa /firstboot . 3602.It Va linux_enable 3603.Pq Vt bool 3604Set to 3605.Dq Li YES 3606to enable Linux/ELF binary emulation at system initial 3607boot time. 3608.It Va sysvipc_enable 3609.Pq Vt bool 3610If set to 3611.Dq Li YES , 3612load System V IPC primitives at boot time. 3613.It Va clear_tmp_enable 3614.Pq Vt bool 3615Set to 3616.Dq Li YES 3617to have 3618.Pa /tmp 3619cleaned at startup. 3620.It Va clear_tmp_X 3621.Pq Vt bool 3622Set to 3623.Dq Li NO 3624to disable removing of X11 lock files, 3625and the removal and (secure) recreation 3626of the various socket directories for X11 3627related programs. 3628.It Va ldconfig_paths 3629.Pq Vt str 3630Set to the list of shared library paths to use with 3631.Xr ldconfig 8 . 3632NOTE: 3633.Pa /lib 3634and 3635.Pa /usr/lib 3636will always be added first, so they need not appear in this list. 3637.It Va ldconfig32_paths 3638.Pq Vt str 3639Set to the list of 32-bit compatibility shared library paths to 3640use with 3641.Xr ldconfig 8 . 3642.It Va ldconfig_insecure 3643.Pq Vt bool 3644The 3645.Xr ldconfig 8 3646utility normally refuses to use directories 3647which are writable by anyone except root. 3648Set this variable to 3649.Dq Li YES 3650to disable that security check during system startup. 3651.It Va ldconfig_local_dirs 3652.Pq Vt str 3653Set to the list of local 3654.Xr ldconfig 8 3655directories. 3656The names of all files in the directories listed will be 3657passed as arguments to 3658.Xr ldconfig 8 . 3659.It Va ldconfig_local32_dirs 3660.Pq Vt str 3661Set to the list of local 32-bit compatibility 3662.Xr ldconfig 8 3663directories. 3664The names of all files in the directories listed will be 3665passed as arguments to 3666.Dq Nm ldconfig Fl 32 . 3667.It Va kern_securelevel_enable 3668.Pq Vt bool 3669Set to 3670.Dq Li YES 3671to set the kernel security level at system startup. 3672.It Va kern_securelevel 3673.Pq Vt int 3674The kernel security level to set at startup. 3675The allowed range of 3676.Ar value 3677ranges from \-1 (the compile time default) to 3 (the 3678most secure). 3679See 3680.Xr security 7 3681for the list of possible security levels and their effect 3682on system operation. 3683.It Va sshd_program 3684.Pq Vt str 3685Path to the SSH server program 3686.Pa ( /usr/sbin/sshd 3687is the default). 3688.It Va sshd_enable 3689.Pq Vt bool 3690Set to 3691.Dq Li YES 3692to start 3693.Xr sshd 8 3694at system boot time. 3695.It Va sshd_flags 3696.Pq Vt str 3697If 3698.Va sshd_enable 3699is set to 3700.Dq Li YES , 3701these are the flags to pass to the 3702.Xr sshd 8 3703daemon. 3704.It Va ftpd_program 3705.Pq Vt str 3706Path to the FTP server program 3707.Pa ( /usr/libexec/ftpd 3708is the default). 3709.It Va ftpd_enable 3710.Pq Vt bool 3711Set to 3712.Dq Li YES 3713to start 3714.Xr ftpd 8 3715as a stand-alone daemon at system boot time. 3716.It Va ftpd_flags 3717.Pq Vt str 3718If 3719.Va ftpd_enable 3720is set to 3721.Dq Li YES , 3722these are the additional flags to pass to the 3723.Xr ftpd 8 3724daemon. 3725.It Va watchdogd_enable 3726.Pq Vt bool 3727If set to 3728.Dq Li YES , 3729start the 3730.Xr watchdogd 8 3731daemon at boot time. 3732This requires that the kernel have been compiled with a 3733.Xr watchdog 4 3734compatible device. 3735.It Va watchdogd_flags 3736.Pq Vt str 3737If 3738.Va watchdogd_enable 3739is set to 3740.Dq Li YES , 3741these are the flags passed to the 3742.Xr watchdogd 8 3743daemon. 3744.It Va watchdogd_timeout 3745.Pq Vt int 3746If 3747.Va watchdogd_enable 3748is set to 3749.Dq Li YES , 3750this is a timeout that will be used by the 3751.Xr watchdogd 8 3752daemon. 3753If this option is set, it overrides 3754.Fl t 3755in 3756.Va watchdogd_flags . 3757.It Va watchdogd_shutdown_timeout 3758.Pq Vt int 3759If 3760.Va watchdogd_enable 3761is set to 3762.Dq Li YES , 3763this is a timeout that will be set by the 3764.Xr watchdogd 8 3765daemon when it exits during the system shutdown. 3766This timeout will not be set when returning to the single-user mode 3767or when the watchdogd service is stopped individually using the 3768.Xr service 8 3769command or the rc.d script. 3770Note that the timeout will be applied if 3771.Xr watchdogd 8 3772is stopped outside of 3773.Xr rc 8 3774framework. 3775If this option is set, it overrides 3776.Fl x 3777in 3778.Va watchdogd_flags . 3779.It Va devfs_rulesets 3780.Pq Vt str 3781List of files containing sets of rules for 3782.Xr devfs 8 . 3783.It Va devfs_system_ruleset 3784.Pq Vt str 3785Rule name(s) to apply to the system 3786.Pa /dev 3787itself. 3788.It Va devfs_set_rulesets 3789.Pq Vt str 3790Pairs of already-mounted 3791.Pa dev 3792directories and rulesets that should be applied to them. 3793For example: /mount/dev=ruleset_name 3794.It Va devfs_load_rulesets 3795.Pq Vt bool 3796If set, always load the default rulesets listed in 3797.Va devfs_rulesets . 3798.It Va performance_cx_lowest 3799.Pq Vt str 3800CPU idle state to use while on AC power. 3801The string 3802.Dq Li LOW 3803indicates that 3804.Xr acpi 4 3805should use the lowest power state available while 3806.Dq Li HIGH 3807indicates that the lowest latency state (less power savings) should be used. 3808.It Va performance_cpu_freq 3809.Pq Vt str 3810CPU clock frequency to use while on AC power. 3811The string 3812.Dq Li LOW 3813indicates that 3814.Xr cpufreq 4 3815should use the lowest frequency available while 3816.Dq Li HIGH 3817indicates that the highest frequency (less power savings) should be used. 3818.It Va economy_cx_lowest 3819.Pq Vt str 3820CPU idle state to use when off AC power. 3821The string 3822.Dq Li LOW 3823indicates that 3824.Xr acpi 4 3825should use the lowest power state available while 3826.Dq Li HIGH 3827indicates that the lowest latency state (less power savings) should be used. 3828.It Va economy_cpu_freq 3829.Pq Vt str 3830CPU clock frequency to use when off AC power. 3831The string 3832.Dq Li LOW 3833indicates that 3834.Xr cpufreq 4 3835should use the lowest frequency available while 3836.Dq Li HIGH 3837indicates that the highest frequency (less power savings) should be used. 3838.It Va jail_enable 3839.Pq Vt bool 3840If set to 3841.Dq Li NO , 3842any configured jails will not be started. 3843.It Va jail_conf 3844.Pq Vt str 3845The configuration filename used by 3846.Xr jail 8 3847utility. 3848The default value is 3849.Pa /etc/jail.conf . 3850.It Va jail_parallel_start 3851.Pq Vt bool 3852If set to 3853.Dq Li YES , 3854all configured jails will be started in the background (in parallel). 3855.It Va jail_flags 3856.Pq Vt str 3857Unset by default. 3858When set, use as default value for 3859.Va jail_ Ns Ao Ar jname Ac Ns Va _flags 3860for every jail in 3861.Va jail_list . 3862.It Va jail_list 3863.Pq Vt str 3864A space-delimited list of jail names. 3865When left empty, all of the 3866.Xr jail 8 3867instances defined in the configuration file are started. 3868The names specified in this list control the jail startup order. 3869.Xr jail 8 3870instances missing from 3871.Va jail_list 3872must be started manually. 3873Note that a jail's 3874.Va depend 3875parameter in the configuration file may override this list. 3876.It Va jail_reverse_stop 3877.Pq Vt bool 3878When set to 3879.Dq Li YES , 3880all configured jails in 3881.Va jail_list 3882are stopped in reverse order. 3883.It Va jail_ Ns * variables 3884Note that older releases supported per-jail configuration via 3885.Nm 3886variables. 3887For example, 3888hostname of a jail named 3889.Li vjail 3890was able to be set by 3891.Li jail_vjail_hostname . 3892These per-jail configuration variables are now obsolete in favor of 3893.Xr jail 8 3894configuration file. 3895For backward compatibility, 3896when per-jail configuration variables are defined, 3897.Xr jail 8 3898configuration files are created as 3899.Pa /var/run/jail . Ns Ao Ar jname Ac Ns Pa .conf 3900and used. 3901.Pp 3902The following per-jail parameters are handled by 3903.Pa rc.d/jail 3904script out of their corresponding 3905.Nm 3906variables. 3907In addition to them, parameters in 3908.Va jail_ Ns Ao Ar jname Ac Ns Va _parameters 3909will be added to the configuration file. 3910They must be a semi-colon 3911.Pq Ql \&; 3912delimited list of 3913.Dq key=value . 3914For more details, 3915see 3916.Xr jail 8 3917manual page. 3918.Bl -tag -width "host.hostname" -offset indent 3919.It Li path 3920set from 3921.Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir 3922.It Li host.hostname 3923set from 3924.Va jail_ Ns Ao Ar jname Ac Ns Va _hostname 3925.It Li exec.consolelog 3926set from 3927.Va jail_ Ns Ao Ar jname Ac Ns Va _consolelog . 3928The default value is 3929.Pa /var/log/jail_ Ao Ar jname Ac Pa _console.log . 3930.It Li interface 3931set from 3932.Va jail_ Ns Ao Ar jname Ac Ns Va _interface . 3933.It Li vnet.interface 3934set from 3935.Va jail_ Ns Ao Ar jname Ac Ns Va _vnet_interface . 3936This implies 3937.Li vnet 3938parameter will be enabled and cannot be specified with 3939.Va jail_ Ns Ao Ar jname Ac Ns Va _interface , 3940.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3941and/or 3942.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3943at the same time. 3944.It Li fstab 3945set from 3946.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab 3947.It Li mount 3948set from 3949.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable . 3950.It Li exec.fib 3951set from 3952.Va jail_ Ns Ao Ar jname Ac Ns Va _fib 3953.It Li exec.start 3954set from 3955.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_start . 3956The parameter name was 3957.Li command 3958in some older releases. 3959.It Li exec.prestart 3960set from 3961.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestart 3962.It Li exec.poststart 3963set from 3964.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststart 3965.It Li exec.stop 3966set from 3967.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop 3968.It Li exec.prestop 3969set from 3970.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_prestop 3971.It Li exec.poststop 3972set from 3973.Va jail_ Ns Ao Ar jname Ac Ns Va _exec_poststop 3974.It Li ip4.addr 3975set if 3976.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3977or 3978.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3979contain IPv4 addresses 3980.It Li ip6.addr 3981set if 3982.Va jail_ Ns Ao Ar jname Ac Ns Va _ip 3983or 3984.Va jail_ Ns Ao Ar jname Ac Ns Va _ip_multi Ns Aq Ar n 3985contain IPv6 addresses 3986.It Li allow.mount 3987set from 3988.Va jail_ Ns Ao Ar jname Ac Ns Va _mount_enable 3989.It Li mount.devfs 3990set from 3991.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_enable 3992.It Li devfs_ruleset 3993set from 3994.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset . 3995This must be an integer, 3996not a string. 3997.It Li mount.fdescfs 3998set from 3999.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable 4000.It Li allow.set_hostname 4001set from 4002.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow 4003.It Li allow.rawsocket 4004set from 4005.Va jail_ Ns Ao Ar jname Ac Ns Va _socket_unixiproute_only 4006.It Li allow.sysvipc 4007set from 4008.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow 4009.El 4010.\" ----------------------------------------------------- 4011.It Va harvest_mask 4012.Pq Vt int 4013Set to a bit-mask 4014representing the entropy sources 4015you wish to harvest. 4016Refer to 4017.Xr random 4 4018for more information. 4019.It Va entropy_dir 4020.Pq Vt str 4021Set to 4022.Dq Li NO 4023to disable caching entropy via 4024.Xr cron 8 . 4025Otherwise set to the directory 4026in which the entropy files are stored. 4027To be useful, 4028there must be 4029a system cron job 4030that regularly writes and rotates 4031files here. 4032All files found 4033will be used at boot time. 4034The default is 4035.Pa /var/db/entropy . 4036.It Va entropy_file 4037.Pq Vt str 4038Set to 4039.Dq Li NO 4040to disable caching entropy through reboots. 4041Otherwise set to the name 4042of a file used to store cached entropy. 4043This file should be located 4044on a file system that is readable 4045before all the volumes specified in 4046.Xr fstab 5 4047are mounted. 4048By default, 4049.Pa /entropy 4050is used, 4051but if 4052.Pa /var/db/entropy-file 4053is found it will also be used. 4054This will be of some use to 4055.Xr bsdinstall 8 . 4056.It Va entropy_boot_file 4057.Pq Vt str 4058Set to 4059.Dq Li NO 4060to disable 4061very early caching entropy 4062through reboots. 4063Otherwise set to the filename 4064used to read 4065very early reboot cached entropy. 4066This file should be located where 4067.Xr loader 8 4068can read it. 4069See also 4070.Xr loader.conf 5 . 4071The default location is 4072.Pa /boot/entropy . 4073.It Va entropy_save_sz 4074.Pq Vt int 4075Size of the entropy cache files saved by 4076.Nm save-entropy 4077periodically. 4078.It Va entropy_save_num 4079.Pq Vt int 4080Number of entropy cache files to save by 4081.Nm save-entropy 4082periodically. 4083.It Va ipsec_enable 4084.Pq Vt bool 4085Set to 4086.Dq Li YES 4087to run 4088.Xr setkey 8 4089on 4090.Va ipsec_file 4091at boot time. 4092.It Va ipsec_file 4093.Pq Vt str 4094Configuration file for 4095.Xr setkey 8 . 4096.It Va dmesg_enable 4097.Pq Vt bool 4098Set to 4099.Dq Li YES 4100to save 4101.Xr dmesg 8 4102to 4103.Pa /var/run/dmesg.boot 4104on boot. 4105.It Va rcshutdown_timeout 4106.Pq Vt int 4107If set, start a watchdog timer in the background which will terminate 4108.Pa rc.shutdown 4109if 4110.Xr shutdown 8 4111has not completed within the specified time (in seconds). 4112Notice that in addition to this soft timeout, 4113.Xr init 8 4114also applies a hard timeout for the execution of 4115.Pa rc.shutdown . 4116This is configured via 4117.Xr sysctl 8 4118variable 4119.Va kern.init_shutdown_timeout 4120and defaults to 120 seconds. 4121Setting the value of 4122.Va rcshutdown_timeout 4123to more than 120 seconds will have no effect until the 4124.Xr sysctl 8 4125variable 4126.Va kern.init_shutdown_timeout 4127is also increased. 4128.It Va virecover_enable 4129.Pq Vt bool 4130Set to 4131.Dq Li NO 4132to prevent the system from trying to 4133recover pre-maturely terminated 4134.Xr vi 1 4135sessions. 4136.It Va ugidfw_enable 4137.Pq Vt bool 4138Set to 4139.Dq Li YES 4140to load the 4141.Xr mac_bsdextended 4 4142module upon system initialization and load a default 4143ruleset file. 4144.It Va bsdextended_script 4145.Pq Vt str 4146The default 4147.Xr mac_bsdextended 4 4148ruleset file to load. 4149The default value of this variable is 4150.Pa /etc/rc.bsdextended . 4151.It Va newsyslog_enable 4152.Pq Vt bool 4153If set to 4154.Dq Li YES , 4155run 4156.Xr newsyslog 8 4157command at startup. 4158.It Va newsyslog_flags 4159.Pq Vt str 4160If 4161.Va newsyslog_enable 4162is set to 4163.Dq Li YES , 4164these are the flags to pass to the 4165.Xr newsyslog 8 4166program. 4167The default is 4168.Dq Li -CN , 4169which causes log files flagged with a 4170.Cm C 4171to be created. 4172.It Va mdconfig_md Ns Aq Ar X 4173.Pq Vt str 4174Arguments to 4175.Xr mdconfig 8 4176for 4177.Xr md 4 4178device 4179.Ar X . 4180At minimum a 4181.Fl t Ar type 4182must be specified and either a 4183.Fl s Ar size 4184for malloc or swap backed 4185.Xr md 4 4186devices or a 4187.Fl f Ar file 4188for vnode backed 4189.Xr md 4 4190devices. 4191Note that 4192.Va mdconfig_md Ns Aq Ar X 4193variables are evaluated until one variable is unset or null. 4194.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _newfs 4195.Pq Vt str 4196Optional arguments passed to 4197.Xr newfs 8 4198to initialize 4199.Xr md 4 4200device 4201.Ar X . 4202.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _owner 4203.Pq Vt str 4204An ownership specification passed to 4205.Xr chown 8 4206after the specified 4207.Xr md 4 4208device 4209.Ar X 4210has been mounted. 4211Both the 4212.Xr md 4 4213device and the mount point will be changed. 4214.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _perms 4215.Pq Vt str 4216A mode string passed to 4217.Xr chmod 1 4218after the specified 4219.Xr md 4 4220device 4221.Ar X 4222has been mounted. 4223Both the 4224.Xr md 4 4225device and the mount point will be changed. 4226.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _files 4227.Pq Vt str 4228Files to be copied to the mount point of the 4229.Xr md 4 4230device 4231.Ar X 4232after it has been mounted. 4233.It Va mdconfig_md Ns Ao Ar X Ac Ns Va _cmd 4234.Pq Vt str 4235Command to execute after the specified 4236.Xr md 4 4237device 4238.Ar X 4239has been mounted. 4240Note that the command is passed to 4241.Ic eval 4242and that both 4243.Va _dev 4244and 4245.Va _mp 4246variables can be used to reference respectively the 4247.Xr md 4 4248device and the mount point. 4249Assuming that the 4250.Xr md 4 4251device is 4252.Li md0 , 4253one could set the following: 4254.Bd -literal 4255mdconfig_md0_cmd="tar xfzC /var/file.tgz \e${_mp}" 4256.Ed 4257.It Va autobridge_interfaces 4258.Pq Vt str 4259Set to the list of bridge interfaces that will have newly arriving interfaces 4260checked against to be automatically added. 4261If not set to 4262.Dq Li NO 4263then for each whitespace separated 4264.Ar element 4265in the value, a 4266.Va autobridge_ Ns Aq Ar element 4267variable is assumed to exist which has a whitespace separated list of interface 4268names to match, these names can use wildcards. 4269For example: 4270.Bd -literal 4271autobridge_interfaces="bridge0" 4272autobridge_bridge0="tap* dc0 vlan[345]" 4273.Ed 4274.It Va mixer_enable 4275.Pq Vt bool 4276If set to 4277.Dq Li YES , 4278enable support for sound mixer. 4279.It Va hcsecd_enable 4280.Pq Vt bool 4281If set to 4282.Dq Li YES , 4283enable Bluetooth security daemon. 4284.It Va hcsecd_config 4285.Pq Vt str 4286Configuration file for 4287.Xr hcsecd 8 . 4288Default 4289.Pa /etc/bluetooth/hcsecd.conf . 4290.It Va sdpd_enable 4291.Pq Vt bool 4292If set to 4293.Dq Li YES , 4294enable Bluetooth Service Discovery Protocol daemon. 4295.It Va sdpd_control 4296.Pq Vt str 4297Path to 4298.Xr sdpd 8 4299control socket. 4300Default 4301.Pa /var/run/sdp . 4302.It Va sdpd_groupname 4303.Pq Vt str 4304Sets 4305.Xr sdpd 8 4306group to run as after it initializes. 4307Default 4308.Dq Li nobody . 4309.It Va sdpd_username 4310.Pq Vt str 4311Sets 4312.Xr sdpd 8 4313user to run as after it initializes. 4314Default 4315.Dq Li nobody . 4316.It Va bthidd_enable 4317.Pq Vt bool 4318If set to 4319.Dq Li YES , 4320enable Bluetooth Human Interface Device daemon. 4321.It Va bthidd_config 4322.Pq Vt str 4323Configuration file for 4324.Xr bthidd 8 . 4325Default 4326.Pa /etc/bluetooth/bthidd.conf . 4327.It Va bthidd_hids 4328.Pq Vt str 4329Path to a file, where 4330.Xr bthidd 8 4331will store information about known HID devices. 4332Default 4333.Pa /var/db/bthidd.hids . 4334.It Va rfcomm_pppd_server_enable 4335.Pq Vt bool 4336If set to 4337.Dq Li YES , 4338enable Bluetooth RFCOMM PPP wrapper daemon. 4339.It Va rfcomm_pppd_server_profile 4340.Pq Vt str 4341The name of the profile to use from 4342.Pa /etc/ppp/ppp.conf . 4343Multiple profiles can be specified here. 4344Also used to specify per-profile overrides. 4345When the profile name contains any of the characters 4346.Dq Li .-/+ 4347they are translated to 4348.Dq Li _ 4349for the proposes of the override variable names. 4350.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _bdaddr 4351.Pq Vt str 4352Overrides local address to listen on. 4353By default 4354.Xr rfcomm_pppd 8 4355will listen on 4356.Dq Li ANY 4357address. 4358The address can be specified as BD_ADDR or name. 4359.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _channel 4360.Pq Vt str 4361Overrides local RFCOMM channel to listen on. 4362By default 4363.Xr rfcomm_pppd 8 4364will listen on RFCOMM channel 1. 4365Must set properly if multiple profiles used in the same time. 4366.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_sp 4367.Pq Vt bool 4368Tells 4369.Xr rfcomm_pppd 8 4370if it should register Serial Port service on the specified RFCOMM channel. 4371Default 4372.Dq Li NO . 4373.It Va rfcomm_pppd_server_ Ns Ao Ar profile Ac Ns _register_dun 4374.Pq Vt bool 4375Tells 4376.Xr rfcomm_pppd 8 4377if it should register Dial-Up Networking service on the specified 4378RFCOMM channel. 4379Default 4380.Dq Li NO . 4381.It Va ubthidhci_enable 4382.Pq Vt bool 4383If set to 4384.Dq Li YES , 4385change the USB Bluetooth controller from HID mode to HCI mode. 4386You also need to specify the location of USB Bluetooth controller with the 4387.Va ubthidhci_busnum 4388and 4389.Va ubthidhci_addr 4390variables. 4391.It Va ubthidhci_busnum 4392Bus number where the USB Bluetooth controller is located. 4393Check the output of 4394.Xr usbconfig 8 4395on your system to find this information. 4396.It Va ubthidhci_addr 4397Bus address of the USB Bluetooth controller. 4398Check the output of 4399.Xr usbconfig 8 4400on your system to find this information. 4401.It Va netwait_enable 4402.Pq Vt bool 4403If set to 4404.Dq Li YES , 4405delays the start of network-reliant services until 4406.Va netwait_if 4407is up and ICMP packets to a destination defined in 4408.Va netwait_ip 4409are flowing. 4410Link state is examined first, followed by 4411.Dq Li pinging 4412an IP address to verify network usability. 4413If no destination can be reached or timeouts are exceeded, 4414network services are started anyway with no guarantee that 4415the network is usable. 4416Use of this variable requires both 4417.Va netwait_ip 4418and 4419.Va netwait_if 4420to be set. 4421.It Va netwait_ip 4422.Pq Vt str 4423Empty by default. 4424This variable contains a space-delimited list of IP addresses to 4425.Xr ping 8 . 4426DNS hostnames should not be used as resolution is not guaranteed 4427to be functional at this point. 4428If multiple IP addresses are specified, 4429each will be tried until one is successful or the list is exhausted. 4430.It Va netwait_timeout 4431.Pq Vt int 4432Indicates the total number of seconds to perform a 4433.Dq Li ping 4434against each IP address in 4435.Va netwait_ip , 4436at a rate of one ping per second. 4437If any of the pings are successful, 4438full network connectivity is considered reliable. 4439The default is 60. 4440.It Va netwait_if 4441.Pq Vt str 4442Empty by default. 4443Defines the name of the network interface on which watch for link. 4444.Xr ifconfig 8 4445is used to monitor the interface, looking for 4446.Dq Li status: no carrier . 4447Once gone, the link is considered up. 4448This can be a 4449.Xr vlan 4 4450interface if desired. 4451.It Va netwait_if_timeout 4452.Pq Vt int 4453Defines the total number of seconds to wait for link to become usable, 4454polled at a 1-second interval. 4455The default is 30. 4456.It Va rctl_enable 4457.Pq Vt bool 4458If set to 4459.Dq Li YES , 4460load 4461.Xr rctl 8 4462rules from the defined ruleset. 4463The kernel must be built with 4464.Cd "options RACCT" 4465and 4466.Cd "options RCTL" . 4467.It Va rctl_rules 4468.Pq Vt str 4469Set to 4470.Pa /etc/rctl.conf 4471by default. 4472This variables contains the 4473.Xr rctl.conf 5 4474ruleset to load for 4475.Xr rctl 8 . 4476.It Va iovctl_files 4477.Pq Vt str 4478A space-separated list of configuration files used by 4479.Xr iovctl 8 . 4480The default value is an empty string. 4481.It Va autofs_enable 4482.Pq Vt bool 4483If set to 4484.Dq Li YES , 4485start the 4486.Xr automount 8 4487utility and the 4488.Xr automountd 8 4489and 4490.Xr autounmountd 8 4491daemons at boot time. 4492.It Va automount_flags 4493.Pq Vt str 4494If 4495.Va autofs_enable 4496is set to 4497.Dq Li YES , 4498these are the flags to pass to the 4499.Xr automount 8 4500program. 4501By default no flags are passed. 4502.It Va automountd_flags 4503.Pq Vt str 4504If 4505.Va autofs_enable 4506is set to 4507.Dq Li YES , 4508these are the flags to pass to the 4509.Xr automountd 8 4510daemon. 4511By default no flags are passed. 4512.It Va autounmountd_flags 4513.Pq Vt str 4514If 4515.Va autofs_enable 4516is set to 4517.Dq Li YES , 4518these are the flags to pass to the 4519.Xr autounmountd 8 4520daemon. 4521By default no flags are passed. 4522.It Va ctld_enable 4523.Pq Vt bool 4524If set to 4525.Dq Li YES , 4526start the 4527.Xr ctld 8 4528daemon at boot time. 4529.It Va iscsid_enable 4530.Pq Vt bool 4531If set to 4532.Dq Li YES , 4533start the 4534.Xr iscsid 8 4535daemon at boot time. 4536.It Va iscsictl_enable 4537.Pq Vt bool 4538If set to 4539.Dq Li YES , 4540start the 4541.Xr iscsictl 8 4542utility at boot time. 4543.It Va iscsictl_flags 4544.Pq Vt str 4545If 4546.Va iscsictl_enable 4547is set to 4548.Dq Li YES , 4549these are the flags to pass to the 4550.Xr iscsictl 8 4551program. 4552The default is 4553.Dq Li -Aa , 4554which configures sessions based on the 4555.Pa /etc/iscsi.conf 4556configuration file. 4557.It Va cfumass_enable 4558.Pq Vt bool 4559If set to 4560.Dq Li YES , 4561create and export an USB LUN using 4562.Xr cfumass 4 4563at boot time. 4564.It Va cfumass_dir 4565.Pq Vt str 4566The directory where the files exported by USB LUN are located. 4567The default directory is 4568.Pa /var/cfumass . 4569.It Va service_delete_empty 4570.Pq Vt bool 4571If set to 4572.Dq Li YES , 4573.Ql Li service delete 4574removes empty 4575.Dq Li rc.conf.d 4576files. 4577.It Va zfs_bootonce_activate 4578.Pq Vt bool 4579If set to 4580.Dq Li YES , 4581and a boot environment marked bootonce is successfully booted, 4582it will be made permanently active. 4583.El 4584.Sh FILES 4585.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact 4586.It Pa /etc/defaults/rc.conf 4587.It Pa /etc/defaults/vendor.conf 4588.It Pa /etc/rc.conf 4589.It Pa /etc/rc.conf.local 4590.El 4591.Sh SEE ALSO 4592.Xr chmod 1 , 4593.Xr gdb 1 , 4594.Xr info 1 , 4595.Xr kbdcontrol 1 , 4596.Xr sh 1 , 4597.Xr vi 1 , 4598.Xr vidcontrol 1 , 4599.Xr bridge 4 , 4600.Xr dummynet 4 , 4601.Xr ip 4 , 4602.Xr ipf 4 , 4603.Xr ipfw 4 , 4604.Xr ipnat 4 , 4605.Xr kld 4 , 4606.Xr pf 4 , 4607.Xr pflog 4 , 4608.Xr pfsync 4 , 4609.Xr tcp 4 , 4610.Xr udp 4 , 4611.Xr exports 5 , 4612.Xr fstab 5 , 4613.Xr ipf 5 , 4614.Xr ipnat 5 , 4615.Xr jail.conf 5 , 4616.Xr loader.conf 5 , 4617.Xr motd 5 , 4618.Xr newsyslog.conf 5 , 4619.Xr pf.conf 5 , 4620.Xr firewall 7 , 4621.Xr growfs 7 , 4622.Xr security 7 , 4623.Xr tuning 7 , 4624.Xr accton 8 , 4625.Xr amd 8 , 4626.Xr apm 8 , 4627.Xr bsdinstall 8 , 4628.Xr bthidd 8 , 4629.Xr chkprintcap 8 , 4630.Xr chown 8 , 4631.Xr cron 8 , 4632.Xr devfs 8 , 4633.Xr dhclient 8 , 4634.Xr ftpd 8 , 4635.Xr geli 8 , 4636.Xr hcsecd 8 , 4637.Xr ifconfig 8 , 4638.Xr inetd 8 , 4639.Xr iovctl 8 , 4640.Xr ipf 8 , 4641.Xr ipfw 8 , 4642.Xr ipnat 8 , 4643.Xr jail 8 , 4644.Xr kldxref 8 , 4645.Xr loader 8 , 4646.Xr lpd 8 , 4647.Xr makewhatis 8 , 4648.Xr mdconfig 8 , 4649.Xr mdmfs 8 , 4650.Xr mixer 8 , 4651.Xr mountd 8 , 4652.Xr moused 8 , 4653.Xr newfs 8 , 4654.Xr newsyslog 8 , 4655.Xr nfsd 8 , 4656.Xr ntpd 8 , 4657.Xr ntpdate 8 , 4658.Xr pfctl 8 , 4659.Xr pflogd 8 , 4660.Xr ping 8 , 4661.Xr powerd 8 , 4662.Xr quotacheck 8 , 4663.Xr quotaon 8 , 4664.Xr rc 8 , 4665.Xr rc.sendmail 8 , 4666.Xr rcorder 8 , 4667.Xr rfcomm_pppd 8 , 4668.Xr route 8 , 4669.Xr routed 8 , 4670.Xr rpc.lockd 8 , 4671.Xr rpc.statd 8 , 4672.Xr rpcbind 8 , 4673.Xr rwhod 8 , 4674.Xr savecore 8 , 4675.Xr sdpd 8 , 4676.Xr service 8 , 4677.Xr sshd 8 , 4678.Xr swapon 8 , 4679.Xr sysctl 8 , 4680.Xr syslogd 8 , 4681.Xr sysrc 8 , 4682.Xr unbound 8 , 4683.Xr usbconfig 8 , 4684.Xr wlandebug 8 , 4685.Xr yp 8 , 4686.Xr ypbind 8 , 4687.Xr ypserv 8 , 4688.Xr ypset 8 4689.Sh HISTORY 4690The 4691.Nm 4692file appeared in 4693.Fx 2.2.2 . 4694.Sh AUTHORS 4695.An Jordan K. Hubbard . 4696